Project import generated by Copybara.
GitOrigin-RevId: c31898adf5a8ed202ce5bea9f347b1c6871f32d1
This commit is contained in:
parent
f7b83f8370
commit
472aeafc57
2709 changed files with 93617 additions and 41556 deletions
third_party/nixpkgs
.git-blame-ignore-revsflake.nix
.github
doc
hooks
languages-frameworks
lib
maintainers
nixos
README.md
doc/manual
modules
config
hardware
image
installer
misc
module-list.nixprofiles
programs
security
services
backup
blockchain/ethereum
continuous-integration
databases
desktop-managers
development
hardware
logging
matrix
misc
monitoring
network-filesystems
networking
9
third_party/nixpkgs/.git-blame-ignore-revs
vendored
9
third_party/nixpkgs/.git-blame-ignore-revs
vendored
|
@ -163,6 +163,15 @@ fbdcdde04a7caa007e825a8b822c75fab9adb2d6
|
|||
# step-cli: format package.nix with nixfmt (#331629)
|
||||
fc7a83f8b62e90de5679e993d4d49ca014ea013d
|
||||
|
||||
# ndn-cxx: format with nixfmt-rfc-style
|
||||
160b2b769c3b8a6d1ae9947afa77520fa2887db7
|
||||
|
||||
# ndn-tools: format with nixfmt-rfc-style
|
||||
4882ef721ce3d7bb3b5e48ff80125255db515013
|
||||
|
||||
# nfd: format with nixfmt-rfc-style
|
||||
548c2377fa81e2abfc192fbf4f521e601251c468
|
||||
|
||||
# darwin.stdenv: format with nixfmt-rfc-style (#333962)
|
||||
93c10ac9e561c6594d3baaeaff2341907390d9b8
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
## Description of changes
|
||||
|
||||
<!--
|
||||
^ Please summarise the changes you have done and explain why they are necessary here ^
|
||||
|
||||
For package updates please link to a changelog or describe changes, this helps your fellow maintainers discover breaking updates.
|
||||
For new packages please briefly describe the package or provide a link to its homepage.
|
||||
-->
|
||||
|
|
11
third_party/nixpkgs/.github/labeler.yml
vendored
11
third_party/nixpkgs/.github/labeler.yml
vendored
|
@ -380,6 +380,17 @@
|
|||
- any-glob-to-any-file:
|
||||
- pkgs/applications/editors/vscode/**/*
|
||||
|
||||
"6.topic: xen-project":
|
||||
- any:
|
||||
- changed-files:
|
||||
- any-glob-to-any-file:
|
||||
- nixos/modules/virtualisation/xen*
|
||||
- pkgs/applications/virtualization/xen/**
|
||||
- pkgs/by-name/xe/xen-guest-agent/*
|
||||
- pkgs/by-name/xt/xtf/*
|
||||
- pkgs/development/ocaml-modules/xen*/*
|
||||
- pkgs/development/ocaml-modules/vchan/*
|
||||
|
||||
"6.topic: xfce":
|
||||
- any:
|
||||
- changed-files:
|
||||
|
|
|
@ -20,7 +20,7 @@ jobs:
|
|||
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
- name: Create backport PRs
|
||||
|
|
|
@ -19,8 +19,8 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
|
||||
with:
|
||||
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
|
||||
|
|
|
@ -14,7 +14,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
fetch-depth: 0
|
||||
filter: blob:none
|
||||
|
|
|
@ -13,7 +13,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
|
@ -21,7 +21,7 @@ jobs:
|
|||
sparse-checkout: |
|
||||
lib
|
||||
maintainers
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
|
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
|
@ -38,7 +38,7 @@ jobs:
|
|||
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
|
||||
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
|
||||
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
|
|
|
@ -12,7 +12,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
|
@ -32,7 +32,7 @@ jobs:
|
|||
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
|
||||
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
|
||||
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
|
|
|
@ -10,11 +10,11 @@ jobs:
|
|||
name: shell-check-x86_64-linux
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
- name: Build shell
|
||||
run: nix-build shell.nix
|
||||
|
||||
|
@ -22,10 +22,10 @@ jobs:
|
|||
name: shell-check-aarch64-darwin
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
- name: Build shell
|
||||
run: nix-build shell.nix
|
||||
|
|
|
@ -25,11 +25,11 @@ jobs:
|
|||
- name: print list of changed files
|
||||
run: |
|
||||
cat "$HOME/changed_files"
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
# nixpkgs commit is pinned so that it doesn't break
|
||||
# editorconfig-checker 2.4.0
|
||||
|
|
|
@ -15,11 +15,11 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
|
|
|
@ -17,11 +17,11 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
|
|
|
@ -25,12 +25,12 @@ jobs:
|
|||
if [[ -s "$HOME/changed_files" ]]; then
|
||||
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
|
||||
fi
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixpkgs-unstable
|
||||
- name: Parse all changed or added nix files
|
||||
|
|
|
@ -72,7 +72,7 @@ jobs:
|
|||
else
|
||||
echo "The PR cannot be merged, it has a merge conflict, skipping the rest.."
|
||||
fi
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
if: env.mergedSha
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
|
@ -85,7 +85,7 @@ jobs:
|
|||
base=$(mktemp -d)
|
||||
git worktree add "$base" "$(git rev-parse HEAD^1)"
|
||||
echo "base=$base" >> "$GITHUB_ENV"
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
if: env.mergedSha
|
||||
- name: Fetching the pinned tool
|
||||
if: env.mergedSha
|
||||
|
|
|
@ -41,7 +41,7 @@ jobs:
|
|||
into: staging-24.05
|
||||
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
|
||||
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
|
||||
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0
|
||||
|
|
|
@ -39,7 +39,7 @@ jobs:
|
|||
into: staging
|
||||
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
|
||||
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
|
||||
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0
|
||||
|
|
|
@ -16,8 +16,8 @@ jobs:
|
|||
if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
|
||||
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixpkgs-unstable
|
||||
- name: setup
|
||||
|
|
5
third_party/nixpkgs/doc/hooks/desktop-file-utils.section.md
vendored
Normal file
5
third_party/nixpkgs/doc/hooks/desktop-file-utils.section.md
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
# desktop-file-utils {#desktop-file-utils}
|
||||
|
||||
This setup hook removes the MIME cache (located at `$out/share/applications/mimeinfo.cache`) in the `preFixupPhase`.
|
||||
|
||||
This hook is necessary because `mimeinfo.cache` can be created when a package uses `desktop-file-utils`, resulting in collisions if multiple packages are installed that contain this file (as in [#48295](https://github.com/NixOS/nixpkgs/issues/48295)).
|
2
third_party/nixpkgs/doc/hooks/index.md
vendored
2
third_party/nixpkgs/doc/hooks/index.md
vendored
|
@ -12,6 +12,7 @@ bmake.section.md
|
|||
breakpoint.section.md
|
||||
cernlib.section.md
|
||||
cmake.section.md
|
||||
desktop-file-utils.section.md
|
||||
gdk-pixbuf.section.md
|
||||
ghc.section.md
|
||||
gnome.section.md
|
||||
|
@ -30,6 +31,7 @@ postgresql-test-hook.section.md
|
|||
premake.section.md
|
||||
python.section.md
|
||||
scons.section.md
|
||||
tauri.section.md
|
||||
tetex-tex-live.section.md
|
||||
unzip.section.md
|
||||
validatePkgConfig.section.md
|
||||
|
|
108
third_party/nixpkgs/doc/hooks/tauri.section.md
vendored
Normal file
108
third_party/nixpkgs/doc/hooks/tauri.section.md
vendored
Normal file
|
@ -0,0 +1,108 @@
|
|||
# cargo-tauri.hook {#tauri-hook}
|
||||
|
||||
[Tauri](https://tauri.app/) is a framework for building smaller, faster, and
|
||||
more secure desktop applications with a web frontend.
|
||||
|
||||
In Nixpkgs, `cargo-tauri.hook` overrides the default build and install phases.
|
||||
|
||||
## Example code snippet {#tauri-hook-example-code-snippet}
|
||||
|
||||
```nix
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
rustPlatform,
|
||||
fetchNpmDeps,
|
||||
cargo-tauri,
|
||||
darwin,
|
||||
glib-networking,
|
||||
libsoup,
|
||||
nodejs,
|
||||
npmHooks,
|
||||
openssl,
|
||||
pkg-config,
|
||||
webkitgtk,
|
||||
wrapGAppsHook3,
|
||||
}:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
# . . .
|
||||
|
||||
cargoHash = "...";
|
||||
|
||||
# Assuming our app's frontend uses `npm` as a package manager
|
||||
npmDeps = fetchNpmDeps {
|
||||
name = "${pname}-npm-deps-${version}";
|
||||
inherit src;
|
||||
hash = "...";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
# Pull in our main hook
|
||||
cargo-tauri.hook
|
||||
|
||||
# Setup npm
|
||||
nodejs
|
||||
npmHooks.npmConfigHook
|
||||
|
||||
# Make sure we can find our libraries
|
||||
pkg-config
|
||||
wrapGAppsHook3
|
||||
];
|
||||
|
||||
buildInputs =
|
||||
[ openssl ]
|
||||
++ lib.optionals stdenv.isLinux [
|
||||
glib-networking # Most Tauri apps need networking
|
||||
libsoup
|
||||
webkitgtk
|
||||
]
|
||||
++ lib.optionals stdenv.isDarwin (
|
||||
with darwin.apple_sdk.frameworks;
|
||||
[
|
||||
AppKit
|
||||
CoreServices
|
||||
Security
|
||||
WebKit
|
||||
]
|
||||
);
|
||||
|
||||
# Set our Tauri source directory
|
||||
cargoRoot = "src-tauri";
|
||||
# And make sure we build there too
|
||||
buildAndTestSubdir = cargoRoot;
|
||||
|
||||
# . . .
|
||||
}
|
||||
```
|
||||
|
||||
## Variables controlling cargo-tauri {#tauri-hook-variables-controlling}
|
||||
|
||||
### Tauri Exclusive Variables {#tauri-hook-exclusive-variables}
|
||||
|
||||
#### `tauriBuildFlags` {#tauri-build-flags}
|
||||
|
||||
Controls the flags passed to `cargo tauri build`.
|
||||
|
||||
#### `tauriBundleType` {#tauri-bundle-type}
|
||||
|
||||
The [bundle type](https://tauri.app/v1/guides/building/) to build.
|
||||
|
||||
#### `dontTauriBuild` {#dont-tauri-build}
|
||||
|
||||
Disables using `tauriBuildHook`.
|
||||
|
||||
#### `dontTauriInstall` {#dont-tauri-install}
|
||||
|
||||
Disables using `tauriInstallPostBuildHook` and `tauriInstallHook`.
|
||||
|
||||
### Honored Variables {#tauri-hook-honored-variables}
|
||||
|
||||
Along with those found in [](#compiling-rust-applications-with-cargo), the
|
||||
following variables used by `cargoBuildHook` and `cargoInstallHook` are honored
|
||||
by the cargo-tauri setup hook.
|
||||
|
||||
- `buildAndTestSubdir`
|
||||
- `cargoBuildType`
|
||||
- `cargoBuildNoDefaultFeatures`
|
||||
- `cargoBuildFeatures`
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
The end result of running Bower is a `bower_components` directory which can be included in the web app's build process.
|
||||
|
||||
Bower can be run interactively, by installing `nodePackages.bower`. More interestingly, the Bower components can be declared in a Nix derivation, with the help of `nodePackages.bower2nix`.
|
||||
Bower can be run interactively, by installing `nodePackages.bower`. More interestingly, the Bower components can be declared in a Nix derivation, with the help of `bower2nix`.
|
||||
|
||||
## bower2nix usage {#ssec-bower2nix-usage}
|
||||
|
||||
|
|
|
@ -1076,6 +1076,9 @@ benchmark component.
|
|||
`disableLibraryProfiling drv`
|
||||
: Sets the `enableLibraryProfiling` argument to `false` for `drv`.
|
||||
|
||||
`disableParallelBuilding drv`
|
||||
: Sets the `enableParallelBuilding` argument to `false` for `drv`.
|
||||
|
||||
#### Library functions in the Haskell package sets {#haskell-package-set-lib-functions}
|
||||
|
||||
Some library functions depend on packages from the Haskell package sets. Thus they are
|
||||
|
|
|
@ -524,8 +524,8 @@ An example usage of the above attributes is:
|
|||
fetchYarnDeps,
|
||||
yarnConfigHook,
|
||||
yarnBuildHook,
|
||||
yarnInstallHook,
|
||||
nodejs,
|
||||
npmHooks,
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
|
@ -541,7 +541,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
yarnOfflineCache = fetchYarnDeps {
|
||||
yarnLock = finalAttrs.src + "/yarn.lock";
|
||||
hash = "sha256-mo8urQaWIHu33+r0Y7mL9mJ/aSe/5CihuIetTeDHEUQ=";
|
||||
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
82
third_party/nixpkgs/flake.nix
vendored
82
third_party/nixpkgs/flake.nix
vendored
|
@ -16,10 +16,44 @@
|
|||
});
|
||||
in
|
||||
{
|
||||
/**
|
||||
`nixpkgs.lib` is a combination of the [Nixpkgs library](https://nixos.org/manual/nixpkgs/unstable/#id-1.4), and other attributes
|
||||
that are _not_ part of the Nixpkgs library, but part of the Nixpkgs flake:
|
||||
|
||||
- `lib.nixosSystem` for creating a NixOS system configuration
|
||||
|
||||
- `lib.nixos` for other NixOS-provided functionality, such as [`runTest`](https://nixos.org/manual/nixos/unstable/#sec-call-nixos-test-outside-nixos)
|
||||
*/
|
||||
lib = lib.extend (final: prev: {
|
||||
|
||||
/**
|
||||
Other NixOS-provided functionality, such as [`runTest`](https://nixos.org/manual/nixos/unstable/#sec-call-nixos-test-outside-nixos).
|
||||
See also `lib.nixosSystem`.
|
||||
*/
|
||||
nixos = import ./nixos/lib { lib = final; };
|
||||
|
||||
/**
|
||||
Create a NixOS system configuration.
|
||||
|
||||
Example:
|
||||
|
||||
lib.nixosSystem {
|
||||
modules = [ ./configuration.nix ];
|
||||
}
|
||||
|
||||
Inputs:
|
||||
|
||||
- `modules` (list of paths or inline modules): The NixOS modules to include in the system configuration.
|
||||
|
||||
- `specialArgs` (attribute set): Extra arguments to pass to all modules, that are available in `imports` but can not be extended or overridden by the `modules`.
|
||||
|
||||
- `modulesLocation` (path): A default location for modules that aren't passed by path, used for error messages.
|
||||
|
||||
Legacy inputs:
|
||||
|
||||
- `system`: Legacy alias for `nixpkgs.hostPlatform`, but this is already set in the generated `hardware-configuration.nix`, included by `configuration.nix`.
|
||||
- `pkgs`: Legacy alias for `nixpkgs.pkgs`; use `nixpkgs.pkgs` and `nixosModules.readOnlyPkgs` instead.
|
||||
*/
|
||||
nixosSystem = args:
|
||||
import ./nixos/lib/eval-config.nix (
|
||||
{
|
||||
|
@ -78,28 +112,56 @@
|
|||
};
|
||||
|
||||
devShells = forAllSystems (system: {
|
||||
/** A shell to get tooling for Nixpkgs development. See nixpkgs/shell.nix. */
|
||||
default = import ./shell.nix { inherit system; };
|
||||
});
|
||||
|
||||
# The "legacy" in `legacyPackages` doesn't imply that the packages exposed
|
||||
# through this attribute are "legacy" packages. Instead, `legacyPackages`
|
||||
# is used here as a substitute attribute name for `packages`. The problem
|
||||
# with `packages` is that it makes operations like `nix flake show
|
||||
# nixpkgs` unusably slow due to the sheer number of packages the Nix CLI
|
||||
# needs to evaluate. But when the Nix CLI sees a `legacyPackages`
|
||||
# attribute it displays `omitted` instead of evaluating all packages,
|
||||
# which keeps `nix flake show` on Nixpkgs reasonably fast, though less
|
||||
# information rich.
|
||||
/**
|
||||
A nested structure of [packages](https://nix.dev/manual/nix/latest/glossary#package-attribute-set) and other values.
|
||||
|
||||
The "legacy" in `legacyPackages` doesn't imply that the packages exposed
|
||||
through this attribute are "legacy" packages. Instead, `legacyPackages`
|
||||
is used here as a substitute attribute name for `packages`. The problem
|
||||
with `packages` is that it makes operations like `nix flake show
|
||||
nixpkgs` unusably slow due to the sheer number of packages the Nix CLI
|
||||
needs to evaluate. But when the Nix CLI sees a `legacyPackages`
|
||||
attribute it displays `omitted` instead of evaluating all packages,
|
||||
which keeps `nix flake show` on Nixpkgs reasonably fast, though less
|
||||
information rich.
|
||||
|
||||
The reason why finding the tree structure of `legacyPackages` is slow,
|
||||
is that for each attribute in the tree, it is necessary to check whether
|
||||
the attribute value is a package or a package set that needs further
|
||||
evaluation. Evaluating the attribute value tends to require a significant
|
||||
amount of computation, even considering lazy evaluation.
|
||||
*/
|
||||
legacyPackages = forAllSystems (system:
|
||||
(import ./. { inherit system; }).extend (final: prev: {
|
||||
lib = prev.lib.extend libVersionInfoOverlay;
|
||||
})
|
||||
);
|
||||
|
||||
/**
|
||||
Optional modules that can be imported into a NixOS configuration.
|
||||
|
||||
Example:
|
||||
|
||||
# flake.nix
|
||||
outputs = { nixpkgs, ... }: {
|
||||
nixosConfigurations = {
|
||||
foo = nixpkgs.lib.nixosSystem {
|
||||
modules = [
|
||||
./foo/configuration.nix
|
||||
nixpkgs.nixosModules.notDetected
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
*/
|
||||
nixosModules = {
|
||||
notDetected = ./nixos/modules/installer/scan/not-detected.nix;
|
||||
|
||||
/*
|
||||
/**
|
||||
Make the `nixpkgs.*` configuration read-only. Guarantees that `pkgs`
|
||||
is the way you initialize it.
|
||||
|
||||
|
|
5
third_party/nixpkgs/lib/licenses.nix
vendored
5
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -92,6 +92,11 @@ lib.mapAttrs mkLicense ({
|
|||
free = false;
|
||||
};
|
||||
|
||||
ampas = {
|
||||
spdxId = "AMPAS";
|
||||
fullName = "Academy of Motion Picture Arts and Sciences BSD";
|
||||
};
|
||||
|
||||
aom = {
|
||||
fullName = "Alliance for Open Media Patent License 1.0";
|
||||
url = "https://aomedia.org/license/patent-license/";
|
||||
|
|
111
third_party/nixpkgs/lib/modules.nix
vendored
111
third_party/nixpkgs/lib/modules.nix
vendored
|
@ -354,12 +354,7 @@ let
|
|||
else if m._type == "if" || m._type == "override" then
|
||||
loadModule args fallbackFile fallbackKey { config = m; }
|
||||
else
|
||||
throw (
|
||||
"Could not load a value as a module, because it is of type ${lib.strings.escapeNixString m._type}"
|
||||
+ optionalString (fallbackFile != unknownModule) ", in file ${toString fallbackFile}."
|
||||
+ optionalString (m._type == "configuration") " If you do intend to import this configuration, please only import the modules that make up the configuration. You may have to create a `let` binding, file or attribute to give yourself access to the relevant modules.\nWhile loading a configuration into the module system is a very sensible idea, it can not be done cleanly in practice."
|
||||
# Extended explanation: That's because a finalized configuration is more than just a set of modules. For instance, it has its own `specialArgs` that, by the nature of `specialArgs` can't be loaded through `imports` or the the `modules` argument. So instead, we have to ask you to extract the relevant modules and use those instead. This way, we keep the module system comparatively simple, and hopefully avoid a bad surprise down the line.
|
||||
)
|
||||
throw (messages.not_a_module { inherit fallbackFile; value = m; _type = m._type; expectedClass = class; })
|
||||
else if isList m then
|
||||
let defs = [{ file = fallbackFile; value = m; }]; in
|
||||
throw "Module imports can't be nested lists. Perhaps you meant to remove one level of lists? Definitions: ${showDefs defs}"
|
||||
|
@ -1450,6 +1445,110 @@ let
|
|||
collectModules = collectModules null;
|
||||
};
|
||||
|
||||
/**
|
||||
Error messages produced by the module system.
|
||||
|
||||
We factor these out to improve the flow when reading the code.
|
||||
|
||||
Functions in `messages` that produce error messages are spelled in
|
||||
lower_snake_case. This goes against the convention in order to make the
|
||||
error message implementation more readable, and to visually distinguish
|
||||
them from other functions in the module system.
|
||||
*/
|
||||
messages = let
|
||||
inherit (lib.strings) concatMapStringsSep escapeNixString trim;
|
||||
/** "" or ", in file FOO" */
|
||||
into_fallback_file_maybe = file:
|
||||
optionalString
|
||||
(file != null && file != unknownModule)
|
||||
", while trying to load a module into ${toString file}";
|
||||
|
||||
/** Format text with one line break between each list item. */
|
||||
lines = concatMapStringsSep "\n" trim;
|
||||
|
||||
/** Format text with two line break between each list item. */
|
||||
paragraphs = concatMapStringsSep "\n\n" trim;
|
||||
|
||||
/**
|
||||
```
|
||||
optionalMatch
|
||||
{ foo = "Foo result";
|
||||
bar = "Bar result";
|
||||
} "foo"
|
||||
== [ "Foo result" ]
|
||||
|
||||
optionalMatch { foo = "Foo"; } "baz" == [ ]
|
||||
|
||||
optionalMatch { foo = "Foo"; } true == [ ]
|
||||
```
|
||||
*/
|
||||
optionalMatch = cases: value:
|
||||
if isString value && cases?${value}
|
||||
then [ cases.${value} ]
|
||||
else [];
|
||||
|
||||
# esc = builtins.fromJSON "\"\\u001b\"";
|
||||
esc = builtins.fromJSON "\"\\u001b\"";
|
||||
# Bold purple for warnings
|
||||
warn = s: "${esc}[1;35m${s}${esc}[0m";
|
||||
# Bold green for suggestions
|
||||
good = s: "${esc}[1;32m${s}${esc}[0m";
|
||||
# Bold, default color for code
|
||||
code = s: "${esc}[1m${s}${esc}[0m";
|
||||
|
||||
in {
|
||||
|
||||
/** When load a value with a (wrong) _type as a module */
|
||||
not_a_module = { fallbackFile, value, _type, expectedClass ? null }:
|
||||
paragraphs (
|
||||
[ ''
|
||||
Expected a module, but found a value of type ${warn (escapeNixString _type)}${into_fallback_file_maybe fallbackFile}.
|
||||
A module is typically loaded by adding it the ${code "imports = [ ... ];"} attribute of an existing module, or in the ${code "modules = [ ... ];"} argument of various functions.
|
||||
Please make sure that each of the list items is a module, and not a different kind of value.
|
||||
''
|
||||
]
|
||||
++ (optionalMatch
|
||||
{
|
||||
"configuration" = trim ''
|
||||
If you really mean to import this configuration, instead please only import the modules that make up the configuration.
|
||||
You may have to create a `let` binding, file or attribute to give yourself access to the relevant modules.
|
||||
While loading a configuration into the module system is a very sensible idea, it can not be done cleanly in practice.
|
||||
'';
|
||||
# ^^ Extended explanation: That's because a finalized configuration is more than just a set of modules. For instance, it has its own `specialArgs` that, by the nature of `specialArgs` can't be loaded through `imports` or the the `modules` argument. So instead, we have to ask you to extract the relevant modules and use those instead. This way, we keep the module system comparatively simple, and hopefully avoid a bad surprise down the line.
|
||||
|
||||
"flake" = lines
|
||||
([(trim ''
|
||||
Perhaps you forgot to select an attribute name?
|
||||
Instead of, for example,
|
||||
${warn "inputs.someflake"}
|
||||
you need to write something like
|
||||
${warn "inputs.someflake"}${
|
||||
if expectedClass == null
|
||||
then good ".modules.someApp.default"
|
||||
else good ".modules.${expectedClass}.default"
|
||||
|
||||
}
|
||||
'')]
|
||||
++ optionalMatch
|
||||
{ # We'll no more than 5 custom suggestions here.
|
||||
# Please switch to `.modules.${class}` in your Module System application.
|
||||
"nixos" = trim ''
|
||||
or
|
||||
${warn "inputs.someflake"}${good ".nixosModules.default"}
|
||||
'';
|
||||
"darwin" = trim ''
|
||||
or
|
||||
${warn "inputs.someflake"}${good ".darwinModules.default"}
|
||||
'';
|
||||
}
|
||||
expectedClass
|
||||
);
|
||||
}
|
||||
_type
|
||||
)
|
||||
);
|
||||
};
|
||||
|
||||
in
|
||||
private //
|
||||
{
|
||||
|
|
38
third_party/nixpkgs/lib/systems/default.nix
vendored
38
third_party/nixpkgs/lib/systems/default.nix
vendored
|
@ -277,25 +277,6 @@ let
|
|||
let
|
||||
selectEmulator = pkgs:
|
||||
let
|
||||
qemu-user = pkgs.qemu.override {
|
||||
smartcardSupport = false;
|
||||
spiceSupport = false;
|
||||
openGLSupport = false;
|
||||
virglSupport = false;
|
||||
vncSupport = false;
|
||||
gtkSupport = false;
|
||||
sdlSupport = false;
|
||||
alsaSupport = false;
|
||||
pulseSupport = false;
|
||||
pipewireSupport = false;
|
||||
jackSupport = false;
|
||||
smbdSupport = false;
|
||||
seccompSupport = false;
|
||||
tpmSupport = false;
|
||||
capstoneSupport = false;
|
||||
enableDocs = false;
|
||||
hostCpuTargets = [ "${final.qemuArch}-linux-user" ];
|
||||
};
|
||||
wine = (pkgs.winePackagesFor "wine${toString final.parsed.cpu.bits}").minimal;
|
||||
in
|
||||
# Note: we guarantee that the return value is either `null` or a path
|
||||
|
@ -306,7 +287,7 @@ let
|
|||
else if final.isWindows
|
||||
then "${wine}/bin/wine${optionalString (final.parsed.cpu.bits == 64) "64"}"
|
||||
else if final.isLinux && pkgs.stdenv.hostPlatform.isLinux && final.qemuArch != null
|
||||
then "${qemu-user}/bin/qemu-${final.qemuArch}"
|
||||
then "${pkgs.qemu-user}/bin/qemu-${final.qemuArch}"
|
||||
else if final.isWasi
|
||||
then "${pkgs.wasmtime}/bin/wasmtime"
|
||||
else if final.isMmix
|
||||
|
@ -315,6 +296,10 @@ let
|
|||
in {
|
||||
emulatorAvailable = pkgs: (selectEmulator pkgs) != null;
|
||||
|
||||
# whether final.emulator pkgs.pkgsStatic works
|
||||
staticEmulatorAvailable = pkgs: final.emulatorAvailable pkgs
|
||||
&& (final.isLinux || final.isWasi || final.isMmix);
|
||||
|
||||
emulator = pkgs:
|
||||
if (final.emulatorAvailable pkgs)
|
||||
then selectEmulator pkgs
|
||||
|
@ -384,8 +369,17 @@ let
|
|||
}.${cpu.name} or cpu.name;
|
||||
vendor_ = final.rust.platform.vendor;
|
||||
# TODO: deprecate args.rustc in favour of args.rust after 23.05 is EOL.
|
||||
in args.rust.rustcTarget or args.rustc.config
|
||||
or "${cpu_}-${vendor_}-${kernel.name}${optionalString (abi.name != "unknown") "-${abi.name}"}";
|
||||
in
|
||||
args.rust.rustcTarget or
|
||||
args.rustc.config or (
|
||||
# Rust uses `wasm32-wasip?` rather than `wasm32-unknown-wasi`.
|
||||
# We cannot know which subversion does the user want, and
|
||||
# currently use WASI 0.1 as default for compatibility. Custom
|
||||
# users can set `rust.rustcTarget` to override it.
|
||||
if final.isWasi
|
||||
then "${cpu_}-wasip1"
|
||||
else "${cpu_}-${vendor_}-${kernel.name}${optionalString (abi.name != "unknown") "-${abi.name}"}"
|
||||
);
|
||||
|
||||
# The name of the rust target if it is standard, or the json file
|
||||
# containing the custom target spec.
|
||||
|
|
8
third_party/nixpkgs/lib/systems/examples.nix
vendored
8
third_party/nixpkgs/lib/systems/examples.nix
vendored
|
@ -256,7 +256,7 @@ rec {
|
|||
iphone64 = {
|
||||
config = "aarch64-apple-ios";
|
||||
# config = "aarch64-apple-darwin14";
|
||||
sdkVer = "14.3";
|
||||
darwinSdkVersion = "14.3";
|
||||
xcodeVer = "12.3";
|
||||
xcodePlatform = "iPhoneOS";
|
||||
useiOSPrebuilt = true;
|
||||
|
@ -265,7 +265,7 @@ rec {
|
|||
iphone32 = {
|
||||
config = "armv7a-apple-ios";
|
||||
# config = "arm-apple-darwin10";
|
||||
sdkVer = "14.3";
|
||||
darwinSdkVersion = "14.3";
|
||||
xcodeVer = "12.3";
|
||||
xcodePlatform = "iPhoneOS";
|
||||
useiOSPrebuilt = true;
|
||||
|
@ -274,7 +274,7 @@ rec {
|
|||
iphone64-simulator = {
|
||||
config = "x86_64-apple-ios";
|
||||
# config = "x86_64-apple-darwin14";
|
||||
sdkVer = "14.3";
|
||||
darwinSdkVersion = "14.3";
|
||||
xcodeVer = "12.3";
|
||||
xcodePlatform = "iPhoneSimulator";
|
||||
darwinPlatform = "ios-simulator";
|
||||
|
@ -284,7 +284,7 @@ rec {
|
|||
iphone32-simulator = {
|
||||
config = "i686-apple-ios";
|
||||
# config = "i386-apple-darwin11";
|
||||
sdkVer = "14.3";
|
||||
darwinSdkVersion = "14.3";
|
||||
xcodeVer = "12.3";
|
||||
xcodePlatform = "iPhoneSimulator";
|
||||
darwinPlatform = "ios-simulator";
|
||||
|
|
7
third_party/nixpkgs/lib/tests/modules.sh
vendored
7
third_party/nixpkgs/lib/tests/modules.sh
vendored
|
@ -534,9 +534,10 @@ checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nix
|
|||
checkConfigError 'A submoduleWith option is declared multiple times with conflicting class values "darwin" and "nixos".' config.sub.mergeFail.config ./class-check.nix
|
||||
|
||||
# _type check
|
||||
checkConfigError 'Could not load a value as a module, because it is of type "flake", in file .*/module-imports-_type-check.nix' config.ok.config ./module-imports-_type-check.nix
|
||||
checkConfigOutput '^true$' "$@" config.enable ./declare-enable.nix ./define-enable-with-top-level-mkIf.nix
|
||||
checkConfigError 'Could not load a value as a module, because it is of type "configuration", in file .*/import-configuration.nix.*please only import the modules that make up the configuration.*' config ./import-configuration.nix
|
||||
checkConfigError 'Expected a module, but found a value of type .*"flake".*, while trying to load a module into .*/module-imports-_type-check.nix' config.ok.config ./module-imports-_type-check.nix
|
||||
checkConfigOutput '^true$' config.enable ./declare-enable.nix ./define-enable-with-top-level-mkIf.nix
|
||||
checkConfigError 'Expected a module, but found a value of type .*"configuration".*, while trying to load a module into .*/import-configuration.nix.' config ./import-configuration.nix
|
||||
checkConfigError 'please only import the modules that make up the configuration' config ./import-configuration.nix
|
||||
|
||||
# doRename works when `warnings` does not exist.
|
||||
checkConfigOutput '^1234$' config.c.d.e ./doRename-basic.nix
|
||||
|
|
1
third_party/nixpkgs/lib/tests/systems.nix
vendored
1
third_party/nixpkgs/lib/tests/systems.nix
vendored
|
@ -96,6 +96,7 @@ lib.runTests (
|
|||
canExecute = null;
|
||||
emulator = null;
|
||||
emulatorAvailable = null;
|
||||
staticEmulatorAvailable = null;
|
||||
isCompatible = null;
|
||||
}?${platformAttrName};
|
||||
};
|
||||
|
|
203
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
203
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -1016,6 +1016,12 @@
|
|||
githubId = 50754358;
|
||||
name = "Alex Winter";
|
||||
};
|
||||
alfarel = {
|
||||
email = "alfarelcynthesis@proton.me";
|
||||
github = "alfarelcynthesis";
|
||||
githubId = 104072649;
|
||||
name = "Cynth";
|
||||
};
|
||||
algram = {
|
||||
email = "aliasgram@gmail.com";
|
||||
github = "Algram";
|
||||
|
@ -1028,12 +1034,6 @@
|
|||
githubId = 30437811;
|
||||
name = "Alex Andrews";
|
||||
};
|
||||
alibabzo = {
|
||||
email = "alistair.bill@gmail.com";
|
||||
github = "alistairbill";
|
||||
githubId = 2822871;
|
||||
name = "Alistair Bill";
|
||||
};
|
||||
alirezameskin = {
|
||||
email = "alireza.meskin@gmail.com";
|
||||
github = "alirezameskin";
|
||||
|
@ -1234,6 +1234,12 @@
|
|||
githubId = 37040543;
|
||||
name = "Wroclaw";
|
||||
};
|
||||
amuckstot30 = {
|
||||
email = "amuckstot30@tutanota.com";
|
||||
github = "amuckstot30";
|
||||
githubId = 157274630;
|
||||
name = "amuckstot30";
|
||||
};
|
||||
amyipdev = {
|
||||
email = "amy@amyip.net";
|
||||
github = "amyipdev";
|
||||
|
@ -2041,6 +2047,12 @@
|
|||
github = "auchter";
|
||||
githubId = 1190483;
|
||||
};
|
||||
aucub = {
|
||||
name = "aucub";
|
||||
email = "dr56ekgbb@mozmail.com";
|
||||
github = "aucub";
|
||||
githubId = 78630225;
|
||||
};
|
||||
augustebaum = {
|
||||
email = "auguste.apple@gmail.com";
|
||||
github = "augustebaum";
|
||||
|
@ -2932,6 +2944,14 @@
|
|||
githubId = 3229981;
|
||||
name = "Duncan Fairbanks";
|
||||
};
|
||||
BonusPlay = {
|
||||
name = "Bonus";
|
||||
email = "nixos@bonusplay.pl";
|
||||
matrix = "@bonus:bonusplay.pl";
|
||||
github = "BonusPlay";
|
||||
githubId = 8405359;
|
||||
keys = [ { fingerprint = "8279 6487 A4CA 2A28 E8B3 3CD6 C7F9 9743 6A20 4683"; } ];
|
||||
};
|
||||
booklearner = {
|
||||
name = "booklearner";
|
||||
email = "booklearner@proton.me";
|
||||
|
@ -3286,6 +3306,12 @@
|
|||
{ fingerprint = "8916 F727 734E 77AB 437F A33A 19AB 76F5 CEE1 1392"; }
|
||||
];
|
||||
};
|
||||
CaiqueFigueiredo = {
|
||||
email = "public@caiquefigueiredo.me";
|
||||
github = "caiquefigueiredo";
|
||||
githubId = 20440897;
|
||||
name = "Caique";
|
||||
};
|
||||
CaitlinDavitt = {
|
||||
email = "CaitlinDavitt@gmail.com";
|
||||
github = "CaitlinDavitt";
|
||||
|
@ -5016,6 +5042,12 @@
|
|||
github = "definfo";
|
||||
githubId = 66514911;
|
||||
};
|
||||
deftdawg = {
|
||||
name = "DeftDawg";
|
||||
github = "deftdawg";
|
||||
email = "deftdawg@gmail.com";
|
||||
githubId = 4991612;
|
||||
};
|
||||
deifactor = {
|
||||
name = "Ash Zahlen";
|
||||
email = "ext0l@riseup.net";
|
||||
|
@ -5579,6 +5611,12 @@
|
|||
name = "Misha Gusarov";
|
||||
keys = [ { fingerprint = "A8DF 1326 9E5D 9A38 E57C FAC2 9D20 F650 3E33 8888"; } ];
|
||||
};
|
||||
dottybot = {
|
||||
name = "Scala Organization (dottybot)";
|
||||
email = "dottybot@groupes.epfl.ch";
|
||||
github = "dottybot";
|
||||
githubId = 12519979;
|
||||
};
|
||||
dpaetzel = {
|
||||
email = "david.paetzel@posteo.de";
|
||||
github = "dpaetzel";
|
||||
|
@ -6590,6 +6628,13 @@
|
|||
githubId = 195032;
|
||||
name = "Eric Evenchick";
|
||||
};
|
||||
eveeifyeve = {
|
||||
name = "Eveeifyeve";
|
||||
github = "eveeifyeve";
|
||||
githubId = 88671402;
|
||||
matrix = "@eveeifyeve:matrix.org";
|
||||
email = "eveeg1971@gmail.com";
|
||||
};
|
||||
evenbrenden = {
|
||||
email = "packages@anythingexternal.com";
|
||||
github = "evenbrenden";
|
||||
|
@ -6926,6 +6971,12 @@
|
|||
{ fingerprint = "elY15tXap1tddxbBVoUoAioe1u0RDWti5rc9cauSmwo"; }
|
||||
];
|
||||
};
|
||||
figboy9 = {
|
||||
email = "figboy9@tuta.io";
|
||||
github = "figboy9";
|
||||
githubId = 52276064;
|
||||
name = "figboy9";
|
||||
};
|
||||
figsoda = {
|
||||
email = "figsoda@pm.me";
|
||||
matrix = "@figsoda:matrix.org";
|
||||
|
@ -8206,6 +8257,12 @@
|
|||
githubId = 1742172;
|
||||
name = "Hamish Hutchings";
|
||||
};
|
||||
hamzaremmal = {
|
||||
email = "hamza.remmal@epfl.ch";
|
||||
github = "hamzaremmal";
|
||||
githubId = 56235032;
|
||||
name = "Hamza Remmal";
|
||||
};
|
||||
hanemile = {
|
||||
email = "mail@emile.space";
|
||||
github = "HanEmile";
|
||||
|
@ -8363,6 +8420,12 @@
|
|||
githubId = 287769;
|
||||
name = "Sergii Paryzhskyi";
|
||||
};
|
||||
hehongbo = {
|
||||
name = "Hongbo";
|
||||
github = "hehongbo";
|
||||
githubId = 665472;
|
||||
matrix = "@hehongbo:matrix.org";
|
||||
};
|
||||
heijligen = {
|
||||
email = "src@posteo.de";
|
||||
github = "heijligen";
|
||||
|
@ -8460,6 +8523,11 @@
|
|||
githubId = 15121114;
|
||||
name = "Tom Herbers";
|
||||
};
|
||||
herschenglime = {
|
||||
github = "Herschenglime";
|
||||
githubId = 69494718;
|
||||
name = "Herschenglime";
|
||||
};
|
||||
hexa = {
|
||||
email = "hexa@darmstadt.ccc.de";
|
||||
matrix = "@hexa:lossy.network";
|
||||
|
@ -9377,6 +9445,13 @@
|
|||
github = "jacbart";
|
||||
githubId = 7909687;
|
||||
};
|
||||
jacekpoz = {
|
||||
name = "Jacek Poziemski";
|
||||
email = "jacekpoz@proton.me";
|
||||
matrix = "@jacekpoz:jacekpoz.pl";
|
||||
github = "jacekpoz";
|
||||
githubId = 64381190;
|
||||
};
|
||||
jacfal = {
|
||||
name = "Jakub Pravda";
|
||||
email = "me@jakubpravda.net";
|
||||
|
@ -10704,6 +10779,13 @@
|
|||
githubId = 46386452;
|
||||
name = "Jeroen Wijenbergh";
|
||||
};
|
||||
jwillikers = {
|
||||
email = "jordan@jwillikers.com";
|
||||
github = "jwillikers";
|
||||
githubId = 19399197;
|
||||
name = "Jordan Williams";
|
||||
keys = [ { fingerprint = "A6AB 406A F5F1 DE02 CEA3 B6F0 9FB4 2B0E 7F65 7D8C"; } ];
|
||||
};
|
||||
jwygoda = {
|
||||
email = "jaroslaw@wygoda.me";
|
||||
github = "jwygoda";
|
||||
|
@ -11354,6 +11436,12 @@
|
|||
githubId = 787421;
|
||||
name = "Kevin Quick";
|
||||
};
|
||||
kraanzu = {
|
||||
name = "Murli Tawari";
|
||||
email = "kraanzu@gmail.com";
|
||||
github = "kraanzu";
|
||||
githubId = 97718086;
|
||||
};
|
||||
kradalby = {
|
||||
name = "Kristoffer Dalby";
|
||||
email = "kristoffer@dalby.cc";
|
||||
|
@ -13956,6 +14044,12 @@
|
|||
githubId = 4587373;
|
||||
name = "Mitchell Nordine";
|
||||
};
|
||||
mithicspirit = {
|
||||
email = "rpc01234@gmail.com";
|
||||
github = "MithicSpirit";
|
||||
githubId = 24192522;
|
||||
name = "MithicSpirit";
|
||||
};
|
||||
mjanczyk = {
|
||||
email = "m@dragonvr.pl";
|
||||
github = "mjanczyk";
|
||||
|
@ -14127,6 +14221,12 @@
|
|||
githubId = 754512;
|
||||
name = "Mogria";
|
||||
};
|
||||
mohe2015 = {
|
||||
name = "Moritz Hedtke";
|
||||
email = "Moritz.Hedtke@t-online.de";
|
||||
github = "mohe2015";
|
||||
githubId = 13287984;
|
||||
};
|
||||
momeemt = {
|
||||
name = "Mutsuha Asada";
|
||||
email = "me@momee.mt";
|
||||
|
@ -14204,6 +14304,12 @@
|
|||
githubId = 42215704;
|
||||
name = "Moritz Böhme";
|
||||
};
|
||||
mortenmunk = {
|
||||
email = "mortenmunk97@gmail.com";
|
||||
github = "MortenMunk";
|
||||
githubId = 92527083;
|
||||
name = "Morten Munk";
|
||||
};
|
||||
MostAwesomeDude = {
|
||||
email = "cds@corbinsimpson.com";
|
||||
github = "MostAwesomeDude";
|
||||
|
@ -14633,6 +14739,12 @@
|
|||
githubId = 6709831;
|
||||
name = "Jake Hill";
|
||||
};
|
||||
nartsiss = {
|
||||
name = "Daniil Nartsissov";
|
||||
email = "nartsiss@proton.me";
|
||||
github = "nartsisss";
|
||||
githubId = 54633007;
|
||||
};
|
||||
nasageek = {
|
||||
github = "NasaGeek";
|
||||
githubId = 474937;
|
||||
|
@ -14673,6 +14785,13 @@
|
|||
githubId = 818502;
|
||||
name = "Nathan Yong";
|
||||
};
|
||||
natsukagami = {
|
||||
email = "natsukagami@gmail.com";
|
||||
github = "natsukagami";
|
||||
githubId = 9061737;
|
||||
name = "Natsu Kagami";
|
||||
keys = [ { fingerprint = "5581 26DC 886F E14D 501D B0F2 D6AD 7B57 A992 460C"; } ];
|
||||
};
|
||||
natsukium = {
|
||||
email = "nixpkgs@natsukium.com";
|
||||
github = "natsukium";
|
||||
|
@ -15192,6 +15311,11 @@
|
|||
github = "noaccOS";
|
||||
githubId = 24324352;
|
||||
};
|
||||
noahgitsham = {
|
||||
name = "Noah Gitsham";
|
||||
github = "noahgitsham";
|
||||
githubId = 73707948;
|
||||
};
|
||||
nobbz = {
|
||||
name = "Norbert Melzer";
|
||||
email = "timmelzer+nixpkgs@gmail.com";
|
||||
|
@ -15717,12 +15841,6 @@
|
|||
github = "ony";
|
||||
githubId = 11265;
|
||||
};
|
||||
oo-infty = {
|
||||
name = "Justin Chen";
|
||||
email = "oo-infty@outlook.com";
|
||||
github = "oo-infty";
|
||||
githubId = 42143810;
|
||||
};
|
||||
ooliver1 = {
|
||||
name = "Oliver Wilkes";
|
||||
email = "oliverwilkes2006@icloud.com";
|
||||
|
@ -15730,6 +15848,12 @@
|
|||
githubId = 34910574;
|
||||
keys = [ { fingerprint = "D055 8A23 3947 B7A0 F966 B07F 0B41 0348 9833 7273"; } ];
|
||||
};
|
||||
oosquare = {
|
||||
name = "Justin Chen";
|
||||
email = "oosquare@outlook.com";
|
||||
github = "oosquare";
|
||||
githubId = 42143810;
|
||||
};
|
||||
opeik = {
|
||||
email = "sandro@stikic.com";
|
||||
github = "opeik";
|
||||
|
@ -16299,6 +16423,12 @@
|
|||
githubId = 29493551;
|
||||
name = "Josh Peters";
|
||||
};
|
||||
petertriho = {
|
||||
email = "mail@petertriho.com";
|
||||
github = "petertriho";
|
||||
githubId = 7420227;
|
||||
name = "Peter Tri Ho";
|
||||
};
|
||||
peterwilli = {
|
||||
email = "peter@codebuffet.co";
|
||||
github = "peterwilli";
|
||||
|
@ -16582,6 +16712,12 @@
|
|||
githubId = 14542417;
|
||||
name = "Sergey Ichtchenko";
|
||||
};
|
||||
pizzapim = {
|
||||
email = "pim@kunis.nl";
|
||||
github = "pizzapim";
|
||||
githubId = 23135512;
|
||||
name = "Pim Kunis";
|
||||
};
|
||||
pjbarnoy = {
|
||||
email = "pjbarnoy@gmail.com";
|
||||
github = "waaamb";
|
||||
|
@ -17478,6 +17614,12 @@
|
|||
githubId = 5653911;
|
||||
name = "Rampoina";
|
||||
};
|
||||
rane = {
|
||||
email = "rane+nix@junkyard.systems";
|
||||
github = "digitalrane";
|
||||
githubId = 1829286;
|
||||
name = "Rane";
|
||||
};
|
||||
ranfdev = {
|
||||
email = "ranfdev@gmail.com";
|
||||
name = "Lorenzo Miglietta";
|
||||
|
@ -17559,6 +17701,12 @@
|
|||
githubId = 145816;
|
||||
name = "David McKay";
|
||||
};
|
||||
rayhem = {
|
||||
email = "glosser1@gmail.com";
|
||||
github = "rayhem";
|
||||
githubId = 49202382;
|
||||
name = "Connor Glosser";
|
||||
};
|
||||
raylas = {
|
||||
email = "r@raymond.sh";
|
||||
github = "raylas";
|
||||
|
@ -18356,6 +18504,11 @@
|
|||
githubId = 56157634;
|
||||
name = "Ruben Hönle";
|
||||
};
|
||||
rubikcubed = {
|
||||
github = "rubikcubed";
|
||||
githubId = 91467402;
|
||||
name = "rubikcubed";
|
||||
};
|
||||
ruby0b = {
|
||||
github = "ruby0b";
|
||||
githubId = 106119328;
|
||||
|
@ -18709,6 +18862,13 @@
|
|||
githubId = 34161949;
|
||||
keys = [ { fingerprint = "155C F413 0129 C058 9A5F 5524 3658 73F2 F0C6 153B"; } ];
|
||||
};
|
||||
sanana = {
|
||||
email = "asya@waifu.club";
|
||||
github = "AsyaTheAbove";
|
||||
githubId = 40492846;
|
||||
keys = [ { fingerprint = "B766 7717 1644 5ABC DE82 94AA 4679 BF7D CC04 4783"; } ];
|
||||
name = "sanana the skenana";
|
||||
};
|
||||
sander = {
|
||||
email = "s.vanderburg@tudelft.nl";
|
||||
github = "svanderburg";
|
||||
|
@ -18907,6 +19067,12 @@
|
|||
githubId = 11320;
|
||||
name = "Sergiu Ivanov";
|
||||
};
|
||||
scraptux = {
|
||||
email = "git@thomasjasny.de";
|
||||
github = "scraptux";
|
||||
githubId = 12714892;
|
||||
name = "Thomas Jasny";
|
||||
};
|
||||
screendriver = {
|
||||
email = "nix@echooff.de";
|
||||
github = "screendriver";
|
||||
|
@ -22604,6 +22770,12 @@
|
|||
githubId = 24979302;
|
||||
name = "Vladimír Zahradník";
|
||||
};
|
||||
wgunderwood = {
|
||||
email = "wg.underwood13@gmail.com";
|
||||
github = "WGUNDERWOOD";
|
||||
githubId = 42812654;
|
||||
name = "William Underwood";
|
||||
};
|
||||
wheelsandmetal = {
|
||||
email = "jakob@schmutz.co.uk";
|
||||
github = "wheelsandmetal";
|
||||
|
@ -23634,6 +23806,13 @@
|
|||
githubId = 1108325;
|
||||
name = "Théo Zimmermann";
|
||||
};
|
||||
zimward = {
|
||||
name = "zimward";
|
||||
github = "zimward";
|
||||
githubId = 96021122;
|
||||
matrix = "@memoryfragmentation:matrix.org";
|
||||
keys = [ { fingerprint = "CBF7 FA5E F4B5 8B68 5977 3E3E 4CAC 61D6 A482 FCD9"; } ];
|
||||
};
|
||||
zlepper = {
|
||||
name = "Rasmus Hansen";
|
||||
github = "zlepper";
|
||||
|
|
13
third_party/nixpkgs/maintainers/team-list.nix
vendored
13
third_party/nixpkgs/maintainers/team-list.nix
vendored
|
@ -1022,6 +1022,19 @@ with lib.maintainers;
|
|||
shortName = "WDZ GmbH";
|
||||
};
|
||||
|
||||
xen = {
|
||||
members = [
|
||||
hehongbo
|
||||
lach
|
||||
rane
|
||||
sigmasquadron
|
||||
];
|
||||
scope = "Maintain the Xen Project Hypervisor and the related tooling ecosystem.";
|
||||
shortName = "Xen Project Hypervisor";
|
||||
enableFeatureFreezePing = true;
|
||||
githubTeams = [ "xen-project" ];
|
||||
};
|
||||
|
||||
xfce = {
|
||||
members = [
|
||||
bobby285271
|
||||
|
|
4
third_party/nixpkgs/nixos/README.md
vendored
4
third_party/nixpkgs/nixos/README.md
vendored
|
@ -80,6 +80,7 @@ Reviewing process:
|
|||
|
||||
- Ensure that all file paths [fit the guidelines](../CONTRIBUTING.md#file-naming-and-organisation).
|
||||
- Ensure that the module tests, if any, are succeeding.
|
||||
- Ensure that new module tests are added to the package `passthru.tests`.
|
||||
- Ensure that the introduced options are correct.
|
||||
- Type should be appropriate (string related types differs in their merging capabilities, `loaOf` and `string` types are deprecated).
|
||||
- Description, default and example should be provided.
|
||||
|
@ -95,7 +96,8 @@ Sample template for a new module review is provided below.
|
|||
##### Reviewed points
|
||||
|
||||
- [ ] module path fits the guidelines
|
||||
- [ ] module tests succeed on ARCHITECTURE
|
||||
- [ ] module tests, if any, succeed on ARCHITECTURE
|
||||
- [ ] module tests, if any, are added to package `passthru.tests`
|
||||
- [ ] options have appropriate types
|
||||
- [ ] options have default
|
||||
- [ ] options have example
|
||||
|
|
|
@ -133,20 +133,3 @@ This section was moved to the [Nixpkgs manual](https://nixos.org/nixpkgs/manual#
|
|||
It's a common issue that the latest stable version of ZFS doesn't support the latest
|
||||
available Linux kernel. It is recommended to use the latest available LTS that's compatible
|
||||
with ZFS. Usually this is the default kernel provided by nixpkgs (i.e. `pkgs.linuxPackages`).
|
||||
|
||||
Alternatively, it's possible to pin the system to the latest available kernel
|
||||
version _that is supported by ZFS_ like this:
|
||||
|
||||
```nix
|
||||
{
|
||||
boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
|
||||
}
|
||||
```
|
||||
|
||||
Please note that the version this attribute points to isn't monotonic because the latest kernel
|
||||
version only refers to kernel versions supported by the Linux developers. In other words,
|
||||
the latest kernel version that ZFS is compatible with may decrease over time.
|
||||
|
||||
An example: the latest version ZFS is compatible with is 5.19 which is a non-longterm version. When 5.19
|
||||
is out of maintenance, the latest supported kernel version is 5.15 because it's longterm and the versions
|
||||
5.16, 5.17 and 5.18 are already out of maintenance because they're non-longterm.
|
||||
|
|
|
@ -17,6 +17,10 @@
|
|||
[2.24](https://nix.dev/manual/nix/latest/release-notes/rl-2.24).
|
||||
Notable changes include improvements to Git fetching, documentation comment support in `nix-repl> :doc`, as well as many quality of life improvements.
|
||||
|
||||
- This will be the last release of Nixpkgs to support versions of CUDA prior to CUDA 12.0.
|
||||
These versions only work with old compiler versions that will be unsupported by the time of the Nixpkgs 25.05 release.
|
||||
In future, users should expect CUDA versions to be dropped as the compiler versions they require leave upstream support windows.
|
||||
|
||||
- Convenience options for `amdgpu`, open source driver for Radeon cards, is now available under `hardware.amdgpu`.
|
||||
|
||||
- [AMDVLK](https://github.com/GPUOpen-Drivers/AMDVLK), AMD's open source Vulkan driver, is now available to be configured as `hardware.amdgpu.amdvlk` option.
|
||||
|
@ -49,13 +53,13 @@
|
|||
- Support for mounting filesystems from block devices protected with [dm-verity](https://docs.kernel.org/admin-guide/device-mapper/verity.html)
|
||||
was added through the `boot.initrd.systemd.dmVerity` option.
|
||||
|
||||
- The [Xen Hypervisor](https://xenproject.org) is once again available as a virtualisation option under [`virtualisation.xen`](#opt-virtualisation.xen.enable).
|
||||
- The [Xen Project Hypervisor](https://xenproject.org) is once again available as a virtualisation option under [`virtualisation.xen`](#opt-virtualisation.xen.enable).
|
||||
- This release includes Xen [4.17.5](https://wiki.xenproject.org/wiki/Xen_Project_4.17_Release_Notes), [4.18.3](https://wiki.xenproject.org/wiki/Xen_Project_4.18_Release_Notes) and [4.19.0](https://wiki.xenproject.org/wiki/Xen_Project_4.19_Release_Notes), as well as support for booting the hypervisor on EFI systems.
|
||||
::: {.warning}
|
||||
Booting into Xen through a legacy BIOS bootloader or with the legacy script-based Stage 1 initrd have been **deprecated**. Only EFI booting and the new systemd-based Stage 1 initrd are supported.
|
||||
Booting into the Xen Project Hypervisor through a legacy BIOS bootloader or with the legacy script-based Stage 1 initrd have been **deprecated**. Only EFI booting and the new systemd-based Stage 1 initrd are supported.
|
||||
:::
|
||||
- There are two flavours of Xen available by default: `xen`, which includes all built-in components, and `xen-slim`, which replaces the built-in components with their Nixpkgs equivalents.
|
||||
- The `qemu-xen-traditional` component has been deprecated by upstream Xen, and is no longer available in any of the Xen packages.
|
||||
- The `qemu-xen-traditional` component has been deprecated by the upstream Xen Project, and is no longer available in any of the Xen Project Hypervisor packages.
|
||||
- The OCaml-based Xen Store can now be configured using [`virtualisation.xen.store.settings`](#opt-virtualisation.xen.store.settings).
|
||||
- The `virtualisation.xen.bridge` options have been deprecated in this release cycle. Users who need network bridges are encouraged to set up their own networking configurations.
|
||||
|
||||
|
@ -69,6 +73,8 @@
|
|||
|
||||
- [Goatcounter](https://www.goatcounter.com/), Easy web analytics. No tracking of personal data. Available as [services.goatcounter](options.html#opt-services.goatcocunter.enable).
|
||||
|
||||
- [Privatebin](https://github.com/PrivateBin/PrivateBin/), A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Available as [services.privatebin](#opt-services.privatebin.enable)
|
||||
|
||||
- [UWSM](https://github.com/Vladimir-csp/uwsm), a wayland session manager to wrap Wayland Compositors into useful systemd units such as `graphical-session.target`. Available as [programs.uwsm](#opt-programs.uwsm.enable).
|
||||
|
||||
- [Open-WebUI](https://github.com/open-webui/open-webui), a user-friendly WebUI
|
||||
|
@ -81,9 +87,11 @@
|
|||
user management. This can be used instead of the `update-users-groups.pl`
|
||||
Perl script and instead of systemd-sysusers. To achieve a system without
|
||||
Perl, this is the now recommended tool over systemd-sysusers because it can
|
||||
alos create normal users and change passwords. Available as
|
||||
also create normal users and change passwords. Available as
|
||||
[services.userborn](#opt-services.userborn.enable)
|
||||
|
||||
- [Hatsu](https://github.com/importantimport/hatsu), a self-hosted bridge that interacts with Fediverse on behalf of your static site. Available as [services.hatsu](options.html#opt-services.hatsu).
|
||||
|
||||
- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood).
|
||||
|
||||
- [Firefly-iii Data Importer](https://github.com/firefly-iii/data-importer), a data importer for Firefly-III. Available as [services.firefly-iii-data-importer](options.html#opt-services.firefly-iii-data-importer)
|
||||
|
@ -108,6 +116,8 @@
|
|||
|
||||
- [zeronsd](https://github.com/zerotier/zeronsd), a DNS server for ZeroTier users. Available with [services.zeronsd.servedNetworks](#opt-services.zeronsd.servedNetworks).
|
||||
|
||||
- [Collabora Online](https://www.collaboraonline.com/), a collaborative online office suite based on LibreOffice technology. Available as [services.collabora-online](options.html#opt-services.collabora-online.enable).
|
||||
|
||||
- [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a web ui for connecting devices. Available at [services.wg-access-server](#opt-services.wg-access-server.enable).
|
||||
|
||||
- [Pingvin Share](https://github.com/stonith404/pingvin-share), a self-hosted file sharing platform and an alternative for WeTransfer. Available as [services.pingvin-share](#opt-services.pingvin-share.enable).
|
||||
|
@ -116,12 +126,16 @@
|
|||
|
||||
- [Localsend](https://localsend.org/), an open source cross-platform alternative to AirDrop. Available as [programs.localsend](#opt-programs.localsend.enable).
|
||||
|
||||
- [Gatus](https://github.com/TwiN/gatus), an automated developer-oriented status page. Available as [services.gatus](#opt-services.gatus.enable).
|
||||
|
||||
- [cryptpad](https://cryptpad.org/), a privacy-oriented collaborative platform (docs/drive/etc), has been added back. Available as [services.cryptpad](#opt-services.cryptpad.enable).
|
||||
|
||||
- [realm](https://github.com/zhboner/realm), a simple, high performance relay server written in rust. Available as [services.realm.enable](#opt-services.realm.enable).
|
||||
|
||||
- [Gotenberg](https://gotenberg.dev), an API server for converting files to PDFs that can be used alongside Paperless-ngx. Available as [services.gotenberg](options.html#opt-services.gotenberg).
|
||||
|
||||
- [Suricata](https://suricata.io/), a free and open source, mature, fast and robust network threat detection engine. Available as [services.suricata](options.html#opt-services.suricata).
|
||||
|
||||
- [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld).
|
||||
|
||||
- [MenhirLib](https://gitlab.inria.fr/fpottier/menhir/-/tree/master/coq-menhirlib) A support library for verified Coq parsers produced by Menhir.
|
||||
|
@ -153,8 +167,22 @@
|
|||
|
||||
- [Immich](https://github.com/immich-app/immich), a self-hosted photo and video backup solution. Available as [services.immich](#opt-services.immich.enable).
|
||||
|
||||
- [obs-studio](https://obsproject.com/), Free and open source software for video recording and live streaming. Available as [programs.obs-studio.enable](#opt-programs.obs-studio.enable).
|
||||
|
||||
- [Veilid](https://veilid.com), a headless server that enables privacy-focused data sharing and messaging on a peer-to-peer network. Available as [services.veilid](#opt-services.veilid.enable).
|
||||
|
||||
- [Fedimint](https://github.com/fedimint/fedimint), a module based system for building federated applications (Federated E-Cash Mint). Available as [services.fedimintd](#opt-services.fedimintd).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
|
||||
|
||||
- The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details.
|
||||
|
||||
- The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver.
|
||||
|
||||
- All Cinnamon and XApp packages have been moved to top-level (i.e., `cinnamon.nemo` is now `nemo`).
|
||||
|
||||
- All GNOME packages have been moved to top-level (i.e., `gnome.nautilus` is now `nautilus`).
|
||||
|
||||
- `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:
|
||||
- `transmission-gtk`: `~/.config/transmission`
|
||||
- `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`)
|
||||
|
@ -167,6 +195,8 @@
|
|||
|
||||
- `services.kubernetes.kubelet.clusterDns` now accepts a list of DNS resolvers rather than a single string, bringing the module more in line with the upstream Kubelet configuration schema.
|
||||
|
||||
- `bluemap` has changed the format used to store map tiles, and the database layout has been heavily modified. Upstream recommends a clean reinstallation: <https://github.com/BlueMap-Minecraft/BlueMap/releases/tag/v5.2>. Unless you are using an SQL storage backend, this should only entail deleting the contents of `config.services.bluemap.coreSettings.data` (defaults to `/var/lib/bluemap`) and `config.services.bluemap.webRoot` (defaults to `/var/lib/bluemap/web`).
|
||||
|
||||
- `wstunnel` has had a major version upgrade that entailed rewriting the program in Rust.
|
||||
The module was updated to accommodate for breaking changes.
|
||||
Breaking changes to the module API were minimised as much as possible,
|
||||
|
@ -203,6 +233,9 @@
|
|||
|
||||
- The logrotate service has received hardening and now requires enabling `allowNetworking`, if logrotate needs to access the network.
|
||||
|
||||
- qBittorrent has been updated to major version 5, which drops support for Qt 5.
|
||||
The `qbittorrent-qt5` package has been removed.
|
||||
|
||||
- The fcgiwrap module now allows multiple instances running as distinct users.
|
||||
The option `services.fgciwrap` now takes an attribute set of the
|
||||
configuration of each individual instance.
|
||||
|
@ -216,8 +249,6 @@
|
|||
- The `mautrix-signal` module was adapted to incorporate the configuration rearrangement that resulted from the update to the mautrix bridgev2 architecture. Pre-0.7.0 configurations should continue to work.
|
||||
In case you want to update your configuration make sure to check the NixOS manual.
|
||||
|
||||
- The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver.
|
||||
|
||||
- `singularity-tools` have the `storeDir` argument removed from its override interface and use `builtins.storeDir` instead.
|
||||
|
||||
- Two build helpers in `singularity-tools`, i.e., `mkLayer` and `shellScript`, are deprecated, as they are no longer involved in image-building. Maintainers will remove them in future releases.
|
||||
|
@ -231,10 +262,6 @@
|
|||
- The method to safely handle secrets in the `networking.wireless` module has been changed to benefit from a [new feature](https://w1.fi/cgit/hostap/commit/?id=e680a51e94a33591f61edb210926bcb71217a21a) of wpa_supplicant.
|
||||
The syntax to refer to secrets has changed slightly and the option `networking.wireless.environmentFile` has been replaced by `networking.wireless.secretsFile`; see the description of the latter for how to upgrade.
|
||||
|
||||
- All Cinnamon and XApp packages have been moved to top-level (i.e., `cinnamon.nemo` is now `nemo`).
|
||||
|
||||
- All GNOME packages have been moved to top-level (i.e., `gnome.nautilus` is now `nautilus`).
|
||||
|
||||
- `services.cgit` now runs as the cgit user by default instead of root.
|
||||
This change requires granting access to the repositories to this user or
|
||||
setting the appropriate one through `services.cgit.some-instance.user`.
|
||||
|
@ -289,6 +316,12 @@
|
|||
|
||||
- `tests.overriding` has its `passthru.tests` restructured as an attribute set instead of a list, making individual tests accessible by their names.
|
||||
|
||||
- Package `skk-dict` was split into multiple packages under `skkDictionaries`.
|
||||
If in doubt, try `skkDictionaries.l`. As part of this change, the dictionaries
|
||||
were moved from `$out/share` to `$out/share/skk`. Also, the dictionaries won't
|
||||
be converted to UTF-8 unless the `useUtf8` package option is enabled. UTF-8
|
||||
converted dictionaries will have the .utf8 suffix appended to its filename.
|
||||
|
||||
- `vaultwarden` lost the capability to bind to privileged ports. If you rely on
|
||||
this behavior, override the systemd unit to allow `CAP_NET_BIND_SERVICE` in
|
||||
your local configuration.
|
||||
|
@ -300,6 +333,15 @@
|
|||
a static `user` and `group`. The `writablePaths` option has been removed and
|
||||
the models directory is now always exempt from sandboxing.
|
||||
|
||||
- The `gns3-server` service now runs under the `gns3` system user
|
||||
instead of a dynamically created one via `DynamicUser`.
|
||||
The use of SUID wrappers is incompatible with SystemD's `DynamicUser` setting,
|
||||
and GNS3 requires calling ubridge through its SUID wrapper to function properly.
|
||||
This change requires to manually move the following directories:
|
||||
* from `/var/lib/private/gns3` to `/var/lib/gns3`
|
||||
* from `/var/log/private/gns3` to `/var/log/gns3`
|
||||
and to change the ownership of these directories and their contents to `gns3` (including `/etc/gns3`).
|
||||
|
||||
- Legacy package `stalwart-mail_0_6` was dropped, please note the
|
||||
[manual upgrade process](https://github.com/stalwartlabs/mail-server/blob/main/UPGRADING.md)
|
||||
before changing the package to `pkgs.stalwart-mail` in
|
||||
|
@ -390,6 +432,8 @@
|
|||
- `zx` was updated to v8, which introduces several breaking changes.
|
||||
See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information.
|
||||
|
||||
- `feishin` removed support for Navidrome `< v0.53.2` due to an API change; more information in the [v0.10.0 release notes](https://github.com/jeffvli/feishin/releases/tag/v0.10.0).
|
||||
|
||||
- The `dnscrypt-wrapper` module was removed since the project has been effectively unmaintained since 2018; moreover the NixOS module had to rely on an abandoned version of dnscrypt-proxy v1 for the rotation of keys.
|
||||
To wrap a resolver with DNSCrypt you can instead use `dnsdist`. See options `services.dnsdist.dnscrypt.*`
|
||||
|
||||
|
@ -415,6 +459,8 @@
|
|||
|
||||
- `programs.vim.defaultEditor` now only works if `programs.vim.enable` is enabled.
|
||||
|
||||
- `services.mautrix-meta` was updated to [0.4](https://github.com/mautrix/meta/releases/tag/v0.4.0). This release makes significant changes to the settings format. If you have custom settings you should migrate them to the new format. Unfortunately upstream provides little guidance for how to do this, but [the auto-migration code](https://github.com/mautrix/meta/blob/f5440b05aac125b4c95b1af85635a717cbc6dd0e/cmd/mautrix-meta/legacymigrate.go#L23) may serve as a useful reference. The NixOS module should warn you if you still have any old settings configured.
|
||||
|
||||
- The `indi-full` package no longer contains non-free drivers.
|
||||
To get the old collection of drivers use `indi-full-nonfree` or create your own collection of drivers by overriding indi-with-drivers.
|
||||
E.g.: `pkgs.indi-with-drivers.override {extraDrivers = with pkgs.indi-3rdparty; [indi-gphoto];}`
|
||||
|
@ -432,8 +478,6 @@
|
|||
|
||||
- `services.roundcube.maxAttachmentSize` will multiply the value set with `1.37` to offset overhead introduced by the base64 encoding applied to attachments.
|
||||
|
||||
- The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details.
|
||||
|
||||
- The `services.mxisd` module has been removed as both [mxisd](https://github.com/kamax-matrix/mxisd) and [ma1sd](https://github.com/ma1uta/ma1sd) are not maintained any longer.
|
||||
Consequently the package `pkgs.ma1sd` has also been removed.
|
||||
|
||||
|
@ -470,7 +514,7 @@
|
|||
- The `services.syncplay` module now exposes all currently available command-line arguments for `syncplay-server` as options, as well as a `useACMEHost` option for easy TLS setup.
|
||||
The systemd service now uses `DynamicUser`/`StateDirectory` and the `user` and `group` options have been deprecated.
|
||||
|
||||
- The `openlens` package got removed, suggested replacment `lens-desktop`
|
||||
- The `openlens` package got removed, suggested replacement `lens-desktop`
|
||||
|
||||
- The `services.dnsmasq.extraConfig` option has been removed, as it had been deprecated for over 2 years. This option has been replaced by `services.dnsmasq.settings`.
|
||||
|
||||
|
@ -516,6 +560,9 @@
|
|||
|
||||
- `lib.misc.mapAttrsFlatten` is now formally deprecated and will be removed in future releases; use the identical [`lib.attrsets.mapAttrsToList`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.mapAttrsToList) instead.
|
||||
|
||||
- Tailscale's `authKeyFile` can now have its corresponding parameters set through `config.services.tailscale.authKeyParameters`, allowing for non-ephemeral unsupervised deployment and more.
|
||||
See [Registering new nodes using OAuth credentials](https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials) for the supported options.
|
||||
|
||||
- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.
|
||||
|
||||
- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.
|
||||
|
@ -524,6 +571,22 @@
|
|||
|
||||
- The kubelet configuration file can now be amended with arbitrary additional content using the `services.kubernetes.kubelet.extraConfig` option.
|
||||
|
||||
- The `services.seafile` module was updated to major version 11.
|
||||
- As part of this upgrade, the database backend will be migrated to MySQL.
|
||||
This process should be automatic, but in case of a botched migration,
|
||||
old sqlite files are not removed and can be used to manually migrate the database.
|
||||
- Additionally, the updated CSRF protection may prevent some users from logging in.
|
||||
Specific origin addresses can be whitelisted using the `services.seafile.seahubExtraConf` option
|
||||
(e.g. `services.seafile.seahubExtraConf = ''CSRF_TRUSTED_ORIGINS = ["https://example.com"]'';`).
|
||||
Note that first solution of the [official FAQ answer](https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000&row-id=BQhH-2HSQs68Nq2EW91DBA)
|
||||
is not allowed by the `services.nginx` module's config-checker.
|
||||
|
||||
- The latest available version of Nextcloud is v30 (available as `pkgs.nextcloud30`). The installation logic is as follows:
|
||||
- If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)
|
||||
- If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud29` will be installed by default.
|
||||
- If [`system.stateVersion`](#opt-system.stateVersion) is >=24.11, `pkgs.nextcloud30` will be installed by default.
|
||||
- Please note that an upgrade from v28 (or older) to v30 directly is not possible. Please upgrade to `nextcloud29` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud29;`](options.html#opt-services.nextcloud.package).
|
||||
|
||||
- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
|
||||
The derivation now installs "impl" headers selectively instead of by a wildcard.
|
||||
Use `imgui.src` if you just want to access the unpacked sources.
|
||||
|
@ -539,6 +602,8 @@
|
|||
- `security.pam.u2f` now follows RFC42.
|
||||
All module options are now settable through the freeform `.settings`.
|
||||
|
||||
- Mikutter was removed because the package was broken and had no maintainers.
|
||||
|
||||
- Gollum was upgraded to major version 6. Read their [migration notes](https://github.com/gollum/gollum/wiki/6.0-Release-Notes).
|
||||
|
||||
- The hooks `yarnConfigHook` and `yarnBuildHook` were added. These should replace `yarn2nix.mkYarnPackage` and other `yarn2nix` related tools. The motivation to get rid of `yarn2nix` tools is the fact that they are too complex and hard to maintain, and they rely upon too much Nix evaluation which is problematic if import-from-derivation is not allowed (see more details at [#296856](https://github.com/NixOS/nixpkgs/issues/296856). The transition from `mkYarnPackage` to `yarn{Config,Build}Hook` is tracked at [#324246](https://github.com/NixOS/nixpkgs/issues/324246).
|
||||
|
@ -560,6 +625,11 @@
|
|||
|
||||
- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
|
||||
|
||||
- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.
|
||||
|
||||
- `cargo-tauri.hook` was introduced to help users build [Tauri](https://tauri.app/) projects. It is meant to be used alongside
|
||||
`rustPlatform.buildRustPackage` and Node hooks such as `npmConfigHook`, `pnpm.configHook`, and the new `yarnConfig`
|
||||
|
||||
- Support for *runner registration tokens* has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872)
|
||||
in `gitlab-runner` 15.6 and is expected to be removed in `gitlab-runner` 18.0. Configuration of existing runners
|
||||
should be changed to using *runner authentication tokens* by configuring
|
||||
|
@ -569,7 +639,9 @@
|
|||
- `iproute2` now has libbpf support.
|
||||
|
||||
- `nix.channel.enable = false` no longer implies `nix.settings.nix-path = []`.
|
||||
Since Nix 2.13, a `nix-path` set in `nix.conf` cannot be overriden by the `NIX_PATH` configuration variable.
|
||||
Since Nix 2.13, a `nix-path` set in `nix.conf` cannot be overridden by the `NIX_PATH` configuration variable.
|
||||
|
||||
- ZFS now imports its pools in `postResumeCommands` rather than `postDeviceCommands`. If you had `postDeviceCommands` scripts that depended on ZFS pools being imported, those now need to be in `postResumeCommands`.
|
||||
|
||||
## Detailed migration information {#sec-release-24.11-migration}
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ in
|
|||
type = "path";
|
||||
path = config.flake.outPath;
|
||||
} // filterAttrs
|
||||
(n: _: n == "lastModified" || n == "rev" || n == "revCount" || n == "narHash")
|
||||
(n: _: n == "lastModified" || n == "rev" || n == "narHash")
|
||||
config.flake
|
||||
));
|
||||
};
|
||||
|
|
|
@ -24,13 +24,21 @@
|
|||
|
||||
config = {
|
||||
|
||||
# This should not contain packages that are broken or can't build, since it
|
||||
# will break this expression
|
||||
#
|
||||
# Currently broken packages:
|
||||
# - contour
|
||||
#
|
||||
# can be generated with:
|
||||
# lib.attrNames (lib.filterAttrs
|
||||
# (_: drv: (builtins.tryEval (lib.isDerivation drv && drv ? terminfo)).value)
|
||||
# pkgs)
|
||||
environment.systemPackages = lib.mkIf config.environment.enableAllTerminfo (map (x: x.terminfo) (with pkgs.pkgsBuildBuild; [
|
||||
environment.systemPackages = lib.mkIf config.environment.enableAllTerminfo (
|
||||
map (x: x.terminfo) (
|
||||
with pkgs.pkgsBuildBuild;
|
||||
[
|
||||
alacritty
|
||||
contour
|
||||
foot
|
||||
kitty
|
||||
mtm
|
||||
|
@ -42,7 +50,9 @@
|
|||
tmux
|
||||
wezterm
|
||||
yaft
|
||||
]));
|
||||
]
|
||||
)
|
||||
);
|
||||
|
||||
environment.pathsToLink = [
|
||||
"/share/terminfo"
|
||||
|
|
|
@ -13,6 +13,14 @@
|
|||
[XDG Icon Theme specification](https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html).
|
||||
'';
|
||||
};
|
||||
xdg.icons.fallbackCursorThemes = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Names of the fallback cursor themes, in order of preference, to be used when no other icon source can be found.
|
||||
Set to `[]` to disable the fallback entirely.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.xdg.icons.enable {
|
||||
|
@ -25,6 +33,15 @@
|
|||
# Empty icon theme that contains index.theme file describing directories
|
||||
# where toolkits should look for icons installed by apps.
|
||||
pkgs.hicolor-icon-theme
|
||||
] ++ lib.optionals (config.xdg.icons.fallbackCursorThemes != []) [
|
||||
(pkgs.writeTextFile {
|
||||
name = "fallback-cursor-theme";
|
||||
text = ''
|
||||
[Icon Theme]
|
||||
Inherits=${lib.concatStringsSep "," config.xdg.icons.fallbackCursorThemes}
|
||||
'';
|
||||
destination = "/share/icons/default/index.theme";
|
||||
})
|
||||
];
|
||||
|
||||
# libXcursor looks for cursors in XCURSOR_PATH
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.hardware.uinput;
|
||||
in {
|
||||
in
|
||||
{
|
||||
options.hardware.uinput = {
|
||||
enable = lib.mkEnableOption "uinput support";
|
||||
};
|
||||
|
@ -10,7 +11,7 @@ in {
|
|||
config = lib.mkIf cfg.enable {
|
||||
boot.kernelModules = [ "uinput" ];
|
||||
|
||||
users.groups.uinput = {};
|
||||
users.groups.uinput.gid = config.ids.gids.uinput;
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
, imageFileBasename
|
||||
, compression
|
||||
, fileSystems
|
||||
, partitionsJSON
|
||||
, finalPartitions
|
||||
, split
|
||||
, seed
|
||||
, definitionsDirectory
|
||||
|
@ -110,7 +110,9 @@ in
|
|||
|
||||
env = mkfsEnv;
|
||||
|
||||
inherit partitionsJSON definitionsDirectory;
|
||||
inherit finalPartitions definitionsDirectory;
|
||||
|
||||
partitionsJSON = builtins.toJSON finalAttrs.finalPartitions;
|
||||
|
||||
# relative path to the repart definitions that are read by systemd-repart
|
||||
finalRepartDefinitions = "repart.d";
|
||||
|
@ -136,7 +138,7 @@ in
|
|||
patchPhase = ''
|
||||
runHook prePatch
|
||||
|
||||
amendedRepartDefinitionsDir=$(${amendRepartDefinitions} $partitionsJSON $definitionsDirectory)
|
||||
amendedRepartDefinitionsDir=$(${amendRepartDefinitions} <(echo "$partitionsJSON") $definitionsDirectory)
|
||||
ln -vs $amendedRepartDefinitionsDir $finalRepartDefinitions
|
||||
|
||||
runHook postPatch
|
||||
|
|
|
@ -163,21 +163,20 @@ in
|
|||
createEmpty = false;
|
||||
}).overrideAttrs
|
||||
(
|
||||
finalAttrs: previousAttrs:
|
||||
let
|
||||
copyUki = "CopyFiles=${config.system.build.uki}/${config.system.boot.loader.ukiFile}:${cfg.ukiPath}";
|
||||
in
|
||||
{
|
||||
finalAttrs: previousAttrs: {
|
||||
# add entry to inject UKI into ESP
|
||||
finalPartitions = lib.recursiveUpdate previousAttrs.finalPartitions {
|
||||
${cfg.partitionIds.esp}.contents = {
|
||||
"${cfg.ukiPath}".source = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
|
||||
};
|
||||
};
|
||||
|
||||
nativeBuildInputs = previousAttrs.nativeBuildInputs ++ [
|
||||
pkgs.systemdUkify
|
||||
verityHashCheck
|
||||
pkgs.jq
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# add entry to inject UKI into ESP
|
||||
echo '${copyUki}' >> $finalRepartDefinitions/${cfg.partitionIds.esp}.conf
|
||||
'';
|
||||
|
||||
preBuild = ''
|
||||
# check that we build the final image with the same intermediate image for
|
||||
# which the injected UKI was built by comparing the UKI cmdline with the repart output
|
||||
|
@ -194,6 +193,24 @@ in
|
|||
chmod +w ${config.image.repart.imageFileBasename}.raw
|
||||
'';
|
||||
|
||||
# replace "TBD" with the original roothash values
|
||||
preInstall = ''
|
||||
mv -v repart-output{.json,_orig.json}
|
||||
|
||||
jq --slurp --indent -1 \
|
||||
'.[0] as $intermediate | .[1] as $final
|
||||
| $intermediate | map(select(.roothash != null) | { "uuid":.uuid,"roothash":.roothash }) as $uuids
|
||||
| $final + $uuids
|
||||
| group_by(.uuid)
|
||||
| map(add)
|
||||
| sort_by(.offset)' \
|
||||
${config.system.build.intermediateImage}/repart-output.json \
|
||||
repart-output_orig.json \
|
||||
> repart-output.json
|
||||
|
||||
rm -v repart-output_orig.json
|
||||
'';
|
||||
|
||||
# the image will be self-contained so we can drop references
|
||||
# to the closure that was used to build it
|
||||
unsafeDiscardReferences.out = true;
|
||||
|
|
|
@ -318,14 +318,12 @@ in
|
|||
format
|
||||
(lib.mapAttrs (_n: v: { Partition = v.repartConfig; }) cfg.finalPartitions);
|
||||
|
||||
partitionsJSON = pkgs.writeText "partitions.json" (builtins.toJSON cfg.finalPartitions);
|
||||
|
||||
mkfsEnv = mkfsOptionsToEnv cfg.mkfsOptions;
|
||||
in
|
||||
pkgs.callPackage ./repart-image.nix {
|
||||
systemd = cfg.package;
|
||||
inherit (cfg) name version imageFileBasename compression split seed sectorSize;
|
||||
inherit fileSystems definitionsDirectory partitionsJSON mkfsEnv;
|
||||
inherit (cfg) name version imageFileBasename compression split seed sectorSize finalPartitions;
|
||||
inherit fileSystems definitionsDirectory mkfsEnv;
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ nikstur willibutz ];
|
||||
|
|
|
@ -8,7 +8,7 @@ let
|
|||
* to a menuentry for use in grub.
|
||||
*
|
||||
* * defaults: {name, image, params, initrd}
|
||||
* * options: [ option... ]
|
||||
* * options: [ option... ]
