Project import generated by Copybara.
GitOrigin-RevId: 6d8215281b2f87a5af9ed7425a26ac575da0438f
This commit is contained in:
parent
bd3c7c090e
commit
4cb23072fc
962 changed files with 18542 additions and 20704 deletions
3
third_party/nixpkgs/.editorconfig
vendored
3
third_party/nixpkgs/.editorconfig
vendored
|
@ -61,9 +61,6 @@ trim_trailing_whitespace = unset
|
|||
[nixos/modules/services/networking/ircd-hybrid/*.{conf,in}]
|
||||
trim_trailing_whitespace = unset
|
||||
|
||||
[nixos/tests/systemd-networkd-vrf.nix]
|
||||
trim_trailing_whitespace = unset
|
||||
|
||||
[pkgs/build-support/dotnetenv/Wrapper/**]
|
||||
end_of_line = unset
|
||||
indent_style = unset
|
||||
|
|
12
third_party/nixpkgs/.github/CODEOWNERS
vendored
12
third_party/nixpkgs/.github/CODEOWNERS
vendored
|
@ -118,7 +118,7 @@
|
|||
|
||||
# Rust
|
||||
/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
|
||||
/pkgs/build-support/rust @andir @zowoq
|
||||
/pkgs/build-support/rust @zowoq
|
||||
|
||||
# Darwin-related
|
||||
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
|
||||
|
@ -279,3 +279,13 @@
|
|||
|
||||
# terraform providers
|
||||
/pkgs/applications/networking/cluster/terraform-providers @zowoq
|
||||
|
||||
# Matrix
|
||||
/pkgs/servers/heisenbridge @piegamesde
|
||||
/pkgs/servers/matrix-conduit @piegamesde @pstn
|
||||
/pkgs/servers/matrix-synapse/matrix-appservice-irc @piegamesde
|
||||
/nixos/modules/services/misc/heisenbridge.nix @piegamesde
|
||||
/nixos/modules/services/misc/matrix-appservice-irc.nix @piegamesde
|
||||
/nixos/modules/services/misc/matrix-conduit.nix @piegamesde @pstn
|
||||
/nixos/tests/matrix-appservice-irc.nix @piegamesde
|
||||
/nixos/tests/matrix-conduit.nix @piegamesde @pstn
|
||||
|
|
|
@ -227,7 +227,7 @@ digraph {
|
|||
}
|
||||
```
|
||||
|
||||
[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/merge-staging.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours.
|
||||
[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/periodic-merge-6h.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours.
|
||||
|
||||
|
||||
### Master branch {#submitting-changes-master-branch}
|
||||
|
|
|
@ -84,7 +84,7 @@ To package Dotnet applications, you can use `buildDotnetModule`. This has simila
|
|||
<ProjectReference Include="../foo/bar.fsproj" />
|
||||
<PackageReference Include="bar" Version="*" Condition=" '$(ContinuousIntegrationBuild)'=='true' "/>
|
||||
```
|
||||
* `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`.
|
||||
* `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`. This gets done in the `preFixup` phase.
|
||||
* `runtimeDeps` is used to wrap libraries into `LD_LIBRARY_PATH`. This is how dotnet usually handles runtime dependencies.
|
||||
* `buildType` is used to change the type of build. Possible values are `Release`, `Debug`, etc. By default, this is set to `Release`.
|
||||
* `dotnet-sdk` is useful in cases where you need to change what dotnet SDK is being used.
|
||||
|
|
23
third_party/nixpkgs/flake.nix
vendored
23
third_party/nixpkgs/flake.nix
vendored
|
@ -22,24 +22,6 @@
|
|||
import ./nixos/lib/eval-config.nix (args // {
|
||||
modules =
|
||||
let
|
||||
vmConfig = (import ./nixos/lib/eval-config.nix
|
||||
(args // {
|
||||
modules = modules ++ [ ./nixos/modules/virtualisation/qemu-vm.nix ];
|
||||
})).config;
|
||||
|
||||
vmWithBootLoaderConfig = (import ./nixos/lib/eval-config.nix
|
||||
(args // {
|
||||
modules = modules ++ [
|
||||
./nixos/modules/virtualisation/qemu-vm.nix
|
||||
{ virtualisation.useBootLoader = true; }
|
||||
({ config, ... }: {
|
||||
virtualisation.useEFIBoot =
|
||||
config.boot.loader.systemd-boot.enable ||
|
||||
config.boot.loader.efi.canTouchEfiVariables;
|
||||
})
|
||||
];
|
||||
})).config;
|
||||
|
||||
moduleDeclarationFile =
|
||||
let
|
||||
# Even though `modules` is a mandatory argument for `nixosSystem`, it doesn't
|
||||
|
@ -63,11 +45,6 @@
|
|||
system.nixos.versionSuffix =
|
||||
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
|
||||
system.nixos.revision = final.mkIf (self ? rev) self.rev;
|
||||
|
||||
system.build = {
|
||||
vm = vmConfig.system.build.vm;
|
||||
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
|
||||
};
|
||||
}
|
||||
];
|
||||
});
|
||||
|
|
22
third_party/nixpkgs/lib/asserts.nix
vendored
22
third_party/nixpkgs/lib/asserts.nix
vendored
|
@ -2,35 +2,33 @@
|
|||
|
||||
rec {
|
||||
|
||||
/* Print a trace message if pred is false.
|
||||
/* Throw if pred is false, else return pred.
|
||||
Intended to be used to augment asserts with helpful error messages.
|
||||
|
||||
Example:
|
||||
assertMsg false "nope"
|
||||
=> false
|
||||
stderr> trace: nope
|
||||
stderr> error: nope
|
||||
|
||||
assert (assertMsg ("foo" == "bar") "foo is not bar, silly"); ""
|
||||
stderr> trace: foo is not bar, silly
|
||||
stderr> assert failed at …
|
||||
assert assertMsg ("foo" == "bar") "foo is not bar, silly"; ""
|
||||
stderr> error: foo is not bar, silly
|
||||
|
||||
Type:
|
||||
assertMsg :: Bool -> String -> Bool
|
||||
*/
|
||||
# TODO(Profpatsch): add tests that check stderr
|
||||
assertMsg = pred: msg:
|
||||
if pred
|
||||
then true
|
||||
else builtins.trace msg false;
|
||||
pred || builtins.throw msg;
|
||||
|
||||
/* Specialized `assertMsg` for checking if val is one of the elements
|
||||
of a list. Useful for checking enums.
|
||||
|
||||
Example:
|
||||
let sslLibrary = "libressl"
|
||||
let sslLibrary = "libressl";
|
||||
in assertOneOf "sslLibrary" sslLibrary [ "openssl" "bearssl" ]
|
||||
=> false
|
||||
stderr> trace: sslLibrary must be one of "openssl", "bearssl", but is: "libressl"
|
||||
stderr> error: sslLibrary must be one of [
|
||||
stderr> "openssl"
|
||||
stderr> "bearssl"
|
||||
stderr> ], but is: "libressl"
|
||||
|
||||
Type:
|
||||
assertOneOf :: String -> ComparableVal -> List ComparableVal -> Bool
|
||||
|
|
|
@ -1950,6 +1950,12 @@
|
|||
githubId = 543423;
|
||||
name = "Alex Wied";
|
||||
};
|
||||
cfhammill = {
|
||||
email = "cfhammill@gmail.com";
|
||||
github = "cfhammill";
|
||||
githubId = 7467038;
|
||||
name = "Chris Hammill";
|
||||
};
|
||||
cfouche = {
|
||||
email = "chaddai.fouche@gmail.com";
|
||||
github = "Chaddai";
|
||||
|
@ -2854,6 +2860,12 @@
|
|||
githubId = 706758;
|
||||
name = "Christian Gerbrandt";
|
||||
};
|
||||
derekcollison = {
|
||||
email = "derek@nats.io";
|
||||
github = "derekcollison";
|
||||
githubId = 90097;
|
||||
name = "Derek Collison";
|
||||
};
|
||||
DerGuteMoritz = {
|
||||
email = "moritz@twoticketsplease.de";
|
||||
github = "DerGuteMoritz";
|
||||
|
@ -4244,6 +4256,16 @@
|
|||
githubId = 1313787;
|
||||
name = "Gabriel Gonzalez";
|
||||
};
|
||||
gador = {
|
||||
email = "florian.brandes@posteo.de";
|
||||
github = "gador";
|
||||
githubId = 1883533;
|
||||
name = "Florian Brandes";
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0xBBB3E40E53797FD9";
|
||||
fingerprint = "0200 3EF8 8D2B CF2D 8F00 FFDC BBB3 E40E 5379 7FD9";
|
||||
}];
|
||||
};
|
||||
gal_bolle = {
|
||||
email = "florent.becker@ens-lyon.org";
|
||||
github = "FlorentBecker";
|
||||
|
@ -4443,6 +4465,16 @@
|
|||
githubId = 1621335;
|
||||
name = "Andrew Trachenko";
|
||||
};
|
||||
gordias = {
|
||||
name = "Gordias";
|
||||
email = "gordias@disroot.org";
|
||||
github = "NotGordias";
|
||||
githubId = 94724133;
|
||||
keys = [{
|
||||
longkeyid = "ed25519/0x5D47284830FAA4FA";
|
||||
fingerprint = "C006 B8A0 0618 F3B6 E0E4 2ECD 5D47 2848 30FA A4FA";
|
||||
}];
|
||||
};
|
||||
govanify = {
|
||||
name = "Gauvain 'GovanifY' Roussel-Tarbouriech";
|
||||
email = "gauvain@govanify.com";
|
||||
|
@ -7138,6 +7170,12 @@
|
|||
githubId = 13791;
|
||||
name = "Luke Gorrie";
|
||||
};
|
||||
luker = {
|
||||
email = "luker@fenrirproject.org";
|
||||
github = "LucaFulchir";
|
||||
githubId = 2486026;
|
||||
name = "Luca Fulchir";
|
||||
};
|
||||
lumi = {
|
||||
email = "lumi@pew.im";
|
||||
github = "lumi-me-not";
|
||||
|
@ -8492,10 +8530,10 @@
|
|||
name = "Xinhao Luo";
|
||||
};
|
||||
newam = {
|
||||
email = "alexmgit@protonmail.com";
|
||||
email = "alex@thinglab.org";
|
||||
github = "newAM";
|
||||
githubId = 7845120;
|
||||
name = "Alex M.";
|
||||
name = "Alex Martens";
|
||||
};
|
||||
nikitavoloboev = {
|
||||
email = "nikita.voloboev@gmail.com";
|
||||
|
@ -9808,6 +9846,13 @@
|
|||
githubId = 1016742;
|
||||
name = "Rafael García";
|
||||
};
|
||||
raitobezarius = {
|
||||
email = "ryan@lahfa.xyz";
|
||||
matrix = "@raitobezarius:matrix.org";
|
||||
github = "RaitoBezarius";
|
||||
githubId = 314564;
|
||||
name = "Ryan Lahfa";
|
||||
};
|
||||
raquelgb = {
|
||||
email = "raquel.garcia.bautista@gmail.com";
|
||||
github = "raquelgb";
|
||||
|
@ -11087,6 +11132,12 @@
|
|||
fingerprint = "4242 834C D401 86EF 8281 4093 86E3 0E5A 0F5F C59C";
|
||||
}];
|
||||
};
|
||||
smasher164 = {
|
||||
email = "aindurti@gmail.com";
|
||||
github = "smasher164";
|
||||
githubId = 12636891;
|
||||
name = "Akhil Indurti";
|
||||
};
|
||||
smironov = {
|
||||
email = "grrwlf@gmail.com";
|
||||
github = "grwlf";
|
||||
|
@ -12166,6 +12217,12 @@
|
|||
githubId = 1183303;
|
||||
name = "Jakob Klepp";
|
||||
};
|
||||
trundle = {
|
||||
name = "Andreas Stührk";
|
||||
email = "andy@hammerhartes.de";
|
||||
github = "Trundle";
|
||||
githubId = 332418;
|
||||
};
|
||||
tscholak = {
|
||||
email = "torsten.scholak@googlemail.com";
|
||||
github = "tscholak";
|
||||
|
|
25
third_party/nixpkgs/nixos/default.nix
vendored
25
third_party/nixpkgs/nixos/default.nix
vendored
|
@ -9,27 +9,6 @@ let
|
|||
modules = [ configuration ];
|
||||
};
|
||||
|
||||
# This is for `nixos-rebuild build-vm'.
|
||||
vmConfig = (import ./lib/eval-config.nix {
|
||||
inherit system;
|
||||
modules = [ configuration ./modules/virtualisation/qemu-vm.nix ];
|
||||
}).config;
|
||||
|
||||
# This is for `nixos-rebuild build-vm-with-bootloader'.
|
||||
vmWithBootLoaderConfig = (import ./lib/eval-config.nix {
|
||||
inherit system;
|
||||
modules =
|
||||
[ configuration
|
||||
./modules/virtualisation/qemu-vm.nix
|
||||
{ virtualisation.useBootLoader = true; }
|
||||
({ config, ... }: {
|
||||
virtualisation.useEFIBoot =
|
||||
config.boot.loader.systemd-boot.enable ||
|
||||
config.boot.loader.efi.canTouchEfiVariables;
|
||||
})
|
||||
];
|
||||
}).config;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -37,7 +16,5 @@ in
|
|||
|
||||
system = eval.config.system.build.toplevel;
|
||||
|
||||
vm = vmConfig.system.build.vm;
|
||||
|
||||
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
|
||||
inherit (eval.config.system.build) vm vmWithBootLoader;
|
||||
}
|
||||
|
|
|
@ -1420,6 +1420,15 @@ Superuser created successfully.
|
|||
for those who want to have all RetroArch cores available.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The Linux kernel for security reasons now restricts access to
|
||||
BPF syscalls via <literal>BPF_UNPRIV_DEFAULT_OFF=y</literal>.
|
||||
Unprivileged access can be reenabled via the
|
||||
<literal>kernel.unprivileged_bpf_disabled</literal> sysctl
|
||||
knob.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-notable-changes">
|
||||
|
|
|
@ -32,10 +32,14 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Mattermost has been updated to version 6.2. Migrations may
|
||||
take a while, see the
|
||||
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release">upgrade
|
||||
notes</link>.
|
||||
Mattermost has been updated to extended support release 6.3,
|
||||
as the previously packaged extended support release 5.37 is
|
||||
<link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching
|
||||
its end of life</link>. Migrations may take a while, see the
|
||||
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link>
|
||||
and
|
||||
<link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important
|
||||
upgrade notes</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -90,6 +94,13 @@
|
|||
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://ergo.chat">ergochat</link>, a modern
|
||||
IRC with IRCv3 features. Available as
|
||||
<link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
|
||||
|
@ -150,6 +161,22 @@
|
|||
<link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://timetagger.app">timetagger</link>,
|
||||
an open source time-tracker with an intuitive user experience
|
||||
and powerful reporting.
|
||||
<link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>,
|
||||
a browser-based version of the RStudio IDE for the R
|
||||
programming language. Available as
|
||||
<link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-incompatibilities">
|
||||
|
@ -193,6 +220,13 @@
|
|||
removed due to it being an outdated version.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>mailpile</literal> email webclient
|
||||
(<literal>services.mailpile</literal>) has been removed due to
|
||||
its reliance on python2.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The MoinMoin wiki engine
|
||||
|
@ -237,6 +271,14 @@
|
|||
<literal>virtualisation.docker.daemon.settings</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The backward compatibility in
|
||||
<literal>services.dokuwiki</literal> to configure sites with
|
||||
the old interface has been removed. Please use
|
||||
<literal>services.dokuwiki.sites</literal> instead.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
opensmtpd-extras is no longer build with python2 scripting
|
||||
|
@ -311,6 +353,73 @@
|
|||
unmaintained
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
MultiMC has been replaced with the fork PolyMC due to upstream
|
||||
developers being hostile to 3rd party package maintainers.
|
||||
PolyMC removes all MultiMC branding and is aimed at providing
|
||||
proper 3rd party packages like the one contained in Nixpkgs.
|
||||
This change affects the data folder where game instances and
|
||||
other save and configuration files are stored. Users with
|
||||
existing installations should rename
|
||||
<literal>~/.local/share/multimc</literal> to
|
||||
<literal>~/.local/share/polymc</literal>. The main config
|
||||
file’s path has also moved from
|
||||
<literal>~/.local/share/multimc/multimc.cfg</literal> to
|
||||
<literal>~/.local/share/polymc/polymc.cfg</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
|
||||
favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and
|
||||
<literal>pkgs.noto-fonts-cjk-serif</literal> because they each
|
||||
have different release schedules. To maintain compatibility
|
||||
with prior releases of Nixpkgs,
|
||||
<literal>pkgs.noto-fonts-cjk</literal> is currently an alias
|
||||
of <literal>pkgs.noto-fonts-cjk-sans</literal> and doesn’t
|
||||
include serif fonts.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The interface that allows activation scripts to restart units
|
||||
has been reworked. Restarting and reloading is now done by a
|
||||
single file
|
||||
<literal>/run/nixos/activation-restart-list</literal> that
|
||||
honors <literal>restartIfChanged</literal> and
|
||||
<literal>reloadIfChanged</literal> of the units.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>services.bookstack.cacheDir</literal> option has
|
||||
been removed, since the cache directory is now handled by
|
||||
systemd.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>services.bookstack.extraConfig</literal> option
|
||||
has been replaced by
|
||||
<literal>services.bookstack.config</literal> which implements
|
||||
a
|
||||
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
|
||||
configuration.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>lib.assertMsg</literal> and
|
||||
<literal>lib.assertOneOf</literal> no longer return
|
||||
<literal>false</literal> if the passed condition is
|
||||
<literal>false</literal>, <literal>throw</literal>ing the
|
||||
given error message instead (which makes the resulting error
|
||||
message less cluttered). This will not impact the behaviour of
|
||||
code using these functions as intended, namely as top-level
|
||||
wrapper for <literal>assert</literal> conditions.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-notable-changes">
|
||||
|
@ -341,6 +450,28 @@
|
|||
socket <literal>/run/redis-${serverName}/redis.sock</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The option
|
||||
<link linkend="opt-virtualisation.vmVariant">virtualisation.vmVariant</link>
|
||||
was added to allow users to make changes to the
|
||||
<literal>nixos-rebuild build-vm</literal> configuration that
|
||||
do not apply to their normal system.
|
||||
</para>
|
||||
<para>
|
||||
The <literal>config.system.build.vm</literal> attribute now
|
||||
always exists and defaults to the value from
|
||||
<literal>vmVariant</literal>. Configurations that import the
|
||||
<literal>virtualisation/qemu-vm.nix</literal> module
|
||||
themselves will override this value, such that
|
||||
<literal>vmVariant</literal> is not used.
|
||||
</para>
|
||||
<para>
|
||||
Similarly
|
||||
<link linkend="opt-virtualisation.vmVariantWithBootLoader">virtualisation.vmVariantWithBootloader</link>
|
||||
was added.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The
|
||||
|
@ -432,6 +563,14 @@
|
|||
renamed to <literal>linux-firmware</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>services.mbpfan</literal> module was converted to
|
||||
a
|
||||
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
|
||||
0042</link> configuration.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
A new module was added for the
|
||||
|
@ -441,6 +580,49 @@
|
|||
<literal>programs.starship.settings</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.mattermost.plugins</literal> has been added
|
||||
to allow the declarative installation of Mattermost plugins.
|
||||
Plugins are automatically repackaged using autoPatchelf.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>zrepl</literal> package has been updated from
|
||||
0.4.0 to 0.5:
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
The RPC protocol version was bumped; all zrepl daemons in
|
||||
a setup must be updated and restarted before replication
|
||||
can resume.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
A bug involving encrypt-on-receive has been fixed. Read
|
||||
the
|
||||
<link xlink:href="https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder">zrepl
|
||||
documentation</link> and check the output of
|
||||
<literal>zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS</literal>
|
||||
on the receiver.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Renamed option
|
||||
<literal>services.openssh.challengeResponseAuthentication</literal>
|
||||
to
|
||||
<literal>services.openssh.kbdInteractiveAuthentication</literal>.
|
||||
Reason is that the old name has been deprecated upstream.
|
||||
Using the old option name will still work, but produce a
|
||||
warning.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -417,6 +417,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `retroArchCores` has been removed. This means that using `nixpkgs.config.retroarch` to customize RetroArch cores is not supported anymore. Instead, use package overrides, for example: `retroarch.override { cores = with libretro; [ citra snes9x ]; };`. Also, `retroarchFull` derivation is available for those who want to have all RetroArch cores available.
|
||||
|
||||
- The Linux kernel for security reasons now restricts access to BPF syscalls via `BPF_UNPRIV_DEFAULT_OFF=y`. Unprivileged access can be reenabled via the `kernel.unprivileged_bpf_disabled` sysctl knob.
|
||||
|
||||
## Other Notable Changes {#sec-release-21.11-notable-changes}
|
||||
|
||||
|
||||
|
|
|
@ -13,8 +13,9 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- PHP 8.1 is now available
|
||||
|
||||
- Mattermost has been updated to version 6.2. Migrations may take a while,
|
||||
see the [upgrade notes](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release).
|
||||
- Mattermost has been updated to extended support release 6.3, as the previously packaged extended support release 5.37 is [reaching its end of life](https://docs.mattermost.com/upgrade/extended-support-release.html).
|
||||
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
|
||||
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
|
||||
|
||||
## New Services {#sec-release-22.05-new-services}
|
||||
|
||||
|
@ -30,6 +31,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable).
|
||||
|
||||
- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](options.html#opt-services.ergochat.enable).
|
||||
|
||||
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
|
||||
|
||||
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
|
||||
|
@ -46,6 +49,12 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
|
||||
|
||||
- [timetagger](https://timetagger.app), an open source time-tracker with an intuitive user experience and powerful reporting. [services.timetagger](options.html#opt-services.timetagger.enable).
|
||||
|
||||
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](options.html#opt-services.rstudio-server.enable).
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
||||
|
||||
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
|
||||
|
@ -67,6 +76,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
|
||||
|
||||
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
|
||||
|
||||
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
|
||||
|
||||
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
|
||||
|
@ -79,6 +90,9 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
|
||||
|
||||
- The backward compatibility in `services.dokuwiki` to configure sites with the
|
||||
old interface has been removed. Please use `services.dokuwiki.sites` instead.
|
||||
|
||||
- opensmtpd-extras is no longer build with python2 scripting support due to python2 deprecation in nixpkgs
|
||||
|
||||
- The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details.
|
||||
|
@ -100,6 +114,28 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `pkgs.docbookrx` was removed since it's unmaintained
|
||||
|
||||
- MultiMC has been replaced with the fork PolyMC due to upstream developers being hostile to 3rd party package maintainers. PolyMC removes all MultiMC branding and is aimed at providing proper 3rd party packages like the one contained in Nixpkgs. This change affects the data folder where game instances and other save and configuration files are stored. Users with existing installations should rename `~/.local/share/multimc` to `~/.local/share/polymc`. The main config file's path has also moved from `~/.local/share/multimc/multimc.cfg` to `~/.local/share/polymc/polymc.cfg`.
|
||||
|
||||
- `pkgs.noto-fonts-cjk` is now deprecated in favor of `pkgs.noto-fonts-cjk-sans`
|
||||
and `pkgs.noto-fonts-cjk-serif` because they each have different release
|
||||
schedules. To maintain compatibility with prior releases of Nixpkgs,
|
||||
`pkgs.noto-fonts-cjk` is currently an alias of `pkgs.noto-fonts-cjk-sans` and
|
||||
doesn't include serif fonts.
|
||||
|
||||
- The interface that allows activation scripts to restart units has been reworked. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
|
||||
|
||||
- The `services.bookstack.cacheDir` option has been removed, since the
|
||||
cache directory is now handled by systemd.
|
||||
|
||||
- The `services.bookstack.extraConfig` option has been replaced by
|
||||
`services.bookstack.config` which implements a
|
||||
[settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md)
|
||||
configuration.
|
||||
|
||||
- `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## Other Notable Changes {#sec-release-22.05-notable-changes}
|
||||
|
||||
- The option [services.redis.servers](#opt-services.redis.servers) was added
|
||||
|
@ -118,6 +154,16 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
to the members of the Unix group `redis-${serverName}`
|
||||
through the Unix socket `/run/redis-${serverName}/redis.sock`.
|
||||
|
||||
- The option [virtualisation.vmVariant](#opt-virtualisation.vmVariant) was added
|
||||
to allow users to make changes to the `nixos-rebuild build-vm` configuration
|
||||
that do not apply to their normal system.
|
||||
|
||||
The `config.system.build.vm` attribute now always exists and defaults to the
|
||||
value from `vmVariant`. Configurations that import the `virtualisation/qemu-vm.nix`
|
||||
module themselves will override this value, such that `vmVariant` is not used.
|
||||
|
||||
Similarly [virtualisation.vmVariantWithBootloader](#opt-virtualisation.vmVariantWithBootLoader) was added.
|
||||
|
||||
- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added.
|
||||
|
||||
- The `influxdb2` package was split into `influxdb2-server` and
|
||||
|
@ -152,5 +198,20 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The `firmwareLinuxNonfree` package has been renamed to `linux-firmware`.
|
||||
|
||||
- The `services.mbpfan` module was converted to a [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
|
||||
|
||||
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
|
||||
providing the options `programs.starship.enable` and `programs.starship.settings`.
|
||||
|
||||
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
|
||||
Plugins are automatically repackaged using autoPatchelf.
|
||||
|
||||
- The `zrepl` package has been updated from 0.4.0 to 0.5:
|
||||
* The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
|
||||
* A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
|
||||
|
||||
- Renamed option `services.openssh.challengeResponseAuthentication` to `services.openssh.kbdInteractiveAuthentication`.
|
||||
Reason is that the old name has been deprecated upstream.
|
||||
Using the old option name will still work, but produce a warning.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
|
|
@ -88,13 +88,8 @@ let
|
|||
|
||||
nixosWithUserModules = noUserModules.extendModules { modules = allUserModules; };
|
||||
|
||||
in withWarnings {
|
||||
|
||||
# Merge the option definitions in all modules, forming the full
|
||||
# system configuration.
|
||||
inherit (nixosWithUserModules) config options _module type;
|
||||
|
||||
in
|
||||
withWarnings nixosWithUserModules // {
|
||||
inherit extraArgs;
|
||||
|
||||
inherit (nixosWithUserModules._module.args) pkgs;
|
||||
}
|
||||
|
|
|
@ -22,8 +22,15 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
scudo = {
|
||||
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
|
||||
scudo = let
|
||||
platformMap = {
|
||||
aarch64-linux = "aarch64";
|
||||
x86_64-linux = "x86_64";
|
||||
};
|
||||
|
||||
systemPlatform = platformMap.${pkgs.stdenv.hostPlatform.system} or (throw "scudo not supported on ${pkgs.stdenv.hostPlatform.system}");
|
||||
in {
|
||||
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";
|
||||
description = ''
|
||||
A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
|
||||
which aims at providing additional mitigations against heap based
|
||||
|
|
|
@ -94,7 +94,9 @@ with lib;
|
|||
|
||||
system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" ''
|
||||
#!ipxe
|
||||
kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams}
|
||||
# Use the cmdline variable to allow the user to specify custom kernel params
|
||||
# when chainloading this script from other iPXE scripts like netboot.xyz
|
||||
kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams} ''${cmdline}
|
||||
initrd initrd
|
||||
boot
|
||||
'';
|
||||
|
|
|
@ -182,7 +182,7 @@ in
|
|||
yandexdisk = 143;
|
||||
mxisd = 144; # was once collectd
|
||||
#consul = 145;# dynamically allocated as of 2021-09-03
|
||||
mailpile = 146;
|
||||
#mailpile = 146; # removed 2022-01-12
|
||||
redmine = 147;
|
||||
#seeks = 148; # removed 2020-06-21
|
||||
prosody = 149;
|
||||
|
@ -353,6 +353,7 @@ in
|
|||
distcc = 321;
|
||||
webdav = 322;
|
||||
pipewire = 323;
|
||||
rstudio-server = 324;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
|
@ -502,7 +503,7 @@ in
|
|||
#yandexdisk = 143; # unused
|
||||
mxisd = 144; # was once collectd
|
||||
#consul = 145; # unused
|
||||
mailpile = 146;
|
||||
#mailpile = 146; # removed 2022-01-12
|
||||
redmine = 147;
|
||||
#seeks = 148; # removed 2020-06-21
|
||||
prosody = 149;
|
||||
|
@ -660,6 +661,7 @@ in
|
|||
distcc = 321;
|
||||
webdav = 322;
|
||||
pipewire = 323;
|
||||
rstudio-server = 324;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
|
|
@ -394,6 +394,7 @@
|
|||
./services/development/hoogle.nix
|
||||
./services/development/jupyter/default.nix
|
||||
./services/development/jupyterhub/default.nix
|
||||
./services/development/rstudio-server/default.nix
|
||||
./services/development/lorri.nix
|
||||
./services/display-managers/greetd.nix
|
||||
./services/editors/emacs.nix
|
||||
|
@ -740,6 +741,7 @@
|
|||
./services/networking/ejabberd.nix
|
||||
./services/networking/epmd.nix
|
||||
./services/networking/ergo.nix
|
||||
./services/networking/ergochat.nix
|
||||
./services/networking/eternal-terminal.nix
|
||||
./services/networking/fakeroute.nix
|
||||
./services/networking/ferm.nix
|
||||
|
@ -790,7 +792,6 @@
|
|||
./services/networking/lldpd.nix
|
||||
./services/networking/logmein-hamachi.nix
|
||||
./services/networking/lxd-image-server.nix
|
||||
./services/networking/mailpile.nix
|
||||
./services/networking/magic-wormhole-mailbox-server.nix
|
||||
./services/networking/matterbridge.nix
|
||||
./services/networking/mjpg-streamer.nix
|
||||
|
@ -967,6 +968,7 @@
|
|||
./services/security/vault.nix
|
||||
./services/security/vaultwarden/default.nix
|
||||
./services/security/yubikey-agent.nix
|
||||
./services/system/cachix-agent/default.nix
|
||||
./services/system/cloud-init.nix
|
||||
./services/system/dbus.nix
|
||||
./services/system/earlyoom.nix
|
||||
|
@ -1187,6 +1189,7 @@
|
|||
./tasks/powertop.nix
|
||||
./testing/service-runner.nix
|
||||
./virtualisation/anbox.nix
|
||||
./virtualisation/build-vm.nix
|
||||
./virtualisation/container-config.nix
|
||||
./virtualisation/containerd.nix
|
||||
./virtualisation/containers.nix
|
||||
|
|
|
@ -7,6 +7,7 @@ let
|
|||
|
||||
defaultProfile = filterAttrs (k: v: v != null) {
|
||||
HomepageLocation = cfg.homepageLocation;
|
||||
DefaultSearchProviderEnabled = cfg.defaultSearchProviderEnabled;
|
||||
DefaultSearchProviderSearchURL = cfg.defaultSearchProviderSearchURL;
|
||||
DefaultSearchProviderSuggestURL = cfg.defaultSearchProviderSuggestURL;
|
||||
ExtensionInstallForcelist = cfg.extensions;
|
||||
|
@ -50,6 +51,13 @@ in
|
|||
example = "https://nixos.org";
|
||||
};
|
||||
|
||||
defaultSearchProviderEnabled = mkOption {
|
||||
type = types.nullOr types.bool;
|
||||
description = "Enable the default search provider.";
|
||||
default = null;
|
||||
example = true;
|
||||
};
|
||||
|
||||
defaultSearchProviderSearchURL = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
description = "Chromium default search provider url.";
|
||||
|
|
|
@ -7,7 +7,7 @@ let
|
|||
inherit (lib.modules) mkDefault mkIf;
|
||||
inherit (lib.options) literalExpression mkEnableOption mkOption;
|
||||
inherit (lib.strings) concatStringsSep optionalString toLower;
|
||||
inherit (lib.types) addCheck attrsOf lines nullOr package path port str strMatching submodule;
|
||||
inherit (lib.types) addCheck attrsOf lines nonEmptyStr nullOr package path port str strMatching submodule;
|
||||
|
||||
# Checks if given list of strings contains unique
|
||||
# elements when compared without considering case.
|
||||
|
@ -35,7 +35,7 @@ let
|
|||
'';
|
||||
};
|
||||
options.server = mkOption {
|
||||
type = strMatching ".+";
|
||||
type = nonEmptyStr;
|
||||
example = "tsmserver.company.com";
|
||||
description = ''
|
||||
Host/domain name or IP address of the IBM TSM server.
|
||||
|
@ -56,7 +56,7 @@ let
|
|||
'';
|
||||
};
|
||||
options.node = mkOption {
|
||||
type = strMatching ".+";
|
||||
type = nonEmptyStr;
|
||||
example = "MY-TSM-NODE";
|
||||
description = ''
|
||||
Target node name on the IBM TSM server.
|
||||
|
@ -144,7 +144,7 @@ let
|
|||
};
|
||||
config.name = mkDefault name;
|
||||
# Client system-options file directives are explained here:
|
||||
# https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.8/client/c_opt_usingopts.html
|
||||
# https://www.ibm.com/docs/en/spectrum-protect/8.1.13?topic=commands-processing-options
|
||||
config.extraConfig =
|
||||
mapAttrs (lib.trivial.const mkDefault) (
|
||||
{
|
||||
|
|
92
third_party/nixpkgs/nixos/modules/rename.nix
vendored
92
third_party/nixpkgs/nixos/modules/rename.nix
vendored
|
@ -17,35 +17,56 @@ with lib;
|
|||
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
|
||||
|
||||
# Completely removed modules
|
||||
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
||||
(mkRemovedOptionModule [ "fonts" "fontconfig" "penultimate" ] "The corresponding package has removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
|
||||
(mkRemovedOptionModule [ "hardware" "brightnessctl" ] ''
|
||||
The brightnessctl module was removed because newer versions of
|
||||
brightnessctl don't require the udev rules anymore (they can use the
|
||||
systemd-logind API). Instead of using the module you can now
|
||||
simply add the brightnessctl package to environment.systemPackages.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "hardware" "u2f" ] ''
|
||||
The U2F modules module was removed, as all it did was adding the
|
||||
udev rules from libu2f-host to the system. Udev gained native support
|
||||
to handle FIDO security tokens, so this isn't necessary anymore.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
|
||||
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
|
||||
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
|
||||
(mkRemovedOptionModule [ "security" "hideProcessInformation" ] ''
|
||||
The hidepid module was removed, since the underlying machinery
|
||||
is broken when using cgroups-v2.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "cgmanager" "enable"] "cgmanager was deprecated by lxc and therefore removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "chronos" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "couchpotato" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "deepin" ] "The corresponding packages were removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "dnscrypt-proxy" ] "Use services.dnscrypt-proxy2 instead")
|
||||
(mkRemovedOptionModule [ "services" "firefox" "syncserver" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
|
||||
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
|
||||
(mkRemovedOptionModule ["services" "cgmanager" "enable"] "cgmanager was deprecated by lxc and therefore removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "flashpolicyd" ] "The flashpolicyd module has been removed. Adobe Flash Player is deprecated.")
|
||||
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "meguca" ] "Use meguca has been removed from nixpkgs")
|
||||
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "mwlib" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
|
||||
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
|
||||
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''
|
||||
services.xserver.multitouch (which uses xf86_input_mtrack) has been removed
|
||||
as the underlying package isn't being maintained. Working alternatives are
|
||||
libinput and synaptics.
|
||||
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "prey" ] ''
|
||||
prey-bash-client is deprecated upstream
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
|
||||
(mkRemovedOptionModule [ "services" "seeks" ] "")
|
||||
(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
|
||||
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "auto" ] ''
|
||||
The services.xserver.displayManager.auto module has been removed
|
||||
because it was only intended for use in internal NixOS tests, and gave the
|
||||
|
@ -53,38 +74,13 @@ with lib;
|
|||
LightDM. Please use the services.xserver.displayManager.autoLogin options
|
||||
instead, or any other display manager in NixOS as they all support auto-login.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "dnscrypt-proxy" ] "Use services.dnscrypt-proxy2 instead")
|
||||
(mkRemovedOptionModule [ "services" "meguca" ] "Use meguca has been removed from nixpkgs")
|
||||
(mkRemovedOptionModule ["hardware" "brightnessctl" ] ''
|
||||
The brightnessctl module was removed because newer versions of
|
||||
brightnessctl don't require the udev rules anymore (they can use the
|
||||
systemd-logind API). Instead of using the module you can now
|
||||
simply add the brightnessctl package to environment.systemPackages.
|
||||
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''
|
||||
services.xserver.multitouch (which uses xf86_input_mtrack) has been removed
|
||||
as the underlying package isn't being maintained. Working alternatives are
|
||||
libinput and synaptics.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "virtualisation" "rkt" ] "The rkt module has been removed, it was archived by upstream")
|
||||
|
||||
(mkRemovedOptionModule ["services" "prey" ] ''
|
||||
prey-bash-client is deprecated upstream
|
||||
'')
|
||||
|
||||
(mkRemovedOptionModule ["hardware" "u2f" ] ''
|
||||
The U2F modules module was removed, as all it did was adding the
|
||||
udev rules from libu2f-host to the system. Udev gained native support
|
||||
to handle FIDO security tokens, so this isn't necessary anymore.
|
||||
'')
|
||||
|
||||
(mkRemovedOptionModule [ "services" "seeks" ] "")
|
||||
(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "flashpolicyd" ] "The flashpolicyd module has been removed. Adobe Flash Player is deprecated.")
|
||||
|
||||
(mkRemovedOptionModule [ "security" "hideProcessInformation" ] ''
|
||||
The hidepid module was removed, since the underlying machinery
|
||||
is broken when using cgroups-v2.
|
||||
'')
|
||||
(mkRemovedOptionModule ["services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
|
||||
|
||||
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
|
||||
|
||||
# Do NOT add any option renames here, see top of the file
|
||||
];
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@ let
|
|||
}
|
||||
trap 'on_exit' INT TERM QUIT EXIT
|
||||
|
||||
archiveName="${cfg.archiveBaseName}-$(date ${cfg.dateFormat})"
|
||||
archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})"
|
||||
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
|
||||
${cfg.preHook}
|
||||
'' + optionalString cfg.doInit ''
|
||||
|
@ -60,7 +60,7 @@ let
|
|||
'' + optionalString (cfg.prune.keep != { }) ''
|
||||
borg prune $extraArgs \
|
||||
${mkKeepArgs cfg} \
|
||||
--prefix ${escapeShellArg cfg.prune.prefix} \
|
||||
${optionalString (cfg.prune.prefix != null) "--prefix ${escapeShellArg cfg.prune.prefix} \\"}
|
||||
$extraPruneArgs
|
||||
${cfg.postPrune}
|
||||
'';
|
||||
|
@ -99,7 +99,18 @@ let
|
|||
BORG_REPO = cfg.repo;
|
||||
inherit (cfg) extraArgs extraInitArgs extraCreateArgs extraPruneArgs;
|
||||
} // (mkPassEnv cfg) // cfg.environment;
|
||||
inherit (cfg) startAt;
|
||||
};
|
||||
|
||||
mkBackupTimers = name: cfg:
|
||||
nameValuePair "borgbackup-job-${name}" {
|
||||
description = "BorgBackup job ${name} timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
Persistent = cfg.persistentTimer;
|
||||
OnCalendar = cfg.startAt;
|
||||
};
|
||||
# if remote-backup wait for network
|
||||
after = optional (cfg.persistentTimer && !isLocalPath cfg.repo) "network-online.target";
|
||||
};
|
||||
|
||||
# utility function around makeWrapper
|
||||
|
@ -284,7 +295,7 @@ in {
|
|||
};
|
||||
|
||||
archiveBaseName = mkOption {
|
||||
type = types.strMatching "[^/{}]+";
|
||||
type = types.nullOr (types.strMatching "[^/{}]+");
|
||||
default = "${globalConfig.networking.hostName}-${name}";
|
||||
defaultText = literalExpression ''"''${config.networking.hostName}-<name>"'';
|
||||
description = ''
|
||||
|
@ -292,6 +303,7 @@ in {
|
|||
determined by <option>dateFormat</option>, will be appended. The full
|
||||
name can be modified at runtime (<literal>$archiveName</literal>).
|
||||
Placeholders like <literal>{hostname}</literal> must not be used.
|
||||
Use <literal>null</literal> for no base name.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -320,6 +332,19 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
persistentTimer = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
example = true;
|
||||
description = literalDocBook ''
|
||||
Set the <literal>persistentTimer</literal> option for the
|
||||
<citerefentry><refentrytitle>systemd.timer</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>
|
||||
which triggers the backup immediately if the last trigger
|
||||
was missed (e.g. if the system was powered down).
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
|
@ -471,11 +496,11 @@ in {
|
|||
};
|
||||
|
||||
prune.prefix = mkOption {
|
||||
type = types.str;
|
||||
type = types.nullOr (types.str);
|
||||
description = ''
|
||||
Only consider archive names starting with this prefix for pruning.
|
||||
By default, only archives created by this job are considered.
|
||||
Use <literal>""</literal> to consider all archives.
|
||||
Use <literal>""</literal> or <literal>null</literal> to consider all archives.
|
||||
'';
|
||||
default = config.archiveBaseName;
|
||||
defaultText = literalExpression "archiveBaseName";
|
||||
|
@ -694,6 +719,10 @@ in {
|
|||
# A repo named "foo" is mapped to systemd.services.borgbackup-repo-foo
|
||||
// mapAttrs' mkRepoService repos;
|
||||
|
||||
# A job named "foo" is mapped to systemd.timers.borgbackup-job-foo
|
||||
# only generate the timer if interval (startAt) is set
|
||||
systemd.timers = mapAttrs' mkBackupTimers (filterAttrs (_: cfg: cfg.startAt != []) jobs);
|
||||
|
||||
users = mkMerge (mapAttrsToList mkUsersConfig repos);
|
||||
|
||||
environment.systemPackages = with pkgs; [ borgbackup ] ++ (mapAttrsToList mkBorgWrapper jobs);
|
||||
|
|
|
@ -5,7 +5,7 @@ let
|
|||
inherit (lib.attrsets) hasAttr;
|
||||
inherit (lib.modules) mkDefault mkIf;
|
||||
inherit (lib.options) mkEnableOption mkOption;
|
||||
inherit (lib.types) nullOr strMatching;
|
||||
inherit (lib.types) nonEmptyStr nullOr;
|
||||
|
||||
options.services.tsmBackup = {
|
||||
enable = mkEnableOption ''
|
||||
|
@ -15,7 +15,7 @@ let
|
|||
<option>programs.tsmClient.enable</option>
|
||||
'';
|
||||
command = mkOption {
|
||||
type = strMatching ".+";
|
||||
type = nonEmptyStr;
|
||||
default = "backup";
|
||||
example = "incr";
|
||||
description = ''
|
||||
|
@ -24,7 +24,7 @@ let
|
|||
'';
|
||||
};
|
||||
servername = mkOption {
|
||||
type = strMatching ".+";
|
||||
type = nonEmptyStr;
|
||||
example = "mainTsmServer";
|
||||
description = ''
|
||||
Create a systemd system service
|
||||
|
@ -41,7 +41,7 @@ let
|
|||
'';
|
||||
};
|
||||
autoTime = mkOption {
|
||||
type = nullOr (strMatching ".+");
|
||||
type = nullOr nonEmptyStr;
|
||||
default = null;
|
||||
example = "12:00";
|
||||
description = ''
|
||||
|
@ -87,16 +87,35 @@ in
|
|||
environment.DSM_LOG = "/var/log/tsm-backup/";
|
||||
# TSM needs a HOME dir to store certificates.
|
||||
environment.HOME = "/var/lib/tsm-backup";
|
||||
serviceConfig = {
|
||||
# for exit status description see
|
||||
# https://www.ibm.com/support/knowledgecenter/en/SSEQVQ_8.1.8/client/c_sched_rtncode.html
|
||||
serviceConfig.SuccessExitStatus = "4 8";
|
||||
# https://www.ibm.com/docs/en/spectrum-protect/8.1.13?topic=clients-client-return-codes
|
||||
SuccessExitStatus = "4 8";
|
||||
# The `-se` option must come after the command.
|
||||
# The `-optfile` option suppresses a `dsm.opt`-not-found warning.
|
||||
serviceConfig.ExecStart =
|
||||
ExecStart =
|
||||
"${cfgPrg.wrappedPackage}/bin/dsmc ${cfg.command} -se='${cfg.servername}' -optfile=/dev/null";
|
||||
serviceConfig.LogsDirectory = "tsm-backup";
|
||||
serviceConfig.StateDirectory = "tsm-backup";
|
||||
serviceConfig.StateDirectoryMode = "0750";
|
||||
LogsDirectory = "tsm-backup";
|
||||
StateDirectory = "tsm-backup";
|
||||
StateDirectoryMode = "0750";
|
||||
# systemd sandboxing
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
#PrivateTmp = true; # would break backup of {/var,}/tmp
|
||||
#PrivateUsers = true; # would block backup of /home/*
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = "read-only";
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "noaccess";
|
||||
ProtectSystem = "strict";
|
||||
RestrictNamespaces = true;
|
||||
RestrictSUIDSGID = true;
|
||||
};
|
||||
startAt = mkIf (cfg.autoTime!=null) cfg.autoTime;
|
||||
};
|
||||
};
|
||||
|
|
107
third_party/nixpkgs/nixos/modules/services/development/rstudio-server/default.nix
vendored
Normal file
107
third_party/nixpkgs/nixos/modules/services/development/rstudio-server/default.nix
vendored
Normal file
|
@ -0,0 +1,107 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.rstudio-server;
|
||||
|
||||
rserver-conf = builtins.toFile "rserver.conf" ''
|
||||
server-working-dir=${cfg.serverWorkingDir}
|
||||
www-address=${cfg.listenAddr}
|
||||
${cfg.rserverExtraConfig}
|
||||
'';
|
||||
|
||||
rsession-conf = builtins.toFile "rsession.conf" ''
|
||||
${cfg.rsessionExtraConfig}
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
meta.maintainers = with maintainers; [ jbedo cfhammill ];
|
||||
|
||||
options.services.rstudio-server = {
|
||||
enable = mkEnableOption "RStudio server";
|
||||
|
||||
serverWorkingDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/rstudio-server";
|
||||
description = ''
|
||||
Default working directory for server (server-working-dir in rserver.conf).
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddr = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
Address to listen on (www-address in rserver.conf).
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.rstudio-server;
|
||||
defaultText = literalExpression "pkgs.rstudio-server";
|
||||
example = literalExpression "pkgs.rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; }";
|
||||
description = ''
|
||||
Rstudio server package to use. Can be set to rstudioServerWrapper to provide packages.
|
||||
'';
|
||||
};
|
||||
|
||||
rserverExtraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra contents for rserver.conf.
|
||||
'';
|
||||
};
|
||||
|
||||
rsessionExtraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra contents for resssion.conf.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable
|
||||
{
|
||||
systemd.services.rstudio-server = {
|
||||
description = "Rstudio server";
|
||||
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
restartTriggers = [ rserver-conf rsession-conf ];
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
Type = "forking";
|
||||
ExecStart = "${cfg.package}/bin/rserver";
|
||||
StateDirectory = "rstudio-server";
|
||||
RuntimeDirectory = "rstudio-server";
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"rstudio/rserver.conf".source = rserver-conf;
|
||||
"rstudio/rsession.conf".source = rsession-conf;
|
||||
"pam.d/rstudio".source = "/etc/pam.d/login";
|
||||
};
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
users = {
|
||||
users.rstudio-server = {
|
||||
uid = config.ids.uids.rstudio-server;
|
||||
description = "rstudio-server";
|
||||
group = "rstudio-server";
|
||||
};
|
||||
groups.rstudio-server = {
|
||||
gid = config.ids.gids.rstudio-server;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -4,7 +4,8 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.thermald;
|
||||
in {
|
||||
in
|
||||
{
|
||||
###### interface
|
||||
options = {
|
||||
services.thermald = {
|
||||
|
@ -41,6 +42,7 @@ in {
|
|||
description = "Thermal Daemon Service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
PrivateNetwork = true;
|
||||
ExecStart = ''
|
||||
${cfg.package}/sbin/thermald \
|
||||
--no-daemon \
|
||||
|
|
|
@ -84,7 +84,7 @@ in
|
|||
} // (if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then {
|
||||
# https://gitlab.com/ananicy-cpp/ananicy-cpp/-/blob/master/src/config.cpp#L12
|
||||
loglevel = mkOD "warn"; # default is info but its spammy
|
||||
cgroup_realtime_workaround = mkOD true;
|
||||
cgroup_realtime_workaround = mkOD config.systemd.enableUnifiedCgroupHierarchy;
|
||||
} else {
|
||||
# https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf
|
||||
check_disks_schedulers = mkOD true;
|
||||
|
|
|
@ -21,6 +21,8 @@ let
|
|||
<para>
|
||||
This must be in a format usable by findmnt; that could be a key=value
|
||||
pair, or a bare path to a mount point.
|
||||
Using bare paths will allow systemd to start the beesd service only
|
||||
after mounting the associated path.
|
||||
'';
|
||||
example = "LABEL=MyBulkDataDrive";
|
||||
};
|
||||
|
@ -122,6 +124,7 @@ in
|
|||
StartupIOWeight = 25;
|
||||
SyslogIdentifier = "beesd"; # would otherwise be "bees-service-wrapper"
|
||||
};
|
||||
unitConfig.RequiresMountsFor = lib.mkIf (lib.hasPrefix "/" fs.spec) fs.spec;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
})
|
||||
cfg.filesystems;
|
||||
|
|
|
@ -23,7 +23,7 @@ let
|
|||
in
|
||||
{
|
||||
options.services.heisenbridge = {
|
||||
enable = mkEnableOption "A bouncer-style Matrix IRC bridge";
|
||||
enable = mkEnableOption "the Matrix to IRC bridge";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
|
@ -172,25 +172,39 @@ in
|
|||
++ (map (lib.escapeShellArg) cfg.extraArgs)
|
||||
);
|
||||
|
||||
ProtectHome = true;
|
||||
PrivateDevices = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
StateDirectory = "heisenbridge";
|
||||
StateDirectoryMode = "755";
|
||||
# Hardening options
|
||||
|
||||
User = "heisenbridge";
|
||||
Group = "heisenbridge";
|
||||
RuntimeDirectory = "heisenbridge";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
StateDirectory = "heisenbridge";
|
||||
StateDirectoryMode = "0755";
|
||||
|
||||
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || cfg.identd.port < 1024) "CAP_NET_BIND_SERVICE";
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectControlGroups = true;
|
||||
RestrictSUIDSGID = true;
|
||||
PrivateMounts = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectProc = "invisible";
|
||||
ProcSubset = "pid";
|
||||
RestrictNamespaces = true;
|
||||
RemoveIPC = true;
|
||||
UMask = "0077";
|
||||
|
||||
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || (cfg.identd.enable && cfg.identd.port < 1024)) "CAP_NET_BIND_SERVICE";
|
||||
AmbientCapabilities = CapabilityBoundingSet;
|
||||
NoNewPrivileges = true;
|
||||
|
||||
LockPersonality = true;
|
||||
RestrictRealtime = true;
|
||||
PrivateMounts = true;
|
||||
SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap";
|
||||
SystemCallFilter = ["@system-service" "~@priviledged" "@chown"];
|
||||
SystemCallArchitectures = "native";
|
||||
RestrictAddressFamilies = "AF_INET AF_INET6";
|
||||
};
|
||||
|
|
|
@ -5,6 +5,8 @@ with lib;
|
|||
let
|
||||
cfg = config.services.mbpfan;
|
||||
verbose = if cfg.verbose then "v" else "";
|
||||
settingsFormat = pkgs.formats.ini {};
|
||||
settingsFile = settingsFormat.generate "config.conf" cfg.settings;
|
||||
|
||||
in {
|
||||
options.services.mbpfan = {
|
||||
|
@ -19,54 +21,6 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
minFanSpeed = mkOption {
|
||||
type = types.int;
|
||||
default = 2000;
|
||||
description = ''
|
||||
The minimum fan speed.
|
||||
'';
|
||||
};
|
||||
|
||||
maxFanSpeed = mkOption {
|
||||
type = types.int;
|
||||
default = 6200;
|
||||
description = ''
|
||||
The maximum fan speed.
|
||||
'';
|
||||
};
|
||||
|
||||
lowTemp = mkOption {
|
||||
type = types.int;
|
||||
default = 63;
|
||||
description = ''
|
||||
The low temperature.
|
||||
'';
|
||||
};
|
||||
|
||||
highTemp = mkOption {
|
||||
type = types.int;
|
||||
default = 66;
|
||||
description = ''
|
||||
The high temperature.
|
||||
'';
|
||||
};
|
||||
|
||||
maxTemp = mkOption {
|
||||
type = types.int;
|
||||
default = 86;
|
||||
description = ''
|
||||
The maximum temperature.
|
||||
'';
|
||||
};
|
||||
|
||||
pollingInterval = mkOption {
|
||||
type = types.int;
|
||||
default = 7;
|
||||
description = ''
|
||||
The polling interval.
|
||||
'';
|
||||
};
|
||||
|
||||
verbose = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -74,23 +28,61 @@ in {
|
|||
If true, sets the log level to verbose.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
default = {};
|
||||
description = "The INI configuration for Mbpfan.";
|
||||
type = types.submodule {
|
||||
freeformType = settingsFormat.type;
|
||||
|
||||
options.general.min_fan1_speed = mkOption {
|
||||
type = types.int;
|
||||
default = 2000;
|
||||
description = "The minimum fan speed.";
|
||||
};
|
||||
options.general.max_fan1_speed = mkOption {
|
||||
type = types.int;
|
||||
default = 6199;
|
||||
description = "The maximum fan speed.";
|
||||
};
|
||||
options.general.low_temp = mkOption {
|
||||
type = types.int;
|
||||
default = 55;
|
||||
description = "The low temperature.";
|
||||
};
|
||||
options.general.high_temp = mkOption {
|
||||
type = types.int;
|
||||
default = 58;
|
||||
description = "The high temperature.";
|
||||
};
|
||||
options.general.max_temp = mkOption {
|
||||
type = types.int;
|
||||
default = 86;
|
||||
description = "The maximum temperature.";
|
||||
};
|
||||
options.general.polling_interval = mkOption {
|
||||
type = types.int;
|
||||
default = 1;
|
||||
description = "The polling interval.";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "mbpfan" "pollingInterval" ] [ "services" "mbpfan" "settings" "general" "polling_interval" ])
|
||||
(mkRenamedOptionModule [ "services" "mbpfan" "maxTemp" ] [ "services" "mbpfan" "settings" "general" "max_temp" ])
|
||||
(mkRenamedOptionModule [ "services" "mbpfan" "lowTemp" ] [ "services" "mbpfan" "settings" "general" "low_temp" ])
|
||||
(mkRenamedOptionModule [ "services" "mbpfan" "highTemp" ] [ "services" "mbpfan" "settings" "general" "high_temp" ])
|
||||
(mkRenamedOptionModule [ "services" "mbpfan" "minFanSpeed" ] [ "services" "mbpfan" "settings" "general" "min_fan1_speed" ])
|
||||
(mkRenamedOptionModule [ "services" "mbpfan" "maxFanSpeed" ] [ "services" "mbpfan" "settings" "general" "max_fan1_speed" ])
|
||||
];
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
boot.kernelModules = [ "coretemp" "applesmc" ];
|
||||
|
||||
environment = {
|
||||
etc."mbpfan.conf".text = ''
|
||||
[general]
|
||||
min_fan_speed = ${toString cfg.minFanSpeed}
|
||||
max_fan_speed = ${toString cfg.maxFanSpeed}
|
||||
low_temp = ${toString cfg.lowTemp}
|
||||
high_temp = ${toString cfg.highTemp}
|
||||
max_temp = ${toString cfg.maxTemp}
|
||||
polling_interval = ${toString cfg.pollingInterval}
|
||||
'';
|
||||
systemPackages = [ cfg.package ];
|
||||
};
|
||||
environment.etc."mbpfan.conf".source = settingsFile;
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.mbpfan = {
|
||||
description = "A fan manager daemon for MacBook Pro";
|
||||
|
|
|
@ -87,6 +87,22 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.settings != { }
|
||||
-> (hasAttrByPath [ "dns" "bind_host" ] cfg.settings)
|
||||
|| (hasAttrByPath [ "dns" "bind_hosts" ] cfg.settings);
|
||||
message =
|
||||
"AdGuard setting dns.bind_host or dns.bind_hosts needs to be configured for a minimal working configuration";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings != { }
|
||||
-> hasAttrByPath [ "dns" "bootstrap_dns" ] cfg.settings;
|
||||
message =
|
||||
"AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services.adguardhome = {
|
||||
description = "AdGuard Home: Network-level blocker";
|
||||
after = [ "network.target" ];
|
||||
|
@ -96,7 +112,7 @@ in {
|
|||
StartLimitBurst = 10;
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
preStart = optionalString (cfg.settings != { }) ''
|
||||
if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \
|
||||
&& [ "${toString cfg.mutableSettings}" = "1" ]; then
|
||||
# Writing directly to AdGuardHome.yaml results in empty file
|
||||
|
|
|
@ -29,9 +29,9 @@ let
|
|||
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
|
||||
|
||||
preStart = ''
|
||||
install --owner ddclient -m600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf
|
||||
install ${configFile} /run/${RuntimeDirectory}/ddclient.conf
|
||||
${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
|
||||
install --owner ddclient -m600 ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
|
||||
install ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
|
||||
'' else if (cfg.passwordFile != null) then ''
|
||||
password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")")
|
||||
sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf
|
||||
|
|
155
third_party/nixpkgs/nixos/modules/services/networking/ergochat.nix
vendored
Normal file
155
third_party/nixpkgs/nixos/modules/services/networking/ergochat.nix
vendored
Normal file
|
@ -0,0 +1,155 @@
|
|||
{ config, lib, options, pkgs, ... }: let
|
||||
cfg = config.services.ergochat;
|
||||
in {
|
||||
options = {
|
||||
services.ergochat = {
|
||||
|
||||
enable = lib.mkEnableOption "Ergo IRC daemon";
|
||||
|
||||
openFilesLimit = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 1024;
|
||||
description = ''
|
||||
Maximum number of open files. Limits the clients and server connections.
|
||||
'';
|
||||
};
|
||||
|
||||
configFile = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = (pkgs.formats.yaml {}).generate "ergo.conf" cfg.settings;
|
||||
defaultText = "generated config file from <literal>.settings</literal>";
|
||||
description = ''
|
||||
Path to configuration file.
|
||||
Setting this will skip any configuration done via <literal>.settings</literal>
|
||||
'';
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = (pkgs.formats.yaml {}).type;
|
||||
description = ''
|
||||
Ergo IRC daemon configuration file.
|
||||
https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
|
||||
'';
|
||||
default = {
|
||||
network = {
|
||||
name = "testnetwork";
|
||||
};
|
||||
server = {
|
||||
name = "example.com";
|
||||
listeners = {
|
||||
":6667" = {};
|
||||
};
|
||||
casemapping = "permissive";
|
||||
enforce-utf = true;
|
||||
lookup-hostnames = false;
|
||||
ip-cloaking = {
|
||||
enabled = false;
|
||||
};
|
||||
forward-confirm-hostnames = false;
|
||||
check-ident = false;
|
||||
relaymsg = {
|
||||
enabled = false;
|
||||
};
|
||||
max-sendq = "1M";
|
||||
ip-limits = {
|
||||
count = false;
|
||||
throttle = false;
|
||||
};
|
||||
};
|
||||
datastore = {
|
||||
autoupgrade = true;
|
||||
# this points to the StateDirectory of the systemd service
|
||||
path = "/var/lib/ergo/ircd.db";
|
||||
};
|
||||
accounts = {
|
||||
authentication-enabled = true;
|
||||
registration = {
|
||||
enabled = true;
|
||||
allow-before-connect = true;
|
||||
throttling = {
|
||||
enabled = true;
|
||||
duration = "10m";
|
||||
max-attempts = 30;
|
||||
};
|
||||
bcrypt-cost = 4;
|
||||
email-verification.enabled = false;
|
||||
};
|
||||
multiclient = {
|
||||
enabled = true;
|
||||
allowed-by-default = true;
|
||||
always-on = "opt-out";
|
||||
auto-away = "opt-out";
|
||||
};
|
||||
};
|
||||
channels = {
|
||||
default-modes = "+ntC";
|
||||
registration = {
|
||||
enabled = true;
|
||||
};
|
||||
};
|
||||
limits = {
|
||||
nicklen = 32;
|
||||
identlen = 20;
|
||||
channellen = 64;
|
||||
awaylen = 390;
|
||||
kicklen = 390;
|
||||
topiclen = 390;
|
||||
};
|
||||
history = {
|
||||
enabled = true;
|
||||
channel-length = 2048;
|
||||
client-length = 256;
|
||||
autoresize-window = "3d";
|
||||
autoreplay-on-join = 0;
|
||||
chathistory-maxmessages = 100;
|
||||
znc-maxmessages = 2048;
|
||||
restrictions = {
|
||||
expire-time = "1w";
|
||||
query-cutoff = "none";
|
||||
grace-period = "1h";
|
||||
};
|
||||
retention = {
|
||||
allow-individual-delete = false;
|
||||
enable-account-indexing = false;
|
||||
};
|
||||
tagmsg-storage = {
|
||||
default = false;
|
||||
whitelist = [
|
||||
"+draft/react"
|
||||
"+react"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
environment.etc."ergo.yaml".source = cfg.configFile;
|
||||
|
||||
# merge configured values with default values
|
||||
services.ergochat.settings =
|
||||
lib.mapAttrsRecursive (_: lib.mkDefault) options.services.ergochat.settings.default;
|
||||
|
||||
systemd.services.ergochat = {
|
||||
description = "Ergo IRC daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# reload is not applying the changed config. further investigation is needed
|
||||
# at some point this should be enabled, since we don't want to restart for
|
||||
# every config change
|
||||
# reloadIfChanged = true;
|
||||
restartTriggers = [ cfg.configFile ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.ergochat}/bin/ergo run --conf /etc/ergo.yaml";
|
||||
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||
DynamicUser = true;
|
||||
StateDirectory = "ergo";
|
||||
LimitNOFILE = toString cfg.openFilesLimit;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
meta.maintainers = with lib.maintainers; [ lassulus tv ];
|
||||
}
|
|
@ -1,74 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.mailpile;
|
||||
|
||||
hostname = cfg.hostname;
|
||||
port = cfg.port;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.mailpile = {
|
||||
enable = mkEnableOption "Mailpile the mail client";
|
||||
|
||||
hostname = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Listen to this hostname or ip.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 33411;
|
||||
description = "Listen on this port.";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.mailpile.enable {
|
||||
|
||||
users.users.mailpile =
|
||||
{ uid = config.ids.uids.mailpile;
|
||||
description = "Mailpile user";
|
||||
createHome = true;
|
||||
home = "/var/lib/mailpile";
|
||||
};
|
||||
|
||||
users.groups.mailpile =
|
||||
{ gid = config.ids.gids.mailpile;
|
||||
};
|
||||
|
||||
systemd.services.mailpile =
|
||||
{
|
||||
description = "Mailpile server.";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "mailpile";
|
||||
ExecStart = "${pkgs.mailpile}/bin/mailpile --www ${hostname}:${port} --wait";
|
||||
# mixed - first send SIGINT to main process,
|
||||
# then after 2min send SIGKILL to whole group if neccessary
|
||||
KillMode = "mixed";
|
||||
KillSignal = "SIGINT"; # like Ctrl+C - safe mailpile shutdown
|
||||
TimeoutSec = 120; # wait 2min untill SIGKILL
|
||||
};
|
||||
environment.MAILPILE_HOME = "/var/lib/mailpile/.local/share/Mailpile";
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.mailpile ];
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -136,7 +136,7 @@ let
|
|||
+ concatStringsSep "\n"
|
||||
(plainLines
|
||||
++ optional (plainLines != []) ''
|
||||
${pkgs.mosquitto}/bin/mosquitto_passwd -U "$file"
|
||||
${cfg.package}/bin/mosquitto_passwd -U "$file"
|
||||
''
|
||||
++ hashedLines));
|
||||
|
||||
|
@ -444,6 +444,15 @@ let
|
|||
globalOptions = with types; {
|
||||
enable = mkEnableOption "the MQTT Mosquitto broker";
|
||||
|
||||
package = mkOption {
|
||||
type = package;
|
||||
default = pkgs.mosquitto;
|
||||
defaultText = literalExpression "pkgs.mosquitto";
|
||||
description = ''
|
||||
Mosquitto package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
bridges = mkOption {
|
||||
type = attrsOf bridgeOptions;
|
||||
default = {};
|
||||
|
@ -556,7 +565,7 @@ in
|
|||
systemd.services.mosquitto = {
|
||||
description = "Mosquitto MQTT Broker Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
NotifyAccess = "main";
|
||||
|
@ -565,7 +574,7 @@ in
|
|||
RuntimeDirectory = "mosquitto";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
Restart = "on-failure";
|
||||
ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${configFile}";
|
||||
ExecStart = "${cfg.package}/bin/mosquitto -c ${configFile}";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
|
||||
# Hardening
|
||||
|
|
|
@ -26,6 +26,12 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Open ports in the firewall for nix-serve.";
|
||||
};
|
||||
|
||||
secretKeyFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
@ -77,5 +83,9 @@ in
|
|||
"NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.port ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -81,6 +81,7 @@ in
|
|||
imports = [
|
||||
(mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
|
||||
(mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
|
||||
(mkRenamedOptionModule [ "services" "openssh" "challengeResponseAuthentication" ] [ "services" "openssh" "kbdInteractiveAuthentication" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
@ -218,11 +219,11 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
challengeResponseAuthentication = mkOption {
|
||||
kbdInteractiveAuthentication = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Specifies whether challenge/response authentication is allowed.
|
||||
Specifies whether keyboard-interactive authentication is allowed.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -534,7 +535,7 @@ in
|
|||
PermitRootLogin ${cfg.permitRootLogin}
|
||||
GatewayPorts ${cfg.gatewayPorts}
|
||||
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
|
||||
ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
|
||||
KbdInteractiveAuthentication ${if cfg.kbdInteractiveAuthentication then "yes" else "no"}
|
||||
|
||||
PrintMotd no # handled by pam_motd
|
||||
|
||||
|
|
|
@ -468,7 +468,7 @@ in {
|
|||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Whether to open the default ports in the firewall: TCP 22000 for transfers
|
||||
Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers
|
||||
and UDP 21027 for discovery.
|
||||
|
||||
If multiple users are running Syncthing on this machine, you will need
|
||||
|
@ -504,7 +504,7 @@ in {
|
|||
|
||||
networking.firewall = mkIf cfg.openDefaultPorts {
|
||||
allowedTCPPorts = [ 22000 ];
|
||||
allowedUDPPorts = [ 21027 ];
|
||||
allowedUDPPorts = [ 21027 22000 ];
|
||||
};
|
||||
|
||||
systemd.packages = [ pkgs.syncthing ];
|
||||
|
|
57
third_party/nixpkgs/nixos/modules/services/system/cachix-agent/default.nix
vendored
Normal file
57
third_party/nixpkgs/nixos/modules/services/system/cachix-agent/default.nix
vendored
Normal file
|
@ -0,0 +1,57 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.cachix-agent;
|
||||
in {
|
||||
meta.maintainers = [ lib.maintainers.domenkozar ];
|
||||
|
||||
options.services.cachix-agent = {
|
||||
enable = mkEnableOption "Cachix Deploy Agent: https://docs.cachix.org/deploy/";
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
description = "Agent name, usually same as the hostname";
|
||||
default = config.networking.hostName;
|
||||
defaultText = "config.networking.hostName";
|
||||
};
|
||||
|
||||
profile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "Profile name, defaults to 'system' (NixOS).";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.cachix;
|
||||
defaultText = literalExpression "pkgs.cachix";
|
||||
description = "Cachix Client package to use.";
|
||||
};
|
||||
|
||||
credentialsFile = mkOption {
|
||||
type = types.path;
|
||||
default = "/etc/cachix-agent.token";
|
||||
description = ''
|
||||
Required file that needs to contain CACHIX_AGENT_TOKEN=...
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.cachix-agent = {
|
||||
description = "Cachix Deploy Agent";
|
||||
after = ["network-online.target"];
|
||||
path = [ config.nix.package ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# don't restart while changing
|
||||
reloadIfChanged = true;
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
EnvironmentFile = cfg.credentialsFile;
|
||||
ExecStart = "${cfg.package}/bin/cachix deploy agent ${cfg.name} ${if cfg.profile != null then profile else ""}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -24,8 +24,14 @@ let
|
|||
$sudo ${pkgs.php}/bin/php artisan $*
|
||||
'';
|
||||
|
||||
tlsEnabled = cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "bookstack" "extraConfig" ] "Use services.bookstack.config instead.")
|
||||
(mkRemovedOptionModule [ "services" "bookstack" "cacheDir" ] "The cache directory is now handled automatically.")
|
||||
];
|
||||
|
||||
options.services.bookstack = {
|
||||
|
||||
enable = mkEnableOption "BookStack";
|
||||
|
@ -44,28 +50,38 @@ in {
|
|||
|
||||
appKeyFile = mkOption {
|
||||
description = ''
|
||||
A file containing the AppKey.
|
||||
Used for encryption where needed. Can be generated with <code>head -c 32 /dev/urandom| base64</code> and must be prefixed with <literal>base64:</literal>.
|
||||
A file containing the Laravel APP_KEY - a 32 character long,
|
||||
base64 encoded key used for encryption where needed. Can be
|
||||
generated with <code>head -c 32 /dev/urandom | base64</code>.
|
||||
'';
|
||||
example = "/run/keys/bookstack-appkey";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
hostname = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = if config.networking.domain != null then
|
||||
config.networking.fqdn
|
||||
else
|
||||
config.networking.hostName;
|
||||
defaultText = lib.literalExpression "config.networking.fqdn";
|
||||
example = "bookstack.example.com";
|
||||
description = ''
|
||||
The hostname to serve BookStack on.
|
||||
'';
|
||||
};
|
||||
|
||||
appURL = mkOption {
|
||||
description = ''
|
||||
The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
|
||||
If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan bookstack:update-url https://old.example.com https://new.example.com</code>
|
||||
'';
|
||||
default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostname}";
|
||||
defaultText = ''http''${lib.optionalString tlsEnabled "s"}://''${cfg.hostname}'';
|
||||
example = "https://example.com";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
cacheDir = mkOption {
|
||||
description = "BookStack cache directory";
|
||||
default = "/var/cache/bookstack";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
description = "BookStack data directory";
|
||||
default = "/var/lib/bookstack";
|
||||
|
@ -202,16 +218,59 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.nullOr types.lines;
|
||||
default = null;
|
||||
example = ''
|
||||
ALLOWED_IFRAME_HOSTS="https://example.com"
|
||||
WKHTMLTOPDF=/home/user/bins/wkhtmltopdf
|
||||
config = mkOption {
|
||||
type = with types;
|
||||
attrsOf
|
||||
(nullOr
|
||||
(either
|
||||
(oneOf [
|
||||
bool
|
||||
int
|
||||
port
|
||||
path
|
||||
str
|
||||
])
|
||||
(submodule {
|
||||
options = {
|
||||
_secret = mkOption {
|
||||
type = nullOr str;
|
||||
description = ''
|
||||
The path to a file containing the value the
|
||||
option should be set to in the final
|
||||
configuration file.
|
||||
'';
|
||||
};
|
||||
};
|
||||
})));
|
||||
default = {};
|
||||
example = literalExpression ''
|
||||
{
|
||||
ALLOWED_IFRAME_HOSTS = "https://example.com";
|
||||
WKHTMLTOPDF = "/home/user/bins/wkhtmltopdf";
|
||||
AUTH_METHOD = "oidc";
|
||||
OIDC_NAME = "MyLogin";
|
||||
OIDC_DISPLAY_NAME_CLAIMS = "name";
|
||||
OIDC_CLIENT_ID = "bookstack";
|
||||
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret"};
|
||||
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
|
||||
OIDC_ISSUER_DISCOVER = true;
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Lines to be appended verbatim to the BookStack configuration.
|
||||
Refer to <link xlink:href="https://www.bookstackapp.com/docs/"/> for details on supported values.
|
||||
BookStack configuration options to set in the
|
||||
<filename>.env</filename> file.
|
||||
|
||||
Refer to <link xlink:href="https://www.bookstackapp.com/docs/"/>
|
||||
for details on supported values.
|
||||
|
||||
Settings containing secret data should be set to an attribute
|
||||
set containing the attribute <literal>_secret</literal> - a
|
||||
string pointing to a file containing the value the option
|
||||
should be set to. See the example to get a better picture of
|
||||
this: in the resulting <filename>.env</filename> file, the
|
||||
<literal>OIDC_CLIENT_SECRET</literal> key will be set to the
|
||||
contents of the <filename>/run/keys/oidc_secret</filename>
|
||||
file.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -228,6 +287,30 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
services.bookstack.config = {
|
||||
APP_KEY._secret = cfg.appKeyFile;
|
||||
APP_URL = cfg.appURL;
|
||||
DB_HOST = db.host;
|
||||
DB_PORT = db.port;
|
||||
DB_DATABASE = db.name;
|
||||
DB_USERNAME = db.user;
|
||||
MAIL_DRIVER = mail.driver;
|
||||
MAIL_FROM_NAME = mail.fromName;
|
||||
MAIL_FROM = mail.from;
|
||||
MAIL_HOST = mail.host;
|
||||
MAIL_PORT = mail.port;
|
||||
MAIL_USERNAME = mail.user;
|
||||
MAIL_ENCRYPTION = mail.encryption;
|
||||
DB_PASSWORD._secret = db.passwordFile;
|
||||
MAIL_PASSWORD._secret = mail.passwordFile;
|
||||
APP_SERVICES_CACHE = "/run/bookstack/cache/services.php";
|
||||
APP_PACKAGES_CACHE = "/run/bookstack/cache/packages.php";
|
||||
APP_CONFIG_CACHE = "/run/bookstack/cache/config.php";
|
||||
APP_ROUTES_CACHE = "/run/bookstack/cache/routes-v7.php";
|
||||
APP_EVENTS_CACHE = "/run/bookstack/cache/events.php";
|
||||
SESSION_SECURE_COOKIE = tlsEnabled;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ artisan ];
|
||||
|
||||
services.mysql = mkIf db.createLocally {
|
||||
|
@ -258,24 +341,19 @@ in {
|
|||
|
||||
services.nginx = {
|
||||
enable = mkDefault true;
|
||||
virtualHosts.bookstack = mkMerge [ cfg.nginx {
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
virtualHosts.${cfg.hostname} = mkMerge [ cfg.nginx {
|
||||
root = mkForce "${bookstack}/public";
|
||||
extraConfig = optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;";
|
||||
locations = {
|
||||
"/" = {
|
||||
index = "index.php";
|
||||
extraConfig = ''try_files $uri $uri/ /index.php?$query_string;'';
|
||||
tryFiles = "$uri $uri/ /index.php?$query_string";
|
||||
};
|
||||
"~ \.php$" = {
|
||||
extraConfig = ''
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
||||
"~ \.php$".extraConfig = ''
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."bookstack".socket};
|
||||
${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;"}
|
||||
'';
|
||||
};
|
||||
"~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
|
||||
extraConfig = "expires 365d;";
|
||||
};
|
||||
|
@ -290,50 +368,54 @@ in {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = user;
|
||||
WorkingDirectory = "${bookstack}";
|
||||
RuntimeDirectory = "bookstack/cache";
|
||||
RuntimeDirectoryMode = 0700;
|
||||
};
|
||||
script = ''
|
||||
path = [ pkgs.replace-secret ];
|
||||
script =
|
||||
let
|
||||
isSecret = v: isAttrs v && v ? _secret && isString v._secret;
|
||||
bookstackEnvVars = lib.generators.toKeyValue {
|
||||
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
|
||||
mkValueString = v: with builtins;
|
||||
if isInt v then toString v
|
||||
else if isString v then v
|
||||
else if true == v then "true"
|
||||
else if false == v then "false"
|
||||
else if isSecret v then v._secret
|
||||
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
|
||||
};
|
||||
};
|
||||
secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.config);
|
||||
mkSecretReplacement = file: ''
|
||||
replace-secret ${escapeShellArgs [ file file "${cfg.dataDir}/.env" ]}
|
||||
'';
|
||||
secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
|
||||
filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ {} null ])) cfg.config;
|
||||
bookstackEnv = pkgs.writeText "bookstack.env" (bookstackEnvVars filteredConfig);
|
||||
in ''
|
||||
# error handling
|
||||
set -euo pipefail
|
||||
|
||||
# set permissions
|
||||
umask 077
|
||||
|
||||
# create .env file
|
||||
echo "
|
||||
APP_KEY=base64:$(head -n1 ${cfg.appKeyFile})
|
||||
APP_URL=${cfg.appURL}
|
||||
DB_HOST=${db.host}
|
||||
DB_PORT=${toString db.port}
|
||||
DB_DATABASE=${db.name}
|
||||
DB_USERNAME=${db.user}
|
||||
MAIL_DRIVER=${mail.driver}
|
||||
MAIL_FROM_NAME=\"${mail.fromName}\"
|
||||
MAIL_FROM=${mail.from}
|
||||
MAIL_HOST=${mail.host}
|
||||
MAIL_PORT=${toString mail.port}
|
||||
${optionalString (mail.user != null) "MAIL_USERNAME=${mail.user};"}
|
||||
${optionalString (mail.encryption != null) "MAIL_ENCRYPTION=${mail.encryption};"}
|
||||
${optionalString (db.passwordFile != null) "DB_PASSWORD=$(head -n1 ${db.passwordFile})"}
|
||||
${optionalString (mail.passwordFile != null) "MAIL_PASSWORD=$(head -n1 ${mail.passwordFile})"}
|
||||
APP_SERVICES_CACHE=${cfg.cacheDir}/services.php
|
||||
APP_PACKAGES_CACHE=${cfg.cacheDir}/packages.php
|
||||
APP_CONFIG_CACHE=${cfg.cacheDir}/config.php
|
||||
APP_ROUTES_CACHE=${cfg.cacheDir}/routes-v7.php
|
||||
APP_EVENTS_CACHE=${cfg.cacheDir}/events.php
|
||||
${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "SESSION_SECURE_COOKIE=true"}
|
||||
${toString cfg.extraConfig}
|
||||
" > "${cfg.dataDir}/.env"
|
||||
install -T -m 0600 -o ${user} ${bookstackEnv} "${cfg.dataDir}/.env"
|
||||
${secretReplacements}
|
||||
if ! grep 'APP_KEY=base64:' "${cfg.dataDir}/.env" >/dev/null; then
|
||||
sed -i 's/APP_KEY=/APP_KEY=base64:/' "${cfg.dataDir}/.env"
|
||||
fi
|
||||
|
||||
# migrate db
|
||||
${pkgs.php}/bin/php artisan migrate --force
|
||||
|
||||
# clear & create caches (needed in case of update)
|
||||
${pkgs.php}/bin/php artisan cache:clear
|
||||
${pkgs.php}/bin/php artisan config:clear
|
||||
${pkgs.php}/bin/php artisan view:clear
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.cacheDir} 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir} 0710 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/public 0750 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/public/uploads 0750 ${user} ${group} - -"
|
||||
|
|
|
@ -1,20 +1,14 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types maintainers recursiveUpdate;
|
||||
inherit (lib) any attrValues concatMapStrings concatMapStringsSep flatten literalExpression;
|
||||
inherit (lib) filterAttrs mapAttrs mapAttrs' mapAttrsToList nameValuePair optional optionalAttrs optionalString;
|
||||
with lib;
|
||||
|
||||
cfg = migrateOldAttrs config.services.dokuwiki;
|
||||
let
|
||||
cfg = config.services.dokuwiki;
|
||||
eachSite = cfg.sites;
|
||||
user = "dokuwiki";
|
||||
webserver = config.services.${cfg.webserver};
|
||||
stateDir = hostName: "/var/lib/dokuwiki/${hostName}/data";
|
||||
|
||||
# Migrate config.services.dokuwiki.<hostName> to config.services.dokuwiki.sites.<hostName>
|
||||
oldSites = filterAttrs (o: _: o != "sites" && o != "webserver");
|
||||
migrateOldAttrs = cfg: cfg // { sites = cfg.sites // oldSites cfg; };
|
||||
|
||||
dokuwikiAclAuthConfig = hostName: cfg: pkgs.writeText "acl.auth-${hostName}.php" ''
|
||||
# acl.auth.php
|
||||
# <?php exit()?>
|
||||
|
@ -257,10 +251,7 @@ in
|
|||
options = {
|
||||
services.dokuwiki = mkOption {
|
||||
type = types.submodule {
|
||||
# Used to support old interface
|
||||
freeformType = types.attrsOf (types.submodule siteOpts);
|
||||
|
||||
# New interface
|
||||
options.sites = mkOption {
|
||||
type = types.attrsOf (types.submodule siteOpts);
|
||||
default = {};
|
||||
|
@ -301,8 +292,6 @@ in
|
|||
}
|
||||
]) eachSite);
|
||||
|
||||
warnings = mapAttrsToList (hostName: _: ''services.dokuwiki."${hostName}" is deprecated use services.dokuwiki.sites."${hostName}"'') (oldSites cfg);
|
||||
|
||||
services.phpfpm.pools = mapAttrs' (hostName: cfg: (
|
||||
nameValuePair "dokuwiki-${hostName}" {
|
||||
inherit user;
|
||||
|
|
|
@ -3,12 +3,25 @@
|
|||
let
|
||||
cfg = config.services.keycloak;
|
||||
opt = options.services.keycloak;
|
||||
|
||||
inherit (lib) types mkOption concatStringsSep mapAttrsToList
|
||||
escapeShellArg recursiveUpdate optionalAttrs boolToString mkOrder
|
||||
sort filterAttrs concatMapStringsSep concatStrings mkIf
|
||||
optionalString optionals mkDefault literalExpression hasSuffix
|
||||
foldl' isAttrs filter attrNames elem literalDocBook
|
||||
maintainers;
|
||||
|
||||
inherit (builtins) match typeOf;
|
||||
in
|
||||
{
|
||||
options.services.keycloak = {
|
||||
|
||||
enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
options.services.keycloak =
|
||||
let
|
||||
inherit (types) bool str nullOr attrsOf path enum anything
|
||||
package port;
|
||||
in
|
||||
{
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
|
@ -17,8 +30,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
bindAddress = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
bindAddress = mkOption {
|
||||
type = str;
|
||||
default = "\${jboss.bind.address:0.0.0.0}";
|
||||
example = "127.0.0.1";
|
||||
description = ''
|
||||
|
@ -29,8 +42,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
httpPort = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
httpPort = mkOption {
|
||||
type = str;
|
||||
default = "\${jboss.http.port:80}";
|
||||
example = "8080";
|
||||
description = ''
|
||||
|
@ -41,8 +54,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
httpsPort = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
httpsPort = mkOption {
|
||||
type = str;
|
||||
default = "\${jboss.https.port:443}";
|
||||
example = "8443";
|
||||
description = ''
|
||||
|
@ -53,9 +66,13 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
frontendUrl = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
apply = x: if lib.hasSuffix "/" x then x else x + "/";
|
||||
frontendUrl = mkOption {
|
||||
type = str;
|
||||
apply = x:
|
||||
if x == "" || hasSuffix "/" x then
|
||||
x
|
||||
else
|
||||
x + "/";
|
||||
example = "keycloak.example.com/auth";
|
||||
description = ''
|
||||
The public URL used as base for all frontend requests. Should
|
||||
|
@ -67,8 +84,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
forceBackendUrlToFrontendUrl = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
forceBackendUrlToFrontendUrl = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
|
@ -86,8 +103,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
sslCertificate = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
sslCertificate = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
example = "/run/keys/ssl_cert";
|
||||
description = ''
|
||||
|
@ -99,8 +116,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
sslCertificateKey = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
sslCertificateKey = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
example = "/run/keys/ssl_key";
|
||||
description = ''
|
||||
|
@ -113,8 +130,8 @@ in
|
|||
};
|
||||
|
||||
database = {
|
||||
type = lib.mkOption {
|
||||
type = lib.types.enum [ "mysql" "postgresql" ];
|
||||
type = mkOption {
|
||||
type = enum [ "mysql" "postgresql" ];
|
||||
default = "postgresql";
|
||||
example = "mysql";
|
||||
description = ''
|
||||
|
@ -122,8 +139,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
host = mkOption {
|
||||
type = str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
Hostname of the database to connect to.
|
||||
|
@ -137,27 +154,27 @@ in
|
|||
mysql = 3306;
|
||||
};
|
||||
in
|
||||
lib.mkOption {
|
||||
type = lib.types.port;
|
||||
mkOption {
|
||||
type = port;
|
||||
default = dbPorts.${cfg.database.type};
|
||||
defaultText = lib.literalDocBook "default port of selected database";
|
||||
defaultText = literalDocBook "default port of selected database";
|
||||
description = ''
|
||||
Port of the database to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
useSSL = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
useSSL = mkOption {
|
||||
type = bool;
|
||||
default = cfg.database.host != "localhost";
|
||||
defaultText = lib.literalExpression ''config.${opt.database.host} != "localhost"'';
|
||||
defaultText = literalExpression ''config.${opt.database.host} != "localhost"'';
|
||||
description = ''
|
||||
Whether the database connection should be secured by SSL /
|
||||
TLS.
|
||||
'';
|
||||
};
|
||||
|
||||
caCert = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
caCert = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
description = ''
|
||||
The SSL / TLS CA certificate that verifies the identity of the
|
||||
|
@ -171,8 +188,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
createLocally = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
createLocally = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether a database should be automatically created on the
|
||||
|
@ -182,8 +199,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
username = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
username = mkOption {
|
||||
type = str;
|
||||
default = "keycloak";
|
||||
description = ''
|
||||
Username to use when connecting to an external or manually
|
||||
|
@ -198,8 +215,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
passwordFile = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
passwordFile = mkOption {
|
||||
type = path;
|
||||
example = "/run/keys/db_password";
|
||||
description = ''
|
||||
File containing the database password.
|
||||
|
@ -210,17 +227,17 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
package = mkOption {
|
||||
type = package;
|
||||
default = pkgs.keycloak;
|
||||
defaultText = lib.literalExpression "pkgs.keycloak";
|
||||
defaultText = literalExpression "pkgs.keycloak";
|
||||
description = ''
|
||||
Keycloak package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
initialAdminPassword = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
initialAdminPassword = mkOption {
|
||||
type = str;
|
||||
default = "changeme";
|
||||
description = ''
|
||||
Initial password set for the <literal>admin</literal>
|
||||
|
@ -229,10 +246,24 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraConfig = lib.mkOption {
|
||||
type = lib.types.attrs;
|
||||
themes = mkOption {
|
||||
type = attrsOf package;
|
||||
default = { };
|
||||
example = lib.literalExpression ''
|
||||
description = ''
|
||||
Additional theme packages for Keycloak. Each theme is linked into
|
||||
subdirectory with a corresponding attribute name.
|
||||
|
||||
Theme packages consist of several subdirectories which provide
|
||||
different theme types: for example, <literal>account</literal>,
|
||||
<literal>login</literal> etc. After adding a theme to this option you
|
||||
can select it by its name in Keycloak administration console.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = attrsOf anything;
|
||||
default = { };
|
||||
example = literalExpression ''
|
||||
{
|
||||
"subsystem=keycloak-server" = {
|
||||
"spi=hostname" = {
|
||||
|
@ -289,16 +320,46 @@ in
|
|||
${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.database.caCert} -keystore $out -storepass notsosecretpassword -noprompt
|
||||
'';
|
||||
|
||||
keycloakConfig' = builtins.foldl' lib.recursiveUpdate {
|
||||
# Both theme and theme type directories need to be actual directories in one hierarchy to pass Keycloak checks.
|
||||
themesBundle = pkgs.runCommand "keycloak-themes" { } ''
|
||||
linkTheme() {
|
||||
theme="$1"
|
||||
name="$2"
|
||||
|
||||
mkdir "$out/$name"
|
||||
for typeDir in "$theme"/*; do
|
||||
if [ -d "$typeDir" ]; then
|
||||
type="$(basename "$typeDir")"
|
||||
mkdir "$out/$name/$type"
|
||||
for file in "$typeDir"/*; do
|
||||
ln -sn "$file" "$out/$name/$type/$(basename "$file")"
|
||||
done
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
mkdir -p "$out"
|
||||
for theme in ${cfg.package}/themes/*; do
|
||||
if [ -d "$theme" ]; then
|
||||
linkTheme "$theme" "$(basename "$theme")"
|
||||
fi
|
||||
done
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (name: theme: "linkTheme ${theme} ${escapeShellArg name}") cfg.themes)}
|
||||
'';
|
||||
|
||||
keycloakConfig' = foldl' recursiveUpdate
|
||||
{
|
||||
"interface=public".inet-address = cfg.bindAddress;
|
||||
"socket-binding-group=standard-sockets"."socket-binding=http".port = cfg.httpPort;
|
||||
"subsystem=keycloak-server"."spi=hostname" = {
|
||||
"provider=default" = {
|
||||
"subsystem=keycloak-server" = {
|
||||
"spi=hostname"."provider=default" = {
|
||||
enabled = true;
|
||||
properties = {
|
||||
inherit (cfg) frontendUrl forceBackendUrlToFrontendUrl;
|
||||
};
|
||||
};
|
||||
"theme=defaults".dir = toString themesBundle;
|
||||
};
|
||||
"subsystem=datasources"."data-source=KeycloakDS" = {
|
||||
max-pool-size = "20";
|
||||
|
@ -306,7 +367,7 @@ in
|
|||
password = "@db-password@";
|
||||
};
|
||||
} [
|
||||
(lib.optionalAttrs (cfg.database.type == "postgresql") {
|
||||
(optionalAttrs (cfg.database.type == "postgresql") {
|
||||
"subsystem=datasources" = {
|
||||
"jdbc-driver=postgresql" = {
|
||||
driver-module-name = "org.postgresql";
|
||||
|
@ -314,16 +375,16 @@ in
|
|||
driver-xa-datasource-class-name = "org.postgresql.xa.PGXADataSource";
|
||||
};
|
||||
"data-source=KeycloakDS" = {
|
||||
connection-url = "jdbc:postgresql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
|
||||
connection-url = "jdbc:postgresql://${cfg.database.host}:${toString cfg.database.port}/keycloak";
|
||||
driver-name = "postgresql";
|
||||
"connection-properties=ssl".value = lib.boolToString cfg.database.useSSL;
|
||||
} // (lib.optionalAttrs (cfg.database.caCert != null) {
|
||||
"connection-properties=ssl".value = boolToString cfg.database.useSSL;
|
||||
} // (optionalAttrs (cfg.database.caCert != null) {
|
||||
"connection-properties=sslrootcert".value = cfg.database.caCert;
|
||||
"connection-properties=sslmode".value = "verify-ca";
|
||||
});
|
||||
};
|
||||
})
|
||||
(lib.optionalAttrs (cfg.database.type == "mysql") {
|
||||
(optionalAttrs (cfg.database.type == "mysql") {
|
||||
"subsystem=datasources" = {
|
||||
"jdbc-driver=mysql" = {
|
||||
driver-module-name = "com.mysql";
|
||||
|
@ -331,28 +392,40 @@ in
|
|||
driver-class-name = "com.mysql.jdbc.Driver";
|
||||
};
|
||||
"data-source=KeycloakDS" = {
|
||||
connection-url = "jdbc:mysql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
|
||||
connection-url = "jdbc:mysql://${cfg.database.host}:${toString cfg.database.port}/keycloak";
|
||||
driver-name = "mysql";
|
||||
"connection-properties=useSSL".value = lib.boolToString cfg.database.useSSL;
|
||||
"connection-properties=requireSSL".value = lib.boolToString cfg.database.useSSL;
|
||||
"connection-properties=verifyServerCertificate".value = lib.boolToString cfg.database.useSSL;
|
||||
"connection-properties=useSSL".value = boolToString cfg.database.useSSL;
|
||||
"connection-properties=requireSSL".value = boolToString cfg.database.useSSL;
|
||||
"connection-properties=verifyServerCertificate".value = boolToString cfg.database.useSSL;
|
||||
"connection-properties=characterEncoding".value = "UTF-8";
|
||||
valid-connection-checker-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker";
|
||||
validate-on-match = true;
|
||||
exception-sorter-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter";
|
||||
} // (lib.optionalAttrs (cfg.database.caCert != null) {
|
||||
} // (optionalAttrs (cfg.database.caCert != null) {
|
||||
"connection-properties=trustCertificateKeyStoreUrl".value = "file:${mySqlCaKeystore}";
|
||||
"connection-properties=trustCertificateKeyStorePassword".value = "notsosecretpassword";
|
||||
});
|
||||
};
|
||||
})
|
||||
(lib.optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
|
||||
(optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
|
||||
"socket-binding-group=standard-sockets"."socket-binding=https".port = cfg.httpsPort;
|
||||
"core-service=management"."security-realm=UndertowRealm"."server-identity=ssl" = {
|
||||
keystore-path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
|
||||
keystore-password = "notsosecretpassword";
|
||||
"subsystem=elytron" = mkOrder 900 {
|
||||
"key-store=httpsKS" = mkOrder 900 {
|
||||
path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
|
||||
credential-reference.clear-text = "notsosecretpassword";
|
||||
type = "JKS";
|
||||
};
|
||||
"key-manager=httpsKM" = mkOrder 901 {
|
||||
key-store = "httpsKS";
|
||||
credential-reference.clear-text = "notsosecretpassword";
|
||||
};
|
||||
"server-ssl-context=httpsSSC" = mkOrder 902 {
|
||||
key-manager = "httpsKM";
|
||||
};
|
||||
};
|
||||
"subsystem=undertow" = mkOrder 901 {
|
||||
"server=default-server"."https-listener=https".ssl-context = "httpsSSC";
|
||||
};
|
||||
"subsystem=undertow"."server=default-server"."https-listener=https".security-realm = "UndertowRealm";
|
||||
})
|
||||
cfg.extraConfig
|
||||
];
|
||||
|
@ -441,39 +514,40 @@ in
|
|||
# with `expression` to evaluate.
|
||||
prefixExpression = string:
|
||||
let
|
||||
match = (builtins.match ''"\$\{.*}"'' string);
|
||||
matchResult = match ''"\$\{.*}"'' string;
|
||||
in
|
||||
if match != null then
|
||||
if matchResult != null then
|
||||
"expression " + string
|
||||
else
|
||||
string;
|
||||
|
||||
writeAttribute = attribute: value:
|
||||
let
|
||||
type = builtins.typeOf value;
|
||||
type = typeOf value;
|
||||
in
|
||||
if type == "set" then
|
||||
let
|
||||
names = builtins.attrNames value;
|
||||
names = attrNames value;
|
||||
in
|
||||
builtins.foldl' (text: name: text + (writeAttribute "${attribute}.${name}" value.${name})) "" names
|
||||
foldl' (text: name: text + (writeAttribute "${attribute}.${name}" value.${name})) "" names
|
||||
else if value == null then ''
|
||||
if (outcome == success) of ${path}:read-attribute(name="${attribute}")
|
||||
${path}:undefine-attribute(name="${attribute}")
|
||||
end-if
|
||||
''
|
||||
else if builtins.elem type [ "string" "path" "bool" ] then
|
||||
else if elem type [ "string" "path" "bool" ] then
|
||||
let
|
||||
value' = if type == "bool" then lib.boolToString value else ''"${value}"'';
|
||||
in ''
|
||||
value' = if type == "bool" then boolToString value else ''"${value}"'';
|
||||
in
|
||||
''
|
||||
if (result != ${prefixExpression value'}) of ${path}:read-attribute(name="${attribute}")
|
||||
${path}:write-attribute(name=${attribute}, value=${value'})
|
||||
end-if
|
||||
''
|
||||
else throw "Unsupported type '${type}' for path '${path}'!";
|
||||
in
|
||||
lib.concatStrings
|
||||
(lib.mapAttrsToList
|
||||
concatStrings
|
||||
(mapAttrsToList
|
||||
(attribute: value: (writeAttribute attribute value))
|
||||
set);
|
||||
|
||||
|
@ -498,68 +572,78 @@ in
|
|||
let
|
||||
makeArg = attribute: value:
|
||||
let
|
||||
type = builtins.typeOf value;
|
||||
type = typeOf value;
|
||||
in
|
||||
if type == "set" then
|
||||
"${attribute} = { " + (makeArgList value) + " }"
|
||||
else if builtins.elem type [ "string" "path" "bool" ] then
|
||||
"${attribute} = ${if type == "bool" then lib.boolToString value else ''"${value}"''}"
|
||||
else if elem type [ "string" "path" "bool" ] then
|
||||
"${attribute} = ${if type == "bool" then boolToString value else ''"${value}"''}"
|
||||
else if value == null then
|
||||
""
|
||||
else
|
||||
throw "Unsupported type '${type}' for attribute '${attribute}'!";
|
||||
|
||||
in
|
||||
lib.concatStringsSep ", " (lib.mapAttrsToList makeArg set);
|
||||
concatStringsSep ", " (mapAttrsToList makeArg set);
|
||||
|
||||
|
||||
/* Recurses into the `attrs` attrset, beginning at the path
|
||||
resolved from `state.path ++ node`; if `node` is `null`,
|
||||
starts from `state.path`. Only subattrsets that are JBoss
|
||||
paths, i.e. follows the `key=value` format, are recursed
|
||||
/* Recurses into the `nodeValue` attrset. Only subattrsets that
|
||||
are JBoss paths, i.e. follows the `key=value` format, are recursed
|
||||
into - the rest are considered JBoss attributes / maps.
|
||||
*/
|
||||
recurse = state: node:
|
||||
recurse = nodePath: nodeValue:
|
||||
let
|
||||
path = state.path ++ (lib.optional (node != null) node);
|
||||
nodeContent =
|
||||
if isAttrs nodeValue && nodeValue._type or "" == "order" then
|
||||
nodeValue.content
|
||||
else
|
||||
nodeValue;
|
||||
isPath = name:
|
||||
let
|
||||
value = lib.getAttrFromPath (path ++ [ name ]) attrs;
|
||||
value = nodeContent.${name};
|
||||
in
|
||||
if (builtins.match ".*([=]).*" name) == [ "=" ] then
|
||||
if builtins.isAttrs value || value == null then
|
||||
if (match ".*([=]).*" name) == [ "=" ] then
|
||||
if isAttrs value || value == null then
|
||||
true
|
||||
else
|
||||
throw "Parsing path '${lib.concatStringsSep "." (path ++ [ name ])}' failed: JBoss attributes cannot contain '='!"
|
||||
throw "Parsing path '${concatStringsSep "." (nodePath ++ [ name ])}' failed: JBoss attributes cannot contain '='!"
|
||||
else
|
||||
false;
|
||||
jbossPath = "/" + (lib.concatStringsSep "/" path);
|
||||
nodeValue = lib.getAttrFromPath path attrs;
|
||||
children = if !builtins.isAttrs nodeValue then {} else nodeValue;
|
||||
subPaths = builtins.filter isPath (builtins.attrNames children);
|
||||
jbossAttrs = lib.filterAttrs (name: _: !(isPath name)) children;
|
||||
jbossPath = "/" + concatStringsSep "/" nodePath;
|
||||
children = if !isAttrs nodeContent then { } else nodeContent;
|
||||
subPaths = filter isPath (attrNames children);
|
||||
getPriority = name:
|
||||
let
|
||||
value = children.${name};
|
||||
in
|
||||
state // {
|
||||
text = state.text + (
|
||||
if nodeValue != null then ''
|
||||
if value._type or "" == "order" then value.priority else 1000;
|
||||
orderedSubPaths = sort (a: b: getPriority a < getPriority b) subPaths;
|
||||
jbossAttrs = filterAttrs (name: _: !(isPath name)) children;
|
||||
text =
|
||||
if nodeContent != null then
|
||||
''
|
||||
if (outcome != success) of ${jbossPath}:read-resource()
|
||||
${jbossPath}:add(${makeArgList jbossAttrs})
|
||||
end-if
|
||||
'' + (writeAttributes jbossPath jbossAttrs)
|
||||
else ''
|
||||
'' + writeAttributes jbossPath jbossAttrs
|
||||
else
|
||||
''
|
||||
if (outcome == success) of ${jbossPath}:read-resource()
|
||||
${jbossPath}:remove()
|
||||
end-if
|
||||
'') + (builtins.foldl' recurse { text = ""; inherit path; } subPaths).text;
|
||||
};
|
||||
'';
|
||||
in
|
||||
(recurse { text = ""; path = []; } null).text;
|
||||
|
||||
text + concatMapStringsSep "\n" (name: recurse (nodePath ++ [ name ]) children.${name}) orderedSubPaths;
|
||||
in
|
||||
recurse [ ] attrs;
|
||||
|
||||
jbossCliScript = pkgs.writeText "jboss-cli-script" (mkJbossScript keycloakConfig');
|
||||
|
||||
keycloakConfig = pkgs.runCommand "keycloak-config" {
|
||||
keycloakConfig = pkgs.runCommand "keycloak-config"
|
||||
{
|
||||
nativeBuildInputs = [ cfg.package ];
|
||||
} ''
|
||||
}
|
||||
''
|
||||
export JBOSS_BASE_DIR="$(pwd -P)";
|
||||
export JBOSS_MODULEPATH="${cfg.package}/modules";
|
||||
export JBOSS_LOG_DIR="$JBOSS_BASE_DIR/log";
|
||||
|
@ -588,8 +672,8 @@ in
|
|||
cp configuration/standalone.xml $out
|
||||
'';
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
|
||||
mkIf cfg.enable
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null);
|
||||
|
@ -599,7 +683,7 @@ in
|
|||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.keycloakPostgreSQLInit = lib.mkIf createLocalPostgreSQL {
|
||||
systemd.services.keycloakPostgreSQLInit = mkIf createLocalPostgreSQL {
|
||||
after = [ "postgresql.service" ];
|
||||
before = [ "keycloak.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
|
@ -623,7 +707,7 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
systemd.services.keycloakMySQLInit = lib.mkIf createLocalMySQL {
|
||||
systemd.services.keycloakMySQLInit = mkIf createLocalMySQL {
|
||||
after = [ "mysql.service" ];
|
||||
before = [ "keycloak.service" ];
|
||||
bindsTo = [ "mysql.service" ];
|
||||
|
@ -650,13 +734,16 @@ in
|
|||
let
|
||||
databaseServices =
|
||||
if createLocalPostgreSQL then [
|
||||
"keycloakPostgreSQLInit.service" "postgresql.service"
|
||||
"keycloakPostgreSQLInit.service"
|
||||
"postgresql.service"
|
||||
]
|
||||
else if createLocalMySQL then [
|
||||
"keycloakMySQLInit.service" "mysql.service"
|
||||
"keycloakMySQLInit.service"
|
||||
"mysql.service"
|
||||
]
|
||||
else [ ];
|
||||
in {
|
||||
in
|
||||
{
|
||||
after = databaseServices;
|
||||
bindsTo = databaseServices;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -671,52 +758,16 @@ in
|
|||
JBOSS_MODULEPATH = "${cfg.package}/modules";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStartPre = let
|
||||
startPreFullPrivileges = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
umask u=rwx,g=,o=
|
||||
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.database.passwordFile}' /run/keycloak/secrets/db_password
|
||||
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificate}' /run/keycloak/secrets/ssl_cert
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificateKey}' /run/keycloak/secrets/ssl_key
|
||||
'';
|
||||
startPre = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
umask u=rwx,g=,o=
|
||||
|
||||
install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration
|
||||
install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml
|
||||
|
||||
replace-secret '@db-password@' '/run/keycloak/secrets/db_password' /run/keycloak/configuration/standalone.xml
|
||||
|
||||
export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration
|
||||
add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
|
||||
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
|
||||
pushd /run/keycloak/ssl/
|
||||
cat /run/keycloak/secrets/ssl_cert <(echo) \
|
||||
/run/keycloak/secrets/ssl_key <(echo) \
|
||||
/etc/ssl/certs/ca-certificates.crt \
|
||||
> allcerts.pem
|
||||
openssl pkcs12 -export -in /run/keycloak/secrets/ssl_cert -inkey /run/keycloak/secrets/ssl_key -chain \
|
||||
-name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \
|
||||
-CAfile allcerts.pem -passout pass:notsosecretpassword
|
||||
popd
|
||||
'';
|
||||
in [
|
||||
"+${pkgs.writeShellScript "keycloak-start-pre-full-privileges" startPreFullPrivileges}"
|
||||
"${pkgs.writeShellScript "keycloak-start-pre" startPre}"
|
||||
LoadCredential = [
|
||||
"db_password:${cfg.database.passwordFile}"
|
||||
] ++ optionals (cfg.sslCertificate != null && cfg.sslCertificateKey != null) [
|
||||
"ssl_cert:${cfg.sslCertificate}"
|
||||
"ssl_key:${cfg.sslCertificateKey}"
|
||||
];
|
||||
ExecStart = "${cfg.package}/bin/standalone.sh";
|
||||
User = "keycloak";
|
||||
Group = "keycloak";
|
||||
DynamicUser = true;
|
||||
RuntimeDirectory = map (p: "keycloak/" + p) [
|
||||
"secrets"
|
||||
"configuration"
|
||||
"deployments"
|
||||
"data"
|
||||
|
@ -728,13 +779,39 @@ in
|
|||
LogsDirectory = "keycloak";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
script = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
umask u=rwx,g=,o=
|
||||
|
||||
install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration
|
||||
install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml
|
||||
|
||||
replace-secret '@db-password@' "$CREDENTIALS_DIRECTORY/db_password" /run/keycloak/configuration/standalone.xml
|
||||
|
||||
export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration
|
||||
add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
|
||||
'' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
|
||||
pushd /run/keycloak/ssl/
|
||||
cat "$CREDENTIALS_DIRECTORY/ssl_cert" <(echo) \
|
||||
"$CREDENTIALS_DIRECTORY/ssl_key" <(echo) \
|
||||
/etc/ssl/certs/ca-certificates.crt \
|
||||
> allcerts.pem
|
||||
openssl pkcs12 -export -in "$CREDENTIALS_DIRECTORY/ssl_cert" -inkey "$CREDENTIALS_DIRECTORY/ssl_key" -chain \
|
||||
-name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \
|
||||
-CAfile allcerts.pem -passout pass:notsosecretpassword
|
||||
popd
|
||||
'' + ''
|
||||
${cfg.package}/bin/standalone.sh
|
||||
'';
|
||||
};
|
||||
|
||||
services.postgresql.enable = lib.mkDefault createLocalPostgreSQL;
|
||||
services.mysql.enable = lib.mkDefault createLocalMySQL;
|
||||
services.mysql.package = lib.mkIf createLocalMySQL pkgs.mariadb;
|
||||
services.postgresql.enable = mkDefault createLocalPostgreSQL;
|
||||
services.mysql.enable = mkDefault createLocalMySQL;
|
||||
services.mysql.package = mkIf createLocalMySQL pkgs.mariadb;
|
||||
};
|
||||
|
||||
meta.doc = ./keycloak.xml;
|
||||
meta.maintainers = [ lib.maintainers.talyz ];
|
||||
meta.maintainers = [ maintainers.talyz ];
|
||||
}
|
||||
|
|
|
@ -85,7 +85,12 @@
|
|||
The frontend URL is used as base for all frontend requests and
|
||||
must be configured through <xref linkend="opt-services.keycloak.frontendUrl" />.
|
||||
It should normally include a trailing <literal>/auth</literal>
|
||||
(the default web context).
|
||||
(the default web context). If you use a reverse proxy, you need
|
||||
to set this option to <literal>""</literal>, so that frontend URL
|
||||
is derived from HTTP headers. <literal>X-Forwarded-*</literal> headers
|
||||
support also should be enabled, using <link
|
||||
xlink:href="https://www.keycloak.org/docs/latest/server_installation/index.html#identifying-client-ip-addresses">
|
||||
respective guidelines</link>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
@ -131,6 +136,17 @@
|
|||
</warning>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-keycloak-themes">
|
||||
<title>Themes</title>
|
||||
<para>
|
||||
You can package custom themes and make them visible to Keycloak via
|
||||
<xref linkend="opt-services.keycloak.themes" />
|
||||
option. See the <link xlink:href="https://www.keycloak.org/docs/latest/server_development/#_themes">
|
||||
Themes section of the Keycloak Server Development Guide</link>
|
||||
and respective NixOS option description for more information.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-keycloak-extra-config">
|
||||
<title>Additional configuration</title>
|
||||
<para>
|
||||
|
|
|
@ -181,7 +181,7 @@ in
|
|||
description = ''
|
||||
Plugins to add to the configuration. Overrides any installed if non-null.
|
||||
This is a list of paths to .tar.gz files or derivations evaluating to
|
||||
.tar.gz files. All entries will be passed to `mattermost plugin add`.
|
||||
.tar.gz files.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -21,12 +21,10 @@ in {
|
|||
|
||||
type = settingsFormat.type;
|
||||
|
||||
example = literalExample ''
|
||||
{
|
||||
example = {
|
||||
secret = "mysecret";
|
||||
storeDir = "/srv/http/nginx/prosody-upload";
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
defaultText = literalExpression ''
|
||||
{
|
||||
|
|
80
third_party/nixpkgs/nixos/modules/services/web-apps/timetagger.nix
vendored
Normal file
80
third_party/nixpkgs/nixos/modules/services/web-apps/timetagger.nix
vendored
Normal file
|
@ -0,0 +1,80 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkEnableOption mkIf mkOption types literalExpression;
|
||||
|
||||
cfg = config.services.timetagger;
|
||||
in {
|
||||
|
||||
options = {
|
||||
services.timetagger = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Tag your time, get the insight
|
||||
|
||||
<note><para>
|
||||
This app does not do authentication.
|
||||
You must setup authentication yourself or run it in an environment where
|
||||
only allowed users have access.
|
||||
</para></note>
|
||||
'';
|
||||
};
|
||||
|
||||
bindAddr = mkOption {
|
||||
description = "Address to bind to.";
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
description = "Port to bind to.";
|
||||
type = types.port;
|
||||
default = 8080;
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
description = ''
|
||||
Use own package for starting timetagger web application.
|
||||
|
||||
The ${literalExpression ''pkgs.timetagger''} package only provides a
|
||||
"run.py" script for the actual package
|
||||
${literalExpression ''pkgs.python3Packages.timetagger''}.
|
||||
|
||||
If you want to provide a "run.py" script for starting timetagger
|
||||
yourself, you can do so with this option.
|
||||
If you do so, the 'bindAddr' and 'port' options are ignored.
|
||||
'';
|
||||
|
||||
default = pkgs.timetagger.override { addr = cfg.bindAddr; port = cfg.port; };
|
||||
defaultText = literalExpression ''
|
||||
pkgs.timetagger.override {
|
||||
addr = ${cfg.bindAddr};
|
||||
port = ${cfg.port};
|
||||
};
|
||||
'';
|
||||
type = types.package;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.timetagger = {
|
||||
description = "Timetagger service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "timetagger";
|
||||
Group = "timetagger";
|
||||
StateDirectory = "timetagger";
|
||||
|
||||
ExecStart = "${cfg.package}/bin/timetagger";
|
||||
|
||||
Restart = "on-failure";
|
||||
RestartSec = 1;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -136,7 +136,7 @@ in
|
|||
# session requirements
|
||||
cinnamon-screensaver
|
||||
# cinnamon-killer-daemon: provided by cinnamon-common
|
||||
gnome.networkmanagerapplet # session requirement - also nm-applet not needed
|
||||
networkmanagerapplet # session requirement - also nm-applet not needed
|
||||
|
||||
# For a polkit authentication agent
|
||||
polkit_gnome
|
||||
|
@ -145,7 +145,7 @@ in
|
|||
nemo
|
||||
cinnamon-control-center
|
||||
cinnamon-settings-daemon
|
||||
gnome.libgnomekbd
|
||||
libgnomekbd
|
||||
orca
|
||||
|
||||
# theme
|
||||
|
|
|
@ -18,11 +18,13 @@ my $startListFile = "/run/nixos/start-list";
|
|||
my $restartListFile = "/run/nixos/restart-list";
|
||||
my $reloadListFile = "/run/nixos/reload-list";
|
||||
|
||||
# Parse restart/reload requests by the activation script
|
||||
# Parse restart/reload requests by the activation script.
|
||||
# Activation scripts may write newline-separated units to this
|
||||
# file and switch-to-configuration will handle them. While
|
||||
# `stopIfChanged = true` is ignored, switch-to-configuration will
|
||||
# handle `restartIfChanged = false` and `reloadIfChanged = true`.
|
||||
my $restartByActivationFile = "/run/nixos/activation-restart-list";
|
||||
my $reloadByActivationFile = "/run/nixos/activation-reload-list";
|
||||
my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list";
|
||||
my $dryReloadByActivationFile = "/run/nixos/dry-activation-reload-list";
|
||||
|
||||
make_path("/run/nixos", { mode => oct(755) });
|
||||
|
||||
|
@ -382,7 +384,6 @@ sub filterUnits {
|
|||
}
|
||||
|
||||
my @unitsToStopFiltered = filterUnits(\%unitsToStop);
|
||||
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
|
||||
|
||||
|
||||
# Show dry-run actions.
|
||||
|
@ -395,21 +396,39 @@ if ($action eq "dry-activate") {
|
|||
print STDERR "would activate the configuration...\n";
|
||||
system("$out/dry-activate", "$out");
|
||||
|
||||
$unitsToRestart{$_} = 1 foreach
|
||||
split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "");
|
||||
# Handle the activation script requesting the restart or reload of a unit.
|
||||
foreach (split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "")) {
|
||||
my $unit = $_;
|
||||
my $baseUnit = $unit;
|
||||
my $newUnitFile = "$out/etc/systemd/system/$baseUnit";
|
||||
|
||||
$unitsToReload{$_} = 1 foreach
|
||||
split('\n', read_file($dryReloadByActivationFile, err_mode => 'quiet') // "");
|
||||
# Detect template instances.
|
||||
if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) {
|
||||
$baseUnit = "$1\@.$2";
|
||||
$newUnitFile = "$out/etc/systemd/system/$baseUnit";
|
||||
}
|
||||
|
||||
my $baseName = $baseUnit;
|
||||
$baseName =~ s/\.[a-z]*$//;
|
||||
|
||||
# Start units if they were not active previously
|
||||
if (not defined $activePrev->{$unit}) {
|
||||
$unitsToStart{$unit} = 1;
|
||||
next;
|
||||
}
|
||||
|
||||
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
||||
}
|
||||
unlink($dryRestartByActivationFile);
|
||||
|
||||
print STDERR "would restart systemd\n" if $restartSystemd;
|
||||
print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n"
|
||||
if scalar(keys %unitsToReload) > 0;
|
||||
print STDERR "would restart the following units: ", join(", ", sort(keys %unitsToRestart)), "\n"
|
||||
if scalar(keys %unitsToRestart) > 0;
|
||||
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
|
||||
print STDERR "would start the following units: ", join(", ", @unitsToStartFiltered), "\n"
|
||||
if scalar @unitsToStartFiltered;
|
||||
unlink($dryRestartByActivationFile);
|
||||
unlink($dryReloadByActivationFile);
|
||||
exit 0;
|
||||
}
|
||||
|
||||
|
@ -433,13 +452,31 @@ print STDERR "activating the configuration...\n";
|
|||
system("$out/activate", "$out") == 0 or $res = 2;
|
||||
|
||||
# Handle the activation script requesting the restart or reload of a unit.
|
||||
# We can only restart and reload (not stop/start) because the units to be
|
||||
# stopped are already stopped before the activation script is run.
|
||||
$unitsToRestart{$_} = 1 foreach
|
||||
split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "");
|
||||
foreach (split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "")) {
|
||||
my $unit = $_;
|
||||
my $baseUnit = $unit;
|
||||
my $newUnitFile = "$out/etc/systemd/system/$baseUnit";
|
||||
|
||||
$unitsToReload{$_} = 1 foreach
|
||||
split('\n', read_file($reloadByActivationFile, err_mode => 'quiet') // "");
|
||||
# Detect template instances.
|
||||
if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) {
|
||||
$baseUnit = "$1\@.$2";
|
||||
$newUnitFile = "$out/etc/systemd/system/$baseUnit";
|
||||
}
|
||||
|
||||
my $baseName = $baseUnit;
|
||||
$baseName =~ s/\.[a-z]*$//;
|
||||
|
||||
# Start units if they were not active previously
|
||||
if (not defined $activePrev->{$unit}) {
|
||||
$unitsToStart{$unit} = 1;
|
||||
recordUnit($startListFile, $unit);
|
||||
next;
|
||||
}
|
||||
|
||||
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
||||
}
|
||||
# We can remove the file now because it has been propagated to the other restart/reload files
|
||||
unlink($restartByActivationFile);
|
||||
|
||||
# Restart systemd if necessary. Note that this is done using the
|
||||
# current version of systemd, just in case the new one has trouble
|
||||
|
@ -480,7 +517,6 @@ if (scalar(keys %unitsToReload) > 0) {
|
|||
print STDERR "reloading the following units: ", join(", ", sort(keys %unitsToReload)), "\n";
|
||||
system("@systemd@/bin/systemctl", "reload", "--", sort(keys %unitsToReload)) == 0 or $res = 4;
|
||||
unlink($reloadListFile);
|
||||
unlink($reloadByActivationFile);
|
||||
}
|
||||
|
||||
# Restart changed services (those that have to be restarted rather
|
||||
|
@ -489,7 +525,6 @@ if (scalar(keys %unitsToRestart) > 0) {
|
|||
print STDERR "restarting the following units: ", join(", ", sort(keys %unitsToRestart)), "\n";
|
||||
system("@systemd@/bin/systemctl", "restart", "--", sort(keys %unitsToRestart)) == 0 or $res = 4;
|
||||
unlink($restartListFile);
|
||||
unlink($restartByActivationFile);
|
||||
}
|
||||
|
||||
# Start all active targets, as well as changed units we stopped above.
|
||||
|
@ -498,6 +533,7 @@ if (scalar(keys %unitsToRestart) > 0) {
|
|||
# that are symlinks to other units. We shouldn't start both at the
|
||||
# same time because we'll get a "Failed to add path to set" error from
|
||||
# systemd.
|
||||
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
|
||||
print STDERR "starting the following units: ", join(", ", @unitsToStartFiltered), "\n"
|
||||
if scalar @unitsToStartFiltered;
|
||||
system("@systemd@/bin/systemctl", "start", "--", sort(keys %unitsToStart)) == 0 or $res = 4;
|
||||
|
|
|
@ -148,7 +148,7 @@ in
|
|||
system.build = mkOption {
|
||||
internal = true;
|
||||
default = {};
|
||||
type = types.attrs;
|
||||
type = types.lazyAttrsOf types.unspecified;
|
||||
description = ''
|
||||
Attribute set of derivations used to setup the system.
|
||||
'';
|
||||
|
|
58
third_party/nixpkgs/nixos/modules/virtualisation/build-vm.nix
vendored
Normal file
58
third_party/nixpkgs/nixos/modules/virtualisation/build-vm.nix
vendored
Normal file
|
@ -0,0 +1,58 @@
|
|||
{ config, extendModules, lib, ... }:
|
||||
let
|
||||
|
||||
inherit (lib)
|
||||
mkOption
|
||||
;
|
||||
|
||||
vmVariant = extendModules {
|
||||
modules = [ ./qemu-vm.nix ];
|
||||
};
|
||||
|
||||
vmVariantWithBootLoader = vmVariant.extendModules {
|
||||
modules = [
|
||||
({ config, ... }: {
|
||||
_file = "nixos/default.nix##vmWithBootLoader";
|
||||
virtualisation.useBootLoader = true;
|
||||
virtualisation.useEFIBoot =
|
||||
config.boot.loader.systemd-boot.enable ||
|
||||
config.boot.loader.efi.canTouchEfiVariables;
|
||||
})
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
||||
virtualisation.vmVariant = mkOption {
|
||||
description = ''
|
||||
Machine configuration to be added for the vm script produced by <literal>nixos-rebuild build-vm</literal>.
|
||||
'';
|
||||
inherit (vmVariant) type;
|
||||
default = {};
|
||||
visible = "shallow";
|
||||
};
|
||||
|
||||
virtualisation.vmVariantWithBootLoader = mkOption {
|
||||
description = ''
|
||||
Machine configuration to be added for the vm script produced by <literal>nixos-rebuild build-vm-with-bootloader</literal>.
|
||||
'';
|
||||
inherit (vmVariantWithBootLoader) type;
|
||||
default = {};
|
||||
visible = "shallow";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
system.build = {
|
||||
vm = lib.mkDefault config.virtualisation.vmVariant.system.build.vm;
|
||||
vmWithBootLoader = lib.mkDefault config.virtualisation.vmVariantWithBootLoader.system.build.vm;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# uses extendModules
|
||||
meta.buildDocsInSandbox = false;
|
||||
}
|
57
third_party/nixpkgs/nixos/tests/adguardhome.nix
vendored
Normal file
57
third_party/nixpkgs/nixos/tests/adguardhome.nix
vendored
Normal file
|
@ -0,0 +1,57 @@
|
|||
import ./make-test-python.nix {
|
||||
name = "adguardhome";
|
||||
|
||||
nodes = {
|
||||
minimalConf = { ... }: {
|
||||
services.adguardhome = { enable = true; };
|
||||
};
|
||||
|
||||
declarativeConf = { ... }: {
|
||||
services.adguardhome = {
|
||||
enable = true;
|
||||
|
||||
mutableSettings = false;
|
||||
settings = {
|
||||
dns = {
|
||||
bind_host = "0.0.0.0";
|
||||
bootstrap_dns = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
mixedConf = { ... }: {
|
||||
services.adguardhome = {
|
||||
enable = true;
|
||||
|
||||
mutableSettings = true;
|
||||
settings = {
|
||||
dns = {
|
||||
bind_host = "0.0.0.0";
|
||||
bootstrap_dns = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
with subtest("Minimal config test"):
|
||||
minimalConf.wait_for_unit("adguardhome.service")
|
||||
minimalConf.wait_for_open_port(3000)
|
||||
|
||||
with subtest("Declarative config test, DNS will be reachable"):
|
||||
declarativeConf.wait_for_unit("adguardhome.service")
|
||||
declarativeConf.wait_for_open_port(53)
|
||||
declarativeConf.wait_for_open_port(3000)
|
||||
|
||||
with subtest("Mixed config test, check whether merging works"):
|
||||
mixedConf.wait_for_unit("adguardhome.service")
|
||||
mixedConf.wait_for_open_port(53)
|
||||
mixedConf.wait_for_open_port(3000)
|
||||
# Test whether merging works properly, even if nothing is changed
|
||||
mixedConf.systemctl("restart adguardhome.service")
|
||||
mixedConf.wait_for_unit("adguardhome.service")
|
||||
mixedConf.wait_for_open_port(3000)
|
||||
'';
|
||||
}
|
|
@ -23,6 +23,7 @@ in
|
|||
{
|
||||
_3proxy = handleTest ./3proxy.nix {};
|
||||
acme = handleTest ./acme.nix {};
|
||||
adguardhome = handleTest ./adguardhome.nix {};
|
||||
aesmd = handleTest ./aesmd.nix {};
|
||||
agda = handleTest ./agda.nix {};
|
||||
airsonic = handleTest ./airsonic.nix {};
|
||||
|
@ -103,6 +104,7 @@ in
|
|||
discourse = handleTest ./discourse.nix {};
|
||||
dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {};
|
||||
dnscrypt-wrapper = handleTestOn ["x86_64-linux"] ./dnscrypt-wrapper {};
|
||||
dnsdist = handleTest ./dnsdist.nix {};
|
||||
doas = handleTest ./doas.nix {};
|
||||
docker = handleTestOn ["x86_64-linux"] ./docker.nix {};
|
||||
docker-rootless = handleTestOn ["x86_64-linux"] ./docker-rootless.nix {};
|
||||
|
@ -125,6 +127,7 @@ in
|
|||
enlightenment = handleTest ./enlightenment.nix {};
|
||||
env = handleTest ./env.nix {};
|
||||
ergo = handleTest ./ergo.nix {};
|
||||
ergochat = handleTest ./ergochat.nix {};
|
||||
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
|
||||
etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
|
||||
etebase-server = handleTest ./etebase-server.nix {};
|
||||
|
@ -397,7 +400,6 @@ in
|
|||
prometheus = handleTest ./prometheus.nix {};
|
||||
prometheus-exporters = handleTest ./prometheus-exporters.nix {};
|
||||
prosody = handleTest ./xmpp/prosody.nix {};
|
||||
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
|
||||
proxy = handleTest ./proxy.nix {};
|
||||
prowlarr = handleTest ./prowlarr.nix {};
|
||||
pt2-clone = handleTest ./pt2-clone.nix {};
|
||||
|
@ -474,11 +476,13 @@ in
|
|||
taskserver = handleTest ./taskserver.nix {};
|
||||
telegraf = handleTest ./telegraf.nix {};
|
||||
teleport = handleTest ./teleport.nix {};
|
||||
thelounge = handleTest ./thelounge.nix {};
|
||||
tiddlywiki = handleTest ./tiddlywiki.nix {};
|
||||
tigervnc = handleTest ./tigervnc.nix {};
|
||||
timezone = handleTest ./timezone.nix {};
|
||||
tinc = handleTest ./tinc {};
|
||||
tinydns = handleTest ./tinydns.nix {};
|
||||
tinywl = handleTest ./tinywl.nix {};
|
||||
tor = handleTest ./tor.nix {};
|
||||
# traefik test relies on docker-containers
|
||||
traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {};
|
||||
|
@ -487,6 +491,7 @@ in
|
|||
trezord = handleTest ./trezord.nix {};
|
||||
trickster = handleTest ./trickster.nix {};
|
||||
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
|
||||
tsm-client-gui = handleTest ./tsm-client-gui.nix {};
|
||||
txredisapi = handleTest ./txredisapi.nix {};
|
||||
tuptime = handleTest ./tuptime.nix {};
|
||||
turbovnc-headless-server = handleTest ./turbovnc-headless-server.nix {};
|
||||
|
|
|
@ -106,7 +106,7 @@ in {
|
|||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
challengeResponseAuthentication = false;
|
||||
kbdInteractiveAuthentication = false;
|
||||
};
|
||||
|
||||
services.borgbackup.repos.repo1 = {
|
||||
|
|
2
third_party/nixpkgs/nixos/tests/btrbk.nix
vendored
2
third_party/nixpkgs/nixos/tests/btrbk.nix
vendored
|
@ -53,7 +53,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
|||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
challengeResponseAuthentication = false;
|
||||
kbdInteractiveAuthentication = false;
|
||||
};
|
||||
services.btrbk = {
|
||||
extraPackages = [ pkgs.lz4 ];
|
||||
|
|
48
third_party/nixpkgs/nixos/tests/dnsdist.nix
vendored
Normal file
48
third_party/nixpkgs/nixos/tests/dnsdist.nix
vendored
Normal file
|
@ -0,0 +1,48 @@
|
|||
import ./make-test-python.nix (
|
||||
{ pkgs, ... }: {
|
||||
name = "dnsdist";
|
||||
meta = with pkgs.lib; {
|
||||
maintainers = with maintainers; [ jojosch ];
|
||||
};
|
||||
|
||||
machine = { pkgs, lib, ... }: {
|
||||
services.bind = {
|
||||
enable = true;
|
||||
extraOptions = "empty-zones-enable no;";
|
||||
zones = lib.singleton {
|
||||
name = ".";
|
||||
master = true;
|
||||
file = pkgs.writeText "root.zone" ''
|
||||
$TTL 3600
|
||||
. IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d )
|
||||
. IN NS ns.example.org.
|
||||
|
||||
ns.example.org. IN A 192.168.0.1
|
||||
ns.example.org. IN AAAA abcd::1
|
||||
|
||||
1.0.168.192.in-addr.arpa IN PTR ns.example.org.
|
||||
'';
|
||||
};
|
||||
};
|
||||
services.dnsdist = {
|
||||
enable = true;
|
||||
listenPort = 5353;
|
||||
extraConfig = ''
|
||||
newServer({address="127.0.0.1:53", name="local-bind"})
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ dig ];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("bind.service")
|
||||
machine.wait_for_open_port(53)
|
||||
machine.succeed("dig @127.0.0.1 +short -x 192.168.0.1 | grep -qF ns.example.org")
|
||||
|
||||
machine.wait_for_unit("dnsdist.service")
|
||||
machine.wait_for_open_port(5353)
|
||||
machine.succeed("dig @127.0.0.1 -p 5353 +short -x 192.168.0.1 | grep -qF ns.example.org")
|
||||
'';
|
||||
}
|
||||
)
|
97
third_party/nixpkgs/nixos/tests/ergochat.nix
vendored
Normal file
97
third_party/nixpkgs/nixos/tests/ergochat.nix
vendored
Normal file
|
@ -0,0 +1,97 @@
|
|||
let
|
||||
clients = [
|
||||
"ircclient1"
|
||||
"ircclient2"
|
||||
];
|
||||
server = "ergochat";
|
||||
ircPort = 6667;
|
||||
channel = "nixos-cat";
|
||||
iiDir = "/tmp/irc";
|
||||
in
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "ergochat";
|
||||
nodes = {
|
||||
"${server}" = {
|
||||
networking.firewall.allowedTCPPorts = [ ircPort ];
|
||||
services.ergochat = {
|
||||
enable = true;
|
||||
settings.server.motd = pkgs.writeText "ergo.motd" ''
|
||||
The default MOTD doesn't contain the word "nixos" in it.
|
||||
This one does.
|
||||
'';
|
||||
};
|
||||
};
|
||||
} // lib.listToAttrs (builtins.map (client: lib.nameValuePair client {
|
||||
imports = [
|
||||
./common/user-account.nix
|
||||
];
|
||||
|
||||
systemd.services.ii = {
|
||||
requires = [ "network.target" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecPreStartPre = "mkdir -p ${iiDir}";
|
||||
ExecStart = ''
|
||||
${lib.getBin pkgs.ii}/bin/ii -n ${client} -s ${server} -i ${iiDir}
|
||||
'';
|
||||
User = "alice";
|
||||
};
|
||||
};
|
||||
}) clients);
|
||||
|
||||
testScript =
|
||||
let
|
||||
msg = client: "Hello, my name is ${client}";
|
||||
clientScript = client: [
|
||||
''
|
||||
${client}.wait_for_unit("network.target")
|
||||
${client}.systemctl("start ii")
|
||||
${client}.wait_for_unit("ii")
|
||||
${client}.wait_for_file("${iiDir}/${server}/out")
|
||||
''
|
||||
# look for the custom text in the MOTD.
|
||||
''
|
||||
${client}.wait_until_succeeds("grep 'nixos' ${iiDir}/${server}/out")
|
||||
''
|
||||
# wait until first PING from server arrives before joining,
|
||||
# so we don't try it too early
|
||||
''
|
||||
${client}.wait_until_succeeds("grep 'PING' ${iiDir}/${server}/out")
|
||||
''
|
||||
# join ${channel}
|
||||
''
|
||||
${client}.succeed("echo '/j #${channel}' > ${iiDir}/${server}/in")
|
||||
${client}.wait_for_file("${iiDir}/${server}/#${channel}/in")
|
||||
''
|
||||
# send a greeting
|
||||
''
|
||||
${client}.succeed(
|
||||
"echo '${msg client}' > ${iiDir}/${server}/#${channel}/in"
|
||||
)
|
||||
''
|
||||
# check that all greetings arrived on all clients
|
||||
] ++ builtins.map (other: ''
|
||||
${client}.succeed(
|
||||
"grep '${msg other}$' ${iiDir}/${server}/#${channel}/out"
|
||||
)
|
||||
'') clients;
|
||||
|
||||
# foldl', but requires a non-empty list instead of a start value
|
||||
reduce = f: list:
|
||||
builtins.foldl' f (builtins.head list) (builtins.tail list);
|
||||
in ''
|
||||
start_all()
|
||||
${server}.systemctl("status ergochat")
|
||||
${server}.wait_for_open_port(${toString ircPort})
|
||||
|
||||
# run clientScript for all clients so that every list
|
||||
# entry is executed by every client before advancing
|
||||
# to the next one.
|
||||
'' + lib.concatStrings
|
||||
(reduce
|
||||
(lib.zipListsWith (cs: c: cs + c))
|
||||
(builtins.map clientScript clients));
|
||||
})
|
2
third_party/nixpkgs/nixos/tests/gnome.nix
vendored
2
third_party/nixpkgs/nixos/tests/gnome.nix
vendored
|
@ -18,6 +18,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
|
|||
enable = true;
|
||||
user = "alice";
|
||||
};
|
||||
# Catch GDM failures that don't happen with AutomaticLoginEnable, e.g. https://github.com/NixOS/nixpkgs/issues/149539
|
||||
gdm.autoLogin.delay = 1;
|
||||
};
|
||||
|
||||
services.xserver.desktopManager.gnome.enable = true;
|
||||
|
|
|
@ -17,7 +17,7 @@ in {
|
|||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
services.openssh.challengeResponseAuthentication = false;
|
||||
services.openssh.kbdInteractiveAuthentication = false;
|
||||
services.openssh.passwordAuthentication = false;
|
||||
|
||||
security.googleOsLogin.enable = true;
|
||||
|
|
|
@ -89,7 +89,7 @@ in
|
|||
"""
|
||||
Sends a message as Alice to Bob
|
||||
"""
|
||||
bob.execute("nc -lu ::0 1234 >/tmp/msg >&2 &")
|
||||
bob.execute("nc -lu ::0 1234 >/tmp/msg &")
|
||||
alice.sleep(1)
|
||||
alice.succeed(f"echo '{msg}' | nc -uw 0 bob 1234")
|
||||
bob.succeed(f"grep '{msg}' /tmp/msg")
|
||||
|
@ -100,7 +100,7 @@ in
|
|||
Starts eavesdropping on Alice and Bob
|
||||
"""
|
||||
match = "src host alice and dst host bob"
|
||||
eve.execute(f"tcpdump -i br0 -c 1 -Avv {match} >/tmp/log >&2 &")
|
||||
eve.execute(f"tcpdump -i br0 -c 1 -Avv {match} >/tmp/log &")
|
||||
|
||||
|
||||
start_all()
|
||||
|
|
|
@ -14,7 +14,7 @@ import ../make-test-python.nix {
|
|||
)
|
||||
|
||||
# Start the daemon and wait until it is ready
|
||||
machine.execute("lorri daemon > lorri.stdout 2> lorri.stderr >&2 &")
|
||||
machine.execute("lorri daemon > lorri.stdout 2> lorri.stderr &")
|
||||
machine.wait_until_succeeds("grep --fixed-strings 'ready' lorri.stdout")
|
||||
|
||||
# Ping the daemon
|
||||
|
|
|
@ -40,15 +40,16 @@ in {
|
|||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
bind = "127.0.0.1";
|
||||
package = pkgs.mariadb;
|
||||
settings.mysqld = {
|
||||
bind-address = "127.0.0.1";
|
||||
|
||||
# FIXME(@Ma27) Nextcloud isn't compatible with mariadb 10.6,
|
||||
# this is a workaround.
|
||||
# See https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/22
|
||||
extraOptions = ''
|
||||
innodb_read_only_compressed=0
|
||||
'';
|
||||
innodb_read_only_compressed = 0;
|
||||
};
|
||||
package = pkgs.mariadb;
|
||||
|
||||
initialScript = pkgs.writeText "mysql-init" ''
|
||||
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'hunter2';
|
||||
CREATE DATABASE IF NOT EXISTS nextcloud;
|
||||
|
|
30
third_party/nixpkgs/nixos/tests/rstudio-server.nix
vendored
Normal file
30
third_party/nixpkgs/nixos/tests/rstudio-server.nix
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
{
|
||||
name = "rstudio-server-test";
|
||||
meta.maintainers = with pkgs.lib.maintainers; [ jbedo cfhammill ];
|
||||
|
||||
nodes.machine = { config, lib, pkgs, ... }: {
|
||||
services.rstudio-server.enable = true;
|
||||
};
|
||||
|
||||
nodes.customPackageMachine = { config, lib, pkgs, ... }: {
|
||||
services.rstudio-server = {
|
||||
enable = true;
|
||||
package = pkgs.rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; };
|
||||
};
|
||||
};
|
||||
|
||||
users.testuser = {
|
||||
uid = 1000;
|
||||
group = "testgroup";
|
||||
};
|
||||
groups.testgroup.gid = 1000;
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("rstudio-server.service")
|
||||
machine.succeed("curl -f -vvv -s http://127.0.0.1:8787")
|
||||
|
||||
customPackageMachine.wait_for_unit("rstudio-server.service")
|
||||
customPackageMachine.succeed("curl -f -vvv -s http://127.0.0.1:8787")
|
||||
'';
|
||||
})
|
70
third_party/nixpkgs/nixos/tests/switch-test.nix
vendored
70
third_party/nixpkgs/nixos/tests/switch-test.nix
vendored
|
@ -45,6 +45,50 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
|||
systemd.services.test.restartIfChanged = false;
|
||||
};
|
||||
|
||||
restart-and-reload-by-activation-script.configuration = {
|
||||
systemd.services = rec {
|
||||
simple-service = {
|
||||
# No wantedBy so we can check if the activation script restart triggers them
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = "${pkgs.coreutils}/bin/true";
|
||||
ExecReload = "${pkgs.coreutils}/bin/true";
|
||||
};
|
||||
};
|
||||
|
||||
simple-restart-service = simple-service // {
|
||||
stopIfChanged = false;
|
||||
};
|
||||
|
||||
simple-reload-service = simple-service // {
|
||||
reloadIfChanged = true;
|
||||
};
|
||||
|
||||
no-restart-service = simple-service // {
|
||||
restartIfChanged = false;
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.restart-and-reload-test = {
|
||||
supportsDryActivation = true;
|
||||
deps = [];
|
||||
text = ''
|
||||
if [ "$NIXOS_ACTION" = dry-activate ]; then
|
||||
f=/run/nixos/dry-activation-restart-list
|
||||
else
|
||||
f=/run/nixos/activation-restart-list
|
||||
fi
|
||||
cat <<EOF >> "$f"
|
||||
simple-service.service
|
||||
simple-restart-service.service
|
||||
simple-reload-service.service
|
||||
no-restart-service.service
|
||||
EOF
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
mount.configuration = {
|
||||
systemd.mounts = [
|
||||
{
|
||||
|
@ -261,6 +305,32 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
|||
assert_lacks(out, "as well:")
|
||||
assert_contains(out, "would start the following units: test.service\n")
|
||||
|
||||
with subtest("restart and reload by activation script"):
|
||||
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
|
||||
assert_contains(out, "stopping the following units: test.service\n")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_lacks(out, "restarting the following units:")
|
||||
assert_contains(out, "\nstarting the following units: no-restart-service.service, simple-reload-service.service, simple-restart-service.service, simple-service.service\n")
|
||||
assert_lacks(out, "as well:")
|
||||
# Switch to the same system where the example services get restarted
|
||||
# by the activation script
|
||||
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_contains(out, "reloading the following units: simple-reload-service.service\n")
|
||||
assert_contains(out, "restarting the following units: simple-restart-service.service, simple-service.service\n")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "as well:")
|
||||
# The same, but in dry mode
|
||||
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script", action="dry-activate")
|
||||
assert_lacks(out, "would stop the following units:")
|
||||
assert_lacks(out, "would NOT stop the following changed units:")
|
||||
assert_contains(out, "would reload the following units: simple-reload-service.service\n")
|
||||
assert_contains(out, "would restart the following units: simple-restart-service.service, simple-service.service\n")
|
||||
assert_lacks(out, "\nwould start the following units:")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
with subtest("mounts"):
|
||||
switch_to_specialisation("${machine}", "mount")
|
||||
out = machine.succeed("mount | grep 'on /testmount'")
|
||||
|
|
|
@ -161,6 +161,7 @@ in {
|
|||
|
||||
# NOTE: please keep in mind that the trailing whitespaces in the following strings
|
||||
# are intentional as the output is compared against the raw `iproute2`-output.
|
||||
# editorconfig-checker-disable
|
||||
client_ipv4_table = """
|
||||
192.168.1.2 dev vrf1 proto static metric 100
|
||||
192.168.2.3 dev vrf2 proto static metric 100
|
||||
|
@ -177,6 +178,7 @@ in {
|
|||
local 192.168.2.1 dev eth2 proto kernel scope host src 192.168.2.1
|
||||
broadcast 192.168.2.255 dev eth2 proto kernel scope link src 192.168.2.1
|
||||
""".strip()
|
||||
# editorconfig-checker-enable
|
||||
|
||||
# Check that networkd properly configures the main routing table
|
||||
# and the routing tables for the VRF.
|
||||
|
|
29
third_party/nixpkgs/nixos/tests/thelounge.nix
vendored
Normal file
29
third_party/nixpkgs/nixos/tests/thelounge.nix
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
import ./make-test-python.nix {
|
||||
nodes = {
|
||||
private = { config, pkgs, ... }: {
|
||||
services.thelounge = {
|
||||
enable = true;
|
||||
plugins = [ pkgs.theLoungePlugins.themes.solarized ];
|
||||
};
|
||||
};
|
||||
|
||||
public = { config, pkgs, ... }: {
|
||||
services.thelounge = {
|
||||
enable = true;
|
||||
public = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
for machine in machines:
|
||||
machine.wait_for_unit("thelounge.service")
|
||||
machine.wait_for_open_port(9000)
|
||||
|
||||
private.wait_until_succeeds("journalctl -u thelounge.service | grep thelounge-theme-solarized")
|
||||
private.wait_until_succeeds("journalctl -u thelounge.service | grep 'in private mode'")
|
||||
public.wait_until_succeeds("journalctl -u thelounge.service | grep 'in public mode'")
|
||||
'';
|
||||
}
|
56
third_party/nixpkgs/nixos/tests/tinywl.nix
vendored
Normal file
56
third_party/nixpkgs/nixos/tests/tinywl.nix
vendored
Normal file
|
@ -0,0 +1,56 @@
|
|||
import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
name = "tinywl";
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ primeos ];
|
||||
};
|
||||
|
||||
machine = { config, ... }: {
|
||||
# Automatically login on tty1 as a normal user:
|
||||
imports = [ ./common/user-account.nix ];
|
||||
services.getty.autologinUser = "alice";
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [ tinywl foot wayland-utils ];
|
||||
};
|
||||
|
||||
# Automatically start TinyWL when logging in on tty1:
|
||||
programs.bash.loginShellInit = ''
|
||||
if [ "$(tty)" = "/dev/tty1" ]; then
|
||||
set -e
|
||||
test ! -e /tmp/tinywl.log # Only start tinywl once
|
||||
readonly TEST_CMD="wayland-info |& tee /tmp/test-wayland.out && touch /tmp/test-wayland-exit-ok; read"
|
||||
readonly FOOT_CMD="foot sh -c '$TEST_CMD'"
|
||||
tinywl -s "$FOOT_CMD" |& tee /tmp/tinywl.log
|
||||
touch /tmp/tinywl-exit-ok
|
||||
fi
|
||||
'';
|
||||
|
||||
# Switch to a different GPU driver (default: -vga std), otherwise TinyWL segfaults:
|
||||
virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
start_all()
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
# Wait for complete startup:
|
||||
machine.wait_until_succeeds("pgrep tinywl")
|
||||
machine.wait_for_file("/run/user/1000/wayland-0")
|
||||
machine.wait_until_succeeds("pgrep foot")
|
||||
machine.wait_for_file("/tmp/test-wayland-exit-ok")
|
||||
|
||||
# Make a screenshot and save the result:
|
||||
machine.screenshot("tinywl_foot")
|
||||
print(machine.succeed("cat /tmp/test-wayland.out"))
|
||||
machine.copy_from_vm("/tmp/test-wayland.out")
|
||||
|
||||
# Terminate cleanly:
|
||||
machine.send_key("alt-esc")
|
||||
machine.wait_until_fails("pgrep foot")
|
||||
machine.wait_until_fails("pgrep tinywl")
|
||||
machine.wait_for_file("/tmp/tinywl-exit-ok")
|
||||
machine.copy_from_vm("/tmp/tinywl.log")
|
||||
'';
|
||||
})
|
57
third_party/nixpkgs/nixos/tests/tsm-client-gui.nix
vendored
Normal file
57
third_party/nixpkgs/nixos/tests/tsm-client-gui.nix
vendored
Normal file
|
@ -0,0 +1,57 @@
|
|||
# The tsm-client GUI first tries to connect to a server.
|
||||
# We can't simulate a server, so we just check if
|
||||
# it reports the correct connection failure error.
|
||||
# After that the test persuades the GUI
|
||||
# to show its main application window
|
||||
# and verifies some configuration information.
|
||||
|
||||
import ./make-test-python.nix ({ lib, pkgs, ... }: {
|
||||
name = "tsm-client";
|
||||
|
||||
enableOCR = true;
|
||||
|
||||
machine = { pkgs, ... }: {
|
||||
imports = [ ./common/x11.nix ];
|
||||
programs.tsmClient = {
|
||||
enable = true;
|
||||
package = pkgs.tsm-client-withGui;
|
||||
defaultServername = "testserver";
|
||||
servers.testserver = {
|
||||
# 192.0.0.8 is a "dummy address" according to RFC 7600
|
||||
server = "192.0.0.8";
|
||||
node = "SOME-NODE";
|
||||
passwdDir = "/tmp";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.succeed("which dsmj") # fail early if this is missing
|
||||
machine.wait_for_x()
|
||||
machine.execute("DSM_LOG=/tmp dsmj -optfile=/dev/null >&2 &")
|
||||
|
||||
# does it report the "TCP/IP connection failure" error code?
|
||||
machine.wait_for_window("IBM Spectrum Protect")
|
||||
machine.wait_for_text("ANS2610S")
|
||||
machine.send_key("esc")
|
||||
|
||||
# it asks to continue to restore a local backupset now;
|
||||
# "yes" (return) leads to the main application window
|
||||
machine.wait_for_text("backupset")
|
||||
machine.send_key("ret")
|
||||
|
||||
# main window: navigate to "Connection Information"
|
||||
machine.wait_for_text("Welcome")
|
||||
machine.send_key("alt-f") # "File" menu
|
||||
machine.send_key("c") # "Connection Information"
|
||||
|
||||
# "Connection Information" dialog box
|
||||
machine.wait_for_window("Connection Information")
|
||||
machine.wait_for_text("SOME-NODE")
|
||||
machine.wait_for_text("${pkgs.tsm-client.passthru.unwrapped.version}")
|
||||
|
||||
machine.shutdown()
|
||||
'';
|
||||
|
||||
meta.maintainers = [ lib.maintainers.yarny ];
|
||||
})
|
|
@ -1,92 +0,0 @@
|
|||
import ../make-test-python.nix {
|
||||
name = "prosody-mysql";
|
||||
|
||||
nodes = {
|
||||
client = { nodes, pkgs, ... }: {
|
||||
environment.systemPackages = [
|
||||
(pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; })
|
||||
];
|
||||
networking.extraHosts = ''
|
||||
${nodes.server.config.networking.primaryIPAddress} example.com
|
||||
${nodes.server.config.networking.primaryIPAddress} conference.example.com
|
||||
${nodes.server.config.networking.primaryIPAddress} uploads.example.com
|
||||
'';
|
||||
};
|
||||
server = { config, pkgs, ... }: {
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
prosody = super.prosody.override {
|
||||
withDBI = true;
|
||||
withExtraLibs = [ pkgs.luaPackages.luadbi-mysql ];
|
||||
};
|
||||
})
|
||||
];
|
||||
networking.extraHosts = ''
|
||||
${config.networking.primaryIPAddress} example.com
|
||||
${config.networking.primaryIPAddress} conference.example.com
|
||||
${config.networking.primaryIPAddress} uploads.example.com
|
||||
'';
|
||||
networking.firewall.enable = false;
|
||||
services.prosody = {
|
||||
enable = true;
|
||||
# TODO: use a self-signed certificate
|
||||
c2sRequireEncryption = false;
|
||||
extraConfig = ''
|
||||
storage = "sql"
|
||||
sql = {
|
||||
driver = "MySQL";
|
||||
database = "prosody";
|
||||
host = "mysql";
|
||||
port = 3306;
|
||||
username = "prosody";
|
||||
password = "password123";
|
||||
};
|
||||
'';
|
||||
virtualHosts.test = {
|
||||
domain = "example.com";
|
||||
enabled = true;
|
||||
};
|
||||
muc = [
|
||||
{
|
||||
domain = "conference.example.com";
|
||||
}
|
||||
];
|
||||
uploadHttp = {
|
||||
domain = "uploads.example.com";
|
||||
};
|
||||
};
|
||||
};
|
||||
mysql = { config, pkgs, ... }: {
|
||||
networking.firewall.enable = false;
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
initialScript = pkgs.writeText "mysql_init.sql" ''
|
||||
CREATE DATABASE prosody;
|
||||
CREATE USER 'prosody'@'server' IDENTIFIED BY 'password123';
|
||||
GRANT ALL PRIVILEGES ON prosody.* TO 'prosody'@'server';
|
||||
FLUSH PRIVILEGES;
|
||||
'';
|
||||
package = pkgs.mariadb;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
mysql.wait_for_unit("mysql.service")
|
||||
server.wait_for_unit("prosody.service")
|
||||
server.succeed('prosodyctl status | grep "Prosody is running"')
|
||||
|
||||
# set password to 'nothunter2' (it's asked twice)
|
||||
server.succeed("yes nothunter2 | prosodyctl adduser cthon98@example.com")
|
||||
# set password to 'y'
|
||||
server.succeed("yes | prosodyctl adduser azurediamond@example.com")
|
||||
# correct password to 'hunter2'
|
||||
server.succeed("yes hunter2 | prosodyctl passwd azurediamond@example.com")
|
||||
|
||||
client.succeed("send-message")
|
||||
|
||||
server.succeed("prosodyctl deluser cthon98@example.com")
|
||||
server.succeed("prosodyctl deluser azurediamond@example.com")
|
||||
'';
|
||||
}
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
, fetchpatch
|
||||
, gettext
|
||||
, ncurses
|
||||
, gtkGUI ? false
|
||||
|
@ -17,6 +18,16 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "0a8fwyxnc5qdxff8sl2sfsbnvgh6pkij4yafiln0fxgg6bal7knj";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Pull Gentoo fix for -fno-common toolchains. Upstream does not
|
||||
# seem to have the contacts
|
||||
(fetchpatch {
|
||||
name = "fno-common.patch";
|
||||
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-sound/aumix/files/aumix-2.9.1-fno-common.patch?id=496c9ec7355f06f6d1d19be780a6981503e6df1f";
|
||||
sha256 = "0qwylhx1hawsmx1pc7ykrjq9phksc73dq9rss6ggq15n3ggnc95y";
|
||||
})
|
||||
];
|
||||
|
||||
buildInputs = [ gettext ncurses ]
|
||||
++ lib.optionals gtkGUI [ pkg-config gtk2 ];
|
||||
|
||||
|
|
|
@ -1,40 +1,46 @@
|
|||
{ lib, stdenv, fetchFromGitHub, pkg-config, fetchzip
|
||||
, libjack2, alsa-lib, freetype, libX11, libXrandr, libXinerama, libXext, libXcursor
|
||||
, libGL, python3, ncurses, libusb1
|
||||
, gtk3, webkitgtk, curl, xvfb-run, makeWrapper
|
||||
# "Debug", or "Release"
|
||||
, buildType ? "Release"
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, fetchzip
|
||||
, cmake
|
||||
, pkg-config
|
||||
, ninja
|
||||
, makeWrapper
|
||||
, libjack2
|
||||
, alsa-lib
|
||||
, alsa-tools
|
||||
, freetype
|
||||
, libusb1
|
||||
, libX11
|
||||
, libXrandr
|
||||
, libXinerama
|
||||
, libXext
|
||||
, libXcursor
|
||||
, libXScrnSaver
|
||||
, libGL
|
||||
, libxcb
|
||||
, xcbutil
|
||||
, libxkbcommon
|
||||
, xcbutilkeysyms
|
||||
, xcb-util-cursor
|
||||
, gtk3
|
||||
, webkitgtk
|
||||
, python3
|
||||
, curl
|
||||
, pcre
|
||||
, mount
|
||||
, gnome
|
||||
, Cocoa
|
||||
, WebKit
|
||||
, CoreServices
|
||||
, CoreAudioKit
|
||||
# It is not allowed to distribute binaries with the VST2 SDK plugin without a license
|
||||
# (the author of Bespoke has such a licence but not Nix). VST3 should work out of the box.
|
||||
# Read more in https://github.com/NixOS/nixpkgs/issues/145607
|
||||
, enableVST2 ? false
|
||||
}:
|
||||
|
||||
let
|
||||
projucer = stdenv.mkDerivation rec {
|
||||
pname = "projucer";
|
||||
version = "5.4.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "juce-framework";
|
||||
repo = "JUCE";
|
||||
rev = version;
|
||||
sha256= "0qpiqfwwpcghk7ij6w4vy9ywr3ryg7ppg77bmd7783kxg6zbhj8h";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [
|
||||
freetype libX11 libXrandr libXinerama libXext gtk3 webkitgtk
|
||||
libjack2 curl
|
||||
];
|
||||
preBuild = ''
|
||||
cd extras/Projucer/Builds/LinuxMakefile
|
||||
'';
|
||||
makeFlags = [ "CONFIG=${buildType}" ];
|
||||
enableParallelBuilding = true;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp -a build/Projucer $out/bin/Projucer
|
||||
'';
|
||||
};
|
||||
|
||||
# equal to vst-sdk in ../oxefmsynth/default.nix
|
||||
vst-sdk = stdenv.mkDerivation rec {
|
||||
name = "vstsdk3610_11_06_2018_build_37";
|
||||
|
@ -50,70 +56,92 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bespokesynth";
|
||||
version = "1.0.0";
|
||||
version = "1.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "awwbees";
|
||||
owner = "BespokeSynth";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "04b2m40jszphslkd4850jcb8qwls392lwy3lc6vlj01h4izvapqk";
|
||||
sha256 = "sha256-PN0Q6/gI1PeMaF/8EZFGJdLR8JVHQZfWunAhOIQxkHw=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
configurePhase = ''
|
||||
runHook preConfigure
|
||||
cmakeBuildType = "Release";
|
||||
|
||||
export HOME=$(mktemp -d)
|
||||
xvfb-run sh -e <<EOF
|
||||
${projucer}/bin/Projucer --set-global-search-path linux defaultJuceModulePath ${projucer.src}/modules
|
||||
${projucer}/bin/Projucer --resave BespokeSynth.jucer
|
||||
EOF
|
||||
cmakeFlags = lib.optionals enableVST2 [ "-DBESPOKE_VST2_SDK_LOCATION=${vst-sdk}/VST2_SDK" ];
|
||||
|
||||
runHook postConfigure
|
||||
'';
|
||||
CFLAGS = "-I${vst-sdk}/VST2_SDK";
|
||||
nativeBuildInputs = [ python3 makeWrapper cmake pkg-config ninja ];
|
||||
|
||||
nativeBuildInputs = [ xvfb-run pkg-config python3 makeWrapper ];
|
||||
|
||||
buildInputs = [
|
||||
libX11 libXrandr libXinerama libXext libXcursor freetype libGL
|
||||
ncurses libusb1
|
||||
alsa-lib libjack2
|
||||
buildInputs = lib.optionals stdenv.hostPlatform.isLinux [
|
||||
# List obtained in https://github.com/BespokeSynth/BespokeSynth/blob/main/azure-pipelines.yml
|
||||
libX11
|
||||
libXrandr
|
||||
libXinerama
|
||||
libXext
|
||||
libXcursor
|
||||
libXScrnSaver
|
||||
curl
|
||||
gtk3
|
||||
webkitgtk
|
||||
freetype
|
||||
libGL
|
||||
libusb1
|
||||
alsa-lib
|
||||
libjack2
|
||||
gnome.zenity
|
||||
alsa-tools
|
||||
libxcb
|
||||
xcbutil
|
||||
libxkbcommon
|
||||
xcbutilkeysyms
|
||||
xcb-util-cursor
|
||||
pcre
|
||||
mount
|
||||
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
|
||||
Cocoa
|
||||
WebKit
|
||||
CoreServices
|
||||
CoreAudioKit
|
||||
];
|
||||
|
||||
preBuild = ''
|
||||
cd Builds/LinuxMakefile
|
||||
'';
|
||||
makeFlags = [ "CONFIG=${buildType}" ];
|
||||
enableParallelBuilding = true;
|
||||
NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isDarwin (toString [
|
||||
# Fails to find fp.h on its own
|
||||
"-isystem ${CoreServices}/Library/Frameworks/CoreServices.framework/Versions/Current/Frameworks/CarbonCore.framework/Versions/Current/Headers/"
|
||||
]);
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin $out/share/bespokesynth $out/share/applications $out/share/icons/hicolor/512x512/apps
|
||||
cp build/BespokeSynth $out/bin/
|
||||
cp -ar ../MacOSX/build/Release/resource $out/share/bespokesynth/
|
||||
postInstall =
|
||||
if stdenv.hostPlatform.isDarwin then ''
|
||||
mkdir -p $out/{Applications,bin}
|
||||
mv Source/BespokeSynth_artefacts/${cmakeBuildType}/BespokeSynth.app $out/Applications/
|
||||
# Symlinking confuses the resource finding about the actual location of the binary
|
||||
# Resources are looked up relative to the executed file's location
|
||||
makeWrapper $out/{Applications/BespokeSynth.app/Contents/MacOS,bin}/BespokeSynth
|
||||
'' else ''
|
||||
# Ensure zenity is available, or it won't be able to open new files.
|
||||
# Ensure the python used for compilation is the same as the python used at run-time.
|
||||
# jedi is also required for auto-completion.
|
||||
# These X11 libs get dlopen'd, they cause visual bugs when unavailable.
|
||||
wrapProgram $out/bin/BespokeSynth \
|
||||
--run "cd $out/share/bespokesynth"
|
||||
|
||||
mkdir -p $out/share/applications/ $out/share/icons/hicolor/512x512/apps/
|
||||
cp ../../bespoke_icon.png $out/share/icons/hicolor/512x512/apps/
|
||||
substitute ../../BespokeSynth.desktop $out/share/applications/BespokseSynth.desktop \
|
||||
--replace "/usr/bin/" ""
|
||||
|
||||
runHook postInstall
|
||||
--prefix PATH : '${lib.makeBinPath [
|
||||
gnome.zenity
|
||||
(python3.withPackages (ps: with ps; [ jedi ]))
|
||||
]}' \
|
||||
--prefix LD_LIBRARY_PATH : '${lib.makeLibraryPath [
|
||||
libXrandr
|
||||
libXinerama
|
||||
libXcursor
|
||||
libXScrnSaver
|
||||
]}'
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Software modular synth with controllers support, scripting and VST";
|
||||
description =
|
||||
"Software modular synth with controllers support, scripting and VST";
|
||||
homepage = "https://github.com/awwbees/BespokeSynth";
|
||||
license = with licenses; [
|
||||
gpl3Plus
|
||||
|
||||
# This package is unfree and not distributable due to the license of VST2.
|
||||
# see #145607
|
||||
unfree
|
||||
];
|
||||
maintainers = with maintainers; [ astro ];
|
||||
] ++ lib.optional enableVST2 unfree;
|
||||
maintainers = with maintainers; [ astro tobiasBora OPNA2608 ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -13,13 +13,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ft2-clone";
|
||||
version = "1.49";
|
||||
version = "1.50";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "8bitbubsy";
|
||||
repo = "ft2-clone";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-DpEzilMERfbop7YYqNCcxSe1qfcz4n7Uqj/i5t5a6nQ=";
|
||||
sha256 = "sha256-OURD8k8DIa1DddDng55HrzgAN95srW4wm7RD7DbiJLQ=";
|
||||
};
|
||||
|
||||
# Adapt the linux-only CMakeLists to darwin (more reliable than make-macos.sh)
|
||||
|
|
|
@ -18,13 +18,13 @@ let
|
|||
in
|
||||
pythonPackages.buildPythonApplication rec {
|
||||
pname = "picard";
|
||||
version = "2.6.4";
|
||||
version = "2.7.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "metabrainz";
|
||||
repo = pname;
|
||||
rev = "release-${version}";
|
||||
sha256 = "0lm7s9jy7z4an3xxj3gnxxf2xx045i157qaxysbdhcq5lwlmznc7";
|
||||
sha256 = "1f589nc2zxl9cjw0qh164z9sfq4xl052ihf2gn2dgr35g3ny16kh";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ gettext qt5.wrapQtAppsHook qt5.qtbase ]
|
||||
|
@ -45,6 +45,9 @@ pythonPackages.buildPythonApplication rec {
|
|||
fasteners
|
||||
mutagen
|
||||
pyqt5
|
||||
markdown
|
||||
pyjwt
|
||||
pyyaml
|
||||
];
|
||||
|
||||
# In order to spare double wrapping, we use:
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
source 'https://rubygems.org'
|
||||
gem 'pifi'
|
|
@ -1,39 +0,0 @@
|
|||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
daemons (1.3.1)
|
||||
eventmachine (1.2.7)
|
||||
json (2.5.1)
|
||||
mustermann (1.1.1)
|
||||
ruby2_keywords (~> 0.0.1)
|
||||
optimist (3.0.1)
|
||||
pifi (0.4.11)
|
||||
json (~> 2.2)
|
||||
optimist (~> 3.0)
|
||||
ruby-mpd (~> 0.3)
|
||||
sinatra (~> 2.0)
|
||||
thin (~> 1.7)
|
||||
rack (2.2.3)
|
||||
rack-protection (2.1.0)
|
||||
rack
|
||||
ruby-mpd (0.3.3)
|
||||
ruby2_keywords (0.0.4)
|
||||
sinatra (2.1.0)
|
||||
mustermann (~> 1.0)
|
||||
rack (~> 2.2)
|
||||
rack-protection (= 2.1.0)
|
||||
tilt (~> 2.0)
|
||||
thin (1.8.0)
|
||||
daemons (~> 1.0, >= 1.0.9)
|
||||
eventmachine (~> 1.0, >= 1.0.4)
|
||||
rack (>= 1, < 3)
|
||||
tilt (2.0.10)
|
||||
|
||||
PLATFORMS
|
||||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
pifi
|
||||
|
||||
BUNDLED WITH
|
||||
2.1.4
|
|
@ -1,18 +0,0 @@
|
|||
{ lib, bundlerEnv, ruby }:
|
||||
|
||||
bundlerEnv rec {
|
||||
pname = "pifi";
|
||||
|
||||
version = (import ./gemset.nix).pifi.version;
|
||||
inherit ruby;
|
||||
# expects Gemfile, Gemfile.lock and gemset.nix in the same directory
|
||||
gemdir = ./.;
|
||||
|
||||
meta = with lib; {
|
||||
description = "MPD web client to listen to radio, written in React and Sinatra";
|
||||
homepage = "https://github.com/rccavalcanti/pifi-radio";
|
||||
license = with licenses; gpl3Only;
|
||||
maintainers = with maintainers; [ kmein ];
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
}
|
|
@ -1,137 +0,0 @@
|
|||
{
|
||||
daemons = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0l5gai3vd4g7aqff0k1mp41j9zcsvm2rbwmqn115a325k9r7pf4w";
|
||||
type = "gem";
|
||||
};
|
||||
version = "1.3.1";
|
||||
};
|
||||
eventmachine = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0wh9aqb0skz80fhfn66lbpr4f86ya2z5rx6gm5xlfhd05bj1ch4r";
|
||||
type = "gem";
|
||||
};
|
||||
version = "1.2.7";
|
||||
};
|
||||
json = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0lrirj0gw420kw71bjjlqkqhqbrplla61gbv1jzgsz6bv90qr3ci";
|
||||
type = "gem";
|
||||
};
|
||||
version = "2.5.1";
|
||||
};
|
||||
mustermann = {
|
||||
dependencies = ["ruby2_keywords"];
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a";
|
||||
type = "gem";
|
||||
};
|
||||
version = "1.1.1";
|
||||
};
|
||||
optimist = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "1vg2chy1cfmdj6c1gryl8zvjhhmb3plwgyh1jfnpq4fnfqv7asrk";
|
||||
type = "gem";
|
||||
};
|
||||
version = "3.0.1";
|
||||
};
|
||||
pifi = {
|
||||
dependencies = ["json" "optimist" "ruby-mpd" "sinatra" "thin"];
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0xwjaql852m0p7himc3pak1ibc8lfxi29bbgic153wp713xc2cga";
|
||||
type = "gem";
|
||||
};
|
||||
version = "0.4.11";
|
||||
};
|
||||
rack = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0i5vs0dph9i5jn8dfc6aqd6njcafmb20rwqngrf759c9cvmyff16";
|
||||
type = "gem";
|
||||
};
|
||||
version = "2.2.3";
|
||||
};
|
||||
rack-protection = {
|
||||
dependencies = ["rack"];
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "159a4j4kragqh0z0z8vrpilpmaisnlz3n7kgiyf16bxkwlb3qlhz";
|
||||
type = "gem";
|
||||
};
|
||||
version = "2.1.0";
|
||||
};
|
||||
ruby-mpd = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0l80gbnma009pfcqgz4azbngkr5jn9nm46fflx5p7c4vz4kwshpc";
|
||||
type = "gem";
|
||||
};
|
||||
version = "0.3.3";
|
||||
};
|
||||
ruby2_keywords = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "15wfcqxyfgka05v2a7kpg64x57gl1y4xzvnc9lh60bqx5sf1iqrs";
|
||||
type = "gem";
|
||||
};
|
||||
version = "0.0.4";
|
||||
};
|
||||
sinatra = {
|
||||
dependencies = ["mustermann" "rack" "rack-protection" "tilt"];
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0dd53rzpkxgs697pycbhhgc9vcnxra4ly4xar8ni6aiydx2f88zk";
|
||||
type = "gem";
|
||||
};
|
||||
version = "2.1.0";
|
||||
};
|
||||
thin = {
|
||||
dependencies = ["daemons" "eventmachine" "rack"];
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0g5p3r47qxxfmfagdf8wb68pd24938cgzdfn6pmpysrn296pg5m5";
|
||||
type = "gem";
|
||||
};
|
||||
version = "1.8.0";
|
||||
};
|
||||
tilt = {
|
||||
groups = ["default"];
|
||||
platforms = [];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv";
|
||||
type = "gem";
|
||||
};
|
||||
version = "2.0.10";
|
||||
};
|
||||
}
|
|
@ -2,12 +2,12 @@
|
|||
|
||||
let
|
||||
pname = "plexamp";
|
||||
version = "3.9.0";
|
||||
version = "3.9.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
|
||||
name="${pname}-${version}.AppImage";
|
||||
sha512 = "2OaV8dONv7yBcQsfecgfedP2ypBN6svD9rgZLgUwSydyH2+rODNPne4O7z2Hahm7Y0Ae+NFxbpQ9lbNbX0vhsg==";
|
||||
sha512 = "uassNLdCXx3WLarUMJNhU8fbXugG7yTLMQacPAszLoRdmbMwcN6wT7ED26VhlNVhY3xr02GjZSDw4/LADZWqKw==";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extractType2 {
|
||||
|
@ -33,7 +33,7 @@ in appimageTools.wrapType2 {
|
|||
meta = with lib; {
|
||||
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
|
||||
homepage = "https://plexamp.com/";
|
||||
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/36";
|
||||
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/37";
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ killercup synthetica ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
|
|
|
@ -8,13 +8,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pt2-clone";
|
||||
version = "1.38";
|
||||
version = "1.39";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "8bitbubsy";
|
||||
repo = "pt2-clone";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-fnPYlZvCZYiKkQmp5bNtrqgZAkVtKLmLMcfkbbysMyU=";
|
||||
sha256 = "sha256-ZmgsNp2fRebbLxSzzCsLdM6/7kBKo+YFUCdWLSYfI5A=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ stdenv, lib, pkg-config, fetchFromGitHub, sconsPackages
|
||||
, python, glibmm, libpulseaudio, libao }:
|
||||
, glibmm, libpulseaudio, libao }:
|
||||
|
||||
let
|
||||
version = "unstable-2018-02-10";
|
||||
|
@ -19,7 +19,7 @@ in stdenv.mkDerivation {
|
|||
];
|
||||
|
||||
buildInputs = [
|
||||
python glibmm libpulseaudio libao
|
||||
glibmm libpulseaudio libao
|
||||
];
|
||||
|
||||
# SConstruct patch
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
, fetchFromGitHub
|
||||
, autoreconfHook
|
||||
, alsa-lib
|
||||
, python
|
||||
, python3
|
||||
, SDL
|
||||
}:
|
||||
|
||||
|
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
|
|||
configureFlags = [ "--enable-dependency-tracking" ]
|
||||
++ lib.optional stdenv.isDarwin "--disable-sdltest";
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook python ];
|
||||
nativeBuildInputs = [ autoreconfHook python3 ];
|
||||
|
||||
buildInputs = [ SDL ] ++ lib.optional stdenv.isLinux alsa-lib;
|
||||
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sfizz";
|
||||
version = "1.1.1";
|
||||
version = "1.2.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "sfztools";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "1gzpbns89j6ggzfjjvyhgigynsv20synrs7lmc32hwp4g73l0j7n";
|
||||
sha256 = "sha256-biHsB49Ym9NU4tMOVnUNuIxPtpcIi6oCAS7JBPhxwec=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchFromGitHub , boost, cairomm, cmake, libsndfile, lv2, ntk, pkg-config, python }:
|
||||
{ lib, stdenv, fetchFromGitHub , boost, cairomm, cmake, libsndfile, lv2, ntk, pkg-config }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sorcer";
|
||||
|
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
|
|||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
buildInputs = [ boost cairomm libsndfile lv2 ntk python ];
|
||||
buildInputs = [ boost cairomm libsndfile lv2 ntk ];
|
||||
|
||||
postPatch = ''
|
||||
# Fix build with lv2 1.18: https://github.com/brummer10/guitarix/commit/c0334c72
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib, stdenv, fetchFromGitHub, makeWrapper
|
||||
, shntool, cuetools
|
||||
, flac, faac, mp4v2, wavpack, mac
|
||||
, imagemagick, libiconv, enca, lame, pythonPackages, vorbis-tools
|
||||
, imagemagick, libiconv, enca, lame, mutagen, vorbis-tools
|
||||
, aacgain, mp3gain, vorbisgain
|
||||
}:
|
||||
|
||||
|
@ -12,7 +12,7 @@ let
|
|||
--prefix PATH : ${lib.makeBinPath [
|
||||
shntool cuetools
|
||||
flac faac mp4v2 wavpack mac
|
||||
imagemagick libiconv enca lame pythonPackages.mutagen vorbis-tools
|
||||
imagemagick libiconv enca lame mutagen vorbis-tools
|
||||
aacgain mp3gain vorbisgain
|
||||
]}
|
||||
'';
|
||||
|
|
|
@ -21,19 +21,19 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "spot";
|
||||
version = "0.2.2";
|
||||
version = "0.3.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "xou816";
|
||||
repo = "spot";
|
||||
rev = version;
|
||||
hash = "sha256-g0oVhlfez9i+Vv8lt/aNftCVqdgPMDySBBeLyOv7Zl8=";
|
||||
hash = "sha256-An9PJsuXZkvJhP67cisWxFd2dpky53EY/xcR6StgWFY=";
|
||||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "${pname}-${version}";
|
||||
hash = "sha256-n10aYzkRqEe1h2WPAfARjH79Npvv+3fdX9jCtxv2a34=";
|
||||
hash = "sha256-2qMmPIBoZS6WT06VzCmnYWaIfLzWN2HUvk7y9GKuuXg=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -3,12 +3,12 @@
|
|||
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "20211016";
|
||||
version = "20220107";
|
||||
pname = "x42-plugins";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://gareus.org/misc/x42-plugins/${pname}-${version}.tar.xz";
|
||||
sha256 = "sha256-Z2lXaJweOPB9hWOuy2cx1P9/CAJ+IMc7JtPDKAg2boU=";
|
||||
sha256 = "sha256-+lzgkRQHe6moid3h6az/iqt2XL5vbyM0BjSTwMBvd3I=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
|
|
|
@ -26,7 +26,7 @@ buildDotnetModule rec {
|
|||
makeWrapperArgs+=(--run "cd $out/lib/btcpayserver")
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
postFixup = ''
|
||||
mv $out/bin/{BTCPayServer,btcpayserver}
|
||||
'';
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
, libsodium
|
||||
, cmake
|
||||
, substituteAll
|
||||
, pythonPackages
|
||||
, python3Packages
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
|
@ -23,7 +23,7 @@ stdenv.mkDerivation {
|
|||
# prevent CMake from trying to get libraries on the Internet
|
||||
(substituteAll {
|
||||
src = ./dont_fetch_dependencies.patch;
|
||||
pybind11_src = pythonPackages.pybind11.src;
|
||||
pybind11_src = python3Packages.pybind11.src;
|
||||
relic_src = fetchFromGitHub {
|
||||
owner = "relic-toolkit";
|
||||
repo = "relic";
|
||||
|
|
|
@ -17,7 +17,7 @@ buildDotnetModule rec {
|
|||
dotnet-sdk = dotnetCorePackages.sdk_3_1;
|
||||
dotnet-runtime = dotnetCorePackages.aspnetcore_3_1;
|
||||
|
||||
postInstall = ''
|
||||
postFixup = ''
|
||||
mv $out/bin/{NBXplorer,nbxplorer}
|
||||
'';
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ buildDotnetModule rec {
|
|||
)
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
postFixup = ''
|
||||
mv $out/bin/WalletWasabi.Backend $out/bin/WasabiBackend
|
||||
'';
|
||||
|
||||
|
|
|
@ -6,16 +6,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage.override { stdenv = stdenv; } rec {
|
||||
pname = "zcash";
|
||||
version = "4.5.1";
|
||||
version = "4.6.0-1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "zcash";
|
||||
repo = "zcash";
|
||||
rev = "v${version}";
|
||||
sha256 = "0kyk3hv1y13b3vwg9kjcrpvz9v3l8lp0ikj977nykd5ms8b1rifa";
|
||||
sha256 = "sha256-YJ5ufo+LYbOTr9SyiEzzp1pcSx6+cHSvDLBOIcx9X+4=";
|
||||
};
|
||||
|
||||
cargoSha256 = "1mwprsg74xv6qlxf00w7xapnkisb1aid9hkyr8r90zcwdcy8783r";
|
||||
cargoSha256 = "sha256-m/SBHv3BNYKkSXxHnCdVng3blbHrTc/HxX/nEIa1DnM=";
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook cargo hexdump makeWrapper pkg-config ];
|
||||
buildInputs = [ boost175 libevent libsodium utf8cpp ]
|
||||
|
|
|
@ -38,13 +38,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cudatext";
|
||||
version = "1.152.1";
|
||||
version = "1.153.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Alexey-T";
|
||||
repo = "CudaText";
|
||||
rev = version;
|
||||
sha256 = "sha256-rFmgf/wg6/jIObBDN+viKX3KrewVWgxs8uVF1gCY72s=";
|
||||
sha256 = "sha256-3p5wb3buZtd1gnNoEJOclNO8xEYJBZYc86HfrkFrBWU=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -16,23 +16,23 @@
|
|||
},
|
||||
"ATSynEdit": {
|
||||
"owner": "Alexey-T",
|
||||
"rev": "2021.12.22",
|
||||
"sha256": "sha256-MmRJ3XDq7b9doPFfW7njSOasHej5ut0nYcJMFj+Y/Dc="
|
||||
"rev": "2022.01.07",
|
||||
"sha256": "sha256-KxeaTXv0qig3O2hqjJ5HG1KCN0TTQdnd3g9jBsEc0a4="
|
||||
},
|
||||
"ATSynEdit_Cmp": {
|
||||
"owner": "Alexey-T",
|
||||
"rev": "2021.09.14",
|
||||
"sha256": "sha256-6eC75zAtWbM1XEI9OM3iqy/a8Vj1l5WU7HGJBpmoQsA="
|
||||
"rev": "2021.12.28",
|
||||
"sha256": "sha256-bXTjPdn0DIVTdoi30Ws5+M+UsC7F99IphMSTpI5ia/Q="
|
||||
},
|
||||
"EControl": {
|
||||
"owner": "Alexey-T",
|
||||
"rev": "2021.12.07",
|
||||
"sha256": "sha256-givCklAHao26psWLI2qK246igxcAQEeIYTGH61FX6Xo="
|
||||
"rev": "2022.01.07",
|
||||
"sha256": "sha256-dgkyXrFs2hzuFjt9GW+WNyrLIp/i/AbRsM/MyMbatdA="
|
||||
},
|
||||
"ATSynEdit_Ex": {
|
||||
"owner": "Alexey-T",
|
||||
"rev": "2021.12.07",
|
||||
"sha256": "sha256-/2Fv/vrpbHSiJro11cjbziUaT4gfwa6y5aQBoYgq3OQ="
|
||||
"rev": "2022.01.07",
|
||||
"sha256": "sha256-7QDHf0PYGMc611qrk+a8pNJHF1v1DFMWlt5hbaU/oD8="
|
||||
},
|
||||
"Python-for-Lazarus": {
|
||||
"owner": "Alexey-T",
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ lib, stdenv, fetchurl, makeWrapper, makeDesktopItem, which, unzip, libicns, imagemagick
|
||||
, jdk, perl, python
|
||||
, jdk, perl
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -58,7 +58,7 @@ stdenv.mkDerivation {
|
|||
'';
|
||||
|
||||
nativeBuildInputs = [ makeWrapper unzip ];
|
||||
buildInputs = [ perl python libicns imagemagick ];
|
||||
buildInputs = [ perl libicns imagemagick ];
|
||||
|
||||
meta = {
|
||||
description = "An integrated development environment for Java, C, C++ and PHP";
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, mkDerivation
|
||||
, fetchurl
|
||||
, fetchpatch
|
||||
|
@ -30,6 +31,9 @@
|
|||
, nodejs
|
||||
, mkYarnModules
|
||||
, qmake
|
||||
, server ? false # build server version
|
||||
, sqlite
|
||||
, pam
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -65,8 +69,10 @@ let
|
|||
yarnNix = ./yarndeps.nix;
|
||||
};
|
||||
|
||||
description = "Set of integrated tools for the R language";
|
||||
in
|
||||
mkDerivation rec {
|
||||
(if server then stdenv.mkDerivation else mkDerivation)
|
||||
(rec {
|
||||
inherit pname version src RSTUDIO_VERSION_MAJOR RSTUDIO_VERSION_MINOR RSTUDIO_VERSION_PATCH;
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -77,6 +83,7 @@ mkDerivation rec {
|
|||
makeWrapper
|
||||
pandoc
|
||||
nodejs
|
||||
] ++ lib.optional (!server) [
|
||||
copyDesktopItems
|
||||
];
|
||||
|
||||
|
@ -85,26 +92,31 @@ mkDerivation rec {
|
|||
zlib
|
||||
openssl
|
||||
R
|
||||
libuuid
|
||||
libyamlcpp
|
||||
soci
|
||||
postgresql
|
||||
] ++ (if server then [
|
||||
sqlite.dev
|
||||
pam
|
||||
] else [
|
||||
qtbase
|
||||
qtxmlpatterns
|
||||
qtsensors
|
||||
qtwebengine
|
||||
qtwebchannel
|
||||
libuuid
|
||||
libyamlcpp
|
||||
soci
|
||||
postgresql
|
||||
];
|
||||
]);
|
||||
|
||||
cmakeFlags = [
|
||||
"-DRSTUDIO_TARGET=Desktop"
|
||||
"-DRSTUDIO_TARGET=${if server then "Server" else "Desktop"}"
|
||||
"-DCMAKE_BUILD_TYPE=Release"
|
||||
"-DQT_QMAKE_EXECUTABLE=${qmake}/bin/qmake"
|
||||
"-DRSTUDIO_USE_SYSTEM_SOCI=ON"
|
||||
"-DRSTUDIO_USE_SYSTEM_BOOST=ON"
|
||||
"-DRSTUDIO_USE_SYSTEM_YAML_CPP=ON"
|
||||
"-DPANDOC_VERSION=${pandoc.version}"
|
||||
"-DCMAKE_INSTALL_PREFIX=${placeholder "out"}/lib/rstudio"
|
||||
] ++ lib.optional (!server) [
|
||||
"-DQT_QMAKE_EXECUTABLE=${qmake}/bin/qmake"
|
||||
];
|
||||
|
||||
# Hack RStudio to only use the input R and provided libclang.
|
||||
|
@ -168,10 +180,16 @@ mkDerivation rec {
|
|||
'';
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/icons/hicolor/48x48/apps $out/bin
|
||||
ln $out/lib/rstudio/rstudio.png $out/share/icons/hicolor/48x48/apps
|
||||
mkdir -p $out/bin $out/share
|
||||
|
||||
for f in {diagnostics,rpostback,rstudio}; do
|
||||
${lib.optionalString (!server) ''
|
||||
mkdir -p $out/share/icons/hicolor/48x48/apps
|
||||
ln $out/lib/rstudio/rstudio.png $out/share/icons/hicolor/48x48/apps
|
||||
''}
|
||||
|
||||
for f in {${if server
|
||||
then "crash-handler-proxy,postback,r-ldpath,rpostback,rserver,rserver-pam,rsession,rstudio-server"
|
||||
else "diagnostics,rpostback,rstudio"}}; do
|
||||
ln -s $out/lib/rstudio/bin/$f $out/bin
|
||||
done
|
||||
|
||||
|
@ -182,28 +200,31 @@ mkDerivation rec {
|
|||
rm -r $out/lib/rstudio/bin/{pandoc/pandoc,pandoc}
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
inherit description;
|
||||
homepage = "https://www.rstudio.com/";
|
||||
license = licenses.agpl3Only;
|
||||
maintainers = with maintainers; [ ciil cfhammill ];
|
||||
mainProgram = "rstudio" + optionalString server "-server";
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
|
||||
passthru = { inherit server; };
|
||||
} // lib.optionalAttrs (!server) {
|
||||
qtWrapperArgs = [
|
||||
"--suffix PATH : ${lib.makeBinPath [ gnumake ]}"
|
||||
];
|
||||
|
||||
desktopItems = [
|
||||
(makeDesktopItem {
|
||||
name = "${pname}";
|
||||
name = pname;
|
||||
exec = "rstudio %F";
|
||||
icon = "rstudio";
|
||||
desktopName = "RStudio";
|
||||
genericName = "IDE";
|
||||
comment = meta.description;
|
||||
comment = description;
|
||||
categories = "Development;";
|
||||
mimeType = "text/x-r-source;text/x-r;text/x-R;text/x-r-doc;text/x-r-sweave;text/x-r-markdown;text/x-r-html;text/x-r-presentation;application/x-r-data;application/x-r-project;text/x-r-history;text/x-r-profile;text/x-tex;text/x-markdown;text/html;text/css;text/javascript;text/x-chdr;text/x-csrc;text/x-c++hdr;text/x-c++src;";
|
||||
})
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Set of integrated tools for the R language";
|
||||
homepage = "https://www.rstudio.com/";
|
||||
license = licenses.agpl3Only;
|
||||
maintainers = with maintainers; [ ciil ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
})
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ lib, mkDerivation, fetchFromGitHub, pkg-config, qmake
|
||||
, python, qtbase, qttools }:
|
||||
, python2, qtbase, qttools }:
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "tiled";
|
||||
|
@ -13,7 +13,7 @@ mkDerivation rec {
|
|||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config qmake ];
|
||||
buildInputs = [ python qtbase qttools ];
|
||||
buildInputs = [ python2 qtbase qttools ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Free, easy to use and flexible tile map editor";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchFromGitHub, fetchpatch, wxGTK, autoconf, automake, libtool, python, gettext }:
|
||||
{ lib, stdenv, fetchFromGitHub, fetchpatch, wxGTK, autoconf, automake, libtool, python2, gettext }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "wxHexEditor";
|
||||
|
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "08xnhaif8syv1fa0k6lc3jm7yg2k50b02lyds8w0jyzh4xi5crqj";
|
||||
};
|
||||
|
||||
buildInputs = [ wxGTK autoconf automake libtool python gettext ];
|
||||
buildInputs = [ wxGTK autoconf automake libtool python2 gettext ];
|
||||
|
||||
preConfigure = "patchShebangs .";
|
||||
|
||||
|
|
|
@ -1,72 +0,0 @@
|
|||
{ python2
|
||||
, lib
|
||||
, fetchurl
|
||||
, pkg-config
|
||||
, libXext
|
||||
, libXxf86vm
|
||||
, libX11
|
||||
, libXrandr
|
||||
, libXinerama
|
||||
, libXScrnSaver
|
||||
, argyllcms
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (python2.pkgs) buildPythonApplication wxPython numpy dbus-python;
|
||||
in buildPythonApplication rec {
|
||||
pname = "displaycal";
|
||||
version = "3.8.9.3";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/project/dispcalgui/release/${version}/DisplayCAL-${version}.tar.gz";
|
||||
sha256 = "1sivi4q7sqsrc95qg5gh37bsm2761md4mpl89hflzwk6kyyxyd3w";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
libXext
|
||||
libXxf86vm
|
||||
libX11
|
||||
libXrandr
|
||||
libXinerama
|
||||
libXScrnSaver
|
||||
argyllcms
|
||||
wxPython
|
||||
numpy
|
||||
dbus-python
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config
|
||||
];
|
||||
|
||||
preConfigure = ''
|
||||
mkdir dist
|
||||
cp {misc,dist}/net.displaycal.DisplayCAL.appdata.xml
|
||||
touch dist/copyright
|
||||
mkdir -p $out
|
||||
ln -s $out/share/DisplayCAL $out/Resources
|
||||
'';
|
||||
|
||||
# no idea why it looks there - symlink .json lang (everything)
|
||||
postInstall = ''
|
||||
for x in $out/share/DisplayCAL/*; do
|
||||
ln -s $x $out/lib/python2.7/site-packages/DisplayCAL
|
||||
done
|
||||
|
||||
for prog in "$out/bin/"*; do
|
||||
wrapProgram "$prog" \
|
||||
--prefix PYTHONPATH : "$PYTHONPATH" \
|
||||
--prefix PATH : ${argyllcms}/bin
|
||||
done
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "Display Calibration and Characterization powered by Argyll CMS";
|
||||
homepage = "https://displaycal.net/";
|
||||
license = lib.licenses.gpl3;
|
||||
maintainers = [lib.maintainers.marcweber];
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
|
@ -81,6 +81,14 @@ stdenv.mkDerivation rec {
|
|||
stripLen = 1;
|
||||
extraPrefix = "share/extensions/";
|
||||
})
|
||||
# Remove mandatory break from end of paragraphs, added in Pango 1.49
|
||||
# https://gitlab.com/inkscape/inkscape/-/merge_requests/3630
|
||||
# TODO: Remove in Inkscape 1.1.2
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.com/inkscape/inkscape/-/commit/b3dabef2245d4e4e977ee9d6776be9a134493515.patch";
|
||||
sha256 = "YhqUlRBKL1vJ/iCM/DvdwbmPIsAHQpcgf4TPpjlnBng=";
|
||||
})
|
||||
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ callPackage, ... } @ args:
|
||||
|
||||
callPackage ./generic.nix (args // {
|
||||
version = "5.0.0";
|
||||
version = "5.0.2";
|
||||
kde-channel = "stable";
|
||||
sha256 = "sha256-hNWDPbyrP9OkGPTDdnDYKtkZQw8MbQpXuZOQdHHuzFc=";
|
||||
sha256 = "sha256-5nUfx+tQSXekiAo3brvTmVyH2tFUSGCE6COX5l1JnL8=";
|
||||
})
|
||||
|
|
|
@ -2,23 +2,23 @@
|
|||
, buildDotnetModule
|
||||
, dotnetCorePackages
|
||||
, fetchFromGitHub
|
||||
, glibcLocales
|
||||
, gtk3
|
||||
, installShellFiles
|
||||
, librsvg
|
||||
, makeDesktopItem
|
||||
, intltool
|
||||
, wrapGAppsHook
|
||||
}:
|
||||
|
||||
buildDotnetModule rec {
|
||||
pname = "Pinta";
|
||||
version = "2.0.1";
|
||||
version = "2.0.2";
|
||||
|
||||
nativeBuildInputs = [
|
||||
installShellFiles
|
||||
intltool
|
||||
wrapGAppsHook
|
||||
];
|
||||
|
||||
runtimeDeps = [ gtk3 ];
|
||||
buildInputs = runtimeDeps;
|
||||
|
||||
dotnet-sdk = dotnetCorePackages.sdk_6_0;
|
||||
dotnet-runtime = dotnetCorePackages.runtime_6_0;
|
||||
|
@ -26,7 +26,7 @@ buildDotnetModule rec {
|
|||
# How-to update deps:
|
||||
# $ nix-build -A pinta.fetch-deps
|
||||
# $ ./result
|
||||
# $ cp /tmp/Pinta-deps.nix ./pkgs/applications/graphics/pinta/default.nix
|
||||
# $ cp /tmp/Pinta-deps.nix ./pkgs/applications/graphics/pinta/deps.nix
|
||||
# TODO: create update script
|
||||
nugetDeps = ./deps.nix;
|
||||
|
||||
|
@ -36,52 +36,49 @@ buildDotnetModule rec {
|
|||
owner = "PintaProject";
|
||||
repo = "Pinta";
|
||||
rev = version;
|
||||
sha256 = "sha256-iOKJPB2bI/GjeDxzG7r6ew7SGIzgrJTcRXhEYzOpC9k=";
|
||||
sha256 = "sha256-Bvzs1beq7I1+10w9pmMePqGCz2TPDp5UK5Wa9hbKERU=";
|
||||
};
|
||||
|
||||
# FIXME: this should be propagated by wrapGAppsHook already, however for some
|
||||
# reason it is not working. Maybe a bug in buildDotnetModule?
|
||||
preInstall = ''
|
||||
gappsWrapperArgs+=(
|
||||
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}"
|
||||
--set GDK_PIXBUF_MODULE_FILE ${librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
|
||||
)
|
||||
# https://github.com/NixOS/nixpkgs/issues/38991
|
||||
# bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
|
||||
LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
|
||||
|
||||
# Do the autoreconf/Makefile job manually
|
||||
# TODO: use upstream build system
|
||||
postBuild = ''
|
||||
# Substitute translation placeholders
|
||||
intltool-merge -x po/ xdg/pinta.appdata.xml.in xdg/pinta.appdata.xml
|
||||
intltool-merge -d po/ xdg/pinta.desktop.in xdg/pinta.desktop
|
||||
|
||||
# Build translations
|
||||
dotnet build Pinta \
|
||||
-p:ContinuousIntegrationBuild=true \
|
||||
-p:Deterministic=true \
|
||||
-target:CompileTranslations,PublishTranslations \
|
||||
-p:BuildTranslations=true \
|
||||
-p:PublishDir="$NIX_BUILD_TOP/source/publish"
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
postFixup = ''
|
||||
# Rename the binary
|
||||
mv $out/bin/Pinta $out/bin/pinta
|
||||
mv "$out/bin/Pinta" "$out/bin/pinta"
|
||||
|
||||
# Copy desktop icons
|
||||
for size in 16x16 22x22 24x24 32x32 96x96 scalable; do
|
||||
mkdir -p $out/share/icons/hicolor/$size/apps
|
||||
cp xdg/$size/* $out/share/icons/hicolor/$size/apps/
|
||||
done
|
||||
|
||||
# Copy runtime icons
|
||||
cp -r Pinta.Resources/icons/hicolor/16x16/* $out/share/icons/hicolor/16x16/
|
||||
|
||||
# Install manpage
|
||||
installManPage xdg/pinta.1
|
||||
|
||||
# Fix and copy desktop file
|
||||
# TODO: fix this propely by using the autoreconf+pkg-config build system
|
||||
# from upstream
|
||||
mkdir -p $out/share/applications
|
||||
substitute xdg/pinta.desktop.in $out/share/applications/Pinta.desktop \
|
||||
--replace _Name Name \
|
||||
--replace _Comment Comment \
|
||||
--replace _GenericName GenericName \
|
||||
--replace _X-GNOME-FullName X-GNOME-FullName \
|
||||
--replace _Keywords Keywords
|
||||
# Install
|
||||
dotnet build installer/linux/install.proj \
|
||||
-target:Install \
|
||||
-p:ContinuousIntegrationBuild=true \
|
||||
-p:Deterministic=true \
|
||||
-p:SourceDir="$NIX_BUILD_TOP/source" \
|
||||
-p:PublishDir="$NIX_BUILD_TOP/source/publish" \
|
||||
-p:InstallPrefix="$out"
|
||||
'';
|
||||
|
||||
meta = {
|
||||
meta = with lib; {
|
||||
homepage = "https://www.pinta-project.com/";
|
||||
description = "Drawing/editing program modeled after Paint.NET";
|
||||
license = lib.licenses.mit;
|
||||
maintainers = with lib.maintainers; [ thiagokokada ];
|
||||
platforms = with lib.platforms; linux;
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ thiagokokada ];
|
||||
platforms = with platforms; linux;
|
||||
mainProgram = "pinta";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,25 @@
|
|||
{ lib, fetchFromGitHub, cmake, pkg-config, mkDerivation
|
||||
, qtbase, qtx11extras, qtsvg, makeWrapper
|
||||
, vulkan-loader, libglvnd, xorg, python3, python3Packages
|
||||
, bison, pcre, automake, autoconf, addOpenGLRunpath
|
||||
, waylandSupport ? false, wayland
|
||||
{ lib
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, cmake
|
||||
, pkg-config
|
||||
, mkDerivation
|
||||
, qtbase
|
||||
, qtx11extras
|
||||
, qtsvg
|
||||
, makeWrapper
|
||||
, vulkan-loader
|
||||
, libglvnd
|
||||
, xorg
|
||||
, python3
|
||||
, python3Packages
|
||||
, bison
|
||||
, pcre
|
||||
, automake
|
||||
, autoconf
|
||||
, addOpenGLRunpath
|
||||
, waylandSupport ? false
|
||||
, wayland
|
||||
}:
|
||||
let
|
||||
custom_swig = fetchFromGitHub {
|
||||
|
@ -15,13 +32,13 @@ let
|
|||
in
|
||||
mkDerivation rec {
|
||||
pname = "renderdoc";
|
||||
version = "1.16";
|
||||
version = "1.17";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "baldurk";
|
||||
repo = "renderdoc";
|
||||
rev = "v${version}";
|
||||
sha256 = "150d1qzjs420clqr48gickiw5ymjx4md6iyjbxmxsdml0pyxpwwn";
|
||||
sha256 = "sha256-Zr7Av49mK48B4N+Ca2vPIgKuVNP4YLVEs4EQepukSs8=";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
|
@ -64,6 +81,10 @@ mkDerivation rec {
|
|||
addOpenGLRunpath $out/lib/librenderdoc.so
|
||||
'';
|
||||
|
||||
passthru.updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "A single-frame graphics debugger";
|
||||
homepage = "https://renderdoc.org/";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchFromGitHub, cmake, qt4, quazip, qt-mobility, qxt, pythonPackages }:
|
||||
{ lib, stdenv, fetchFromGitHub, cmake, qt4, quazip, qt-mobility, qxt, python2Packages }:
|
||||
|
||||
with lib;
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
|
|||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ qt4 quazip qt-mobility qxt pythonPackages.python pythonPackages.pycrypto ];
|
||||
buildInputs = [ qt4 quazip qt-mobility qxt python2Packages.python python2Packages.pycrypto ];
|
||||
|
||||
patchPhase = ''
|
||||
# Required to make the configure script work. Normally, screencloud's
|
||||
|
@ -59,7 +59,7 @@ stdenv.mkDerivation rec {
|
|||
postInstall = ''
|
||||
patchShebangs $prefix/opt/screencloud/screencloud.sh
|
||||
substituteInPlace "$prefix/opt/screencloud/screencloud.sh" --replace "/opt" "$prefix/opt"
|
||||
sed -i "2 i\export PYTHONPATH=$(toPythonPath ${pythonPackages.pycrypto}):\$PYTHONPATH" "$prefix/opt/screencloud/screencloud.sh"
|
||||
sed -i "2 i\export PYTHONPATH=$(toPythonPath ${python2Packages.pycrypto}):\$PYTHONPATH" "$prefix/opt/screencloud/screencloud.sh"
|
||||
mkdir $prefix/bin
|
||||
mkdir $prefix/lib
|
||||
ln -s $prefix/opt/screencloud/screencloud.sh $prefix/bin/screencloud
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue