Project import generated by Copybara.
GitOrigin-RevId: 724bfc0892363087709bd3a5a1666296759154b1
This commit is contained in:
parent
33b385d2e7
commit
4bac34ead1
1558 changed files with 26172 additions and 20213 deletions
third_party/nixpkgs
.github/ISSUE_TEMPLATE
bug_report.mdbuild_failure.mdmissing_documentation.mdout_of_date_package_report.mdpackaging_request.md
doc
lib
maintainers
nixos
doc/manual
configuration
default.nixfrom_md
man-nixos-build-vms.xmlman-nixos-enter.xmlman-nixos-generate-config.xmlman-nixos-install.xmlman-nixos-option.xmlman-nixos-rebuild.xmlman-nixos-version.xmlman-pages.xmlmanpages
README.mdnixos-build-vms.8nixos-enter.8nixos-generate-config.8nixos-install.8nixos-option.8nixos-rebuild.8nixos-version.8
release-notes
lib
maintainers/scripts/lxd
modules
config
hardware/video
installer/tools
misc
module-list.nixprograms
security
services
backup
cluster/kubernetes
computing/slurm
desktops/gnome
development
games
hardware
mail
misc
monitoring
network-filesystems
networking
search
security
web-apps
web-servers
|
@ -26,6 +26,7 @@ If applicable, add screenshots to help explain your problem.
|
||||||
Add any other context about the problem here.
|
Add any other context about the problem here.
|
||||||
|
|
||||||
### Notify maintainers
|
### Notify maintainers
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||||
If in doubt, check `git blame` for whoever last touched something.
|
If in doubt, check `git blame` for whoever last touched something.
|
||||||
|
|
|
@ -1,31 +1,36 @@
|
||||||
---
|
---
|
||||||
name: Build failure
|
name: Build failure
|
||||||
about: Create a report to help us improve
|
about: Create a report to help us improve
|
||||||
title: ''
|
title: 'Build failure: PACKAGENAME'
|
||||||
labels: '0.kind: build failure'
|
labels: '0.kind: build failure'
|
||||||
assignees: ''
|
assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### Steps To Reproduce
|
### Steps To Reproduce
|
||||||
|
|
||||||
Steps to reproduce the behavior:
|
Steps to reproduce the behavior:
|
||||||
1. build *X*
|
1. build *X*
|
||||||
|
|
||||||
### Build log
|
### Build log
|
||||||
|
|
||||||
```
|
```
|
||||||
log here if short otherwise a link to a gist
|
log here if short otherwise a link to a gist
|
||||||
```
|
```
|
||||||
|
|
||||||
### Additional context
|
### Additional context
|
||||||
|
|
||||||
Add any other context about the problem here.
|
Add any other context about the problem here.
|
||||||
|
|
||||||
### Notify maintainers
|
### Notify maintainers
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||||
If in doubt, check `git blame` for whoever last touched something.
|
If in doubt, check `git blame` for whoever last touched something.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
### Metadata
|
### Metadata
|
||||||
|
|
||||||
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
|
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
name: Missing or incorrect documentation
|
name: Missing or incorrect documentation
|
||||||
about: Help us improve the Nixpkgs and NixOS reference manuals
|
about: Help us improve the Nixpkgs and NixOS reference manuals
|
||||||
title: ''
|
title: 'Documentation: '
|
||||||
labels: '9.needs: documentation'
|
labels: '9.needs: documentation'
|
||||||
assignees: ''
|
assignees: ''
|
||||||
|
|
||||||
|
@ -11,6 +11,10 @@ assignees: ''
|
||||||
|
|
||||||
<!-- describe your problem -->
|
<!-- describe your problem -->
|
||||||
|
|
||||||
|
## Proposal
|
||||||
|
|
||||||
|
<!-- propose a solution (optional) -->
|
||||||
|
|
||||||
## Checklist
|
## Checklist
|
||||||
|
|
||||||
<!-- make sure this issue is not redundant or obsolete -->
|
<!-- make sure this issue is not redundant or obsolete -->
|
||||||
|
@ -26,7 +30,3 @@ assignees: ''
|
||||||
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
|
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
|
||||||
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
|
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
|
||||||
|
|
||||||
## Proposal
|
|
||||||
|
|
||||||
<!-- propose a solution -->
|
|
||||||
|
|
||||||
|
|
|
@ -1,24 +1,17 @@
|
||||||
---
|
---
|
||||||
name: Out-of-date package reports
|
name: Out-of-date package reports
|
||||||
about: For packages that are out-of-date
|
about: For packages that are out-of-date
|
||||||
title: ''
|
title: 'Update request: PACKAGENAME OLDVERSION → NEWVERSION'
|
||||||
labels: '9.needs: package (update)'
|
labels: '9.needs: package (update)'
|
||||||
assignees: ''
|
assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- Package name:
|
||||||
###### Checklist
|
- Latest released version:
|
||||||
|
<!-- Search your package here: https://search.nixos.org/packages?channel=unstable -->
|
||||||
<!-- Note that these are hard requirements -->
|
- Current version on the unstable channel:
|
||||||
|
- Current version on the stable/release channel:
|
||||||
<!--
|
|
||||||
You can use the "Go to file" functionality on GitHub to find the package
|
|
||||||
Then you can go to the history for this package
|
|
||||||
Find the latest "package_name: old_version -> new_version" commit
|
|
||||||
The "new_version" is the current version of the package
|
|
||||||
-->
|
|
||||||
- [ ] Checked the [nixpkgs master branch](https://github.com/NixOS/nixpkgs)
|
|
||||||
<!--
|
<!--
|
||||||
Type the name of your package and try to find an open pull request for the package
|
Type the name of your package and try to find an open pull request for the package
|
||||||
If you find an open pull request, you can review it!
|
If you find an open pull request, you can review it!
|
||||||
|
@ -26,23 +19,10 @@ There's a high chance that you'll have the new version right away while helping
|
||||||
-->
|
-->
|
||||||
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
|
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
|
||||||
|
|
||||||
###### Project name
|
**Notify maintainers**
|
||||||
`nix search` name:
|
|
||||||
<!--
|
|
||||||
The current version can be found easily with the same process as above for checking the master branch
|
|
||||||
If an open PR is present for the package, take this version as the current one and link to the PR
|
|
||||||
-->
|
|
||||||
current version:
|
|
||||||
desired version:
|
|
||||||
|
|
||||||
###### Notify maintainers
|
<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
||||||
<!--
|
|
||||||
Search your package here: https://search.nixos.org/packages?channel=unstable
|
|
||||||
If no maintainer is listed for your package, tag the person that last updated the package
|
|
||||||
-->
|
|
||||||
|
|
||||||
maintainers:
|
-----
|
||||||
|
|
||||||
###### Note for maintainers
|
Note for maintainers: Please tag this issue in your PR.
|
||||||
|
|
||||||
Please tag this issue in your PR.
|
|
||||||
|
|
|
@ -1,14 +1,15 @@
|
||||||
---
|
---
|
||||||
name: Packaging requests
|
name: Packaging requests
|
||||||
about: For packages that are missing
|
about: For packages that are missing
|
||||||
title: ''
|
title: 'Package request: PACKAGENAME'
|
||||||
labels: '0.kind: packaging request'
|
labels: '0.kind: packaging request'
|
||||||
assignees: ''
|
assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
**Project description**
|
**Project description**
|
||||||
_describe the project a little_
|
|
||||||
|
<!-- Describe the project a little: -->
|
||||||
|
|
||||||
**Metadata**
|
**Metadata**
|
||||||
|
|
||||||
|
|
|
@ -163,3 +163,30 @@ or "hg"), `domain` and `fetchSubmodules`.
|
||||||
If `fetchSubmodules` is `true`, `fetchFromSourcehut` uses `fetchgit`
|
If `fetchSubmodules` is `true`, `fetchFromSourcehut` uses `fetchgit`
|
||||||
or `fetchhg` with `fetchSubmodules` or `fetchSubrepos` set to `true`,
|
or `fetchhg` with `fetchSubmodules` or `fetchSubrepos` set to `true`,
|
||||||
respectively. Otherwise, the fetcher uses `fetchzip`.
|
respectively. Otherwise, the fetcher uses `fetchzip`.
|
||||||
|
|
||||||
|
## `requireFile` {#requirefile}
|
||||||
|
|
||||||
|
`requireFile` allows requesting files that cannot be fetched automatically, but whose content is known.
|
||||||
|
This is a useful last-resort workaround for license restrictions that prohibit redistribution, or for downloads that are only accessible after authenticating interactively in a browser.
|
||||||
|
If the requested file is present in the Nix store, the resulting derivation will not be built, because its expected output is already available.
|
||||||
|
Otherwise, the builder will run, but fail with a message explaining to the user how to provide the file. The following code, for example:
|
||||||
|
|
||||||
|
```
|
||||||
|
requireFile {
|
||||||
|
name = "jdk-${version}_linux-x64_bin.tar.gz";
|
||||||
|
url = "https://www.oracle.com/java/technologies/javase-jdk11-downloads.html";
|
||||||
|
sha256 = "94bd34f85ee38d3ef59e5289ec7450b9443b924c55625661fffe66b03f2c8de2";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
results in this error message:
|
||||||
|
```
|
||||||
|
***
|
||||||
|
Unfortunately, we cannot download file jdk-11.0.10_linux-x64_bin.tar.gz automatically.
|
||||||
|
Please go to https://www.oracle.com/java/technologies/javase-jdk11-downloads.html to download it yourself, and add it to the Nix store
|
||||||
|
using either
|
||||||
|
nix-store --add-fixed sha256 jdk-11.0.10_linux-x64_bin.tar.gz
|
||||||
|
or
|
||||||
|
nix-prefetch-url --type sha256 file:///path/to/jdk-11.0.10_linux-x64_bin.tar.gz
|
||||||
|
|
||||||
|
***
|
||||||
|
```
|
||||||
|
|
|
@ -204,13 +204,13 @@ The key words _must_, _must not_, _required_, _shall_, _shall not_, _should_, _s
|
||||||
|
|
||||||
In Nixpkgs, there are generally three different names associated with a package:
|
In Nixpkgs, there are generally three different names associated with a package:
|
||||||
|
|
||||||
- The `name` attribute of the derivation (excluding the version part). This is what most users see, in particular when using `nix-env`.
|
- The `pname` attribute of the derivation. This is what most users see, in particular when using `nix-env`.
|
||||||
|
|
||||||
- The variable name used for the instantiated package in `all-packages.nix`, and when passing it as a dependency to other functions. Typically this is called the _package attribute name_. This is what Nix expression authors see. It can also be used when installing using `nix-env -iA`.
|
- The variable name used for the instantiated package in `all-packages.nix`, and when passing it as a dependency to other functions. Typically this is called the _package attribute name_. This is what Nix expression authors see. It can also be used when installing using `nix-env -iA`.
|
||||||
|
|
||||||
- The filename for (the directory containing) the Nix expression.
|
- The filename for (the directory containing) the Nix expression.
|
||||||
|
|
||||||
Most of the time, these are the same. For instance, the package `e2fsprogs` has a `name` attribute `"e2fsprogs-version"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`.
|
Most of the time, these are the same. For instance, the package `e2fsprogs` has a `pname` attribute `"e2fsprogs"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`.
|
||||||
|
|
||||||
There are a few naming guidelines:
|
There are a few naming guidelines:
|
||||||
|
|
||||||
|
|
3
third_party/nixpkgs/doc/default.nix
vendored
3
third_party/nixpkgs/doc/default.nix
vendored
|
@ -1,6 +1,5 @@
|
||||||
{ pkgs ? (import ./.. { }), nixpkgs ? { }}:
|
{ pkgs ? (import ./.. { }), nixpkgs ? { }}:
|
||||||
let
|
let
|
||||||
lib = pkgs.lib;
|
|
||||||
doc-support = import ./doc-support { inherit pkgs nixpkgs; };
|
doc-support = import ./doc-support { inherit pkgs nixpkgs; };
|
||||||
in pkgs.stdenv.mkDerivation {
|
in pkgs.stdenv.mkDerivation {
|
||||||
name = "nixpkgs-manual";
|
name = "nixpkgs-manual";
|
||||||
|
@ -15,7 +14,7 @@ in pkgs.stdenv.mkDerivation {
|
||||||
xmlformat
|
xmlformat
|
||||||
];
|
];
|
||||||
|
|
||||||
src = lib.cleanSource ./.;
|
src = pkgs.nix-gitignore.gitignoreSource [] ./.;
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
ln -s ${doc-support} ./doc-support/result
|
ln -s ${doc-support} ./doc-support/result
|
||||||
|
|
|
@ -195,7 +195,7 @@ maintenance work for `haskellPackages` is required. Besides that, it is not
|
||||||
possible to get the dependencies of a legacy project from nixpkgs or to use a
|
possible to get the dependencies of a legacy project from nixpkgs or to use a
|
||||||
specific stack solver for compiling a project.
|
specific stack solver for compiling a project.
|
||||||
|
|
||||||
Even though we couldn‘t use them directly in nixpkgs, it would be desirable
|
Even though we couldn’t use them directly in nixpkgs, it would be desirable
|
||||||
to have tooling to generate working Nix package sets from build plans generated
|
to have tooling to generate working Nix package sets from build plans generated
|
||||||
by `cabal-install` or a specific Stackage snapshot via import-from-derivation.
|
by `cabal-install` or a specific Stackage snapshot via import-from-derivation.
|
||||||
Sadly we currently don’t have tooling for this. For this you might be
|
Sadly we currently don’t have tooling for this. For this you might be
|
||||||
|
@ -538,7 +538,7 @@ via [`shellFor`](#haskell-shellFor).
|
||||||
When using `cabal-install` for dependency resolution you need to be a bit
|
When using `cabal-install` for dependency resolution you need to be a bit
|
||||||
careful to achieve build purity. `cabal-install` will find and use all
|
careful to achieve build purity. `cabal-install` will find and use all
|
||||||
dependencies installed from the packages `env` via Nix, but it will also
|
dependencies installed from the packages `env` via Nix, but it will also
|
||||||
consult Hackage to potentially download and compile dependencies if it can‘t
|
consult Hackage to potentially download and compile dependencies if it can’t
|
||||||
find a valid build plan locally. To prevent this you can either never run
|
find a valid build plan locally. To prevent this you can either never run
|
||||||
`cabal update`, remove the cabal database from your `~/.cabal` folder or run
|
`cabal update`, remove the cabal database from your `~/.cabal` folder or run
|
||||||
`cabal` with `--offline`. Note though, that for some usecases `cabal2nix` needs
|
`cabal` with `--offline`. Note though, that for some usecases `cabal2nix` needs
|
||||||
|
|
|
@ -38,6 +38,7 @@
|
||||||
<xi:include href="r.section.xml" />
|
<xi:include href="r.section.xml" />
|
||||||
<xi:include href="ruby.section.xml" />
|
<xi:include href="ruby.section.xml" />
|
||||||
<xi:include href="rust.section.xml" />
|
<xi:include href="rust.section.xml" />
|
||||||
|
<xi:include href="swift.section.xml" />
|
||||||
<xi:include href="texlive.section.xml" />
|
<xi:include href="texlive.section.xml" />
|
||||||
<xi:include href="titanium.section.xml" />
|
<xi:include href="titanium.section.xml" />
|
||||||
<xi:include href="vim.section.xml" />
|
<xi:include href="vim.section.xml" />
|
||||||
|
|
|
@ -4,6 +4,48 @@
|
||||||
|
|
||||||
Nixpkgs provides a couple of facilities for working with this tool.
|
Nixpkgs provides a couple of facilities for working with this tool.
|
||||||
|
|
||||||
- A [setup hook](#setup-hook-pkg-config) bundled with in the `pkg-config` package, to bring a derivation's declared build inputs into the environment.
|
## Writing packages providing pkg-config modules
|
||||||
- The [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), for packages that provide pkg-config modules.
|
|
||||||
- The `defaultPkgConfigPackages` package set: a set of aliases, named after the modules they provide. This is meant to be used by language-to-nix integrations. Hand-written packages should use the normal Nixpkgs attribute name instead.
|
Packages should set `meta.pkgConfigProvides` with the list of package config modules they provide.
|
||||||
|
They should also use `testers.testMetaPkgConfig` to check that the final built package matches that list.
|
||||||
|
Additionally, the [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), will do extra checks on to-be-installed pkg-config modules.
|
||||||
|
|
||||||
|
A good example of all these things is zlib:
|
||||||
|
|
||||||
|
```
|
||||||
|
{ pkg-config, testers, ... }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation (finalAttrs: {
|
||||||
|
...
|
||||||
|
|
||||||
|
nativeBuildInputs = [ pkg-config validatePkgConfig ];
|
||||||
|
|
||||||
|
passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
...
|
||||||
|
pkgConfigModules = [ "zlib" ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
```
|
||||||
|
|
||||||
|
## Accessing packages via pkg-config module name
|
||||||
|
|
||||||
|
### Within Nixpkgs
|
||||||
|
|
||||||
|
A [setup hook](#setup-hook-pkg-config) is bundled in the `pkg-config` package to bring a derivation's declared build inputs into the environment.
|
||||||
|
This will populate environment variables like `PKG_CONFIG_PATH`, `PKG_CONFIG_PATH_FOR_BUILD`, and `PKG_CONFIG_PATH_HOST` based on:
|
||||||
|
|
||||||
|
- how `pkg-config` itself is depended upon
|
||||||
|
|
||||||
|
- how other dependencies are depended upon
|
||||||
|
|
||||||
|
For more details see the section on [specifying dependencies in general](#ssec-stdenv-dependencies).
|
||||||
|
|
||||||
|
Normal pkg-config commands to look up dependencies by name will then work with those environment variables defined by the hook.
|
||||||
|
|
||||||
|
### Externally
|
||||||
|
|
||||||
|
The `defaultPkgConfigPackages` package set is a set of aliases, named after the modules they provide.
|
||||||
|
This is meant to be used by language-to-nix integrations.
|
||||||
|
Hand-written packages should use the normal Nixpkgs attribute name instead.
|
||||||
|
|
176
third_party/nixpkgs/doc/languages-frameworks/swift.section.md
vendored
Normal file
176
third_party/nixpkgs/doc/languages-frameworks/swift.section.md
vendored
Normal file
|
@ -0,0 +1,176 @@
|
||||||
|
# Swift {#swift}
|
||||||
|
|
||||||
|
The Swift compiler is provided by the `swift` package:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# Compile and link a simple executable.
|
||||||
|
nix-shell -p swift --run 'swiftc -' <<< 'print("Hello world!")'
|
||||||
|
# Run it!
|
||||||
|
./main
|
||||||
|
```
|
||||||
|
|
||||||
|
The `swift` package also provides the `swift` command, with some caveats:
|
||||||
|
|
||||||
|
- Swift Package Manager (SwiftPM) is packaged separately as `swiftpm`. If you
|
||||||
|
need functionality like `swift build`, `swift run`, `swift test`, you must
|
||||||
|
also add the `swiftpm` package to your closure.
|
||||||
|
- On Darwin, the `swift repl` command requires an Xcode installation. This is
|
||||||
|
because it uses the system LLDB debugserver, which has special entitlements.
|
||||||
|
|
||||||
|
## Module search paths {#ssec-swift-module-search-paths}
|
||||||
|
|
||||||
|
Like other toolchains in Nixpkgs, the Swift compiler executables are wrapped
|
||||||
|
to help Swift find your application's dependencies in the Nix store. These
|
||||||
|
wrappers scan the `buildInputs` of your package derivation for specific
|
||||||
|
directories where Swift modules are placed by convention, and automatically
|
||||||
|
add those directories to the Swift compiler search paths.
|
||||||
|
|
||||||
|
Swift follows different conventions depending on the platform. The wrappers
|
||||||
|
look for the following directories:
|
||||||
|
|
||||||
|
- On Darwin platforms: `lib/swift/macosx`
|
||||||
|
(If not targeting macOS, replace `macosx` with the Xcode platform name.)
|
||||||
|
- On other platforms: `lib/swift/linux/x86_64`
|
||||||
|
(Where `linux` and `x86_64` are from lowercase `uname -sm`.)
|
||||||
|
- For convenience, Nixpkgs also adds simply `lib/swift` to the search path.
|
||||||
|
This can save a bit of work packaging Swift modules, because many Nix builds
|
||||||
|
will produce output for just one target any way.
|
||||||
|
|
||||||
|
## Core libraries {#ssec-swift-core-libraries}
|
||||||
|
|
||||||
|
In addition to the standard library, the Swift toolchain contains some
|
||||||
|
additional 'core libraries' that, on Apple platforms, are normally distributed
|
||||||
|
as part of the OS or Xcode. These are packaged separately in Nixpkgs, and can
|
||||||
|
be found (for use in `buildInputs`) as:
|
||||||
|
|
||||||
|
- `swiftPackages.Dispatch`
|
||||||
|
- `swiftPackages.Foundation`
|
||||||
|
- `swiftPackages.XCTest`
|
||||||
|
|
||||||
|
## Packaging with SwiftPM {#ssec-swift-packaging-with-swiftpm}
|
||||||
|
|
||||||
|
Nixpkgs includes a small helper `swiftpm2nix` that can fetch your SwiftPM
|
||||||
|
dependencies for you, when you need to write a Nix expression to package your
|
||||||
|
application.
|
||||||
|
|
||||||
|
The first step is to run the generator:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd /path/to/my/project
|
||||||
|
# Enter a Nix shell with the required tools.
|
||||||
|
nix-shell -p swift swiftpm swiftpm2nix
|
||||||
|
# First, make sure the workspace is up-to-date.
|
||||||
|
swift package resolve
|
||||||
|
# Now generate the Nix code.
|
||||||
|
swiftpm2nix
|
||||||
|
```
|
||||||
|
|
||||||
|
This produces some files in a directory `nix`, which will be part of your Nix
|
||||||
|
expression. The next step is to write that expression:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{ stdenv, swift, swiftpm, swiftpm2nix, fetchFromGitHub }:
|
||||||
|
|
||||||
|
let
|
||||||
|
# Pass the generated files to the helper.
|
||||||
|
generated = swiftpm2nix.helpers ./nix;
|
||||||
|
in
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
pname = "myproject";
|
||||||
|
version = "0.0.0";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "nixos";
|
||||||
|
repo = pname;
|
||||||
|
rev = version;
|
||||||
|
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Including SwiftPM as a nativeBuildInput provides a buildPhase for you.
|
||||||
|
# This by default performs a release build using SwiftPM, essentially:
|
||||||
|
# swift build -c release
|
||||||
|
nativeBuildInputs = [ swift swiftpm ];
|
||||||
|
|
||||||
|
# The helper provides a configure snippet that will prepare all dependencies
|
||||||
|
# in the correct place, where SwiftPM expects them.
|
||||||
|
configurePhase = generated.configure;
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
# This is a special function that invokes swiftpm to find the location
|
||||||
|
# of the binaries it produced.
|
||||||
|
binPath="$(swiftpmBinPath)"
|
||||||
|
# Now perform any installation steps.
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cp $binPath/myproject $out/bin/
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Custom build flags {#ssec-swiftpm-custom-build-flags}
|
||||||
|
|
||||||
|
If you'd like to build a different configuration than `release`:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
swiftpmBuildConfig = "debug";
|
||||||
|
```
|
||||||
|
|
||||||
|
It is also possible to provide additional flags to `swift build`:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
swiftpmFlags = [ "--disable-dead-strip" ];
|
||||||
|
```
|
||||||
|
|
||||||
|
The default `buildPhase` already passes `-j` for parallel building.
|
||||||
|
|
||||||
|
If these two customization options are insufficient, simply provide your own
|
||||||
|
`buildPhase` that invokes `swift build`.
|
||||||
|
|
||||||
|
### Running tests {#ssec-swiftpm-running-tests}
|
||||||
|
|
||||||
|
Including `swiftpm` in your `nativeBuildInputs` also provides a default
|
||||||
|
`checkPhase`, but it must be enabled with:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
doCheck = true;
|
||||||
|
```
|
||||||
|
|
||||||
|
This essentially runs: `swift test -c release`
|
||||||
|
|
||||||
|
### Patching dependencies {#ssec-swiftpm-patching-dependencies}
|
||||||
|
|
||||||
|
In some cases, it may be necessary to patch a SwiftPM dependency. SwiftPM
|
||||||
|
dependencies are located in `.build/checkouts`, but the `swiftpm2nix` helper
|
||||||
|
provides these as symlinks to read-only `/nix/store` paths. In order to patch
|
||||||
|
them, we need to make them writable.
|
||||||
|
|
||||||
|
A special function `swiftpmMakeMutable` is available to replace the symlink
|
||||||
|
with a writable copy:
|
||||||
|
|
||||||
|
```
|
||||||
|
configurePhase = generated.configure ++ ''
|
||||||
|
# Replace the dependency symlink with a writable copy.
|
||||||
|
swiftpmMakeMutable swift-crypto
|
||||||
|
# Now apply a patch.
|
||||||
|
patch -p1 -d .build/checkouts/swift-crypto -i ${./some-fix.patch}
|
||||||
|
'';
|
||||||
|
```
|
||||||
|
|
||||||
|
## Considerations for custom build tools {#ssec-swift-considerations-for-custom-build-tools}
|
||||||
|
|
||||||
|
### Linking the standard library {#ssec-swift-linking-the-standard-library}
|
||||||
|
|
||||||
|
The `swift` package has a separate `lib` output containing just the Swift
|
||||||
|
standard library, to prevent Swift applications needing a dependency on the
|
||||||
|
full Swift compiler at run-time. Linking with the Nixpkgs Swift toolchain
|
||||||
|
already ensures binaries correctly reference the `lib` output.
|
||||||
|
|
||||||
|
Sometimes, Swift is used only to compile part of a mixed codebase, and the
|
||||||
|
link step is manual. Custom build tools often locate the standard library
|
||||||
|
relative to the `swift` compiler executable, and while the result will work,
|
||||||
|
when this path ends up in the binary, it will have the Swift compiler as an
|
||||||
|
unintended dependency.
|
||||||
|
|
||||||
|
In this case, you should investigate how your build process discovers the
|
||||||
|
standard library, and override the path. The correct path will be something
|
||||||
|
like: `"${swift.swift.lib}/${swift.swiftModuleSubdir}"`
|
|
@ -626,7 +626,7 @@ Before and after running `make`, the hooks `preBuild` and `postBuild` are called
|
||||||
|
|
||||||
### The check phase {#ssec-check-phase}
|
### The check phase {#ssec-check-phase}
|
||||||
|
|
||||||
The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make $checkTarget`, but only if the `doCheck` variable is enabled (see below).
|
The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make $checkTarget`, but only if the [`doCheck` variable](#var-stdenv-doCheck) is enabled.
|
||||||
|
|
||||||
#### Variables controlling the check phase {#variables-controlling-the-check-phase}
|
#### Variables controlling the check phase {#variables-controlling-the-check-phase}
|
||||||
|
|
||||||
|
@ -646,7 +646,8 @@ See the [build phase](#var-stdenv-makeFlags) for details.
|
||||||
|
|
||||||
##### `checkTarget` {#var-stdenv-checkTarget}
|
##### `checkTarget` {#var-stdenv-checkTarget}
|
||||||
|
|
||||||
The make target that runs the tests. Defaults to `check` if it exists, otherwise `test`; if neither is found, do nothing.
|
The `make` target that runs the tests.
|
||||||
|
If unset, use `check` if it exists, otherwise `test`; if neither is found, do nothing.
|
||||||
|
|
||||||
##### `checkFlags` / `checkFlagsArray` {#var-stdenv-checkFlags}
|
##### `checkFlags` / `checkFlagsArray` {#var-stdenv-checkFlags}
|
||||||
|
|
||||||
|
|
2
third_party/nixpkgs/lib/default.nix
vendored
2
third_party/nixpkgs/lib/default.nix
vendored
|
@ -88,7 +88,7 @@ let
|
||||||
updateManyAttrsByPath;
|
updateManyAttrsByPath;
|
||||||
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
|
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
|
||||||
concatMap flatten remove findSingle findFirst any all count
|
concatMap flatten remove findSingle findFirst any all count
|
||||||
optional optionals toList range partition zipListsWith zipLists
|
optional optionals toList range replicate partition zipListsWith zipLists
|
||||||
reverseList listDfs toposort sort naturalSort compareLists take
|
reverseList listDfs toposort sort naturalSort compareLists take
|
||||||
drop sublist last init crossLists unique intersectLists
|
drop sublist last init crossLists unique intersectLists
|
||||||
subtractLists mutuallyExclusive groupBy groupBy';
|
subtractLists mutuallyExclusive groupBy groupBy';
|
||||||
|
|
17
third_party/nixpkgs/lib/licenses.nix
vendored
17
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -114,6 +114,16 @@ in mkLicense lset) ({
|
||||||
fullName = "Bitstream Vera Font License";
|
fullName = "Bitstream Vera Font License";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
bitTorrent10 = {
|
||||||
|
spdxId = "BitTorrent-1.0";
|
||||||
|
fullName = " BitTorrent Open Source License v1.0";
|
||||||
|
};
|
||||||
|
|
||||||
|
bitTorrent11 = {
|
||||||
|
spdxId = "BitTorrent-1.1";
|
||||||
|
fullName = " BitTorrent Open Source License v1.1";
|
||||||
|
};
|
||||||
|
|
||||||
bola11 = {
|
bola11 = {
|
||||||
url = "https://blitiri.com.ar/p/bola/";
|
url = "https://blitiri.com.ar/p/bola/";
|
||||||
fullName = "Buena Onda License Agreement 1.1";
|
fullName = "Buena Onda License Agreement 1.1";
|
||||||
|
@ -333,6 +343,13 @@ in mkLicense lset) ({
|
||||||
free = false;
|
free = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ecl20 = {
|
||||||
|
fullName = "Educational Community License, Version 2.0";
|
||||||
|
url = "https://opensource.org/licenses/ECL-2.0";
|
||||||
|
shortName = "ECL 2.0";
|
||||||
|
spdxId = "ECL-2.0";
|
||||||
|
};
|
||||||
|
|
||||||
efl10 = {
|
efl10 = {
|
||||||
spdxId = "EFL-1.0";
|
spdxId = "EFL-1.0";
|
||||||
fullName = "Eiffel Forum License v1.0";
|
fullName = "Eiffel Forum License v1.0";
|
||||||
|
|
12
third_party/nixpkgs/lib/lists.nix
vendored
12
third_party/nixpkgs/lib/lists.nix
vendored
|
@ -303,6 +303,18 @@ rec {
|
||||||
else
|
else
|
||||||
genList (n: first + n) (last - first + 1);
|
genList (n: first + n) (last - first + 1);
|
||||||
|
|
||||||
|
/* Return a list with `n` copies of an element.
|
||||||
|
|
||||||
|
Type: replicate :: int -> a -> [a]
|
||||||
|
|
||||||
|
Example:
|
||||||
|
replicate 3 "a"
|
||||||
|
=> [ "a" "a" "a" ]
|
||||||
|
replicate 2 true
|
||||||
|
=> [ true true ]
|
||||||
|
*/
|
||||||
|
replicate = n: elem: genList (_: elem) n;
|
||||||
|
|
||||||
/* Splits the elements of a list in two lists, `right` and
|
/* Splits the elements of a list in two lists, `right` and
|
||||||
`wrong`, depending on the evaluation of a predicate.
|
`wrong`, depending on the evaluation of a predicate.
|
||||||
|
|
||||||
|
|
70
third_party/nixpkgs/lib/path/default.nix
vendored
70
third_party/nixpkgs/lib/path/default.nix
vendored
|
@ -4,6 +4,7 @@ let
|
||||||
|
|
||||||
inherit (builtins)
|
inherit (builtins)
|
||||||
isString
|
isString
|
||||||
|
isPath
|
||||||
split
|
split
|
||||||
match
|
match
|
||||||
;
|
;
|
||||||
|
@ -25,6 +26,10 @@ let
|
||||||
assertMsg
|
assertMsg
|
||||||
;
|
;
|
||||||
|
|
||||||
|
inherit (lib.path.subpath)
|
||||||
|
isValid
|
||||||
|
;
|
||||||
|
|
||||||
# Return the reason why a subpath is invalid, or `null` if it's valid
|
# Return the reason why a subpath is invalid, or `null` if it's valid
|
||||||
subpathInvalidReason = value:
|
subpathInvalidReason = value:
|
||||||
if ! isString value then
|
if ! isString value then
|
||||||
|
@ -94,6 +99,52 @@ let
|
||||||
|
|
||||||
in /* No rec! Add dependencies on this file at the top. */ {
|
in /* No rec! Add dependencies on this file at the top. */ {
|
||||||
|
|
||||||
|
/* Append a subpath string to a path.
|
||||||
|
|
||||||
|
Like `path + ("/" + string)` but safer, because it errors instead of returning potentially surprising results.
|
||||||
|
More specifically, it checks that the first argument is a [path value type](https://nixos.org/manual/nix/stable/language/values.html#type-path"),
|
||||||
|
and that the second argument is a valid subpath string (see `lib.path.subpath.isValid`).
|
||||||
|
|
||||||
|
Type:
|
||||||
|
append :: Path -> String -> Path
|
||||||
|
|
||||||
|
Example:
|
||||||
|
append /foo "bar/baz"
|
||||||
|
=> /foo/bar/baz
|
||||||
|
|
||||||
|
# subpaths don't need to be normalised
|
||||||
|
append /foo "./bar//baz/./"
|
||||||
|
=> /foo/bar/baz
|
||||||
|
|
||||||
|
# can append to root directory
|
||||||
|
append /. "foo/bar"
|
||||||
|
=> /foo/bar
|
||||||
|
|
||||||
|
# first argument needs to be a path value type
|
||||||
|
append "/foo" "bar"
|
||||||
|
=> <error>
|
||||||
|
|
||||||
|
# second argument needs to be a valid subpath string
|
||||||
|
append /foo /bar
|
||||||
|
=> <error>
|
||||||
|
append /foo ""
|
||||||
|
=> <error>
|
||||||
|
append /foo "/bar"
|
||||||
|
=> <error>
|
||||||
|
append /foo "../bar"
|
||||||
|
=> <error>
|
||||||
|
*/
|
||||||
|
append =
|
||||||
|
# The absolute path to append to
|
||||||
|
path:
|
||||||
|
# The subpath string to append
|
||||||
|
subpath:
|
||||||
|
assert assertMsg (isPath path) ''
|
||||||
|
lib.path.append: The first argument is of type ${builtins.typeOf path}, but a path was expected'';
|
||||||
|
assert assertMsg (isValid subpath) ''
|
||||||
|
lib.path.append: Second argument is not a valid subpath string:
|
||||||
|
${subpathInvalidReason subpath}'';
|
||||||
|
path + ("/" + subpath);
|
||||||
|
|
||||||
/* Whether a value is a valid subpath string.
|
/* Whether a value is a valid subpath string.
|
||||||
|
|
||||||
|
@ -133,7 +184,9 @@ in /* No rec! Add dependencies on this file at the top. */ {
|
||||||
subpath.isValid "./foo//bar/"
|
subpath.isValid "./foo//bar/"
|
||||||
=> true
|
=> true
|
||||||
*/
|
*/
|
||||||
subpath.isValid = value:
|
subpath.isValid =
|
||||||
|
# The value to check
|
||||||
|
value:
|
||||||
subpathInvalidReason value == null;
|
subpathInvalidReason value == null;
|
||||||
|
|
||||||
|
|
||||||
|
@ -150,11 +203,11 @@ in /* No rec! Add dependencies on this file at the top. */ {
|
||||||
|
|
||||||
Laws:
|
Laws:
|
||||||
|
|
||||||
- (Idempotency) Normalising multiple times gives the same result:
|
- Idempotency - normalising multiple times gives the same result:
|
||||||
|
|
||||||
subpath.normalise (subpath.normalise p) == subpath.normalise p
|
subpath.normalise (subpath.normalise p) == subpath.normalise p
|
||||||
|
|
||||||
- (Uniqueness) There's only a single normalisation for the paths that lead to the same file system node:
|
- Uniqueness - there's only a single normalisation for the paths that lead to the same file system node:
|
||||||
|
|
||||||
subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q})
|
subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q})
|
||||||
|
|
||||||
|
@ -210,9 +263,12 @@ in /* No rec! Add dependencies on this file at the top. */ {
|
||||||
subpath.normalise "/foo"
|
subpath.normalise "/foo"
|
||||||
=> <error>
|
=> <error>
|
||||||
*/
|
*/
|
||||||
subpath.normalise = path:
|
subpath.normalise =
|
||||||
assert assertMsg (subpathInvalidReason path == null)
|
# The subpath string to normalise
|
||||||
"lib.path.subpath.normalise: Argument is not a valid subpath string: ${subpathInvalidReason path}";
|
subpath:
|
||||||
joinRelPath (splitRelPath path);
|
assert assertMsg (isValid subpath) ''
|
||||||
|
lib.path.subpath.normalise: Argument is not a valid subpath string:
|
||||||
|
${subpathInvalidReason subpath}'';
|
||||||
|
joinRelPath (splitRelPath subpath);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
40
third_party/nixpkgs/lib/path/tests/unit.nix
vendored
40
third_party/nixpkgs/lib/path/tests/unit.nix
vendored
|
@ -3,9 +3,44 @@
|
||||||
{ libpath }:
|
{ libpath }:
|
||||||
let
|
let
|
||||||
lib = import libpath;
|
lib = import libpath;
|
||||||
inherit (lib.path) subpath;
|
inherit (lib.path) append subpath;
|
||||||
|
|
||||||
cases = lib.runTests {
|
cases = lib.runTests {
|
||||||
|
# Test examples from the lib.path.append documentation
|
||||||
|
testAppendExample1 = {
|
||||||
|
expr = append /foo "bar/baz";
|
||||||
|
expected = /foo/bar/baz;
|
||||||
|
};
|
||||||
|
testAppendExample2 = {
|
||||||
|
expr = append /foo "./bar//baz/./";
|
||||||
|
expected = /foo/bar/baz;
|
||||||
|
};
|
||||||
|
testAppendExample3 = {
|
||||||
|
expr = append /. "foo/bar";
|
||||||
|
expected = /foo/bar;
|
||||||
|
};
|
||||||
|
testAppendExample4 = {
|
||||||
|
expr = (builtins.tryEval (append "/foo" "bar")).success;
|
||||||
|
expected = false;
|
||||||
|
};
|
||||||
|
testAppendExample5 = {
|
||||||
|
expr = (builtins.tryEval (append /foo /bar)).success;
|
||||||
|
expected = false;
|
||||||
|
};
|
||||||
|
testAppendExample6 = {
|
||||||
|
expr = (builtins.tryEval (append /foo "")).success;
|
||||||
|
expected = false;
|
||||||
|
};
|
||||||
|
testAppendExample7 = {
|
||||||
|
expr = (builtins.tryEval (append /foo "/bar")).success;
|
||||||
|
expected = false;
|
||||||
|
};
|
||||||
|
testAppendExample8 = {
|
||||||
|
expr = (builtins.tryEval (append /foo "../bar")).success;
|
||||||
|
expected = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Test examples from the lib.path.subpath.isValid documentation
|
||||||
testSubpathIsValidExample1 = {
|
testSubpathIsValidExample1 = {
|
||||||
expr = subpath.isValid null;
|
expr = subpath.isValid null;
|
||||||
expected = false;
|
expected = false;
|
||||||
|
@ -30,6 +65,7 @@ let
|
||||||
expr = subpath.isValid "./foo//bar/";
|
expr = subpath.isValid "./foo//bar/";
|
||||||
expected = true;
|
expected = true;
|
||||||
};
|
};
|
||||||
|
# Some extra tests
|
||||||
testSubpathIsValidTwoDotsEnd = {
|
testSubpathIsValidTwoDotsEnd = {
|
||||||
expr = subpath.isValid "foo/..";
|
expr = subpath.isValid "foo/..";
|
||||||
expected = false;
|
expected = false;
|
||||||
|
@ -71,6 +107,7 @@ let
|
||||||
expected = true;
|
expected = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Test examples from the lib.path.subpath.normalise documentation
|
||||||
testSubpathNormaliseExample1 = {
|
testSubpathNormaliseExample1 = {
|
||||||
expr = subpath.normalise "foo//bar";
|
expr = subpath.normalise "foo//bar";
|
||||||
expected = "./foo/bar";
|
expected = "./foo/bar";
|
||||||
|
@ -107,6 +144,7 @@ let
|
||||||
expr = (builtins.tryEval (subpath.normalise "/foo")).success;
|
expr = (builtins.tryEval (subpath.normalise "/foo")).success;
|
||||||
expected = false;
|
expected = false;
|
||||||
};
|
};
|
||||||
|
# Some extra tests
|
||||||
testSubpathNormaliseIsValidDots = {
|
testSubpathNormaliseIsValidDots = {
|
||||||
expr = subpath.normalise "./foo/.bar/.../baz...qux";
|
expr = subpath.normalise "./foo/.bar/.../baz...qux";
|
||||||
expected = "./foo/.bar/.../baz...qux";
|
expected = "./foo/.bar/.../baz...qux";
|
||||||
|
|
5
third_party/nixpkgs/lib/tests/misc.nix
vendored
5
third_party/nixpkgs/lib/tests/misc.nix
vendored
|
@ -479,6 +479,11 @@ runTests {
|
||||||
expected = [2 30 40 42];
|
expected = [2 30 40 42];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
testReplicate = {
|
||||||
|
expr = replicate 3 "a";
|
||||||
|
expected = ["a" "a" "a"];
|
||||||
|
};
|
||||||
|
|
||||||
testToIntShouldConvertStringToInt = {
|
testToIntShouldConvertStringToInt = {
|
||||||
expr = toInt "27";
|
expr = toInt "27";
|
||||||
expected = 27;
|
expected = 27;
|
||||||
|
|
|
@ -693,6 +693,15 @@
|
||||||
fingerprint = "7FDB 17B3 C29B 5BA6 E5A9 8BB2 9FAA 63E0 9750 6D9D";
|
fingerprint = "7FDB 17B3 C29B 5BA6 E5A9 8BB2 9FAA 63E0 9750 6D9D";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
Alper-Celik = {
|
||||||
|
email = "dev.alpercelik@gmail.com";
|
||||||
|
name = "Alper Çelik";
|
||||||
|
github = "Alper-Celik";
|
||||||
|
githubId = 110625473;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "6B69 19DD CEE0 FAF3 5C9F 2984 FA90 C0AB 738A B873";
|
||||||
|
}];
|
||||||
|
};
|
||||||
almac = {
|
almac = {
|
||||||
email = "alma.cemerlic@gmail.com";
|
email = "alma.cemerlic@gmail.com";
|
||||||
github = "a1mac";
|
github = "a1mac";
|
||||||
|
@ -2325,6 +2334,12 @@
|
||||||
githubId = 3212452;
|
githubId = 3212452;
|
||||||
name = "Cameron Nemo";
|
name = "Cameron Nemo";
|
||||||
};
|
};
|
||||||
|
camillemndn = {
|
||||||
|
email = "camillemondon@free.fr";
|
||||||
|
github = "camillemndn";
|
||||||
|
githubId = 26444818;
|
||||||
|
name = "Camille M.";
|
||||||
|
};
|
||||||
campadrenalin = {
|
campadrenalin = {
|
||||||
email = "campadrenalin@gmail.com";
|
email = "campadrenalin@gmail.com";
|
||||||
github = "campadrenalin";
|
github = "campadrenalin";
|
||||||
|
@ -5105,6 +5120,12 @@
|
||||||
githubId = 36706276;
|
githubId = 36706276;
|
||||||
name = "Fufezan Mihai";
|
name = "Fufezan Mihai";
|
||||||
};
|
};
|
||||||
|
fugi = {
|
||||||
|
email = "me@fugi.dev";
|
||||||
|
github = "FugiMuffi";
|
||||||
|
githubId = 21362942;
|
||||||
|
name = "Fugi";
|
||||||
|
};
|
||||||
fusion809 = {
|
fusion809 = {
|
||||||
email = "brentonhorne77@gmail.com";
|
email = "brentonhorne77@gmail.com";
|
||||||
github = "fusion809";
|
github = "fusion809";
|
||||||
|
@ -5242,6 +5263,15 @@
|
||||||
githubId = 313929;
|
githubId = 313929;
|
||||||
name = "Gabriel Ebner";
|
name = "Gabriel Ebner";
|
||||||
};
|
};
|
||||||
|
genericnerdyusername = {
|
||||||
|
name = "GenericNerdyUsername";
|
||||||
|
email = "genericnerdyusername@proton.me";
|
||||||
|
github = "GenericNerdyUsername";
|
||||||
|
githubId = 111183546;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "58CE D4BE 6B10 149E DA80 A990 2F48 6356 A4CB 30F3";
|
||||||
|
}];
|
||||||
|
};
|
||||||
genofire = {
|
genofire = {
|
||||||
name = "genofire";
|
name = "genofire";
|
||||||
email = "geno+dev@fireorbit.de";
|
email = "geno+dev@fireorbit.de";
|
||||||
|
@ -6050,6 +6080,12 @@
|
||||||
githubId = 1592375;
|
githubId = 1592375;
|
||||||
name = "Walter Huf";
|
name = "Walter Huf";
|
||||||
};
|
};
|
||||||
|
hughobrien = {
|
||||||
|
email = "github@hughobrien.ie";
|
||||||
|
github = "hughobrien";
|
||||||
|
githubId = 3400690;
|
||||||
|
name = "Hugh O'Brien";
|
||||||
|
};
|
||||||
hugolgst = {
|
hugolgst = {
|
||||||
email = "hugo.lageneste@pm.me";
|
email = "hugo.lageneste@pm.me";
|
||||||
github = "hugolgst";
|
github = "hugolgst";
|
||||||
|
@ -6626,6 +6662,12 @@
|
||||||
github = "jayeshbhoot";
|
github = "jayeshbhoot";
|
||||||
githubId = 1915507;
|
githubId = 1915507;
|
||||||
};
|
};
|
||||||
|
jayman2000 = {
|
||||||
|
email = "jason@jasonyundt.email";
|
||||||
|
github = "Jayman2000";
|
||||||
|
githubId = 5579359;
|
||||||
|
name = "Jason Yundt";
|
||||||
|
};
|
||||||
jb55 = {
|
jb55 = {
|
||||||
email = "jb55@jb55.com";
|
email = "jb55@jb55.com";
|
||||||
github = "jb55";
|
github = "jb55";
|
||||||
|
@ -7003,6 +7045,12 @@
|
||||||
githubId = 2308444;
|
githubId = 2308444;
|
||||||
name = "Joshua Gilman";
|
name = "Joshua Gilman";
|
||||||
};
|
};
|
||||||
|
jnsgruk = {
|
||||||
|
email = "jon@sgrs.uk";
|
||||||
|
github = "jnsgruk";
|
||||||
|
githubId = 668505;
|
||||||
|
name = "Jon Seager";
|
||||||
|
};
|
||||||
jo1gi = {
|
jo1gi = {
|
||||||
email = "joakimholm@protonmail.com";
|
email = "joakimholm@protonmail.com";
|
||||||
github = "jo1gi";
|
github = "jo1gi";
|
||||||
|
@ -8906,8 +8954,8 @@
|
||||||
githubId = 2914269;
|
githubId = 2914269;
|
||||||
name = "Malo Bourgon";
|
name = "Malo Bourgon";
|
||||||
};
|
};
|
||||||
malvo = {
|
malte-v = {
|
||||||
email = "malte@malvo.org";
|
email = "nixpkgs@mal.tc";
|
||||||
github = "malte-v";
|
github = "malte-v";
|
||||||
githubId = 34393802;
|
githubId = 34393802;
|
||||||
name = "Malte Voos";
|
name = "Malte Voos";
|
||||||
|
@ -9975,6 +10023,12 @@
|
||||||
githubId = 3073833;
|
githubId = 3073833;
|
||||||
name = "Massimo Redaelli";
|
name = "Massimo Redaelli";
|
||||||
};
|
};
|
||||||
|
mrityunjaygr8 = {
|
||||||
|
email = "mrityunjaysaxena1996@gmail.com";
|
||||||
|
github = "mrityunjaygr8";
|
||||||
|
name = "Mrityunjay Saxena";
|
||||||
|
githubId = 14573967;
|
||||||
|
};
|
||||||
mrkkrp = {
|
mrkkrp = {
|
||||||
email = "markkarpov92@gmail.com";
|
email = "markkarpov92@gmail.com";
|
||||||
github = "mrkkrp";
|
github = "mrkkrp";
|
||||||
|
@ -12874,6 +12928,12 @@
|
||||||
githubId = 6022042;
|
githubId = 6022042;
|
||||||
name = "Sam Parkinson";
|
name = "Sam Parkinson";
|
||||||
};
|
};
|
||||||
|
samhug = {
|
||||||
|
email = "s@m-h.ug";
|
||||||
|
github = "samhug";
|
||||||
|
githubId = 171470;
|
||||||
|
name = "Sam Hug";
|
||||||
|
};
|
||||||
samlich = {
|
samlich = {
|
||||||
email = "nixos@samli.ch";
|
email = "nixos@samli.ch";
|
||||||
github = "samlich";
|
github = "samlich";
|
||||||
|
@ -13092,7 +13152,7 @@
|
||||||
github = "Scrumplex";
|
github = "Scrumplex";
|
||||||
githubId = 11587657;
|
githubId = 11587657;
|
||||||
keys = [{
|
keys = [{
|
||||||
fingerprint = "AF1F B107 E188 CB97 9A94 FD7F C104 1129 4912 A422";
|
fingerprint = "E173 237A C782 296D 98F5 ADAC E13D FD4B 4712 7951";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
scubed2 = {
|
scubed2 = {
|
||||||
|
@ -13210,6 +13270,12 @@
|
||||||
githubId = 38824235;
|
githubId = 38824235;
|
||||||
name = "Serge Belov";
|
name = "Serge Belov";
|
||||||
};
|
};
|
||||||
|
serge_sans_paille = {
|
||||||
|
email = "serge.guelton@telecom-bretagne.eu";
|
||||||
|
github = "serge-sans-paille";
|
||||||
|
githubId = 863807;
|
||||||
|
name = "Serge Guelton";
|
||||||
|
};
|
||||||
sersorrel = {
|
sersorrel = {
|
||||||
email = "ash@sorrel.sh";
|
email = "ash@sorrel.sh";
|
||||||
github = "sersorrel";
|
github = "sersorrel";
|
||||||
|
@ -13302,6 +13368,12 @@
|
||||||
githubId = 16765155;
|
githubId = 16765155;
|
||||||
name = "Shardul Baral";
|
name = "Shardul Baral";
|
||||||
};
|
};
|
||||||
|
sharzy = {
|
||||||
|
email = "me@sharzy.in";
|
||||||
|
github = "SharzyL";
|
||||||
|
githubId = 46294732;
|
||||||
|
name = "Sharzy";
|
||||||
|
};
|
||||||
shawndellysse = {
|
shawndellysse = {
|
||||||
email = "sdellysse@gmail.com";
|
email = "sdellysse@gmail.com";
|
||||||
github = "sdellysse";
|
github = "sdellysse";
|
||||||
|
@ -13627,6 +13699,12 @@
|
||||||
githubId = 57048005;
|
githubId = 57048005;
|
||||||
name = "snicket2100";
|
name = "snicket2100";
|
||||||
};
|
};
|
||||||
|
sno2wman = {
|
||||||
|
name = "SnO2WMaN";
|
||||||
|
email = "me@sno2wman.net";
|
||||||
|
github = "sno2wman";
|
||||||
|
githubId = 15155608;
|
||||||
|
};
|
||||||
snpschaaf = {
|
snpschaaf = {
|
||||||
email = "philipe.schaaf@secunet.com";
|
email = "philipe.schaaf@secunet.com";
|
||||||
name = "Philippe Schaaf";
|
name = "Philippe Schaaf";
|
||||||
|
@ -13840,6 +13918,12 @@
|
||||||
githubId = 1699155;
|
githubId = 1699155;
|
||||||
name = "Steve Elliott";
|
name = "Steve Elliott";
|
||||||
};
|
};
|
||||||
|
stefanfehrenbach = {
|
||||||
|
email = "stefan.fehrenbach@gmail.com";
|
||||||
|
github = "fehrenbach";
|
||||||
|
githubId = 203168;
|
||||||
|
name = "Stefan Fehrenbach";
|
||||||
|
};
|
||||||
stehessel = {
|
stehessel = {
|
||||||
email = "stephan@stehessel.de";
|
email = "stephan@stehessel.de";
|
||||||
github = "stehessel";
|
github = "stehessel";
|
||||||
|
@ -15240,6 +15324,12 @@
|
||||||
githubId = 27813;
|
githubId = 27813;
|
||||||
name = "Vincent Breitmoser";
|
name = "Vincent Breitmoser";
|
||||||
};
|
};
|
||||||
|
vamega = {
|
||||||
|
email = "github@madiathv.com";
|
||||||
|
github = "vamega";
|
||||||
|
githubId = 223408;
|
||||||
|
name = "Varun Madiath";
|
||||||
|
};
|
||||||
vandenoever = {
|
vandenoever = {
|
||||||
email = "jos@vandenoever.info";
|
email = "jos@vandenoever.info";
|
||||||
github = "vandenoever";
|
github = "vandenoever";
|
||||||
|
|
|
@ -54,4 +54,4 @@ run this command to do the same thing.
|
||||||
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
||||||
```
|
```
|
||||||
|
|
||||||
A log-out and re-log will be needed for this to take effect.
|
It is necessary to log out and log in again for this to take effect.
|
||||||
|
|
28
third_party/nixpkgs/nixos/doc/manual/default.nix
vendored
28
third_party/nixpkgs/nixos/doc/manual/default.nix
vendored
|
@ -21,6 +21,8 @@ let
|
||||||
withManOptDedupPatch = true;
|
withManOptDedupPatch = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
manpageUrls = pkgs.path + "/doc/manpage-urls.json";
|
||||||
|
|
||||||
# We need to strip references to /nix/store/* from options,
|
# We need to strip references to /nix/store/* from options,
|
||||||
# including any `extraSources` if some modules came from elsewhere,
|
# including any `extraSources` if some modules came from elsewhere,
|
||||||
# or else the build will fail.
|
# or else the build will fail.
|
||||||
|
@ -48,7 +50,7 @@ let
|
||||||
};
|
};
|
||||||
in buildPackages.nixosOptionsDoc {
|
in buildPackages.nixosOptionsDoc {
|
||||||
inherit (eval) options;
|
inherit (eval) options;
|
||||||
inherit (revision);
|
inherit revision;
|
||||||
transformOptions = opt: opt // {
|
transformOptions = opt: opt // {
|
||||||
# Clean up declaration sites to not refer to the NixOS source tree.
|
# Clean up declaration sites to not refer to the NixOS source tree.
|
||||||
declarations =
|
declarations =
|
||||||
|
@ -72,7 +74,7 @@ let
|
||||||
nativeBuildInputs = [ pkgs.nixos-render-docs ];
|
nativeBuildInputs = [ pkgs.nixos-render-docs ];
|
||||||
} ''
|
} ''
|
||||||
nixos-render-docs manual docbook \
|
nixos-render-docs manual docbook \
|
||||||
--manpage-urls ${pkgs.path + "/doc/manpage-urls.json"} \
|
--manpage-urls ${manpageUrls} \
|
||||||
"$out" \
|
"$out" \
|
||||||
--section \
|
--section \
|
||||||
--section-id modules \
|
--section-id modules \
|
||||||
|
@ -254,12 +256,22 @@ in rec {
|
||||||
# Generate the NixOS manpages.
|
# Generate the NixOS manpages.
|
||||||
manpages = runCommand "nixos-manpages"
|
manpages = runCommand "nixos-manpages"
|
||||||
{ inherit sources;
|
{ inherit sources;
|
||||||
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
|
nativeBuildInputs = [
|
||||||
|
buildPackages.installShellFiles
|
||||||
|
] ++ lib.optionals allowDocBook [
|
||||||
|
buildPackages.libxml2.bin
|
||||||
|
buildPackages.libxslt.bin
|
||||||
|
] ++ lib.optionals (! allowDocBook) [
|
||||||
|
buildPackages.nixos-render-docs
|
||||||
|
];
|
||||||
allowedReferences = ["out"];
|
allowedReferences = ["out"];
|
||||||
}
|
}
|
||||||
''
|
''
|
||||||
# Generate manpages.
|
# Generate manpages.
|
||||||
mkdir -p $out/share/man
|
mkdir -p $out/share/man/man8
|
||||||
|
installManPage ${./manpages}/*
|
||||||
|
${if allowDocBook
|
||||||
|
then ''
|
||||||
xsltproc --nonet \
|
xsltproc --nonet \
|
||||||
--maxdepth 6000 \
|
--maxdepth 6000 \
|
||||||
--param man.output.in.separate.dir 1 \
|
--param man.output.in.separate.dir 1 \
|
||||||
|
@ -268,6 +280,14 @@ in rec {
|
||||||
--param man.break.after.slash 1 \
|
--param man.break.after.slash 1 \
|
||||||
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
|
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
|
||||||
${manual-combined}/man-pages-combined.xml
|
${manual-combined}/man-pages-combined.xml
|
||||||
|
''
|
||||||
|
else ''
|
||||||
|
mkdir -p $out/share/man/man5
|
||||||
|
nixos-render-docs options manpage \
|
||||||
|
--revision ${lib.escapeShellArg revision} \
|
||||||
|
${optionsJSON}/share/doc/nixos/options.json \
|
||||||
|
$out/share/man/man5/configuration.nix.5
|
||||||
|
''}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -63,7 +63,8 @@ Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with db
|
||||||
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
||||||
</programlisting>
|
</programlisting>
|
||||||
<para>
|
<para>
|
||||||
A log-out and re-log will be needed for this to take effect.
|
It is necessary to log out and log in again for this to take
|
||||||
|
effect.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -116,8 +116,8 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<link xlink:href="https://dm3mat.darc.de/qdmr/">QDMR</link>, a
|
<link xlink:href="https://dm3mat.darc.de/qdmr/">QDMR</link>, a
|
||||||
gui application and command line tool for programming cheap
|
GUI application and command line tool for programming DMR
|
||||||
DMR radios
|
radios
|
||||||
<link linkend="opt-programs.qdmr.enable">programs.qdmr</link>
|
<link linkend="opt-programs.qdmr.enable">programs.qdmr</link>
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -152,6 +152,15 @@
|
||||||
are met, or not met.
|
are met, or not met.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://github.com/parvardegr/sharing">sharing</link>,
|
||||||
|
a command-line tool to share directories and files from the
|
||||||
|
CLI to iOS and Android devices without the need of an extra
|
||||||
|
client app. Available as
|
||||||
|
<link linkend="opt-programs.sharing.enable">programs.sharing</link>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="sec-release-23.05-incompatibilities">
|
<section xml:id="sec-release-23.05-incompatibilities">
|
||||||
|
@ -189,7 +198,22 @@
|
||||||
<literal>doInstallCheck</literal> is set. (Note that this
|
<literal>doInstallCheck</literal> is set. (Note that this
|
||||||
change will not cause breakage to derivations with
|
change will not cause breakage to derivations with
|
||||||
<literal>strictDeps</literal> unset, which are most packages
|
<literal>strictDeps</literal> unset, which are most packages
|
||||||
except python, rust and go packages).
|
except python, rust, ocaml and go packages).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>buildDunePackage</literal> now defaults to
|
||||||
|
<literal>strictDeps = true</literal> which means that any
|
||||||
|
library should go into <literal>buildInputs</literal> or
|
||||||
|
<literal>checkInputs</literal>. Any executable that is run on
|
||||||
|
the building machine should go into
|
||||||
|
<literal>nativeBuildInputs</literal> or
|
||||||
|
<literal>nativeCheckInputs</literal> respectively. Example of
|
||||||
|
executables are <literal>ocaml</literal>,
|
||||||
|
<literal>findlib</literal> and <literal>menhir</literal>. PPXs
|
||||||
|
are libraries which are built by dune and should therefore not
|
||||||
|
go into <literal>nativeBuildInputs</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -397,6 +421,16 @@
|
||||||
attribute name.
|
attribute name.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Nebula now runs as a system user and group created for each
|
||||||
|
nebula network, using the <literal>CAP_NET_ADMIN</literal>
|
||||||
|
ambient capability on launch rather than starting as root.
|
||||||
|
Ensure that any files each Nebula instance needs to access are
|
||||||
|
owned by the correct user and group, by default
|
||||||
|
<literal>nebula-${networkName}</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
In <literal>mastodon</literal> it is now necessary to specify
|
In <literal>mastodon</literal> it is now necessary to specify
|
||||||
|
@ -488,19 +522,72 @@
|
||||||
<para>
|
<para>
|
||||||
A few openssh options have been moved from extraConfig to the
|
A few openssh options have been moved from extraConfig to the
|
||||||
new freeform option <literal>settings</literal> and renamed as
|
new freeform option <literal>settings</literal> and renamed as
|
||||||
follow:
|
follows:
|
||||||
<literal>services.openssh.kbdInteractiveAuthentication</literal>
|
|
||||||
to
|
|
||||||
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>,
|
|
||||||
<literal>services.openssh.passwordAuthentication</literal> to
|
|
||||||
<literal>services.openssh.settings.PasswordAuthentication</literal>,
|
|
||||||
<literal>services.openssh.useDns</literal> to
|
|
||||||
<literal>services.openssh.settings.UseDns</literal>,
|
|
||||||
<literal>services.openssh.permitRootLogin</literal> to
|
|
||||||
<literal>services.openssh.settings.PermitRootLogin</literal>,
|
|
||||||
<literal>services.openssh.logLevel</literal> to
|
|
||||||
<literal>services.openssh.settings.LogLevel</literal>.
|
|
||||||
</para>
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.forwardX11</literal> to
|
||||||
|
<literal>services.openssh.settings.X11Forwarding</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.kbdInteractiveAuthentication</literal>
|
||||||
|
->
|
||||||
|
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.passwordAuthentication</literal>
|
||||||
|
to
|
||||||
|
<literal>services.openssh.settings.PasswordAuthentication</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.useDns</literal> to
|
||||||
|
<literal>services.openssh.settings.UseDns</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.permitRootLogin</literal> to
|
||||||
|
<literal>services.openssh.settings.PermitRootLogin</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.logLevel</literal> to
|
||||||
|
<literal>services.openssh.settings.LogLevel</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.kexAlgorithms</literal> to
|
||||||
|
<literal>services.openssh.settings.KexAlgorithms</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.macs</literal> to
|
||||||
|
<literal>services.openssh.settings.Macs</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.ciphers</literal> to
|
||||||
|
<literal>services.openssh.settings.Ciphers</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.openssh.gatewayPorts</literal> to
|
||||||
|
<literal>services.openssh.settings.GatewayPorts</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
|
@ -675,6 +762,13 @@
|
||||||
conversion.
|
conversion.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Grafana Tempo has been updated to version 2.0. See the
|
||||||
|
<link xlink:href="https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations">upstream
|
||||||
|
upgrade guide</link> for migration instructions.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
A new <literal>virtualisation.rosetta</literal> module was
|
A new <literal>virtualisation.rosetta</literal> module was
|
||||||
|
@ -772,6 +866,18 @@
|
||||||
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>.
|
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Nebula now supports the
|
||||||
|
<literal>services.nebula.networks.<name>.isRelay</literal>
|
||||||
|
and
|
||||||
|
<literal>services.nebula.networks.<name>.relays</literal>
|
||||||
|
configuration options for setting up or allowing traffic
|
||||||
|
relaying. See the
|
||||||
|
<link xlink:href="https://www.defined.net/blog/announcing-relay-support-in-nebula/">announcement</link>
|
||||||
|
for more details about relays.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>hip</literal> has been separated into
|
<literal>hip</literal> has been separated into
|
||||||
|
@ -808,6 +914,60 @@
|
||||||
(<link linkend="opt-services.fwupd.daemonSettings"><literal>services.fwupd.daemonSettings</literal></link>).
|
(<link linkend="opt-services.fwupd.daemonSettings"><literal>services.fwupd.daemonSettings</literal></link>).
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>zramSwap</literal> is now implemented with
|
||||||
|
<literal>zram-generator</literal>, and the option
|
||||||
|
<literal>zramSwap.numDevices</literal> for using ZRAM devices
|
||||||
|
as general purpose ephemeral block devices has been removed.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
As Singularity has renamed to
|
||||||
|
<link xlink:href="https://apptainer.org/news/community-announcement-20211130">Apptainer</link>
|
||||||
|
to distinguish from
|
||||||
|
<link xlink:href="https://sylabs.io/2021/05/singularity-community-edition">an
|
||||||
|
un-renamed fork by Sylabs Inc.</link>, there are now two
|
||||||
|
packages of Singularity/Apptainer:
|
||||||
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>apptainer</literal>: From
|
||||||
|
<literal>github.com/apptainer/apptainer</literal>, which
|
||||||
|
is the new repo after renaming.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>singularity</literal>: From
|
||||||
|
<literal>github.com/sylabs/singularity</literal>, which is
|
||||||
|
the fork by Sylabs Inc..
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
<para>
|
||||||
|
<literal>programs.singularity</literal> got a new
|
||||||
|
<literal>package</literal> option to specify which package to
|
||||||
|
use.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<literal>singularity-tools.buildImage</literal> got a new
|
||||||
|
input argument <literal>singularity</literal> to specify which
|
||||||
|
package to use.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The new option
|
||||||
|
<literal>programs.singularity.enableFakeroot</literal>, if set
|
||||||
|
to <literal>true</literal>, provides
|
||||||
|
<literal>--fakeroot</literal> support for
|
||||||
|
<literal>apptainer</literal> and
|
||||||
|
<literal>singularity</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The <literal>unifi-poller</literal> package and corresponding
|
The <literal>unifi-poller</literal> package and corresponding
|
||||||
|
@ -836,6 +996,12 @@
|
||||||
<literal>libax25</literal> package.
|
<literal>libax25</literal> package.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>tvbrowser-bin</literal> was removed, and now
|
||||||
|
<literal>tvbrowser</literal> is built from source.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>nixos-version</literal> now accepts
|
<literal>nixos-version</literal> now accepts
|
||||||
|
@ -850,6 +1016,13 @@
|
||||||
been fixed to allow more than one plugin in the path.
|
been fixed to allow more than one plugin in the path.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The option
|
||||||
|
<literal>services.prometheus.exporters.pihole.interval</literal>
|
||||||
|
does not exist anymore and has been removed.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
|
@ -1,138 +0,0 @@
|
||||||
<refentry xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
||||||
<refmeta>
|
|
||||||
<refentrytitle><command>nixos-build-vms</command>
|
|
||||||
</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
|
||||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
|
||||||
</refmeta>
|
|
||||||
<refnamediv>
|
|
||||||
<refname><command>nixos-build-vms</command></refname>
|
|
||||||
<refpurpose>build a network of virtual machines from a network of NixOS configurations</refpurpose>
|
|
||||||
</refnamediv>
|
|
||||||
<refsynopsisdiv>
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>nixos-build-vms</command>
|
|
||||||
<arg>
|
|
||||||
<option>--show-trace</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--no-out-link</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--help</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--option</option>
|
|
||||||
<replaceable>name</replaceable>
|
|
||||||
<replaceable>value</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice="plain">
|
|
||||||
<replaceable>network.nix</replaceable>
|
|
||||||
</arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
</refsynopsisdiv>
|
|
||||||
<refsection>
|
|
||||||
<title>Description</title>
|
|
||||||
<para>
|
|
||||||
This command builds a network of QEMU-KVM virtual machines of a Nix
|
|
||||||
expression specifying a network of NixOS machines. The virtual network can
|
|
||||||
be started by executing the <filename>bin/run-vms</filename> shell script
|
|
||||||
that is generated by this command. By default, a <filename>result</filename>
|
|
||||||
symlink is produced that points to the generated virtual network.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
A network Nix expression has the following structure:
|
|
||||||
<screen>
|
|
||||||
{
|
|
||||||
test1 = {pkgs, config, ...}:
|
|
||||||
{
|
|
||||||
services.openssh.enable = true;
|
|
||||||
nixpkgs.localSystem.system = "i686-linux";
|
|
||||||
deployment.targetHost = "test1.example.net";
|
|
||||||
|
|
||||||
# Other NixOS options
|
|
||||||
};
|
|
||||||
|
|
||||||
test2 = {pkgs, config, ...}:
|
|
||||||
{
|
|
||||||
services.openssh.enable = true;
|
|
||||||
services.httpd.enable = true;
|
|
||||||
environment.systemPackages = [ pkgs.lynx ];
|
|
||||||
nixpkgs.localSystem.system = "x86_64-linux";
|
|
||||||
deployment.targetHost = "test2.example.net";
|
|
||||||
|
|
||||||
# Other NixOS options
|
|
||||||
};
|
|
||||||
}
|
|
||||||
</screen>
|
|
||||||
Each attribute in the expression represents a machine in the network (e.g.
|
|
||||||
<varname>test1</varname> and <varname>test2</varname>) referring to a
|
|
||||||
function defining a NixOS configuration. In each NixOS configuration, two
|
|
||||||
attributes have a special meaning. The
|
|
||||||
<varname>deployment.targetHost</varname> specifies the address (domain name
|
|
||||||
or IP address) of the system which is used by <command>ssh</command> to
|
|
||||||
perform remote deployment operations. The
|
|
||||||
<varname>nixpkgs.localSystem.system</varname> attribute can be used to
|
|
||||||
specify an architecture for the target machine, such as
|
|
||||||
<varname>i686-linux</varname> which builds a 32-bit NixOS configuration.
|
|
||||||
Omitting this property will build the configuration for the same
|
|
||||||
architecture as the host system.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Options</title>
|
|
||||||
<para>
|
|
||||||
This command accepts the following options:
|
|
||||||
</para>
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--show-trace</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Shows a trace of the output.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--no-out-link</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Do not create a 'result' symlink.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>-h</option>, <option>--help</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Shows the usage of this command to the user.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>Set the Nix configuration option
|
|
||||||
<replaceable>name</replaceable> to <replaceable>value</replaceable>.
|
|
||||||
This overrides settings in the Nix configuration file (see
|
|
||||||
<citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
</refentry>
|
|
|
@ -1,154 +0,0 @@
|
||||||
<refentry xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
||||||
<refmeta>
|
|
||||||
<refentrytitle><command>nixos-enter</command>
|
|
||||||
</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
|
||||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
|
||||||
</refmeta>
|
|
||||||
<refnamediv>
|
|
||||||
<refname><command>nixos-enter</command></refname>
|
|
||||||
<refpurpose>run a command in a NixOS chroot environment</refpurpose>
|
|
||||||
</refnamediv>
|
|
||||||
<refsynopsisdiv>
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>nixos-enter</command>
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--root</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>root</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--system</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>system</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>-c</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>shell-command</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--silent</option>
|
|
||||||
</arg>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--help</option>
|
|
||||||
</arg>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>arguments</replaceable>
|
|
||||||
</arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
</refsynopsisdiv>
|
|
||||||
<refsection>
|
|
||||||
<title>Description</title>
|
|
||||||
<para>
|
|
||||||
This command runs a command in a NixOS chroot environment, that is, in a
|
|
||||||
filesystem hierarchy previously prepared using
|
|
||||||
<command>nixos-install</command>.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Options</title>
|
|
||||||
<para>
|
|
||||||
This command accepts the following options:
|
|
||||||
</para>
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--root</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The path to the NixOS system you want to enter. It defaults to
|
|
||||||
<filename>/mnt</filename>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--system</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The NixOS system configuration to use. It defaults to
|
|
||||||
<filename>/nix/var/nix/profiles/system</filename>. You can enter a
|
|
||||||
previous NixOS configuration by specifying a path such as
|
|
||||||
<filename>/nix/var/nix/profiles/system-106-link</filename>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--command</option>
|
|
||||||
</term>
|
|
||||||
<term>
|
|
||||||
<option>-c</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The bash command to execute.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--silent</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Suppresses all output from the activation script of the target system.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Interpret the remaining arguments as the program name and arguments to be
|
|
||||||
invoked. The program is not executed in a shell.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Examples</title>
|
|
||||||
<para>
|
|
||||||
Start an interactive shell in the NixOS installation in
|
|
||||||
<filename>/mnt</filename>:
|
|
||||||
</para>
|
|
||||||
<screen>
|
|
||||||
<prompt># </prompt>nixos-enter --root /mnt
|
|
||||||
</screen>
|
|
||||||
<para>
|
|
||||||
Run a shell command:
|
|
||||||
</para>
|
|
||||||
<screen>
|
|
||||||
<prompt># </prompt>nixos-enter -c 'ls -l /; cat /proc/mounts'
|
|
||||||
</screen>
|
|
||||||
<para>
|
|
||||||
Run a non-shell command:
|
|
||||||
</para>
|
|
||||||
<screen>
|
|
||||||
# nixos-enter -- cat /proc/mounts
|
|
||||||
</screen>
|
|
||||||
</refsection>
|
|
||||||
</refentry>
|
|
|
@ -1,214 +0,0 @@
|
||||||
<refentry xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
||||||
<refmeta>
|
|
||||||
<refentrytitle><command>nixos-generate-config</command>
|
|
||||||
</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
|
||||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
|
||||||
</refmeta>
|
|
||||||
<refnamediv>
|
|
||||||
<refname><command>nixos-generate-config</command></refname>
|
|
||||||
<refpurpose>generate NixOS configuration modules</refpurpose>
|
|
||||||
</refnamediv>
|
|
||||||
<refsynopsisdiv>
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>nixos-generate-config</command>
|
|
||||||
<arg>
|
|
||||||
<option>--force</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--root</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>root</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--dir</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>dir</replaceable>
|
|
||||||
</arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
</refsynopsisdiv>
|
|
||||||
<refsection>
|
|
||||||
<title>Description</title>
|
|
||||||
<para>
|
|
||||||
This command writes two NixOS configuration modules:
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>/etc/nixos/hardware-configuration.nix</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
This module sets NixOS configuration options based on your current
|
|
||||||
hardware configuration. In particular, it sets the
|
|
||||||
<option>fileSystem</option> option to reflect all currently mounted file
|
|
||||||
systems, the <option>swapDevices</option> option to reflect active swap
|
|
||||||
devices, and the <option>boot.initrd.*</option> options to ensure that
|
|
||||||
the initial ramdisk contains any kernel modules necessary for mounting
|
|
||||||
the root file system.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
If this file already exists, it is overwritten. Thus, you should not
|
|
||||||
modify it manually. Rather, you should include it from your
|
|
||||||
<filename>/etc/nixos/configuration.nix</filename>, and re-run
|
|
||||||
<command>nixos-generate-config</command> to update it whenever your
|
|
||||||
hardware configuration changes.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>/etc/nixos/configuration.nix</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
This is the main NixOS system configuration module. If it already
|
|
||||||
exists, it’s left unchanged. Otherwise,
|
|
||||||
<command>nixos-generate-config</command> will write a template for you
|
|
||||||
to customise.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Options</title>
|
|
||||||
<para>
|
|
||||||
This command accepts the following options:
|
|
||||||
</para>
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--root</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If this option is given, treat the directory
|
|
||||||
<replaceable>root</replaceable> as the root of the file system. This
|
|
||||||
means that configuration files will be written to
|
|
||||||
<filename><replaceable>root</replaceable>/etc/nixos</filename>, and that
|
|
||||||
any file systems outside of <replaceable>root</replaceable> are ignored
|
|
||||||
for the purpose of generating the <option>fileSystems</option> option.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--dir</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If this option is given, write the configuration files to the directory
|
|
||||||
<replaceable>dir</replaceable> instead of
|
|
||||||
<filename>/etc/nixos</filename>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--force</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Overwrite <filename>/etc/nixos/configuration.nix</filename> if it already
|
|
||||||
exists.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--no-filesystems</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Omit everything concerning file systems and swap devices from the
|
|
||||||
hardware configuration.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--show-hardware-config</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Don't generate <filename>configuration.nix</filename> or
|
|
||||||
<filename>hardware-configuration.nix</filename> and print the hardware
|
|
||||||
configuration to stdout only.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Examples</title>
|
|
||||||
<para>
|
|
||||||
This command is typically used during NixOS installation to write initial
|
|
||||||
configuration modules. For example, if you created and mounted the target
|
|
||||||
file systems on <filename>/mnt</filename> and
|
|
||||||
<filename>/mnt/boot</filename>, you would run:
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>nixos-generate-config --root /mnt
|
|
||||||
</screen>
|
|
||||||
The resulting file
|
|
||||||
<filename>/mnt/etc/nixos/hardware-configuration.nix</filename> might look
|
|
||||||
like this:
|
|
||||||
<programlisting>
|
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ <nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-label/nixos";
|
|
||||||
fsType = "ext3";
|
|
||||||
options = [ "rw" "data=ordered" "relatime" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/sda1";
|
|
||||||
fsType = "ext3";
|
|
||||||
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
[ { device = "/dev/sda2"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
nix.maxJobs = 8;
|
|
||||||
}
|
|
||||||
</programlisting>
|
|
||||||
It will also create a basic
|
|
||||||
<filename>/mnt/etc/nixos/configuration.nix</filename>, which you should edit
|
|
||||||
to customise the logical configuration of your system. This file includes
|
|
||||||
the result of the hardware scan as follows:
|
|
||||||
<programlisting>
|
|
||||||
imports = [ ./hardware-configuration.nix ];
|
|
||||||
</programlisting>
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
After installation, if your hardware configuration changes, you can run:
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>nixos-generate-config
|
|
||||||
</screen>
|
|
||||||
to update <filename>/etc/nixos/hardware-configuration.nix</filename>. Your
|
|
||||||
<filename>/etc/nixos/configuration.nix</filename> will
|
|
||||||
<emphasis>not</emphasis> be overwritten.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
</refentry>
|
|
|
@ -1,357 +0,0 @@
|
||||||
<refentry xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
||||||
<refmeta>
|
|
||||||
<refentrytitle><command>nixos-install</command>
|
|
||||||
</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
|
||||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
|
||||||
</refmeta>
|
|
||||||
<refnamediv>
|
|
||||||
<refname><command>nixos-install</command></refname>
|
|
||||||
<refpurpose>install bootloader and NixOS</refpurpose>
|
|
||||||
</refnamediv>
|
|
||||||
<refsynopsisdiv>
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>nixos-install</command>
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--verbose</option>
|
|
||||||
</arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>-v</option>
|
|
||||||
</arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>-I</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>path</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--root</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>root</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--system</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>path</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--flake</option> <replaceable>flake-uri</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'><option>--impure</option></arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--channel</option>
|
|
||||||
</arg>
|
|
||||||
<replaceable>channel</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--no-channel-copy</option>
|
|
||||||
</arg>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--no-root-password</option>
|
|
||||||
</arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--no-root-passwd</option>
|
|
||||||
</arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--no-bootloader</option>
|
|
||||||
</arg>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--max-jobs</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>-j</option>
|
|
||||||
</arg>
|
|
||||||
</group> <replaceable>number</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--cores</option> <replaceable>number</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--show-trace</option>
|
|
||||||
</arg>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--keep-going</option>
|
|
||||||
</arg>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--help</option>
|
|
||||||
</arg>
|
|
||||||
</arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
</refsynopsisdiv>
|
|
||||||
<refsection>
|
|
||||||
<title>Description</title>
|
|
||||||
<para>
|
|
||||||
This command installs NixOS in the file system mounted on
|
|
||||||
<filename>/mnt</filename>, based on the NixOS configuration specified in
|
|
||||||
<filename>/mnt/etc/nixos/configuration.nix</filename>. It performs the
|
|
||||||
following steps:
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
It copies Nix and its dependencies to
|
|
||||||
<filename>/mnt/nix/store</filename>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
It runs Nix in <filename>/mnt</filename> to build the NixOS configuration
|
|
||||||
specified in <filename>/mnt/etc/nixos/configuration.nix</filename>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
It installs the current channel <quote>nixos</quote> in the target channel
|
|
||||||
profile (unless <option>--no-channel-copy</option> is specified).
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
It installs the GRUB boot loader on the device specified in the option
|
|
||||||
<option>boot.loader.grub.device</option> (unless
|
|
||||||
<option>--no-bootloader</option> is specified), and generates a GRUB
|
|
||||||
configuration file that boots into the NixOS configuration just
|
|
||||||
installed.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
It prompts you for a password for the root account (unless
|
|
||||||
<option>--no-root-password</option> is specified).
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
This command is idempotent: if it is interrupted or fails due to a temporary
|
|
||||||
problem (e.g. a network issue), you can safely re-run it.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Options</title>
|
|
||||||
<para>
|
|
||||||
This command accepts the following options:
|
|
||||||
</para>
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>--verbose</option> / <option>-v</option></term>
|
|
||||||
<listitem>
|
|
||||||
<para>Increases the level of verbosity of diagnostic messages
|
|
||||||
printed on standard error. For each Nix operation, the information
|
|
||||||
printed on standard output is well-defined; any diagnostic
|
|
||||||
information is printed on standard error, never on standard
|
|
||||||
output.</para>
|
|
||||||
<para>Please note that this option may be specified repeatedly.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--root</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Defaults to <filename>/mnt</filename>. If this option is given, treat the
|
|
||||||
directory <replaceable>root</replaceable> as the root of the NixOS
|
|
||||||
installation.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--system</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If this option is provided, <command>nixos-install</command> will install
|
|
||||||
the specified closure rather than attempt to build one from
|
|
||||||
<filename>/mnt/etc/nixos/configuration.nix</filename>.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
The closure must be an appropriately configured NixOS system, with boot
|
|
||||||
loader and partition configuration that fits the target host. Such a
|
|
||||||
closure is typically obtained with a command such as <command>nix-build
|
|
||||||
-I nixos-config=./configuration.nix '<nixpkgs/nixos>' -A system
|
|
||||||
--no-out-link</command>
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--flake</option> <replaceable>flake-uri</replaceable>#<replaceable>name</replaceable>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build the NixOS system from the specified flake.
|
|
||||||
The flake must contain an output named
|
|
||||||
<literal>nixosConfigurations.<replaceable>name</replaceable></literal>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--channel</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If this option is provided, do not copy the current
|
|
||||||
<quote>nixos</quote> channel to the target host. Instead, use the
|
|
||||||
specified derivation.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>-I</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Add a path to the Nix expression search path. This option may be given
|
|
||||||
multiple times. See the NIX_PATH environment variable for information on
|
|
||||||
the semantics of the Nix search path. Paths added through
|
|
||||||
<replaceable>-I</replaceable> take precedence over NIX_PATH.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--max-jobs</option>
|
|
||||||
</term>
|
|
||||||
<term>
|
|
||||||
<option>-j</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Sets the maximum number of build jobs that Nix will perform in parallel
|
|
||||||
to the specified number. The default is <literal>1</literal>. A higher
|
|
||||||
value is useful on SMP systems or to exploit I/O latency.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--cores</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Sets the value of the <envar>NIX_BUILD_CORES</envar> environment variable
|
|
||||||
in the invocation of builders. Builders can use this variable at their
|
|
||||||
discretion to control the maximum amount of parallelism. For instance, in
|
|
||||||
Nixpkgs, if the derivation attribute
|
|
||||||
<varname>enableParallelBuilding</varname> is set to
|
|
||||||
<literal>true</literal>, the builder passes the
|
|
||||||
<option>-j<replaceable>N</replaceable></option> flag to GNU Make. The
|
|
||||||
value <literal>0</literal> means that the builder should use all
|
|
||||||
available CPU cores in the system.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Set the Nix configuration option <replaceable>name</replaceable> to
|
|
||||||
<replaceable>value</replaceable>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--show-trace</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Causes Nix to print out a stack trace in case of Nix expression
|
|
||||||
evaluation errors.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--keep-going</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Causes Nix to continue building derivations as far as possible
|
|
||||||
in the face of failed builds.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--help</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Synonym for <command>man nixos-install</command>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Examples</title>
|
|
||||||
<para>
|
|
||||||
A typical NixOS installation is done by creating and mounting a file system
|
|
||||||
on <filename>/mnt</filename>, generating a NixOS configuration in
|
|
||||||
<filename>/mnt/etc/nixos/configuration.nix</filename>, and running
|
|
||||||
<command>nixos-install</command>. For instance, if we want to install NixOS
|
|
||||||
on an <literal>ext4</literal> file system created in
|
|
||||||
<filename>/dev/sda1</filename>:
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>mkfs.ext4 /dev/sda1
|
|
||||||
<prompt>$ </prompt>mount /dev/sda1 /mnt
|
|
||||||
<prompt>$ </prompt>nixos-generate-config --root /mnt
|
|
||||||
<prompt>$ </prompt># edit /mnt/etc/nixos/configuration.nix
|
|
||||||
<prompt>$ </prompt>nixos-install
|
|
||||||
<prompt>$ </prompt>reboot
|
|
||||||
</screen>
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
</refentry>
|
|
|
@ -1,134 +0,0 @@
|
||||||
<refentry xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
||||||
<refmeta>
|
|
||||||
<refentrytitle><command>nixos-option</command>
|
|
||||||
</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
|
||||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
|
||||||
</refmeta>
|
|
||||||
<refnamediv>
|
|
||||||
<refname><command>nixos-option</command></refname>
|
|
||||||
<refpurpose>inspect a NixOS configuration</refpurpose>
|
|
||||||
</refnamediv>
|
|
||||||
<refsynopsisdiv>
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>nixos-option</command>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'><option>-r</option></arg>
|
|
||||||
<arg choice='plain'><option>--recursive</option></arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>-I</option> <replaceable>path</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<replaceable>option.name</replaceable>
|
|
||||||
</arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
</refsynopsisdiv>
|
|
||||||
<refsection>
|
|
||||||
<title>Description</title>
|
|
||||||
<para>
|
|
||||||
This command evaluates the configuration specified in
|
|
||||||
<filename>/etc/nixos/configuration.nix</filename> and returns the properties
|
|
||||||
of the option name given as argument.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
When the option name is not an option, the command prints the list of
|
|
||||||
attributes contained in the attribute set.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Options</title>
|
|
||||||
<para>
|
|
||||||
This command accepts the following options:
|
|
||||||
</para>
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>-r</option></term>
|
|
||||||
<term><option>--recursive</option></term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Print all the values at or below the specified path recursively.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>-I</option> <replaceable>path</replaceable>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
This option is passed to the underlying
|
|
||||||
<command>nix-instantiate</command> invocation.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Environment</title>
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<envar>NIXOS_CONFIG</envar>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Path to the main NixOS configuration module. Defaults to
|
|
||||||
<filename>/etc/nixos/configuration.nix</filename>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Examples</title>
|
|
||||||
<para>
|
|
||||||
Investigate option values:
|
|
||||||
<screen><prompt>$ </prompt>nixos-option boot.loader
|
|
||||||
This attribute set contains:
|
|
||||||
generationsDir
|
|
||||||
grub
|
|
||||||
initScript
|
|
||||||
|
|
||||||
<prompt>$ </prompt>nixos-option boot.loader.grub.enable
|
|
||||||
Value:
|
|
||||||
true
|
|
||||||
|
|
||||||
Default:
|
|
||||||
true
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Whether to enable the GNU GRUB boot loader.
|
|
||||||
|
|
||||||
Declared by:
|
|
||||||
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
|
||||||
|
|
||||||
Defined by:
|
|
||||||
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
|
||||||
</screen>
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>Bugs</title>
|
|
||||||
<para>
|
|
||||||
The author listed in the following section is wrong. If there is any other
|
|
||||||
bug, please report to Nicolas Pierron.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
<refsection>
|
|
||||||
<title>See also</title>
|
|
||||||
<para>
|
|
||||||
<citerefentry>
|
|
||||||
<refentrytitle>configuration.nix</refentrytitle>
|
|
||||||
<manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
</refentry>
|
|
|
@ -1,781 +0,0 @@
|
||||||
<refentry xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
||||||
<refmeta>
|
|
||||||
<refentrytitle><command>nixos-rebuild</command>
|
|
||||||
</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
|
||||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
|
||||||
</refmeta>
|
|
||||||
|
|
||||||
<refnamediv>
|
|
||||||
<refname><command>nixos-rebuild</command></refname>
|
|
||||||
<refpurpose>reconfigure a NixOS machine</refpurpose>
|
|
||||||
</refnamediv>
|
|
||||||
|
|
||||||
<refsynopsisdiv>
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>nixos-rebuild</command><group choice='req'>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>switch</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>boot</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>test</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>build</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>dry-build</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>dry-activate</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>edit</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>build-vm</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>build-vm-with-bootloader</option>
|
|
||||||
</arg>
|
|
||||||
</group>
|
|
||||||
<sbr />
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--upgrade</option>
|
|
||||||
</arg>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--upgrade-all</option>
|
|
||||||
</arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--install-bootloader</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--no-build-nix</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--fast</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--rollback</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--builders</option> <replaceable>builder-spec</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<sbr/>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--flake</option> <replaceable>flake-uri</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--no-flake</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--override-input</option> <replaceable>input-name</replaceable> <replaceable>flake-uri</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<sbr />
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--profile-name</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>-p</option>
|
|
||||||
</arg>
|
|
||||||
</group> <replaceable>name</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>--specialisation</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg choice='plain'>
|
|
||||||
<option>-c</option>
|
|
||||||
</arg>
|
|
||||||
</group> <replaceable>name</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<sbr />
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--build-host</option> <replaceable>host</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--target-host</option> <replaceable>host</replaceable>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--use-remote-sudo</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<sbr />
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--show-trace</option>
|
|
||||||
</arg>
|
|
||||||
<arg>
|
|
||||||
<option>-I</option>
|
|
||||||
<replaceable>NIX_PATH</replaceable>
|
|
||||||
</arg>
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'><option>--verbose</option></arg>
|
|
||||||
<arg choice='plain'><option>-v</option></arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'><option>--impure</option></arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'><option>--max-jobs</option></arg>
|
|
||||||
<arg choice='plain'><option>-j</option></arg>
|
|
||||||
</group>
|
|
||||||
<replaceable>number</replaceable>
|
|
||||||
</arg>
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'><option>--keep-failed</option></arg>
|
|
||||||
<arg choice='plain'><option>-K</option></arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
<arg>
|
|
||||||
<group choice='req'>
|
|
||||||
<arg choice='plain'><option>--keep-going</option></arg>
|
|
||||||
<arg choice='plain'><option>-k</option></arg>
|
|
||||||
</group>
|
|
||||||
</arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
</refsynopsisdiv>
|
|
||||||
|
|
||||||
<refsection>
|
|
||||||
<title>Description</title>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
This command updates the system so that it corresponds to the
|
|
||||||
configuration specified in
|
|
||||||
<filename>/etc/nixos/configuration.nix</filename> or
|
|
||||||
<filename>/etc/nixos/flake.nix</filename>. Thus, every time you
|
|
||||||
modify the configuration or any other NixOS module, you must run
|
|
||||||
<command>nixos-rebuild</command> to make the changes take
|
|
||||||
effect. It builds the new system in
|
|
||||||
<filename>/nix/store</filename>, runs its activation script, and
|
|
||||||
stop and (re)starts any system services if needed. Please note that
|
|
||||||
user services need to be started manually as they aren't detected
|
|
||||||
by the activation script at the moment.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
This command has one required argument, which specifies the desired
|
|
||||||
operation. It must be one of the following:
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>switch</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build and activate the new configuration, and make it the boot default.
|
|
||||||
That is, the configuration is added to the GRUB boot menu as the default
|
|
||||||
menu entry, so that subsequent reboots will boot the system into the new
|
|
||||||
configuration. Previous configurations activated with
|
|
||||||
<command>nixos-rebuild switch</command> or <command>nixos-rebuild
|
|
||||||
boot</command> remain available in the GRUB menu.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Note that if you are using specializations, running just
|
|
||||||
<command>nixos-rebuild switch</command> will switch you back to the
|
|
||||||
unspecialized, base system - in that case, you might want to use this
|
|
||||||
instead:
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>nixos-rebuild switch --specialisation your-specialisation-name
|
|
||||||
</screen>
|
|
||||||
This command will build all specialisations and make them bootable just
|
|
||||||
like regular <command>nixos-rebuild switch</command> does - the only
|
|
||||||
thing different is that it will switch to given specialisation instead
|
|
||||||
of the base system; it can be also used to switch from the base system
|
|
||||||
into a specialised one, or to switch between specialisations.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>boot</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build the new configuration and make it the boot default (as with
|
|
||||||
<command>nixos-rebuild switch</command>), but do not activate it. That
|
|
||||||
is, the system continues to run the previous configuration until the
|
|
||||||
next reboot.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>test</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build and activate the new configuration, but do not add it to the GRUB
|
|
||||||
boot menu. Thus, if you reboot the system (or if it crashes), you will
|
|
||||||
automatically revert to the default configuration (i.e. the
|
|
||||||
configuration resulting from the last call to <command>nixos-rebuild
|
|
||||||
switch</command> or <command>nixos-rebuild boot</command>).
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Note that if you are using specialisations, running just
|
|
||||||
<command>nixos-rebuild test</command> will activate the unspecialised,
|
|
||||||
base system - in that case, you might want to use this instead:
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>nixos-rebuild test --specialisation your-specialisation-name
|
|
||||||
</screen>
|
|
||||||
This command can be also used to switch from the base system into a
|
|
||||||
specialised one, or to switch between specialisations.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>build</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build the new configuration, but neither activate it nor add it to the
|
|
||||||
GRUB boot menu. It leaves a symlink named <filename>result</filename> in
|
|
||||||
the current directory, which points to the output of the top-level
|
|
||||||
“system” derivation. This is essentially the same as doing
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>nix-build /path/to/nixpkgs/nixos -A system
|
|
||||||
</screen>
|
|
||||||
Note that you do not need to be <literal>root</literal> to run
|
|
||||||
<command>nixos-rebuild build</command>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>dry-build</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Show what store paths would be built or downloaded by any of the
|
|
||||||
operations above, but otherwise do nothing.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>dry-activate</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build the new configuration, but instead of activating it, show what
|
|
||||||
changes would be performed by the activation (i.e. by
|
|
||||||
<command>nixos-rebuild test</command>). For instance, this command will
|
|
||||||
print which systemd units would be restarted. The list of changes is not
|
|
||||||
guaranteed to be complete.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>edit</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Opens <filename>configuration.nix</filename> in the default editor.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>build-vm</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build a script that starts a NixOS virtual machine with the desired
|
|
||||||
configuration. It leaves a symlink <filename>result</filename> in the
|
|
||||||
current directory that points (under
|
|
||||||
<filename>result/bin/run-<replaceable>hostname</replaceable>-vm</filename>)
|
|
||||||
at the script that starts the VM. Thus, to test a NixOS configuration in
|
|
||||||
a virtual machine, you should do the following:
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>nixos-rebuild build-vm
|
|
||||||
<prompt>$ </prompt>./result/bin/run-*-vm
|
|
||||||
</screen>
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
The VM is implemented using the <literal>qemu</literal> package. For
|
|
||||||
best performance, you should load the <literal>kvm-intel</literal> or
|
|
||||||
<literal>kvm-amd</literal> kernel modules to get hardware
|
|
||||||
virtualisation.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
The VM mounts the Nix store of the host through the 9P file system. The
|
|
||||||
host Nix store is read-only, so Nix commands that modify the Nix store
|
|
||||||
will not work in the VM. This includes commands such as
|
|
||||||
<command>nixos-rebuild</command>; to change the VM’s configuration,
|
|
||||||
you must halt the VM and re-run the commands above.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
The VM has its own <literal>ext3</literal> root file system, which is
|
|
||||||
automatically created when the VM is first started, and is persistent
|
|
||||||
across reboots of the VM. It is stored in
|
|
||||||
<literal>./<replaceable>hostname</replaceable>.qcow2</literal>.
|
|
||||||
<!-- The entire file system hierarchy of the host is available in
|
|
||||||
the VM under <filename>/hostfs</filename>.-->
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>build-vm-with-bootloader</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Like <option>build-vm</option>, but boots using the regular boot loader
|
|
||||||
of your configuration (e.g., GRUB 1 or 2), rather than booting directly
|
|
||||||
into the kernel and initial ramdisk of the system. This allows you to
|
|
||||||
test whether the boot loader works correctly. However, it does not
|
|
||||||
guarantee that your NixOS configuration will boot successfully on the
|
|
||||||
host hardware (i.e., after running <command>nixos-rebuild
|
|
||||||
switch</command>), because the hardware and boot loader configuration in
|
|
||||||
the VM are different. The boot loader is installed on an automatically
|
|
||||||
generated virtual disk containing a <filename>/boot</filename>
|
|
||||||
partition.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
|
|
||||||
<refsection>
|
|
||||||
<title>Options</title>
|
|
||||||
<para>
|
|
||||||
This command accepts the following options:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--upgrade</option>
|
|
||||||
</term>
|
|
||||||
<term>
|
|
||||||
<option>--upgrade-all</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Update the root user's channel named <literal>nixos</literal>
|
|
||||||
before rebuilding the system.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
In addition to the <literal>nixos</literal> channel, the root
|
|
||||||
user's channels which have a file named
|
|
||||||
<literal>.update-on-nixos-rebuild</literal> in their base
|
|
||||||
directory will also be updated.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Passing <option>--upgrade-all</option> updates all of the root
|
|
||||||
user's channels.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--install-bootloader</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Causes the boot loader to be (re)installed on the device specified by the
|
|
||||||
relevant configuration options.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--no-build-nix</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Normally, <command>nixos-rebuild</command> first builds the
|
|
||||||
<varname>nixUnstable</varname> attribute in Nixpkgs, and uses the
|
|
||||||
resulting instance of the Nix package manager to build the new system
|
|
||||||
configuration. This is necessary if the NixOS modules use features not
|
|
||||||
provided by the currently installed version of Nix. This option disables
|
|
||||||
building a new Nix.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--fast</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Equivalent to <option>--no-build-nix</option>. This option is
|
|
||||||
useful if you call <command>nixos-rebuild</command> frequently
|
|
||||||
(e.g. if you’re hacking on a NixOS module).
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--rollback</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Instead of building a new configuration as specified by
|
|
||||||
<filename>/etc/nixos/configuration.nix</filename>, roll back to the
|
|
||||||
previous configuration. (The previous configuration is defined as the one
|
|
||||||
before the “current” generation of the Nix profile
|
|
||||||
<filename>/nix/var/nix/profiles/system</filename>.)
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--builders</option> <replaceable>builder-spec</replaceable>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Allow ad-hoc remote builders for building the new system. This requires
|
|
||||||
the user executing <command>nixos-rebuild</command> (usually root) to be
|
|
||||||
configured as a trusted user in the Nix daemon. This can be achieved by
|
|
||||||
using the <literal>nix.settings.trusted-users</literal> NixOS option. Examples
|
|
||||||
values for that option are described in the <literal>Remote builds
|
|
||||||
chapter</literal> in the Nix manual, (i.e. <command>--builders
|
|
||||||
"ssh://bigbrother x86_64-linux"</command>). By specifying an empty string
|
|
||||||
existing builders specified in <filename>/etc/nix/machines</filename> can
|
|
||||||
be ignored: <command>--builders ""</command> for example when they are
|
|
||||||
not reachable due to network connectivity.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--profile-name</option>
|
|
||||||
</term>
|
|
||||||
<term>
|
|
||||||
<option>-p</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Instead of using the Nix profile
|
|
||||||
<filename>/nix/var/nix/profiles/system</filename> to keep track of the
|
|
||||||
current and previous system configurations, use
|
|
||||||
<filename>/nix/var/nix/profiles/system-profiles/<replaceable>name</replaceable></filename>.
|
|
||||||
When you use GRUB 2, for every system profile created with this flag,
|
|
||||||
NixOS will create a submenu named “NixOS - Profile
|
|
||||||
'<replaceable>name</replaceable>'” in GRUB’s boot menu, containing
|
|
||||||
the current and previous configurations of this profile.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
For instance, if you want to test a configuration file named
|
|
||||||
<filename>test.nix</filename> without affecting the default system
|
|
||||||
profile, you would do:
|
|
||||||
<screen>
|
|
||||||
<prompt>$ </prompt>nixos-rebuild switch -p test -I nixos-config=./test.nix
|
|
||||||
</screen>
|
|
||||||
The new configuration will appear in the GRUB 2 submenu “NixOS -
|
|
||||||
Profile 'test'”.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--specialisation</option>
|
|
||||||
</term>
|
|
||||||
<term>
|
|
||||||
<option>-c</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Activates given specialisation; when not specified, switching and testing
|
|
||||||
will activate the base, unspecialised system.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--build-host</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Instead of building the new configuration locally, use the specified host
|
|
||||||
to perform the build. The host needs to be accessible with ssh, and must
|
|
||||||
be able to perform Nix builds. If the option
|
|
||||||
<option>--target-host</option> is not set, the build will be copied back
|
|
||||||
to the local machine when done.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Note that, if <option>--no-build-nix</option> is not specified, Nix will
|
|
||||||
be built both locally and remotely. This is because the configuration
|
|
||||||
will always be evaluated locally even though the building might be
|
|
||||||
performed remotely.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
You can include a remote user name in the host name
|
|
||||||
(<replaceable>user@host</replaceable>). You can also set ssh options by
|
|
||||||
defining the <envar>NIX_SSHOPTS</envar> environment variable.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--target-host</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Specifies the NixOS target host. By setting this to something other than
|
|
||||||
an empty string, the system activation will happen
|
|
||||||
on the remote host instead of the local machine. The remote host needs to
|
|
||||||
be accessible over ssh, and for the commands <option>switch</option>,
|
|
||||||
<option>boot</option> and <option>test</option> you need root access.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
If <option>--build-host</option> is not explicitly specified or empty,
|
|
||||||
building will take place locally.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
You can include a remote user name in the host name
|
|
||||||
(<replaceable>user@host</replaceable>). You can also set ssh options by
|
|
||||||
defining the <envar>NIX_SSHOPTS</envar> environment variable.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Note that <command>nixos-rebuild</command> honors the
|
|
||||||
<literal>nixpkgs.crossSystem</literal> setting of the given configuration
|
|
||||||
but disregards the true architecture of the target host. Hence the
|
|
||||||
<literal>nixpkgs.crossSystem</literal> setting has to match the target
|
|
||||||
platform or else activation will fail.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--use-substitutes</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
When set, nixos-rebuild will add <option>--use-substitutes</option>
|
|
||||||
to each invocation of nix-copy-closure. This will only affect the
|
|
||||||
behavior of nixos-rebuild if <option>--target-host</option> or
|
|
||||||
<option>--build-host</option> is also set. This is useful when
|
|
||||||
the target-host connection to cache.nixos.org is faster than the
|
|
||||||
connection between hosts.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--use-remote-sudo</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
When set, nixos-rebuild prefixes remote commands that run on
|
|
||||||
the <option>--build-host</option> and <option>--target-host</option>
|
|
||||||
systems with <command>sudo</command>. Setting this option allows
|
|
||||||
deploying as a non-root user.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--flake</option> <replaceable>flake-uri</replaceable><optional>#<replaceable>name</replaceable></optional>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Build the NixOS system from the specified flake. It defaults to
|
|
||||||
the directory containing the target of the symlink
|
|
||||||
<filename>/etc/nixos/flake.nix</filename>, if it exists. The
|
|
||||||
flake must contain an output named
|
|
||||||
<literal>nixosConfigurations.<replaceable>name</replaceable></literal>. If
|
|
||||||
<replaceable>name</replaceable> is omitted, it default to the
|
|
||||||
current host name.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--no-flake</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Do not imply <option>--flake</option> if
|
|
||||||
<filename>/etc/nixos/flake.nix</filename> exists. With this
|
|
||||||
option, it is possible to build non-flake NixOS configurations
|
|
||||||
even if the current NixOS systems uses flakes.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
</variablelist>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
In addition, <command>nixos-rebuild</command> accepts various Nix-related
|
|
||||||
flags, including <option>--max-jobs</option> / <option>-j</option>, <option>-I</option>,
|
|
||||||
<option>--show-trace</option>, <option>--keep-failed</option>,
|
|
||||||
<option>--keep-going</option>, <option>--impure</option>, and <option>--verbose</option> /
|
|
||||||
<option>-v</option>. See the Nix manual for details.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
|
|
||||||
<refsection>
|
|
||||||
<title>Environment</title>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<envar>NIXOS_CONFIG</envar>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Path to the main NixOS configuration module. Defaults to
|
|
||||||
<filename>/etc/nixos/configuration.nix</filename>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<envar>NIX_PATH</envar>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
A colon-separated list of directories used to look up Nix expressions enclosed in angle brackets (e.g <nixpkgs>). Example
|
|
||||||
<screen>
|
|
||||||
nixpkgs=./my-nixpkgs
|
|
||||||
</screen>
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<envar>NIX_SSHOPTS</envar>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Additional options to be passed to <command>ssh</command> on the command
|
|
||||||
line.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
|
|
||||||
<refsection>
|
|
||||||
<title>Files</title>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<filename>/etc/nixos/flake.nix</filename>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If this file exists, then <command>nixos-rebuild</command> will
|
|
||||||
use it as if the <option>--flake</option> option was given. This
|
|
||||||
file may be a symlink to a <filename>flake.nix</filename> in an
|
|
||||||
actual flake; thus <filename>/etc/nixos</filename> need not be a
|
|
||||||
flake.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<filename>/run/current-system</filename>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
A symlink to the currently active system configuration in the Nix store.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<filename>/nix/var/nix/profiles/system</filename>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The Nix profile that contains the current and previous system
|
|
||||||
configurations. Used to generate the GRUB boot menu.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
</variablelist>
|
|
||||||
</refsection>
|
|
||||||
|
|
||||||
<refsection>
|
|
||||||
<title>Bugs</title>
|
|
||||||
<para>
|
|
||||||
This command should be renamed to something more descriptive.
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
</refentry>
|
|
|
@ -1,158 +0,0 @@
|
||||||
<refentry xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
||||||
<refmeta>
|
|
||||||
<refentrytitle><command>nixos-version</command>
|
|
||||||
</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
|
||||||
</refmeta>
|
|
||||||
<refnamediv>
|
|
||||||
<refname><command>nixos-version</command></refname>
|
|
||||||
<refpurpose>show the NixOS version</refpurpose>
|
|
||||||
</refnamediv>
|
|
||||||
<refsynopsisdiv>
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>nixos-version</command>
|
|
||||||
<arg>
|
|
||||||
<option>--hash</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--revision</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--configuration-revision</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
<arg>
|
|
||||||
<option>--json</option>
|
|
||||||
</arg>
|
|
||||||
|
|
||||||
</cmdsynopsis>
|
|
||||||
</refsynopsisdiv>
|
|
||||||
|
|
||||||
<refsection>
|
|
||||||
<title>Description</title>
|
|
||||||
<para>
|
|
||||||
This command shows the version of the currently active NixOS configuration.
|
|
||||||
For example:
|
|
||||||
<screen><prompt>$ </prompt>nixos-version
|
|
||||||
16.03.1011.6317da4 (Emu)
|
|
||||||
</screen>
|
|
||||||
The version consists of the following elements:
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<literal>16.03</literal>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The NixOS release, indicating the year and month in which it was
|
|
||||||
released (e.g. March 2016).
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<literal>1011</literal>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The number of commits in the Nixpkgs Git repository between the start of
|
|
||||||
the release branch and the commit from which this version was built.
|
|
||||||
This ensures that NixOS versions are monotonically increasing. It is
|
|
||||||
<literal>git</literal> when the current NixOS configuration was built
|
|
||||||
from a checkout of the Nixpkgs Git repository rather than from a NixOS
|
|
||||||
channel.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<literal>6317da4</literal>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The first 7 characters of the commit in the Nixpkgs Git repository from
|
|
||||||
which this version was built.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<literal>Emu</literal>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
The code name of the NixOS release. The first letter of the code name
|
|
||||||
indicates that this is the N'th stable NixOS release; for example, Emu
|
|
||||||
is the fifth release.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</para>
|
|
||||||
</refsection>
|
|
||||||
|
|
||||||
<refsection>
|
|
||||||
<title>Options</title>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
This command accepts the following options:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--hash</option>
|
|
||||||
</term>
|
|
||||||
<term>
|
|
||||||
<option>--revision</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Show the full SHA1 hash of the Git commit from which this configuration
|
|
||||||
was built, e.g.
|
|
||||||
<screen><prompt>$ </prompt>nixos-version --hash
|
|
||||||
6317da40006f6bc2480c6781999c52d88dde2acf
|
|
||||||
</screen>
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--configuration-revision</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Show the configuration revision if available. This could be the full SHA1
|
|
||||||
hash of the Git commit of the system flake, if you add
|
|
||||||
<screen>{ system.configurationRevision = self.rev or "dirty"; }</screen>
|
|
||||||
to the <screen>modules</screen> array of your flake.nix system configuration e.g.
|
|
||||||
<screen><prompt>$ </prompt>nixos-version --configuration-revision
|
|
||||||
aa314ebd1592f6cdd53cb5bba8bcae97d9323de8
|
|
||||||
</screen>
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
<option>--json</option>
|
|
||||||
</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Print a JSON representation of the versions of NixOS and the
|
|
||||||
top-level configuration flake.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
</variablelist>
|
|
||||||
|
|
||||||
</refsection>
|
|
||||||
|
|
||||||
</refentry>
|
|
|
@ -15,11 +15,4 @@
|
||||||
</copyright>
|
</copyright>
|
||||||
</info>
|
</info>
|
||||||
<xi:include href="man-configuration.xml" />
|
<xi:include href="man-configuration.xml" />
|
||||||
<xi:include href="man-nixos-build-vms.xml" />
|
|
||||||
<xi:include href="man-nixos-generate-config.xml" />
|
|
||||||
<xi:include href="man-nixos-install.xml" />
|
|
||||||
<xi:include href="man-nixos-enter.xml" />
|
|
||||||
<xi:include href="man-nixos-option.xml" />
|
|
||||||
<xi:include href="man-nixos-rebuild.xml" />
|
|
||||||
<xi:include href="man-nixos-version.xml" />
|
|
||||||
</reference>
|
</reference>
|
||||||
|
|
57
third_party/nixpkgs/nixos/doc/manual/manpages/README.md
vendored
Normal file
57
third_party/nixpkgs/nixos/doc/manual/manpages/README.md
vendored
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
# NixOS manpages
|
||||||
|
|
||||||
|
This is the collection of NixOS manpages, excluding `configuration.nix(5)`.
|
||||||
|
|
||||||
|
Man pages are written in [`mdoc(7)` format](https://mandoc.bsd.lv/man/mdoc.7.html) and should be portable between mandoc and groff for rendering (though minor differences may occur, mandoc and groff seem to have slightly different spacing rules.)
|
||||||
|
|
||||||
|
For previewing edited files, you can just run `man -l path/to/file.8` and you will see it rendered.
|
||||||
|
|
||||||
|
Being written in `mdoc` these manpages use semantic markup. This file provides a guideline on where to apply which of the semantic elements of `mdoc`.
|
||||||
|
|
||||||
|
### Command lines and arguments
|
||||||
|
|
||||||
|
In any manpage, commands, flags and arguments to the *current* executable should be marked according to their semantics. Commands, flags and arguments passed to *other* executables should not be marked like this and should instead be considered as code examples and marked with `Ql`.
|
||||||
|
|
||||||
|
- Use `Fl` to mark flag arguments, `Ar` for their arguments.
|
||||||
|
- Repeating arguments should be marked by adding ellipses (`...`).
|
||||||
|
- Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`.
|
||||||
|
- Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments.
|
||||||
|
- Required flags or arguments should not be marked.
|
||||||
|
- Mutually exclusive groups of arguments should be enclosed in curly brackets, preferrably created with `Bro`/`Brc` blocks.
|
||||||
|
|
||||||
|
When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly:
|
||||||
|
```
|
||||||
|
This will run
|
||||||
|
.Ic ssh Ar name Ic time
|
||||||
|
to retrieve the remote time.
|
||||||
|
```
|
||||||
|
|
||||||
|
### Paths, NixOS options, environment variables
|
||||||
|
|
||||||
|
Constant paths should be marked with `Pa`, NixOS options with `Va`, and environment variables with `Ev`.
|
||||||
|
|
||||||
|
Generated paths, e.g. `result/bin/run-hostname-vm` (where `hostname` is a variable or arguments) should be marked as `Ql` inline literals with their variable components marked appropriately.
|
||||||
|
|
||||||
|
- Taking `hostname` from an argument become `.Ql result/bin/run- Ns Ar hostname Ns -vm`
|
||||||
|
- Taking `hostname` from a variable otherwise defined becomes `.Ql result/bin/run- Ns Va hostname Ns -vm`
|
||||||
|
|
||||||
|
### Code examples and other commands
|
||||||
|
|
||||||
|
In free text names and complete invocations of other commands (e.g. `ssh` or `tar -xvf src.tar`) should be marked with `Ic`, fragments of command lines should be marked with `Ql`.
|
||||||
|
|
||||||
|
Larger code blocks or those that cannot be shown inline should use indented literal display block markup for their contents, i.e.
|
||||||
|
```
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
...
|
||||||
|
.Ed
|
||||||
|
```
|
||||||
|
Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be subsituted into them:
|
||||||
|
```
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
{
|
||||||
|
options.hostname = "\c
|
||||||
|
.Ar hostname Ns \c
|
||||||
|
";
|
||||||
|
}
|
||||||
|
.Ed
|
||||||
|
```
|
109
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-build-vms.8
vendored
Normal file
109
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-build-vms.8
vendored
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
.Dd January 1, 1980
|
||||||
|
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||||
|
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||||
|
.\" so we can use it as a groff/mandoc switch.
|
||||||
|
.ie ddoc-default-operating-system .Dt nixos-build-vms \&8 "NixOS System Manager's Manual"
|
||||||
|
.el .Dt nixos-build-vms 8
|
||||||
|
.Os NixOS
|
||||||
|
.Sh NAME
|
||||||
|
.Nm nixos-build-vms
|
||||||
|
.Nd build a network of virtual machines from a network of NixOS configurations
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.Nm nixos-build-vms
|
||||||
|
.Op Fl -show-trace
|
||||||
|
.Op Fl -no-out-link
|
||||||
|
.Op Fl -help
|
||||||
|
.Op Fl -option Ar name value
|
||||||
|
.Pa network.nix
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
.
|
||||||
|
This command builds a network of QEMU\-KVM virtual machines of a Nix expression
|
||||||
|
specifying a network of NixOS machines. The virtual network can be started by
|
||||||
|
executing the
|
||||||
|
.Pa bin/run-vms
|
||||||
|
shell script that is generated by this command. By default, a
|
||||||
|
.Pa result
|
||||||
|
symlink is produced that points to the generated virtual network.
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
A network Nix expression has the following structure:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
{
|
||||||
|
test1 = {pkgs, config, ...}:
|
||||||
|
{
|
||||||
|
services.openssh.enable = true;
|
||||||
|
nixpkgs.localSystem.system = "i686-linux";
|
||||||
|
deployment.targetHost = "test1.example.net";
|
||||||
|
|
||||||
|
# Other NixOS options
|
||||||
|
};
|
||||||
|
|
||||||
|
test2 = {pkgs, config, ...}:
|
||||||
|
{
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.httpd.enable = true;
|
||||||
|
environment.systemPackages = [ pkgs.lynx ];
|
||||||
|
nixpkgs.localSystem.system = "x86_64-linux";
|
||||||
|
deployment.targetHost = "test2.example.net";
|
||||||
|
|
||||||
|
# Other NixOS options
|
||||||
|
};
|
||||||
|
}
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
Each attribute in the expression represents a machine in the network
|
||||||
|
.Ns (e.g.
|
||||||
|
.Va test1
|
||||||
|
and
|
||||||
|
.Va test2 Ns
|
||||||
|
) referring to a function defining a NixOS configuration. In each NixOS
|
||||||
|
configuration, two attributes have a special meaning. The
|
||||||
|
.Va deployment.targetHost
|
||||||
|
specifies the address (domain name or IP address) of the system which is used by
|
||||||
|
.Ic ssh
|
||||||
|
to perform remote deployment operations. The
|
||||||
|
.Va nixpkgs.localSystem.system
|
||||||
|
attribute can be used to specify an architecture for the target machine, such as
|
||||||
|
.Ql i686-linux
|
||||||
|
which builds a 32-bit NixOS configuration. Omitting this property will build the
|
||||||
|
configuration for the same architecture as the host system.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh OPTIONS
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Fl -show-trace
|
||||||
|
Shows a trace of the output.
|
||||||
|
.
|
||||||
|
.It Fl -no-out-link
|
||||||
|
Do not create a
|
||||||
|
.Pa result
|
||||||
|
symlink.
|
||||||
|
.
|
||||||
|
.It Fl h , -help
|
||||||
|
Shows the usage of this command to the user.
|
||||||
|
.
|
||||||
|
.It Fl -option Ar name Va value
|
||||||
|
Set the Nix configuration option
|
||||||
|
.Va name
|
||||||
|
to
|
||||||
|
.Va value Ns
|
||||||
|
\&. This overrides settings in the Nix configuration file (see
|
||||||
|
.Xr nix.conf 5 Ns
|
||||||
|
).
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
.An Eelco Dolstra
|
||||||
|
and
|
||||||
|
.An the Nixpkgs/NixOS contributors
|
76
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-enter.8
vendored
Normal file
76
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-enter.8
vendored
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
.Dd January 1, 1980
|
||||||
|
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||||
|
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||||
|
.\" so we can use it as a groff/mandoc switch.
|
||||||
|
.ie ddoc-default-operating-system .Dt nixos-enter \&8 "NixOS System Manager's Manual"
|
||||||
|
.el .Dt nixos-enter 8
|
||||||
|
.Os NixOS
|
||||||
|
.Sh NAME
|
||||||
|
.Nm nixos-enter
|
||||||
|
.Nd run a command in a NixOS chroot environment
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.Nm nixos-enter
|
||||||
|
.Op Fl -root Ar root
|
||||||
|
.Op Fl -system Ar system
|
||||||
|
.Op Fl -command | c Ar shell-command
|
||||||
|
.Op Fl -silent
|
||||||
|
.Op Fl -help
|
||||||
|
.Op Fl - Ar arguments ...
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
This command runs a command in a NixOS chroot environment, that is, in a filesystem hierarchy previously prepared using
|
||||||
|
.Xr nixos-install 8 .
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh OPTIONS
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Fl -root Ar root
|
||||||
|
The path to the NixOS system you want to enter. It defaults to
|
||||||
|
.Pa /mnt Ns
|
||||||
|
\&.
|
||||||
|
.It Fl -system Ar system
|
||||||
|
The NixOS system configuration to use. It defaults to
|
||||||
|
.Pa /nix/var/nix/profiles/system Ns
|
||||||
|
\&. You can enter a previous NixOS configuration by specifying a path such as
|
||||||
|
.Pa /nix/var/nix/profiles/system-106-link Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Fl -command Ar shell-command , Fl c Ar shell-command
|
||||||
|
The bash command to execute.
|
||||||
|
.
|
||||||
|
.It Fl -silent
|
||||||
|
Suppresses all output from the activation script of the target system.
|
||||||
|
.
|
||||||
|
.It Fl -
|
||||||
|
Interpret the remaining arguments as the program name and arguments to be invoked.
|
||||||
|
The program is not executed in a shell.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh EXAMPLES
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Ic nixos-enter --root /mnt
|
||||||
|
Start an interactive shell in the NixOS installation in
|
||||||
|
.Pa /mnt Ns .
|
||||||
|
.
|
||||||
|
.It Ic nixos-enter -c 'ls -l /; cat /proc/mounts'
|
||||||
|
Run a shell command.
|
||||||
|
.
|
||||||
|
.It Ic nixos-enter -- cat /proc/mounts
|
||||||
|
Run a non-shell command.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
.An Eelco Dolstra
|
||||||
|
and
|
||||||
|
.An the Nixpkgs/NixOS contributors
|
169
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-generate-config.8
vendored
Normal file
169
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-generate-config.8
vendored
Normal file
|
@ -0,0 +1,169 @@
|
||||||
|
.Dd January 1, 1980
|
||||||
|
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||||
|
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||||
|
.\" so we can use it as a groff/mandoc switch.
|
||||||
|
.ie ddoc-default-operating-system .Dt nixos-generate-config \&8 "NixOS System Manager's Manual"
|
||||||
|
.el .Dt nixos-generate-config 8
|
||||||
|
.Os NixOS
|
||||||
|
.Sh NAME
|
||||||
|
.Nm nixos-generate-config
|
||||||
|
.Nd generate NixOS configuration modules
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.Nm nixos-generate-config
|
||||||
|
.Op Fl -force
|
||||||
|
.Op Fl -root Ar root
|
||||||
|
.Op Fl -dir Ar dir
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
This command writes two NixOS configuration modules:
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Pa /etc/nixos/hardware-configuration.nix
|
||||||
|
This module sets NixOS configuration options based on your current hardware
|
||||||
|
configuration. In particular, it sets the
|
||||||
|
.Va fileSystem
|
||||||
|
option to reflect all currently mounted file systems, the
|
||||||
|
.Va swapDevices
|
||||||
|
option to reflect active swap devices, and the
|
||||||
|
.Va boot.initrd.*
|
||||||
|
options to ensure that the initial ramdisk contains any kernel modules necessary
|
||||||
|
for mounting the root file system.
|
||||||
|
.Pp
|
||||||
|
If this file already exists, it is overwritten. Thus, you should not modify it
|
||||||
|
manually. Rather, you should include it from your
|
||||||
|
.Pa /etc/nixos/configuration.nix Ns
|
||||||
|
, and re-run
|
||||||
|
.Nm
|
||||||
|
to update it whenever your hardware configuration changes.
|
||||||
|
.
|
||||||
|
.It Pa /etc/nixos/configuration.nix
|
||||||
|
This is the main NixOS system configuration module. If it already exists, it’s
|
||||||
|
left unchanged. Otherwise,
|
||||||
|
.Nm
|
||||||
|
will write a template for you to customise.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh OPTIONS
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Fl -root Ar root
|
||||||
|
If this option is given, treat the directory
|
||||||
|
.Ar root
|
||||||
|
as the root of the file system. This means that configuration files will be written to
|
||||||
|
.Ql Ar root Ns /etc/nixos Ns
|
||||||
|
, and that any file systems outside of
|
||||||
|
.Ar root
|
||||||
|
are ignored for the purpose of generating the
|
||||||
|
.Va fileSystems
|
||||||
|
option.
|
||||||
|
.
|
||||||
|
.It Fl -dir Ar dir
|
||||||
|
If this option is given, write the configuration files to the directory
|
||||||
|
.Ar dir
|
||||||
|
instead of
|
||||||
|
.Pa /etc/nixos Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Fl -force
|
||||||
|
Overwrite
|
||||||
|
.Pa /etc/nixos/configuration.nix
|
||||||
|
if it already exists.
|
||||||
|
.
|
||||||
|
.It Fl -no-filesystems
|
||||||
|
Omit everything concerning file systems and swap devices from the hardware configuration.
|
||||||
|
.
|
||||||
|
.It Fl -show-hardware-config
|
||||||
|
Don't generate
|
||||||
|
.Pa configuration.nix
|
||||||
|
or
|
||||||
|
.Pa hardware-configuration.nix
|
||||||
|
and print the hardware configuration to stdout only.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh EXAMPLES
|
||||||
|
This command is typically used during NixOS installation to write initial
|
||||||
|
configuration modules. For example, if you created and mounted the target file
|
||||||
|
systems on
|
||||||
|
.Pa /mnt
|
||||||
|
and
|
||||||
|
.Pa /mnt/boot Ns
|
||||||
|
, you would run:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-generate-config --root /mnt
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
The resulting file
|
||||||
|
.Pa /mnt/etc/nixos/hardware-configuration.nix
|
||||||
|
might look like this:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ <nixos/modules/installer/scan/not-detected.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "ext3";
|
||||||
|
options = [ "rw" "data=ordered" "relatime" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/sda1";
|
||||||
|
fsType = "ext3";
|
||||||
|
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[ { device = "/dev/sda2"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
nix.maxJobs = 8;
|
||||||
|
}
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
It will also create a basic
|
||||||
|
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||||
|
, which you should edit to customise the logical configuration of your system. \
|
||||||
|
This file includes the result of the hardware scan as follows:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
After installation, if your hardware configuration changes, you can run:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-generate-config
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
to update
|
||||||
|
.Pa /etc/nixos/hardware-configuration.nix Ns
|
||||||
|
\&. Your
|
||||||
|
.Pa /etc/nixos/configuration.nix
|
||||||
|
will
|
||||||
|
.Em not
|
||||||
|
be overwritten.
|
||||||
|
.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
.An Eelco Dolstra
|
||||||
|
and
|
||||||
|
.An the Nixpkgs/NixOS contributors
|
195
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-install.8
vendored
Normal file
195
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-install.8
vendored
Normal file
|
@ -0,0 +1,195 @@
|
||||||
|
.Dd January 1, 1980
|
||||||
|
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||||
|
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||||
|
.\" so we can use it as a groff/mandoc switch.
|
||||||
|
.ie ddoc-default-operating-system .Dt nixos-install \&8 "NixOS System Manager's Manual"
|
||||||
|
.el .Dt nixos-install 8
|
||||||
|
.Os NixOS
|
||||||
|
.Sh NAME
|
||||||
|
.Nm nixos-install
|
||||||
|
.Nd install bootloader and NixOS
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.Nm nixos-install
|
||||||
|
.Op Fl -verbose | v
|
||||||
|
.Op Fl I Ar path
|
||||||
|
.Op Fl -root Ar root
|
||||||
|
.Op Fl -system Ar path
|
||||||
|
.Op Fl -flake Ar flake-uri
|
||||||
|
.Op Fl -impure
|
||||||
|
.Op Fl -channel Ar channel
|
||||||
|
.Op Fl -no-channel-copy
|
||||||
|
.Op Fl -no-root-password | -no-root-passwd
|
||||||
|
.Op Fl -no-bootloader
|
||||||
|
.Op Fl -max-jobs | j Ar number
|
||||||
|
.Op Fl -cores Ar number
|
||||||
|
.Op Fl -option Ar name value
|
||||||
|
.Op Fl -show-trace
|
||||||
|
.Op Fl -keep-going
|
||||||
|
.Op Fl -help
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
This command installs NixOS in the file system mounted on
|
||||||
|
.Pa /mnt Ns
|
||||||
|
, based on the NixOS configuration specified in
|
||||||
|
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||||
|
\&. It performs the following steps:
|
||||||
|
.
|
||||||
|
.Bl -enum
|
||||||
|
.It
|
||||||
|
It copies Nix and its dependencies to
|
||||||
|
.Pa /mnt/nix/store Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It
|
||||||
|
It runs Nix in
|
||||||
|
.Pa /mnt
|
||||||
|
to build the NixOS configuration specified in
|
||||||
|
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It
|
||||||
|
It installs the current channel
|
||||||
|
.Dq nixos
|
||||||
|
in the target channel profile (unless
|
||||||
|
.Fl -no-channel-copy
|
||||||
|
is specified).
|
||||||
|
.
|
||||||
|
.It
|
||||||
|
It installs the GRUB boot loader on the device specified in the option
|
||||||
|
.Va boot.loader.grub.device
|
||||||
|
(unless
|
||||||
|
.Fl -no-bootloader
|
||||||
|
is specified), and generates a GRUB configuration file that boots into the NixOS
|
||||||
|
configuration just installed.
|
||||||
|
.
|
||||||
|
.It
|
||||||
|
It prompts you for a password for the root account (unless
|
||||||
|
.Fl -no-root-password
|
||||||
|
is specified).
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
This command is idempotent: if it is interrupted or fails due to a temporary
|
||||||
|
problem (e.g. a network issue), you can safely re-run it.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh OPTIONS
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Fl -verbose , v
|
||||||
|
Increases the level of verbosity of diagnostic messages printed on standard
|
||||||
|
error. For each Nix operation, the information printed on standard output is
|
||||||
|
well-defined; any diagnostic information is printed on standard error, never on
|
||||||
|
standard output.
|
||||||
|
.Pp
|
||||||
|
Please note that this option may be specified repeatedly.
|
||||||
|
.
|
||||||
|
.It Fl -root Ar root
|
||||||
|
Defaults to
|
||||||
|
.Pa /mnt Ns
|
||||||
|
\&. If this option is given, treat the directory
|
||||||
|
.Ar root
|
||||||
|
as the root of the NixOS installation.
|
||||||
|
.
|
||||||
|
.It Fl -system Ar path
|
||||||
|
If this option is provided,
|
||||||
|
.Nm
|
||||||
|
will install the specified closure rather than attempt to build one from
|
||||||
|
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||||
|
\&.
|
||||||
|
.Pp
|
||||||
|
The closure must be an appropriately configured NixOS system, with boot loader
|
||||||
|
and partition configuration that fits the target host. Such a closure is
|
||||||
|
typically obtained with a command such as
|
||||||
|
.Ic nix-build -I nixos-config=./configuration.nix '<nixpkgs/nixos>' -A system --no-out-link Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Fl -flake Ar flake-uri Ns # Ns Ar name
|
||||||
|
Build the NixOS system from the specified flake. The flake must contain an
|
||||||
|
output named
|
||||||
|
.Ql nixosConfigurations. Ns Ar name Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Fl -channel Ar channel
|
||||||
|
If this option is provided, do not copy the current
|
||||||
|
.Dq nixos
|
||||||
|
channel to the target host. Instead, use the specified derivation.
|
||||||
|
.
|
||||||
|
.It Fl I Ar Path
|
||||||
|
Add a path to the Nix expression search path. This option may be given multiple
|
||||||
|
times. See the
|
||||||
|
.Ev NIX_PATH
|
||||||
|
environment variable for information on the semantics of the Nix search path. Paths added through
|
||||||
|
.Fl I
|
||||||
|
take precedence over
|
||||||
|
.Ev NIX_PATH Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Fl -max-jobs , j Ar number
|
||||||
|
Sets the maximum number of build jobs that Nix will perform in parallel to the
|
||||||
|
specified number. The default is 1. A higher value is useful on SMP systems or
|
||||||
|
to exploit I/O latency.
|
||||||
|
.
|
||||||
|
.It Fl -cores Ar N
|
||||||
|
Sets the value of the
|
||||||
|
.Ev NIX_BUILD_CORES
|
||||||
|
environment variable in the invocation of builders. Builders can use this
|
||||||
|
variable at their discretion to control the maximum amount of parallelism. For
|
||||||
|
instance, in Nixpkgs, if the derivation attribute
|
||||||
|
.Va enableParallelBuilding
|
||||||
|
is set to true, the builder passes the
|
||||||
|
.Fl j Ns Va N
|
||||||
|
flag to GNU Make. The value 0 means that the builder should use all available CPU cores in the system.
|
||||||
|
.
|
||||||
|
.It Fl -option Ar name value
|
||||||
|
Set the Nix configuration option
|
||||||
|
.Ar name
|
||||||
|
to
|
||||||
|
.Ar value Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Fl -show-trace
|
||||||
|
Causes Nix to print out a stack trace in case of Nix expression evaluation errors.
|
||||||
|
.
|
||||||
|
.It Fl -keep-going
|
||||||
|
Causes Nix to continue building derivations as far as possible in the face of failed builds.
|
||||||
|
.
|
||||||
|
.It Fl -help
|
||||||
|
Synonym for
|
||||||
|
.Ic man nixos-install Ns
|
||||||
|
\&.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh EXAMPLES
|
||||||
|
A typical NixOS installation is done by creating and mounting a file system on
|
||||||
|
.Pa /mnt Ns
|
||||||
|
, generating a NixOS configuration in
|
||||||
|
.Pa /mnt/etc/nixos/configuration.nix Ns
|
||||||
|
, and running
|
||||||
|
.Nm Ns
|
||||||
|
\&. For instance, if we want to install NixOS on an ext4 file system created in
|
||||||
|
.Pa /dev/sda1 Ns
|
||||||
|
:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ mkfs.ext4 /dev/sda1
|
||||||
|
$ mount /dev/sda1 /mnt
|
||||||
|
$ nixos-generate-config --root /mnt
|
||||||
|
$ # edit /mnt/etc/nixos/configuration.nix
|
||||||
|
$ nixos-install
|
||||||
|
$ reboot
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
.An Eelco Dolstra
|
||||||
|
and
|
||||||
|
.An the Nixpkgs/NixOS contributors
|
93
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-option.8
vendored
Normal file
93
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-option.8
vendored
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
.Dd January 1, 1980
|
||||||
|
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||||
|
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||||
|
.\" so we can use it as a groff/mandoc switch.
|
||||||
|
.ie ddoc-default-operating-system .Dt nixos-option \&8 "NixOS System Manager's Manual"
|
||||||
|
.el .Dt nixos-option 8
|
||||||
|
.Os NixOS
|
||||||
|
.Sh NAME
|
||||||
|
.Nm nixos-option
|
||||||
|
.Nd inspect a NixOS configuration
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.Nm
|
||||||
|
.Op Fl r | -recursive
|
||||||
|
.Op Fl I Ar path
|
||||||
|
.Ar option.name
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
This command evaluates the configuration specified in
|
||||||
|
.Pa /etc/nixos/configuration.nix
|
||||||
|
and returns the properties of the option name given as argument.
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
When the option name is not an option, the command prints the list of attributes
|
||||||
|
contained in the attribute set.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh OPTIONS
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Fl r , -recursive
|
||||||
|
Print all the values at or below the specified path recursively.
|
||||||
|
.
|
||||||
|
.It Fl I Ar path
|
||||||
|
This option is passed to the underlying
|
||||||
|
.Xr nix-instantiate 1
|
||||||
|
invocation.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh ENVIRONMENT
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Ev NIXOS_CONFIG
|
||||||
|
Path to the main NixOS configuration module. Defaults to
|
||||||
|
.Pa /etc/nixos/configuration.nix Ns
|
||||||
|
\&.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh EXAMPLES
|
||||||
|
Investigate option values:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-option boot.loader
|
||||||
|
This attribute set contains:
|
||||||
|
generationsDir
|
||||||
|
grub
|
||||||
|
initScript
|
||||||
|
|
||||||
|
$ nixos-option boot.loader.grub.enable
|
||||||
|
Value:
|
||||||
|
true
|
||||||
|
|
||||||
|
Default:
|
||||||
|
true
|
||||||
|
|
||||||
|
Description:
|
||||||
|
Whether to enable the GNU GRUB boot loader.
|
||||||
|
|
||||||
|
Declared by:
|
||||||
|
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
||||||
|
|
||||||
|
Defined by:
|
||||||
|
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SEE ALSO
|
||||||
|
.Xr configuration.nix 5
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
.An Nicolas Pierron
|
||||||
|
and
|
||||||
|
.An the Nixpkgs/NixOS contributors
|
456
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-rebuild.8
vendored
Normal file
456
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-rebuild.8
vendored
Normal file
|
@ -0,0 +1,456 @@
|
||||||
|
.Dd January 1, 1980
|
||||||
|
.\" nixpkgs groff will use Nixpkgs the OS in the title by default, taking it from
|
||||||
|
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||||
|
.\" so we can use it as a groff/mandoc switch.
|
||||||
|
.ie ddoc-default-operating-system .Dt nixos-rebuild \&8 "NixOS System Manager's Manual"
|
||||||
|
.el .Dt nixos-rebuild 8
|
||||||
|
.Os NixOS
|
||||||
|
.Sh NAME
|
||||||
|
.Nm nixos-rebuild
|
||||||
|
.Nd reconfigure a NixOS machine
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.Nm
|
||||||
|
.Bro
|
||||||
|
.Cm switch | boot | test | build | dry-build | dry-activate | edit | build-vm | build-vm-with-bootloader
|
||||||
|
.Brc
|
||||||
|
.br
|
||||||
|
.Op Fl -upgrade | -upgrade-all
|
||||||
|
.Op Fl -install-bootloader
|
||||||
|
.Op Fl -no-build-nix
|
||||||
|
.Op Fl -fast
|
||||||
|
.Op Fl -rollback
|
||||||
|
.Op Fl -builders Ar builder-spec
|
||||||
|
.br
|
||||||
|
.Op Fl -flake Ar flake-uri
|
||||||
|
.Op Fl -no-flake
|
||||||
|
.Op Fl -override-input Ar input-name flake-uri
|
||||||
|
.br
|
||||||
|
.Op Fl -profile-name | p Ar name
|
||||||
|
.Op Fl -specialisation | c Ar name
|
||||||
|
.br
|
||||||
|
.Op Fl -build-host Va host
|
||||||
|
.Op Fl -target-host Va host
|
||||||
|
.Op Fl -use-remote-sudo
|
||||||
|
.br
|
||||||
|
.Op Fl -show-trace
|
||||||
|
.Op Fl I Va NIX_PATH
|
||||||
|
.Op Fl -verbose | v
|
||||||
|
.Op Fl -impure
|
||||||
|
.Op Fl -max-jobs | j Va number
|
||||||
|
.Op Fl -keep-failed | K
|
||||||
|
.Op Fl -keep-going | k
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
This command updates the system so that it corresponds to the
|
||||||
|
configuration specified in
|
||||||
|
.Pa /etc/nixos/configuration.nix
|
||||||
|
or
|
||||||
|
.Pa /etc/nixos/flake.nix Ns
|
||||||
|
\&. Thus, every time you modify the configuration or any other NixOS module, you
|
||||||
|
must run
|
||||||
|
.Nm
|
||||||
|
to make the changes take effect. It builds the new system in
|
||||||
|
.Pa /nix/store Ns
|
||||||
|
, runs its activation script, and stop and (re)starts any system services if
|
||||||
|
needed. Please note that user services need to be started manually as they
|
||||||
|
aren't detected by the activation script at the moment.
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
This command has one required argument, which specifies the desired
|
||||||
|
operation. It must be one of the following:
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Cm switch
|
||||||
|
Build and activate the new configuration, and make it the boot default. That
|
||||||
|
is, the configuration is added to the GRUB boot menu as the default
|
||||||
|
menu entry, so that subsequent reboots will boot the system into the new
|
||||||
|
configuration. Previous configurations activated with
|
||||||
|
.Ic nixos-rebuild switch
|
||||||
|
or
|
||||||
|
.Ic nixos-rebuild boot
|
||||||
|
remain available in the GRUB menu.
|
||||||
|
.Pp
|
||||||
|
Note that if you are using specializations, running just
|
||||||
|
.Ic nixos-rebuild switch
|
||||||
|
will switch you back to the unspecialized, base system \(em in that case, you
|
||||||
|
might want to use this instead:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-rebuild switch --specialisation your-specialisation-name
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
This command will build all specialisations and make them bootable just
|
||||||
|
like regular
|
||||||
|
.Ic nixos-rebuild switch
|
||||||
|
does \(em the only thing different is that it will switch to given
|
||||||
|
specialisation instead of the base system; it can be also used to switch from
|
||||||
|
the base system into a specialised one, or to switch between specialisations.
|
||||||
|
.
|
||||||
|
.It Cm boot
|
||||||
|
Build the new configuration and make it the boot default (as with
|
||||||
|
.Ic nixos-rebuild switch Ns
|
||||||
|
), but do not activate it. That is, the system continues to run the previous
|
||||||
|
configuration until the next reboot.
|
||||||
|
.
|
||||||
|
.It Cm test
|
||||||
|
Build and activate the new configuration, but do not add it to the GRUB
|
||||||
|
boot menu. Thus, if you reboot the system (or if it crashes), you will
|
||||||
|
automatically revert to the default configuration (i.e. the
|
||||||
|
configuration resulting from the last call to
|
||||||
|
.Ic nixos-rebuild switch
|
||||||
|
or
|
||||||
|
.Ic nixos-rebuild boot Ns
|
||||||
|
).
|
||||||
|
.Pp
|
||||||
|
Note that if you are using specialisations, running just
|
||||||
|
.Ic nixos-rebuild test
|
||||||
|
will activate the unspecialised, base system \(em in that case, you might want
|
||||||
|
to use this instead:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-rebuild test --specialisation your-specialisation-name
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
This command can be also used to switch from the base system into a
|
||||||
|
specialised one, or to switch between specialisations.
|
||||||
|
.
|
||||||
|
.It Cm build
|
||||||
|
Build the new configuration, but neither activate it nor add it to the
|
||||||
|
GRUB boot menu. It leaves a symlink named
|
||||||
|
.Pa result
|
||||||
|
in the current directory, which points to the output of the top-level
|
||||||
|
.Dq system
|
||||||
|
derivation. This is essentially the same as doing
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nix-build /path/to/nixpkgs/nixos -A system
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
Note that you do not need to be root to run
|
||||||
|
.Ic nixos-rebuild build Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Cm dry-build
|
||||||
|
Show what store paths would be built or downloaded by any of the
|
||||||
|
operations above, but otherwise do nothing.
|
||||||
|
.
|
||||||
|
.It Cm dry-activate
|
||||||
|
Build the new configuration, but instead of activating it, show what
|
||||||
|
changes would be performed by the activation (i.e. by
|
||||||
|
.Ic nixos-rebuild test Ns
|
||||||
|
). For instance, this command will print which systemd units would be restarted.
|
||||||
|
The list of changes is not guaranteed to be complete.
|
||||||
|
.
|
||||||
|
.It Cm edit
|
||||||
|
Opens
|
||||||
|
.Pa configuration.nix
|
||||||
|
in the default editor.
|
||||||
|
.
|
||||||
|
.It Cm build-vm
|
||||||
|
Build a script that starts a NixOS virtual machine with the desired
|
||||||
|
configuration. It leaves a symlink
|
||||||
|
.Pa result
|
||||||
|
in the current directory that points (under
|
||||||
|
.Ql result/bin/run\- Ns Va hostname Ns \-vm Ns
|
||||||
|
)
|
||||||
|
at the script that starts the VM. Thus, to test a NixOS configuration in
|
||||||
|
a virtual machine, you should do the following:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-rebuild build-vm
|
||||||
|
$ ./result/bin/run-*-vm
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
The VM is implemented using the
|
||||||
|
.Ql qemu
|
||||||
|
package. For best performance, you should load the
|
||||||
|
.Ql kvm-intel
|
||||||
|
or
|
||||||
|
.Ql kvm-amd
|
||||||
|
kernel modules to get hardware virtualisation.
|
||||||
|
.Pp
|
||||||
|
The VM mounts the Nix store of the host through the 9P file system. The
|
||||||
|
host Nix store is read-only, so Nix commands that modify the Nix store
|
||||||
|
will not work in the VM. This includes commands such as
|
||||||
|
.Nm Ns
|
||||||
|
; to change the VM’s configuration, you must halt the VM and re-run the commands
|
||||||
|
above.
|
||||||
|
.Pp
|
||||||
|
The VM has its own ext3 root file system, which is automatically created when
|
||||||
|
the VM is first started, and is persistent across reboots of the VM. It is
|
||||||
|
stored in
|
||||||
|
.Ql ./ Ns Va hostname Ns .qcow2 Ns
|
||||||
|
\&.
|
||||||
|
.\" The entire file system hierarchy of the host is available in
|
||||||
|
.\" the VM under
|
||||||
|
.\" .Pa /hostfs Ns
|
||||||
|
.\" .
|
||||||
|
.
|
||||||
|
.It Cm build-vm-with-bootloader
|
||||||
|
Like
|
||||||
|
.Cm build-vm Ns
|
||||||
|
, but boots using the regular boot loader of your configuration (e.g. GRUB 1 or
|
||||||
|
2), rather than booting directly into the kernel and initial ramdisk of the
|
||||||
|
system. This allows you to test whether the boot loader works correctly. \
|
||||||
|
However, it does not guarantee that your NixOS configuration will boot
|
||||||
|
successfully on the host hardware (i.e., after running
|
||||||
|
.Ic nixos-rebuild switch Ns
|
||||||
|
), because the hardware and boot loader configuration in the VM are different.
|
||||||
|
The boot loader is installed on an automatically generated virtual disk
|
||||||
|
containing a
|
||||||
|
.Pa /boot
|
||||||
|
partition.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh OPTIONS
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Fl -upgrade , -upgrade-all
|
||||||
|
Update the root user's channel named
|
||||||
|
.Ql nixos
|
||||||
|
before rebuilding the system.
|
||||||
|
.Pp
|
||||||
|
In addition to the
|
||||||
|
.Ql nixos
|
||||||
|
channel, the root user's channels which have a file named
|
||||||
|
.Ql .update-on-nixos-rebuild
|
||||||
|
in their base directory will also be updated.
|
||||||
|
.Pp
|
||||||
|
Passing
|
||||||
|
.Fl -upgrade-all
|
||||||
|
updates all of the root user's channels.
|
||||||
|
.
|
||||||
|
.It Fl -install-bootloader
|
||||||
|
Causes the boot loader to be (re)installed on the device specified by the
|
||||||
|
relevant configuration options.
|
||||||
|
.
|
||||||
|
.It Fl -no-build-nix
|
||||||
|
Normally,
|
||||||
|
.Nm
|
||||||
|
first builds the
|
||||||
|
.Ql nixUnstable
|
||||||
|
attribute in Nixpkgs, and uses the resulting instance of the Nix package manager
|
||||||
|
to build the new system configuration. This is necessary if the NixOS modules
|
||||||
|
use features not provided by the currently installed version of Nix. This option
|
||||||
|
disables building a new Nix.
|
||||||
|
.
|
||||||
|
.It Fl -fast
|
||||||
|
Equivalent to
|
||||||
|
.Fl -no-build-nix Ns
|
||||||
|
\&. This option is useful if you call
|
||||||
|
.Nm
|
||||||
|
frequently (e.g. if you’re hacking on a NixOS module).
|
||||||
|
.
|
||||||
|
.It Fl -rollback
|
||||||
|
Instead of building a new configuration as specified by
|
||||||
|
.Pa /etc/nixos/configuration.nix Ns
|
||||||
|
, roll back to the previous configuration. (The previous configuration is
|
||||||
|
defined as the one before the “current” generation of the Nix profile
|
||||||
|
.Pa /nix/var/nix/profiles/system Ns
|
||||||
|
\&.)
|
||||||
|
.
|
||||||
|
.It Fl -builders Ar builder-spec
|
||||||
|
Allow ad-hoc remote builders for building the new system. This requires
|
||||||
|
the user executing
|
||||||
|
.Nm
|
||||||
|
(usually root) to be configured as a trusted user in the Nix daemon. This can be
|
||||||
|
achieved by using the
|
||||||
|
.Va nix.settings.trusted-users
|
||||||
|
NixOS option. Examples values for that option are described in the
|
||||||
|
.Dq Remote builds
|
||||||
|
chapter in the Nix manual, (i.e.
|
||||||
|
.Ql --builders \(dqssh://bigbrother x86_64-linux\(dq Ns
|
||||||
|
). By specifying an empty string existing builders specified in
|
||||||
|
.Pa /etc/nix/machines
|
||||||
|
can be ignored:
|
||||||
|
.Ql --builders \(dq\(dq
|
||||||
|
for example when they are not reachable due to network connectivity.
|
||||||
|
.
|
||||||
|
.It Fl -profile-name Ar name , Fl p Ar name
|
||||||
|
Instead of using the Nix profile
|
||||||
|
.Pa /nix/var/nix/profiles/system
|
||||||
|
to keep track of the current and previous system configurations, use
|
||||||
|
.Pa /nix/var/nix/profiles/system-profiles/ Ns Va name Ns
|
||||||
|
\&. When you use GRUB 2, for every system profile created with this flag, NixOS
|
||||||
|
will create a submenu named
|
||||||
|
.Dq NixOS - Profile Va name
|
||||||
|
in GRUB’s boot menu, containing the current and previous configurations of this profile.
|
||||||
|
.Pp
|
||||||
|
For instance, if you want to test a configuration file named
|
||||||
|
.Pa test.nix
|
||||||
|
without affecting the default system profile, you would do:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-rebuild switch -p test -I nixos-config=./test.nix
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
The new configuration will appear in the GRUB 2 submenu
|
||||||
|
.Dq NixOS - Profile 'test' Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Fl -specialisation Ar name , Fl c Ar name
|
||||||
|
Activates given specialisation; when not specified, switching and testing
|
||||||
|
will activate the base, unspecialised system.
|
||||||
|
.
|
||||||
|
.It Fl -build-host Ar host
|
||||||
|
Instead of building the new configuration locally, use the specified host
|
||||||
|
to perform the build. The host needs to be accessible with
|
||||||
|
.Ic ssh Ns ,
|
||||||
|
and must be able to perform Nix builds. If the option
|
||||||
|
.Fl -target-host
|
||||||
|
is not set, the build will be copied back to the local machine when done.
|
||||||
|
.Pp
|
||||||
|
Note that, if
|
||||||
|
.Fl -no-build-nix
|
||||||
|
is not specified, Nix will be built both locally and remotely. This is because
|
||||||
|
the configuration will always be evaluated locally even though the building
|
||||||
|
might be performed remotely.
|
||||||
|
.Pp
|
||||||
|
You can include a remote user name in the host name
|
||||||
|
.Ns ( Va user@host Ns
|
||||||
|
). You can also set ssh options by defining the
|
||||||
|
.Ev NIX_SSHOPTS
|
||||||
|
environment variable.
|
||||||
|
.
|
||||||
|
.It Fl -target-host Ar host
|
||||||
|
Specifies the NixOS target host. By setting this to something other than an
|
||||||
|
empty string, the system activation will happen on the remote host instead of
|
||||||
|
the local machine. The remote host needs to be accessible over
|
||||||
|
.Ic ssh Ns ,
|
||||||
|
and for the commands
|
||||||
|
.Cm switch Ns
|
||||||
|
,
|
||||||
|
.Cm boot
|
||||||
|
and
|
||||||
|
.Cm test
|
||||||
|
you need root access.
|
||||||
|
.Pp
|
||||||
|
If
|
||||||
|
.Fl -build-host
|
||||||
|
is not explicitly specified or empty, building will take place locally.
|
||||||
|
.Pp
|
||||||
|
You can include a remote user name in the host name
|
||||||
|
.Ns ( Va user@host Ns
|
||||||
|
). You can also set ssh options by defining the
|
||||||
|
.Ev NIX_SSHOPTS
|
||||||
|
environment variable.
|
||||||
|
.Pp
|
||||||
|
Note that
|
||||||
|
.Nm
|
||||||
|
honors the
|
||||||
|
.Va nixpkgs.crossSystem
|
||||||
|
setting of the given configuration but disregards the true architecture of the
|
||||||
|
target host. Hence the
|
||||||
|
.Va nixpkgs.crossSystem
|
||||||
|
setting has to match the target platform or else activation will fail.
|
||||||
|
.
|
||||||
|
.It Fl -use-substitutes
|
||||||
|
When set, nixos-rebuild will add
|
||||||
|
.Fl -use-substitutes
|
||||||
|
to each invocation of nix-copy-closure. This will only affect the behavior of
|
||||||
|
nixos-rebuild if
|
||||||
|
.Fl -target-host
|
||||||
|
or
|
||||||
|
.Fl -build-host
|
||||||
|
is also set. This is useful when the target-host connection to cache.nixos.org
|
||||||
|
is faster than the connection between hosts.
|
||||||
|
.
|
||||||
|
.It Fl -use-remote-sudo
|
||||||
|
When set, nixos-rebuild prefixes remote commands that run on the
|
||||||
|
.Fl -build-host
|
||||||
|
and
|
||||||
|
.Fl -target-host
|
||||||
|
systems with
|
||||||
|
.Ic sudo Ns
|
||||||
|
\&. Setting this option allows deploying as a non-root user.
|
||||||
|
.
|
||||||
|
.It Fl -flake Va flake-uri Ns Op Va #name
|
||||||
|
Build the NixOS system from the specified flake. It defaults to the directory
|
||||||
|
containing the target of the symlink
|
||||||
|
.Pa /etc/nixos/flake.nix Ns
|
||||||
|
, if it exists. The flake must contain an output named
|
||||||
|
.Ql nixosConfigurations. Ns Va name Ns
|
||||||
|
\&. If
|
||||||
|
.Va name
|
||||||
|
is omitted, it default to the current host name.
|
||||||
|
.
|
||||||
|
.It Fl -no-flake
|
||||||
|
Do not imply
|
||||||
|
.Fl -flake
|
||||||
|
if
|
||||||
|
.Pa /etc/nixos/flake.nix
|
||||||
|
exists. With this option, it is possible to build non-flake NixOS configurations
|
||||||
|
even if the current NixOS systems uses flakes.
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
|
In addition,
|
||||||
|
.Nm
|
||||||
|
accepts various Nix-related flags, including
|
||||||
|
.Fl -max-jobs Ns ,
|
||||||
|
.Fl j Ns ,
|
||||||
|
.Fl I Ns ,
|
||||||
|
.Fl -show-trace Ns ,
|
||||||
|
.Fl -keep-failed Ns ,
|
||||||
|
.Fl -keep-going Ns ,
|
||||||
|
.Fl -impure Ns ,
|
||||||
|
.Fl -verbose Ns , and
|
||||||
|
.Fl v Ns
|
||||||
|
\&. See the Nix manual for details.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh ENVIRONMENT
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Ev NIXOS_CONFIG
|
||||||
|
Path to the main NixOS configuration module. Defaults to
|
||||||
|
.Pa /etc/nixos/configuration.nix Ns
|
||||||
|
\&.
|
||||||
|
.
|
||||||
|
.It Ev NIX_PATH
|
||||||
|
A colon-separated list of directories used to look up Nix expressions enclosed
|
||||||
|
in angle brackets (e.g. <nixpkgs>). Example:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
nixpkgs=./my-nixpkgs
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.It Ev NIX_SSHOPTS
|
||||||
|
Additional options to be passed to
|
||||||
|
.Ic ssh
|
||||||
|
on the command line.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh FILES
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Pa /etc/nixos/flake.nix
|
||||||
|
If this file exists, then
|
||||||
|
.Nm
|
||||||
|
will use it as if the
|
||||||
|
.Fl -flake
|
||||||
|
option was given. This file may be a symlink to a
|
||||||
|
.Pa flake.nix
|
||||||
|
in an actual flake; thus
|
||||||
|
.Pa /etc/nixos
|
||||||
|
need not be a flake.
|
||||||
|
.
|
||||||
|
.It Pa /run/current-system
|
||||||
|
A symlink to the currently active system configuration in the Nix store.
|
||||||
|
.
|
||||||
|
.It Pa /nix/var/nix/profiles/system
|
||||||
|
The Nix profile that contains the current and previous system
|
||||||
|
configurations. Used to generate the GRUB boot menu.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh BUGS
|
||||||
|
This command should be renamed to something more descriptive.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
.An Eelco Dolstra
|
||||||
|
and
|
||||||
|
.An the Nixpkgs/NixOS contributors
|
90
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-version.8
vendored
Normal file
90
third_party/nixpkgs/nixos/doc/manual/manpages/nixos-version.8
vendored
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
.Dd January 1, 1980
|
||||||
|
.\" nixpkgs groff will use Nixpkgs as the OS in the title by default, taking it from
|
||||||
|
.\" doc-default-operating-system. mandoc doesn't have this register set by default,
|
||||||
|
.\" so we can use it as a groff/mandoc switch.
|
||||||
|
.ie ddoc-default-operating-system .Dt nixos-version \&8 "NixOS System Manager's Manual"
|
||||||
|
.el .Dt nixos-version 8
|
||||||
|
.Os NixOS
|
||||||
|
.Sh NAME
|
||||||
|
.Nm nixos-version
|
||||||
|
.Nd show the NixOS version
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.Nm nixos-version
|
||||||
|
.Op Fl -hash
|
||||||
|
.Op Fl -revision
|
||||||
|
.Op Fl -configuration-revision
|
||||||
|
.Op Fl -json
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
This command shows the version of the currently active NixOS configuration. For example:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-version
|
||||||
|
16.03.1011.6317da4 (Emu)
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.Pp
|
||||||
|
The version consists of the following elements:
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Ql 16.03
|
||||||
|
The NixOS release, indicating the year and month in which it was released
|
||||||
|
(e.g. March 2016).
|
||||||
|
.It Ql 1011
|
||||||
|
The number of commits in the Nixpkgs Git repository between the start of the
|
||||||
|
release branch and the commit from which this version was built. This ensures
|
||||||
|
that NixOS versions are monotonically increasing. It is
|
||||||
|
.Ql git
|
||||||
|
when the current NixOS configuration was built from a checkout of the Nixpkgs
|
||||||
|
Git repository rather than from a NixOS channel.
|
||||||
|
.It Ql 6317da4
|
||||||
|
The first 7 characters of the commit in the Nixpkgs Git repository from which
|
||||||
|
this version was built.
|
||||||
|
.It Ql Emu
|
||||||
|
The code name of the NixOS release. The first letter of the code name indicates
|
||||||
|
that this is the N'th stable NixOS release; for example, Emu is the fifth
|
||||||
|
release.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh OPTIONS
|
||||||
|
.Bl -tag -width indent
|
||||||
|
.It Fl -hash , -revision
|
||||||
|
Show the full SHA1 hash of the Git commit from which this configuration was
|
||||||
|
built, e.g.
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-version --hash
|
||||||
|
6317da40006f6bc2480c6781999c52d88dde2acf
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.It Fl -configuration-revision
|
||||||
|
Show the configuration revision if available. This could be the full SHA1 hash
|
||||||
|
of the Git commit of the system flake, if you add
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
{ system.configurationRevision = self.rev or "dirty"; }
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
to the
|
||||||
|
.Ql modules
|
||||||
|
array of your flake.nix system configuration e.g.
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
$ nixos-version --configuration-revision
|
||||||
|
aa314ebd1592f6cdd53cb5bba8bcae97d9323de8
|
||||||
|
.Ed
|
||||||
|
.
|
||||||
|
.It Fl -json
|
||||||
|
Print a JSON representation of the versions of NixOS and the top-level
|
||||||
|
configuration flake.
|
||||||
|
.El
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
.An Eelco Dolstra
|
||||||
|
and
|
||||||
|
.An the Nixpkgs/NixOS contributors
|
|
@ -38,7 +38,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
||||||
|
|
||||||
- [QDMR](https://dm3mat.darc.de/qdmr/), a gui application and command line tool for programming cheap DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
|
- [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
|
||||||
|
|
||||||
- [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable).
|
- [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable).
|
||||||
|
|
||||||
|
@ -48,13 +48,17 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.
|
- [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.
|
||||||
|
|
||||||
|
- [sharing](https://github.com/parvardegr/sharing), a command-line tool to share directories and files from the CLI to iOS and Android devices without the need of an extra client app. Available as [programs.sharing](#opt-programs.sharing.enable).
|
||||||
|
|
||||||
## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
|
## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
- `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead.
|
- `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead.
|
||||||
|
|
||||||
- `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust and go packages).
|
- `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages).
|
||||||
|
|
||||||
|
- `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`.
|
||||||
|
|
||||||
- `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep).
|
- `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep).
|
||||||
|
|
||||||
|
@ -97,6 +101,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- The [services.wordpress.sites.<name>.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.<name>.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name.
|
- The [services.wordpress.sites.<name>.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.<name>.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name.
|
||||||
|
|
||||||
|
- Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`.
|
||||||
|
|
||||||
- In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`.
|
- In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`.
|
||||||
|
|
||||||
- The `--target-host` and `--build-host` options of `nixos-rebuild` no longer treat the `localhost` value specially – to build on/deploy to local machine, omit the relevant flag.
|
- The `--target-host` and `--build-host` options of `nixos-rebuild` no longer treat the `localhost` value specially – to build on/deploy to local machine, omit the relevant flag.
|
||||||
|
@ -122,7 +128,17 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package)
|
- The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package)
|
||||||
|
|
||||||
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follow: `services.openssh.kbdInteractiveAuthentication` to `services.openssh.settings.KbdInteractiveAuthentication`, `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`, `services.openssh.useDns` to `services.openssh.settings.UseDns`, `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`, `services.openssh.logLevel` to `services.openssh.settings.LogLevel`.
|
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follows:
|
||||||
|
- `services.openssh.forwardX11` to `services.openssh.settings.X11Forwarding`
|
||||||
|
- `services.openssh.kbdInteractiveAuthentication` -> `services.openssh.settings.KbdInteractiveAuthentication`
|
||||||
|
- `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`
|
||||||
|
- `services.openssh.useDns` to `services.openssh.settings.UseDns`
|
||||||
|
- `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`
|
||||||
|
- `services.openssh.logLevel` to `services.openssh.settings.LogLevel`
|
||||||
|
- `services.openssh.kexAlgorithms` to `services.openssh.settings.KexAlgorithms`
|
||||||
|
- `services.openssh.macs` to `services.openssh.settings.Macs`
|
||||||
|
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
|
||||||
|
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
|
||||||
|
|
||||||
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
|
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
|
||||||
|
|
||||||
|
@ -175,6 +191,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
|
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
|
||||||
|
|
||||||
|
- Grafana Tempo has been updated to version 2.0. See the [upstream upgrade guide](https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations) for migration instructions.
|
||||||
|
|
||||||
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
|
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
|
||||||
|
|
||||||
- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
|
- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
|
||||||
|
@ -193,6 +211,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion).
|
- [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion).
|
||||||
|
|
||||||
|
- Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays.
|
||||||
|
|
||||||
- `hip` has been separated into `hip`, `hip-common` and `hipcc`.
|
- `hip` has been separated into `hip`, `hip-common` and `hipcc`.
|
||||||
|
|
||||||
- `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections.
|
- `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections.
|
||||||
|
@ -203,12 +223,30 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
|
- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
|
||||||
|
|
||||||
|
- The `zramSwap` is now implemented with `zram-generator`, and the option `zramSwap.numDevices` for using ZRAM devices as general purpose ephemeral block devices has been removed.
|
||||||
|
|
||||||
|
- As Singularity has renamed to [Apptainer](https://apptainer.org/news/community-announcement-20211130)
|
||||||
|
to distinguish from [an un-renamed fork by Sylabs Inc.](https://sylabs.io/2021/05/singularity-community-edition),
|
||||||
|
there are now two packages of Singularity/Apptainer:
|
||||||
|
* `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming.
|
||||||
|
* `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc..
|
||||||
|
|
||||||
|
`programs.singularity` got a new `package` option to specify which package to use.
|
||||||
|
|
||||||
|
`singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use.
|
||||||
|
|
||||||
|
- The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`.
|
||||||
|
|
||||||
- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream.
|
- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream.
|
||||||
|
|
||||||
- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
|
- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
|
||||||
|
|
||||||
- [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package.
|
- [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package.
|
||||||
|
|
||||||
|
- `tvbrowser-bin` was removed, and now `tvbrowser` is built from source.
|
||||||
|
|
||||||
- `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision
|
- `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision
|
||||||
|
|
||||||
- The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.
|
- The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.
|
||||||
|
|
||||||
|
- The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed.
|
||||||
|
|
|
@ -23,7 +23,7 @@ pkgs.releaseTools.makeSourceTarball {
|
||||||
cp -prd . ../$releaseName
|
cp -prd . ../$releaseName
|
||||||
chmod -R u+w ../$releaseName
|
chmod -R u+w ../$releaseName
|
||||||
ln -s . ../$releaseName/nixpkgs # hack to make ‘<nixpkgs>’ work
|
ln -s . ../$releaseName/nixpkgs # hack to make ‘<nixpkgs>’ work
|
||||||
NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --xml \* > /dev/null
|
NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --show-trace --xml \* > /dev/null
|
||||||
cd ..
|
cd ..
|
||||||
chmod -R u+w $releaseName
|
chmod -R u+w $releaseName
|
||||||
tar cfJ $out/tarballs/$releaseName.tar.xz $releaseName
|
tar cfJ $out/tarballs/$releaseName.tar.xz $releaseName
|
||||||
|
|
|
@ -78,7 +78,7 @@ let
|
||||||
title = args.title or null;
|
title = args.title or null;
|
||||||
name = args.name or (lib.concatStringsSep "." args.path);
|
name = args.name or (lib.concatStringsSep "." args.path);
|
||||||
in ''
|
in ''
|
||||||
- [`${lib.optionalString (title != null) "${title} aka "}pkgs.${name}`](
|
- [${lib.optionalString (title != null) "${title} aka "}`pkgs.${name}`](
|
||||||
https://search.nixos.org/packages?show=${name}&sort=relevance&query=${name}
|
https://search.nixos.org/packages?show=${name}&sort=relevance&query=${name}
|
||||||
)${
|
)${
|
||||||
lib.optionalString (args ? comment) "\n\n ${args.comment}"
|
lib.optionalString (args ? comment) "\n\n ${args.comment}"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
from contextlib import _GeneratorContextManager
|
from contextlib import _GeneratorContextManager, nullcontext
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from queue import Queue
|
from queue import Queue
|
||||||
from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple
|
from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple
|
||||||
|
@ -406,7 +406,6 @@ class Machine:
|
||||||
return rootlog.nested(msg, my_attrs)
|
return rootlog.nested(msg, my_attrs)
|
||||||
|
|
||||||
def wait_for_monitor_prompt(self) -> str:
|
def wait_for_monitor_prompt(self) -> str:
|
||||||
with self.nested("waiting for monitor prompt"):
|
|
||||||
assert self.monitor is not None
|
assert self.monitor is not None
|
||||||
answer = ""
|
answer = ""
|
||||||
while True:
|
while True:
|
||||||
|
@ -420,7 +419,6 @@ class Machine:
|
||||||
|
|
||||||
def send_monitor_command(self, command: str) -> str:
|
def send_monitor_command(self, command: str) -> str:
|
||||||
self.run_callbacks()
|
self.run_callbacks()
|
||||||
with self.nested(f"sending monitor command: {command}"):
|
|
||||||
message = f"{command}\n".encode()
|
message = f"{command}\n".encode()
|
||||||
assert self.monitor is not None
|
assert self.monitor is not None
|
||||||
self.monitor.send(message)
|
self.monitor.send(message)
|
||||||
|
@ -547,7 +545,7 @@ class Machine:
|
||||||
self.shell.send("echo ${PIPESTATUS[0]}\n".encode())
|
self.shell.send("echo ${PIPESTATUS[0]}\n".encode())
|
||||||
rc = int(self._next_newline_closed_block_from_shell().strip())
|
rc = int(self._next_newline_closed_block_from_shell().strip())
|
||||||
|
|
||||||
return (rc, output.decode())
|
return (rc, output.decode(errors="replace"))
|
||||||
|
|
||||||
def shell_interact(self, address: Optional[str] = None) -> None:
|
def shell_interact(self, address: Optional[str] = None) -> None:
|
||||||
"""Allows you to interact with the guest shell for debugging purposes.
|
"""Allows you to interact with the guest shell for debugging purposes.
|
||||||
|
@ -685,9 +683,9 @@ class Machine:
|
||||||
retry(tty_matches)
|
retry(tty_matches)
|
||||||
|
|
||||||
def send_chars(self, chars: str, delay: Optional[float] = 0.01) -> None:
|
def send_chars(self, chars: str, delay: Optional[float] = 0.01) -> None:
|
||||||
with self.nested(f"sending keys '{chars}'"):
|
with self.nested(f"sending keys {repr(chars)}"):
|
||||||
for char in chars:
|
for char in chars:
|
||||||
self.send_key(char, delay)
|
self.send_key(char, delay, log=False)
|
||||||
|
|
||||||
def wait_for_file(self, filename: str) -> None:
|
def wait_for_file(self, filename: str) -> None:
|
||||||
"""Waits until the file exists in machine's file system."""
|
"""Waits until the file exists in machine's file system."""
|
||||||
|
@ -860,8 +858,12 @@ class Machine:
|
||||||
if matches is not None:
|
if matches is not None:
|
||||||
return
|
return
|
||||||
|
|
||||||
def send_key(self, key: str, delay: Optional[float] = 0.01) -> None:
|
def send_key(
|
||||||
|
self, key: str, delay: Optional[float] = 0.01, log: Optional[bool] = True
|
||||||
|
) -> None:
|
||||||
key = CHAR_TO_KEY.get(key, key)
|
key = CHAR_TO_KEY.get(key, key)
|
||||||
|
context = self.nested(f"sending key {repr(key)}") if log else nullcontext()
|
||||||
|
with context:
|
||||||
self.send_monitor_command(f"sendkey {key}")
|
self.send_monitor_command(f"sendkey {key}")
|
||||||
if delay is not None:
|
if delay is not None:
|
||||||
time.sleep(delay)
|
time.sleep(delay)
|
||||||
|
|
|
@ -89,7 +89,7 @@ with lib;
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It’s perfectly fine and recommended to leave
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
|
|
@ -46,8 +46,10 @@ with lib;
|
||||||
libextractor = super.libextractor.override { gtkSupport = false; };
|
libextractor = super.libextractor.override { gtkSupport = false; };
|
||||||
libva = super.libva-minimal;
|
libva = super.libva-minimal;
|
||||||
limesuite = super.limesuite.override { withGui = false; };
|
limesuite = super.limesuite.override { withGui = false; };
|
||||||
|
mc = super.mc.override { x11Support = false; };
|
||||||
mpv-unwrapped = super.mpv-unwrapped.override { sdl2Support = false; x11Support = false; };
|
mpv-unwrapped = super.mpv-unwrapped.override { sdl2Support = false; x11Support = false; };
|
||||||
msmtp = super.msmtp.override { withKeyring = false; };
|
msmtp = super.msmtp.override { withKeyring = false; };
|
||||||
|
neofetch = super.neofetch.override { x11Support = false; };
|
||||||
networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; };
|
networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; };
|
||||||
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
|
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
|
||||||
networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; };
|
networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; };
|
||||||
|
|
|
@ -15,7 +15,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.networking.stevenblack = {
|
options.networking.stevenblack = {
|
||||||
enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist.");
|
enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist");
|
||||||
|
|
||||||
block = mkOption {
|
block = mkOption {
|
||||||
type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]);
|
type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]);
|
||||||
|
|
153
third_party/nixpkgs/nixos/modules/config/zram.nix
vendored
153
third_party/nixpkgs/nixos/modules/config/zram.nix
vendored
|
@ -1,45 +1,27 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
cfg = config.zramSwap;
|
cfg = config.zramSwap;
|
||||||
|
devices = map (nr: "zram${toString nr}") (lib.range 0 (cfg.swapDevices - 1));
|
||||||
# don't set swapDevices as mkDefault, so we can detect user had read our warning
|
|
||||||
# (see below) and made an action (or not)
|
|
||||||
devicesCount = if cfg.swapDevices != null then cfg.swapDevices else cfg.numDevices;
|
|
||||||
|
|
||||||
devices = map (nr: "zram${toString nr}") (range 0 (devicesCount - 1));
|
|
||||||
|
|
||||||
modprobe = "${pkgs.kmod}/bin/modprobe";
|
|
||||||
|
|
||||||
warnings =
|
|
||||||
assert cfg.swapDevices != null -> cfg.numDevices >= cfg.swapDevices;
|
|
||||||
flatten [
|
|
||||||
(optional (cfg.numDevices > 1 && cfg.swapDevices == null) ''
|
|
||||||
Using several small zram devices as swap is no better than using one large.
|
|
||||||
Set either zramSwap.numDevices = 1 or explicitly set zramSwap.swapDevices.
|
|
||||||
|
|
||||||
Previously multiple zram devices were used to enable multithreaded
|
|
||||||
compression. Linux supports multithreaded compression for 1 device
|
|
||||||
since 3.15. See https://lkml.org/lkml/2014/2/28/404 for details.
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(lib.mkRemovedOptionModule [ "zramSwap" "numDevices" ] "Using ZRAM devices as general purpose ephemeral block devices is no longer supported")
|
||||||
|
];
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
zramSwap = {
|
zramSwap = {
|
||||||
|
|
||||||
enable = mkOption {
|
enable = lib.mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = lib.types.bool;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Enable in-memory compressed devices and swap space provided by the zram
|
Enable in-memory compressed devices and swap space provided by the zram
|
||||||
kernel module.
|
kernel module.
|
||||||
|
@ -49,29 +31,17 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
numDevices = mkOption {
|
swapDevices = lib.mkOption {
|
||||||
default = 1;
|
default = 1;
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Number of zram devices to create. See also
|
Number of zram devices to be used as swap, recommended is 1.
|
||||||
`zramSwap.swapDevices`
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = mkOption {
|
memoryPercent = lib.mkOption {
|
||||||
default = null;
|
|
||||||
example = 1;
|
|
||||||
type = with types; nullOr int;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Number of zram devices to be used as swap. Must be
|
|
||||||
`<= zramSwap.numDevices`.
|
|
||||||
Default is same as `zramSwap.numDevices`, recommended is 1.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
memoryPercent = mkOption {
|
|
||||||
default = 50;
|
default = 50;
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Maximum total amount of memory that can be stored in the zram swap devices
|
Maximum total amount of memory that can be stored in the zram swap devices
|
||||||
(as a percentage of your total memory). Defaults to 1/2 of your total
|
(as a percentage of your total memory). Defaults to 1/2 of your total
|
||||||
|
@ -80,9 +50,9 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
memoryMax = mkOption {
|
memoryMax = lib.mkOption {
|
||||||
default = null;
|
default = null;
|
||||||
type = with types; nullOr int;
|
type = with lib.types; nullOr int;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Maximum total amount of memory (in bytes) that can be stored in the zram
|
Maximum total amount of memory (in bytes) that can be stored in the zram
|
||||||
swap devices.
|
swap devices.
|
||||||
|
@ -90,9 +60,9 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
priority = mkOption {
|
priority = lib.mkOption {
|
||||||
default = 5;
|
default = 5;
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Priority of the zram swap devices. It should be a number higher than
|
Priority of the zram swap devices. It should be a number higher than
|
||||||
the priority of your disk-based swap devices (so that the system will
|
the priority of your disk-based swap devices (so that the system will
|
||||||
|
@ -100,10 +70,10 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
algorithm = mkOption {
|
algorithm = lib.mkOption {
|
||||||
default = "zstd";
|
default = "zstd";
|
||||||
example = "lz4";
|
example = "lz4";
|
||||||
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str;
|
type = with lib.types; either (enum [ "lzo" "lz4" "zstd" ]) str;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Compression algorithm. `lzo` has good compression,
|
Compression algorithm. `lzo` has good compression,
|
||||||
but is slow. `lz4` has bad compression, but is fast.
|
but is slow. `lz4` has bad compression, but is fast.
|
||||||
|
@ -116,9 +86,7 @@ in
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
inherit warnings;
|
|
||||||
|
|
||||||
system.requiredKernelConfig = with config.lib.kernelConfig; [
|
system.requiredKernelConfig = with config.lib.kernelConfig; [
|
||||||
(isModule "ZRAM")
|
(isModule "ZRAM")
|
||||||
|
@ -128,78 +96,25 @@ in
|
||||||
# once in stage 2 boot, and again when the zram-reloader service starts.
|
# once in stage 2 boot, and again when the zram-reloader service starts.
|
||||||
# boot.kernelModules = [ "zram" ];
|
# boot.kernelModules = [ "zram" ];
|
||||||
|
|
||||||
boot.extraModprobeConfig = ''
|
systemd.packages = [ pkgs.zram-generator ];
|
||||||
options zram num_devices=${toString cfg.numDevices}
|
systemd.services."systemd-zram-setup@".path = [ pkgs.util-linux ]; # for mkswap
|
||||||
'';
|
|
||||||
|
|
||||||
boot.kernelParams = ["zram.num_devices=${toString cfg.numDevices}"];
|
environment.etc."systemd/zram-generator.conf".source =
|
||||||
|
(pkgs.formats.ini { }).generate "zram-generator.conf" (lib.listToAttrs
|
||||||
services.udev.extraRules = ''
|
(builtins.map
|
||||||
KERNEL=="zram[0-9]*", ENV{SYSTEMD_WANTS}="zram-init-%k.service", TAG+="systemd"
|
(dev: {
|
||||||
'';
|
name = dev;
|
||||||
|
value =
|
||||||
systemd.services =
|
|
||||||
let
|
let
|
||||||
createZramInitService = dev:
|
size = "${toString cfg.memoryPercent} / 100 * ram";
|
||||||
nameValuePair "zram-init-${dev}" {
|
in
|
||||||
description = "Init swap on zram-based device ${dev}";
|
|
||||||
after = [ "dev-${dev}.device" "zram-reloader.service" ];
|
|
||||||
requires = [ "dev-${dev}.device" "zram-reloader.service" ];
|
|
||||||
before = [ "dev-${dev}.swap" ];
|
|
||||||
requiredBy = [ "dev-${dev}.swap" ];
|
|
||||||
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
ExecStop = "${pkgs.runtimeShell} -c 'echo 1 > /sys/class/block/${dev}/reset'";
|
|
||||||
};
|
|
||||||
script = ''
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
# Calculate memory to use for zram
|
|
||||||
mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / {
|
|
||||||
value=int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024);
|
|
||||||
${lib.optionalString (cfg.memoryMax != null) ''
|
|
||||||
memory_max=int(${toString cfg.memoryMax}/${toString devicesCount});
|
|
||||||
if (value > memory_max) { value = memory_max }
|
|
||||||
''}
|
|
||||||
print value
|
|
||||||
}' /proc/meminfo)
|
|
||||||
|
|
||||||
${pkgs.util-linux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
|
|
||||||
${pkgs.util-linux}/sbin/mkswap /dev/${dev}
|
|
||||||
'';
|
|
||||||
restartIfChanged = false;
|
|
||||||
};
|
|
||||||
in listToAttrs ((map createZramInitService devices) ++ [(nameValuePair "zram-reloader"
|
|
||||||
{
|
{
|
||||||
description = "Reload zram kernel module when number of devices changes";
|
zram-size = if cfg.memoryMax != null then "min(${size}, ${toString cfg.memoryMax} / 1024 / 1024)" else size;
|
||||||
wants = [ "systemd-udevd.service" ];
|
compression-algorithm = cfg.algorithm;
|
||||||
after = [ "systemd-udevd.service" ];
|
swap-priority = cfg.priority;
|
||||||
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
ExecStartPre = "-${modprobe} -r zram";
|
|
||||||
ExecStart = "-${modprobe} zram";
|
|
||||||
ExecStop = "-${modprobe} -r zram";
|
|
||||||
};
|
};
|
||||||
restartTriggers = [
|
})
|
||||||
cfg.numDevices
|
devices));
|
||||||
cfg.algorithm
|
|
||||||
cfg.memoryPercent
|
|
||||||
];
|
|
||||||
restartIfChanged = true;
|
|
||||||
})]);
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
let
|
|
||||||
useZramSwap = dev:
|
|
||||||
{
|
|
||||||
device = "/dev/${dev}";
|
|
||||||
priority = cfg.priority;
|
|
||||||
};
|
|
||||||
in map useZramSwap devices;
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,8 @@ let
|
||||||
pCfg = cfg.prime;
|
pCfg = cfg.prime;
|
||||||
syncCfg = pCfg.sync;
|
syncCfg = pCfg.sync;
|
||||||
offloadCfg = pCfg.offload;
|
offloadCfg = pCfg.offload;
|
||||||
primeEnabled = syncCfg.enable || offloadCfg.enable;
|
reverseSyncCfg = pCfg.reverseSync;
|
||||||
|
primeEnabled = syncCfg.enable || reverseSyncCfg.enable || offloadCfg.enable;
|
||||||
nvidiaPersistencedEnabled = cfg.nvidiaPersistenced;
|
nvidiaPersistencedEnabled = cfg.nvidiaPersistenced;
|
||||||
nvidiaSettings = cfg.nvidiaSettings;
|
nvidiaSettings = cfg.nvidiaSettings;
|
||||||
busIDType = types.strMatching "([[:print:]]+[\:\@][0-9]{1,3}\:[0-9]{1,2}\:[0-9])?";
|
busIDType = types.strMatching "([[:print:]]+[\:\@][0-9]{1,3}\:[0-9]{1,2}\:[0-9])?";
|
||||||
|
@ -31,7 +32,8 @@ in
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "enable" ] [ "hardware" "nvidia" "prime" "sync" "enable" ])
|
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "enable" ] [ "hardware" "nvidia" "prime" "sync" "enable" ])
|
||||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ])
|
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
|
||||||
|
(mkRenamedOptionModule [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
|
||||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "nvidiaBusId" ] [ "hardware" "nvidia" "prime" "nvidiaBusId" ])
|
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "nvidiaBusId" ] [ "hardware" "nvidia" "prime" "nvidiaBusId" ])
|
||||||
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "intelBusId" ] [ "hardware" "nvidia" "prime" "intelBusId" ])
|
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "intelBusId" ] [ "hardware" "nvidia" "prime" "intelBusId" ])
|
||||||
];
|
];
|
||||||
|
@ -104,16 +106,17 @@ in
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME.
|
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME.
|
||||||
If enabled, the NVIDIA GPU will be always on and used for all rendering,
|
If enabled, the NVIDIA GPU will be always on and used for all rendering,
|
||||||
while enabling output to displays attached only to the integrated Intel GPU
|
while enabling output to displays attached only to the integrated Intel/AMD
|
||||||
without a multiplexer.
|
GPU without a multiplexer.
|
||||||
|
|
||||||
Note that this option only has any effect if the "nvidia" driver is specified
|
Note that this option only has any effect if the "nvidia" driver is specified
|
||||||
in {option}`services.xserver.videoDrivers`, and it should preferably
|
in {option}`services.xserver.videoDrivers`, and it should preferably
|
||||||
be the only driver there.
|
be the only driver there.
|
||||||
|
|
||||||
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
|
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
|
||||||
specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||||
{option}`hardware.nvidia.prime.intelBusId`).
|
{option}`hardware.nvidia.prime.intelBusId` or
|
||||||
|
{option}`hardware.nvidia.prime.amdgpuBusId`).
|
||||||
|
|
||||||
If you enable this, you may want to also enable kernel modesetting for the
|
If you enable this, you may want to also enable kernel modesetting for the
|
||||||
NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order
|
NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order
|
||||||
|
@ -125,11 +128,11 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.nvidia.prime.sync.allowExternalGpu = mkOption {
|
hardware.nvidia.prime.allowExternalGpu = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Configure X to allow external NVIDIA GPUs when using optimus.
|
Configure X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -139,9 +142,54 @@ in
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Enable render offload support using the NVIDIA proprietary driver via PRIME.
|
Enable render offload support using the NVIDIA proprietary driver via PRIME.
|
||||||
|
|
||||||
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
|
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
|
||||||
specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||||
{option}`hardware.nvidia.prime.intelBusId`).
|
{option}`hardware.nvidia.prime.intelBusId` or
|
||||||
|
{option}`hardware.nvidia.prime.amdgpuBusId`).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.nvidia.prime.offload.enableOffloadCmd = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Adds a `nvidia-offload` convenience script to {option}`environment.systemPackages`
|
||||||
|
for offloading programs to an nvidia device. To work, should have also enabled
|
||||||
|
{option}`hardware.nvidia.prime.offload.enable` or {option}`hardware.nvidia.prime.reverseSync.enable`.
|
||||||
|
|
||||||
|
Example usage `nvidia-offload sauerbraten_client`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.nvidia.prime.reverseSync.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Warning: This feature is relatively new, depending on your system this might
|
||||||
|
work poorly. AMD support, especially so.
|
||||||
|
See: https://forums.developer.nvidia.com/t/the-all-new-outputsink-feature-aka-reverse-prime/129828
|
||||||
|
|
||||||
|
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse
|
||||||
|
PRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while
|
||||||
|
enabling output to displays attached only to the NVIDIA GPU without a
|
||||||
|
multiplexer.
|
||||||
|
|
||||||
|
Note that this option only has any effect if the "nvidia" driver is specified
|
||||||
|
in {option}`services.xserver.videoDrivers`, and it should preferably
|
||||||
|
be the only driver there.
|
||||||
|
|
||||||
|
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
|
||||||
|
be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and
|
||||||
|
{option}`hardware.nvidia.prime.intelBusId` or
|
||||||
|
{option}`hardware.nvidia.prime.amdgpuBusId`).
|
||||||
|
|
||||||
|
If you enable this, you may want to also enable kernel modesetting for the
|
||||||
|
NVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order
|
||||||
|
to prevent tearing.
|
||||||
|
|
||||||
|
Note that this configuration will only be successful when a display manager
|
||||||
|
for which the {option}`services.xserver.displayManager.setupCommands`
|
||||||
|
option is supported is used.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -205,6 +253,13 @@ in
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
assertion = offloadCfg.enableOffloadCmd -> offloadCfg.enable || reverseSyncCfg.enable;
|
||||||
|
message = ''
|
||||||
|
Offload command requires offloading or reverse prime sync to be enabled.
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
|
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
|
||||||
message = ''
|
message = ''
|
||||||
|
@ -217,9 +272,19 @@ in
|
||||||
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
|
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
assertion = (reverseSyncCfg.enable && pCfg.amdgpuBusId != "") -> versionAtLeast nvidia_x11.version "470.0";
|
||||||
|
message = "NVIDIA PRIME render offload for AMD APUs is currently only supported on versions >= 470 beta.";
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
assertion = !(syncCfg.enable && offloadCfg.enable);
|
assertion = !(syncCfg.enable && offloadCfg.enable);
|
||||||
message = "Only one NVIDIA PRIME solution may be used at a time.";
|
message = "PRIME Sync and Offload cannot be both enabled";
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
assertion = !(syncCfg.enable && reverseSyncCfg.enable);
|
||||||
|
message = "PRIME Sync and PRIME Reverse Sync cannot be both enabled";
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -257,8 +322,10 @@ in
|
||||||
# - Configure the display manager to run specific `xrandr` commands which will
|
# - Configure the display manager to run specific `xrandr` commands which will
|
||||||
# configure/enable displays connected to the Intel iGPU / AMD APU.
|
# configure/enable displays connected to the Intel iGPU / AMD APU.
|
||||||
|
|
||||||
services.xserver.drivers = let
|
# reverse sync implies offloading
|
||||||
in optional primeEnabled {
|
hardware.nvidia.prime.offload.enable = mkDefault reverseSyncCfg.enable;
|
||||||
|
|
||||||
|
services.xserver.drivers = optional primeEnabled {
|
||||||
name = igpuDriver;
|
name = igpuDriver;
|
||||||
display = offloadCfg.enable;
|
display = offloadCfg.enable;
|
||||||
modules = optionals (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ];
|
modules = optionals (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ];
|
||||||
|
@ -273,7 +340,7 @@ in
|
||||||
deviceSection = optionalString primeEnabled
|
deviceSection = optionalString primeEnabled
|
||||||
''
|
''
|
||||||
BusID "${pCfg.nvidiaBusId}"
|
BusID "${pCfg.nvidiaBusId}"
|
||||||
${optionalString syncCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
|
${optionalString pCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
|
||||||
'';
|
'';
|
||||||
screenSection =
|
screenSection =
|
||||||
''
|
''
|
||||||
|
@ -290,19 +357,22 @@ in
|
||||||
|
|
||||||
services.xserver.serverLayoutSection = optionalString syncCfg.enable ''
|
services.xserver.serverLayoutSection = optionalString syncCfg.enable ''
|
||||||
Inactive "Device-${igpuDriver}[0]"
|
Inactive "Device-${igpuDriver}[0]"
|
||||||
|
'' + optionalString reverseSyncCfg.enable ''
|
||||||
|
Inactive "Device-nvidia[0]"
|
||||||
'' + optionalString offloadCfg.enable ''
|
'' + optionalString offloadCfg.enable ''
|
||||||
Option "AllowNVIDIAGPUScreens"
|
Option "AllowNVIDIAGPUScreens"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.xserver.displayManager.setupCommands = let
|
services.xserver.displayManager.setupCommands = let
|
||||||
sinkGpuProviderName = if igpuDriver == "amdgpu" then
|
gpuProviderName = if igpuDriver == "amdgpu" then
|
||||||
# find the name of the provider if amdgpu
|
# find the name of the provider if amdgpu
|
||||||
"`${pkgs.xorg.xrandr}/bin/xrandr --listproviders | ${pkgs.gnugrep}/bin/grep -i AMD | ${pkgs.gnused}/bin/sed -n 's/^.*name://p'`"
|
"`${pkgs.xorg.xrandr}/bin/xrandr --listproviders | ${pkgs.gnugrep}/bin/grep -i AMD | ${pkgs.gnused}/bin/sed -n 's/^.*name://p'`"
|
||||||
else
|
else
|
||||||
igpuDriver;
|
igpuDriver;
|
||||||
in optionalString syncCfg.enable ''
|
providerCmdParams = if syncCfg.enable then "\"${gpuProviderName}\" NVIDIA-0" else "NVIDIA-G0 \"${gpuProviderName}\"";
|
||||||
|
in optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
|
||||||
# Added by nvidia configuration module for Optimus/PRIME.
|
# Added by nvidia configuration module for Optimus/PRIME.
|
||||||
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource "${sinkGpuProviderName}" NVIDIA-0
|
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource ${providerCmdParams}
|
||||||
${pkgs.xorg.xrandr}/bin/xrandr --auto
|
${pkgs.xorg.xrandr}/bin/xrandr --auto
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -325,7 +395,16 @@ in
|
||||||
|
|
||||||
environment.systemPackages = [ nvidia_x11.bin ]
|
environment.systemPackages = [ nvidia_x11.bin ]
|
||||||
++ optionals cfg.nvidiaSettings [ nvidia_x11.settings ]
|
++ optionals cfg.nvidiaSettings [ nvidia_x11.settings ]
|
||||||
++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ];
|
++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ]
|
||||||
|
++ optionals offloadCfg.enableOffloadCmd [
|
||||||
|
(pkgs.writeShellScriptBin "nvidia-offload" ''
|
||||||
|
export __NV_PRIME_RENDER_OFFLOAD=1
|
||||||
|
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
||||||
|
export __GLX_VENDOR_LIBRARY_NAME=nvidia
|
||||||
|
export __VK_LAYER_NV_optimus=NVIDIA_only
|
||||||
|
exec "$@"
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
|
||||||
systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out;
|
systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out;
|
||||||
|
|
||||||
|
|
|
@ -217,7 +217,7 @@ in
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It’s perfectly fine and recommended to leave
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
|
|
@ -510,6 +510,7 @@ in
|
||||||
#seeks = 148; # removed 2020-06-21
|
#seeks = 148; # removed 2020-06-21
|
||||||
prosody = 149;
|
prosody = 149;
|
||||||
i2pd = 150;
|
i2pd = 150;
|
||||||
|
systemd-coredump = 151;
|
||||||
systemd-network = 152;
|
systemd-network = 152;
|
||||||
systemd-resolve = 153;
|
systemd-resolve = 153;
|
||||||
systemd-timesync = 154;
|
systemd-timesync = 154;
|
||||||
|
|
|
@ -130,7 +130,7 @@ in
|
||||||
to be compatible. The effect is that NixOS will use
|
to be compatible. The effect is that NixOS will use
|
||||||
defaults corresponding to the specified release (such as using
|
defaults corresponding to the specified release (such as using
|
||||||
an older version of PostgreSQL).
|
an older version of PostgreSQL).
|
||||||
It‘s perfectly fine and recommended to leave this value at the
|
It’s perfectly fine and recommended to leave this value at the
|
||||||
release version of the first install of this system.
|
release version of the first install of this system.
|
||||||
Changing this option will not upgrade your system. In fact it
|
Changing this option will not upgrade your system. In fact it
|
||||||
is meant to stay constant exactly when you upgrade your system.
|
is meant to stay constant exactly when you upgrade your system.
|
||||||
|
|
|
@ -195,6 +195,7 @@
|
||||||
./programs/mdevctl.nix
|
./programs/mdevctl.nix
|
||||||
./programs/mepo.nix
|
./programs/mepo.nix
|
||||||
./programs/mininet.nix
|
./programs/mininet.nix
|
||||||
|
./programs/miriway.nix
|
||||||
./programs/mosh.nix
|
./programs/mosh.nix
|
||||||
./programs/msmtp.nix
|
./programs/msmtp.nix
|
||||||
./programs/mtr.nix
|
./programs/mtr.nix
|
||||||
|
@ -222,6 +223,7 @@
|
||||||
./programs/seahorse.nix
|
./programs/seahorse.nix
|
||||||
./programs/sedutil.nix
|
./programs/sedutil.nix
|
||||||
./programs/shadow.nix
|
./programs/shadow.nix
|
||||||
|
./programs/sharing.nix
|
||||||
./programs/singularity.nix
|
./programs/singularity.nix
|
||||||
./programs/skim.nix
|
./programs/skim.nix
|
||||||
./programs/slock.nix
|
./programs/slock.nix
|
||||||
|
@ -696,6 +698,7 @@
|
||||||
./services/monitoring/arbtt.nix
|
./services/monitoring/arbtt.nix
|
||||||
./services/monitoring/bosun.nix
|
./services/monitoring/bosun.nix
|
||||||
./services/monitoring/cadvisor.nix
|
./services/monitoring/cadvisor.nix
|
||||||
|
./services/monitoring/cockpit.nix
|
||||||
./services/monitoring/collectd.nix
|
./services/monitoring/collectd.nix
|
||||||
./services/monitoring/das_watchdog.nix
|
./services/monitoring/das_watchdog.nix
|
||||||
./services/monitoring/datadog-agent.nix
|
./services/monitoring/datadog-agent.nix
|
||||||
|
@ -1364,6 +1367,7 @@
|
||||||
./virtualisation/lxc.nix
|
./virtualisation/lxc.nix
|
||||||
./virtualisation/lxcfs.nix
|
./virtualisation/lxcfs.nix
|
||||||
./virtualisation/lxd.nix
|
./virtualisation/lxd.nix
|
||||||
|
./virtualisation/multipass.nix
|
||||||
./virtualisation/nixos-containers.nix
|
./virtualisation/nixos-containers.nix
|
||||||
./virtualisation/oci-containers.nix
|
./virtualisation/oci-containers.nix
|
||||||
./virtualisation/openstack-options.nix
|
./virtualisation/openstack-options.nix
|
||||||
|
|
|
@ -28,7 +28,7 @@ with lib;
|
||||||
k3b
|
k3b
|
||||||
dvdplusrwtools
|
dvdplusrwtools
|
||||||
cdrdao
|
cdrdao
|
||||||
cdrkit
|
cdrtools
|
||||||
];
|
];
|
||||||
|
|
||||||
security.wrappers = {
|
security.wrappers = {
|
||||||
|
@ -44,7 +44,7 @@ with lib;
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "cdrom";
|
group = "cdrom";
|
||||||
permissions = "u+wrx,g+x";
|
permissions = "u+wrx,g+x";
|
||||||
source = "${pkgs.cdrkit}/bin/cdrecord";
|
source = "${pkgs.cdrtools}/bin/cdrecord";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
60
third_party/nixpkgs/nixos/modules/programs/miriway.nix
vendored
Normal file
60
third_party/nixpkgs/nixos/modules/programs/miriway.nix
vendored
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.programs.miriway;
|
||||||
|
in {
|
||||||
|
options.programs.miriway = {
|
||||||
|
enable = lib.mkEnableOption (lib.mdDoc ''
|
||||||
|
Miriway, a Mir based Wayland compositor. You can manually launch Miriway by
|
||||||
|
executing "exec miriway" on a TTY, or launch it from a display manager. Copy
|
||||||
|
/etc/xdg/xdg-miriway/miriway-shell.config to ~/.config/miriway-shell.config
|
||||||
|
to modify the default configuration. See <https://github.com/Miriway/Miriway>,
|
||||||
|
and "miriway --help" for more information'');
|
||||||
|
|
||||||
|
config = lib.mkOption {
|
||||||
|
type = lib.types.lines;
|
||||||
|
default = ''
|
||||||
|
x11-window-title=Miriway (Mir-on-X)
|
||||||
|
idle-timeout=600
|
||||||
|
ctrl-alt=t:miriway-terminal # Default "terminal emulator finder"
|
||||||
|
|
||||||
|
shell-component=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
|
||||||
|
'';
|
||||||
|
example = ''
|
||||||
|
idle-timeout=300
|
||||||
|
ctrl-alt=t:weston-terminal
|
||||||
|
add-wayland-extensions=all
|
||||||
|
|
||||||
|
shell-components=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
|
||||||
|
|
||||||
|
shell-component=waybar
|
||||||
|
shell-component=wbg Pictures/wallpaper
|
||||||
|
|
||||||
|
shell-meta=a:synapse
|
||||||
|
'';
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Miriway's config. This will be installed system-wide.
|
||||||
|
The default will install the miriway package's barebones example config.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
environment = {
|
||||||
|
systemPackages = [ pkgs.miriway ];
|
||||||
|
etc = {
|
||||||
|
"xdg/xdg-miriway/miriway-shell.config".text = cfg.config;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.opengl.enable = lib.mkDefault true;
|
||||||
|
fonts.enableDefaultFonts = lib.mkDefault true;
|
||||||
|
programs.dconf.enable = lib.mkDefault true;
|
||||||
|
programs.xwayland.enable = lib.mkDefault true;
|
||||||
|
|
||||||
|
# To make the Miriway session available if a display manager like SDDM is enabled:
|
||||||
|
services.xserver.displayManager.sessionPackages = [ pkgs.miriway ];
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [ OPNA2608 ];
|
||||||
|
}
|
|
@ -86,7 +86,7 @@ in {
|
||||||
description = lib.mdDoc "Proxy DNS requests - no leak for DNS data.";
|
description = lib.mdDoc "Proxy DNS requests - no leak for DNS data.";
|
||||||
};
|
};
|
||||||
|
|
||||||
quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library).");
|
quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library)");
|
||||||
|
|
||||||
remoteDNSSubnet = mkOption {
|
remoteDNSSubnet = mkOption {
|
||||||
type = types.enum [ 10 127 224 ];
|
type = types.enum [ 10 127 224 ];
|
||||||
|
|
|
@ -20,6 +20,6 @@ in {
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
services.udev.packages = [ cfg.package ];
|
services.udev.packages = [ cfg.package ];
|
||||||
users.groups.wireshark = {};
|
users.groups.dialout = {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
19
third_party/nixpkgs/nixos/modules/programs/sharing.nix
vendored
Normal file
19
third_party/nixpkgs/nixos/modules/programs/sharing.nix
vendored
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
options.programs.sharing = {
|
||||||
|
enable = mkEnableOption (lib.mdDoc ''
|
||||||
|
sharing, a CLI tool for sharing files.
|
||||||
|
|
||||||
|
Note that it will opens the 7478 port for TCP in the firewall, which is needed for it to function properly
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
config =
|
||||||
|
let
|
||||||
|
cfg = config.programs.sharing;
|
||||||
|
in
|
||||||
|
mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ pkgs.sharing ];
|
||||||
|
networking.firewall.allowedTCPPorts = [ 7478 ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -3,31 +3,89 @@
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.programs.singularity;
|
cfg = config.programs.singularity;
|
||||||
singularity = pkgs.singularity.overrideAttrs (attrs : {
|
in
|
||||||
installPhase = attrs.installPhase + ''
|
{
|
||||||
mv $out/libexec/singularity/bin/starter-suid $out/libexec/singularity/bin/starter-suid.orig
|
|
||||||
ln -s /run/wrappers/bin/singularity-suid $out/libexec/singularity/bin/starter-suid
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
in {
|
|
||||||
options.programs.singularity = {
|
options.programs.singularity = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Singularity");
|
enable = mkEnableOption (mdDoc "singularity") // {
|
||||||
|
description = mdDoc ''
|
||||||
|
Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.singularity;
|
||||||
|
defaultText = literalExpression "pkgs.singularity";
|
||||||
|
example = literalExpression "pkgs.apptainer";
|
||||||
|
description = mdDoc ''
|
||||||
|
Singularity/Apptainer package to override and install.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
packageOverriden = mkOption {
|
||||||
|
type = types.nullOr types.package;
|
||||||
|
default = null;
|
||||||
|
description = mdDoc ''
|
||||||
|
This option provides access to the overriden result of `programs.singularity.package`.
|
||||||
|
|
||||||
|
For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`:
|
||||||
|
```Nix
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: prev: {
|
||||||
|
_singularity-orig = prev.singularity;
|
||||||
|
singularity = config.programs.singularity.packageOverriden;
|
||||||
|
})
|
||||||
|
];
|
||||||
|
programs.singularity.enable = true;
|
||||||
|
programs.singularity.package = pkgs._singularity-orig;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Use `lib.mkForce` to forcefully specify the overriden package.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
enableFakeroot = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
example = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
Whether to enable the `--fakeroot` support of Singularity/Apptainer.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
enableSuid = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
example = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
Whether to enable the SUID support of Singularity/Apptainer.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ singularity ];
|
programs.singularity.packageOverriden = (cfg.package.override (
|
||||||
security.wrappers.singularity-suid =
|
optionalAttrs cfg.enableFakeroot {
|
||||||
{ setuid = true;
|
newuidmapPath = "/run/wrappers/bin/newuidmap";
|
||||||
|
newgidmapPath = "/run/wrappers/bin/newgidmap";
|
||||||
|
} // optionalAttrs cfg.enableSuid {
|
||||||
|
enableSuid = true;
|
||||||
|
starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid";
|
||||||
|
}
|
||||||
|
));
|
||||||
|
environment.systemPackages = [ cfg.packageOverriden ];
|
||||||
|
security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid {
|
||||||
|
setuid = true;
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
source = "${singularity}/libexec/singularity/bin/starter-suid.orig";
|
source = "${cfg.packageOverriden}/libexec/${cfg.packageOverriden.projectName}/bin/starter-suid.orig";
|
||||||
};
|
};
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /var/singularity/mnt/session 0770 root root -"
|
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -"
|
||||||
"d /var/singularity/mnt/final 0770 root root -"
|
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/final 0770 root root -"
|
||||||
"d /var/singularity/mnt/overlay 0770 root root -"
|
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/overlay 0770 root root -"
|
||||||
"d /var/singularity/mnt/container 0770 root root -"
|
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/container 0770 root root -"
|
||||||
"d /var/singularity/mnt/source 0770 root root -"
|
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/source 0770 root root -"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -282,7 +282,7 @@ in
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
programs.ssh.setXAuthLocation =
|
programs.ssh.setXAuthLocation =
|
||||||
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.forwardX11);
|
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.settings.X11Forwarding);
|
||||||
|
|
||||||
assertions =
|
assertions =
|
||||||
[ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
|
[ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
|
||||||
|
|
|
@ -26,7 +26,7 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
swayPackage = pkgs.sway.override {
|
defaultSwayPackage = pkgs.sway.override {
|
||||||
extraSessionCommands = cfg.extraSessionCommands;
|
extraSessionCommands = cfg.extraSessionCommands;
|
||||||
extraOptions = cfg.extraOptions;
|
extraOptions = cfg.extraOptions;
|
||||||
withBaseWrapper = cfg.wrapperFeatures.base;
|
withBaseWrapper = cfg.wrapperFeatures.base;
|
||||||
|
@ -42,6 +42,19 @@ in {
|
||||||
<https://github.com/swaywm/sway/wiki> and
|
<https://github.com/swaywm/sway/wiki> and
|
||||||
"man 5 sway" for more information'');
|
"man 5 sway" for more information'');
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = with types; nullOr package;
|
||||||
|
default = defaultSwayPackage;
|
||||||
|
defaultText = literalExpression "pkgs.sway";
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Sway package to use. Will override the options
|
||||||
|
'wrapperFeatures', 'extraSessionCommands', and 'extraOptions'.
|
||||||
|
Set to <code>null</code> to not add any Sway package to your
|
||||||
|
path. This should be done if you want to use the Home Manager Sway
|
||||||
|
module to install Sway.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
wrapperFeatures = mkOption {
|
wrapperFeatures = mkOption {
|
||||||
type = wrapperOptions;
|
type = wrapperOptions;
|
||||||
default = { };
|
default = { };
|
||||||
|
@ -121,16 +134,17 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = [ swayPackage ] ++ cfg.extraPackages;
|
systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages;
|
||||||
# Needed for the default wallpaper:
|
# Needed for the default wallpaper:
|
||||||
pathsToLink = [ "/share/backgrounds/sway" ];
|
pathsToLink = optionals (cfg.package != null) [ "/share/backgrounds/sway" ];
|
||||||
etc = {
|
etc = {
|
||||||
"sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config";
|
|
||||||
"sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" ''
|
"sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" ''
|
||||||
# Import the most important environment variables into the D-Bus and systemd
|
# Import the most important environment variables into the D-Bus and systemd
|
||||||
# user environments (e.g. required for screen sharing and Pinentry prompts):
|
# user environments (e.g. required for screen sharing and Pinentry prompts):
|
||||||
exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP
|
exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP
|
||||||
'';
|
'';
|
||||||
|
} // optionalAttrs (cfg.package != null) {
|
||||||
|
"sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
security.polkit.enable = true;
|
security.polkit.enable = true;
|
||||||
|
@ -139,7 +153,7 @@ in {
|
||||||
fonts.enableDefaultFonts = mkDefault true;
|
fonts.enableDefaultFonts = mkDefault true;
|
||||||
programs.dconf.enable = mkDefault true;
|
programs.dconf.enable = mkDefault true;
|
||||||
# To make a Sway session available if a display manager like SDDM is enabled:
|
# To make a Sway session available if a display manager like SDDM is enabled:
|
||||||
services.xserver.displayManager.sessionPackages = [ swayPackage ];
|
services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ];
|
||||||
programs.xwayland.enable = mkDefault true;
|
programs.xwayland.enable = mkDefault true;
|
||||||
# For screen sharing (this option only has an effect with xdg.portal.enable):
|
# For screen sharing (this option only has an effect with xdg.portal.enable):
|
||||||
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
|
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
|
||||||
|
|
|
@ -14,7 +14,7 @@ in
|
||||||
|
|
||||||
security.polkit.enable = mkEnableOption (lib.mdDoc "polkit");
|
security.polkit.enable = mkEnableOption (lib.mdDoc "polkit");
|
||||||
|
|
||||||
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions.");
|
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions");
|
||||||
|
|
||||||
security.polkit.extraConfig = mkOption {
|
security.polkit.extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
|
|
|
@ -9,7 +9,7 @@ let
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
services.zfs.autoReplication = {
|
services.zfs.autoReplication = {
|
||||||
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication.");
|
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication");
|
||||||
|
|
||||||
followDelete = mkOption {
|
followDelete = mkOption {
|
||||||
description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent.";
|
description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent.";
|
||||||
|
|
|
@ -62,7 +62,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager.");
|
enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager");
|
||||||
};
|
};
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
|
@ -146,7 +146,7 @@ in
|
||||||
default = "unix:///run/containerd/containerd.sock";
|
default = "unix:///run/containerd/containerd.sock";
|
||||||
};
|
};
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet.");
|
enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet");
|
||||||
|
|
||||||
extraOpts = mkOption {
|
extraOpts = mkOption {
|
||||||
description = lib.mdDoc "Kubernetes kubelet extra command line options.";
|
description = lib.mdDoc "Kubernetes kubelet extra command line options.";
|
||||||
|
|
|
@ -383,7 +383,7 @@ in
|
||||||
"d /var/spool/slurmd 755 root root -"
|
"d /var/spool/slurmd 755 root root -"
|
||||||
];
|
];
|
||||||
|
|
||||||
services.openssh.forwardX11 = mkIf cfg.client.enable (mkDefault true);
|
services.openssh.settings.X11Forwarding = mkIf cfg.client.enable (mkDefault true);
|
||||||
|
|
||||||
systemd.services.slurmctld = mkIf (cfg.server.enable) {
|
systemd.services.slurmctld = mkIf (cfg.server.enable) {
|
||||||
path = with pkgs; [ wrappedSlurm munge coreutils ]
|
path = with pkgs; [ wrappedSlurm munge coreutils ]
|
||||||
|
|
|
@ -27,7 +27,7 @@ with lib;
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.gnome.evolution-data-server = {
|
services.gnome.evolution-data-server = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars.");
|
enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars");
|
||||||
plugins = mkOption {
|
plugins = mkOption {
|
||||||
type = types.listOf types.package;
|
type = types.listOf types.package;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
|
@ -35,7 +35,7 @@ with lib;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
programs.evolution = {
|
programs.evolution = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality.");
|
enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality");
|
||||||
plugins = mkOption {
|
plugins = mkOption {
|
||||||
type = types.listOf types.package;
|
type = types.listOf types.package;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
|
|
|
@ -28,7 +28,7 @@ in
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
services.zammad = {
|
services.zammad = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution.");
|
enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution");
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
|
|
|
@ -54,7 +54,7 @@ in
|
||||||
default = 0;
|
default = 0;
|
||||||
description = lib.mdDoc "Set debug log level.";
|
description = lib.mdDoc "Set debug log level.";
|
||||||
};
|
};
|
||||||
options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends.");
|
options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends");
|
||||||
options.Guests = mkEnableOption (lib.mdDoc "guests to login if auth is enabled");
|
options.Guests = mkEnableOption (lib.mdDoc "guests to login if auth is enabled");
|
||||||
options.Newusers = mkEnableOption (lib.mdDoc "new users to login if auth is enabled");
|
options.Newusers = mkEnableOption (lib.mdDoc "new users to login if auth is enabled");
|
||||||
options.port = mkOption {
|
options.port = mkOption {
|
||||||
|
|
|
@ -19,7 +19,7 @@ in
|
||||||
|
|
||||||
services.udisks2 = {
|
services.udisks2 = {
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices.");
|
enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices");
|
||||||
|
|
||||||
settings = mkOption rec {
|
settings = mkOption rec {
|
||||||
type = types.attrsOf settingsFormat.type;
|
type = types.attrsOf settingsFormat.type;
|
||||||
|
|
|
@ -171,11 +171,11 @@ in
|
||||||
options.services.dovecot2 = {
|
options.services.dovecot2 = {
|
||||||
enable = mkEnableOption (lib.mdDoc "the dovecot 2.x POP3/IMAP server");
|
enable = mkEnableOption (lib.mdDoc "the dovecot 2.x POP3/IMAP server");
|
||||||
|
|
||||||
enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled).");
|
enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled)");
|
||||||
|
|
||||||
enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled).") // { default = true; };
|
enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled)") // { default = true; };
|
||||||
|
|
||||||
enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled).");
|
enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled)");
|
||||||
|
|
||||||
protocols = mkOption {
|
protocols = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
|
@ -300,9 +300,9 @@ in
|
||||||
description = lib.mdDoc "Path to the server's private key.";
|
description = lib.mdDoc "Path to the server's private key.";
|
||||||
};
|
};
|
||||||
|
|
||||||
enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins.") // { default = true; };
|
enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins") // { default = true; };
|
||||||
|
|
||||||
enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange.") // { default = true; };
|
enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange") // { default = true; };
|
||||||
|
|
||||||
sieveScripts = mkOption {
|
sieveScripts = mkOption {
|
||||||
type = types.attrsOf types.path;
|
type = types.attrsOf types.path;
|
||||||
|
@ -310,7 +310,7 @@ in
|
||||||
description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
|
description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
|
||||||
};
|
};
|
||||||
|
|
||||||
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW).");
|
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW)");
|
||||||
|
|
||||||
mailboxes = mkOption {
|
mailboxes = mkOption {
|
||||||
type = with types; coercedTo
|
type = with types; coercedTo
|
||||||
|
@ -326,7 +326,7 @@ in
|
||||||
description = lib.mdDoc "Configure mailboxes and auto create or subscribe them.";
|
description = lib.mdDoc "Configure mailboxes and auto create or subscribe them.";
|
||||||
};
|
};
|
||||||
|
|
||||||
enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service.");
|
enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service");
|
||||||
|
|
||||||
quotaPort = mkOption {
|
quotaPort = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
|
@ -150,9 +150,13 @@ in
|
||||||
root = cfg.package;
|
root = cfg.package;
|
||||||
index = "index.php";
|
index = "index.php";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
location ~* \.php$ {
|
location ~* \.php(/|$) {
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
fastcgi_pass unix:${fpm.socket};
|
fastcgi_pass unix:${fpm.socket};
|
||||||
|
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
|
||||||
include ${config.services.nginx.package}/conf/fastcgi_params;
|
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
services.atuin = {
|
services.atuin = {
|
||||||
enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin.");
|
enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin");
|
||||||
|
|
||||||
openRegistration = mkOption {
|
openRegistration = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
|
|
@ -6,7 +6,7 @@ let cfg = config.services.input-remapper; in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
services.input-remapper = {
|
services.input-remapper = {
|
||||||
enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons.");
|
enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons");
|
||||||
package = mkPackageOptionMD pkgs "input-remapper" { };
|
package = mkPackageOptionMD pkgs "input-remapper" { };
|
||||||
enableUdevRules = mkEnableOption (lib.mdDoc "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140");
|
enableUdevRules = mkEnableOption (lib.mdDoc "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140");
|
||||||
serviceWantedBy = mkOption {
|
serviceWantedBy = mkOption {
|
||||||
|
|
|
@ -85,7 +85,7 @@ in
|
||||||
WorkingDirectory = libDir;
|
WorkingDirectory = libDir;
|
||||||
SyslogIdentifier = "pykms";
|
SyslogIdentifier = "pykms";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
MemoryLimit = cfg.memoryLimit;
|
MemoryMax = cfg.memoryLimit;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -438,7 +438,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
options."lists.sr.ht" = commonServiceSettings "lists" // {
|
options."lists.sr.ht" = commonServiceSettings "lists" // {
|
||||||
allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists.");
|
allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists");
|
||||||
notify-from = mkOption {
|
notify-from = mkOption {
|
||||||
description = lib.mdDoc "Outgoing email for notifications generated by users.";
|
description = lib.mdDoc "Outgoing email for notifications generated by users.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
|
@ -123,7 +123,7 @@ in {
|
||||||
${escapeShellArgs cfg.extraOptions} \
|
${escapeShellArgs cfg.extraOptions} \
|
||||||
${optionalString (cfg.storageDriver != null) ''
|
${optionalString (cfg.storageDriver != null) ''
|
||||||
-storage_driver "${cfg.storageDriver}" \
|
-storage_driver "${cfg.storageDriver}" \
|
||||||
-storage_driver_user "${cfg.storageDriverHost}" \
|
-storage_driver_host "${cfg.storageDriverHost}" \
|
||||||
-storage_driver_db "${cfg.storageDriverDb}" \
|
-storage_driver_db "${cfg.storageDriverDb}" \
|
||||||
-storage_driver_user "${cfg.storageDriverUser}" \
|
-storage_driver_user "${cfg.storageDriverUser}" \
|
||||||
-storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
|
-storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
|
||||||
|
|
231
third_party/nixpkgs/nixos/modules/services/monitoring/cockpit.nix
vendored
Normal file
231
third_party/nixpkgs/nixos/modules/services/monitoring/cockpit.nix
vendored
Normal file
|
@ -0,0 +1,231 @@
|
||||||
|
{ pkgs, config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.cockpit;
|
||||||
|
inherit (lib) types mkEnableOption mkOption mkIf mdDoc literalMD mkPackageOptionMD;
|
||||||
|
settingsFormat = pkgs.formats.ini {};
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
services.cockpit = {
|
||||||
|
enable = mkEnableOption (mdDoc "Cockpit");
|
||||||
|
|
||||||
|
package = mkPackageOptionMD pkgs "Cockpit" {
|
||||||
|
default = [ "cockpit" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = lib.mkOption {
|
||||||
|
type = settingsFormat.type;
|
||||||
|
|
||||||
|
default = {};
|
||||||
|
|
||||||
|
description = mdDoc ''
|
||||||
|
Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf.
|
||||||
|
|
||||||
|
See the [documentation](https://cockpit-project.org/guide/latest/cockpit.conf.5.html), that is also available with `man cockpit.conf.5` for details.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
description = mdDoc "Port where cockpit will listen.";
|
||||||
|
type = types.port;
|
||||||
|
default = 9090;
|
||||||
|
};
|
||||||
|
|
||||||
|
openFirewall = mkOption {
|
||||||
|
description = mdDoc "Open port for cockpit.";
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
# expose cockpit-bridge system-wide
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
# allow cockpit to find its plugins
|
||||||
|
environment.pathsToLink = [ "/share/cockpit" ];
|
||||||
|
|
||||||
|
# generate cockpit settings
|
||||||
|
environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings;
|
||||||
|
|
||||||
|
security.pam.services.cockpit = {};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
|
||||||
|
|
||||||
|
# units are in reverse sort order if you ls $out/lib/systemd/system
|
||||||
|
# all these units are basically verbatim translated from upstream
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/systemd-cockpithttps.slice
|
||||||
|
systemd.slices.system-cockpithttps = {
|
||||||
|
description = "Resource limits for all cockpit-ws-https@.service instances";
|
||||||
|
sliceConfig = {
|
||||||
|
TasksMax = 200;
|
||||||
|
MemoryHigh = "75%";
|
||||||
|
MemoryMax = "90%";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.socket
|
||||||
|
systemd.sockets."cockpit-wsinstance-https@" = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Socket for Cockpit Web Service https instance %I";
|
||||||
|
BindsTo = [ "cockpit.service" "cockpit-wsinstance-https@%i.service" ];
|
||||||
|
# clean up the socket after the service exits, to prevent fd leak
|
||||||
|
# this also effectively prevents a DoS by starting arbitrarily many sockets, as
|
||||||
|
# the services are resource-limited by system-cockpithttps.slice
|
||||||
|
Documentation = "man:cockpit-ws(8)";
|
||||||
|
};
|
||||||
|
socketConfig = {
|
||||||
|
ListenStream = "/run/cockpit/wsinstance/https@%i.sock";
|
||||||
|
SocketUser = "root";
|
||||||
|
SocketMode = "0600";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.service
|
||||||
|
systemd.services."cockpit-wsinstance-https@" = {
|
||||||
|
description = "Cockpit Web Service https instance %I";
|
||||||
|
bindsTo = [ "cockpit.service"];
|
||||||
|
path = [ cfg.package ];
|
||||||
|
documentation = [ "man:cockpit-ws(8)" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Slice = "system-cockpithttps.slice";
|
||||||
|
ExecStart = "${cfg.package}/libexec/cockpit-ws --for-tls-proxy --port=0";
|
||||||
|
User = "root";
|
||||||
|
Group = "";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.socket
|
||||||
|
systemd.sockets.cockpit-wsinstance-http = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Socket for Cockpit Web Service http instance";
|
||||||
|
BindsTo = "cockpit.service";
|
||||||
|
Documentation = "man:cockpit-ws(8)";
|
||||||
|
};
|
||||||
|
socketConfig = {
|
||||||
|
ListenStream = "/run/cockpit/wsinstance/http.sock";
|
||||||
|
SocketUser = "root";
|
||||||
|
SocketMode = "0600";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory.socket
|
||||||
|
systemd.sockets.cockpit-wsinstance-https-factory = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Socket for Cockpit Web Service https instance factory";
|
||||||
|
BindsTo = "cockpit.service";
|
||||||
|
Documentation = "man:cockpit-ws(8)";
|
||||||
|
};
|
||||||
|
socketConfig = {
|
||||||
|
ListenStream = "/run/cockpit/wsinstance/https-factory.sock";
|
||||||
|
Accept = true;
|
||||||
|
SocketUser = "root";
|
||||||
|
SocketMode = "0600";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory@.service
|
||||||
|
systemd.services."cockpit-wsinstance-https-factory@" = {
|
||||||
|
description = "Cockpit Web Service https instance factory";
|
||||||
|
documentation = [ "man:cockpit-ws(8)" ];
|
||||||
|
path = [ cfg.package ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${cfg.package}/libexec/cockpit-wsinstance-factory";
|
||||||
|
User = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.service
|
||||||
|
systemd.services."cockpit-wsinstance-http" = {
|
||||||
|
description = "Cockpit Web Service http instance";
|
||||||
|
bindsTo = [ "cockpit.service" ];
|
||||||
|
path = [ cfg.package ];
|
||||||
|
documentation = [ "man:cockpit-ws(8)" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${cfg.package}/libexec/cockpit-ws --no-tls --port=0";
|
||||||
|
User = "root";
|
||||||
|
Group = "";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit.socket
|
||||||
|
systemd.sockets."cockpit" = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Cockpit Web Service Socket";
|
||||||
|
Documentation = "man:cockpit-ws(8)";
|
||||||
|
Wants = "cockpit-motd.service";
|
||||||
|
};
|
||||||
|
socketConfig = {
|
||||||
|
ListenStream = cfg.port;
|
||||||
|
ExecStartPost = [
|
||||||
|
"-${cfg.package}/share/cockpit/motd/update-motd \"\" localhost"
|
||||||
|
"-${pkgs.coreutils}/bin/ln -snf active.motd /run/cockpit/motd"
|
||||||
|
];
|
||||||
|
ExecStopPost = "-${pkgs.coreutils}/bin/ln -snf inactive.motd /run/cockpit/motd";
|
||||||
|
};
|
||||||
|
wantedBy = [ "sockets.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit.service
|
||||||
|
systemd.services."cockpit" = {
|
||||||
|
description = "Cockpit Web Service";
|
||||||
|
documentation = [ "man:cockpit-ws(8)" ];
|
||||||
|
restartIfChanged = true;
|
||||||
|
path = with pkgs; [ coreutils cfg.package ];
|
||||||
|
requires = [ "cockpit.socket" "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
|
||||||
|
after = [ "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
|
||||||
|
environment = {
|
||||||
|
G_MESSAGES_DEBUG = "cockpit-ws,cockpit-bridge";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
RuntimeDirectory="cockpit/tls";
|
||||||
|
ExecStartPre = [
|
||||||
|
# cockpit-tls runs in a more constrained environment, these + means that these commands
|
||||||
|
# will run with full privilege instead of inside that constrained environment
|
||||||
|
# See https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= for details
|
||||||
|
"+${cfg.package}/libexec/cockpit-certificate-ensure --for-cockpit-tls"
|
||||||
|
];
|
||||||
|
ExecStart = "${cfg.package}/libexec/cockpit-tls";
|
||||||
|
User = "root";
|
||||||
|
Group = "";
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Translation from $out/lib/systemd/system/cockpit-motd.service
|
||||||
|
# This part basically implements a motd state machine:
|
||||||
|
# - If cockpit.socket is enabled then /run/cockpit/motd points to /run/cockpit/active.motd
|
||||||
|
# - If cockpit.socket is disabled then /run/cockpit/motd points to /run/cockpit/inactive.motd
|
||||||
|
# - As cockpit.socket is disabled by default, /run/cockpit/motd points to /run/cockpit/inactive.motd
|
||||||
|
# /run/cockpit/active.motd is generated dynamically by cockpit-motd.service
|
||||||
|
systemd.services."cockpit-motd" = {
|
||||||
|
path = with pkgs; [ nettools ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${cfg.package}/share/cockpit/motd/update-motd";
|
||||||
|
};
|
||||||
|
description = "Cockpit motd updater service";
|
||||||
|
documentation = [ "man:cockpit-ws(8)" ];
|
||||||
|
wants = [ "network.target" ];
|
||||||
|
after = [ "network.target" "cockpit.socket" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [ # From $out/lib/tmpfiles.d/cockpit-tmpfiles.conf
|
||||||
|
"C /run/cockpit/inactive.motd 0640 root root - ${cfg.package}/share/cockpit/motd/inactive.motd"
|
||||||
|
"f /run/cockpit/active.motd 0640 root root -"
|
||||||
|
"L+ /run/cockpit/motd - - - - inactive.motd"
|
||||||
|
"d /etc/cockpit/ws-certs.d 0600 root root 0"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = pkgs.cockpit.meta.maintainers;
|
||||||
|
}
|
|
@ -11,7 +11,7 @@ in {
|
||||||
|
|
||||||
# the upstream package runs as root, but doesn't seem to be strictly
|
# the upstream package runs as root, but doesn't seem to be strictly
|
||||||
# necessary for basic functionality
|
# necessary for basic functionality
|
||||||
runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root.");
|
runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root");
|
||||||
|
|
||||||
autoRetirement = mkEnableOption (lib.mdDoc ''
|
autoRetirement = mkEnableOption (lib.mdDoc ''
|
||||||
Whether to automatically retire the host upon OS shutdown.
|
Whether to automatically retire the host upon OS shutdown.
|
||||||
|
|
|
@ -6,6 +6,11 @@ let
|
||||||
cfg = config.services.prometheus.exporters.pihole;
|
cfg = config.services.prometheus.exporters.pihole;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
imports = [
|
||||||
|
(mkRemovedOptionModule [ "interval"] "This option has been removed.")
|
||||||
|
({ options.warnings = options.warnings; options.assertions = options.assertions; })
|
||||||
|
];
|
||||||
|
|
||||||
port = 9617;
|
port = 9617;
|
||||||
extraOpts = {
|
extraOpts = {
|
||||||
apiToken = mkOption {
|
apiToken = mkOption {
|
||||||
|
@ -13,15 +18,7 @@ in
|
||||||
default = "";
|
default = "";
|
||||||
example = "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003";
|
example = "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
pi-hole API token which can be used instead of a password
|
Pi-Hole API token which can be used instead of a password
|
||||||
'';
|
|
||||||
};
|
|
||||||
interval = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "10s";
|
|
||||||
example = "30s";
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
How often to scrape new data
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
password = mkOption {
|
password = mkOption {
|
||||||
|
@ -29,7 +26,7 @@ in
|
||||||
default = "";
|
default = "";
|
||||||
example = "password";
|
example = "password";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
The password to login into pihole. An api token can be used instead.
|
The password to login into Pi-Hole. An api token can be used instead.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
piholeHostname = mkOption {
|
piholeHostname = mkOption {
|
||||||
|
@ -37,7 +34,7 @@ in
|
||||||
default = "pihole";
|
default = "pihole";
|
||||||
example = "127.0.0.1";
|
example = "127.0.0.1";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Hostname or address where to find the pihole webinterface
|
Hostname or address where to find the Pi-Hole webinterface
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
piholePort = mkOption {
|
piholePort = mkOption {
|
||||||
|
@ -45,7 +42,7 @@ in
|
||||||
default = 80;
|
default = 80;
|
||||||
example = 443;
|
example = 443;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
The port pihole webinterface is reachable on
|
The port Pi-Hole webinterface is reachable on
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
protocol = mkOption {
|
protocol = mkOption {
|
||||||
|
@ -53,21 +50,28 @@ in
|
||||||
default = "http";
|
default = "http";
|
||||||
example = "https";
|
example = "https";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
The protocol which is used to connect to pihole
|
The protocol which is used to connect to Pi-Hole
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
timeout = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "5s";
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Controls the timeout to connect to a Pi-Hole instance
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
serviceOpts = {
|
serviceOpts = {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.bash}/bin/bash -c "${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
|
${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
|
||||||
-interval ${cfg.interval} \
|
|
||||||
${optionalString (cfg.apiToken != "") "-pihole_api_token ${cfg.apiToken}"} \
|
${optionalString (cfg.apiToken != "") "-pihole_api_token ${cfg.apiToken}"} \
|
||||||
-pihole_hostname ${cfg.piholeHostname} \
|
-pihole_hostname ${cfg.piholeHostname} \
|
||||||
${optionalString (cfg.password != "") "-pihole_password ${cfg.password}"} \
|
${optionalString (cfg.password != "") "-pihole_password ${cfg.password}"} \
|
||||||
-pihole_port ${toString cfg.piholePort} \
|
-pihole_port ${toString cfg.piholePort} \
|
||||||
-pihole_protocol ${cfg.protocol} \
|
-pihole_protocol ${cfg.protocol} \
|
||||||
-port ${toString cfg.port}"
|
-port ${toString cfg.port} \
|
||||||
|
-timeout ${cfg.timeout}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -24,9 +24,9 @@ in {
|
||||||
inherit (options.services.unpoller.unifi) controllers;
|
inherit (options.services.unpoller.unifi) controllers;
|
||||||
inherit (options.services.unpoller) loki;
|
inherit (options.services.unpoller) loki;
|
||||||
log = {
|
log = {
|
||||||
debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs.");
|
debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs");
|
||||||
quiet = mkEnableOption (lib.mdDoc "startup and error logs only.");
|
quiet = mkEnableOption (lib.mdDoc "startup and error logs only");
|
||||||
prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus.");
|
prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus");
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ in
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
services.uptime-kuma = {
|
services.uptime-kuma = {
|
||||||
enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set.");
|
enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set");
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
|
@ -20,7 +20,7 @@ in
|
||||||
description = lib.mdDoc "Uptime Kuma package to use.";
|
description = lib.mdDoc "Uptime Kuma package to use.";
|
||||||
};
|
};
|
||||||
|
|
||||||
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications.");
|
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications");
|
||||||
|
|
||||||
settings = lib.mkOption {
|
settings = lib.mkOption {
|
||||||
type = lib.types.submodule { freeformType = with lib.types; attrsOf str; };
|
type = lib.types.submodule { freeformType = with lib.types; attrsOf str; };
|
||||||
|
|
|
@ -85,7 +85,7 @@ in {
|
||||||
description = lib.mdDoc "Run daemons as user moosefs instead of root.";
|
description = lib.mdDoc "Run daemons as user moosefs instead of root.";
|
||||||
};
|
};
|
||||||
|
|
||||||
client.enable = mkEnableOption (lib.mdDoc "Moosefs client.");
|
client.enable = mkEnableOption (lib.mdDoc "Moosefs client");
|
||||||
|
|
||||||
master = {
|
master = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
|
@ -131,7 +131,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
metalogger = {
|
metalogger = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon.");
|
enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon");
|
||||||
|
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
type = types.submodule {
|
type = types.submodule {
|
||||||
|
@ -149,7 +149,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
chunkserver = {
|
chunkserver = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon.");
|
enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon");
|
||||||
|
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
|
|
@ -10,7 +10,7 @@ let
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "blockbook-frontend application.");
|
enable = mkEnableOption (lib.mdDoc "blockbook-frontend application");
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
|
|
|
@ -304,6 +304,10 @@ in
|
||||||
forceSSL = cfg.singleNode.enableTLS;
|
forceSSL = cfg.singleNode.enableTLS;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString cfg.settings.port}";
|
proxyPass = "http://127.0.0.1:${toString cfg.settings.port}";
|
||||||
|
# We need to pass the Host header that matches the original Host header. Otherwise,
|
||||||
|
# Hawk authentication will fail (because it assumes that the client and server see
|
||||||
|
# the same value of the Host header).
|
||||||
|
recommendedProxySettings = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -68,6 +68,12 @@ in
|
||||||
description = lib.mdDoc "Whether this node is a lighthouse.";
|
description = lib.mdDoc "Whether this node is a lighthouse.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
isRelay = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc "Whether this node is a relay.";
|
||||||
|
};
|
||||||
|
|
||||||
lighthouses = mkOption {
|
lighthouses = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [];
|
default = [];
|
||||||
|
@ -78,6 +84,15 @@ in
|
||||||
example = [ "192.168.100.1" ];
|
example = [ "192.168.100.1" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
relays = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
List of IPs of relays that this node should allow traffic from.
|
||||||
|
'';
|
||||||
|
example = [ "192.168.100.1" ];
|
||||||
|
};
|
||||||
|
|
||||||
listen.host = mkOption {
|
listen.host = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "0.0.0.0";
|
default = "0.0.0.0";
|
||||||
|
@ -157,6 +172,11 @@ in
|
||||||
am_lighthouse = netCfg.isLighthouse;
|
am_lighthouse = netCfg.isLighthouse;
|
||||||
hosts = netCfg.lighthouses;
|
hosts = netCfg.lighthouses;
|
||||||
};
|
};
|
||||||
|
relay = {
|
||||||
|
am_relay = netCfg.isRelay;
|
||||||
|
relays = netCfg.relays;
|
||||||
|
use_relays = true;
|
||||||
|
};
|
||||||
listen = {
|
listen = {
|
||||||
host = netCfg.listen.host;
|
host = netCfg.listen.host;
|
||||||
port = netCfg.listen.port;
|
port = netCfg.listen.port;
|
||||||
|
@ -173,25 +193,41 @@ in
|
||||||
configFile = format.generate "nebula-config-${netName}.yml" settings;
|
configFile = format.generate "nebula-config-${netName}.yml" settings;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Create systemd service for Nebula.
|
# Create the systemd service for Nebula.
|
||||||
"nebula@${netName}" = {
|
"nebula@${netName}" = {
|
||||||
description = "Nebula VPN service for ${netName}";
|
description = "Nebula VPN service for ${netName}";
|
||||||
wants = [ "basic.target" ];
|
wants = [ "basic.target" ];
|
||||||
after = [ "basic.target" "network.target" ];
|
after = [ "basic.target" "network.target" ];
|
||||||
before = [ "sshd.service" ];
|
before = [ "sshd.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = mkMerge [
|
serviceConfig = {
|
||||||
{
|
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}";
|
ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}";
|
||||||
}
|
UMask = "0027";
|
||||||
# The service needs to launch as root to access the tun device, if it's enabled.
|
CapabilityBoundingSet = "CAP_NET_ADMIN";
|
||||||
(mkIf netCfg.tun.disable {
|
AmbientCapabilities = "CAP_NET_ADMIN";
|
||||||
|
LockPersonality = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateDevices = false; # needs access to /dev/net/tun (below)
|
||||||
|
DeviceAllow = "/dev/net/tun rw";
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
User = networkId;
|
User = networkId;
|
||||||
Group = networkId;
|
Group = networkId;
|
||||||
})
|
};
|
||||||
];
|
|
||||||
unitConfig.StartLimitIntervalSec = 0; # ensure Restart=always is always honoured (networks can go down for arbitrarily long)
|
unitConfig.StartLimitIntervalSec = 0; # ensure Restart=always is always honoured (networks can go down for arbitrarily long)
|
||||||
};
|
};
|
||||||
}) enabledNetworks);
|
}) enabledNetworks);
|
||||||
|
@ -202,7 +238,7 @@ in
|
||||||
|
|
||||||
# Create the service users and groups.
|
# Create the service users and groups.
|
||||||
users.users = mkMerge (mapAttrsToList (netName: netCfg:
|
users.users = mkMerge (mapAttrsToList (netName: netCfg:
|
||||||
mkIf netCfg.tun.disable {
|
{
|
||||||
${nameToId netName} = {
|
${nameToId netName} = {
|
||||||
group = nameToId netName;
|
group = nameToId netName;
|
||||||
description = "Nebula service user for network ${netName}";
|
description = "Nebula service user for network ${netName}";
|
||||||
|
@ -210,8 +246,7 @@ in
|
||||||
};
|
};
|
||||||
}) enabledNetworks);
|
}) enabledNetworks);
|
||||||
|
|
||||||
users.groups = mkMerge (mapAttrsToList (netName: netCfg:
|
users.groups = mkMerge (mapAttrsToList (netName: netCfg: {
|
||||||
mkIf netCfg.tun.disable {
|
|
||||||
${nameToId netName} = {};
|
${nameToId netName} = {};
|
||||||
}) enabledNetworks);
|
}) enabledNetworks);
|
||||||
};
|
};
|
||||||
|
|
|
@ -57,7 +57,8 @@ let
|
||||||
''}"}
|
''}"}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
description = "OpenVPN instance ‘${name}’";
|
description = "OpenVPN instance ‘${name}’";
|
||||||
|
|
||||||
wantedBy = optional cfg.autoStart "multi-user.target";
|
wantedBy = optional cfg.autoStart "multi-user.target";
|
||||||
|
@ -70,6 +71,16 @@ let
|
||||||
serviceConfig.Type = "notify";
|
serviceConfig.Type = "notify";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
restartService = optionalAttrs cfg.restartAfterSleep {
|
||||||
|
openvpn-restart = {
|
||||||
|
wantedBy = [ "sleep.target" ];
|
||||||
|
path = [ pkgs.procps ];
|
||||||
|
script = "pkill --signal SIGHUP --exact openvpn";
|
||||||
|
#SIGHUP makes openvpn process to self-exit and then it got restarted by systemd because of Restart=always
|
||||||
|
description = "Sends a signal to OpenVPN process to trigger a restart after return from sleep";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -82,7 +93,7 @@ in
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.openvpn.servers = mkOption {
|
services.openvpn.servers = mkOption {
|
||||||
default = {};
|
default = { };
|
||||||
|
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
{
|
{
|
||||||
|
@ -201,14 +212,21 @@ in
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.openvpn.restartAfterSleep = mkOption {
|
||||||
|
default = true;
|
||||||
|
type = types.bool;
|
||||||
|
description = lib.mdDoc "Whether OpenVPN client should be restarted after sleep.";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf (cfg.servers != {}) {
|
config = mkIf (cfg.servers != { }) {
|
||||||
|
|
||||||
systemd.services = listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers);
|
systemd.services = (listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers))
|
||||||
|
// restartService;
|
||||||
|
|
||||||
environment.systemPackages = [ openvpn ];
|
environment.systemPackages = [ openvpn ];
|
||||||
|
|
||||||
|
|
|
@ -120,5 +120,5 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
meta.maintainers = with maintainers; [ malvo ];
|
meta.maintainers = with maintainers; [ malte-v ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,11 +13,12 @@ let
|
||||||
else pkgs.buildPackages.openssh;
|
else pkgs.buildPackages.openssh;
|
||||||
|
|
||||||
# reports boolean as yes / no
|
# reports boolean as yes / no
|
||||||
mkValueStringSshd = v:
|
mkValueStringSshd = with lib; v:
|
||||||
if isInt v then toString v
|
if isInt v then toString v
|
||||||
else if isString v then v
|
else if isString v then v
|
||||||
else if true == v then "yes"
|
else if true == v then "yes"
|
||||||
else if false == v then "no"
|
else if false == v then "no"
|
||||||
|
else if isList v then concatStringsSep "," v
|
||||||
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
|
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
|
||||||
|
|
||||||
# dont use the "=" operator
|
# dont use the "=" operator
|
||||||
|
@ -104,6 +105,11 @@ in
|
||||||
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ])
|
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ])
|
||||||
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
|
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
|
||||||
(mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ])
|
(mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "openssh" "macs" ] [ "services" "openssh" "settings" "Macs" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "openssh" "ciphers" ] [ "services" "openssh" "settings" "Ciphers" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "openssh" "kexAlgorithms" ] [ "services" "openssh" "settings" "KexAlgorithms" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "openssh" "gatewayPorts" ] [ "services" "openssh" "settings" "GatewayPorts" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "openssh" "forwardX11" ] [ "services" "openssh" "settings" "X11Forwarding" ])
|
||||||
];
|
];
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
|
@ -131,14 +137,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
forwardX11 = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Whether to allow X11 connections to be forwarded.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
allowSFTP = mkOption {
|
allowSFTP = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -167,16 +165,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
gatewayPorts = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "no";
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Specifies whether remote hosts are allowed to connect to
|
|
||||||
ports forwarded for the client. See
|
|
||||||
{manpage}`sshd_config(5)`.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
ports = mkOption {
|
ports = mkOption {
|
||||||
type = types.listOf types.port;
|
type = types.listOf types.port;
|
||||||
default = [22];
|
default = [22];
|
||||||
|
@ -286,63 +274,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
kexAlgorithms = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [
|
|
||||||
"sntrup761x25519-sha512@openssh.com"
|
|
||||||
"curve25519-sha256"
|
|
||||||
"curve25519-sha256@libssh.org"
|
|
||||||
"diffie-hellman-group-exchange-sha256"
|
|
||||||
];
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Allowed key exchange algorithms
|
|
||||||
|
|
||||||
Uses the lower bound recommended in both
|
|
||||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
|
||||||
and
|
|
||||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
ciphers = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [
|
|
||||||
"chacha20-poly1305@openssh.com"
|
|
||||||
"aes256-gcm@openssh.com"
|
|
||||||
"aes128-gcm@openssh.com"
|
|
||||||
"aes256-ctr"
|
|
||||||
"aes192-ctr"
|
|
||||||
"aes128-ctr"
|
|
||||||
];
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Allowed ciphers
|
|
||||||
|
|
||||||
Defaults to recommended settings from both
|
|
||||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
|
||||||
and
|
|
||||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
macs = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [
|
|
||||||
"hmac-sha2-512-etm@openssh.com"
|
|
||||||
"hmac-sha2-256-etm@openssh.com"
|
|
||||||
"umac-128-etm@openssh.com"
|
|
||||||
"hmac-sha2-512"
|
|
||||||
"hmac-sha2-256"
|
|
||||||
"umac-128@openssh.com"
|
|
||||||
];
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Allowed MACs
|
|
||||||
|
|
||||||
Defaults to recommended settings from both
|
|
||||||
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
|
||||||
and
|
|
||||||
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
|
@ -374,7 +305,13 @@ in
|
||||||
~/.ssh/authorized_keys from and sshd_config Match Host directives.
|
~/.ssh/authorized_keys from and sshd_config Match Host directives.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
X11Forwarding = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Whether to allow X11 connections to be forwarded.
|
||||||
|
'';
|
||||||
|
};
|
||||||
PasswordAuthentication = mkOption {
|
PasswordAuthentication = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -396,6 +333,70 @@ in
|
||||||
Specifies whether keyboard-interactive authentication is allowed.
|
Specifies whether keyboard-interactive authentication is allowed.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
GatewayPorts = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "no";
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Specifies whether remote hosts are allowed to connect to
|
||||||
|
ports forwarded for the client. See
|
||||||
|
{manpage}`sshd_config(5)`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
KexAlgorithms = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [
|
||||||
|
"sntrup761x25519-sha512@openssh.com"
|
||||||
|
"curve25519-sha256"
|
||||||
|
"curve25519-sha256@libssh.org"
|
||||||
|
"diffie-hellman-group-exchange-sha256"
|
||||||
|
];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Allowed key exchange algorithms
|
||||||
|
|
||||||
|
Uses the lower bound recommended in both
|
||||||
|
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||||
|
and
|
||||||
|
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
Macs = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [
|
||||||
|
"hmac-sha2-512-etm@openssh.com"
|
||||||
|
"hmac-sha2-256-etm@openssh.com"
|
||||||
|
"umac-128-etm@openssh.com"
|
||||||
|
"hmac-sha2-512"
|
||||||
|
"hmac-sha2-256"
|
||||||
|
"umac-128@openssh.com"
|
||||||
|
];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Allowed MACs
|
||||||
|
|
||||||
|
Defaults to recommended settings from both
|
||||||
|
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||||
|
and
|
||||||
|
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
Ciphers = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [
|
||||||
|
"chacha20-poly1305@openssh.com"
|
||||||
|
"aes256-gcm@openssh.com"
|
||||||
|
"aes128-gcm@openssh.com"
|
||||||
|
"aes256-ctr"
|
||||||
|
"aes192-ctr"
|
||||||
|
"aes128-ctr"
|
||||||
|
];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Allowed ciphers
|
||||||
|
|
||||||
|
Defaults to recommended settings from both
|
||||||
|
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
|
||||||
|
and
|
||||||
|
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
@ -555,17 +556,10 @@ in
|
||||||
${optionalString cfgc.setXAuthLocation ''
|
${optionalString cfgc.setXAuthLocation ''
|
||||||
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
|
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
|
||||||
''}
|
''}
|
||||||
|
|
||||||
X11Forwarding ${if cfg.forwardX11 then "yes" else "no"}
|
|
||||||
|
|
||||||
${optionalString cfg.allowSFTP ''
|
${optionalString cfg.allowSFTP ''
|
||||||
Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags}
|
Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags}
|
||||||
''}
|
''}
|
||||||
|
|
||||||
GatewayPorts ${cfg.gatewayPorts}
|
|
||||||
|
|
||||||
PrintMotd no # handled by pam_motd
|
PrintMotd no # handled by pam_motd
|
||||||
|
|
||||||
AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
|
AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
|
||||||
${optionalString (cfg.authorizedKeysCommand != "none") ''
|
${optionalString (cfg.authorizedKeysCommand != "none") ''
|
||||||
AuthorizedKeysCommand ${cfg.authorizedKeysCommand}
|
AuthorizedKeysCommand ${cfg.authorizedKeysCommand}
|
||||||
|
@ -575,13 +569,9 @@ in
|
||||||
${flip concatMapStrings cfg.hostKeys (k: ''
|
${flip concatMapStrings cfg.hostKeys (k: ''
|
||||||
HostKey ${k.path}
|
HostKey ${k.path}
|
||||||
'')}
|
'')}
|
||||||
|
|
||||||
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
|
|
||||||
Ciphers ${concatStringsSep "," cfg.ciphers}
|
|
||||||
MACs ${concatStringsSep "," cfg.macs}
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
|
assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true;
|
||||||
message = "cannot enable X11 forwarding without setting xauth location";}]
|
message = "cannot enable X11 forwarding without setting xauth location";}]
|
||||||
++ forEach cfg.listenAddresses ({ addr, ... }: {
|
++ forEach cfg.listenAddresses ({ addr, ... }: {
|
||||||
assertion = addr != null;
|
assertion = addr != null;
|
||||||
|
|
|
@ -115,7 +115,7 @@ in
|
||||||
MEILI_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.listenPort}";
|
MEILI_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.listenPort}";
|
||||||
MEILI_NO_ANALYTICS = toString cfg.noAnalytics;
|
MEILI_NO_ANALYTICS = toString cfg.noAnalytics;
|
||||||
MEILI_ENV = cfg.environment;
|
MEILI_ENV = cfg.environment;
|
||||||
MEILI_DUMPS_DIR = "/var/lib/meilisearch/dumps";
|
MEILI_DUMP_DIR = "/var/lib/meilisearch/dumps";
|
||||||
MEILI_LOG_LEVEL = cfg.logLevel;
|
MEILI_LOG_LEVEL = cfg.logLevel;
|
||||||
MEILI_MAX_INDEX_SIZE = cfg.maxIndexSize;
|
MEILI_MAX_INDEX_SIZE = cfg.maxIndexSize;
|
||||||
};
|
};
|
||||||
|
|
|
@ -55,7 +55,7 @@ in
|
||||||
options.services.kanidm = {
|
options.services.kanidm = {
|
||||||
enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client");
|
enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client");
|
||||||
enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
|
enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
|
||||||
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration.");
|
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");
|
||||||
|
|
||||||
serverSettings = lib.mkOption {
|
serverSettings = lib.mkOption {
|
||||||
type = lib.types.submodule {
|
type = lib.types.submodule {
|
||||||
|
|
|
@ -6,7 +6,7 @@ let
|
||||||
cfg = config.services.privacyidea;
|
cfg = config.services.privacyidea;
|
||||||
opt = options.services.privacyidea;
|
opt = options.services.privacyidea;
|
||||||
|
|
||||||
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python39; };
|
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python310; };
|
||||||
python = uwsgi.python3;
|
python = uwsgi.python3;
|
||||||
penv = python.withPackages (const [ pkgs.privacyidea ]);
|
penv = python.withPackages (const [ pkgs.privacyidea ]);
|
||||||
logCfg = pkgs.writeText "privacyidea-log.cfg" ''
|
logCfg = pkgs.writeText "privacyidea-log.cfg" ''
|
||||||
|
@ -41,7 +41,7 @@ let
|
||||||
|
|
||||||
piCfgFile = pkgs.writeText "privacyidea.cfg" ''
|
piCfgFile = pkgs.writeText "privacyidea.cfg" ''
|
||||||
SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ]
|
SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ]
|
||||||
SQLALCHEMY_DATABASE_URI = 'postgresql:///privacyidea'
|
SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2:///privacyidea'
|
||||||
SECRET_KEY = '${cfg.secretKey}'
|
SECRET_KEY = '${cfg.secretKey}'
|
||||||
PI_PEPPER = '${cfg.pepper}'
|
PI_PEPPER = '${cfg.pepper}'
|
||||||
PI_ENCFILE = '${cfg.encFile}'
|
PI_ENCFILE = '${cfg.encFile}'
|
||||||
|
|
|
@ -68,7 +68,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services.cloudlog = with types; {
|
options.services.cloudlog = with types; {
|
||||||
enable = mkEnableOption (mdDoc "Whether to enable Cloudlog.");
|
enable = mkEnableOption (mdDoc "Whether to enable Cloudlog");
|
||||||
dataDir = mkOption {
|
dataDir = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
default = "/var/lib/cloudlog";
|
default = "/var/lib/cloudlog";
|
||||||
|
|
|
@ -148,7 +148,7 @@ let
|
||||||
];
|
];
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
enable = mkEnableOption (lib.mdDoc "DokuWiki web application.");
|
enable = mkEnableOption (lib.mdDoc "DokuWiki web application");
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
|
|
|
@ -12,7 +12,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
services.galene = {
|
services.galene = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Galene Service.");
|
enable = mkEnableOption (lib.mdDoc "Galene Service");
|
||||||
|
|
||||||
stateDir = mkOption {
|
stateDir = mkOption {
|
||||||
default = defaultstateDir;
|
default = defaultstateDir;
|
||||||
|
|
|
@ -7,7 +7,7 @@ in {
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "hledger-web service");
|
enable = mkEnableOption (lib.mdDoc "hledger-web service");
|
||||||
|
|
||||||
serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI.");
|
serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI");
|
||||||
|
|
||||||
host = mkOption {
|
host = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
|
@ -36,7 +36,7 @@ in
|
||||||
description = lib.mdDoc "Location of Jirafeau storage directory.";
|
description = lib.mdDoc "Location of Jirafeau storage directory.";
|
||||||
};
|
};
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application.");
|
enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application");
|
||||||
|
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
|
|
|
@ -32,7 +32,7 @@ in
|
||||||
# interface
|
# interface
|
||||||
|
|
||||||
options.services.limesurvey = {
|
options.services.limesurvey = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Limesurvey web application.");
|
enable = mkEnableOption (lib.mdDoc "Limesurvey web application");
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
type = mkOption {
|
type = mkOption {
|
||||||
|
|
|
@ -35,7 +35,8 @@ let
|
||||||
|
|
||||||
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
|
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
|
||||||
mkdir -p $out
|
mkdir -p $out
|
||||||
${cfg.package}/bin/caddy fmt ${Caddyfile}/Caddyfile > $out/Caddyfile
|
cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
|
||||||
|
caddy fmt --overwrite $out/Caddyfile
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
"${if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile}/Caddyfile";
|
"${if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile}/Caddyfile";
|
||||||
|
|
|
@ -203,7 +203,8 @@ let
|
||||||
proxy_send_timeout ${cfg.proxyTimeout};
|
proxy_send_timeout ${cfg.proxyTimeout};
|
||||||
proxy_read_timeout ${cfg.proxyTimeout};
|
proxy_read_timeout ${cfg.proxyTimeout};
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
# don't let clients close the keep-alive connection to upstream
|
# don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
|
||||||
|
# https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
|
||||||
proxy_set_header "Connection" "";
|
proxy_set_header "Connection" "";
|
||||||
include ${recommendedProxyConfig};
|
include ${recommendedProxyConfig};
|
||||||
''}
|
''}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue