Project import generated by Copybara.
GitOrigin-RevId: 724bfc0892363087709bd3a5a1666296759154b1
This commit is contained in:
parent
33b385d2e7
commit
4bac34ead1
1558 changed files with 26172 additions and 20213 deletions
|
@ -26,6 +26,7 @@ If applicable, add screenshots to help explain your problem.
|
|||
Add any other context about the problem here.
|
||||
|
||||
### Notify maintainers
|
||||
|
||||
<!--
|
||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||
If in doubt, check `git blame` for whoever last touched something.
|
||||
|
|
|
@ -1,31 +1,36 @@
|
|||
---
|
||||
name: Build failure
|
||||
about: Create a report to help us improve
|
||||
title: ''
|
||||
title: 'Build failure: PACKAGENAME'
|
||||
labels: '0.kind: build failure'
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
### Steps To Reproduce
|
||||
|
||||
Steps to reproduce the behavior:
|
||||
1. build *X*
|
||||
|
||||
### Build log
|
||||
|
||||
```
|
||||
log here if short otherwise a link to a gist
|
||||
```
|
||||
|
||||
### Additional context
|
||||
|
||||
Add any other context about the problem here.
|
||||
|
||||
### Notify maintainers
|
||||
|
||||
<!--
|
||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||
If in doubt, check `git blame` for whoever last touched something.
|
||||
-->
|
||||
|
||||
### Metadata
|
||||
|
||||
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
|
||||
|
||||
```console
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
name: Missing or incorrect documentation
|
||||
about: Help us improve the Nixpkgs and NixOS reference manuals
|
||||
title: ''
|
||||
title: 'Documentation: '
|
||||
labels: '9.needs: documentation'
|
||||
assignees: ''
|
||||
|
||||
|
@ -11,6 +11,10 @@ assignees: ''
|
|||
|
||||
<!-- describe your problem -->
|
||||
|
||||
## Proposal
|
||||
|
||||
<!-- propose a solution (optional) -->
|
||||
|
||||
## Checklist
|
||||
|
||||
<!-- make sure this issue is not redundant or obsolete -->
|
||||
|
@ -26,7 +30,3 @@ assignees: ''
|
|||
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
|
||||
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
|
||||
|
||||
## Proposal
|
||||
|
||||
<!-- propose a solution -->
|
||||
|
||||
|
|
|
@ -1,24 +1,17 @@
|
|||
---
|
||||
name: Out-of-date package reports
|
||||
about: For packages that are out-of-date
|
||||
title: ''
|
||||
title: 'Update request: PACKAGENAME OLDVERSION → NEWVERSION'
|
||||
labels: '9.needs: package (update)'
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
|
||||
###### Checklist
|
||||
|
||||
<!-- Note that these are hard requirements -->
|
||||
|
||||
<!--
|
||||
You can use the "Go to file" functionality on GitHub to find the package
|
||||
Then you can go to the history for this package
|
||||
Find the latest "package_name: old_version -> new_version" commit
|
||||
The "new_version" is the current version of the package
|
||||
-->
|
||||
- [ ] Checked the [nixpkgs master branch](https://github.com/NixOS/nixpkgs)
|
||||
- Package name:
|
||||
- Latest released version:
|
||||
<!-- Search your package here: https://search.nixos.org/packages?channel=unstable -->
|
||||
- Current version on the unstable channel:
|
||||
- Current version on the stable/release channel:
|
||||
<!--
|
||||
Type the name of your package and try to find an open pull request for the package
|
||||
If you find an open pull request, you can review it!
|
||||
|
@ -26,23 +19,10 @@ There's a high chance that you'll have the new version right away while helping
|
|||
-->
|
||||
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
|
||||
|
||||
###### Project name
|
||||
`nix search` name:
|
||||
<!--
|
||||
The current version can be found easily with the same process as above for checking the master branch
|
||||
If an open PR is present for the package, take this version as the current one and link to the PR
|
||||
-->
|
||||
current version:
|
||||
desired version:
|
||||
**Notify maintainers**
|
||||
|
||||
###### Notify maintainers
|
||||
<!--
|
||||
Search your package here: https://search.nixos.org/packages?channel=unstable
|
||||
If no maintainer is listed for your package, tag the person that last updated the package
|
||||
-->
|
||||
<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
||||
|
||||
maintainers:
|
||||
-----
|
||||
|
||||
###### Note for maintainers
|
||||
|
||||
Please tag this issue in your PR.
|
||||
Note for maintainers: Please tag this issue in your PR.
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
---
|
||||
name: Packaging requests
|
||||
about: For packages that are missing
|
||||
title: ''
|
||||
title: 'Package request: PACKAGENAME'
|
||||
labels: '0.kind: packaging request'
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
**Project description**
|
||||
_describe the project a little_
|
||||
|
||||
<!-- Describe the project a little: -->
|
||||
|
||||
**Metadata**
|
||||
|
||||
|
|
|
@ -163,3 +163,30 @@ or "hg"), `domain` and `fetchSubmodules`.
|
|||
If `fetchSubmodules` is `true`, `fetchFromSourcehut` uses `fetchgit`
|
||||
or `fetchhg` with `fetchSubmodules` or `fetchSubrepos` set to `true`,
|
||||
respectively. Otherwise, the fetcher uses `fetchzip`.
|
||||
|
||||
## `requireFile` {#requirefile}
|
||||
|
||||
`requireFile` allows requesting files that cannot be fetched automatically, but whose content is known.
|
||||
This is a useful last-resort workaround for license restrictions that prohibit redistribution, or for downloads that are only accessible after authenticating interactively in a browser.
|
||||
If the requested file is present in the Nix store, the resulting derivation will not be built, because its expected output is already available.
|
||||
Otherwise, the builder will run, but fail with a message explaining to the user how to provide the file. The following code, for example:
|
||||
|
||||
```
|
||||
requireFile {
|
||||
name = "jdk-${version}_linux-x64_bin.tar.gz";
|
||||
url = "https://www.oracle.com/java/technologies/javase-jdk11-downloads.html";
|
||||
sha256 = "94bd34f85ee38d3ef59e5289ec7450b9443b924c55625661fffe66b03f2c8de2";
|
||||
}
|
||||
```
|
||||
results in this error message:
|
||||
```
|
||||
***
|
||||
Unfortunately, we cannot download file jdk-11.0.10_linux-x64_bin.tar.gz automatically.
|
||||
Please go to https://www.oracle.com/java/technologies/javase-jdk11-downloads.html to download it yourself, and add it to the Nix store
|
||||
using either
|
||||
nix-store --add-fixed sha256 jdk-11.0.10_linux-x64_bin.tar.gz
|
||||
or
|
||||
nix-prefetch-url --type sha256 file:///path/to/jdk-11.0.10_linux-x64_bin.tar.gz
|
||||
|
||||
***
|
||||
```
|
||||
|
|
|
@ -204,13 +204,13 @@ The key words _must_, _must not_, _required_, _shall_, _shall not_, _should_, _s
|
|||
|
||||
In Nixpkgs, there are generally three different names associated with a package:
|
||||
|
||||
- The `name` attribute of the derivation (excluding the version part). This is what most users see, in particular when using `nix-env`.
|
||||
- The `pname` attribute of the derivation. This is what most users see, in particular when using `nix-env`.
|
||||
|
||||
- The variable name used for the instantiated package in `all-packages.nix`, and when passing it as a dependency to other functions. Typically this is called the _package attribute name_. This is what Nix expression authors see. It can also be used when installing using `nix-env -iA`.
|
||||
|
||||
- The filename for (the directory containing) the Nix expression.
|
||||
|
||||
Most of the time, these are the same. For instance, the package `e2fsprogs` has a `name` attribute `"e2fsprogs-version"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`.
|
||||
Most of the time, these are the same. For instance, the package `e2fsprogs` has a `pname` attribute `"e2fsprogs"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`.
|
||||
|
||||
There are a few naming guidelines:
|
||||
|
||||
|
|
3
third_party/nixpkgs/doc/default.nix
vendored
3
third_party/nixpkgs/doc/default.nix
vendored
|
@ -1,6 +1,5 @@
|
|||
{ pkgs ? (import ./.. { }), nixpkgs ? { }}:
|
||||
let
|
||||
lib = pkgs.lib;
|
||||
doc-support = import ./doc-support { inherit pkgs nixpkgs; };
|
||||
in pkgs.stdenv.mkDerivation {
|
||||
name = "nixpkgs-manual";
|
||||
|
@ -15,7 +14,7 @@ in pkgs.stdenv.mkDerivation {
|
|||
xmlformat
|
||||
];
|
||||
|
||||
src = lib.cleanSource ./.;
|
||||
src = pkgs.nix-gitignore.gitignoreSource [] ./.;
|
||||
|
||||
postPatch = ''
|
||||
ln -s ${doc-support} ./doc-support/result
|
||||
|
|
|
@ -195,7 +195,7 @@ maintenance work for `haskellPackages` is required. Besides that, it is not
|
|||
possible to get the dependencies of a legacy project from nixpkgs or to use a
|
||||
specific stack solver for compiling a project.
|
||||
|
||||
Even though we couldn‘t use them directly in nixpkgs, it would be desirable
|
||||
Even though we couldn’t use them directly in nixpkgs, it would be desirable
|
||||
to have tooling to generate working Nix package sets from build plans generated
|
||||
by `cabal-install` or a specific Stackage snapshot via import-from-derivation.
|
||||
Sadly we currently don’t have tooling for this. For this you might be
|
||||
|
@ -538,7 +538,7 @@ via [`shellFor`](#haskell-shellFor).
|
|||
When using `cabal-install` for dependency resolution you need to be a bit
|
||||
careful to achieve build purity. `cabal-install` will find and use all
|
||||
dependencies installed from the packages `env` via Nix, but it will also
|
||||
consult Hackage to potentially download and compile dependencies if it can‘t
|
||||
consult Hackage to potentially download and compile dependencies if it can’t
|
||||
find a valid build plan locally. To prevent this you can either never run
|
||||
`cabal update`, remove the cabal database from your `~/.cabal` folder or run
|
||||
`cabal` with `--offline`. Note though, that for some usecases `cabal2nix` needs
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
<xi:include href="r.section.xml" />
|
||||
<xi:include href="ruby.section.xml" />
|
||||
<xi:include href="rust.section.xml" />
|
||||
<xi:include href="swift.section.xml" />
|
||||
<xi:include href="texlive.section.xml" />
|
||||
<xi:include href="titanium.section.xml" />
|
||||
<xi:include href="vim.section.xml" />
|
||||
|
|
|
@ -4,6 +4,48 @@
|
|||
|
||||
Nixpkgs provides a couple of facilities for working with this tool.
|
||||
|
||||
- A [setup hook](#setup-hook-pkg-config) bundled with in the `pkg-config` package, to bring a derivation's declared build inputs into the environment.
|
||||
- The [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), for packages that provide pkg-config modules.
|
||||
- The `defaultPkgConfigPackages` package set: a set of aliases, named after the modules they provide. This is meant to be used by language-to-nix integrations. Hand-written packages should use the normal Nixpkgs attribute name instead.
|
||||
## Writing packages providing pkg-config modules
|
||||
|
||||
Packages should set `meta.pkgConfigProvides` with the list of package config modules they provide.
|
||||
They should also use `testers.testMetaPkgConfig` to check that the final built package matches that list.
|
||||
Additionally, the [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), will do extra checks on to-be-installed pkg-config modules.
|
||||
|
||||
A good example of all these things is zlib:
|
||||
|
||||
```
|
||||
{ pkg-config, testers, ... }:
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
...
|
||||
|
||||
nativeBuildInputs = [ pkg-config validatePkgConfig ];
|
||||
|
||||
passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
|
||||
|
||||
meta = {
|
||||
...
|
||||
pkgConfigModules = [ "zlib" ];
|
||||
};
|
||||
})
|
||||
```
|
||||
|
||||
## Accessing packages via pkg-config module name
|
||||
|
||||
### Within Nixpkgs
|
||||
|
||||
A [setup hook](#setup-hook-pkg-config) is bundled in the `pkg-config` package to bring a derivation's declared build inputs into the environment.
|
||||
This will populate environment variables like `PKG_CONFIG_PATH`, `PKG_CONFIG_PATH_FOR_BUILD`, and `PKG_CONFIG_PATH_HOST` based on:
|
||||
|
||||
- how `pkg-config` itself is depended upon
|
||||
|
||||
- how other dependencies are depended upon
|
||||
|
||||
For more details see the section on [specifying dependencies in general](#ssec-stdenv-dependencies).
|
||||
|
||||
Normal pkg-config commands to look up dependencies by name will then work with those environment variables defined by the hook.
|
||||
|
||||
### Externally
|
||||
|
||||
The `defaultPkgConfigPackages` package set is a set of aliases, named after the modules they provide.
|
||||
This is meant to be used by language-to-nix integrations.
|
||||
Hand-written packages should use the normal Nixpkgs attribute name instead.
|
||||
|
|
176
third_party/nixpkgs/doc/languages-frameworks/swift.section.md
vendored
Normal file
176
third_party/nixpkgs/doc/languages-frameworks/swift.section.md
vendored
Normal file
|
@ -0,0 +1,176 @@
|
|||
# Swift {#swift}
|
||||
|
||||
The Swift compiler is provided by the `swift` package:
|
||||
|
||||
```sh
|
||||
# Compile and link a simple executable.
|
||||
nix-shell -p swift --run 'swiftc -' <<< 'print("Hello world!")'
|
||||
# Run it!
|
||||
./main
|
||||
```
|
||||
|
||||
The `swift` package also provides the `swift` command, with some caveats:
|
||||
|
||||
- Swift Package Manager (SwiftPM) is packaged separately as `swiftpm`. If you
|
||||
need functionality like `swift build`, `swift run`, `swift test`, you must
|
||||
also add the `swiftpm` package to your closure.
|
||||
- On Darwin, the `swift repl` command requires an Xcode installation. This is
|
||||
because it uses the system LLDB debugserver, which has special entitlements.
|
||||
|
||||
## Module search paths {#ssec-swift-module-search-paths}
|
||||
|
||||
Like other toolchains in Nixpkgs, the Swift compiler executables are wrapped
|
||||
to help Swift find your application's dependencies in the Nix store. These
|
||||
wrappers scan the `buildInputs` of your package derivation for specific
|
||||
directories where Swift modules are placed by convention, and automatically
|
||||
add those directories to the Swift compiler search paths.
|
||||
|
||||
Swift follows different conventions depending on the platform. The wrappers
|
||||
look for the following directories:
|
||||
|
||||
- On Darwin platforms: `lib/swift/macosx`
|
||||
(If not targeting macOS, replace `macosx` with the Xcode platform name.)
|
||||
- On other platforms: `lib/swift/linux/x86_64`
|
||||
(Where `linux` and `x86_64` are from lowercase `uname -sm`.)
|
||||
- For convenience, Nixpkgs also adds simply `lib/swift` to the search path.
|
||||
This can save a bit of work packaging Swift modules, because many Nix builds
|
||||
will produce output for just one target any way.
|
||||
|
||||
## Core libraries {#ssec-swift-core-libraries}
|
||||
|
||||
In addition to the standard library, the Swift toolchain contains some
|
||||
additional 'core libraries' that, on Apple platforms, are normally distributed
|
||||
as part of the OS or Xcode. These are packaged separately in Nixpkgs, and can
|
||||
be found (for use in `buildInputs`) as:
|
||||
|
||||
- `swiftPackages.Dispatch`
|
||||
- `swiftPackages.Foundation`
|
||||
- `swiftPackages.XCTest`
|
||||
|
||||
## Packaging with SwiftPM {#ssec-swift-packaging-with-swiftpm}
|
||||
|
||||
Nixpkgs includes a small helper `swiftpm2nix` that can fetch your SwiftPM
|
||||
dependencies for you, when you need to write a Nix expression to package your
|
||||
application.
|
||||
|
||||
The first step is to run the generator:
|
||||
|
||||
```sh
|
||||
cd /path/to/my/project
|
||||
# Enter a Nix shell with the required tools.
|
||||
nix-shell -p swift swiftpm swiftpm2nix
|
||||
# First, make sure the workspace is up-to-date.
|
||||
swift package resolve
|
||||
# Now generate the Nix code.
|
||||
swiftpm2nix
|
||||
```
|
||||
|
||||
This produces some files in a directory `nix`, which will be part of your Nix
|
||||
expression. The next step is to write that expression:
|
||||
|
||||
```nix
|
||||
{ stdenv, swift, swiftpm, swiftpm2nix, fetchFromGitHub }:
|
||||
|
||||
let
|
||||
# Pass the generated files to the helper.
|
||||
generated = swiftpm2nix.helpers ./nix;
|
||||
in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "myproject";
|
||||
version = "0.0.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||
};
|
||||
|
||||
# Including SwiftPM as a nativeBuildInput provides a buildPhase for you.
|
||||
# This by default performs a release build using SwiftPM, essentially:
|
||||
# swift build -c release
|
||||
nativeBuildInputs = [ swift swiftpm ];
|
||||
|
||||
# The helper provides a configure snippet that will prepare all dependencies
|
||||
# in the correct place, where SwiftPM expects them.
|
||||
configurePhase = generated.configure;
|
||||
|
||||
installPhase = ''
|
||||
# This is a special function that invokes swiftpm to find the location
|
||||
# of the binaries it produced.
|
||||
binPath="$(swiftpmBinPath)"
|
||||
# Now perform any installation steps.
|
||||
mkdir -p $out/bin
|
||||
cp $binPath/myproject $out/bin/
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
### Custom build flags {#ssec-swiftpm-custom-build-flags}
|
||||
|
||||
If you'd like to build a different configuration than `release`:
|
||||
|
||||
```nix
|
||||
swiftpmBuildConfig = "debug";
|
||||
```
|
||||
|
||||
It is also possible to provide additional flags to `swift build`:
|
||||
|
||||
```nix
|
||||
swiftpmFlags = [ "--disable-dead-strip" ];
|
||||
```
|
||||
|
||||
The default `buildPhase` already passes `-j` for parallel building.
|
||||
|
||||
If these two customization options are insufficient, simply provide your own
|
||||
`buildPhase` that invokes `swift build`.
|
||||
|
||||
### Running tests {#ssec-swiftpm-running-tests}
|
||||
|
||||
Including `swiftpm` in your `nativeBuildInputs` also provides a default
|
||||
`checkPhase`, but it must be enabled with:
|
||||
|
||||
```nix
|
||||
doCheck = true;
|
||||
```
|
||||
|
||||
This essentially runs: `swift test -c release`
|
||||
|
||||
### Patching dependencies {#ssec-swiftpm-patching-dependencies}
|
||||
|
||||
In some cases, it may be necessary to patch a SwiftPM dependency. SwiftPM
|
||||
dependencies are located in `.build/checkouts`, but the `swiftpm2nix` helper
|
||||
provides these as symlinks to read-only `/nix/store` paths. In order to patch
|
||||
them, we need to make them writable.
|
||||
|
||||
A special function `swiftpmMakeMutable` is available to replace the symlink
|
||||
with a writable copy:
|
||||
|
||||
```
|
||||
configurePhase = generated.configure ++ ''
|
||||
# Replace the dependency symlink with a writable copy.
|
||||
swiftpmMakeMutable swift-crypto
|
||||
# Now apply a patch.
|
||||
patch -p1 -d .build/checkouts/swift-crypto -i ${./some-fix.patch}
|
||||
'';
|
||||
```
|
||||
|
||||
## Considerations for custom build tools {#ssec-swift-considerations-for-custom-build-tools}
|
||||
|
||||
### Linking the standard library {#ssec-swift-linking-the-standard-library}
|
||||
|
||||
The `swift` package has a separate `lib` output containing just the Swift
|
||||
standard library, to prevent Swift applications needing a dependency on the
|
||||
full Swift compiler at run-time. Linking with the Nixpkgs Swift toolchain
|
||||
already ensures binaries correctly reference the `lib` output.
|
||||
|
||||
Sometimes, Swift is used only to compile part of a mixed codebase, and the
|
||||
link step is manual. Custom build tools often locate the standard library
|
||||
relative to the `swift` compiler executable, and while the result will work,
|
||||
when this path ends up in the binary, it will have the Swift compiler as an
|
||||
unintended dependency.
|
||||
|
||||
In this case, you should investigate how your build process discovers the
|
||||
standard library, and override the path. The correct path will be something
|
||||
like: `"${swift.swift.lib}/${swift.swiftModuleSubdir}"`
|
|
@ -626,7 +626,7 @@ Before and after running `make`, the hooks `preBuild` and `postBuild` are called
|
|||
|
||||
### The check phase {#ssec-check-phase}
|
||||
|
||||
The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make $checkTarget`, but only if the `doCheck` variable is enabled (see below).
|
||||
The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make $checkTarget`, but only if the [`doCheck` variable](#var-stdenv-doCheck) is enabled.
|
||||
|
||||
#### Variables controlling the check phase {#variables-controlling-the-check-phase}
|
||||
|
||||
|
@ -646,7 +646,8 @@ See the [build phase](#var-stdenv-makeFlags) for details.
|
|||
|
||||
##### `checkTarget` {#var-stdenv-checkTarget}
|
||||
|
||||
The make target that runs the tests. Defaults to `check` if it exists, otherwise `test`; if neither is found, do nothing.
|
||||
The `make` target that runs the tests.
|
||||
If unset, use `check` if it exists, otherwise `test`; if neither is found, do nothing.
|
||||
|
||||
##### `checkFlags` / `checkFlagsArray` {#var-stdenv-checkFlags}
|
||||
|
||||
|
|
2
third_party/nixpkgs/lib/default.nix
vendored
2
third_party/nixpkgs/lib/default.nix
vendored
|
@ -88,7 +88,7 @@ let
|
|||
updateManyAttrsByPath;
|
||||
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
|
||||
concatMap flatten remove findSingle findFirst any all count
|
||||
optional optionals toList range partition zipListsWith zipLists
|
||||
optional optionals toList range replicate partition zipListsWith zipLists
|
||||
reverseList listDfs toposort sort naturalSort compareLists take
|
||||
drop sublist last init crossLists unique intersectLists
|
||||
subtractLists mutuallyExclusive groupBy groupBy';
|
||||
|
|
17
third_party/nixpkgs/lib/licenses.nix
vendored
17
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -114,6 +114,16 @@ in mkLicense lset) ({
|
|||
fullName = "Bitstream Vera Font License";
|
||||
};
|
||||
|
||||
bitTorrent10 = {
|
||||
spdxId = "BitTorrent-1.0";
|
||||
fullName = " BitTorrent Open Source License v1.0";
|
||||
};
|
||||
|
||||
bitTorrent11 = {
|
||||
spdxId = "BitTorrent-1.1";
|
||||
fullName = " BitTorrent Open Source License v1.1";
|
||||
};
|
||||
|
||||
bola11 = {
|
||||
url = "https://blitiri.com.ar/p/bola/";
|
||||
fullName = "Buena Onda License Agreement 1.1";
|
||||
|
@ -333,6 +343,13 @@ in mkLicense lset) ({
|
|||
free = false;
|
||||
};
|
||||
|
||||
ecl20 = {
|
||||
fullName = "Educational Community License, Version 2.0";
|
||||
url = "https://opensource.org/licenses/ECL-2.0";
|
||||
shortName = "ECL 2.0";
|
||||
spdxId = "ECL-2.0";
|
||||
};
|
||||
|
||||
efl10 = {
|
||||
spdxId = "EFL-1.0";
|
||||
fullName = "Eiffel Forum License v1.0";
|
||||
|
|
12
third_party/nixpkgs/lib/lists.nix
vendored
12
third_party/nixpkgs/lib/lists.nix
vendored
|
@ -303,6 +303,18 @@ rec {
|
|||
else
|
||||
genList (n: first + n) (last - first + 1);
|
||||
|
||||
/* Return a list with `n` copies of an element.
|
||||
|
||||
Type: replicate :: int -> a -> [a]
|
||||
|
||||
Example:
|
||||
replicate 3 "a"
|
||||
=> [ "a" "a" "a" ]
|
||||
replicate 2 true
|
||||
=> [ true true ]
|
||||
*/
|
||||
replicate = n: elem: genList (_: elem) n;
|
||||
|
||||
/* Splits the elements of a list in two lists, `right` and
|
||||
`wrong`, depending on the evaluation of a predicate.
|
||||
|
||||
|
|
70
third_party/nixpkgs/lib/path/default.nix
vendored
70
third_party/nixpkgs/lib/path/default.nix
vendored
|
@ -4,6 +4,7 @@ let
|
|||
|
||||
inherit (builtins)
|
||||
isString
|
||||
isPath
|
||||
split
|
||||
match
|
||||
;
|
||||
|
@ -25,6 +26,10 @@ let
|
|||
assertMsg
|
||||
;
|
||||
|
||||
inherit (lib.path.subpath)
|
||||
isValid
|
||||
;
|
||||
|
||||
# Return the reason why a subpath is invalid, or `null` if it's valid
|
||||
subpathInvalidReason = value:
|
||||
if ! isString value then
|
||||
|
@ -94,6 +99,52 @@ let
|
|||
|
||||
in /* No rec! Add dependencies on this file at the top. */ {
|
||||
|
||||
/* Append a subpath string to a path.
|
||||
|
||||
Like `path + ("/" + string)` but safer, because it errors instead of returning potentially surprising results.
|
||||
More specifically, it checks that the first argument is a [path value type](https://nixos.org/manual/nix/stable/language/values.html#type-path"),
|
||||
and that the second argument is a valid subpath string (see `lib.path.subpath.isValid`).
|
||||
|
||||
Type:
|
||||
append :: Path -> String -> Path
|
||||
|
||||
Example:
|
||||
append /foo "bar/baz"
|
||||
=> /foo/bar/baz
|
||||
|
||||
# subpaths don't need to be normalised
|
||||
append /foo "./bar//baz/./"
|
||||
=> /foo/bar/baz
|
||||
|
||||
# can append to root directory
|
||||
append /. "foo/bar"
|
||||
=> /foo/bar
|
||||
|
||||
# first argument needs to be a path value type
|
||||
append "/foo" "bar"
|
||||
=> <error>
|
||||
|
||||
# second argument needs to be a valid subpath string
|
||||
append /foo /bar
|
||||
=> <error>
|
||||
append /foo ""
|
||||
=> <error>
|
||||
append /foo "/bar"
|
||||
=> <error>
|
||||
append /foo "../bar"
|
||||
=> <error>
|
||||
*/
|
||||
append =
|
||||
# The absolute path to append to
|
||||
path:
|
||||
# The subpath string to append
|
||||
subpath:
|
||||
assert assertMsg (isPath path) ''
|
||||
lib.path.append: The first argument is of type ${builtins.typeOf path}, but a path was expected'';
|
||||
assert assertMsg (isValid subpath) ''
|
||||
lib.path.append: Second argument is not a valid subpath string:
|
||||
${subpathInvalidReason subpath}'';
|
||||
path + ("/" + subpath);
|
||||
|
||||
/* Whether a value is a valid subpath string.
|
||||
|
||||
|
@ -133,7 +184,9 @@ in /* No rec! Add dependencies on this file at the top. */ {
|
|||
subpath.isValid "./foo//bar/"
|
||||
=> true
|
||||
*/
|
||||
subpath.isValid = value:
|
||||
subpath.isValid =
|
||||
# The value to check
|
||||
value:
|
||||
subpathInvalidReason value == null;
|
||||
|
||||
|
||||
|
@ -150,11 +203,11 @@ in /* No rec! Add dependencies on this file at the top. */ {
|
|||
|
||||
Laws:
|
||||
|
||||
- (Idempotency) Normalising multiple times gives the same result:
|
||||
- Idempotency - normalising multiple times gives the same result:
|
||||
|
||||
subpath.normalise (subpath.normalise p) == subpath.normalise p
|
||||
|
||||
- (Uniqueness) There's only a single normalisation for the paths that lead to the same file system node:
|
||||
- Uniqueness - there's only a single normalisation for the paths that lead to the same file system node:
|
||||
|
||||
subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q})
|
||||
|
||||
|
@ -210,9 +263,12 @@ in /* No rec! Add dependencies on this file at the top. */ {
|
|||
subpath.normalise "/foo"
|
||||
=> <error>
|
||||
*/
|
||||
subpath.normalise = path:
|
||||
assert assertMsg (subpathInvalidReason path == null)
|
||||
"lib.path.subpath.normalise: Argument is not a valid subpath string: ${subpathInvalidReason path}";
|
||||
joinRelPath (splitRelPath path);
|
||||
subpath.normalise =
|
||||
# The subpath string to normalise
|
||||
subpath:
|
||||
assert assertMsg (isValid subpath) ''
|
||||
lib.path.subpath.normalise: Argument is not a valid subpath string:
|
||||
${subpathInvalidReason subpath}'';
|
||||
joinRelPath (splitRelPath subpath);
|
||||
|
||||
}
|
||||
|
|
40
third_party/nixpkgs/lib/path/tests/unit.nix
vendored
40
third_party/nixpkgs/lib/path/tests/unit.nix
vendored
|
@ -3,9 +3,44 @@
|
|||
{ libpath }:
|
||||
let
|
||||
lib = import libpath;
|
||||
inherit (lib.path) subpath;
|
||||
inherit (lib.path) append subpath;
|
||||
|
||||
cases = lib.runTests {
|
||||
# Test examples from the lib.path.append documentation
|
||||
testAppendExample1 = {
|
||||
expr = append /foo "bar/baz";
|
||||
expected = /foo/bar/baz;
|
||||
};
|
||||
testAppendExample2 = {
|
||||
expr = append /foo "./bar//baz/./";
|
||||
expected = /foo/bar/baz;
|
||||
};
|
||||
testAppendExample3 = {
|
||||
expr = append /. "foo/bar";
|
||||
expected = /foo/bar;
|
||||
};
|
||||
testAppendExample4 = {
|
||||
expr = (builtins.tryEval (append "/foo" "bar")).success;
|
||||
expected = false;
|
||||
};
|
||||
testAppendExample5 = {
|
||||
expr = (builtins.tryEval (append /foo /bar)).success;
|
||||
expected = false;
|
||||
};
|
||||
testAppendExample6 = {
|
||||
expr = (builtins.tryEval (append /foo "")).success;
|
||||
expected = false;
|
||||
};
|
||||
testAppendExample7 = {
|
||||
expr = (builtins.tryEval (append /foo "/bar")).success;
|
||||
expected = false;
|
||||
};
|
||||
testAppendExample8 = {
|
||||
expr = (builtins.tryEval (append /foo "../bar")).success;
|
||||
expected = false;
|
||||
};
|
||||
|
||||
# Test examples from the lib.path.subpath.isValid documentation
|
||||
testSubpathIsValidExample1 = {
|
||||
expr = subpath.isValid null;
|
||||
expected = false;
|
||||
|
@ -30,6 +65,7 @@ let
|
|||
expr = subpath.isValid "./foo//bar/";
|
||||
expected = true;
|
||||
};
|
||||
# Some extra tests
|
||||
testSubpathIsValidTwoDotsEnd = {
|
||||
expr = subpath.isValid "foo/..";
|
||||
expected = false;
|
||||
|
@ -71,6 +107,7 @@ let
|
|||
expected = true;
|
||||
};
|
||||
|
||||
# Test examples from the lib.path.subpath.normalise documentation
|
||||
testSubpathNormaliseExample1 = {
|
||||
expr = subpath.normalise "foo//bar";
|
||||
expected = "./foo/bar";
|
||||
|
@ -107,6 +144,7 @@ let
|
|||
expr = (builtins.tryEval (subpath.normalise "/foo")).success;
|
||||
expected = false;
|
||||
};
|
||||
# Some extra tests
|
||||
testSubpathNormaliseIsValidDots = {
|
||||
expr = subpath.normalise "./foo/.bar/.../baz...qux";
|
||||
expected = "./foo/.bar/.../baz...qux";
|
||||
|
|
5
third_party/nixpkgs/lib/tests/misc.nix
vendored
5
third_party/nixpkgs/lib/tests/misc.nix
vendored
|
@ -479,6 +479,11 @@ runTests {
|
|||
expected = [2 30 40 42];
|
||||
};
|
||||
|
||||
testReplicate = {
|
||||
expr = replicate 3 "a";
|
||||
expected = ["a" "a" "a"];
|
||||
};
|
||||
|
||||
testToIntShouldConvertStringToInt = {
|
||||
expr = toInt "27";
|
||||
expected = 27;
|
||||
|
|
|
@ -693,6 +693,15 @@
|
|||
fingerprint = "7FDB 17B3 C29B 5BA6 E5A9 8BB2 9FAA 63E0 9750 6D9D";
|
||||
}];
|
||||
};
|
||||
Alper-Celik = {
|
||||
email = "dev.alpercelik@gmail.com";
|
||||
name = "Alper Çelik";
|
||||
github = "Alper-Celik";
|
||||
githubId = 110625473;
|
||||
keys = [{
|
||||
fingerprint = "6B69 19DD CEE0 FAF3 5C9F 2984 FA90 C0AB 738A B873";
|
||||
}];
|
||||
};
|
||||
almac = {
|
||||
email = "alma.cemerlic@gmail.com";
|
||||
github = "a1mac";
|
||||
|
@ -2325,6 +2334,12 @@
|
|||
githubId = 3212452;
|
||||
name = "Cameron Nemo";
|
||||
};
|
||||
camillemndn = {
|
||||
email = "camillemondon@free.fr";
|
||||
github = "camillemndn";
|
||||
githubId = 26444818;
|
||||
name = "Camille M.";
|
||||
};
|
||||
campadrenalin = {
|
||||
email = "campadrenalin@gmail.com";
|
||||
github = "campadrenalin";
|
||||
|
@ -5105,6 +5120,12 @@
|
|||
githubId = 36706276;
|
||||
name = "Fufezan Mihai";
|
||||
};
|
||||
fugi = {
|
||||
email = "me@fugi.dev";
|
||||
github = "FugiMuffi";
|
||||
githubId = 21362942;
|
||||
name = "Fugi";
|
||||
};
|
||||
fusion809 = {
|
||||
email = "brentonhorne77@gmail.com";
|
||||
github = "fusion809";
|
||||
|
@ -5242,6 +5263,15 @@
|
|||
githubId = 313929;
|
||||
name = "Gabriel Ebner";
|
||||
};
|
||||
genericnerdyusername = {
|
||||
name = "GenericNerdyUsername";
|
||||
email = "genericnerdyusername@proton.me";
|
||||
github = "GenericNerdyUsername";
|
||||
githubId = 111183546;
|
||||
keys = [{
|
||||
fingerprint = "58CE D4BE 6B10 149E DA80 A990 2F48 6356 A4CB 30F3";
|
||||
}];
|
||||
};
|
||||
genofire = {
|
||||
name = "genofire";
|
||||
email = "geno+dev@fireorbit.de";
|
||||
|
@ -6050,6 +6080,12 @@
|
|||
githubId = 1592375;
|
||||
name = "Walter Huf";
|
||||
};
|
||||
hughobrien = {
|
||||
email = "github@hughobrien.ie";
|
||||
github = "hughobrien";
|
||||
githubId = 3400690;
|
||||
name = "Hugh O'Brien";
|
||||
};
|
||||
hugolgst = {
|
||||
email = "hugo.lageneste@pm.me";
|
||||
github = "hugolgst";
|
||||
|
@ -6626,6 +6662,12 @@
|
|||
github = "jayeshbhoot";
|
||||
githubId = 1915507;
|
||||
};
|
||||
jayman2000 = {
|
||||
email = "jason@jasonyundt.email";
|
||||
github = "Jayman2000";
|
||||
githubId = 5579359;
|
||||
name = "Jason Yundt";
|
||||
};
|
||||
jb55 = {
|
||||
email = "jb55@jb55.com";
|
||||
github = "jb55";
|
||||
|
@ -7003,6 +7045,12 @@
|
|||
githubId = 2308444;
|
||||
name = "Joshua Gilman";
|
||||
};
|
||||
jnsgruk = {
|
||||
email = "jon@sgrs.uk";
|
||||
github = "jnsgruk";
|
||||
githubId = 668505;
|
||||
name = "Jon Seager";
|
||||
};
|
||||
jo1gi = {
|
||||
email = "joakimholm@protonmail.com";
|
||||
github = "jo1gi";
|
||||
|
@ -8906,8 +8954,8 @@
|
|||
githubId = 2914269;
|
||||
name = "Malo Bourgon";
|
||||
};
|
||||
malvo = {
|
||||
email = "malte@malvo.org";
|
||||
malte-v = {
|
||||
email = "nixpkgs@mal.tc";
|
||||
github = "malte-v";
|
||||
githubId = 34393802;
|
||||
name = "Malte Voos";
|
||||
|
@ -9975,6 +10023,12 @@
|
|||
githubId = 3073833;
|
||||
name = "Massimo Redaelli";
|
||||
};
|
||||
mrityunjaygr8 = {
|
||||
email = "mrityunjaysaxena1996@gmail.com";
|
||||
github = "mrityunjaygr8";
|
||||
name = "Mrityunjay Saxena";
|
||||
githubId = 14573967;
|
||||
};
|
||||
mrkkrp = {
|
||||
email = "markkarpov92@gmail.com";
|
||||
github = "mrkkrp";
|
||||
|
@ -12874,6 +12928,12 @@
|
|||
githubId = 6022042;
|
||||
name = "Sam Parkinson";
|
||||
};
|
||||
samhug = {
|
||||
email = "s@m-h.ug";
|
||||
github = "samhug";
|
||||
githubId = 171470;
|
||||
name = "Sam Hug";
|
||||
};
|
||||
samlich = {
|
||||
email = "nixos@samli.ch";
|
||||
github = "samlich";
|
||||
|
@ -13092,7 +13152,7 @@
|
|||
github = "Scrumplex";
|
||||
githubId = 11587657;
|
||||
keys = [{
|
||||
fingerprint = "AF1F B107 E188 CB97 9A94 FD7F C104 1129 4912 A422";
|
||||
fingerprint = "E173 237A C782 296D 98F5 ADAC E13D FD4B 4712 7951";
|
||||
}];
|
||||
};
|
||||
scubed2 = {
|
||||
|
@ -13210,6 +13270,12 @@
|
|||
githubId = 38824235;
|
||||
name = "Serge Belov";
|
||||
};
|
||||
serge_sans_paille = {
|
||||
email = "serge.guelton@telecom-bretagne.eu";
|
||||
github = "serge-sans-paille";
|
||||
githubId = 863807;
|
||||
name = "Serge Guelton";
|
||||
};
|
||||
sersorrel = {
|
||||
email = "ash@sorrel.sh";
|
||||
github = "sersorrel";
|
||||
|
@ -13302,6 +13368,12 @@
|
|||
githubId = 16765155;
|
||||
name = "Shardul Baral";
|
||||
};
|
||||
sharzy = {
|
||||
email = "me@sharzy.in";
|
||||
github = "SharzyL";
|
||||
githubId = 46294732;
|
||||
name = "Sharzy";
|
||||
};
|
||||
shawndellysse = {
|
||||
email = "sdellysse@gmail.com";
|
||||
github = "sdellysse";
|
||||
|
@ -13627,6 +13699,12 @@
|
|||
githubId = 57048005;
|
||||
name = "snicket2100";
|
||||
};
|
||||
sno2wman = {
|
||||
name = "SnO2WMaN";
|
||||
email = "me@sno2wman.net";
|
||||
github = "sno2wman";
|
||||
githubId = 15155608;
|
||||
};
|
||||
snpschaaf = {
|
||||
email = "philipe.schaaf@secunet.com";
|
||||
name = "Philippe Schaaf";
|
||||
|
@ -13840,6 +13918,12 @@
|
|||
githubId = 1699155;
|
||||
name = "Steve Elliott";
|
||||
};
|
||||
stefanfehrenbach = {
|
||||
email = "stefan.fehrenbach@gmail.com";
|
||||
github = "fehrenbach";
|
||||
githubId = 203168;
|
||||
name = "Stefan Fehrenbach";
|
||||
};
|
||||
stehessel = {
|
||||
email = "stephan@stehessel.de";
|
||||
github = "stehessel";
|
||||
|
@ -15240,6 +15324,12 @@
|
|||
githubId = 27813;
|
||||
name = "Vincent Breitmoser";
|
||||
};
|
||||
vamega = {
|
||||
email = "github@madiathv.com";
|
||||
github = "vamega";
|
||||
githubId = 223408;
|
||||
name = "Varun Madiath";
|
||||
};
|
||||
vandenoever = {
|
||||
email = "jos@vandenoever.info";
|
||||
github = "vandenoever";
|
||||
|
|
|
@ -54,4 +54,4 @@ run this command to do the same thing.
|
|||
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
||||
```
|
||||
|
||||
A log-out and re-log will be needed for this to take effect.
|
||||
It is necessary to log out and log in again for this to take effect.
|
||||
|
|
44
third_party/nixpkgs/nixos/doc/manual/default.nix
vendored
44
third_party/nixpkgs/nixos/doc/manual/default.nix
vendored
|
@ -21,6 +21,8 @@ let
|
|||
withManOptDedupPatch = true;
|
||||
};
|
||||
|
||||
manpageUrls = pkgs.path + "/doc/manpage-urls.json";
|
||||
|
||||
# We need to strip references to /nix/store/* from options,
|
||||
# including any `extraSources` if some modules came from elsewhere,
|
||||
# or else the build will fail.
|
||||
|
@ -48,7 +50,7 @@ let
|
|||
};
|
||||
in buildPackages.nixosOptionsDoc {
|
||||
inherit (eval) options;
|
||||
inherit (revision);
|
||||
inherit revision;
|
||||
transformOptions = opt: opt // {
|
||||
# Clean up declaration sites to not refer to the NixOS source tree.
|
||||
declarations =
|
||||
|
@ -72,7 +74,7 @@ let
|
|||
nativeBuildInputs = [ pkgs.nixos-render-docs ];
|
||||
} ''
|
||||
nixos-render-docs manual docbook \
|
||||
--manpage-urls ${pkgs.path + "/doc/manpage-urls.json"} \
|
||||
--manpage-urls ${manpageUrls} \
|
||||
"$out" \
|
||||
--section \
|
||||
--section-id modules \
|
||||
|
@ -254,20 +256,38 @@ in rec {
|
|||
# Generate the NixOS manpages.
|
||||
manpages = runCommand "nixos-manpages"
|
||||
{ inherit sources;
|
||||
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
|
||||
nativeBuildInputs = [
|
||||
buildPackages.installShellFiles
|
||||
] ++ lib.optionals allowDocBook [
|
||||
buildPackages.libxml2.bin
|
||||
buildPackages.libxslt.bin
|
||||
] ++ lib.optionals (! allowDocBook) [
|
||||
buildPackages.nixos-render-docs
|
||||
];
|
||||
allowedReferences = ["out"];
|
||||
}
|
||||
''
|
||||
# Generate manpages.
|
||||
mkdir -p $out/share/man
|
||||
xsltproc --nonet \
|
||||
--maxdepth 6000 \
|
||||
--param man.output.in.separate.dir 1 \
|
||||
--param man.output.base.dir "'$out/share/man/'" \
|
||||
--param man.endnotes.are.numbered 0 \
|
||||
--param man.break.after.slash 1 \
|
||||
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
|
||||
${manual-combined}/man-pages-combined.xml
|
||||
mkdir -p $out/share/man/man8
|
||||
installManPage ${./manpages}/*
|
||||
${if allowDocBook
|
||||
then ''
|
||||
xsltproc --nonet \
|
||||
--maxdepth 6000 \
|
||||
--param man.output.in.separate.dir 1 \
|
||||
--param man.output.base.dir "'$out/share/man/'" \
|
||||
--param man.endnotes.are.numbered 0 \
|
||||
--param man.break.after.slash 1 \
|
||||
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
|
||||
${manual-combined}/man-pages-combined.xml
|
||||
''
|
||||
else ''
|
||||
mkdir -p $out/share/man/man5
|
||||
nixos-render-docs options manpage \
|
||||
--revision ${lib.escapeShellArg revision} \
|
||||
${optionsJSON}/share/doc/nixos/options.json \
|
||||
$out/share/man/man5/configuration.nix.5
|
||||
''}
|
||||
'';
|
||||
|
||||
}
|
||||
|
|
|
@ -63,7 +63,8 @@ Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with db
|
|||
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
||||
</programlisting>
|
||||
<para>
|
||||
A log-out and re-log will be needed for this to take effect.
|
||||
It is necessary to log out and log in again for this to take
|
||||
effect.
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
||||
|
|
|
@ -116,8 +116,8 @@
|
|||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://dm3mat.darc.de/qdmr/">QDMR</link>, a
|
||||
gui application and command line tool for programming cheap
|
||||
DMR radios
|
||||
GUI application and command line tool for programming DMR
|
||||
radios
|
||||
<link linkend="opt-programs.qdmr.enable">programs.qdmr</link>
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -152,6 +152,15 @@
|
|||
are met, or not met.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/parvardegr/sharing">sharing</link>,
|
||||
a command-line tool to share directories and files from the
|
||||
CLI to iOS and Android devices without the need of an extra
|
||||
client app. Available as
|
||||
<link linkend="opt-programs.sharing.enable">programs.sharing</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-23.05-incompatibilities">
|
||||
|
@ -189,7 +198,22 @@
|
|||
<literal>doInstallCheck</literal> is set. (Note that this
|
||||
change will not cause breakage to derivations with
|
||||
<literal>strictDeps</literal> unset, which are most packages
|
||||
except python, rust and go packages).
|
||||
except python, rust, ocaml and go packages).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>buildDunePackage</literal> now defaults to
|
||||
<literal>strictDeps = true</literal> which means that any
|
||||
library should go into <literal>buildInputs</literal> or
|
||||
<literal>checkInputs</literal>. Any executable that is run on
|
||||
the building machine should go into
|
||||
<literal>nativeBuildInputs</literal> or
|
||||
<literal>nativeCheckInputs</literal> respectively. Example of
|
||||
executables are <literal>ocaml</literal>,
|
||||
<literal>findlib</literal> and <literal>menhir</literal>. PPXs
|
||||
are libraries which are built by dune and should therefore not
|
||||
go into <literal>nativeBuildInputs</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -397,6 +421,16 @@
|
|||
attribute name.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Nebula now runs as a system user and group created for each
|
||||
nebula network, using the <literal>CAP_NET_ADMIN</literal>
|
||||
ambient capability on launch rather than starting as root.
|
||||
Ensure that any files each Nebula instance needs to access are
|
||||
owned by the correct user and group, by default
|
||||
<literal>nebula-${networkName}</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
In <literal>mastodon</literal> it is now necessary to specify
|
||||
|
@ -488,19 +522,72 @@
|
|||
<para>
|
||||
A few openssh options have been moved from extraConfig to the
|
||||
new freeform option <literal>settings</literal> and renamed as
|
||||
follow:
|
||||
<literal>services.openssh.kbdInteractiveAuthentication</literal>
|
||||
to
|
||||
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>,
|
||||
<literal>services.openssh.passwordAuthentication</literal> to
|
||||
<literal>services.openssh.settings.PasswordAuthentication</literal>,
|
||||
<literal>services.openssh.useDns</literal> to
|
||||
<literal>services.openssh.settings.UseDns</literal>,
|
||||
<literal>services.openssh.permitRootLogin</literal> to
|
||||
<literal>services.openssh.settings.PermitRootLogin</literal>,
|
||||
<literal>services.openssh.logLevel</literal> to
|
||||
<literal>services.openssh.settings.LogLevel</literal>.
|
||||
follows:
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.forwardX11</literal> to
|
||||
<literal>services.openssh.settings.X11Forwarding</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.kbdInteractiveAuthentication</literal>
|
||||
->
|
||||
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.passwordAuthentication</literal>
|
||||
to
|
||||
<literal>services.openssh.settings.PasswordAuthentication</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.useDns</literal> to
|
||||
<literal>services.openssh.settings.UseDns</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.permitRootLogin</literal> to
|
||||
<literal>services.openssh.settings.PermitRootLogin</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.logLevel</literal> to
|
||||
<literal>services.openssh.settings.LogLevel</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.kexAlgorithms</literal> to
|
||||
<literal>services.openssh.settings.KexAlgorithms</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.macs</literal> to
|
||||
<literal>services.openssh.settings.Macs</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.ciphers</literal> to
|
||||
<literal>services.openssh.settings.Ciphers</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.openssh.gatewayPorts</literal> to
|
||||
<literal>services.openssh.settings.GatewayPorts</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
|
@ -675,6 +762,13 @@
|
|||
conversion.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Grafana Tempo has been updated to version 2.0. See the
|
||||
<link xlink:href="https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations">upstream
|
||||
upgrade guide</link> for migration instructions.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
A new <literal>virtualisation.rosetta</literal> module was
|
||||
|
@ -772,6 +866,18 @@
|
|||
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Nebula now supports the
|
||||
<literal>services.nebula.networks.<name>.isRelay</literal>
|
||||
and
|
||||
<literal>services.nebula.networks.<name>.relays</literal>
|
||||
configuration options for setting up or allowing traffic
|
||||
relaying. See the
|
||||
<link xlink:href="https://www.defined.net/blog/announcing-relay-support-in-nebula/">announcement</link>
|
||||
for more details about relays.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>hip</literal> has been separated into
|
||||
|
@ -808,6 +914,60 @@
|
|||
(<link linkend="opt-services.fwupd.daemonSettings"><literal>services.fwupd.daemonSettings</literal></link>).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>zramSwap</literal> is now implemented with
|
||||
<literal>zram-generator</literal>, and the option
|
||||
<literal>zramSwap.numDevices</literal> for using ZRAM devices
|
||||
as general purpose ephemeral block devices has been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
As Singularity has renamed to
|
||||
<link xlink:href="https://apptainer.org/news/community-announcement-20211130">Apptainer</link>
|
||||
to distinguish from
|
||||
<link xlink:href="https://sylabs.io/2021/05/singularity-community-edition">an
|
||||
un-renamed fork by Sylabs Inc.</link>, there are now two
|
||||
packages of Singularity/Apptainer:
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>apptainer</literal>: From
|
||||
<literal>github.com/apptainer/apptainer</literal>, which
|
||||
is the new repo after renaming.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>singularity</literal>: From
|
||||
<literal>github.com/sylabs/singularity</literal>, which is
|
||||
the fork by Sylabs Inc..
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para>
|
||||
<literal>programs.singularity</literal> got a new
|
||||
<literal>package</literal> option to specify which package to
|
||||
use.
|
||||
</para>
|
||||
<para>
|
||||
<literal>singularity-tools.buildImage</literal> got a new
|
||||
input argument <literal>singularity</literal> to specify which
|
||||
package to use.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The new option
|
||||
<literal>programs.singularity.enableFakeroot</literal>, if set
|
||||
to <literal>true</literal>, provides
|
||||
<literal>--fakeroot</literal> support for
|
||||
<literal>apptainer</literal> and
|
||||
<literal>singularity</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>unifi-poller</literal> package and corresponding
|
||||
|
@ -836,6 +996,12 @@
|
|||
<literal>libax25</literal> package.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>tvbrowser-bin</literal> was removed, and now
|
||||
<literal>tvbrowser</literal> is built from source.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>nixos-version</literal> now accepts
|
||||
|
@ -850,6 +1016,13 @@
|
|||
been fixed to allow more than one plugin in the path.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The option
|
||||
<literal>services.prometheus.exporters.pihole.interval</literal>
|
||||
does not exist anymore and has been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -1,138 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><command>nixos-build-vms</command>
|
||||
</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><command>nixos-build-vms</command></refname>
|
||||
<refpurpose>build a network of virtual machines from a network of NixOS configurations</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nixos-build-vms</command>
|
||||
<arg>
|
||||
<option>--show-trace</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--no-out-link</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--help</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--option</option>
|
||||
<replaceable>name</replaceable>
|
||||
<replaceable>value</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg choice="plain">
|
||||
<replaceable>network.nix</replaceable>
|
||||
</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
This command builds a network of QEMU-KVM virtual machines of a Nix
|
||||
expression specifying a network of NixOS machines. The virtual network can
|
||||
be started by executing the <filename>bin/run-vms</filename> shell script
|
||||
that is generated by this command. By default, a <filename>result</filename>
|
||||
symlink is produced that points to the generated virtual network.
|
||||
</para>
|
||||
<para>
|
||||
A network Nix expression has the following structure:
|
||||
<screen>
|
||||
{
|
||||
test1 = {pkgs, config, ...}:
|
||||
{
|
||||
services.openssh.enable = true;
|
||||
nixpkgs.localSystem.system = "i686-linux";
|
||||
deployment.targetHost = "test1.example.net";
|
||||
|
||||
# Other NixOS options
|
||||
};
|
||||
|
||||
test2 = {pkgs, config, ...}:
|
||||
{
|
||||
services.openssh.enable = true;
|
||||
services.httpd.enable = true;
|
||||
environment.systemPackages = [ pkgs.lynx ];
|
||||
nixpkgs.localSystem.system = "x86_64-linux";
|
||||
deployment.targetHost = "test2.example.net";
|
||||
|
||||
# Other NixOS options
|
||||
};
|
||||
}
|
||||
</screen>
|
||||
Each attribute in the expression represents a machine in the network (e.g.
|
||||
<varname>test1</varname> and <varname>test2</varname>) referring to a
|
||||
function defining a NixOS configuration. In each NixOS configuration, two
|
||||
attributes have a special meaning. The
|
||||
<varname>deployment.targetHost</varname> specifies the address (domain name
|
||||
or IP address) of the system which is used by <command>ssh</command> to
|
||||
perform remote deployment operations. The
|
||||
<varname>nixpkgs.localSystem.system</varname> attribute can be used to
|
||||
specify an architecture for the target machine, such as
|
||||
<varname>i686-linux</varname> which builds a 32-bit NixOS configuration.
|
||||
Omitting this property will build the configuration for the same
|
||||
architecture as the host system.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
This command accepts the following options:
|
||||
</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--show-trace</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Shows a trace of the output.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--no-out-link</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Do not create a 'result' symlink.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>-h</option>, <option>--help</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Shows the usage of this command to the user.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>Set the Nix configuration option
|
||||
<replaceable>name</replaceable> to <replaceable>value</replaceable>.
|
||||
This overrides settings in the Nix configuration file (see
|
||||
<citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsection>
|
||||
</refentry>
|
|
@ -1,154 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><command>nixos-enter</command>
|
||||
</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><command>nixos-enter</command></refname>
|
||||
<refpurpose>run a command in a NixOS chroot environment</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nixos-enter</command>
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--root</option>
|
||||
</arg>
|
||||
<replaceable>root</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--system</option>
|
||||
</arg>
|
||||
<replaceable>system</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>-c</option>
|
||||
</arg>
|
||||
<replaceable>shell-command</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--silent</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--help</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--</option>
|
||||
</arg>
|
||||
<replaceable>arguments</replaceable>
|
||||
</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
This command runs a command in a NixOS chroot environment, that is, in a
|
||||
filesystem hierarchy previously prepared using
|
||||
<command>nixos-install</command>.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
This command accepts the following options:
|
||||
</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--root</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The path to the NixOS system you want to enter. It defaults to
|
||||
<filename>/mnt</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--system</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The NixOS system configuration to use. It defaults to
|
||||
<filename>/nix/var/nix/profiles/system</filename>. You can enter a
|
||||
previous NixOS configuration by specifying a path such as
|
||||
<filename>/nix/var/nix/profiles/system-106-link</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--command</option>
|
||||
</term>
|
||||
<term>
|
||||
<option>-c</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The bash command to execute.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--silent</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Suppresses all output from the activation script of the target system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Interpret the remaining arguments as the program name and arguments to be
|
||||
invoked. The program is not executed in a shell.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Examples</title>
|
||||
<para>
|
||||
Start an interactive shell in the NixOS installation in
|
||||
<filename>/mnt</filename>:
|
||||
</para>
|
||||
<screen>
|
||||
<prompt># </prompt>nixos-enter --root /mnt
|
||||
</screen>
|
||||
<para>
|
||||
Run a shell command:
|
||||
</para>
|
||||
<screen>
|
||||
<prompt># </prompt>nixos-enter -c 'ls -l /; cat /proc/mounts'
|
||||
</screen>
|
||||
<para>
|
||||
Run a non-shell command:
|
||||
</para>
|
||||
<screen>
|
||||
# nixos-enter -- cat /proc/mounts
|
||||
</screen>
|
||||
</refsection>
|
||||
</refentry>
|
|
@ -1,214 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><command>nixos-generate-config</command>
|
||||
</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><command>nixos-generate-config</command></refname>
|
||||
<refpurpose>generate NixOS configuration modules</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nixos-generate-config</command>
|
||||
<arg>
|
||||
<option>--force</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--root</option>
|
||||
</arg>
|
||||
<replaceable>root</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--dir</option>
|
||||
</arg>
|
||||
<replaceable>dir</replaceable>
|
||||
</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
This command writes two NixOS configuration modules:
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>/etc/nixos/hardware-configuration.nix</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This module sets NixOS configuration options based on your current
|
||||
hardware configuration. In particular, it sets the
|
||||
<option>fileSystem</option> option to reflect all currently mounted file
|
||||
systems, the <option>swapDevices</option> option to reflect active swap
|
||||
devices, and the <option>boot.initrd.*</option> options to ensure that
|
||||
the initial ramdisk contains any kernel modules necessary for mounting
|
||||
the root file system.
|
||||
</para>
|
||||
<para>
|
||||
If this file already exists, it is overwritten. Thus, you should not
|
||||
modify it manually. Rather, you should include it from your
|
||||
<filename>/etc/nixos/configuration.nix</filename>, and re-run
|
||||
<command>nixos-generate-config</command> to update it whenever your
|
||||
hardware configuration changes.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>/etc/nixos/configuration.nix</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the main NixOS system configuration module. If it already
|
||||
exists, it’s left unchanged. Otherwise,
|
||||
<command>nixos-generate-config</command> will write a template for you
|
||||
to customise.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
This command accepts the following options:
|
||||
</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--root</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If this option is given, treat the directory
|
||||
<replaceable>root</replaceable> as the root of the file system. This
|
||||
means that configuration files will be written to
|
||||
<filename><replaceable>root</replaceable>/etc/nixos</filename>, and that
|
||||
any file systems outside of <replaceable>root</replaceable> are ignored
|
||||
for the purpose of generating the <option>fileSystems</option> option.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--dir</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If this option is given, write the configuration files to the directory
|
||||
<replaceable>dir</replaceable> instead of
|
||||
<filename>/etc/nixos</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--force</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Overwrite <filename>/etc/nixos/configuration.nix</filename> if it already
|
||||
exists.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--no-filesystems</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Omit everything concerning file systems and swap devices from the
|
||||
hardware configuration.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--show-hardware-config</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Don't generate <filename>configuration.nix</filename> or
|
||||
<filename>hardware-configuration.nix</filename> and print the hardware
|
||||
configuration to stdout only.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Examples</title>
|
||||
<para>
|
||||
This command is typically used during NixOS installation to write initial
|
||||
configuration modules. For example, if you created and mounted the target
|
||||
file systems on <filename>/mnt</filename> and
|
||||
<filename>/mnt/boot</filename>, you would run:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nixos-generate-config --root /mnt
|
||||
</screen>
|
||||
The resulting file
|
||||
<filename>/mnt/etc/nixos/hardware-configuration.nix</filename> might look
|
||||
like this:
|
||||
<programlisting>
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext3";
|
||||
options = [ "rw" "data=ordered" "relatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/sda1";
|
||||
fsType = "ext3";
|
||||
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/sda2"; }
|
||||
];
|
||||
|
||||
nix.maxJobs = 8;
|
||||
}
|
||||
</programlisting>
|
||||
It will also create a basic
|
||||
<filename>/mnt/etc/nixos/configuration.nix</filename>, which you should edit
|
||||
to customise the logical configuration of your system. This file includes
|
||||
the result of the hardware scan as follows:
|
||||
<programlisting>
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
After installation, if your hardware configuration changes, you can run:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nixos-generate-config
|
||||
</screen>
|
||||
to update <filename>/etc/nixos/hardware-configuration.nix</filename>. Your
|
||||
<filename>/etc/nixos/configuration.nix</filename> will
|
||||
<emphasis>not</emphasis> be overwritten.
|
||||
</para>
|
||||
</refsection>
|
||||
</refentry>
|
|
@ -1,357 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><command>nixos-install</command>
|
||||
</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><command>nixos-install</command></refname>
|
||||
<refpurpose>install bootloader and NixOS</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nixos-install</command>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'>
|
||||
<option>--verbose</option>
|
||||
</arg>
|
||||
<arg choice='plain'>
|
||||
<option>-v</option>
|
||||
</arg>
|
||||
</group>
|
||||
</arg>
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>-I</option>
|
||||
</arg>
|
||||
<replaceable>path</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--root</option>
|
||||
</arg>
|
||||
<replaceable>root</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--system</option>
|
||||
</arg>
|
||||
<replaceable>path</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--flake</option> <replaceable>flake-uri</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--impure</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--channel</option>
|
||||
</arg>
|
||||
<replaceable>channel</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--no-channel-copy</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'>
|
||||
<option>--no-root-password</option>
|
||||
</arg>
|
||||
<arg choice='plain'>
|
||||
<option>--no-root-passwd</option>
|
||||
</arg>
|
||||
</group>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--no-bootloader</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'>
|
||||
<option>--max-jobs</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>-j</option>
|
||||
</arg>
|
||||
</group> <replaceable>number</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--cores</option> <replaceable>number</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--show-trace</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--keep-going</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--help</option>
|
||||
</arg>
|
||||
</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
This command installs NixOS in the file system mounted on
|
||||
<filename>/mnt</filename>, based on the NixOS configuration specified in
|
||||
<filename>/mnt/etc/nixos/configuration.nix</filename>. It performs the
|
||||
following steps:
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
It copies Nix and its dependencies to
|
||||
<filename>/mnt/nix/store</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
It runs Nix in <filename>/mnt</filename> to build the NixOS configuration
|
||||
specified in <filename>/mnt/etc/nixos/configuration.nix</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
It installs the current channel <quote>nixos</quote> in the target channel
|
||||
profile (unless <option>--no-channel-copy</option> is specified).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
It installs the GRUB boot loader on the device specified in the option
|
||||
<option>boot.loader.grub.device</option> (unless
|
||||
<option>--no-bootloader</option> is specified), and generates a GRUB
|
||||
configuration file that boots into the NixOS configuration just
|
||||
installed.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
It prompts you for a password for the root account (unless
|
||||
<option>--no-root-password</option> is specified).
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
<para>
|
||||
This command is idempotent: if it is interrupted or fails due to a temporary
|
||||
problem (e.g. a network issue), you can safely re-run it.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
This command accepts the following options:
|
||||
</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--verbose</option> / <option>-v</option></term>
|
||||
<listitem>
|
||||
<para>Increases the level of verbosity of diagnostic messages
|
||||
printed on standard error. For each Nix operation, the information
|
||||
printed on standard output is well-defined; any diagnostic
|
||||
information is printed on standard error, never on standard
|
||||
output.</para>
|
||||
<para>Please note that this option may be specified repeatedly.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--root</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Defaults to <filename>/mnt</filename>. If this option is given, treat the
|
||||
directory <replaceable>root</replaceable> as the root of the NixOS
|
||||
installation.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--system</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If this option is provided, <command>nixos-install</command> will install
|
||||
the specified closure rather than attempt to build one from
|
||||
<filename>/mnt/etc/nixos/configuration.nix</filename>.
|
||||
</para>
|
||||
<para>
|
||||
The closure must be an appropriately configured NixOS system, with boot
|
||||
loader and partition configuration that fits the target host. Such a
|
||||
closure is typically obtained with a command such as <command>nix-build
|
||||
-I nixos-config=./configuration.nix '<nixpkgs/nixos>' -A system
|
||||
--no-out-link</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--flake</option> <replaceable>flake-uri</replaceable>#<replaceable>name</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build the NixOS system from the specified flake.
|
||||
The flake must contain an output named
|
||||
<literal>nixosConfigurations.<replaceable>name</replaceable></literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--channel</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If this option is provided, do not copy the current
|
||||
<quote>nixos</quote> channel to the target host. Instead, use the
|
||||
specified derivation.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>-I</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Add a path to the Nix expression search path. This option may be given
|
||||
multiple times. See the NIX_PATH environment variable for information on
|
||||
the semantics of the Nix search path. Paths added through
|
||||
<replaceable>-I</replaceable> take precedence over NIX_PATH.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--max-jobs</option>
|
||||
</term>
|
||||
<term>
|
||||
<option>-j</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Sets the maximum number of build jobs that Nix will perform in parallel
|
||||
to the specified number. The default is <literal>1</literal>. A higher
|
||||
value is useful on SMP systems or to exploit I/O latency.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--cores</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Sets the value of the <envar>NIX_BUILD_CORES</envar> environment variable
|
||||
in the invocation of builders. Builders can use this variable at their
|
||||
discretion to control the maximum amount of parallelism. For instance, in
|
||||
Nixpkgs, if the derivation attribute
|
||||
<varname>enableParallelBuilding</varname> is set to
|
||||
<literal>true</literal>, the builder passes the
|
||||
<option>-j<replaceable>N</replaceable></option> flag to GNU Make. The
|
||||
value <literal>0</literal> means that the builder should use all
|
||||
available CPU cores in the system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the Nix configuration option <replaceable>name</replaceable> to
|
||||
<replaceable>value</replaceable>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--show-trace</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Causes Nix to print out a stack trace in case of Nix expression
|
||||
evaluation errors.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--keep-going</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Causes Nix to continue building derivations as far as possible
|
||||
in the face of failed builds.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--help</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Synonym for <command>man nixos-install</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Examples</title>
|
||||
<para>
|
||||
A typical NixOS installation is done by creating and mounting a file system
|
||||
on <filename>/mnt</filename>, generating a NixOS configuration in
|
||||
<filename>/mnt/etc/nixos/configuration.nix</filename>, and running
|
||||
<command>nixos-install</command>. For instance, if we want to install NixOS
|
||||
on an <literal>ext4</literal> file system created in
|
||||
<filename>/dev/sda1</filename>:
|
||||
<screen>
|
||||
<prompt>$ </prompt>mkfs.ext4 /dev/sda1
|
||||
<prompt>$ </prompt>mount /dev/sda1 /mnt
|
||||
<prompt>$ </prompt>nixos-generate-config --root /mnt
|
||||
<prompt>$ </prompt># edit /mnt/etc/nixos/configuration.nix
|
||||
<prompt>$ </prompt>nixos-install
|
||||
<prompt>$ </prompt>reboot
|
||||
</screen>
|
||||
</para>
|
||||
</refsection>
|
||||
</refentry>
|
|
@ -1,134 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><command>nixos-option</command>
|
||||
</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><command>nixos-option</command></refname>
|
||||
<refpurpose>inspect a NixOS configuration</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nixos-option</command>
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>-r</option></arg>
|
||||
<arg choice='plain'><option>--recursive</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>-I</option> <replaceable>path</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<replaceable>option.name</replaceable>
|
||||
</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
This command evaluates the configuration specified in
|
||||
<filename>/etc/nixos/configuration.nix</filename> and returns the properties
|
||||
of the option name given as argument.
|
||||
</para>
|
||||
<para>
|
||||
When the option name is not an option, the command prints the list of
|
||||
attributes contained in the attribute set.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
This command accepts the following options:
|
||||
</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>-r</option></term>
|
||||
<term><option>--recursive</option></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Print all the values at or below the specified path recursively.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>-I</option> <replaceable>path</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This option is passed to the underlying
|
||||
<command>nix-instantiate</command> invocation.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Environment</title>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<envar>NIXOS_CONFIG</envar>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Path to the main NixOS configuration module. Defaults to
|
||||
<filename>/etc/nixos/configuration.nix</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Examples</title>
|
||||
<para>
|
||||
Investigate option values:
|
||||
<screen><prompt>$ </prompt>nixos-option boot.loader
|
||||
This attribute set contains:
|
||||
generationsDir
|
||||
grub
|
||||
initScript
|
||||
|
||||
<prompt>$ </prompt>nixos-option boot.loader.grub.enable
|
||||
Value:
|
||||
true
|
||||
|
||||
Default:
|
||||
true
|
||||
|
||||
Description:
|
||||
Whether to enable the GNU GRUB boot loader.
|
||||
|
||||
Declared by:
|
||||
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
||||
|
||||
Defined by:
|
||||
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
||||
</screen>
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Bugs</title>
|
||||
<para>
|
||||
The author listed in the following section is wrong. If there is any other
|
||||
bug, please report to Nicolas Pierron.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>configuration.nix</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
</para>
|
||||
</refsection>
|
||||
</refentry>
|
|
@ -1,781 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><command>nixos-rebuild</command>
|
||||
</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname><command>nixos-rebuild</command></refname>
|
||||
<refpurpose>reconfigure a NixOS machine</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nixos-rebuild</command><group choice='req'>
|
||||
<arg choice='plain'>
|
||||
<option>switch</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>boot</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>test</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>build</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>dry-build</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>dry-activate</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>edit</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>build-vm</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>build-vm-with-bootloader</option>
|
||||
</arg>
|
||||
</group>
|
||||
<sbr />
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'>
|
||||
<option>--upgrade</option>
|
||||
</arg>
|
||||
<arg choice='plain'>
|
||||
<option>--upgrade-all</option>
|
||||
</arg>
|
||||
</group>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--install-bootloader</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--no-build-nix</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--fast</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--rollback</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--builders</option> <replaceable>builder-spec</replaceable>
|
||||
</arg>
|
||||
|
||||
<sbr/>
|
||||
|
||||
<arg>
|
||||
<option>--flake</option> <replaceable>flake-uri</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--no-flake</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--override-input</option> <replaceable>input-name</replaceable> <replaceable>flake-uri</replaceable>
|
||||
</arg>
|
||||
|
||||
<sbr />
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'>
|
||||
<option>--profile-name</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>-p</option>
|
||||
</arg>
|
||||
</group> <replaceable>name</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'>
|
||||
<option>--specialisation</option>
|
||||
</arg>
|
||||
|
||||
<arg choice='plain'>
|
||||
<option>-c</option>
|
||||
</arg>
|
||||
</group> <replaceable>name</replaceable>
|
||||
</arg>
|
||||
|
||||
<sbr />
|
||||
|
||||
<arg>
|
||||
<option>--build-host</option> <replaceable>host</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--target-host</option> <replaceable>host</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--use-remote-sudo</option>
|
||||
</arg>
|
||||
|
||||
<sbr />
|
||||
|
||||
<arg>
|
||||
<option>--show-trace</option>
|
||||
</arg>
|
||||
<arg>
|
||||
<option>-I</option>
|
||||
<replaceable>NIX_PATH</replaceable>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--verbose</option></arg>
|
||||
<arg choice='plain'><option>-v</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--impure</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--max-jobs</option></arg>
|
||||
<arg choice='plain'><option>-j</option></arg>
|
||||
</group>
|
||||
<replaceable>number</replaceable>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--keep-failed</option></arg>
|
||||
<arg choice='plain'><option>-K</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--keep-going</option></arg>
|
||||
<arg choice='plain'><option>-k</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
|
||||
<para>
|
||||
This command updates the system so that it corresponds to the
|
||||
configuration specified in
|
||||
<filename>/etc/nixos/configuration.nix</filename> or
|
||||
<filename>/etc/nixos/flake.nix</filename>. Thus, every time you
|
||||
modify the configuration or any other NixOS module, you must run
|
||||
<command>nixos-rebuild</command> to make the changes take
|
||||
effect. It builds the new system in
|
||||
<filename>/nix/store</filename>, runs its activation script, and
|
||||
stop and (re)starts any system services if needed. Please note that
|
||||
user services need to be started manually as they aren't detected
|
||||
by the activation script at the moment.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This command has one required argument, which specifies the desired
|
||||
operation. It must be one of the following:
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>switch</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build and activate the new configuration, and make it the boot default.
|
||||
That is, the configuration is added to the GRUB boot menu as the default
|
||||
menu entry, so that subsequent reboots will boot the system into the new
|
||||
configuration. Previous configurations activated with
|
||||
<command>nixos-rebuild switch</command> or <command>nixos-rebuild
|
||||
boot</command> remain available in the GRUB menu.
|
||||
</para>
|
||||
<para>
|
||||
Note that if you are using specializations, running just
|
||||
<command>nixos-rebuild switch</command> will switch you back to the
|
||||
unspecialized, base system - in that case, you might want to use this
|
||||
instead:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nixos-rebuild switch --specialisation your-specialisation-name
|
||||
</screen>
|
||||
This command will build all specialisations and make them bootable just
|
||||
like regular <command>nixos-rebuild switch</command> does - the only
|
||||
thing different is that it will switch to given specialisation instead
|
||||
of the base system; it can be also used to switch from the base system
|
||||
into a specialised one, or to switch between specialisations.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>boot</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build the new configuration and make it the boot default (as with
|
||||
<command>nixos-rebuild switch</command>), but do not activate it. That
|
||||
is, the system continues to run the previous configuration until the
|
||||
next reboot.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>test</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build and activate the new configuration, but do not add it to the GRUB
|
||||
boot menu. Thus, if you reboot the system (or if it crashes), you will
|
||||
automatically revert to the default configuration (i.e. the
|
||||
configuration resulting from the last call to <command>nixos-rebuild
|
||||
switch</command> or <command>nixos-rebuild boot</command>).
|
||||
</para>
|
||||
<para>
|
||||
Note that if you are using specialisations, running just
|
||||
<command>nixos-rebuild test</command> will activate the unspecialised,
|
||||
base system - in that case, you might want to use this instead:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nixos-rebuild test --specialisation your-specialisation-name
|
||||
</screen>
|
||||
This command can be also used to switch from the base system into a
|
||||
specialised one, or to switch between specialisations.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>build</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build the new configuration, but neither activate it nor add it to the
|
||||
GRUB boot menu. It leaves a symlink named <filename>result</filename> in
|
||||
the current directory, which points to the output of the top-level
|
||||
“system” derivation. This is essentially the same as doing
|
||||
<screen>
|
||||
<prompt>$ </prompt>nix-build /path/to/nixpkgs/nixos -A system
|
||||
</screen>
|
||||
Note that you do not need to be <literal>root</literal> to run
|
||||
<command>nixos-rebuild build</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>dry-build</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Show what store paths would be built or downloaded by any of the
|
||||
operations above, but otherwise do nothing.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>dry-activate</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build the new configuration, but instead of activating it, show what
|
||||
changes would be performed by the activation (i.e. by
|
||||
<command>nixos-rebuild test</command>). For instance, this command will
|
||||
print which systemd units would be restarted. The list of changes is not
|
||||
guaranteed to be complete.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>edit</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Opens <filename>configuration.nix</filename> in the default editor.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>build-vm</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build a script that starts a NixOS virtual machine with the desired
|
||||
configuration. It leaves a symlink <filename>result</filename> in the
|
||||
current directory that points (under
|
||||
<filename>result/bin/run-<replaceable>hostname</replaceable>-vm</filename>)
|
||||
at the script that starts the VM. Thus, to test a NixOS configuration in
|
||||
a virtual machine, you should do the following:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nixos-rebuild build-vm
|
||||
<prompt>$ </prompt>./result/bin/run-*-vm
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The VM is implemented using the <literal>qemu</literal> package. For
|
||||
best performance, you should load the <literal>kvm-intel</literal> or
|
||||
<literal>kvm-amd</literal> kernel modules to get hardware
|
||||
virtualisation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The VM mounts the Nix store of the host through the 9P file system. The
|
||||
host Nix store is read-only, so Nix commands that modify the Nix store
|
||||
will not work in the VM. This includes commands such as
|
||||
<command>nixos-rebuild</command>; to change the VM’s configuration,
|
||||
you must halt the VM and re-run the commands above.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The VM has its own <literal>ext3</literal> root file system, which is
|
||||
automatically created when the VM is first started, and is persistent
|
||||
across reboots of the VM. It is stored in
|
||||
<literal>./<replaceable>hostname</replaceable>.qcow2</literal>.
|
||||
<!-- The entire file system hierarchy of the host is available in
|
||||
the VM under <filename>/hostfs</filename>.-->
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>build-vm-with-bootloader</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Like <option>build-vm</option>, but boots using the regular boot loader
|
||||
of your configuration (e.g., GRUB 1 or 2), rather than booting directly
|
||||
into the kernel and initial ramdisk of the system. This allows you to
|
||||
test whether the boot loader works correctly. However, it does not
|
||||
guarantee that your NixOS configuration will boot successfully on the
|
||||
host hardware (i.e., after running <command>nixos-rebuild
|
||||
switch</command>), because the hardware and boot loader configuration in
|
||||
the VM are different. The boot loader is installed on an automatically
|
||||
generated virtual disk containing a <filename>/boot</filename>
|
||||
partition.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
This command accepts the following options:
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--upgrade</option>
|
||||
</term>
|
||||
<term>
|
||||
<option>--upgrade-all</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Update the root user's channel named <literal>nixos</literal>
|
||||
before rebuilding the system.
|
||||
</para>
|
||||
<para>
|
||||
In addition to the <literal>nixos</literal> channel, the root
|
||||
user's channels which have a file named
|
||||
<literal>.update-on-nixos-rebuild</literal> in their base
|
||||
directory will also be updated.
|
||||
</para>
|
||||
<para>
|
||||
Passing <option>--upgrade-all</option> updates all of the root
|
||||
user's channels.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--install-bootloader</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Causes the boot loader to be (re)installed on the device specified by the
|
||||
relevant configuration options.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--no-build-nix</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Normally, <command>nixos-rebuild</command> first builds the
|
||||
<varname>nixUnstable</varname> attribute in Nixpkgs, and uses the
|
||||
resulting instance of the Nix package manager to build the new system
|
||||
configuration. This is necessary if the NixOS modules use features not
|
||||
provided by the currently installed version of Nix. This option disables
|
||||
building a new Nix.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--fast</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Equivalent to <option>--no-build-nix</option>. This option is
|
||||
useful if you call <command>nixos-rebuild</command> frequently
|
||||
(e.g. if you’re hacking on a NixOS module).
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--rollback</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Instead of building a new configuration as specified by
|
||||
<filename>/etc/nixos/configuration.nix</filename>, roll back to the
|
||||
previous configuration. (The previous configuration is defined as the one
|
||||
before the “current” generation of the Nix profile
|
||||
<filename>/nix/var/nix/profiles/system</filename>.)
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--builders</option> <replaceable>builder-spec</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Allow ad-hoc remote builders for building the new system. This requires
|
||||
the user executing <command>nixos-rebuild</command> (usually root) to be
|
||||
configured as a trusted user in the Nix daemon. This can be achieved by
|
||||
using the <literal>nix.settings.trusted-users</literal> NixOS option. Examples
|
||||
values for that option are described in the <literal>Remote builds
|
||||
chapter</literal> in the Nix manual, (i.e. <command>--builders
|
||||
"ssh://bigbrother x86_64-linux"</command>). By specifying an empty string
|
||||
existing builders specified in <filename>/etc/nix/machines</filename> can
|
||||
be ignored: <command>--builders ""</command> for example when they are
|
||||
not reachable due to network connectivity.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--profile-name</option>
|
||||
</term>
|
||||
<term>
|
||||
<option>-p</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Instead of using the Nix profile
|
||||
<filename>/nix/var/nix/profiles/system</filename> to keep track of the
|
||||
current and previous system configurations, use
|
||||
<filename>/nix/var/nix/profiles/system-profiles/<replaceable>name</replaceable></filename>.
|
||||
When you use GRUB 2, for every system profile created with this flag,
|
||||
NixOS will create a submenu named “NixOS - Profile
|
||||
'<replaceable>name</replaceable>'” in GRUB’s boot menu, containing
|
||||
the current and previous configurations of this profile.
|
||||
</para>
|
||||
<para>
|
||||
For instance, if you want to test a configuration file named
|
||||
<filename>test.nix</filename> without affecting the default system
|
||||
profile, you would do:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nixos-rebuild switch -p test -I nixos-config=./test.nix
|
||||
</screen>
|
||||
The new configuration will appear in the GRUB 2 submenu “NixOS -
|
||||
Profile 'test'”.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--specialisation</option>
|
||||
</term>
|
||||
<term>
|
||||
<option>-c</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Activates given specialisation; when not specified, switching and testing
|
||||
will activate the base, unspecialised system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--build-host</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Instead of building the new configuration locally, use the specified host
|
||||
to perform the build. The host needs to be accessible with ssh, and must
|
||||
be able to perform Nix builds. If the option
|
||||
<option>--target-host</option> is not set, the build will be copied back
|
||||
to the local machine when done.
|
||||
</para>
|
||||
<para>
|
||||
Note that, if <option>--no-build-nix</option> is not specified, Nix will
|
||||
be built both locally and remotely. This is because the configuration
|
||||
will always be evaluated locally even though the building might be
|
||||
performed remotely.
|
||||
</para>
|
||||
<para>
|
||||
You can include a remote user name in the host name
|
||||
(<replaceable>user@host</replaceable>). You can also set ssh options by
|
||||
defining the <envar>NIX_SSHOPTS</envar> environment variable.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--target-host</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the NixOS target host. By setting this to something other than
|
||||
an empty string, the system activation will happen
|
||||
on the remote host instead of the local machine. The remote host needs to
|
||||
be accessible over ssh, and for the commands <option>switch</option>,
|
||||
<option>boot</option> and <option>test</option> you need root access.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If <option>--build-host</option> is not explicitly specified or empty,
|
||||
building will take place locally.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You can include a remote user name in the host name
|
||||
(<replaceable>user@host</replaceable>). You can also set ssh options by
|
||||
defining the <envar>NIX_SSHOPTS</envar> environment variable.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Note that <command>nixos-rebuild</command> honors the
|
||||
<literal>nixpkgs.crossSystem</literal> setting of the given configuration
|
||||
but disregards the true architecture of the target host. Hence the
|
||||
<literal>nixpkgs.crossSystem</literal> setting has to match the target
|
||||
platform or else activation will fail.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--use-substitutes</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
When set, nixos-rebuild will add <option>--use-substitutes</option>
|
||||
to each invocation of nix-copy-closure. This will only affect the
|
||||
behavior of nixos-rebuild if <option>--target-host</option> or
|
||||
<option>--build-host</option> is also set. This is useful when
|
||||
the target-host connection to cache.nixos.org is faster than the
|
||||
connection between hosts.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--use-remote-sudo</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
When set, nixos-rebuild prefixes remote commands that run on
|
||||
the <option>--build-host</option> and <option>--target-host</option>
|
||||
systems with <command>sudo</command>. Setting this option allows
|
||||
deploying as a non-root user.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--flake</option> <replaceable>flake-uri</replaceable><optional>#<replaceable>name</replaceable></optional>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Build the NixOS system from the specified flake. It defaults to
|
||||
the directory containing the target of the symlink
|
||||
<filename>/etc/nixos/flake.nix</filename>, if it exists. The
|
||||
flake must contain an output named
|
||||
<literal>nixosConfigurations.<replaceable>name</replaceable></literal>. If
|
||||
<replaceable>name</replaceable> is omitted, it default to the
|
||||
current host name.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--no-flake</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Do not imply <option>--flake</option> if
|
||||
<filename>/etc/nixos/flake.nix</filename> exists. With this
|
||||
option, it is possible to build non-flake NixOS configurations
|
||||
even if the current NixOS systems uses flakes.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
In addition, <command>nixos-rebuild</command> accepts various Nix-related
|
||||
flags, including <option>--max-jobs</option> / <option>-j</option>, <option>-I</option>,
|
||||
<option>--show-trace</option>, <option>--keep-failed</option>,
|
||||
<option>--keep-going</option>, <option>--impure</option>, and <option>--verbose</option> /
|
||||
<option>-v</option>. See the Nix manual for details.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Environment</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<envar>NIXOS_CONFIG</envar>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Path to the main NixOS configuration module. Defaults to
|
||||
<filename>/etc/nixos/configuration.nix</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<envar>NIX_PATH</envar>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
A colon-separated list of directories used to look up Nix expressions enclosed in angle brackets (e.g <nixpkgs>). Example
|
||||
<screen>
|
||||
nixpkgs=./my-nixpkgs
|
||||
</screen>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<envar>NIX_SSHOPTS</envar>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Additional options to be passed to <command>ssh</command> on the command
|
||||
line.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<filename>/etc/nixos/flake.nix</filename>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If this file exists, then <command>nixos-rebuild</command> will
|
||||
use it as if the <option>--flake</option> option was given. This
|
||||
file may be a symlink to a <filename>flake.nix</filename> in an
|
||||
actual flake; thus <filename>/etc/nixos</filename> need not be a
|
||||
flake.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<filename>/run/current-system</filename>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
A symlink to the currently active system configuration in the Nix store.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<filename>/nix/var/nix/profiles/system</filename>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The Nix profile that contains the current and previous system
|
||||
configurations. Used to generate the GRUB boot menu.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Bugs</title>
|
||||
<para>
|
||||
This command should be renamed to something more descriptive.
|
||||
</para>
|
||||
</refsection>
|
||||
</refentry>
|
|
@ -1,158 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><command>nixos-version</command>
|
||||
</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><command>nixos-version</command></refname>
|
||||
<refpurpose>show the NixOS version</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nixos-version</command>
|
||||
<arg>
|
||||
<option>--hash</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--revision</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--configuration-revision</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--json</option>
|
||||
</arg>
|
||||
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
This command shows the version of the currently active NixOS configuration.
|
||||
For example:
|
||||
<screen><prompt>$ </prompt>nixos-version
|
||||
16.03.1011.6317da4 (Emu)
|
||||
</screen>
|
||||
The version consists of the following elements:
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<literal>16.03</literal>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The NixOS release, indicating the year and month in which it was
|
||||
released (e.g. March 2016).
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<literal>1011</literal>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The number of commits in the Nixpkgs Git repository between the start of
|
||||
the release branch and the commit from which this version was built.
|
||||
This ensures that NixOS versions are monotonically increasing. It is
|
||||
<literal>git</literal> when the current NixOS configuration was built
|
||||
from a checkout of the Nixpkgs Git repository rather than from a NixOS
|
||||
channel.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<literal>6317da4</literal>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The first 7 characters of the commit in the Nixpkgs Git repository from
|
||||
which this version was built.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<literal>Emu</literal>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The code name of the NixOS release. The first letter of the code name
|
||||
indicates that this is the N'th stable NixOS release; for example, Emu
|
||||
is the fifth release.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
|
||||
<para>
|
||||
This command accepts the following options:
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--hash</option>
|
||||
</term>
|
||||
<term>
|
||||
<option>--revision</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Show the full SHA1 hash of the Git commit from which this configuration
|
||||
was built, e.g.
|
||||
<screen><prompt>$ </prompt>nixos-version --hash
|
||||
6317da40006f6bc2480c6781999c52d88dde2acf
|
||||
</screen>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--configuration-revision</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Show the configuration revision if available. This could be the full SHA1
|
||||
hash of the Git commit of the system flake, if you add
|
||||
<screen>{ system.configurationRevision = self.rev or "dirty"; }</screen>
|
||||
to the <screen>modules</screen> array of your flake.nix system configuration e.g.
|
||||
<screen><prompt>$ </prompt>nixos-version --configuration-revision
|
||||
aa314ebd1592f6cdd53cb5bba8bcae97d9323de8
|
||||
</screen>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--json</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Print a JSON representation of the versions of NixOS and the
|
||||
top-level configuration flake.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</refsection>
|
||||
|
||||
</refentry>
|
|
@ -15,11 +15,4 @@
|
|||
</copyright>
|
||||
</info>
|
||||
<xi:include href="man-configuration.xml" />
|
||||
<xi:include href="man-nixos-build-vms.xml" />
|
||||
<xi:include href="man-nixos-generate-config.xml" />
|
||||
<xi:include href="man-nixos-install.xml" />
|
||||
<xi:include href="man-nixos-enter.xml" />
|
||||
<xi:include href="man-nixos-option.xml" />
|
||||
<xi:include href="man-nixos-rebuild.xml" />
|
||||
<xi:include href="man-nixos-version.xml" />
|
||||
</reference>
|
||||
|
|
57
third_party/nixpkgs/nixos/doc/manual/manpages/README.md
vendored
Normal file
57
third_party/nixpkgs/nixos/doc/manual/manpages/README.md
vendored
Normal file
|
@ -0,0 +1,57 @@
|
|||
# NixOS manpages
|
||||
|
||||
This is the collection of NixOS manpages, excluding `configuration.nix(5)`.
|
||||
|
||||
Man pages are written in [`mdoc(7)` format](https://mandoc.bsd.lv/man/mdoc.7.html) and should be portable between mandoc and groff for rendering (though minor differences may occur, mandoc and groff seem to have slightly different spacing rules.)
|
||||
|
||||
For previewing edited files, you can just run `man -l path/to/file.8` and you will see it rendered.
|
||||
|
||||
Being written in `mdoc` these manpages use semantic markup. This file provides a guideline on where to apply which of the semantic elements of `mdoc`.
|
||||
|
||||
### Command lines and arguments
|
||||
|
||||
In any manpage, commands, flags and arguments to the *current* executable should be marked according to their semantics. Commands, flags and arguments passed to *other* executables should not be marked like this and should instead be considered as code examples and marked with `Ql`.
|
||||
|
||||
- Use `Fl` to mark flag arguments, `Ar` for their arguments.
|
||||
- Repeating arguments should be marked by adding ellipses (`...`).
|
||||
- Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`.
|
||||
- Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments.
|
||||
- Required flags or arguments should not be marked.
|
||||
- Mutually exclusive groups of arguments should be enclosed in curly brackets, preferrably created with `Bro`/`Brc` blocks.
|
||||
|
||||
When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly:
|
||||
```
|
||||
This will run
|
||||
.Ic ssh Ar name Ic time
|
||||
to retrieve the remote time.
|
||||
```
|
||||
|
||||
### Paths, NixOS options, environment variables
|
||||
|
||||
Constant paths should be marked with `Pa`, NixOS options with `Va`, and environment variables with `Ev`.
|
||||
|
||||
Generated paths, e.g. `result/bin/run-hostname-vm` (where `hostname` is a variable or arguments) should be marked as `Ql` inline literals with their variable components marked appropriately.
|
||||
|
||||
- Taking `hostname` from an argument become `.Ql result/bin/run- Ns Ar hostname Ns -vm`
|
||||
- Taking `hostname` from a variable otherwise defined becomes `.Ql result/bin/run- Ns Va hostname Ns -vm`
|
||||
|
||||
### Code examples and other commands
|
||||
|
||||
In free text names and complete invocations of other commands (e.g. `ssh` or `tar -xvf src.tar`) should be marked with `Ic`, fragments of command lines should be marked with `Ql`.
|
||||
|
||||
Larger code blocks or those that cannot be shown inline should use indented literal display block markup for their contents, i.e.
|
||||
```
|
||||
.Bd -literal -offset indent
|
||||
...
|
||||
.Ed
|
||||
```
|
||||
Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be subsituted into them:
|
||||
```
|
||||
.Bd -literal -offset indent
|
||||
{
|
||||
options.hostname = "\c
|
||||
.Ar hostname Ns \c
|
||||
";
|
||||
}
|
||||
.Ed
|
||||
```
|
109
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-build-vms.8
vendored
Normal file
109
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-build-vms.8
vendored
Normal file
|
@ -0,0 +1,109 @@
|
|||
.Dd January 1, 1980
|
||||
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||
.\" so we can use it as a groff/mandoc switch.
|
||||
.ie ddoc-default-operating-system .Dt nixos-build-vms \&8 "NixOS System Manager's Manual"
|
||||
.el .Dt nixos-build-vms 8
|
||||
.Os NixOS
|
||||
.Sh NAME
|
||||
.Nm nixos-build-vms
|
||||
.Nd build a network of virtual machines from a network of NixOS configurations
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SYNOPSIS
|
||||
.Nm nixos-build-vms
|
||||
.Op Fl -show-trace
|
||||
.Op Fl -no-out-link
|
||||
.Op Fl -help
|
||||
.Op Fl -option Ar name value
|
||||
.Pa network.nix
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh DESCRIPTION
|
||||
.
|
||||
This command builds a network of QEMU\-KVM virtual machines of a Nix expression
|
||||
specifying a network of NixOS machines. The virtual network can be started by
|
||||
executing the
|
||||
.Pa bin/run-vms
|
||||
shell script that is generated by this command. By default, a
|
||||
.Pa result
|
||||
symlink is produced that points to the generated virtual network.
|
||||
.
|
||||
.Pp
|
||||
A network Nix expression has the following structure:
|
||||
.Bd -literal -offset indent
|
||||
{
|
||||
test1 = {pkgs, config, ...}:
|
||||
{
|
||||
services.openssh.enable = true;
|
||||
nixpkgs.localSystem.system = "i686-linux";
|
||||
deployment.targetHost = "test1.example.net";
|
||||
|
||||
# Other NixOS options
|
||||
};
|
||||
|
||||
test2 = {pkgs, config, ...}:
|
||||
{
|
||||
services.openssh.enable = true;
|
||||
services.httpd.enable = true;
|
||||
environment.systemPackages = [ pkgs.lynx ];
|
||||
nixpkgs.localSystem.system = "x86_64-linux";
|
||||
deployment.targetHost = "test2.example.net";
|
||||
|
||||
# Other NixOS options
|
||||
};
|
||||
}
|
||||
.Ed
|
||||
.
|
||||
.Pp
|
||||
Each attribute in the expression represents a machine in the network
|
||||
.Ns (e.g.
|
||||
.Va test1
|
||||
and
|
||||
.Va test2 Ns
|
||||
) referring to a function defining a NixOS configuration. In each NixOS
|
||||
configuration, two attributes have a special meaning. The
|
||||
.Va deployment.targetHost
|
||||
specifies the address (domain name or IP address) of the system which is used by
|
||||
.Ic ssh
|
||||
to perform remote deployment operations. The
|
||||
.Va nixpkgs.localSystem.system
|
||||
attribute can be used to specify an architecture for the target machine, such as
|
||||
.Ql i686-linux
|
||||
which builds a 32-bit NixOS configuration. Omitting this property will build the
|
||||
configuration for the same architecture as the host system.
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
.It Fl -show-trace
|
||||
Shows a trace of the output.
|
||||
.
|
||||
.It Fl -no-out-link
|
||||
Do not create a
|
||||
.Pa result
|
||||
symlink.
|
||||
.
|
||||
.It Fl h , -help
|
||||
Shows the usage of this command to the user.
|
||||
.
|
||||
.It Fl -option Ar name Va value
|
||||
Set the Nix configuration option
|
||||
.Va name
|
||||
to
|
||||
.Va value Ns
|
||||
\&. This overrides settings in the Nix configuration file (see
|
||||
.Xr nix.conf 5 Ns
|
||||
).
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Eelco Dolstra
|
||||
and
|
||||
.An the Nixpkgs/NixOS contributors
|
76
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-enter.8
vendored
Normal file
76
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-enter.8
vendored
Normal file
|
@ -0,0 +1,76 @@
|
|||
.Dd January 1, 1980
|
||||
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||
.\" so we can use it as a groff/mandoc switch.
|
||||
.ie ddoc-default-operating-system .Dt nixos-enter \&8 "NixOS System Manager's Manual"
|
||||
.el .Dt nixos-enter 8
|
||||
.Os NixOS
|
||||
.Sh NAME
|
||||
.Nm nixos-enter
|
||||
.Nd run a command in a NixOS chroot environment
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SYNOPSIS
|
||||
.Nm nixos-enter
|
||||
.Op Fl -root Ar root
|
||||
.Op Fl -system Ar system
|
||||
.Op Fl -command | c Ar shell-command
|
||||
.Op Fl -silent
|
||||
.Op Fl -help
|
||||
.Op Fl - Ar arguments ...
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh DESCRIPTION
|
||||
This command runs a command in a NixOS chroot environment, that is, in a filesystem hierarchy previously prepared using
|
||||
.Xr nixos-install 8 .
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
.It Fl -root Ar root
|
||||
The path to the NixOS system you want to enter. It defaults to
|
||||
.Pa /mnt Ns
|
||||
\&.
|
||||
.It Fl -system Ar system
|
||||
The NixOS system configuration to use. It defaults to
|
||||
.Pa /nix/var/nix/profiles/system Ns
|
||||
\&. You can enter a previous NixOS configuration by specifying a path such as
|
||||
.Pa /nix/var/nix/profiles/system-106-link Ns
|
||||
\&.
|
||||
.
|
||||
.It Fl -command Ar shell-command , Fl c Ar shell-command
|
||||
The bash command to execute.
|
||||
.
|
||||
.It Fl -silent
|
||||
Suppresses all output from the activation script of the target system.
|
||||
.
|
||||
.It Fl -
|
||||
Interpret the remaining arguments as the program name and arguments to be invoked.
|
||||
The program is not executed in a shell.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh EXAMPLES
|
||||
.Bl -tag -width indent
|
||||
.It Ic nixos-enter --root /mnt
|
||||
Start an interactive shell in the NixOS installation in
|
||||
.Pa /mnt Ns .
|
||||
.
|
||||
.It Ic nixos-enter -c 'ls -l /; cat /proc/mounts'
|
||||
Run a shell command.
|
||||
.
|
||||
.It Ic nixos-enter -- cat /proc/mounts
|
||||
Run a non-shell command.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Eelco Dolstra
|
||||
and
|
||||
.An the Nixpkgs/NixOS contributors
|
169
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-generate-config.8
vendored
Normal file
169
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-generate-config.8
vendored
Normal file
|
@ -0,0 +1,169 @@
|
|||
.Dd January 1, 1980
|
||||
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||
.\" so we can use it as a groff/mandoc switch.
|
||||
.ie ddoc-default-operating-system .Dt nixos-generate-config \&8 "NixOS System Manager's Manual"
|
||||
.el .Dt nixos-generate-config 8
|
||||
.Os NixOS
|
||||
.Sh NAME
|
||||
.Nm nixos-generate-config
|
||||
.Nd generate NixOS configuration modules
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SYNOPSIS
|
||||
.Nm nixos-generate-config
|
||||
.Op Fl -force
|
||||
.Op Fl -root Ar root
|
||||
.Op Fl -dir Ar dir
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh DESCRIPTION
|
||||
This command writes two NixOS configuration modules:
|
||||
.Bl -tag -width indent
|
||||
.It Pa /etc/nixos/hardware-configuration.nix
|
||||
This module sets NixOS configuration options based on your current hardware
|
||||
configuration. In particular, it sets the
|
||||
.Va fileSystem
|
||||
option to reflect all currently mounted file systems, the
|
||||
.Va swapDevices
|
||||
option to reflect active swap devices, and the
|
||||
.Va boot.initrd.*
|
||||
options to ensure that the initial ramdisk contains any kernel modules necessary
|
||||
for mounting the root file system.
|
||||
.Pp
|
||||
If this file already exists, it is overwritten. Thus, you should not modify it
|
||||
manually. Rather, you should include it from your
|
||||
.Pa /etc/nixos/configuration.nix Ns
|
||||
, and re-run
|
||||
.Nm
|
||||
to update it whenever your hardware configuration changes.
|
||||
.
|
||||
.It Pa /etc/nixos/configuration.nix
|
||||
This is the main NixOS system configuration module. If it already exists, it’s
|
||||
left unchanged. Otherwise,
|
||||
.Nm
|
||||
will write a template for you to customise.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
.It Fl -root Ar root
|
||||
If this option is given, treat the directory
|
||||
.Ar root
|
||||
as the root of the file system. This means that configuration files will be written to
|
||||
.Ql Ar root Ns /etc/nixos Ns
|
||||
, and that any file systems outside of
|
||||
.Ar root
|
||||
are ignored for the purpose of generating the
|
||||
.Va fileSystems
|
||||
option.
|
||||
.
|
||||
.It Fl -dir Ar dir
|
||||
If this option is given, write the configuration files to the directory
|
||||
.Ar dir
|
||||
instead of
|
||||
.Pa /etc/nixos Ns
|
||||
\&.
|
||||
.
|
||||
.It Fl -force
|
||||
Overwrite
|
||||
.Pa /etc/nixos/configuration.nix
|
||||
if it already exists.
|
||||
.
|
||||
.It Fl -no-filesystems
|
||||
Omit everything concerning file systems and swap devices from the hardware configuration.
|
||||
.
|
||||
.It Fl -show-hardware-config
|
||||
Don't generate
|
||||
.Pa configuration.nix
|
||||
or
|
||||
.Pa hardware-configuration.nix
|
||||
and print the hardware configuration to stdout only.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh EXAMPLES
|
||||
This command is typically used during NixOS installation to write initial
|
||||
configuration modules. For example, if you created and mounted the target file
|
||||
systems on
|
||||
.Pa /mnt
|
||||
and
|
||||
.Pa /mnt/boot Ns
|
||||
, you would run:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-generate-config --root /mnt
|
||||
.Ed
|
||||
.
|
||||
.Pp
|
||||
The resulting file
|
||||
.Pa /mnt/etc/nixos/hardware-configuration.nix
|
||||
might look like this:
|
||||
.Bd -literal -offset indent
|
||||
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext3";
|
||||
options = [ "rw" "data=ordered" "relatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/sda1";
|
||||
fsType = "ext3";
|
||||
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/sda2"; }
|
||||
];
|
||||
|
||||
nix.maxJobs = 8;
|
||||
}
|
||||
.Ed
|
||||
.
|
||||
.Pp
|
||||
It will also create a basic
|
||||
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||
, which you should edit to customise the logical configuration of your system. \
|
||||
This file includes the result of the hardware scan as follows:
|
||||
.Bd -literal -offset indent
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
.Ed
|
||||
.
|
||||
.Pp
|
||||
After installation, if your hardware configuration changes, you can run:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-generate-config
|
||||
.Ed
|
||||
.
|
||||
.Pp
|
||||
to update
|
||||
.Pa /etc/nixos/hardware-configuration.nix Ns
|
||||
\&. Your
|
||||
.Pa /etc/nixos/configuration.nix
|
||||
will
|
||||
.Em not
|
||||
be overwritten.
|
||||
.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Eelco Dolstra
|
||||
and
|
||||
.An the Nixpkgs/NixOS contributors
|
195
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-install.8
vendored
Normal file
195
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-install.8
vendored
Normal file
|
@ -0,0 +1,195 @@
|
|||
.Dd January 1, 1980
|
||||
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||
.\" so we can use it as a groff/mandoc switch.
|
||||
.ie ddoc-default-operating-system .Dt nixos-install \&8 "NixOS System Manager's Manual"
|
||||
.el .Dt nixos-install 8
|
||||
.Os NixOS
|
||||
.Sh NAME
|
||||
.Nm nixos-install
|
||||
.Nd install bootloader and NixOS
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SYNOPSIS
|
||||
.Nm nixos-install
|
||||
.Op Fl -verbose | v
|
||||
.Op Fl I Ar path
|
||||
.Op Fl -root Ar root
|
||||
.Op Fl -system Ar path
|
||||
.Op Fl -flake Ar flake-uri
|
||||
.Op Fl -impure
|
||||
.Op Fl -channel Ar channel
|
||||
.Op Fl -no-channel-copy
|
||||
.Op Fl -no-root-password | -no-root-passwd
|
||||
.Op Fl -no-bootloader
|
||||
.Op Fl -max-jobs | j Ar number
|
||||
.Op Fl -cores Ar number
|
||||
.Op Fl -option Ar name value
|
||||
.Op Fl -show-trace
|
||||
.Op Fl -keep-going
|
||||
.Op Fl -help
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh DESCRIPTION
|
||||
This command installs NixOS in the file system mounted on
|
||||
.Pa /mnt Ns
|
||||
, based on the NixOS configuration specified in
|
||||
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||
\&. It performs the following steps:
|
||||
.
|
||||
.Bl -enum
|
||||
.It
|
||||
It copies Nix and its dependencies to
|
||||
.Pa /mnt/nix/store Ns
|
||||
\&.
|
||||
.
|
||||
.It
|
||||
It runs Nix in
|
||||
.Pa /mnt
|
||||
to build the NixOS configuration specified in
|
||||
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||
\&.
|
||||
.
|
||||
.It
|
||||
It installs the current channel
|
||||
.Dq nixos
|
||||
in the target channel profile (unless
|
||||
.Fl -no-channel-copy
|
||||
is specified).
|
||||
.
|
||||
.It
|
||||
It installs the GRUB boot loader on the device specified in the option
|
||||
.Va boot.loader.grub.device
|
||||
(unless
|
||||
.Fl -no-bootloader
|
||||
is specified), and generates a GRUB configuration file that boots into the NixOS
|
||||
configuration just installed.
|
||||
.
|
||||
.It
|
||||
It prompts you for a password for the root account (unless
|
||||
.Fl -no-root-password
|
||||
is specified).
|
||||
.El
|
||||
.
|
||||
.Pp
|
||||
This command is idempotent: if it is interrupted or fails due to a temporary
|
||||
problem (e.g. a network issue), you can safely re-run it.
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
.It Fl -verbose , v
|
||||
Increases the level of verbosity of diagnostic messages printed on standard
|
||||
error. For each Nix operation, the information printed on standard output is
|
||||
well-defined; any diagnostic information is printed on standard error, never on
|
||||
standard output.
|
||||
.Pp
|
||||
Please note that this option may be specified repeatedly.
|
||||
.
|
||||
.It Fl -root Ar root
|
||||
Defaults to
|
||||
.Pa /mnt Ns
|
||||
\&. If this option is given, treat the directory
|
||||
.Ar root
|
||||
as the root of the NixOS installation.
|
||||
.
|
||||
.It Fl -system Ar path
|
||||
If this option is provided,
|
||||
.Nm
|
||||
will install the specified closure rather than attempt to build one from
|
||||
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||
\&.
|
||||
.Pp
|
||||
The closure must be an appropriately configured NixOS system, with boot loader
|
||||
and partition configuration that fits the target host. Such a closure is
|
||||
typically obtained with a command such as
|
||||
.Ic nix-build -I nixos-config=./configuration.nix '<nixpkgs/nixos>' -A system --no-out-link Ns
|
||||
\&.
|
||||
.
|
||||
.It Fl -flake Ar flake-uri Ns # Ns Ar name
|
||||
Build the NixOS system from the specified flake. The flake must contain an
|
||||
output named
|
||||
.Ql nixosConfigurations. Ns Ar name Ns
|
||||
\&.
|
||||
.
|
||||
.It Fl -channel Ar channel
|
||||
If this option is provided, do not copy the current
|
||||
.Dq nixos
|
||||
channel to the target host. Instead, use the specified derivation.
|
||||
.
|
||||
.It Fl I Ar Path
|
||||
Add a path to the Nix expression search path. This option may be given multiple
|
||||
times. See the
|
||||
.Ev NIX_PATH
|
||||
environment variable for information on the semantics of the Nix search path. Paths added through
|
||||
.Fl I
|
||||
take precedence over
|
||||
.Ev NIX_PATH Ns
|
||||
\&.
|
||||
.
|
||||
.It Fl -max-jobs , j Ar number
|
||||
Sets the maximum number of build jobs that Nix will perform in parallel to the
|
||||
specified number. The default is 1. A higher value is useful on SMP systems or
|
||||
to exploit I/O latency.
|
||||
.
|
||||
.It Fl -cores Ar N
|
||||
Sets the value of the
|
||||
.Ev NIX_BUILD_CORES
|
||||
environment variable in the invocation of builders. Builders can use this
|
||||
variable at their discretion to control the maximum amount of parallelism. For
|
||||
instance, in Nixpkgs, if the derivation attribute
|
||||
.Va enableParallelBuilding
|
||||
is set to true, the builder passes the
|
||||
.Fl j Ns Va N
|
||||
flag to GNU Make. The value 0 means that the builder should use all available CPU cores in the system.
|
||||
.
|
||||
.It Fl -option Ar name value
|
||||
Set the Nix configuration option
|
||||
.Ar name
|
||||
to
|
||||
.Ar value Ns
|
||||
\&.
|
||||
.
|
||||
.It Fl -show-trace
|
||||
Causes Nix to print out a stack trace in case of Nix expression evaluation errors.
|
||||
.
|
||||
.It Fl -keep-going
|
||||
Causes Nix to continue building derivations as far as possible in the face of failed builds.
|
||||
.
|
||||
.It Fl -help
|
||||
Synonym for
|
||||
.Ic man nixos-install Ns
|
||||
\&.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh EXAMPLES
|
||||
A typical NixOS installation is done by creating and mounting a file system on
|
||||
.Pa /mnt Ns
|
||||
, generating a NixOS configuration in
|
||||
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||
, and running
|
||||
.Nm Ns
|
||||
\&. For instance, if we want to install NixOS on an ext4 file system created in
|
||||
.Pa /dev/sda1 Ns
|
||||
:
|
||||
.Bd -literal -offset indent
|
||||
$ mkfs.ext4 /dev/sda1
|
||||
$ mount /dev/sda1 /mnt
|
||||
$ nixos-generate-config --root /mnt
|
||||
$ # edit /mnt/etc/nixos/configuration.nix
|
||||
$ nixos-install
|
||||
$ reboot
|
||||
.Ed
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Eelco Dolstra
|
||||
and
|
||||
.An the Nixpkgs/NixOS contributors
|
93
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-option.8
vendored
Normal file
93
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-option.8
vendored
Normal file
|
@ -0,0 +1,93 @@
|
|||
.Dd January 1, 1980
|
||||
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||
.\" so we can use it as a groff/mandoc switch.
|
||||
.ie ddoc-default-operating-system .Dt nixos-option \&8 "NixOS System Manager's Manual"
|
||||
.el .Dt nixos-option 8
|
||||
.Os NixOS
|
||||
.Sh NAME
|
||||
.Nm nixos-option
|
||||
.Nd inspect a NixOS configuration
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl r | -recursive
|
||||
.Op Fl I Ar path
|
||||
.Ar option.name
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh DESCRIPTION
|
||||
This command evaluates the configuration specified in
|
||||
.Pa /etc/nixos/configuration.nix
|
||||
and returns the properties of the option name given as argument.
|
||||
.
|
||||
.Pp
|
||||
When the option name is not an option, the command prints the list of attributes
|
||||
contained in the attribute set.
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
.It Fl r , -recursive
|
||||
Print all the values at or below the specified path recursively.
|
||||
.
|
||||
.It Fl I Ar path
|
||||
This option is passed to the underlying
|
||||
.Xr nix-instantiate 1
|
||||
invocation.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh ENVIRONMENT
|
||||
.Bl -tag -width indent
|
||||
.It Ev NIXOS_CONFIG
|
||||
Path to the main NixOS configuration module. Defaults to
|
||||
.Pa /etc/nixos/configuration.nix Ns
|
||||
\&.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh EXAMPLES
|
||||
Investigate option values:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-option boot.loader
|
||||
This attribute set contains:
|
||||
generationsDir
|
||||
grub
|
||||
initScript
|
||||
|
||||
$ nixos-option boot.loader.grub.enable
|
||||
Value:
|
||||
true
|
||||
|
||||
Default:
|
||||
true
|
||||
|
||||
Description:
|
||||
Whether to enable the GNU GRUB boot loader.
|
||||
|
||||
Declared by:
|
||||
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
||||
|
||||
Defined by:
|
||||
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
||||
.Ed
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SEE ALSO
|
||||
.Xr configuration.nix 5
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Nicolas Pierron
|
||||
and
|
||||
.An the Nixpkgs/NixOS contributors
|
456
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-rebuild.8
vendored
Normal file
456
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-rebuild.8
vendored
Normal file
|
@ -0,0 +1,456 @@
|
|||
.Dd January 1, 1980
|
||||
.\" nixpkgs groff will use Nixpkgs the OS in the title by default, taking it from
|
||||
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||
.\" so we can use it as a groff/mandoc switch.
|
||||
.ie ddoc-default-operating-system .Dt nixos-rebuild \&8 "NixOS System Manager's Manual"
|
||||
.el .Dt nixos-rebuild 8
|
||||
.Os NixOS
|
||||
.Sh NAME
|
||||
.Nm nixos-rebuild
|
||||
.Nd reconfigure a NixOS machine
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Bro
|
||||
.Cm switch | boot | test | build | dry-build | dry-activate | edit | build-vm | build-vm-with-bootloader
|
||||
.Brc
|
||||
.br
|
||||
.Op Fl -upgrade | -upgrade-all
|
||||
.Op Fl -install-bootloader
|
||||
.Op Fl -no-build-nix
|
||||
.Op Fl -fast
|
||||
.Op Fl -rollback
|
||||
.Op Fl -builders Ar builder-spec
|
||||
.br
|
||||
.Op Fl -flake Ar flake-uri
|
||||
.Op Fl -no-flake
|
||||
.Op Fl -override-input Ar input-name flake-uri
|
||||
.br
|
||||
.Op Fl -profile-name | p Ar name
|
||||
.Op Fl -specialisation | c Ar name
|
||||
.br
|
||||
.Op Fl -build-host Va host
|
||||
.Op Fl -target-host Va host
|
||||
.Op Fl -use-remote-sudo
|
||||
.br
|
||||
.Op Fl -show-trace
|
||||
.Op Fl I Va NIX_PATH
|
||||
.Op Fl -verbose | v
|
||||
.Op Fl -impure
|
||||
.Op Fl -max-jobs | j Va number
|
||||
.Op Fl -keep-failed | K
|
||||
.Op Fl -keep-going | k
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh DESCRIPTION
|
||||
This command updates the system so that it corresponds to the
|
||||
configuration specified in
|
||||
.Pa /etc/nixos/configuration.nix
|
||||
or
|
||||
.Pa /etc/nixos/flake.nix Ns
|
||||
\&. Thus, every time you modify the configuration or any other NixOS module, you
|
||||
must run
|
||||
.Nm
|
||||
to make the changes take effect. It builds the new system in
|
||||
.Pa /nix/store Ns
|
||||
, runs its activation script, and stop and (re)starts any system services if
|
||||
needed. Please note that user services need to be started manually as they
|
||||
aren't detected by the activation script at the moment.
|
||||
.
|
||||
.Pp
|
||||
This command has one required argument, which specifies the desired
|
||||
operation. It must be one of the following:
|
||||
.Bl -tag -width indent
|
||||
.It Cm switch
|
||||
Build and activate the new configuration, and make it the boot default. That
|
||||
is, the configuration is added to the GRUB boot menu as the default
|
||||
menu entry, so that subsequent reboots will boot the system into the new
|
||||
configuration. Previous configurations activated with
|
||||
.Ic nixos-rebuild switch
|
||||
or
|
||||
.Ic nixos-rebuild boot
|
||||
remain available in the GRUB menu.
|
||||
.Pp
|
||||
Note that if you are using specializations, running just
|
||||
.Ic nixos-rebuild switch
|
||||
will switch you back to the unspecialized, base system \(em in that case, you
|
||||
might want to use this instead:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-rebuild switch --specialisation your-specialisation-name
|
||||
.Ed
|
||||
.Pp
|
||||
This command will build all specialisations and make them bootable just
|
||||
like regular
|
||||
.Ic nixos-rebuild switch
|
||||
does \(em the only thing different is that it will switch to given
|
||||
specialisation instead of the base system; it can be also used to switch from
|
||||
the base system into a specialised one, or to switch between specialisations.
|
||||
.
|
||||
.It Cm boot
|
||||
Build the new configuration and make it the boot default (as with
|
||||
.Ic nixos-rebuild switch Ns
|
||||
), but do not activate it. That is, the system continues to run the previous
|
||||
configuration until the next reboot.
|
||||
.
|
||||
.It Cm test
|
||||
Build and activate the new configuration, but do not add it to the GRUB
|
||||
boot menu. Thus, if you reboot the system (or if it crashes), you will
|
||||
automatically revert to the default configuration (i.e. the
|
||||
configuration resulting from the last call to
|
||||
.Ic nixos-rebuild switch
|
||||
or
|
||||
.Ic nixos-rebuild boot Ns
|
||||
).
|
||||
.Pp
|
||||
Note that if you are using specialisations, running just
|
||||
.Ic nixos-rebuild test
|
||||
will activate the unspecialised, base system \(em in that case, you might want
|
||||
to use this instead:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-rebuild test --specialisation your-specialisation-name
|
||||
.Ed
|
||||
.Pp
|
||||
This command can be also used to switch from the base system into a
|
||||
specialised one, or to switch between specialisations.
|
||||
.
|
||||
.It Cm build
|
||||
Build the new configuration, but neither activate it nor add it to the
|
||||
GRUB boot menu. It leaves a symlink named
|
||||
.Pa result
|
||||
in the current directory, which points to the output of the top-level
|
||||
.Dq system
|
||||
derivation. This is essentially the same as doing
|
||||
.Bd -literal -offset indent
|
||||
$ nix-build /path/to/nixpkgs/nixos -A system
|
||||
.Ed
|
||||
.Pp
|
||||
Note that you do not need to be root to run
|
||||
.Ic nixos-rebuild build Ns
|
||||
\&.
|
||||
.
|
||||
.It Cm dry-build
|
||||
Show what store paths would be built or downloaded by any of the
|
||||
operations above, but otherwise do nothing.
|
||||
.
|
||||
.It Cm dry-activate
|
||||
Build the new configuration, but instead of activating it, show what
|
||||
changes would be performed by the activation (i.e. by
|
||||
.Ic nixos-rebuild test Ns
|
||||
). For instance, this command will print which systemd units would be restarted.
|
||||
The list of changes is not guaranteed to be complete.
|
||||
.
|
||||
.It Cm edit
|
||||
Opens
|
||||
.Pa configuration.nix
|
||||
in the default editor.
|
||||
.
|
||||
.It Cm build-vm
|
||||
Build a script that starts a NixOS virtual machine with the desired
|
||||
configuration. It leaves a symlink
|
||||
.Pa result
|
||||
in the current directory that points (under
|
||||
.Ql result/bin/run\- Ns Va hostname Ns \-vm Ns
|
||||
)
|
||||
at the script that starts the VM. Thus, to test a NixOS configuration in
|
||||
a virtual machine, you should do the following:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-rebuild build-vm
|
||||
$ ./result/bin/run-*-vm
|
||||
.Ed
|
||||
.Pp
|
||||
The VM is implemented using the
|
||||
.Ql qemu
|
||||
package. For best performance, you should load the
|
||||
.Ql kvm-intel
|
||||
or
|
||||
.Ql kvm-amd
|
||||
kernel modules to get hardware virtualisation.
|
||||
.Pp
|
||||
The VM mounts the Nix store of the host through the 9P file system. The
|
||||
host Nix store is read-only, so Nix commands that modify the Nix store
|
||||
will not work in the VM. This includes commands such as
|
||||
.Nm Ns
|
||||
; to change the VM’s configuration, you must halt the VM and re-run the commands
|
||||
above.
|
||||
.Pp
|
||||
The VM has its own ext3 root file system, which is automatically created when
|
||||
the VM is first started, and is persistent across reboots of the VM. It is
|
||||
stored in
|
||||
.Ql ./ Ns Va hostname Ns .qcow2 Ns
|
||||
\&.
|
||||
.\" The entire file system hierarchy of the host is available in
|
||||
.\" the VM under
|
||||
.\" .Pa /hostfs Ns
|
||||
.\" .
|
||||
.
|
||||
.It Cm build-vm-with-bootloader
|
||||
Like
|
||||
.Cm build-vm Ns
|
||||
, but boots using the regular boot loader of your configuration (e.g. GRUB 1 or
|
||||
2), rather than booting directly into the kernel and initial ramdisk of the
|
||||
system. This allows you to test whether the boot loader works correctly. \
|
||||
However, it does not guarantee that your NixOS configuration will boot
|
||||
successfully on the host hardware (i.e., after running
|
||||
.Ic nixos-rebuild switch Ns
|
||||
), because the hardware and boot loader configuration in the VM are different.
|
||||
The boot loader is installed on an automatically generated virtual disk
|
||||
containing a
|
||||
.Pa /boot
|
||||
partition.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
.It Fl -upgrade , -upgrade-all
|
||||
Update the root user's channel named
|
||||
.Ql nixos
|
||||
before rebuilding the system.
|
||||
.Pp
|
||||
In addition to the
|
||||
.Ql nixos
|
||||
channel, the root user's channels which have a file named
|
||||
.Ql .update-on-nixos-rebuild
|
||||
in their base directory will also be updated.
|
||||
.Pp
|
||||
Passing
|
||||
.Fl -upgrade-all
|
||||
updates all of the root user's channels.
|
||||
.
|
||||
.It Fl -install-bootloader
|
||||
Causes the boot loader to be (re)installed on the device specified by the
|
||||
relevant configuration options.
|
||||
.
|
||||
.It Fl -no-build-nix
|
||||
Normally,
|
||||
.Nm
|
||||
first builds the
|
||||
.Ql nixUnstable
|
||||
attribute in Nixpkgs, and uses the resulting instance of the Nix package manager
|
||||
to build the new system configuration. This is necessary if the NixOS modules
|
||||
use features not provided by the currently installed version of Nix. This option
|
||||
disables building a new Nix.
|
||||
.
|
||||
.It Fl -fast
|
||||
Equivalent to
|
||||
.Fl -no-build-nix Ns
|
||||
\&. This option is useful if you call
|
||||
.Nm
|
||||
frequently (e.g. if you’re hacking on a NixOS module).
|
||||
.
|
||||
.It Fl -rollback
|
||||
Instead of building a new configuration as specified by
|
||||
.Pa /etc/nixos/configuration.nix Ns
|
||||
, roll back to the previous configuration. (The previous configuration is
|
||||
defined as the one before the “current” generation of the Nix profile
|
||||
.Pa /nix/var/nix/profiles/system Ns
|
||||
\&.)
|
||||
.
|
||||
.It Fl -builders Ar builder-spec
|
||||
Allow ad-hoc remote builders for building the new system. This requires
|
||||
the user executing
|
||||
.Nm
|
||||
(usually root) to be configured as a trusted user in the Nix daemon. This can be
|
||||
achieved by using the
|
||||
.Va nix.settings.trusted-users
|
||||
NixOS option. Examples values for that option are described in the
|
||||
.Dq Remote builds
|
||||
chapter in the Nix manual, (i.e.
|
||||
.Ql --builders \(dqssh://bigbrother x86_64-linux\(dq Ns
|
||||
). By specifying an empty string existing builders specified in
|
||||
.Pa /etc/nix/machines
|
||||
can be ignored:
|
||||
.Ql --builders \(dq\(dq
|
||||
for example when they are not reachable due to network connectivity.
|
||||
.
|
||||
.It Fl -profile-name Ar name , Fl p Ar name
|
||||
Instead of using the Nix profile
|
||||
.Pa /nix/var/nix/profiles/system
|
||||
to keep track of the current and previous system configurations, use
|
||||
.Pa /nix/var/nix/profiles/system-profiles/ Ns Va name Ns
|
||||
\&. When you use GRUB 2, for every system profile created with this flag, NixOS
|
||||
will create a submenu named
|
||||
.Dq NixOS - Profile Va name
|
||||
in GRUB’s boot menu, containing the current and previous configurations of this profile.
|
||||
.Pp
|
||||
For instance, if you want to test a configuration file named
|
||||
.Pa test.nix
|
||||
without affecting the default system profile, you would do:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-rebuild switch -p test -I nixos-config=./test.nix
|
||||
.Ed
|
||||
.Pp
|
||||
The new configuration will appear in the GRUB 2 submenu
|
||||
.Dq NixOS - Profile 'test' Ns
|
||||
\&.
|
||||
.
|
||||
.It Fl -specialisation Ar name , Fl c Ar name
|
||||
Activates given specialisation; when not specified, switching and testing
|
||||
will activate the base, unspecialised system.
|
||||
.
|
||||
.It Fl -build-host Ar host
|
||||
Instead of building the new configuration locally, use the specified host
|
||||
to perform the build. The host needs to be accessible with
|
||||
.Ic ssh Ns ,
|
||||
and must be able to perform Nix builds. If the option
|
||||
.Fl -target-host
|
||||
is not set, the build will be copied back to the local machine when done.
|
||||
.Pp
|
||||
Note that, if
|
||||
.Fl -no-build-nix
|
||||
is not specified, Nix will be built both locally and remotely. This is because
|
||||
the configuration will always be evaluated locally even though the building
|
||||
might be performed remotely.
|
||||
.Pp
|
||||
You can include a remote user name in the host name
|
||||
.Ns ( Va user@host Ns
|
||||
). You can also set ssh options by defining the
|
||||
.Ev NIX_SSHOPTS
|
||||
environment variable.
|
||||
.
|
||||
.It Fl -target-host Ar host
|
||||
Specifies the NixOS target host. By setting this to something other than an
|
||||
empty string, the system activation will happen on the remote host instead of
|
||||
the local machine. The remote host needs to be accessible over
|
||||
.Ic ssh Ns ,
|
||||
and for the commands
|
||||
.Cm switch Ns
|
||||
,
|
||||
.Cm boot
|
||||
and
|
||||
.Cm test
|
||||
you need root access.
|
||||
.Pp
|
||||
If
|
||||
.Fl -build-host
|
||||
is not explicitly specified or empty, building will take place locally.
|
||||
.Pp
|
||||
You can include a remote user name in the host name
|
||||
.Ns ( Va user@host Ns
|
||||
). You can also set ssh options by defining the
|
||||
.Ev NIX_SSHOPTS
|
||||
environment variable.
|
||||
.Pp
|
||||
Note that
|
||||
.Nm
|
||||
honors the
|
||||
.Va nixpkgs.crossSystem
|
||||
setting of the given configuration but disregards the true architecture of the
|
||||
target host. Hence the
|
||||
.Va nixpkgs.crossSystem
|
||||
setting has to match the target platform or else activation will fail.
|
||||
.
|
||||
.It Fl -use-substitutes
|
||||
When set, nixos-rebuild will add
|
||||
.Fl -use-substitutes
|
||||
to each invocation of nix-copy-closure. This will only affect the behavior of
|
||||
nixos-rebuild if
|
||||
.Fl -target-host
|
||||
or
|
||||
.Fl -build-host
|
||||
is also set. This is useful when the target-host connection to cache.nixos.org
|
||||
is faster than the connection between hosts.
|
||||
.
|
||||
.It Fl -use-remote-sudo
|
||||
When set, nixos-rebuild prefixes remote commands that run on the
|
||||
.Fl -build-host
|
||||
and
|
||||
.Fl -target-host
|
||||
systems with
|
||||
.Ic sudo Ns
|
||||
\&. Setting this option allows deploying as a non-root user.
|
||||
.
|
||||
.It Fl -flake Va flake-uri Ns Op Va #name
|
||||
Build the NixOS system from the specified flake. It defaults to the directory
|
||||
containing the target of the symlink
|
||||
.Pa /etc/nixos/flake.nix Ns
|
||||
, if it exists. The flake must contain an output named
|
||||
.Ql nixosConfigurations. Ns Va name Ns
|
||||
\&. If
|
||||
.Va name
|
||||
is omitted, it default to the current host name.
|
||||
.
|
||||
.It Fl -no-flake
|
||||
Do not imply
|
||||
.Fl -flake
|
||||
if
|
||||
.Pa /etc/nixos/flake.nix
|
||||
exists. With this option, it is possible to build non-flake NixOS configurations
|
||||
even if the current NixOS systems uses flakes.
|
||||
.El
|
||||
.Pp
|
||||
In addition,
|
||||
.Nm
|
||||
accepts various Nix-related flags, including
|
||||
.Fl -max-jobs Ns ,
|
||||
.Fl j Ns ,
|
||||
.Fl I Ns ,
|
||||
.Fl -show-trace Ns ,
|
||||
.Fl -keep-failed Ns ,
|
||||
.Fl -keep-going Ns ,
|
||||
.Fl -impure Ns ,
|
||||
.Fl -verbose Ns , and
|
||||
.Fl v Ns
|
||||
\&. See the Nix manual for details.
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh ENVIRONMENT
|
||||
.Bl -tag -width indent
|
||||
.It Ev NIXOS_CONFIG
|
||||
Path to the main NixOS configuration module. Defaults to
|
||||
.Pa /etc/nixos/configuration.nix Ns
|
||||
\&.
|
||||
.
|
||||
.It Ev NIX_PATH
|
||||
A colon-separated list of directories used to look up Nix expressions enclosed
|
||||
in angle brackets (e.g. <nixpkgs>). Example:
|
||||
.Bd -literal -offset indent
|
||||
nixpkgs=./my-nixpkgs
|
||||
.Ed
|
||||
.
|
||||
.It Ev NIX_SSHOPTS
|
||||
Additional options to be passed to
|
||||
.Ic ssh
|
||||
on the command line.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh FILES
|
||||
.Bl -tag -width indent
|
||||
.It Pa /etc/nixos/flake.nix
|
||||
If this file exists, then
|
||||
.Nm
|
||||
will use it as if the
|
||||
.Fl -flake
|
||||
option was given. This file may be a symlink to a
|
||||
.Pa flake.nix
|
||||
in an actual flake; thus
|
||||
.Pa /etc/nixos
|
||||
need not be a flake.
|
||||
.
|
||||
.It Pa /run/current-system
|
||||
A symlink to the currently active system configuration in the Nix store.
|
||||
.
|
||||
.It Pa /nix/var/nix/profiles/system
|
||||
The Nix profile that contains the current and previous system
|
||||
configurations. Used to generate the GRUB boot menu.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh BUGS
|
||||
This command should be renamed to something more descriptive.
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Eelco Dolstra
|
||||
and
|
||||
.An the Nixpkgs/NixOS contributors
|
90
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-version.8
vendored
Normal file
90
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-version.8
vendored
Normal file
|
@ -0,0 +1,90 @@
|
|||
.Dd January 1, 1980
|
||||
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||
.\" so we can use it as a groff/mandoc switch.
|
||||
.ie ddoc-default-operating-system .Dt nixos-version \&8 "NixOS System Manager's Manual"
|
||||
.el .Dt nixos-version 8
|
||||
.Os NixOS
|
||||
.Sh NAME
|
||||
.Nm nixos-version
|
||||
.Nd show the NixOS version
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh SYNOPSIS
|
||||
.Nm nixos-version
|
||||
.Op Fl -hash
|
||||
.Op Fl -revision
|
||||
.Op Fl -configuration-revision
|
||||
.Op Fl -json
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh DESCRIPTION
|
||||
This command shows the version of the currently active NixOS configuration. For example:
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-version
|
||||
16.03.1011.6317da4 (Emu)
|
||||
.Ed
|
||||
.
|
||||
.Pp
|
||||
The version consists of the following elements:
|
||||
.Bl -tag -width indent
|
||||
.It Ql 16.03
|
||||
The NixOS release, indicating the year and month in which it was released
|
||||
(e.g. March 2016).
|
||||
.It Ql 1011
|
||||
The number of commits in the Nixpkgs Git repository between the start of the
|
||||
release branch and the commit from which this version was built. This ensures
|
||||
that NixOS versions are monotonically increasing. It is
|
||||
.Ql git
|
||||
when the current NixOS configuration was built from a checkout of the Nixpkgs
|
||||
Git repository rather than from a NixOS channel.
|
||||
.It Ql 6317da4
|
||||
The first 7 characters of the commit in the Nixpkgs Git repository from which
|
||||
this version was built.
|
||||
.It Ql Emu
|
||||
The code name of the NixOS release. The first letter of the code name indicates
|
||||
that this is the N'th stable NixOS release; for example, Emu is the fifth
|
||||
release.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
.It Fl -hash , -revision
|
||||
Show the full SHA1 hash of the Git commit from which this configuration was
|
||||
built, e.g.
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-version --hash
|
||||
6317da40006f6bc2480c6781999c52d88dde2acf
|
||||
.Ed
|
||||
.
|
||||
.It Fl -configuration-revision
|
||||
Show the configuration revision if available. This could be the full SHA1 hash
|
||||
of the Git commit of the system flake, if you add
|
||||
.Bd -literal -offset indent
|
||||
{ system.configurationRevision = self.rev or "dirty"; }
|
||||
.Ed
|
||||
.Pp
|
||||
to the
|
||||
.Ql modules
|
||||
array of your flake.nix system configuration e.g.
|
||||
.Bd -literal -offset indent
|
||||
$ nixos-version --configuration-revision
|
||||
aa314ebd1592f6cdd53cb5bba8bcae97d9323de8
|
||||
.Ed
|
||||
.
|
||||
.It Fl -json
|
||||
Print a JSON representation of the versions of NixOS and the top-level
|
||||
configuration flake.
|
||||
.El
|
||||
.
|
||||
.
|
||||
.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Eelco Dolstra
|
||||
and
|
||||
.An the Nixpkgs/NixOS contributors
|
|
@ -38,7 +38,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
||||
|
||||
- [QDMR](https://dm3mat.darc.de/qdmr/), a gui application and command line tool for programming cheap DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
|
||||
- [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
|
||||
|
||||
- [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable).
|
||||
|
||||
|
@ -48,13 +48,17 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.
|
||||
|
||||
- [sharing](https://github.com/parvardegr/sharing), a command-line tool to share directories and files from the CLI to iOS and Android devices without the need of an extra client app. Available as [programs.sharing](#opt-programs.sharing.enable).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead.
|
||||
|
||||
- `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust and go packages).
|
||||
- `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages).
|
||||
|
||||
- `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`.
|
||||
|
||||
- `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep).
|
||||
|
||||
|
@ -97,6 +101,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The [services.wordpress.sites.<name>.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.<name>.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name.
|
||||
|
||||
- Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`.
|
||||
|
||||
- In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`.
|
||||
|
||||
- The `--target-host` and `--build-host` options of `nixos-rebuild` no longer treat the `localhost` value specially – to build on/deploy to local machine, omit the relevant flag.
|
||||
|
@ -122,7 +128,17 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package)
|
||||
|
||||
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follow: `services.openssh.kbdInteractiveAuthentication` to `services.openssh.settings.KbdInteractiveAuthentication`, `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`, `services.openssh.useDns` to `services.openssh.settings.UseDns`, `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`, `services.openssh.logLevel` to `services.openssh.settings.LogLevel`.
|
||||
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follows:
|
||||
- `services.openssh.forwardX11` to `services.openssh.settings.X11Forwarding`
|
||||
- `services.openssh.kbdInteractiveAuthentication` -> `services.openssh.settings.KbdInteractiveAuthentication`
|
||||
- `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`
|
||||
- `services.openssh.useDns` to `services.openssh.settings.UseDns`
|
||||
- `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`
|
||||
- `services.openssh.logLevel` to `services.openssh.settings.LogLevel`
|
||||
- `services.openssh.kexAlgorithms` to `services.openssh.settings.KexAlgorithms`
|
||||
- `services.openssh.macs` to `services.openssh.settings.Macs`
|
||||
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
|
||||
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
|
||||
|
||||
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
|
||||
|
||||
|
@ -175,6 +191,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
|
||||
|
||||
- Grafana Tempo has been updated to version 2.0. See the [upstream upgrade guide](https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations) for migration instructions.
|
||||
|
||||
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
|
||||
|
||||
- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
|
||||
|
@ -193,6 +211,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion).
|
||||
|
||||
- Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays.
|
||||
|
||||
- `hip` has been separated into `hip`, `hip-common` and `hipcc`.
|
||||
|
||||
- `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections.
|
||||
|
@ -203,12 +223,30 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
|
||||
|
||||
- The `zramSwap` is now implemented with `zram-generator`, and the option `zramSwap.numDevices` for using ZRAM devices as general purpose ephemeral block devices has been removed.
|
||||
|
||||
- As Singularity has renamed to [Apptainer](https://apptainer.org/news/community-announcement-20211130)
|
||||
to distinguish from [an un-renamed fork by Sylabs Inc.](https://sylabs.io/2021/05/singularity-community-edition),
|
||||
there are now two packages of Singularity/Apptainer:
|
||||
* `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming.
|
||||
* `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc..
|
||||
|
||||
`programs.singularity` got a new `package` option to specify which package to use.
|
||||
|
||||
`singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use.
|
||||
|
||||
- The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`.
|
||||
|
||||
- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream.
|
||||
|
||||
- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
|
||||
|
||||
- [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package.
|
||||
|
||||
- `tvbrowser-bin` was removed, and now `tvbrowser` is built from source.
|
||||
|
||||
- `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision
|
||||
|
||||
- The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.
|
||||
|
||||
- The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed.
|
||||
|
|
|
@ -23,7 +23,7 @@ pkgs.releaseTools.makeSourceTarball {
|
|||
cp -prd . ../$releaseName
|
||||
chmod -R u+w ../$releaseName
|
||||
ln -s . ../$releaseName/nixpkgs # hack to make ‘<nixpkgs>’ work
|
||||
NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --xml \* > /dev/null
|
||||
NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --show-trace --xml \* > /dev/null
|
||||
cd ..
|
||||
chmod -R u+w $releaseName
|
||||
tar cfJ $out/tarballs/$releaseName.tar.xz $releaseName
|
||||
|
|
|
@ -78,7 +78,7 @@ let
|
|||
title = args.title or null;
|
||||
name = args.name or (lib.concatStringsSep "." args.path);
|
||||
in ''
|
||||
- [`${lib.optionalString (title != null) "${title} aka "}pkgs.${name}`](
|
||||
- [${lib.optionalString (title != null) "${title} aka "}`pkgs.${name}`](
|
||||
https://search.nixos.org/packages?show=${name}&sort=relevance&query=${name}
|
||||
)${
|
||||
lib.optionalString (args ? comment) "\n\n ${args.comment}"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from contextlib import _GeneratorContextManager
|
||||
from contextlib import _GeneratorContextManager, nullcontext
|
||||
from pathlib import Path
|
||||
from queue import Queue
|
||||
from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple
|
||||
|
@ -406,25 +406,23 @@ class Machine:
|
|||
return rootlog.nested(msg, my_attrs)
|
||||
|
||||
def wait_for_monitor_prompt(self) -> str:
|
||||
with self.nested("waiting for monitor prompt"):
|
||||
assert self.monitor is not None
|
||||
answer = ""
|
||||
while True:
|
||||
undecoded_answer = self.monitor.recv(1024)
|
||||
if not undecoded_answer:
|
||||
break
|
||||
answer += undecoded_answer.decode()
|
||||
if answer.endswith("(qemu) "):
|
||||
break
|
||||
return answer
|
||||
assert self.monitor is not None
|
||||
answer = ""
|
||||
while True:
|
||||
undecoded_answer = self.monitor.recv(1024)
|
||||
if not undecoded_answer:
|
||||
break
|
||||
answer += undecoded_answer.decode()
|
||||
if answer.endswith("(qemu) "):
|
||||
break
|
||||
return answer
|
||||
|
||||
def send_monitor_command(self, command: str) -> str:
|
||||
self.run_callbacks()
|
||||
with self.nested(f"sending monitor command: {command}"):
|
||||
message = f"{command}\n".encode()
|
||||
assert self.monitor is not None
|
||||
self.monitor.send(message)
|
||||
return self.wait_for_monitor_prompt()
|
||||
message = f"{command}\n".encode()
|
||||
assert self.monitor is not None
|
||||
self.monitor.send(message)
|
||||
return self.wait_for_monitor_prompt()
|
||||
|
||||
def wait_for_unit(
|
||||
self, unit: str, user: Optional[str] = None, timeout: int = 900
|
||||
|
@ -547,7 +545,7 @@ class Machine:
|
|||
self.shell.send("echo ${PIPESTATUS[0]}\n".encode())
|
||||
rc = int(self._next_newline_closed_block_from_shell().strip())
|
||||
|
||||
return (rc, output.decode())
|
||||
return (rc, output.decode(errors="replace"))
|
||||
|
||||
def shell_interact(self, address: Optional[str] = None) -> None:
|
||||
"""Allows you to interact with the guest shell for debugging purposes.
|
||||
|
@ -685,9 +683,9 @@ class Machine:
|
|||
retry(tty_matches)
|
||||
|
||||
def send_chars(self, chars: str, delay: Optional[float] = 0.01) -> None:
|
||||
with self.nested(f"sending keys '{chars}'"):
|
||||
with self.nested(f"sending keys {repr(chars)}"):
|
||||
for char in chars:
|
||||
self.send_key(char, delay)
|
||||
self.send_key(char, delay, log=False)
|
||||
|
||||
def wait_for_file(self, filename: str) -> None:
|
||||
"""Waits until the file exists in machine's file system."""
|
||||
|
@ -860,11 +858,15 @@ class Machine:
|
|||
if matches is not None:
|
||||
return
|
||||
|
||||
def send_key(self, key: str, delay: Optional[float] = 0.01) -> None:
|
||||
def send_key(
|
||||
self, key: str, delay: Optional[float] = 0.01, log: Optional[bool] = True
|
||||
) -> None:
|
||||
key = CHAR_TO_KEY.get(key, key)
|
||||
self.send_monitor_command(f"sendkey {key}")
|
||||
if delay is not None:
|
||||
time.sleep(delay)
|
||||
context = self.nested(f"sending key {repr(key)}") if log else nullcontext()
|
||||
with context:
|
||||
self.send_monitor_command(f"sendkey {key}")
|
||||
if delay is not None:
|
||||
time.sleep(delay)
|
||||
|
||||
def send_console(self, chars: str) -> None:
|
||||
assert self.process
|
||||
|
|
|
@ -89,7 +89,7 @@ with lib;
|
|||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# on your system were taken. It’s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
|
|
|
@ -46,8 +46,10 @@ with lib;
|
|||
libextractor = super.libextractor.override { gtkSupport = false; };
|
||||
libva = super.libva-minimal;
|
||||
limesuite = super.limesuite.override { withGui = false; };
|
||||
mc = super.mc.override { x11Support = false; };
|
||||
mpv-unwrapped = super.mpv-unwrapped.override { sdl2Support = false; x11Support = false; };
|
||||
msmtp = super.msmtp.override { withKeyring = false; };
|
||||
neofetch = super.neofetch.override { x11Support = false; };
|
||||
networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; };
|
||||
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
|
||||
networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; };
|
||||
|
|
|
@ -15,7 +15,7 @@ let
|
|||
in
|
||||
{
|
||||
options.networking.stevenblack = {
|
||||
enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist.");
|
||||
enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist");
|
||||
|
||||
block = mkOption {
|
||||
type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]);
|
||||
|
|
159
third_party/nixpkgs/nixos/modules/config/zram.nix
vendored
159
third_party/nixpkgs/nixos/modules/config/zram.nix
vendored
|
@ -1,45 +1,27 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.zramSwap;
|
||||
|
||||
# don't set swapDevices as mkDefault, so we can detect user had read our warning
|
||||
# (see below) and made an action (or not)
|
||||
devicesCount = if cfg.swapDevices != null then cfg.swapDevices else cfg.numDevices;
|
||||
|
||||
devices = map (nr: "zram${toString nr}") (range 0 (devicesCount - 1));
|
||||
|
||||
modprobe = "${pkgs.kmod}/bin/modprobe";
|
||||
|
||||
warnings =
|
||||
assert cfg.swapDevices != null -> cfg.numDevices >= cfg.swapDevices;
|
||||
flatten [
|
||||
(optional (cfg.numDevices > 1 && cfg.swapDevices == null) ''
|
||||
Using several small zram devices as swap is no better than using one large.
|
||||
Set either zramSwap.numDevices = 1 or explicitly set zramSwap.swapDevices.
|
||||
|
||||
Previously multiple zram devices were used to enable multithreaded
|
||||
compression. Linux supports multithreaded compression for 1 device
|
||||
since 3.15. See https://lkml.org/lkml/2014/2/28/404 for details.
|
||||
'')
|
||||
];
|
||||
devices = map (nr: "zram${toString nr}") (lib.range 0 (cfg.swapDevices - 1));
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
imports = [
|
||||
(lib.mkRemovedOptionModule [ "zramSwap" "numDevices" ] "Using ZRAM devices as general purpose ephemeral block devices is no longer supported")
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
zramSwap = {
|
||||
|
||||
enable = mkOption {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
type = lib.types.bool;
|
||||
description = lib.mdDoc ''
|
||||
Enable in-memory compressed devices and swap space provided by the zram
|
||||
kernel module.
|
||||
|
@ -49,29 +31,17 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
numDevices = mkOption {
|
||||
swapDevices = lib.mkOption {
|
||||
default = 1;
|
||||
type = types.int;
|
||||
type = lib.types.int;
|
||||
description = lib.mdDoc ''
|
||||
Number of zram devices to create. See also
|
||||
`zramSwap.swapDevices`
|
||||
Number of zram devices to be used as swap, recommended is 1.
|
||||
'';
|
||||
};
|
||||
|
||||
swapDevices = mkOption {
|
||||
default = null;
|
||||
example = 1;
|
||||
type = with types; nullOr int;
|
||||
description = lib.mdDoc ''
|
||||
Number of zram devices to be used as swap. Must be
|
||||
`<= zramSwap.numDevices`.
|
||||
Default is same as `zramSwap.numDevices`, recommended is 1.
|
||||
'';
|
||||
};
|
||||
|
||||
memoryPercent = mkOption {
|
||||
memoryPercent = lib.mkOption {
|
||||
default = 50;
|
||||
type = types.int;
|
||||
type = lib.types.int;
|
||||
description = lib.mdDoc ''
|
||||
Maximum total amount of memory that can be stored in the zram swap devices
|
||||
(as a percentage of your total memory). Defaults to 1/2 of your total
|
||||
|
@ -80,9 +50,9 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
memoryMax = mkOption {
|
||||
memoryMax = lib.mkOption {
|
||||
default = null;
|
||||
type = with types; nullOr int;
|
||||
type = with lib.types; nullOr int;
|
||||
description = lib.mdDoc ''
|
||||
Maximum total amount of memory (in bytes) that can be stored in the zram
|
||||
swap devices.
|
||||
|
@ -90,9 +60,9 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
priority = mkOption {
|
||||
priority = lib.mkOption {
|
||||
default = 5;
|
||||
type = types.int;
|
||||
type = lib.types.int;
|
||||
description = lib.mdDoc ''
|
||||
Priority of the zram swap devices. It should be a number higher than
|
||||
the priority of your disk-based swap devices (so that the system will
|
||||
|
@ -100,10 +70,10 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
algorithm = mkOption {
|
||||
algorithm = lib.mkOption {
|
||||
default = "zstd";
|
||||
example = "lz4";
|
||||
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str;
|
||||
type = with lib.types; either (enum [ "lzo" "lz4" "zstd" ]) str;
|
||||
description = lib.mdDoc ''
|
||||
Compression algorithm. `lzo` has good compression,
|
||||
but is slow. `lz4` has bad compression, but is fast.
|
||||
|
@ -116,9 +86,7 @@ in
|
|||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
inherit warnings;
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
system.requiredKernelConfig = with config.lib.kernelConfig; [
|
||||
(isModule "ZRAM")
|
||||
|
@ -128,78 +96,25 @@ in
|
|||
# once in stage 2 boot, and again when the zram-reloader service starts.
|
||||
# boot.kernelModules = [ "zram" ];
|
||||
|
||||
boot.extraModprobeConfig = ''
|
||||
options zram num_devices=${toString cfg.numDevices}
|
||||
'';
|
||||
systemd.packages = [ pkgs.zram-generator ];
|
||||
systemd.services."systemd-zram-setup@".path = [ pkgs.util-linux ]; # for mkswap
|
||||
|
||||
boot.kernelParams = ["zram.num_devices=${toString cfg.numDevices}"];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
KERNEL=="zram[0-9]*", ENV{SYSTEMD_WANTS}="zram-init-%k.service", TAG+="systemd"
|
||||
'';
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
createZramInitService = dev:
|
||||
nameValuePair "zram-init-${dev}" {
|
||||
description = "Init swap on zram-based device ${dev}";
|
||||
after = [ "dev-${dev}.device" "zram-reloader.service" ];
|
||||
requires = [ "dev-${dev}.device" "zram-reloader.service" ];
|
||||
before = [ "dev-${dev}.swap" ];
|
||||
requiredBy = [ "dev-${dev}.swap" ];
|
||||
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStop = "${pkgs.runtimeShell} -c 'echo 1 > /sys/class/block/${dev}/reset'";
|
||||
};
|
||||
script = ''
|
||||
set -euo pipefail
|
||||
|
||||
# Calculate memory to use for zram
|
||||
mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / {
|
||||
value=int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024);
|
||||
${lib.optionalString (cfg.memoryMax != null) ''
|
||||
memory_max=int(${toString cfg.memoryMax}/${toString devicesCount});
|
||||
if (value > memory_max) { value = memory_max }
|
||||
''}
|
||||
print value
|
||||
}' /proc/meminfo)
|
||||
|
||||
${pkgs.util-linux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
|
||||
${pkgs.util-linux}/sbin/mkswap /dev/${dev}
|
||||
'';
|
||||
restartIfChanged = false;
|
||||
};
|
||||
in listToAttrs ((map createZramInitService devices) ++ [(nameValuePair "zram-reloader"
|
||||
{
|
||||
description = "Reload zram kernel module when number of devices changes";
|
||||
wants = [ "systemd-udevd.service" ];
|
||||
after = [ "systemd-udevd.service" ];
|
||||
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStartPre = "-${modprobe} -r zram";
|
||||
ExecStart = "-${modprobe} zram";
|
||||
ExecStop = "-${modprobe} -r zram";
|
||||
};
|
||||
restartTriggers = [
|
||||
cfg.numDevices
|
||||
cfg.algorithm
|
||||
cfg.memoryPercent
|
||||
];
|
||||
restartIfChanged = true;
|
||||
})]);
|
||||
|
||||
swapDevices =
|
||||
let
|
||||
useZramSwap = dev:
|
||||
{
|
||||
device = "/dev/${dev}";
|
||||
priority = cfg.priority;
|
||||
};
|
||||
in map useZramSwap devices;
|
||||
environment.etc."systemd/zram-generator.conf".source =
|
||||
(pkgs.formats.ini { }).generate "zram-generator.conf" (lib.listToAttrs
|
||||
(builtins.map
|
||||
(dev: {
|
||||
name = dev;
|
||||
value =
|
||||
let
|
||||
size = "${toString cfg.memoryPercent} / 100 * ram";
|
||||
in
|
||||
{
|
||||
zram-size = if cfg.memoryMax != null then "min(${size}, ${toString cfg.memoryMax} / 1024 / 1024)" else size;
|
||||
compression-algorithm = cfg.algorithm;
|
||||
swap-priority = cfg.priority;
|
||||
};
|
||||
})
|
||||
devices));
|
||||
|
||||
};
|
||||
|
||||
|
|
|
@ -21,7 +21,8 @@ let
|
|||
pCfg = cfg.prime;
|
||||
syncCfg = pCfg.sync;
|
||||
offloadCfg = pCfg.offload;
|
||||
primeEnabled = syncCfg.enable || offloadCfg.enable;
|
||||
reverseSyncCfg = pCfg.reverseSync;
|
||||
primeEnabled = syncCfg.enable || reverseSyncCfg.enable || offloadCfg.enable;
|
||||
nvidiaPersistencedEnabled = cfg.nvidiaPersistenced;
|
||||
nvidiaSettings = cfg.nvidiaSettings;
|
||||
busIDType = types.strMatching "([[:print:]]+[\:\@][0-9]{1,3}\:[0-9]{1,2}\:[0-9])?";
|
||||
|
@ -31,7 +32,8 @@ in
|
|||
imports =
|
||||
[
|
||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "enable" ] [ "hardware" "nvidia" "prime" "sync" "enable" ])
|
||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ])
|
||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
|
||||
(mkRenamedOptionModule [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
|
||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "nvidiaBusId" ] [ "hardware" "nvidia" "prime" "nvidiaBusId" ])
|
||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "intelBusId" ] [ "hardware" "nvidia" "prime" "intelBusId" ])
|
||||
];
|
||||
|
@ -104,16 +106,17 @@ in
|
|||
description = lib.mdDoc ''
|
||||
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME.
|
||||
If enabled, the NVIDIA GPU will be always on and used for all rendering,
|
||||
while enabling output to displays attached only to the integrated Intel GPU
|
||||
without a multiplexer.
|
||||
while enabling output to displays attached only to the integrated Intel/AMD
|
||||
GPU without a multiplexer.
|
||||
|
||||
Note that this option only has any effect if the "nvidia" driver is specified
|
||||
in {option}`services.xserver.videoDrivers`, and it should preferably
|
||||
be the only driver there.
|
||||
|
||||
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
|
||||
specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||
{option}`hardware.nvidia.prime.intelBusId`).
|
||||
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
|
||||
be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||
{option}`hardware.nvidia.prime.intelBusId` or
|
||||
{option}`hardware.nvidia.prime.amdgpuBusId`).
|
||||
|
||||
If you enable this, you may want to also enable kernel modesetting for the
|
||||
NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order
|
||||
|
@ -125,11 +128,11 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
hardware.nvidia.prime.sync.allowExternalGpu = mkOption {
|
||||
hardware.nvidia.prime.allowExternalGpu = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Configure X to allow external NVIDIA GPUs when using optimus.
|
||||
Configure X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -139,9 +142,54 @@ in
|
|||
description = lib.mdDoc ''
|
||||
Enable render offload support using the NVIDIA proprietary driver via PRIME.
|
||||
|
||||
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
|
||||
specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||
{option}`hardware.nvidia.prime.intelBusId`).
|
||||
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
|
||||
be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||
{option}`hardware.nvidia.prime.intelBusId` or
|
||||
{option}`hardware.nvidia.prime.amdgpuBusId`).
|
||||
'';
|
||||
};
|
||||
|
||||
hardware.nvidia.prime.offload.enableOffloadCmd = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Adds a `nvidia-offload` convenience script to {option}`environment.systemPackages`
|
||||
for offloading programs to an nvidia device. To work, should have also enabled
|
||||
{option}`hardware.nvidia.prime.offload.enable` or {option}`hardware.nvidia.prime.reverseSync.enable`.
|
||||
|
||||
Example usage `nvidia-offload sauerbraten_client`.
|
||||
'';
|
||||
};
|
||||
|
||||
hardware.nvidia.prime.reverseSync.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Warning: This feature is relatively new, depending on your system this might
|
||||
work poorly. AMD support, especially so.
|
||||
See: https://forums.developer.nvidia.com/t/the-all-new-outputsink-feature-aka-reverse-prime/129828
|
||||
|
||||
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse
|
||||
PRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while
|
||||
enabling output to displays attached only to the NVIDIA GPU without a
|
||||
multiplexer.
|
||||
|
||||
Note that this option only has any effect if the "nvidia" driver is specified
|
||||
in {option}`services.xserver.videoDrivers`, and it should preferably
|
||||
be the only driver there.
|
||||
|
||||
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
|
||||
be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||
{option}`hardware.nvidia.prime.intelBusId` or
|
||||
{option}`hardware.nvidia.prime.amdgpuBusId`).
|
||||
|
||||
If you enable this, you may want to also enable kernel modesetting for the
|
||||
NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order
|
||||
to prevent tearing.
|
||||
|
||||
Note that this configuration will only be successful when a display manager
|
||||
for which the {option}`services.xserver.displayManager.setupCommands`
|
||||
option is supported is used.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -205,6 +253,13 @@ in
|
|||
'';
|
||||
}
|
||||
|
||||
{
|
||||
assertion = offloadCfg.enableOffloadCmd -> offloadCfg.enable || reverseSyncCfg.enable;
|
||||
message = ''
|
||||
Offload command requires offloading or reverse prime sync to be enabled.
|
||||
'';
|
||||
}
|
||||
|
||||
{
|
||||
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
|
||||
message = ''
|
||||
|
@ -217,9 +272,19 @@ in
|
|||
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
|
||||
}
|
||||
|
||||
{
|
||||
assertion = (reverseSyncCfg.enable && pCfg.amdgpuBusId != "") -> versionAtLeast nvidia_x11.version "470.0";
|
||||
message = "NVIDIA PRIME render offload for AMD APUs is currently only supported on versions >= 470 beta.";
|
||||
}
|
||||
|
||||
{
|
||||
assertion = !(syncCfg.enable && offloadCfg.enable);
|
||||
message = "Only one NVIDIA PRIME solution may be used at a time.";
|
||||
message = "PRIME Sync and Offload cannot be both enabled";
|
||||
}
|
||||
|
||||
{
|
||||
assertion = !(syncCfg.enable && reverseSyncCfg.enable);
|
||||
message = "PRIME Sync and PRIME Reverse Sync cannot be both enabled";
|
||||
}
|
||||
|
||||
{
|
||||
|
@ -257,8 +322,10 @@ in
|
|||
# - Configure the display manager to run specific `xrandr` commands which will
|
||||
# configure/enable displays connected to the Intel iGPU / AMD APU.
|
||||
|
||||
services.xserver.drivers = let
|
||||
in optional primeEnabled {
|
||||
# reverse sync implies offloading
|
||||
hardware.nvidia.prime.offload.enable = mkDefault reverseSyncCfg.enable;
|
||||
|
||||
services.xserver.drivers = optional primeEnabled {
|
||||
name = igpuDriver;
|
||||
display = offloadCfg.enable;
|
||||
modules = optionals (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ];
|
||||
|
@ -273,7 +340,7 @@ in
|
|||
deviceSection = optionalString primeEnabled
|
||||
''
|
||||
BusID "${pCfg.nvidiaBusId}"
|
||||
${optionalString syncCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
|
||||
${optionalString pCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
|
||||
'';
|
||||
screenSection =
|
||||
''
|
||||
|
@ -290,19 +357,22 @@ in
|
|||
|
||||
services.xserver.serverLayoutSection = optionalString syncCfg.enable ''
|
||||
Inactive "Device-${igpuDriver}[0]"
|
||||
'' + optionalString reverseSyncCfg.enable ''
|
||||
Inactive "Device-nvidia[0]"
|
||||
'' + optionalString offloadCfg.enable ''
|
||||
Option "AllowNVIDIAGPUScreens"
|
||||
'';
|
||||
|
||||
services.xserver.displayManager.setupCommands = let
|
||||
sinkGpuProviderName = if igpuDriver == "amdgpu" then
|
||||
gpuProviderName = if igpuDriver == "amdgpu" then
|
||||
# find the name of the provider if amdgpu
|
||||
"`${pkgs.xorg.xrandr}/bin/xrandr --listproviders | ${pkgs.gnugrep}/bin/grep -i AMD | ${pkgs.gnused}/bin/sed -n 's/^.*name://p'`"
|
||||
else
|
||||
igpuDriver;
|
||||
in optionalString syncCfg.enable ''
|
||||
providerCmdParams = if syncCfg.enable then "\"${gpuProviderName}\" NVIDIA-0" else "NVIDIA-G0 \"${gpuProviderName}\"";
|
||||
in optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
|
||||
# Added by nvidia configuration module for Optimus/PRIME.
|
||||
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource "${sinkGpuProviderName}" NVIDIA-0
|
||||
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource ${providerCmdParams}
|
||||
${pkgs.xorg.xrandr}/bin/xrandr --auto
|
||||
'';
|
||||
|
||||
|
@ -325,7 +395,16 @@ in
|
|||
|
||||
environment.systemPackages = [ nvidia_x11.bin ]
|
||||
++ optionals cfg.nvidiaSettings [ nvidia_x11.settings ]
|
||||
++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ];
|
||||
++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ]
|
||||
++ optionals offloadCfg.enableOffloadCmd [
|
||||
(pkgs.writeShellScriptBin "nvidia-offload" ''
|
||||
export __NV_PRIME_RENDER_OFFLOAD=1
|
||||
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
||||
export __GLX_VENDOR_LIBRARY_NAME=nvidia
|
||||
export __VK_LAYER_NV_optimus=NVIDIA_only
|
||||
exec "$@"
|
||||
'')
|
||||
];
|
||||
|
||||
systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out;
|
||||
|
||||
|
|
|
@ -217,7 +217,7 @@ in
|
|||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# on your system were taken. It’s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
|
|
|
@ -510,6 +510,7 @@ in
|
|||
#seeks = 148; # removed 2020-06-21
|
||||
prosody = 149;
|
||||
i2pd = 150;
|
||||
systemd-coredump = 151;
|
||||
systemd-network = 152;
|
||||
systemd-resolve = 153;
|
||||
systemd-timesync = 154;
|
||||
|
|
|
@ -130,7 +130,7 @@ in
|
|||
to be compatible. The effect is that NixOS will use
|
||||
defaults corresponding to the specified release (such as using
|
||||
an older version of PostgreSQL).
|
||||
It‘s perfectly fine and recommended to leave this value at the
|
||||
It’s perfectly fine and recommended to leave this value at the
|
||||
release version of the first install of this system.
|
||||
Changing this option will not upgrade your system. In fact it
|
||||
is meant to stay constant exactly when you upgrade your system.
|
||||
|
|
|
@ -195,6 +195,7 @@
|
|||
./programs/mdevctl.nix
|
||||
./programs/mepo.nix
|
||||
./programs/mininet.nix
|
||||
./programs/miriway.nix
|
||||
./programs/mosh.nix
|
||||
./programs/msmtp.nix
|
||||
./programs/mtr.nix
|
||||
|
@ -222,6 +223,7 @@
|
|||
./programs/seahorse.nix
|
||||
./programs/sedutil.nix
|
||||
./programs/shadow.nix
|
||||
./programs/sharing.nix
|
||||
./programs/singularity.nix
|
||||
./programs/skim.nix
|
||||
./programs/slock.nix
|
||||
|
@ -696,6 +698,7 @@
|
|||
./services/monitoring/arbtt.nix
|
||||
./services/monitoring/bosun.nix
|
||||
./services/monitoring/cadvisor.nix
|
||||
./services/monitoring/cockpit.nix
|
||||
./services/monitoring/collectd.nix
|
||||
./services/monitoring/das_watchdog.nix
|
||||
./services/monitoring/datadog-agent.nix
|
||||
|
@ -1364,6 +1367,7 @@
|
|||
./virtualisation/lxc.nix
|
||||
./virtualisation/lxcfs.nix
|
||||
./virtualisation/lxd.nix
|
||||
./virtualisation/multipass.nix
|
||||
./virtualisation/nixos-containers.nix
|
||||
./virtualisation/oci-containers.nix
|
||||
./virtualisation/openstack-options.nix
|
||||
|
|
|
@ -28,7 +28,7 @@ with lib;
|
|||
k3b
|
||||
dvdplusrwtools
|
||||
cdrdao
|
||||
cdrkit
|
||||
cdrtools
|
||||
];
|
||||
|
||||
security.wrappers = {
|
||||
|
@ -44,7 +44,7 @@ with lib;
|
|||
owner = "root";
|
||||
group = "cdrom";
|
||||
permissions = "u+wrx,g+x";
|
||||
source = "${pkgs.cdrkit}/bin/cdrecord";
|
||||
source = "${pkgs.cdrtools}/bin/cdrecord";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
60
third_party/nixpkgs/nixos/modules/programs/miriway.nix
vendored
Normal file
60
third_party/nixpkgs/nixos/modules/programs/miriway.nix
vendored
Normal file
|
@ -0,0 +1,60 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.programs.miriway;
|
||||
in {
|
||||
options.programs.miriway = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc ''
|
||||
Miriway, a Mir based Wayland compositor. You can manually launch Miriway by
|
||||
executing "exec miriway" on a TTY, or launch it from a display manager. Copy
|
||||
/etc/xdg/xdg-miriway/miriway-shell.config to ~/.config/miriway-shell.config
|
||||
to modify the default configuration. See <https://github.com/Miriway/Miriway>,
|
||||
and "miriway --help" for more information'');
|
||||
|
||||
config = lib.mkOption {
|
||||
type = lib.types.lines;
|
||||
default = ''
|
||||
x11-window-title=Miriway (Mir-on-X)
|
||||
idle-timeout=600
|
||||
ctrl-alt=t:miriway-terminal # Default "terminal emulator finder"
|
||||
|
||||
shell-component=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
|
||||
'';
|
||||
example = ''
|
||||
idle-timeout=300
|
||||
ctrl-alt=t:weston-terminal
|
||||
add-wayland-extensions=all
|
||||
|
||||
shell-components=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
|
||||
|
||||
shell-component=waybar
|
||||
shell-component=wbg Pictures/wallpaper
|
||||
|
||||
shell-meta=a:synapse
|
||||
'';
|
||||
description = lib.mdDoc ''
|
||||
Miriway's config. This will be installed system-wide.
|
||||
The default will install the miriway package's barebones example config.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = [ pkgs.miriway ];
|
||||
etc = {
|
||||
"xdg/xdg-miriway/miriway-shell.config".text = cfg.config;
|
||||
};
|
||||
};
|
||||
|
||||
hardware.opengl.enable = lib.mkDefault true;
|
||||
fonts.enableDefaultFonts = lib.mkDefault true;
|
||||
programs.dconf.enable = lib.mkDefault true;
|
||||
programs.xwayland.enable = lib.mkDefault true;
|
||||
|
||||
# To make the Miriway session available if a display manager like SDDM is enabled:
|
||||
services.xserver.displayManager.sessionPackages = [ pkgs.miriway ];
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ OPNA2608 ];
|
||||
}
|
|
@ -86,7 +86,7 @@ in {
|
|||
description = lib.mdDoc "Proxy DNS requests - no leak for DNS data.";
|
||||
};
|
||||
|
||||
quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library).");
|
||||
quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library)");
|
||||
|
||||
remoteDNSSubnet = mkOption {
|
||||
type = types.enum [ 10 127 224 ];
|
||||
|
|
|
@ -20,6 +20,6 @@ in {
|
|||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
services.udev.packages = [ cfg.package ];
|
||||
users.groups.wireshark = {};
|
||||
users.groups.dialout = {};
|
||||
};
|
||||
}
|
||||
|
|
19
third_party/nixpkgs/nixos/modules/programs/sharing.nix
vendored
Normal file
19
third_party/nixpkgs/nixos/modules/programs/sharing.nix
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.programs.sharing = {
|
||||
enable = mkEnableOption (lib.mdDoc ''
|
||||
sharing, a CLI tool for sharing files.
|
||||
|
||||
Note that it will opens the 7478 port for TCP in the firewall, which is needed for it to function properly
|
||||
'');
|
||||
};
|
||||
config =
|
||||
let
|
||||
cfg = config.programs.sharing;
|
||||
in
|
||||
mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.sharing ];
|
||||
networking.firewall.allowedTCPPorts = [ 7478 ];
|
||||
};
|
||||
}
|
|
@ -3,32 +3,90 @@
|
|||
with lib;
|
||||
let
|
||||
cfg = config.programs.singularity;
|
||||
singularity = pkgs.singularity.overrideAttrs (attrs : {
|
||||
installPhase = attrs.installPhase + ''
|
||||
mv $out/libexec/singularity/bin/starter-suid $out/libexec/singularity/bin/starter-suid.orig
|
||||
ln -s /run/wrappers/bin/singularity-suid $out/libexec/singularity/bin/starter-suid
|
||||
'';
|
||||
});
|
||||
in {
|
||||
in
|
||||
{
|
||||
|
||||
options.programs.singularity = {
|
||||
enable = mkEnableOption (lib.mdDoc "Singularity");
|
||||
enable = mkEnableOption (mdDoc "singularity") // {
|
||||
description = mdDoc ''
|
||||
Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
|
||||
'';
|
||||
};
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.singularity;
|
||||
defaultText = literalExpression "pkgs.singularity";
|
||||
example = literalExpression "pkgs.apptainer";
|
||||
description = mdDoc ''
|
||||
Singularity/Apptainer package to override and install.
|
||||
'';
|
||||
};
|
||||
packageOverriden = mkOption {
|
||||
type = types.nullOr types.package;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
This option provides access to the overriden result of `programs.singularity.package`.
|
||||
|
||||
For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`:
|
||||
```Nix
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
_singularity-orig = prev.singularity;
|
||||
singularity = config.programs.singularity.packageOverriden;
|
||||
})
|
||||
];
|
||||
programs.singularity.enable = true;
|
||||
programs.singularity.package = pkgs._singularity-orig;
|
||||
}
|
||||
```
|
||||
|
||||
Use `lib.mkForce` to forcefully specify the overriden package.
|
||||
'';
|
||||
};
|
||||
enableFakeroot = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = mdDoc ''
|
||||
Whether to enable the `--fakeroot` support of Singularity/Apptainer.
|
||||
'';
|
||||
};
|
||||
enableSuid = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = mdDoc ''
|
||||
Whether to enable the SUID support of Singularity/Apptainer.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ singularity ];
|
||||
security.wrappers.singularity-suid =
|
||||
{ setuid = true;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
source = "${singularity}/libexec/singularity/bin/starter-suid.orig";
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/singularity/mnt/session 0770 root root -"
|
||||
"d /var/singularity/mnt/final 0770 root root -"
|
||||
"d /var/singularity/mnt/overlay 0770 root root -"
|
||||
"d /var/singularity/mnt/container 0770 root root -"
|
||||
"d /var/singularity/mnt/source 0770 root root -"
|
||||
];
|
||||
programs.singularity.packageOverriden = (cfg.package.override (
|
||||
optionalAttrs cfg.enableFakeroot {
|
||||
newuidmapPath = "/run/wrappers/bin/newuidmap";
|
||||
newgidmapPath = "/run/wrappers/bin/newgidmap";
|
||||
} // optionalAttrs cfg.enableSuid {
|
||||
enableSuid = true;
|
||||
starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid";
|
||||
}
|
||||
));
|
||||
environment.systemPackages = [ cfg.packageOverriden ];
|
||||
security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid {
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
source = "${cfg.packageOverriden}/libexec/${cfg.packageOverriden.projectName}/bin/starter-suid.orig";
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -"
|
||||
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/final 0770 root root -"
|
||||
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/overlay 0770 root root -"
|
||||
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/container 0770 root root -"
|
||||
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/source 0770 root root -"
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -282,7 +282,7 @@ in
|
|||
config = {
|
||||
|
||||
programs.ssh.setXAuthLocation =
|
||||
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.forwardX11);
|
||||
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.settings.X11Forwarding);
|
||||
|
||||
assertions =
|
||||
[ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
|
||||
|
|
|
@ -26,7 +26,7 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
swayPackage = pkgs.sway.override {
|
||||
defaultSwayPackage = pkgs.sway.override {
|
||||
extraSessionCommands = cfg.extraSessionCommands;
|
||||
extraOptions = cfg.extraOptions;
|
||||
withBaseWrapper = cfg.wrapperFeatures.base;
|
||||
|
@ -42,6 +42,19 @@ in {
|
|||
<https://github.com/swaywm/sway/wiki> and
|
||||
"man 5 sway" for more information'');
|
||||
|
||||
package = mkOption {
|
||||
type = with types; nullOr package;
|
||||
default = defaultSwayPackage;
|
||||
defaultText = literalExpression "pkgs.sway";
|
||||
description = lib.mdDoc ''
|
||||
Sway package to use. Will override the options
|
||||
'wrapperFeatures', 'extraSessionCommands', and 'extraOptions'.
|
||||
Set to <code>null</code> to not add any Sway package to your
|
||||
path. This should be done if you want to use the Home Manager Sway
|
||||
module to install Sway.
|
||||
'';
|
||||
};
|
||||
|
||||
wrapperFeatures = mkOption {
|
||||
type = wrapperOptions;
|
||||
default = { };
|
||||
|
@ -121,16 +134,17 @@ in {
|
|||
}
|
||||
];
|
||||
environment = {
|
||||
systemPackages = [ swayPackage ] ++ cfg.extraPackages;
|
||||
systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages;
|
||||
# Needed for the default wallpaper:
|
||||
pathsToLink = [ "/share/backgrounds/sway" ];
|
||||
pathsToLink = optionals (cfg.package != null) [ "/share/backgrounds/sway" ];
|
||||
etc = {
|
||||
"sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config";
|
||||
"sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" ''
|
||||
# Import the most important environment variables into the D-Bus and systemd
|
||||
# user environments (e.g. required for screen sharing and Pinentry prompts):
|
||||
exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP
|
||||
'';
|
||||
} // optionalAttrs (cfg.package != null) {
|
||||
"sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config";
|
||||
};
|
||||
};
|
||||
security.polkit.enable = true;
|
||||
|
@ -139,7 +153,7 @@ in {
|
|||
fonts.enableDefaultFonts = mkDefault true;
|
||||
programs.dconf.enable = mkDefault true;
|
||||
# To make a Sway session available if a display manager like SDDM is enabled:
|
||||
services.xserver.displayManager.sessionPackages = [ swayPackage ];
|
||||
services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ];
|
||||
programs.xwayland.enable = mkDefault true;
|
||||
# For screen sharing (this option only has an effect with xdg.portal.enable):
|
||||
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
|
||||
|
|
|
@ -14,7 +14,7 @@ in
|
|||
|
||||
security.polkit.enable = mkEnableOption (lib.mdDoc "polkit");
|
||||
|
||||
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions.");
|
||||
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions");
|
||||
|
||||
security.polkit.extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
|
|
|
@ -9,7 +9,7 @@ let
|
|||
in {
|
||||
options = {
|
||||
services.zfs.autoReplication = {
|
||||
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication.");
|
||||
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication");
|
||||
|
||||
followDelete = mkOption {
|
||||
description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent.";
|
||||
|
|
|
@ -62,7 +62,7 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager.");
|
||||
enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager");
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
|
|
@ -146,7 +146,7 @@ in
|
|||
default = "unix:///run/containerd/containerd.sock";
|
||||
};
|
||||
|
||||
enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet.");
|
||||
enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet");
|
||||
|
||||
extraOpts = mkOption {
|
||||
description = lib.mdDoc "Kubernetes kubelet extra command line options.";
|
||||
|
|
|
@ -383,7 +383,7 @@ in
|
|||
"d /var/spool/slurmd 755 root root -"
|
||||
];
|
||||
|
||||
services.openssh.forwardX11 = mkIf cfg.client.enable (mkDefault true);
|
||||
services.openssh.settings.X11Forwarding = mkIf cfg.client.enable (mkDefault true);
|
||||
|
||||
systemd.services.slurmctld = mkIf (cfg.server.enable) {
|
||||
path = with pkgs; [ wrappedSlurm munge coreutils ]
|
||||
|
|
|
@ -27,7 +27,7 @@ with lib;
|
|||
options = {
|
||||
|
||||
services.gnome.evolution-data-server = {
|
||||
enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars.");
|
||||
enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars");
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
|
@ -35,7 +35,7 @@ with lib;
|
|||
};
|
||||
};
|
||||
programs.evolution = {
|
||||
enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality.");
|
||||
enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality");
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
|
|
|
@ -28,7 +28,7 @@ in
|
|||
|
||||
options = {
|
||||
services.zammad = {
|
||||
enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution.");
|
||||
enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution");
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
|
|
|
@ -54,7 +54,7 @@ in
|
|||
default = 0;
|
||||
description = lib.mdDoc "Set debug log level.";
|
||||
};
|
||||
options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends.");
|
||||
options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends");
|
||||
options.Guests = mkEnableOption (lib.mdDoc "guests to login if auth is enabled");
|
||||
options.Newusers = mkEnableOption (lib.mdDoc "new users to login if auth is enabled");
|
||||
options.port = mkOption {
|
||||
|
|
|
@ -19,7 +19,7 @@ in
|
|||
|
||||
services.udisks2 = {
|
||||
|
||||
enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices.");
|
||||
enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices");
|
||||
|
||||
settings = mkOption rec {
|
||||
type = types.attrsOf settingsFormat.type;
|
||||
|
|
|
@ -171,11 +171,11 @@ in
|
|||
options.services.dovecot2 = {
|
||||
enable = mkEnableOption (lib.mdDoc "the dovecot 2.x POP3/IMAP server");
|
||||
|
||||
enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled).");
|
||||
enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled)");
|
||||
|
||||
enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled).") // { default = true; };
|
||||
enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled)") // { default = true; };
|
||||
|
||||
enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled).");
|
||||
enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled)");
|
||||
|
||||
protocols = mkOption {
|
||||
type = types.listOf types.str;
|
||||
|
@ -300,9 +300,9 @@ in
|
|||
description = lib.mdDoc "Path to the server's private key.";
|
||||
};
|
||||
|
||||
enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins.") // { default = true; };
|
||||
enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins") // { default = true; };
|
||||
|
||||
enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange.") // { default = true; };
|
||||
enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange") // { default = true; };
|
||||
|
||||
sieveScripts = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
|
@ -310,7 +310,7 @@ in
|
|||
description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
|
||||
};
|
||||
|
||||
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW).");
|
||||
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW)");
|
||||
|
||||
mailboxes = mkOption {
|
||||
type = with types; coercedTo
|
||||
|
@ -326,7 +326,7 @@ in
|
|||
description = lib.mdDoc "Configure mailboxes and auto create or subscribe them.";
|
||||
};
|
||||
|
||||
enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service.");
|
||||
enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service");
|
||||
|
||||
quotaPort = mkOption {
|
||||
type = types.str;
|
||||
|
|
|
@ -150,9 +150,13 @@ in
|
|||
root = cfg.package;
|
||||
index = "index.php";
|
||||
extraConfig = ''
|
||||
location ~* \.php$ {
|
||||
location ~* \.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:${fpm.socket};
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
|
||||
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ in
|
|||
{
|
||||
options = {
|
||||
services.atuin = {
|
||||
enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin.");
|
||||
enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin");
|
||||
|
||||
openRegistration = mkOption {
|
||||
type = types.bool;
|
||||
|
|
|
@ -6,7 +6,7 @@ let cfg = config.services.input-remapper; in
|
|||
{
|
||||
options = {
|
||||
services.input-remapper = {
|
||||
enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons.");
|
||||
enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons");
|
||||
package = mkPackageOptionMD pkgs "input-remapper" { };
|
||||
enableUdevRules = mkEnableOption (lib.mdDoc "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140");
|
||||
serviceWantedBy = mkOption {
|
||||
|
|
|
@ -85,7 +85,7 @@ in
|
|||
WorkingDirectory = libDir;
|
||||
SyslogIdentifier = "pykms";
|
||||
Restart = "on-failure";
|
||||
MemoryLimit = cfg.memoryLimit;
|
||||
MemoryMax = cfg.memoryLimit;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -438,7 +438,7 @@ in
|
|||
};
|
||||
|
||||
options."lists.sr.ht" = commonServiceSettings "lists" // {
|
||||
allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists.");
|
||||
allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists");
|
||||
notify-from = mkOption {
|
||||
description = lib.mdDoc "Outgoing email for notifications generated by users.";
|
||||
type = types.str;
|
||||
|
|
|
@ -123,7 +123,7 @@ in {
|
|||
${escapeShellArgs cfg.extraOptions} \
|
||||
${optionalString (cfg.storageDriver != null) ''
|
||||
-storage_driver "${cfg.storageDriver}" \
|
||||
-storage_driver_user "${cfg.storageDriverHost}" \
|
||||
-storage_driver_host "${cfg.storageDriverHost}" \
|
||||
-storage_driver_db "${cfg.storageDriverDb}" \
|
||||
-storage_driver_user "${cfg.storageDriverUser}" \
|
||||
-storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
|
||||
|
|
231
third_party/nixpkgs/nixos/modules/services/monitoring/cockpit.nix
vendored
Normal file
231
third_party/nixpkgs/nixos/modules/services/monitoring/cockpit.nix
vendored
Normal file
|
@ -0,0 +1,231 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.cockpit;
|
||||
inherit (lib) types mkEnableOption mkOption mkIf mdDoc literalMD mkPackageOptionMD;
|
||||
settingsFormat = pkgs.formats.ini {};
|
||||
in {
|
||||
options = {
|
||||
services.cockpit = {
|
||||
enable = mkEnableOption (mdDoc "Cockpit");
|
||||
|
||||
package = mkPackageOptionMD pkgs "Cockpit" {
|
||||
default = [ "cockpit" ];
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = settingsFormat.type;
|
||||
|
||||
default = {};
|
||||
|
||||
description = mdDoc ''
|
||||
Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf.
|
||||
|
||||
See the [documentation](https://cockpit-project.org/guide/latest/cockpit.conf.5.html), that is also available with `man cockpit.conf.5` for details.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
description = mdDoc "Port where cockpit will listen.";
|
||||
type = types.port;
|
||||
default = 9090;
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
description = mdDoc "Open port for cockpit.";
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
# expose cockpit-bridge system-wide
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
# allow cockpit to find its plugins
|
||||
environment.pathsToLink = [ "/share/cockpit" ];
|
||||
|
||||
# generate cockpit settings
|
||||
environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings;
|
||||
|
||||
security.pam.services.cockpit = {};
|
||||
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
|
||||
|
||||
# units are in reverse sort order if you ls $out/lib/systemd/system
|
||||
# all these units are basically verbatim translated from upstream
|
||||
|
||||
# Translation from $out/lib/systemd/system/systemd-cockpithttps.slice
|
||||
systemd.slices.system-cockpithttps = {
|
||||
description = "Resource limits for all cockpit-ws-https@.service instances";
|
||||
sliceConfig = {
|
||||
TasksMax = 200;
|
||||
MemoryHigh = "75%";
|
||||
MemoryMax = "90%";
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.socket
|
||||
systemd.sockets."cockpit-wsinstance-https@" = {
|
||||
unitConfig = {
|
||||
Description = "Socket for Cockpit Web Service https instance %I";
|
||||
BindsTo = [ "cockpit.service" "cockpit-wsinstance-https@%i.service" ];
|
||||
# clean up the socket after the service exits, to prevent fd leak
|
||||
# this also effectively prevents a DoS by starting arbitrarily many sockets, as
|
||||
# the services are resource-limited by system-cockpithttps.slice
|
||||
Documentation = "man:cockpit-ws(8)";
|
||||
};
|
||||
socketConfig = {
|
||||
ListenStream = "/run/cockpit/wsinstance/https@%i.sock";
|
||||
SocketUser = "root";
|
||||
SocketMode = "0600";
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.service
|
||||
systemd.services."cockpit-wsinstance-https@" = {
|
||||
description = "Cockpit Web Service https instance %I";
|
||||
bindsTo = [ "cockpit.service"];
|
||||
path = [ cfg.package ];
|
||||
documentation = [ "man:cockpit-ws(8)" ];
|
||||
serviceConfig = {
|
||||
Slice = "system-cockpithttps.slice";
|
||||
ExecStart = "${cfg.package}/libexec/cockpit-ws --for-tls-proxy --port=0";
|
||||
User = "root";
|
||||
Group = "";
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.socket
|
||||
systemd.sockets.cockpit-wsinstance-http = {
|
||||
unitConfig = {
|
||||
Description = "Socket for Cockpit Web Service http instance";
|
||||
BindsTo = "cockpit.service";
|
||||
Documentation = "man:cockpit-ws(8)";
|
||||
};
|
||||
socketConfig = {
|
||||
ListenStream = "/run/cockpit/wsinstance/http.sock";
|
||||
SocketUser = "root";
|
||||
SocketMode = "0600";
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory.socket
|
||||
systemd.sockets.cockpit-wsinstance-https-factory = {
|
||||
unitConfig = {
|
||||
Description = "Socket for Cockpit Web Service https instance factory";
|
||||
BindsTo = "cockpit.service";
|
||||
Documentation = "man:cockpit-ws(8)";
|
||||
};
|
||||
socketConfig = {
|
||||
ListenStream = "/run/cockpit/wsinstance/https-factory.sock";
|
||||
Accept = true;
|
||||
SocketUser = "root";
|
||||
SocketMode = "0600";
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory@.service
|
||||
systemd.services."cockpit-wsinstance-https-factory@" = {
|
||||
description = "Cockpit Web Service https instance factory";
|
||||
documentation = [ "man:cockpit-ws(8)" ];
|
||||
path = [ cfg.package ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/libexec/cockpit-wsinstance-factory";
|
||||
User = "root";
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.service
|
||||
systemd.services."cockpit-wsinstance-http" = {
|
||||
description = "Cockpit Web Service http instance";
|
||||
bindsTo = [ "cockpit.service" ];
|
||||
path = [ cfg.package ];
|
||||
documentation = [ "man:cockpit-ws(8)" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/libexec/cockpit-ws --no-tls --port=0";
|
||||
User = "root";
|
||||
Group = "";
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit.socket
|
||||
systemd.sockets."cockpit" = {
|
||||
unitConfig = {
|
||||
Description = "Cockpit Web Service Socket";
|
||||
Documentation = "man:cockpit-ws(8)";
|
||||
Wants = "cockpit-motd.service";
|
||||
};
|
||||
socketConfig = {
|
||||
ListenStream = cfg.port;
|
||||
ExecStartPost = [
|
||||
"-${cfg.package}/share/cockpit/motd/update-motd \"\" localhost"
|
||||
"-${pkgs.coreutils}/bin/ln -snf active.motd /run/cockpit/motd"
|
||||
];
|
||||
ExecStopPost = "-${pkgs.coreutils}/bin/ln -snf inactive.motd /run/cockpit/motd";
|
||||
};
|
||||
wantedBy = [ "sockets.target" ];
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit.service
|
||||
systemd.services."cockpit" = {
|
||||
description = "Cockpit Web Service";
|
||||
documentation = [ "man:cockpit-ws(8)" ];
|
||||
restartIfChanged = true;
|
||||
path = with pkgs; [ coreutils cfg.package ];
|
||||
requires = [ "cockpit.socket" "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
|
||||
after = [ "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
|
||||
environment = {
|
||||
G_MESSAGES_DEBUG = "cockpit-ws,cockpit-bridge";
|
||||
};
|
||||
serviceConfig = {
|
||||
RuntimeDirectory="cockpit/tls";
|
||||
ExecStartPre = [
|
||||
# cockpit-tls runs in a more constrained environment, these + means that these commands
|
||||
# will run with full privilege instead of inside that constrained environment
|
||||
# See https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= for details
|
||||
"+${cfg.package}/libexec/cockpit-certificate-ensure --for-cockpit-tls"
|
||||
];
|
||||
ExecStart = "${cfg.package}/libexec/cockpit-tls";
|
||||
User = "root";
|
||||
Group = "";
|
||||
NoNewPrivileges = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectKernelTunables = true;
|
||||
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||
MemoryDenyWriteExecute = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Translation from $out/lib/systemd/system/cockpit-motd.service
|
||||
# This part basically implements a motd state machine:
|
||||
# - If cockpit.socket is enabled then /run/cockpit/motd points to /run/cockpit/active.motd
|
||||
# - If cockpit.socket is disabled then /run/cockpit/motd points to /run/cockpit/inactive.motd
|
||||
# - As cockpit.socket is disabled by default, /run/cockpit/motd points to /run/cockpit/inactive.motd
|
||||
# /run/cockpit/active.motd is generated dynamically by cockpit-motd.service
|
||||
systemd.services."cockpit-motd" = {
|
||||
path = with pkgs; [ nettools ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${cfg.package}/share/cockpit/motd/update-motd";
|
||||
};
|
||||
description = "Cockpit motd updater service";
|
||||
documentation = [ "man:cockpit-ws(8)" ];
|
||||
wants = [ "network.target" ];
|
||||
after = [ "network.target" "cockpit.socket" ];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [ # From $out/lib/tmpfiles.d/cockpit-tmpfiles.conf
|
||||
"C /run/cockpit/inactive.motd 0640 root root - ${cfg.package}/share/cockpit/motd/inactive.motd"
|
||||
"f /run/cockpit/active.motd 0640 root root -"
|
||||
"L+ /run/cockpit/motd - - - - inactive.motd"
|
||||
"d /etc/cockpit/ws-certs.d 0600 root root 0"
|
||||
];
|
||||
};
|
||||
|
||||
meta.maintainers = pkgs.cockpit.meta.maintainers;
|
||||
}
|
|
@ -11,7 +11,7 @@ in {
|
|||
|
||||
# the upstream package runs as root, but doesn't seem to be strictly
|
||||
# necessary for basic functionality
|
||||
runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root.");
|
||||
runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root");
|
||||
|
||||
autoRetirement = mkEnableOption (lib.mdDoc ''
|
||||
Whether to automatically retire the host upon OS shutdown.
|
||||
|
|
|
@ -6,6 +6,11 @@ let
|
|||
cfg = config.services.prometheus.exporters.pihole;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "interval"] "This option has been removed.")
|
||||
({ options.warnings = options.warnings; options.assertions = options.assertions; })
|
||||
];
|
||||
|
||||
port = 9617;
|
||||
extraOpts = {
|
||||
apiToken = mkOption {
|
||||
|
@ -13,15 +18,7 @@ in
|
|||
default = "";
|
||||
example = "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003";
|
||||
description = lib.mdDoc ''
|
||||
pi-hole API token which can be used instead of a password
|
||||
'';
|
||||
};
|
||||
interval = mkOption {
|
||||
type = types.str;
|
||||
default = "10s";
|
||||
example = "30s";
|
||||
description = lib.mdDoc ''
|
||||
How often to scrape new data
|
||||
Pi-Hole API token which can be used instead of a password
|
||||
'';
|
||||
};
|
||||
password = mkOption {
|
||||
|
@ -29,7 +26,7 @@ in
|
|||
default = "";
|
||||
example = "password";
|
||||
description = lib.mdDoc ''
|
||||
The password to login into pihole. An api token can be used instead.
|
||||
The password to login into Pi-Hole. An api token can be used instead.
|
||||
'';
|
||||
};
|
||||
piholeHostname = mkOption {
|
||||
|
@ -37,7 +34,7 @@ in
|
|||
default = "pihole";
|
||||
example = "127.0.0.1";
|
||||
description = lib.mdDoc ''
|
||||
Hostname or address where to find the pihole webinterface
|
||||
Hostname or address where to find the Pi-Hole webinterface
|
||||
'';
|
||||
};
|
||||
piholePort = mkOption {
|
||||
|
@ -45,7 +42,7 @@ in
|
|||
default = 80;
|
||||
example = 443;
|
||||
description = lib.mdDoc ''
|
||||
The port pihole webinterface is reachable on
|
||||
The port Pi-Hole webinterface is reachable on
|
||||
'';
|
||||
};
|
||||
protocol = mkOption {
|
||||
|
@ -53,21 +50,28 @@ in
|
|||
default = "http";
|
||||
example = "https";
|
||||
description = lib.mdDoc ''
|
||||
The protocol which is used to connect to pihole
|
||||
The protocol which is used to connect to Pi-Hole
|
||||
'';
|
||||
};
|
||||
timeout = mkOption {
|
||||
type = types.str;
|
||||
default = "5s";
|
||||
description = lib.mdDoc ''
|
||||
Controls the timeout to connect to a Pi-Hole instance
|
||||
'';
|
||||
};
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.bash}/bin/bash -c "${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
|
||||
-interval ${cfg.interval} \
|
||||
${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
|
||||
${optionalString (cfg.apiToken != "") "-pihole_api_token ${cfg.apiToken}"} \
|
||||
-pihole_hostname ${cfg.piholeHostname} \
|
||||
${optionalString (cfg.password != "") "-pihole_password ${cfg.password}"} \
|
||||
-pihole_port ${toString cfg.piholePort} \
|
||||
-pihole_protocol ${cfg.protocol} \
|
||||
-port ${toString cfg.port}"
|
||||
-port ${toString cfg.port} \
|
||||
-timeout ${cfg.timeout}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -24,9 +24,9 @@ in {
|
|||
inherit (options.services.unpoller.unifi) controllers;
|
||||
inherit (options.services.unpoller) loki;
|
||||
log = {
|
||||
debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs.");
|
||||
quiet = mkEnableOption (lib.mdDoc "startup and error logs only.");
|
||||
prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus.");
|
||||
debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs");
|
||||
quiet = mkEnableOption (lib.mdDoc "startup and error logs only");
|
||||
prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus");
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
|
||||
options = {
|
||||
services.uptime-kuma = {
|
||||
enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set.");
|
||||
enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set");
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
|
@ -20,7 +20,7 @@ in
|
|||
description = lib.mdDoc "Uptime Kuma package to use.";
|
||||
};
|
||||
|
||||
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications.");
|
||||
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications");
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = lib.types.submodule { freeformType = with lib.types; attrsOf str; };
|
||||
|
|
|
@ -85,7 +85,7 @@ in {
|
|||
description = lib.mdDoc "Run daemons as user moosefs instead of root.";
|
||||
};
|
||||
|
||||
client.enable = mkEnableOption (lib.mdDoc "Moosefs client.");
|
||||
client.enable = mkEnableOption (lib.mdDoc "Moosefs client");
|
||||
|
||||
master = {
|
||||
enable = mkOption {
|
||||
|
@ -131,7 +131,7 @@ in {
|
|||
};
|
||||
|
||||
metalogger = {
|
||||
enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon.");
|
||||
enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon");
|
||||
|
||||
settings = mkOption {
|
||||
type = types.submodule {
|
||||
|
@ -149,7 +149,7 @@ in {
|
|||
};
|
||||
|
||||
chunkserver = {
|
||||
enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon.");
|
||||
enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon");
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
|
|
|
@ -10,7 +10,7 @@ let
|
|||
|
||||
options = {
|
||||
|
||||
enable = mkEnableOption (lib.mdDoc "blockbook-frontend application.");
|
||||
enable = mkEnableOption (lib.mdDoc "blockbook-frontend application");
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
|
|
|
@ -304,6 +304,10 @@ in
|
|||
forceSSL = cfg.singleNode.enableTLS;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.settings.port}";
|
||||
# We need to pass the Host header that matches the original Host header. Otherwise,
|
||||
# Hawk authentication will fail (because it assumes that the client and server see
|
||||
# the same value of the Host header).
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -68,6 +68,12 @@ in
|
|||
description = lib.mdDoc "Whether this node is a lighthouse.";
|
||||
};
|
||||
|
||||
isRelay = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc "Whether this node is a relay.";
|
||||
};
|
||||
|
||||
lighthouses = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
|
@ -78,6 +84,15 @@ in
|
|||
example = [ "192.168.100.1" ];
|
||||
};
|
||||
|
||||
relays = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
List of IPs of relays that this node should allow traffic from.
|
||||
'';
|
||||
example = [ "192.168.100.1" ];
|
||||
};
|
||||
|
||||
listen.host = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
|
@ -157,6 +172,11 @@ in
|
|||
am_lighthouse = netCfg.isLighthouse;
|
||||
hosts = netCfg.lighthouses;
|
||||
};
|
||||
relay = {
|
||||
am_relay = netCfg.isRelay;
|
||||
relays = netCfg.relays;
|
||||
use_relays = true;
|
||||
};
|
||||
listen = {
|
||||
host = netCfg.listen.host;
|
||||
port = netCfg.listen.port;
|
||||
|
@ -173,25 +193,41 @@ in
|
|||
configFile = format.generate "nebula-config-${netName}.yml" settings;
|
||||
in
|
||||
{
|
||||
# Create systemd service for Nebula.
|
||||
# Create the systemd service for Nebula.
|
||||
"nebula@${netName}" = {
|
||||
description = "Nebula VPN service for ${netName}";
|
||||
wants = [ "basic.target" ];
|
||||
after = [ "basic.target" "network.target" ];
|
||||
before = [ "sshd.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = mkMerge [
|
||||
{
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}";
|
||||
}
|
||||
# The service needs to launch as root to access the tun device, if it's enabled.
|
||||
(mkIf netCfg.tun.disable {
|
||||
User = networkId;
|
||||
Group = networkId;
|
||||
})
|
||||
];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}";
|
||||
UMask = "0027";
|
||||
CapabilityBoundingSet = "CAP_NET_ADMIN";
|
||||
AmbientCapabilities = "CAP_NET_ADMIN";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = false; # needs access to /dev/net/tun (below)
|
||||
DeviceAllow = "/dev/net/tun rw";
|
||||
DevicePolicy = "closed";
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProtectSystem = "strict";
|
||||
RestrictNamespaces = true;
|
||||
RestrictSUIDSGID = true;
|
||||
User = networkId;
|
||||
Group = networkId;
|
||||
};
|
||||
unitConfig.StartLimitIntervalSec = 0; # ensure Restart=always is always honoured (networks can go down for arbitrarily long)
|
||||
};
|
||||
}) enabledNetworks);
|
||||
|
@ -202,7 +238,7 @@ in
|
|||
|
||||
# Create the service users and groups.
|
||||
users.users = mkMerge (mapAttrsToList (netName: netCfg:
|
||||
mkIf netCfg.tun.disable {
|
||||
{
|
||||
${nameToId netName} = {
|
||||
group = nameToId netName;
|
||||
description = "Nebula service user for network ${netName}";
|
||||
|
@ -210,9 +246,8 @@ in
|
|||
};
|
||||
}) enabledNetworks);
|
||||
|
||||
users.groups = mkMerge (mapAttrsToList (netName: netCfg:
|
||||
mkIf netCfg.tun.disable {
|
||||
${nameToId netName} = {};
|
||||
}) enabledNetworks);
|
||||
users.groups = mkMerge (mapAttrsToList (netName: netCfg: {
|
||||
${nameToId netName} = {};
|
||||
}) enabledNetworks);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -57,7 +57,8 @@ let
|
|||
''}"}
|
||||
'';
|
||||
|
||||
in {
|
||||
in
|
||||
{
|
||||
description = "OpenVPN instance ‘${name}’";
|
||||
|
||||
wantedBy = optional cfg.autoStart "multi-user.target";
|
||||
|
@ -70,6 +71,16 @@ let
|
|||
serviceConfig.Type = "notify";
|
||||
};
|
||||
|
||||
restartService = optionalAttrs cfg.restartAfterSleep {
|
||||
openvpn-restart = {
|
||||
wantedBy = [ "sleep.target" ];
|
||||
path = [ pkgs.procps ];
|
||||
script = "pkill --signal SIGHUP --exact openvpn";
|
||||
#SIGHUP makes openvpn process to self-exit and then it got restarted by systemd because of Restart=always
|
||||
description = "Sends a signal to OpenVPN process to trigger a restart after return from sleep";
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -82,7 +93,7 @@ in
|
|||
options = {
|
||||
|
||||
services.openvpn.servers = mkOption {
|
||||
default = {};
|
||||
default = { };
|
||||
|
||||
example = literalExpression ''
|
||||
{
|
||||
|
@ -201,14 +212,21 @@ in
|
|||
|
||||
};
|
||||
|
||||
services.openvpn.restartAfterSleep = mkOption {
|
||||
default = true;
|
||||
type = types.bool;
|
||||
description = lib.mdDoc "Whether OpenVPN client should be restarted after sleep.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf (cfg.servers != {}) {
|
||||
config = mkIf (cfg.servers != { }) {
|
||||
|
||||
systemd.services = listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers);
|
||||
systemd.services = (listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers))
|
||||
// restartService;
|
||||
|
||||
environment.systemPackages = [ openvpn ];
|
||||
|
||||
|
|
|
@ -120,5 +120,5 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ malvo ];
|
||||
meta.maintainers = with maintainers; [ malte-v ];
|
||||
}
|
||||
|
|
|
@ -13,11 +13,12 @@ let
|
|||
else pkgs.buildPackages.openssh;
|
||||
|
||||
# reports boolean as yes / no
|
||||
mkValueStringSshd = v:
|
||||
mkValueStringSshd = with lib; v:
|
||||
if isInt v then toString v
|
||||
else if isString v then v
|
||||
else if true == v then "yes"
|
||||
else if false == v then "no"
|
||||
else if isList v then concatStringsSep "," v
|
||||
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
|
||||
|
||||
# dont use the "=" operator
|
||||
|
@ -104,6 +105,11 @@ in
|
|||
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "macs" ] [ "services" "openssh" "settings" "Macs" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "ciphers" ] [ "services" "openssh" "settings" "Ciphers" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "kexAlgorithms" ] [ "services" "openssh" "settings" "KexAlgorithms" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "gatewayPorts" ] [ "services" "openssh" "settings" "GatewayPorts" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "forwardX11" ] [ "services" "openssh" "settings" "X11Forwarding" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
@ -131,14 +137,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
forwardX11 = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Whether to allow X11 connections to be forwarded.
|
||||
'';
|
||||
};
|
||||
|
||||
allowSFTP = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
@ -167,16 +165,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
gatewayPorts = mkOption {
|
||||
type = types.str;
|
||||
default = "no";
|
||||
description = lib.mdDoc ''
|
||||
Specifies whether remote hosts are allowed to connect to
|
||||
ports forwarded for the client. See
|
||||
{manpage}`sshd_config(5)`.
|
||||
'';
|
||||
};
|
||||
|
||||
ports = mkOption {
|
||||
type = types.listOf types.port;
|
||||
default = [22];
|
||||
|
@ -286,63 +274,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
kexAlgorithms = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"sntrup761x25519-sha512@openssh.com"
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
description = lib.mdDoc ''
|
||||
Allowed key exchange algorithms
|
||||
|
||||
Uses the lower bound recommended in both
|
||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||
and
|
||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||
'';
|
||||
};
|
||||
|
||||
ciphers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"chacha20-poly1305@openssh.com"
|
||||
"aes256-gcm@openssh.com"
|
||||
"aes128-gcm@openssh.com"
|
||||
"aes256-ctr"
|
||||
"aes192-ctr"
|
||||
"aes128-ctr"
|
||||
];
|
||||
description = lib.mdDoc ''
|
||||
Allowed ciphers
|
||||
|
||||
Defaults to recommended settings from both
|
||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||
and
|
||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||
'';
|
||||
};
|
||||
|
||||
macs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
"umac-128-etm@openssh.com"
|
||||
"hmac-sha2-512"
|
||||
"hmac-sha2-256"
|
||||
"umac-128@openssh.com"
|
||||
];
|
||||
description = lib.mdDoc ''
|
||||
Allowed MACs
|
||||
|
||||
Defaults to recommended settings from both
|
||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||
and
|
||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
settings = mkOption {
|
||||
|
@ -374,7 +305,13 @@ in
|
|||
~/.ssh/authorized_keys from and sshd_config Match Host directives.
|
||||
'';
|
||||
};
|
||||
|
||||
X11Forwarding = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Whether to allow X11 connections to be forwarded.
|
||||
'';
|
||||
};
|
||||
PasswordAuthentication = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
@ -396,6 +333,70 @@ in
|
|||
Specifies whether keyboard-interactive authentication is allowed.
|
||||
'';
|
||||
};
|
||||
GatewayPorts = mkOption {
|
||||
type = types.str;
|
||||
default = "no";
|
||||
description = lib.mdDoc ''
|
||||
Specifies whether remote hosts are allowed to connect to
|
||||
ports forwarded for the client. See
|
||||
{manpage}`sshd_config(5)`.
|
||||
'';
|
||||
};
|
||||
KexAlgorithms = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"sntrup761x25519-sha512@openssh.com"
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
description = lib.mdDoc ''
|
||||
Allowed key exchange algorithms
|
||||
|
||||
Uses the lower bound recommended in both
|
||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||
and
|
||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||
'';
|
||||
};
|
||||
Macs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
"umac-128-etm@openssh.com"
|
||||
"hmac-sha2-512"
|
||||
"hmac-sha2-256"
|
||||
"umac-128@openssh.com"
|
||||
];
|
||||
description = lib.mdDoc ''
|
||||
Allowed MACs
|
||||
|
||||
Defaults to recommended settings from both
|
||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||
and
|
||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||
'';
|
||||
};
|
||||
Ciphers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"chacha20-poly1305@openssh.com"
|
||||
"aes256-gcm@openssh.com"
|
||||
"aes128-gcm@openssh.com"
|
||||
"aes256-ctr"
|
||||
"aes192-ctr"
|
||||
"aes128-ctr"
|
||||
];
|
||||
description = lib.mdDoc ''
|
||||
Allowed ciphers
|
||||
|
||||
Defaults to recommended settings from both
|
||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||
and
|
||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
|
@ -555,17 +556,10 @@ in
|
|||
${optionalString cfgc.setXAuthLocation ''
|
||||
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
|
||||
''}
|
||||
|
||||
X11Forwarding ${if cfg.forwardX11 then "yes" else "no"}
|
||||
|
||||
${optionalString cfg.allowSFTP ''
|
||||
Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags}
|
||||
''}
|
||||
|
||||
GatewayPorts ${cfg.gatewayPorts}
|
||||
|
||||
PrintMotd no # handled by pam_motd
|
||||
|
||||
AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
|
||||
${optionalString (cfg.authorizedKeysCommand != "none") ''
|
||||
AuthorizedKeysCommand ${cfg.authorizedKeysCommand}
|
||||
|
@ -575,13 +569,9 @@ in
|
|||
${flip concatMapStrings cfg.hostKeys (k: ''
|
||||
HostKey ${k.path}
|
||||
'')}
|
||||
|
||||
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
|
||||
Ciphers ${concatStringsSep "," cfg.ciphers}
|
||||
MACs ${concatStringsSep "," cfg.macs}
|
||||
'';
|
||||
|
||||
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
|
||||
assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true;
|
||||
message = "cannot enable X11 forwarding without setting xauth location";}]
|
||||
++ forEach cfg.listenAddresses ({ addr, ... }: {
|
||||
assertion = addr != null;
|
||||
|
|
|
@ -115,7 +115,7 @@ in
|
|||
MEILI_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.listenPort}";
|
||||
MEILI_NO_ANALYTICS = toString cfg.noAnalytics;
|
||||
MEILI_ENV = cfg.environment;
|
||||
MEILI_DUMPS_DIR = "/var/lib/meilisearch/dumps";
|
||||
MEILI_DUMP_DIR = "/var/lib/meilisearch/dumps";
|
||||
MEILI_LOG_LEVEL = cfg.logLevel;
|
||||
MEILI_MAX_INDEX_SIZE = cfg.maxIndexSize;
|
||||
};
|
||||
|
|
|
@ -55,7 +55,7 @@ in
|
|||
options.services.kanidm = {
|
||||
enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client");
|
||||
enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
|
||||
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration.");
|
||||
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");
|
||||
|
||||
serverSettings = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
cfg = config.services.privacyidea;
|
||||
opt = options.services.privacyidea;
|
||||
|
||||
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python39; };
|
||||
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python310; };
|
||||
python = uwsgi.python3;
|
||||
penv = python.withPackages (const [ pkgs.privacyidea ]);
|
||||
logCfg = pkgs.writeText "privacyidea-log.cfg" ''
|
||||
|
@ -41,7 +41,7 @@ let
|
|||
|
||||
piCfgFile = pkgs.writeText "privacyidea.cfg" ''
|
||||
SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ]
|
||||
SQLALCHEMY_DATABASE_URI = 'postgresql:///privacyidea'
|
||||
SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2:///privacyidea'
|
||||
SECRET_KEY = '${cfg.secretKey}'
|
||||
PI_PEPPER = '${cfg.pepper}'
|
||||
PI_ENCFILE = '${cfg.encFile}'
|
||||
|
|
|
@ -68,7 +68,7 @@ let
|
|||
in
|
||||
{
|
||||
options.services.cloudlog = with types; {
|
||||
enable = mkEnableOption (mdDoc "Whether to enable Cloudlog.");
|
||||
enable = mkEnableOption (mdDoc "Whether to enable Cloudlog");
|
||||
dataDir = mkOption {
|
||||
type = str;
|
||||
default = "/var/lib/cloudlog";
|
||||
|
|
|
@ -148,7 +148,7 @@ let
|
|||
];
|
||||
|
||||
options = {
|
||||
enable = mkEnableOption (lib.mdDoc "DokuWiki web application.");
|
||||
enable = mkEnableOption (lib.mdDoc "DokuWiki web application");
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
|
|
|
@ -12,7 +12,7 @@ in
|
|||
{
|
||||
options = {
|
||||
services.galene = {
|
||||
enable = mkEnableOption (lib.mdDoc "Galene Service.");
|
||||
enable = mkEnableOption (lib.mdDoc "Galene Service");
|
||||
|
||||
stateDir = mkOption {
|
||||
default = defaultstateDir;
|
||||
|
|
|
@ -7,7 +7,7 @@ in {
|
|||
|
||||
enable = mkEnableOption (lib.mdDoc "hledger-web service");
|
||||
|
||||
serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI.");
|
||||
serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI");
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
|
|
|
@ -36,7 +36,7 @@ in
|
|||
description = lib.mdDoc "Location of Jirafeau storage directory.";
|
||||
};
|
||||
|
||||
enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application.");
|
||||
enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application");
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
|
|
|
@ -32,7 +32,7 @@ in
|
|||
# interface
|
||||
|
||||
options.services.limesurvey = {
|
||||
enable = mkEnableOption (lib.mdDoc "Limesurvey web application.");
|
||||
enable = mkEnableOption (lib.mdDoc "Limesurvey web application");
|
||||
|
||||
database = {
|
||||
type = mkOption {
|
||||
|
|
|
@ -35,7 +35,8 @@ let
|
|||
|
||||
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
|
||||
mkdir -p $out
|
||||
${cfg.package}/bin/caddy fmt ${Caddyfile}/Caddyfile > $out/Caddyfile
|
||||
cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
|
||||
caddy fmt --overwrite $out/Caddyfile
|
||||
'';
|
||||
in
|
||||
"${if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile}/Caddyfile";
|
||||
|
|
|
@ -203,7 +203,8 @@ let
|
|||
proxy_send_timeout ${cfg.proxyTimeout};
|
||||
proxy_read_timeout ${cfg.proxyTimeout};
|
||||
proxy_http_version 1.1;
|
||||
# don't let clients close the keep-alive connection to upstream
|
||||
# don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
|
||||
# https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
|
||||
proxy_set_header "Connection" "";
|
||||
include ${recommendedProxyConfig};
|
||||
''}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue