lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

Project import generated by Copybara.

Browse source 
GitOrigin-RevId: 135073a87b7e2c631739f4ffa016e1859b1a425e
This commit is contained in:
Default email 2020-05-29 08:06:01 +02:00
parent dbc6e1fe44
commit 4fc29cb41f
1002 changed files with 19093 additions and 10708 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
third_party/nixpkgs/.editorconfig vendored
View file

@ -11,18 +11,26 @@ insert_final_newline = true
trim_trailing_whitespace = true trim_trailing_whitespace = true
charset = utf-8 charset = utf-8
# Ignore diffs/patches
[*.{diff,patch}]
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
# see https://nixos.org/nixpkgs/manual/#chap-conventions # see https://nixos.org/nixpkgs/manual/#chap-conventions
# Match nix/ruby/docbook files, set indent to spaces with width of two # Match nix/perl/python/ruby/shell/docbook files, set indent to spaces
[*.{nix,rb,xml}] [*.{nix,pl,py,rb,sh,xml}]
indent_style = space indent_style = space
# Match docbook files, set indent width of one
[*.xml]
indent_size = 1
# Match nix/ruby files, set indent width of two
[*.{nix,rb}]
indent_size = 2 indent_size = 2
# Match shell/python/perl scripts, set indent to spaces with width of four # Match perl/python/shell scripts, set indent width of four
[*.{sh,py,pl}] [*.{pl,py,sh}]
indent_style = space
indent_size = 4 indent_size = 4
# Match diffs, avoid to trim trailing whitespace
[*.{diff,patch}]
trim_trailing_whitespace = false

18
third_party/nixpkgs/.github/CODEOWNERS vendored
View file

@ -181,9 +181,15 @@
/nixos/modules/services/monitoring/prometheus/exporters.xml @WilliButz /nixos/modules/services/monitoring/prometheus/exporters.xml @WilliButz
/nixos/tests/prometheus-exporters.nix @WilliButz /nixos/tests/prometheus-exporters.nix @WilliButz
# PHP # PHP interpreter, packages, extensions, tests and documentation
/doc/languages-frameworks/php.section.md @etu /doc/languages-frameworks/php.section.md @NixOS/php
/nixos/tests/php @etu /nixos/tests/php @NixOS/php
/pkgs/build-support/build-pecl.nix @etu /pkgs/build-support/build-pecl.nix @NixOS/php
/pkgs/development/interpreters/php @etu /pkgs/development/interpreters/php @NixOS/php
/pkgs/top-level/php-packages.nix @etu /pkgs/top-level/php-packages.nix @NixOS/php
# Podman, CRI-O modules and related
/nixos/modules/virtualisation/containers.nix @NixOS/podman
/nixos/modules/virtualisation/cri-o.nix @NixOS/podman
/nixos/modules/virtualisation/podman.nix @NixOS/podman
/nixos/tests/podman.nix @NixOS/podman

2
third_party/nixpkgs/doc/languages-frameworks/agda.section.md vendored
View file

@ -42,7 +42,7 @@ $ agda -l standard-library -i . MyFile.agda
``` ```
name: my-library name: my-library
include: . include: .
depends: standard-library depend: standard-library
``` ```
- Create the file `~/.agda/defaults` and add any libraries you want to use by default. - Create the file `~/.agda/defaults` and add any libraries you want to use by default.

12
third_party/nixpkgs/doc/languages-frameworks/python.section.md vendored
View file

@ -1023,7 +1023,8 @@ are used in `buildPythonPackage`.
- `setuptoolsBuildHook` to build a wheel using `setuptools`. - `setuptoolsBuildHook` to build a wheel using `setuptools`.
- `setuptoolsCheckHook` to run tests with `python setup.py test`. - `setuptoolsCheckHook` to run tests with `python setup.py test`.
- `venvShellHook` to source a Python 3 `venv` at the `venvDir` location. A - `venvShellHook` to source a Python 3 `venv` at the `venvDir` location. A
`venv` is created if it does not yet exist. `venv` is created if it does not yet exist. `postVenvCreation` can be used to
to run commands only after venv is first created.
- `wheelUnpackHook` to move a wheel to the correct folder so it can be installed - `wheelUnpackHook` to move a wheel to the correct folder so it can be installed
with the `pipInstallHook`. with the `pipInstallHook`.
@ -1291,10 +1292,17 @@ in pkgs.mkShell rec {
zlib zlib
]; ];
# Run this command, only after creating the virtual environment
postVenvCreation = ''
unset SOURCE_DATE_EPOCH
pip install -r requirements.txt
'';
# Now we can execute any commands within the virtual environment. # Now we can execute any commands within the virtual environment.
# This is optional and can be left out to run pip manually. # This is optional and can be left out to run pip manually.
postShellHook = '' postShellHook = ''
pip install -r requirements.txt # allow pip to install wheels
unset SOURCE_DATE_EPOCH
''; '';
} }

104
third_party/nixpkgs/maintainers/maintainer-list.nix vendored
View file

@ -247,12 +247,6 @@
githubId = 732652; githubId = 732652;
name = "Andreas Herrmann"; name = "Andreas Herrmann";
}; };
ahmedtd = {
email = "ahmed.taahir@gmail.com";
github = "ahmedtd";
githubId = 1017202;
name = "Taahir Ahmed";
};
ahuzik = { ahuzik = {
email = "ales.guzik@gmail.com"; email = "ales.guzik@gmail.com";
github = "alesguzik"; github = "alesguzik";
@ -1175,6 +1169,12 @@
githubId = 510553; githubId = 510553;
name = "Jos van Bakel"; name = "Jos van Bakel";
}; };
caadar = {
email = "v88m@posteo.net";
github = "caadar";
githubId = 15320726;
name = "Car Cdr";
};
cab404 = { cab404 = {
email = "cab404@mailbox.org"; email = "cab404@mailbox.org";
github = "cab404"; github = "cab404";
@ -1280,6 +1280,12 @@
githubId = 64804; githubId = 64804;
name = "Dennis Gosnell"; name = "Dennis Gosnell";
}; };
ccellado = {
email = "annplague@gmail.com";
github = "ccellado";
githubId = 44584960;
name = "Denis Khalmatov";
};
ceedubs = { ceedubs = {
email = "ceedubs@gmail.com"; email = "ceedubs@gmail.com";
github = "ceedubs"; github = "ceedubs";
@ -3586,12 +3592,24 @@
githubId = 51518420; githubId = 51518420;
name = "jitwit"; name = "jitwit";
}; };
jk = {
email = "hello+nixpkgs@j-k.io";
github = "06kellyjac";
githubId = 9866621;
name = "Jack";
};
jlesquembre = { jlesquembre = {
email = "jl@lafuente.me"; email = "jl@lafuente.me";
github = "jlesquembre"; github = "jlesquembre";
githubId = 1058504; githubId = 1058504;
name = "José Luis Lafuente"; name = "José Luis Lafuente";
}; };
jloyet = {
email = "ml@fatbsd.com";
github = "fatpat";
githubId = 822436;
name = "Jérôme Loyet";
};
jluttine = { jluttine = {
email = "jaakko.luttinen@iki.fi"; email = "jaakko.luttinen@iki.fi";
github = "jluttine"; github = "jluttine";
@ -3991,6 +4009,12 @@
githubId = 59667; githubId = 59667;
name = "Ahmed Kamal"; name = "Ahmed Kamal";
}; };
kimat = {
email = "mail@kimat.org";
github = "kimat";
githubId = 3081769;
name = "Kimat Boven";
};
kimburgess = { kimburgess = {
email = "kim@acaprojects.com"; email = "kim@acaprojects.com";
github = "kimburgess"; github = "kimburgess";
@ -4041,6 +4065,16 @@
github = "klntsky"; github = "klntsky";
githubId = 18447310; githubId = 18447310;
}; };
kloenk = {
email = "me@kloenk.de";
name = "Finn Behrens";
github = "kloenk";
githubId = 12898828;
keys = [{
longkeyid = "ed25519/0xB92445CFC9546F9D";
fingerprint = "6881 5A95 D715 D429 659B 48A4 B924 45CF C954 6F9D";
}];
};
kmcopper = { kmcopper = {
email = "kmcopper@danwin1210.me"; email = "kmcopper@danwin1210.me";
name = "Kyle Copperfield"; name = "Kyle Copperfield";
@ -4162,6 +4196,12 @@
githubId = 10544; githubId = 10544;
name = "Giuluo Eulisse"; name = "Giuluo Eulisse";
}; };
kthielen = {
email = "kthielen@gmail.com";
github = "kthielen";
githubId = 1409287;
name = "Kalani Thielen";
};
ktor = { ktor = {
email = "kruszewsky@gmail.com"; email = "kruszewsky@gmail.com";
github = "ktor"; github = "ktor";
@ -4695,6 +4735,12 @@
githubId = 3507; githubId = 3507;
name = "Michael Fellinger"; name = "Michael Fellinger";
}; };
maralorn = {
email = "malte.brandy@maralorn.de";
github = "maralorn";
githubId = 1651325;
name = "Malte Brandy";
};
marcweber = { marcweber = {
email = "marco-oweber@gmx.de"; email = "marco-oweber@gmx.de";
github = "marcweber"; github = "marcweber";
@ -5546,6 +5592,12 @@
githubId = 4368690; githubId = 4368690;
name = "Ratko Mladic"; name = "Ratko Mladic";
}; };
nilp0inter = {
email = "robertomartinezp@gmail.com";
github = "nilp0inter";
githubId = 1224006;
name = "Roberto Abdelkader Martínez Pérez";
};
ninjatrappeur = { ninjatrappeur = {
email = "felix@alternativebit.fr"; email = "felix@alternativebit.fr";
github = "ninjatrappeur"; github = "ninjatrappeur";
@ -6562,6 +6614,12 @@
githubId = 353885; githubId = 353885;
name = "Rob Vermaas"; name = "Rob Vermaas";
}; };
robaca = {
email = "carsten@r0hrbach.de";
github = "robaca";
githubId = 580474;
name = "Carsten Rohrbach";
};
robberer = { robberer = {
email = "robberer@freakmail.de"; email = "robberer@freakmail.de";
github = "robberer"; github = "robberer";
@ -6634,6 +6692,12 @@
githubId = 1942810; githubId = 1942810;
name = "Christian Ulrich"; name = "Christian Ulrich";
}; };
rpearce = {
email = "me@robertwpearce.com";
github = "rpearce";
githubId = 592876;
name = "Robert W. Pearce";
};
rprospero = { rprospero = {
email = "rprospero+nix@gmail.com"; email = "rprospero+nix@gmail.com";
github = "rprospero"; github = "rprospero";
@ -6694,6 +6758,12 @@
githubId = 889991; githubId = 889991;
name = "Ryan Artecona"; name = "Ryan Artecona";
}; };
ryanorendorff = {
email = "12442942+ryanorendorff@users.noreply.github.com";
github = "ryanorendorff";
githubId = 12442942;
name = "Ryan Orendorff";
};
ryansydnor = { ryansydnor = {
email = "ryan.t.sydnor@gmail.com"; email = "ryan.t.sydnor@gmail.com";
github = "ryansydnor"; github = "ryansydnor";
@ -8107,6 +8177,16 @@
githubId = 6508; githubId = 6508;
name = "Vincent Demeester"; name = "Vincent Demeester";
}; };
veehaitch = {
name = "Vincent Haupert";
email = "mail@vincent-haupert.de";
github = "veehaitch";
githubId = 15069839;
keys = [{
longkeyid = "rsa4096/0x874BD6F916FAA742";
fingerprint = "4D23 ECDF 880D CADF 5ECA 4458 874B D6F9 16FA A742";
}];
};
velovix = { velovix = {
email = "xaviosx@gmail.com"; email = "xaviosx@gmail.com";
github = "velovix"; github = "velovix";
@ -8283,6 +8363,12 @@
githubId = 6016963; githubId = 6016963;
name = "Patrick Winter"; name = "Patrick Winter";
}; };
wishfort36 = {
email = "42300264+wishfort36@users.noreply.github.com";
github = "wishfort36";
githubId = 42300264;
name = "wishfort36";
};
wizeman = { wizeman = {
email = "rcorreia@wizy.org"; email = "rcorreia@wizy.org";
github = "wizeman"; github = "wizeman";
@ -8301,6 +8387,12 @@
githubId = 54934; githubId = 54934;
name = "Wout Mertens"; name = "Wout Mertens";
}; };
wnklmnn = {
email = "pascal@wnklmnn.de";
github = "wnklmnn";
githubId = 9423014;
name = "Pascal Winkelmann";
};
woffs = { woffs = {
email = "github@woffs.de"; email = "github@woffs.de";
github = "woffs"; github = "woffs";

92
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml vendored
View file

@ -26,6 +26,12 @@
<listitem> <listitem>
<para>GNOME desktop environment was upgraded to 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>.</para> <para>GNOME desktop environment was upgraded to 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>.</para>
</listitem> </listitem>
<listitem>
<para>
<package>maxx</package> package removed along with <varname>services.xserver.desktopManager.maxx</varname> module.
Please migrate to <package>cdesktopenv</package> and <varname>services.xserver.desktopManager.cde</varname> module.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
We now distribute a GNOME ISO. We now distribute a GNOME ISO.
@ -122,8 +128,16 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
The go-modules builder now uses vendorSha256 instead of modSha256 to pin <literal>buildGoModule</literal> now internally creates a vendor directory
fetched version data. This is currently a warning, but will be removed in the next release. in the source tree for downloaded modules instead of using go's <link
xlink:href="https://golang.org/cmd/go/#hdr-Module_proxy_protocol">module
proxy protocol</link>. This storage format is simpler and therefore less
likekly to break with future versions of go. As a result
<literal>buildGoModule</literal> switched from
<literal>modSha256</literal> to the <literal>vendorSha256</literal>
attribute to pin fetched version data. <literal>buildGoModule</literal>
still accepts <literal>modSha256</literal> with a warning, but support will
be removed in the next release.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -381,6 +395,52 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
will have changed. will have changed.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The rkt module has been removed, it was archived by upstream.
</para>
</listitem>
<listitem>
<para>
The <link xlink:href="https://bazaar.canonical.com">Bazaar</link> VCS is
unmaintained and, as consequence of the Python 2 EOL, the packages
<literal>bazaar</literal> and <literal>bazaarTools</literal> were
removed. Breezy, the backward compatible fork of Bazaar (see the
<link xlink:href="https://www.jelmer.uk/breezy-intro.html">announcement</link>),
was packaged as <literal>breezy</literal> and can be used instead.
</para>
<para>
Regarding Nixpkgs, <literal>fetchbzr</literal>,
<literal>nix-prefetch-bzr</literal> and Bazaar support in Hydra will
continue to work through Breezy.
</para>
</listitem>
<listitem>
<para>
In addition to the hostname, the fully qualified domain name (FQDN),
which consists of <literal>${cfg.hostName}</literal> and
<literal>${cfg.domain}</literal> is now added to
<literal>/etc/hosts</literal>, to allow local FQDN resolution, as used by the
<literal>hostname --fqdn</literal> command and other applications that
try to determine the FQDN. These new entries take precedence over entries
from the DNS which could cause regressions in some very specific setups.
Additionally the hostname is now resolved to <literal>127.0.0.2</literal>
instead of <literal>127.0.1.1</literal> to be consistent with what
<literal>nss-myhostname</literal> (from systemd) returns.
The old behaviour can e.g. be restored by using
<literal>networking.hosts = lib.mkForce { "127.0.1.1" = [ config.networking.hostName ]; };</literal>.
</para>
</listitem>
<listitem>
<para>
The hostname (<literal>networking.hostName</literal>) must now be a valid
DNS label (see RFC 1035) and as such must not contain the domain part.
This means that the hostname must start with a letter, end with a letter
or digit, and have as interior characters only letters, digits, and
hyphen. The maximum length is 63 characters. Additionally it is
recommended to only use lower-case characters.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -413,6 +473,34 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>. The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Default algorithm for ZRAM swap was changed to <literal>zstd</literal>.
</para>
</listitem>
<listitem>
<para>
The scripted networking system now uses <literal>.link</literal> files in
<literal>/etc/systemd/network</literal> to configure mac address and link MTU,
instead of the sometimes buggy <literal>network-link-*</literal> units, which
have been removed.
Bringing the interface up has been moved to the beginning of the
<literal>network-addresses-*</literal> unit.
Note this doesn't require <command>systemd-networkd</command> - it's udev that
parses <literal>.link</literal> files.
Extra care needs to be taken in the presence of <link xlink:href="https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME">legacy udev rules</link>
to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name.
In such cases, you most likely want to create a <literal>10-*.link</literal> file through <xref linkend="opt-systemd.network.links"/> and set both name and MAC Address / MTU there.
</para>
</listitem>
<listitem>
<para>
Grafana received a major update to version 7.x. A plugin is now needed for
image rendering support, and plugins must now be signed by default. More
information can be found
<link xlink:href="https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0">in the Grafana documentation</link>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

33
third_party/nixpkgs/nixos/modules/config/networking.nix vendored
View file

@ -8,9 +8,6 @@ let
cfg = config.networking; cfg = config.networking;
localhostMapped4 = cfg.hosts ? "127.0.0.1" && elem "localhost" cfg.hosts."127.0.0.1";
localhostMapped6 = cfg.hosts ? "::1" && elem "localhost" cfg.hosts."::1";
localhostMultiple = any (elem "localhost") (attrValues (removeAttrs cfg.hosts [ "127.0.0.1" "::1" ])); localhostMultiple = any (elem "localhost") (attrValues (removeAttrs cfg.hosts [ "127.0.0.1" "::1" ]));
in in
@ -147,12 +144,6 @@ in
config = { config = {
assertions = [{ assertions = [{
assertion = localhostMapped4;
message = ''`networking.hosts` doesn't map "127.0.0.1" to "localhost"'';
} {
assertion = !cfg.enableIPv6 || localhostMapped6;
message = ''`networking.hosts` doesn't map "::1" to "localhost"'';
} {
assertion = !localhostMultiple; assertion = !localhostMultiple;
message = '' message = ''
`networking.hosts` maps "localhost" to something other than "127.0.0.1" `networking.hosts` maps "localhost" to something other than "127.0.0.1"
@ -161,22 +152,34 @@ in
''; '';
}]; }];
networking.hosts = { # These entries are required for "hostname -f" and to resolve both the
"127.0.0.1" = [ "localhost" ]; # hostname and FQDN correctly:
} // optionalAttrs (cfg.hostName != "") { networking.hosts = let
"127.0.1.1" = [ cfg.hostName ]; hostnames = # Note: The FQDN (canonical hostname) has to come first:
optional (cfg.hostName != "" && cfg.domain != null) "${cfg.hostName}.${cfg.domain}"
++ optional (cfg.hostName != "") cfg.hostName; # Then the hostname (without the domain)
in {
"127.0.0.2" = hostnames;
} // optionalAttrs cfg.enableIPv6 { } // optionalAttrs cfg.enableIPv6 {
"::1" = [ "localhost" ]; "::1" = hostnames;
}; };
networking.hostFiles = let networking.hostFiles = let
# Note: localhostHosts has to appear first in /etc/hosts so that 127.0.0.1
# resolves back to "localhost" (as some applications assume) instead of
# the FQDN! By default "networking.hosts" also contains entries for the
# FQDN so that e.g. "hostname -f" works correctly.
localhostHosts = pkgs.writeText "localhost-hosts" ''
127.0.0.1 localhost
${optionalString cfg.enableIPv6 "::1 localhost"}
'';
stringHosts = stringHosts =
let let
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip} + "\n"; oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip} + "\n";
allToString = set: concatMapStrings (oneToString set) (attrNames set); allToString = set: concatMapStrings (oneToString set) (attrNames set);
in pkgs.writeText "string-hosts" (allToString (filterAttrs (_: v: v != []) cfg.hosts)); in pkgs.writeText "string-hosts" (allToString (filterAttrs (_: v: v != []) cfg.hosts));
extraHosts = pkgs.writeText "extra-hosts" cfg.extraHosts; extraHosts = pkgs.writeText "extra-hosts" cfg.extraHosts;
in mkBefore [ stringHosts extraHosts ]; in mkBefore [ localhostHosts stringHosts extraHosts ];
environment.etc = environment.etc =
{ # /etc/services: TCP/UDP port assignments. { # /etc/services: TCP/UDP port assignments.

2
third_party/nixpkgs/nixos/modules/config/power-management.nix vendored
View file

@ -94,7 +94,7 @@ in
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ]; after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
script = script =
'' ''
${config.systemd.package}/bin/systemctl try-restart post-resume.target /run/current-system/systemd/bin/systemctl try-restart post-resume.target
${cfg.resumeCommands} ${cfg.resumeCommands}
${cfg.powerUpCommands} ${cfg.powerUpCommands}
''; '';

2
third_party/nixpkgs/nixos/modules/config/resolvconf.nix vendored
View file

@ -21,7 +21,7 @@ let
'' + optionalString config.services.nscd.enable '' '' + optionalString config.services.nscd.enable ''
# Invalidate the nscd cache whenever resolv.conf is # Invalidate the nscd cache whenever resolv.conf is
# regenerated. # regenerated.
libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null' libc_restart='/run/current-system/systemd/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
'' + optionalString (length resolvconfOptions > 0) '' '' + optionalString (length resolvconfOptions > 0) ''
# Options as described in resolv.conf(5) # Options as described in resolv.conf(5)
resolv_conf_options='${concatStringsSep " " resolvconfOptions}' resolv_conf_options='${concatStringsSep " " resolvconfOptions}'

2
third_party/nixpkgs/nixos/modules/config/zram.nix vendored
View file

@ -91,7 +91,7 @@ in
}; };
algorithm = mkOption { algorithm = mkOption {
default = "lzo"; default = "zstd";
example = "lz4"; example = "lz4";
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str; type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str;
description = '' description = ''

8
third_party/nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix vendored
View file

@ -1,6 +1,6 @@
{ {
x86_64-linux = "/nix/store/8928ygfyf9iassfrnj76v55s6zid58ja-nix-2.3.4"; x86_64-linux = "/nix/store/xb0nl3z356n0sfrhswfli2g19a19slys-nix-2.3.5";
i686-linux = "/nix/store/b5cx3nmba9ahx3wk5ybxa67k40pdpdxn-nix-2.3.4"; i686-linux = "/nix/store/k8kdd4yy1yap6lai5idyhmzcwsjh1fik-nix-2.3.5";
aarch64-linux = "/nix/store/p6j4mis6agdjlk4j0cyg7yh58wpm3kif-nix-2.3.4"; aarch64-linux = "/nix/store/dr86cbipxqjcb8pf2k0v8wvw0h0adfpz-nix-2.3.5";
x86_64-darwin = "/nix/store/aizhr07dljmlbf17wfrj40x3s0b5iv3d-nix-2.3.4"; x86_64-darwin = "/nix/store/n6dqdndkv9kac66kdr988kaiyavl44x8-nix-2.3.5";
} }

6
third_party/nixpkgs/nixos/modules/module-list.nix vendored
View file

@ -415,6 +415,7 @@
./services/misc/apache-kafka.nix ./services/misc/apache-kafka.nix
./services/misc/autofs.nix ./services/misc/autofs.nix
./services/misc/autorandr.nix ./services/misc/autorandr.nix
./services/misc/bazarr.nix
./services/misc/beanstalkd.nix ./services/misc/beanstalkd.nix
./services/misc/bees.nix ./services/misc/bees.nix
./services/misc/bepasty.nix ./services/misc/bepasty.nix
@ -605,6 +606,7 @@
./services/networking/dnsmasq.nix ./services/networking/dnsmasq.nix
./services/networking/ejabberd.nix ./services/networking/ejabberd.nix
./services/networking/epmd.nix ./services/networking/epmd.nix
./services/networking/ergo.nix
./services/networking/eternal-terminal.nix ./services/networking/eternal-terminal.nix
./services/networking/fakeroute.nix ./services/networking/fakeroute.nix
./services/networking/ferm.nix ./services/networking/ferm.nix
@ -816,6 +818,7 @@
./services/torrent/magnetico.nix ./services/torrent/magnetico.nix
./services/torrent/opentracker.nix ./services/torrent/opentracker.nix
./services/torrent/peerflix.nix ./services/torrent/peerflix.nix
./services/torrent/rtorrent.nix
./services/torrent/transmission.nix ./services/torrent/transmission.nix
./services/ttys/agetty.nix ./services/ttys/agetty.nix
./services/ttys/gpm.nix ./services/ttys/gpm.nix
@ -828,6 +831,7 @@
./services/web-apps/cryptpad.nix ./services/web-apps/cryptpad.nix
./services/web-apps/documize.nix ./services/web-apps/documize.nix
./services/web-apps/dokuwiki.nix ./services/web-apps/dokuwiki.nix
./services/web-apps/engelsystem.nix
./services/web-apps/frab.nix ./services/web-apps/frab.nix
./services/web-apps/gerrit.nix ./services/web-apps/gerrit.nix
./services/web-apps/gotify-server.nix ./services/web-apps/gotify-server.nix
@ -847,6 +851,7 @@
./services/web-apps/matomo.nix ./services/web-apps/matomo.nix
./services/web-apps/moinmoin.nix ./services/web-apps/moinmoin.nix
./services/web-apps/restya-board.nix ./services/web-apps/restya-board.nix
./services/web-apps/sogo.nix
./services/web-apps/tt-rss.nix ./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix ./services/web-apps/trac.nix
./services/web-apps/trilium.nix ./services/web-apps/trilium.nix
@ -1002,7 +1007,6 @@
./virtualisation/podman.nix ./virtualisation/podman.nix
./virtualisation/qemu-guest-agent.nix ./virtualisation/qemu-guest-agent.nix
./virtualisation/railcar.nix ./virtualisation/railcar.nix
./virtualisation/rkt.nix
./virtualisation/virtualbox-guest.nix ./virtualisation/virtualbox-guest.nix
./virtualisation/virtualbox-host.nix ./virtualisation/virtualbox-host.nix
./virtualisation/vmware-guest.nix ./virtualisation/vmware-guest.nix

12
third_party/nixpkgs/nixos/modules/programs/zsh/zsh.nix vendored
View file

@ -135,6 +135,13 @@ in
type = types.bool; type = types.bool;
}; };
enableBashCompletion = mkOption {
default = false;
description = ''
Enable compatibility with bash's programmable completion system.
'';
type = types.bool;
};
enableGlobalCompInit = mkOption { enableGlobalCompInit = mkOption {
default = cfg.enableCompletion; default = cfg.enableCompletion;
@ -239,6 +246,11 @@ in
autoload -U compinit && compinit autoload -U compinit && compinit
''} ''}
${optionalString cfg.enableBashCompletion ''
# Enable compatibility with bash's completion system.
autoload -U bashcompinit && bashcompinit
''}
# Setup custom interactive shell init stuff. # Setup custom interactive shell init stuff.
${cfge.interactiveShellInit} ${cfge.interactiveShellInit}

1
third_party/nixpkgs/nixos/modules/rename.nix vendored
View file

@ -48,6 +48,7 @@ with lib;
systemd-logind API). Instead of using the module you can now systemd-logind API). Instead of using the module you can now
simply add the brightnessctl package to environment.systemPackages. simply add the brightnessctl package to environment.systemPackages.
'') '')
(mkRemovedOptionModule [ "virtualisation" "rkt" ] "The rkt module has been removed, it was archived by upstream")
(mkRemovedOptionModule ["services" "prey" ] '' (mkRemovedOptionModule ["services" "prey" ] ''
prey-bash-client is deprecated upstream prey-bash-client is deprecated upstream

8
third_party/nixpkgs/nixos/modules/services/databases/mysql.nix vendored
View file

@ -32,13 +32,7 @@ in
services.mysql = { services.mysql = {
enable = mkOption { enable = mkEnableOption "MySQL server";
type = types.bool;
default = false;
description = "
Whether to enable the MySQL server.
";
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;

3
third_party/nixpkgs/nixos/modules/services/databases/redis.nix vendored
View file

@ -11,12 +11,11 @@ let
port ${toString cfg.port} port ${toString cfg.port}
${condOption "bind" cfg.bind} ${condOption "bind" cfg.bind}
${condOption "unixsocket" cfg.unixSocket} ${condOption "unixsocket" cfg.unixSocket}
daemonize yes daemonize no
supervised systemd supervised systemd
loglevel ${cfg.logLevel} loglevel ${cfg.logLevel}
logfile ${cfg.logfile} logfile ${cfg.logfile}
syslog-enabled ${redisBool cfg.syslog} syslog-enabled ${redisBool cfg.syslog}
pidfile /run/redis/redis.pid
databases ${toString cfg.databases} databases ${toString cfg.databases}
${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save} ${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save}
dbfilename dump.rdb dbfilename dump.rdb

5
third_party/nixpkgs/nixos/modules/services/databases/rethinkdb.nix vendored
View file

@ -15,10 +15,7 @@ in
services.rethinkdb = { services.rethinkdb = {
enable = mkOption { enable = mkEnableOption "RethinkDB server";
default = false;
description = "Whether to enable the RethinkDB server.";
};
#package = mkOption { #package = mkOption {
# default = pkgs.rethinkdb; # default = pkgs.rethinkdb;

2
third_party/nixpkgs/nixos/modules/services/desktops/deepin/deepin.nix vendored
View file

@ -41,7 +41,6 @@
pkgs.deepin.dde-session-ui pkgs.deepin.dde-session-ui
pkgs.deepin.deepin-anything pkgs.deepin.deepin-anything
pkgs.deepin.deepin-image-viewer pkgs.deepin.deepin-image-viewer
pkgs.deepin.deepin-screenshot
]; ];
services.dbus.packages = [ services.dbus.packages = [
@ -55,7 +54,6 @@
pkgs.deepin.dde-session-ui pkgs.deepin.dde-session-ui
pkgs.deepin.deepin-anything pkgs.deepin.deepin-anything
pkgs.deepin.deepin-image-viewer pkgs.deepin.deepin-image-viewer
pkgs.deepin.deepin-screenshot
]; ];
systemd.packages = [ systemd.packages = [

4
third_party/nixpkgs/nixos/modules/services/hardware/udev.nix vendored
View file

@ -83,6 +83,10 @@ let
run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="/' | run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="/' |
sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq) sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq)
for i in $import_progs $run_progs; do for i in $import_progs $run_progs; do
# if the path refers to /run/current-system/systemd, replace with config.systemd.package
if [[ $i == /run/current-system/systemd* ]]; then
i="${config.systemd.package}/''${i#/run/current-system/systemd/}"
fi
if [[ ! -x $i ]]; then if [[ ! -x $i ]]; then
echo "FAIL" echo "FAIL"
echo "$i is called in udev rules but is not executable or does not exist" echo "$i is called in udev rules but is not executable or does not exist"

79
third_party/nixpkgs/nixos/modules/services/logging/logrotate.nix vendored
View file

@ -5,26 +5,85 @@ with lib;
let let
cfg = config.services.logrotate; cfg = config.services.logrotate;
configFile = pkgs.writeText "logrotate.conf" pathOptions = {
cfg.config; options = {
path = mkOption {
type = types.str;
description = "The path to log files to be rotated";
};
user = mkOption {
type = types.str;
description = "The user account to use for rotation";
};
group = mkOption {
type = types.str;
description = "The group to use for rotation";
};
frequency = mkOption {
type = types.enum [
"daily" "weekly" "monthly" "yearly"
];
default = "daily";
description = "How often to rotate the logs";
};
keep = mkOption {
type = types.int;
default = 20;
description = "How many rotations to keep";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra logrotate config options for this path";
};
};
};
pathConfig = options: ''
"${options.path}" {
su ${options.user} ${options.group}
${options.frequency}
missingok
notifempty
rotate ${toString options.keep}
${options.extraConfig}
}
'';
configFile = pkgs.writeText "logrotate.conf" (
(concatStringsSep "\n" ((map pathConfig cfg.paths) ++ [cfg.extraConfig]))
);
in in
{ {
imports = [
(mkRenamedOptionModule [ "services" "logrotate" "config" ] [ "services" "logrotate" "extraConfig" ])
];
options = { options = {
services.logrotate = { services.logrotate = {
enable = mkOption { enable = mkEnableOption "the logrotate systemd service";
type = lib.types.bool;
default = false; paths = mkOption {
description = '' type = types.listOf (types.submodule pathOptions);
Enable the logrotate cron job default = [];
''; description = "List of attribute sets with paths to rotate";
example = {
"/var/log/myapp/*.log" = {
user = "myuser";
group = "mygroup";
rotate = "weekly";
keep = 5;
};
};
}; };
config = mkOption { extraConfig = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;
description = '' description = ''
The contents of the logrotate config file Extra contents to add to the logrotate config file.
See https://linux.die.net/man/8/logrotate
''; '';
}; };
}; };

76
third_party/nixpkgs/nixos/modules/services/misc/bazarr.nix vendored Normal file
View file

@ -0,0 +1,76 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.bazarr;
in
{
options = {
services.bazarr = {
enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr";
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for the bazarr web interface.";
};
listenPort = mkOption {
type = types.port;
default = 6767;
description = "Port on which the bazarr web interface should listen";
};
user = mkOption {
type = types.str;
default = "bazarr";
description = "User account under which bazarr runs.";
};
group = mkOption {
type = types.str;
default = "bazarr";
description = "Group under which bazarr runs.";
};
};
};
config = mkIf cfg.enable {
systemd.services.bazarr = {
description = "bazarr";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = rec {
Type = "simple";
User = cfg.user;
Group = cfg.group;
StateDirectory = "bazarr";
SyslogIdentifier = "bazarr";
ExecStart = pkgs.writeShellScript "start-bazarr" ''
${pkgs.bazarr}/bin/bazarr \
--config '/var/lib/${StateDirectory}' \
--port ${toString cfg.listenPort} \
--no-update True
'';
Restart = "on-failure";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.listenPort ];
};
users.users = mkIf (cfg.user == "bazarr") {
bazarr = {
group = cfg.group;
home = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}";
};
};
users.groups = mkIf (cfg.group == "bazarr") {
bazarr = {};
};
};
}

2
third_party/nixpkgs/nixos/modules/services/misc/docker-registry.nix vendored
View file

@ -138,7 +138,7 @@ in {
script = '' script = ''
${pkgs.docker-distribution}/bin/registry garbage-collect ${configFile} ${pkgs.docker-distribution}/bin/registry garbage-collect ${configFile}
${pkgs.systemd}/bin/systemctl restart docker-registry.service /run/current-system/systemd/bin/systemctl restart docker-registry.service
''; '';
startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates; startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates;

2
third_party/nixpkgs/nixos/modules/services/misc/freeswitch.nix vendored
View file

@ -78,7 +78,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
restartTriggers = [ configDirectory ]; restartTriggers = [ configDirectory ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.systemd}/bin/systemctl try-reload-or-restart freeswitch.service"; ExecStart = "/run/current-system/systemd/bin/systemctl try-reload-or-restart freeswitch.service";
RemainAfterExit = true; RemainAfterExit = true;
Type = "oneshot"; Type = "oneshot";
}; };

4
third_party/nixpkgs/nixos/modules/services/misc/redmine.nix vendored
View file

@ -26,7 +26,7 @@ let
scm_mercurial_command: ${pkgs.mercurial}/bin/hg scm_mercurial_command: ${pkgs.mercurial}/bin/hg
scm_git_command: ${pkgs.gitAndTools.git}/bin/git scm_git_command: ${pkgs.gitAndTools.git}/bin/git
scm_cvs_command: ${pkgs.cvs}/bin/cvs scm_cvs_command: ${pkgs.cvs}/bin/cvs
scm_bazaar_command: ${pkgs.bazaar}/bin/bzr scm_bazaar_command: ${pkgs.breezy}/bin/bzr
scm_darcs_command: ${pkgs.darcs}/bin/darcs scm_darcs_command: ${pkgs.darcs}/bin/darcs
${cfg.extraConfig} ${cfg.extraConfig}
@ -297,7 +297,7 @@ in
environment.SCHEMA = "${cfg.stateDir}/cache/schema.db"; environment.SCHEMA = "${cfg.stateDir}/cache/schema.db";
path = with pkgs; [ path = with pkgs; [
imagemagick imagemagick
bazaar breezy
cvs cvs
darcs darcs
gitAndTools.git gitAndTools.git

8
third_party/nixpkgs/nixos/modules/services/misc/zoneminder.nix vendored
View file

@ -63,10 +63,6 @@ let
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
phpExtensions = with pkgs.phpPackages; [
{ pkg = apcu; name = "apcu"; }
];
in { in {
options = { options = {
services.zoneminder = with lib; { services.zoneminder = with lib; {
@ -289,11 +285,9 @@ in {
phpfpm = lib.mkIf useNginx { phpfpm = lib.mkIf useNginx {
pools.zoneminder = { pools.zoneminder = {
inherit user group; inherit user group;
phpPackage = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [ all.apcu ]);
phpOptions = '' phpOptions = ''
date.timezone = "${config.time.timeZone}" date.timezone = "${config.time.timeZone}"
${lib.concatStringsSep "\n" (map (e:
"extension=${e.pkg}/lib/php/extensions/${e.name}.so") phpExtensions)}
''; '';
settings = lib.mapAttrs (name: lib.mkDefault) { settings = lib.mapAttrs (name: lib.mkDefault) {
"listen.owner" = user; "listen.owner" = user;

4
third_party/nixpkgs/nixos/modules/services/networking/dhcpcd.nix vendored
View file

@ -81,7 +81,7 @@ let
# anything ever again ("couldn't resolve ..., giving up on # anything ever again ("couldn't resolve ..., giving up on
# it"), so we silently lose time synchronisation. This also # it"), so we silently lose time synchronisation. This also
# applies to openntpd. # applies to openntpd.
${config.systemd.package}/bin/systemctl try-reload-or-restart ntpd.service openntpd.service chronyd.service || true /run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service openntpd.service chronyd.service || true
fi fi
${cfg.runHook} ${cfg.runHook}
@ -217,7 +217,7 @@ in
powerManagement.resumeCommands = mkIf config.systemd.services.dhcpcd.enable powerManagement.resumeCommands = mkIf config.systemd.services.dhcpcd.enable
'' ''
# Tell dhcpcd to rebind its interfaces if it's running. # Tell dhcpcd to rebind its interfaces if it's running.
${config.systemd.package}/bin/systemctl reload dhcpcd.service /run/current-system/systemd/bin/systemctl reload dhcpcd.service
''; '';
}; };

1
third_party/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix vendored
View file

@ -55,6 +55,7 @@ in
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
DynamicUser = true; DynamicUser = true;
ExecStart = "${pkgs.dnscrypt-proxy2}/bin/dnscrypt-proxy -config ${cfg.configFile}"; ExecStart = "${pkgs.dnscrypt-proxy2}/bin/dnscrypt-proxy -config ${cfg.configFile}";
Restart = "always";
}; };
}; };
}; };

94
third_party/nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix vendored
View file

@ -5,12 +5,20 @@ let
cfg = config.services.dnscrypt-wrapper; cfg = config.services.dnscrypt-wrapper;
dataDir = "/var/lib/dnscrypt-wrapper"; dataDir = "/var/lib/dnscrypt-wrapper";
mkPath = path: default:
if path != null
then toString path
else default;
publicKey = mkPath cfg.providerKey.public "${dataDir}/public.key";
secretKey = mkPath cfg.providerKey.secret "${dataDir}/secret.key";
daemonArgs = with cfg; [ daemonArgs = with cfg; [
"--listen-address=${address}:${toString port}" "--listen-address=${address}:${toString port}"
"--resolver-address=${upstream.address}:${toString upstream.port}" "--resolver-address=${upstream.address}:${toString upstream.port}"
"--provider-name=${providerName}" "--provider-name=${providerName}"
"--provider-publickey-file=public.key" "--provider-publickey-file=${publicKey}"
"--provider-secretkey-file=secret.key" "--provider-secretkey-file=${secretKey}"
"--provider-cert-file=${providerName}.crt" "--provider-cert-file=${providerName}.crt"
"--crypt-secretkey-file=${providerName}.key" "--crypt-secretkey-file=${providerName}.key"
]; ];
@ -24,17 +32,19 @@ let
dnscrypt-wrapper --gen-cert-file \ dnscrypt-wrapper --gen-cert-file \
--crypt-secretkey-file=${cfg.providerName}.key \ --crypt-secretkey-file=${cfg.providerName}.key \
--provider-cert-file=${cfg.providerName}.crt \ --provider-cert-file=${cfg.providerName}.crt \
--provider-publickey-file=public.key \ --provider-publickey-file=${publicKey} \
--provider-secretkey-file=secret.key \ --provider-secretkey-file=${secretKey} \
--cert-file-expire-days=${toString cfg.keys.expiration} --cert-file-expire-days=${toString cfg.keys.expiration}
} }
cd ${dataDir} cd ${dataDir}
# generate provider keypair (first run only) # generate provider keypair (first run only)
if [ ! -f public.key ] || [ ! -f secret.key ]; then ${optionalString (cfg.providerKey.public == null || cfg.providerKey.secret == null) ''
dnscrypt-wrapper --gen-provider-keypair if [ ! -f ${publicKey} ] || [ ! -f ${secretKey} ]; then
fi dnscrypt-wrapper --gen-provider-keypair
fi
''}
# generate new keys for rotation # generate new keys for rotation
if [ ! -f ${cfg.providerName}.key ] || [ ! -f ${cfg.providerName}.crt ]; then if [ ! -f ${cfg.providerName}.key ] || [ ! -f ${cfg.providerName}.crt ]; then
@ -64,6 +74,47 @@ let
fi fi
''; '';
# This is the fork of the original dnscrypt-proxy maintained by Dyne.org.
# dnscrypt-proxy2 doesn't provide the `--test` feature that is needed to
# correctly implement key rotation of dnscrypt-wrapper ephemeral keys.
dnscrypt-proxy1 = pkgs.callPackage
({ stdenv, fetchFromGitHub, autoreconfHook
, pkgconfig, libsodium, ldns, openssl, systemd }:
stdenv.mkDerivation rec {
pname = "dnscrypt-proxy";
version = "2019-08-20";
src = fetchFromGitHub {
owner = "dyne";
repo = "dnscrypt-proxy";
rev = "07ac3825b5069adc28e2547c16b1d983a8ed8d80";
sha256 = "0c4mq741q4rpmdn09agwmxap32kf0vgfz7pkhcdc5h54chc3g3xy";
};
configureFlags = optional stdenv.isLinux "--with-systemd";
nativeBuildInputs = [ autoreconfHook pkgconfig ];
# <ldns/ldns.h> depends on <openssl/ssl.h>
buildInputs = [ libsodium openssl.dev ldns ] ++ optional stdenv.isLinux systemd;
postInstall = ''
# Previous versions required libtool files to load plugins; they are
# now strictly optional.
rm $out/lib/dnscrypt-proxy/*.la
'';
meta = {
description = "A tool for securing communications between a client and a DNS resolver";
homepage = "https://github.com/dyne/dnscrypt-proxy";
license = licenses.isc;
maintainers = with maintainers; [ rnhmjoj ];
platforms = platforms.linux;
};
}) { };
in { in {
@ -98,6 +149,26 @@ in {
''; '';
}; };
providerKey.public = mkOption {
type = types.nullOr types.path;
default = null;
example = "/etc/secrets/public.key";
description = ''
The filepath to the provider public key. If not given a new
provider key pair will be generated on the first run.
'';
};
providerKey.secret = mkOption {
type = types.nullOr types.path;
default = null;
example = "/etc/secrets/secret.key";
description = ''
The filepath to the provider secret key. If not given a new
provider key pair will be generated on the first run.
'';
};
upstream.address = mkOption { upstream.address = mkOption {
type = types.str; type = types.str;
default = "127.0.0.1"; default = "127.0.0.1";
@ -179,7 +250,7 @@ in {
requires = [ "dnscrypt-wrapper.service" ]; requires = [ "dnscrypt-wrapper.service" ];
description = "Rotates DNSCrypt wrapper keys if soon to expire"; description = "Rotates DNSCrypt wrapper keys if soon to expire";
path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy gawk ]; path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy1 gawk ];
script = rotateKeys; script = rotateKeys;
serviceConfig.User = "dnscrypt-wrapper"; serviceConfig.User = "dnscrypt-wrapper";
}; };
@ -196,6 +267,13 @@ in {
}; };
}; };
assertions = with cfg; [
{ assertion = (providerKey.public == null && providerKey.secret == null) ||
(providerKey.secret != null && providerKey.public != null);
message = "The secret and public provider key must be set together.";
}
];
}; };
meta.maintainers = with lib.maintainers; [ rnhmjoj ]; meta.maintainers = with lib.maintainers; [ rnhmjoj ];

141
third_party/nixpkgs/nixos/modules/services/networking/ergo.nix vendored Normal file
View file

@ -0,0 +1,141 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.ergo;
inherit (lib) mkEnableOption mkIf mkOption optionalString types;
configFile = pkgs.writeText "ergo.conf" (''
ergo {
directory = "${cfg.dataDir}"
node {
mining = false
}
wallet.secretStorage.secretDir = "${cfg.dataDir}/wallet/keystore"
}
scorex {
network {
bindAddress = "${cfg.listen.ip}:${toString cfg.listen.port}"
}
'' + optionalString (cfg.api.keyHash != null) ''
restApi {
apiKeyHash = "${cfg.api.keyHash}"
bindAddress = "${cfg.api.listen.ip}:${toString cfg.api.listen.port}"
}
'' + ''
}
'');
in {
options = {
services.ergo = {
enable = mkEnableOption "Ergo service";
dataDir = mkOption {
type = types.path;
default = "/var/lib/ergo";
description = "The data directory for the Ergo node.";
};
listen = {
ip = mkOption {
type = types.str;
default = "0.0.0.0";
description = "IP address on which the Ergo node should listen.";
};
port = mkOption {
type = types.port;
default = 9006;
description = "Listen port for the Ergo node.";
};
};
api = {
keyHash = mkOption {
type = types.nullOr types.str;
default = null;
example = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf";
description = "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.";
};
listen = {
ip = mkOption {
type = types.str;
default = "0.0.0.0";
description = "IP address that the Ergo node API should listen on if <option>api.keyHash</option> is defined.";
};
port = mkOption {
type = types.port;
default = 9052;
description = "Listen port for the API endpoint if <option>api.keyHash</option> is defined.";
};
};
};
testnet = mkOption {
type = types.bool;
default = false;
description = "Connect to testnet network instead of the default mainnet.";
};
user = mkOption {
type = types.str;
default = "ergo";
description = "The user as which to run the Ergo node.";
};
group = mkOption {
type = types.str;
default = cfg.user;
description = "The group as which to run the Ergo node.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for the Ergo node as well as the API.";
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
];
systemd.services.ergo = {
description = "ergo server";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = ''${pkgs.ergo}/bin/ergo \
${optionalString (!cfg.testnet)
"--mainnet"} \
-c ${configFile}'';
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.listen.port ] ++ [ cfg.api.listen.port ];
};
users.users.${cfg.user} = {
name = cfg.user;
group = cfg.group;
description = "Ergo daemon user";
home = cfg.dataDir;
isSystemUser = true;
};
users.groups.${cfg.group} = {};
};
}

7
third_party/nixpkgs/nixos/modules/services/networking/networkmanager.nix vendored
View file

@ -449,6 +449,13 @@ in {
systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ]; systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ];
# override unit as recommended by upstream - see https://github.com/NixOS/nixpkgs/issues/88089
# TODO: keep an eye on modem-manager releases as this will eventually be added to the upstream unit
systemd.services.ModemManager.serviceConfig.ExecStart = [
""
"${pkgs.modemmanager}/sbin/ModemManager --filter-policy=STRICT"
];
systemd.services.NetworkManager-dispatcher = { systemd.services.NetworkManager-dispatcher = {
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
restartTriggers = [ configFile ]; restartTriggers = [ configFile ];

4
third_party/nixpkgs/nixos/modules/services/networking/nsd.nix vendored
View file

@ -252,7 +252,7 @@ let
Use imports or pkgs.lib.readFile if you don't want this data in your config file. Use imports or pkgs.lib.readFile if you don't want this data in your config file.
''; '';
}; };
dnssec = mkEnableOption "DNSSEC"; dnssec = mkEnableOption "DNSSEC";
dnssecPolicy = { dnssecPolicy = {
@ -970,7 +970,7 @@ in
script = signZones; script = signZones;
postStop = '' postStop = ''
${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service /run/current-system/systemd/bin/systemctl kill -s SIGHUP nsd.service
''; '';
}; };

4
third_party/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix vendored
View file

@ -253,12 +253,12 @@ in {
}; };
powerManagement.resumeCommands = '' powerManagement.resumeCommands = ''
${config.systemd.package}/bin/systemctl try-restart wpa_supplicant /run/current-system/systemd/bin/systemctl try-restart wpa_supplicant
''; '';
# Restart wpa_supplicant when a wlan device appears or disappears. # Restart wpa_supplicant when a wlan device appears or disappears.
services.udev.extraRules = '' services.udev.extraRules = ''
ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="${config.systemd.package}/bin/systemctl try-restart wpa_supplicant.service" ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="/run/current-system/systemd/bin/systemctl try-restart wpa_supplicant.service"
''; '';
}; };

139
third_party/nixpkgs/nixos/modules/services/networking/yggdrasil.nix vendored
View file

@ -1,55 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
keysPath = "/var/lib/yggdrasil/keys.json";
cfg = config.services.yggdrasil; cfg = config.services.yggdrasil;
configProvided = (cfg.config != {}); configProvided = cfg.config != { };
configAsFile = (if configProvided then configFileProvided = cfg.configFile != null;
toString (pkgs.writeTextFile {
name = "yggdrasil-conf";
text = builtins.toJSON cfg.config;
})
else null);
configFileProvided = (cfg.configFile != null);
generateConfig = (
if configProvided && configFileProvided then
"${pkgs.jq}/bin/jq -s add ${configAsFile} ${cfg.configFile}"
else if configProvided then
"cat ${configAsFile}"
else if configFileProvided then
"cat ${cfg.configFile}"
else
"${cfg.package}/bin/yggdrasil -genconf"
);
in { in {
options = with types; { options = with types; {
services.yggdrasil = { services.yggdrasil = {
enable = mkEnableOption "the yggdrasil system service"; enable = mkEnableOption "the yggdrasil system service";
configFile = mkOption {
type = nullOr str;
default = null;
example = "/run/keys/yggdrasil.conf";
description = ''
A file which contains JSON configuration for yggdrasil.
You do not have to supply a complete configuration, as
yggdrasil will use default values for anything which is
omitted. If the encryption and signing keys are omitted,
yggdrasil will generate new ones each time the service is
started, resulting in a random IPv6 address on the yggdrasil
network each time.
If both this option and <option>config</option> are
supplied, they will be combined, with values from
<option>config</option> taking precedence.
You can use the command <code>nix-shell -p yggdrasil --run
"yggdrasil -genconf -json"</code> to generate a default
JSON configuration.
'';
};
config = mkOption { config = mkOption {
type = attrs; type = attrs;
default = {}; default = {};
@ -66,16 +28,21 @@ in {
Configuration for yggdrasil, as a Nix attribute set. Configuration for yggdrasil, as a Nix attribute set.
Warning: this is stored in the WORLD-READABLE Nix store! Warning: this is stored in the WORLD-READABLE Nix store!
Therefore, it is not appropriate for private keys. If you Therefore, it is not appropriate for private keys. If you
do not specify the keys, yggdrasil will generate a new set wish to specify the keys, use <option>configFile</option>.
each time the service is started, creating a random IPv6
address on the yggdrasil network each time.
If you wish to specify the keys, use If the <option>persistentKeys</option> is enabled then the
<option>configFile</option>. If both keys that are generated during activation will override
<option>configFile</option> and <option>config</option> are those in <option>config</option> or
supplied, they will be combined, with values from <option>configFile</option>.
<option>config</option> taking precedence.
If no keys are specified then ephemeral keys are generated
and the Yggdrasil interface will have a random IPv6 address
each time the service is started, this is the default.
If both <option>configFile</option> and <option>config</option>
are supplied, they will be combined, with values from
<option>configFile</option> taking precedence.
You can use the command <code>nix-shell -p yggdrasil --run You can use the command <code>nix-shell -p yggdrasil --run
"yggdrasil -genconf"</code> to generate default "yggdrasil -genconf"</code> to generate default
@ -83,12 +50,21 @@ in {
''; '';
}; };
configFile = mkOption {
type = nullOr path;
default = null;
example = "/run/keys/yggdrasil.conf";
description = ''
A file which contains JSON configuration for yggdrasil.
See the <option>config</option> option for more information.
'';
};
group = mkOption { group = mkOption {
type = types.str; type = types.str;
default = "root"; default = "root";
example = "wheel"; example = "wheel";
description = description = "Group to grant acces to the Yggdrasil control socket.";
"Group to grant acces to the Yggdrasil control socket.";
}; };
openMulticastPort = mkOption { openMulticastPort = mkOption {
@ -126,37 +102,64 @@ in {
defaultText = "pkgs.yggdrasil"; defaultText = "pkgs.yggdrasil";
description = "Yggdrasil package to use."; description = "Yggdrasil package to use.";
}; };
persistentKeys = mkEnableOption ''
If enabled then keys will be generated once and Yggdrasil
will retain the same IPv6 address when the service is
restarted. Keys are stored at ${keysPath}.
'';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable (let binYggdrasil = cfg.package + "/bin/yggdrasil";
assertions = [ in {
{ assertion = config.networking.enableIPv6; assertions = [{
message = "networking.enableIPv6 must be true for yggdrasil to work"; assertion = config.networking.enableIPv6;
} message = "networking.enableIPv6 must be true for yggdrasil to work";
]; }];
system.activationScripts.yggdrasil = mkIf cfg.persistentKeys ''
if [ ! -e ${keysPath} ]
then
mkdir -p ${builtins.dirOf keysPath}
${binYggdrasil} -genconf -json \
| ${pkgs.jq}/bin/jq \
'to_entries|map(select(.key|endswith("Key")))|from_entries' \
> ${keysPath}
chmod 600 ${keysPath}
fi
'';
systemd.services.yggdrasil = { systemd.services.yggdrasil = {
description = "Yggdrasil Network Service"; description = "Yggdrasil Network Service";
path = [ cfg.package ] ++ optional (configProvided && configFileProvided) pkgs.jq;
bindsTo = [ "network-online.target" ]; bindsTo = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart =
${generateConfig} | yggdrasil -normaliseconf -useconf > /run/yggdrasil/yggdrasil.conf (if configProvided || configFileProvided || cfg.persistentKeys then
''; "echo "
+ (lib.optionalString configProvided
"'${builtins.toJSON cfg.config}'")
+ (lib.optionalString configFileProvided "$(cat ${cfg.configFile})")
+ (lib.optionalString cfg.persistentKeys "$(cat ${keysPath})")
+ " | ${pkgs.jq}/bin/jq -s add | ${binYggdrasil} -normaliseconf -useconf"
else
"${binYggdrasil} -genconf") + " > /run/yggdrasil/yggdrasil.conf";
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/yggdrasil -useconffile /run/yggdrasil/yggdrasil.conf"; ExecStart =
"${binYggdrasil} -useconffile /run/yggdrasil/yggdrasil.conf";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always"; Restart = "always";
Group = cfg.group; Group = cfg.group;
RuntimeDirectory = "yggdrasil"; RuntimeDirectory = "yggdrasil";
RuntimeDirectoryMode = "0750"; RuntimeDirectoryMode = "0750";
BindReadOnlyPaths = mkIf configFileProvided BindReadOnlyPaths = lib.optional configFileProvided cfg.configFile
[ "${cfg.configFile}" ]; ++ lib.optional cfg.persistentKeys keysPath;
# TODO: as of yggdrasil 0.3.8 and systemd 243, yggdrasil fails # TODO: as of yggdrasil 0.3.8 and systemd 243, yggdrasil fails
# to set up the network adapter when DynamicUser is set. See # to set up the network adapter when DynamicUser is set. See
@ -191,6 +194,6 @@ in {
# Make yggdrasilctl available on the command line. # Make yggdrasilctl available on the command line.
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
}; });
meta.maintainers = with lib.maintainers; [ gazally ]; meta.maintainers = with lib.maintainers; [ gazally ehmry ];
} }

1
third_party/nixpkgs/nixos/modules/services/security/fprintd.nix vendored
View file

@ -29,7 +29,6 @@ in
type = types.package; type = types.package;
default = pkgs.fprintd; default = pkgs.fprintd;
defaultText = "pkgs.fprintd"; defaultText = "pkgs.fprintd";
example = "pkgs.fprintd-thinkpad";
description = '' description = ''
fprintd package to use. fprintd package to use.
''; '';

23
third_party/nixpkgs/nixos/modules/services/security/usbguard.nix vendored
View file

@ -207,6 +207,29 @@ in {
Type = "simple"; Type = "simple";
ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
Restart = "on-failure"; Restart = "on-failure";
AmbientCapabilities = "";
CapabilityBoundingSet = "CAP_CHOWN CAP_FOWNER";
DeviceAllow = "/dev/null rw";
DevicePolicy = "strict";
IPAddressDeny = "any";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelModules = true;
ProtectSystem = true;
ReadOnlyPaths = "-/";
ReadWritePaths = "-/dev/shm -${dirOf cfg.auditFilePath} -/tmp -${dirOf cfg.ruleFile}";
RestrictAddressFamilies = "AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
UMask = "0077";
}; };
}; };
}; };

23
third_party/nixpkgs/nixos/modules/services/system/earlyoom.nix vendored
View file

@ -67,9 +67,19 @@ in
notificationsCommand = mkOption { notificationsCommand = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "sudo -u example_user DISPLAY=:0 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus notify-send";
description = '' description = ''
Command used to send notifications. This option is deprecated and ignored by earlyoom since 1.6.
Use <option>services.earlyoom.enableNotifications</option> instead.
'';
};
enableNotifications = mkOption {
type = types.bool;
default = false;
description = ''
Send notifications about killed processes via the system d-bus.
To actually see the notifications in your GUI session, you need to have
<literal>systembus-notify</literal> running as your user.
See <link xlink:href="https://github.com/rfjakob/earlyoom#notifications">README</link> for details. See <link xlink:href="https://github.com/rfjakob/earlyoom#notifications">README</link> for details.
''; '';
@ -87,9 +97,13 @@ in
message = "Both options in conjunction do not make sense"; } message = "Both options in conjunction do not make sense"; }
]; ];
warnings = optional (ecfg.notificationsCommand != null)
"`services.earlyoom.notificationsCommand` is deprecated and ignored by earlyoom since 1.6.";
systemd.services.earlyoom = { systemd.services.earlyoom = {
description = "Early OOM Daemon for Linux"; description = "Early OOM Daemon for Linux";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = optional ecfg.enableNotifications pkgs.dbus;
serviceConfig = { serviceConfig = {
StandardOutput = "null"; StandardOutput = "null";
StandardError = "syslog"; StandardError = "syslog";
@ -100,10 +114,11 @@ in
${optionalString ecfg.useKernelOOMKiller "-k"} \ ${optionalString ecfg.useKernelOOMKiller "-k"} \
${optionalString ecfg.ignoreOOMScoreAdjust "-i"} \ ${optionalString ecfg.ignoreOOMScoreAdjust "-i"} \
${optionalString ecfg.enableDebugInfo "-d"} \ ${optionalString ecfg.enableDebugInfo "-d"} \
${optionalString (ecfg.notificationsCommand != null) ${optionalString ecfg.enableNotifications "-n"}
"-N ${escapeShellArg ecfg.notificationsCommand}"}
''; '';
}; };
}; };
environment.systemPackages = optional ecfg.enableNotifications pkgs.systembus-notify;
}; };
} }

209
third_party/nixpkgs/nixos/modules/services/torrent/rtorrent.nix vendored Normal file
View file

@ -0,0 +1,209 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.rtorrent;
in {
options.services.rtorrent = {
enable = mkEnableOption "rtorrent";
dataDir = mkOption {
type = types.str;
default = "/var/lib/rtorrent";
description = ''
The directory where rtorrent stores its data files.
'';
};
downloadDir = mkOption {
type = types.str;
default = "${cfg.dataDir}/download";
description = ''
Where to put downloaded files.
'';
};
user = mkOption {
type = types.str;
default = "rtorrent";
description = ''
User account under which rtorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "rtorrent";
description = ''
Group under which rtorrent runs.
'';
};
package = mkOption {
type = types.package;
default = pkgs.rtorrent;
defaultText = "pkgs.rtorrent";
description = ''
The rtorrent package to use.
'';
};
port = mkOption {
type = types.port;
default = 50000;
description = ''
The rtorrent port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the firewall for the port in <option>services.rtorrent.port</option>.
'';
};
rpcSocket = mkOption {
type = types.str;
readOnly = true;
default = "/run/rtorrent/rpc.sock";
description = ''
RPC socket path.
'';
};
configText = mkOption {
type = types.lines;
default = "";
description = ''
The content of <filename>rtorrent.rc</filename>. The <link xlink:href="https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template">modernized configuration template</link> with the values specified in this module will be prepended using mkBefore. You can use mkForce to overwrite the config completly.
'';
};
};
config = mkIf cfg.enable {
users.groups = mkIf (cfg.group == "rtorrent") {
rtorrent = {};
};
users.users = mkIf (cfg.user == "rtorrent") {
rtorrent = {
group = cfg.group;
shell = pkgs.bashInteractive;
home = cfg.dataDir;
description = "rtorrent Daemon user";
isSystemUser = true;
};
};
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ];
services.rtorrent.configText = mkBefore ''
# Instance layout (base paths)
method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
method.insert = cfg.watch, private|const|string, (cat,(cfg.basedir),"watch/")
method.insert = cfg.logs, private|const|string, (cat,(cfg.basedir),"log/")
method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),(system.time),".log")
method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
# Create instance directories
execute.throw = sh, -c, (cat, "mkdir -p ", (cfg.basedir), "/session ", (cfg.watch), " ", (cfg.logs))
# Listening port for incoming peer traffic (fixed; you can also randomize it)
network.port_range.set = ${toString cfg.port}-${toString cfg.port}
network.port_random.set = no
# Tracker-less torrent and UDP tracker support
# (conservative settings for 'private' trackers, change for 'public')
dht.mode.set = disable
protocol.pex.set = no
trackers.use_udp.set = no
# Peer settings
throttle.max_uploads.set = 100
throttle.max_uploads.global.set = 250
throttle.min_peers.normal.set = 20
throttle.max_peers.normal.set = 60
throttle.min_peers.seed.set = 30
throttle.max_peers.seed.set = 80
trackers.numwant.set = 80
protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
# Limits for file handle resources, this is optimized for
# an `ulimit` of 1024 (a common default). You MUST leave
# a ceiling of handles reserved for rTorrent's internal needs!
network.http.max_open.set = 50
network.max_open_files.set = 600
network.max_open_sockets.set = 3000
# Memory resource usage (increase if you have a large number of items loaded,
# and/or the available resources to spend)
pieces.memory.max.set = 1800M
network.xmlrpc.size_limit.set = 4M
# Basic operational settings (no need to change these)
session.path.set = (cat, (cfg.basedir), "session/")
directory.default.set = "${cfg.downloadDir}"
log.execute = (cat, (cfg.logs), "execute.log")
##log.xmlrpc = (cat, (cfg.logs), "xmlrpc.log")
execute.nothrow = sh, -c, (cat, "echo >", (session.path), "rtorrent.pid", " ", (system.pid))
# Other operational settings (check & adapt)
encoding.add = utf8
system.umask.set = 0027
system.cwd.set = (cfg.basedir)
network.http.dns_cache_timeout.set = 25
schedule2 = monitor_diskspace, 15, 60, ((close_low_diskspace, 1000M))
# Watch directories (add more as you like, but use unique schedule names)
#schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "start/*.torrent")))
#schedule2 = watch_load, 11, 10, ((load.normal, (cat, (cfg.watch), "load/*.torrent")))
# Logging:
# Levels = critical error warn notice info debug
# Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
print = (cat, "Logging to ", (cfg.logfile))
log.open_file = "log", (cfg.logfile)
log.add_output = "info", "log"
##log.add_output = "tracker_debug", "log"
# XMLRPC
scgi_local = (cfg.rpcsock)
schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
'';
systemd = {
services = {
rtorrent = let
rtorrentConfigFile = pkgs.writeText "rtorrent.rc" cfg.configText;
in {
description = "rTorrent system service";
after = [ "network.target" ];
path = [ cfg.package pkgs.bash ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Type = "simple";
Restart = "on-failure";
WorkingDirectory = cfg.dataDir;
ExecStartPre=''${pkgs.bash}/bin/bash -c "if test -e ${cfg.dataDir}/session/rtorrent.lock && test -z $(${pkgs.procps}/bin/pidof rtorrent); then rm -f ${cfg.dataDir}/session/rtorrent.lock; fi"'';
ExecStart="${cfg.package}/bin/rtorrent -n -o system.daemon.set=true -o import=${rtorrentConfigFile}";
RuntimeDirectory = "rtorrent";
RuntimeDirectoryMode = 755;
};
};
};
tmpfiles.rules = [ "d '${cfg.dataDir}' 0750 ${cfg.user} ${cfg.group} -" ];
};
};
}

15
third_party/nixpkgs/nixos/modules/services/torrent/transmission.nix vendored
View file

@ -11,7 +11,7 @@ let
downloadDir = "${homeDir}/Downloads"; downloadDir = "${homeDir}/Downloads";
incompleteDir = "${homeDir}/.incomplete"; incompleteDir = "${homeDir}/.incomplete";
settingsDir = "${homeDir}/.config/transmission-daemon"; settingsDir = "${homeDir}/config";
settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings); settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings);
# for users in group "transmission" to have access to torrents # for users in group "transmission" to have access to torrents
@ -20,12 +20,6 @@ let
preStart = pkgs.writeScript "transmission-pre-start" '' preStart = pkgs.writeScript "transmission-pre-start" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
set -ex set -ex
for DIR in "${homeDir}" "${settingsDir}" "${fullSettings.download-dir}" "${fullSettings.incomplete-dir}"; do
mkdir -p "$DIR"
done
chmod 755 "${homeDir}"
chmod 700 "${settingsDir}"
chmod ${downloadDirPermissions} "${fullSettings.download-dir}" "${fullSettings.incomplete-dir}"
cp -f ${settingsFile} ${settingsDir}/settings.json cp -f ${settingsFile} ${settingsDir}/settings.json
''; '';
in in
@ -110,6 +104,13 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${homeDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
"d '${settingsDir}' 0700 '${cfg.user}' '${cfg.group}' - -"
"d '${fullSettings.download-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -"
"d '${fullSettings.incomplete-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -"
];
systemd.services.transmission = { systemd.services.transmission = {
description = "Transmission BitTorrent Service"; description = "Transmission BitTorrent Service";
after = [ "network.target" ] ++ optional apparmor "apparmor.service"; after = [ "network.target" ] ++ optional apparmor "apparmor.service";

186
third_party/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix vendored Normal file
View file

@ -0,0 +1,186 @@
{ config, lib, pkgs, utils, ... }:
let
inherit (lib) mkDefault mkEnableOption mkIf mkOption types literalExample;
cfg = config.services.engelsystem;
in {
options = {
services.engelsystem = {
enable = mkOption {
default = false;
example = true;
description = ''
Whether to enable engelsystem, an online tool for coordinating helpers
and shifts on large events.
'';
type = lib.types.bool;
};
domain = mkOption {
type = types.str;
example = "engelsystem.example.com";
description = "Domain to serve on.";
};
package = mkOption {
type = types.package;
example = literalExample "pkgs.engelsystem";
description = "Engelsystem package used for the service.";
default = pkgs.engelsystem;
};
createDatabase = mkOption {
type = types.bool;
default = true;
description = ''
Whether to create a local database automatically.
This will override every database setting in <option>services.engelsystem.config</option>.
'';
};
};
services.engelsystem.config = mkOption {
type = types.attrs;
default = {
database = {
host = "localhost";
database = "engelsystem";
username = "engelsystem";
};
};
example = {
maintenance = false;
database = {
host = "database.example.com";
database = "engelsystem";
username = "engelsystem";
password._secret = "/var/keys/engelsystem/database";
};
email = {
driver = "smtp";
host = "smtp.example.com";
port = 587;
from.address = "engelsystem@example.com";
from.name = "example engelsystem";
encryption = "tls";
username = "engelsystem@example.com";
password._secret = "/var/keys/engelsystem/mail";
};
autoarrive = true;
min_password_length = 6;
default_locale = "de_DE";
};
description = ''
Options to be added to config.php, as a nix attribute set. Options containing secret data
should be set to an attribute set containing the attribute _secret - a string pointing to a
file containing the value the option should be set to. See the example to get a better
picture of this: in the resulting config.php file, the email.password key will be set to
the contents of the /var/keys/engelsystem/mail file.
See https://engelsystem.de/doc/admin/configuration/ for available options.
Note that the admin user login credentials cannot be set here - they always default to
admin:asdfasdf. Log in and change them immediately.
'';
};
};
config = mkIf cfg.enable {
# create database
services.mysql = mkIf cfg.createDatabase {
enable = true;
package = mkDefault pkgs.mysql;
ensureUsers = [{
name = "engelsystem";
ensurePermissions = { "engelsystem.*" = "ALL PRIVILEGES"; };
}];
ensureDatabases = [ "engelsystem" ];
};
environment.etc."engelsystem/config.php".source =
pkgs.writeText "config.php" ''
<?php
return json_decode(file_get_contents("/var/lib/engelsystem/config.json"), true);
'';
services.phpfpm.pools.engelsystem = {
user = "engelsystem";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
};
services.nginx = {
enable = true;
virtualHosts."${cfg.domain}".locations = {
"/" = {
root = "${cfg.package}/share/engelsystem/public";
extraConfig = ''
index index.php;
try_files $uri $uri/ /index.php?$args;
autoindex off;
'';
};
"~ \\.php$" = {
root = "${cfg.package}/share/engelsystem/public";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.engelsystem.socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi.conf;
'';
};
};
};
systemd.services."engelsystem-init" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = { Type = "oneshot"; };
script =
let
genConfigScript = pkgs.writeScript "engelsystem-gen-config.sh"
(utils.genJqSecretsReplacementSnippet cfg.config "config.json");
in ''
umask 077
mkdir -p /var/lib/engelsystem/storage/app
mkdir -p /var/lib/engelsystem/storage/cache/views
cd /var/lib/engelsystem
${genConfigScript}
chmod 400 config.json
chown -R engelsystem .
'';
};
systemd.services."engelsystem-migrate" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = "engelsystem";
Group = "engelsystem";
};
script = ''
${cfg.package}/bin/migrate
'';
after = [ "engelsystem-init.service" "mysql.service" ];
};
systemd.services."phpfpm-engelsystem".after =
[ "engelsystem-migrate.service" ];
users.users.engelsystem = {
isSystemUser = true;
createHome = true;
home = "/var/lib/engelsystem/storage";
group = "engelsystem";
};
users.groups.engelsystem = { };
};
}

272
third_party/nixpkgs/nixos/modules/services/web-apps/sogo.nix vendored Normal file
View file

@ -0,0 +1,272 @@
{ config, pkgs, lib, ... }: with lib; let
cfg = config.services.sogo;
preStart = pkgs.writeShellScriptBin "sogo-prestart" ''
touch /etc/sogo/sogo.conf
chown sogo:sogo /etc/sogo/sogo.conf
chmod 640 /etc/sogo/sogo.conf
${if (cfg.configReplaces != {}) then ''
# Insert secrets
${concatStringsSep "\n" (mapAttrsToList (k: v: ''export ${k}="$(cat "${v}" | tr -d '\n')"'') cfg.configReplaces)}
${pkgs.perl}/bin/perl -p ${concatStringsSep " " (mapAttrsToList (k: v: '' -e 's/${k}/''${ENV{"${k}"}}/g;' '') cfg.configReplaces)} /etc/sogo/sogo.conf.raw > /etc/sogo/sogo.conf
'' else ''
cp /etc/sogo/sogo.conf.raw /etc/sogo/sogo.conf
''}
'';
in {
options.services.sogo = with types; {
enable = mkEnableOption "SOGo groupware";
vhostName = mkOption {
description = "Name of the nginx vhost";
type = str;
default = "sogo";
};
timezone = mkOption {
description = "Timezone of your SOGo instance";
type = str;
example = "America/Montreal";
};
language = mkOption {
description = "Language of SOGo";
type = str;
default = "English";
};
ealarmsCredFile = mkOption {
description = "Optional path to a credentials file for email alarms";
type = nullOr str;
default = null;
};
configReplaces = mkOption {
description = ''
Replacement-filepath mapping for sogo.conf.
Every key is replaced with the contents of the file specified as value.
In the example, every occurence of LDAP_BINDPW will be replaced with the text of the
specified file.
'';
type = attrsOf str;
default = {};
example = {
LDAP_BINDPW = "/var/lib/secrets/sogo/ldappw";
};
};
extraConfig = mkOption {
description = "Extra sogo.conf configuration lines";
type = lines;
default = "";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.sogo ];
environment.etc."sogo/sogo.conf.raw".text = ''
{
// Mandatory parameters
SOGoTimeZone = "${cfg.timezone}";
SOGoLanguage = "${cfg.language}";
// Paths
WOSendMail = "/run/wrappers/bin/sendmail";
SOGoMailSpoolPath = "/var/lib/sogo/spool";
SOGoZipPath = "${pkgs.zip}/bin/zip";
// Enable CSRF protection
SOGoXSRFValidationEnabled = YES;
// Remove dates from log (jornald does that)
NGLogDefaultLogEventFormatterClass = "NGLogEventFormatter";
// Extra config
${cfg.extraConfig}
}
'';
systemd.services.sogo = {
description = "SOGo groupware";
after = [ "postgresql.service" "mysql.service" "memcached.service" "openldap.service" "dovecot2.service" ];
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."sogo/sogo.conf.raw".source ];
environment.LDAPTLS_CACERT = "/etc/ssl/certs/ca-certificates.crt";
serviceConfig = {
Type = "forking";
ExecStartPre = "+" + preStart + "/bin/sogo-prestart";
ExecStart = "${pkgs.sogo}/bin/sogod -WOLogFile - -WOPidFile /run/sogo/sogo.pid";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RuntimeDirectory = "sogo";
StateDirectory = "sogo/spool";
User = "sogo";
Group = "sogo";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
PrivateUsers = true;
MemoryDenyWriteExecute = true;
SystemCallFilter = "@basic-io @file-system @network-io @system-service @timer";
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
};
};
systemd.services.sogo-tmpwatch = {
description = "SOGo tmpwatch";
startAt = [ "hourly" ];
script = ''
SOGOSPOOL=/var/lib/sogo/spool
find "$SOGOSPOOL" -type f -user sogo -atime +23 -delete > /dev/null
find "$SOGOSPOOL" -mindepth 1 -type d -user sogo -empty -delete > /dev/null
'';
serviceConfig = {
Type = "oneshot";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
StateDirectory = "sogo/spool";
User = "sogo";
Group = "sogo";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
PrivateUsers = true;
PrivateNetwork = true;
SystemCallFilter = "@basic-io @file-system @system-service";
SystemCallArchitectures = "native";
RestrictAddressFamilies = "";
};
};
systemd.services.sogo-ealarms = {
description = "SOGo email alarms";
after = [ "postgresql.service" "mysqld.service" "memcached.service" "openldap.service" "dovecot2.service" "sogo.service" ];
restartTriggers = [ config.environment.etc."sogo/sogo.conf.raw".source ];
startAt = [ "minutely" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.sogo}/bin/sogo-ealarms-notify${optionalString (cfg.ealarmsCredFile != null) " -p ${cfg.ealarmsCredFile}"}";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
StateDirectory = "sogo/spool";
User = "sogo";
Group = "sogo";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
PrivateUsers = true;
MemoryDenyWriteExecute = true;
SystemCallFilter = "@basic-io @file-system @network-io @system-service";
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
};
};
# nginx vhost
services.nginx.virtualHosts."${cfg.vhostName}" = {
locations."/".extraConfig = ''
rewrite ^ https://$server_name/SOGo;
allow all;
'';
# For iOS 7
locations."/principals/".extraConfig = ''
rewrite ^ https://$server_name/SOGo/dav;
allow all;
'';
locations."^~/SOGo".extraConfig = ''
proxy_pass http://127.0.0.1:20000;
proxy_redirect http://127.0.0.1:20000 default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host 127.0.0.1;
proxy_set_header x-webobjects-server-port $server_port;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_max_body_size 50m;
client_body_buffer_size 128k;
break;
'';
locations."/SOGo.woa/WebServerResources/".extraConfig = ''
alias ${pkgs.sogo}/lib/GNUstep/SOGo/WebServerResources/;
allow all;
'';
locations."/SOGo/WebServerResources/".extraConfig = ''
alias ${pkgs.sogo}/lib/GNUstep/SOGo/WebServerResources/;
allow all;
'';
locations."~ ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$".extraConfig = ''
alias ${pkgs.sogo}/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
'';
locations."~ ^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\\.(jpg|png|gif|css|js)$".extraConfig = ''
alias ${pkgs.sogo}/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
'';
};
# User and group
users.groups.sogo = {};
users.users.sogo = {
group = "sogo";
isSystemUser = true;
description = "SOGo service user";
};
};
}

5
third_party/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix vendored
View file

@ -631,9 +631,12 @@ let
serviceConfig = { serviceConfig = {
User = "${cfg.user}"; User = "${cfg.user}";
Group = "tt_rss"; Group = "tt_rss";
ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon"; ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon --quiet";
StandardOutput = "syslog"; StandardOutput = "syslog";
StandardError = "syslog"; StandardError = "syslog";
Restart = "on-failure";
RestartSec = "60";
SyslogIdentifier = "tt-rss";
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

6
third_party/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix vendored
View file

@ -756,9 +756,9 @@ in
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.TimeoutSec = 60; serviceConfig.TimeoutSec = 60;
script = '' script = ''
if ${pkgs.systemd}/bin/systemctl -q is-active nginx.service ; then if /run/current-system/systemd/bin/systemctl -q is-active nginx.service ; then
${execCommand} -t && \ ${execCommand} -t && \
${pkgs.systemd}/bin/systemctl reload nginx.service /run/current-system/systemd/bin/systemctl reload nginx.service
fi fi
''; '';
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
@ -772,7 +772,7 @@ in
webroot = vhostConfig.acmeRoot; webroot = vhostConfig.acmeRoot;
extraDomains = genAttrs vhostConfig.serverAliases (alias: null); extraDomains = genAttrs vhostConfig.serverAliases (alias: null);
postRun = '' postRun = ''
systemctl reload nginx /run/current-system/systemd/bin/systemctl reload nginx
''; '';
}; }) acmeEnabledVhosts; }; }) acmeEnabledVhosts;
in in

20
third_party/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix vendored
View file

@ -79,7 +79,25 @@ in {
}; };
instance = mkOption { instance = mkOption {
type = types.attrs; type = with lib.types; let
valueType = nullOr (oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
(mkOptionType {
name = "function";
description = "function";
check = x: isFunction x;
merge = mergeOneOption;
})
]) // {
description = "Json value or lambda";
emptyValue.value = {};
};
in valueType;
default = { default = {
type = "normal"; type = "normal";
}; };

17
third_party/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix vendored
View file

@ -8,9 +8,26 @@ let
in { in {
options.services.xserver.desktopManager.cde = { options.services.xserver.desktopManager.cde = {
enable = mkEnableOption "Common Desktop Environment"; enable = mkEnableOption "Common Desktop Environment";
extraPackages = mkOption {
type = with types; listOf package;
default = with pkgs.xorg; [
xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud
];
example = literalExample ''
with pkgs.xorg; [
xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud
]
'';
description = ''
Extra packages to be installed system wide.
'';
};
}; };
config = mkIf (xcfg.enable && cfg.enable) { config = mkIf (xcfg.enable && cfg.enable) {
environment.systemPackages = cfg.extraPackages;
services.rpcbind.enable = true; services.rpcbind.enable = true;
services.xinetd.enable = true; services.xinetd.enable = true;

2
third_party/nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix vendored
View file

@ -19,7 +19,7 @@ in
# E.g., if Plasma 5 is enabled, it supersedes xterm. # E.g., if Plasma 5 is enabled, it supersedes xterm.
imports = [ imports = [
./none.nix ./xterm.nix ./xfce.nix ./plasma5.nix ./lumina.nix ./none.nix ./xterm.nix ./xfce.nix ./plasma5.nix ./lumina.nix
./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix ./maxx.nix ./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix
./mate.nix ./pantheon.nix ./surf-display.nix ./cde.nix ./mate.nix ./pantheon.nix ./surf-display.nix ./cde.nix
]; ];

37
third_party/nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix vendored
View file

@ -32,15 +32,14 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages = with pkgs; [
e.efl e.enlightenment enlightenment.econnman
e.terminology e.econnman enlightenment.efl
pkgs.xorg.xauth # used by kdesu enlightenment.enlightenment
pkgs.gtk2 # To get GTK's themes. enlightenment.ephoto
pkgs.tango-icon-theme enlightenment.rage
enlightenment.terminology
pkgs.gnome-icon-theme xorg.xcursorthemes
pkgs.xorg.xcursorthemes
]; ];
environment.pathsToLink = [ environment.pathsToLink = [
@ -50,11 +49,10 @@ in
"/share/locale" "/share/locale"
]; ];
services.xserver.desktopManager.session = [ services.xserver.displayManager.sessionPackages = [ pkgs.enlightenment.enlightenment ];
{ name = "Enlightenment";
start = ''
export XDG_MENU_PREFIX=e-
services.xserver.displayManager.sessionCommands = ''
if test "$XDG_CURRENT_DESKTOP" = "Enlightenment"; then
export GST_PLUGIN_PATH="${GST_PLUGIN_PATH}" export GST_PLUGIN_PATH="${GST_PLUGIN_PATH}"
# make available for D-BUS user services # make available for D-BUS user services
@ -62,12 +60,15 @@ in
# Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/
${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update
fi
'';
exec ${e.enlightenment}/bin/enlightenment_start # Wrappers for programs installed by enlightenment that should be setuid
''; security.wrappers = {
}]; enlightenment_ckpasswd.source = "${pkgs.enlightenment.enlightenment}/lib/enlightenment/utils/enlightenment_ckpasswd";
enlightenment_sys.source = "${pkgs.enlightenment.enlightenment}/lib/enlightenment/utils/enlightenment_sys";
security.wrappers = (import "${e.enlightenment}/e-wrappers.nix").security.wrappers; enlightenment_system.source = "${pkgs.enlightenment.enlightenment}/lib/enlightenment/utils/enlightenment_system";
};
environment.etc."X11/xkb".source = xcfg.xkbDir; environment.etc."X11/xkb".source = xcfg.xkbDir;

9
third_party/nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix vendored
View file

@ -23,12 +23,9 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.xserver.desktopManager.session = singleton { services.xserver.displayManager.sessionPackages = [
name = "lumina"; pkgs.lumina.lumina
start = '' ];
exec ${pkgs.lumina.lumina}/bin/start-lumina-desktop
'';
};
environment.systemPackages = environment.systemPackages =
pkgs.lumina.preRequisitePackages ++ pkgs.lumina.preRequisitePackages ++

31
third_party/nixpkgs/nixos/modules/services/x11/desktop-managers/maxx.nix vendored
View file

@ -1,31 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
xcfg = config.services.xserver;
cfg = xcfg.desktopManager.maxx;
in {
options.services.xserver.desktopManager.maxx = {
enable = mkEnableOption "MaXX desktop environment";
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.maxx ];
# there is hardcoded path in binaries
system.activationScripts.setup-maxx = ''
mkdir -p /opt
ln -sfn ${pkgs.maxx}/opt/MaXX /opt
'';
services.xserver.desktopManager.session = [
{ name = "MaXX";
start = ''
exec ${pkgs.maxx}/opt/MaXX/etc/skel/Xsession.dt
'';
}];
};
meta.maintainers = [ maintainers.gnidorah ];
}

19
third_party/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix vendored
View file

@ -158,6 +158,19 @@ in
example = "vlc"; example = "vlc";
description = "Phonon audio backend to install."; description = "Phonon audio backend to install.";
}; };
supportDDC = mkOption {
type = types.bool;
default = false;
description = ''
Support setting monitor brightness via DDC.
</para>
<para>
This is not needed for controlling brightness of the internal monitor
of a laptop and as it is considered experimental by upstream, it is
disabled by default.
'';
};
}; };
}; };
@ -184,6 +197,12 @@ in
}; };
}; };
# DDC support
boot.kernelModules = lib.optional cfg.supportDDC "i2c_dev";
services.udev.extraRules = lib.optionalString cfg.supportDDC ''
KERNEL=="i2c-[0-9]*", TAG+="uaccess"
'';
environment.systemPackages = with pkgs; with qt5; with libsForQt5; with plasma5; with kdeApplications; environment.systemPackages = with pkgs; with qt5; with libsForQt5; with plasma5; with kdeApplications;
[ [
frameworkintegration frameworkintegration

9
third_party/nixpkgs/nixos/modules/services/x11/display-managers/default.nix vendored
View file

@ -39,7 +39,8 @@ let
${optionalString cfg.startDbusSession '' ${optionalString cfg.startDbusSession ''
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "$@" /run/current-system/systemd/bin/systemctl --user start dbus.socket
export `/run/current-system/systemd/bin/systemctl --user show-environment | grep '^DBUS_SESSION_BUS_ADDRESS'`
fi fi
''} ''}
@ -59,7 +60,7 @@ let
# #
# Also tell systemd about the dbus session bus address. # Also tell systemd about the dbus session bus address.
# This is required by user units using the session bus. # This is required by user units using the session bus.
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY XAUTHORITY DBUS_SESSION_BUS_ADDRESS /run/current-system/systemd/bin/systemctl --user import-environment DISPLAY XAUTHORITY DBUS_SESSION_BUS_ADDRESS
# Load X defaults. This should probably be safe on wayland too. # Load X defaults. This should probably be safe on wayland too.
${xorg.xrdb}/bin/xrdb -merge ${xresourcesXft} ${xorg.xrdb}/bin/xrdb -merge ${xresourcesXft}
@ -88,7 +89,7 @@ let
fi fi
# Start systemd user services for graphical sessions # Start systemd user services for graphical sessions
${config.systemd.package}/bin/systemctl --user start graphical-session.target /run/current-system/systemd/bin/systemctl --user start graphical-session.target
# Allow the user to setup a custom session type. # Allow the user to setup a custom session type.
if test -x ~/.xsession; then if test -x ~/.xsession; then
@ -393,7 +394,7 @@ in
test -n "$waitPID" && wait "$waitPID" test -n "$waitPID" && wait "$waitPID"
${config.systemd.package}/bin/systemctl --user stop graphical-session.target /run/current-system/systemd/bin/systemctl --user stop graphical-session.target
exit 0 exit 0
''; '';

4
third_party/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix vendored
View file

@ -30,8 +30,8 @@ let
cfgFile = pkgs.writeText "sddm.conf" '' cfgFile = pkgs.writeText "sddm.conf" ''
[General] [General]
HaltCommand=${pkgs.systemd}/bin/systemctl poweroff HaltCommand=/run/current-system/systemd/bin/systemctl poweroff
RebootCommand=${pkgs.systemd}/bin/systemctl reboot RebootCommand=/run/current-system/systemd/bin/systemctl reboot
${optionalString cfg.autoNumlock '' ${optionalString cfg.autoNumlock ''
Numlock=on Numlock=on
''} ''}

2
third_party/nixpkgs/nixos/modules/services/x11/xautolock.nix vendored
View file

@ -66,7 +66,7 @@ in
killer = mkOption { killer = mkOption {
default = null; # default according to `man xautolock` is none default = null; # default according to `man xautolock` is none
example = "${pkgs.systemd}/bin/systemctl suspend"; example = "/run/current-system/systemd/bin/systemctl suspend";
type = types.nullOr types.str; type = types.nullOr types.str;
description = '' description = ''

9
third_party/nixpkgs/nixos/modules/system/boot/binfmt.nix vendored
View file

@ -268,9 +268,10 @@ in {
mkdir -p -m 0755 /run/binfmt mkdir -p -m 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)} ${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
''; '';
systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {}) systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {}) [
[ "proc-sys-fs-binfmt_misc.automount" "proc-sys-fs-binfmt_misc.automount"
"proc-sys-fs-binfmt_misc.mount" "proc-sys-fs-binfmt_misc.mount"
]; "systemd-binfmt.service"
];
}; };
} }

2
third_party/nixpkgs/nixos/modules/system/boot/systemd.nix vendored
View file

@ -164,7 +164,6 @@ let
"systemd-timedated.service" "systemd-timedated.service"
"systemd-localed.service" "systemd-localed.service"
"systemd-hostnamed.service" "systemd-hostnamed.service"
"systemd-binfmt.service"
"systemd-exit.service" "systemd-exit.service"
"systemd-update-done.service" "systemd-update-done.service"
] ++ optionals config.services.journald.enableHttpGateway [ ] ++ optionals config.services.journald.enableHttpGateway [
@ -1056,7 +1055,6 @@ in
systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true;
systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true;
systemd.targets.network-online.wantedBy = [ "multi-user.target" ]; systemd.targets.network-online.wantedBy = [ "multi-user.target" ];
systemd.services.systemd-binfmt.wants = [ "proc-sys-fs-binfmt_misc.mount" ];
systemd.services.systemd-importd.environment = proxy_env; systemd.services.systemd-importd.environment = proxy_env;
# Don't bother with certain units in containers. # Don't bother with certain units in containers.

11
third_party/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix vendored
View file

@ -433,7 +433,16 @@ in
services.zfs.zed.settings = { services.zfs.zed.settings = {
ZED_EMAIL_PROG = mkDefault "${pkgs.mailutils}/bin/mail"; ZED_EMAIL_PROG = mkDefault "${pkgs.mailutils}/bin/mail";
PATH = lib.makeBinPath [ packages.zfsUser pkgs.utillinux pkgs.gawk pkgs.gnused pkgs.gnugrep pkgs.coreutils pkgs.curl ]; PATH = lib.makeBinPath [
packages.zfsUser
pkgs.coreutils
pkgs.curl
pkgs.gawk
pkgs.gnugrep
pkgs.gnused
pkgs.nettools
pkgs.utillinux
];
}; };
environment.etc = genAttrs environment.etc = genAttrs

55
third_party/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix vendored
View file

@ -54,7 +54,16 @@ let
}; };
normalConfig = { normalConfig = {
systemd.network.links = let
createNetworkLink = i: nameValuePair "40-${i.name}" {
matchConfig.OriginalName = i.name;
linkConfig = optionalAttrs (i.macAddress != null) {
MACAddress = i.macAddress;
} // optionalAttrs (i.mtu != null) {
MTUBytes = toString i.mtu;
};
};
in listToAttrs (map createNetworkLink interfaces);
systemd.services = systemd.services =
let let
@ -164,7 +173,6 @@ let
{ description = "Address configuration of ${i.name}"; { description = "Address configuration of ${i.name}";
wantedBy = [ wantedBy = [
"network-setup.service" "network-setup.service"
"network-link-${i.name}.service"
"network.target" "network.target"
]; ];
# order before network-setup because the routes that are configured # order before network-setup because the routes that are configured
@ -183,6 +191,8 @@ let
state="/run/nixos/network/addresses/${i.name}" state="/run/nixos/network/addresses/${i.name}"
mkdir -p $(dirname "$state") mkdir -p $(dirname "$state")
ip link set "${i.name}" up
${flip concatMapStrings ips (ip: ${flip concatMapStrings ips (ip:
let let
cidr = "${ip.address}/${toString ip.prefixLength}"; cidr = "${ip.address}/${toString ip.prefixLength}";
@ -237,38 +247,6 @@ let
''; '';
}; };
createNetworkLink = i:
let
deviceDependency = if (config.boot.isContainer || i.name == "lo")
then []
else [ (subsystemDevice i.name) ];
in
nameValuePair "network-link-${i.name}"
{ description = "Link configuration of ${i.name}";
wantedBy = [ "network-interfaces.target" ];
before = [ "network-interfaces.target" ];
bindsTo = deviceDependency;
after = [ "network-pre.target" ] ++ deviceDependency;
path = [ pkgs.iproute ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script =
''
echo "Configuring link..."
'' + optionalString (i.macAddress != null) ''
echo "setting MAC address to ${i.macAddress}..."
ip link set "${i.name}" address "${i.macAddress}"
'' + optionalString (i.mtu != null) ''
echo "setting MTU to ${toString i.mtu}..."
ip link set "${i.name}" mtu "${toString i.mtu}"
'' + ''
echo -n "bringing up interface... "
ip link set "${i.name}" up && echo "done" || (echo "failed"; exit 1)
'';
};
createTunDevice = i: nameValuePair "${i.name}-netdev" createTunDevice = i: nameValuePair "${i.name}-netdev"
{ description = "Virtual Network Interface ${i.name}"; { description = "Virtual Network Interface ${i.name}";
bindsTo = [ "dev-net-tun.device" ]; bindsTo = [ "dev-net-tun.device" ];
@ -298,7 +276,7 @@ let
bindsTo = deps ++ optional v.rstp "mstpd.service"; bindsTo = deps ++ optional v.rstp "mstpd.service";
partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service"; partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service";
after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service" after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service"
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; ++ map (i: "network-addresses-${i}.service") v.interfaces;
before = [ "network-setup.service" ]; before = [ "network-setup.service" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
@ -327,7 +305,7 @@ let
# if `libvirtd.service` is not running, do not use `virsh` which would try activate it via 'libvirtd.socket' and thus start it out-of-order. # if `libvirtd.service` is not running, do not use `virsh` which would try activate it via 'libvirtd.socket' and thus start it out-of-order.
# `libvirtd.service` will set up bridge interfaces when it will start normally. # `libvirtd.service` will set up bridge interfaces when it will start normally.
# #
if ${pkgs.systemd}/bin/systemctl --quiet is-active 'libvirtd.service'; then if /run/current-system/systemd/bin/systemctl --quiet is-active 'libvirtd.service'; then
for uri in qemu:///system lxc:///; do for uri in qemu:///system lxc:///; do
for dom in $(${pkgs.libvirt}/bin/virsh -c $uri list --name); do for dom in $(${pkgs.libvirt}/bin/virsh -c $uri list --name); do
${pkgs.libvirt}/bin/virsh -c $uri dumpxml "$dom" | \ ${pkgs.libvirt}/bin/virsh -c $uri dumpxml "$dom" | \
@ -375,7 +353,7 @@ let
createVswitchDevice = n: v: nameValuePair "${n}-netdev" createVswitchDevice = n: v: nameValuePair "${n}-netdev"
(let (let
deps = concatLists (map deviceDependency (attrNames (filterAttrs (_: config: config.type != "internal") v.interfaces))); deps = concatLists (map deviceDependency (attrNames (filterAttrs (_: config: config.type != "internal") v.interfaces)));
internalConfigs = concatMap (i: ["network-link-${i}.service" "network-addresses-${i}.service"]) (attrNames (filterAttrs (_: config: config.type == "internal") v.interfaces)); internalConfigs = map (i: "network-addresses-${i}.service") (attrNames (filterAttrs (_: config: config.type == "internal") v.interfaces));
ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules;
in in
{ description = "Open vSwitch Interface ${n}"; { description = "Open vSwitch Interface ${n}";
@ -427,7 +405,7 @@ let
bindsTo = deps; bindsTo = deps;
partOf = [ "network-setup.service" ]; partOf = [ "network-setup.service" ];
after = [ "network-pre.target" ] ++ deps after = [ "network-pre.target" ] ++ deps
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; ++ map (i: "network-addresses-${i}.service") v.interfaces;
before = [ "network-setup.service" ]; before = [ "network-setup.service" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
@ -540,7 +518,6 @@ let
}); });
in listToAttrs ( in listToAttrs (
map createNetworkLink interfaces ++
map configureAddrs interfaces ++ map configureAddrs interfaces ++
map createTunDevice (filter (i: i.virtual) interfaces)) map createTunDevice (filter (i: i.virtual) interfaces))
// mapAttrs' createBridgeDevice cfg.bridges // mapAttrs' createBridgeDevice cfg.bridges

16
third_party/nixpkgs/nixos/modules/tasks/network-interfaces.nix vendored
View file

@ -376,10 +376,20 @@ in
networking.hostName = mkOption { networking.hostName = mkOption {
default = "nixos"; default = "nixos";
type = types.str; # Only allow hostnames without the domain name part (i.e. no FQDNs, see
# e.g. "man 5 hostname") and require valid DNS labels (recommended
# syntax). Note: We also allow underscores for compatibility/legacy
# reasons (as undocumented feature):
type = types.strMatching
"^[[:alpha:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
description = '' description = ''
The name of the machine. Leave it empty if you want to obtain The name of the machine. Leave it empty if you want to obtain it from a
it from a DHCP server (if using DHCP). DHCP server (if using DHCP). The hostname must be a valid DNS label (see
RFC 1035 section 2.3.1: "Preferred name syntax") and as such must not
contain the domain part. This means that the hostname must start with a
letter, end with a letter or digit, and have as interior characters only
letters, digits, and hyphen. The maximum length is 63 characters.
Additionally it is recommended to only use lower-case characters.
''; '';
}; };

2
third_party/nixpkgs/nixos/modules/virtualisation/azure-agent.nix vendored
View file

@ -48,7 +48,7 @@ let
provisionedHook = pkgs.writeScript "provisioned-hook" '' provisionedHook = pkgs.writeScript "provisioned-hook" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
${config.systemd.package}/bin/systemctl start provisioned.target /run/current-system/systemd/bin/systemctl start provisioned.target
''; '';
in in

75
third_party/nixpkgs/nixos/modules/virtualisation/cri-o.nix vendored
View file

@ -5,6 +5,8 @@ with lib;
let let
cfg = config.virtualisation.cri-o; cfg = config.virtualisation.cri-o;
crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; });
# Copy configuration files to avoid having the entire sources in the system closure # Copy configuration files to avoid having the entire sources in the system closure
copyFile = filePath: pkgs.runCommandNoCC (builtins.unsafeDiscardStringContext (builtins.baseNameOf filePath)) {} '' copyFile = filePath: pkgs.runCommandNoCC (builtins.unsafeDiscardStringContext (builtins.baseNameOf filePath)) {} ''
cp ${filePath} $out cp ${filePath} $out
@ -23,55 +25,90 @@ in
enable = mkEnableOption "Container Runtime Interface for OCI (CRI-O)"; enable = mkEnableOption "Container Runtime Interface for OCI (CRI-O)";
storageDriver = mkOption { storageDriver = mkOption {
type = types.enum ["btrfs" "overlay" "vfs"]; type = types.enum [ "btrfs" "overlay" "vfs" ];
default = "overlay"; default = "overlay";
description = "Storage driver to be used"; description = "Storage driver to be used";
}; };
logLevel = mkOption { logLevel = mkOption {
type = types.enum ["trace" "debug" "info" "warn" "error" "fatal"]; type = types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ];
default = "info"; default = "info";
description = "Log level to be used"; description = "Log level to be used";
}; };
pauseImage = mkOption { pauseImage = mkOption {
type = types.str; type = types.nullOr types.str;
default = "k8s.gcr.io/pause:3.1"; default = null;
description = "Pause image for pod sandboxes to be used"; description = "Override the default pause image for pod sandboxes";
example = [ "k8s.gcr.io/pause:3.2" ];
}; };
pauseCommand = mkOption { pauseCommand = mkOption {
type = types.str; type = types.nullOr types.str;
default = "/pause"; default = null;
description = "Pause command to be executed"; description = "Override the default pause command";
example = [ "/pause" ];
};
runtime = mkOption {
type = types.nullOr types.str;
default = null;
description = "Override the default runtime";
example = [ "crun" ];
};
extraPackages = mkOption {
type = with types; listOf package;
default = [ ];
example = lib.literalExample ''
[
pkgs.gvisor
]
'';
description = ''
Extra packages to be installed in the CRI-O wrapper.
'';
};
package = lib.mkOption {
type = types.package;
default = crioPackage;
internal = true;
description = ''
The final CRI-O package (including extra packages).
'';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; environment.systemPackages = [ cfg.package pkgs.cri-tools ];
[ cri-o cri-tools conmon iptables runc utillinux ];
environment.etc."crictl.yaml".source = copyFile "${pkgs.cri-o.src}/crictl.yaml"; environment.etc."crictl.yaml".source = copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml";
environment.etc."crio/crio.conf".text = '' environment.etc."crio/crio.conf".text = ''
[crio] [crio]
storage_driver = "${cfg.storageDriver}" storage_driver = "${cfg.storageDriver}"
[crio.image] [crio.image]
pause_image = "${cfg.pauseImage}" ${optionalString (cfg.pauseImage != null) ''pause_image = "${cfg.pauseImage}"''}
pause_command = "${cfg.pauseCommand}" ${optionalString (cfg.pauseCommand != null) ''pause_command = "${cfg.pauseCommand}"''}
[crio.network] [crio.network]
plugin_dirs = ["${pkgs.cni-plugins}/bin/"] plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
network_dir = "/etc/cni/net.d/"
[crio.runtime] [crio.runtime]
conmon = "${pkgs.conmon}/bin/conmon" cgroup_manager = "systemd"
log_level = "${cfg.logLevel}" log_level = "${cfg.logLevel}"
manage_network_ns_lifecycle = true manage_ns_lifecycle = true
${optionalString (cfg.runtime != null) ''
default_runtime = "${cfg.runtime}"
[crio.runtime.runtimes]
[crio.runtime.runtimes.${cfg.runtime}]
''}
''; '';
environment.etc."cni/net.d/10-crio-bridge.conf".source = copyFile "${pkgs.cri-o.src}/contrib/cni/10-crio-bridge.conf"; environment.etc."cni/net.d/10-crio-bridge.conf".source = copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf";
# Enable common /etc/containers configuration # Enable common /etc/containers configuration
virtualisation.containers.enable = true; virtualisation.containers.enable = true;
@ -81,10 +118,10 @@ in
documentation = [ "https://github.com/cri-o/cri-o" ]; documentation = [ "https://github.com/cri-o/cri-o" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
path = [ pkgs.utillinux pkgs.runc pkgs.iptables ]; path = [ cfg.package ];
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStart = "${pkgs.cri-o}/bin/crio"; ExecStart = "${cfg.package}/bin/crio";
ExecReload = "/bin/kill -s HUP $MAINPID"; ExecReload = "/bin/kill -s HUP $MAINPID";
TasksMax = "infinity"; TasksMax = "infinity";
LimitNOFILE = "1048576"; LimitNOFILE = "1048576";

1
third_party/nixpkgs/nixos/modules/virtualisation/hyperv-image.nix vendored
View file

@ -37,6 +37,7 @@ in {
name = cfg.vmDerivationName; name = cfg.vmDerivationName;
postVM = '' postVM = ''
${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=dynamic -O vhdx $diskImage $out/${cfg.vmFileName} ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=dynamic -O vhdx $diskImage $out/${cfg.vmFileName}
rm $diskImage
''; '';
format = "raw"; format = "raw";
diskSize = cfg.baseImageSize; diskSize = cfg.baseImageSize;

64
third_party/nixpkgs/nixos/modules/virtualisation/rkt.nix vendored
View file

@ -1,64 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.rkt;
in
{
options.virtualisation.rkt = {
enable = mkEnableOption "rkt metadata service";
gc = {
automatic = mkOption {
default = true;
type = types.bool;
description = "Automatically run the garbage collector at a specific time.";
};
dates = mkOption {
default = "03:15";
type = types.str;
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>) of the time at
which the garbage collector will run.
'';
};
options = mkOption {
default = "--grace-period=24h";
type = types.str;
description = ''
Options given to <filename>rkt gc</filename> when the
garbage collector is run automatically.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.rkt ];
systemd.services.rkt = {
description = "rkt metadata service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.rkt}/bin/rkt metadata-service";
};
};
systemd.services.rkt-gc = {
description = "rkt garbage collection";
startAt = optionalString cfg.gc.automatic cfg.gc.dates;
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.rkt}/bin/rkt gc ${cfg.gc.options}";
};
};
users.groups.rkt = {};
};
}

90
third_party/nixpkgs/nixos/modules/virtualisation/vmware-image.nix vendored Normal file
View file

@ -0,0 +1,90 @@
{ config, pkgs, lib, ... }:
with lib;
let
boolToStr = value: if value then "on" else "off";
cfg = config.vmware;
subformats = [
"monolithicSparse"
"monolithicFlat"
"twoGbMaxExtentSparse"
"twoGbMaxExtentFlat"
"streamOptimized"
];
in {
options = {
vmware = {
baseImageSize = mkOption {
type = types.int;
default = 2048;
description = ''
The size of the VMWare base image in MiB.
'';
};
vmDerivationName = mkOption {
type = types.str;
default = "nixos-vmware-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}";
description = ''
The name of the derivation for the VMWare appliance.
'';
};
vmFileName = mkOption {
type = types.str;
default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.vmdk";
description = ''
The file name of the VMWare appliance.
'';
};
vmSubformat = mkOption {
type = types.enum subformats;
default = "monolithicSparse";
description = "Specifies which VMDK subformat to use.";
};
vmCompat6 = mkOption {
type = types.bool;
default = false;
example = true;
description = "Create a VMDK version 6 image (instead of version 4).";
};
};
};
config = {
system.build.vmwareImage = import ../../lib/make-disk-image.nix {
name = cfg.vmDerivationName;
postVM = ''
${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o compat6=${boolToStr cfg.vmCompat6},subformat=${cfg.vmSubformat} -O vmdk $diskImage $out/${cfg.vmFileName}
rm $diskImage
'';
format = "raw";
diskSize = cfg.baseImageSize;
partitionTableType = "efi";
inherit config lib pkgs;
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
boot.growPartition = true;
boot.loader.grub = {
version = 2;
device = "nodev";
efiSupport = true;
efiInstallAsRemovable = true;
};
virtualisation.vmware.guest.enable = true;
};
}

13
third_party/nixpkgs/nixos/tests/all-tests.nix vendored
View file

@ -27,6 +27,7 @@ in
atd = handleTest ./atd.nix {}; atd = handleTest ./atd.nix {};
avahi = handleTest ./avahi.nix {}; avahi = handleTest ./avahi.nix {};
babeld = handleTest ./babeld.nix {}; babeld = handleTest ./babeld.nix {};
bazarr = handleTest ./bazarr.nix {};
bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64 bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64
beanstalkd = handleTest ./beanstalkd.nix {}; beanstalkd = handleTest ./beanstalkd.nix {};
bees = handleTest ./bees.nix {}; bees = handleTest ./bees.nix {};
@ -69,6 +70,7 @@ in
deluge = handleTest ./deluge.nix {}; deluge = handleTest ./deluge.nix {};
dhparams = handleTest ./dhparams.nix {}; dhparams = handleTest ./dhparams.nix {};
dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {}; dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {};
dnscrypt-wrapper = handleTestOn ["x86_64-linux"] ./dnscrypt-wrapper {};
doas = handleTest ./doas.nix {}; doas = handleTest ./doas.nix {};
docker = handleTestOn ["x86_64-linux"] ./docker.nix {}; docker = handleTestOn ["x86_64-linux"] ./docker.nix {};
oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {}; oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {};
@ -86,8 +88,10 @@ in
ecryptfs = handleTest ./ecryptfs.nix {}; ecryptfs = handleTest ./ecryptfs.nix {};
ejabberd = handleTest ./xmpp/ejabberd.nix {}; ejabberd = handleTest ./xmpp/ejabberd.nix {};
elk = handleTestOn ["x86_64-linux"] ./elk.nix {}; elk = handleTestOn ["x86_64-linux"] ./elk.nix {};
engelsystem = handleTest ./engelsystem.nix {};
enlightenment = handleTest ./enlightenment.nix {}; enlightenment = handleTest ./enlightenment.nix {};
env = handleTest ./env.nix {}; env = handleTest ./env.nix {};
ergo = handleTest ./ergo.nix {};
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
fancontrol = handleTest ./fancontrol.nix {}; fancontrol = handleTest ./fancontrol.nix {};
@ -132,6 +136,7 @@ in
hitch = handleTest ./hitch {}; hitch = handleTest ./hitch {};
hocker-fetchdocker = handleTest ./hocker-fetchdocker {}; hocker-fetchdocker = handleTest ./hocker-fetchdocker {};
home-assistant = handleTest ./home-assistant.nix {}; home-assistant = handleTest ./home-assistant.nix {};
hostname = handleTest ./hostname.nix {};
hound = handleTest ./hound.nix {}; hound = handleTest ./hound.nix {};
hydra = handleTest ./hydra {}; hydra = handleTest ./hydra {};
hydra-db-migration = handleTest ./hydra/db-migration.nix {}; hydra-db-migration = handleTest ./hydra/db-migration.nix {};
@ -292,6 +297,7 @@ in
slurm = handleTest ./slurm.nix {}; slurm = handleTest ./slurm.nix {};
smokeping = handleTest ./smokeping.nix {}; smokeping = handleTest ./smokeping.nix {};
snapper = handleTest ./snapper.nix {}; snapper = handleTest ./snapper.nix {};
sogo = handleTest ./sogo.nix {};
solr = handleTest ./solr.nix {}; solr = handleTest ./solr.nix {};
spacecookie = handleTest ./spacecookie.nix {}; spacecookie = handleTest ./spacecookie.nix {};
spike = handleTest ./spike.nix {}; spike = handleTest ./spike.nix {};
@ -304,6 +310,7 @@ in
syncthing-relay = handleTest ./syncthing-relay.nix {}; syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {}; systemd = handleTest ./systemd.nix {};
systemd-analyze = handleTest ./systemd-analyze.nix {}; systemd-analyze = handleTest ./systemd-analyze.nix {};
systemd-binfmt = handleTestOn ["x86_64-linux"] ./systemd-binfmt.nix {};
systemd-boot = handleTestOn ["x86_64-linux"] ./systemd-boot.nix {}; systemd-boot = handleTestOn ["x86_64-linux"] ./systemd-boot.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
@ -334,10 +341,7 @@ in
vault = handleTest ./vault.nix {}; vault = handleTest ./vault.nix {};
victoriametrics = handleTest ./victoriametrics.nix {}; victoriametrics = handleTest ./victoriametrics.nix {};
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
wg-quick = handleTest ./wireguard/wg-quick.nix {};
wireguard = handleTest ./wireguard {}; wireguard = handleTest ./wireguard {};
wireguard-generated = handleTest ./wireguard/generated.nix {};
wireguard-namespaces = handleTest ./wireguard/namespaces.nix {};
wordpress = handleTest ./wordpress.nix {}; wordpress = handleTest ./wordpress.nix {};
xandikos = handleTest ./xandikos.nix {}; xandikos = handleTest ./xandikos.nix {};
xautolock = handleTest ./xautolock.nix {}; xautolock = handleTest ./xautolock.nix {};
@ -348,6 +352,7 @@ in
yabar = handleTest ./yabar.nix {}; yabar = handleTest ./yabar.nix {};
yggdrasil = handleTest ./yggdrasil.nix {}; yggdrasil = handleTest ./yggdrasil.nix {};
zfs = handleTest ./zfs.nix {}; zfs = handleTest ./zfs.nix {};
zsh-history = handleTest ./zsh-history.nix {}; zoneminder = handleTest ./zoneminder.nix {};
zookeeper = handleTest ./zookeeper.nix {}; zookeeper = handleTest ./zookeeper.nix {};
zsh-history = handleTest ./zsh-history.nix {};
} }

26
third_party/nixpkgs/nixos/tests/bazarr.nix vendored Normal file
View file

@ -0,0 +1,26 @@
import ./make-test-python.nix ({ lib, ... }:
with lib;
let
port = 42069;
in
{
name = "bazarr";
meta.maintainers = with maintainers; [ xwvvvvwx ];
nodes.machine =
{ pkgs, ... }:
{
services.bazarr = {
enable = true;
listenPort = port;
};
};
testScript = ''
machine.wait_for_unit("bazarr.service")
machine.wait_for_open_port("${toString port}")
machine.succeed("curl --fail http://localhost:${toString port}/")
'';
})

71
third_party/nixpkgs/nixos/tests/dnscrypt-wrapper/default.nix vendored Normal file
View file

@ -0,0 +1,71 @@
import ../make-test-python.nix ({ pkgs, ... }: {
name = "dnscrypt-wrapper";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ rnhmjoj ];
};
nodes = {
server = { lib, ... }:
{ services.dnscrypt-wrapper = with builtins;
{ enable = true;
address = "192.168.1.1";
keys.expiration = 5; # days
keys.checkInterval = 2; # min
# The keypair was generated by the command:
# dnscrypt-wrapper --gen-provider-keypair \
# --provider-name=2.dnscrypt-cert.server \
# --ext-address=192.168.1.1:5353
providerKey.public = toFile "public.key" (readFile ./public.key);
providerKey.secret = toFile "secret.key" (readFile ./secret.key);
};
services.tinydns.enable = true;
services.tinydns.data = ''
..:192.168.1.1:a
+it.works:1.2.3.4
'';
networking.firewall.allowedUDPPorts = [ 5353 ];
networking.firewall.allowedTCPPorts = [ 5353 ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce
[ { address = "192.168.1.1"; prefixLength = 24; } ];
};
client = { lib, ... }:
{ services.dnscrypt-proxy2.enable = true;
services.dnscrypt-proxy2.settings = {
server_names = [ "server" ];
static.server.stamp = "sdns://AQAAAAAAAAAAEDE5Mi4xNjguMS4xOjUzNTMgFEHYOv0SCKSuqR5CDYa7-58cCBuXO2_5uTSVU9wNQF0WMi5kbnNjcnlwdC1jZXJ0LnNlcnZlcg";
};
networking.nameservers = [ "127.0.0.1" ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce
[ { address = "192.168.1.2"; prefixLength = 24; } ];
};
};
testScript = ''
start_all()
with subtest("The server can generate the ephemeral keypair"):
server.wait_for_unit("dnscrypt-wrapper")
server.wait_for_file("/var/lib/dnscrypt-wrapper/2.dnscrypt-cert.server.key")
server.wait_for_file("/var/lib/dnscrypt-wrapper/2.dnscrypt-cert.server.crt")
with subtest("The client can connect to the server"):
server.wait_for_unit("tinydns")
client.wait_for_unit("dnscrypt-proxy2")
assert "1.2.3.4" in client.succeed(
"host it.works"
), "The IP address of 'it.works' does not match 1.2.3.4"
with subtest("The server rotates the ephemeral keys"):
# advance time by a little less than 5 days
server.succeed("date -s \"$(date --date '4 days 6 hours')\"")
client.succeed("date -s \"$(date --date '4 days 6 hours')\"")
server.wait_for_file("/var/lib/dnscrypt-wrapper/oldkeys")
with subtest("The client can still connect to the server"):
server.wait_for_unit("dnscrypt-wrapper")
client.succeed("host it.works")
'';
})

1
third_party/nixpkgs/nixos/tests/dnscrypt-wrapper/public.key vendored Normal file
View file

@ -0,0 +1 @@
A<>:<3A><08><><EFBFBD>B <0A><><EFBFBD><EFBFBD><1B>;o<><6F>4<EFBFBD>S<EFBFBD> @]

1
third_party/nixpkgs/nixos/tests/dnscrypt-wrapper/secret.key vendored Normal file
View file

@ -0,0 +1 @@
G½>ֶ©» ל>׀א¥(ׂ²‡¼J•«÷=<3D><EFBFBD>ֱ<EFBFBD>A״:₪®©B †»<E280A0><C2BB>—;oש¹4•S<E280A2> @]

41
third_party/nixpkgs/nixos/tests/engelsystem.nix vendored Normal file
View file

@ -0,0 +1,41 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
{
name = "engelsystem";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ talyz ];
};
nodes.engelsystem =
{ ... }:
{
services.engelsystem = {
enable = true;
domain = "engelsystem";
createDatabase = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.systemPackages = with pkgs; [
xmlstarlet
libxml2
];
};
testScript = ''
engelsystem.start()
engelsystem.wait_for_unit("phpfpm-engelsystem.service")
engelsystem.wait_until_succeeds("curl engelsystem/login -sS -f")
engelsystem.succeed(
"curl engelsystem/login -sS -f -c cookie | xmllint -html -xmlout - >login"
)
engelsystem.succeed(
"xml sel -T -t -m \"html/head/meta[@name='csrf-token']\" -v @content login >token"
)
engelsystem.succeed(
"curl engelsystem/login -sS -f -b cookie -F 'login=admin' -F 'password=asdfasdf' -F '_token=<token' -L | xmllint -html -xmlout - >news"
)
engelsystem.succeed(
"test 'News - Engelsystem' = \"$(xml sel -T -t -c html/head/title news)\""
)
'';
})

16
third_party/nixpkgs/nixos/tests/enlightenment.nix vendored
View file

@ -41,28 +41,24 @@ import ./make-test-python.nix ({ pkgs, ...} :
with subtest("First time wizard"): with subtest("First time wizard"):
machine.wait_for_text("Default") # Language machine.wait_for_text("Default") # Language
machine.succeed("xdotool mousemove 512 185 click 1") # Default Language
machine.screenshot("wizard1") machine.screenshot("wizard1")
machine.succeed("xdotool mousemove 512 740 click 1") # Next machine.succeed("xdotool mousemove 512 740 click 1") # Next
machine.screenshot("wizard2")
machine.wait_for_text("English") # Keyboard (default) machine.wait_for_text("English") # Keyboard (default)
machine.screenshot("wizard2")
machine.succeed("xdotool mousemove 512 740 click 1") # Next
machine.wait_for_text("Standard") # Profile (default)
machine.screenshot("wizard3") machine.screenshot("wizard3")
machine.succeed("xdotool mousemove 512 740 click 1") # Next machine.succeed("xdotool mousemove 512 740 click 1") # Next
machine.wait_for_text("Title") # Sizing (default) machine.wait_for_text("Standard") # Profile (default)
machine.screenshot("wizard4") machine.screenshot("wizard4")
machine.succeed("xdotool mousemove 512 740 click 1") # Next machine.succeed("xdotool mousemove 512 740 click 1") # Next
machine.wait_for_text("clicked") # Windows Phocus machine.wait_for_text("Title") # Sizing (default)
machine.succeed("xdotool mousemove 512 370 click 1") # Click
machine.screenshot("wizard5") machine.screenshot("wizard5")
machine.succeed("xdotool mousemove 512 740 click 1") # Next machine.succeed("xdotool mousemove 512 740 click 1") # Next
machine.wait_for_text("bindings") # Mouse Modifiers (default) machine.wait_for_text("clicked") # Windows Focus
machine.succeed("xdotool mousemove 512 370 click 1") # Click
machine.screenshot("wizard6") machine.screenshot("wizard6")
machine.succeed("xdotool mousemove 512 740 click 1") # Next machine.succeed("xdotool mousemove 512 740 click 1") # Next
@ -74,7 +70,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
machine.screenshot("wizard8") machine.screenshot("wizard8")
machine.succeed("xdotool mousemove 512 740 click 1") # Next machine.succeed("xdotool mousemove 512 740 click 1") # Next
machine.wait_for_text("Compositing") # Compositing (default) machine.wait_for_text("OpenGL") # Compositing (default)
machine.screenshot("wizard9") machine.screenshot("wizard9")
machine.succeed("xdotool mousemove 512 740 click 1") # Next machine.succeed("xdotool mousemove 512 740 click 1") # Next

18
third_party/nixpkgs/nixos/tests/ergo.nix vendored Normal file
View file

@ -0,0 +1,18 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "ergo";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ mmahut ];
};
nodes = {
machine = { ... }: {
services.ergo.enable = true;
services.ergo.api.keyHash = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf";
};
};
testScript = ''
start_all()
machine.wait_for_unit("ergo.service")
'';
})

2
third_party/nixpkgs/nixos/tests/home-assistant.nix vendored
View file

@ -76,7 +76,7 @@ in {
hass.succeed("test -f ${configDir}/ui-lovelace.yaml") hass.succeed("test -f ${configDir}/ui-lovelace.yaml")
with subtest("Check that Home Assistant's web interface and API can be reached"): with subtest("Check that Home Assistant's web interface and API can be reached"):
hass.wait_for_open_port(8123) hass.wait_for_open_port(8123)
hass.succeed("curl --fail http://localhost:8123/states") hass.succeed("curl --fail http://localhost:8123/lovelace")
assert "API running" in hass.succeed( assert "API running" in hass.succeed(
"curl --fail -H 'x-ha-access: ${apiPassword}' http://localhost:8123/api/" "curl --fail -H 'x-ha-access: ${apiPassword}' http://localhost:8123/api/"
) )

66
third_party/nixpkgs/nixos/tests/hostname.nix vendored Normal file
View file

@ -0,0 +1,66 @@
{ system ? builtins.currentSystem,
config ? {},
pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
let
makeHostNameTest = hostName: domain:
let
fqdn = hostName + (optionalString (domain != null) ".${domain}");
in
makeTest {
name = "hostname-${fqdn}";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ primeos blitz ];
};
machine = { lib, ... }: {
networking.hostName = hostName;
networking.domain = domain;
environment.systemPackages = with pkgs; [
inetutils
];
};
testScript = ''
start_all()
machine = ${hostName}
machine.wait_for_unit("network-online.target")
# The FQDN, domain name, and hostname detection should work as expected:
assert "${fqdn}" == machine.succeed("hostname --fqdn").strip()
assert "${optionalString (domain != null) domain}" == machine.succeed("dnsdomainname").strip()
assert (
"${hostName}"
== machine.succeed(
'hostnamectl status | grep "Static hostname" | cut -d: -f2'
).strip()
)
# 127.0.0.1 and ::1 should resolve back to "localhost":
assert (
"localhost" == machine.succeed("getent hosts 127.0.0.1 | awk '{print $2}'").strip()
)
assert "localhost" == machine.succeed("getent hosts ::1 | awk '{print $2}'").strip()
# 127.0.0.2 should resolve back to the FQDN and hostname:
fqdn_and_host_name = "${optionalString (domain != null) "${hostName}.${domain} "}${hostName}"
assert (
fqdn_and_host_name
== machine.succeed("getent hosts 127.0.0.2 | awk '{print $2,$3}'").strip()
)
'';
};
in
{
noExplicitDomain = makeHostNameTest "ahost" null;
explicitDomain = makeHostNameTest "ahost" "adomain";
}

18
third_party/nixpkgs/nixos/tests/nextcloud/basic.nix vendored
View file

@ -9,7 +9,22 @@ in {
nodes = { nodes = {
# The only thing the client needs to do is download a file. # The only thing the client needs to do is download a file.
client = { ... }: {}; client = { ... }: {
services.davfs2.enable = true;
system.activationScripts.davfs2-secrets = ''
echo "http://nextcloud/remote.php/webdav/ ${adminuser} ${adminpass}" > /tmp/davfs2-secrets
chmod 600 /tmp/davfs2-secrets
'';
fileSystems = pkgs.lib.mkVMOverride {
"/mnt/dav" = {
device = "http://nextcloud/remote.php/webdav/";
fsType = "davfs";
options = let
davfs2Conf = (pkgs.writeText "davfs2.conf" "secrets /tmp/davfs2-secrets");
in [ "conf=${davfs2Conf}" "x-systemd.automount" "noauto"];
};
};
};
nextcloud = { config, pkgs, ... }: { nextcloud = { config, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
@ -60,5 +75,6 @@ in {
client.succeed( client.succeed(
"${withRcloneEnv} ${diffSharedFile}" "${withRcloneEnv} ${diffSharedFile}"
) )
assert "hi" in client.succeed("cat /mnt/dav/test-shared-file")
''; '';
}) })

30
third_party/nixpkgs/nixos/tests/podman.nix vendored
View file

@ -38,23 +38,45 @@ import ./make-test-python.nix (
start_all() start_all()
with subtest("Run container as root"): with subtest("Run container as root with runc"):
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed( podman.succeed(
"podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
) )
podman.succeed("podman ps | grep sleeping") podman.succeed("podman ps | grep sleeping")
podman.succeed("podman stop sleeping") podman.succeed("podman stop sleeping")
podman.succeed("podman rm sleeping")
with subtest("Run container rootless"): with subtest("Run container as root with crun"):
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
"podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
podman.succeed("podman ps | grep sleeping")
podman.succeed("podman stop sleeping")
podman.succeed("podman rm sleeping")
with subtest("Run container rootless with runc"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
podman.succeed( podman.succeed(
su_cmd( su_cmd(
"podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
) )
) )
podman.succeed(su_cmd("podman ps | grep sleeping")) podman.succeed(su_cmd("podman ps | grep sleeping"))
podman.succeed(su_cmd("podman stop sleeping")) podman.succeed(su_cmd("podman stop sleeping"))
podman.succeed(su_cmd("podman rm sleeping"))
with subtest("Run container rootless with crun"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
podman.succeed(
su_cmd(
"podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
)
podman.succeed(su_cmd("podman ps | grep sleeping"))
podman.succeed(su_cmd("podman stop sleeping"))
podman.succeed(su_cmd("podman rm sleeping"))
''; '';
} }
) )

58
third_party/nixpkgs/nixos/tests/sogo.nix vendored Normal file
View file

@ -0,0 +1,58 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "sogo";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ajs124 das_j ];
};
nodes = {
sogo = { config, pkgs, ... }: {
services.nginx.enable = true;
services.mysql = {
enable = true;
package = pkgs.mysql;
ensureDatabases = [ "sogo" ];
ensureUsers = [{
name = "sogo";
ensurePermissions = {
"sogo.*" = "ALL PRIVILEGES";
};
}];
};
services.sogo = {
enable = true;
timezone = "Europe/Berlin";
extraConfig = ''
WOWorkersCount = 1;
SOGoUserSources = (
{
type = sql;
userPasswordAlgorithm = md5;
viewURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_users";
canAuthenticate = YES;
id = users;
}
);
SOGoProfileURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_user_profile";
OCSFolderInfoURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_folder_info";
OCSSessionsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_sessions_folder";
OCSEMailAlarmsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_alarms_folder";
OCSStoreURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_store";
OCSAclURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_acl";
OCSCacheFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_cache_folder";
'';
};
};
};
testScript = ''
start_all()
sogo.wait_for_unit("multi-user.target")
sogo.wait_for_open_port(20000)
sogo.wait_for_open_port(80)
sogo.succeed("curl -sSfL http://sogo/SOGo")
'';
})

24
third_party/nixpkgs/nixos/tests/systemd-binfmt.nix vendored Normal file
View file

@ -0,0 +1,24 @@
# Teach the kernel how to run armv7l and aarch64-linux binaries,
# and run GNU Hello for these architectures.
import ./make-test-python.nix ({ pkgs, ... }: {
name = "systemd-binfmt";
machine = {
boot.binfmt.emulatedSystems = [
"armv7l-linux"
"aarch64-linux"
];
};
testScript = let
helloArmv7l = pkgs.pkgsCross.armv7l-hf-multiplatform.hello;
helloAarch64 = pkgs.pkgsCross.aarch64-multiplatform.hello;
in ''
machine.start()
assert "world" in machine.succeed(
"${helloArmv7l}/bin/hello"
)
assert "world" in machine.succeed(
"${helloAarch64}/bin/hello"
)
'';
})

74
third_party/nixpkgs/nixos/tests/wireguard/basic.nix vendored Normal file
View file

@ -0,0 +1,74 @@
{ kernelPackages ? null }:
import ../make-test-python.nix ({ pkgs, lib, ...} :
let
wg-snakeoil-keys = import ./snakeoil-keys.nix;
peer = (import ./make-peer.nix) { inherit lib; };
in
{
name = "wireguard";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
nodes = {
peer0 = peer {
ip4 = "192.168.0.1";
ip6 = "fd00::1";
extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.1/32" "fc00::1/128" ];
listenPort = 23542;
inherit (wg-snakeoil-keys.peer0) privateKey;
peers = lib.singleton {
allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
inherit (wg-snakeoil-keys.peer1) publicKey;
};
};
};
};
peer1 = peer {
ip4 = "192.168.0.2";
ip6 = "fd00::2";
extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.2/32" "fc00::2/128" ];
listenPort = 23542;
allowedIPsAsRoutes = false;
inherit (wg-snakeoil-keys.peer1) privateKey;
peers = lib.singleton {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "192.168.0.1:23542";
persistentKeepalive = 25;
inherit (wg-snakeoil-keys.peer0) publicKey;
};
postSetup = let inherit (pkgs) iproute; in ''
${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
${iproute}/bin/ip route replace fc00::1/128 dev wg0
'';
};
};
};
};
testScript = ''
start_all()
peer0.wait_for_unit("wireguard-wg0.service")
peer1.wait_for_unit("wireguard-wg0.service")
peer1.succeed("ping -c5 fc00::1")
peer1.succeed("ping -c5 10.23.42.1")
'';
}
)

90
third_party/nixpkgs/nixos/tests/wireguard/default.nix vendored
View file

@ -1,71 +1,27 @@
import ../make-test-python.nix ({ pkgs, lib, ...} : { system ? builtins.currentSystem
let , config ? { }
wg-snakeoil-keys = import ./snakeoil-keys.nix; , pkgs ? import ../../.. { inherit system config; }
peer = (import ./make-peer.nix) { inherit lib; }; , kernelVersionsToTest ? [ "5.4" "latest" ]
in }:
{
name = "wireguard";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
nodes = { with pkgs.lib;
peer0 = peer {
ip4 = "192.168.0.1";
ip6 = "fd00::1";
extraConfig = {
networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.1/32" "fc00::1/128" ];
listenPort = 23542;
inherit (wg-snakeoil-keys.peer0) privateKey; let
tests = let callTest = p: flip (import p) { inherit system pkgs; }; in {
basic = callTest ./basic.nix;
namespaces = callTest ./namespaces.nix;
wg-quick = callTest ./wg-quick.nix;
generated = callTest ./generated.nix;
};
in
peers = lib.singleton { listToAttrs (
allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; flip concatMap kernelVersionsToTest (version:
let
inherit (wg-snakeoil-keys.peer1) publicKey; v' = replaceStrings [ "." ] [ "_" ] version;
}; in
}; flip mapAttrsToList tests (name: test:
}; nameValuePair "wireguard-${name}-linux-${v'}" (test { kernelPackages = pkgs."linuxPackages_${v'}"; })
}; )
)
peer1 = peer {
ip4 = "192.168.0.2";
ip6 = "fd00::2";
extraConfig = {
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.2/32" "fc00::2/128" ];
listenPort = 23542;
allowedIPsAsRoutes = false;
inherit (wg-snakeoil-keys.peer1) privateKey;
peers = lib.singleton {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "192.168.0.1:23542";
persistentKeepalive = 25;
inherit (wg-snakeoil-keys.peer0) publicKey;
};
postSetup = let inherit (pkgs) iproute; in ''
${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
${iproute}/bin/ip route replace fc00::1/128 dev wg0
'';
};
};
};
};
testScript = ''
start_all()
peer0.wait_for_unit("wireguard-wg0.service")
peer1.wait_for_unit("wireguard-wg0.service")
peer1.succeed("ping -c5 fc00::1")
peer1.succeed("ping -c5 10.23.42.1")
'';
}
) )

5
third_party/nixpkgs/nixos/tests/wireguard/generated.nix vendored
View file

@ -1,4 +1,5 @@
import ../make-test-python.nix ({ pkgs, ...} : { { kernelPackages ? null }:
import ../make-test-python.nix ({ pkgs, lib, ... } : {
name = "wireguard-generated"; name = "wireguard-generated";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 grahamc ]; maintainers = [ ma27 grahamc ];
@ -6,6 +7,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
nodes = { nodes = {
peer1 = { peer1 = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 12345 ]; networking.firewall.allowedUDPPorts = [ 12345 ];
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.10.10.1/24" ]; ips = [ "10.10.10.1/24" ];
@ -17,6 +19,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
}; };
peer2 = { peer2 = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 12345 ]; networking.firewall.allowedUDPPorts = [ 12345 ];
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.10.10.2/24" ]; ips = [ "10.10.10.2/24" ];

8
third_party/nixpkgs/nixos/tests/wireguard/namespaces.nix vendored
View file

@ -1,3 +1,5 @@
{ kernelPackages ? null }:
let let
listenPort = 12345; listenPort = 12345;
socketNamespace = "foo"; socketNamespace = "foo";
@ -13,7 +15,7 @@ let
in in
import ../make-test-python.nix ({ pkgs, ...} : { import ../make-test-python.nix ({ pkgs, lib, ... } : {
name = "wireguard-with-namespaces"; name = "wireguard-with-namespaces";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ asymmetric ]; maintainers = [ asymmetric ];
@ -23,6 +25,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the socketNamespace # interface should be created in the socketNamespace
# and not moved from there # and not moved from there
peer0 = pkgs.lib.attrsets.recursiveUpdate node { peer0 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
preSetup = '' preSetup = ''
ip netns add ${socketNamespace} ip netns add ${socketNamespace}
@ -33,6 +36,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the init namespace # interface should be created in the init namespace
# and moved to the interfaceNamespace # and moved to the interfaceNamespace
peer1 = pkgs.lib.attrsets.recursiveUpdate node { peer1 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
preSetup = '' preSetup = ''
ip netns add ${interfaceNamespace} ip netns add ${interfaceNamespace}
@ -43,6 +47,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the socketNamespace # interface should be created in the socketNamespace
# and moved to the interfaceNamespace # and moved to the interfaceNamespace
peer2 = pkgs.lib.attrsets.recursiveUpdate node { peer2 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
preSetup = '' preSetup = ''
ip netns add ${socketNamespace} ip netns add ${socketNamespace}
@ -54,6 +59,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the socketNamespace # interface should be created in the socketNamespace
# and moved to the init namespace # and moved to the init namespace
peer3 = pkgs.lib.attrsets.recursiveUpdate node { peer3 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
preSetup = '' preSetup = ''
ip netns add ${socketNamespace} ip netns add ${socketNamespace}

4
third_party/nixpkgs/nixos/tests/wireguard/wg-quick.nix vendored
View file

@ -1,3 +1,5 @@
{ kernelPackages ? null }:
import ../make-test-python.nix ({ pkgs, lib, ... }: import ../make-test-python.nix ({ pkgs, lib, ... }:
let let
wg-snakeoil-keys = import ./snakeoil-keys.nix; wg-snakeoil-keys = import ./snakeoil-keys.nix;
@ -14,6 +16,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
ip4 = "192.168.0.1"; ip4 = "192.168.0.1";
ip6 = "fd00::1"; ip6 = "fd00::1";
extraConfig = { extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 23542 ]; networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wg-quick.interfaces.wg0 = { networking.wg-quick.interfaces.wg0 = {
address = [ "10.23.42.1/32" "fc00::1/128" ]; address = [ "10.23.42.1/32" "fc00::1/128" ];
@ -34,6 +37,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
ip4 = "192.168.0.2"; ip4 = "192.168.0.2";
ip6 = "fd00::2"; ip6 = "fd00::2";
extraConfig = { extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wg-quick.interfaces.wg0 = { networking.wg-quick.interfaces.wg0 = {
address = [ "10.23.42.2/32" "fc00::2/128" ]; address = [ "10.23.42.2/32" "fc00::2/128" ];
inherit (wg-snakeoil-keys.peer1) privateKey; inherit (wg-snakeoil-keys.peer1) privateKey;

1
third_party/nixpkgs/nixos/tests/yggdrasil.nix vendored
View file

@ -85,6 +85,7 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
MulticastInterfaces = [ "eth1" ]; MulticastInterfaces = [ "eth1" ];
LinkLocalTCPPort = 43210; LinkLocalTCPPort = 43210;
}; };
persistentKeys = true;
}; };
}; };
}; };

23
third_party/nixpkgs/nixos/tests/zoneminder.nix vendored Normal file
View file

@ -0,0 +1,23 @@
import ./make-test-python.nix ({ lib, ...}:
{
name = "zoneminder";
meta.maintainers = with lib.maintainers; [ danielfullmer ];
machine = { ... }:
{
services.zoneminder = {
enable = true;
database.createLocally = true;
database.username = "zoneminder";
};
time.timeZone = "America/New_York";
};
testScript = ''
machine.wait_for_unit("zoneminder.service")
machine.wait_for_unit("nginx.service")
machine.wait_for_open_port(8095)
machine.succeed("curl --fail http://localhost:8095/")
'';
})

4
third_party/nixpkgs/pkgs/applications/audio/audacity/default.nix vendored
View file

@ -7,12 +7,12 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.3.3"; version = "2.4.1";
pname = "audacity"; pname = "audacity";
src = fetchzip { src = fetchzip {
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz"; url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
sha256 = "0ddc03dbm4ixy877czmwd03fpjgr3y68bxfgb6n2q6cv4prp30ig"; sha256 = "1xk0piv72d2xd3p7igr916fhcbrm76fhjr418k1rlqdzzg1hfljn";
}; };
preConfigure = /* we prefer system-wide libs */ '' preConfigure = /* we prefer system-wide libs */ ''

28
third_party/nixpkgs/pkgs/applications/audio/bjumblr/default.nix vendored Normal file
View file

@ -0,0 +1,28 @@
{ stdenv, fetchFromGitHub, libX11, cairo, lv2, pkgconfig, libsndfile }:
stdenv.mkDerivation rec {
pname = "BJumblr";
version = "0.2";
src = fetchFromGitHub {
owner = "sjaehn";
repo = pname;
rev = "v${version}";
sha256 = "14z8113zkwykbhm1a8h2xs972dgifvlfij92b08jckyc7cbz84ys";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [
libX11 cairo lv2 libsndfile
];
installFlags = [ "PREFIX=$(out)" ];
meta = with stdenv.lib; {
homepage = "https://github.com/sjaehn/BJumblr";
description = "Pattern-controlled audio stream / sample re-sequencer LV2 plugin";
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
license = licenses.gpl3;
};
}

4
third_party/nixpkgs/pkgs/applications/audio/bsequencer/default.nix vendored
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "BSEQuencer"; pname = "BSEQuencer";
version = "1.4.0"; version = "1.4.2";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "sjaehn"; owner = "sjaehn";
repo = pname; repo = pname;
rev = "${version}"; rev = "${version}";
sha256 = "1zz1cirmx4wm4im4gjdp691f2042c8d1i8np1ns71f6kqdj9ps3k"; sha256 = "1fz0p0ba00b7k7a8q9mxwj01jwl8xwh9a2npn00pbbdrg9zv4fdr";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];

4
third_party/nixpkgs/pkgs/applications/audio/bshapr/default.nix vendored
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "BShapr"; pname = "BShapr";
version = "0.8"; version = "0.9";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "sjaehn"; owner = "sjaehn";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "0jlq5rjicc4fxlpk869dg0l5bwwz8k9aj2wfk9v89b0qw8l8kaxl"; sha256 = "04zd3a178i2nivg5rjailzqvc5mlnilmhj1ziygmbhshbrywplri";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];

4
third_party/nixpkgs/pkgs/applications/audio/denemo/default.nix vendored
View file

@ -6,11 +6,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "denemo"; pname = "denemo";
version = "2.3.0"; version = "2.4.0";
src = fetchurl { src = fetchurl {
url = "https://ftp.gnu.org/gnu/denemo/denemo-${version}.tar.gz"; url = "https://ftp.gnu.org/gnu/denemo/denemo-${version}.tar.gz";
sha256 = "1blkcl3slbsq9jlhwcf2m9v9g38a0sjfhh9advgi2qr1gxri08by"; sha256 = "145kq0zfgdadykl3i6na221i4s5wzdrcqq48amzyfarnrqk2rmpd";
}; };
buildInputs = [ buildInputs = [

4
third_party/nixpkgs/pkgs/applications/audio/ft2-clone/default.nix vendored
View file

@ -7,13 +7,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ft2-clone"; pname = "ft2-clone";
version = "1.23"; version = "1.24";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "8bitbubsy"; owner = "8bitbubsy";
repo = "ft2-clone"; repo = "ft2-clone";
rev = "v${version}"; rev = "v${version}";
sha256 = "03prdifc2nz7smmzdy19flp33m927vb7j5bhdc46gak753pikw7d"; sha256 = "0wb7xsc2m9f4q5zsf5ai6h6c0558lkziv30b5a8ic64wp0layr6k";
}; };
nativeBuildInputs = [ cmake ]; nativeBuildInputs = [ cmake ];

69
third_party/nixpkgs/pkgs/applications/audio/goattracker/default.nix vendored Normal file
View file

@ -0,0 +1,69 @@
{ stdenv
, fetchurl
, unzip
, makeDesktopItem
, imagemagick
, SDL
, isStereo ? false
}:
with stdenv.lib;
let
pname = "goattracker" + optionalString isStereo "-stereo";
desktopItem = makeDesktopItem {
type = "Application";
name = pname;
desktopName = "GoatTracker 2" + optionalString isStereo " Stereo";
genericName = "Music Tracker";
exec = if isStereo
then "gt2stereo"
else "goattrk2";
icon = "goattracker";
categories = "AudioVideo;AudioVideoEditing;";
extraEntries = "Keywords=tracker;music;";
};
in stdenv.mkDerivation rec {
inherit pname;
version = if isStereo
then "2.76" # stereo
else "2.75"; # normal
src = fetchurl {
url = "mirror://sourceforge/goattracker2/GoatTracker_${version}${optionalString isStereo "_Stereo"}.zip";
sha256 = if isStereo
then "12cz3780x5k047jqdv69n6rjgbfiwv67z850kfl4i37lxja432l7" # stereo
else "1km97nl7qvk6qc5l5j69wncbm76hf86j47sgzgr968423g0bxxlk"; # normal
};
sourceRoot = (if isStereo then "gt2stereo/trunk" else "goattrk2") + "/src";
nativeBuildInputs = [ unzip imagemagick ];
buildInputs = [ SDL ];
# PREFIX gets treated as BINDIR.
makeFlags = [ "PREFIX=$(out)/bin/" ];
# The zip contains some build artifacts.
prePatch = "make clean";
# The destination does not get created automatically.
preBuild = "mkdir -p $out/bin";
# Other files get installed during the build phase.
installPhase = ''
convert goattrk2.bmp goattracker.png
install -Dm644 goattracker.png $out/share/icons/hicolor/32x32/apps/goattracker.png
${desktopItem.buildCommand}
'';
meta = {
description = "A crossplatform music editor for creating Commodore 64 music. Uses reSID library by Dag Lem and supports alternatively HardSID & CatWeasel devices"
+ optionalString isStereo " - Stereo version";
homepage = "https://cadaver.github.io/tools.html";
downloadPage = "https://sourceforge.net/projects/goattracker2/";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ fgaz ];
platforms = platforms.all;
};
}

19
third_party/nixpkgs/pkgs/applications/audio/guitarix/default.nix vendored
View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, gettext, intltool, pkgconfig, python2 { stdenv, fetchurl, fetchpatch, faust, gettext, intltool, pkgconfig, python2
, avahi, bluez, boost, eigen, fftw, glib, glib-networking , avahi, bluez, boost, eigen, fftw, glib, glib-networking
, glibmm, gsettings-desktop-schemas, gtkmm2, libjack2 , glibmm, gsettings-desktop-schemas, gtkmm2, libjack2
, ladspaH, libav, libsndfile, lilv, lrdf, lv2, serd, sord, sratom , ladspaH, libav, libsndfile, lilv, lrdf, lv2, serd, sord, sratom
@ -19,7 +19,15 @@ stdenv.mkDerivation rec {
sha256 = "1nn80m1qagfhvv69za60f0w6ck87vmk77qmqarj7fbr8avwg63s9"; sha256 = "1nn80m1qagfhvv69za60f0w6ck87vmk77qmqarj7fbr8avwg63s9";
}; };
nativeBuildInputs = [ gettext intltool wrapGAppsHook pkgconfig python2 wafHook ]; patches = [
(fetchpatch {
url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/guitarix-0.39.0-fix_faust_and_lv2_plugins.patch?id=8579b4dfe85e04303ad2d9771ed699f04ea7b7cf";
stripLen = 1;
sha256 = "0pgkhi4v4vrzjnig0ggmz207q4x5iyk2n6rjj8s5lv15fia7qzp4";
})
];
nativeBuildInputs = [ faust gettext intltool wrapGAppsHook pkgconfig python2 wafHook ];
buildInputs = [ buildInputs = [
avahi bluez boost eigen fftw glib glibmm glib-networking.out avahi bluez boost eigen fftw glib glibmm glib-networking.out
@ -28,11 +36,16 @@ stdenv.mkDerivation rec {
zita-resampler curl zita-resampler curl
]; ];
postPatch = ''
# Fix build with lv2 1.18: https://github.com/brummer10/guitarix/commit/c0334c72
find . -type f -exec fgrep -q LV2UI_Descriptor {} \; \
-exec sed -i {} -e 's/const struct _\?LV2UI_Descriptor/const LV2UI_Descriptor/' \;
'';
wafConfigureFlags = [ wafConfigureFlags = [
"--shared-lib" "--shared-lib"
"--no-desktop-update" "--no-desktop-update"
"--enable-nls" "--enable-nls"
"--no-faust" # todo: find out why --faust doesn't work
"--install-roboto-font" "--install-roboto-font"
"--includeresampler" "--includeresampler"
"--convolver-ffmpeg" "--convolver-ffmpeg"

4
third_party/nixpkgs/pkgs/applications/audio/kid3/default.nix vendored
View file

@ -9,11 +9,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "kid3"; pname = "kid3";
version = "3.8.2"; version = "3.8.3";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/project/kid3/kid3/${version}/${pname}-${version}.tar.gz"; url = "mirror://sourceforge/project/kid3/kid3/${version}/${pname}-${version}.tar.gz";
sha256 = "051y77swpi9isx275gwzl4fn3igd2dmixbszv9m3h0h9lqhcjrvr"; sha256 = "0i0c4bmsm36jj1v535kil47ig0ig70ykrzcw2f56spr25xns06ka";
}; };
nativeBuildInputs = [ wrapQtAppsHook ]; nativeBuildInputs = [ wrapQtAppsHook ];

4
third_party/nixpkgs/pkgs/applications/audio/mopidy/default.nix vendored
View file

@ -26,6 +26,10 @@ let
mopidy-mpd = callPackage ./mpd.nix { }; mopidy-mpd = callPackage ./mpd.nix { };
mopidy-mpris = callPackage ./mpris.nix { };
mopidy-somafm = callPackage ./somafm.nix { };
mopidy-spotify-tunigo = callPackage ./spotify-tunigo.nix { }; mopidy-spotify-tunigo = callPackage ./spotify-tunigo.nix { };
mopidy-youtube = callPackage ./youtube.nix { }; mopidy-youtube = callPackage ./youtube.nix { };

19
third_party/nixpkgs/pkgs/applications/audio/mopidy/gmusic.nix vendored
View file

@ -1,19 +1,20 @@
{ stdenv, fetchurl, pythonPackages, mopidy }: { stdenv, python3Packages, mopidy }:
pythonPackages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
pname = "mopidy-gmusic"; pname = "mopidy-gmusic";
version = "3.0.0"; version = "4.0.0";
src = fetchurl { src = python3Packages.fetchPypi {
url = "https://github.com/mopidy/mopidy-gmusic/archive/v${version}.tar.gz"; inherit version;
sha256 = "0a2s4xrrhnkv85rx4w5bj6ih9xm34jy0q71fdvbzmi827g9dw5sz"; pname = "Mopidy-GMusic";
sha256 = "14yswmlfs659rs3k595606m77lw9c6pjykb5pikqw21sb97haxl3";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [
mopidy mopidy
pythonPackages.requests python3Packages.requests
pythonPackages.gmusicapi python3Packages.gmusicapi
pythonPackages.cachetools python3Packages.cachetools
]; ];
doCheck = false; doCheck = false;

4
third_party/nixpkgs/pkgs/applications/audio/mopidy/iris.nix vendored
View file

@ -2,11 +2,11 @@
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
pname = "Mopidy-Iris"; pname = "Mopidy-Iris";
version = "3.47.0"; version = "3.49.0";
src = python3Packages.fetchPypi { src = python3Packages.fetchPypi {
inherit pname version; inherit pname version;
sha256 = "1lvq5qsnn2djwkgbadzr7rr6ik2xh8yyj0p3y3hck9pl96ms7lfv"; sha256 = "0zddm7286iwx437gjz47m4g28s8gdcxnm2hmly9w1dzi08aa4fas";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [

27
third_party/nixpkgs/pkgs/applications/audio/mopidy/mpris.nix vendored Normal file
View file

@ -0,0 +1,27 @@
{ stdenv, python3Packages, mopidy }:
python3Packages.buildPythonApplication rec {
pname = "mopidy-mpris";
version = "3.0.1";
src = python3Packages.fetchPypi {
inherit version;
pname = "Mopidy-MPRIS";
sha256 = "0qk46aq5r92qgkldzl41x09naww1gv92l4c4hknyl7yymyvm9lr2";
};
propagatedBuildInputs = [
mopidy
python3Packages.pydbus
];
doCheck = false;
meta = with stdenv.lib; {
homepage = https://www.mopidy.com/;
description = "Mopidy extension for controlling Mopidy through D-Bus using the MPRIS specification";
license = licenses.asl20;
maintainers = [ maintainers.nickhu ];
};
}

26
third_party/nixpkgs/pkgs/applications/audio/mopidy/somafm.nix vendored Normal file
View file

@ -0,0 +1,26 @@
{ stdenv, python3Packages, mopidy }:
python3Packages.buildPythonApplication rec {
pname = "mopidy-somafm";
version = "2.0.0";
src = python3Packages.fetchPypi {
inherit version;
pname = "Mopidy-SomaFM";
sha256 = "1j88rrliys8hqvnb35k1xqw88bvrllcb4rb53lgh82byhscsxlf3";
};
propagatedBuildInputs = [
mopidy
];
doCheck = false;
meta = with stdenv.lib; {
homepage = https://www.mopidy.com/;
description = "Mopidy extension for playing music from SomaFM";
license = licenses.mit;
maintainers = [ maintainers.nickhu ];
};
}

24
third_party/nixpkgs/pkgs/applications/audio/mopidy/youtube.nix vendored
View file

@ -1,17 +1,23 @@
{ stdenv, fetchFromGitHub, pythonPackages, mopidy }: { stdenv, python3Packages, mopidy }:
pythonPackages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
pname = "mopidy-youtube"; pname = "mopidy-youtube";
version = "2.0.2"; version = "3.0";
src = fetchFromGitHub { src = python3Packages.fetchPypi {
owner = "mopidy"; inherit version;
repo = "mopidy-youtube"; pname = "Mopidy-YouTube";
rev = "v${version}"; sha256 = "0x1q9rfnjx65n6hi8s5rw5ff4xv55h63zy52fwm8aksdnzppr7gd";
sha256 = "06r3ikyg2ch5n7fbn3sgj04hk6icpfpk1r856qch41995k3bbfg7";
}; };
propagatedBuildInputs = with pythonPackages; [ mopidy pafy ]; patchPhase = "sed s/bs4/beautifulsoup4/ -i setup.cfg";
propagatedBuildInputs = [
mopidy
python3Packages.beautifulsoup4
python3Packages.cachetools
python3Packages.youtube-dl
];
doCheck = false; doCheck = false;

4
third_party/nixpkgs/pkgs/applications/audio/pt2-clone/default.nix vendored
View file

@ -7,13 +7,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "pt2-clone"; pname = "pt2-clone";
version = "1.12"; version = "1.16";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "8bitbubsy"; owner = "8bitbubsy";
repo = "pt2-clone"; repo = "pt2-clone";
rev = "v${version}"; rev = "v${version}";
sha256 = "1y7kv889rm3nvaigcda4bglvwm799f3gp0zrivkvrg1lrlygs89f"; sha256 = "0rbjphhyca71j22lbyx53w3n2mkdw7xflks2knfaziwdkqcfcvp2";
}; };
nativeBuildInputs = [ cmake ]; nativeBuildInputs = [ cmake ];

4
third_party/nixpkgs/pkgs/applications/audio/qtractor/default.nix vendored
View file

@ -5,11 +5,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "qtractor"; pname = "qtractor";
version = "0.9.13"; version = "0.9.14";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
sha256 = "1hwxdjlzsf1z6xl82s4bdfxa2bfisklrfx361zbzskmg9iymw1gy"; sha256 = "1gh268gdpj7nw19xfh7k2l3aban4yrs1lmx33qswrnngs2izj1fk";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

Some files were not shown because too many files have changed in this diff Show more