|
||||
* * option: {name, params, class}
|
||||
*/
|
||||
menuBuilderGrub2 =
|
||||
|
@ -772,9 +772,10 @@ in
|
|||
# here and it causes a cyclic dependency.
|
||||
boot.loader.grub.enable = false;
|
||||
|
||||
environment.systemPackages = [ grubPkgs.grub2 grubPkgs.grub2_efi ]
|
||||
environment.systemPackages = [ grubPkgs.grub2 ]
|
||||
++ lib.optional (config.isoImage.makeBiosBootable) pkgs.syslinux
|
||||
;
|
||||
system.extraDependencies = [ grubPkgs.grub2_efi ];
|
||||
|
||||
# In stage 1 of the boot, mount the CD as the root FS by label so
|
||||
# that we don't need to know its device. We pass the label of the
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
x86_64-linux = "/nix/store/mczjdfprd67mdn90488854bf6b3nkp8j-nix-2.18.7";
|
||||
i686-linux = "/nix/store/qqll8zrx7ibdx34ry1ijanqdpdpnibbc-nix-2.18.7";
|
||||
aarch64-linux = "/nix/store/lwysvjn745fwsz8nv13zzsfq0dhiyxlp-nix-2.18.7";
|
||||
x86_64-darwin = "/nix/store/frzvlvzzj7hwvg8p0y0ivl27430nxhfy-nix-2.18.7";
|
||||
aarch64-darwin = "/nix/store/43dp3pl3k95gszp1hl9sjm22gly65sxi-nix-2.18.7";
|
||||
x86_64-linux = "/nix/store/vhv7ckr0winivvwfqxd54d6pgq2hx1is-nix-2.18.8";
|
||||
i686-linux = "/nix/store/8x7rmgi225r5kygpf17swvk3vll0c61y-nix-2.18.8";
|
||||
aarch64-linux = "/nix/store/sbyj0rb1wd314zfxpf834d0clvxrxmv3-nix-2.18.8";
|
||||
x86_64-darwin = "/nix/store/vsy1wl865md71qv177nchj0aj5p26pkl-nix-2.18.8";
|
||||
aarch64-darwin = "/nix/store/54kqc2da3fjyjgzab4vaszxjmdvii6yk-nix-2.18.8";
|
||||
}
|
||||
|
|
|
@ -35,7 +35,6 @@ in
|
|||
|
||||
};
|
||||
|
||||
|
||||
config = {
|
||||
|
||||
ids.uids = {
|
||||
|
@ -666,6 +665,7 @@ in
|
|||
rstudio-server = 324;
|
||||
localtimed = 325;
|
||||
automatic-timezoned = 326;
|
||||
uinput = 327;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
|
|
@ -259,6 +259,7 @@
|
|||
./programs/oblogout.nix
|
||||
./programs/oddjobd.nix
|
||||
./programs/openvpn3.nix
|
||||
./programs/obs-studio.nix
|
||||
./programs/partition-manager.nix
|
||||
./programs/plotinus.nix
|
||||
./programs/pqos-wrapper.nix
|
||||
|
@ -882,6 +883,7 @@
|
|||
./services/monitoring/datadog-agent.nix
|
||||
./services/monitoring/do-agent.nix
|
||||
./services/monitoring/fusion-inventory.nix
|
||||
./services/monitoring/gatus.nix
|
||||
./services/monitoring/goss.nix
|
||||
./services/monitoring/grafana-agent.nix
|
||||
./services/monitoring/grafana-image-renderer.nix
|
||||
|
@ -1029,6 +1031,7 @@
|
|||
./services/networking/expressvpn.nix
|
||||
./services/networking/fakeroute.nix
|
||||
./services/networking/fastnetmon-advanced.nix
|
||||
./services/networking/fedimintd.nix
|
||||
./services/networking/ferm.nix
|
||||
./services/networking/firefox-syncserver.nix
|
||||
./services/networking/fireqos.nix
|
||||
|
@ -1251,6 +1254,7 @@
|
|||
./services/networking/uptermd.nix
|
||||
./services/networking/v2ray.nix
|
||||
./services/networking/v2raya.nix
|
||||
./services/networking/veilid.nix
|
||||
./services/networking/vdirsyncer.nix
|
||||
./services/networking/vsftpd.nix
|
||||
./services/networking/wasabibackend.nix
|
||||
|
@ -1383,6 +1387,7 @@
|
|||
./services/web-apps/atlassian/crowd.nix
|
||||
./services/web-apps/atlassian/jira.nix
|
||||
./services/web-apps/audiobookshelf.nix
|
||||
./services/web-apps/bluemap.nix
|
||||
./services/web-apps/bookstack.nix
|
||||
./services/web-apps/c2fmzq-server.nix
|
||||
./services/web-apps/calibre-web.nix
|
||||
|
@ -1392,6 +1397,7 @@
|
|||
./services/web-apps/chatgpt-retrieval-plugin.nix
|
||||
./services/web-apps/cloudlog.nix
|
||||
./services/web-apps/code-server.nix
|
||||
./services/web-apps/collabora-online.nix
|
||||
./services/web-apps/commafeed.nix
|
||||
./services/web-apps/convos.nix
|
||||
./services/web-apps/crabfit.nix
|
||||
|
@ -1423,6 +1429,7 @@
|
|||
./services/web-apps/goatcounter.nix
|
||||
./services/web-apps/guacamole-client.nix
|
||||
./services/web-apps/guacamole-server.nix
|
||||
./services/web-apps/hatsu.nix
|
||||
./services/web-apps/healthchecks.nix
|
||||
./services/web-apps/hedgedoc.nix
|
||||
./services/web-apps/hledger-web.nix
|
||||
|
@ -1482,6 +1489,7 @@
|
|||
./services/web-apps/powerdns-admin.nix
|
||||
./services/web-apps/pretalx.nix
|
||||
./services/web-apps/pretix.nix
|
||||
./services/web-apps/privatebin.nix
|
||||
./services/web-apps/prosody-filer.nix
|
||||
./services/web-apps/rimgo.nix
|
||||
./services/web-apps/rutorrent.nix
|
||||
|
@ -1513,7 +1521,6 @@
|
|||
./services/web-apps/zitadel.nix
|
||||
./services/web-servers/agate.nix
|
||||
./services/web-servers/apache-httpd/default.nix
|
||||
./services/web-servers/bluemap.nix
|
||||
./services/web-servers/caddy/default.nix
|
||||
./services/web-servers/darkhttpd.nix
|
||||
./services/web-servers/fcgiwrap.nix
|
||||
|
|
|
@ -196,14 +196,8 @@ in
|
|||
# To prevent gratuitous rebuilds on each change to Nixpkgs
|
||||
nixos.revision = null;
|
||||
|
||||
stateVersion = lib.mkDefault (throw ''
|
||||
The macOS linux builder should not need a stateVersion to be set, but a module
|
||||
has accessed stateVersion nonetheless.
|
||||
Please inspect the trace of the following command to figure out which module
|
||||
has a dependency on stateVersion.
|
||||
|
||||
nix-instantiate --attr darwin.linux-builder --show-trace
|
||||
'');
|
||||
# to be updated by module maintainers, see nixpkgs#325610
|
||||
stateVersion = "24.05";
|
||||
};
|
||||
|
||||
users.users."${user}" = {
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.programs.firefox;
|
||||
|
@ -78,7 +83,7 @@ in
|
|||
|
||||
wrapperConfig = lib.mkOption {
|
||||
type = lib.types.attrs;
|
||||
default = {};
|
||||
default = { };
|
||||
description = "Arguments to pass to Firefox wrapper";
|
||||
};
|
||||
|
||||
|
@ -99,7 +104,13 @@ in
|
|||
};
|
||||
|
||||
preferences = lib.mkOption {
|
||||
type = with lib.types; attrsOf (oneOf [ bool int str ]);
|
||||
type =
|
||||
with lib.types;
|
||||
attrsOf (oneOf [
|
||||
bool
|
||||
int
|
||||
str
|
||||
]);
|
||||
default = { };
|
||||
description = ''
|
||||
Preferences to set from `about:config`.
|
||||
|
@ -112,7 +123,12 @@ in
|
|||
};
|
||||
|
||||
preferencesStatus = lib.mkOption {
|
||||
type = lib.types.enum [ "default" "locked" "user" "clear" ];
|
||||
type = lib.types.enum [
|
||||
"default"
|
||||
"locked"
|
||||
"user"
|
||||
"clear"
|
||||
];
|
||||
default = "locked";
|
||||
description = ''
|
||||
The status of `firefox.preferences`.
|
||||
|
@ -127,7 +143,8 @@ in
|
|||
|
||||
languagePacks = lib.mkOption {
|
||||
# Available languages can be found in https://releases.mozilla.org/pub/firefox/releases/${cfg.package.version}/linux-x86_64/xpi/
|
||||
type = lib.types.listOf (lib.types.enum ([
|
||||
type = lib.types.listOf (
|
||||
lib.types.enum ([
|
||||
"ach"
|
||||
"af"
|
||||
"an"
|
||||
|
@ -231,7 +248,8 @@ in
|
|||
"xh"
|
||||
"zh-CN"
|
||||
"zh-TW"
|
||||
]));
|
||||
])
|
||||
);
|
||||
default = [ ];
|
||||
description = ''
|
||||
The language packs to install.
|
||||
|
@ -249,10 +267,23 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
autoConfigFiles = lib.mkOption {
|
||||
type = with lib.types; listOf path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
AutoConfig files can be used to set and lock preferences that are not covered
|
||||
by the policies.json for Mac and Linux. This method can be used to automatically
|
||||
change user preferences or prevent the end user from modifiying specific
|
||||
preferences by locking them. More info can be found in https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig.
|
||||
|
||||
Files are concated and autoConfig is appended.
|
||||
'';
|
||||
};
|
||||
|
||||
nativeMessagingHosts = ({
|
||||
packages = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.package;
|
||||
default = [];
|
||||
default = [ ];
|
||||
description = ''
|
||||
Additional packages containing native messaging hosts that should be made available to Firefox extensions.
|
||||
'';
|
||||
|
@ -260,20 +291,30 @@ in
|
|||
}) // (builtins.mapAttrs (k: v: lib.mkEnableOption "${v.name} support") nmhOptions);
|
||||
};
|
||||
|
||||
config = let
|
||||
forEachEnabledNmh = fn: lib.flatten (lib.mapAttrsToList (k: v: lib.optional cfg.nativeMessagingHosts.${k} (fn k v)) nmhOptions);
|
||||
in lib.mkIf cfg.enable {
|
||||
warnings = forEachEnabledNmh (k: v:
|
||||
"The `programs.firefox.nativeMessagingHosts.${k}` option is deprecated, " +
|
||||
"please add `${v.package.pname}` to `programs.firefox.nativeMessagingHosts.packages` instead."
|
||||
config =
|
||||
let
|
||||
forEachEnabledNmh =
|
||||
fn:
|
||||
lib.flatten (
|
||||
lib.mapAttrsToList (k: v: lib.optional cfg.nativeMessagingHosts.${k} (fn k v)) nmhOptions
|
||||
);
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
warnings = forEachEnabledNmh (
|
||||
k: v:
|
||||
"The `programs.firefox.nativeMessagingHosts.${k}` option is deprecated, "
|
||||
+ "please add `${v.package.pname}` to `programs.firefox.nativeMessagingHosts.packages` instead."
|
||||
);
|
||||
programs.firefox.nativeMessagingHosts.packages = forEachEnabledNmh (_: v: v.package);
|
||||
|
||||
environment.systemPackages = [
|
||||
(cfg.package.override (old: {
|
||||
extraPrefsFiles = old.extraPrefsFiles or [] ++ [(pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig)];
|
||||
nativeMessagingHosts = old.nativeMessagingHosts or [] ++ cfg.nativeMessagingHosts.packages;
|
||||
cfg = (old.cfg or {}) // cfg.wrapperConfig;
|
||||
extraPrefsFiles =
|
||||
old.extraPrefsFiles or [ ]
|
||||
++ cfg.autoConfigFiles
|
||||
++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ];
|
||||
nativeMessagingHosts = old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages;
|
||||
cfg = (old.cfg or { }) // cfg.wrapperConfig;
|
||||
}))
|
||||
];
|
||||
|
||||
|
@ -288,20 +329,26 @@ in
|
|||
# Preferences are converted into a policy
|
||||
programs.firefox.policies = {
|
||||
DisableAppUpdate = true;
|
||||
Preferences = (builtins.mapAttrs
|
||||
(_: value: { Value = value; Status = cfg.preferencesStatus; })
|
||||
cfg.preferences);
|
||||
ExtensionSettings = builtins.listToAttrs (builtins.map
|
||||
(lang: lib.attrsets.nameValuePair
|
||||
"langpack-${lang}@firefox.mozilla.org"
|
||||
{
|
||||
Preferences = (
|
||||
builtins.mapAttrs (_: value: {
|
||||
Value = value;
|
||||
Status = cfg.preferencesStatus;
|
||||
}) cfg.preferences
|
||||
);
|
||||
ExtensionSettings = builtins.listToAttrs (
|
||||
builtins.map (
|
||||
lang:
|
||||
lib.attrsets.nameValuePair "langpack-${lang}@firefox.mozilla.org" {
|
||||
installation_mode = "normal_installed";
|
||||
install_url = "https://releases.mozilla.org/pub/firefox/releases/${cfg.package.version}/linux-x86_64/xpi/${lang}.xpi";
|
||||
}
|
||||
)
|
||||
cfg.languagePacks);
|
||||
) cfg.languagePacks
|
||||
);
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ danth ];
|
||||
meta.maintainers = with lib.maintainers; [
|
||||
danth
|
||||
linsui
|
||||
];
|
||||
}
|
||||
|
|
64
third_party/nixpkgs/nixos/modules/programs/obs-studio.nix
vendored
Normal file
64
third_party/nixpkgs/nixos/modules/programs/obs-studio.nix
vendored
Normal file
|
@ -0,0 +1,64 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.programs.obs-studio;
|
||||
in
|
||||
{
|
||||
options.programs.obs-studio = {
|
||||
enable = lib.mkEnableOption "Free and open source software for video recording and live streaming";
|
||||
|
||||
package = lib.mkPackageOption pkgs "obs-studio" { example = "obs-studio"; };
|
||||
|
||||
finalPackage = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
visible = false;
|
||||
readOnly = true;
|
||||
description = "Resulting customized OBS Studio package.";
|
||||
};
|
||||
|
||||
plugins = lib.mkOption {
|
||||
default = [ ];
|
||||
example = lib.literalExpression "[ pkgs.obs-studio-plugins.wlrobs ]";
|
||||
description = "Optional OBS plugins.";
|
||||
type = lib.types.listOf lib.types.package;
|
||||
};
|
||||
|
||||
enableVirtualCamera = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Installs and sets up the v4l2loopback kernel module, necessary for OBS
|
||||
to start a virtual camera.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.obs-studio.finalPackage = pkgs.wrapOBS.override { obs-studio = cfg.package; } {
|
||||
plugins = cfg.plugins;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.finalPackage ];
|
||||
|
||||
boot = lib.mkIf cfg.enableVirtualCamera {
|
||||
kernelModules = [ "v4l2loopback" ];
|
||||
extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
|
||||
|
||||
extraModprobeConfig = ''
|
||||
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
|
||||
'';
|
||||
};
|
||||
|
||||
security.polkit.enable = lib.mkIf cfg.enableVirtualCamera true;
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [
|
||||
CaptainJawZ
|
||||
GaetanLepage
|
||||
];
|
||||
}
|
|
@ -22,7 +22,7 @@ let
|
|||
serverOptions = { name, config, ... }: {
|
||||
freeformType = attrsOf (either scalarType (listOf scalarType));
|
||||
# Client system-options file directives are explained here:
|
||||
# https://www.ibm.com/docs/en/storage-protect/8.1.23?topic=commands-processing-options
|
||||
# https://www.ibm.com/docs/en/storage-protect/8.1.24?topic=commands-processing-options
|
||||
options.servername = mkOption {
|
||||
type = servernameType;
|
||||
default = name;
|
||||
|
|
|
@ -19,6 +19,6 @@ in
|
|||
# To make a cardboard session available for certain DMs like SDDM
|
||||
services.displayManager.sessionPackages = [ cfg.package ];
|
||||
}
|
||||
(import ./wayland-session.nix { inherit lib; })
|
||||
(import ./wayland-session.nix { inherit lib pkgs; })
|
||||
]);
|
||||
}
|
||||
|
|
|
@ -70,7 +70,7 @@ in
|
|||
}
|
||||
|
||||
(import ./wayland-session.nix {
|
||||
inherit lib;
|
||||
inherit lib pkgs;
|
||||
enableXWayland = cfg.xwayland.enable;
|
||||
enableWlrPortal = lib.mkDefault false; # Hyprland has its own portal, wlr is not needed
|
||||
})
|
||||
|
|
|
@ -20,6 +20,6 @@ in
|
|||
# To make a labwc session available for certain DMs like SDDM
|
||||
services.displayManager.sessionPackages = [ cfg.package ];
|
||||
}
|
||||
(import ./wayland-session.nix { inherit lib; })
|
||||
(import ./wayland-session.nix { inherit lib pkgs; })
|
||||
]);
|
||||
}
|
||||
|
|
|
@ -30,11 +30,12 @@ in
|
|||
}
|
||||
|
||||
(import ./wayland-session.nix {
|
||||
inherit lib;
|
||||
inherit lib pkgs;
|
||||
# Hardcoded path in Mir, not really possible to disable
|
||||
enableXWayland = true;
|
||||
# No portal support yet: https://github.com/mattkae/miracle-wm/issues/164
|
||||
enableWlrPortal = false;
|
||||
enableGtkPortal = false;
|
||||
})
|
||||
]
|
||||
);
|
||||
|
|
|
@ -56,7 +56,7 @@ in
|
|||
}
|
||||
|
||||
(import ./wayland-session.nix {
|
||||
inherit lib;
|
||||
inherit lib pkgs;
|
||||
enableXWayland = cfg.xwayland.enable;
|
||||
})
|
||||
]);
|
||||
|
|
|
@ -148,7 +148,7 @@ in
|
|||
}
|
||||
|
||||
(import ./wayland-session.nix {
|
||||
inherit lib;
|
||||
inherit lib pkgs;
|
||||
enableXWayland = cfg.xwayland.enable;
|
||||
})
|
||||
]);
|
||||
|
|
|
@ -11,7 +11,11 @@ in
|
|||
{
|
||||
options.programs.waybar = {
|
||||
enable = lib.mkEnableOption "waybar, a highly customizable Wayland bar for Sway and Wlroots based compositors";
|
||||
package = lib.mkPackageOption pkgs "waybar" { };
|
||||
package =
|
||||
lib.mkPackageOption pkgs "waybar" { }
|
||||
// lib.mkOption {
|
||||
apply = pkg: pkg.override { systemdSupport = true; };
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -63,7 +63,7 @@ in
|
|||
};
|
||||
}
|
||||
(import ./wayland-session.nix {
|
||||
inherit lib;
|
||||
inherit lib pkgs;
|
||||
enableXWayland = cfg.xwayland.enable;
|
||||
})
|
||||
]
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
enableXWayland ? true,
|
||||
enableWlrPortal ? true,
|
||||
enableGtkPortal ? true,
|
||||
}:
|
||||
|
||||
{
|
||||
|
@ -18,6 +20,9 @@
|
|||
services.graphical-desktop.enable = true;
|
||||
|
||||
xdg.portal.wlr.enable = enableWlrPortal;
|
||||
xdg.portal.extraPortals = lib.mkIf enableGtkPortal [
|
||||
pkgs.xdg-desktop-portal-gtk
|
||||
];
|
||||
|
||||
# Window manager only sessions (unlike DEs) don't handle XDG
|
||||
# autostart files, so force them to run the service
|
||||
|
|
|
@ -344,7 +344,7 @@ let
|
|||
serviceConfig = commonServiceConfig // {
|
||||
Group = data.group;
|
||||
|
||||
# Let's Encrypt Failed Validation Limit allows 5 retries per hour, per account, hostname and hour.
|
||||
# Let's Encrypt Failed Validation Limit allows 5 retries per hour, per account, hostname and hour.
|
||||
# This avoids eating them all up if something is misconfigured upon the first try.
|
||||
RestartSec = 15 * 60;
|
||||
|
||||
|
|
|
@ -125,7 +125,7 @@ in
|
|||
};
|
||||
|
||||
systemd.slices.isolate = {
|
||||
description = "Isolate sandbox slice";
|
||||
description = "Isolate Sandbox Slice";
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ virchau13 ];
|
||||
|
|
|
@ -657,7 +657,7 @@ in {
|
|||
|
||||
config = mkIf (fd_cfg.enable || sd_cfg.enable || dir_cfg.enable) {
|
||||
systemd.slices.system-bacula = {
|
||||
description = "Bacula Slice";
|
||||
description = "Bacula Backup System Slice";
|
||||
documentation = [ "man:bacula(8)" "https://www.bacula.org/" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -90,7 +90,7 @@ in
|
|||
environment.HOME = "/var/lib/tsm-backup";
|
||||
serviceConfig = {
|
||||
# for exit status description see
|
||||
# https://www.ibm.com/docs/en/storage-protect/8.1.23?topic=clients-client-return-codes
|
||||
# https://www.ibm.com/docs/en/storage-protect/8.1.24?topic=clients-client-return-codes
|
||||
SuccessExitStatus = "4 8";
|
||||
# The `-se` option must come after the command.
|
||||
# The `-optfile` option suppresses a `dsm.opt`-not-found warning.
|
||||
|
|
|
@ -103,7 +103,7 @@ let
|
|||
};
|
||||
|
||||
network = lib.mkOption {
|
||||
type = lib.types.nullOr (lib.types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]);
|
||||
type = lib.types.nullOr (lib.types.enum [ "goerli" "holesky" "rinkeby" "yolov2" "ropsten" ]);
|
||||
default = null;
|
||||
description = "The network to connect to. Mainnet (null) is the default ethereum network.";
|
||||
};
|
||||
|
|
|
@ -311,7 +311,7 @@ in
|
|||
];
|
||||
|
||||
systemd.slices.system-hydra = {
|
||||
description = "Hydra Slice";
|
||||
description = "Hydra CI Server Slice";
|
||||
documentation = [ "file://${cfg.package}/share/doc/hydra/index.html" "https://nixos.org/hydra/manual/" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkOption types;
|
||||
cfg = config.services.jenkinsSlave;
|
||||
masterCfg = config.services.jenkins;
|
||||
in {
|
||||
|
@ -47,16 +48,16 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
javaPackage = mkPackageOption pkgs "jdk" { };
|
||||
javaPackage = lib.mkPackageOption pkgs "jdk" { };
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (cfg.enable && !masterCfg.enable) {
|
||||
users.groups = optionalAttrs (cfg.group == "jenkins") {
|
||||
users.groups = lib.optionalAttrs (cfg.group == "jenkins") {
|
||||
jenkins.gid = config.ids.gids.jenkins;
|
||||
};
|
||||
|
||||
users.users = optionalAttrs (cfg.user == "jenkins") {
|
||||
users.users = lib.optionalAttrs (cfg.user == "jenkins") {
|
||||
jenkins = {
|
||||
description = "jenkins user";
|
||||
createHome = true;
|
||||
|
|
|
@ -438,6 +438,7 @@ in
|
|||
ZONEINFO = "${pkgs.tzdata}/share/zoneinfo";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "exec"; # When credentials are used with systemd before v257 this is necessary to make the service start reliably (see systemd/systemd#33953)
|
||||
ExecStart = "${cfg.package}/bin/influxd --bolt-path \${STATE_DIRECTORY}/influxd.bolt --engine-path \${STATE_DIRECTORY}/engine";
|
||||
StateDirectory = "influxdb2";
|
||||
User = "influxdb2";
|
||||
|
|
|
@ -187,7 +187,7 @@ $ nix-instantiate --eval -A postgresql_13.psqlSchema
|
|||
```
|
||||
For an upgrade, a script like this can be used to simplify the process:
|
||||
```nix
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [
|
||||
(let
|
||||
|
@ -196,6 +196,7 @@ For an upgrade, a script like this can be used to simplify the process:
|
|||
newPostgres = pkgs.postgresql_13.withPackages (pp: [
|
||||
# pp.plv8
|
||||
]);
|
||||
cfg = config.services.postgresql;
|
||||
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
|
||||
set -eux
|
||||
# XXX it's perhaps advisable to stop all services that depend on postgresql
|
||||
|
@ -205,12 +206,12 @@ For an upgrade, a script like this can be used to simplify the process:
|
|||
|
||||
export NEWBIN="${newPostgres}/bin"
|
||||
|
||||
export OLDDATA="${config.services.postgresql.dataDir}"
|
||||
export OLDBIN="${config.services.postgresql.package}/bin"
|
||||
export OLDDATA="${cfg.dataDir}"
|
||||
export OLDBIN="${cfg.package}/bin"
|
||||
|
||||
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
|
||||
cd "$NEWDATA"
|
||||
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
|
||||
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
|
||||
|
||||
sudo -u postgres $NEWBIN/pg_upgrade \
|
||||
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
|
||||
|
|
|
@ -7,6 +7,7 @@ let
|
|||
concatStringsSep
|
||||
const
|
||||
elem
|
||||
escapeShellArgs
|
||||
filterAttrs
|
||||
isString
|
||||
literalExpression
|
||||
|
@ -545,7 +546,7 @@ in
|
|||
rm -f ${cfg.dataDir}/*.conf
|
||||
|
||||
# Initialise the database.
|
||||
initdb -U ${cfg.superUser} ${concatStringsSep " " cfg.initdbArgs}
|
||||
initdb -U ${cfg.superUser} ${escapeShellArgs cfg.initdbArgs}
|
||||
|
||||
# See postStart!
|
||||
touch "${cfg.dataDir}/.first_startup"
|
||||
|
|
|
@ -58,6 +58,7 @@ in {
|
|||
];
|
||||
|
||||
qt.enable = true;
|
||||
programs.xwayland.enable = true;
|
||||
environment.systemPackages = with kdePackages; let
|
||||
requiredPackages = [
|
||||
qtwayland # Hack? To make everything run on Wayland
|
||||
|
@ -87,7 +88,6 @@ in {
|
|||
|
||||
# Core Plasma parts
|
||||
kwin
|
||||
pkgs.xwayland
|
||||
kscreen
|
||||
libkscreen
|
||||
kscreenlocker
|
||||
|
@ -143,10 +143,12 @@ in {
|
|||
kate
|
||||
khelpcenter
|
||||
dolphin
|
||||
baloo-widgets # baloo information in Dolphin
|
||||
dolphin-plugins
|
||||
spectacle
|
||||
ffmpegthumbs
|
||||
krdp
|
||||
xwaylandvideobridge # exposes Wayland windows to X11 screen capture
|
||||
] ++ lib.optionals config.services.flatpak.enable [
|
||||
# Since PackageKit Nix support is not there yet,
|
||||
# only install discover if flatpak is enabled.
|
||||
|
@ -243,9 +245,13 @@ in {
|
|||
systemd.services."drkonqi-coredump-processor@".wantedBy = ["systemd-coredump@.service"];
|
||||
|
||||
xdg.icons.enable = true;
|
||||
xdg.icons.fallbackCursorThemes = mkDefault ["breeze_cursors"];
|
||||
|
||||
xdg.portal.enable = true;
|
||||
xdg.portal.extraPortals = [kdePackages.xdg-desktop-portal-kde];
|
||||
xdg.portal.extraPortals = [
|
||||
kdePackages.xdg-desktop-portal-kde
|
||||
pkgs.xdg-desktop-portal-gtk
|
||||
];
|
||||
xdg.portal.configPackages = mkDefault [kdePackages.xdg-desktop-portal-kde];
|
||||
services.pipewire.enable = mkDefault true;
|
||||
|
||||
|
|
|
@ -168,7 +168,7 @@ in
|
|||
type = lib.types.package;
|
||||
default = pkgs.go;
|
||||
defaultText = lib.literalExpression "pkgs.go";
|
||||
example = "pkgs.go_1_21";
|
||||
example = "pkgs.go_1_23";
|
||||
description = ''
|
||||
The Go package used by Athens at runtime.
|
||||
|
||||
|
|
|
@ -85,7 +85,7 @@ in
|
|||
|
||||
percentageLow = lib.mkOption {
|
||||
type = lib.types.ints.unsigned;
|
||||
default = 10;
|
||||
default = 20;
|
||||
description = ''
|
||||
When `usePercentageForPolicy` is
|
||||
`true`, the levels at which UPower will consider the
|
||||
|
@ -103,7 +103,7 @@ in
|
|||
|
||||
percentageCritical = lib.mkOption {
|
||||
type = lib.types.ints.unsigned;
|
||||
default = 3;
|
||||
default = 5;
|
||||
description = ''
|
||||
When `usePercentageForPolicy` is
|
||||
`true`, the levels at which UPower will consider the
|
||||
|
|
|
@ -260,6 +260,9 @@ in
|
|||
# hardening
|
||||
CapabilityBoundingSet = [
|
||||
"CAP_CHOWN"
|
||||
"CAP_DAC_OVERRIDE"
|
||||
"CAP_KILL"
|
||||
"CAP_SETUID"
|
||||
"CAP_SETGID"
|
||||
];
|
||||
DevicePolicy = "closed";
|
||||
|
@ -280,16 +283,16 @@ in
|
|||
ProtectSystem = "full";
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
RestrictSUIDSGID = false; # can create sgid directories
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged @resources"
|
||||
"@chown"
|
||||
"@chown @setuid"
|
||||
];
|
||||
UMask = "0027";
|
||||
} // lib.optionalAttrs (!cfg.allowNetworking) {
|
||||
PrivateNetwork = true;
|
||||
PrivateNetwork = true; # e.g. mail delivery
|
||||
RestrictAddressFamilies = "none";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -69,11 +69,6 @@ in {
|
|||
appservice = {
|
||||
id = "";
|
||||
|
||||
database = {
|
||||
type = "sqlite3-fk-wal";
|
||||
uri = "file:${fullDataDir config}/mautrix-meta.db?_txlock=immediate";
|
||||
};
|
||||
|
||||
bot = {
|
||||
username = "";
|
||||
};
|
||||
|
@ -83,11 +78,15 @@ in {
|
|||
address = "http://${config.settings.appservice.hostname}:${toString config.settings.appservice.port}";
|
||||
};
|
||||
|
||||
meta = {
|
||||
mode = "";
|
||||
bridge = {
|
||||
permissions = {};
|
||||
};
|
||||
|
||||
database = {
|
||||
type = "sqlite3-fk-wal";
|
||||
uri = "file:${fullDataDir config}/mautrix-meta.db?_txlock=immediate";
|
||||
};
|
||||
|
||||
bridge = {
|
||||
# Enable encryption by default to make the bridge more secure
|
||||
encryption = {
|
||||
allow = true;
|
||||
|
@ -106,6 +105,11 @@ in {
|
|||
delete_outdated_inbound = true;
|
||||
};
|
||||
|
||||
# TODO: This effectively disables encryption. But this is the value provided when a <0.4 config is migrated. Changing it will corrupt the database.
|
||||
# https://github.com/mautrix/meta/blob/f5440b05aac125b4c95b1af85635a717cbc6dd0e/cmd/mautrix-meta/legacymigrate.go#L24
|
||||
# If you wish to encrypt the local database you should set this to an environment variable substitution and reset the bridge or somehow migrate the DB.
|
||||
pickle_key = "mautrix.bridge.e2ee";
|
||||
|
||||
verification_levels = {
|
||||
receive = "cross-signed-tofu";
|
||||
send = "cross-signed-tofu";
|
||||
|
@ -113,9 +117,6 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
permissions = {};
|
||||
};
|
||||
|
||||
logging = {
|
||||
min_level = "info";
|
||||
writers = lib.singleton {
|
||||
|
@ -124,6 +125,10 @@ in {
|
|||
time_format = " ";
|
||||
};
|
||||
};
|
||||
|
||||
network = {
|
||||
mode = "";
|
||||
};
|
||||
};
|
||||
defaultText = ''
|
||||
{
|
||||
|
@ -261,7 +266,7 @@ in {
|
|||
description = ''
|
||||
Configuration of multiple `mautrix-meta` instances.
|
||||
`services.mautrix-meta.instances.facebook` and `services.mautrix-meta.instances.instagram`
|
||||
come preconfigured with meta.mode, appservice.id, bot username, display name and avatar.
|
||||
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
||||
'';
|
||||
|
||||
example = ''
|
||||
|
@ -283,7 +288,7 @@ in {
|
|||
messenger = {
|
||||
enable = true;
|
||||
settings = {
|
||||
meta.mode = "messenger";
|
||||
network.mode = "messenger";
|
||||
homeserver.domain = "example.com";
|
||||
appservice = {
|
||||
id = "messenger";
|
||||
|
@ -313,9 +318,9 @@ in {
|
|||
'';
|
||||
}
|
||||
{
|
||||
assertion = builtins.elem cfg.settings.meta.mode [ "facebook" "facebook-tor" "messenger" "instagram" ];
|
||||
assertion = builtins.elem cfg.settings.network.mode [ "facebook" "facebook-tor" "messenger" "instagram" ];
|
||||
message = ''
|
||||
The option `services.mautrix-meta.instances.${name}.settings.meta.mode` has to be set
|
||||
The option `services.mautrix-meta.instances.${name}.settings.network.mode` has to be set
|
||||
to one of: facebook, facebook-tor, messenger, instagram.
|
||||
This configures the mode of the bridge.
|
||||
'';
|
||||
|
@ -338,6 +343,24 @@ in {
|
|||
The option `services.mautrix-meta.instances.${name}.settings.appservice.bot.username` has to be set.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = !(cfg.settings ? bridge.disable_xma);
|
||||
message = ''
|
||||
The option `bridge.disable_xma` has been moved to `network.disable_xma_always`. Please [migrate your configuration](https://github.com/mautrix/meta/releases/tag/v0.4.0). You may wish to use [the auto-migration code](https://github.com/mautrix/meta/blob/f5440b05aac125b4c95b1af85635a717cbc6dd0e/cmd/mautrix-meta/legacymigrate.go#L23) for reference.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = !(cfg.settings ? bridge.displayname_template);
|
||||
message = ''
|
||||
The option `bridge.displayname_template` has been moved to `network.displayname_template`. Please [migrate your configuration](https://github.com/mautrix/meta/releases/tag/v0.4.0). You may wish to use [the auto-migration code](https://github.com/mautrix/meta/blob/f5440b05aac125b4c95b1af85635a717cbc6dd0e/cmd/mautrix-meta/legacymigrate.go#L23) for reference.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = !(cfg.settings ? meta);
|
||||
message = ''
|
||||
The options in `meta` have been moved to `network`. Please [migrate your configuration](https://github.com/mautrix/meta/releases/tag/v0.4.0). You may wish to use [the auto-migration code](https://github.com/mautrix/meta/blob/f5440b05aac125b4c95b1af85635a717cbc6dd0e/cmd/mautrix-meta/legacymigrate.go#L23) for reference.
|
||||
'';
|
||||
}
|
||||
]) enabledInstances));
|
||||
|
||||
users.users = lib.mapAttrs' (name: cfg: lib.nameValuePair "mautrix-meta-${name}" {
|
||||
|
@ -518,11 +541,7 @@ in {
|
|||
in {
|
||||
instagram = {
|
||||
settings = {
|
||||
meta.mode = mkDefault "instagram";
|
||||
|
||||
bridge = {
|
||||
username_template = mkDefault "instagram_{{.}}";
|
||||
};
|
||||
network.mode = mkDefault "instagram";
|
||||
|
||||
appservice = {
|
||||
id = mkDefault "instagram";
|
||||
|
@ -532,16 +551,13 @@ in {
|
|||
displayname = mkDefault "Instagram bridge bot";
|
||||
avatar = mkDefault "mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv";
|
||||
};
|
||||
username_template = mkDefault "instagram_{{.}}";
|
||||
};
|
||||
};
|
||||
};
|
||||
facebook = {
|
||||
settings = {
|
||||
meta.mode = mkDefault "facebook";
|
||||
|
||||
bridge = {
|
||||
username_template = mkDefault "facebook_{{.}}";
|
||||
};
|
||||
network.mode = mkDefault "facebook";
|
||||
|
||||
appservice = {
|
||||
id = mkDefault "facebook";
|
||||
|
@ -551,6 +567,7 @@ in {
|
|||
displayname = mkDefault "Facebook bridge bot";
|
||||
avatar = mkDefault "mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak";
|
||||
};
|
||||
username_template = mkDefault "facebook_{{.}}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -558,5 +575,5 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ rutherther ];
|
||||
meta.maintainers = with lib.maintainers; [ ];
|
||||
}
|
||||
|
|
|
@ -8,7 +8,9 @@ in {
|
|||
options = {
|
||||
|
||||
services.fstrim = {
|
||||
enable = lib.mkEnableOption "periodic SSD TRIM of mounted partitions in background";
|
||||
enable = (lib.mkEnableOption "periodic SSD TRIM of mounted partitions in background" // {
|
||||
default = true;
|
||||
});
|
||||
|
||||
interval = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
|
|
|
@ -1127,6 +1127,11 @@ in {
|
|||
|
||||
environment.systemPackages = [ gitlab-rake gitlab-rails cfg.packages.gitlab-shell ];
|
||||
|
||||
systemd.slices.system-gitlab = {
|
||||
description = "GitLab DevOps Platform Slice";
|
||||
documentation = [ "https://docs.gitlab.com/" ];
|
||||
};
|
||||
|
||||
systemd.targets.gitlab = {
|
||||
description = "Common target for all GitLab services.";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -1197,6 +1202,7 @@ in {
|
|||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Slice = "system-gitlab.slice";
|
||||
User = pgsql.superUser;
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
|
@ -1220,6 +1226,9 @@ in {
|
|||
unitConfig = {
|
||||
ConditionPathExists = "!${cfg.registry.certFile}";
|
||||
};
|
||||
serviceConfig = {
|
||||
Slice = "system-gitlab.slice";
|
||||
};
|
||||
};
|
||||
|
||||
# Ensure Docker Registry launches after the certificate generation job
|
||||
|
@ -1308,6 +1317,7 @@ in {
|
|||
TimeoutSec = "infinity";
|
||||
Restart = "on-failure";
|
||||
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
|
||||
Slice = "system-gitlab.slice";
|
||||
RemainAfterExit = true;
|
||||
|
||||
ExecStartPre = let
|
||||
|
@ -1424,6 +1434,7 @@ in {
|
|||
TimeoutSec = "infinity";
|
||||
Restart = "on-failure";
|
||||
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
|
||||
Slice = "system-gitlab.slice";
|
||||
RemainAfterExit = true;
|
||||
|
||||
ExecStart = pkgs.writeShellScript "gitlab-db-config" ''
|
||||
|
@ -1480,6 +1491,7 @@ in {
|
|||
TimeoutSec = "infinity";
|
||||
Restart = "always";
|
||||
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
|
||||
Slice = "system-gitlab.slice";
|
||||
ExecStart = utils.escapeSystemdExecArgs (
|
||||
[
|
||||
"${cfg.packages.gitlab}/share/gitlab/bin/sidekiq-cluster"
|
||||
|
@ -1512,6 +1524,7 @@ in {
|
|||
Restart = "on-failure";
|
||||
WorkingDirectory = gitlabEnv.HOME;
|
||||
RuntimeDirectory = "gitaly";
|
||||
Slice = "system-gitlab.slice";
|
||||
ExecStart = "${cfg.packages.gitaly}/bin/gitaly ${gitalyToml}";
|
||||
};
|
||||
};
|
||||
|
@ -1573,6 +1586,7 @@ in {
|
|||
WorkingDirectory = gitlabEnv.HOME;
|
||||
RuntimeDirectory = "gitlab-pages";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
Slice = "system-gitlab.slice";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1596,6 +1610,7 @@ in {
|
|||
TimeoutSec = "infinity";
|
||||
Restart = "on-failure";
|
||||
WorkingDirectory = gitlabEnv.HOME;
|
||||
Slice = "system-gitlab.slice";
|
||||
ExecStartPre = pkgs.writeShellScript "gitlab-workhorse-pre-start" ''
|
||||
set -o errexit -o pipefail -o nounset
|
||||
shopt -s dotglob nullglob inherit_errexit
|
||||
|
@ -1637,6 +1652,7 @@ in {
|
|||
Group = cfg.group;
|
||||
ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/bundle exec mail_room -c ${cfg.statePath}/config/mail_room.yml";
|
||||
WorkingDirectory = gitlabEnv.HOME;
|
||||
Slice = "system-gitlab.slice";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1671,6 +1687,7 @@ in {
|
|||
TimeoutSec = "infinity";
|
||||
Restart = "on-failure";
|
||||
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
|
||||
Slice = "system-gitlab.slice";
|
||||
ExecStart = concatStringsSep " " [
|
||||
"${cfg.packages.gitlab.rubyEnv}/bin/bundle" "exec" "puma"
|
||||
"-e production"
|
||||
|
@ -1695,6 +1712,7 @@ in {
|
|||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Slice = "system-gitlab.slice";
|
||||
ExecStart = "${gitlab-rake}/bin/gitlab-rake gitlab:backup:create";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -244,7 +244,6 @@ in
|
|||
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@resources"
|
||||
"~@privileged"
|
||||
];
|
||||
SystemCallArchitectures = "native";
|
||||
|
|
|
@ -93,6 +93,7 @@ in
|
|||
DATA_DIR = ".";
|
||||
HF_HOME = ".";
|
||||
SENTENCE_TRANSFORMERS_HOME = ".";
|
||||
WEBUI_URL = "http://localhost:${toString cfg.port}";
|
||||
} // cfg.environment;
|
||||
|
||||
serviceConfig = {
|
||||
|
|
|
@ -234,7 +234,7 @@ in
|
|||
services.redis.servers.paperless.enable = mkIf enableRedis true;
|
||||
|
||||
systemd.slices.system-paperless = {
|
||||
description = "Paperless slice";
|
||||
description = "Paperless Document Management System Slice";
|
||||
documentation = [ "https://docs.paperless-ngx.com" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -74,6 +74,12 @@ in
|
|||
description = "Group under which Redmine is ran.";
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = "IP address Redmine should bind to.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 3000;
|
||||
|
@ -429,7 +435,7 @@ in
|
|||
Group = cfg.group;
|
||||
TimeoutSec = "300";
|
||||
WorkingDirectory = "${cfg.package}/share/redmine";
|
||||
ExecStart="${bundle} exec rails server -u webrick -e production -p ${toString cfg.port} -P '${cfg.stateDir}/redmine.pid'";
|
||||
ExecStart="${bundle} exec rails server -u webrick -e production -b ${toString cfg.address} -p ${toString cfg.port} -P '${cfg.stateDir}/redmine.pid'";
|
||||
};
|
||||
|
||||
};
|
||||
|
|
|
@ -35,6 +35,14 @@ let
|
|||
descriptionClass = "conjunction";
|
||||
};
|
||||
|
||||
intOrNumberOrRange = lib.types.either lib.types.ints.unsigned (
|
||||
lib.types.strMatching "[[:digit:]]+(\-[[:digit:]]+)?"
|
||||
// {
|
||||
description = "string containing either a number or a range";
|
||||
descriptionClass = "conjunction";
|
||||
}
|
||||
);
|
||||
|
||||
configOptions = {
|
||||
SUBVOLUME = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
|
@ -93,7 +101,7 @@ let
|
|||
};
|
||||
|
||||
TIMELINE_LIMIT_HOURLY = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
type = intOrNumberOrRange;
|
||||
default = 10;
|
||||
description = ''
|
||||
Limits for timeline cleanup.
|
||||
|
@ -101,7 +109,7 @@ let
|
|||
};
|
||||
|
||||
TIMELINE_LIMIT_DAILY = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
type = intOrNumberOrRange;
|
||||
default = 10;
|
||||
description = ''
|
||||
Limits for timeline cleanup.
|
||||
|
@ -109,7 +117,7 @@ let
|
|||
};
|
||||
|
||||
TIMELINE_LIMIT_WEEKLY = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
type = intOrNumberOrRange;
|
||||
default = 0;
|
||||
description = ''
|
||||
Limits for timeline cleanup.
|
||||
|
@ -117,7 +125,7 @@ let
|
|||
};
|
||||
|
||||
TIMELINE_LIMIT_MONTHLY = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
type = intOrNumberOrRange;
|
||||
default = 10;
|
||||
description = ''
|
||||
Limits for timeline cleanup.
|
||||
|
@ -125,7 +133,7 @@ let
|
|||
};
|
||||
|
||||
TIMELINE_LIMIT_QUARTERLY = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
type = intOrNumberOrRange;
|
||||
default = 0;
|
||||
description = ''
|
||||
Limits for timeline cleanup.
|
||||
|
@ -133,7 +141,7 @@ let
|
|||
};
|
||||
|
||||
TIMELINE_LIMIT_YEARLY = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
type = intOrNumberOrRange;
|
||||
default = 10;
|
||||
description = ''
|
||||
Limits for timeline cleanup.
|
||||
|
|
|
@ -30,16 +30,15 @@ in {
|
|||
description = "tzupdate timezone update service";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
script = ''
|
||||
timedatectl set-timezone $(${lib.getExe pkgs.tzupdate} --print-only)
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
# We could link directly into pkgs.tzdata, but at least timedatectl seems
|
||||
# to expect the symlink to point directly to a file in etc.
|
||||
# Setting the "debian timezone file" to point at /dev/null stops it doing anything.
|
||||
ExecStart = "${pkgs.tzupdate}/bin/tzupdate -z /etc/zoneinfo -d /dev/null";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = [ ];
|
||||
meta.maintainers = with lib.maintainers; [ doronbehar ];
|
||||
}
|
||||
|
|
|
@ -288,7 +288,7 @@ in {
|
|||
path = [ ];
|
||||
script = ''
|
||||
export DD_API_KEY=$(head -n 1 ${cfg.apiKeyFile})
|
||||
${datadogPkg}/bin/trace-agent -config /etc/datadog-agent/datadog.yaml
|
||||
${datadogPkg}/bin/trace-agent --config /etc/datadog-agent/datadog.yaml
|
||||
'';
|
||||
});
|
||||
|
||||
|
|
132
third_party/nixpkgs/nixos/modules/services/monitoring/gatus.nix
vendored
Normal file
132
third_party/nixpkgs/nixos/modules/services/monitoring/gatus.nix
vendored
Normal file
|
@ -0,0 +1,132 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.gatus;
|
||||
|
||||
settingsFormat = pkgs.formats.yaml { };
|
||||
|
||||
inherit (lib)
|
||||
getExe
|
||||
literalExpression
|
||||
maintainers
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
mkPackageOption
|
||||
;
|
||||
|
||||
inherit (lib.types)
|
||||
bool
|
||||
int
|
||||
nullOr
|
||||
path
|
||||
submodule
|
||||
;
|
||||
in
|
||||
{
|
||||
options.services.gatus = {
|
||||
enable = mkEnableOption "Gatus";
|
||||
|
||||
package = mkPackageOption pkgs "gatus" { };
|
||||
|
||||
configFile = mkOption {
|
||||
type = path;
|
||||
default = settingsFormat.generate "gatus.yaml" cfg.settings;
|
||||
defaultText = literalExpression ''
|
||||
let settingsFormat = pkgs.formats.yaml { }; in settingsFormat.generate "gatus.yaml" cfg.settings;
|
||||
'';
|
||||
description = ''
|
||||
Path to the Gatus configuration file.
|
||||
Overrides any configuration made using the `settings` option.
|
||||
'';
|
||||
};
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
description = ''
|
||||
File to load as environment file.
|
||||
Environmental variables from this file can be interpolated in the configuration file using `''${VARIABLE}`.
|
||||
This is useful to avoid putting secrets into the nix store.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = submodule {
|
||||
freeformType = settingsFormat.type;
|
||||
options = {
|
||||
web.port = mkOption {
|
||||
type = int;
|
||||
default = 8080;
|
||||
description = ''
|
||||
The TCP port to serve the Gatus service at.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
default = { };
|
||||
|
||||
example = literalExpression ''
|
||||
{
|
||||
web.port = 8080;
|
||||
endpoints = [{
|
||||
name = "website";
|
||||
url = "https://twin.sh/health";
|
||||
interval = "5m";
|
||||
conditions = [
|
||||
"[STATUS] == 200"
|
||||
"[BODY].status == UP"
|
||||
"[RESPONSE_TIME] < 300"
|
||||
];
|
||||
}];
|
||||
}
|
||||
'';
|
||||
|
||||
description = ''
|
||||
Configuration for Gatus.
|
||||
Supported options can be found at the [docs](https://gatus.io/docs).
|
||||
'';
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open the firewall for the Gatus web interface.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.gatus = {
|
||||
description = "Automated developer-oriented status page";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
User = "gatus";
|
||||
Group = "gatus";
|
||||
Type = "simple";
|
||||
Restart = "on-failure";
|
||||
ExecStart = getExe cfg.package;
|
||||
StateDirectory = "gatus";
|
||||
SyslogIdentifier = "gatus";
|
||||
EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
|
||||
};
|
||||
|
||||
environment = {
|
||||
GATUS_CONFIG_PATH = cfg.configFile;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.settings.web.port ];
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ pizzapim ];
|
||||
}
|
|
@ -273,6 +273,7 @@ in {
|
|||
after = [ "network.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
Slice = "system-graphite.slice";
|
||||
RuntimeDirectory = name;
|
||||
ExecStart = "${pkgs.python3Packages.twisted}/bin/twistd ${carbonOpts name}";
|
||||
User = "graphite";
|
||||
|
@ -295,6 +296,7 @@ in {
|
|||
after = [ "network.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
Slice = "system-graphite.slice";
|
||||
RuntimeDirectory = name;
|
||||
ExecStart = "${pkgs.python3Packages.twisted}/bin/twistd ${carbonOpts name}";
|
||||
User = "graphite";
|
||||
|
@ -311,6 +313,7 @@ in {
|
|||
after = [ "network.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
Slice = "system-graphite.slice";
|
||||
RuntimeDirectory = name;
|
||||
ExecStart = "${pkgs.python3Packages.twisted}/bin/twistd ${carbonOpts name}";
|
||||
User = "graphite";
|
||||
|
@ -360,6 +363,7 @@ in {
|
|||
User = "graphite";
|
||||
Group = "graphite";
|
||||
PermissionsStartOnly = true;
|
||||
Slice = "system-graphite.slice";
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
|
@ -397,6 +401,7 @@ in {
|
|||
WorkingDirectory = dataDir;
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
Slice = "system-graphite.slice";
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
|
@ -413,6 +418,11 @@ in {
|
|||
cfg.carbon.enableCache || cfg.carbon.enableAggregator || cfg.carbon.enableRelay ||
|
||||
cfg.web.enable || cfg.seyren.enable
|
||||
) {
|
||||
systemd.slices.system-graphite = {
|
||||
description = "Graphite Graphing System Slice";
|
||||
documentation = [ "https://graphite.readthedocs.io/en/latest/overview.html" ];
|
||||
};
|
||||
|
||||
users.users.graphite = {
|
||||
uid = config.ids.uids.graphite;
|
||||
group = "graphite";
|
||||
|
|
|
@ -21,8 +21,8 @@ in
|
|||
};
|
||||
leasesPath = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/misc/dnsmasq.leases";
|
||||
example = "/var/lib/dnsmasq/dnsmasq.leases";
|
||||
default = "/var/lib/dnsmasq/dnsmasq.leases";
|
||||
example = "/var/lib/misc/dnsmasq.leases";
|
||||
description = ''
|
||||
Path to the `dnsmasq.leases` file.
|
||||
'';
|
||||
|
|
|
@ -86,7 +86,7 @@ in {
|
|||
|
||||
systemd.slices.system-rustdesk = {
|
||||
enable = true;
|
||||
description = "Slice designed to contain RustDesk Signal & RustDesk Relay";
|
||||
description = "RustDesk Remote Desktop Slice";
|
||||
};
|
||||
|
||||
systemd.targets.rustdesk = {
|
||||
|
|
|
@ -177,6 +177,18 @@ in
|
|||
SCRUTINY_WEB_DATABASE_LOCATION = "/var/lib/scrutiny/scrutiny.db";
|
||||
SCRUTINY_WEB_SRC_FRONTEND_PATH = "${cfg.package}/share/scrutiny";
|
||||
};
|
||||
postStart = ''
|
||||
for i in $(seq 300); do
|
||||
if "${lib.getExe pkgs.curl}" --fail --silent --head "http://${cfg.settings.web.listen.host}:${toString cfg.settings.web.listen.port}" >/dev/null; then
|
||||
echo "Scrutiny is ready (port is open)"
|
||||
exit 0
|
||||
fi
|
||||
echo "Waiting for Scrutiny to open port..."
|
||||
sleep 0.2
|
||||
done
|
||||
echo "Timeout waiting for Scrutiny to open port" >&2
|
||||
exit 1
|
||||
'';
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = "${getExe cfg.package} start --config ${settingsFormat.generate "scrutiny.yaml" cfg.settings}";
|
||||
|
|
|
@ -179,7 +179,7 @@ in
|
|||
|
||||
systemd = {
|
||||
slices.system-samba = {
|
||||
description = "Samba slice";
|
||||
description = "Samba (SMB Networking Protocol) Slice";
|
||||
};
|
||||
targets.samba = {
|
||||
description = "Samba Server";
|
||||
|
|
|
@ -45,7 +45,7 @@ let
|
|||
default = [ "any" ];
|
||||
};
|
||||
extraConfig = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
type = lib.types.lines;
|
||||
description = "Extra zone config to be appended at the end of the zone section.";
|
||||
default = "";
|
||||
};
|
||||
|
|
304
third_party/nixpkgs/nixos/modules/services/networking/fedimintd.nix
vendored
Normal file
304
third_party/nixpkgs/nixos/modules/services/networking/fedimintd.nix
vendored
Normal file
|
@ -0,0 +1,304 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib)
|
||||
concatLists
|
||||
filterAttrs
|
||||
mapAttrs'
|
||||
mapAttrsToList
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
mkOverride
|
||||
mkPackageOption
|
||||
nameValuePair
|
||||
recursiveUpdate
|
||||
types
|
||||
;
|
||||
|
||||
fedimintdOpts =
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
name,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options = {
|
||||
enable = mkEnableOption "fedimintd";
|
||||
|
||||
package = mkPackageOption pkgs "fedimint" { };
|
||||
|
||||
environment = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
description = "Extra Environment variables to pass to the fedimintd.";
|
||||
default = {
|
||||
RUST_BACKTRACE = "1";
|
||||
};
|
||||
example = {
|
||||
RUST_LOG = "info,fm=debug";
|
||||
RUST_BACKTRACE = "1";
|
||||
};
|
||||
};
|
||||
|
||||
p2p = {
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Opens port in firewall for fedimintd's p2p port";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8173;
|
||||
description = "Port to bind on for p2p connections from peers";
|
||||
};
|
||||
bind = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = "Address to bind on for p2p connections from peers";
|
||||
};
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
example = "fedimint://p2p.myfedimint.com";
|
||||
description = ''
|
||||
Public address for p2p connections from peers
|
||||
'';
|
||||
};
|
||||
};
|
||||
api = {
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Opens port in firewall for fedimintd's api port";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8174;
|
||||
description = "Port to bind on for API connections relied by the reverse proxy/tls terminator.";
|
||||
};
|
||||
bind = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = "Address to bind on for API connections relied by the reverse proxy/tls terminator.";
|
||||
};
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Public URL of the API address of the reverse proxy/tls terminator. Usually starting with `wss://`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
bitcoin = {
|
||||
network = mkOption {
|
||||
type = types.str;
|
||||
default = "signet";
|
||||
example = "bitcoin";
|
||||
description = "Bitcoin network to participate in.";
|
||||
};
|
||||
rpc = {
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
default = "http://127.0.0.1:38332";
|
||||
example = "signet";
|
||||
description = "Bitcoin node (bitcoind/electrum/esplora) address to connect to";
|
||||
};
|
||||
|
||||
kind = mkOption {
|
||||
type = types.str;
|
||||
default = "bitcoind";
|
||||
example = "electrum";
|
||||
description = "Kind of a bitcoin node.";
|
||||
};
|
||||
|
||||
secretFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
If set the URL specified in `bitcoin.rpc.url` will get the content of this file added
|
||||
as an URL password, so `http://user@example.com` will turn into `http://user:SOMESECRET@example.com`.
|
||||
|
||||
Example:
|
||||
|
||||
`/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public` (for nix-bitcoin default)
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
consensus.finalityDelay = mkOption {
|
||||
type = types.ints.unsigned;
|
||||
default = 10;
|
||||
description = "Consensus peg-in finality delay.";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/fedimintd-${name}/";
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Path to the data dir fedimintd will use to store its data.
|
||||
Note that due to using the DynamicUser feature of systemd, this value should not be changed
|
||||
and is set to be read only.
|
||||
'';
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to configure nginx for fedimintd
|
||||
'';
|
||||
};
|
||||
fqdn = mkOption {
|
||||
type = types.str;
|
||||
example = "api.myfedimint.com";
|
||||
description = "Public domain of the API address of the reverse proxy/tls terminator.";
|
||||
};
|
||||
config = mkOption {
|
||||
type = types.submodule (
|
||||
recursiveUpdate (import ../web-servers/nginx/vhost-options.nix {
|
||||
inherit config lib;
|
||||
}) { }
|
||||
);
|
||||
default = { };
|
||||
description = "Overrides to the nginx vhost section for api";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.fedimintd = mkOption {
|
||||
type = types.attrsOf (types.submodule fedimintdOpts);
|
||||
default = { };
|
||||
description = "Specification of one or more fedimintd instances.";
|
||||
};
|
||||
};
|
||||
|
||||
config =
|
||||
let
|
||||
eachFedimintd = filterAttrs (fedimintdName: cfg: cfg.enable) config.services.fedimintd;
|
||||
eachFedimintdNginx = filterAttrs (fedimintdName: cfg: cfg.nginx.enable) eachFedimintd;
|
||||
in
|
||||
mkIf (eachFedimintd != { }) {
|
||||
|
||||
networking.firewall.allowedTCPPorts = concatLists (
|
||||
mapAttrsToList (
|
||||
fedimintdName: cfg:
|
||||
(lib.optional cfg.api.openFirewall cfg.api.port ++ lib.optional cfg.p2p.openFirewall cfg.p2p.port)
|
||||
) eachFedimintd
|
||||
);
|
||||
|
||||
systemd.services = mapAttrs' (
|
||||
fedimintdName: cfg:
|
||||
(nameValuePair "fedimintd-${fedimintdName}" (
|
||||
let
|
||||
startScript = pkgs.writeShellScript "fedimintd-start" (
|
||||
(
|
||||
if cfg.bitcoin.rpc.secretFile != null then
|
||||
''
|
||||
secret=$(${pkgs.coreutils}/bin/head -n 1 "${cfg.bitcoin.rpc.secretFile}")
|
||||
prefix="''${FM_BITCOIN_RPC_URL%*@*}" # Everything before the last '@'
|
||||
suffix="''${FM_BITCOIN_RPC_URL##*@}" # Everything after the last '@'
|
||||
FM_BITCOIN_RPC_URL="''${prefix}:''${secret}@''${suffix}"
|
||||
''
|
||||
else
|
||||
""
|
||||
)
|
||||
+ ''
|
||||
exec ${cfg.package}/bin/fedimintd
|
||||
''
|
||||
);
|
||||
in
|
||||
{
|
||||
description = "Fedimint Server";
|
||||
documentation = [ "https://github.com/fedimint/fedimint/" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = lib.mkMerge [
|
||||
{
|
||||
FM_BIND_P2P = "${cfg.p2p.bind}:${toString cfg.p2p.port}";
|
||||
FM_BIND_API = "${cfg.api.bind}:${toString cfg.api.port}";
|
||||
FM_P2P_URL = cfg.p2p.url;
|
||||
FM_API_URL = cfg.api.url;
|
||||
FM_DATA_DIR = cfg.dataDir;
|
||||
FM_BITCOIN_NETWORK = cfg.bitcoin.network;
|
||||
FM_BITCOIN_RPC_URL = cfg.bitcoin.rpc.url;
|
||||
FM_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind;
|
||||
}
|
||||
cfg.environment
|
||||
];
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
|
||||
StateDirectory = "fedimintd-${fedimintdName}";
|
||||
StateDirectoryMode = "0700";
|
||||
ExecStart = startScript;
|
||||
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
StartLimitBurst = 5;
|
||||
UMask = "007";
|
||||
LimitNOFILE = "100000";
|
||||
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectSystem = "full";
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged"
|
||||
];
|
||||
};
|
||||
}
|
||||
))
|
||||
) eachFedimintd;
|
||||
|
||||
services.nginx.virtualHosts = mapAttrs' (
|
||||
fedimintdName: cfg:
|
||||
(nameValuePair cfg.nginx.fqdn (
|
||||
lib.mkMerge [
|
||||
cfg.nginx.config
|
||||
|
||||
{
|
||||
# Note: we want by default to enable OpenSSL, but it seems anything 100 and above is
|
||||
# overriden by default value from vhost-options.nix
|
||||
enableACME = mkOverride 99 true;
|
||||
forceSSL = mkOverride 99 true;
|
||||
# Currently Fedimint API only support JsonRPC on `/ws/` endpoint, so no need to handle `/`
|
||||
locations."/ws/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.api.port}/";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_pass_header Authorization;
|
||||
'';
|
||||
};
|
||||
}
|
||||
]
|
||||
))
|
||||
) eachFedimintdNginx;
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ dpc ];
|
||||
}
|
|
@ -10,14 +10,14 @@ let
|
|||
after = ["network.target"];
|
||||
wants = ["network.target"];
|
||||
preStart = ''
|
||||
${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
||||
${cfg.package}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout" +
|
||||
ExecStart = "${cfg.package}/bin/radiusd -f -d ${cfg.configDir} -l stdout" +
|
||||
lib.optionalString cfg.debug " -xx";
|
||||
ExecReload = [
|
||||
"${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
|
||||
"${cfg.package}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
|
||||
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
|
||||
];
|
||||
User = "radius";
|
||||
|
@ -32,6 +32,8 @@ let
|
|||
freeradiusConfig = {
|
||||
enable = lib.mkEnableOption "the freeradius server";
|
||||
|
||||
package = lib.mkPackageOption pkgs "freeradius" { };
|
||||
|
||||
configDir = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/etc/raddb";
|
||||
|
@ -72,7 +74,9 @@ in
|
|||
/*uid = config.ids.uids.radius;*/
|
||||
description = "Radius daemon user";
|
||||
isSystemUser = true;
|
||||
group = "radius";
|
||||
};
|
||||
groups.radius = {};
|
||||
};
|
||||
|
||||
systemd.services.freeradius = freeradiusService cfg;
|
||||
|
|
|
@ -129,8 +129,15 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
users.groups.gns3 = { };
|
||||
|
||||
users.groups.ubridge = lib.mkIf cfg.ubridge.enable { };
|
||||
|
||||
users.users.gns3 = {
|
||||
group = "gns3";
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
security.wrappers.ubridge = lib.mkIf cfg.ubridge.enable {
|
||||
capabilities = "cap_net_raw,cap_net_admin=eip";
|
||||
group = "ubridge";
|
||||
|
@ -150,7 +157,7 @@ in {
|
|||
};
|
||||
}
|
||||
(lib.mkIf (cfg.ubridge.enable) {
|
||||
Server.ubridge_path = lib.mkDefault (lib.getExe cfg.ubridge.package);
|
||||
Server.ubridge_path = lib.mkDefault "/run/wrappers/bin/ubridge";
|
||||
})
|
||||
(lib.mkIf (cfg.auth.enable) {
|
||||
Server = {
|
||||
|
@ -206,7 +213,6 @@ in {
|
|||
serviceConfig = {
|
||||
ConfigurationDirectory = "gns3";
|
||||
ConfigurationDirectoryMode = "0750";
|
||||
DynamicUser = true;
|
||||
Environment = "HOME=%S/gns3";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
ExecStart = "${lib.getExe cfg.package} ${commandArgs}";
|
||||
|
@ -227,14 +233,27 @@ in {
|
|||
User = "gns3";
|
||||
WorkingDirectory = "%S/gns3";
|
||||
|
||||
# Required for ubridge integration to work
|
||||
#
|
||||
# GNS3 needs to run SUID binaries (ubridge)
|
||||
# but NoNewPrivileges breaks execution of SUID binaries
|
||||
DynamicUser = false;
|
||||
NoNewPrivileges = false;
|
||||
RestrictSUIDSGID = false;
|
||||
PrivateUsers = false;
|
||||
|
||||
# Hardening
|
||||
DeviceAllow = lib.optional flags.enableLibvirtd "/dev/kvm";
|
||||
DeviceAllow = [
|
||||
# ubridge needs access to tun/tap devices
|
||||
"/dev/net/tap rw"
|
||||
"/dev/net/tun rw"
|
||||
] ++ lib.optionals flags.enableLibvirtd [
|
||||
"/dev/kvm"
|
||||
];
|
||||
DevicePolicy = "closed";
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = true;
|
||||
# Don't restrict ProcSubset because python3Packages.psutil requires read access to /proc/stat
|
||||
# ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
|
@ -255,8 +274,7 @@ in {
|
|||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
UMask = "0077";
|
||||
UMask = "0022";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkOption mkDefault mkEnableOption types optional optionals;
|
||||
inherit (lib.types) nullOr bool listOf str attrsOf submodule;
|
||||
|
||||
cfg = config.services.i2pd;
|
||||
|
||||
homeDir = "/var/lib/i2pd";
|
||||
|
||||
strOpt = k: v: k + " = " + v;
|
||||
boolOpt = k: v: k + " = " + boolToString v;
|
||||
boolOpt = k: v: k + " = " + lib.boolToString v;
|
||||
intOpt = k: v: k + " = " + toString v;
|
||||
lstOpt = k: xs: k + " = " + concatStringsSep "," xs;
|
||||
lstOpt = k: xs: k + " = " + lib.concatStringsSep "," xs;
|
||||
optionalNullString = o: s: optional (s != null) (strOpt o s);
|
||||
optionalNullBool = o: b: optional (b != null) (boolOpt o b);
|
||||
optionalNullInt = o: i: optional (i != null) (intOpt o i);
|
||||
|
@ -54,7 +54,7 @@ let
|
|||
mkKeyedEndpointOpt = name: addr: port: keyloc:
|
||||
(mkEndpointOpt name addr port) // {
|
||||
keys = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = keyloc;
|
||||
description = ''
|
||||
File to persist ${lib.toUpper name} keys.
|
||||
|
@ -162,8 +162,8 @@ let
|
|||
(sec "meshnets")
|
||||
(boolOpt "yggdrasil" cfg.yggdrasil.enable)
|
||||
] ++ (optionalNullString "yggaddress" cfg.yggdrasil.address)
|
||||
++ (flip map
|
||||
(collect (proto: proto ? port && proto ? address) cfg.proto)
|
||||
++ (lib.flip map
|
||||
(lib.collect (proto: proto ? port && proto ? address) cfg.proto)
|
||||
(proto: let protoOpts = [
|
||||
(sec proto.name)
|
||||
(boolOpt "enabled" proto.enable)
|
||||
|
@ -178,10 +178,10 @@ let
|
|||
++ (optionals (proto ? outproxy) (optionalNullString "outproxy" proto.outproxy))
|
||||
++ (optionals (proto ? outproxyPort) (optionalNullInt "outproxyport" proto.outproxyPort))
|
||||
++ (optionals (proto ? outproxyEnable) (optionalNullBool "outproxy.enabled" proto.outproxyEnable));
|
||||
in (concatStringsSep "\n" protoOpts)
|
||||
in (lib.concatStringsSep "\n" protoOpts)
|
||||
));
|
||||
in
|
||||
pkgs.writeText "i2pd.conf" (concatStringsSep "\n" opts);
|
||||
pkgs.writeText "i2pd.conf" (lib.concatStringsSep "\n" opts);
|
||||
|
||||
tunnelConf = let
|
||||
mkOutTunnel = tun:
|
||||
|
@ -200,7 +200,7 @@ let
|
|||
++ (optionals (tun ? outbound.quantity) (optionalNullInt "outbound.quantity" tun.outbound.quantity))
|
||||
++ (optionals (tun ? crypto.tagsToSend) (optionalNullInt "crypto.tagstosend" tun.crypto.tagsToSend));
|
||||
in
|
||||
concatStringsSep "\n" outTunOpts;
|
||||
lib.concatStringsSep "\n" outTunOpts;
|
||||
|
||||
mkInTunnel = tun:
|
||||
let
|
||||
|
@ -214,16 +214,16 @@ let
|
|||
++ (optionals (tun ? inPort) (optionalNullInt "inport" tun.inPort))
|
||||
++ (optionals (tun ? accessList) (optionalEmptyList "accesslist" tun.accessList));
|
||||
in
|
||||
concatStringsSep "\n" inTunOpts;
|
||||
lib.concatStringsSep "\n" inTunOpts;
|
||||
|
||||
allOutTunnels = collect (tun: tun ? port && tun ? destination) cfg.outTunnels;
|
||||
allInTunnels = collect (tun: tun ? port && tun ? address) cfg.inTunnels;
|
||||
allOutTunnels = lib.collect (tun: tun ? port && tun ? destination) cfg.outTunnels;
|
||||
allInTunnels = lib.collect (tun: tun ? port && tun ? address) cfg.inTunnels;
|
||||
|
||||
opts = [ notice ] ++ (map mkOutTunnel allOutTunnels) ++ (map mkInTunnel allInTunnels);
|
||||
in
|
||||
pkgs.writeText "i2pd-tunnels.conf" (concatStringsSep "\n" opts);
|
||||
pkgs.writeText "i2pd-tunnels.conf" (lib.concatStringsSep "\n" opts);
|
||||
|
||||
i2pdFlags = concatStringsSep " " (
|
||||
i2pdFlags = lib.concatStringsSep " " (
|
||||
optional (cfg.address != null) ("--host=" + cfg.address) ++ [
|
||||
"--service"
|
||||
("--conf=" + i2pdConf)
|
||||
|
@ -235,7 +235,7 @@ in
|
|||
{
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
|
||||
(lib.mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
@ -252,7 +252,7 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
package = mkPackageOption pkgs "i2pd" { };
|
||||
package = lib.mkPackageOption pkgs "i2pd" { };
|
||||
|
||||
logLevel = mkOption {
|
||||
type = types.enum ["debug" "info" "warn" "error"];
|
||||
|
@ -269,7 +269,7 @@ in
|
|||
logCLFTime = mkEnableOption "full CLF-formatted date and time to log";
|
||||
|
||||
address = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Your external IP or hostname.
|
||||
|
@ -277,7 +277,7 @@ in
|
|||
};
|
||||
|
||||
family = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Specify a family the router belongs to.
|
||||
|
@ -285,7 +285,7 @@ in
|
|||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Alternative path to storage of i2pd data (RI, keys, peer profiles, ...)
|
||||
|
@ -301,7 +301,7 @@ in
|
|||
};
|
||||
|
||||
ifname = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Network interface to bind to.
|
||||
|
@ -309,7 +309,7 @@ in
|
|||
};
|
||||
|
||||
ifname4 = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
IPv4 interface to bind to.
|
||||
|
@ -317,7 +317,7 @@ in
|
|||
};
|
||||
|
||||
ifname6 = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
IPv6 interface to bind to.
|
||||
|
@ -325,7 +325,7 @@ in
|
|||
};
|
||||
|
||||
ntcpProxy = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Proxy URL for NTCP transport.
|
||||
|
@ -399,7 +399,7 @@ in
|
|||
reseed.verify = mkEnableOption "SU3 signature verification";
|
||||
|
||||
reseed.file = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Full path to SU3 file to reseed from.
|
||||
|
@ -407,7 +407,7 @@ in
|
|||
};
|
||||
|
||||
reseed.urls = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
default = [];
|
||||
description = ''
|
||||
Reseed URLs.
|
||||
|
@ -415,7 +415,7 @@ in
|
|||
};
|
||||
|
||||
reseed.floodfill = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Path to router info of floodfill to reseed from.
|
||||
|
@ -423,7 +423,7 @@ in
|
|||
};
|
||||
|
||||
reseed.zipfile = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Path to local .zip file to reseed from.
|
||||
|
@ -431,7 +431,7 @@ in
|
|||
};
|
||||
|
||||
reseed.proxy = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
URL for reseed proxy, supports http/socks.
|
||||
|
@ -446,7 +446,7 @@ in
|
|||
'';
|
||||
};
|
||||
addressbook.subscriptions = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
default = [
|
||||
"http://inr.i2p/export/alive-hosts.txt"
|
||||
"http://i2p-projekt.i2p/hosts.txt"
|
||||
|
@ -460,7 +460,7 @@ in
|
|||
trust.enable = mkEnableOption "explicit trust options";
|
||||
|
||||
trust.family = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Router Family to trust for first hops.
|
||||
|
@ -468,7 +468,7 @@ in
|
|||
};
|
||||
|
||||
trust.routers = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
default = [];
|
||||
description = ''
|
||||
Only connect to the listed routers.
|
||||
|
@ -543,7 +543,7 @@ in
|
|||
yggdrasil.enable = mkEnableOption "Yggdrasil";
|
||||
|
||||
yggdrasil.address = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Your local yggdrasil address. Specify it if you want to bind your router to a
|
||||
|
@ -572,7 +572,7 @@ in
|
|||
};
|
||||
|
||||
strictHeaders = mkOption {
|
||||
type = with types; nullOr bool;
|
||||
type = nullOr bool;
|
||||
default = null;
|
||||
description = ''
|
||||
Enable strict host checking on WebUI.
|
||||
|
@ -580,7 +580,7 @@ in
|
|||
};
|
||||
|
||||
hostname = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Expected hostname for WebUI.
|
||||
|
@ -591,7 +591,7 @@ in
|
|||
proto.httpProxy = (mkKeyedEndpointOpt "httpproxy" "127.0.0.1" 4444 "httpproxy-keys.dat")
|
||||
// {
|
||||
outproxy = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = "Upstream outproxy bind address.";
|
||||
};
|
||||
|
@ -618,7 +618,7 @@ in
|
|||
|
||||
outTunnels = mkOption {
|
||||
default = {};
|
||||
type = with types; attrsOf (submodule (
|
||||
type = attrsOf (submodule (
|
||||
{ name, ... }: {
|
||||
options = {
|
||||
destinationPort = mkOption {
|
||||
|
@ -639,7 +639,7 @@ in
|
|||
|
||||
inTunnels = mkOption {
|
||||
default = {};
|
||||
type = with types; attrsOf (submodule (
|
||||
type = attrsOf (submodule (
|
||||
{ name, ... }: {
|
||||
options = {
|
||||
inPort = mkOption {
|
||||
|
@ -648,7 +648,7 @@ in
|
|||
description = "Service port. Default to the tunnel's listen port.";
|
||||
};
|
||||
accessList = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
default = [];
|
||||
description = "I2P nodes that are allowed to connect to this service.";
|
||||
};
|
||||
|
|
|
@ -156,7 +156,7 @@ in
|
|||
default = null;
|
||||
example = "192.168.1.42";
|
||||
description = ''
|
||||
Local address when running behind NAT.
|
||||
Local address to assume when running behind NAT.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -165,7 +165,25 @@ in
|
|||
default = null;
|
||||
example = "1.2.3.4";
|
||||
description = ''
|
||||
Public address when running behind NAT.
|
||||
Public address to assume when running behind NAT.
|
||||
'';
|
||||
};
|
||||
|
||||
harvesterAddresses = lib.mkOption {
|
||||
type = listOf str;
|
||||
default = [
|
||||
"stunserver.stunprotocol.org:3478"
|
||||
"stun.framasoft.org:3478"
|
||||
"meet-jit-si-turnrelay.jitsi.net:443"
|
||||
];
|
||||
example = [];
|
||||
description = ''
|
||||
Addresses of public STUN services to use to automatically find
|
||||
the public and local addresses of this Jitsi-Videobridge instance
|
||||
without the need for manual configuration.
|
||||
|
||||
This option is ignored if {option}`services.jitsi-videobridge.nat.localAddress`
|
||||
and {option}`services.jitsi-videobridge.nat.publicAddress` are set.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -199,9 +217,12 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
users.groups.jitsi-meet = {};
|
||||
|
||||
services.jitsi-videobridge.extraProperties = lib.optionalAttrs (cfg.nat.localAddress != null) {
|
||||
services.jitsi-videobridge.extraProperties =
|
||||
if (cfg.nat.localAddress != null) then {
|
||||
"org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS" = cfg.nat.localAddress;
|
||||
"org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS" = cfg.nat.publicAddress;
|
||||
} else {
|
||||
"org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES" = lib.concatStringsSep "," cfg.nat.harvesterAddresses;
|
||||
};
|
||||
|
||||
systemd.services.jitsi-videobridge2 = let
|
||||
|
|
|
@ -1,12 +1,10 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.monero;
|
||||
|
||||
listToConf = option: list:
|
||||
concatMapStrings (value: "${option}=${value}\n") list;
|
||||
lib.concatMapStrings (value: "${option}=${value}\n") list;
|
||||
|
||||
login = (cfg.rpc.user != null && cfg.rpc.password != null);
|
||||
|
||||
|
@ -14,17 +12,17 @@ let
|
|||
log-file=/dev/stdout
|
||||
data-dir=${dataDir}
|
||||
|
||||
${optionalString mining.enable ''
|
||||
${lib.optionalString mining.enable ''
|
||||
start-mining=${mining.address}
|
||||
mining-threads=${toString mining.threads}
|
||||
''}
|
||||
|
||||
rpc-bind-ip=${rpc.address}
|
||||
rpc-bind-port=${toString rpc.port}
|
||||
${optionalString login ''
|
||||
${lib.optionalString login ''
|
||||
rpc-login=${rpc.user}:${rpc.password}
|
||||
''}
|
||||
${optionalString rpc.restricted ''
|
||||
${lib.optionalString rpc.restricted ''
|
||||
restricted-rpc=1
|
||||
''}
|
||||
|
||||
|
@ -50,34 +48,34 @@ in
|
|||
|
||||
services.monero = {
|
||||
|
||||
enable = mkEnableOption "Monero node daemon";
|
||||
enable = lib.mkEnableOption "Monero node daemon";
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
dataDir = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/var/lib/monero";
|
||||
description = ''
|
||||
The directory where Monero stores its data files.
|
||||
'';
|
||||
};
|
||||
|
||||
mining.enable = mkOption {
|
||||
type = types.bool;
|
||||
mining.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to mine monero.
|
||||
'';
|
||||
};
|
||||
|
||||
mining.address = mkOption {
|
||||
type = types.str;
|
||||
mining.address = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Monero address where to send mining rewards.
|
||||
'';
|
||||
};
|
||||
|
||||
mining.threads = mkOption {
|
||||
type = types.addCheck types.int (x: x>=0);
|
||||
mining.threads = lib.mkOption {
|
||||
type = lib.types.addCheck lib.types.int (x: x>=0);
|
||||
default = 0;
|
||||
description = ''
|
||||
Number of threads used for mining.
|
||||
|
@ -85,48 +83,48 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
rpc.user = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
rpc.user = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
User name for RPC connections.
|
||||
'';
|
||||
};
|
||||
|
||||
rpc.password = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
rpc.password = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Password for RPC connections.
|
||||
'';
|
||||
};
|
||||
|
||||
rpc.address = mkOption {
|
||||
type = types.str;
|
||||
rpc.address = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
IP address the RPC server will bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
rpc.port = mkOption {
|
||||
type = types.port;
|
||||
rpc.port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = 18081;
|
||||
description = ''
|
||||
Port the RPC server will bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
rpc.restricted = mkOption {
|
||||
type = types.bool;
|
||||
rpc.restricted = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to restrict RPC to view only commands.
|
||||
'';
|
||||
};
|
||||
|
||||
limits.upload = mkOption {
|
||||
type = types.addCheck types.int (x: x>=-1);
|
||||
limits.upload = lib.mkOption {
|
||||
type = lib.types.addCheck lib.types.int (x: x>=-1);
|
||||
default = -1;
|
||||
description = ''
|
||||
Limit of the upload rate in kB/s.
|
||||
|
@ -134,8 +132,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
limits.download = mkOption {
|
||||
type = types.addCheck types.int (x: x>=-1);
|
||||
limits.download = lib.mkOption {
|
||||
type = lib.types.addCheck lib.types.int (x: x>=-1);
|
||||
default = -1;
|
||||
description = ''
|
||||
Limit of the download rate in kB/s.
|
||||
|
@ -143,8 +141,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
limits.threads = mkOption {
|
||||
type = types.addCheck types.int (x: x>=0);
|
||||
limits.threads = lib.mkOption {
|
||||
type = lib.types.addCheck lib.types.int (x: x>=0);
|
||||
default = 0;
|
||||
description = ''
|
||||
Maximum number of threads used for a parallel job.
|
||||
|
@ -152,8 +150,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
limits.syncSize = mkOption {
|
||||
type = types.addCheck types.int (x: x>=0);
|
||||
limits.syncSize = lib.mkOption {
|
||||
type = lib.types.addCheck lib.types.int (x: x>=0);
|
||||
default = 0;
|
||||
description = ''
|
||||
Maximum number of blocks to sync at once.
|
||||
|
@ -161,16 +159,16 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraNodes = mkOption {
|
||||
type = types.listOf types.str;
|
||||
extraNodes = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
List of additional peer IP addresses to add to the local list.
|
||||
'';
|
||||
};
|
||||
|
||||
priorityNodes = mkOption {
|
||||
type = types.listOf types.str;
|
||||
priorityNodes = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
List of peer IP addresses to connect to and
|
||||
|
@ -178,8 +176,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
exclusiveNodes = mkOption {
|
||||
type = types.listOf types.str;
|
||||
exclusiveNodes = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
List of peer IP addresses to connect to *only*.
|
||||
|
@ -187,8 +185,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
extraConfig = lib.mkOption {
|
||||
type = lib.types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra lines to be added verbatim to monerod configuration.
|
||||
|
@ -202,7 +200,7 @@ in
|
|||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
users.users.monero = {
|
||||
isSystemUser = true;
|
||||
|
@ -228,7 +226,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
assertions = singleton {
|
||||
assertions = lib.singleton {
|
||||
assertion = cfg.mining.enable -> cfg.mining.address != "";
|
||||
message = ''
|
||||
You need a Monero address to receive mining rewards:
|
||||
|
|
|
@ -514,6 +514,12 @@ in
|
|||
|
||||
environment.etc = {
|
||||
"NetworkManager/NetworkManager.conf".source = configFile;
|
||||
|
||||
# The networkmanager-l2tp plugin expects /etc/ipsec.secrets to include /etc/ipsec.d/ipsec.nm-l2tp.secrets;
|
||||
# see https://github.com/NixOS/nixpkgs/issues/64965
|
||||
"ipsec.secrets".text = ''
|
||||
include ipsec.d/ipsec.nm-l2tp.secrets
|
||||
'';
|
||||
}
|
||||
// builtins.listToAttrs (map
|
||||
(pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" {
|
||||
|
|
|
@ -1,7 +1,13 @@
|
|||
{ config, options, lib, pkgs, stdenv, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.pleroma;
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.pleroma = with lib; {
|
||||
enable = mkEnableOption "pleroma";
|
||||
|
@ -73,7 +79,7 @@ in {
|
|||
group = cfg.group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
groups."${cfg.group}" = {};
|
||||
groups."${cfg.group}" = { };
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
@ -90,43 +96,14 @@ in {
|
|||
import_config "${cfg.secretConfigFile}"
|
||||
'';
|
||||
|
||||
systemd.services.pleroma = {
|
||||
description = "Pleroma social network";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" "postgresql.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
restartTriggers = [ config.environment.etc."/pleroma/config.exs".source ];
|
||||
environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie";
|
||||
serviceConfig = {
|
||||
systemd.services =
|
||||
let
|
||||
commonSystemdServiceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Type = "exec";
|
||||
WorkingDirectory = "~";
|
||||
StateDirectory = "pleroma pleroma/static pleroma/uploads";
|
||||
StateDirectoryMode = "700";
|
||||
|
||||
# Checking the conf file is there then running the database
|
||||
# migration before each service start, just in case there are
|
||||
# some pending ones.
|
||||
#
|
||||
# It's sub-optimal as we'll always run this, even if pleroma
|
||||
# has not been updated. But the no-op process is pretty fast.
|
||||
# Better be safe than sorry migration-wise.
|
||||
ExecStartPre =
|
||||
let preScript = pkgs.writers.writeBashBin "pleromaStartPre" ''
|
||||
if [ ! -f /var/lib/pleroma/.cookie ]
|
||||
then
|
||||
echo "Creating cookie file"
|
||||
dd if=/dev/urandom bs=1 count=16 | hexdump -e '16/1 "%02x"' > /var/lib/pleroma/.cookie
|
||||
fi
|
||||
${cfg.package}/bin/pleroma_ctl migrate
|
||||
'';
|
||||
in "${preScript}/bin/pleromaStartPre";
|
||||
|
||||
ExecStart = "${cfg.package}/bin/pleroma start";
|
||||
ExecStop = "${cfg.package}/bin/pleroma stop";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
|
||||
# Systemd sandboxing directives.
|
||||
# Taken from the upstream contrib systemd service at
|
||||
# pleroma/installation/pleroma.service
|
||||
|
@ -137,10 +114,61 @@ in {
|
|||
NoNewPrivileges = true;
|
||||
CapabilityBoundingSet = "~CAP_SYS_ADMIN";
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
pleroma-migrations = {
|
||||
description = "Pleroma social network migrations";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"network-online.target"
|
||||
"postgresql.service"
|
||||
];
|
||||
wantedBy = [ "pleroma.service" ];
|
||||
environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie";
|
||||
serviceConfig = commonSystemdServiceConfig // {
|
||||
Type = "oneshot";
|
||||
# Checking the conf file is there then running the database
|
||||
# migration before each service start, just in case there are
|
||||
# some pending ones.
|
||||
#
|
||||
# It's sub-optimal as we'll always run this, even if pleroma
|
||||
# has not been updated. But the no-op process is pretty fast.
|
||||
# Better be safe than sorry migration-wise.
|
||||
ExecStart =
|
||||
let
|
||||
preScript = pkgs.writers.writeBashBin "pleroma-migrations" ''
|
||||
if [ ! -f /var/lib/pleroma/.cookie ]
|
||||
then
|
||||
echo "Creating cookie file"
|
||||
dd if=/dev/urandom bs=1 count=16 | hexdump -e '16/1 "%02x"' > /var/lib/pleroma/.cookie
|
||||
fi
|
||||
${cfg.package}/bin/pleroma_ctl migrate
|
||||
'';
|
||||
in
|
||||
"${preScript}/bin/pleroma-migrations";
|
||||
};
|
||||
# disksup requires bash
|
||||
path = [ pkgs.bash ];
|
||||
};
|
||||
|
||||
pleroma = {
|
||||
description = "Pleroma social network";
|
||||
wants = [ "pleroma-migrations.service" ];
|
||||
after = [ "pleroma-migrations.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
restartTriggers = [ config.environment.etc."/pleroma/config.exs".source ];
|
||||
environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie";
|
||||
serviceConfig = commonSystemdServiceConfig // {
|
||||
Type = "exec";
|
||||
ExecStart = "${cfg.package}/bin/pleroma start";
|
||||
ExecStop = "${cfg.package}/bin/pleroma stop";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
};
|
||||
# disksup requires bash
|
||||
path = [ pkgs.bash ];
|
||||
};
|
||||
};
|
||||
};
|
||||
meta.maintainers = with lib.maintainers; [ picnoir ];
|
||||
meta.doc = ./pleroma.md;
|
||||
|
|
|
@ -201,11 +201,11 @@ in {
|
|||
--syncmode ${cfg.syncmode} \
|
||||
${optionalString (cfg.permissioned)
|
||||
"--permissioned"} \
|
||||
--mine --minerthreads 1 \
|
||||
--mine --miner.threads 1 \
|
||||
${optionalString (cfg.rpc.enable)
|
||||
"--rpc --rpcaddr ${cfg.rpc.address} --rpcport ${toString cfg.rpc.port} --rpcapi ${cfg.rpc.api}"} \
|
||||
${optionalString (cfg.ws.enable)
|
||||
"--ws --wsaddr ${cfg.ws.address} --wsport ${toString cfg.ws.port} --wsapi ${cfg.ws.api} --wsorigins ${cfg.ws.origins}"} \
|
||||
"--ws --ws.addr ${cfg.ws.address} --ws.port ${toString cfg.ws.port} --ws.api ${cfg.ws.api} --ws.origins ${cfg.ws.origins}"} \
|
||||
--emitcheckpoints \
|
||||
--datadir ${dataDir} \
|
||||
--port ${toString cfg.port}'';
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue