Project import generated by Copybara.

GitOrigin-RevId: 724bfc0892363087709bd3a5a1666296759154b1
This commit is contained in:
Default email 2023-02-09 12:40:11 +01:00
parent 33b385d2e7
commit 4bac34ead1
1558 changed files with 26172 additions and 20213 deletions
third_party/nixpkgs
.github/ISSUE_TEMPLATE
doc
lib
maintainers
nixos
doc/manual
lib
make-channel.nix
make-options-doc
test-driver/test_driver
maintainers/scripts/lxd
modules

View file

@ -26,6 +26,7 @@ If applicable, add screenshots to help explain your problem.
Add any other context about the problem here. Add any other context about the problem here.
### Notify maintainers ### Notify maintainers
<!-- <!--
Please @ people who are in the `meta.maintainers` list of the offending package or module. Please @ people who are in the `meta.maintainers` list of the offending package or module.
If in doubt, check `git blame` for whoever last touched something. If in doubt, check `git blame` for whoever last touched something.

View file

@ -1,31 +1,36 @@
--- ---
name: Build failure name: Build failure
about: Create a report to help us improve about: Create a report to help us improve
title: '' title: 'Build failure: PACKAGENAME'
labels: '0.kind: build failure' labels: '0.kind: build failure'
assignees: '' assignees: ''
--- ---
### Steps To Reproduce ### Steps To Reproduce
Steps to reproduce the behavior: Steps to reproduce the behavior:
1. build *X* 1. build *X*
### Build log ### Build log
``` ```
log here if short otherwise a link to a gist log here if short otherwise a link to a gist
``` ```
### Additional context ### Additional context
Add any other context about the problem here. Add any other context about the problem here.
### Notify maintainers ### Notify maintainers
<!-- <!--
Please @ people who are in the `meta.maintainers` list of the offending package or module. Please @ people who are in the `meta.maintainers` list of the offending package or module.
If in doubt, check `git blame` for whoever last touched something. If in doubt, check `git blame` for whoever last touched something.
--> -->
### Metadata ### Metadata
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result. Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
```console ```console

View file

@ -1,7 +1,7 @@
--- ---
name: Missing or incorrect documentation name: Missing or incorrect documentation
about: Help us improve the Nixpkgs and NixOS reference manuals about: Help us improve the Nixpkgs and NixOS reference manuals
title: '' title: 'Documentation: '
labels: '9.needs: documentation' labels: '9.needs: documentation'
assignees: '' assignees: ''
@ -11,6 +11,10 @@ assignees: ''
<!-- describe your problem --> <!-- describe your problem -->
## Proposal
<!-- propose a solution (optional) -->
## Checklist ## Checklist
<!-- make sure this issue is not redundant or obsolete --> <!-- make sure this issue is not redundant or obsolete -->
@ -26,7 +30,3 @@ assignees: ''
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22 [open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22 [open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
## Proposal
<!-- propose a solution -->

View file

@ -1,24 +1,17 @@
--- ---
name: Out-of-date package reports name: Out-of-date package reports
about: For packages that are out-of-date about: For packages that are out-of-date
title: '' title: 'Update request: PACKAGENAME OLDVERSION → NEWVERSION'
labels: '9.needs: package (update)' labels: '9.needs: package (update)'
assignees: '' assignees: ''
--- ---
- Package name:
###### Checklist - Latest released version:
<!-- Search your package here: https://search.nixos.org/packages?channel=unstable -->
<!-- Note that these are hard requirements --> - Current version on the unstable channel:
- Current version on the stable/release channel:
<!--
You can use the "Go to file" functionality on GitHub to find the package
Then you can go to the history for this package
Find the latest "package_name: old_version -> new_version" commit
The "new_version" is the current version of the package
-->
- [ ] Checked the [nixpkgs master branch](https://github.com/NixOS/nixpkgs)
<!-- <!--
Type the name of your package and try to find an open pull request for the package Type the name of your package and try to find an open pull request for the package
If you find an open pull request, you can review it! If you find an open pull request, you can review it!
@ -26,23 +19,10 @@ There's a high chance that you'll have the new version right away while helping
--> -->
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls) - [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
###### Project name **Notify maintainers**
`nix search` name:
<!--
The current version can be found easily with the same process as above for checking the master branch
If an open PR is present for the package, take this version as the current one and link to the PR
-->
current version:
desired version:
###### Notify maintainers <!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
<!--
Search your package here: https://search.nixos.org/packages?channel=unstable
If no maintainer is listed for your package, tag the person that last updated the package
-->
maintainers: -----
###### Note for maintainers Note for maintainers: Please tag this issue in your PR.
Please tag this issue in your PR.

View file

@ -1,14 +1,15 @@
--- ---
name: Packaging requests name: Packaging requests
about: For packages that are missing about: For packages that are missing
title: '' title: 'Package request: PACKAGENAME'
labels: '0.kind: packaging request' labels: '0.kind: packaging request'
assignees: '' assignees: ''
--- ---
**Project description** **Project description**
_describe the project a little_
<!-- Describe the project a little: -->
**Metadata** **Metadata**

View file

@ -163,3 +163,30 @@ or "hg"), `domain` and `fetchSubmodules`.
If `fetchSubmodules` is `true`, `fetchFromSourcehut` uses `fetchgit` If `fetchSubmodules` is `true`, `fetchFromSourcehut` uses `fetchgit`
or `fetchhg` with `fetchSubmodules` or `fetchSubrepos` set to `true`, or `fetchhg` with `fetchSubmodules` or `fetchSubrepos` set to `true`,
respectively. Otherwise, the fetcher uses `fetchzip`. respectively. Otherwise, the fetcher uses `fetchzip`.
## `requireFile` {#requirefile}
`requireFile` allows requesting files that cannot be fetched automatically, but whose content is known.
This is a useful last-resort workaround for license restrictions that prohibit redistribution, or for downloads that are only accessible after authenticating interactively in a browser.
If the requested file is present in the Nix store, the resulting derivation will not be built, because its expected output is already available.
Otherwise, the builder will run, but fail with a message explaining to the user how to provide the file. The following code, for example:
```
requireFile {
name = "jdk-${version}_linux-x64_bin.tar.gz";
url = "https://www.oracle.com/java/technologies/javase-jdk11-downloads.html";
sha256 = "94bd34f85ee38d3ef59e5289ec7450b9443b924c55625661fffe66b03f2c8de2";
}
```
results in this error message:
```
***
Unfortunately, we cannot download file jdk-11.0.10_linux-x64_bin.tar.gz automatically.
Please go to https://www.oracle.com/java/technologies/javase-jdk11-downloads.html to download it yourself, and add it to the Nix store
using either
nix-store --add-fixed sha256 jdk-11.0.10_linux-x64_bin.tar.gz
or
nix-prefetch-url --type sha256 file:///path/to/jdk-11.0.10_linux-x64_bin.tar.gz
***
```

View file

@ -204,13 +204,13 @@ The key words _must_, _must not_, _required_, _shall_, _shall not_, _should_, _s
In Nixpkgs, there are generally three different names associated with a package: In Nixpkgs, there are generally three different names associated with a package:
- The `name` attribute of the derivation (excluding the version part). This is what most users see, in particular when using `nix-env`. - The `pname` attribute of the derivation. This is what most users see, in particular when using `nix-env`.
- The variable name used for the instantiated package in `all-packages.nix`, and when passing it as a dependency to other functions. Typically this is called the _package attribute name_. This is what Nix expression authors see. It can also be used when installing using `nix-env -iA`. - The variable name used for the instantiated package in `all-packages.nix`, and when passing it as a dependency to other functions. Typically this is called the _package attribute name_. This is what Nix expression authors see. It can also be used when installing using `nix-env -iA`.
- The filename for (the directory containing) the Nix expression. - The filename for (the directory containing) the Nix expression.
Most of the time, these are the same. For instance, the package `e2fsprogs` has a `name` attribute `"e2fsprogs-version"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`. Most of the time, these are the same. For instance, the package `e2fsprogs` has a `pname` attribute `"e2fsprogs"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`.
There are a few naming guidelines: There are a few naming guidelines:

View file

@ -1,6 +1,5 @@
{ pkgs ? (import ./.. { }), nixpkgs ? { }}: { pkgs ? (import ./.. { }), nixpkgs ? { }}:
let let
lib = pkgs.lib;
doc-support = import ./doc-support { inherit pkgs nixpkgs; }; doc-support = import ./doc-support { inherit pkgs nixpkgs; };
in pkgs.stdenv.mkDerivation { in pkgs.stdenv.mkDerivation {
name = "nixpkgs-manual"; name = "nixpkgs-manual";
@ -15,7 +14,7 @@ in pkgs.stdenv.mkDerivation {
xmlformat xmlformat
]; ];
src = lib.cleanSource ./.; src = pkgs.nix-gitignore.gitignoreSource [] ./.;
postPatch = '' postPatch = ''
ln -s ${doc-support} ./doc-support/result ln -s ${doc-support} ./doc-support/result

View file

@ -195,7 +195,7 @@ maintenance work for `haskellPackages` is required. Besides that, it is not
possible to get the dependencies of a legacy project from nixpkgs or to use a possible to get the dependencies of a legacy project from nixpkgs or to use a
specific stack solver for compiling a project. specific stack solver for compiling a project.
Even though we couldnt use them directly in nixpkgs, it would be desirable Even though we couldnt use them directly in nixpkgs, it would be desirable
to have tooling to generate working Nix package sets from build plans generated to have tooling to generate working Nix package sets from build plans generated
by `cabal-install` or a specific Stackage snapshot via import-from-derivation. by `cabal-install` or a specific Stackage snapshot via import-from-derivation.
Sadly we currently dont have tooling for this. For this you might be Sadly we currently dont have tooling for this. For this you might be
@ -538,7 +538,7 @@ via [`shellFor`](#haskell-shellFor).
When using `cabal-install` for dependency resolution you need to be a bit When using `cabal-install` for dependency resolution you need to be a bit
careful to achieve build purity. `cabal-install` will find and use all careful to achieve build purity. `cabal-install` will find and use all
dependencies installed from the packages `env` via Nix, but it will also dependencies installed from the packages `env` via Nix, but it will also
consult Hackage to potentially download and compile dependencies if it cant consult Hackage to potentially download and compile dependencies if it cant
find a valid build plan locally. To prevent this you can either never run find a valid build plan locally. To prevent this you can either never run
`cabal update`, remove the cabal database from your `~/.cabal` folder or run `cabal update`, remove the cabal database from your `~/.cabal` folder or run
`cabal` with `--offline`. Note though, that for some usecases `cabal2nix` needs `cabal` with `--offline`. Note though, that for some usecases `cabal2nix` needs

View file

@ -38,6 +38,7 @@
<xi:include href="r.section.xml" /> <xi:include href="r.section.xml" />
<xi:include href="ruby.section.xml" /> <xi:include href="ruby.section.xml" />
<xi:include href="rust.section.xml" /> <xi:include href="rust.section.xml" />
<xi:include href="swift.section.xml" />
<xi:include href="texlive.section.xml" /> <xi:include href="texlive.section.xml" />
<xi:include href="titanium.section.xml" /> <xi:include href="titanium.section.xml" />
<xi:include href="vim.section.xml" /> <xi:include href="vim.section.xml" />

View file

@ -4,6 +4,48 @@
Nixpkgs provides a couple of facilities for working with this tool. Nixpkgs provides a couple of facilities for working with this tool.
- A [setup hook](#setup-hook-pkg-config) bundled with in the `pkg-config` package, to bring a derivation's declared build inputs into the environment. ## Writing packages providing pkg-config modules
- The [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), for packages that provide pkg-config modules.
- The `defaultPkgConfigPackages` package set: a set of aliases, named after the modules they provide. This is meant to be used by language-to-nix integrations. Hand-written packages should use the normal Nixpkgs attribute name instead. Packages should set `meta.pkgConfigProvides` with the list of package config modules they provide.
They should also use `testers.testMetaPkgConfig` to check that the final built package matches that list.
Additionally, the [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), will do extra checks on to-be-installed pkg-config modules.
A good example of all these things is zlib:
```
{ pkg-config, testers, ... }:
stdenv.mkDerivation (finalAttrs: {
...
nativeBuildInputs = [ pkg-config validatePkgConfig ];
passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
meta = {
...
pkgConfigModules = [ "zlib" ];
};
})
```
## Accessing packages via pkg-config module name
### Within Nixpkgs
A [setup hook](#setup-hook-pkg-config) is bundled in the `pkg-config` package to bring a derivation's declared build inputs into the environment.
This will populate environment variables like `PKG_CONFIG_PATH`, `PKG_CONFIG_PATH_FOR_BUILD`, and `PKG_CONFIG_PATH_HOST` based on:
- how `pkg-config` itself is depended upon
- how other dependencies are depended upon
For more details see the section on [specifying dependencies in general](#ssec-stdenv-dependencies).
Normal pkg-config commands to look up dependencies by name will then work with those environment variables defined by the hook.
### Externally
The `defaultPkgConfigPackages` package set is a set of aliases, named after the modules they provide.
This is meant to be used by language-to-nix integrations.
Hand-written packages should use the normal Nixpkgs attribute name instead.

View file

@ -0,0 +1,176 @@
# Swift {#swift}
The Swift compiler is provided by the `swift` package:
```sh
# Compile and link a simple executable.
nix-shell -p swift --run 'swiftc -' <<< 'print("Hello world!")'
# Run it!
./main
```
The `swift` package also provides the `swift` command, with some caveats:
- Swift Package Manager (SwiftPM) is packaged separately as `swiftpm`. If you
need functionality like `swift build`, `swift run`, `swift test`, you must
also add the `swiftpm` package to your closure.
- On Darwin, the `swift repl` command requires an Xcode installation. This is
because it uses the system LLDB debugserver, which has special entitlements.
## Module search paths {#ssec-swift-module-search-paths}
Like other toolchains in Nixpkgs, the Swift compiler executables are wrapped
to help Swift find your application's dependencies in the Nix store. These
wrappers scan the `buildInputs` of your package derivation for specific
directories where Swift modules are placed by convention, and automatically
add those directories to the Swift compiler search paths.
Swift follows different conventions depending on the platform. The wrappers
look for the following directories:
- On Darwin platforms: `lib/swift/macosx`
(If not targeting macOS, replace `macosx` with the Xcode platform name.)
- On other platforms: `lib/swift/linux/x86_64`
(Where `linux` and `x86_64` are from lowercase `uname -sm`.)
- For convenience, Nixpkgs also adds simply `lib/swift` to the search path.
This can save a bit of work packaging Swift modules, because many Nix builds
will produce output for just one target any way.
## Core libraries {#ssec-swift-core-libraries}
In addition to the standard library, the Swift toolchain contains some
additional 'core libraries' that, on Apple platforms, are normally distributed
as part of the OS or Xcode. These are packaged separately in Nixpkgs, and can
be found (for use in `buildInputs`) as:
- `swiftPackages.Dispatch`
- `swiftPackages.Foundation`
- `swiftPackages.XCTest`
## Packaging with SwiftPM {#ssec-swift-packaging-with-swiftpm}
Nixpkgs includes a small helper `swiftpm2nix` that can fetch your SwiftPM
dependencies for you, when you need to write a Nix expression to package your
application.
The first step is to run the generator:
```sh
cd /path/to/my/project
# Enter a Nix shell with the required tools.
nix-shell -p swift swiftpm swiftpm2nix
# First, make sure the workspace is up-to-date.
swift package resolve
# Now generate the Nix code.
swiftpm2nix
```
This produces some files in a directory `nix`, which will be part of your Nix
expression. The next step is to write that expression:
```nix
{ stdenv, swift, swiftpm, swiftpm2nix, fetchFromGitHub }:
let
# Pass the generated files to the helper.
generated = swiftpm2nix.helpers ./nix;
in
stdenv.mkDerivation rec {
pname = "myproject";
version = "0.0.0";
src = fetchFromGitHub {
owner = "nixos";
repo = pname;
rev = version;
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
};
# Including SwiftPM as a nativeBuildInput provides a buildPhase for you.
# This by default performs a release build using SwiftPM, essentially:
# swift build -c release
nativeBuildInputs = [ swift swiftpm ];
# The helper provides a configure snippet that will prepare all dependencies
# in the correct place, where SwiftPM expects them.
configurePhase = generated.configure;
installPhase = ''
# This is a special function that invokes swiftpm to find the location
# of the binaries it produced.
binPath="$(swiftpmBinPath)"
# Now perform any installation steps.
mkdir -p $out/bin
cp $binPath/myproject $out/bin/
'';
}
```
### Custom build flags {#ssec-swiftpm-custom-build-flags}
If you'd like to build a different configuration than `release`:
```nix
swiftpmBuildConfig = "debug";
```
It is also possible to provide additional flags to `swift build`:
```nix
swiftpmFlags = [ "--disable-dead-strip" ];
```
The default `buildPhase` already passes `-j` for parallel building.
If these two customization options are insufficient, simply provide your own
`buildPhase` that invokes `swift build`.
### Running tests {#ssec-swiftpm-running-tests}
Including `swiftpm` in your `nativeBuildInputs` also provides a default
`checkPhase`, but it must be enabled with:
```nix
doCheck = true;
```
This essentially runs: `swift test -c release`
### Patching dependencies {#ssec-swiftpm-patching-dependencies}
In some cases, it may be necessary to patch a SwiftPM dependency. SwiftPM
dependencies are located in `.build/checkouts`, but the `swiftpm2nix` helper
provides these as symlinks to read-only `/nix/store` paths. In order to patch
them, we need to make them writable.
A special function `swiftpmMakeMutable` is available to replace the symlink
with a writable copy:
```
configurePhase = generated.configure ++ ''
# Replace the dependency symlink with a writable copy.
swiftpmMakeMutable swift-crypto
# Now apply a patch.
patch -p1 -d .build/checkouts/swift-crypto -i ${./some-fix.patch}
'';
```
## Considerations for custom build tools {#ssec-swift-considerations-for-custom-build-tools}
### Linking the standard library {#ssec-swift-linking-the-standard-library}
The `swift` package has a separate `lib` output containing just the Swift
standard library, to prevent Swift applications needing a dependency on the
full Swift compiler at run-time. Linking with the Nixpkgs Swift toolchain
already ensures binaries correctly reference the `lib` output.
Sometimes, Swift is used only to compile part of a mixed codebase, and the
link step is manual. Custom build tools often locate the standard library
relative to the `swift` compiler executable, and while the result will work,
when this path ends up in the binary, it will have the Swift compiler as an
unintended dependency.
In this case, you should investigate how your build process discovers the
standard library, and override the path. The correct path will be something
like: `"${swift.swift.lib}/${swift.swiftModuleSubdir}"`

View file

@ -626,7 +626,7 @@ Before and after running `make`, the hooks `preBuild` and `postBuild` are called
### The check phase {#ssec-check-phase} ### The check phase {#ssec-check-phase}
The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make $checkTarget`, but only if the `doCheck` variable is enabled (see below). The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make $checkTarget`, but only if the [`doCheck` variable](#var-stdenv-doCheck) is enabled.
#### Variables controlling the check phase {#variables-controlling-the-check-phase} #### Variables controlling the check phase {#variables-controlling-the-check-phase}
@ -646,7 +646,8 @@ See the [build phase](#var-stdenv-makeFlags) for details.
##### `checkTarget` {#var-stdenv-checkTarget} ##### `checkTarget` {#var-stdenv-checkTarget}
The make target that runs the tests. Defaults to `check` if it exists, otherwise `test`; if neither is found, do nothing. The `make` target that runs the tests.
If unset, use `check` if it exists, otherwise `test`; if neither is found, do nothing.
##### `checkFlags` / `checkFlagsArray` {#var-stdenv-checkFlags} ##### `checkFlags` / `checkFlagsArray` {#var-stdenv-checkFlags}

View file

@ -88,7 +88,7 @@ let
updateManyAttrsByPath; updateManyAttrsByPath;
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1 inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count concatMap flatten remove findSingle findFirst any all count
optional optionals toList range partition zipListsWith zipLists optional optionals toList range replicate partition zipListsWith zipLists
reverseList listDfs toposort sort naturalSort compareLists take reverseList listDfs toposort sort naturalSort compareLists take
drop sublist last init crossLists unique intersectLists drop sublist last init crossLists unique intersectLists
subtractLists mutuallyExclusive groupBy groupBy'; subtractLists mutuallyExclusive groupBy groupBy';

View file

@ -114,6 +114,16 @@ in mkLicense lset) ({
fullName = "Bitstream Vera Font License"; fullName = "Bitstream Vera Font License";
}; };
bitTorrent10 = {
spdxId = "BitTorrent-1.0";
fullName = " BitTorrent Open Source License v1.0";
};
bitTorrent11 = {
spdxId = "BitTorrent-1.1";
fullName = " BitTorrent Open Source License v1.1";
};
bola11 = { bola11 = {
url = "https://blitiri.com.ar/p/bola/"; url = "https://blitiri.com.ar/p/bola/";
fullName = "Buena Onda License Agreement 1.1"; fullName = "Buena Onda License Agreement 1.1";
@ -333,6 +343,13 @@ in mkLicense lset) ({
free = false; free = false;
}; };
ecl20 = {
fullName = "Educational Community License, Version 2.0";
url = "https://opensource.org/licenses/ECL-2.0";
shortName = "ECL 2.0";
spdxId = "ECL-2.0";
};
efl10 = { efl10 = {
spdxId = "EFL-1.0"; spdxId = "EFL-1.0";
fullName = "Eiffel Forum License v1.0"; fullName = "Eiffel Forum License v1.0";

View file

@ -303,6 +303,18 @@ rec {
else else
genList (n: first + n) (last - first + 1); genList (n: first + n) (last - first + 1);
/* Return a list with `n` copies of an element.
Type: replicate :: int -> a -> [a]
Example:
replicate 3 "a"
=> [ "a" "a" "a" ]
replicate 2 true
=> [ true true ]
*/
replicate = n: elem: genList (_: elem) n;
/* Splits the elements of a list in two lists, `right` and /* Splits the elements of a list in two lists, `right` and
`wrong`, depending on the evaluation of a predicate. `wrong`, depending on the evaluation of a predicate.

View file

@ -4,6 +4,7 @@ let
inherit (builtins) inherit (builtins)
isString isString
isPath
split split
match match
; ;
@ -25,6 +26,10 @@ let
assertMsg assertMsg
; ;
inherit (lib.path.subpath)
isValid
;
# Return the reason why a subpath is invalid, or `null` if it's valid # Return the reason why a subpath is invalid, or `null` if it's valid
subpathInvalidReason = value: subpathInvalidReason = value:
if ! isString value then if ! isString value then
@ -94,6 +99,52 @@ let
in /* No rec! Add dependencies on this file at the top. */ { in /* No rec! Add dependencies on this file at the top. */ {
/* Append a subpath string to a path.
Like `path + ("/" + string)` but safer, because it errors instead of returning potentially surprising results.
More specifically, it checks that the first argument is a [path value type](https://nixos.org/manual/nix/stable/language/values.html#type-path"),
and that the second argument is a valid subpath string (see `lib.path.subpath.isValid`).
Type:
append :: Path -> String -> Path
Example:
append /foo "bar/baz"
=> /foo/bar/baz
# subpaths don't need to be normalised
append /foo "./bar//baz/./"
=> /foo/bar/baz
# can append to root directory
append /. "foo/bar"
=> /foo/bar
# first argument needs to be a path value type
append "/foo" "bar"
=> <error>
# second argument needs to be a valid subpath string
append /foo /bar
=> <error>
append /foo ""
=> <error>
append /foo "/bar"
=> <error>
append /foo "../bar"
=> <error>
*/
append =
# The absolute path to append to
path:
# The subpath string to append
subpath:
assert assertMsg (isPath path) ''
lib.path.append: The first argument is of type ${builtins.typeOf path}, but a path was expected'';
assert assertMsg (isValid subpath) ''
lib.path.append: Second argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
path + ("/" + subpath);
/* Whether a value is a valid subpath string. /* Whether a value is a valid subpath string.
@ -133,7 +184,9 @@ in /* No rec! Add dependencies on this file at the top. */ {
subpath.isValid "./foo//bar/" subpath.isValid "./foo//bar/"
=> true => true
*/ */
subpath.isValid = value: subpath.isValid =
# The value to check
value:
subpathInvalidReason value == null; subpathInvalidReason value == null;
@ -150,11 +203,11 @@ in /* No rec! Add dependencies on this file at the top. */ {
Laws: Laws:
- (Idempotency) Normalising multiple times gives the same result: - Idempotency - normalising multiple times gives the same result:
subpath.normalise (subpath.normalise p) == subpath.normalise p subpath.normalise (subpath.normalise p) == subpath.normalise p
- (Uniqueness) There's only a single normalisation for the paths that lead to the same file system node: - Uniqueness - there's only a single normalisation for the paths that lead to the same file system node:
subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q}) subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q})
@ -210,9 +263,12 @@ in /* No rec! Add dependencies on this file at the top. */ {
subpath.normalise "/foo" subpath.normalise "/foo"
=> <error> => <error>
*/ */
subpath.normalise = path: subpath.normalise =
assert assertMsg (subpathInvalidReason path == null) # The subpath string to normalise
"lib.path.subpath.normalise: Argument is not a valid subpath string: ${subpathInvalidReason path}"; subpath:
joinRelPath (splitRelPath path); assert assertMsg (isValid subpath) ''
lib.path.subpath.normalise: Argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
joinRelPath (splitRelPath subpath);
} }

View file

@ -3,9 +3,44 @@
{ libpath }: { libpath }:
let let
lib = import libpath; lib = import libpath;
inherit (lib.path) subpath; inherit (lib.path) append subpath;
cases = lib.runTests { cases = lib.runTests {
# Test examples from the lib.path.append documentation
testAppendExample1 = {
expr = append /foo "bar/baz";
expected = /foo/bar/baz;
};
testAppendExample2 = {
expr = append /foo "./bar//baz/./";
expected = /foo/bar/baz;
};
testAppendExample3 = {
expr = append /. "foo/bar";
expected = /foo/bar;
};
testAppendExample4 = {
expr = (builtins.tryEval (append "/foo" "bar")).success;
expected = false;
};
testAppendExample5 = {
expr = (builtins.tryEval (append /foo /bar)).success;
expected = false;
};
testAppendExample6 = {
expr = (builtins.tryEval (append /foo "")).success;
expected = false;
};
testAppendExample7 = {
expr = (builtins.tryEval (append /foo "/bar")).success;
expected = false;
};
testAppendExample8 = {
expr = (builtins.tryEval (append /foo "../bar")).success;
expected = false;
};
# Test examples from the lib.path.subpath.isValid documentation
testSubpathIsValidExample1 = { testSubpathIsValidExample1 = {
expr = subpath.isValid null; expr = subpath.isValid null;
expected = false; expected = false;
@ -30,6 +65,7 @@ let
expr = subpath.isValid "./foo//bar/"; expr = subpath.isValid "./foo//bar/";
expected = true; expected = true;
}; };
# Some extra tests
testSubpathIsValidTwoDotsEnd = { testSubpathIsValidTwoDotsEnd = {
expr = subpath.isValid "foo/.."; expr = subpath.isValid "foo/..";
expected = false; expected = false;
@ -71,6 +107,7 @@ let
expected = true; expected = true;
}; };
# Test examples from the lib.path.subpath.normalise documentation
testSubpathNormaliseExample1 = { testSubpathNormaliseExample1 = {
expr = subpath.normalise "foo//bar"; expr = subpath.normalise "foo//bar";
expected = "./foo/bar"; expected = "./foo/bar";
@ -107,6 +144,7 @@ let
expr = (builtins.tryEval (subpath.normalise "/foo")).success; expr = (builtins.tryEval (subpath.normalise "/foo")).success;
expected = false; expected = false;
}; };
# Some extra tests
testSubpathNormaliseIsValidDots = { testSubpathNormaliseIsValidDots = {
expr = subpath.normalise "./foo/.bar/.../baz...qux"; expr = subpath.normalise "./foo/.bar/.../baz...qux";
expected = "./foo/.bar/.../baz...qux"; expected = "./foo/.bar/.../baz...qux";

View file

@ -479,6 +479,11 @@ runTests {
expected = [2 30 40 42]; expected = [2 30 40 42];
}; };
testReplicate = {
expr = replicate 3 "a";
expected = ["a" "a" "a"];
};
testToIntShouldConvertStringToInt = { testToIntShouldConvertStringToInt = {
expr = toInt "27"; expr = toInt "27";
expected = 27; expected = 27;

View file

@ -693,6 +693,15 @@
fingerprint = "7FDB 17B3 C29B 5BA6 E5A9 8BB2 9FAA 63E0 9750 6D9D"; fingerprint = "7FDB 17B3 C29B 5BA6 E5A9 8BB2 9FAA 63E0 9750 6D9D";
}]; }];
}; };
Alper-Celik = {
email = "dev.alpercelik@gmail.com";
name = "Alper Çelik";
github = "Alper-Celik";
githubId = 110625473;
keys = [{
fingerprint = "6B69 19DD CEE0 FAF3 5C9F 2984 FA90 C0AB 738A B873";
}];
};
almac = { almac = {
email = "alma.cemerlic@gmail.com"; email = "alma.cemerlic@gmail.com";
github = "a1mac"; github = "a1mac";
@ -2325,6 +2334,12 @@
githubId = 3212452; githubId = 3212452;
name = "Cameron Nemo"; name = "Cameron Nemo";
}; };
camillemndn = {
email = "camillemondon@free.fr";
github = "camillemndn";
githubId = 26444818;
name = "Camille M.";
};
campadrenalin = { campadrenalin = {
email = "campadrenalin@gmail.com"; email = "campadrenalin@gmail.com";
github = "campadrenalin"; github = "campadrenalin";
@ -5105,6 +5120,12 @@
githubId = 36706276; githubId = 36706276;
name = "Fufezan Mihai"; name = "Fufezan Mihai";
}; };
fugi = {
email = "me@fugi.dev";
github = "FugiMuffi";
githubId = 21362942;
name = "Fugi";
};
fusion809 = { fusion809 = {
email = "brentonhorne77@gmail.com"; email = "brentonhorne77@gmail.com";
github = "fusion809"; github = "fusion809";
@ -5242,6 +5263,15 @@
githubId = 313929; githubId = 313929;
name = "Gabriel Ebner"; name = "Gabriel Ebner";
}; };
genericnerdyusername = {
name = "GenericNerdyUsername";
email = "genericnerdyusername@proton.me";
github = "GenericNerdyUsername";
githubId = 111183546;
keys = [{
fingerprint = "58CE D4BE 6B10 149E DA80 A990 2F48 6356 A4CB 30F3";
}];
};
genofire = { genofire = {
name = "genofire"; name = "genofire";
email = "geno+dev@fireorbit.de"; email = "geno+dev@fireorbit.de";
@ -6050,6 +6080,12 @@
githubId = 1592375; githubId = 1592375;
name = "Walter Huf"; name = "Walter Huf";
}; };
hughobrien = {
email = "github@hughobrien.ie";
github = "hughobrien";
githubId = 3400690;
name = "Hugh O'Brien";
};
hugolgst = { hugolgst = {
email = "hugo.lageneste@pm.me"; email = "hugo.lageneste@pm.me";
github = "hugolgst"; github = "hugolgst";
@ -6626,6 +6662,12 @@
github = "jayeshbhoot"; github = "jayeshbhoot";
githubId = 1915507; githubId = 1915507;
}; };
jayman2000 = {
email = "jason@jasonyundt.email";
github = "Jayman2000";
githubId = 5579359;
name = "Jason Yundt";
};
jb55 = { jb55 = {
email = "jb55@jb55.com"; email = "jb55@jb55.com";
github = "jb55"; github = "jb55";
@ -7003,6 +7045,12 @@
githubId = 2308444; githubId = 2308444;
name = "Joshua Gilman"; name = "Joshua Gilman";
}; };
jnsgruk = {
email = "jon@sgrs.uk";
github = "jnsgruk";
githubId = 668505;
name = "Jon Seager";
};
jo1gi = { jo1gi = {
email = "joakimholm@protonmail.com"; email = "joakimholm@protonmail.com";
github = "jo1gi"; github = "jo1gi";
@ -8906,8 +8954,8 @@
githubId = 2914269; githubId = 2914269;
name = "Malo Bourgon"; name = "Malo Bourgon";
}; };
malvo = { malte-v = {
email = "malte@malvo.org"; email = "nixpkgs@mal.tc";
github = "malte-v"; github = "malte-v";
githubId = 34393802; githubId = 34393802;
name = "Malte Voos"; name = "Malte Voos";
@ -9975,6 +10023,12 @@
githubId = 3073833; githubId = 3073833;
name = "Massimo Redaelli"; name = "Massimo Redaelli";
}; };
mrityunjaygr8 = {
email = "mrityunjaysaxena1996@gmail.com";
github = "mrityunjaygr8";
name = "Mrityunjay Saxena";
githubId = 14573967;
};
mrkkrp = { mrkkrp = {
email = "markkarpov92@gmail.com"; email = "markkarpov92@gmail.com";
github = "mrkkrp"; github = "mrkkrp";
@ -12874,6 +12928,12 @@
githubId = 6022042; githubId = 6022042;
name = "Sam Parkinson"; name = "Sam Parkinson";
}; };
samhug = {
email = "s@m-h.ug";
github = "samhug";
githubId = 171470;
name = "Sam Hug";
};
samlich = { samlich = {
email = "nixos@samli.ch"; email = "nixos@samli.ch";
github = "samlich"; github = "samlich";
@ -13092,7 +13152,7 @@
github = "Scrumplex"; github = "Scrumplex";
githubId = 11587657; githubId = 11587657;
keys = [{ keys = [{
fingerprint = "AF1F B107 E188 CB97 9A94 FD7F C104 1129 4912 A422"; fingerprint = "E173 237A C782 296D 98F5 ADAC E13D FD4B 4712 7951";
}]; }];
}; };
scubed2 = { scubed2 = {
@ -13210,6 +13270,12 @@
githubId = 38824235; githubId = 38824235;
name = "Serge Belov"; name = "Serge Belov";
}; };
serge_sans_paille = {
email = "serge.guelton@telecom-bretagne.eu";
github = "serge-sans-paille";
githubId = 863807;
name = "Serge Guelton";
};
sersorrel = { sersorrel = {
email = "ash@sorrel.sh"; email = "ash@sorrel.sh";
github = "sersorrel"; github = "sersorrel";
@ -13302,6 +13368,12 @@
githubId = 16765155; githubId = 16765155;
name = "Shardul Baral"; name = "Shardul Baral";
}; };
sharzy = {
email = "me@sharzy.in";
github = "SharzyL";
githubId = 46294732;
name = "Sharzy";
};
shawndellysse = { shawndellysse = {
email = "sdellysse@gmail.com"; email = "sdellysse@gmail.com";
github = "sdellysse"; github = "sdellysse";
@ -13627,6 +13699,12 @@
githubId = 57048005; githubId = 57048005;
name = "snicket2100"; name = "snicket2100";
}; };
sno2wman = {
name = "SnO2WMaN";
email = "me@sno2wman.net";
github = "sno2wman";
githubId = 15155608;
};
snpschaaf = { snpschaaf = {
email = "philipe.schaaf@secunet.com"; email = "philipe.schaaf@secunet.com";
name = "Philippe Schaaf"; name = "Philippe Schaaf";
@ -13840,6 +13918,12 @@
githubId = 1699155; githubId = 1699155;
name = "Steve Elliott"; name = "Steve Elliott";
}; };
stefanfehrenbach = {
email = "stefan.fehrenbach@gmail.com";
github = "fehrenbach";
githubId = 203168;
name = "Stefan Fehrenbach";
};
stehessel = { stehessel = {
email = "stephan@stehessel.de"; email = "stephan@stehessel.de";
github = "stehessel"; github = "stehessel";
@ -15240,6 +15324,12 @@
githubId = 27813; githubId = 27813;
name = "Vincent Breitmoser"; name = "Vincent Breitmoser";
}; };
vamega = {
email = "github@madiathv.com";
github = "vamega";
githubId = 223408;
name = "Varun Madiath";
};
vandenoever = { vandenoever = {
email = "jos@vandenoever.info"; email = "jos@vandenoever.info";
github = "vandenoever"; github = "vandenoever";

View file

@ -54,4 +54,4 @@ run this command to do the same thing.
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true $ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
``` ```
A log-out and re-log will be needed for this to take effect. It is necessary to log out and log in again for this to take effect.

View file

@ -21,6 +21,8 @@ let
withManOptDedupPatch = true; withManOptDedupPatch = true;
}; };
manpageUrls = pkgs.path + "/doc/manpage-urls.json";
# We need to strip references to /nix/store/* from options, # We need to strip references to /nix/store/* from options,
# including any `extraSources` if some modules came from elsewhere, # including any `extraSources` if some modules came from elsewhere,
# or else the build will fail. # or else the build will fail.
@ -48,7 +50,7 @@ let
}; };
in buildPackages.nixosOptionsDoc { in buildPackages.nixosOptionsDoc {
inherit (eval) options; inherit (eval) options;
inherit (revision); inherit revision;
transformOptions = opt: opt // { transformOptions = opt: opt // {
# Clean up declaration sites to not refer to the NixOS source tree. # Clean up declaration sites to not refer to the NixOS source tree.
declarations = declarations =
@ -72,7 +74,7 @@ let
nativeBuildInputs = [ pkgs.nixos-render-docs ]; nativeBuildInputs = [ pkgs.nixos-render-docs ];
} '' } ''
nixos-render-docs manual docbook \ nixos-render-docs manual docbook \
--manpage-urls ${pkgs.path + "/doc/manpage-urls.json"} \ --manpage-urls ${manpageUrls} \
"$out" \ "$out" \
--section \ --section \
--section-id modules \ --section-id modules \
@ -254,12 +256,22 @@ in rec {
# Generate the NixOS manpages. # Generate the NixOS manpages.
manpages = runCommand "nixos-manpages" manpages = runCommand "nixos-manpages"
{ inherit sources; { inherit sources;
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ]; nativeBuildInputs = [
buildPackages.installShellFiles
] ++ lib.optionals allowDocBook [
buildPackages.libxml2.bin
buildPackages.libxslt.bin
] ++ lib.optionals (! allowDocBook) [
buildPackages.nixos-render-docs
];
allowedReferences = ["out"]; allowedReferences = ["out"];
} }
'' ''
# Generate manpages. # Generate manpages.
mkdir -p $out/share/man mkdir -p $out/share/man/man8
installManPage ${./manpages}/*
${if allowDocBook
then ''
xsltproc --nonet \ xsltproc --nonet \
--maxdepth 6000 \ --maxdepth 6000 \
--param man.output.in.separate.dir 1 \ --param man.output.in.separate.dir 1 \
@ -268,6 +280,14 @@ in rec {
--param man.break.after.slash 1 \ --param man.break.after.slash 1 \
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \ ${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
${manual-combined}/man-pages-combined.xml ${manual-combined}/man-pages-combined.xml
''
else ''
mkdir -p $out/share/man/man5
nixos-render-docs options manpage \
--revision ${lib.escapeShellArg revision} \
${optionsJSON}/share/doc/nixos/options.json \
$out/share/man/man5/configuration.nix.5
''}
''; '';
} }

View file

@ -63,7 +63,8 @@ Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with db
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true $ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
</programlisting> </programlisting>
<para> <para>
A log-out and re-log will be needed for this to take effect. It is necessary to log out and log in again for this to take
effect.
</para> </para>
</section> </section>
</chapter> </chapter>

View file

@ -116,8 +116,8 @@
<listitem> <listitem>
<para> <para>
<link xlink:href="https://dm3mat.darc.de/qdmr/">QDMR</link>, a <link xlink:href="https://dm3mat.darc.de/qdmr/">QDMR</link>, a
gui application and command line tool for programming cheap GUI application and command line tool for programming DMR
DMR radios radios
<link linkend="opt-programs.qdmr.enable">programs.qdmr</link> <link linkend="opt-programs.qdmr.enable">programs.qdmr</link>
</para> </para>
</listitem> </listitem>
@ -152,6 +152,15 @@
are met, or not met. are met, or not met.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<link xlink:href="https://github.com/parvardegr/sharing">sharing</link>,
a command-line tool to share directories and files from the
CLI to iOS and Android devices without the need of an extra
client app. Available as
<link linkend="opt-programs.sharing.enable">programs.sharing</link>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
<section xml:id="sec-release-23.05-incompatibilities"> <section xml:id="sec-release-23.05-incompatibilities">
@ -189,7 +198,22 @@
<literal>doInstallCheck</literal> is set. (Note that this <literal>doInstallCheck</literal> is set. (Note that this
change will not cause breakage to derivations with change will not cause breakage to derivations with
<literal>strictDeps</literal> unset, which are most packages <literal>strictDeps</literal> unset, which are most packages
except python, rust and go packages). except python, rust, ocaml and go packages).
</para>
</listitem>
<listitem>
<para>
<literal>buildDunePackage</literal> now defaults to
<literal>strictDeps = true</literal> which means that any
library should go into <literal>buildInputs</literal> or
<literal>checkInputs</literal>. Any executable that is run on
the building machine should go into
<literal>nativeBuildInputs</literal> or
<literal>nativeCheckInputs</literal> respectively. Example of
executables are <literal>ocaml</literal>,
<literal>findlib</literal> and <literal>menhir</literal>. PPXs
are libraries which are built by dune and should therefore not
go into <literal>nativeBuildInputs</literal>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -397,6 +421,16 @@
attribute name. attribute name.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Nebula now runs as a system user and group created for each
nebula network, using the <literal>CAP_NET_ADMIN</literal>
ambient capability on launch rather than starting as root.
Ensure that any files each Nebula instance needs to access are
owned by the correct user and group, by default
<literal>nebula-${networkName}</literal>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
In <literal>mastodon</literal> it is now necessary to specify In <literal>mastodon</literal> it is now necessary to specify
@ -488,19 +522,72 @@
<para> <para>
A few openssh options have been moved from extraConfig to the A few openssh options have been moved from extraConfig to the
new freeform option <literal>settings</literal> and renamed as new freeform option <literal>settings</literal> and renamed as
follow: follows:
<literal>services.openssh.kbdInteractiveAuthentication</literal>
to
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>,
<literal>services.openssh.passwordAuthentication</literal> to
<literal>services.openssh.settings.PasswordAuthentication</literal>,
<literal>services.openssh.useDns</literal> to
<literal>services.openssh.settings.UseDns</literal>,
<literal>services.openssh.permitRootLogin</literal> to
<literal>services.openssh.settings.PermitRootLogin</literal>,
<literal>services.openssh.logLevel</literal> to
<literal>services.openssh.settings.LogLevel</literal>.
</para> </para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>services.openssh.forwardX11</literal> to
<literal>services.openssh.settings.X11Forwarding</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.kbdInteractiveAuthentication</literal>
-&gt;
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.passwordAuthentication</literal>
to
<literal>services.openssh.settings.PasswordAuthentication</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.useDns</literal> to
<literal>services.openssh.settings.UseDns</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.permitRootLogin</literal> to
<literal>services.openssh.settings.PermitRootLogin</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.logLevel</literal> to
<literal>services.openssh.settings.LogLevel</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.kexAlgorithms</literal> to
<literal>services.openssh.settings.KexAlgorithms</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.macs</literal> to
<literal>services.openssh.settings.Macs</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.ciphers</literal> to
<literal>services.openssh.settings.Ciphers</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.gatewayPorts</literal> to
<literal>services.openssh.settings.GatewayPorts</literal>
</para>
</listitem>
</itemizedlist>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@ -675,6 +762,13 @@
conversion. conversion.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Grafana Tempo has been updated to version 2.0. See the
<link xlink:href="https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations">upstream
upgrade guide</link> for migration instructions.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
A new <literal>virtualisation.rosetta</literal> module was A new <literal>virtualisation.rosetta</literal> module was
@ -772,6 +866,18 @@
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>. <link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Nebula now supports the
<literal>services.nebula.networks.&lt;name&gt;.isRelay</literal>
and
<literal>services.nebula.networks.&lt;name&gt;.relays</literal>
configuration options for setting up or allowing traffic
relaying. See the
<link xlink:href="https://www.defined.net/blog/announcing-relay-support-in-nebula/">announcement</link>
for more details about relays.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>hip</literal> has been separated into <literal>hip</literal> has been separated into
@ -808,6 +914,60 @@
(<link linkend="opt-services.fwupd.daemonSettings"><literal>services.fwupd.daemonSettings</literal></link>). (<link linkend="opt-services.fwupd.daemonSettings"><literal>services.fwupd.daemonSettings</literal></link>).
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>zramSwap</literal> is now implemented with
<literal>zram-generator</literal>, and the option
<literal>zramSwap.numDevices</literal> for using ZRAM devices
as general purpose ephemeral block devices has been removed.
</para>
</listitem>
<listitem>
<para>
As Singularity has renamed to
<link xlink:href="https://apptainer.org/news/community-announcement-20211130">Apptainer</link>
to distinguish from
<link xlink:href="https://sylabs.io/2021/05/singularity-community-edition">an
un-renamed fork by Sylabs Inc.</link>, there are now two
packages of Singularity/Apptainer:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>apptainer</literal>: From
<literal>github.com/apptainer/apptainer</literal>, which
is the new repo after renaming.
</para>
</listitem>
<listitem>
<para>
<literal>singularity</literal>: From
<literal>github.com/sylabs/singularity</literal>, which is
the fork by Sylabs Inc..
</para>
</listitem>
</itemizedlist>
<para>
<literal>programs.singularity</literal> got a new
<literal>package</literal> option to specify which package to
use.
</para>
<para>
<literal>singularity-tools.buildImage</literal> got a new
input argument <literal>singularity</literal> to specify which
package to use.
</para>
</listitem>
<listitem>
<para>
The new option
<literal>programs.singularity.enableFakeroot</literal>, if set
to <literal>true</literal>, provides
<literal>--fakeroot</literal> support for
<literal>apptainer</literal> and
<literal>singularity</literal>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The <literal>unifi-poller</literal> package and corresponding The <literal>unifi-poller</literal> package and corresponding
@ -836,6 +996,12 @@
<literal>libax25</literal> package. <literal>libax25</literal> package.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>tvbrowser-bin</literal> was removed, and now
<literal>tvbrowser</literal> is built from source.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>nixos-version</literal> now accepts <literal>nixos-version</literal> now accepts
@ -850,6 +1016,13 @@
been fixed to allow more than one plugin in the path. been fixed to allow more than one plugin in the path.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The option
<literal>services.prometheus.exporters.pihole.interval</literal>
does not exist anymore and has been removed.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

View file

@ -1,138 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-build-vms</command>
</refentrytitle><manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-build-vms</command></refname>
<refpurpose>build a network of virtual machines from a network of NixOS configurations</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-build-vms</command>
<arg>
<option>--show-trace</option>
</arg>
<arg>
<option>--no-out-link</option>
</arg>
<arg>
<option>--help</option>
</arg>
<arg>
<option>--option</option>
<replaceable>name</replaceable>
<replaceable>value</replaceable>
</arg>
<arg choice="plain">
<replaceable>network.nix</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This command builds a network of QEMU-KVM virtual machines of a Nix
expression specifying a network of NixOS machines. The virtual network can
be started by executing the <filename>bin/run-vms</filename> shell script
that is generated by this command. By default, a <filename>result</filename>
symlink is produced that points to the generated virtual network.
</para>
<para>
A network Nix expression has the following structure:
<screen>
{
test1 = {pkgs, config, ...}:
{
services.openssh.enable = true;
nixpkgs.localSystem.system = "i686-linux";
deployment.targetHost = "test1.example.net";
# Other NixOS options
};
test2 = {pkgs, config, ...}:
{
services.openssh.enable = true;
services.httpd.enable = true;
environment.systemPackages = [ pkgs.lynx ];
nixpkgs.localSystem.system = "x86_64-linux";
deployment.targetHost = "test2.example.net";
# Other NixOS options
};
}
</screen>
Each attribute in the expression represents a machine in the network (e.g.
<varname>test1</varname> and <varname>test2</varname>) referring to a
function defining a NixOS configuration. In each NixOS configuration, two
attributes have a special meaning. The
<varname>deployment.targetHost</varname> specifies the address (domain name
or IP address) of the system which is used by <command>ssh</command> to
perform remote deployment operations. The
<varname>nixpkgs.localSystem.system</varname> attribute can be used to
specify an architecture for the target machine, such as
<varname>i686-linux</varname> which builds a 32-bit NixOS configuration.
Omitting this property will build the configuration for the same
architecture as the host system.
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
This command accepts the following options:
</para>
<variablelist>
<varlistentry>
<term>
<option>--show-trace</option>
</term>
<listitem>
<para>
Shows a trace of the output.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--no-out-link</option>
</term>
<listitem>
<para>
Do not create a 'result' symlink.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-h</option>, <option>--help</option>
</term>
<listitem>
<para>
Shows the usage of this command to the user.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
</term>
<listitem>
<para>Set the Nix configuration option
<replaceable>name</replaceable> to <replaceable>value</replaceable>.
This overrides settings in the Nix configuration file (see
<citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
</refentry>

View file

@ -1,154 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-enter</command>
</refentrytitle><manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-enter</command></refname>
<refpurpose>run a command in a NixOS chroot environment</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-enter</command>
<arg>
<arg choice='plain'>
<option>--root</option>
</arg>
<replaceable>root</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--system</option>
</arg>
<replaceable>system</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>-c</option>
</arg>
<replaceable>shell-command</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--silent</option>
</arg>
</arg>
<arg>
<arg choice='plain'>
<option>--help</option>
</arg>
</arg>
<arg>
<arg choice='plain'>
<option>--</option>
</arg>
<replaceable>arguments</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This command runs a command in a NixOS chroot environment, that is, in a
filesystem hierarchy previously prepared using
<command>nixos-install</command>.
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
This command accepts the following options:
</para>
<variablelist>
<varlistentry>
<term>
<option>--root</option>
</term>
<listitem>
<para>
The path to the NixOS system you want to enter. It defaults to
<filename>/mnt</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--system</option>
</term>
<listitem>
<para>
The NixOS system configuration to use. It defaults to
<filename>/nix/var/nix/profiles/system</filename>. You can enter a
previous NixOS configuration by specifying a path such as
<filename>/nix/var/nix/profiles/system-106-link</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--command</option>
</term>
<term>
<option>-c</option>
</term>
<listitem>
<para>
The bash command to execute.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--silent</option>
</term>
<listitem>
<para>
Suppresses all output from the activation script of the target system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--</option>
</term>
<listitem>
<para>
Interpret the remaining arguments as the program name and arguments to be
invoked. The program is not executed in a shell.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>
Start an interactive shell in the NixOS installation in
<filename>/mnt</filename>:
</para>
<screen>
<prompt># </prompt>nixos-enter --root /mnt
</screen>
<para>
Run a shell command:
</para>
<screen>
<prompt># </prompt>nixos-enter -c 'ls -l /; cat /proc/mounts'
</screen>
<para>
Run a non-shell command:
</para>
<screen>
# nixos-enter -- cat /proc/mounts
</screen>
</refsection>
</refentry>

View file

@ -1,214 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-generate-config</command>
</refentrytitle><manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-generate-config</command></refname>
<refpurpose>generate NixOS configuration modules</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-generate-config</command>
<arg>
<option>--force</option>
</arg>
<arg>
<arg choice='plain'>
<option>--root</option>
</arg>
<replaceable>root</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--dir</option>
</arg>
<replaceable>dir</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This command writes two NixOS configuration modules:
<variablelist>
<varlistentry>
<term>
<option>/etc/nixos/hardware-configuration.nix</option>
</term>
<listitem>
<para>
This module sets NixOS configuration options based on your current
hardware configuration. In particular, it sets the
<option>fileSystem</option> option to reflect all currently mounted file
systems, the <option>swapDevices</option> option to reflect active swap
devices, and the <option>boot.initrd.*</option> options to ensure that
the initial ramdisk contains any kernel modules necessary for mounting
the root file system.
</para>
<para>
If this file already exists, it is overwritten. Thus, you should not
modify it manually. Rather, you should include it from your
<filename>/etc/nixos/configuration.nix</filename>, and re-run
<command>nixos-generate-config</command> to update it whenever your
hardware configuration changes.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>/etc/nixos/configuration.nix</option>
</term>
<listitem>
<para>
This is the main NixOS system configuration module. If it already
exists, its left unchanged. Otherwise,
<command>nixos-generate-config</command> will write a template for you
to customise.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
This command accepts the following options:
</para>
<variablelist>
<varlistentry>
<term>
<option>--root</option>
</term>
<listitem>
<para>
If this option is given, treat the directory
<replaceable>root</replaceable> as the root of the file system. This
means that configuration files will be written to
<filename><replaceable>root</replaceable>/etc/nixos</filename>, and that
any file systems outside of <replaceable>root</replaceable> are ignored
for the purpose of generating the <option>fileSystems</option> option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--dir</option>
</term>
<listitem>
<para>
If this option is given, write the configuration files to the directory
<replaceable>dir</replaceable> instead of
<filename>/etc/nixos</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--force</option>
</term>
<listitem>
<para>
Overwrite <filename>/etc/nixos/configuration.nix</filename> if it already
exists.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--no-filesystems</option>
</term>
<listitem>
<para>
Omit everything concerning file systems and swap devices from the
hardware configuration.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--show-hardware-config</option>
</term>
<listitem>
<para>
Don't generate <filename>configuration.nix</filename> or
<filename>hardware-configuration.nix</filename> and print the hardware
configuration to stdout only.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>
This command is typically used during NixOS installation to write initial
configuration modules. For example, if you created and mounted the target
file systems on <filename>/mnt</filename> and
<filename>/mnt/boot</filename>, you would run:
<screen>
<prompt>$ </prompt>nixos-generate-config --root /mnt
</screen>
The resulting file
<filename>/mnt/etc/nixos/hardware-configuration.nix</filename> might look
like this:
<programlisting>
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, pkgs, ... }:
{
imports =
[ &lt;nixos/modules/installer/scan/not-detected.nix&gt;
];
boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext3";
options = [ "rw" "data=ordered" "relatime" ];
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext3";
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
};
swapDevices =
[ { device = "/dev/sda2"; }
];
nix.maxJobs = 8;
}
</programlisting>
It will also create a basic
<filename>/mnt/etc/nixos/configuration.nix</filename>, which you should edit
to customise the logical configuration of your system. This file includes
the result of the hardware scan as follows:
<programlisting>
imports = [ ./hardware-configuration.nix ];
</programlisting>
</para>
<para>
After installation, if your hardware configuration changes, you can run:
<screen>
<prompt>$ </prompt>nixos-generate-config
</screen>
to update <filename>/etc/nixos/hardware-configuration.nix</filename>. Your
<filename>/etc/nixos/configuration.nix</filename> will
<emphasis>not</emphasis> be overwritten.
</para>
</refsection>
</refentry>

View file

@ -1,357 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-install</command>
</refentrytitle><manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-install</command></refname>
<refpurpose>install bootloader and NixOS</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-install</command>
<arg>
<group choice='req'>
<arg choice='plain'>
<option>--verbose</option>
</arg>
<arg choice='plain'>
<option>-v</option>
</arg>
</group>
</arg>
<arg>
<arg choice='plain'>
<option>-I</option>
</arg>
<replaceable>path</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--root</option>
</arg>
<replaceable>root</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--system</option>
</arg>
<replaceable>path</replaceable>
</arg>
<arg>
<option>--flake</option> <replaceable>flake-uri</replaceable>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--impure</option></arg>
</group>
</arg>
<arg>
<arg choice='plain'>
<option>--channel</option>
</arg>
<replaceable>channel</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--no-channel-copy</option>
</arg>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'>
<option>--no-root-password</option>
</arg>
<arg choice='plain'>
<option>--no-root-passwd</option>
</arg>
</group>
</arg>
<arg>
<arg choice='plain'>
<option>--no-bootloader</option>
</arg>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'>
<option>--max-jobs</option>
</arg>
<arg choice='plain'>
<option>-j</option>
</arg>
</group> <replaceable>number</replaceable>
</arg>
<arg>
<option>--cores</option> <replaceable>number</replaceable>
</arg>
<arg>
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--show-trace</option>
</arg>
</arg>
<arg>
<arg choice='plain'>
<option>--keep-going</option>
</arg>
</arg>
<arg>
<arg choice='plain'>
<option>--help</option>
</arg>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This command installs NixOS in the file system mounted on
<filename>/mnt</filename>, based on the NixOS configuration specified in
<filename>/mnt/etc/nixos/configuration.nix</filename>. It performs the
following steps:
<itemizedlist>
<listitem>
<para>
It copies Nix and its dependencies to
<filename>/mnt/nix/store</filename>.
</para>
</listitem>
<listitem>
<para>
It runs Nix in <filename>/mnt</filename> to build the NixOS configuration
specified in <filename>/mnt/etc/nixos/configuration.nix</filename>.
</para>
</listitem>
<listitem>
<para>
It installs the current channel <quote>nixos</quote> in the target channel
profile (unless <option>--no-channel-copy</option> is specified).
</para>
</listitem>
<listitem>
<para>
It installs the GRUB boot loader on the device specified in the option
<option>boot.loader.grub.device</option> (unless
<option>--no-bootloader</option> is specified), and generates a GRUB
configuration file that boots into the NixOS configuration just
installed.
</para>
</listitem>
<listitem>
<para>
It prompts you for a password for the root account (unless
<option>--no-root-password</option> is specified).
</para>
</listitem>
</itemizedlist>
</para>
<para>
This command is idempotent: if it is interrupted or fails due to a temporary
problem (e.g. a network issue), you can safely re-run it.
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
This command accepts the following options:
</para>
<variablelist>
<varlistentry>
<term><option>--verbose</option> / <option>-v</option></term>
<listitem>
<para>Increases the level of verbosity of diagnostic messages
printed on standard error. For each Nix operation, the information
printed on standard output is well-defined; any diagnostic
information is printed on standard error, never on standard
output.</para>
<para>Please note that this option may be specified repeatedly.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--root</option>
</term>
<listitem>
<para>
Defaults to <filename>/mnt</filename>. If this option is given, treat the
directory <replaceable>root</replaceable> as the root of the NixOS
installation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--system</option>
</term>
<listitem>
<para>
If this option is provided, <command>nixos-install</command> will install
the specified closure rather than attempt to build one from
<filename>/mnt/etc/nixos/configuration.nix</filename>.
</para>
<para>
The closure must be an appropriately configured NixOS system, with boot
loader and partition configuration that fits the target host. Such a
closure is typically obtained with a command such as <command>nix-build
-I nixos-config=./configuration.nix '&lt;nixpkgs/nixos&gt;' -A system
--no-out-link</command>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--flake</option> <replaceable>flake-uri</replaceable>#<replaceable>name</replaceable>
</term>
<listitem>
<para>
Build the NixOS system from the specified flake.
The flake must contain an output named
<literal>nixosConfigurations.<replaceable>name</replaceable></literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--channel</option>
</term>
<listitem>
<para>
If this option is provided, do not copy the current
<quote>nixos</quote> channel to the target host. Instead, use the
specified derivation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-I</option>
</term>
<listitem>
<para>
Add a path to the Nix expression search path. This option may be given
multiple times. See the NIX_PATH environment variable for information on
the semantics of the Nix search path. Paths added through
<replaceable>-I</replaceable> take precedence over NIX_PATH.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--max-jobs</option>
</term>
<term>
<option>-j</option>
</term>
<listitem>
<para>
Sets the maximum number of build jobs that Nix will perform in parallel
to the specified number. The default is <literal>1</literal>. A higher
value is useful on SMP systems or to exploit I/O latency.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--cores</option>
</term>
<listitem>
<para>
Sets the value of the <envar>NIX_BUILD_CORES</envar> environment variable
in the invocation of builders. Builders can use this variable at their
discretion to control the maximum amount of parallelism. For instance, in
Nixpkgs, if the derivation attribute
<varname>enableParallelBuilding</varname> is set to
<literal>true</literal>, the builder passes the
<option>-j<replaceable>N</replaceable></option> flag to GNU Make. The
value <literal>0</literal> means that the builder should use all
available CPU cores in the system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
</term>
<listitem>
<para>
Set the Nix configuration option <replaceable>name</replaceable> to
<replaceable>value</replaceable>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--show-trace</option>
</term>
<listitem>
<para>
Causes Nix to print out a stack trace in case of Nix expression
evaluation errors.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--keep-going</option>
</term>
<listitem>
<para>
Causes Nix to continue building derivations as far as possible
in the face of failed builds.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--help</option>
</term>
<listitem>
<para>
Synonym for <command>man nixos-install</command>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>
A typical NixOS installation is done by creating and mounting a file system
on <filename>/mnt</filename>, generating a NixOS configuration in
<filename>/mnt/etc/nixos/configuration.nix</filename>, and running
<command>nixos-install</command>. For instance, if we want to install NixOS
on an <literal>ext4</literal> file system created in
<filename>/dev/sda1</filename>:
<screen>
<prompt>$ </prompt>mkfs.ext4 /dev/sda1
<prompt>$ </prompt>mount /dev/sda1 /mnt
<prompt>$ </prompt>nixos-generate-config --root /mnt
<prompt>$ </prompt># edit /mnt/etc/nixos/configuration.nix
<prompt>$ </prompt>nixos-install
<prompt>$ </prompt>reboot
</screen>
</para>
</refsection>
</refentry>

View file

@ -1,134 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-option</command>
</refentrytitle><manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-option</command></refname>
<refpurpose>inspect a NixOS configuration</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-option</command>
<arg>
<group choice='req'>
<arg choice='plain'><option>-r</option></arg>
<arg choice='plain'><option>--recursive</option></arg>
</group>
</arg>
<arg>
<option>-I</option> <replaceable>path</replaceable>
</arg>
<arg>
<replaceable>option.name</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This command evaluates the configuration specified in
<filename>/etc/nixos/configuration.nix</filename> and returns the properties
of the option name given as argument.
</para>
<para>
When the option name is not an option, the command prints the list of
attributes contained in the attribute set.
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
This command accepts the following options:
</para>
<variablelist>
<varlistentry>
<term><option>-r</option></term>
<term><option>--recursive</option></term>
<listitem>
<para>
Print all the values at or below the specified path recursively.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-I</option> <replaceable>path</replaceable>
</term>
<listitem>
<para>
This option is passed to the underlying
<command>nix-instantiate</command> invocation.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Environment</title>
<variablelist>
<varlistentry>
<term>
<envar>NIXOS_CONFIG</envar>
</term>
<listitem>
<para>
Path to the main NixOS configuration module. Defaults to
<filename>/etc/nixos/configuration.nix</filename>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>
Investigate option values:
<screen><prompt>$ </prompt>nixos-option boot.loader
This attribute set contains:
generationsDir
grub
initScript
<prompt>$ </prompt>nixos-option boot.loader.grub.enable
Value:
true
Default:
true
Description:
Whether to enable the GNU GRUB boot loader.
Declared by:
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
Defined by:
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
</screen>
</para>
</refsection>
<refsection>
<title>Bugs</title>
<para>
The author listed in the following section is wrong. If there is any other
bug, please report to Nicolas Pierron.
</para>
</refsection>
<refsection>
<title>See also</title>
<para>
<citerefentry>
<refentrytitle>configuration.nix</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
</para>
</refsection>
</refentry>

View file

@ -1,781 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-rebuild</command>
</refentrytitle><manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-rebuild</command></refname>
<refpurpose>reconfigure a NixOS machine</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-rebuild</command><group choice='req'>
<arg choice='plain'>
<option>switch</option>
</arg>
<arg choice='plain'>
<option>boot</option>
</arg>
<arg choice='plain'>
<option>test</option>
</arg>
<arg choice='plain'>
<option>build</option>
</arg>
<arg choice='plain'>
<option>dry-build</option>
</arg>
<arg choice='plain'>
<option>dry-activate</option>
</arg>
<arg choice='plain'>
<option>edit</option>
</arg>
<arg choice='plain'>
<option>build-vm</option>
</arg>
<arg choice='plain'>
<option>build-vm-with-bootloader</option>
</arg>
</group>
<sbr />
<arg>
<group choice='req'>
<arg choice='plain'>
<option>--upgrade</option>
</arg>
<arg choice='plain'>
<option>--upgrade-all</option>
</arg>
</group>
</arg>
<arg>
<option>--install-bootloader</option>
</arg>
<arg>
<option>--no-build-nix</option>
</arg>
<arg>
<option>--fast</option>
</arg>
<arg>
<option>--rollback</option>
</arg>
<arg>
<option>--builders</option> <replaceable>builder-spec</replaceable>
</arg>
<sbr/>
<arg>
<option>--flake</option> <replaceable>flake-uri</replaceable>
</arg>
<arg>
<option>--no-flake</option>
</arg>
<arg>
<option>--override-input</option> <replaceable>input-name</replaceable> <replaceable>flake-uri</replaceable>
</arg>
<sbr />
<arg>
<group choice='req'>
<arg choice='plain'>
<option>--profile-name</option>
</arg>
<arg choice='plain'>
<option>-p</option>
</arg>
</group> <replaceable>name</replaceable>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'>
<option>--specialisation</option>
</arg>
<arg choice='plain'>
<option>-c</option>
</arg>
</group> <replaceable>name</replaceable>
</arg>
<sbr />
<arg>
<option>--build-host</option> <replaceable>host</replaceable>
</arg>
<arg>
<option>--target-host</option> <replaceable>host</replaceable>
</arg>
<arg>
<option>--use-remote-sudo</option>
</arg>
<sbr />
<arg>
<option>--show-trace</option>
</arg>
<arg>
<option>-I</option>
<replaceable>NIX_PATH</replaceable>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--verbose</option></arg>
<arg choice='plain'><option>-v</option></arg>
</group>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--impure</option></arg>
</group>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--max-jobs</option></arg>
<arg choice='plain'><option>-j</option></arg>
</group>
<replaceable>number</replaceable>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--keep-failed</option></arg>
<arg choice='plain'><option>-K</option></arg>
</group>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--keep-going</option></arg>
<arg choice='plain'><option>-k</option></arg>
</group>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This command updates the system so that it corresponds to the
configuration specified in
<filename>/etc/nixos/configuration.nix</filename> or
<filename>/etc/nixos/flake.nix</filename>. Thus, every time you
modify the configuration or any other NixOS module, you must run
<command>nixos-rebuild</command> to make the changes take
effect. It builds the new system in
<filename>/nix/store</filename>, runs its activation script, and
stop and (re)starts any system services if needed. Please note that
user services need to be started manually as they aren't detected
by the activation script at the moment.
</para>
<para>
This command has one required argument, which specifies the desired
operation. It must be one of the following:
<variablelist>
<varlistentry>
<term>
<option>switch</option>
</term>
<listitem>
<para>
Build and activate the new configuration, and make it the boot default.
That is, the configuration is added to the GRUB boot menu as the default
menu entry, so that subsequent reboots will boot the system into the new
configuration. Previous configurations activated with
<command>nixos-rebuild switch</command> or <command>nixos-rebuild
boot</command> remain available in the GRUB menu.
</para>
<para>
Note that if you are using specializations, running just
<command>nixos-rebuild switch</command> will switch you back to the
unspecialized, base system - in that case, you might want to use this
instead:
<screen>
<prompt>$ </prompt>nixos-rebuild switch --specialisation your-specialisation-name
</screen>
This command will build all specialisations and make them bootable just
like regular <command>nixos-rebuild switch</command> does - the only
thing different is that it will switch to given specialisation instead
of the base system; it can be also used to switch from the base system
into a specialised one, or to switch between specialisations.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>boot</option>
</term>
<listitem>
<para>
Build the new configuration and make it the boot default (as with
<command>nixos-rebuild switch</command>), but do not activate it. That
is, the system continues to run the previous configuration until the
next reboot.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>test</option>
</term>
<listitem>
<para>
Build and activate the new configuration, but do not add it to the GRUB
boot menu. Thus, if you reboot the system (or if it crashes), you will
automatically revert to the default configuration (i.e. the
configuration resulting from the last call to <command>nixos-rebuild
switch</command> or <command>nixos-rebuild boot</command>).
</para>
<para>
Note that if you are using specialisations, running just
<command>nixos-rebuild test</command> will activate the unspecialised,
base system - in that case, you might want to use this instead:
<screen>
<prompt>$ </prompt>nixos-rebuild test --specialisation your-specialisation-name
</screen>
This command can be also used to switch from the base system into a
specialised one, or to switch between specialisations.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>build</option>
</term>
<listitem>
<para>
Build the new configuration, but neither activate it nor add it to the
GRUB boot menu. It leaves a symlink named <filename>result</filename> in
the current directory, which points to the output of the top-level
“system” derivation. This is essentially the same as doing
<screen>
<prompt>$ </prompt>nix-build /path/to/nixpkgs/nixos -A system
</screen>
Note that you do not need to be <literal>root</literal> to run
<command>nixos-rebuild build</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>dry-build</option>
</term>
<listitem>
<para>
Show what store paths would be built or downloaded by any of the
operations above, but otherwise do nothing.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>dry-activate</option>
</term>
<listitem>
<para>
Build the new configuration, but instead of activating it, show what
changes would be performed by the activation (i.e. by
<command>nixos-rebuild test</command>). For instance, this command will
print which systemd units would be restarted. The list of changes is not
guaranteed to be complete.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>edit</option>
</term>
<listitem>
<para>
Opens <filename>configuration.nix</filename> in the default editor.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>build-vm</option>
</term>
<listitem>
<para>
Build a script that starts a NixOS virtual machine with the desired
configuration. It leaves a symlink <filename>result</filename> in the
current directory that points (under
<filename>result/bin/run-<replaceable>hostname</replaceable>-vm</filename>)
at the script that starts the VM. Thus, to test a NixOS configuration in
a virtual machine, you should do the following:
<screen>
<prompt>$ </prompt>nixos-rebuild build-vm
<prompt>$ </prompt>./result/bin/run-*-vm
</screen>
</para>
<para>
The VM is implemented using the <literal>qemu</literal> package. For
best performance, you should load the <literal>kvm-intel</literal> or
<literal>kvm-amd</literal> kernel modules to get hardware
virtualisation.
</para>
<para>
The VM mounts the Nix store of the host through the 9P file system. The
host Nix store is read-only, so Nix commands that modify the Nix store
will not work in the VM. This includes commands such as
<command>nixos-rebuild</command>; to change the VMs configuration,
you must halt the VM and re-run the commands above.
</para>
<para>
The VM has its own <literal>ext3</literal> root file system, which is
automatically created when the VM is first started, and is persistent
across reboots of the VM. It is stored in
<literal>./<replaceable>hostname</replaceable>.qcow2</literal>.
<!-- The entire file system hierarchy of the host is available in
the VM under <filename>/hostfs</filename>.-->
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>build-vm-with-bootloader</option>
</term>
<listitem>
<para>
Like <option>build-vm</option>, but boots using the regular boot loader
of your configuration (e.g., GRUB 1 or 2), rather than booting directly
into the kernel and initial ramdisk of the system. This allows you to
test whether the boot loader works correctly. However, it does not
guarantee that your NixOS configuration will boot successfully on the
host hardware (i.e., after running <command>nixos-rebuild
switch</command>), because the hardware and boot loader configuration in
the VM are different. The boot loader is installed on an automatically
generated virtual disk containing a <filename>/boot</filename>
partition.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
This command accepts the following options:
</para>
<variablelist>
<varlistentry>
<term>
<option>--upgrade</option>
</term>
<term>
<option>--upgrade-all</option>
</term>
<listitem>
<para>
Update the root user's channel named <literal>nixos</literal>
before rebuilding the system.
</para>
<para>
In addition to the <literal>nixos</literal> channel, the root
user's channels which have a file named
<literal>.update-on-nixos-rebuild</literal> in their base
directory will also be updated.
</para>
<para>
Passing <option>--upgrade-all</option> updates all of the root
user's channels.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--install-bootloader</option>
</term>
<listitem>
<para>
Causes the boot loader to be (re)installed on the device specified by the
relevant configuration options.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--no-build-nix</option>
</term>
<listitem>
<para>
Normally, <command>nixos-rebuild</command> first builds the
<varname>nixUnstable</varname> attribute in Nixpkgs, and uses the
resulting instance of the Nix package manager to build the new system
configuration. This is necessary if the NixOS modules use features not
provided by the currently installed version of Nix. This option disables
building a new Nix.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--fast</option>
</term>
<listitem>
<para>
Equivalent to <option>--no-build-nix</option>. This option is
useful if you call <command>nixos-rebuild</command> frequently
(e.g. if youre hacking on a NixOS module).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--rollback</option>
</term>
<listitem>
<para>
Instead of building a new configuration as specified by
<filename>/etc/nixos/configuration.nix</filename>, roll back to the
previous configuration. (The previous configuration is defined as the one
before the “current” generation of the Nix profile
<filename>/nix/var/nix/profiles/system</filename>.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--builders</option> <replaceable>builder-spec</replaceable>
</term>
<listitem>
<para>
Allow ad-hoc remote builders for building the new system. This requires
the user executing <command>nixos-rebuild</command> (usually root) to be
configured as a trusted user in the Nix daemon. This can be achieved by
using the <literal>nix.settings.trusted-users</literal> NixOS option. Examples
values for that option are described in the <literal>Remote builds
chapter</literal> in the Nix manual, (i.e. <command>--builders
"ssh://bigbrother x86_64-linux"</command>). By specifying an empty string
existing builders specified in <filename>/etc/nix/machines</filename> can
be ignored: <command>--builders ""</command> for example when they are
not reachable due to network connectivity.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--profile-name</option>
</term>
<term>
<option>-p</option>
</term>
<listitem>
<para>
Instead of using the Nix profile
<filename>/nix/var/nix/profiles/system</filename> to keep track of the
current and previous system configurations, use
<filename>/nix/var/nix/profiles/system-profiles/<replaceable>name</replaceable></filename>.
When you use GRUB 2, for every system profile created with this flag,
NixOS will create a submenu named “NixOS - Profile
'<replaceable>name</replaceable>'” in GRUBs boot menu, containing
the current and previous configurations of this profile.
</para>
<para>
For instance, if you want to test a configuration file named
<filename>test.nix</filename> without affecting the default system
profile, you would do:
<screen>
<prompt>$ </prompt>nixos-rebuild switch -p test -I nixos-config=./test.nix
</screen>
The new configuration will appear in the GRUB 2 submenu “NixOS -
Profile 'test'”.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--specialisation</option>
</term>
<term>
<option>-c</option>
</term>
<listitem>
<para>
Activates given specialisation; when not specified, switching and testing
will activate the base, unspecialised system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--build-host</option>
</term>
<listitem>
<para>
Instead of building the new configuration locally, use the specified host
to perform the build. The host needs to be accessible with ssh, and must
be able to perform Nix builds. If the option
<option>--target-host</option> is not set, the build will be copied back
to the local machine when done.
</para>
<para>
Note that, if <option>--no-build-nix</option> is not specified, Nix will
be built both locally and remotely. This is because the configuration
will always be evaluated locally even though the building might be
performed remotely.
</para>
<para>
You can include a remote user name in the host name
(<replaceable>user@host</replaceable>). You can also set ssh options by
defining the <envar>NIX_SSHOPTS</envar> environment variable.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--target-host</option>
</term>
<listitem>
<para>
Specifies the NixOS target host. By setting this to something other than
an empty string, the system activation will happen
on the remote host instead of the local machine. The remote host needs to
be accessible over ssh, and for the commands <option>switch</option>,
<option>boot</option> and <option>test</option> you need root access.
</para>
<para>
If <option>--build-host</option> is not explicitly specified or empty,
building will take place locally.
</para>
<para>
You can include a remote user name in the host name
(<replaceable>user@host</replaceable>). You can also set ssh options by
defining the <envar>NIX_SSHOPTS</envar> environment variable.
</para>
<para>
Note that <command>nixos-rebuild</command> honors the
<literal>nixpkgs.crossSystem</literal> setting of the given configuration
but disregards the true architecture of the target host. Hence the
<literal>nixpkgs.crossSystem</literal> setting has to match the target
platform or else activation will fail.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--use-substitutes</option>
</term>
<listitem>
<para>
When set, nixos-rebuild will add <option>--use-substitutes</option>
to each invocation of nix-copy-closure. This will only affect the
behavior of nixos-rebuild if <option>--target-host</option> or
<option>--build-host</option> is also set. This is useful when
the target-host connection to cache.nixos.org is faster than the
connection between hosts.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--use-remote-sudo</option>
</term>
<listitem>
<para>
When set, nixos-rebuild prefixes remote commands that run on
the <option>--build-host</option> and <option>--target-host</option>
systems with <command>sudo</command>. Setting this option allows
deploying as a non-root user.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--flake</option> <replaceable>flake-uri</replaceable><optional>#<replaceable>name</replaceable></optional>
</term>
<listitem>
<para>
Build the NixOS system from the specified flake. It defaults to
the directory containing the target of the symlink
<filename>/etc/nixos/flake.nix</filename>, if it exists. The
flake must contain an output named
<literal>nixosConfigurations.<replaceable>name</replaceable></literal>. If
<replaceable>name</replaceable> is omitted, it default to the
current host name.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--no-flake</option>
</term>
<listitem>
<para>
Do not imply <option>--flake</option> if
<filename>/etc/nixos/flake.nix</filename> exists. With this
option, it is possible to build non-flake NixOS configurations
even if the current NixOS systems uses flakes.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
In addition, <command>nixos-rebuild</command> accepts various Nix-related
flags, including <option>--max-jobs</option> / <option>-j</option>, <option>-I</option>,
<option>--show-trace</option>, <option>--keep-failed</option>,
<option>--keep-going</option>, <option>--impure</option>, and <option>--verbose</option> /
<option>-v</option>. See the Nix manual for details.
</para>
</refsection>
<refsection>
<title>Environment</title>
<variablelist>
<varlistentry>
<term>
<envar>NIXOS_CONFIG</envar>
</term>
<listitem>
<para>
Path to the main NixOS configuration module. Defaults to
<filename>/etc/nixos/configuration.nix</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<envar>NIX_PATH</envar>
</term>
<listitem>
<para>
A colon-separated list of directories used to look up Nix expressions enclosed in angle brackets (e.g &lt;nixpkgs&gt;). Example
<screen>
nixpkgs=./my-nixpkgs
</screen>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<envar>NIX_SSHOPTS</envar>
</term>
<listitem>
<para>
Additional options to be passed to <command>ssh</command> on the command
line.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Files</title>
<variablelist>
<varlistentry>
<term>
<filename>/etc/nixos/flake.nix</filename>
</term>
<listitem>
<para>
If this file exists, then <command>nixos-rebuild</command> will
use it as if the <option>--flake</option> option was given. This
file may be a symlink to a <filename>flake.nix</filename> in an
actual flake; thus <filename>/etc/nixos</filename> need not be a
flake.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<filename>/run/current-system</filename>
</term>
<listitem>
<para>
A symlink to the currently active system configuration in the Nix store.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<filename>/nix/var/nix/profiles/system</filename>
</term>
<listitem>
<para>
The Nix profile that contains the current and previous system
configurations. Used to generate the GRUB boot menu.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Bugs</title>
<para>
This command should be renamed to something more descriptive.
</para>
</refsection>
</refentry>

View file

@ -1,158 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-version</command>
</refentrytitle><manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
</refmeta>
<refnamediv>
<refname><command>nixos-version</command></refname>
<refpurpose>show the NixOS version</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-version</command>
<arg>
<option>--hash</option>
</arg>
<arg>
<option>--revision</option>
</arg>
<arg>
<option>--configuration-revision</option>
</arg>
<arg>
<option>--json</option>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This command shows the version of the currently active NixOS configuration.
For example:
<screen><prompt>$ </prompt>nixos-version
16.03.1011.6317da4 (Emu)
</screen>
The version consists of the following elements:
<variablelist>
<varlistentry>
<term>
<literal>16.03</literal>
</term>
<listitem>
<para>
The NixOS release, indicating the year and month in which it was
released (e.g. March 2016).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>1011</literal>
</term>
<listitem>
<para>
The number of commits in the Nixpkgs Git repository between the start of
the release branch and the commit from which this version was built.
This ensures that NixOS versions are monotonically increasing. It is
<literal>git</literal> when the current NixOS configuration was built
from a checkout of the Nixpkgs Git repository rather than from a NixOS
channel.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>6317da4</literal>
</term>
<listitem>
<para>
The first 7 characters of the commit in the Nixpkgs Git repository from
which this version was built.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>Emu</literal>
</term>
<listitem>
<para>
The code name of the NixOS release. The first letter of the code name
indicates that this is the N'th stable NixOS release; for example, Emu
is the fifth release.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
This command accepts the following options:
</para>
<variablelist>
<varlistentry>
<term>
<option>--hash</option>
</term>
<term>
<option>--revision</option>
</term>
<listitem>
<para>
Show the full SHA1 hash of the Git commit from which this configuration
was built, e.g.
<screen><prompt>$ </prompt>nixos-version --hash
6317da40006f6bc2480c6781999c52d88dde2acf
</screen>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--configuration-revision</option>
</term>
<listitem>
<para>
Show the configuration revision if available. This could be the full SHA1
hash of the Git commit of the system flake, if you add
<screen>{ system.configurationRevision = self.rev or "dirty"; }</screen>
to the <screen>modules</screen> array of your flake.nix system configuration e.g.
<screen><prompt>$ </prompt>nixos-version --configuration-revision
aa314ebd1592f6cdd53cb5bba8bcae97d9323de8
</screen>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--json</option>
</term>
<listitem>
<para>
Print a JSON representation of the versions of NixOS and the
top-level configuration flake.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
</refentry>

View file

@ -15,11 +15,4 @@
</copyright> </copyright>
</info> </info>
<xi:include href="man-configuration.xml" /> <xi:include href="man-configuration.xml" />
<xi:include href="man-nixos-build-vms.xml" />
<xi:include href="man-nixos-generate-config.xml" />
<xi:include href="man-nixos-install.xml" />
<xi:include href="man-nixos-enter.xml" />
<xi:include href="man-nixos-option.xml" />
<xi:include href="man-nixos-rebuild.xml" />
<xi:include href="man-nixos-version.xml" />
</reference> </reference>

View file

@ -0,0 +1,57 @@
# NixOS manpages
This is the collection of NixOS manpages, excluding `configuration.nix(5)`.
Man pages are written in [`mdoc(7)` format](https://mandoc.bsd.lv/man/mdoc.7.html) and should be portable between mandoc and groff for rendering (though minor differences may occur, mandoc and groff seem to have slightly different spacing rules.)
For previewing edited files, you can just run `man -l path/to/file.8` and you will see it rendered.
Being written in `mdoc` these manpages use semantic markup. This file provides a guideline on where to apply which of the semantic elements of `mdoc`.
### Command lines and arguments
In any manpage, commands, flags and arguments to the *current* executable should be marked according to their semantics. Commands, flags and arguments passed to *other* executables should not be marked like this and should instead be considered as code examples and marked with `Ql`.
- Use `Fl` to mark flag arguments, `Ar` for their arguments.
- Repeating arguments should be marked by adding ellipses (`...`).
- Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`.
- Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments.
- Required flags or arguments should not be marked.
- Mutually exclusive groups of arguments should be enclosed in curly brackets, preferrably created with `Bro`/`Brc` blocks.
When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly:
```
This will run
.Ic ssh Ar name Ic time
to retrieve the remote time.
```
### Paths, NixOS options, environment variables
Constant paths should be marked with `Pa`, NixOS options with `Va`, and environment variables with `Ev`.
Generated paths, e.g. `result/bin/run-hostname-vm` (where `hostname` is a variable or arguments) should be marked as `Ql` inline literals with their variable components marked appropriately.
- Taking `hostname` from an argument become `.Ql result/bin/run- Ns Ar hostname Ns -vm`
- Taking `hostname` from a variable otherwise defined becomes `.Ql result/bin/run- Ns Va hostname Ns -vm`
### Code examples and other commands
In free text names and complete invocations of other commands (e.g. `ssh` or `tar -xvf src.tar`) should be marked with `Ic`, fragments of command lines should be marked with `Ql`.
Larger code blocks or those that cannot be shown inline should use indented literal display block markup for their contents, i.e.
```
.Bd -literal -offset indent
...
.Ed
```
Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be subsituted into them:
```
.Bd -literal -offset indent
{
options.hostname = "\c
.Ar hostname Ns \c
";
}
.Ed
```

View file

@ -0,0 +1,109 @@
.Dd January 1, 1980
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
.\" so we can use it as a groff/mandoc switch.
.ie ddoc-default-operating-system .Dt nixos-build-vms \&8 "NixOS System Manager's Manual"
.el .Dt nixos-build-vms 8
.Os NixOS
.Sh NAME
.Nm nixos-build-vms
.Nd build a network of virtual machines from a network of NixOS configurations
.
.
.
.Sh SYNOPSIS
.Nm nixos-build-vms
.Op Fl -show-trace
.Op Fl -no-out-link
.Op Fl -help
.Op Fl -option Ar name value
.Pa network.nix
.
.
.
.Sh DESCRIPTION
.
This command builds a network of QEMU\-KVM virtual machines of a Nix expression
specifying a network of NixOS machines. The virtual network can be started by
executing the
.Pa bin/run-vms
shell script that is generated by this command. By default, a
.Pa result
symlink is produced that points to the generated virtual network.
.
.Pp
A network Nix expression has the following structure:
.Bd -literal -offset indent
{
test1 = {pkgs, config, ...}:
{
services.openssh.enable = true;
nixpkgs.localSystem.system = "i686-linux";
deployment.targetHost = "test1.example.net";
# Other NixOS options
};
test2 = {pkgs, config, ...}:
{
services.openssh.enable = true;
services.httpd.enable = true;
environment.systemPackages = [ pkgs.lynx ];
nixpkgs.localSystem.system = "x86_64-linux";
deployment.targetHost = "test2.example.net";
# Other NixOS options
};
}
.Ed
.
.Pp
Each attribute in the expression represents a machine in the network
.Ns (e.g.
.Va test1
and
.Va test2 Ns
) referring to a function defining a NixOS configuration. In each NixOS
configuration, two attributes have a special meaning. The
.Va deployment.targetHost
specifies the address (domain name or IP address) of the system which is used by
.Ic ssh
to perform remote deployment operations. The
.Va nixpkgs.localSystem.system
attribute can be used to specify an architecture for the target machine, such as
.Ql i686-linux
which builds a 32-bit NixOS configuration. Omitting this property will build the
configuration for the same architecture as the host system.
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -show-trace
Shows a trace of the output.
.
.It Fl -no-out-link
Do not create a
.Pa result
symlink.
.
.It Fl h , -help
Shows the usage of this command to the user.
.
.It Fl -option Ar name Va value
Set the Nix configuration option
.Va name
to
.Va value Ns
\&. This overrides settings in the Nix configuration file (see
.Xr nix.conf 5 Ns
).
.El
.
.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

View file

@ -0,0 +1,76 @@
.Dd January 1, 1980
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
.\" so we can use it as a groff/mandoc switch.
.ie ddoc-default-operating-system .Dt nixos-enter \&8 "NixOS System Manager's Manual"
.el .Dt nixos-enter 8
.Os NixOS
.Sh NAME
.Nm nixos-enter
.Nd run a command in a NixOS chroot environment
.
.
.
.Sh SYNOPSIS
.Nm nixos-enter
.Op Fl -root Ar root
.Op Fl -system Ar system
.Op Fl -command | c Ar shell-command
.Op Fl -silent
.Op Fl -help
.Op Fl - Ar arguments ...
.
.
.
.Sh DESCRIPTION
This command runs a command in a NixOS chroot environment, that is, in a filesystem hierarchy previously prepared using
.Xr nixos-install 8 .
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -root Ar root
The path to the NixOS system you want to enter. It defaults to
.Pa /mnt Ns
\&.
.It Fl -system Ar system
The NixOS system configuration to use. It defaults to
.Pa /nix/var/nix/profiles/system Ns
\&. You can enter a previous NixOS configuration by specifying a path such as
.Pa /nix/var/nix/profiles/system-106-link Ns
\&.
.
.It Fl -command Ar shell-command , Fl c Ar shell-command
The bash command to execute.
.
.It Fl -silent
Suppresses all output from the activation script of the target system.
.
.It Fl -
Interpret the remaining arguments as the program name and arguments to be invoked.
The program is not executed in a shell.
.El
.
.
.
.Sh EXAMPLES
.Bl -tag -width indent
.It Ic nixos-enter --root /mnt
Start an interactive shell in the NixOS installation in
.Pa /mnt Ns .
.
.It Ic nixos-enter -c 'ls -l /; cat /proc/mounts'
Run a shell command.
.
.It Ic nixos-enter -- cat /proc/mounts
Run a non-shell command.
.El
.
.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

View file

@ -0,0 +1,169 @@
.Dd January 1, 1980
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
.\" so we can use it as a groff/mandoc switch.
.ie ddoc-default-operating-system .Dt nixos-generate-config \&8 "NixOS System Manager's Manual"
.el .Dt nixos-generate-config 8
.Os NixOS
.Sh NAME
.Nm nixos-generate-config
.Nd generate NixOS configuration modules
.
.
.
.Sh SYNOPSIS
.Nm nixos-generate-config
.Op Fl -force
.Op Fl -root Ar root
.Op Fl -dir Ar dir
.
.
.
.Sh DESCRIPTION
This command writes two NixOS configuration modules:
.Bl -tag -width indent
.It Pa /etc/nixos/hardware-configuration.nix
This module sets NixOS configuration options based on your current hardware
configuration. In particular, it sets the
.Va fileSystem
option to reflect all currently mounted file systems, the
.Va swapDevices
option to reflect active swap devices, and the
.Va boot.initrd.*
options to ensure that the initial ramdisk contains any kernel modules necessary
for mounting the root file system.
.Pp
If this file already exists, it is overwritten. Thus, you should not modify it
manually. Rather, you should include it from your
.Pa /etc/nixos/configuration.nix Ns
, and re-run
.Nm
to update it whenever your hardware configuration changes.
.
.It Pa /etc/nixos/configuration.nix
This is the main NixOS system configuration module. If it already exists, its
left unchanged. Otherwise,
.Nm
will write a template for you to customise.
.El
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -root Ar root
If this option is given, treat the directory
.Ar root
as the root of the file system. This means that configuration files will be written to
.Ql Ar root Ns /etc/nixos Ns
, and that any file systems outside of
.Ar root
are ignored for the purpose of generating the
.Va fileSystems
option.
.
.It Fl -dir Ar dir
If this option is given, write the configuration files to the directory
.Ar dir
instead of
.Pa /etc/nixos Ns
\&.
.
.It Fl -force
Overwrite
.Pa /etc/nixos/configuration.nix
if it already exists.
.
.It Fl -no-filesystems
Omit everything concerning file systems and swap devices from the hardware configuration.
.
.It Fl -show-hardware-config
Don't generate
.Pa configuration.nix
or
.Pa hardware-configuration.nix
and print the hardware configuration to stdout only.
.El
.
.
.
.Sh EXAMPLES
This command is typically used during NixOS installation to write initial
configuration modules. For example, if you created and mounted the target file
systems on
.Pa /mnt
and
.Pa /mnt/boot Ns
, you would run:
.Bd -literal -offset indent
$ nixos-generate-config --root /mnt
.Ed
.
.Pp
The resulting file
.Pa /mnt/etc/nixos/hardware-configuration.nix
might look like this:
.Bd -literal -offset indent
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, pkgs, ... }:
{
imports =
[ <nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext3";
options = [ "rw" "data=ordered" "relatime" ];
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext3";
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
};
swapDevices =
[ { device = "/dev/sda2"; }
];
nix.maxJobs = 8;
}
.Ed
.
.Pp
It will also create a basic
.Pa /mnt/etc/nixos/configuration.nix Ns
, which you should edit to customise the logical configuration of your system. \
This file includes the result of the hardware scan as follows:
.Bd -literal -offset indent
imports = [ ./hardware-configuration.nix ];
.Ed
.
.Pp
After installation, if your hardware configuration changes, you can run:
.Bd -literal -offset indent
$ nixos-generate-config
.Ed
.
.Pp
to update
.Pa /etc/nixos/hardware-configuration.nix Ns
\&. Your
.Pa /etc/nixos/configuration.nix
will
.Em not
be overwritten.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

View file

@ -0,0 +1,195 @@
.Dd January 1, 1980
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
.\" so we can use it as a groff/mandoc switch.
.ie ddoc-default-operating-system .Dt nixos-install \&8 "NixOS System Manager's Manual"
.el .Dt nixos-install 8
.Os NixOS
.Sh NAME
.Nm nixos-install
.Nd install bootloader and NixOS
.
.
.
.Sh SYNOPSIS
.Nm nixos-install
.Op Fl -verbose | v
.Op Fl I Ar path
.Op Fl -root Ar root
.Op Fl -system Ar path
.Op Fl -flake Ar flake-uri
.Op Fl -impure
.Op Fl -channel Ar channel
.Op Fl -no-channel-copy
.Op Fl -no-root-password | -no-root-passwd
.Op Fl -no-bootloader
.Op Fl -max-jobs | j Ar number
.Op Fl -cores Ar number
.Op Fl -option Ar name value
.Op Fl -show-trace
.Op Fl -keep-going
.Op Fl -help
.
.
.
.Sh DESCRIPTION
This command installs NixOS in the file system mounted on
.Pa /mnt Ns
, based on the NixOS configuration specified in
.Pa /mnt/etc/nixos/configuration.nix Ns
\&. It performs the following steps:
.
.Bl -enum
.It
It copies Nix and its dependencies to
.Pa /mnt/nix/store Ns
\&.
.
.It
It runs Nix in
.Pa /mnt
to build the NixOS configuration specified in
.Pa /mnt/etc/nixos/configuration.nix Ns
\&.
.
.It
It installs the current channel
.Dq nixos
in the target channel profile (unless
.Fl -no-channel-copy
is specified).
.
.It
It installs the GRUB boot loader on the device specified in the option
.Va boot.loader.grub.device
(unless
.Fl -no-bootloader
is specified), and generates a GRUB configuration file that boots into the NixOS
configuration just installed.
.
.It
It prompts you for a password for the root account (unless
.Fl -no-root-password
is specified).
.El
.
.Pp
This command is idempotent: if it is interrupted or fails due to a temporary
problem (e.g. a network issue), you can safely re-run it.
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -verbose , v
Increases the level of verbosity of diagnostic messages printed on standard
error. For each Nix operation, the information printed on standard output is
well-defined; any diagnostic information is printed on standard error, never on
standard output.
.Pp
Please note that this option may be specified repeatedly.
.
.It Fl -root Ar root
Defaults to
.Pa /mnt Ns
\&. If this option is given, treat the directory
.Ar root
as the root of the NixOS installation.
.
.It Fl -system Ar path
If this option is provided,
.Nm
will install the specified closure rather than attempt to build one from
.Pa /mnt/etc/nixos/configuration.nix Ns
\&.
.Pp
The closure must be an appropriately configured NixOS system, with boot loader
and partition configuration that fits the target host. Such a closure is
typically obtained with a command such as
.Ic nix-build -I nixos-config=./configuration.nix '<nixpkgs/nixos>' -A system --no-out-link Ns
\&.
.
.It Fl -flake Ar flake-uri Ns # Ns Ar name
Build the NixOS system from the specified flake. The flake must contain an
output named
.Ql nixosConfigurations. Ns Ar name Ns
\&.
.
.It Fl -channel Ar channel
If this option is provided, do not copy the current
.Dq nixos
channel to the target host. Instead, use the specified derivation.
.
.It Fl I Ar Path
Add a path to the Nix expression search path. This option may be given multiple
times. See the
.Ev NIX_PATH
environment variable for information on the semantics of the Nix search path. Paths added through
.Fl I
take precedence over
.Ev NIX_PATH Ns
\&.
.
.It Fl -max-jobs , j Ar number
Sets the maximum number of build jobs that Nix will perform in parallel to the
specified number. The default is 1. A higher value is useful on SMP systems or
to exploit I/O latency.
.
.It Fl -cores Ar N
Sets the value of the
.Ev NIX_BUILD_CORES
environment variable in the invocation of builders. Builders can use this
variable at their discretion to control the maximum amount of parallelism. For
instance, in Nixpkgs, if the derivation attribute
.Va enableParallelBuilding
is set to true, the builder passes the
.Fl j Ns Va N
flag to GNU Make. The value 0 means that the builder should use all available CPU cores in the system.
.
.It Fl -option Ar name value
Set the Nix configuration option
.Ar name
to
.Ar value Ns
\&.
.
.It Fl -show-trace
Causes Nix to print out a stack trace in case of Nix expression evaluation errors.
.
.It Fl -keep-going
Causes Nix to continue building derivations as far as possible in the face of failed builds.
.
.It Fl -help
Synonym for
.Ic man nixos-install Ns
\&.
.El
.
.
.
.Sh EXAMPLES
A typical NixOS installation is done by creating and mounting a file system on
.Pa /mnt Ns
, generating a NixOS configuration in
.Pa /mnt/etc/nixos/configuration.nix Ns
, and running
.Nm Ns
\&. For instance, if we want to install NixOS on an ext4 file system created in
.Pa /dev/sda1 Ns
:
.Bd -literal -offset indent
$ mkfs.ext4 /dev/sda1
$ mount /dev/sda1 /mnt
$ nixos-generate-config --root /mnt
$ # edit /mnt/etc/nixos/configuration.nix
$ nixos-install
$ reboot
.Ed
.
.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

View file

@ -0,0 +1,93 @@
.Dd January 1, 1980
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
.\" so we can use it as a groff/mandoc switch.
.ie ddoc-default-operating-system .Dt nixos-option \&8 "NixOS System Manager's Manual"
.el .Dt nixos-option 8
.Os NixOS
.Sh NAME
.Nm nixos-option
.Nd inspect a NixOS configuration
.
.
.
.Sh SYNOPSIS
.Nm
.Op Fl r | -recursive
.Op Fl I Ar path
.Ar option.name
.
.
.
.Sh DESCRIPTION
This command evaluates the configuration specified in
.Pa /etc/nixos/configuration.nix
and returns the properties of the option name given as argument.
.
.Pp
When the option name is not an option, the command prints the list of attributes
contained in the attribute set.
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl r , -recursive
Print all the values at or below the specified path recursively.
.
.It Fl I Ar path
This option is passed to the underlying
.Xr nix-instantiate 1
invocation.
.El
.
.
.
.Sh ENVIRONMENT
.Bl -tag -width indent
.It Ev NIXOS_CONFIG
Path to the main NixOS configuration module. Defaults to
.Pa /etc/nixos/configuration.nix Ns
\&.
.El
.
.
.
.Sh EXAMPLES
Investigate option values:
.Bd -literal -offset indent
$ nixos-option boot.loader
This attribute set contains:
generationsDir
grub
initScript
$ nixos-option boot.loader.grub.enable
Value:
true
Default:
true
Description:
Whether to enable the GNU GRUB boot loader.
Declared by:
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
Defined by:
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
.Ed
.
.
.
.Sh SEE ALSO
.Xr configuration.nix 5
.
.
.
.Sh AUTHORS
.An -nosplit
.An Nicolas Pierron
and
.An the Nixpkgs/NixOS contributors

View file

@ -0,0 +1,456 @@
.Dd January 1, 1980
.\" nixpkgs groff will use Nixpkgs the OS in the title by default, taking it from
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
.\" so we can use it as a groff/mandoc switch.
.ie ddoc-default-operating-system .Dt nixos-rebuild \&8 "NixOS System Manager's Manual"
.el .Dt nixos-rebuild 8
.Os NixOS
.Sh NAME
.Nm nixos-rebuild
.Nd reconfigure a NixOS machine
.
.
.
.Sh SYNOPSIS
.Nm
.Bro
.Cm switch | boot | test | build | dry-build | dry-activate | edit | build-vm | build-vm-with-bootloader
.Brc
.br
.Op Fl -upgrade | -upgrade-all
.Op Fl -install-bootloader
.Op Fl -no-build-nix
.Op Fl -fast
.Op Fl -rollback
.Op Fl -builders Ar builder-spec
.br
.Op Fl -flake Ar flake-uri
.Op Fl -no-flake
.Op Fl -override-input Ar input-name flake-uri
.br
.Op Fl -profile-name | p Ar name
.Op Fl -specialisation | c Ar name
.br
.Op Fl -build-host Va host
.Op Fl -target-host Va host
.Op Fl -use-remote-sudo
.br
.Op Fl -show-trace
.Op Fl I Va NIX_PATH
.Op Fl -verbose | v
.Op Fl -impure
.Op Fl -max-jobs | j Va number
.Op Fl -keep-failed | K
.Op Fl -keep-going | k
.
.
.
.Sh DESCRIPTION
This command updates the system so that it corresponds to the
configuration specified in
.Pa /etc/nixos/configuration.nix
or
.Pa /etc/nixos/flake.nix Ns
\&. Thus, every time you modify the configuration or any other NixOS module, you
must run
.Nm
to make the changes take effect. It builds the new system in
.Pa /nix/store Ns
, runs its activation script, and stop and (re)starts any system services if
needed. Please note that user services need to be started manually as they
aren't detected by the activation script at the moment.
.
.Pp
This command has one required argument, which specifies the desired
operation. It must be one of the following:
.Bl -tag -width indent
.It Cm switch
Build and activate the new configuration, and make it the boot default. That
is, the configuration is added to the GRUB boot menu as the default
menu entry, so that subsequent reboots will boot the system into the new
configuration. Previous configurations activated with
.Ic nixos-rebuild switch
or
.Ic nixos-rebuild boot
remain available in the GRUB menu.
.Pp
Note that if you are using specializations, running just
.Ic nixos-rebuild switch
will switch you back to the unspecialized, base system \(em in that case, you
might want to use this instead:
.Bd -literal -offset indent
$ nixos-rebuild switch --specialisation your-specialisation-name
.Ed
.Pp
This command will build all specialisations and make them bootable just
like regular
.Ic nixos-rebuild switch
does \(em the only thing different is that it will switch to given
specialisation instead of the base system; it can be also used to switch from
the base system into a specialised one, or to switch between specialisations.
.
.It Cm boot
Build the new configuration and make it the boot default (as with
.Ic nixos-rebuild switch Ns
), but do not activate it. That is, the system continues to run the previous
configuration until the next reboot.
.
.It Cm test
Build and activate the new configuration, but do not add it to the GRUB
boot menu. Thus, if you reboot the system (or if it crashes), you will
automatically revert to the default configuration (i.e. the
configuration resulting from the last call to
.Ic nixos-rebuild switch
or
.Ic nixos-rebuild boot Ns
).
.Pp
Note that if you are using specialisations, running just
.Ic nixos-rebuild test
will activate the unspecialised, base system \(em in that case, you might want
to use this instead:
.Bd -literal -offset indent
$ nixos-rebuild test --specialisation your-specialisation-name
.Ed
.Pp
This command can be also used to switch from the base system into a
specialised one, or to switch between specialisations.
.
.It Cm build
Build the new configuration, but neither activate it nor add it to the
GRUB boot menu. It leaves a symlink named
.Pa result
in the current directory, which points to the output of the top-level
.Dq system
derivation. This is essentially the same as doing
.Bd -literal -offset indent
$ nix-build /path/to/nixpkgs/nixos -A system
.Ed
.Pp
Note that you do not need to be root to run
.Ic nixos-rebuild build Ns
\&.
.
.It Cm dry-build
Show what store paths would be built or downloaded by any of the
operations above, but otherwise do nothing.
.
.It Cm dry-activate
Build the new configuration, but instead of activating it, show what
changes would be performed by the activation (i.e. by
.Ic nixos-rebuild test Ns
). For instance, this command will print which systemd units would be restarted.
The list of changes is not guaranteed to be complete.
.
.It Cm edit
Opens
.Pa configuration.nix
in the default editor.
.
.It Cm build-vm
Build a script that starts a NixOS virtual machine with the desired
configuration. It leaves a symlink
.Pa result
in the current directory that points (under
.Ql result/bin/run\- Ns Va hostname Ns \-vm Ns
)
at the script that starts the VM. Thus, to test a NixOS configuration in
a virtual machine, you should do the following:
.Bd -literal -offset indent
$ nixos-rebuild build-vm
$ ./result/bin/run-*-vm
.Ed
.Pp
The VM is implemented using the
.Ql qemu
package. For best performance, you should load the
.Ql kvm-intel
or
.Ql kvm-amd
kernel modules to get hardware virtualisation.
.Pp
The VM mounts the Nix store of the host through the 9P file system. The
host Nix store is read-only, so Nix commands that modify the Nix store
will not work in the VM. This includes commands such as
.Nm Ns
; to change the VMs configuration, you must halt the VM and re-run the commands
above.
.Pp
The VM has its own ext3 root file system, which is automatically created when
the VM is first started, and is persistent across reboots of the VM. It is
stored in
.Ql ./ Ns Va hostname Ns .qcow2 Ns
\&.
.\" The entire file system hierarchy of the host is available in
.\" the VM under
.\" .Pa /hostfs Ns
.\" .
.
.It Cm build-vm-with-bootloader
Like
.Cm build-vm Ns
, but boots using the regular boot loader of your configuration (e.g. GRUB 1 or
2), rather than booting directly into the kernel and initial ramdisk of the
system. This allows you to test whether the boot loader works correctly. \
However, it does not guarantee that your NixOS configuration will boot
successfully on the host hardware (i.e., after running
.Ic nixos-rebuild switch Ns
), because the hardware and boot loader configuration in the VM are different.
The boot loader is installed on an automatically generated virtual disk
containing a
.Pa /boot
partition.
.El
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -upgrade , -upgrade-all
Update the root user's channel named
.Ql nixos
before rebuilding the system.
.Pp
In addition to the
.Ql nixos
channel, the root user's channels which have a file named
.Ql .update-on-nixos-rebuild
in their base directory will also be updated.
.Pp
Passing
.Fl -upgrade-all
updates all of the root user's channels.
.
.It Fl -install-bootloader
Causes the boot loader to be (re)installed on the device specified by the
relevant configuration options.
.
.It Fl -no-build-nix
Normally,
.Nm
first builds the
.Ql nixUnstable
attribute in Nixpkgs, and uses the resulting instance of the Nix package manager
to build the new system configuration. This is necessary if the NixOS modules
use features not provided by the currently installed version of Nix. This option
disables building a new Nix.
.
.It Fl -fast
Equivalent to
.Fl -no-build-nix Ns
\&. This option is useful if you call
.Nm
frequently (e.g. if youre hacking on a NixOS module).
.
.It Fl -rollback
Instead of building a new configuration as specified by
.Pa /etc/nixos/configuration.nix Ns
, roll back to the previous configuration. (The previous configuration is
defined as the one before the “current” generation of the Nix profile
.Pa /nix/var/nix/profiles/system Ns
\&.)
.
.It Fl -builders Ar builder-spec
Allow ad-hoc remote builders for building the new system. This requires
the user executing
.Nm
(usually root) to be configured as a trusted user in the Nix daemon. This can be
achieved by using the
.Va nix.settings.trusted-users
NixOS option. Examples values for that option are described in the
.Dq Remote builds
chapter in the Nix manual, (i.e.
.Ql --builders \(dqssh://bigbrother x86_64-linux\(dq Ns
). By specifying an empty string existing builders specified in
.Pa /etc/nix/machines
can be ignored:
.Ql --builders \(dq\(dq
for example when they are not reachable due to network connectivity.
.
.It Fl -profile-name Ar name , Fl p Ar name
Instead of using the Nix profile
.Pa /nix/var/nix/profiles/system
to keep track of the current and previous system configurations, use
.Pa /nix/var/nix/profiles/system-profiles/ Ns Va name Ns
\&. When you use GRUB 2, for every system profile created with this flag, NixOS
will create a submenu named
.Dq NixOS - Profile Va name
in GRUBs boot menu, containing the current and previous configurations of this profile.
.Pp
For instance, if you want to test a configuration file named
.Pa test.nix
without affecting the default system profile, you would do:
.Bd -literal -offset indent
$ nixos-rebuild switch -p test -I nixos-config=./test.nix
.Ed
.Pp
The new configuration will appear in the GRUB 2 submenu
.Dq NixOS - Profile 'test' Ns
\&.
.
.It Fl -specialisation Ar name , Fl c Ar name
Activates given specialisation; when not specified, switching and testing
will activate the base, unspecialised system.
.
.It Fl -build-host Ar host
Instead of building the new configuration locally, use the specified host
to perform the build. The host needs to be accessible with
.Ic ssh Ns ,
and must be able to perform Nix builds. If the option
.Fl -target-host
is not set, the build will be copied back to the local machine when done.
.Pp
Note that, if
.Fl -no-build-nix
is not specified, Nix will be built both locally and remotely. This is because
the configuration will always be evaluated locally even though the building
might be performed remotely.
.Pp
You can include a remote user name in the host name
.Ns ( Va user@host Ns
). You can also set ssh options by defining the
.Ev NIX_SSHOPTS
environment variable.
.
.It Fl -target-host Ar host
Specifies the NixOS target host. By setting this to something other than an
empty string, the system activation will happen on the remote host instead of
the local machine. The remote host needs to be accessible over
.Ic ssh Ns ,
and for the commands
.Cm switch Ns
,
.Cm boot
and
.Cm test
you need root access.
.Pp
If
.Fl -build-host
is not explicitly specified or empty, building will take place locally.
.Pp
You can include a remote user name in the host name
.Ns ( Va user@host Ns
). You can also set ssh options by defining the
.Ev NIX_SSHOPTS
environment variable.
.Pp
Note that
.Nm
honors the
.Va nixpkgs.crossSystem
setting of the given configuration but disregards the true architecture of the
target host. Hence the
.Va nixpkgs.crossSystem
setting has to match the target platform or else activation will fail.
.
.It Fl -use-substitutes
When set, nixos-rebuild will add
.Fl -use-substitutes
to each invocation of nix-copy-closure. This will only affect the behavior of
nixos-rebuild if
.Fl -target-host
or
.Fl -build-host
is also set. This is useful when the target-host connection to cache.nixos.org
is faster than the connection between hosts.
.
.It Fl -use-remote-sudo
When set, nixos-rebuild prefixes remote commands that run on the
.Fl -build-host
and
.Fl -target-host
systems with
.Ic sudo Ns
\&. Setting this option allows deploying as a non-root user.
.
.It Fl -flake Va flake-uri Ns Op Va #name
Build the NixOS system from the specified flake. It defaults to the directory
containing the target of the symlink
.Pa /etc/nixos/flake.nix Ns
, if it exists. The flake must contain an output named
.Ql nixosConfigurations. Ns Va name Ns
\&. If
.Va name
is omitted, it default to the current host name.
.
.It Fl -no-flake
Do not imply
.Fl -flake
if
.Pa /etc/nixos/flake.nix
exists. With this option, it is possible to build non-flake NixOS configurations
even if the current NixOS systems uses flakes.
.El
.Pp
In addition,
.Nm
accepts various Nix-related flags, including
.Fl -max-jobs Ns ,
.Fl j Ns ,
.Fl I Ns ,
.Fl -show-trace Ns ,
.Fl -keep-failed Ns ,
.Fl -keep-going Ns ,
.Fl -impure Ns ,
.Fl -verbose Ns , and
.Fl v Ns
\&. See the Nix manual for details.
.
.
.
.Sh ENVIRONMENT
.Bl -tag -width indent
.It Ev NIXOS_CONFIG
Path to the main NixOS configuration module. Defaults to
.Pa /etc/nixos/configuration.nix Ns
\&.
.
.It Ev NIX_PATH
A colon-separated list of directories used to look up Nix expressions enclosed
in angle brackets (e.g. <nixpkgs>). Example:
.Bd -literal -offset indent
nixpkgs=./my-nixpkgs
.Ed
.
.It Ev NIX_SSHOPTS
Additional options to be passed to
.Ic ssh
on the command line.
.El
.
.
.
.Sh FILES
.Bl -tag -width indent
.It Pa /etc/nixos/flake.nix
If this file exists, then
.Nm
will use it as if the
.Fl -flake
option was given. This file may be a symlink to a
.Pa flake.nix
in an actual flake; thus
.Pa /etc/nixos
need not be a flake.
.
.It Pa /run/current-system
A symlink to the currently active system configuration in the Nix store.
.
.It Pa /nix/var/nix/profiles/system
The Nix profile that contains the current and previous system
configurations. Used to generate the GRUB boot menu.
.El
.
.
.
.Sh BUGS
This command should be renamed to something more descriptive.
.
.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

View file

@ -0,0 +1,90 @@
.Dd January 1, 1980
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
.\" so we can use it as a groff/mandoc switch.
.ie ddoc-default-operating-system .Dt nixos-version \&8 "NixOS System Manager's Manual"
.el .Dt nixos-version 8
.Os NixOS
.Sh NAME
.Nm nixos-version
.Nd show the NixOS version
.
.
.
.Sh SYNOPSIS
.Nm nixos-version
.Op Fl -hash
.Op Fl -revision
.Op Fl -configuration-revision
.Op Fl -json
.
.
.
.Sh DESCRIPTION
This command shows the version of the currently active NixOS configuration. For example:
.Bd -literal -offset indent
$ nixos-version
16.03.1011.6317da4 (Emu)
.Ed
.
.Pp
The version consists of the following elements:
.Bl -tag -width indent
.It Ql 16.03
The NixOS release, indicating the year and month in which it was released
(e.g. March 2016).
.It Ql 1011
The number of commits in the Nixpkgs Git repository between the start of the
release branch and the commit from which this version was built. This ensures
that NixOS versions are monotonically increasing. It is
.Ql git
when the current NixOS configuration was built from a checkout of the Nixpkgs
Git repository rather than from a NixOS channel.
.It Ql 6317da4
The first 7 characters of the commit in the Nixpkgs Git repository from which
this version was built.
.It Ql Emu
The code name of the NixOS release. The first letter of the code name indicates
that this is the N'th stable NixOS release; for example, Emu is the fifth
release.
.El
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -hash , -revision
Show the full SHA1 hash of the Git commit from which this configuration was
built, e.g.
.Bd -literal -offset indent
$ nixos-version --hash
6317da40006f6bc2480c6781999c52d88dde2acf
.Ed
.
.It Fl -configuration-revision
Show the configuration revision if available. This could be the full SHA1 hash
of the Git commit of the system flake, if you add
.Bd -literal -offset indent
{ system.configurationRevision = self.rev or "dirty"; }
.Ed
.Pp
to the
.Ql modules
array of your flake.nix system configuration e.g.
.Bd -literal -offset indent
$ nixos-version --configuration-revision
aa314ebd1592f6cdd53cb5bba8bcae97d9323de8
.Ed
.
.It Fl -json
Print a JSON representation of the versions of NixOS and the top-level
configuration flake.
.El
.
.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

View file

@ -38,7 +38,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
- [QDMR](https://dm3mat.darc.de/qdmr/), a gui application and command line tool for programming cheap DMR radios [programs.qdmr](#opt-programs.qdmr.enable) - [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
- [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable). - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable).
@ -48,13 +48,17 @@ In addition to numerous new and upgraded packages, this release has the followin
- [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met. - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.
- [sharing](https://github.com/parvardegr/sharing), a command-line tool to share directories and files from the CLI to iOS and Android devices without the need of an extra client app. Available as [programs.sharing](#opt-programs.sharing.enable).
## Backward Incompatibilities {#sec-release-23.05-incompatibilities} ## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead. - `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead.
- `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust and go packages). - `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages).
- `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`.
- `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep). - `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep).
@ -97,6 +101,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name. - The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name.
- Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`.
- In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`. - In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`.
- The `--target-host` and `--build-host` options of `nixos-rebuild` no longer treat the `localhost` value specially to build on/deploy to local machine, omit the relevant flag. - The `--target-host` and `--build-host` options of `nixos-rebuild` no longer treat the `localhost` value specially to build on/deploy to local machine, omit the relevant flag.
@ -122,7 +128,17 @@ In addition to numerous new and upgraded packages, this release has the followin
- The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package) - The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package)
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follow: `services.openssh.kbdInteractiveAuthentication` to `services.openssh.settings.KbdInteractiveAuthentication`, `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`, `services.openssh.useDns` to `services.openssh.settings.UseDns`, `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`, `services.openssh.logLevel` to `services.openssh.settings.LogLevel`. - A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follows:
- `services.openssh.forwardX11` to `services.openssh.settings.X11Forwarding`
- `services.openssh.kbdInteractiveAuthentication` -> `services.openssh.settings.KbdInteractiveAuthentication`
- `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`
- `services.openssh.useDns` to `services.openssh.settings.UseDns`
- `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`
- `services.openssh.logLevel` to `services.openssh.settings.LogLevel`
- `services.openssh.kexAlgorithms` to `services.openssh.settings.KexAlgorithms`
- `services.openssh.macs` to `services.openssh.settings.Macs`
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables. - `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
@ -175,6 +191,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion. - `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
- Grafana Tempo has been updated to version 2.0. See the [upstream upgrade guide](https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations) for migration instructions.
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm). - A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically. - The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
@ -193,6 +211,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion). - [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion).
- Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays.
- `hip` has been separated into `hip`, `hip-common` and `hipcc`. - `hip` has been separated into `hip`, `hip-common` and `hipcc`.
- `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections. - `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections.
@ -203,12 +223,30 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)). - The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
- The `zramSwap` is now implemented with `zram-generator`, and the option `zramSwap.numDevices` for using ZRAM devices as general purpose ephemeral block devices has been removed.
- As Singularity has renamed to [Apptainer](https://apptainer.org/news/community-announcement-20211130)
to distinguish from [an un-renamed fork by Sylabs Inc.](https://sylabs.io/2021/05/singularity-community-edition),
there are now two packages of Singularity/Apptainer:
* `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming.
* `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc..
`programs.singularity` got a new `package` option to specify which package to use.
`singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use.
- The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`.
- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream. - The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream.
- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting. - The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
- [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package. - [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package.
- `tvbrowser-bin` was removed, and now `tvbrowser` is built from source.
- `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision - `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision
- The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path. - The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.
- The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed.

View file

@ -23,7 +23,7 @@ pkgs.releaseTools.makeSourceTarball {
cp -prd . ../$releaseName cp -prd . ../$releaseName
chmod -R u+w ../$releaseName chmod -R u+w ../$releaseName
ln -s . ../$releaseName/nixpkgs # hack to make <nixpkgs> work ln -s . ../$releaseName/nixpkgs # hack to make <nixpkgs> work
NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --xml \* > /dev/null NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --show-trace --xml \* > /dev/null
cd .. cd ..
chmod -R u+w $releaseName chmod -R u+w $releaseName
tar cfJ $out/tarballs/$releaseName.tar.xz $releaseName tar cfJ $out/tarballs/$releaseName.tar.xz $releaseName

View file

@ -78,7 +78,7 @@ let
title = args.title or null; title = args.title or null;
name = args.name or (lib.concatStringsSep "." args.path); name = args.name or (lib.concatStringsSep "." args.path);
in '' in ''
- [`${lib.optionalString (title != null) "${title} aka "}pkgs.${name}`]( - [${lib.optionalString (title != null) "${title} aka "}`pkgs.${name}`](
https://search.nixos.org/packages?show=${name}&sort=relevance&query=${name} https://search.nixos.org/packages?show=${name}&sort=relevance&query=${name}
)${ )${
lib.optionalString (args ? comment) "\n\n ${args.comment}" lib.optionalString (args ? comment) "\n\n ${args.comment}"

View file

@ -1,4 +1,4 @@
from contextlib import _GeneratorContextManager from contextlib import _GeneratorContextManager, nullcontext
from pathlib import Path from pathlib import Path
from queue import Queue from queue import Queue
from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple
@ -406,7 +406,6 @@ class Machine:
return rootlog.nested(msg, my_attrs) return rootlog.nested(msg, my_attrs)
def wait_for_monitor_prompt(self) -> str: def wait_for_monitor_prompt(self) -> str:
with self.nested("waiting for monitor prompt"):
assert self.monitor is not None assert self.monitor is not None
answer = "" answer = ""
while True: while True:
@ -420,7 +419,6 @@ class Machine:
def send_monitor_command(self, command: str) -> str: def send_monitor_command(self, command: str) -> str:
self.run_callbacks() self.run_callbacks()
with self.nested(f"sending monitor command: {command}"):
message = f"{command}\n".encode() message = f"{command}\n".encode()
assert self.monitor is not None assert self.monitor is not None
self.monitor.send(message) self.monitor.send(message)
@ -547,7 +545,7 @@ class Machine:
self.shell.send("echo ${PIPESTATUS[0]}\n".encode()) self.shell.send("echo ${PIPESTATUS[0]}\n".encode())
rc = int(self._next_newline_closed_block_from_shell().strip()) rc = int(self._next_newline_closed_block_from_shell().strip())
return (rc, output.decode()) return (rc, output.decode(errors="replace"))
def shell_interact(self, address: Optional[str] = None) -> None: def shell_interact(self, address: Optional[str] = None) -> None:
"""Allows you to interact with the guest shell for debugging purposes. """Allows you to interact with the guest shell for debugging purposes.
@ -685,9 +683,9 @@ class Machine:
retry(tty_matches) retry(tty_matches)
def send_chars(self, chars: str, delay: Optional[float] = 0.01) -> None: def send_chars(self, chars: str, delay: Optional[float] = 0.01) -> None:
with self.nested(f"sending keys '{chars}'"): with self.nested(f"sending keys {repr(chars)}"):
for char in chars: for char in chars:
self.send_key(char, delay) self.send_key(char, delay, log=False)
def wait_for_file(self, filename: str) -> None: def wait_for_file(self, filename: str) -> None:
"""Waits until the file exists in machine's file system.""" """Waits until the file exists in machine's file system."""
@ -860,8 +858,12 @@ class Machine:
if matches is not None: if matches is not None:
return return
def send_key(self, key: str, delay: Optional[float] = 0.01) -> None: def send_key(
self, key: str, delay: Optional[float] = 0.01, log: Optional[bool] = True
) -> None:
key = CHAR_TO_KEY.get(key, key) key = CHAR_TO_KEY.get(key, key)
context = self.nested(f"sending key {repr(key)}") if log else nullcontext()
with context:
self.send_monitor_command(f"sendkey {key}") self.send_monitor_command(f"sendkey {key}")
if delay is not None: if delay is not None:
time.sleep(delay) time.sleep(delay)

View file

@ -89,7 +89,7 @@ with lib;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).

View file

@ -46,8 +46,10 @@ with lib;
libextractor = super.libextractor.override { gtkSupport = false; }; libextractor = super.libextractor.override { gtkSupport = false; };
libva = super.libva-minimal; libva = super.libva-minimal;
limesuite = super.limesuite.override { withGui = false; }; limesuite = super.limesuite.override { withGui = false; };
mc = super.mc.override { x11Support = false; };
mpv-unwrapped = super.mpv-unwrapped.override { sdl2Support = false; x11Support = false; }; mpv-unwrapped = super.mpv-unwrapped.override { sdl2Support = false; x11Support = false; };
msmtp = super.msmtp.override { withKeyring = false; }; msmtp = super.msmtp.override { withKeyring = false; };
neofetch = super.neofetch.override { x11Support = false; };
networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; }; networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; };
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; }; networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; }; networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; };

View file

@ -15,7 +15,7 @@ let
in in
{ {
options.networking.stevenblack = { options.networking.stevenblack = {
enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist."); enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist");
block = mkOption { block = mkOption {
type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]); type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]);

View file

@ -1,45 +1,27 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.zramSwap; cfg = config.zramSwap;
devices = map (nr: "zram${toString nr}") (lib.range 0 (cfg.swapDevices - 1));
# don't set swapDevices as mkDefault, so we can detect user had read our warning
# (see below) and made an action (or not)
devicesCount = if cfg.swapDevices != null then cfg.swapDevices else cfg.numDevices;
devices = map (nr: "zram${toString nr}") (range 0 (devicesCount - 1));
modprobe = "${pkgs.kmod}/bin/modprobe";
warnings =
assert cfg.swapDevices != null -> cfg.numDevices >= cfg.swapDevices;
flatten [
(optional (cfg.numDevices > 1 && cfg.swapDevices == null) ''
Using several small zram devices as swap is no better than using one large.
Set either zramSwap.numDevices = 1 or explicitly set zramSwap.swapDevices.
Previously multiple zram devices were used to enable multithreaded
compression. Linux supports multithreaded compression for 1 device
since 3.15. See https://lkml.org/lkml/2014/2/28/404 for details.
'')
];
in in
{ {
imports = [
(lib.mkRemovedOptionModule [ "zramSwap" "numDevices" ] "Using ZRAM devices as general purpose ephemeral block devices is no longer supported")
];
###### interface ###### interface
options = { options = {
zramSwap = { zramSwap = {
enable = mkOption { enable = lib.mkOption {
default = false; default = false;
type = types.bool; type = lib.types.bool;
description = lib.mdDoc '' description = lib.mdDoc ''
Enable in-memory compressed devices and swap space provided by the zram Enable in-memory compressed devices and swap space provided by the zram
kernel module. kernel module.
@ -49,29 +31,17 @@ in
''; '';
}; };
numDevices = mkOption { swapDevices = lib.mkOption {
default = 1; default = 1;
type = types.int; type = lib.types.int;
description = lib.mdDoc '' description = lib.mdDoc ''
Number of zram devices to create. See also Number of zram devices to be used as swap, recommended is 1.
`zramSwap.swapDevices`
''; '';
}; };
swapDevices = mkOption { memoryPercent = lib.mkOption {
default = null;
example = 1;
type = with types; nullOr int;
description = lib.mdDoc ''
Number of zram devices to be used as swap. Must be
`<= zramSwap.numDevices`.
Default is same as `zramSwap.numDevices`, recommended is 1.
'';
};
memoryPercent = mkOption {
default = 50; default = 50;
type = types.int; type = lib.types.int;
description = lib.mdDoc '' description = lib.mdDoc ''
Maximum total amount of memory that can be stored in the zram swap devices Maximum total amount of memory that can be stored in the zram swap devices
(as a percentage of your total memory). Defaults to 1/2 of your total (as a percentage of your total memory). Defaults to 1/2 of your total
@ -80,9 +50,9 @@ in
''; '';
}; };
memoryMax = mkOption { memoryMax = lib.mkOption {
default = null; default = null;
type = with types; nullOr int; type = with lib.types; nullOr int;
description = lib.mdDoc '' description = lib.mdDoc ''
Maximum total amount of memory (in bytes) that can be stored in the zram Maximum total amount of memory (in bytes) that can be stored in the zram
swap devices. swap devices.
@ -90,9 +60,9 @@ in
''; '';
}; };
priority = mkOption { priority = lib.mkOption {
default = 5; default = 5;
type = types.int; type = lib.types.int;
description = lib.mdDoc '' description = lib.mdDoc ''
Priority of the zram swap devices. It should be a number higher than Priority of the zram swap devices. It should be a number higher than
the priority of your disk-based swap devices (so that the system will the priority of your disk-based swap devices (so that the system will
@ -100,10 +70,10 @@ in
''; '';
}; };
algorithm = mkOption { algorithm = lib.mkOption {
default = "zstd"; default = "zstd";
example = "lz4"; example = "lz4";
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str; type = with lib.types; either (enum [ "lzo" "lz4" "zstd" ]) str;
description = lib.mdDoc '' description = lib.mdDoc ''
Compression algorithm. `lzo` has good compression, Compression algorithm. `lzo` has good compression,
but is slow. `lz4` has bad compression, but is fast. but is slow. `lz4` has bad compression, but is fast.
@ -116,9 +86,7 @@ in
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
inherit warnings;
system.requiredKernelConfig = with config.lib.kernelConfig; [ system.requiredKernelConfig = with config.lib.kernelConfig; [
(isModule "ZRAM") (isModule "ZRAM")
@ -128,78 +96,25 @@ in
# once in stage 2 boot, and again when the zram-reloader service starts. # once in stage 2 boot, and again when the zram-reloader service starts.
# boot.kernelModules = [ "zram" ]; # boot.kernelModules = [ "zram" ];
boot.extraModprobeConfig = '' systemd.packages = [ pkgs.zram-generator ];
options zram num_devices=${toString cfg.numDevices} systemd.services."systemd-zram-setup@".path = [ pkgs.util-linux ]; # for mkswap
'';
boot.kernelParams = ["zram.num_devices=${toString cfg.numDevices}"]; environment.etc."systemd/zram-generator.conf".source =
(pkgs.formats.ini { }).generate "zram-generator.conf" (lib.listToAttrs
services.udev.extraRules = '' (builtins.map
KERNEL=="zram[0-9]*", ENV{SYSTEMD_WANTS}="zram-init-%k.service", TAG+="systemd" (dev: {
''; name = dev;
value =
systemd.services =
let let
createZramInitService = dev: size = "${toString cfg.memoryPercent} / 100 * ram";
nameValuePair "zram-init-${dev}" { in
description = "Init swap on zram-based device ${dev}";
after = [ "dev-${dev}.device" "zram-reloader.service" ];
requires = [ "dev-${dev}.device" "zram-reloader.service" ];
before = [ "dev-${dev}.swap" ];
requiredBy = [ "dev-${dev}.swap" ];
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.runtimeShell} -c 'echo 1 > /sys/class/block/${dev}/reset'";
};
script = ''
set -euo pipefail
# Calculate memory to use for zram
mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / {
value=int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024);
${lib.optionalString (cfg.memoryMax != null) ''
memory_max=int(${toString cfg.memoryMax}/${toString devicesCount});
if (value > memory_max) { value = memory_max }
''}
print value
}' /proc/meminfo)
${pkgs.util-linux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
${pkgs.util-linux}/sbin/mkswap /dev/${dev}
'';
restartIfChanged = false;
};
in listToAttrs ((map createZramInitService devices) ++ [(nameValuePair "zram-reloader"
{ {
description = "Reload zram kernel module when number of devices changes"; zram-size = if cfg.memoryMax != null then "min(${size}, ${toString cfg.memoryMax} / 1024 / 1024)" else size;
wants = [ "systemd-udevd.service" ]; compression-algorithm = cfg.algorithm;
after = [ "systemd-udevd.service" ]; swap-priority = cfg.priority;
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStartPre = "-${modprobe} -r zram";
ExecStart = "-${modprobe} zram";
ExecStop = "-${modprobe} -r zram";
}; };
restartTriggers = [ })
cfg.numDevices devices));
cfg.algorithm
cfg.memoryPercent
];
restartIfChanged = true;
})]);
swapDevices =
let
useZramSwap = dev:
{
device = "/dev/${dev}";
priority = cfg.priority;
};
in map useZramSwap devices;
}; };

View file

@ -21,7 +21,8 @@ let
pCfg = cfg.prime; pCfg = cfg.prime;
syncCfg = pCfg.sync; syncCfg = pCfg.sync;
offloadCfg = pCfg.offload; offloadCfg = pCfg.offload;
primeEnabled = syncCfg.enable || offloadCfg.enable; reverseSyncCfg = pCfg.reverseSync;
primeEnabled = syncCfg.enable || reverseSyncCfg.enable || offloadCfg.enable;
nvidiaPersistencedEnabled = cfg.nvidiaPersistenced; nvidiaPersistencedEnabled = cfg.nvidiaPersistenced;
nvidiaSettings = cfg.nvidiaSettings; nvidiaSettings = cfg.nvidiaSettings;
busIDType = types.strMatching "([[:print:]]+[\:\@][0-9]{1,3}\:[0-9]{1,2}\:[0-9])?"; busIDType = types.strMatching "([[:print:]]+[\:\@][0-9]{1,3}\:[0-9]{1,2}\:[0-9])?";
@ -31,7 +32,8 @@ in
imports = imports =
[ [
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "enable" ] [ "hardware" "nvidia" "prime" "sync" "enable" ]) (mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "enable" ] [ "hardware" "nvidia" "prime" "sync" "enable" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ]) (mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "nvidiaBusId" ] [ "hardware" "nvidia" "prime" "nvidiaBusId" ]) (mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "nvidiaBusId" ] [ "hardware" "nvidia" "prime" "nvidiaBusId" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "intelBusId" ] [ "hardware" "nvidia" "prime" "intelBusId" ]) (mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "intelBusId" ] [ "hardware" "nvidia" "prime" "intelBusId" ])
]; ];
@ -104,16 +106,17 @@ in
description = lib.mdDoc '' description = lib.mdDoc ''
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME.
If enabled, the NVIDIA GPU will be always on and used for all rendering, If enabled, the NVIDIA GPU will be always on and used for all rendering,
while enabling output to displays attached only to the integrated Intel GPU while enabling output to displays attached only to the integrated Intel/AMD
without a multiplexer. GPU without a multiplexer.
Note that this option only has any effect if the "nvidia" driver is specified Note that this option only has any effect if the "nvidia" driver is specified
in {option}`services.xserver.videoDrivers`, and it should preferably in {option}`services.xserver.videoDrivers`, and it should preferably
be the only driver there. be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
specified ({option}`hardware.nvidia.prime.nvidiaBusId` and be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
{option}`hardware.nvidia.prime.intelBusId`). {option}`hardware.nvidia.prime.intelBusId` or
{option}`hardware.nvidia.prime.amdgpuBusId`).
If you enable this, you may want to also enable kernel modesetting for the If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order
@ -125,11 +128,11 @@ in
''; '';
}; };
hardware.nvidia.prime.sync.allowExternalGpu = mkOption { hardware.nvidia.prime.allowExternalGpu = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc '' description = lib.mdDoc ''
Configure X to allow external NVIDIA GPUs when using optimus. Configure X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus.
''; '';
}; };
@ -139,9 +142,54 @@ in
description = lib.mdDoc '' description = lib.mdDoc ''
Enable render offload support using the NVIDIA proprietary driver via PRIME. Enable render offload support using the NVIDIA proprietary driver via PRIME.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
specified ({option}`hardware.nvidia.prime.nvidiaBusId` and be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
{option}`hardware.nvidia.prime.intelBusId`). {option}`hardware.nvidia.prime.intelBusId` or
{option}`hardware.nvidia.prime.amdgpuBusId`).
'';
};
hardware.nvidia.prime.offload.enableOffloadCmd = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Adds a `nvidia-offload` convenience script to {option}`environment.systemPackages`
for offloading programs to an nvidia device. To work, should have also enabled
{option}`hardware.nvidia.prime.offload.enable` or {option}`hardware.nvidia.prime.reverseSync.enable`.
Example usage `nvidia-offload sauerbraten_client`.
'';
};
hardware.nvidia.prime.reverseSync.enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Warning: This feature is relatively new, depending on your system this might
work poorly. AMD support, especially so.
See: https://forums.developer.nvidia.com/t/the-all-new-outputsink-feature-aka-reverse-prime/129828
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse
PRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while
enabling output to displays attached only to the NVIDIA GPU without a
multiplexer.
Note that this option only has any effect if the "nvidia" driver is specified
in {option}`services.xserver.videoDrivers`, and it should preferably
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
{option}`hardware.nvidia.prime.intelBusId` or
{option}`hardware.nvidia.prime.amdgpuBusId`).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order
to prevent tearing.
Note that this configuration will only be successful when a display manager
for which the {option}`services.xserver.displayManager.setupCommands`
option is supported is used.
''; '';
}; };
@ -205,6 +253,13 @@ in
''; '';
} }
{
assertion = offloadCfg.enableOffloadCmd -> offloadCfg.enable || reverseSyncCfg.enable;
message = ''
Offload command requires offloading or reverse prime sync to be enabled.
'';
}
{ {
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != ""); assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
message = '' message = ''
@ -217,9 +272,19 @@ in
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21."; message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
} }
{
assertion = (reverseSyncCfg.enable && pCfg.amdgpuBusId != "") -> versionAtLeast nvidia_x11.version "470.0";
message = "NVIDIA PRIME render offload for AMD APUs is currently only supported on versions >= 470 beta.";
}
{ {
assertion = !(syncCfg.enable && offloadCfg.enable); assertion = !(syncCfg.enable && offloadCfg.enable);
message = "Only one NVIDIA PRIME solution may be used at a time."; message = "PRIME Sync and Offload cannot be both enabled";
}
{
assertion = !(syncCfg.enable && reverseSyncCfg.enable);
message = "PRIME Sync and PRIME Reverse Sync cannot be both enabled";
} }
{ {
@ -257,8 +322,10 @@ in
# - Configure the display manager to run specific `xrandr` commands which will # - Configure the display manager to run specific `xrandr` commands which will
# configure/enable displays connected to the Intel iGPU / AMD APU. # configure/enable displays connected to the Intel iGPU / AMD APU.
services.xserver.drivers = let # reverse sync implies offloading
in optional primeEnabled { hardware.nvidia.prime.offload.enable = mkDefault reverseSyncCfg.enable;
services.xserver.drivers = optional primeEnabled {
name = igpuDriver; name = igpuDriver;
display = offloadCfg.enable; display = offloadCfg.enable;
modules = optionals (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ]; modules = optionals (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ];
@ -273,7 +340,7 @@ in
deviceSection = optionalString primeEnabled deviceSection = optionalString primeEnabled
'' ''
BusID "${pCfg.nvidiaBusId}" BusID "${pCfg.nvidiaBusId}"
${optionalString syncCfg.allowExternalGpu "Option \"AllowExternalGpus\""} ${optionalString pCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
''; '';
screenSection = screenSection =
'' ''
@ -290,19 +357,22 @@ in
services.xserver.serverLayoutSection = optionalString syncCfg.enable '' services.xserver.serverLayoutSection = optionalString syncCfg.enable ''
Inactive "Device-${igpuDriver}[0]" Inactive "Device-${igpuDriver}[0]"
'' + optionalString reverseSyncCfg.enable ''
Inactive "Device-nvidia[0]"
'' + optionalString offloadCfg.enable '' '' + optionalString offloadCfg.enable ''
Option "AllowNVIDIAGPUScreens" Option "AllowNVIDIAGPUScreens"
''; '';
services.xserver.displayManager.setupCommands = let services.xserver.displayManager.setupCommands = let
sinkGpuProviderName = if igpuDriver == "amdgpu" then gpuProviderName = if igpuDriver == "amdgpu" then
# find the name of the provider if amdgpu # find the name of the provider if amdgpu
"`${pkgs.xorg.xrandr}/bin/xrandr --listproviders | ${pkgs.gnugrep}/bin/grep -i AMD | ${pkgs.gnused}/bin/sed -n 's/^.*name://p'`" "`${pkgs.xorg.xrandr}/bin/xrandr --listproviders | ${pkgs.gnugrep}/bin/grep -i AMD | ${pkgs.gnused}/bin/sed -n 's/^.*name://p'`"
else else
igpuDriver; igpuDriver;
in optionalString syncCfg.enable '' providerCmdParams = if syncCfg.enable then "\"${gpuProviderName}\" NVIDIA-0" else "NVIDIA-G0 \"${gpuProviderName}\"";
in optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
# Added by nvidia configuration module for Optimus/PRIME. # Added by nvidia configuration module for Optimus/PRIME.
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource "${sinkGpuProviderName}" NVIDIA-0 ${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource ${providerCmdParams}
${pkgs.xorg.xrandr}/bin/xrandr --auto ${pkgs.xorg.xrandr}/bin/xrandr --auto
''; '';
@ -325,7 +395,16 @@ in
environment.systemPackages = [ nvidia_x11.bin ] environment.systemPackages = [ nvidia_x11.bin ]
++ optionals cfg.nvidiaSettings [ nvidia_x11.settings ] ++ optionals cfg.nvidiaSettings [ nvidia_x11.settings ]
++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ]; ++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ]
++ optionals offloadCfg.enableOffloadCmd [
(pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
'')
];
systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out; systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out;

View file

@ -217,7 +217,7 @@ in
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).

View file

@ -510,6 +510,7 @@ in
#seeks = 148; # removed 2020-06-21 #seeks = 148; # removed 2020-06-21
prosody = 149; prosody = 149;
i2pd = 150; i2pd = 150;
systemd-coredump = 151;
systemd-network = 152; systemd-network = 152;
systemd-resolve = 153; systemd-resolve = 153;
systemd-timesync = 154; systemd-timesync = 154;

View file

@ -130,7 +130,7 @@ in
to be compatible. The effect is that NixOS will use to be compatible. The effect is that NixOS will use
defaults corresponding to the specified release (such as using defaults corresponding to the specified release (such as using
an older version of PostgreSQL). an older version of PostgreSQL).
Its perfectly fine and recommended to leave this value at the Its perfectly fine and recommended to leave this value at the
release version of the first install of this system. release version of the first install of this system.
Changing this option will not upgrade your system. In fact it Changing this option will not upgrade your system. In fact it
is meant to stay constant exactly when you upgrade your system. is meant to stay constant exactly when you upgrade your system.

View file

@ -195,6 +195,7 @@
./programs/mdevctl.nix ./programs/mdevctl.nix
./programs/mepo.nix ./programs/mepo.nix
./programs/mininet.nix ./programs/mininet.nix
./programs/miriway.nix
./programs/mosh.nix ./programs/mosh.nix
./programs/msmtp.nix ./programs/msmtp.nix
./programs/mtr.nix ./programs/mtr.nix
@ -222,6 +223,7 @@
./programs/seahorse.nix ./programs/seahorse.nix
./programs/sedutil.nix ./programs/sedutil.nix
./programs/shadow.nix ./programs/shadow.nix
./programs/sharing.nix
./programs/singularity.nix ./programs/singularity.nix
./programs/skim.nix ./programs/skim.nix
./programs/slock.nix ./programs/slock.nix
@ -696,6 +698,7 @@
./services/monitoring/arbtt.nix ./services/monitoring/arbtt.nix
./services/monitoring/bosun.nix ./services/monitoring/bosun.nix
./services/monitoring/cadvisor.nix ./services/monitoring/cadvisor.nix
./services/monitoring/cockpit.nix
./services/monitoring/collectd.nix ./services/monitoring/collectd.nix
./services/monitoring/das_watchdog.nix ./services/monitoring/das_watchdog.nix
./services/monitoring/datadog-agent.nix ./services/monitoring/datadog-agent.nix
@ -1364,6 +1367,7 @@
./virtualisation/lxc.nix ./virtualisation/lxc.nix
./virtualisation/lxcfs.nix ./virtualisation/lxcfs.nix
./virtualisation/lxd.nix ./virtualisation/lxd.nix
./virtualisation/multipass.nix
./virtualisation/nixos-containers.nix ./virtualisation/nixos-containers.nix
./virtualisation/oci-containers.nix ./virtualisation/oci-containers.nix
./virtualisation/openstack-options.nix ./virtualisation/openstack-options.nix

View file

@ -28,7 +28,7 @@ with lib;
k3b k3b
dvdplusrwtools dvdplusrwtools
cdrdao cdrdao
cdrkit cdrtools
]; ];
security.wrappers = { security.wrappers = {
@ -44,7 +44,7 @@ with lib;
owner = "root"; owner = "root";
group = "cdrom"; group = "cdrom";
permissions = "u+wrx,g+x"; permissions = "u+wrx,g+x";
source = "${pkgs.cdrkit}/bin/cdrecord"; source = "${pkgs.cdrtools}/bin/cdrecord";
}; };
}; };

View file

@ -0,0 +1,60 @@
{ config, pkgs, lib, ... }:
let
cfg = config.programs.miriway;
in {
options.programs.miriway = {
enable = lib.mkEnableOption (lib.mdDoc ''
Miriway, a Mir based Wayland compositor. You can manually launch Miriway by
executing "exec miriway" on a TTY, or launch it from a display manager. Copy
/etc/xdg/xdg-miriway/miriway-shell.config to ~/.config/miriway-shell.config
to modify the default configuration. See <https://github.com/Miriway/Miriway>,
and "miriway --help" for more information'');
config = lib.mkOption {
type = lib.types.lines;
default = ''
x11-window-title=Miriway (Mir-on-X)
idle-timeout=600
ctrl-alt=t:miriway-terminal # Default "terminal emulator finder"
shell-component=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
'';
example = ''
idle-timeout=300
ctrl-alt=t:weston-terminal
add-wayland-extensions=all
shell-components=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
shell-component=waybar
shell-component=wbg Pictures/wallpaper
shell-meta=a:synapse
'';
description = lib.mdDoc ''
Miriway's config. This will be installed system-wide.
The default will install the miriway package's barebones example config.
'';
};
};
config = lib.mkIf cfg.enable {
environment = {
systemPackages = [ pkgs.miriway ];
etc = {
"xdg/xdg-miriway/miriway-shell.config".text = cfg.config;
};
};
hardware.opengl.enable = lib.mkDefault true;
fonts.enableDefaultFonts = lib.mkDefault true;
programs.dconf.enable = lib.mkDefault true;
programs.xwayland.enable = lib.mkDefault true;
# To make the Miriway session available if a display manager like SDDM is enabled:
services.xserver.displayManager.sessionPackages = [ pkgs.miriway ];
};
meta.maintainers = with lib.maintainers; [ OPNA2608 ];
}

View file

@ -86,7 +86,7 @@ in {
description = lib.mdDoc "Proxy DNS requests - no leak for DNS data."; description = lib.mdDoc "Proxy DNS requests - no leak for DNS data.";
}; };
quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library)."); quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library)");
remoteDNSSubnet = mkOption { remoteDNSSubnet = mkOption {
type = types.enum [ 10 127 224 ]; type = types.enum [ 10 127 224 ];

View file

@ -20,6 +20,6 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
services.udev.packages = [ cfg.package ]; services.udev.packages = [ cfg.package ];
users.groups.wireshark = {}; users.groups.dialout = {};
}; };
} }

View file

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }:
with lib;
{
options.programs.sharing = {
enable = mkEnableOption (lib.mdDoc ''
sharing, a CLI tool for sharing files.
Note that it will opens the 7478 port for TCP in the firewall, which is needed for it to function properly
'');
};
config =
let
cfg = config.programs.sharing;
in
mkIf cfg.enable {
environment.systemPackages = [ pkgs.sharing ];
networking.firewall.allowedTCPPorts = [ 7478 ];
};
}

View file

@ -3,31 +3,89 @@
with lib; with lib;
let let
cfg = config.programs.singularity; cfg = config.programs.singularity;
singularity = pkgs.singularity.overrideAttrs (attrs : { in
installPhase = attrs.installPhase + '' {
mv $out/libexec/singularity/bin/starter-suid $out/libexec/singularity/bin/starter-suid.orig
ln -s /run/wrappers/bin/singularity-suid $out/libexec/singularity/bin/starter-suid
'';
});
in {
options.programs.singularity = { options.programs.singularity = {
enable = mkEnableOption (lib.mdDoc "Singularity"); enable = mkEnableOption (mdDoc "singularity") // {
description = mdDoc ''
Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
'';
};
package = mkOption {
type = types.package;
default = pkgs.singularity;
defaultText = literalExpression "pkgs.singularity";
example = literalExpression "pkgs.apptainer";
description = mdDoc ''
Singularity/Apptainer package to override and install.
'';
};
packageOverriden = mkOption {
type = types.nullOr types.package;
default = null;
description = mdDoc ''
This option provides access to the overriden result of `programs.singularity.package`.
For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`:
```Nix
{ config, lib, pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
_singularity-orig = prev.singularity;
singularity = config.programs.singularity.packageOverriden;
})
];
programs.singularity.enable = true;
programs.singularity.package = pkgs._singularity-orig;
}
```
Use `lib.mkForce` to forcefully specify the overriden package.
'';
};
enableFakeroot = mkOption {
type = types.bool;
default = true;
example = false;
description = mdDoc ''
Whether to enable the `--fakeroot` support of Singularity/Apptainer.
'';
};
enableSuid = mkOption {
type = types.bool;
default = true;
example = false;
description = mdDoc ''
Whether to enable the SUID support of Singularity/Apptainer.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ singularity ]; programs.singularity.packageOverriden = (cfg.package.override (
security.wrappers.singularity-suid = optionalAttrs cfg.enableFakeroot {
{ setuid = true; newuidmapPath = "/run/wrappers/bin/newuidmap";
newgidmapPath = "/run/wrappers/bin/newgidmap";
} // optionalAttrs cfg.enableSuid {
enableSuid = true;
starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid";
}
));
environment.systemPackages = [ cfg.packageOverriden ];
security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid {
setuid = true;
owner = "root"; owner = "root";
group = "root"; group = "root";
source = "${singularity}/libexec/singularity/bin/starter-suid.orig"; source = "${cfg.packageOverriden}/libexec/${cfg.packageOverriden.projectName}/bin/starter-suid.orig";
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/singularity/mnt/session 0770 root root -" "d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -"
"d /var/singularity/mnt/final 0770 root root -" "d /var/lib/${cfg.packageOverriden.projectName}/mnt/final 0770 root root -"
"d /var/singularity/mnt/overlay 0770 root root -" "d /var/lib/${cfg.packageOverriden.projectName}/mnt/overlay 0770 root root -"
"d /var/singularity/mnt/container 0770 root root -" "d /var/lib/${cfg.packageOverriden.projectName}/mnt/container 0770 root root -"
"d /var/singularity/mnt/source 0770 root root -" "d /var/lib/${cfg.packageOverriden.projectName}/mnt/source 0770 root root -"
]; ];
}; };

View file

@ -282,7 +282,7 @@ in
config = { config = {
programs.ssh.setXAuthLocation = programs.ssh.setXAuthLocation =
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.forwardX11); mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.settings.X11Forwarding);
assertions = assertions =
[ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation; [ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;

View file

@ -26,7 +26,7 @@ let
}; };
}; };
swayPackage = pkgs.sway.override { defaultSwayPackage = pkgs.sway.override {
extraSessionCommands = cfg.extraSessionCommands; extraSessionCommands = cfg.extraSessionCommands;
extraOptions = cfg.extraOptions; extraOptions = cfg.extraOptions;
withBaseWrapper = cfg.wrapperFeatures.base; withBaseWrapper = cfg.wrapperFeatures.base;
@ -42,6 +42,19 @@ in {
<https://github.com/swaywm/sway/wiki> and <https://github.com/swaywm/sway/wiki> and
"man 5 sway" for more information''); "man 5 sway" for more information'');
package = mkOption {
type = with types; nullOr package;
default = defaultSwayPackage;
defaultText = literalExpression "pkgs.sway";
description = lib.mdDoc ''
Sway package to use. Will override the options
'wrapperFeatures', 'extraSessionCommands', and 'extraOptions'.
Set to <code>null</code> to not add any Sway package to your
path. This should be done if you want to use the Home Manager Sway
module to install Sway.
'';
};
wrapperFeatures = mkOption { wrapperFeatures = mkOption {
type = wrapperOptions; type = wrapperOptions;
default = { }; default = { };
@ -121,16 +134,17 @@ in {
} }
]; ];
environment = { environment = {
systemPackages = [ swayPackage ] ++ cfg.extraPackages; systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages;
# Needed for the default wallpaper: # Needed for the default wallpaper:
pathsToLink = [ "/share/backgrounds/sway" ]; pathsToLink = optionals (cfg.package != null) [ "/share/backgrounds/sway" ];
etc = { etc = {
"sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config";
"sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" '' "sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" ''
# Import the most important environment variables into the D-Bus and systemd # Import the most important environment variables into the D-Bus and systemd
# user environments (e.g. required for screen sharing and Pinentry prompts): # user environments (e.g. required for screen sharing and Pinentry prompts):
exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP
''; '';
} // optionalAttrs (cfg.package != null) {
"sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config";
}; };
}; };
security.polkit.enable = true; security.polkit.enable = true;
@ -139,7 +153,7 @@ in {
fonts.enableDefaultFonts = mkDefault true; fonts.enableDefaultFonts = mkDefault true;
programs.dconf.enable = mkDefault true; programs.dconf.enable = mkDefault true;
# To make a Sway session available if a display manager like SDDM is enabled: # To make a Sway session available if a display manager like SDDM is enabled:
services.xserver.displayManager.sessionPackages = [ swayPackage ]; services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ];
programs.xwayland.enable = mkDefault true; programs.xwayland.enable = mkDefault true;
# For screen sharing (this option only has an effect with xdg.portal.enable): # For screen sharing (this option only has an effect with xdg.portal.enable):
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ]; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ];

View file

@ -14,7 +14,7 @@ in
security.polkit.enable = mkEnableOption (lib.mdDoc "polkit"); security.polkit.enable = mkEnableOption (lib.mdDoc "polkit");
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions."); security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions");
security.polkit.extraConfig = mkOption { security.polkit.extraConfig = mkOption {
type = types.lines; type = types.lines;

View file

@ -9,7 +9,7 @@ let
in { in {
options = { options = {
services.zfs.autoReplication = { services.zfs.autoReplication = {
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication."); enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication");
followDelete = mkOption { followDelete = mkOption {
description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent."; description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent.";

View file

@ -62,7 +62,7 @@ in
''; '';
}; };
enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager."); enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager");
}; };
###### implementation ###### implementation

View file

@ -146,7 +146,7 @@ in
default = "unix:///run/containerd/containerd.sock"; default = "unix:///run/containerd/containerd.sock";
}; };
enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet."); enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet");
extraOpts = mkOption { extraOpts = mkOption {
description = lib.mdDoc "Kubernetes kubelet extra command line options."; description = lib.mdDoc "Kubernetes kubelet extra command line options.";

View file

@ -383,7 +383,7 @@ in
"d /var/spool/slurmd 755 root root -" "d /var/spool/slurmd 755 root root -"
]; ];
services.openssh.forwardX11 = mkIf cfg.client.enable (mkDefault true); services.openssh.settings.X11Forwarding = mkIf cfg.client.enable (mkDefault true);
systemd.services.slurmctld = mkIf (cfg.server.enable) { systemd.services.slurmctld = mkIf (cfg.server.enable) {
path = with pkgs; [ wrappedSlurm munge coreutils ] path = with pkgs; [ wrappedSlurm munge coreutils ]

View file

@ -27,7 +27,7 @@ with lib;
options = { options = {
services.gnome.evolution-data-server = { services.gnome.evolution-data-server = {
enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars."); enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars");
plugins = mkOption { plugins = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = [ ]; default = [ ];
@ -35,7 +35,7 @@ with lib;
}; };
}; };
programs.evolution = { programs.evolution = {
enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality."); enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality");
plugins = mkOption { plugins = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = [ ]; default = [ ];

View file

@ -28,7 +28,7 @@ in
options = { options = {
services.zammad = { services.zammad = {
enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution."); enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution");
package = mkOption { package = mkOption {
type = types.package; type = types.package;

View file

@ -54,7 +54,7 @@ in
default = 0; default = 0;
description = lib.mdDoc "Set debug log level."; description = lib.mdDoc "Set debug log level.";
}; };
options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends."); options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends");
options.Guests = mkEnableOption (lib.mdDoc "guests to login if auth is enabled"); options.Guests = mkEnableOption (lib.mdDoc "guests to login if auth is enabled");
options.Newusers = mkEnableOption (lib.mdDoc "new users to login if auth is enabled"); options.Newusers = mkEnableOption (lib.mdDoc "new users to login if auth is enabled");
options.port = mkOption { options.port = mkOption {

View file

@ -19,7 +19,7 @@ in
services.udisks2 = { services.udisks2 = {
enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices."); enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices");
settings = mkOption rec { settings = mkOption rec {
type = types.attrsOf settingsFormat.type; type = types.attrsOf settingsFormat.type;

View file

@ -171,11 +171,11 @@ in
options.services.dovecot2 = { options.services.dovecot2 = {
enable = mkEnableOption (lib.mdDoc "the dovecot 2.x POP3/IMAP server"); enable = mkEnableOption (lib.mdDoc "the dovecot 2.x POP3/IMAP server");
enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled)."); enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled)");
enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled).") // { default = true; }; enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled)") // { default = true; };
enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled)."); enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled)");
protocols = mkOption { protocols = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
@ -300,9 +300,9 @@ in
description = lib.mdDoc "Path to the server's private key."; description = lib.mdDoc "Path to the server's private key.";
}; };
enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins.") // { default = true; }; enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins") // { default = true; };
enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange.") // { default = true; }; enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange") // { default = true; };
sieveScripts = mkOption { sieveScripts = mkOption {
type = types.attrsOf types.path; type = types.attrsOf types.path;
@ -310,7 +310,7 @@ in
description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc."; description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
}; };
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW)."); showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW)");
mailboxes = mkOption { mailboxes = mkOption {
type = with types; coercedTo type = with types; coercedTo
@ -326,7 +326,7 @@ in
description = lib.mdDoc "Configure mailboxes and auto create or subscribe them."; description = lib.mdDoc "Configure mailboxes and auto create or subscribe them.";
}; };
enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service."); enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service");
quotaPort = mkOption { quotaPort = mkOption {
type = types.str; type = types.str;

View file

@ -150,9 +150,13 @@ in
root = cfg.package; root = cfg.package;
index = "index.php"; index = "index.php";
extraConfig = '' extraConfig = ''
location ~* \.php$ { location ~* \.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm.socket}; fastcgi_pass unix:${fpm.socket};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include ${config.services.nginx.package}/conf/fastcgi_params; include ${config.services.nginx.package}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf; include ${pkgs.nginx}/conf/fastcgi.conf;
} }

View file

@ -8,7 +8,7 @@ in
{ {
options = { options = {
services.atuin = { services.atuin = {
enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin."); enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin");
openRegistration = mkOption { openRegistration = mkOption {
type = types.bool; type = types.bool;

View file

@ -6,7 +6,7 @@ let cfg = config.services.input-remapper; in
{ {
options = { options = {
services.input-remapper = { services.input-remapper = {
enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons."); enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons");
package = mkPackageOptionMD pkgs "input-remapper" { }; package = mkPackageOptionMD pkgs "input-remapper" { };
enableUdevRules = mkEnableOption (lib.mdDoc "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140"); enableUdevRules = mkEnableOption (lib.mdDoc "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140");
serviceWantedBy = mkOption { serviceWantedBy = mkOption {

View file

@ -85,7 +85,7 @@ in
WorkingDirectory = libDir; WorkingDirectory = libDir;
SyslogIdentifier = "pykms"; SyslogIdentifier = "pykms";
Restart = "on-failure"; Restart = "on-failure";
MemoryLimit = cfg.memoryLimit; MemoryMax = cfg.memoryLimit;
}; };
}; };
}; };

View file

@ -438,7 +438,7 @@ in
}; };
options."lists.sr.ht" = commonServiceSettings "lists" // { options."lists.sr.ht" = commonServiceSettings "lists" // {
allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists."); allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists");
notify-from = mkOption { notify-from = mkOption {
description = lib.mdDoc "Outgoing email for notifications generated by users."; description = lib.mdDoc "Outgoing email for notifications generated by users.";
type = types.str; type = types.str;

View file

@ -123,7 +123,7 @@ in {
${escapeShellArgs cfg.extraOptions} \ ${escapeShellArgs cfg.extraOptions} \
${optionalString (cfg.storageDriver != null) '' ${optionalString (cfg.storageDriver != null) ''
-storage_driver "${cfg.storageDriver}" \ -storage_driver "${cfg.storageDriver}" \
-storage_driver_user "${cfg.storageDriverHost}" \ -storage_driver_host "${cfg.storageDriverHost}" \
-storage_driver_db "${cfg.storageDriverDb}" \ -storage_driver_db "${cfg.storageDriverDb}" \
-storage_driver_user "${cfg.storageDriverUser}" \ -storage_driver_user "${cfg.storageDriverUser}" \
-storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \ -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \

View file

@ -0,0 +1,231 @@
{ pkgs, config, lib, ... }:
let
cfg = config.services.cockpit;
inherit (lib) types mkEnableOption mkOption mkIf mdDoc literalMD mkPackageOptionMD;
settingsFormat = pkgs.formats.ini {};
in {
options = {
services.cockpit = {
enable = mkEnableOption (mdDoc "Cockpit");
package = mkPackageOptionMD pkgs "Cockpit" {
default = [ "cockpit" ];
};
settings = lib.mkOption {
type = settingsFormat.type;
default = {};
description = mdDoc ''
Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf.
See the [documentation](https://cockpit-project.org/guide/latest/cockpit.conf.5.html), that is also available with `man cockpit.conf.5` for details.
'';
};
port = mkOption {
description = mdDoc "Port where cockpit will listen.";
type = types.port;
default = 9090;
};
openFirewall = mkOption {
description = mdDoc "Open port for cockpit.";
type = types.bool;
default = false;
};
};
};
config = mkIf cfg.enable {
# expose cockpit-bridge system-wide
environment.systemPackages = [ cfg.package ];
# allow cockpit to find its plugins
environment.pathsToLink = [ "/share/cockpit" ];
# generate cockpit settings
environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings;
security.pam.services.cockpit = {};
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
# units are in reverse sort order if you ls $out/lib/systemd/system
# all these units are basically verbatim translated from upstream
# Translation from $out/lib/systemd/system/systemd-cockpithttps.slice
systemd.slices.system-cockpithttps = {
description = "Resource limits for all cockpit-ws-https@.service instances";
sliceConfig = {
TasksMax = 200;
MemoryHigh = "75%";
MemoryMax = "90%";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.socket
systemd.sockets."cockpit-wsinstance-https@" = {
unitConfig = {
Description = "Socket for Cockpit Web Service https instance %I";
BindsTo = [ "cockpit.service" "cockpit-wsinstance-https@%i.service" ];
# clean up the socket after the service exits, to prevent fd leak
# this also effectively prevents a DoS by starting arbitrarily many sockets, as
# the services are resource-limited by system-cockpithttps.slice
Documentation = "man:cockpit-ws(8)";
};
socketConfig = {
ListenStream = "/run/cockpit/wsinstance/https@%i.sock";
SocketUser = "root";
SocketMode = "0600";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.service
systemd.services."cockpit-wsinstance-https@" = {
description = "Cockpit Web Service https instance %I";
bindsTo = [ "cockpit.service"];
path = [ cfg.package ];
documentation = [ "man:cockpit-ws(8)" ];
serviceConfig = {
Slice = "system-cockpithttps.slice";
ExecStart = "${cfg.package}/libexec/cockpit-ws --for-tls-proxy --port=0";
User = "root";
Group = "";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.socket
systemd.sockets.cockpit-wsinstance-http = {
unitConfig = {
Description = "Socket for Cockpit Web Service http instance";
BindsTo = "cockpit.service";
Documentation = "man:cockpit-ws(8)";
};
socketConfig = {
ListenStream = "/run/cockpit/wsinstance/http.sock";
SocketUser = "root";
SocketMode = "0600";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory.socket
systemd.sockets.cockpit-wsinstance-https-factory = {
unitConfig = {
Description = "Socket for Cockpit Web Service https instance factory";
BindsTo = "cockpit.service";
Documentation = "man:cockpit-ws(8)";
};
socketConfig = {
ListenStream = "/run/cockpit/wsinstance/https-factory.sock";
Accept = true;
SocketUser = "root";
SocketMode = "0600";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory@.service
systemd.services."cockpit-wsinstance-https-factory@" = {
description = "Cockpit Web Service https instance factory";
documentation = [ "man:cockpit-ws(8)" ];
path = [ cfg.package ];
serviceConfig = {
ExecStart = "${cfg.package}/libexec/cockpit-wsinstance-factory";
User = "root";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.service
systemd.services."cockpit-wsinstance-http" = {
description = "Cockpit Web Service http instance";
bindsTo = [ "cockpit.service" ];
path = [ cfg.package ];
documentation = [ "man:cockpit-ws(8)" ];
serviceConfig = {
ExecStart = "${cfg.package}/libexec/cockpit-ws --no-tls --port=0";
User = "root";
Group = "";
};
};
# Translation from $out/lib/systemd/system/cockpit.socket
systemd.sockets."cockpit" = {
unitConfig = {
Description = "Cockpit Web Service Socket";
Documentation = "man:cockpit-ws(8)";
Wants = "cockpit-motd.service";
};
socketConfig = {
ListenStream = cfg.port;
ExecStartPost = [
"-${cfg.package}/share/cockpit/motd/update-motd \"\" localhost"
"-${pkgs.coreutils}/bin/ln -snf active.motd /run/cockpit/motd"
];
ExecStopPost = "-${pkgs.coreutils}/bin/ln -snf inactive.motd /run/cockpit/motd";
};
wantedBy = [ "sockets.target" ];
};
# Translation from $out/lib/systemd/system/cockpit.service
systemd.services."cockpit" = {
description = "Cockpit Web Service";
documentation = [ "man:cockpit-ws(8)" ];
restartIfChanged = true;
path = with pkgs; [ coreutils cfg.package ];
requires = [ "cockpit.socket" "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
after = [ "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
environment = {
G_MESSAGES_DEBUG = "cockpit-ws,cockpit-bridge";
};
serviceConfig = {
RuntimeDirectory="cockpit/tls";
ExecStartPre = [
# cockpit-tls runs in a more constrained environment, these + means that these commands
# will run with full privilege instead of inside that constrained environment
# See https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= for details
"+${cfg.package}/libexec/cockpit-certificate-ensure --for-cockpit-tls"
];
ExecStart = "${cfg.package}/libexec/cockpit-tls";
User = "root";
Group = "";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
MemoryDenyWriteExecute = true;
};
};
# Translation from $out/lib/systemd/system/cockpit-motd.service
# This part basically implements a motd state machine:
# - If cockpit.socket is enabled then /run/cockpit/motd points to /run/cockpit/active.motd
# - If cockpit.socket is disabled then /run/cockpit/motd points to /run/cockpit/inactive.motd
# - As cockpit.socket is disabled by default, /run/cockpit/motd points to /run/cockpit/inactive.motd
# /run/cockpit/active.motd is generated dynamically by cockpit-motd.service
systemd.services."cockpit-motd" = {
path = with pkgs; [ nettools ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/share/cockpit/motd/update-motd";
};
description = "Cockpit motd updater service";
documentation = [ "man:cockpit-ws(8)" ];
wants = [ "network.target" ];
after = [ "network.target" "cockpit.socket" ];
};
systemd.tmpfiles.rules = [ # From $out/lib/tmpfiles.d/cockpit-tmpfiles.conf
"C /run/cockpit/inactive.motd 0640 root root - ${cfg.package}/share/cockpit/motd/inactive.motd"
"f /run/cockpit/active.motd 0640 root root -"
"L+ /run/cockpit/motd - - - - inactive.motd"
"d /etc/cockpit/ws-certs.d 0600 root root 0"
];
};
meta.maintainers = pkgs.cockpit.meta.maintainers;
}

View file

@ -11,7 +11,7 @@ in {
# the upstream package runs as root, but doesn't seem to be strictly # the upstream package runs as root, but doesn't seem to be strictly
# necessary for basic functionality # necessary for basic functionality
runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root."); runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root");
autoRetirement = mkEnableOption (lib.mdDoc '' autoRetirement = mkEnableOption (lib.mdDoc ''
Whether to automatically retire the host upon OS shutdown. Whether to automatically retire the host upon OS shutdown.

View file

@ -6,6 +6,11 @@ let
cfg = config.services.prometheus.exporters.pihole; cfg = config.services.prometheus.exporters.pihole;
in in
{ {
imports = [
(mkRemovedOptionModule [ "interval"] "This option has been removed.")
({ options.warnings = options.warnings; options.assertions = options.assertions; })
];
port = 9617; port = 9617;
extraOpts = { extraOpts = {
apiToken = mkOption { apiToken = mkOption {
@ -13,15 +18,7 @@ in
default = ""; default = "";
example = "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003"; example = "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003";
description = lib.mdDoc '' description = lib.mdDoc ''
pi-hole API token which can be used instead of a password Pi-Hole API token which can be used instead of a password
'';
};
interval = mkOption {
type = types.str;
default = "10s";
example = "30s";
description = lib.mdDoc ''
How often to scrape new data
''; '';
}; };
password = mkOption { password = mkOption {
@ -29,7 +26,7 @@ in
default = ""; default = "";
example = "password"; example = "password";
description = lib.mdDoc '' description = lib.mdDoc ''
The password to login into pihole. An api token can be used instead. The password to login into Pi-Hole. An api token can be used instead.
''; '';
}; };
piholeHostname = mkOption { piholeHostname = mkOption {
@ -37,7 +34,7 @@ in
default = "pihole"; default = "pihole";
example = "127.0.0.1"; example = "127.0.0.1";
description = lib.mdDoc '' description = lib.mdDoc ''
Hostname or address where to find the pihole webinterface Hostname or address where to find the Pi-Hole webinterface
''; '';
}; };
piholePort = mkOption { piholePort = mkOption {
@ -45,7 +42,7 @@ in
default = 80; default = 80;
example = 443; example = 443;
description = lib.mdDoc '' description = lib.mdDoc ''
The port pihole webinterface is reachable on The port Pi-Hole webinterface is reachable on
''; '';
}; };
protocol = mkOption { protocol = mkOption {
@ -53,21 +50,28 @@ in
default = "http"; default = "http";
example = "https"; example = "https";
description = lib.mdDoc '' description = lib.mdDoc ''
The protocol which is used to connect to pihole The protocol which is used to connect to Pi-Hole
'';
};
timeout = mkOption {
type = types.str;
default = "5s";
description = lib.mdDoc ''
Controls the timeout to connect to a Pi-Hole instance
''; '';
}; };
}; };
serviceOpts = { serviceOpts = {
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${pkgs.bash}/bin/bash -c "${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \ ${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
-interval ${cfg.interval} \
${optionalString (cfg.apiToken != "") "-pihole_api_token ${cfg.apiToken}"} \ ${optionalString (cfg.apiToken != "") "-pihole_api_token ${cfg.apiToken}"} \
-pihole_hostname ${cfg.piholeHostname} \ -pihole_hostname ${cfg.piholeHostname} \
${optionalString (cfg.password != "") "-pihole_password ${cfg.password}"} \ ${optionalString (cfg.password != "") "-pihole_password ${cfg.password}"} \
-pihole_port ${toString cfg.piholePort} \ -pihole_port ${toString cfg.piholePort} \
-pihole_protocol ${cfg.protocol} \ -pihole_protocol ${cfg.protocol} \
-port ${toString cfg.port}" -port ${toString cfg.port} \
-timeout ${cfg.timeout}
''; '';
}; };
}; };

View file

@ -24,9 +24,9 @@ in {
inherit (options.services.unpoller.unifi) controllers; inherit (options.services.unpoller.unifi) controllers;
inherit (options.services.unpoller) loki; inherit (options.services.unpoller) loki;
log = { log = {
debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs."); debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs");
quiet = mkEnableOption (lib.mdDoc "startup and error logs only."); quiet = mkEnableOption (lib.mdDoc "startup and error logs only");
prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus."); prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus");
}; };
}; };

View file

@ -11,7 +11,7 @@ in
options = { options = {
services.uptime-kuma = { services.uptime-kuma = {
enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set."); enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set");
package = mkOption { package = mkOption {
type = types.package; type = types.package;
@ -20,7 +20,7 @@ in
description = lib.mdDoc "Uptime Kuma package to use."; description = lib.mdDoc "Uptime Kuma package to use.";
}; };
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications."); appriseSupport = mkEnableOption (mdDoc "apprise support for notifications");
settings = lib.mkOption { settings = lib.mkOption {
type = lib.types.submodule { freeformType = with lib.types; attrsOf str; }; type = lib.types.submodule { freeformType = with lib.types; attrsOf str; };

View file

@ -85,7 +85,7 @@ in {
description = lib.mdDoc "Run daemons as user moosefs instead of root."; description = lib.mdDoc "Run daemons as user moosefs instead of root.";
}; };
client.enable = mkEnableOption (lib.mdDoc "Moosefs client."); client.enable = mkEnableOption (lib.mdDoc "Moosefs client");
master = { master = {
enable = mkOption { enable = mkOption {
@ -131,7 +131,7 @@ in {
}; };
metalogger = { metalogger = {
enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon."); enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon");
settings = mkOption { settings = mkOption {
type = types.submodule { type = types.submodule {
@ -149,7 +149,7 @@ in {
}; };
chunkserver = { chunkserver = {
enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon."); enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon");
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;

View file

@ -10,7 +10,7 @@ let
options = { options = {
enable = mkEnableOption (lib.mdDoc "blockbook-frontend application."); enable = mkEnableOption (lib.mdDoc "blockbook-frontend application");
package = mkOption { package = mkOption {
type = types.package; type = types.package;

View file

@ -304,6 +304,10 @@ in
forceSSL = cfg.singleNode.enableTLS; forceSSL = cfg.singleNode.enableTLS;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.settings.port}"; proxyPass = "http://127.0.0.1:${toString cfg.settings.port}";
# We need to pass the Host header that matches the original Host header. Otherwise,
# Hawk authentication will fail (because it assumes that the client and server see
# the same value of the Host header).
recommendedProxySettings = true;
}; };
}; };
}; };

View file

@ -68,6 +68,12 @@ in
description = lib.mdDoc "Whether this node is a lighthouse."; description = lib.mdDoc "Whether this node is a lighthouse.";
}; };
isRelay = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether this node is a relay.";
};
lighthouses = mkOption { lighthouses = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
@ -78,6 +84,15 @@ in
example = [ "192.168.100.1" ]; example = [ "192.168.100.1" ];
}; };
relays = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
List of IPs of relays that this node should allow traffic from.
'';
example = [ "192.168.100.1" ];
};
listen.host = mkOption { listen.host = mkOption {
type = types.str; type = types.str;
default = "0.0.0.0"; default = "0.0.0.0";
@ -157,6 +172,11 @@ in
am_lighthouse = netCfg.isLighthouse; am_lighthouse = netCfg.isLighthouse;
hosts = netCfg.lighthouses; hosts = netCfg.lighthouses;
}; };
relay = {
am_relay = netCfg.isRelay;
relays = netCfg.relays;
use_relays = true;
};
listen = { listen = {
host = netCfg.listen.host; host = netCfg.listen.host;
port = netCfg.listen.port; port = netCfg.listen.port;
@ -173,25 +193,41 @@ in
configFile = format.generate "nebula-config-${netName}.yml" settings; configFile = format.generate "nebula-config-${netName}.yml" settings;
in in
{ {
# Create systemd service for Nebula. # Create the systemd service for Nebula.
"nebula@${netName}" = { "nebula@${netName}" = {
description = "Nebula VPN service for ${netName}"; description = "Nebula VPN service for ${netName}";
wants = [ "basic.target" ]; wants = [ "basic.target" ];
after = [ "basic.target" "network.target" ]; after = [ "basic.target" "network.target" ];
before = [ "sshd.service" ]; before = [ "sshd.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = mkMerge [ serviceConfig = {
{
Type = "simple"; Type = "simple";
Restart = "always"; Restart = "always";
ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}"; ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}";
} UMask = "0027";
# The service needs to launch as root to access the tun device, if it's enabled. CapabilityBoundingSet = "CAP_NET_ADMIN";
(mkIf netCfg.tun.disable { AmbientCapabilities = "CAP_NET_ADMIN";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = false; # needs access to /dev/net/tun (below)
DeviceAllow = "/dev/net/tun rw";
DevicePolicy = "closed";
PrivateTmp = true;
PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = true;
RestrictSUIDSGID = true;
User = networkId; User = networkId;
Group = networkId; Group = networkId;
}) };
];
unitConfig.StartLimitIntervalSec = 0; # ensure Restart=always is always honoured (networks can go down for arbitrarily long) unitConfig.StartLimitIntervalSec = 0; # ensure Restart=always is always honoured (networks can go down for arbitrarily long)
}; };
}) enabledNetworks); }) enabledNetworks);
@ -202,7 +238,7 @@ in
# Create the service users and groups. # Create the service users and groups.
users.users = mkMerge (mapAttrsToList (netName: netCfg: users.users = mkMerge (mapAttrsToList (netName: netCfg:
mkIf netCfg.tun.disable { {
${nameToId netName} = { ${nameToId netName} = {
group = nameToId netName; group = nameToId netName;
description = "Nebula service user for network ${netName}"; description = "Nebula service user for network ${netName}";
@ -210,8 +246,7 @@ in
}; };
}) enabledNetworks); }) enabledNetworks);
users.groups = mkMerge (mapAttrsToList (netName: netCfg: users.groups = mkMerge (mapAttrsToList (netName: netCfg: {
mkIf netCfg.tun.disable {
${nameToId netName} = {}; ${nameToId netName} = {};
}) enabledNetworks); }) enabledNetworks);
}; };

View file

@ -57,7 +57,8 @@ let
''}"} ''}"}
''; '';
in { in
{
description = "OpenVPN instance ${name}"; description = "OpenVPN instance ${name}";
wantedBy = optional cfg.autoStart "multi-user.target"; wantedBy = optional cfg.autoStart "multi-user.target";
@ -70,6 +71,16 @@ let
serviceConfig.Type = "notify"; serviceConfig.Type = "notify";
}; };
restartService = optionalAttrs cfg.restartAfterSleep {
openvpn-restart = {
wantedBy = [ "sleep.target" ];
path = [ pkgs.procps ];
script = "pkill --signal SIGHUP --exact openvpn";
#SIGHUP makes openvpn process to self-exit and then it got restarted by systemd because of Restart=always
description = "Sends a signal to OpenVPN process to trigger a restart after return from sleep";
};
};
in in
{ {
@ -82,7 +93,7 @@ in
options = { options = {
services.openvpn.servers = mkOption { services.openvpn.servers = mkOption {
default = {}; default = { };
example = literalExpression '' example = literalExpression ''
{ {
@ -201,14 +212,21 @@ in
}; };
services.openvpn.restartAfterSleep = mkOption {
default = true;
type = types.bool;
description = lib.mdDoc "Whether OpenVPN client should be restarted after sleep.";
};
}; };
###### implementation ###### implementation
config = mkIf (cfg.servers != {}) { config = mkIf (cfg.servers != { }) {
systemd.services = listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers); systemd.services = (listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers))
// restartService;
environment.systemPackages = [ openvpn ]; environment.systemPackages = [ openvpn ];

View file

@ -120,5 +120,5 @@ in
}; };
}; };
meta.maintainers = with maintainers; [ malvo ]; meta.maintainers = with maintainers; [ malte-v ];
} }

View file

@ -13,11 +13,12 @@ let
else pkgs.buildPackages.openssh; else pkgs.buildPackages.openssh;
# reports boolean as yes / no # reports boolean as yes / no
mkValueStringSshd = v: mkValueStringSshd = with lib; v:
if isInt v then toString v if isInt v then toString v
else if isString v then v else if isString v then v
else if true == v then "yes" else if true == v then "yes"
else if false == v then "no" else if false == v then "no"
else if isList v then concatStringsSep "," v
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
# dont use the "=" operator # dont use the "=" operator
@ -104,6 +105,11 @@ in
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ]) (mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ])
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ]) (mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
(mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ]) (mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ])
(mkRenamedOptionModule [ "services" "openssh" "macs" ] [ "services" "openssh" "settings" "Macs" ])
(mkRenamedOptionModule [ "services" "openssh" "ciphers" ] [ "services" "openssh" "settings" "Ciphers" ])
(mkRenamedOptionModule [ "services" "openssh" "kexAlgorithms" ] [ "services" "openssh" "settings" "KexAlgorithms" ])
(mkRenamedOptionModule [ "services" "openssh" "gatewayPorts" ] [ "services" "openssh" "settings" "GatewayPorts" ])
(mkRenamedOptionModule [ "services" "openssh" "forwardX11" ] [ "services" "openssh" "settings" "X11Forwarding" ])
]; ];
###### interface ###### interface
@ -131,14 +137,6 @@ in
''; '';
}; };
forwardX11 = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to allow X11 connections to be forwarded.
'';
};
allowSFTP = mkOption { allowSFTP = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -167,16 +165,6 @@ in
''; '';
}; };
gatewayPorts = mkOption {
type = types.str;
default = "no";
description = lib.mdDoc ''
Specifies whether remote hosts are allowed to connect to
ports forwarded for the client. See
{manpage}`sshd_config(5)`.
'';
};
ports = mkOption { ports = mkOption {
type = types.listOf types.port; type = types.listOf types.port;
default = [22]; default = [22];
@ -286,63 +274,6 @@ in
''; '';
}; };
kexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
description = lib.mdDoc ''
Allowed key exchange algorithms
Uses the lower bound recommended in both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
ciphers = mkOption {
type = types.listOf types.str;
default = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
description = lib.mdDoc ''
Allowed ciphers
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
macs = mkOption {
type = types.listOf types.str;
default = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = lib.mdDoc ''
Allowed MACs
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
settings = mkOption { settings = mkOption {
@ -374,7 +305,13 @@ in
~/.ssh/authorized_keys from and sshd_config Match Host directives. ~/.ssh/authorized_keys from and sshd_config Match Host directives.
''; '';
}; };
X11Forwarding = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to allow X11 connections to be forwarded.
'';
};
PasswordAuthentication = mkOption { PasswordAuthentication = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -396,6 +333,70 @@ in
Specifies whether keyboard-interactive authentication is allowed. Specifies whether keyboard-interactive authentication is allowed.
''; '';
}; };
GatewayPorts = mkOption {
type = types.str;
default = "no";
description = lib.mdDoc ''
Specifies whether remote hosts are allowed to connect to
ports forwarded for the client. See
{manpage}`sshd_config(5)`.
'';
};
KexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
description = lib.mdDoc ''
Allowed key exchange algorithms
Uses the lower bound recommended in both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
Macs = mkOption {
type = types.listOf types.str;
default = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = lib.mdDoc ''
Allowed MACs
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
Ciphers = mkOption {
type = types.listOf types.str;
default = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
description = lib.mdDoc ''
Allowed ciphers
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
}; };
}); });
}; };
@ -555,17 +556,10 @@ in
${optionalString cfgc.setXAuthLocation '' ${optionalString cfgc.setXAuthLocation ''
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
''} ''}
X11Forwarding ${if cfg.forwardX11 then "yes" else "no"}
${optionalString cfg.allowSFTP '' ${optionalString cfg.allowSFTP ''
Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags} Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags}
''} ''}
GatewayPorts ${cfg.gatewayPorts}
PrintMotd no # handled by pam_motd PrintMotd no # handled by pam_motd
AuthorizedKeysFile ${toString cfg.authorizedKeysFiles} AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
${optionalString (cfg.authorizedKeysCommand != "none") '' ${optionalString (cfg.authorizedKeysCommand != "none") ''
AuthorizedKeysCommand ${cfg.authorizedKeysCommand} AuthorizedKeysCommand ${cfg.authorizedKeysCommand}
@ -575,13 +569,9 @@ in
${flip concatMapStrings cfg.hostKeys (k: '' ${flip concatMapStrings cfg.hostKeys (k: ''
HostKey ${k.path} HostKey ${k.path}
'')} '')}
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
Ciphers ${concatStringsSep "," cfg.ciphers}
MACs ${concatStringsSep "," cfg.macs}
''; '';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true;
message = "cannot enable X11 forwarding without setting xauth location";}] message = "cannot enable X11 forwarding without setting xauth location";}]
++ forEach cfg.listenAddresses ({ addr, ... }: { ++ forEach cfg.listenAddresses ({ addr, ... }: {
assertion = addr != null; assertion = addr != null;

View file

@ -115,7 +115,7 @@ in
MEILI_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.listenPort}"; MEILI_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.listenPort}";
MEILI_NO_ANALYTICS = toString cfg.noAnalytics; MEILI_NO_ANALYTICS = toString cfg.noAnalytics;
MEILI_ENV = cfg.environment; MEILI_ENV = cfg.environment;
MEILI_DUMPS_DIR = "/var/lib/meilisearch/dumps"; MEILI_DUMP_DIR = "/var/lib/meilisearch/dumps";
MEILI_LOG_LEVEL = cfg.logLevel; MEILI_LOG_LEVEL = cfg.logLevel;
MEILI_MAX_INDEX_SIZE = cfg.maxIndexSize; MEILI_MAX_INDEX_SIZE = cfg.maxIndexSize;
}; };

View file

@ -55,7 +55,7 @@ in
options.services.kanidm = { options.services.kanidm = {
enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client"); enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client");
enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server"); enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration."); enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");
serverSettings = lib.mkOption { serverSettings = lib.mkOption {
type = lib.types.submodule { type = lib.types.submodule {

View file

@ -6,7 +6,7 @@ let
cfg = config.services.privacyidea; cfg = config.services.privacyidea;
opt = options.services.privacyidea; opt = options.services.privacyidea;
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python39; }; uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python310; };
python = uwsgi.python3; python = uwsgi.python3;
penv = python.withPackages (const [ pkgs.privacyidea ]); penv = python.withPackages (const [ pkgs.privacyidea ]);
logCfg = pkgs.writeText "privacyidea-log.cfg" '' logCfg = pkgs.writeText "privacyidea-log.cfg" ''
@ -41,7 +41,7 @@ let
piCfgFile = pkgs.writeText "privacyidea.cfg" '' piCfgFile = pkgs.writeText "privacyidea.cfg" ''
SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ] SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ]
SQLALCHEMY_DATABASE_URI = 'postgresql:///privacyidea' SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2:///privacyidea'
SECRET_KEY = '${cfg.secretKey}' SECRET_KEY = '${cfg.secretKey}'
PI_PEPPER = '${cfg.pepper}' PI_PEPPER = '${cfg.pepper}'
PI_ENCFILE = '${cfg.encFile}' PI_ENCFILE = '${cfg.encFile}'

View file

@ -68,7 +68,7 @@ let
in in
{ {
options.services.cloudlog = with types; { options.services.cloudlog = with types; {
enable = mkEnableOption (mdDoc "Whether to enable Cloudlog."); enable = mkEnableOption (mdDoc "Whether to enable Cloudlog");
dataDir = mkOption { dataDir = mkOption {
type = str; type = str;
default = "/var/lib/cloudlog"; default = "/var/lib/cloudlog";

View file

@ -148,7 +148,7 @@ let
]; ];
options = { options = {
enable = mkEnableOption (lib.mdDoc "DokuWiki web application."); enable = mkEnableOption (lib.mdDoc "DokuWiki web application");
package = mkOption { package = mkOption {
type = types.package; type = types.package;

View file

@ -12,7 +12,7 @@ in
{ {
options = { options = {
services.galene = { services.galene = {
enable = mkEnableOption (lib.mdDoc "Galene Service."); enable = mkEnableOption (lib.mdDoc "Galene Service");
stateDir = mkOption { stateDir = mkOption {
default = defaultstateDir; default = defaultstateDir;

View file

@ -7,7 +7,7 @@ in {
enable = mkEnableOption (lib.mdDoc "hledger-web service"); enable = mkEnableOption (lib.mdDoc "hledger-web service");
serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI."); serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI");
host = mkOption { host = mkOption {
type = types.str; type = types.str;

View file

@ -36,7 +36,7 @@ in
description = lib.mdDoc "Location of Jirafeau storage directory."; description = lib.mdDoc "Location of Jirafeau storage directory.";
}; };
enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application."); enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application");
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;

View file

@ -32,7 +32,7 @@ in
# interface # interface
options.services.limesurvey = { options.services.limesurvey = {
enable = mkEnableOption (lib.mdDoc "Limesurvey web application."); enable = mkEnableOption (lib.mdDoc "Limesurvey web application");
database = { database = {
type = mkOption { type = mkOption {

View file

@ -35,7 +35,8 @@ let
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } '' Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
mkdir -p $out mkdir -p $out
${cfg.package}/bin/caddy fmt ${Caddyfile}/Caddyfile > $out/Caddyfile cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
caddy fmt --overwrite $out/Caddyfile
''; '';
in in
"${if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile}/Caddyfile"; "${if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile}/Caddyfile";

View file

@ -203,7 +203,8 @@ let
proxy_send_timeout ${cfg.proxyTimeout}; proxy_send_timeout ${cfg.proxyTimeout};
proxy_read_timeout ${cfg.proxyTimeout}; proxy_read_timeout ${cfg.proxyTimeout};
proxy_http_version 1.1; proxy_http_version 1.1;
# don't let clients close the keep-alive connection to upstream # don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
# https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
proxy_set_header "Connection" ""; proxy_set_header "Connection" "";
include ${recommendedProxyConfig}; include ${recommendedProxyConfig};
''} ''}

Some files were not shown because too many files have changed in this diff Show more