Project import generated by Copybara.

GitOrigin-RevId: 6d8215281b2f87a5af9ed7425a26ac575da0438f
This commit is contained in:
Default email 2022-01-20 00:45:15 +01:00
parent bd3c7c090e
commit 4cb23072fc
962 changed files with 18542 additions and 20704 deletions

View file

@ -61,9 +61,6 @@ trim_trailing_whitespace = unset
[nixos/modules/services/networking/ircd-hybrid/*.{conf,in}]
trim_trailing_whitespace = unset
[nixos/tests/systemd-networkd-vrf.nix]
trim_trailing_whitespace = unset
[pkgs/build-support/dotnetenv/Wrapper/**]
end_of_line = unset
indent_style = unset

View file

@ -118,7 +118,7 @@
# Rust
/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
/pkgs/build-support/rust @andir @zowoq
/pkgs/build-support/rust @zowoq
# Darwin-related
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
@ -279,3 +279,13 @@
# terraform providers
/pkgs/applications/networking/cluster/terraform-providers @zowoq
# Matrix
/pkgs/servers/heisenbridge @piegamesde
/pkgs/servers/matrix-conduit @piegamesde @pstn
/pkgs/servers/matrix-synapse/matrix-appservice-irc @piegamesde
/nixos/modules/services/misc/heisenbridge.nix @piegamesde
/nixos/modules/services/misc/matrix-appservice-irc.nix @piegamesde
/nixos/modules/services/misc/matrix-conduit.nix @piegamesde @pstn
/nixos/tests/matrix-appservice-irc.nix @piegamesde
/nixos/tests/matrix-conduit.nix @piegamesde @pstn

View file

@ -227,7 +227,7 @@ digraph {
}
```
[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/merge-staging.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours.
[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/periodic-merge-6h.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours.
### Master branch {#submitting-changes-master-branch}

View file

@ -84,7 +84,7 @@ To package Dotnet applications, you can use `buildDotnetModule`. This has simila
<ProjectReference Include="../foo/bar.fsproj" />
<PackageReference Include="bar" Version="*" Condition=" '$(ContinuousIntegrationBuild)'=='true' "/>
```
* `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`.
* `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`. This gets done in the `preFixup` phase.
* `runtimeDeps` is used to wrap libraries into `LD_LIBRARY_PATH`. This is how dotnet usually handles runtime dependencies.
* `buildType` is used to change the type of build. Possible values are `Release`, `Debug`, etc. By default, this is set to `Release`.
* `dotnet-sdk` is useful in cases where you need to change what dotnet SDK is being used.

View file

@ -22,24 +22,6 @@
import ./nixos/lib/eval-config.nix (args // {
modules =
let
vmConfig = (import ./nixos/lib/eval-config.nix
(args // {
modules = modules ++ [ ./nixos/modules/virtualisation/qemu-vm.nix ];
})).config;
vmWithBootLoaderConfig = (import ./nixos/lib/eval-config.nix
(args // {
modules = modules ++ [
./nixos/modules/virtualisation/qemu-vm.nix
{ virtualisation.useBootLoader = true; }
({ config, ... }: {
virtualisation.useEFIBoot =
config.boot.loader.systemd-boot.enable ||
config.boot.loader.efi.canTouchEfiVariables;
})
];
})).config;
moduleDeclarationFile =
let
# Even though `modules` is a mandatory argument for `nixosSystem`, it doesn't
@ -63,11 +45,6 @@
system.nixos.versionSuffix =
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
system.nixos.revision = final.mkIf (self ? rev) self.rev;
system.build = {
vm = vmConfig.system.build.vm;
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
};
}
];
});

View file

@ -2,35 +2,33 @@
rec {
/* Print a trace message if pred is false.
/* Throw if pred is false, else return pred.
Intended to be used to augment asserts with helpful error messages.
Example:
assertMsg false "nope"
=> false
stderr> trace: nope
stderr> error: nope
assert (assertMsg ("foo" == "bar") "foo is not bar, silly"); ""
stderr> trace: foo is not bar, silly
stderr> assert failed at
assert assertMsg ("foo" == "bar") "foo is not bar, silly"; ""
stderr> error: foo is not bar, silly
Type:
assertMsg :: Bool -> String -> Bool
*/
# TODO(Profpatsch): add tests that check stderr
assertMsg = pred: msg:
if pred
then true
else builtins.trace msg false;
pred || builtins.throw msg;
/* Specialized `assertMsg` for checking if val is one of the elements
of a list. Useful for checking enums.
Example:
let sslLibrary = "libressl"
let sslLibrary = "libressl";
in assertOneOf "sslLibrary" sslLibrary [ "openssl" "bearssl" ]
=> false
stderr> trace: sslLibrary must be one of "openssl", "bearssl", but is: "libressl"
stderr> error: sslLibrary must be one of [
stderr> "openssl"
stderr> "bearssl"
stderr> ], but is: "libressl"
Type:
assertOneOf :: String -> ComparableVal -> List ComparableVal -> Bool

View file

@ -1950,6 +1950,12 @@
githubId = 543423;
name = "Alex Wied";
};
cfhammill = {
email = "cfhammill@gmail.com";
github = "cfhammill";
githubId = 7467038;
name = "Chris Hammill";
};
cfouche = {
email = "chaddai.fouche@gmail.com";
github = "Chaddai";
@ -2854,6 +2860,12 @@
githubId = 706758;
name = "Christian Gerbrandt";
};
derekcollison = {
email = "derek@nats.io";
github = "derekcollison";
githubId = 90097;
name = "Derek Collison";
};
DerGuteMoritz = {
email = "moritz@twoticketsplease.de";
github = "DerGuteMoritz";
@ -4244,6 +4256,16 @@
githubId = 1313787;
name = "Gabriel Gonzalez";
};
gador = {
email = "florian.brandes@posteo.de";
github = "gador";
githubId = 1883533;
name = "Florian Brandes";
keys = [{
longkeyid = "rsa4096/0xBBB3E40E53797FD9";
fingerprint = "0200 3EF8 8D2B CF2D 8F00 FFDC BBB3 E40E 5379 7FD9";
}];
};
gal_bolle = {
email = "florent.becker@ens-lyon.org";
github = "FlorentBecker";
@ -4443,6 +4465,16 @@
githubId = 1621335;
name = "Andrew Trachenko";
};
gordias = {
name = "Gordias";
email = "gordias@disroot.org";
github = "NotGordias";
githubId = 94724133;
keys = [{
longkeyid = "ed25519/0x5D47284830FAA4FA";
fingerprint = "C006 B8A0 0618 F3B6 E0E4 2ECD 5D47 2848 30FA A4FA";
}];
};
govanify = {
name = "Gauvain 'GovanifY' Roussel-Tarbouriech";
email = "gauvain@govanify.com";
@ -7138,6 +7170,12 @@
githubId = 13791;
name = "Luke Gorrie";
};
luker = {
email = "luker@fenrirproject.org";
github = "LucaFulchir";
githubId = 2486026;
name = "Luca Fulchir";
};
lumi = {
email = "lumi@pew.im";
github = "lumi-me-not";
@ -8492,10 +8530,10 @@
name = "Xinhao Luo";
};
newam = {
email = "alexmgit@protonmail.com";
email = "alex@thinglab.org";
github = "newAM";
githubId = 7845120;
name = "Alex M.";
name = "Alex Martens";
};
nikitavoloboev = {
email = "nikita.voloboev@gmail.com";
@ -9808,6 +9846,13 @@
githubId = 1016742;
name = "Rafael García";
};
raitobezarius = {
email = "ryan@lahfa.xyz";
matrix = "@raitobezarius:matrix.org";
github = "RaitoBezarius";
githubId = 314564;
name = "Ryan Lahfa";
};
raquelgb = {
email = "raquel.garcia.bautista@gmail.com";
github = "raquelgb";
@ -11087,6 +11132,12 @@
fingerprint = "4242 834C D401 86EF 8281 4093 86E3 0E5A 0F5F C59C";
}];
};
smasher164 = {
email = "aindurti@gmail.com";
github = "smasher164";
githubId = 12636891;
name = "Akhil Indurti";
};
smironov = {
email = "grrwlf@gmail.com";
github = "grwlf";
@ -12166,6 +12217,12 @@
githubId = 1183303;
name = "Jakob Klepp";
};
trundle = {
name = "Andreas Stührk";
email = "andy@hammerhartes.de";
github = "Trundle";
githubId = 332418;
};
tscholak = {
email = "torsten.scholak@googlemail.com";
github = "tscholak";

View file

@ -9,27 +9,6 @@ let
modules = [ configuration ];
};
# This is for `nixos-rebuild build-vm'.
vmConfig = (import ./lib/eval-config.nix {
inherit system;
modules = [ configuration ./modules/virtualisation/qemu-vm.nix ];
}).config;
# This is for `nixos-rebuild build-vm-with-bootloader'.
vmWithBootLoaderConfig = (import ./lib/eval-config.nix {
inherit system;
modules =
[ configuration
./modules/virtualisation/qemu-vm.nix
{ virtualisation.useBootLoader = true; }
({ config, ... }: {
virtualisation.useEFIBoot =
config.boot.loader.systemd-boot.enable ||
config.boot.loader.efi.canTouchEfiVariables;
})
];
}).config;
in
{
@ -37,7 +16,5 @@ in
system = eval.config.system.build.toplevel;
vm = vmConfig.system.build.vm;
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
inherit (eval.config.system.build) vm vmWithBootLoader;
}

View file

@ -1420,6 +1420,15 @@ Superuser created successfully.
for those who want to have all RetroArch cores available.
</para>
</listitem>
<listitem>
<para>
The Linux kernel for security reasons now restricts access to
BPF syscalls via <literal>BPF_UNPRIV_DEFAULT_OFF=y</literal>.
Unprivileged access can be reenabled via the
<literal>kernel.unprivileged_bpf_disabled</literal> sysctl
knob.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-notable-changes">

View file

@ -32,10 +32,14 @@
</listitem>
<listitem>
<para>
Mattermost has been updated to version 6.2. Migrations may
take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release">upgrade
notes</link>.
Mattermost has been updated to extended support release 6.3,
as the previously packaged extended support release 5.37 is
<link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching
its end of life</link>. Migrations may take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link>
and
<link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important
upgrade notes</link>.
</para>
</listitem>
</itemizedlist>
@ -90,6 +94,13 @@
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://ergo.chat">ergochat</link>, a modern
IRC with IRCv3 features. Available as
<link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
@ -150,6 +161,22 @@
<link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://timetagger.app">timetagger</link>,
an open source time-tracker with an intuitive user experience
and powerful reporting.
<link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>,
a browser-based version of the RStudio IDE for the R
programming language. Available as
<link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
@ -193,6 +220,13 @@
removed due to it being an outdated version.
</para>
</listitem>
<listitem>
<para>
The <literal>mailpile</literal> email webclient
(<literal>services.mailpile</literal>) has been removed due to
its reliance on python2.
</para>
</listitem>
<listitem>
<para>
The MoinMoin wiki engine
@ -237,6 +271,14 @@
<literal>virtualisation.docker.daemon.settings</literal>.
</para>
</listitem>
<listitem>
<para>
The backward compatibility in
<literal>services.dokuwiki</literal> to configure sites with
the old interface has been removed. Please use
<literal>services.dokuwiki.sites</literal> instead.
</para>
</listitem>
<listitem>
<para>
opensmtpd-extras is no longer build with python2 scripting
@ -311,6 +353,73 @@
unmaintained
</para>
</listitem>
<listitem>
<para>
MultiMC has been replaced with the fork PolyMC due to upstream
developers being hostile to 3rd party package maintainers.
PolyMC removes all MultiMC branding and is aimed at providing
proper 3rd party packages like the one contained in Nixpkgs.
This change affects the data folder where game instances and
other save and configuration files are stored. Users with
existing installations should rename
<literal>~/.local/share/multimc</literal> to
<literal>~/.local/share/polymc</literal>. The main config
files path has also moved from
<literal>~/.local/share/multimc/multimc.cfg</literal> to
<literal>~/.local/share/polymc/polymc.cfg</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and
<literal>pkgs.noto-fonts-cjk-serif</literal> because they each
have different release schedules. To maintain compatibility
with prior releases of Nixpkgs,
<literal>pkgs.noto-fonts-cjk</literal> is currently an alias
of <literal>pkgs.noto-fonts-cjk-sans</literal> and doesnt
include serif fonts.
</para>
</listitem>
<listitem>
<para>
The interface that allows activation scripts to restart units
has been reworked. Restarting and reloading is now done by a
single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
</listitem>
<listitem>
<para>
The <literal>services.bookstack.cacheDir</literal> option has
been removed, since the cache directory is now handled by
systemd.
</para>
</listitem>
<listitem>
<para>
The <literal>services.bookstack.extraConfig</literal> option
has been replaced by
<literal>services.bookstack.config</literal> which implements
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
<listitem>
<para>
<literal>lib.assertMsg</literal> and
<literal>lib.assertOneOf</literal> no longer return
<literal>false</literal> if the passed condition is
<literal>false</literal>, <literal>throw</literal>ing the
given error message instead (which makes the resulting error
message less cluttered). This will not impact the behaviour of
code using these functions as intended, namely as top-level
wrapper for <literal>assert</literal> conditions.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-notable-changes">
@ -341,6 +450,28 @@
socket <literal>/run/redis-${serverName}/redis.sock</literal>.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-virtualisation.vmVariant">virtualisation.vmVariant</link>
was added to allow users to make changes to the
<literal>nixos-rebuild build-vm</literal> configuration that
do not apply to their normal system.
</para>
<para>
The <literal>config.system.build.vm</literal> attribute now
always exists and defaults to the value from
<literal>vmVariant</literal>. Configurations that import the
<literal>virtualisation/qemu-vm.nix</literal> module
themselves will override this value, such that
<literal>vmVariant</literal> is not used.
</para>
<para>
Similarly
<link linkend="opt-virtualisation.vmVariantWithBootLoader">virtualisation.vmVariantWithBootloader</link>
was added.
</para>
</listitem>
<listitem>
<para>
The
@ -432,6 +563,14 @@
renamed to <literal>linux-firmware</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>services.mbpfan</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> configuration.
</para>
</listitem>
<listitem>
<para>
A new module was added for the
@ -441,6 +580,49 @@
<literal>programs.starship.settings</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>services.mattermost.plugins</literal> has been added
to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
</para>
</listitem>
<listitem>
<para>
The <literal>zrepl</literal> package has been updated from
0.4.0 to 0.5:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The RPC protocol version was bumped; all zrepl daemons in
a setup must be updated and restarted before replication
can resume.
</para>
</listitem>
<listitem>
<para>
A bug involving encrypt-on-receive has been fixed. Read
the
<link xlink:href="https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder">zrepl
documentation</link> and check the output of
<literal>zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS</literal>
on the receiver.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Renamed option
<literal>services.openssh.challengeResponseAuthentication</literal>
to
<literal>services.openssh.kbdInteractiveAuthentication</literal>.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a
warning.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -417,6 +417,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `retroArchCores` has been removed. This means that using `nixpkgs.config.retroarch` to customize RetroArch cores is not supported anymore. Instead, use package overrides, for example: `retroarch.override { cores = with libretro; [ citra snes9x ]; };`. Also, `retroarchFull` derivation is available for those who want to have all RetroArch cores available.
- The Linux kernel for security reasons now restricts access to BPF syscalls via `BPF_UNPRIV_DEFAULT_OFF=y`. Unprivileged access can be reenabled via the `kernel.unprivileged_bpf_disabled` sysctl knob.
## Other Notable Changes {#sec-release-21.11-notable-changes}

View file

@ -13,8 +13,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- PHP 8.1 is now available
- Mattermost has been updated to version 6.2. Migrations may take a while,
see the [upgrade notes](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release).
- Mattermost has been updated to extended support release 6.3, as the previously packaged extended support release 5.37 is [reaching its end of life](https://docs.mattermost.com/upgrade/extended-support-release.html).
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
## New Services {#sec-release-22.05-new-services}
@ -30,6 +31,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable).
- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](options.html#opt-services.ergochat.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
@ -46,6 +49,12 @@ In addition to numerous new and upgraded packages, this release has the followin
- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
- [timetagger](https://timetagger.app), an open source time-tracker with an intuitive user experience and powerful reporting. [services.timetagger](options.html#opt-services.timetagger.enable).
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](options.html#opt-services.rstudio-server.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
@ -67,6 +76,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
@ -79,6 +90,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
- The backward compatibility in `services.dokuwiki` to configure sites with the
old interface has been removed. Please use `services.dokuwiki.sites` instead.
- opensmtpd-extras is no longer build with python2 scripting support due to python2 deprecation in nixpkgs
- The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details.
@ -100,6 +114,28 @@ In addition to numerous new and upgraded packages, this release has the followin
- `pkgs.docbookrx` was removed since it's unmaintained
- MultiMC has been replaced with the fork PolyMC due to upstream developers being hostile to 3rd party package maintainers. PolyMC removes all MultiMC branding and is aimed at providing proper 3rd party packages like the one contained in Nixpkgs. This change affects the data folder where game instances and other save and configuration files are stored. Users with existing installations should rename `~/.local/share/multimc` to `~/.local/share/polymc`. The main config file's path has also moved from `~/.local/share/multimc/multimc.cfg` to `~/.local/share/polymc/polymc.cfg`.
- `pkgs.noto-fonts-cjk` is now deprecated in favor of `pkgs.noto-fonts-cjk-sans`
and `pkgs.noto-fonts-cjk-serif` because they each have different release
schedules. To maintain compatibility with prior releases of Nixpkgs,
`pkgs.noto-fonts-cjk` is currently an alias of `pkgs.noto-fonts-cjk-sans` and
doesn't include serif fonts.
- The interface that allows activation scripts to restart units has been reworked. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
- The `services.bookstack.cacheDir` option has been removed, since the
cache directory is now handled by systemd.
- The `services.bookstack.extraConfig` option has been replaced by
`services.bookstack.config` which implements a
[settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md)
configuration.
- `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Other Notable Changes {#sec-release-22.05-notable-changes}
- The option [services.redis.servers](#opt-services.redis.servers) was added
@ -118,6 +154,16 @@ In addition to numerous new and upgraded packages, this release has the followin
to the members of the Unix group `redis-${serverName}`
through the Unix socket `/run/redis-${serverName}/redis.sock`.
- The option [virtualisation.vmVariant](#opt-virtualisation.vmVariant) was added
to allow users to make changes to the `nixos-rebuild build-vm` configuration
that do not apply to their normal system.
The `config.system.build.vm` attribute now always exists and defaults to the
value from `vmVariant`. Configurations that import the `virtualisation/qemu-vm.nix`
module themselves will override this value, such that `vmVariant` is not used.
Similarly [virtualisation.vmVariantWithBootloader](#opt-virtualisation.vmVariantWithBootLoader) was added.
- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added.
- The `influxdb2` package was split into `influxdb2-server` and
@ -152,5 +198,20 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `firmwareLinuxNonfree` package has been renamed to `linux-firmware`.
- The `services.mbpfan` module was converted to a [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
providing the options `programs.starship.enable` and `programs.starship.settings`.
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
- The `zrepl` package has been updated from 0.4.0 to 0.5:
* The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
* A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- Renamed option `services.openssh.challengeResponseAuthentication` to `services.openssh.kbdInteractiveAuthentication`.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a warning.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

View file

@ -88,13 +88,8 @@ let
nixosWithUserModules = noUserModules.extendModules { modules = allUserModules; };
in withWarnings {
# Merge the option definitions in all modules, forming the full
# system configuration.
inherit (nixosWithUserModules) config options _module type;
in
withWarnings nixosWithUserModules // {
inherit extraArgs;
inherit (nixosWithUserModules._module.args) pkgs;
}

View file

@ -22,8 +22,15 @@ let
'';
};
scudo = {
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
scudo = let
platformMap = {
aarch64-linux = "aarch64";
x86_64-linux = "x86_64";
};
systemPlatform = platformMap.${pkgs.stdenv.hostPlatform.system} or (throw "scudo not supported on ${pkgs.stdenv.hostPlatform.system}");
in {
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";
description = ''
A user-mode allocator based on LLVM Sanitizers CombinedAllocator,
which aims at providing additional mitigations against heap based

View file

@ -94,7 +94,9 @@ with lib;
system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" ''
#!ipxe
kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams}
# Use the cmdline variable to allow the user to specify custom kernel params
# when chainloading this script from other iPXE scripts like netboot.xyz
kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams} ''${cmdline}
initrd initrd
boot
'';

View file

@ -182,7 +182,7 @@ in
yandexdisk = 143;
mxisd = 144; # was once collectd
#consul = 145;# dynamically allocated as of 2021-09-03
mailpile = 146;
#mailpile = 146; # removed 2022-01-12
redmine = 147;
#seeks = 148; # removed 2020-06-21
prosody = 149;
@ -353,6 +353,7 @@ in
distcc = 321;
webdav = 322;
pipewire = 323;
rstudio-server = 324;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -502,7 +503,7 @@ in
#yandexdisk = 143; # unused
mxisd = 144; # was once collectd
#consul = 145; # unused
mailpile = 146;
#mailpile = 146; # removed 2022-01-12
redmine = 147;
#seeks = 148; # removed 2020-06-21
prosody = 149;
@ -660,6 +661,7 @@ in
distcc = 321;
webdav = 322;
pipewire = 323;
rstudio-server = 324;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

View file

@ -394,6 +394,7 @@
./services/development/hoogle.nix
./services/development/jupyter/default.nix
./services/development/jupyterhub/default.nix
./services/development/rstudio-server/default.nix
./services/development/lorri.nix
./services/display-managers/greetd.nix
./services/editors/emacs.nix
@ -740,6 +741,7 @@
./services/networking/ejabberd.nix
./services/networking/epmd.nix
./services/networking/ergo.nix
./services/networking/ergochat.nix
./services/networking/eternal-terminal.nix
./services/networking/fakeroute.nix
./services/networking/ferm.nix
@ -790,7 +792,6 @@
./services/networking/lldpd.nix
./services/networking/logmein-hamachi.nix
./services/networking/lxd-image-server.nix
./services/networking/mailpile.nix
./services/networking/magic-wormhole-mailbox-server.nix
./services/networking/matterbridge.nix
./services/networking/mjpg-streamer.nix
@ -967,6 +968,7 @@
./services/security/vault.nix
./services/security/vaultwarden/default.nix
./services/security/yubikey-agent.nix
./services/system/cachix-agent/default.nix
./services/system/cloud-init.nix
./services/system/dbus.nix
./services/system/earlyoom.nix
@ -1187,6 +1189,7 @@
./tasks/powertop.nix
./testing/service-runner.nix
./virtualisation/anbox.nix
./virtualisation/build-vm.nix
./virtualisation/container-config.nix
./virtualisation/containerd.nix
./virtualisation/containers.nix

View file

@ -7,6 +7,7 @@ let
defaultProfile = filterAttrs (k: v: v != null) {
HomepageLocation = cfg.homepageLocation;
DefaultSearchProviderEnabled = cfg.defaultSearchProviderEnabled;
DefaultSearchProviderSearchURL = cfg.defaultSearchProviderSearchURL;
DefaultSearchProviderSuggestURL = cfg.defaultSearchProviderSuggestURL;
ExtensionInstallForcelist = cfg.extensions;
@ -50,6 +51,13 @@ in
example = "https://nixos.org";
};
defaultSearchProviderEnabled = mkOption {
type = types.nullOr types.bool;
description = "Enable the default search provider.";
default = null;
example = true;
};
defaultSearchProviderSearchURL = mkOption {
type = types.nullOr types.str;
description = "Chromium default search provider url.";

View file

@ -7,7 +7,7 @@ let
inherit (lib.modules) mkDefault mkIf;
inherit (lib.options) literalExpression mkEnableOption mkOption;
inherit (lib.strings) concatStringsSep optionalString toLower;
inherit (lib.types) addCheck attrsOf lines nullOr package path port str strMatching submodule;
inherit (lib.types) addCheck attrsOf lines nonEmptyStr nullOr package path port str strMatching submodule;
# Checks if given list of strings contains unique
# elements when compared without considering case.
@ -35,7 +35,7 @@ let
'';
};
options.server = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
example = "tsmserver.company.com";
description = ''
Host/domain name or IP address of the IBM TSM server.
@ -56,7 +56,7 @@ let
'';
};
options.node = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
example = "MY-TSM-NODE";
description = ''
Target node name on the IBM TSM server.
@ -144,7 +144,7 @@ let
};
config.name = mkDefault name;
# Client system-options file directives are explained here:
# https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.8/client/c_opt_usingopts.html
# https://www.ibm.com/docs/en/spectrum-protect/8.1.13?topic=commands-processing-options
config.extraConfig =
mapAttrs (lib.trivial.const mkDefault) (
{

View file

@ -17,35 +17,56 @@ with lib;
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
# Completely removed modules
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
(mkRemovedOptionModule [ "fonts" "fontconfig" "penultimate" ] "The corresponding package has removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
(mkRemovedOptionModule [ "hardware" "brightnessctl" ] ''
The brightnessctl module was removed because newer versions of
brightnessctl don't require the udev rules anymore (they can use the
systemd-logind API). Instead of using the module you can now
simply add the brightnessctl package to environment.systemPackages.
'')
(mkRemovedOptionModule [ "hardware" "u2f" ] ''
The U2F modules module was removed, as all it did was adding the
udev rules from libu2f-host to the system. Udev gained native support
to handle FIDO security tokens, so this isn't necessary anymore.
'')
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
(mkRemovedOptionModule [ "security" "hideProcessInformation" ] ''
The hidepid module was removed, since the underlying machinery
is broken when using cgroups-v2.
'')
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services" "cgmanager" "enable"] "cgmanager was deprecated by lxc and therefore removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "chronos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "couchpotato" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "deepin" ] "The corresponding packages were removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "dnscrypt-proxy" ] "Use services.dnscrypt-proxy2 instead")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule ["services" "cgmanager" "enable"] "cgmanager was deprecated by lxc and therefore removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services" "flashpolicyd" ] "The flashpolicyd module has been removed. Adobe Flash Player is deprecated.")
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")
(mkRemovedOptionModule [ "services" "meguca" ] "Use meguca has been removed from nixpkgs")
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mwlib" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''
services.xserver.multitouch (which uses xf86_input_mtrack) has been removed
as the underlying package isn't being maintained. Working alternatives are
libinput and synaptics.
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services" "prey" ] ''
prey-bash-client is deprecated upstream
'')
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
(mkRemovedOptionModule [ "services" "seeks" ] "")
(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "auto" ] ''
The services.xserver.displayManager.auto module has been removed
because it was only intended for use in internal NixOS tests, and gave the
@ -53,38 +74,13 @@ with lib;
LightDM. Please use the services.xserver.displayManager.autoLogin options
instead, or any other display manager in NixOS as they all support auto-login.
'')
(mkRemovedOptionModule [ "services" "dnscrypt-proxy" ] "Use services.dnscrypt-proxy2 instead")
(mkRemovedOptionModule [ "services" "meguca" ] "Use meguca has been removed from nixpkgs")
(mkRemovedOptionModule ["hardware" "brightnessctl" ] ''
The brightnessctl module was removed because newer versions of
brightnessctl don't require the udev rules anymore (they can use the
systemd-logind API). Instead of using the module you can now
simply add the brightnessctl package to environment.systemPackages.
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''
services.xserver.multitouch (which uses xf86_input_mtrack) has been removed
as the underlying package isn't being maintained. Working alternatives are
libinput and synaptics.
'')
(mkRemovedOptionModule [ "virtualisation" "rkt" ] "The rkt module has been removed, it was archived by upstream")
(mkRemovedOptionModule ["services" "prey" ] ''
prey-bash-client is deprecated upstream
'')
(mkRemovedOptionModule ["hardware" "u2f" ] ''
The U2F modules module was removed, as all it did was adding the
udev rules from libu2f-host to the system. Udev gained native support
to handle FIDO security tokens, so this isn't necessary anymore.
'')
(mkRemovedOptionModule [ "services" "seeks" ] "")
(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "flashpolicyd" ] "The flashpolicyd module has been removed. Adobe Flash Player is deprecated.")
(mkRemovedOptionModule [ "security" "hideProcessInformation" ] ''
The hidepid module was removed, since the underlying machinery
is broken when using cgroups-v2.
'')
(mkRemovedOptionModule ["services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
# Do NOT add any option renames here, see top of the file
];
}

View file

@ -30,7 +30,7 @@ let
}
trap 'on_exit' INT TERM QUIT EXIT
archiveName="${cfg.archiveBaseName}-$(date ${cfg.dateFormat})"
archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})"
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
${cfg.preHook}
'' + optionalString cfg.doInit ''
@ -60,7 +60,7 @@ let
'' + optionalString (cfg.prune.keep != { }) ''
borg prune $extraArgs \
${mkKeepArgs cfg} \
--prefix ${escapeShellArg cfg.prune.prefix} \
${optionalString (cfg.prune.prefix != null) "--prefix ${escapeShellArg cfg.prune.prefix} \\"}
$extraPruneArgs
${cfg.postPrune}
'';
@ -99,7 +99,18 @@ let
BORG_REPO = cfg.repo;
inherit (cfg) extraArgs extraInitArgs extraCreateArgs extraPruneArgs;
} // (mkPassEnv cfg) // cfg.environment;
inherit (cfg) startAt;
};
mkBackupTimers = name: cfg:
nameValuePair "borgbackup-job-${name}" {
description = "BorgBackup job ${name} timer";
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = cfg.persistentTimer;
OnCalendar = cfg.startAt;
};
# if remote-backup wait for network
after = optional (cfg.persistentTimer && !isLocalPath cfg.repo) "network-online.target";
};
# utility function around makeWrapper
@ -284,7 +295,7 @@ in {
};
archiveBaseName = mkOption {
type = types.strMatching "[^/{}]+";
type = types.nullOr (types.strMatching "[^/{}]+");
default = "${globalConfig.networking.hostName}-${name}";
defaultText = literalExpression ''"''${config.networking.hostName}-<name>"'';
description = ''
@ -292,6 +303,7 @@ in {
determined by <option>dateFormat</option>, will be appended. The full
name can be modified at runtime (<literal>$archiveName</literal>).
Placeholders like <literal>{hostname}</literal> must not be used.
Use <literal>null</literal> for no base name.
'';
};
@ -320,6 +332,19 @@ in {
'';
};
persistentTimer = mkOption {
default = false;
type = types.bool;
example = true;
description = literalDocBook ''
Set the <literal>persistentTimer</literal> option for the
<citerefentry><refentrytitle>systemd.timer</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
'';
};
user = mkOption {
type = types.str;
description = ''
@ -471,11 +496,11 @@ in {
};
prune.prefix = mkOption {
type = types.str;
type = types.nullOr (types.str);
description = ''
Only consider archive names starting with this prefix for pruning.
By default, only archives created by this job are considered.
Use <literal>""</literal> to consider all archives.
Use <literal>""</literal> or <literal>null</literal> to consider all archives.
'';
default = config.archiveBaseName;
defaultText = literalExpression "archiveBaseName";
@ -694,6 +719,10 @@ in {
# A repo named "foo" is mapped to systemd.services.borgbackup-repo-foo
// mapAttrs' mkRepoService repos;
# A job named "foo" is mapped to systemd.timers.borgbackup-job-foo
# only generate the timer if interval (startAt) is set
systemd.timers = mapAttrs' mkBackupTimers (filterAttrs (_: cfg: cfg.startAt != []) jobs);
users = mkMerge (mapAttrsToList mkUsersConfig repos);
environment.systemPackages = with pkgs; [ borgbackup ] ++ (mapAttrsToList mkBorgWrapper jobs);

View file

@ -5,7 +5,7 @@ let
inherit (lib.attrsets) hasAttr;
inherit (lib.modules) mkDefault mkIf;
inherit (lib.options) mkEnableOption mkOption;
inherit (lib.types) nullOr strMatching;
inherit (lib.types) nonEmptyStr nullOr;
options.services.tsmBackup = {
enable = mkEnableOption ''
@ -15,7 +15,7 @@ let
<option>programs.tsmClient.enable</option>
'';
command = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
default = "backup";
example = "incr";
description = ''
@ -24,7 +24,7 @@ let
'';
};
servername = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
example = "mainTsmServer";
description = ''
Create a systemd system service
@ -41,7 +41,7 @@ let
'';
};
autoTime = mkOption {
type = nullOr (strMatching ".+");
type = nullOr nonEmptyStr;
default = null;
example = "12:00";
description = ''
@ -87,16 +87,35 @@ in
environment.DSM_LOG = "/var/log/tsm-backup/";
# TSM needs a HOME dir to store certificates.
environment.HOME = "/var/lib/tsm-backup";
serviceConfig = {
# for exit status description see
# https://www.ibm.com/support/knowledgecenter/en/SSEQVQ_8.1.8/client/c_sched_rtncode.html
serviceConfig.SuccessExitStatus = "4 8";
# https://www.ibm.com/docs/en/spectrum-protect/8.1.13?topic=clients-client-return-codes
SuccessExitStatus = "4 8";
# The `-se` option must come after the command.
# The `-optfile` option suppresses a `dsm.opt`-not-found warning.
serviceConfig.ExecStart =
ExecStart =
"${cfgPrg.wrappedPackage}/bin/dsmc ${cfg.command} -se='${cfg.servername}' -optfile=/dev/null";
serviceConfig.LogsDirectory = "tsm-backup";
serviceConfig.StateDirectory = "tsm-backup";
serviceConfig.StateDirectoryMode = "0750";
LogsDirectory = "tsm-backup";
StateDirectory = "tsm-backup";
StateDirectoryMode = "0750";
# systemd sandboxing
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
#PrivateTmp = true; # would break backup of {/var,}/tmp
#PrivateUsers = true; # would block backup of /home/*
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = "read-only";
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectSystem = "strict";
RestrictNamespaces = true;
RestrictSUIDSGID = true;
};
startAt = mkIf (cfg.autoTime!=null) cfg.autoTime;
};
};

View file

@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.rstudio-server;
rserver-conf = builtins.toFile "rserver.conf" ''
server-working-dir=${cfg.serverWorkingDir}
www-address=${cfg.listenAddr}
${cfg.rserverExtraConfig}
'';
rsession-conf = builtins.toFile "rsession.conf" ''
${cfg.rsessionExtraConfig}
'';
in
{
meta.maintainers = with maintainers; [ jbedo cfhammill ];
options.services.rstudio-server = {
enable = mkEnableOption "RStudio server";
serverWorkingDir = mkOption {
type = types.str;
default = "/var/lib/rstudio-server";
description = ''
Default working directory for server (server-working-dir in rserver.conf).
'';
};
listenAddr = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Address to listen on (www-address in rserver.conf).
'';
};
package = mkOption {
type = types.package;
default = pkgs.rstudio-server;
defaultText = literalExpression "pkgs.rstudio-server";
example = literalExpression "pkgs.rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; }";
description = ''
Rstudio server package to use. Can be set to rstudioServerWrapper to provide packages.
'';
};
rserverExtraConfig = mkOption {
type = types.str;
default = "";
description = ''
Extra contents for rserver.conf.
'';
};
rsessionExtraConfig = mkOption {
type = types.str;
default = "";
description = ''
Extra contents for resssion.conf.
'';
};
};
config = mkIf cfg.enable
{
systemd.services.rstudio-server = {
description = "Rstudio server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartTriggers = [ rserver-conf rsession-conf ];
serviceConfig = {
Restart = "on-failure";
Type = "forking";
ExecStart = "${cfg.package}/bin/rserver";
StateDirectory = "rstudio-server";
RuntimeDirectory = "rstudio-server";
};
};
environment.etc = {
"rstudio/rserver.conf".source = rserver-conf;
"rstudio/rsession.conf".source = rsession-conf;
"pam.d/rstudio".source = "/etc/pam.d/login";
};
environment.systemPackages = [ cfg.package ];
users = {
users.rstudio-server = {
uid = config.ids.uids.rstudio-server;
description = "rstudio-server";
group = "rstudio-server";
};
groups.rstudio-server = {
gid = config.ids.gids.rstudio-server;
};
};
};
}

View file

@ -4,7 +4,8 @@ with lib;
let
cfg = config.services.thermald;
in {
in
{
###### interface
options = {
services.thermald = {
@ -41,6 +42,7 @@ in {
description = "Thermal Daemon Service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
PrivateNetwork = true;
ExecStart = ''
${cfg.package}/sbin/thermald \
--no-daemon \

View file

@ -84,7 +84,7 @@ in
} // (if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then {
# https://gitlab.com/ananicy-cpp/ananicy-cpp/-/blob/master/src/config.cpp#L12
loglevel = mkOD "warn"; # default is info but its spammy
cgroup_realtime_workaround = mkOD true;
cgroup_realtime_workaround = mkOD config.systemd.enableUnifiedCgroupHierarchy;
} else {
# https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf
check_disks_schedulers = mkOD true;

View file

@ -21,6 +21,8 @@ let
<para>
This must be in a format usable by findmnt; that could be a key=value
pair, or a bare path to a mount point.
Using bare paths will allow systemd to start the beesd service only
after mounting the associated path.
'';
example = "LABEL=MyBulkDataDrive";
};
@ -122,6 +124,7 @@ in
StartupIOWeight = 25;
SyslogIdentifier = "beesd"; # would otherwise be "bees-service-wrapper"
};
unitConfig.RequiresMountsFor = lib.mkIf (lib.hasPrefix "/" fs.spec) fs.spec;
wantedBy = [ "multi-user.target" ];
})
cfg.filesystems;

View file

@ -23,7 +23,7 @@ let
in
{
options.services.heisenbridge = {
enable = mkEnableOption "A bouncer-style Matrix IRC bridge";
enable = mkEnableOption "the Matrix to IRC bridge";
package = mkOption {
type = types.package;
@ -172,25 +172,39 @@ in
++ (map (lib.escapeShellArg) cfg.extraArgs)
);
ProtectHome = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
StateDirectory = "heisenbridge";
StateDirectoryMode = "755";
# Hardening options
User = "heisenbridge";
Group = "heisenbridge";
RuntimeDirectory = "heisenbridge";
RuntimeDirectoryMode = "0700";
StateDirectory = "heisenbridge";
StateDirectoryMode = "0755";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || cfg.identd.port < 1024) "CAP_NET_BIND_SERVICE";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictSUIDSGID = true;
PrivateMounts = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectHostname = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictNamespaces = true;
RemoveIPC = true;
UMask = "0077";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || (cfg.identd.enable && cfg.identd.port < 1024)) "CAP_NET_BIND_SERVICE";
AmbientCapabilities = CapabilityBoundingSet;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap";
SystemCallFilter = ["@system-service" "~@priviledged" "@chown"];
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_INET AF_INET6";
};

View file

@ -5,6 +5,8 @@ with lib;
let
cfg = config.services.mbpfan;
verbose = if cfg.verbose then "v" else "";
settingsFormat = pkgs.formats.ini {};
settingsFile = settingsFormat.generate "config.conf" cfg.settings;
in {
options.services.mbpfan = {
@ -19,54 +21,6 @@ in {
'';
};
minFanSpeed = mkOption {
type = types.int;
default = 2000;
description = ''
The minimum fan speed.
'';
};
maxFanSpeed = mkOption {
type = types.int;
default = 6200;
description = ''
The maximum fan speed.
'';
};
lowTemp = mkOption {
type = types.int;
default = 63;
description = ''
The low temperature.
'';
};
highTemp = mkOption {
type = types.int;
default = 66;
description = ''
The high temperature.
'';
};
maxTemp = mkOption {
type = types.int;
default = 86;
description = ''
The maximum temperature.
'';
};
pollingInterval = mkOption {
type = types.int;
default = 7;
description = ''
The polling interval.
'';
};
verbose = mkOption {
type = types.bool;
default = false;
@ -74,23 +28,61 @@ in {
If true, sets the log level to verbose.
'';
};
settings = mkOption {
default = {};
description = "The INI configuration for Mbpfan.";
type = types.submodule {
freeformType = settingsFormat.type;
options.general.min_fan1_speed = mkOption {
type = types.int;
default = 2000;
description = "The minimum fan speed.";
};
options.general.max_fan1_speed = mkOption {
type = types.int;
default = 6199;
description = "The maximum fan speed.";
};
options.general.low_temp = mkOption {
type = types.int;
default = 55;
description = "The low temperature.";
};
options.general.high_temp = mkOption {
type = types.int;
default = 58;
description = "The high temperature.";
};
options.general.max_temp = mkOption {
type = types.int;
default = 86;
description = "The maximum temperature.";
};
options.general.polling_interval = mkOption {
type = types.int;
default = 1;
description = "The polling interval.";
};
};
};
};
imports = [
(mkRenamedOptionModule [ "services" "mbpfan" "pollingInterval" ] [ "services" "mbpfan" "settings" "general" "polling_interval" ])
(mkRenamedOptionModule [ "services" "mbpfan" "maxTemp" ] [ "services" "mbpfan" "settings" "general" "max_temp" ])
(mkRenamedOptionModule [ "services" "mbpfan" "lowTemp" ] [ "services" "mbpfan" "settings" "general" "low_temp" ])
(mkRenamedOptionModule [ "services" "mbpfan" "highTemp" ] [ "services" "mbpfan" "settings" "general" "high_temp" ])
(mkRenamedOptionModule [ "services" "mbpfan" "minFanSpeed" ] [ "services" "mbpfan" "settings" "general" "min_fan1_speed" ])
(mkRenamedOptionModule [ "services" "mbpfan" "maxFanSpeed" ] [ "services" "mbpfan" "settings" "general" "max_fan1_speed" ])
];
config = mkIf cfg.enable {
boot.kernelModules = [ "coretemp" "applesmc" ];
environment = {
etc."mbpfan.conf".text = ''
[general]
min_fan_speed = ${toString cfg.minFanSpeed}
max_fan_speed = ${toString cfg.maxFanSpeed}
low_temp = ${toString cfg.lowTemp}
high_temp = ${toString cfg.highTemp}
max_temp = ${toString cfg.maxTemp}
polling_interval = ${toString cfg.pollingInterval}
'';
systemPackages = [ cfg.package ];
};
environment.etc."mbpfan.conf".source = settingsFile;
environment.systemPackages = [ cfg.package ];
systemd.services.mbpfan = {
description = "A fan manager daemon for MacBook Pro";

View file

@ -87,6 +87,22 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.settings != { }
-> (hasAttrByPath [ "dns" "bind_host" ] cfg.settings)
|| (hasAttrByPath [ "dns" "bind_hosts" ] cfg.settings);
message =
"AdGuard setting dns.bind_host or dns.bind_hosts needs to be configured for a minimal working configuration";
}
{
assertion = cfg.settings != { }
-> hasAttrByPath [ "dns" "bootstrap_dns" ] cfg.settings;
message =
"AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration";
}
];
systemd.services.adguardhome = {
description = "AdGuard Home: Network-level blocker";
after = [ "network.target" ];
@ -96,7 +112,7 @@ in {
StartLimitBurst = 10;
};
preStart = ''
preStart = optionalString (cfg.settings != { }) ''
if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \
&& [ "${toString cfg.mutableSettings}" = "1" ]; then
# Writing directly to AdGuardHome.yaml results in empty file

View file

@ -29,9 +29,9 @@ let
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
preStart = ''
install --owner ddclient -m600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf
install ${configFile} /run/${RuntimeDirectory}/ddclient.conf
${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
install --owner ddclient -m600 ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
install ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
'' else if (cfg.passwordFile != null) then ''
password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")")
sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf

View file

@ -0,0 +1,155 @@
{ config, lib, options, pkgs, ... }: let
cfg = config.services.ergochat;
in {
options = {
services.ergochat = {
enable = lib.mkEnableOption "Ergo IRC daemon";
openFilesLimit = lib.mkOption {
type = lib.types.int;
default = 1024;
description = ''
Maximum number of open files. Limits the clients and server connections.
'';
};
configFile = lib.mkOption {
type = lib.types.path;
default = (pkgs.formats.yaml {}).generate "ergo.conf" cfg.settings;
defaultText = "generated config file from <literal>.settings</literal>";
description = ''
Path to configuration file.
Setting this will skip any configuration done via <literal>.settings</literal>
'';
};
settings = lib.mkOption {
type = (pkgs.formats.yaml {}).type;
description = ''
Ergo IRC daemon configuration file.
https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
'';
default = {
network = {
name = "testnetwork";
};
server = {
name = "example.com";
listeners = {
":6667" = {};
};
casemapping = "permissive";
enforce-utf = true;
lookup-hostnames = false;
ip-cloaking = {
enabled = false;
};
forward-confirm-hostnames = false;
check-ident = false;
relaymsg = {
enabled = false;
};
max-sendq = "1M";
ip-limits = {
count = false;
throttle = false;
};
};
datastore = {
autoupgrade = true;
# this points to the StateDirectory of the systemd service
path = "/var/lib/ergo/ircd.db";
};
accounts = {
authentication-enabled = true;
registration = {
enabled = true;
allow-before-connect = true;
throttling = {
enabled = true;
duration = "10m";
max-attempts = 30;
};
bcrypt-cost = 4;
email-verification.enabled = false;
};
multiclient = {
enabled = true;
allowed-by-default = true;
always-on = "opt-out";
auto-away = "opt-out";
};
};
channels = {
default-modes = "+ntC";
registration = {
enabled = true;
};
};
limits = {
nicklen = 32;
identlen = 20;
channellen = 64;
awaylen = 390;
kicklen = 390;
topiclen = 390;
};
history = {
enabled = true;
channel-length = 2048;
client-length = 256;
autoresize-window = "3d";
autoreplay-on-join = 0;
chathistory-maxmessages = 100;
znc-maxmessages = 2048;
restrictions = {
expire-time = "1w";
query-cutoff = "none";
grace-period = "1h";
};
retention = {
allow-individual-delete = false;
enable-account-indexing = false;
};
tagmsg-storage = {
default = false;
whitelist = [
"+draft/react"
"+react"
];
};
};
};
};
};
};
config = lib.mkIf cfg.enable {
environment.etc."ergo.yaml".source = cfg.configFile;
# merge configured values with default values
services.ergochat.settings =
lib.mapAttrsRecursive (_: lib.mkDefault) options.services.ergochat.settings.default;
systemd.services.ergochat = {
description = "Ergo IRC daemon";
wantedBy = [ "multi-user.target" ];
# reload is not applying the changed config. further investigation is needed
# at some point this should be enabled, since we don't want to restart for
# every config change
# reloadIfChanged = true;
restartTriggers = [ cfg.configFile ];
serviceConfig = {
ExecStart = "${pkgs.ergochat}/bin/ergo run --conf /etc/ergo.yaml";
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
DynamicUser = true;
StateDirectory = "ergo";
LimitNOFILE = toString cfg.openFilesLimit;
};
};
};
meta.maintainers = with lib.maintainers; [ lassulus tv ];
}

View file

@ -1,74 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mailpile;
hostname = cfg.hostname;
port = cfg.port;
in
{
###### interface
options = {
services.mailpile = {
enable = mkEnableOption "Mailpile the mail client";
hostname = mkOption {
type = types.str;
default = "localhost";
description = "Listen to this hostname or ip.";
};
port = mkOption {
type = types.port;
default = 33411;
description = "Listen on this port.";
};
};
};
###### implementation
config = mkIf config.services.mailpile.enable {
users.users.mailpile =
{ uid = config.ids.uids.mailpile;
description = "Mailpile user";
createHome = true;
home = "/var/lib/mailpile";
};
users.groups.mailpile =
{ gid = config.ids.gids.mailpile;
};
systemd.services.mailpile =
{
description = "Mailpile server.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "mailpile";
ExecStart = "${pkgs.mailpile}/bin/mailpile --www ${hostname}:${port} --wait";
# mixed - first send SIGINT to main process,
# then after 2min send SIGKILL to whole group if neccessary
KillMode = "mixed";
KillSignal = "SIGINT"; # like Ctrl+C - safe mailpile shutdown
TimeoutSec = 120; # wait 2min untill SIGKILL
};
environment.MAILPILE_HOME = "/var/lib/mailpile/.local/share/Mailpile";
};
environment.systemPackages = [ pkgs.mailpile ];
};
}

View file

@ -136,7 +136,7 @@ let
+ concatStringsSep "\n"
(plainLines
++ optional (plainLines != []) ''
${pkgs.mosquitto}/bin/mosquitto_passwd -U "$file"
${cfg.package}/bin/mosquitto_passwd -U "$file"
''
++ hashedLines));
@ -444,6 +444,15 @@ let
globalOptions = with types; {
enable = mkEnableOption "the MQTT Mosquitto broker";
package = mkOption {
type = package;
default = pkgs.mosquitto;
defaultText = literalExpression "pkgs.mosquitto";
description = ''
Mosquitto package to use.
'';
};
bridges = mkOption {
type = attrsOf bridgeOptions;
default = {};
@ -556,7 +565,7 @@ in
systemd.services.mosquitto = {
description = "Mosquitto MQTT Broker Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network-online.target" ];
serviceConfig = {
Type = "notify";
NotifyAccess = "main";
@ -565,7 +574,7 @@ in
RuntimeDirectory = "mosquitto";
WorkingDirectory = cfg.dataDir;
Restart = "on-failure";
ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${configFile}";
ExecStart = "${cfg.package}/bin/mosquitto -c ${configFile}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
# Hardening

View file

@ -26,6 +26,12 @@ in
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for nix-serve.";
};
secretKeyFile = mkOption {
type = types.nullOr types.str;
default = null;
@ -77,5 +83,9 @@ in
"NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
};
}

View file

@ -81,6 +81,7 @@ in
imports = [
(mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
(mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
(mkRenamedOptionModule [ "services" "openssh" "challengeResponseAuthentication" ] [ "services" "openssh" "kbdInteractiveAuthentication" ])
];
###### interface
@ -218,11 +219,11 @@ in
'';
};
challengeResponseAuthentication = mkOption {
kbdInteractiveAuthentication = mkOption {
type = types.bool;
default = true;
description = ''
Specifies whether challenge/response authentication is allowed.
Specifies whether keyboard-interactive authentication is allowed.
'';
};
@ -534,7 +535,7 @@ in
PermitRootLogin ${cfg.permitRootLogin}
GatewayPorts ${cfg.gatewayPorts}
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
KbdInteractiveAuthentication ${if cfg.kbdInteractiveAuthentication then "yes" else "no"}
PrintMotd no # handled by pam_motd

View file

@ -468,7 +468,7 @@ in {
default = false;
example = true;
description = ''
Whether to open the default ports in the firewall: TCP 22000 for transfers
Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers
and UDP 21027 for discovery.
If multiple users are running Syncthing on this machine, you will need
@ -504,7 +504,7 @@ in {
networking.firewall = mkIf cfg.openDefaultPorts {
allowedTCPPorts = [ 22000 ];
allowedUDPPorts = [ 21027 ];
allowedUDPPorts = [ 21027 22000 ];
};
systemd.packages = [ pkgs.syncthing ];

View file

@ -0,0 +1,57 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.cachix-agent;
in {
meta.maintainers = [ lib.maintainers.domenkozar ];
options.services.cachix-agent = {
enable = mkEnableOption "Cachix Deploy Agent: https://docs.cachix.org/deploy/";
name = mkOption {
type = types.str;
description = "Agent name, usually same as the hostname";
default = config.networking.hostName;
defaultText = "config.networking.hostName";
};
profile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Profile name, defaults to 'system' (NixOS).";
};
package = mkOption {
type = types.package;
default = pkgs.cachix;
defaultText = literalExpression "pkgs.cachix";
description = "Cachix Client package to use.";
};
credentialsFile = mkOption {
type = types.path;
default = "/etc/cachix-agent.token";
description = ''
Required file that needs to contain CACHIX_AGENT_TOKEN=...
'';
};
};
config = mkIf cfg.enable {
systemd.services.cachix-agent = {
description = "Cachix Deploy Agent";
after = ["network-online.target"];
path = [ config.nix.package ];
wantedBy = [ "multi-user.target" ];
# don't restart while changing
reloadIfChanged = true;
serviceConfig = {
Restart = "on-failure";
EnvironmentFile = cfg.credentialsFile;
ExecStart = "${cfg.package}/bin/cachix deploy agent ${cfg.name} ${if cfg.profile != null then profile else ""}";
};
};
};
}

View file

@ -24,8 +24,14 @@ let
$sudo ${pkgs.php}/bin/php artisan $*
'';
tlsEnabled = cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME;
in {
imports = [
(mkRemovedOptionModule [ "services" "bookstack" "extraConfig" ] "Use services.bookstack.config instead.")
(mkRemovedOptionModule [ "services" "bookstack" "cacheDir" ] "The cache directory is now handled automatically.")
];
options.services.bookstack = {
enable = mkEnableOption "BookStack";
@ -44,28 +50,38 @@ in {
appKeyFile = mkOption {
description = ''
A file containing the AppKey.
Used for encryption where needed. Can be generated with <code>head -c 32 /dev/urandom| base64</code> and must be prefixed with <literal>base64:</literal>.
A file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed. Can be
generated with <code>head -c 32 /dev/urandom | base64</code>.
'';
example = "/run/keys/bookstack-appkey";
type = types.path;
};
hostname = lib.mkOption {
type = lib.types.str;
default = if config.networking.domain != null then
config.networking.fqdn
else
config.networking.hostName;
defaultText = lib.literalExpression "config.networking.fqdn";
example = "bookstack.example.com";
description = ''
The hostname to serve BookStack on.
'';
};
appURL = mkOption {
description = ''
The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan bookstack:update-url https://old.example.com https://new.example.com</code>
'';
default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostname}";
defaultText = ''http''${lib.optionalString tlsEnabled "s"}://''${cfg.hostname}'';
example = "https://example.com";
type = types.str;
};
cacheDir = mkOption {
description = "BookStack cache directory";
default = "/var/cache/bookstack";
type = types.path;
};
dataDir = mkOption {
description = "BookStack data directory";
default = "/var/lib/bookstack";
@ -202,16 +218,59 @@ in {
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
ALLOWED_IFRAME_HOSTS="https://example.com"
WKHTMLTOPDF=/home/user/bins/wkhtmltopdf
config = mkOption {
type = with types;
attrsOf
(nullOr
(either
(oneOf [
bool
int
port
path
str
])
(submodule {
options = {
_secret = mkOption {
type = nullOr str;
description = ''
The path to a file containing the value the
option should be set to in the final
configuration file.
'';
};
};
})));
default = {};
example = literalExpression ''
{
ALLOWED_IFRAME_HOSTS = "https://example.com";
WKHTMLTOPDF = "/home/user/bins/wkhtmltopdf";
AUTH_METHOD = "oidc";
OIDC_NAME = "MyLogin";
OIDC_DISPLAY_NAME_CLAIMS = "name";
OIDC_CLIENT_ID = "bookstack";
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret"};
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
OIDC_ISSUER_DISCOVER = true;
}
'';
description = ''
Lines to be appended verbatim to the BookStack configuration.
Refer to <link xlink:href="https://www.bookstackapp.com/docs/"/> for details on supported values.
BookStack configuration options to set in the
<filename>.env</filename> file.
Refer to <link xlink:href="https://www.bookstackapp.com/docs/"/>
for details on supported values.
Settings containing secret data should be set to an attribute
set containing the attribute <literal>_secret</literal> - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting <filename>.env</filename> file, the
<literal>OIDC_CLIENT_SECRET</literal> key will be set to the
contents of the <filename>/run/keys/oidc_secret</filename>
file.
'';
};
@ -228,6 +287,30 @@ in {
}
];
services.bookstack.config = {
APP_KEY._secret = cfg.appKeyFile;
APP_URL = cfg.appURL;
DB_HOST = db.host;
DB_PORT = db.port;
DB_DATABASE = db.name;
DB_USERNAME = db.user;
MAIL_DRIVER = mail.driver;
MAIL_FROM_NAME = mail.fromName;
MAIL_FROM = mail.from;
MAIL_HOST = mail.host;
MAIL_PORT = mail.port;
MAIL_USERNAME = mail.user;
MAIL_ENCRYPTION = mail.encryption;
DB_PASSWORD._secret = db.passwordFile;
MAIL_PASSWORD._secret = mail.passwordFile;
APP_SERVICES_CACHE = "/run/bookstack/cache/services.php";
APP_PACKAGES_CACHE = "/run/bookstack/cache/packages.php";
APP_CONFIG_CACHE = "/run/bookstack/cache/config.php";
APP_ROUTES_CACHE = "/run/bookstack/cache/routes-v7.php";
APP_EVENTS_CACHE = "/run/bookstack/cache/events.php";
SESSION_SECURE_COOKIE = tlsEnabled;
};
environment.systemPackages = [ artisan ];
services.mysql = mkIf db.createLocally {
@ -258,24 +341,19 @@ in {
services.nginx = {
enable = mkDefault true;
virtualHosts.bookstack = mkMerge [ cfg.nginx {
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts.${cfg.hostname} = mkMerge [ cfg.nginx {
root = mkForce "${bookstack}/public";
extraConfig = optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;";
locations = {
"/" = {
index = "index.php";
extraConfig = ''try_files $uri $uri/ /index.php?$query_string;'';
tryFiles = "$uri $uri/ /index.php?$query_string";
};
"~ \.php$" = {
extraConfig = ''
try_files $uri $uri/ /index.php?$query_string;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
"~ \.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."bookstack".socket};
${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;"}
'';
};
"~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
@ -290,50 +368,54 @@ in {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = user;
WorkingDirectory = "${bookstack}";
RuntimeDirectory = "bookstack/cache";
RuntimeDirectoryMode = 0700;
};
script = ''
path = [ pkgs.replace-secret ];
script =
let
isSecret = v: isAttrs v && v ? _secret && isString v._secret;
bookstackEnvVars = lib.generators.toKeyValue {
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
mkValueString = v: with builtins;
if isInt v then toString v
else if isString v then v
else if true == v then "true"
else if false == v then "false"
else if isSecret v then v._secret
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
};
};
secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.config);
mkSecretReplacement = file: ''
replace-secret ${escapeShellArgs [ file file "${cfg.dataDir}/.env" ]}
'';
secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ {} null ])) cfg.config;
bookstackEnv = pkgs.writeText "bookstack.env" (bookstackEnvVars filteredConfig);
in ''
# error handling
set -euo pipefail
# set permissions
umask 077
# create .env file
echo "
APP_KEY=base64:$(head -n1 ${cfg.appKeyFile})
APP_URL=${cfg.appURL}
DB_HOST=${db.host}
DB_PORT=${toString db.port}
DB_DATABASE=${db.name}
DB_USERNAME=${db.user}
MAIL_DRIVER=${mail.driver}
MAIL_FROM_NAME=\"${mail.fromName}\"
MAIL_FROM=${mail.from}
MAIL_HOST=${mail.host}
MAIL_PORT=${toString mail.port}
${optionalString (mail.user != null) "MAIL_USERNAME=${mail.user};"}
${optionalString (mail.encryption != null) "MAIL_ENCRYPTION=${mail.encryption};"}
${optionalString (db.passwordFile != null) "DB_PASSWORD=$(head -n1 ${db.passwordFile})"}
${optionalString (mail.passwordFile != null) "MAIL_PASSWORD=$(head -n1 ${mail.passwordFile})"}
APP_SERVICES_CACHE=${cfg.cacheDir}/services.php
APP_PACKAGES_CACHE=${cfg.cacheDir}/packages.php
APP_CONFIG_CACHE=${cfg.cacheDir}/config.php
APP_ROUTES_CACHE=${cfg.cacheDir}/routes-v7.php
APP_EVENTS_CACHE=${cfg.cacheDir}/events.php
${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "SESSION_SECURE_COOKIE=true"}
${toString cfg.extraConfig}
" > "${cfg.dataDir}/.env"
install -T -m 0600 -o ${user} ${bookstackEnv} "${cfg.dataDir}/.env"
${secretReplacements}
if ! grep 'APP_KEY=base64:' "${cfg.dataDir}/.env" >/dev/null; then
sed -i 's/APP_KEY=/APP_KEY=base64:/' "${cfg.dataDir}/.env"
fi
# migrate db
${pkgs.php}/bin/php artisan migrate --force
# clear & create caches (needed in case of update)
${pkgs.php}/bin/php artisan cache:clear
${pkgs.php}/bin/php artisan config:clear
${pkgs.php}/bin/php artisan view:clear
'';
};
systemd.tmpfiles.rules = [
"d ${cfg.cacheDir} 0700 ${user} ${group} - -"
"d ${cfg.dataDir} 0710 ${user} ${group} - -"
"d ${cfg.dataDir}/public 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/public/uploads 0750 ${user} ${group} - -"

View file

@ -1,20 +1,14 @@
{ config, pkgs, lib, ... }:
let
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types maintainers recursiveUpdate;
inherit (lib) any attrValues concatMapStrings concatMapStringsSep flatten literalExpression;
inherit (lib) filterAttrs mapAttrs mapAttrs' mapAttrsToList nameValuePair optional optionalAttrs optionalString;
with lib;
cfg = migrateOldAttrs config.services.dokuwiki;
let
cfg = config.services.dokuwiki;
eachSite = cfg.sites;
user = "dokuwiki";
webserver = config.services.${cfg.webserver};
stateDir = hostName: "/var/lib/dokuwiki/${hostName}/data";
# Migrate config.services.dokuwiki.<hostName> to config.services.dokuwiki.sites.<hostName>
oldSites = filterAttrs (o: _: o != "sites" && o != "webserver");
migrateOldAttrs = cfg: cfg // { sites = cfg.sites // oldSites cfg; };
dokuwikiAclAuthConfig = hostName: cfg: pkgs.writeText "acl.auth-${hostName}.php" ''
# acl.auth.php
# <?php exit()?>
@ -257,10 +251,7 @@ in
options = {
services.dokuwiki = mkOption {
type = types.submodule {
# Used to support old interface
freeformType = types.attrsOf (types.submodule siteOpts);
# New interface
options.sites = mkOption {
type = types.attrsOf (types.submodule siteOpts);
default = {};
@ -301,8 +292,6 @@ in
}
]) eachSite);
warnings = mapAttrsToList (hostName: _: ''services.dokuwiki."${hostName}" is deprecated use services.dokuwiki.sites."${hostName}"'') (oldSites cfg);
services.phpfpm.pools = mapAttrs' (hostName: cfg: (
nameValuePair "dokuwiki-${hostName}" {
inherit user;

View file

@ -3,12 +3,25 @@
let
cfg = config.services.keycloak;
opt = options.services.keycloak;
inherit (lib) types mkOption concatStringsSep mapAttrsToList
escapeShellArg recursiveUpdate optionalAttrs boolToString mkOrder
sort filterAttrs concatMapStringsSep concatStrings mkIf
optionalString optionals mkDefault literalExpression hasSuffix
foldl' isAttrs filter attrNames elem literalDocBook
maintainers;
inherit (builtins) match typeOf;
in
{
options.services.keycloak = {
enable = lib.mkOption {
type = lib.types.bool;
options.services.keycloak =
let
inherit (types) bool str nullOr attrsOf path enum anything
package port;
in
{
enable = mkOption {
type = bool;
default = false;
example = true;
description = ''
@ -17,8 +30,8 @@ in
'';
};
bindAddress = lib.mkOption {
type = lib.types.str;
bindAddress = mkOption {
type = str;
default = "\${jboss.bind.address:0.0.0.0}";
example = "127.0.0.1";
description = ''
@ -29,8 +42,8 @@ in
'';
};
httpPort = lib.mkOption {
type = lib.types.str;
httpPort = mkOption {
type = str;
default = "\${jboss.http.port:80}";
example = "8080";
description = ''
@ -41,8 +54,8 @@ in
'';
};
httpsPort = lib.mkOption {
type = lib.types.str;
httpsPort = mkOption {
type = str;
default = "\${jboss.https.port:443}";
example = "8443";
description = ''
@ -53,9 +66,13 @@ in
'';
};
frontendUrl = lib.mkOption {
type = lib.types.str;
apply = x: if lib.hasSuffix "/" x then x else x + "/";
frontendUrl = mkOption {
type = str;
apply = x:
if x == "" || hasSuffix "/" x then
x
else
x + "/";
example = "keycloak.example.com/auth";
description = ''
The public URL used as base for all frontend requests. Should
@ -67,8 +84,8 @@ in
'';
};
forceBackendUrlToFrontendUrl = lib.mkOption {
type = lib.types.bool;
forceBackendUrlToFrontendUrl = mkOption {
type = bool;
default = false;
example = true;
description = ''
@ -86,8 +103,8 @@ in
'';
};
sslCertificate = lib.mkOption {
type = lib.types.nullOr lib.types.path;
sslCertificate = mkOption {
type = nullOr path;
default = null;
example = "/run/keys/ssl_cert";
description = ''
@ -99,8 +116,8 @@ in
'';
};
sslCertificateKey = lib.mkOption {
type = lib.types.nullOr lib.types.path;
sslCertificateKey = mkOption {
type = nullOr path;
default = null;
example = "/run/keys/ssl_key";
description = ''
@ -113,8 +130,8 @@ in
};
database = {
type = lib.mkOption {
type = lib.types.enum [ "mysql" "postgresql" ];
type = mkOption {
type = enum [ "mysql" "postgresql" ];
default = "postgresql";
example = "mysql";
description = ''
@ -122,8 +139,8 @@ in
'';
};
host = lib.mkOption {
type = lib.types.str;
host = mkOption {
type = str;
default = "localhost";
description = ''
Hostname of the database to connect to.
@ -137,27 +154,27 @@ in
mysql = 3306;
};
in
lib.mkOption {
type = lib.types.port;
mkOption {
type = port;
default = dbPorts.${cfg.database.type};
defaultText = lib.literalDocBook "default port of selected database";
defaultText = literalDocBook "default port of selected database";
description = ''
Port of the database to connect to.
'';
};
useSSL = lib.mkOption {
type = lib.types.bool;
useSSL = mkOption {
type = bool;
default = cfg.database.host != "localhost";
defaultText = lib.literalExpression ''config.${opt.database.host} != "localhost"'';
defaultText = literalExpression ''config.${opt.database.host} != "localhost"'';
description = ''
Whether the database connection should be secured by SSL /
TLS.
'';
};
caCert = lib.mkOption {
type = lib.types.nullOr lib.types.path;
caCert = mkOption {
type = nullOr path;
default = null;
description = ''
The SSL / TLS CA certificate that verifies the identity of the
@ -171,8 +188,8 @@ in
'';
};
createLocally = lib.mkOption {
type = lib.types.bool;
createLocally = mkOption {
type = bool;
default = true;
description = ''
Whether a database should be automatically created on the
@ -182,8 +199,8 @@ in
'';
};
username = lib.mkOption {
type = lib.types.str;
username = mkOption {
type = str;
default = "keycloak";
description = ''
Username to use when connecting to an external or manually
@ -198,8 +215,8 @@ in
'';
};
passwordFile = lib.mkOption {
type = lib.types.path;
passwordFile = mkOption {
type = path;
example = "/run/keys/db_password";
description = ''
File containing the database password.
@ -210,17 +227,17 @@ in
};
};
package = lib.mkOption {
type = lib.types.package;
package = mkOption {
type = package;
default = pkgs.keycloak;
defaultText = lib.literalExpression "pkgs.keycloak";
defaultText = literalExpression "pkgs.keycloak";
description = ''
Keycloak package to use.
'';
};
initialAdminPassword = lib.mkOption {
type = lib.types.str;
initialAdminPassword = mkOption {
type = str;
default = "changeme";
description = ''
Initial password set for the <literal>admin</literal>
@ -229,10 +246,24 @@ in
'';
};
extraConfig = lib.mkOption {
type = lib.types.attrs;
themes = mkOption {
type = attrsOf package;
default = { };
example = lib.literalExpression ''
description = ''
Additional theme packages for Keycloak. Each theme is linked into
subdirectory with a corresponding attribute name.
Theme packages consist of several subdirectories which provide
different theme types: for example, <literal>account</literal>,
<literal>login</literal> etc. After adding a theme to this option you
can select it by its name in Keycloak administration console.
'';
};
extraConfig = mkOption {
type = attrsOf anything;
default = { };
example = literalExpression ''
{
"subsystem=keycloak-server" = {
"spi=hostname" = {
@ -289,16 +320,46 @@ in
${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.database.caCert} -keystore $out -storepass notsosecretpassword -noprompt
'';
keycloakConfig' = builtins.foldl' lib.recursiveUpdate {
# Both theme and theme type directories need to be actual directories in one hierarchy to pass Keycloak checks.
themesBundle = pkgs.runCommand "keycloak-themes" { } ''
linkTheme() {
theme="$1"
name="$2"
mkdir "$out/$name"
for typeDir in "$theme"/*; do
if [ -d "$typeDir" ]; then
type="$(basename "$typeDir")"
mkdir "$out/$name/$type"
for file in "$typeDir"/*; do
ln -sn "$file" "$out/$name/$type/$(basename "$file")"
done
fi
done
}
mkdir -p "$out"
for theme in ${cfg.package}/themes/*; do
if [ -d "$theme" ]; then
linkTheme "$theme" "$(basename "$theme")"
fi
done
${concatStringsSep "\n" (mapAttrsToList (name: theme: "linkTheme ${theme} ${escapeShellArg name}") cfg.themes)}
'';
keycloakConfig' = foldl' recursiveUpdate
{
"interface=public".inet-address = cfg.bindAddress;
"socket-binding-group=standard-sockets"."socket-binding=http".port = cfg.httpPort;
"subsystem=keycloak-server"."spi=hostname" = {
"provider=default" = {
"subsystem=keycloak-server" = {
"spi=hostname"."provider=default" = {
enabled = true;
properties = {
inherit (cfg) frontendUrl forceBackendUrlToFrontendUrl;
};
};
"theme=defaults".dir = toString themesBundle;
};
"subsystem=datasources"."data-source=KeycloakDS" = {
max-pool-size = "20";
@ -306,7 +367,7 @@ in
password = "@db-password@";
};
} [
(lib.optionalAttrs (cfg.database.type == "postgresql") {
(optionalAttrs (cfg.database.type == "postgresql") {
"subsystem=datasources" = {
"jdbc-driver=postgresql" = {
driver-module-name = "org.postgresql";
@ -314,16 +375,16 @@ in
driver-xa-datasource-class-name = "org.postgresql.xa.PGXADataSource";
};
"data-source=KeycloakDS" = {
connection-url = "jdbc:postgresql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
connection-url = "jdbc:postgresql://${cfg.database.host}:${toString cfg.database.port}/keycloak";
driver-name = "postgresql";
"connection-properties=ssl".value = lib.boolToString cfg.database.useSSL;
} // (lib.optionalAttrs (cfg.database.caCert != null) {
"connection-properties=ssl".value = boolToString cfg.database.useSSL;
} // (optionalAttrs (cfg.database.caCert != null) {
"connection-properties=sslrootcert".value = cfg.database.caCert;
"connection-properties=sslmode".value = "verify-ca";
});
};
})
(lib.optionalAttrs (cfg.database.type == "mysql") {
(optionalAttrs (cfg.database.type == "mysql") {
"subsystem=datasources" = {
"jdbc-driver=mysql" = {
driver-module-name = "com.mysql";
@ -331,28 +392,40 @@ in
driver-class-name = "com.mysql.jdbc.Driver";
};
"data-source=KeycloakDS" = {
connection-url = "jdbc:mysql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
connection-url = "jdbc:mysql://${cfg.database.host}:${toString cfg.database.port}/keycloak";
driver-name = "mysql";
"connection-properties=useSSL".value = lib.boolToString cfg.database.useSSL;
"connection-properties=requireSSL".value = lib.boolToString cfg.database.useSSL;
"connection-properties=verifyServerCertificate".value = lib.boolToString cfg.database.useSSL;
"connection-properties=useSSL".value = boolToString cfg.database.useSSL;
"connection-properties=requireSSL".value = boolToString cfg.database.useSSL;
"connection-properties=verifyServerCertificate".value = boolToString cfg.database.useSSL;
"connection-properties=characterEncoding".value = "UTF-8";
valid-connection-checker-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker";
validate-on-match = true;
exception-sorter-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter";
} // (lib.optionalAttrs (cfg.database.caCert != null) {
} // (optionalAttrs (cfg.database.caCert != null) {
"connection-properties=trustCertificateKeyStoreUrl".value = "file:${mySqlCaKeystore}";
"connection-properties=trustCertificateKeyStorePassword".value = "notsosecretpassword";
});
};
})
(lib.optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
(optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
"socket-binding-group=standard-sockets"."socket-binding=https".port = cfg.httpsPort;
"core-service=management"."security-realm=UndertowRealm"."server-identity=ssl" = {
keystore-path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
keystore-password = "notsosecretpassword";
"subsystem=elytron" = mkOrder 900 {
"key-store=httpsKS" = mkOrder 900 {
path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
credential-reference.clear-text = "notsosecretpassword";
type = "JKS";
};
"key-manager=httpsKM" = mkOrder 901 {
key-store = "httpsKS";
credential-reference.clear-text = "notsosecretpassword";
};
"server-ssl-context=httpsSSC" = mkOrder 902 {
key-manager = "httpsKM";
};
};
"subsystem=undertow" = mkOrder 901 {
"server=default-server"."https-listener=https".ssl-context = "httpsSSC";
};
"subsystem=undertow"."server=default-server"."https-listener=https".security-realm = "UndertowRealm";
})
cfg.extraConfig
];
@ -441,39 +514,40 @@ in
# with `expression` to evaluate.
prefixExpression = string:
let
match = (builtins.match ''"\$\{.*}"'' string);
matchResult = match ''"\$\{.*}"'' string;
in
if match != null then
if matchResult != null then
"expression " + string
else
string;
writeAttribute = attribute: value:
let
type = builtins.typeOf value;
type = typeOf value;
in
if type == "set" then
let
names = builtins.attrNames value;
names = attrNames value;
in
builtins.foldl' (text: name: text + (writeAttribute "${attribute}.${name}" value.${name})) "" names
foldl' (text: name: text + (writeAttribute "${attribute}.${name}" value.${name})) "" names
else if value == null then ''
if (outcome == success) of ${path}:read-attribute(name="${attribute}")
${path}:undefine-attribute(name="${attribute}")
end-if
''
else if builtins.elem type [ "string" "path" "bool" ] then
else if elem type [ "string" "path" "bool" ] then
let
value' = if type == "bool" then lib.boolToString value else ''"${value}"'';
in ''
value' = if type == "bool" then boolToString value else ''"${value}"'';
in
''
if (result != ${prefixExpression value'}) of ${path}:read-attribute(name="${attribute}")
${path}:write-attribute(name=${attribute}, value=${value'})
end-if
''
else throw "Unsupported type '${type}' for path '${path}'!";
in
lib.concatStrings
(lib.mapAttrsToList
concatStrings
(mapAttrsToList
(attribute: value: (writeAttribute attribute value))
set);
@ -498,68 +572,78 @@ in
let
makeArg = attribute: value:
let
type = builtins.typeOf value;
type = typeOf value;
in
if type == "set" then
"${attribute} = { " + (makeArgList value) + " }"
else if builtins.elem type [ "string" "path" "bool" ] then
"${attribute} = ${if type == "bool" then lib.boolToString value else ''"${value}"''}"
else if elem type [ "string" "path" "bool" ] then
"${attribute} = ${if type == "bool" then boolToString value else ''"${value}"''}"
else if value == null then
""
else
throw "Unsupported type '${type}' for attribute '${attribute}'!";
in
lib.concatStringsSep ", " (lib.mapAttrsToList makeArg set);
concatStringsSep ", " (mapAttrsToList makeArg set);
/* Recurses into the `attrs` attrset, beginning at the path
resolved from `state.path ++ node`; if `node` is `null`,
starts from `state.path`. Only subattrsets that are JBoss
paths, i.e. follows the `key=value` format, are recursed
/* Recurses into the `nodeValue` attrset. Only subattrsets that
are JBoss paths, i.e. follows the `key=value` format, are recursed
into - the rest are considered JBoss attributes / maps.
*/
recurse = state: node:
recurse = nodePath: nodeValue:
let
path = state.path ++ (lib.optional (node != null) node);
nodeContent =
if isAttrs nodeValue && nodeValue._type or "" == "order" then
nodeValue.content
else
nodeValue;
isPath = name:
let
value = lib.getAttrFromPath (path ++ [ name ]) attrs;
value = nodeContent.${name};
in
if (builtins.match ".*([=]).*" name) == [ "=" ] then
if builtins.isAttrs value || value == null then
if (match ".*([=]).*" name) == [ "=" ] then
if isAttrs value || value == null then
true
else
throw "Parsing path '${lib.concatStringsSep "." (path ++ [ name ])}' failed: JBoss attributes cannot contain '='!"
throw "Parsing path '${concatStringsSep "." (nodePath ++ [ name ])}' failed: JBoss attributes cannot contain '='!"
else
false;
jbossPath = "/" + (lib.concatStringsSep "/" path);
nodeValue = lib.getAttrFromPath path attrs;
children = if !builtins.isAttrs nodeValue then {} else nodeValue;
subPaths = builtins.filter isPath (builtins.attrNames children);
jbossAttrs = lib.filterAttrs (name: _: !(isPath name)) children;
jbossPath = "/" + concatStringsSep "/" nodePath;
children = if !isAttrs nodeContent then { } else nodeContent;
subPaths = filter isPath (attrNames children);
getPriority = name:
let
value = children.${name};
in
state // {
text = state.text + (
if nodeValue != null then ''
if value._type or "" == "order" then value.priority else 1000;
orderedSubPaths = sort (a: b: getPriority a < getPriority b) subPaths;
jbossAttrs = filterAttrs (name: _: !(isPath name)) children;
text =
if nodeContent != null then
''
if (outcome != success) of ${jbossPath}:read-resource()
${jbossPath}:add(${makeArgList jbossAttrs})
end-if
'' + (writeAttributes jbossPath jbossAttrs)
else ''
'' + writeAttributes jbossPath jbossAttrs
else
''
if (outcome == success) of ${jbossPath}:read-resource()
${jbossPath}:remove()
end-if
'') + (builtins.foldl' recurse { text = ""; inherit path; } subPaths).text;
};
'';
in
(recurse { text = ""; path = []; } null).text;
text + concatMapStringsSep "\n" (name: recurse (nodePath ++ [ name ]) children.${name}) orderedSubPaths;
in
recurse [ ] attrs;
jbossCliScript = pkgs.writeText "jboss-cli-script" (mkJbossScript keycloakConfig');
keycloakConfig = pkgs.runCommand "keycloak-config" {
keycloakConfig = pkgs.runCommand "keycloak-config"
{
nativeBuildInputs = [ cfg.package ];
} ''
}
''
export JBOSS_BASE_DIR="$(pwd -P)";
export JBOSS_MODULEPATH="${cfg.package}/modules";
export JBOSS_LOG_DIR="$JBOSS_BASE_DIR/log";
@ -588,8 +672,8 @@ in
cp configuration/standalone.xml $out
'';
in
lib.mkIf cfg.enable {
mkIf cfg.enable
{
assertions = [
{
assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null);
@ -599,7 +683,7 @@ in
environment.systemPackages = [ cfg.package ];
systemd.services.keycloakPostgreSQLInit = lib.mkIf createLocalPostgreSQL {
systemd.services.keycloakPostgreSQLInit = mkIf createLocalPostgreSQL {
after = [ "postgresql.service" ];
before = [ "keycloak.service" ];
bindsTo = [ "postgresql.service" ];
@ -623,7 +707,7 @@ in
'';
};
systemd.services.keycloakMySQLInit = lib.mkIf createLocalMySQL {
systemd.services.keycloakMySQLInit = mkIf createLocalMySQL {
after = [ "mysql.service" ];
before = [ "keycloak.service" ];
bindsTo = [ "mysql.service" ];
@ -650,13 +734,16 @@ in
let
databaseServices =
if createLocalPostgreSQL then [
"keycloakPostgreSQLInit.service" "postgresql.service"
"keycloakPostgreSQLInit.service"
"postgresql.service"
]
else if createLocalMySQL then [
"keycloakMySQLInit.service" "mysql.service"
"keycloakMySQLInit.service"
"mysql.service"
]
else [ ];
in {
in
{
after = databaseServices;
bindsTo = databaseServices;
wantedBy = [ "multi-user.target" ];
@ -671,52 +758,16 @@ in
JBOSS_MODULEPATH = "${cfg.package}/modules";
};
serviceConfig = {
ExecStartPre = let
startPreFullPrivileges = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
umask u=rwx,g=,o=
install -T -m 0400 -o keycloak -g keycloak '${cfg.database.passwordFile}' /run/keycloak/secrets/db_password
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificate}' /run/keycloak/secrets/ssl_cert
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificateKey}' /run/keycloak/secrets/ssl_key
'';
startPre = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
umask u=rwx,g=,o=
install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration
install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml
replace-secret '@db-password@' '/run/keycloak/secrets/db_password' /run/keycloak/configuration/standalone.xml
export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration
add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
pushd /run/keycloak/ssl/
cat /run/keycloak/secrets/ssl_cert <(echo) \
/run/keycloak/secrets/ssl_key <(echo) \
/etc/ssl/certs/ca-certificates.crt \
> allcerts.pem
openssl pkcs12 -export -in /run/keycloak/secrets/ssl_cert -inkey /run/keycloak/secrets/ssl_key -chain \
-name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \
-CAfile allcerts.pem -passout pass:notsosecretpassword
popd
'';
in [
"+${pkgs.writeShellScript "keycloak-start-pre-full-privileges" startPreFullPrivileges}"
"${pkgs.writeShellScript "keycloak-start-pre" startPre}"
LoadCredential = [
"db_password:${cfg.database.passwordFile}"
] ++ optionals (cfg.sslCertificate != null && cfg.sslCertificateKey != null) [
"ssl_cert:${cfg.sslCertificate}"
"ssl_key:${cfg.sslCertificateKey}"
];
ExecStart = "${cfg.package}/bin/standalone.sh";
User = "keycloak";
Group = "keycloak";
DynamicUser = true;
RuntimeDirectory = map (p: "keycloak/" + p) [
"secrets"
"configuration"
"deployments"
"data"
@ -728,13 +779,39 @@ in
LogsDirectory = "keycloak";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
};
script = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
umask u=rwx,g=,o=
install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration
install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml
replace-secret '@db-password@' "$CREDENTIALS_DIRECTORY/db_password" /run/keycloak/configuration/standalone.xml
export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration
add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
'' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
pushd /run/keycloak/ssl/
cat "$CREDENTIALS_DIRECTORY/ssl_cert" <(echo) \
"$CREDENTIALS_DIRECTORY/ssl_key" <(echo) \
/etc/ssl/certs/ca-certificates.crt \
> allcerts.pem
openssl pkcs12 -export -in "$CREDENTIALS_DIRECTORY/ssl_cert" -inkey "$CREDENTIALS_DIRECTORY/ssl_key" -chain \
-name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \
-CAfile allcerts.pem -passout pass:notsosecretpassword
popd
'' + ''
${cfg.package}/bin/standalone.sh
'';
};
services.postgresql.enable = lib.mkDefault createLocalPostgreSQL;
services.mysql.enable = lib.mkDefault createLocalMySQL;
services.mysql.package = lib.mkIf createLocalMySQL pkgs.mariadb;
services.postgresql.enable = mkDefault createLocalPostgreSQL;
services.mysql.enable = mkDefault createLocalMySQL;
services.mysql.package = mkIf createLocalMySQL pkgs.mariadb;
};
meta.doc = ./keycloak.xml;
meta.maintainers = [ lib.maintainers.talyz ];
meta.maintainers = [ maintainers.talyz ];
}

View file

@ -85,7 +85,12 @@
The frontend URL is used as base for all frontend requests and
must be configured through <xref linkend="opt-services.keycloak.frontendUrl" />.
It should normally include a trailing <literal>/auth</literal>
(the default web context).
(the default web context). If you use a reverse proxy, you need
to set this option to <literal>""</literal>, so that frontend URL
is derived from HTTP headers. <literal>X-Forwarded-*</literal> headers
support also should be enabled, using <link
xlink:href="https://www.keycloak.org/docs/latest/server_installation/index.html#identifying-client-ip-addresses">
respective guidelines</link>.
</para>
<para>
@ -131,6 +136,17 @@
</warning>
</section>
<section xml:id="module-services-keycloak-themes">
<title>Themes</title>
<para>
You can package custom themes and make them visible to Keycloak via
<xref linkend="opt-services.keycloak.themes" />
option. See the <link xlink:href="https://www.keycloak.org/docs/latest/server_development/#_themes">
Themes section of the Keycloak Server Development Guide</link>
and respective NixOS option description for more information.
</para>
</section>
<section xml:id="module-services-keycloak-extra-config">
<title>Additional configuration</title>
<para>

View file

@ -181,7 +181,7 @@ in
description = ''
Plugins to add to the configuration. Overrides any installed if non-null.
This is a list of paths to .tar.gz files or derivations evaluating to
.tar.gz files. All entries will be passed to `mattermost plugin add`.
.tar.gz files.
'';
};

View file

@ -21,12 +21,10 @@ in {
type = settingsFormat.type;
example = literalExample ''
{
example = {
secret = "mysecret";
storeDir = "/srv/http/nginx/prosody-upload";
}
'';
};
defaultText = literalExpression ''
{

View file

@ -0,0 +1,80 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption types literalExpression;
cfg = config.services.timetagger;
in {
options = {
services.timetagger = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Tag your time, get the insight
<note><para>
This app does not do authentication.
You must setup authentication yourself or run it in an environment where
only allowed users have access.
</para></note>
'';
};
bindAddr = mkOption {
description = "Address to bind to.";
type = types.str;
default = "127.0.0.1";
};
port = mkOption {
description = "Port to bind to.";
type = types.port;
default = 8080;
};
package = mkOption {
description = ''
Use own package for starting timetagger web application.
The ${literalExpression ''pkgs.timetagger''} package only provides a
"run.py" script for the actual package
${literalExpression ''pkgs.python3Packages.timetagger''}.
If you want to provide a "run.py" script for starting timetagger
yourself, you can do so with this option.
If you do so, the 'bindAddr' and 'port' options are ignored.
'';
default = pkgs.timetagger.override { addr = cfg.bindAddr; port = cfg.port; };
defaultText = literalExpression ''
pkgs.timetagger.override {
addr = ${cfg.bindAddr};
port = ${cfg.port};
};
'';
type = types.package;
};
};
};
config = mkIf cfg.enable {
systemd.services.timetagger = {
description = "Timetagger service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "timetagger";
Group = "timetagger";
StateDirectory = "timetagger";
ExecStart = "${cfg.package}/bin/timetagger";
Restart = "on-failure";
RestartSec = 1;
};
};
};
}

View file

@ -136,7 +136,7 @@ in
# session requirements
cinnamon-screensaver
# cinnamon-killer-daemon: provided by cinnamon-common
gnome.networkmanagerapplet # session requirement - also nm-applet not needed
networkmanagerapplet # session requirement - also nm-applet not needed
# For a polkit authentication agent
polkit_gnome
@ -145,7 +145,7 @@ in
nemo
cinnamon-control-center
cinnamon-settings-daemon
gnome.libgnomekbd
libgnomekbd
orca
# theme

View file

@ -18,11 +18,13 @@ my $startListFile = "/run/nixos/start-list";
my $restartListFile = "/run/nixos/restart-list";
my $reloadListFile = "/run/nixos/reload-list";
# Parse restart/reload requests by the activation script
# Parse restart/reload requests by the activation script.
# Activation scripts may write newline-separated units to this
# file and switch-to-configuration will handle them. While
# `stopIfChanged = true` is ignored, switch-to-configuration will
# handle `restartIfChanged = false` and `reloadIfChanged = true`.
my $restartByActivationFile = "/run/nixos/activation-restart-list";
my $reloadByActivationFile = "/run/nixos/activation-reload-list";
my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list";
my $dryReloadByActivationFile = "/run/nixos/dry-activation-reload-list";
make_path("/run/nixos", { mode => oct(755) });
@ -382,7 +384,6 @@ sub filterUnits {
}
my @unitsToStopFiltered = filterUnits(\%unitsToStop);
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
# Show dry-run actions.
@ -395,21 +396,39 @@ if ($action eq "dry-activate") {
print STDERR "would activate the configuration...\n";
system("$out/dry-activate", "$out");
$unitsToRestart{$_} = 1 foreach
split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "");
# Handle the activation script requesting the restart or reload of a unit.
foreach (split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "")) {
my $unit = $_;
my $baseUnit = $unit;
my $newUnitFile = "$out/etc/systemd/system/$baseUnit";
$unitsToReload{$_} = 1 foreach
split('\n', read_file($dryReloadByActivationFile, err_mode => 'quiet') // "");
# Detect template instances.
if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) {
$baseUnit = "$1\@.$2";
$newUnitFile = "$out/etc/systemd/system/$baseUnit";
}
my $baseName = $baseUnit;
$baseName =~ s/\.[a-z]*$//;
# Start units if they were not active previously
if (not defined $activePrev->{$unit}) {
$unitsToStart{$unit} = 1;
next;
}
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
}
unlink($dryRestartByActivationFile);
print STDERR "would restart systemd\n" if $restartSystemd;
print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n"
if scalar(keys %unitsToReload) > 0;
print STDERR "would restart the following units: ", join(", ", sort(keys %unitsToRestart)), "\n"
if scalar(keys %unitsToRestart) > 0;
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
print STDERR "would start the following units: ", join(", ", @unitsToStartFiltered), "\n"
if scalar @unitsToStartFiltered;
unlink($dryRestartByActivationFile);
unlink($dryReloadByActivationFile);
exit 0;
}
@ -433,13 +452,31 @@ print STDERR "activating the configuration...\n";
system("$out/activate", "$out") == 0 or $res = 2;
# Handle the activation script requesting the restart or reload of a unit.
# We can only restart and reload (not stop/start) because the units to be
# stopped are already stopped before the activation script is run.
$unitsToRestart{$_} = 1 foreach
split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "");
foreach (split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "")) {
my $unit = $_;
my $baseUnit = $unit;
my $newUnitFile = "$out/etc/systemd/system/$baseUnit";
$unitsToReload{$_} = 1 foreach
split('\n', read_file($reloadByActivationFile, err_mode => 'quiet') // "");
# Detect template instances.
if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) {
$baseUnit = "$1\@.$2";
$newUnitFile = "$out/etc/systemd/system/$baseUnit";
}
my $baseName = $baseUnit;
$baseName =~ s/\.[a-z]*$//;
# Start units if they were not active previously
if (not defined $activePrev->{$unit}) {
$unitsToStart{$unit} = 1;
recordUnit($startListFile, $unit);
next;
}
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
}
# We can remove the file now because it has been propagated to the other restart/reload files
unlink($restartByActivationFile);
# Restart systemd if necessary. Note that this is done using the
# current version of systemd, just in case the new one has trouble
@ -480,7 +517,6 @@ if (scalar(keys %unitsToReload) > 0) {
print STDERR "reloading the following units: ", join(", ", sort(keys %unitsToReload)), "\n";
system("@systemd@/bin/systemctl", "reload", "--", sort(keys %unitsToReload)) == 0 or $res = 4;
unlink($reloadListFile);
unlink($reloadByActivationFile);
}
# Restart changed services (those that have to be restarted rather
@ -489,7 +525,6 @@ if (scalar(keys %unitsToRestart) > 0) {
print STDERR "restarting the following units: ", join(", ", sort(keys %unitsToRestart)), "\n";
system("@systemd@/bin/systemctl", "restart", "--", sort(keys %unitsToRestart)) == 0 or $res = 4;
unlink($restartListFile);
unlink($restartByActivationFile);
}
# Start all active targets, as well as changed units we stopped above.
@ -498,6 +533,7 @@ if (scalar(keys %unitsToRestart) > 0) {
# that are symlinks to other units. We shouldn't start both at the
# same time because we'll get a "Failed to add path to set" error from
# systemd.
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
print STDERR "starting the following units: ", join(", ", @unitsToStartFiltered), "\n"
if scalar @unitsToStartFiltered;
system("@systemd@/bin/systemctl", "start", "--", sort(keys %unitsToStart)) == 0 or $res = 4;

View file

@ -148,7 +148,7 @@ in
system.build = mkOption {
internal = true;
default = {};
type = types.attrs;
type = types.lazyAttrsOf types.unspecified;
description = ''
Attribute set of derivations used to setup the system.
'';

View file

@ -0,0 +1,58 @@
{ config, extendModules, lib, ... }:
let
inherit (lib)
mkOption
;
vmVariant = extendModules {
modules = [ ./qemu-vm.nix ];
};
vmVariantWithBootLoader = vmVariant.extendModules {
modules = [
({ config, ... }: {
_file = "nixos/default.nix##vmWithBootLoader";
virtualisation.useBootLoader = true;
virtualisation.useEFIBoot =
config.boot.loader.systemd-boot.enable ||
config.boot.loader.efi.canTouchEfiVariables;
})
];
};
in
{
options = {
virtualisation.vmVariant = mkOption {
description = ''
Machine configuration to be added for the vm script produced by <literal>nixos-rebuild build-vm</literal>.
'';
inherit (vmVariant) type;
default = {};
visible = "shallow";
};
virtualisation.vmVariantWithBootLoader = mkOption {
description = ''
Machine configuration to be added for the vm script produced by <literal>nixos-rebuild build-vm-with-bootloader</literal>.
'';
inherit (vmVariantWithBootLoader) type;
default = {};
visible = "shallow";
};
};
config = {
system.build = {
vm = lib.mkDefault config.virtualisation.vmVariant.system.build.vm;
vmWithBootLoader = lib.mkDefault config.virtualisation.vmVariantWithBootLoader.system.build.vm;
};
};
# uses extendModules
meta.buildDocsInSandbox = false;
}

View file

@ -0,0 +1,57 @@
import ./make-test-python.nix {
name = "adguardhome";
nodes = {
minimalConf = { ... }: {
services.adguardhome = { enable = true; };
};
declarativeConf = { ... }: {
services.adguardhome = {
enable = true;
mutableSettings = false;
settings = {
dns = {
bind_host = "0.0.0.0";
bootstrap_dns = "127.0.0.1";
};
};
};
};
mixedConf = { ... }: {
services.adguardhome = {
enable = true;
mutableSettings = true;
settings = {
dns = {
bind_host = "0.0.0.0";
bootstrap_dns = "127.0.0.1";
};
};
};
};
};
testScript = ''
with subtest("Minimal config test"):
minimalConf.wait_for_unit("adguardhome.service")
minimalConf.wait_for_open_port(3000)
with subtest("Declarative config test, DNS will be reachable"):
declarativeConf.wait_for_unit("adguardhome.service")
declarativeConf.wait_for_open_port(53)
declarativeConf.wait_for_open_port(3000)
with subtest("Mixed config test, check whether merging works"):
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(53)
mixedConf.wait_for_open_port(3000)
# Test whether merging works properly, even if nothing is changed
mixedConf.systemctl("restart adguardhome.service")
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(3000)
'';
}

View file

@ -23,6 +23,7 @@ in
{
_3proxy = handleTest ./3proxy.nix {};
acme = handleTest ./acme.nix {};
adguardhome = handleTest ./adguardhome.nix {};
aesmd = handleTest ./aesmd.nix {};
agda = handleTest ./agda.nix {};
airsonic = handleTest ./airsonic.nix {};
@ -103,6 +104,7 @@ in
discourse = handleTest ./discourse.nix {};
dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {};
dnscrypt-wrapper = handleTestOn ["x86_64-linux"] ./dnscrypt-wrapper {};
dnsdist = handleTest ./dnsdist.nix {};
doas = handleTest ./doas.nix {};
docker = handleTestOn ["x86_64-linux"] ./docker.nix {};
docker-rootless = handleTestOn ["x86_64-linux"] ./docker-rootless.nix {};
@ -125,6 +127,7 @@ in
enlightenment = handleTest ./enlightenment.nix {};
env = handleTest ./env.nix {};
ergo = handleTest ./ergo.nix {};
ergochat = handleTest ./ergochat.nix {};
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
etebase-server = handleTest ./etebase-server.nix {};
@ -397,7 +400,6 @@ in
prometheus = handleTest ./prometheus.nix {};
prometheus-exporters = handleTest ./prometheus-exporters.nix {};
prosody = handleTest ./xmpp/prosody.nix {};
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
proxy = handleTest ./proxy.nix {};
prowlarr = handleTest ./prowlarr.nix {};
pt2-clone = handleTest ./pt2-clone.nix {};
@ -474,11 +476,13 @@ in
taskserver = handleTest ./taskserver.nix {};
telegraf = handleTest ./telegraf.nix {};
teleport = handleTest ./teleport.nix {};
thelounge = handleTest ./thelounge.nix {};
tiddlywiki = handleTest ./tiddlywiki.nix {};
tigervnc = handleTest ./tigervnc.nix {};
timezone = handleTest ./timezone.nix {};
tinc = handleTest ./tinc {};
tinydns = handleTest ./tinydns.nix {};
tinywl = handleTest ./tinywl.nix {};
tor = handleTest ./tor.nix {};
# traefik test relies on docker-containers
traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {};
@ -487,6 +491,7 @@ in
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
tsm-client-gui = handleTest ./tsm-client-gui.nix {};
txredisapi = handleTest ./txredisapi.nix {};
tuptime = handleTest ./tuptime.nix {};
turbovnc-headless-server = handleTest ./turbovnc-headless-server.nix {};

View file

@ -106,7 +106,7 @@ in {
services.openssh = {
enable = true;
passwordAuthentication = false;
challengeResponseAuthentication = false;
kbdInteractiveAuthentication = false;
};
services.borgbackup.repos.repo1 = {

View file

@ -53,7 +53,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
services.openssh = {
enable = true;
passwordAuthentication = false;
challengeResponseAuthentication = false;
kbdInteractiveAuthentication = false;
};
services.btrbk = {
extraPackages = [ pkgs.lz4 ];

View file

@ -0,0 +1,48 @@
import ./make-test-python.nix (
{ pkgs, ... }: {
name = "dnsdist";
meta = with pkgs.lib; {
maintainers = with maintainers; [ jojosch ];
};
machine = { pkgs, lib, ... }: {
services.bind = {
enable = true;
extraOptions = "empty-zones-enable no;";
zones = lib.singleton {
name = ".";
master = true;
file = pkgs.writeText "root.zone" ''
$TTL 3600
. IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d )
. IN NS ns.example.org.
ns.example.org. IN A 192.168.0.1
ns.example.org. IN AAAA abcd::1
1.0.168.192.in-addr.arpa IN PTR ns.example.org.
'';
};
};
services.dnsdist = {
enable = true;
listenPort = 5353;
extraConfig = ''
newServer({address="127.0.0.1:53", name="local-bind"})
'';
};
environment.systemPackages = with pkgs; [ dig ];
};
testScript = ''
machine.wait_for_unit("bind.service")
machine.wait_for_open_port(53)
machine.succeed("dig @127.0.0.1 +short -x 192.168.0.1 | grep -qF ns.example.org")
machine.wait_for_unit("dnsdist.service")
machine.wait_for_open_port(5353)
machine.succeed("dig @127.0.0.1 -p 5353 +short -x 192.168.0.1 | grep -qF ns.example.org")
'';
}
)

View file

@ -0,0 +1,97 @@
let
clients = [
"ircclient1"
"ircclient2"
];
server = "ergochat";
ircPort = 6667;
channel = "nixos-cat";
iiDir = "/tmp/irc";
in
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "ergochat";
nodes = {
"${server}" = {
networking.firewall.allowedTCPPorts = [ ircPort ];
services.ergochat = {
enable = true;
settings.server.motd = pkgs.writeText "ergo.motd" ''
The default MOTD doesn't contain the word "nixos" in it.
This one does.
'';
};
};
} // lib.listToAttrs (builtins.map (client: lib.nameValuePair client {
imports = [
./common/user-account.nix
];
systemd.services.ii = {
requires = [ "network.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "simple";
ExecPreStartPre = "mkdir -p ${iiDir}";
ExecStart = ''
${lib.getBin pkgs.ii}/bin/ii -n ${client} -s ${server} -i ${iiDir}
'';
User = "alice";
};
};
}) clients);
testScript =
let
msg = client: "Hello, my name is ${client}";
clientScript = client: [
''
${client}.wait_for_unit("network.target")
${client}.systemctl("start ii")
${client}.wait_for_unit("ii")
${client}.wait_for_file("${iiDir}/${server}/out")
''
# look for the custom text in the MOTD.
''
${client}.wait_until_succeeds("grep 'nixos' ${iiDir}/${server}/out")
''
# wait until first PING from server arrives before joining,
# so we don't try it too early
''
${client}.wait_until_succeeds("grep 'PING' ${iiDir}/${server}/out")
''
# join ${channel}
''
${client}.succeed("echo '/j #${channel}' > ${iiDir}/${server}/in")
${client}.wait_for_file("${iiDir}/${server}/#${channel}/in")
''
# send a greeting
''
${client}.succeed(
"echo '${msg client}' > ${iiDir}/${server}/#${channel}/in"
)
''
# check that all greetings arrived on all clients
] ++ builtins.map (other: ''
${client}.succeed(
"grep '${msg other}$' ${iiDir}/${server}/#${channel}/out"
)
'') clients;
# foldl', but requires a non-empty list instead of a start value
reduce = f: list:
builtins.foldl' f (builtins.head list) (builtins.tail list);
in ''
start_all()
${server}.systemctl("status ergochat")
${server}.wait_for_open_port(${toString ircPort})
# run clientScript for all clients so that every list
# entry is executed by every client before advancing
# to the next one.
'' + lib.concatStrings
(reduce
(lib.zipListsWith (cs: c: cs + c))
(builtins.map clientScript clients));
})

View file

@ -18,6 +18,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
enable = true;
user = "alice";
};
# Catch GDM failures that don't happen with AutomaticLoginEnable, e.g. https://github.com/NixOS/nixpkgs/issues/149539
gdm.autoLogin.delay = 1;
};
services.xserver.desktopManager.gnome.enable = true;

View file

@ -17,7 +17,7 @@ in {
};
services.openssh.enable = true;
services.openssh.challengeResponseAuthentication = false;
services.openssh.kbdInteractiveAuthentication = false;
services.openssh.passwordAuthentication = false;
security.googleOsLogin.enable = true;

View file

@ -89,7 +89,7 @@ in
"""
Sends a message as Alice to Bob
"""
bob.execute("nc -lu ::0 1234 >/tmp/msg >&2 &")
bob.execute("nc -lu ::0 1234 >/tmp/msg &")
alice.sleep(1)
alice.succeed(f"echo '{msg}' | nc -uw 0 bob 1234")
bob.succeed(f"grep '{msg}' /tmp/msg")
@ -100,7 +100,7 @@ in
Starts eavesdropping on Alice and Bob
"""
match = "src host alice and dst host bob"
eve.execute(f"tcpdump -i br0 -c 1 -Avv {match} >/tmp/log >&2 &")
eve.execute(f"tcpdump -i br0 -c 1 -Avv {match} >/tmp/log &")
start_all()

View file

@ -14,7 +14,7 @@ import ../make-test-python.nix {
)
# Start the daemon and wait until it is ready
machine.execute("lorri daemon > lorri.stdout 2> lorri.stderr >&2 &")
machine.execute("lorri daemon > lorri.stdout 2> lorri.stderr &")
machine.wait_until_succeeds("grep --fixed-strings 'ready' lorri.stdout")
# Ping the daemon

View file

@ -40,15 +40,16 @@ in {
services.mysql = {
enable = true;
bind = "127.0.0.1";
package = pkgs.mariadb;
settings.mysqld = {
bind-address = "127.0.0.1";
# FIXME(@Ma27) Nextcloud isn't compatible with mariadb 10.6,
# this is a workaround.
# See https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/22
extraOptions = ''
innodb_read_only_compressed=0
'';
innodb_read_only_compressed = 0;
};
package = pkgs.mariadb;
initialScript = pkgs.writeText "mysql-init" ''
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'hunter2';
CREATE DATABASE IF NOT EXISTS nextcloud;

View file

@ -0,0 +1,30 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "rstudio-server-test";
meta.maintainers = with pkgs.lib.maintainers; [ jbedo cfhammill ];
nodes.machine = { config, lib, pkgs, ... }: {
services.rstudio-server.enable = true;
};
nodes.customPackageMachine = { config, lib, pkgs, ... }: {
services.rstudio-server = {
enable = true;
package = pkgs.rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; };
};
};
users.testuser = {
uid = 1000;
group = "testgroup";
};
groups.testgroup.gid = 1000;
testScript = ''
machine.wait_for_unit("rstudio-server.service")
machine.succeed("curl -f -vvv -s http://127.0.0.1:8787")
customPackageMachine.wait_for_unit("rstudio-server.service")
customPackageMachine.succeed("curl -f -vvv -s http://127.0.0.1:8787")
'';
})

View file

@ -45,6 +45,50 @@ import ./make-test-python.nix ({ pkgs, ...} : {
systemd.services.test.restartIfChanged = false;
};
restart-and-reload-by-activation-script.configuration = {
systemd.services = rec {
simple-service = {
# No wantedBy so we can check if the activation script restart triggers them
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.coreutils}/bin/true";
ExecReload = "${pkgs.coreutils}/bin/true";
};
};
simple-restart-service = simple-service // {
stopIfChanged = false;
};
simple-reload-service = simple-service // {
reloadIfChanged = true;
};
no-restart-service = simple-service // {
restartIfChanged = false;
};
};
system.activationScripts.restart-and-reload-test = {
supportsDryActivation = true;
deps = [];
text = ''
if [ "$NIXOS_ACTION" = dry-activate ]; then
f=/run/nixos/dry-activation-restart-list
else
f=/run/nixos/activation-restart-list
fi
cat <<EOF >> "$f"
simple-service.service
simple-restart-service.service
simple-reload-service.service
no-restart-service.service
EOF
'';
};
};
mount.configuration = {
systemd.mounts = [
{
@ -261,6 +305,32 @@ import ./make-test-python.nix ({ pkgs, ...} : {
assert_lacks(out, "as well:")
assert_contains(out, "would start the following units: test.service\n")
with subtest("restart and reload by activation script"):
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
assert_contains(out, "stopping the following units: test.service\n")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "restarting the following units:")
assert_contains(out, "\nstarting the following units: no-restart-service.service, simple-reload-service.service, simple-restart-service.service, simple-service.service\n")
assert_lacks(out, "as well:")
# Switch to the same system where the example services get restarted
# by the activation script
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_contains(out, "reloading the following units: simple-reload-service.service\n")
assert_contains(out, "restarting the following units: simple-restart-service.service, simple-service.service\n")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "as well:")
# The same, but in dry mode
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script", action="dry-activate")
assert_lacks(out, "would stop the following units:")
assert_lacks(out, "would NOT stop the following changed units:")
assert_contains(out, "would reload the following units: simple-reload-service.service\n")
assert_contains(out, "would restart the following units: simple-restart-service.service, simple-service.service\n")
assert_lacks(out, "\nwould start the following units:")
assert_lacks(out, "as well:")
with subtest("mounts"):
switch_to_specialisation("${machine}", "mount")
out = machine.succeed("mount | grep 'on /testmount'")

View file

@ -161,6 +161,7 @@ in {
# NOTE: please keep in mind that the trailing whitespaces in the following strings
# are intentional as the output is compared against the raw `iproute2`-output.
# editorconfig-checker-disable
client_ipv4_table = """
192.168.1.2 dev vrf1 proto static metric 100
192.168.2.3 dev vrf2 proto static metric 100
@ -177,6 +178,7 @@ in {
local 192.168.2.1 dev eth2 proto kernel scope host src 192.168.2.1
broadcast 192.168.2.255 dev eth2 proto kernel scope link src 192.168.2.1
""".strip()
# editorconfig-checker-enable
# Check that networkd properly configures the main routing table
# and the routing tables for the VRF.

View file

@ -0,0 +1,29 @@
import ./make-test-python.nix {
nodes = {
private = { config, pkgs, ... }: {
services.thelounge = {
enable = true;
plugins = [ pkgs.theLoungePlugins.themes.solarized ];
};
};
public = { config, pkgs, ... }: {
services.thelounge = {
enable = true;
public = true;
};
};
};
testScript = ''
start_all()
for machine in machines:
machine.wait_for_unit("thelounge.service")
machine.wait_for_open_port(9000)
private.wait_until_succeeds("journalctl -u thelounge.service | grep thelounge-theme-solarized")
private.wait_until_succeeds("journalctl -u thelounge.service | grep 'in private mode'")
public.wait_until_succeeds("journalctl -u thelounge.service | grep 'in public mode'")
'';
}

View file

@ -0,0 +1,56 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
{
name = "tinywl";
meta = {
maintainers = with lib.maintainers; [ primeos ];
};
machine = { config, ... }: {
# Automatically login on tty1 as a normal user:
imports = [ ./common/user-account.nix ];
services.getty.autologinUser = "alice";
environment = {
systemPackages = with pkgs; [ tinywl foot wayland-utils ];
};
# Automatically start TinyWL when logging in on tty1:
programs.bash.loginShellInit = ''
if [ "$(tty)" = "/dev/tty1" ]; then
set -e
test ! -e /tmp/tinywl.log # Only start tinywl once
readonly TEST_CMD="wayland-info |& tee /tmp/test-wayland.out && touch /tmp/test-wayland-exit-ok; read"
readonly FOOT_CMD="foot sh -c '$TEST_CMD'"
tinywl -s "$FOOT_CMD" |& tee /tmp/tinywl.log
touch /tmp/tinywl-exit-ok
fi
'';
# Switch to a different GPU driver (default: -vga std), otherwise TinyWL segfaults:
virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
};
testScript = { nodes, ... }: ''
start_all()
machine.wait_for_unit("multi-user.target")
# Wait for complete startup:
machine.wait_until_succeeds("pgrep tinywl")
machine.wait_for_file("/run/user/1000/wayland-0")
machine.wait_until_succeeds("pgrep foot")
machine.wait_for_file("/tmp/test-wayland-exit-ok")
# Make a screenshot and save the result:
machine.screenshot("tinywl_foot")
print(machine.succeed("cat /tmp/test-wayland.out"))
machine.copy_from_vm("/tmp/test-wayland.out")
# Terminate cleanly:
machine.send_key("alt-esc")
machine.wait_until_fails("pgrep foot")
machine.wait_until_fails("pgrep tinywl")
machine.wait_for_file("/tmp/tinywl-exit-ok")
machine.copy_from_vm("/tmp/tinywl.log")
'';
})

View file

@ -0,0 +1,57 @@
# The tsm-client GUI first tries to connect to a server.
# We can't simulate a server, so we just check if
# it reports the correct connection failure error.
# After that the test persuades the GUI
# to show its main application window
# and verifies some configuration information.
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "tsm-client";
enableOCR = true;
machine = { pkgs, ... }: {
imports = [ ./common/x11.nix ];
programs.tsmClient = {
enable = true;
package = pkgs.tsm-client-withGui;
defaultServername = "testserver";
servers.testserver = {
# 192.0.0.8 is a "dummy address" according to RFC 7600
server = "192.0.0.8";
node = "SOME-NODE";
passwdDir = "/tmp";
};
};
};
testScript = ''
machine.succeed("which dsmj") # fail early if this is missing
machine.wait_for_x()
machine.execute("DSM_LOG=/tmp dsmj -optfile=/dev/null >&2 &")
# does it report the "TCP/IP connection failure" error code?
machine.wait_for_window("IBM Spectrum Protect")
machine.wait_for_text("ANS2610S")
machine.send_key("esc")
# it asks to continue to restore a local backupset now;
# "yes" (return) leads to the main application window
machine.wait_for_text("backupset")
machine.send_key("ret")
# main window: navigate to "Connection Information"
machine.wait_for_text("Welcome")
machine.send_key("alt-f") # "File" menu
machine.send_key("c") # "Connection Information"
# "Connection Information" dialog box
machine.wait_for_window("Connection Information")
machine.wait_for_text("SOME-NODE")
machine.wait_for_text("${pkgs.tsm-client.passthru.unwrapped.version}")
machine.shutdown()
'';
meta.maintainers = [ lib.maintainers.yarny ];
})

View file

@ -1,92 +0,0 @@
import ../make-test-python.nix {
name = "prosody-mysql";
nodes = {
client = { nodes, pkgs, ... }: {
environment.systemPackages = [
(pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; })
];
networking.extraHosts = ''
${nodes.server.config.networking.primaryIPAddress} example.com
${nodes.server.config.networking.primaryIPAddress} conference.example.com
${nodes.server.config.networking.primaryIPAddress} uploads.example.com
'';
};
server = { config, pkgs, ... }: {
nixpkgs.overlays = [
(self: super: {
prosody = super.prosody.override {
withDBI = true;
withExtraLibs = [ pkgs.luaPackages.luadbi-mysql ];
};
})
];
networking.extraHosts = ''
${config.networking.primaryIPAddress} example.com
${config.networking.primaryIPAddress} conference.example.com
${config.networking.primaryIPAddress} uploads.example.com
'';
networking.firewall.enable = false;
services.prosody = {
enable = true;
# TODO: use a self-signed certificate
c2sRequireEncryption = false;
extraConfig = ''
storage = "sql"
sql = {
driver = "MySQL";
database = "prosody";
host = "mysql";
port = 3306;
username = "prosody";
password = "password123";
};
'';
virtualHosts.test = {
domain = "example.com";
enabled = true;
};
muc = [
{
domain = "conference.example.com";
}
];
uploadHttp = {
domain = "uploads.example.com";
};
};
};
mysql = { config, pkgs, ... }: {
networking.firewall.enable = false;
services.mysql = {
enable = true;
initialScript = pkgs.writeText "mysql_init.sql" ''
CREATE DATABASE prosody;
CREATE USER 'prosody'@'server' IDENTIFIED BY 'password123';
GRANT ALL PRIVILEGES ON prosody.* TO 'prosody'@'server';
FLUSH PRIVILEGES;
'';
package = pkgs.mariadb;
};
};
};
testScript = { nodes, ... }: ''
mysql.wait_for_unit("mysql.service")
server.wait_for_unit("prosody.service")
server.succeed('prosodyctl status | grep "Prosody is running"')
# set password to 'nothunter2' (it's asked twice)
server.succeed("yes nothunter2 | prosodyctl adduser cthon98@example.com")
# set password to 'y'
server.succeed("yes | prosodyctl adduser azurediamond@example.com")
# correct password to 'hunter2'
server.succeed("yes hunter2 | prosodyctl passwd azurediamond@example.com")
client.succeed("send-message")
server.succeed("prosodyctl deluser cthon98@example.com")
server.succeed("prosodyctl deluser azurediamond@example.com")
'';
}

View file

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchurl
, fetchpatch
, gettext
, ncurses
, gtkGUI ? false
@ -17,6 +18,16 @@ stdenv.mkDerivation rec {
sha256 = "0a8fwyxnc5qdxff8sl2sfsbnvgh6pkij4yafiln0fxgg6bal7knj";
};
patches = [
# Pull Gentoo fix for -fno-common toolchains. Upstream does not
# seem to have the contacts
(fetchpatch {
name = "fno-common.patch";
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-sound/aumix/files/aumix-2.9.1-fno-common.patch?id=496c9ec7355f06f6d1d19be780a6981503e6df1f";
sha256 = "0qwylhx1hawsmx1pc7ykrjq9phksc73dq9rss6ggq15n3ggnc95y";
})
];
buildInputs = [ gettext ncurses ]
++ lib.optionals gtkGUI [ pkg-config gtk2 ];

View file

@ -1,40 +1,46 @@
{ lib, stdenv, fetchFromGitHub, pkg-config, fetchzip
, libjack2, alsa-lib, freetype, libX11, libXrandr, libXinerama, libXext, libXcursor
, libGL, python3, ncurses, libusb1
, gtk3, webkitgtk, curl, xvfb-run, makeWrapper
# "Debug", or "Release"
, buildType ? "Release"
{ lib
, stdenv
, fetchFromGitHub
, fetchzip
, cmake
, pkg-config
, ninja
, makeWrapper
, libjack2
, alsa-lib
, alsa-tools
, freetype
, libusb1
, libX11
, libXrandr
, libXinerama
, libXext
, libXcursor
, libXScrnSaver
, libGL
, libxcb
, xcbutil
, libxkbcommon
, xcbutilkeysyms
, xcb-util-cursor
, gtk3
, webkitgtk
, python3
, curl
, pcre
, mount
, gnome
, Cocoa
, WebKit
, CoreServices
, CoreAudioKit
# It is not allowed to distribute binaries with the VST2 SDK plugin without a license
# (the author of Bespoke has such a licence but not Nix). VST3 should work out of the box.
# Read more in https://github.com/NixOS/nixpkgs/issues/145607
, enableVST2 ? false
}:
let
projucer = stdenv.mkDerivation rec {
pname = "projucer";
version = "5.4.7";
src = fetchFromGitHub {
owner = "juce-framework";
repo = "JUCE";
rev = version;
sha256= "0qpiqfwwpcghk7ij6w4vy9ywr3ryg7ppg77bmd7783kxg6zbhj8h";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
freetype libX11 libXrandr libXinerama libXext gtk3 webkitgtk
libjack2 curl
];
preBuild = ''
cd extras/Projucer/Builds/LinuxMakefile
'';
makeFlags = [ "CONFIG=${buildType}" ];
enableParallelBuilding = true;
installPhase = ''
mkdir -p $out/bin
cp -a build/Projucer $out/bin/Projucer
'';
};
# equal to vst-sdk in ../oxefmsynth/default.nix
vst-sdk = stdenv.mkDerivation rec {
name = "vstsdk3610_11_06_2018_build_37";
@ -50,70 +56,92 @@ let
in
stdenv.mkDerivation rec {
pname = "bespokesynth";
version = "1.0.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = "awwbees";
owner = "BespokeSynth";
repo = pname;
rev = "v${version}";
sha256 = "04b2m40jszphslkd4850jcb8qwls392lwy3lc6vlj01h4izvapqk";
sha256 = "sha256-PN0Q6/gI1PeMaF/8EZFGJdLR8JVHQZfWunAhOIQxkHw=";
fetchSubmodules = true;
};
configurePhase = ''
runHook preConfigure
cmakeBuildType = "Release";
export HOME=$(mktemp -d)
xvfb-run sh -e <<EOF
${projucer}/bin/Projucer --set-global-search-path linux defaultJuceModulePath ${projucer.src}/modules
${projucer}/bin/Projucer --resave BespokeSynth.jucer
EOF
cmakeFlags = lib.optionals enableVST2 [ "-DBESPOKE_VST2_SDK_LOCATION=${vst-sdk}/VST2_SDK" ];
runHook postConfigure
'';
CFLAGS = "-I${vst-sdk}/VST2_SDK";
nativeBuildInputs = [ python3 makeWrapper cmake pkg-config ninja ];
nativeBuildInputs = [ xvfb-run pkg-config python3 makeWrapper ];
buildInputs = [
libX11 libXrandr libXinerama libXext libXcursor freetype libGL
ncurses libusb1
alsa-lib libjack2
buildInputs = lib.optionals stdenv.hostPlatform.isLinux [
# List obtained in https://github.com/BespokeSynth/BespokeSynth/blob/main/azure-pipelines.yml
libX11
libXrandr
libXinerama
libXext
libXcursor
libXScrnSaver
curl
gtk3
webkitgtk
freetype
libGL
libusb1
alsa-lib
libjack2
gnome.zenity
alsa-tools
libxcb
xcbutil
libxkbcommon
xcbutilkeysyms
xcb-util-cursor
pcre
mount
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
Cocoa
WebKit
CoreServices
CoreAudioKit
];
preBuild = ''
cd Builds/LinuxMakefile
'';
makeFlags = [ "CONFIG=${buildType}" ];
enableParallelBuilding = true;
NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isDarwin (toString [
# Fails to find fp.h on its own
"-isystem ${CoreServices}/Library/Frameworks/CoreServices.framework/Versions/Current/Frameworks/CarbonCore.framework/Versions/Current/Headers/"
]);
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/share/bespokesynth $out/share/applications $out/share/icons/hicolor/512x512/apps
cp build/BespokeSynth $out/bin/
cp -ar ../MacOSX/build/Release/resource $out/share/bespokesynth/
postInstall =
if stdenv.hostPlatform.isDarwin then ''
mkdir -p $out/{Applications,bin}
mv Source/BespokeSynth_artefacts/${cmakeBuildType}/BespokeSynth.app $out/Applications/
# Symlinking confuses the resource finding about the actual location of the binary
# Resources are looked up relative to the executed file's location
makeWrapper $out/{Applications/BespokeSynth.app/Contents/MacOS,bin}/BespokeSynth
'' else ''
# Ensure zenity is available, or it won't be able to open new files.
# Ensure the python used for compilation is the same as the python used at run-time.
# jedi is also required for auto-completion.
# These X11 libs get dlopen'd, they cause visual bugs when unavailable.
wrapProgram $out/bin/BespokeSynth \
--run "cd $out/share/bespokesynth"
mkdir -p $out/share/applications/ $out/share/icons/hicolor/512x512/apps/
cp ../../bespoke_icon.png $out/share/icons/hicolor/512x512/apps/
substitute ../../BespokeSynth.desktop $out/share/applications/BespokseSynth.desktop \
--replace "/usr/bin/" ""
runHook postInstall
--prefix PATH : '${lib.makeBinPath [
gnome.zenity
(python3.withPackages (ps: with ps; [ jedi ]))
]}' \
--prefix LD_LIBRARY_PATH : '${lib.makeLibraryPath [
libXrandr
libXinerama
libXcursor
libXScrnSaver
]}'
'';
meta = with lib; {
description = "Software modular synth with controllers support, scripting and VST";
description =
"Software modular synth with controllers support, scripting and VST";
homepage = "https://github.com/awwbees/BespokeSynth";
license = with licenses; [
gpl3Plus
# This package is unfree and not distributable due to the license of VST2.
# see #145607
unfree
];
maintainers = with maintainers; [ astro ];
] ++ lib.optional enableVST2 unfree;
maintainers = with maintainers; [ astro tobiasBora OPNA2608 ];
platforms = platforms.all;
};
}

View file

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.49";
version = "1.50";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "sha256-DpEzilMERfbop7YYqNCcxSe1qfcz4n7Uqj/i5t5a6nQ=";
sha256 = "sha256-OURD8k8DIa1DddDng55HrzgAN95srW4wm7RD7DbiJLQ=";
};
# Adapt the linux-only CMakeLists to darwin (more reliable than make-macos.sh)

View file

@ -18,13 +18,13 @@ let
in
pythonPackages.buildPythonApplication rec {
pname = "picard";
version = "2.6.4";
version = "2.7.3";
src = fetchFromGitHub {
owner = "metabrainz";
repo = pname;
rev = "release-${version}";
sha256 = "0lm7s9jy7z4an3xxj3gnxxf2xx045i157qaxysbdhcq5lwlmznc7";
sha256 = "1f589nc2zxl9cjw0qh164z9sfq4xl052ihf2gn2dgr35g3ny16kh";
};
nativeBuildInputs = [ gettext qt5.wrapQtAppsHook qt5.qtbase ]
@ -45,6 +45,9 @@ pythonPackages.buildPythonApplication rec {
fasteners
mutagen
pyqt5
markdown
pyjwt
pyyaml
];
# In order to spare double wrapping, we use:

View file

@ -1,2 +0,0 @@
source 'https://rubygems.org'
gem 'pifi'

View file

@ -1,39 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
daemons (1.3.1)
eventmachine (1.2.7)
json (2.5.1)
mustermann (1.1.1)
ruby2_keywords (~> 0.0.1)
optimist (3.0.1)
pifi (0.4.11)
json (~> 2.2)
optimist (~> 3.0)
ruby-mpd (~> 0.3)
sinatra (~> 2.0)
thin (~> 1.7)
rack (2.2.3)
rack-protection (2.1.0)
rack
ruby-mpd (0.3.3)
ruby2_keywords (0.0.4)
sinatra (2.1.0)
mustermann (~> 1.0)
rack (~> 2.2)
rack-protection (= 2.1.0)
tilt (~> 2.0)
thin (1.8.0)
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0, >= 1.0.4)
rack (>= 1, < 3)
tilt (2.0.10)
PLATFORMS
ruby
DEPENDENCIES
pifi
BUNDLED WITH
2.1.4

View file

@ -1,18 +0,0 @@
{ lib, bundlerEnv, ruby }:
bundlerEnv rec {
pname = "pifi";
version = (import ./gemset.nix).pifi.version;
inherit ruby;
# expects Gemfile, Gemfile.lock and gemset.nix in the same directory
gemdir = ./.;
meta = with lib; {
description = "MPD web client to listen to radio, written in React and Sinatra";
homepage = "https://github.com/rccavalcanti/pifi-radio";
license = with licenses; gpl3Only;
maintainers = with maintainers; [ kmein ];
platforms = platforms.unix;
};
}

View file

@ -1,137 +0,0 @@
{
daemons = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0l5gai3vd4g7aqff0k1mp41j9zcsvm2rbwmqn115a325k9r7pf4w";
type = "gem";
};
version = "1.3.1";
};
eventmachine = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0wh9aqb0skz80fhfn66lbpr4f86ya2z5rx6gm5xlfhd05bj1ch4r";
type = "gem";
};
version = "1.2.7";
};
json = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0lrirj0gw420kw71bjjlqkqhqbrplla61gbv1jzgsz6bv90qr3ci";
type = "gem";
};
version = "2.5.1";
};
mustermann = {
dependencies = ["ruby2_keywords"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a";
type = "gem";
};
version = "1.1.1";
};
optimist = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1vg2chy1cfmdj6c1gryl8zvjhhmb3plwgyh1jfnpq4fnfqv7asrk";
type = "gem";
};
version = "3.0.1";
};
pifi = {
dependencies = ["json" "optimist" "ruby-mpd" "sinatra" "thin"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0xwjaql852m0p7himc3pak1ibc8lfxi29bbgic153wp713xc2cga";
type = "gem";
};
version = "0.4.11";
};
rack = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0i5vs0dph9i5jn8dfc6aqd6njcafmb20rwqngrf759c9cvmyff16";
type = "gem";
};
version = "2.2.3";
};
rack-protection = {
dependencies = ["rack"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "159a4j4kragqh0z0z8vrpilpmaisnlz3n7kgiyf16bxkwlb3qlhz";
type = "gem";
};
version = "2.1.0";
};
ruby-mpd = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0l80gbnma009pfcqgz4azbngkr5jn9nm46fflx5p7c4vz4kwshpc";
type = "gem";
};
version = "0.3.3";
};
ruby2_keywords = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "15wfcqxyfgka05v2a7kpg64x57gl1y4xzvnc9lh60bqx5sf1iqrs";
type = "gem";
};
version = "0.0.4";
};
sinatra = {
dependencies = ["mustermann" "rack" "rack-protection" "tilt"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0dd53rzpkxgs697pycbhhgc9vcnxra4ly4xar8ni6aiydx2f88zk";
type = "gem";
};
version = "2.1.0";
};
thin = {
dependencies = ["daemons" "eventmachine" "rack"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0g5p3r47qxxfmfagdf8wb68pd24938cgzdfn6pmpysrn296pg5m5";
type = "gem";
};
version = "1.8.0";
};
tilt = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv";
type = "gem";
};
version = "2.0.10";
};
}

View file

@ -2,12 +2,12 @@
let
pname = "plexamp";
version = "3.9.0";
version = "3.9.1";
src = fetchurl {
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
name="${pname}-${version}.AppImage";
sha512 = "2OaV8dONv7yBcQsfecgfedP2ypBN6svD9rgZLgUwSydyH2+rODNPne4O7z2Hahm7Y0Ae+NFxbpQ9lbNbX0vhsg==";
sha512 = "uassNLdCXx3WLarUMJNhU8fbXugG7yTLMQacPAszLoRdmbMwcN6wT7ED26VhlNVhY3xr02GjZSDw4/LADZWqKw==";
};
appimageContents = appimageTools.extractType2 {
@ -33,7 +33,7 @@ in appimageTools.wrapType2 {
meta = with lib; {
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
homepage = "https://plexamp.com/";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/36";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/37";
license = licenses.unfree;
maintainers = with maintainers; [ killercup synthetica ];
platforms = [ "x86_64-linux" ];

View file

@ -8,13 +8,13 @@
stdenv.mkDerivation rec {
pname = "pt2-clone";
version = "1.38";
version = "1.39";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "pt2-clone";
rev = "v${version}";
sha256 = "sha256-fnPYlZvCZYiKkQmp5bNtrqgZAkVtKLmLMcfkbbysMyU=";
sha256 = "sha256-ZmgsNp2fRebbLxSzzCsLdM6/7kBKo+YFUCdWLSYfI5A=";
};
nativeBuildInputs = [ cmake ];

View file

@ -1,5 +1,5 @@
{ stdenv, lib, pkg-config, fetchFromGitHub, sconsPackages
, python, glibmm, libpulseaudio, libao }:
, glibmm, libpulseaudio, libao }:
let
version = "unstable-2018-02-10";
@ -19,7 +19,7 @@ in stdenv.mkDerivation {
];
buildInputs = [
python glibmm libpulseaudio libao
glibmm libpulseaudio libao
];
# SConstruct patch

View file

@ -3,7 +3,7 @@
, fetchFromGitHub
, autoreconfHook
, alsa-lib
, python
, python3
, SDL
}:
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--enable-dependency-tracking" ]
++ lib.optional stdenv.isDarwin "--disable-sdltest";
nativeBuildInputs = [ autoreconfHook python ];
nativeBuildInputs = [ autoreconfHook python3 ];
buildInputs = [ SDL ] ++ lib.optional stdenv.isLinux alsa-lib;

View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "sfizz";
version = "1.1.1";
version = "1.2.0";
src = fetchFromGitHub {
owner = "sfztools";
repo = pname;
rev = version;
sha256 = "1gzpbns89j6ggzfjjvyhgigynsv20synrs7lmc32hwp4g73l0j7n";
sha256 = "sha256-biHsB49Ym9NU4tMOVnUNuIxPtpcIi6oCAS7JBPhxwec=";
fetchSubmodules = true;
};

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub , boost, cairomm, cmake, libsndfile, lv2, ntk, pkg-config, python }:
{ lib, stdenv, fetchFromGitHub , boost, cairomm, cmake, libsndfile, lv2, ntk, pkg-config }:
stdenv.mkDerivation rec {
pname = "sorcer";
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ boost cairomm libsndfile lv2 ntk python ];
buildInputs = [ boost cairomm libsndfile lv2 ntk ];
postPatch = ''
# Fix build with lv2 1.18: https://github.com/brummer10/guitarix/commit/c0334c72

View file

@ -1,7 +1,7 @@
{ lib, stdenv, fetchFromGitHub, makeWrapper
, shntool, cuetools
, flac, faac, mp4v2, wavpack, mac
, imagemagick, libiconv, enca, lame, pythonPackages, vorbis-tools
, imagemagick, libiconv, enca, lame, mutagen, vorbis-tools
, aacgain, mp3gain, vorbisgain
}:
@ -12,7 +12,7 @@ let
--prefix PATH : ${lib.makeBinPath [
shntool cuetools
flac faac mp4v2 wavpack mac
imagemagick libiconv enca lame pythonPackages.mutagen vorbis-tools
imagemagick libiconv enca lame mutagen vorbis-tools
aacgain mp3gain vorbisgain
]}
'';

View file

@ -21,19 +21,19 @@
stdenv.mkDerivation rec {
pname = "spot";
version = "0.2.2";
version = "0.3.0";
src = fetchFromGitHub {
owner = "xou816";
repo = "spot";
rev = version;
hash = "sha256-g0oVhlfez9i+Vv8lt/aNftCVqdgPMDySBBeLyOv7Zl8=";
hash = "sha256-An9PJsuXZkvJhP67cisWxFd2dpky53EY/xcR6StgWFY=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-n10aYzkRqEe1h2WPAfARjH79Npvv+3fdX9jCtxv2a34=";
hash = "sha256-2qMmPIBoZS6WT06VzCmnYWaIfLzWN2HUvk7y9GKuuXg=";
};
nativeBuildInputs = [

View file

@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec {
version = "20211016";
version = "20220107";
pname = "x42-plugins";
src = fetchurl {
url = "https://gareus.org/misc/x42-plugins/${pname}-${version}.tar.xz";
sha256 = "sha256-Z2lXaJweOPB9hWOuy2cx1P9/CAJ+IMc7JtPDKAg2boU=";
sha256 = "sha256-+lzgkRQHe6moid3h6az/iqt2XL5vbyM0BjSTwMBvd3I=";
};
nativeBuildInputs = [ pkg-config ];

View file

@ -26,7 +26,7 @@ buildDotnetModule rec {
makeWrapperArgs+=(--run "cd $out/lib/btcpayserver")
'';
postInstall = ''
postFixup = ''
mv $out/bin/{BTCPayServer,btcpayserver}
'';

View file

@ -4,7 +4,7 @@
, libsodium
, cmake
, substituteAll
, pythonPackages
, python3Packages
}:
stdenv.mkDerivation {
@ -23,7 +23,7 @@ stdenv.mkDerivation {
# prevent CMake from trying to get libraries on the Internet
(substituteAll {
src = ./dont_fetch_dependencies.patch;
pybind11_src = pythonPackages.pybind11.src;
pybind11_src = python3Packages.pybind11.src;
relic_src = fetchFromGitHub {
owner = "relic-toolkit";
repo = "relic";

View file

@ -17,7 +17,7 @@ buildDotnetModule rec {
dotnet-sdk = dotnetCorePackages.sdk_3_1;
dotnet-runtime = dotnetCorePackages.aspnetcore_3_1;
postInstall = ''
postFixup = ''
mv $out/bin/{NBXplorer,nbxplorer}
'';

View file

@ -36,7 +36,7 @@ buildDotnetModule rec {
)
'';
postInstall = ''
postFixup = ''
mv $out/bin/WalletWasabi.Backend $out/bin/WasabiBackend
'';

View file

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage.override { stdenv = stdenv; } rec {
pname = "zcash";
version = "4.5.1";
version = "4.6.0-1";
src = fetchFromGitHub {
owner = "zcash";
repo = "zcash";
rev = "v${version}";
sha256 = "0kyk3hv1y13b3vwg9kjcrpvz9v3l8lp0ikj977nykd5ms8b1rifa";
sha256 = "sha256-YJ5ufo+LYbOTr9SyiEzzp1pcSx6+cHSvDLBOIcx9X+4=";
};
cargoSha256 = "1mwprsg74xv6qlxf00w7xapnkisb1aid9hkyr8r90zcwdcy8783r";
cargoSha256 = "sha256-m/SBHv3BNYKkSXxHnCdVng3blbHrTc/HxX/nEIa1DnM=";
nativeBuildInputs = [ autoreconfHook cargo hexdump makeWrapper pkg-config ];
buildInputs = [ boost175 libevent libsodium utf8cpp ]

View file

@ -38,13 +38,13 @@ let
in
stdenv.mkDerivation rec {
pname = "cudatext";
version = "1.152.1";
version = "1.153.0";
src = fetchFromGitHub {
owner = "Alexey-T";
repo = "CudaText";
rev = version;
sha256 = "sha256-rFmgf/wg6/jIObBDN+viKX3KrewVWgxs8uVF1gCY72s=";
sha256 = "sha256-3p5wb3buZtd1gnNoEJOclNO8xEYJBZYc86HfrkFrBWU=";
};
postPatch = ''

View file

@ -16,23 +16,23 @@
},
"ATSynEdit": {
"owner": "Alexey-T",
"rev": "2021.12.22",
"sha256": "sha256-MmRJ3XDq7b9doPFfW7njSOasHej5ut0nYcJMFj+Y/Dc="
"rev": "2022.01.07",
"sha256": "sha256-KxeaTXv0qig3O2hqjJ5HG1KCN0TTQdnd3g9jBsEc0a4="
},
"ATSynEdit_Cmp": {
"owner": "Alexey-T",
"rev": "2021.09.14",
"sha256": "sha256-6eC75zAtWbM1XEI9OM3iqy/a8Vj1l5WU7HGJBpmoQsA="
"rev": "2021.12.28",
"sha256": "sha256-bXTjPdn0DIVTdoi30Ws5+M+UsC7F99IphMSTpI5ia/Q="
},
"EControl": {
"owner": "Alexey-T",
"rev": "2021.12.07",
"sha256": "sha256-givCklAHao26psWLI2qK246igxcAQEeIYTGH61FX6Xo="
"rev": "2022.01.07",
"sha256": "sha256-dgkyXrFs2hzuFjt9GW+WNyrLIp/i/AbRsM/MyMbatdA="
},
"ATSynEdit_Ex": {
"owner": "Alexey-T",
"rev": "2021.12.07",
"sha256": "sha256-/2Fv/vrpbHSiJro11cjbziUaT4gfwa6y5aQBoYgq3OQ="
"rev": "2022.01.07",
"sha256": "sha256-7QDHf0PYGMc611qrk+a8pNJHF1v1DFMWlt5hbaU/oD8="
},
"Python-for-Lazarus": {
"owner": "Alexey-T",

View file

@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, makeWrapper, makeDesktopItem, which, unzip, libicns, imagemagick
, jdk, perl, python
, jdk, perl
}:
let
@ -58,7 +58,7 @@ stdenv.mkDerivation {
'';
nativeBuildInputs = [ makeWrapper unzip ];
buildInputs = [ perl python libicns imagemagick ];
buildInputs = [ perl libicns imagemagick ];
meta = {
description = "An integrated development environment for Java, C, C++ and PHP";

View file

@ -1,4 +1,5 @@
{ lib
, stdenv
, mkDerivation
, fetchurl
, fetchpatch
@ -30,6 +31,9 @@
, nodejs
, mkYarnModules
, qmake
, server ? false # build server version
, sqlite
, pam
}:
let
@ -65,8 +69,10 @@ let
yarnNix = ./yarndeps.nix;
};
description = "Set of integrated tools for the R language";
in
mkDerivation rec {
(if server then stdenv.mkDerivation else mkDerivation)
(rec {
inherit pname version src RSTUDIO_VERSION_MAJOR RSTUDIO_VERSION_MINOR RSTUDIO_VERSION_PATCH;
nativeBuildInputs = [
@ -77,6 +83,7 @@ mkDerivation rec {
makeWrapper
pandoc
nodejs
] ++ lib.optional (!server) [
copyDesktopItems
];
@ -85,26 +92,31 @@ mkDerivation rec {
zlib
openssl
R
libuuid
libyamlcpp
soci
postgresql
] ++ (if server then [
sqlite.dev
pam
] else [
qtbase
qtxmlpatterns
qtsensors
qtwebengine
qtwebchannel
libuuid
libyamlcpp
soci
postgresql
];
]);
cmakeFlags = [
"-DRSTUDIO_TARGET=Desktop"
"-DRSTUDIO_TARGET=${if server then "Server" else "Desktop"}"
"-DCMAKE_BUILD_TYPE=Release"
"-DQT_QMAKE_EXECUTABLE=${qmake}/bin/qmake"
"-DRSTUDIO_USE_SYSTEM_SOCI=ON"
"-DRSTUDIO_USE_SYSTEM_BOOST=ON"
"-DRSTUDIO_USE_SYSTEM_YAML_CPP=ON"
"-DPANDOC_VERSION=${pandoc.version}"
"-DCMAKE_INSTALL_PREFIX=${placeholder "out"}/lib/rstudio"
] ++ lib.optional (!server) [
"-DQT_QMAKE_EXECUTABLE=${qmake}/bin/qmake"
];
# Hack RStudio to only use the input R and provided libclang.
@ -168,10 +180,16 @@ mkDerivation rec {
'';
postInstall = ''
mkdir -p $out/share/icons/hicolor/48x48/apps $out/bin
ln $out/lib/rstudio/rstudio.png $out/share/icons/hicolor/48x48/apps
mkdir -p $out/bin $out/share
for f in {diagnostics,rpostback,rstudio}; do
${lib.optionalString (!server) ''
mkdir -p $out/share/icons/hicolor/48x48/apps
ln $out/lib/rstudio/rstudio.png $out/share/icons/hicolor/48x48/apps
''}
for f in {${if server
then "crash-handler-proxy,postback,r-ldpath,rpostback,rserver,rserver-pam,rsession,rstudio-server"
else "diagnostics,rpostback,rstudio"}}; do
ln -s $out/lib/rstudio/bin/$f $out/bin
done
@ -182,28 +200,31 @@ mkDerivation rec {
rm -r $out/lib/rstudio/bin/{pandoc/pandoc,pandoc}
'';
meta = with lib; {
inherit description;
homepage = "https://www.rstudio.com/";
license = licenses.agpl3Only;
maintainers = with maintainers; [ ciil cfhammill ];
mainProgram = "rstudio" + optionalString server "-server";
platforms = platforms.linux;
};
passthru = { inherit server; };
} // lib.optionalAttrs (!server) {
qtWrapperArgs = [
"--suffix PATH : ${lib.makeBinPath [ gnumake ]}"
];
desktopItems = [
(makeDesktopItem {
name = "${pname}";
name = pname;
exec = "rstudio %F";
icon = "rstudio";
desktopName = "RStudio";
genericName = "IDE";
comment = meta.description;
comment = description;
categories = "Development;";
mimeType = "text/x-r-source;text/x-r;text/x-R;text/x-r-doc;text/x-r-sweave;text/x-r-markdown;text/x-r-html;text/x-r-presentation;application/x-r-data;application/x-r-project;text/x-r-history;text/x-r-profile;text/x-tex;text/x-markdown;text/html;text/css;text/javascript;text/x-chdr;text/x-csrc;text/x-c++hdr;text/x-c++src;";
})
];
meta = with lib; {
description = "Set of integrated tools for the R language";
homepage = "https://www.rstudio.com/";
license = licenses.agpl3Only;
maintainers = with maintainers; [ ciil ];
platforms = platforms.linux;
};
}
})

View file

@ -1,5 +1,5 @@
{ lib, mkDerivation, fetchFromGitHub, pkg-config, qmake
, python, qtbase, qttools }:
, python2, qtbase, qttools }:
mkDerivation rec {
pname = "tiled";
@ -13,7 +13,7 @@ mkDerivation rec {
};
nativeBuildInputs = [ pkg-config qmake ];
buildInputs = [ python qtbase qttools ];
buildInputs = [ python2 qtbase qttools ];
meta = with lib; {
description = "Free, easy to use and flexible tile map editor";

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch, wxGTK, autoconf, automake, libtool, python, gettext }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, wxGTK, autoconf, automake, libtool, python2, gettext }:
stdenv.mkDerivation rec {
pname = "wxHexEditor";
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
sha256 = "08xnhaif8syv1fa0k6lc3jm7yg2k50b02lyds8w0jyzh4xi5crqj";
};
buildInputs = [ wxGTK autoconf automake libtool python gettext ];
buildInputs = [ wxGTK autoconf automake libtool python2 gettext ];
preConfigure = "patchShebangs .";

View file

@ -1,72 +0,0 @@
{ python2
, lib
, fetchurl
, pkg-config
, libXext
, libXxf86vm
, libX11
, libXrandr
, libXinerama
, libXScrnSaver
, argyllcms
}:
let
inherit (python2.pkgs) buildPythonApplication wxPython numpy dbus-python;
in buildPythonApplication rec {
pname = "displaycal";
version = "3.8.9.3";
enableParallelBuilding = true;
src = fetchurl {
url = "mirror://sourceforge/project/dispcalgui/release/${version}/DisplayCAL-${version}.tar.gz";
sha256 = "1sivi4q7sqsrc95qg5gh37bsm2761md4mpl89hflzwk6kyyxyd3w";
};
propagatedBuildInputs = [
libXext
libXxf86vm
libX11
libXrandr
libXinerama
libXScrnSaver
argyllcms
wxPython
numpy
dbus-python
];
nativeBuildInputs = [
pkg-config
];
preConfigure = ''
mkdir dist
cp {misc,dist}/net.displaycal.DisplayCAL.appdata.xml
touch dist/copyright
mkdir -p $out
ln -s $out/share/DisplayCAL $out/Resources
'';
# no idea why it looks there - symlink .json lang (everything)
postInstall = ''
for x in $out/share/DisplayCAL/*; do
ln -s $x $out/lib/python2.7/site-packages/DisplayCAL
done
for prog in "$out/bin/"*; do
wrapProgram "$prog" \
--prefix PYTHONPATH : "$PYTHONPATH" \
--prefix PATH : ${argyllcms}/bin
done
'';
meta = {
description = "Display Calibration and Characterization powered by Argyll CMS";
homepage = "https://displaycal.net/";
license = lib.licenses.gpl3;
maintainers = [lib.maintainers.marcweber];
platforms = lib.platforms.linux;
};
}

View file

@ -81,6 +81,14 @@ stdenv.mkDerivation rec {
stripLen = 1;
extraPrefix = "share/extensions/";
})
# Remove mandatory break from end of paragraphs, added in Pango 1.49
# https://gitlab.com/inkscape/inkscape/-/merge_requests/3630
# TODO: Remove in Inkscape 1.1.2
(fetchpatch {
url = "https://gitlab.com/inkscape/inkscape/-/commit/b3dabef2245d4e4e977ee9d6776be9a134493515.patch";
sha256 = "YhqUlRBKL1vJ/iCM/DvdwbmPIsAHQpcgf4TPpjlnBng=";
})
];
postPatch = ''

View file

@ -1,7 +1,7 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix (args // {
version = "5.0.0";
version = "5.0.2";
kde-channel = "stable";
sha256 = "sha256-hNWDPbyrP9OkGPTDdnDYKtkZQw8MbQpXuZOQdHHuzFc=";
sha256 = "sha256-5nUfx+tQSXekiAo3brvTmVyH2tFUSGCE6COX5l1JnL8=";
})

View file

@ -2,23 +2,23 @@
, buildDotnetModule
, dotnetCorePackages
, fetchFromGitHub
, glibcLocales
, gtk3
, installShellFiles
, librsvg
, makeDesktopItem
, intltool
, wrapGAppsHook
}:
buildDotnetModule rec {
pname = "Pinta";
version = "2.0.1";
version = "2.0.2";
nativeBuildInputs = [
installShellFiles
intltool
wrapGAppsHook
];
runtimeDeps = [ gtk3 ];
buildInputs = runtimeDeps;
dotnet-sdk = dotnetCorePackages.sdk_6_0;
dotnet-runtime = dotnetCorePackages.runtime_6_0;
@ -26,7 +26,7 @@ buildDotnetModule rec {
# How-to update deps:
# $ nix-build -A pinta.fetch-deps
# $ ./result
# $ cp /tmp/Pinta-deps.nix ./pkgs/applications/graphics/pinta/default.nix
# $ cp /tmp/Pinta-deps.nix ./pkgs/applications/graphics/pinta/deps.nix
# TODO: create update script
nugetDeps = ./deps.nix;
@ -36,52 +36,49 @@ buildDotnetModule rec {
owner = "PintaProject";
repo = "Pinta";
rev = version;
sha256 = "sha256-iOKJPB2bI/GjeDxzG7r6ew7SGIzgrJTcRXhEYzOpC9k=";
sha256 = "sha256-Bvzs1beq7I1+10w9pmMePqGCz2TPDp5UK5Wa9hbKERU=";
};
# FIXME: this should be propagated by wrapGAppsHook already, however for some
# reason it is not working. Maybe a bug in buildDotnetModule?
preInstall = ''
gappsWrapperArgs+=(
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}"
--set GDK_PIXBUF_MODULE_FILE ${librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
)
# https://github.com/NixOS/nixpkgs/issues/38991
# bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
# Do the autoreconf/Makefile job manually
# TODO: use upstream build system
postBuild = ''
# Substitute translation placeholders
intltool-merge -x po/ xdg/pinta.appdata.xml.in xdg/pinta.appdata.xml
intltool-merge -d po/ xdg/pinta.desktop.in xdg/pinta.desktop
# Build translations
dotnet build Pinta \
-p:ContinuousIntegrationBuild=true \
-p:Deterministic=true \
-target:CompileTranslations,PublishTranslations \
-p:BuildTranslations=true \
-p:PublishDir="$NIX_BUILD_TOP/source/publish"
'';
postInstall = ''
postFixup = ''
# Rename the binary
mv $out/bin/Pinta $out/bin/pinta
mv "$out/bin/Pinta" "$out/bin/pinta"
# Copy desktop icons
for size in 16x16 22x22 24x24 32x32 96x96 scalable; do
mkdir -p $out/share/icons/hicolor/$size/apps
cp xdg/$size/* $out/share/icons/hicolor/$size/apps/
done
# Copy runtime icons
cp -r Pinta.Resources/icons/hicolor/16x16/* $out/share/icons/hicolor/16x16/
# Install manpage
installManPage xdg/pinta.1
# Fix and copy desktop file
# TODO: fix this propely by using the autoreconf+pkg-config build system
# from upstream
mkdir -p $out/share/applications
substitute xdg/pinta.desktop.in $out/share/applications/Pinta.desktop \
--replace _Name Name \
--replace _Comment Comment \
--replace _GenericName GenericName \
--replace _X-GNOME-FullName X-GNOME-FullName \
--replace _Keywords Keywords
# Install
dotnet build installer/linux/install.proj \
-target:Install \
-p:ContinuousIntegrationBuild=true \
-p:Deterministic=true \
-p:SourceDir="$NIX_BUILD_TOP/source" \
-p:PublishDir="$NIX_BUILD_TOP/source/publish" \
-p:InstallPrefix="$out"
'';
meta = {
meta = with lib; {
homepage = "https://www.pinta-project.com/";
description = "Drawing/editing program modeled after Paint.NET";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ thiagokokada ];
platforms = with lib.platforms; linux;
license = licenses.mit;
maintainers = with maintainers; [ thiagokokada ];
platforms = with platforms; linux;
mainProgram = "pinta";
};
}

View file

@ -1,8 +1,25 @@
{ lib, fetchFromGitHub, cmake, pkg-config, mkDerivation
, qtbase, qtx11extras, qtsvg, makeWrapper
, vulkan-loader, libglvnd, xorg, python3, python3Packages
, bison, pcre, automake, autoconf, addOpenGLRunpath
, waylandSupport ? false, wayland
{ lib
, fetchFromGitHub
, nix-update-script
, cmake
, pkg-config
, mkDerivation
, qtbase
, qtx11extras
, qtsvg
, makeWrapper
, vulkan-loader
, libglvnd
, xorg
, python3
, python3Packages
, bison
, pcre
, automake
, autoconf
, addOpenGLRunpath
, waylandSupport ? false
, wayland
}:
let
custom_swig = fetchFromGitHub {
@ -15,13 +32,13 @@ let
in
mkDerivation rec {
pname = "renderdoc";
version = "1.16";
version = "1.17";
src = fetchFromGitHub {
owner = "baldurk";
repo = "renderdoc";
rev = "v${version}";
sha256 = "150d1qzjs420clqr48gickiw5ymjx4md6iyjbxmxsdml0pyxpwwn";
sha256 = "sha256-Zr7Av49mK48B4N+Ca2vPIgKuVNP4YLVEs4EQepukSs8=";
};
buildInputs = [
@ -64,6 +81,10 @@ mkDerivation rec {
addOpenGLRunpath $out/lib/librenderdoc.so
'';
passthru.updateScript = nix-update-script {
attrPath = pname;
};
meta = with lib; {
description = "A single-frame graphics debugger";
homepage = "https://renderdoc.org/";

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake, qt4, quazip, qt-mobility, qxt, pythonPackages }:
{ lib, stdenv, fetchFromGitHub, cmake, qt4, quazip, qt-mobility, qxt, python2Packages }:
with lib;
stdenv.mkDerivation rec {
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake ];
buildInputs = [ qt4 quazip qt-mobility qxt pythonPackages.python pythonPackages.pycrypto ];
buildInputs = [ qt4 quazip qt-mobility qxt python2Packages.python python2Packages.pycrypto ];
patchPhase = ''
# Required to make the configure script work. Normally, screencloud's
@ -59,7 +59,7 @@ stdenv.mkDerivation rec {
postInstall = ''
patchShebangs $prefix/opt/screencloud/screencloud.sh
substituteInPlace "$prefix/opt/screencloud/screencloud.sh" --replace "/opt" "$prefix/opt"
sed -i "2 i\export PYTHONPATH=$(toPythonPath ${pythonPackages.pycrypto}):\$PYTHONPATH" "$prefix/opt/screencloud/screencloud.sh"
sed -i "2 i\export PYTHONPATH=$(toPythonPath ${python2Packages.pycrypto}):\$PYTHONPATH" "$prefix/opt/screencloud/screencloud.sh"
mkdir $prefix/bin
mkdir $prefix/lib
ln -s $prefix/opt/screencloud/screencloud.sh $prefix/bin/screencloud

Some files were not shown because too many files have changed in this diff Show more