Project import generated by Copybara.

GitOrigin-RevId: 296793637b22bdb4d23b479879eba0a71c132a66
This commit is contained in:
Default email 2020-12-03 09:41:04 +01:00
parent fbfd9c6aa3
commit 51e09efdfc
469 changed files with 5841 additions and 3111 deletions
third_party/nixpkgs
.github
doc
lib
maintainers
nixos
pkgs/applications
audio
cadence
littlegptracker
openmpt123
backup/deja-dup
blockchains
editors
gis/qgis
graphics
misc
networking
browsers
cluster
istioctl
terraform-providers
feedreaders/rssguard
instant-messengers/toxic

View file

@ -12,6 +12,7 @@
# GitHub actions
/.github/workflows @Mic92 @zowoq
/.github/workflows/merge-staging @FRidh
# EditorConfig
/.editorconfig @Mic92 @zowoq

View file

@ -0,0 +1,39 @@
name: "merge staging(-next)"
on:
schedule:
# * is a special character in YAML so you have to quote this string
# Merge every 6 hours
- cron: '0 */6 * * *'
jobs:
sync-branch:
if: github.repository == 'NixOS/nixpkgs'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Merge master into staging-next
uses: devmasx/merge-branch@v1.3.1
with:
type: now
from_branch: master
target_branch: staging-next
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Merge staging-next into staging
uses: devmasx/merge-branch@v1.3.1
with:
type: now
from_branch: staging-next
target_branch: staging
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment on failure
uses: peter-evans/create-or-update-comment@v1
if: ${{ failure() }}
with:
issue-number: 105153
body: |
An automatic merge [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}).

View file

@ -0,0 +1,119 @@
# Emacs {#sec-emacs}
## Configuring Emacs
The Emacs package comes with some extra helpers to make it easier to configure. `emacsWithPackages` allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use `company` `counsel`, `flycheck`, `ivy`, `magit`, `projectile`, and `use-package` you could use this as a `~/.config/nixpkgs/config.nix` override:
```nix
{
packageOverrides = pkgs: with pkgs; {
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
company
counsel
flycheck
ivy
magit
projectile
use-package
]));
}
}
```
You can install it like any other packages via `nix-env -iA myEmacs`. However, this will only install those packages. It will not `configure` them for us. To do this, we need to provide a configuration file. Luckily, it is possible to do this from within Nix! By modifying the above example, we can make Emacs load a custom config file. The key is to create a package that provide a `default.el` file in `/share/emacs/site-start/`. Emacs knows to load this file automatically when it starts.
```nix
{
packageOverrides = pkgs: with pkgs; rec {
myEmacsConfig = writeText "default.el" ''
;; initialize package
(require 'package)
(package-initialize 'noactivate)
(eval-when-compile
(require 'use-package))
;; load some packages
(use-package company
:bind ("<C-tab>" . company-complete)
:diminish company-mode
:commands (company-mode global-company-mode)
:defer 1
:config
(global-company-mode))
(use-package counsel
:commands (counsel-descbinds)
:bind (([remap execute-extended-command] . counsel-M-x)
("C-x C-f" . counsel-find-file)
("C-c g" . counsel-git)
("C-c j" . counsel-git-grep)
("C-c k" . counsel-ag)
("C-x l" . counsel-locate)
("M-y" . counsel-yank-pop)))
(use-package flycheck
:defer 2
:config (global-flycheck-mode))
(use-package ivy
:defer 1
:bind (("C-c C-r" . ivy-resume)
("C-x C-b" . ivy-switch-buffer)
:map ivy-minibuffer-map
("C-j" . ivy-call))
:diminish ivy-mode
:commands ivy-mode
:config
(ivy-mode 1))
(use-package magit
:defer
:if (executable-find "git")
:bind (("C-x g" . magit-status)
("C-x G" . magit-dispatch-popup))
:init
(setq magit-completing-read-function 'ivy-completing-read))
(use-package projectile
:commands projectile-mode
:bind-keymap ("C-c p" . projectile-command-map)
:defer 5
:config
(projectile-global-mode))
'';
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
(runCommand "default.el" {} ''
mkdir -p $out/share/emacs/site-lisp
cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
'')
company
counsel
flycheck
ivy
magit
projectile
use-package
]));
};
}
```
This provides a fairly full Emacs start file. It will load in addition to the user's presonal config. You can always disable it by passing `-q` to the Emacs command.
Sometimes `emacsWithPackages` is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in `pkgs/top-level/emacs-packages.nix`). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use `overrideScope'`.
```nix
overrides = self: super: rec {
haskell-mode = self.melpaPackages.haskell-mode;
...
};
((emacsPackagesGen emacs).overrideScope' overrides).emacsWithPackages
(p: with p; [
# here both these package will use haskell-mode of our own choice
ghc-mod
dante
])
```

View file

@ -1,131 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-emacs">
<title>Emacs</title>
<section xml:id="sec-emacs-config">
<title>Configuring Emacs</title>
<para>
The Emacs package comes with some extra helpers to make it easier to configure. <varname>emacsWithPackages</varname> allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use <literal>company</literal>, <literal>counsel</literal>, <literal>flycheck</literal>, <literal>ivy</literal>, <literal>magit</literal>, <literal>projectile</literal>, and <literal>use-package</literal> you could use this as a <filename>~/.config/nixpkgs/config.nix</filename> override:
</para>
<screen>
{
packageOverrides = pkgs: with pkgs; {
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
company
counsel
flycheck
ivy
magit
projectile
use-package
]));
}
}
</screen>
<para>
You can install it like any other packages via <command>nix-env -iA myEmacs</command>. However, this will only install those packages. It will not <literal>configure</literal> them for us. To do this, we need to provide a configuration file. Luckily, it is possible to do this from within Nix! By modifying the above example, we can make Emacs load a custom config file. The key is to create a package that provide a <filename>default.el</filename> file in <filename>/share/emacs/site-start/</filename>. Emacs knows to load this file automatically when it starts.
</para>
<screen>
{
packageOverrides = pkgs: with pkgs; rec {
myEmacsConfig = writeText "default.el" ''
;; initialize package
(require 'package)
(package-initialize 'noactivate)
(eval-when-compile
(require 'use-package))
;; load some packages
(use-package company
:bind ("&lt;C-tab&gt;" . company-complete)
:diminish company-mode
:commands (company-mode global-company-mode)
:defer 1
:config
(global-company-mode))
(use-package counsel
:commands (counsel-descbinds)
:bind (([remap execute-extended-command] . counsel-M-x)
("C-x C-f" . counsel-find-file)
("C-c g" . counsel-git)
("C-c j" . counsel-git-grep)
("C-c k" . counsel-ag)
("C-x l" . counsel-locate)
("M-y" . counsel-yank-pop)))
(use-package flycheck
:defer 2
:config (global-flycheck-mode))
(use-package ivy
:defer 1
:bind (("C-c C-r" . ivy-resume)
("C-x C-b" . ivy-switch-buffer)
:map ivy-minibuffer-map
("C-j" . ivy-call))
:diminish ivy-mode
:commands ivy-mode
:config
(ivy-mode 1))
(use-package magit
:defer
:if (executable-find "git")
:bind (("C-x g" . magit-status)
("C-x G" . magit-dispatch-popup))
:init
(setq magit-completing-read-function 'ivy-completing-read))
(use-package projectile
:commands projectile-mode
:bind-keymap ("C-c p" . projectile-command-map)
:defer 5
:config
(projectile-global-mode))
'';
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
(runCommand "default.el" {} ''
mkdir -p $out/share/emacs/site-lisp
cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
'')
company
counsel
flycheck
ivy
magit
projectile
use-package
]));
};
}
</screen>
<para>
This provides a fairly full Emacs start file. It will load in addition to the user's presonal config. You can always disable it by passing <command>-q</command> to the Emacs command.
</para>
<para>
Sometimes <varname>emacsWithPackages</varname> is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in <filename>pkgs/top-level/emacs-packages.nix</filename>). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use <varname>overrideScope'</varname>.
</para>
<screen>
overrides = self: super: rec {
haskell-mode = self.melpaPackages.haskell-mode;
...
};
((emacsPackagesGen emacs).overrideScope' overrides).emacsWithPackages (p: with p; [
# here both these package will use haskell-mode of our own choice
ghc-mod
dante
])
</screen>
</section>
</section>

View file

@ -0,0 +1,40 @@
# Firefox
## Build wrapped Firefox with extensions and policies
The `wrapFirefox` function allows to pass policies, preferences and extension that are available to firefox. With the help of `fetchFirefoxAddon` this allows build a firefox version that already comes with addons pre-installed:
```nix
{
myFirefox = wrapFirefox firefox-unwrapped {
extraExtensions = [
(fetchFirefoxAddon {
name = "ublock";
url = "https://addons.mozilla.org/firefox/downloads/file/3679754/ublock_origin-1.31.0-an+fx.xpi";
sha256 = "1h768ljlh3pi23l27qp961v1hd0nbj2vasgy11bmcrlqp40zgvnr";
})
];
extraPolicies = {
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DisableFirefoxAccounts = true;
FirefoxHome = {
Pocket = false;
Snippets = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
extraPrefs = ''
// Show more ssl cert infos
lockPref("security.identityblock.show_extended_validation", true);
'';
};
}
```

View file

@ -9,17 +9,18 @@
<xi:include href="dlib.xml" />
<xi:include href="eclipse.xml" />
<xi:include href="elm.xml" />
<xi:include href="emacs.xml" />
<xi:include href="emacs.section.xml" />
<xi:include href="firefox.section.xml" />
<xi:include href="ibus.xml" />
<xi:include href="kakoune.section.xml" />
<xi:include href="linux.xml" />
<xi:include href="linux.section.xml" />
<xi:include href="locales.xml" />
<xi:include href="nginx.xml" />
<xi:include href="opengl.xml" />
<xi:include href="nginx.section.xml" />
<xi:include href="opengl.section.xml" />
<xi:include href="shell-helpers.xml" />
<xi:include href="steam.xml" />
<xi:include href="cataclysm-dda.section.xml" />
<xi:include href="urxvt.xml" />
<xi:include href="weechat.xml" />
<xi:include href="xorg.xml" />
<xi:include href="weechat.section.xml" />
<xi:include href="xorg.section.xml" />
</chapter>

View file

@ -0,0 +1,41 @@
# Linux kernel {#sec-linux-kernel}
The Nix expressions to build the Linux kernel are in [`pkgs/os-specific/linux/kernel`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/kernel).
The function that builds the kernel has an argument `kernelPatches` which should be a list of `{name, patch, extraConfig}` attribute sets, where `name` is the name of the patch (which is included in the kernels `meta.description` attribute), `patch` is the patch itself (possibly compressed), and `extraConfig` (optional) is a string specifying extra options to be concatenated to the kernel configuration file (`.config`).
The kernel derivation exports an attribute `features` specifying whether optional functionality is or isnt enabled. This is used in NixOS to implement kernel-specific behaviour. For instance, if the kernel has the `iwlwifi` feature (i.e. has built-in support for Intel wireless chipsets), then NixOS doesnt have to build the external `iwlwifi` package:
```nix
modulesTree = [kernel]
++ pkgs.lib.optional (!kernel.features ? iwlwifi) kernelPackages.iwlwifi
++ ...;
```
How to add a new (major) version of the Linux kernel to Nixpkgs:
1. Copy the old Nix expression (e.g. `linux-2.6.21.nix`) to the new one (e.g. `linux-2.6.22.nix`) and update it.
2. Add the new kernel to `all-packages.nix` (e.g., create an attribute `kernel_2_6_22`).
3. Now were going to update the kernel configuration. First unpack the kernel. Then for each supported platform (`i686`, `x86_64`, `uml`) do the following:
1. Make an copy from the old config (e.g. `config-2.6.21-i686-smp`) to the new one (e.g. `config-2.6.22-i686-smp`).
2. Copy the config file for this platform (e.g. `config-2.6.22-i686-smp`) to `.config` in the kernel source tree.
3. Run `make oldconfig ARCH={i386,x86_64,um}` and answer all questions. (For the uml configuration, also add `SHELL=bash`.) Make sure to keep the configuration consistent between platforms (i.e. dont enable some feature on `i686` and disable it on `x86_64`).
4. If needed you can also run `make menuconfig`:
```ShellSession
$ nix-env -i ncurses
$ export NIX_CFLAGS_LINK=-lncurses
$ make menuconfig ARCH=arch
```
5. Copy `.config` over the new config file (e.g. `config-2.6.22-i686-smp`).
4. Test building the kernel: `nix-build -A kernel_2_6_22`. If it compiles, ship it! For extra credit, try booting NixOS with it.
5. It may be that the new kernel requires updating the external kernel modules and kernel-dependent packages listed in the `linuxPackagesFor` function in `all-packages.nix` (such as the NVIDIA drivers, AUFS, etc.). If the updated packages arent backwards compatible with older kernels, you may need to keep the older versions around.

View file

@ -1,85 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-linux-kernel">
<title>Linux kernel</title>
<para>
The Nix expressions to build the Linux kernel are in <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/kernel"><filename>pkgs/os-specific/linux/kernel</filename></link>.
</para>
<para>
The function that builds the kernel has an argument <varname>kernelPatches</varname> which should be a list of <literal>{name, patch, extraConfig}</literal> attribute sets, where <varname>name</varname> is the name of the patch (which is included in the kernels <varname>meta.description</varname> attribute), <varname>patch</varname> is the patch itself (possibly compressed), and <varname>extraConfig</varname> (optional) is a string specifying extra options to be concatenated to the kernel configuration file (<filename>.config</filename>).
</para>
<para>
The kernel derivation exports an attribute <varname>features</varname> specifying whether optional functionality is or isnt enabled. This is used in NixOS to implement kernel-specific behaviour. For instance, if the kernel has the <varname>iwlwifi</varname> feature (i.e. has built-in support for Intel wireless chipsets), then NixOS doesnt have to build the external <varname>iwlwifi</varname> package:
<programlisting>
modulesTree = [kernel]
++ pkgs.lib.optional (!kernel.features ? iwlwifi) kernelPackages.iwlwifi
++ ...;
</programlisting>
</para>
<para>
How to add a new (major) version of the Linux kernel to Nixpkgs:
<orderedlist>
<listitem>
<para>
Copy the old Nix expression (e.g. <filename>linux-2.6.21.nix</filename>) to the new one (e.g. <filename>linux-2.6.22.nix</filename>) and update it.
</para>
</listitem>
<listitem>
<para>
Add the new kernel to <filename>all-packages.nix</filename> (e.g., create an attribute <varname>kernel_2_6_22</varname>).
</para>
</listitem>
<listitem>
<para>
Now were going to update the kernel configuration. First unpack the kernel. Then for each supported platform (<literal>i686</literal>, <literal>x86_64</literal>, <literal>uml</literal>) do the following:
<orderedlist>
<listitem>
<para>
Make an copy from the old config (e.g. <filename>config-2.6.21-i686-smp</filename>) to the new one (e.g. <filename>config-2.6.22-i686-smp</filename>).
</para>
</listitem>
<listitem>
<para>
Copy the config file for this platform (e.g. <filename>config-2.6.22-i686-smp</filename>) to <filename>.config</filename> in the kernel source tree.
</para>
</listitem>
<listitem>
<para>
Run <literal>make oldconfig ARCH=<replaceable>{i386,x86_64,um}</replaceable></literal> and answer all questions. (For the uml configuration, also add <literal>SHELL=bash</literal>.) Make sure to keep the configuration consistent between platforms (i.e. dont enable some feature on <literal>i686</literal> and disable it on <literal>x86_64</literal>).
</para>
</listitem>
<listitem>
<para>
If needed you can also run <literal>make menuconfig</literal>:
<screen>
<prompt>$ </prompt>nix-env -i ncurses
<prompt>$ </prompt>export NIX_CFLAGS_LINK=-lncurses
<prompt>$ </prompt>make menuconfig ARCH=<replaceable>arch</replaceable></screen>
</para>
</listitem>
<listitem>
<para>
Copy <filename>.config</filename> over the new config file (e.g. <filename>config-2.6.22-i686-smp</filename>).
</para>
</listitem>
</orderedlist>
</para>
</listitem>
<listitem>
<para>
Test building the kernel: <literal>nix-build -A kernel_2_6_22</literal>. If it compiles, ship it! For extra credit, try booting NixOS with it.
</para>
</listitem>
<listitem>
<para>
It may be that the new kernel requires updating the external kernel modules and kernel-dependent packages listed in the <varname>linuxPackagesFor</varname> function in <filename>all-packages.nix</filename> (such as the NVIDIA drivers, AUFS, etc.). If the updated packages arent backwards compatible with older kernels, you may need to keep the older versions around.
</para>
</listitem>
</orderedlist>
</para>
</section>

View file

@ -0,0 +1,11 @@
# Nginx {#sec-nginx}
[Nginx](https://nginx.org) is a reverse proxy and lightweight webserver.
## ETags on static files served from the Nix store {#sec-nginx-etag}
HTTP has a couple different mechanisms for caching to prevent clients from having to download the same content repeatedly if a resource has not changed since the last time it was requested. When nginx is used as a server for static files, it implements the caching mechanism based on the [`Last-Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified) response header automatically; unfortunately, it works by using filesystem timestamps to determine the value of the `Last-Modified` header. This doesn't give the desired behavior when the file is in the Nix store, because all file timestamps are set to 0 (for reasons related to build reproducibility).
Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) response header. The value of the `ETag` header specifies some identifier for the particular content that the server is sending (e.g. a hash). When a client makes a second request for the same resource, it sends that value back in an `If-None-Match` header. If the ETag value is unchanged, then the server does not need to resend the content.
As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. This happens automatically; you do not need to do modify any configuration to get this behavior.

View file

@ -1,25 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-nginx">
<title>Nginx</title>
<para>
<link xlink:href="https://nginx.org/">Nginx</link> is a reverse proxy and lightweight webserver.
</para>
<section xml:id="sec-nginx-etag">
<title>ETags on static files served from the Nix store</title>
<para>
HTTP has a couple different mechanisms for caching to prevent clients from having to download the same content repeatedly if a resource has not changed since the last time it was requested. When nginx is used as a server for static files, it implements the caching mechanism based on the <link xlink:href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified"><literal>Last-Modified</literal></link> response header automatically; unfortunately, it works by using filesystem timestamps to determine the value of the <literal>Last-Modified</literal> header. This doesn't give the desired behavior when the file is in the Nix store, because all file timestamps are set to 0 (for reasons related to build reproducibility).
</para>
<para>
Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the <link xlink:href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag"><literal>ETag</literal></link> response header. The value of the <literal>ETag</literal> header specifies some identifier for the particular content that the server is sending (e.g. a hash). When a client makes a second request for the same resource, it sends that value back in an <literal>If-None-Match</literal> header. If the ETag value is unchanged, then the server does not need to resend the content.
</para>
<para>
As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of <filename>/nix/store</filename>, the hash in the store path is used as the <literal>ETag</literal> header in the HTTP response, thus providing proper caching functionality. This happens automatically; you do not need to do modify any configuration to get this behavior.
</para>
</section>
</section>

View file

@ -0,0 +1,15 @@
# OpenGL {#sec-opengl}
OpenGL support varies depending on which hardware is used and which drivers are available and loaded.
Broadly, we support both GL vendors: Mesa and NVIDIA.
## NixOS Desktop
The NixOS desktop or other non-headless configurations are the primary target for OpenGL libraries and applications. The current solution for discovering which drivers are available is based on [libglvnd](https://gitlab.freedesktop.org/glvnd/libglvnd). `libglvnd` performs "vendor-neutral dispatch", trying a variety of techniques to find the system's GL implementation. In practice, this will be either via standard GLX for X11 users or EGL for Wayland users, and supporting either NVIDIA or Mesa extensions.
## Nix on GNU/Linux
If you are using a non-NixOS GNU/Linux/X11 desktop with free software video drivers, consider launching OpenGL-dependent programs from Nixpkgs with Nixpkgs versions of `libglvnd` and `mesa.drivers` in `LD_LIBRARY_PATH`. For Mesa drivers, the Linux kernel version doesn't have to match nixpkgs.
For proprietary video drivers you might have luck with also adding the corresponding video driver package.

View file

@ -1,9 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-opengl">
<title>OpenGL</title>
<para>
Packages that use OpenGL have NixOS desktop as their primary target. The current solution for loading the GPU-specific drivers is based on <literal>libglvnd</literal> and looks for the driver implementation in <literal>LD_LIBRARY_PATH</literal>. If you are using a non-NixOS GNU/Linux/X11 desktop with free software video drivers, consider launching OpenGL-dependent programs from Nixpkgs with Nixpkgs versions of <literal>libglvnd</literal> and <literal>mesa.drivers</literal> in <literal>LD_LIBRARY_PATH</literal>. For proprietary video drivers you might have luck with also adding the corresponding video driver package.
</para>
</section>

View file

@ -0,0 +1,85 @@
# Weechat {#sec-weechat}
Weechat can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, install an expression that overrides its configuration such as
```nix
weechat.override {configure = {availablePlugins, ...}: {
plugins = with availablePlugins; [ python perl ];
}
}
```
If the `configure` function returns an attrset without the `plugins` attribute, `availablePlugins` will be used automatically.
The plugins currently available are `python`, `perl`, `ruby`, `guile`, `tcl` and `lua`.
The python and perl plugins allows the addition of extra libraries. For instance, the `inotify.py` script in `weechat-scripts` requires D-Bus or libnotify, and the `fish.py` script requires `pycrypto`. To use these scripts, use the plugin's `withPackages` attribute:
```nix
weechat.override { configure = {availablePlugins, ...}: {
plugins = with availablePlugins; [
(python.withPackages (ps: with ps; [ pycrypto python-dbus ]))
];
};
}
```
In order to also keep all default plugins installed, it is possible to use the following method:
```nix
weechat.override { configure = { availablePlugins, ... }: {
plugins = builtins.attrValues (availablePlugins // {
python = availablePlugins.python.withPackages (ps: with ps; [ pycrypto python-dbus ]);
});
}; }
```
WeeChat allows to set defaults on startup using the `--run-command`. The `configure` method can be used to pass commands to the program:
```nix
weechat.override {
configure = { availablePlugins, ... }: {
init = ''
/set foo bar
/server add freenode chat.freenode.org
'';
};
}
```
Further values can be added to the list of commands when running `weechat --run-command "your-commands"`.
Additionally it's possible to specify scripts to be loaded when starting `weechat`. These will be loaded before the commands from `init`:
```nix
weechat.override {
configure = { availablePlugins, ... }: {
scripts = with pkgs.weechatScripts; [
weechat-xmpp weechat-matrix-bridge wee-slack
];
init = ''
/set plugins.var.python.jabber.key "val"
'':
};
}
```
In `nixpkgs` there's a subpackage which contains derivations for WeeChat scripts. Such derivations expect a `passthru.scripts` attribute which contains a list of all scripts inside the store path. Furthermore all scripts have to live in `$out/share`. An exemplary derivation looks like this:
```nix
{ stdenv, fetchurl }:
stdenv.mkDerivation {
name = "exemplary-weechat-script";
src = fetchurl {
url = "https://scripts.tld/your-scripts.tar.gz";
sha256 = "...";
};
passthru.scripts = [ "foo.py" "bar.lua" ];
installPhase = ''
mkdir $out/share
cp foo.py $out/share
cp bar.lua $out/share
'';
}
```

View file

@ -1,85 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-weechat">
<title>Weechat</title>
<para>
Weechat can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, install an expression that overrides its configuration such as
<programlisting>weechat.override {configure = {availablePlugins, ...}: {
plugins = with availablePlugins; [ python perl ];
}
}</programlisting>
If the <literal>configure</literal> function returns an attrset without the <literal>plugins</literal> attribute, <literal>availablePlugins</literal> will be used automatically.
</para>
<para>
The plugins currently available are <literal>python</literal>, <literal>perl</literal>, <literal>ruby</literal>, <literal>guile</literal>, <literal>tcl</literal> and <literal>lua</literal>.
</para>
<para>
The python and perl plugins allows the addition of extra libraries. For instance, the <literal>inotify.py</literal> script in weechat-scripts requires D-Bus or libnotify, and the <literal>fish.py</literal> script requires pycrypto. To use these scripts, use the plugin's <literal>withPackages</literal> attribute:
<programlisting>weechat.override { configure = {availablePlugins, ...}: {
plugins = with availablePlugins; [
(python.withPackages (ps: with ps; [ pycrypto python-dbus ]))
];
};
}
</programlisting>
</para>
<para>
In order to also keep all default plugins installed, it is possible to use the following method:
<programlisting>weechat.override { configure = { availablePlugins, ... }: {
plugins = builtins.attrValues (availablePlugins // {
python = availablePlugins.python.withPackages (ps: with ps; [ pycrypto python-dbus ]);
});
}; }
</programlisting>
</para>
<para>
WeeChat allows to set defaults on startup using the <literal>--run-command</literal>. The <literal>configure</literal> method can be used to pass commands to the program:
<programlisting>weechat.override {
configure = { availablePlugins, ... }: {
init = ''
/set foo bar
/server add freenode chat.freenode.org
'';
};
}</programlisting>
Further values can be added to the list of commands when running <literal>weechat --run-command "your-commands"</literal>.
</para>
<para>
Additionally it's possible to specify scripts to be loaded when starting <literal>weechat</literal>. These will be loaded before the commands from <literal>init</literal>:
<programlisting>weechat.override {
configure = { availablePlugins, ... }: {
scripts = with pkgs.weechatScripts; [
weechat-xmpp weechat-matrix-bridge wee-slack
];
init = ''
/set plugins.var.python.jabber.key "val"
'':
};
}</programlisting>
</para>
<para>
In <literal>nixpkgs</literal> there's a subpackage which contains derivations for WeeChat scripts. Such derivations expect a <literal>passthru.scripts</literal> attribute which contains a list of all scripts inside the store path. Furthermore all scripts have to live in <literal>$out/share</literal>. An exemplary derivation looks like this:
<programlisting>{ stdenv, fetchurl }:
stdenv.mkDerivation {
name = "exemplary-weechat-script";
src = fetchurl {
url = "https://scripts.tld/your-scripts.tar.gz";
sha256 = "...";
};
passthru.scripts = [ "foo.py" "bar.lua" ];
installPhase = ''
mkdir $out/share
cp foo.py $out/share
cp bar.lua $out/share
'';
}</programlisting>
</para>
</section>

View file

@ -0,0 +1,34 @@
# X.org {#sec-xorg}
The Nix expressions for the X.org packages reside in `pkgs/servers/x11/xorg/default.nix`. This file is automatically generated from lists of tarballs in an X.org release. As such it should not be modified directly; rather, you should modify the lists, the generator script or the file `pkgs/servers/x11/xorg/overrides.nix`, in which you can override or add to the derivations produced by the generator.
## Katamari Tarballs
X.org upstream releases used to include [katamari](https://en.wiktionary.org/wiki/%E3%81%8B%E3%81%9F%E3%81%BE%E3%82%8A) releases, which included a holistic recommended version for each tarball, up until 7.7. To create a list of tarballs in a katamari release:
```ShellSession
export release="X11R7.7"
export url="mirror://xorg/$release/src/everything/"
cat $(PRINT_PATH=1 nix-prefetch-url $url | tail -n 1) \
| perl -e 'while (<>) { if (/(href|HREF)="([^"]*.bz2)"/) { print "$ENV{'url'}$2\n"; }; }' \
| sort > "tarballs-$release.list"
```
## Individual Tarballs
The upstream release process for [X11R7.8](https://x.org/wiki/Releases/7.8/) does not include a planned katamari. Instead, each component of X.org is released as its own tarball. We maintain `pkgs/servers/x11/xorg/tarballs.list` as a list of tarballs for each individual package. This list includes X.org core libraries and protocol descriptions, extra newer X11 interface libraries, like `xorg.libxcb`, and classic utilities which are largely unused but still available if needed, like `xorg.imake`.
## Generating Nix Expressions
The generator is invoked as follows:
```ShellSession
cd pkgs/servers/x11/xorg
<tarballs.list perl ./generate-expr-from-tarballs.pl
```
For each of the tarballs in the `.list` files, the script downloads it, unpacks it, and searches its `configure.ac` and `*.pc.in` files for dependencies. This information is used to generate `default.nix`. The generator caches downloaded tarballs between runs. Pay close attention to the `NOT FOUND: $NAME` messages at the end of the run, since they may indicate missing dependencies. (Some might be optional dependencies, however.)
## Overriding the Generator
If the expression for a package requires derivation attributes that the generator cannot figure out automatically (say, `patches` or a `postInstall` hook), you should modify `pkgs/servers/x11/xorg/overrides.nix`.

View file

@ -1,34 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-xorg">
<title>X.org</title>
<para>
The Nix expressions for the X.org packages reside in <filename>pkgs/servers/x11/xorg/default.nix</filename>. This file is automatically generated from lists of tarballs in an X.org release. As such it should not be modified directly; rather, you should modify the lists, the generator script or the file <filename>pkgs/servers/x11/xorg/overrides.nix</filename>, in which you can override or add to the derivations produced by the generator.
</para>
<para>
The generator is invoked as follows:
<screen>
<prompt>$ </prompt>cd pkgs/servers/x11/xorg
<prompt>$ </prompt>cat tarballs-7.5.list extra.list old.list \
| perl ./generate-expr-from-tarballs.pl
</screen>
For each of the tarballs in the <filename>.list</filename> files, the script downloads it, unpacks it, and searches its <filename>configure.ac</filename> and <filename>*.pc.in</filename> files for dependencies. This information is used to generate <filename>default.nix</filename>. The generator caches downloaded tarballs between runs. Pay close attention to the <literal>NOT FOUND: <replaceable>name</replaceable></literal> messages at the end of the run, since they may indicate missing dependencies. (Some might be optional dependencies, however.)
</para>
<para>
A file like <filename>tarballs-7.5.list</filename> contains all tarballs in a X.org release. It can be generated like this:
<screen>
<prompt>$ </prompt>export i="mirror://xorg/X11R7.4/src/everything/"
<prompt>$ </prompt>cat $(PRINT_PATH=1 nix-prefetch-url $i | tail -n 1) \
| perl -e 'while (&lt;>) { if (/(href|HREF)="([^"]*.bz2)"/) { print "$ENV{'i'}$2\n"; }; }' \
| sort > tarballs-7.4.list
</screen>
<filename>extra.list</filename> contains libraries that arent part of X.org proper, but are closely related to it, such as <literal>libxcb</literal>. <filename>old.list</filename> contains some packages that were removed from X.org, but are still needed by some people or by other packages (such as <varname>imake</varname>).
</para>
<para>
If the expression for a package requires derivation attributes that the generator cannot figure out automatically (say, <varname>patches</varname> or a <varname>postInstall</varname> hook), you should modify <filename>pkgs/servers/x11/xorg/overrides.nix</filename>.
</para>
</section>

View file

@ -467,12 +467,8 @@
It is possible for community members that have enough knowledge and experience on a special topic to contribute by merging pull requests.
</para>
<para>
TODO: add the procedure to request merging rights.
</para>
<!--
The following paragraph about how to deal with unactive contributors is just a
The following paragraphs about how to deal with unactive contributors is just a
proposition and should be modified to what the community agrees to be the right
policy.
@ -480,6 +476,10 @@ policy.
three months will have their commit rights revoked.</para>
-->
<para>
Please see the discussion in <link xlink:href="https://github.com/NixOS/nixpkgs/issues/50105">GitHub nixpkgs issue #50105</link> for information on how to proceed to be granted this level of access.
</para>
<para>
In a case a contributor definitively leaves the Nix community, they should create an issue or post on <link
xlink:href="https://discourse.nixos.org">Discourse</link> with references of packages and modules they maintain so the maintainership can be taken over by other contributors.

View file

@ -0,0 +1,40 @@
# Coq {#sec-language-coq}
Coq libraries should be installed in `$(out)/lib/coq/${coq.coq-version}/user-contrib/`. Such directories are automatically added to the `$COQPATH` environment variable by the hook defined in the Coq derivation.
Some extensions (plugins) might require OCaml and sometimes other OCaml packages. The `coq.ocamlPackages` attribute can be used to depend on the same package set Coq was built against.
Coq libraries may be compatible with some specific versions of Coq only. The `compatibleCoqVersions` attribute is used to precisely select those versions of Coq that are compatible with this derivation.
Here is a simple package example. It is a pure Coq library, thus it depends on Coq. It builds on the Mathematical Components library, thus it also takes `mathcomp` as `buildInputs`. Its `Makefile` has been generated using `coq_makefile` so we only have to set the `$COQLIB` variable at install time.
```nix
{ stdenv, fetchFromGitHub, coq, mathcomp }:
stdenv.mkDerivation rec {
name = "coq${coq.coq-version}-multinomials-${version}";
version = "1.0";
src = fetchFromGitHub {
owner = "math-comp";
repo = "multinomials";
rev = version;
sha256 = "1qmbxp1h81cy3imh627pznmng0kvv37k4hrwi2faa101s6bcx55m";
};
buildInputs = [ coq ];
propagatedBuildInputs = [ mathcomp ];
installFlags = "COQLIB=$(out)/lib/coq/${coq.coq-version}/";
meta = {
description = "A Coq/SSReflect Library for Monoidal Rings and Multinomials";
inherit (src.meta) homepage;
license = stdenv.lib.licenses.cecill-b;
inherit (coq.meta) platforms;
};
passthru = {
compatibleCoqVersions = v: builtins.elem v [ "8.5" "8.6" "8.7" ];
};
}
```

View file

@ -1,52 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-language-coq">
<title>Coq</title>
<para>
Coq libraries should be installed in <literal>$(out)/lib/coq/${coq.coq-version}/user-contrib/</literal>. Such directories are automatically added to the <literal>$COQPATH</literal> environment variable by the hook defined in the Coq derivation.
</para>
<para>
Some extensions (plugins) might require OCaml and sometimes other OCaml packages. The <literal>coq.ocamlPackages</literal> attribute can be used to depend on the same package set Coq was built against.
</para>
<para>
Coq libraries may be compatible with some specific versions of Coq only. The <literal>compatibleCoqVersions</literal> attribute is used to precisely select those versions of Coq that are compatible with this derivation.
</para>
<para>
Here is a simple package example. It is a pure Coq library, thus it depends on Coq. It builds on the Mathematical Components library, thus it also takes <literal>mathcomp</literal> as <literal>buildInputs</literal>. Its <literal>Makefile</literal> has been generated using <literal>coq_makefile</literal> so we only have to set the <literal>$COQLIB</literal> variable at install time.
</para>
<programlisting>
{ stdenv, fetchFromGitHub, coq, mathcomp }:
stdenv.mkDerivation rec {
name = "coq${coq.coq-version}-multinomials-${version}";
version = "1.0";
src = fetchFromGitHub {
owner = "math-comp";
repo = "multinomials";
rev = version;
sha256 = "1qmbxp1h81cy3imh627pznmng0kvv37k4hrwi2faa101s6bcx55m";
};
buildInputs = [ coq ];
propagatedBuildInputs = [ mathcomp ];
installFlags = "COQLIB=$(out)/lib/coq/${coq.coq-version}/";
meta = {
description = "A Coq/SSReflect Library for Monoidal Rings and Multinomials";
inherit (src.meta) homepage;
license = stdenv.lib.licenses.cecill-b;
inherit (coq.meta) platforms;
};
passthru = {
compatibleCoqVersions = v: builtins.elem v [ "8.5" "8.6" "8.7" ];
};
}
</programlisting>
</section>

View file

@ -9,7 +9,7 @@
<xi:include href="android.section.xml" />
<xi:include href="beam.section.xml" />
<xi:include href="bower.xml" />
<xi:include href="coq.xml" />
<xi:include href="coq.section.xml" />
<xi:include href="crystal.section.xml" />
<xi:include href="emscripten.section.xml" />
<xi:include href="gnome.xml" />
@ -17,7 +17,7 @@
<xi:include href="haskell.section.xml" />
<xi:include href="idris.section.xml" />
<xi:include href="ios.section.xml" />
<xi:include href="java.xml" />
<xi:include href="java.section.xml" />
<xi:include href="lua.section.xml" />
<xi:include href="maven.section.xml" />
<xi:include href="node.section.xml" />
@ -29,7 +29,7 @@
<xi:include href="r.section.xml" />
<xi:include href="ruby.section.xml" />
<xi:include href="rust.section.xml" />
<xi:include href="texlive.xml" />
<xi:include href="texlive.section.xml" />
<xi:include href="titanium.section.xml" />
<xi:include href="vim.section.xml" />
</chapter>

View file

@ -0,0 +1,91 @@
# Java {#sec-language-java}
Ant-based Java packages are typically built from source as follows:
```nix
stdenv.mkDerivation {
name = "...";
src = fetchurl { ... };
nativeBuildInputs = [ jdk ant ];
buildPhase = "ant";
}
```
Note that `jdk` is an alias for the OpenJDK (self-built where available,
or pre-built via Zulu). Platforms with OpenJDK not (yet) in Nixpkgs
(`Aarch32`, `Aarch64`) point to the (unfree) `oraclejdk`.
JAR files that are intended to be used by other packages should be
installed in `$out/share/java`. JDKs have a stdenv setup hook that add
any JARs in the `share/java` directories of the build inputs to the
`CLASSPATH` environment variable. For instance, if the package `libfoo`
installs a JAR named `foo.jar` in its `share/java` directory, and
another package declares the attribute
```nix
buildInputs = [ libfoo ];
nativeBuildInputs = [ jdk ];
```
then `CLASSPATH` will be set to
`/nix/store/...-libfoo/share/java/foo.jar`.
Private JARs should be installed in a location like
`$out/share/package-name`.
If your Java package provides a program, you need to generate a wrapper
script to run it using a JRE. You can use `makeWrapper` for this:
```nix
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
makeWrapper ${jre}/bin/java $out/bin/foo \
--add-flags "-cp $out/share/java/foo.jar org.foo.Main"
'';
```
Since the introduction of the Java Platform Module System in Java 9,
Java distributions typically no longer ship with a general-purpose JRE:
instead, they allow generating a JRE with only the modules required for
your application(s). Because we can't predict what modules will be
needed on a general-purpose system, the default jre package is the full
JDK. When building a minimal system/image, you can override the
`modules` parameter on `jre_minimal` to build a JRE with only the
modules relevant for you:
```nix
let
my_jre = pkgs.jre_minimal.override {
modules = [
# The modules used by 'something' and 'other' combined:
"java.base"
"java.logging"
];
};
something = (pkgs.something.override { jre = my_jre; });
other = (pkgs.other.override { jre = my_jre; });
in
...
```
Note all JDKs passthru `home`, so if your application requires
environment variables like `JAVA_HOME` being set, that can be done in a
generic fashion with the `--set` argument of `makeWrapper`:
```bash
--set JAVA_HOME ${jdk.home}
```
It is possible to use a different Java compiler than `javac` from the
OpenJDK. For instance, to use the GNU Java Compiler:
```nix
nativeBuildInputs = [ gcj ant ];
```
Here, Ant will automatically use `gij` (the GNU Java Runtime) instead of
the OpenJRE.

View file

@ -1,77 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-language-java">
<title>Java</title>
<para>
Ant-based Java packages are typically built from source as follows:
<programlisting>
stdenv.mkDerivation {
name = "...";
src = fetchurl { ... };
nativeBuildInputs = [ jdk ant ];
buildPhase = "ant";
}
</programlisting>
Note that <varname>jdk</varname> is an alias for the OpenJDK (self-built where available, or pre-built via Zulu). Platforms with OpenJDK not (yet) in Nixpkgs (<literal>Aarch32</literal>, <literal>Aarch64</literal>) point to the (unfree) <literal>oraclejdk</literal>.
</para>
<para>
JAR files that are intended to be used by other packages should be installed in <filename>$out/share/java</filename>. JDKs have a stdenv setup hook that add any JARs in the <filename>share/java</filename> directories of the build inputs to the <envar>CLASSPATH</envar> environment variable. For instance, if the package <literal>libfoo</literal> installs a JAR named <filename>foo.jar</filename> in its <filename>share/java</filename> directory, and another package declares the attribute
<programlisting>
buildInputs = [ libfoo ];
nativeBuildInputs = [ jdk ];
</programlisting>
then <envar>CLASSPATH</envar> will be set to <filename>/nix/store/...-libfoo/share/java/foo.jar</filename>.
</para>
<para>
Private JARs should be installed in a location like <filename>$out/share/<replaceable>package-name</replaceable></filename>.
</para>
<para>
If your Java package provides a program, you need to generate a wrapper script to run it using a JRE. You can use <literal>makeWrapper</literal> for this:
<programlisting>
nativeBuildInputs = [ makeWrapper ];
installPhase =
''
mkdir -p $out/bin
makeWrapper ${jre}/bin/java $out/bin/foo \
--add-flags "-cp $out/share/java/foo.jar org.foo.Main"
'';
</programlisting>
Since the introduction of the Java Platform Module System in Java 9, Java distributions typically no longer ship with a general-purpose JRE: instead, they allow generating a JRE with only the modules required for your application(s). Because we can't predict what modules will be needed on a general-purpose system, the default <package>jre</package> package is the full JDK. When building a minimal system/image, you can override the <literal>modules</literal> parameter on <literal>jre_minimal</literal> to build a JRE with only the modules relevant for you:
<programlisting>
let
my_jre = pkgs.jre_minimal.override {
modules = [
# The modules used by 'something' and 'other' combined:
"java.base"
"java.logging"
];
};
something = (pkgs.something.override { jre = my_jre; });
other = (pkgs.other.override { jre = my_jre; });
in
...
</programlisting>
</para>
<para>
Note all JDKs passthru <literal>home</literal>, so if your application requires environment variables like <envar>JAVA_HOME</envar> being set, that can be done in a generic fashion with the <literal>--set</literal> argument of <literal>makeWrapper</literal>:
<programlisting>
--set JAVA_HOME ${jdk.home}
</programlisting>
</para>
<para>
It is possible to use a different Java compiler than <command>javac</command> from the OpenJDK. For instance, to use the GNU Java Compiler:
<programlisting>
nativeBuildInputs = [ gcj ant ];
</programlisting>
Here, Ant will automatically use <command>gij</command> (the GNU Java Runtime) instead of the OpenJRE.
</para>
</section>

View file

@ -0,0 +1,128 @@
# TeX Live {#sec-language-texlive}
Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute `texlive`.
## User's guide {#sec-language-texlive-user-guide}
- For basic usage just pull `texlive.combined.scheme-basic` for an environment with basic LaTeX support.
- It typically won't work to use separately installed packages together. Instead, you can build a custom set of packages like this:
```nix
texlive.combine {
inherit (texlive) scheme-small collection-langkorean algorithms cm-super;
}
```
- There are all the schemes, collections and a few thousand packages, as defined upstream (perhaps with tiny differences).
- By default you only get executables and files needed during runtime, and a little documentation for the core packages. To change that, you need to add `pkgFilter` function to `combine`.
```nix
texlive.combine {
# inherit (texlive) whatever-you-want;
pkgFilter = pkg:
pkg.tlType == "run" || pkg.tlType == "bin" || pkg.pname == "cm-super";
# elem tlType [ "run" "bin" "doc" "source" ]
# there are also other attributes: version, name
}
```
- You can list packages e.g. by `nix repl`.
```ShellSession
$ nix repl
nix-repl> :l <nixpkgs>
nix-repl> texlive.collection-[TAB]
```
- Note that the wrapper assumes that the result has a chance to be useful. For example, the core executables should be present, as well as some core data files. The supported way of ensuring this is by including some scheme, for example `scheme-basic`, into the combination.
## Custom packages {#sec-language-texlive-custom-packages}
You may find that you need to use an external TeX package. A derivation for such package has to provide contents of the "texmf" directory in its output and provide the `tlType` attribute. Here is a (very verbose) example:
```nix
with import <nixpkgs> {};
let
foiltex_run = stdenvNoCC.mkDerivation {
pname = "latex-foiltex";
version = "2.1.4b";
passthru.tlType = "run";
srcs = [
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.dtx";
sha256 = "07frz0krpz7kkcwlayrwrj2a2pixmv0icbngyw92srp9fp23cqpz";
})
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.ins";
sha256 = "09wkyidxk3n3zvqxfs61wlypmbhi1pxmjdi1kns9n2ky8ykbff99";
})
];
unpackPhase = ''
runHook preUnpack
for _src in $srcs; do
cp "$_src" $(stripHash "$_src")
done
runHook postUnpack
'';
nativeBuildInputs = [ texlive.combined.scheme-small ];
dontConfigure = true;
buildPhase = ''
runHook preBuild
# Generate the style files
latex foiltex.ins
runHook postBuild
'';
installPhase = ''
runHook preInstall
path="$out/tex/latex/foiltex"
mkdir -p "$path"
cp *.{cls,def,clo} "$path/"
runHook postInstall
'';
meta = with lib; {
description = "A LaTeX2e class for overhead transparencies";
license = licenses.unfreeRedistributable;
maintainers = with maintainers; [ veprbl ];
platforms = platforms.all;
};
};
foiltex = { pkgs = [ foiltex_run ]; };
latex_with_foiltex = texlive.combine {
inherit (texlive) scheme-small;
inherit foiltex;
};
in
runCommand "test.pdf" {
nativeBuildInputs = [ latex_with_foiltex ];
} ''
cat >test.tex <<EOF
\documentclass{foils}
\title{Presentation title}
\date{}
\begin{document}
\maketitle
\end{document}
EOF
pdflatex test.tex
cp test.pdf $out
''
```

View file

@ -1,152 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-language-texlive">
<title>TeX Live</title>
<para>
Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute <varname>texlive</varname>.
</para>
<section xml:id="sec-language-texlive-users-guide">
<title>User's guide</title>
<itemizedlist>
<listitem>
<para>
For basic usage just pull <varname>texlive.combined.scheme-basic</varname> for an environment with basic LaTeX support.
</para>
</listitem>
<listitem>
<para>
It typically won't work to use separately installed packages together. Instead, you can build a custom set of packages like this:
<programlisting>
texlive.combine {
inherit (texlive) scheme-small collection-langkorean algorithms cm-super;
}
</programlisting>
There are all the schemes, collections and a few thousand packages, as defined upstream (perhaps with tiny differences).
</para>
</listitem>
<listitem>
<para>
By default you only get executables and files needed during runtime, and a little documentation for the core packages. To change that, you need to add <varname>pkgFilter</varname> function to <varname>combine</varname>.
<programlisting>
texlive.combine {
# inherit (texlive) whatever-you-want;
pkgFilter = pkg:
pkg.tlType == "run" || pkg.tlType == "bin" || pkg.pname == "cm-super";
# elem tlType [ "run" "bin" "doc" "source" ]
# there are also other attributes: version, name
}
</programlisting>
</para>
</listitem>
<listitem>
<para>
You can list packages e.g. by <command>nix repl</command>.
<programlisting>
<prompt>$ </prompt>nix repl
<prompt>nix-repl> </prompt>:l &lt;nixpkgs>
<prompt>nix-repl> </prompt>texlive.collection-<keycap function="tab" />
</programlisting>
</para>
</listitem>
<listitem>
<para>
Note that the wrapper assumes that the result has a chance to be useful. For example, the core executables should be present, as well as some core data files. The supported way of ensuring this is by including some scheme, for example <varname>scheme-basic</varname>, into the combination.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-language-texlive-custom-packages">
<title>Custom packages</title>
<para>
You may find that you need to use an external TeX package. A derivation for such package has to provide contents of the "texmf" directory in its output and provide the <varname>tlType</varname> attribute. Here is a (very verbose) example:
<programlisting><![CDATA[
with import <nixpkgs> {};
let
foiltex_run = stdenvNoCC.mkDerivation {
pname = "latex-foiltex";
version = "2.1.4b";
passthru.tlType = "run";
srcs = [
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.dtx";
sha256 = "07frz0krpz7kkcwlayrwrj2a2pixmv0icbngyw92srp9fp23cqpz";
})
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.ins";
sha256 = "09wkyidxk3n3zvqxfs61wlypmbhi1pxmjdi1kns9n2ky8ykbff99";
})
];
unpackPhase = ''
runHook preUnpack
for _src in $srcs; do
cp "$_src" $(stripHash "$_src")
done
runHook postUnpack
'';
nativeBuildInputs = [ texlive.combined.scheme-small ];
dontConfigure = true;
buildPhase = ''
runHook preBuild
# Generate the style files
latex foiltex.ins
runHook postBuild
'';
installPhase = ''
runHook preInstall
path="$out/tex/latex/foiltex"
mkdir -p "$path"
cp *.{cls,def,clo} "$path/"
runHook postInstall
'';
meta = with lib; {
description = "A LaTeX2e class for overhead transparencies";
license = licenses.unfreeRedistributable;
maintainers = with maintainers; [ veprbl ];
platforms = platforms.all;
};
};
foiltex = { pkgs = [ foiltex_run ]; };
latex_with_foiltex = texlive.combine {
inherit (texlive) scheme-small;
inherit foiltex;
};
in
runCommand "test.pdf" {
nativeBuildInputs = [ latex_with_foiltex ];
} ''
cat >test.tex <<EOF
\documentclass{foils}
\title{Presentation title}
\date{}
\begin{document}
\maketitle
\end{document}
EOF
pdflatex test.tex
cp test.pdf $out
''
]]></programlisting>
</para>
</section>
</section>

View file

@ -28,6 +28,7 @@
</para>
<para>
NOTE: DO NOT USE THIS in nixpkgs.
Further overlays can be added by calling the <literal>pkgs.extend</literal> or <literal>pkgs.appendOverlays</literal>, although it is often preferable to avoid these functions, because they recompute the Nixpkgs fixpoint, which is somewhat expensive to do.
</para>
</section>

View file

@ -265,7 +265,7 @@ rec {
if badAttrs != {} then
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: ${toString (attrNames badAttrs)}) into the explicit `config' attribute."
else
{ _file = m._file or file;
{ _file = toString m._file or file;
key = toString m.key or key;
disabledModules = m.disabledModules or [];
imports = m.imports or [];
@ -273,7 +273,7 @@ rec {
config = addFreeformType (addMeta (m.config or {}));
}
else
{ _file = m._file or file;
{ _file = toString m._file or file;
key = toString m.key or key;
disabledModules = m.disabledModules or [];
imports = m.require or [] ++ m.imports or [];

View file

@ -25,7 +25,7 @@ rec {
system = parse.doubleFromSystem final.parsed;
config = parse.tripleFromSystem final.parsed;
# Just a guess, based on `system`
platform = platforms.selectBySystem final.system;
platform = platforms.select final;
# Determine whether we are compatible with the provided CPU
isCompatible = platform: parse.isCompatible final.parsed.cpu platform.parsed.cpu;
# Derived meta-data

View file

@ -7,7 +7,7 @@ let
riscv = bits: {
config = "riscv${bits}-unknown-linux-gnu";
platform = platforms.riscv-multiplatform bits;
platform = platforms.riscv-multiplatform;
};
in
@ -39,6 +39,11 @@ rec {
platform = platforms.zero-gravitas;
};
remarkable2 = {
config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.zero-sugar;
};
armv7l-hf-multiplatform = {
config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.armv7l-hf-multiplatform;
@ -105,13 +110,13 @@ rec {
riscv64-embedded = {
config = "riscv64-none-elf";
libc = "newlib";
platform = platforms.riscv-multiplatform "64";
platform = platforms.riscv-multiplatform;
};
riscv32-embedded = {
config = "riscv32-none-elf";
libc = "newlib";
platform = platforms.riscv-multiplatform "32";
platform = platforms.riscv-multiplatform;
};
mmix = {

View file

@ -217,6 +217,21 @@ rec {
};
};
zero-sugar = {
name = "zero-sugar";
kernelBaseConfig = "zero-sugar_defconfig";
kernelArch = "arm";
kernelDTB = true;
kernelAutoModules = false;
kernelPreferBuiltin = true;
kernelTarget = "zImage";
gcc = {
cpu = "cortex-a7";
fpu = "neon-vfpv4";
float-abi = "hard";
};
};
scaleway-c1 = armv7l-hf-multiplatform // {
gcc = {
cpu = "cortex-a9";
@ -456,10 +471,9 @@ rec {
## Other
##
riscv-multiplatform = bits: {
riscv-multiplatform = {
name = "riscv-multiplatform";
kernelArch = "riscv";
bfdEmulation = "elf${bits}lriscv";
kernelTarget = "vmlinux";
kernelAutoModules = true;
kernelBaseConfig = "defconfig";
@ -469,17 +483,22 @@ rec {
'';
};
selectBySystem = system: {
i486-linux = pc32;
i586-linux = pc32;
i686-linux = pc32;
x86_64-linux = pc64;
armv5tel-linux = sheevaplug;
armv6l-linux = raspberrypi;
armv7a-linux = armv7l-hf-multiplatform;
armv7l-linux = armv7l-hf-multiplatform;
aarch64-linux = aarch64-multiplatform;
mipsel-linux = fuloong2f_n32;
powerpc64le-linux = powernv;
}.${system} or pcBase;
select = platform:
# x86
/**/ if platform.isx86_32 then pc32
else if platform.isx86_64 then pc64
# ARM
else if platform.isAarch32 then let
version = platform.parsed.cpu.version or "";
in if lib.versionOlder version "6" then sheevaplug
else if lib.versionOlder version "7" then raspberrypi
else armv7l-hf-multiplatform
else if platform.isAarch64 then aarch64-multiplatform
else if platform.parsed.cpu == lib.systems.parse.cpuTypes.mipsel then fuloong2f_n32
else if platform.parsed.cpu == lib.systems.parse.cpuTypes.powerpc64le then powernv
else pcBase;
}

View file

@ -2755,6 +2755,16 @@
email = "adam.copp@gmail.com";
name = "Adam Copp";
};
ethancedwards8 = {
email = "ethancarteredwards@gmail.com";
github = "ethancedwards8";
githubId = 60861925;
name = "Ethan Carter Edwards";
keys = [{
longkeyid = "rsa4096/0xF93DDAFA26EF2458";
fingerprint = "0E69 0F46 3457 D812 3387 C978 F93D DAFA 26EF 2458";
}];
};
ethercrow = {
email = "ethercrow@gmail.com";
github = "ethercrow";
@ -3437,6 +3447,12 @@
fingerprint = "74B1 F67D 8E43 A94A 7554 0768 9CCC E364 02CB 49A6";
}];
};
happysalada = {
email = "raphael@megzari.com";
github = "happysalada";
githubId = 5317234;
name = "Raphael Megzari";
};
haslersn = {
email = "haslersn@fius.informatik.uni-stuttgart.de";
github = "haslersn";
@ -4807,6 +4823,12 @@
githubId = 2422454;
name = "Kai Wohlfahrt";
};
kyleondy = {
email = "kyle@ondy.org";
github = "kyleondy";
githubId = 1640900;
name = "Kyle Ondy";
};
kylesferrazza = {
name = "Kyle Sferrazza";
email = "kyle.sferrazza@gmail.com";
@ -6213,6 +6235,16 @@
githubId = 1916245;
name = "Fernando Jose Pando";
};
nasirhm = {
email = "nasirhussainm14@gmail.com";
github = "nasirhm";
githubId = 35005234;
name = "Nasir Hussain";
keys = [{
longkeyid = "rsa4096/0xD8126E559CE7C35D";
fingerprint = "7A10 AB8E 0BEC 566B 090C 9BE3 D812 6E55 9CE7 C35D";
}];
};
Nate-Devv = {
email = "natedevv@gmail.com";
name = "Nathan Moore";
@ -6759,6 +6791,12 @@
githubId = 8641;
name = "Pierre Carrier";
};
pengmeiyu = {
email = "pengmyu@gmail.com";
github = "pmeiyu";
githubId = 8529551;
name = "Peng Mei Yu";
};
penguwin = {
email = "penguwin@penguwin.eu";
github = "penguwin";

View file

@ -480,13 +480,8 @@ Retype new UNIX password: ***</screen>
<prompt>$ </prompt>passwd eelco</screen>
</para>
<para>
You may also want to install some software. For instance,
<screen>
<prompt>$ </prompt>nix-env -qaP \*</screen>
shows what packages are available, and
<screen>
<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -iA w3m</screen>
installs the <literal>w3m</literal> browser.
You may also want to install some software. This will be covered
in <xref linkend="sec-package-management" />.
</para>
</listitem>
</orderedlist>

View file

@ -160,6 +160,11 @@
<package>btc1</package> has been abandoned upstream, and removed.
</para>
</listitem>
<listitem>
<para>
<package>cpp_ethereum</package> (aleth) has been abandoned upstream, and removed.
</para>
</listitem>
<listitem>
<para>
<package>riak-cs</package> package removed along with <varname>services.riak-cs</varname> module.
@ -239,6 +244,14 @@
</para>
</warning>
</listitem>
<listitem>
<para>
The <literal>rspamd</literal> services is now sandboxed. It is run as
a dynamic user instead of root, so secrets and other files may have to
be moved or their permissions may have to be fixed. The sockets are now
located in <literal>/run/rspamd</literal> instead of <literal>/run</literal>.
</para>
</listitem>
</itemizedlist>
</section>
@ -331,6 +344,19 @@
<literal>unbound-control</literal> without passing a custom configuration location.
</para>
</listitem>
<listitem>
<para>
NixOS now defaults to the unified cgroup hierarchy (cgroupsv2).
See the <link xlink:href="https://www.redhat.com/sysadmin/fedora-31-control-group-v2">Fedora Article for 31</link>
for details on why this is desirable, and how it impacts containers.
</para>
<para>
If you want to run containers with a runtime that does not yet support cgroupsv2,
you can switch back to the old behaviour by setting
<xref linkend="opt-systemd.enableUnifiedCgroupHierarchy"/> = <literal>false</literal>;
and rebooting.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -223,9 +223,10 @@ in
# Figure out device names for the boot device and root filesystem.
rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /)
bootDevice=$(lsblk -npo PKNAME $rootPart)
partNum=$(lsblk -npo MAJ:MIN $rootPart | awk -F: '{print $2}')
# Resize the root partition and the filesystem to fit the disk
echo ",+," | sfdisk -N2 --no-reread $bootDevice
echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
${pkgs.parted}/bin/partprobe
${pkgs.e2fsprogs}/bin/resize2fs $rootPart

View file

@ -397,6 +397,7 @@
./services/logging/rsyslogd.nix
./services/logging/syslog-ng.nix
./services/logging/syslogd.nix
./services/logging/vector.nix
./services/mail/clamsmtp.nix
./services/mail/davmail.nix
./services/mail/dkimproxy-out.nix

View file

@ -12,6 +12,7 @@ let
mkOpts = rule: concatStringsSep " " [
(optionalString rule.noPass "nopass")
(optionalString rule.noLog "nolog")
(optionalString rule.persist "persist")
(optionalString rule.keepEnv "keepenv")
"setenv { SSH_AUTH_SOCK ${concatStringsSep " " rule.setEnv} }"
@ -118,6 +119,16 @@ in
'';
};
noLog = mkOption {
type = with types; bool;
default = false;
description = ''
If <code>true</code>, successful executions will not be logged
to
<citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
'';
};
persist = mkOption {
type = with types; bool;
default = false;

View file

@ -23,5 +23,9 @@ with lib;
boot.specialFileSystems."/proc".options = [ "hidepid=2" "gid=${toString config.ids.gids.proc}" ];
systemd.services.systemd-logind.serviceConfig.SupplementaryGroups = [ "proc" ];
# Disable cgroupsv2, which doesn't work with hidepid.
# https://github.com/NixOS/nixpkgs/pull/104094#issuecomment-729996203
systemd.enableUnifiedCgroupHierarchy = false;
};
}

View file

@ -76,6 +76,10 @@ in
enable = mkDefault true;
};
# TODO: disable this once k3s supports cgroupsv2, either by docker
# supporting it, or their bundled containerd
systemd.enableUnifiedCgroupHierarchy = false;
systemd.services.k3s = {
description = "k3s service";
after = mkIf cfg.docker [ "docker.service" ];

View file

@ -61,10 +61,8 @@ in {
Restart = "always";
ExecStart = ''${hoogleEnv}/bin/hoogle server --local --port ${toString cfg.port} --home ${cfg.home}'';
User = "nobody";
Group = "nogroup";
DynamicUser = true;
PrivateTmp = true;
ProtectHome = true;
RuntimeDirectory = "hoogle";

View file

@ -148,7 +148,7 @@ in
# saned needs to distinguish between IPv4 and IPv6 to open matching data sockets.
BindIPv6Only = "ipv6-only";
Accept = true;
MaxConnections = 1;
MaxConnections = 64;
};
};

View file

@ -0,0 +1,61 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.services.vector;
in {
options.services.vector = {
enable = mkEnableOption "Vector";
journaldAccess = mkOption {
type = types.bool;
default = false;
description = ''
Enable Vector to access journald.
'';
};
settings = mkOption {
type = (pkgs.formats.json { }).type;
default = { };
description = ''
Specify the configuration for Vector in Nix.
'';
};
};
config = mkIf cfg.enable {
users.groups.vector = { };
users.users.vector = {
description = "Vector service user";
group = "vector";
isSystemUser = true;
};
systemd.services.vector = {
description = "Vector event and log aggregator";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
serviceConfig = let
format = pkgs.formats.toml { };
conf = format.generate "vector.toml" cfg.settings;
validateConfig = file:
pkgs.runCommand "validate-vector-conf" { } ''
${pkgs.vector}/bin/vector validate --no-topology --no-environment "${file}"
ln -s "${file}" "$out"
'';
in {
ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}";
User = "vector";
Group = "vector";
Restart = "no";
StateDirectory = "vector";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
# This group is required for accessing journald.
SupplementaryGroups = mkIf cfg.journaldAccess "systemd-journal";
};
};
};
}

View file

@ -371,6 +371,9 @@ in
};
services.postfix.config = mkIf cfg.postfix.enable cfg.postfix.config;
systemd.services.postfix.serviceConfig.SupplementaryGroups =
mkIf cfg.postfix.enable [ postfixCfg.group ];
# Allow users to run 'rspamc' and 'rspamadm'.
environment.systemPackages = [ pkgs.rspamd ];
@ -394,16 +397,45 @@ in
restartTriggers = [ rspamdDir ];
serviceConfig = {
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c /etc/rspamd/rspamd.conf -f";
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} -c /etc/rspamd/rspamd.conf -f";
Restart = "always";
RuntimeDirectory = "rspamd";
PrivateTmp = true;
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -p /var/lib/rspamd
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
'';
User = "${cfg.user}";
Group = "${cfg.group}";
SupplementaryGroups = mkIf cfg.postfix.enable [ postfixCfg.group ];
RuntimeDirectory = "rspamd";
RuntimeDirectoryMode = "0755";
StateDirectory = "rspamd";
StateDirectoryMode = "0700";
AmbientCapabilities = [];
CapabilityBoundingSet = [];
DevicePolicy = "closed";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
# we need to chown socket to rspamd-milter
PrivateUsers = !cfg.postfix.enable;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
UMask = "0077";
};
};
};
imports = [

View file

@ -9,7 +9,14 @@ with lib;
let
cfg = config.networking.nat;
dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}";
mkDest = externalIP: if externalIP == null
then "-j MASQUERADE"
else "-j SNAT --to-source ${externalIP}";
dest = mkDest cfg.externalIP;
destIPv6 = mkDest cfg.externalIPv6;
# Whether given IP (plus optional port) is an IPv6.
isIPv6 = ip: builtins.length (lib.splitString ":" ip) > 2;
helpers = import ./helpers.nix { inherit config lib; };
@ -28,63 +35,80 @@ let
${cfg.extraStopCommands}
'';
setupNat = ''
${helpers}
# Create subchain where we store rules
ip46tables -w -t nat -N nixos-nat-pre
ip46tables -w -t nat -N nixos-nat-post
ip46tables -w -t nat -N nixos-nat-out
mkSetupNat = { iptables, dest, internalIPs, forwardPorts }: ''
# We can't match on incoming interface in POSTROUTING, so
# mark packets coming from the internal interfaces.
${concatMapStrings (iface: ''
iptables -w -t nat -A nixos-nat-pre \
${iptables} -w -t nat -A nixos-nat-pre \
-i '${iface}' -j MARK --set-mark 1
'') cfg.internalInterfaces}
# NAT the marked packets.
${optionalString (cfg.internalInterfaces != []) ''
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 \
${iptables} -w -t nat -A nixos-nat-post -m mark --mark 1 \
${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest}
''}
# NAT packets coming from the internal IPs.
${concatMapStrings (range: ''
iptables -w -t nat -A nixos-nat-post \
${iptables} -w -t nat -A nixos-nat-post \
-s '${range}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest}
'') cfg.internalIPs}
'') internalIPs}
# NAT from external ports to internal ports.
${concatMapStrings (fwd: ''
iptables -w -t nat -A nixos-nat-pre \
${iptables} -w -t nat -A nixos-nat-pre \
-i ${toString cfg.externalInterface} -p ${fwd.proto} \
--dport ${builtins.toString fwd.sourcePort} \
-j DNAT --to-destination ${fwd.destination}
${concatMapStrings (loopbackip:
let
m = builtins.match "([0-9.]+):([0-9-]+)" fwd.destination;
destinationIP = if (m == null) then throw "bad ip:ports `${fwd.destination}'" else elemAt m 0;
destinationPorts = if (m == null) then throw "bad ip:ports `${fwd.destination}'" else builtins.replaceStrings ["-"] [":"] (elemAt m 1);
matchIP = if isIPv6 fwd.destination then "[[]([0-9a-fA-F:]+)[]]" else "([0-9.]+)";
m = builtins.match "${matchIP}:([0-9-]+)" fwd.destination;
destinationIP = if m == null then throw "bad ip:ports `${fwd.destination}'" else elemAt m 0;
destinationPorts = if m == null then throw "bad ip:ports `${fwd.destination}'" else builtins.replaceStrings ["-"] [":"] (elemAt m 1);
in ''
# Allow connections to ${loopbackip}:${toString fwd.sourcePort} from the host itself
iptables -w -t nat -A nixos-nat-out \
${iptables} -w -t nat -A nixos-nat-out \
-d ${loopbackip} -p ${fwd.proto} \
--dport ${builtins.toString fwd.sourcePort} \
-j DNAT --to-destination ${fwd.destination}
# Allow connections to ${loopbackip}:${toString fwd.sourcePort} from other hosts behind NAT
iptables -w -t nat -A nixos-nat-pre \
${iptables} -w -t nat -A nixos-nat-pre \
-d ${loopbackip} -p ${fwd.proto} \
--dport ${builtins.toString fwd.sourcePort} \
-j DNAT --to-destination ${fwd.destination}
iptables -w -t nat -A nixos-nat-post \
${iptables} -w -t nat -A nixos-nat-post \
-d ${destinationIP} -p ${fwd.proto} \
--dport ${destinationPorts} \
-j SNAT --to-source ${loopbackip}
'') fwd.loopbackIPs}
'') cfg.forwardPorts}
'') forwardPorts}
'';
setupNat = ''
${helpers}
# Create subchains where we store rules
ip46tables -w -t nat -N nixos-nat-pre
ip46tables -w -t nat -N nixos-nat-post
ip46tables -w -t nat -N nixos-nat-out
${mkSetupNat {
iptables = "iptables";
inherit dest;
inherit (cfg) internalIPs;
forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts;
}}
${optionalString cfg.enableIPv6 (mkSetupNat {
iptables = "ip6tables";
dest = destIPv6;
internalIPs = cfg.internalIPv6s;
forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts;
})}
${optionalString (cfg.dmzHost != null) ''
iptables -w -t nat -A nixos-nat-pre \
@ -117,6 +141,15 @@ in
'';
};
networking.nat.enableIPv6 = mkOption {
type = types.bool;
default = false;
description =
''
Whether to enable IPv6 NAT.
'';
};
networking.nat.internalInterfaces = mkOption {
type = types.listOf types.str;
default = [];
@ -141,6 +174,18 @@ in
'';
};
networking.nat.internalIPv6s = mkOption {
type = types.listOf types.str;
default = [];
example = [ "fc00::/64" ];
description =
''
The IPv6 address ranges for which to perform NAT. Packets
coming from these addresses (on any interface) and destined
for the external interface will be rewritten.
'';
};
networking.nat.externalInterface = mkOption {
type = types.nullOr types.str;
default = null;
@ -164,6 +209,19 @@ in
'';
};
networking.nat.externalIPv6 = mkOption {
type = types.nullOr types.str;
default = null;
example = "2001:dc0:2001:11::175";
description =
''
The public IPv6 address to which packets from the local
network are to be rewritten. If this is left empty, the
IP address associated with the external interface will be
used.
'';
};
networking.nat.forwardPorts = mkOption {
type = with types; listOf (submodule {
options = {
@ -176,7 +234,7 @@ in
destination = mkOption {
type = types.str;
example = "10.0.0.1:80";
description = "Forward connection to destination ip:port; to specify a port range, use ip:start-end";
description = "Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end";
};
proto = mkOption {
@ -195,11 +253,15 @@ in
};
});
default = [];
example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; proto = "tcp"; } ];
example = [
{ sourcePort = 8080; destination = "10.0.0.1:80"; proto = "tcp"; }
{ sourcePort = 8080; destination = "[fc00::2]:80"; proto = "tcp"; }
];
description =
''
List of forwarded ports from the external interface to
internal destinations by using DNAT.
internal destinations by using DNAT. Destination can be
IPv6 if IPv6 NAT is enabled.
'';
};
@ -246,6 +308,9 @@ in
(mkIf config.networking.nat.enable {
assertions = [
{ assertion = cfg.enableIPv6 -> config.networking.enableIPv6;
message = "networking.nat.enableIPv6 requires networking.enableIPv6";
}
{ assertion = (cfg.dmzHost != null) -> (cfg.externalInterface != null);
message = "networking.nat.dmzHost requires networking.nat.externalInterface";
}
@ -261,6 +326,15 @@ in
kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = mkOverride 99 true;
"net.ipv4.conf.default.forwarding" = mkOverride 99 true;
} // optionalAttrs cfg.enableIPv6 {
# Do not prevent IPv6 autoconfiguration.
# See <http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/>.
"net.ipv6.conf.all.accept_ra" = mkOverride 99 2;
"net.ipv6.conf.default.accept_ra" = mkOverride 99 2;
# Forward IPv6 packets.
"net.ipv6.conf.all.forwarding" = mkOverride 99 true;
"net.ipv6.conf.default.forwarding" = mkOverride 99 true;
};
};

View file

@ -14,11 +14,18 @@ in {
default = 41641;
description = "The port to listen on for tunnel traffic (0=autoselect).";
};
package = mkOption {
type = types.package;
default = pkgs.tailscale;
defaultText = "pkgs.tailscale";
description = "The package to use for tailscale";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.tailscale ]; # for the CLI
systemd.packages = [ pkgs.tailscale ];
environment.systemPackages = [ cfg.package ]; # for the CLI
systemd.packages = [ cfg.package ];
systemd.services.tailscaled = {
wantedBy = [ "multi-user.target" ];
serviceConfig.Environment = "PORT=${toString cfg.port}";

View file

@ -550,6 +550,14 @@ in
'';
};
systemd.enableUnifiedCgroupHierarchy = mkOption {
default = true;
type = types.bool;
description = ''
Whether to enable the unified cgroup hierarchy (cgroupsv2).
'';
};
systemd.coredump.enable = mkOption {
default = true;
type = types.bool;
@ -1178,6 +1186,7 @@ in
boot.kernel.sysctl = mkIf (!cfg.coredump.enable) {
"kernel.core_pattern" = "core";
};
boot.kernelParams = optional (!cfg.enableUnifiedCgroupHierarchy) "systemd.unified_cgroup_hierarchy=0";
};
# FIXME: Remove these eventually.

View file

@ -155,6 +155,9 @@ in
users.groups.docker.gid = config.ids.gids.docker;
systemd.packages = [ cfg.package ];
# TODO: remove once docker 20.10 is released
systemd.enableUnifiedCgroupHierarchy = false;
systemd.services.docker = {
wantedBy = optional cfg.enableOnBoot "multi-user.target";
environment = proxy_env;

View file

@ -40,18 +40,18 @@ in
bittorrent = handleTest ./bittorrent.nix {};
bitwarden = handleTest ./bitwarden.nix {};
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
buildkite-agents = handleTest ./buildkite-agents.nix {};
boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
boot-stage1 = handleTest ./boot-stage1.nix {};
borgbackup = handleTest ./borgbackup.nix {};
buildbot = handleTest ./buildbot.nix {};
buildkite-agents = handleTest ./buildkite-agents.nix {};
caddy = handleTest ./caddy.nix {};
cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {};
cage = handleTest ./cage.nix {};
cagebreak = handleTest ./cagebreak.nix {};
cassandra = handleTest ./cassandra.nix {};
ceph-single-node = handleTestOn ["x86_64-linux"] ./ceph-single-node.nix {};
ceph-multi-node = handleTestOn ["x86_64-linux"] ./ceph-multi-node.nix {};
ceph-single-node = handleTestOn ["x86_64-linux"] ./ceph-single-node.nix {};
certmgr = handleTest ./certmgr.nix {};
cfssl = handleTestOn ["x86_64-linux"] ./cfssl.nix {};
charliecloud = handleTest ./charliecloud.nix {};
@ -59,9 +59,9 @@ in
cjdns = handleTest ./cjdns.nix {};
clickhouse = handleTest ./clickhouse.nix {};
cloud-init = handleTest ./cloud-init.nix {};
cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {};
codimd = handleTest ./codimd.nix {};
consul = handleTest ./consul.nix {};
cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {};
containers-bridge = handleTest ./containers-bridge.nix {};
containers-custom-pkgs.nix = handleTest ./containers-custom-pkgs.nix {};
containers-ephemeral = handleTest ./containers-ephemeral.nix {};
@ -85,7 +85,6 @@ in
dnscrypt-wrapper = handleTestOn ["x86_64-linux"] ./dnscrypt-wrapper {};
doas = handleTest ./doas.nix {};
docker = handleTestOn ["x86_64-linux"] ./docker.nix {};
oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {};
docker-edge = handleTestOn ["x86_64-linux"] ./docker-edge.nix {};
docker-registry = handleTest ./docker-registry.nix {};
docker-tools = handleTestOn ["x86_64-linux"] ./docker-tools.nix {};
@ -119,24 +118,23 @@ in
fsck = handleTest ./fsck.nix {};
ft2-clone = handleTest ./ft2-clone.nix {};
gerrit = handleTest ./gerrit.nix {};
gotify-server = handleTest ./gotify-server.nix {};
grocy = handleTest ./grocy.nix {};
gitdaemon = handleTest ./gitdaemon.nix {};
gitea = handleTest ./gitea.nix {};
gitlab = handleTest ./gitlab.nix {};
gitolite = handleTest ./gitolite.nix {};
gitolite-fcgiwrap = handleTest ./gitolite-fcgiwrap.nix {};
glusterfs = handleTest ./glusterfs.nix {};
gnome3-xorg = handleTest ./gnome3-xorg.nix {};
gnome3 = handleTest ./gnome3.nix {};
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
gnome3-xorg = handleTest ./gnome3-xorg.nix {};
go-neb = handleTest ./go-neb.nix {};
gocd-agent = handleTest ./gocd-agent.nix {};
gocd-server = handleTest ./gocd-server.nix {};
go-neb = handleTest ./go-neb.nix {};
google-oslogin = handleTest ./google-oslogin {};
gotify-server = handleTest ./gotify-server.nix {};
grafana = handleTest ./grafana.nix {};
graphite = handleTest ./graphite.nix {};
graylog = handleTest ./graylog.nix {};
grocy = handleTest ./grocy.nix {};
grub = handleTest ./grub.nix {};
gvisor = handleTest ./gvisor.nix {};
hadoop.hdfs = handleTestOn [ "x86_64-linux" ] ./hadoop/hdfs.nix {};
@ -144,6 +142,8 @@ in
handbrake = handleTestOn ["x86_64-linux"] ./handbrake.nix {};
haproxy = handleTest ./haproxy.nix {};
hardened = handleTest ./hardened.nix {};
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {};
# 9pnet_virtio used to mount /nix partition doesn't support
# hibernation. This test happens to work on x86_64-linux but
# not on other platforms.
@ -160,8 +160,8 @@ in
ihatemoney = handleTest ./ihatemoney.nix {};
incron = handleTest ./incron.nix {};
influxdb = handleTest ./influxdb.nix {};
initrd-network-ssh = handleTest ./initrd-network-ssh {};
initrd-network-openvpn = handleTest ./initrd-network-openvpn {};
initrd-network-ssh = handleTest ./initrd-network-ssh {};
initrdNetwork = handleTest ./initrd-network.nix {};
installer = handleTest ./installer.nix {};
iodine = handleTest ./iodine.nix {};
@ -201,8 +201,8 @@ in
lxd-nftables = handleTest ./lxd-nftables.nix {};
#logstash = handleTest ./logstash.nix {};
lorri = handleTest ./lorri/default.nix {};
magnetico = handleTest ./magnetico.nix {};
magic-wormhole-mailbox-server = handleTest ./magic-wormhole-mailbox-server.nix {};
magnetico = handleTest ./magnetico.nix {};
mailcatcher = handleTest ./mailcatcher.nix {};
mariadb-galera-mariabackup = handleTest ./mysql/mariadb-galera-mariabackup.nix {};
mariadb-galera-rsync = handleTest ./mysql/mariadb-galera-rsync.nix {};
@ -213,9 +213,9 @@ in
metabase = handleTest ./metabase.nix {};
minecraft = handleTest ./minecraft.nix {};
minecraft-server = handleTest ./minecraft-server.nix {};
minidlna = handleTest ./minidlna.nix {};
miniflux = handleTest ./miniflux.nix {};
minio = handleTest ./minio.nix {};
minidlna = handleTest ./minidlna.nix {};
misc = handleTest ./misc.nix {};
moinmoin = handleTest ./moinmoin.nix {};
mongodb = handleTest ./mongodb.nix {};
@ -240,10 +240,10 @@ in
ncdns = handleTest ./ncdns.nix {};
ndppd = handleTest ./ndppd.nix {};
neo4j = handleTest ./neo4j.nix {};
specialisation = handleTest ./specialisation.nix {};
netdata = handleTest ./netdata.nix {};
networking.networkd = handleTest ./networking.nix { networkd = true; };
networking.scripted = handleTest ./networking.nix { networkd = false; };
specialisation = handleTest ./specialisation.nix {};
# TODO: put in networking.nix after the test becomes more complete
networkingProxy = handleTest ./networking-proxy.nix {};
nextcloud = handleTest ./nextcloud {};
@ -269,8 +269,8 @@ in
openldap = handleTest ./openldap.nix {};
opensmtpd = handleTest ./opensmtpd.nix {};
openssh = handleTest ./openssh.nix {};
openstack-image-userdata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).userdata or {};
openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {};
openstack-image-userdata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).userdata or {};
orangefs = handleTest ./orangefs.nix {};
os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {};
osrm-backend = handleTest ./osrm-backend.nix {};
@ -280,6 +280,7 @@ in
pam-u2f = handleTest ./pam-u2f.nix {};
pantheon = handleTest ./pantheon.nix {};
paperless = handleTest ./paperless.nix {};
pdns-recursor = handleTest ./pdns-recursor.nix {};
peerflix = handleTest ./peerflix.nix {};
pgjwt = handleTest ./pgjwt.nix {};
pgmanage = handleTest ./pgmanage.nix {};
@ -339,9 +340,9 @@ in
snapper = handleTest ./snapper.nix {};
sogo = handleTest ./sogo.nix {};
solr = handleTest ./solr.nix {};
sonarr = handleTest ./sonarr.nix {};
spacecookie = handleTest ./spacecookie.nix {};
spike = handleTest ./spike.nix {};
sonarr = handleTest ./sonarr.nix {};
sslh = handleTest ./sslh.nix {};
sssd = handleTestOn ["x86_64-linux"] ./sssd.nix {};
sssd-ldap = handleTestOn ["x86_64-linux"] ./sssd-ldap.nix {};
@ -358,13 +359,12 @@ in
systemd-boot = handleTest ./systemd-boot.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
systemd-journal = handleTest ./systemd-journal.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
systemd-networkd = handleTest ./systemd-networkd.nix {};
systemd-networkd-dhcpserver = handleTest ./systemd-networkd-dhcpserver.nix {};
systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {};
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
systemd-nspawn = handleTest ./systemd-nspawn.nix {};
pdns-recursor = handleTest ./pdns-recursor.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
taskserver = handleTest ./taskserver.nix {};
telegraf = handleTest ./telegraf.nix {};
tiddlywiki = handleTest ./tiddlywiki.nix {};
@ -372,20 +372,22 @@ in
tinydns = handleTest ./tinydns.nix {};
tor = handleTest ./tor.nix {};
# traefik test relies on docker-containers
trac = handleTest ./trac.nix {};
traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {};
transmission = handleTest ./transmission.nix {};
trac = handleTest ./trac.nix {};
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
tuptime = handleTest ./tuptime.nix {};
unbound = handleTest ./unbound.nix {};
ucg = handleTest ./ucg.nix {};
udisks2 = handleTest ./udisks2.nix {};
unbound = handleTest ./unbound.nix {};
unit-php = handleTest ./web-servers/unit-php.nix {};
upnp = handleTest ./upnp.nix {};
uwsgi = handleTest ./uwsgi.nix {};
v2ray = handleTest ./v2ray.nix {};
vault = handleTest ./vault.nix {};
vector = handleTest ./vector.nix {};
victoriametrics = handleTest ./victoriametrics.nix {};
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
wasabibackend = handleTest ./wasabibackend.nix {};

View file

@ -117,7 +117,8 @@ import ./make-test-python.nix ({ pkgs, ... }: {
)
docker.wait_until_succeeds("curl -f http://localhost:8000/")
docker.succeed(
"docker rm --force nginx", "docker rmi '${examples.nginx.imageName}'",
"docker rm --force nginx",
"docker rmi '${examples.nginx.imageName}'",
)
with subtest("A pulled image can be used as base image"):

View file

@ -14,6 +14,7 @@ let
nodes = {
server = { config, pkgs, ... }: {
virtualisation.memorySize = 2048;
services.gitea = {
enable = true;
database = { inherit type; };

View file

@ -88,8 +88,8 @@ import ./make-test-python.nix ({ pkgs, ...} : rec {
with subtest("whether kernel.poweroff_cmd is set"):
machine.succeed('[ -x "$(cat /proc/sys/kernel/poweroff_cmd)" ]')
with subtest("whether the blkio controller is properly enabled"):
machine.succeed("[ -e /sys/fs/cgroup/blkio/blkio.reset_stats ]")
with subtest("whether the io cgroupv2 controller is properly enabled"):
machine.succeed("grep -q '\\bio\\b' /sys/fs/cgroup/cgroup.controllers")
with subtest("whether we have a reboot record in wtmp"):
machine.shutdown

View file

@ -34,7 +34,6 @@ import ./make-test-python.nix (
podman.wait_for_unit("sockets.target")
start_all()
with subtest("Run container as root with runc"):
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
@ -53,16 +52,20 @@ import ./make-test-python.nix (
podman.succeed("podman stop sleeping")
podman.succeed("podman rm sleeping")
with subtest("Run container rootless with runc"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
with subtest("Run container as root with the default backend"):
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
su_cmd(
"podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
"podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
podman.succeed(su_cmd("podman ps | grep sleeping"))
podman.succeed(su_cmd("podman stop sleeping"))
podman.succeed(su_cmd("podman rm sleeping"))
podman.succeed("podman ps | grep sleeping")
podman.succeed("podman stop sleeping")
podman.succeed("podman rm sleeping")
podman.succeed(
"mkdir -p /tmp/podman-run-1000/libpod && chown alice -R /tmp/podman-run-1000"
)
with subtest("Run container rootless with crun"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
@ -74,6 +77,18 @@ import ./make-test-python.nix (
podman.succeed(su_cmd("podman ps | grep sleeping"))
podman.succeed(su_cmd("podman stop sleeping"))
podman.succeed(su_cmd("podman rm sleeping"))
# As of 2020-11-20, the runc backend doesn't work with cgroupsv2 yet, so we don't run that test.
with subtest("Run container rootless with the default backend"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
podman.succeed(
su_cmd(
"podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
)
podman.succeed(su_cmd("podman ps | grep sleeping"))
podman.succeed(su_cmd("podman stop sleeping"))
podman.succeed(su_cmd("podman rm sleeping"))
'';
}
)

View file

@ -13,10 +13,12 @@ let
machine.succeed("id rspamd >/dev/null")
'';
checkSocket = socket: user: group: mode: ''
machine.succeed("ls ${socket} >/dev/null")
machine.succeed('[[ "$(stat -c %U ${socket})" == "${user}" ]]')
machine.succeed('[[ "$(stat -c %G ${socket})" == "${group}" ]]')
machine.succeed('[[ "$(stat -c %a ${socket})" == "${mode}" ]]')
machine.succeed(
"ls ${socket} >/dev/null",
'[[ "$(stat -c %U ${socket})" == "${user}" ]]',
'[[ "$(stat -c %G ${socket})" == "${group}" ]]',
'[[ "$(stat -c %a ${socket})" == "${mode}" ]]',
)
'';
simple = name: enableIPv6: makeTest {
name = "rspamd-${name}";
@ -54,33 +56,35 @@ in
services.rspamd = {
enable = true;
workers.normal.bindSockets = [{
socket = "/run/rspamd.sock";
socket = "/run/rspamd/rspamd.sock";
mode = "0600";
owner = "root";
group = "root";
owner = "rspamd";
group = "rspamd";
}];
workers.controller.bindSockets = [{
socket = "/run/rspamd-worker.sock";
socket = "/run/rspamd/rspamd-worker.sock";
mode = "0666";
owner = "root";
group = "root";
owner = "rspamd";
group = "rspamd";
}];
};
};
testScript = ''
${initMachine}
machine.wait_for_file("/run/rspamd.sock")
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
machine.wait_for_file("/run/rspamd/rspamd.sock")
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" }
${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" }
machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf"))
machine.log(
machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")
)
machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"))
machine.log(machine.succeed("rspamc -h /run/rspamd-worker.sock stat"))
machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat"))
machine.log(
machine.succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")
machine.succeed(
"curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping"
)
)
'';
};
@ -91,16 +95,16 @@ in
services.rspamd = {
enable = true;
workers.normal.bindSockets = [{
socket = "/run/rspamd.sock";
socket = "/run/rspamd/rspamd.sock";
mode = "0600";
owner = "root";
group = "root";
owner = "rspamd";
group = "rspamd";
}];
workers.controller.bindSockets = [{
socket = "/run/rspamd-worker.sock";
socket = "/run/rspamd/rspamd-worker.sock";
mode = "0666";
owner = "root";
group = "root";
owner = "rspamd";
group = "rspamd";
}];
workers.controller2 = {
type = "controller";
@ -116,9 +120,9 @@ in
testScript = ''
${initMachine}
machine.wait_for_file("/run/rspamd.sock")
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
machine.wait_for_file("/run/rspamd/rspamd.sock")
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" }
${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" }
machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf"))
machine.log(
machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")
@ -137,9 +141,11 @@ in
machine.wait_until_succeeds(
"journalctl -u rspamd | grep -i 'starting controller process' >&2"
)
machine.log(machine.succeed("rspamc -h /run/rspamd-worker.sock stat"))
machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat"))
machine.log(
machine.succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")
machine.succeed(
"curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping"
)
)
machine.log(machine.succeed("curl http://localhost:11335/ping"))
'';

View file

@ -82,6 +82,10 @@ import ./make-test-python.nix ({ pkgs, ... }: {
"systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
)
with subtest("regression test for https://bugs.freedesktop.org/show_bug.cgi?id=77507"):
retcode, output = machine.execute("systemctl status testservice1.service")
assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507
# Regression test for https://github.com/NixOS/nixpkgs/issues/35268
with subtest("file system with x-initrd.mount is not unmounted"):
machine.succeed("mountpoint -q /test-x-initrd-mount")
@ -122,17 +126,6 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.wait_for_unit("multi-user.target")
assert "fq_codel" in machine.succeed("sysctl net.core.default_qdisc")
# Test cgroup accounting is enabled
with subtest("systemd cgroup accounting is enabled"):
machine.wait_for_unit("multi-user.target")
assert "yes" in machine.succeed(
"systemctl show testservice1.service -p IOAccounting"
)
retcode, output = machine.execute("systemctl status testservice1.service")
assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507
assert "CPU:" in output
# Test systemd is configured to manage a watchdog
with subtest("systemd manages hardware watchdog"):
machine.wait_for_unit("multi-user.target")
@ -168,5 +161,25 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.succeed("systemctl status systemd-cryptsetup@luks1.service")
machine.succeed("mkdir -p /tmp/luks1")
machine.succeed("mount /dev/mapper/luks1 /tmp/luks1")
# Do some IP traffic
output_ping = machine.succeed(
"systemd-run --wait -- /run/wrappers/bin/ping -c 1 127.0.0.1 2>&1"
)
with subtest("systemd reports accounting data on system.slice"):
output = machine.succeed("systemctl status system.slice")
assert "CPU:" in output
assert "Memory:" in output
assert "IP:" in output
assert "0B in, 0B out" not in output
assert "IO:" in output
assert "0B read, 0B written" not in output
with subtest("systemd per-unit accounting works"):
assert "IP traffic received: 84B" in output_ping
assert "IP traffic sent: 84B" in output_ping
'';
})

18
third_party/nixpkgs/nixos/tests/ucg.nix vendored Normal file
View file

@ -0,0 +1,18 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "ucg";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ AndersonTorres ];
};
machine = { pkgs, ... }: {
environment.systemPackages = [ pkgs.ucg ];
};
testScript = ''
machine.succeed("echo 'Lorem ipsum dolor sit amet\n2.7182818284590' > /tmp/foo")
assert "dolor" in machine.succeed("ucg 'dolor' /tmp/foo")
assert "Lorem" in machine.succeed("ucg --ignore-case 'lorem' /tmp/foo")
machine.fail("ucg --word-regexp '2718' /tmp/foo")
machine.fail("ucg 'pisum' /tmp/foo")
'';
})

View file

@ -0,0 +1,37 @@
{ system ? builtins.currentSystem, config ? { }
, pkgs ? import ../.. { inherit system config; } }:
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
{
test1 = makeTest {
name = "vector-test1";
meta.maintainers = [ pkgs.stdenv.lib.maintainers.happysalada ];
machine = { config, pkgs, ... }: {
services.vector = {
enable = true;
journaldAccess = true;
settings = {
sources.journald.type = "journald";
sinks = {
file = {
type = "file";
inputs = [ "journald" ];
path = "/var/lib/vector/logs.log";
encoding = { codec = "ndjson"; };
};
};
};
};
};
# ensure vector is forwarding the messages appropriately
testScript = ''
machine.wait_for_unit("vector.service")
machine.succeed("test -f /var/lib/vector/logs.log")
'';
};
}

View file

@ -96,5 +96,7 @@ mkDerivation rec {
license = stdenv.lib.licenses.gpl2Plus;
maintainers = with stdenv.lib.maintainers; [ worldofpeace ];
platforms = [ "x86_64-linux" ];
# Needs QT 5.14
broken = true;
};
}

View file

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, unstableGitUpdater
, SDL
, jack2
, Foundation
@ -42,6 +43,8 @@ stdenv.mkDerivation rec {
installPhase = let extension = if stdenv.isDarwin then "app" else "deb-exe";
in "install -Dm555 lgpt.${extension} $out/bin/lgpt";
passthru.updateScript = unstableGitUpdater { };
meta = with stdenv.lib; {
description = "A music tracker similar to lsdj optimised to run on portable game consoles";
longDescription = ''

View file

@ -2,14 +2,14 @@
, usePulseAudio ? config.pulseaudio or false, libpulseaudio }:
let
version = "0.5.3";
version = "0.5.4";
in stdenv.mkDerivation {
pname = "openmpt123";
inherit version;
src = fetchurl {
url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz";
sha256 = "1f155yf5v57dwhzb7z0kh67lckr3yq4x8040dm54qgbxw582la77";
sha256 = "0h7gpjx1221jwsq3k91p8zhf1h77qaxyasakc88s3g57vawhckgk";
};
enableParallelBuilding = true;

View file

@ -21,14 +21,14 @@
stdenv.mkDerivation rec {
pname = "deja-dup";
version = "42.5";
version = "42.6";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = pname;
rev = version;
sha256 = "1xgsd9a9y36lv6f2vjw2nxi9zj2zl1gv6rcyzkqajf91vgmxwf8k";
sha256 = "0grwlfakrnr9ij7h8lsfazlws6qix8pl50dr94cpxnnbjga9xn9z";
};
patches = [

View file

@ -15,19 +15,17 @@ in
stdenv.mkDerivation rec {
pname = "btcpayserver";
version = "1.0.5.5";
version = "1.0.5.9";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "11h1nrmb7f44msbhhiz9ddqh5ss2kz6d8ysnvd070x3xj5krgnxz";
sha256 = "011pp94i49fx587ng16m6ml63vwiysjvpkijihrk6xamz78zddgx";
};
nativeBuildInputs = [ dotnetSdk dotnetPackages.Nuget ];
nativeBuildInputs = [ dotnetSdk dotnetPackages.Nuget makeWrapper ];
# Due to a bug in btcpayserver, we can't just `dotnet publish` to create a binary.
# Build with `dotnet build` instead and add a custom `dotnet run` script.
buildPhase = ''
export HOME=$TMP/home
export DOTNET_CLI_TELEMETRY_OPTOUT=1
@ -37,21 +35,15 @@ stdenv.mkDerivation rec {
nuget init ${linkFarmFromDrvs "deps" deps} $TMP/nuget
dotnet restore --source $TMP/nuget BTCPayServer/BTCPayServer.csproj
dotnet build -c Release BTCPayServer/BTCPayServer.csproj
'';
runScript = ''
#!${bash}/bin/bash
DOTNET_CLI_TELEMETRY_OPTOUT=1 exec ${dotnetSdk}/bin/dotnet run --no-launch-profile --no-build \
-c Release -p @@SHARE@@/BTCPayServer/BTCPayServer.csproj -- "$@"
dotnet publish --no-restore --output $out/share/$pname -c Release BTCPayServer/BTCPayServer.csproj
'';
# btcpayserver requires the publish directory as its working dir
# https://github.com/btcpayserver/btcpayserver/issues/1894
installPhase = ''
cd ..
share=$out/share/$pname
mkdir -p $share
mv -T source $share
install -D -m500 <(echo "$runScript" | sed "s|@@SHARE@@|$share|") $out/bin/$pname
makeWrapper $out/share/$pname/BTCPayServer $out/bin/$pname \
--set DOTNET_ROOT "${dotnetSdk}" \
--run "cd $out/share/$pname"
'';
dontStrip = true;

View file

@ -21,8 +21,8 @@
})
(fetchNuGet {
name = "BTCPayServer.Lightning.All";
version = "1.2.3";
sha256 = "1vx47rb505904pz30n5jzc9x42pcfln695l31q4dv5p4fbf10g4q";
version = "1.2.4";
sha256 = "1f4wgs8ijk1wmppz5lmas7l6m83szz57jyk6ak0dxhccdld9rdaj";
})
(fetchNuGet {
name = "BTCPayServer.Lightning.Charge";
@ -31,8 +31,8 @@
})
(fetchNuGet {
name = "BTCPayServer.Lightning.CLightning";
version = "1.2.0";
sha256 = "0a47fz20ngcz90h2y01isi2h940jljcmnfy6wyknj029sii7i1zs";
version = "1.2.1";
sha256 = "14km69jzmnyqg19w27g6znml4z0xkm8l4j7rj0x36bw67cjmgahv";
})
(fetchNuGet {
name = "BTCPayServer.Lightning.Common";
@ -706,8 +706,8 @@
})
(fetchNuGet {
name = "NBitcoin.Altcoins";
version = "2.0.16";
sha256 = "0fsdb96k5lwyq4d7h7yg91qghima08yk0bsw5cvr4h2jsfphk423";
version = "2.0.21";
sha256 = "0xmygiwjlia7fbxy63893jb15g6fxggxxr9bbm8znd9bs3jzp2g1";
})
(fetchNuGet {
name = "NBitcoin";
@ -726,13 +726,8 @@
})
(fetchNuGet {
name = "NBitcoin";
version = "5.0.45";
sha256 = "102vwxwkg367yxv26hycnc7hjxlv2zvsgr8g6adw8dmzsxck5fwk";
})
(fetchNuGet {
name = "NBitcoin";
version = "5.0.51";
sha256 = "0rg014sl7rqscnranwyfk41xfr5ccjqyx7aidfl5mh0znz44db2g";
version = "5.0.60";
sha256 = "0pin4ldfz5lfxyd47mj1ypyp8lmj0v5nq5zvygdjna956vphd39v";
})
(fetchNuGet {
name = "NBitpayClient";
@ -741,8 +736,8 @@
})
(fetchNuGet {
name = "NBXplorer.Client";
version = "3.0.17";
sha256 = "0xx2xshgpci9l9883zpqnmgchpizygy0hcq2wp2ch6yf3hbrj9qq";
version = "3.0.19";
sha256 = "0nahfxdsryf5snjy87770m51v2jcry02lmb10ilsg4h2ig4pjdk4";
})
(fetchNuGet {
name = "NETStandard.Library";
@ -956,8 +951,8 @@
})
(fetchNuGet {
name = "Selenium.WebDriver.ChromeDriver";
version = "83.0.4103.3900";
sha256 = "17j9b637209nm5cs5sgr3vflphkhaxpm8bcjizhgj65r52gn17as";
version = "85.0.4183.8700";
sha256 = "0klyqmwa6yc0ibbmci51mzb2vl6n13qlk06chc9w78i0a43fs382";
})
(fetchNuGet {
name = "Selenium.WebDriver";

View file

@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core }:
stdenv.mkDerivation rec {
pname = "exodus";
version = "20.11.21";
version = "20.11.23";
src = fetchurl {
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
sha256 = "1q6sh2jhngvihkxjprkcd1php6r7m6qkxsijx8d3azzlgj9nbf2n";
sha256 = "0hcvgph2m4nbrarhw2cggc8q5jxwnibiz2mbkypgizphk5svdj9l";
};
sourceRoot = ".";

View file

@ -15,13 +15,13 @@ in
stdenv.mkDerivation rec {
pname = "nbxplorer";
version = "2.1.42";
version = "2.1.46";
src = fetchFromGitHub {
owner = "dgarage";
repo = "NBXplorer";
rev = "v${version}";
sha256 = "01q6n7095rrha00xs3l7igzfb9rd743z8crxa2dcz4q5srapfzpi";
sha256 = "1aph7yiwmch7s7x1qkzqv1shs3v6kg8i2s7266la0yp9ksf3w35p";
};
nativeBuildInputs = [ dotnetSdk dotnetPackages.Nuget makeWrapper ];

View file

@ -31,8 +31,8 @@
})
(fetchNuGet {
name = "Microsoft.CodeCoverage";
version = "16.6.1";
sha256 = "01ffm4nflqdb93vq4xl0j3377x360fgx6c6h12mpkcy85ixbv3rl";
version = "16.7.1";
sha256 = "1farw63445cdyciplfs6l9j1gayxw16rkzmrwsiswfyjhqz70xd4";
})
(fetchNuGet {
name = "Microsoft.CSharp";
@ -126,8 +126,8 @@
})
(fetchNuGet {
name = "Microsoft.NET.Test.Sdk";
version = "16.6.1";
sha256 = "0jjdg468jc6pv2z764f3xc19lcr772nzjm9cjfqq3bqw8vkpzmhv";
version = "16.7.1";
sha256 = "0yqxipj74ax2n76w9ccydppx78ym8m5fda88qnvj4670qjvl0kf8";
})
(fetchNuGet {
name = "Microsoft.NETCore.Platforms";
@ -156,13 +156,13 @@
})
(fetchNuGet {
name = "Microsoft.TestPlatform.ObjectModel";
version = "16.6.1";
sha256 = "0q98q1nw6jl4bajm66z4a9vvh928w8ffsd3k6fpsps23ykpsky7h";
version = "16.7.1";
sha256 = "0s9dyh99gzdpk1i5v468i2r9m6i3jrr41r394pwdwiajsz99kay0";
})
(fetchNuGet {
name = "Microsoft.TestPlatform.TestHost";
version = "16.6.1";
sha256 = "0anzvb2mda548swb2ll1hv65knb8gwjm01hwbl0pzzr607my3lix";
version = "16.7.1";
sha256 = "1xik06rxn9ps83in0zn9vcl2ibv3acmdqvrx07qq89lxj1sgqlhs";
})
(fetchNuGet {
name = "Microsoft.Win32.Primitives";
@ -181,18 +181,23 @@
})
(fetchNuGet {
name = "NBitcoin.Altcoins";
version = "2.0.19";
sha256 = "12a3bf1pi6sq78z6h3clyczvycx7cjry8fby4fyi748wjwljjizz";
version = "2.0.21";
sha256 = "0xmygiwjlia7fbxy63893jb15g6fxggxxr9bbm8znd9bs3jzp2g1";
})
(fetchNuGet {
name = "NBitcoin.TestFramework";
version = "2.0.11";
sha256 = "09jrbq9p5k67kdic2038s7q299y2nc8ij6m55m3m8hys7jdrrv05";
version = "2.0.12";
sha256 = "1d6lmymc9x3p74c8hc2x3m61ncnkqqgrddw9cw2m0zkvilkncsns";
})
(fetchNuGet {
name = "NBitcoin";
version = "5.0.54";
sha256 = "0mx2gr8j8bc4mf1vi1fvqj3672qalxvzvincc61if79p46cik24b";
version = "5.0.58";
sha256 = "0qim9xbbj380254iyi1jsh2gnr90ddwd2593jw9a8bjwnlk7qr2c";
})
(fetchNuGet {
name = "NBitcoin";
version = "5.0.60";
sha256 = "0pin4ldfz5lfxyd47mj1ypyp8lmj0v5nq5zvygdjna956vphd39v";
})
(fetchNuGet {
name = "NETStandard.Library";
@ -1061,8 +1066,8 @@
})
(fetchNuGet {
name = "xunit.runner.visualstudio";
version = "2.4.2";
sha256 = "0fi85h43nyrhfc5jzg07znh01r7cpb7bpjdc6mzb9z1pm14ppfm6";
version = "2.4.3";
sha256 = "0j1d0rbcm7pp6dypi61sjxp8l22sv261252z55b243l39jgv2rp3";
})
(fetchNuGet {
name = "xunit";

View file

@ -307,12 +307,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2020.2.4"; /* updated by script */
version = "2020.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "1rlw01aq6ci46xv4d4877k30309jjws29kwhriy98xf804msyzyb"; /* updated by script */
sha256 = "0x1nsjw1m03iq7sd9i2qqlyribrzgi8yh6k5hnb630kvrxr8pxy6"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -320,12 +320,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2020.2.4"; /* updated by script */
version = "2020.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "05qr8jiasqxmkgi9v52g7hgpdf7pkkjcp42bbkh1f4zgvq81p5py"; /* updated by script */
sha256 = "1l6bvfgzp27113rjy1y3jvp09cqx8gpnbgpwp83vsph7x0dhx8a3"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -333,12 +333,12 @@ in
mps = buildMps rec {
name = "mps-${version}";
version = "2020.2.2"; /* updated by script */
version = "2020.2.3"; /* updated by script */
description = "Create your own domain-specific language";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/mps/2020.2/MPS-${version}.tar.gz";
sha256 = "1a09yahky8ii2dypj69m89c3yh7akn7sa74n0j0mff7r46ad421y"; /* updated by script */
sha256 = "1wd3d8pc155m54y5p2056p0x93v2nv9457i7la53ibbs7rj1j7kw"; /* updated by script */
};
wmClass = "jetbrains-mps";
update-channel = "MPS RELEASE";
@ -359,12 +359,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2020.2.4"; /* updated by script */
version = "2020.2.5"; /* updated by script */
description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "196hhb4n52a50w50awx01ksyl5dkrbdmnz8sb9di5ihni7043p97"; /* updated by script */
sha256 = "0jkc26y3v94jj8q7dxq1py59is2whh45b890iac5adg6x670z3s6"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm RELEASE";
@ -372,12 +372,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2020.2.4"; /* updated by script */
version = "2020.2.5"; /* updated by script */
description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0dwd9gvi8n3igza95pil3mf7azxn131830rvfzdvnvrzj9yb2q8l"; /* updated by script */
sha256 = "04imfgr45gvicjjgqzdcdmbnbiszjma3s40k2pgqs5nn6wbrw3dd"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm RELEASE";
@ -398,12 +398,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2020.2.4"; /* updated by script */
version = "2020.3"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "0bpkl8phc16yjm7qjfbg42rm7sbfwbrjva7w0qiwiw9ibwvs90id"; /* updated by script */
sha256 = "0ij6j9bxfqzj8gnrhhdgai22s1n5swd4waxd5zjvmv7q9j9cb2l5"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine RELEASE";
@ -411,12 +411,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2020.2.4"; /* updated by script */
version = "2020.3"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "0l97nk9psb8g0sxm148fcz0x2v9mwqblffigrz2rmac3gd275s7f"; /* updated by script */
sha256 = "0sk7slwfr9jasid09hxw81sik5srn35vif3pbzpybig3yszbv6ld"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

View file

@ -12,4 +12,5 @@
kak-powerline = pkgs.callPackage ./kak-powerline.nix { };
kak-prelude = pkgs.callPackage ./kak-prelude.nix { };
kak-vertical-selection = pkgs.callPackage ./kak-vertical-selection.nix { };
openscad-kak = pkgs.callPackage ./openscad.kak.nix { };
}

View file

@ -0,0 +1,25 @@
{ stdenv, fetchFromGitHub }:
stdenv.mkDerivation {
pname = "openscad.kak";
version = "unstable-2019-11-08";
src = fetchFromGitHub {
owner = "mayjs";
repo = "openscad.kak";
rev = "d9143d5e7834e3356b49720664d5647cab9db7cc";
sha256 = "0j4dqhrn56z77hdalfdxagwz8h6nwr8s9i4w0bs2644k72lsm2ix";
};
installPhase = ''
install -Dm644 rc/openscad.kak -t $out/share/kak/autoload/plugins/
'';
meta = with stdenv.lib; {
description = "Syntax highlighting for OpenSCAD files";
homepage = "https://github.com/mayjs/openscad.kak";
license = licenses.unlicense;
maintainers = with maintainers; [ eraserhd ];
platforms = platforms.all;
};
}

View file

@ -16,11 +16,11 @@ let
in stdenv.mkDerivation rec {
pname = "nano";
version = "5.3";
version = "5.4";
src = fetchurl {
url = "mirror://gnu/nano/${pname}-${version}.tar.xz";
sha256 = "0lj3fcfzprmv9raydx8yq25lw81bs6g40rhd0fv9d6idcb7wphf5";
sha256 = "1sc6xl9935k9s9clkv83hapijka4qknfnj6f15c3b1i2n84396gy";
};
nativeBuildInputs = [ texinfo ] ++ optional enableNls gettext;

View file

@ -53,5 +53,8 @@ in mkDerivation rec {
license = lib.licenses.gpl2Plus;
platforms = with lib.platforms; linux;
maintainers = with lib.maintainers; [ lsix ];
# Our 3.10 LTS cannot use a newer Qt (5.15) version because it requires qtwebkit
# and our qtwebkit fails to build with 5.15. 01bcfd3579219d60e5d07df309a000f96b2b658b
broken = true;
};
}

View file

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "avocode";
version = "4.10.3";
version = "4.10.4";
src = fetchurl {
url = "https://media.avocode.com/download/avocode-app/${version}/avocode-${version}-linux.zip";
sha256 = "1ngyd3sfnhf8hpi015pgbms5bspc30lzrpfpw3jp992i4mzcjq0z";
sha256 = "06xf5y2mljk3pd74ap9n90bhhidbzpg5c6wws361ygd4f3x86c46";
};
libPath = stdenv.lib.makeLibraryPath (with xorg; [

View file

@ -7,11 +7,11 @@ with stdenv.lib;
stdenv.mkDerivation rec {
pname = "feh";
version = "3.5";
version = "3.6";
src = fetchurl {
url = "https://feh.finalrewind.org/${pname}-${version}.tar.bz2";
sha256 = "07jklibpi4ig9pbdrwhllsfffxn2h8xf4ma36qii00w4hb69v3rq";
sha256 = "1n6gbyzlc3kx2cq9wfz7azn7mrjmcc9pq436k1n4mrh0lik5sxw7";
};
outputs = [ "out" "man" "doc" ];

View file

@ -21,13 +21,13 @@
stdenv.mkDerivation rec {
pname = "fondo";
version = "1.3.10";
version = "1.4.0";
src = fetchFromGitHub {
owner = "calo001";
repo = pname;
rev = version;
sha256 = "0yrbcngmwhn5gl5if9w2cx8shh33zk5fd6iqwnapsq8y0lzq6ppr";
sha256 = "0cdcn4qmdryk2x327f1z3pq8pg4cb0q1jr779gh8s6nqajyk8nqm";
};
nativeBuildInputs = [

View file

@ -18,7 +18,7 @@
, typescript
}:
stdenv.mkDerivation rec {
name = "imgbrd-grabber";
pname = "imgbrd-grabber";
version = "7.3.2";
src = fetchFromGitHub {
@ -84,4 +84,11 @@ stdenv.mkDerivation rec {
'';
sourceRoot = "source/src";
meta = with stdenv.lib; {
description = "Very customizable imageboard/booru downloader with powerful filenaming features";
license = licenses.asl20;
homepage = "https://bionus.github.io/imgbrd-grabber/";
maintainers = [ maintainers.evanjs ];
};
}

View file

@ -2,13 +2,13 @@
buildPythonApplication rec {
pname = "imgp";
version = "2.7";
version = "2.8";
src = fetchFromGitHub {
owner = "jarun";
repo = pname;
rev = "v${version}";
sha256 = "13r4fn3dd0nyidfhrr7zzpls5ifbyqdwxhyvpkqr8ahchws7wfc6";
sha256 = "1miabaxd5pwxn0va4drzj1d4ppxvyqsrrd4xw1j6qr52yci0lms8";
};
propagatedBuildInputs = [ pillow ];

View file

@ -1,8 +1,12 @@
{ stdenv, buildGoPackage, fetchFromGitHub }:
{ stdenv
, buildGoPackage
, unstableGitUpdater
, fetchFromGitHub
}:
buildGoPackage rec {
pname = "meme-unstable";
version = "2017-09-10";
pname = "meme";
version = "unstable-2017-09-10";
owner = "nomad-software";
repo = "meme";
@ -14,6 +18,8 @@ buildGoPackage rec {
sha256 = "1gbsv1d58ck6mj89q31s5b0ppw51ab76yqgz39jgwqnkidvzdfly";
};
passthru.updateScript = unstableGitUpdater { };
meta = with stdenv.lib; {
description = "A command line utility for creating image macro style memes";
homepage = "https://github.com/nomad-software/meme";

View file

@ -4,13 +4,13 @@
stdenv.mkDerivation (rec {
pname = "pqiv";
version = "2.11";
version = "2.12";
src = fetchFromGitHub {
owner = "phillipberndt";
repo = "pqiv";
rev = version;
sha256 = "06cwm28b7j1skwp21s5snmj1pqh3xh6y2i5v4w3pz0b8k3053h9i";
sha256 = "18nvrqmlifh4m8nfs0d19sb9d1l3a95xc89qxqdr881jcxdsgflw";
};
nativeBuildInputs = [ pkgconfig ];

View file

@ -13,14 +13,14 @@ let
pythonPackages = python3Packages;
in
mkDerivation rec {
version = "1.10";
version = "1.11";
pname = "renderdoc";
src = fetchFromGitHub {
owner = "baldurk";
repo = "renderdoc";
rev = "v${version}";
sha256 = "1ibf2lv3q69fkzv1nsva2mbdjlayrpxicrd96d9nfcw64f2mv6ds";
sha256 = "01r4fq03fpyhwvn47wx3dw29vcadcd0qml00h36q38cq3pi9x42j";
};
buildInputs = [

View file

@ -0,0 +1,57 @@
{ stdenv, lib, python3, fetchPypi, appdirs, attrs, requests,
beautifulsoup4, click-plugins, elasticsearch, flask_login, flask_wtf,
pypandoc, python-dotenv, python-frontmatter, tinydb, validators,
watchdog, wtforms }:
python3.pkgs.buildPythonApplication rec {
pname = "archivy";
version = "0.8.5";
src = fetchPypi {
inherit pname version;
sha256 = "144ckgxjaw29yp5flyxd1rnkm7hlim4zgy6xng7x0a9j54h527iq";
};
# Relax some dependencies
postPatch = ''
substituteInPlace requirements.txt \
--replace 'validators ==' 'validators >=' \
--replace 'elasticsearch ==' 'elasticsearch >=' \
--replace 'python-dotenv ==' 'python-dotenv >=' \
--replace 'beautifulsoup4 ==' 'beautifulsoup4 >=' \
--replace 'WTForms ==' 'WTForms >=' \
--replace 'python_dotenv ==' 'python_dotenv >=' \
--replace 'attrs == 20.2.0' 'attrs' \
--replace 'python_frontmatter == 0.5.0' 'python_frontmatter' \
--replace 'requests ==' 'requests >='
'';
propagatedBuildInputs = [
appdirs
attrs
beautifulsoup4
click-plugins
elasticsearch
flask_login
flask_wtf
pypandoc
python-dotenv
python-frontmatter
tinydb
requests
validators
watchdog
wtforms
];
# __init__.py attempts to mkdir in read-only file system
doCheck = false;
meta = with stdenv.lib; {
description = "Self-hosted knowledge repository";
homepage = "https://archivy.github.io";
license = licenses.mit;
maintainers = with maintainers; [ siraben ];
platforms = platforms.unix;
};
}

View file

@ -1,85 +0,0 @@
{ stdenv
, fetchFromGitHub
, cmake
, jsoncpp
, libjson-rpc-cpp
, curl
, boost
, leveldb
, cryptopp
, libcpuid
, opencl-headers
, ocl-icd
, miniupnpc
, libmicrohttpd
, gmp
, libGLU, libGL
, extraCmakeFlags ? []
}:
stdenv.mkDerivation rec {
pname = "cpp-ethereum";
version = "1.3.0";
src = fetchFromGitHub {
owner = "ethereum";
repo = "cpp-ethereum";
rev = "62ab9522e58df9f28d2168ea27999a214b16ea96";
sha256 = "1fxgpqhmjhpv0zzs1m3yf9h8mh25dqpa7pmcfy7f9qiqpfdr4zq9";
};
cmakeFlags = [ "-DCMAKE_BUILD_TYPE=Release" extraCmakeFlags ];
configurePhase = ''
export BOOST_INCLUDEDIR=${boost.dev}/include
export BOOST_LIBRARYDIR=${boost.out}/lib
mkdir -p Build/Install
pushd Build
cmake .. -DCMAKE_INSTALL_PREFIX=$(pwd)/Install $cmakeFlags
'';
enableParallelBuilding = true;
runPath = with stdenv.lib; makeLibraryPath ([ stdenv.cc.cc ] ++ buildInputs);
installPhase = ''
make install
mkdir -p $out
for f in Install/lib/*.so* $(find Install/bin -executable -type f); do
patchelf --set-rpath $runPath:$out/lib $f
done
cp -r Install/* $out
'';
buildInputs = [
cmake
jsoncpp
libjson-rpc-cpp
curl
boost
leveldb
cryptopp
libcpuid
opencl-headers
ocl-icd
miniupnpc
libmicrohttpd
gmp
libGLU libGL
];
dontStrip = true;
meta = with stdenv.lib; {
description = "Ethereum C++ client";
homepage = "https://github.com/ethereum/cpp-ethereum";
license = licenses.gpl3;
maintainers = with maintainers; [ artuuge ];
platforms = platforms.linux;
broken = true; # 2018-04-10
};
}

View file

@ -5,13 +5,13 @@
buildGoModule rec {
pname = "dasel";
version = "1.6.2";
version = "1.8.0";
src = fetchFromGitHub {
owner = "TomWright";
repo = pname;
rev = "v${version}";
sha256 = "sha256-LGrFs9JNb0gjXg6IRkUfUOWS+sr1nukzOEWK4XUfkfw=";
sha256 = "sha256-N27XmrbZTLeNkNvGDsChqKZrAagkQoGFaJeeZ1/Qnkw=";
};
vendorSha256 = "1552k85z4s6gv7sss7dccv3h8x22j2sr12icp6s7s0a3i4iwyksw";

View file

@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
pname = "dbeaver-ce";
version = "7.2.5";
version = "7.3.0";
desktopItem = makeDesktopItem {
name = "dbeaver";
@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://dbeaver.io/files/${version}/dbeaver-ce-${version}-linux.gtk.x86_64.tar.gz";
sha256 = "sha256-CRyAeizhaSDmVFGRhrYIW0Ofli9HnkgItiAGRJAETQM=";
sha256 = "sha256-JhEF2/97vo2FgzpCFkuc31aLl9qjKHV8RYXO5oBU1no=";
};
installPhase = ''

View file

@ -8,11 +8,11 @@ GEM
gemojione (4.3.3)
json
github-markup (3.0.5)
gollum (5.1.1)
gollum (5.1.2)
gemojione (~> 4.1)
gollum-lib (~> 5.0)
kramdown (~> 2.3)
kramdown-parser-gfm (~> 1.0.0)
kramdown-parser-gfm (~> 1.1.0)
mustache (>= 0.99.5, < 1.0.0)
octicons (~> 8.5)
rss (~> 0.2.9)
@ -39,7 +39,7 @@ GEM
json (2.3.1)
kramdown (2.3.0)
rexml
kramdown-parser-gfm (1.0.1)
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
loofah (2.8.0)
crass (~> 1.0.2)

View file

@ -66,10 +66,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "14i6y3ilv9l7cqvkawl75js26cfj1pd8cphhmq9lic95ajvdf371";
sha256 = "0pmvxj7pka7pjpw060a9pfxsci1hmx45hk9hbp5m49xkkiiqf1gx";
type = "gem";
};
version = "5.1.1";
version = "5.1.2";
};
gollum-lib = {
dependencies = ["gemojione" "github-markup" "gollum-rugged_adapter" "loofah" "nokogiri" "octicons" "rouge" "twitter-text"];
@ -120,10 +120,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ykna2apphld9llmjnz0210fipp4fkmj2ja18l7iz9xikg0h0ihi";
sha256 = "0a8pb3v951f4x7h968rqfsa19c8arz21zw1vaj42jza22rap8fgv";
type = "gem";
};
version = "1.0.1";
version = "1.1.0";
};
loofah = {
dependencies = ["crass" "nokogiri"];

View file

@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
pname = "gpx";
version = "2.6.7";
version = "2.6.8";
nativeBuildInputs = [ autoreconfHook ];
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
owner = "markwal";
repo = "GPX";
rev = version;
sha256 = "1dl5vlsx05ipy10h18xigicb3k7m33sa9hfyd46hkpr2glx7jh4p";
sha256 = "1izs8s5npkbfrsyk17429hyl1vyrbj9dp6vmdlbb2vh6mfgl54h8";
};
meta = {

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "hugo";
version = "0.78.2";
version = "0.79.0";
src = fetchFromGitHub {
owner = "gohugoio";
repo = pname;
rev = "v${version}";
sha256 = "1xjxyx520wa6sgvighjp82qqfi0ykfskp0za5j95167c56ss8lm4";
sha256 = "0i9c12w0jlfrqb5gygfn20rn41m7qy6ab03n779wbzwfqqz85mj6";
};
vendorSha256 = "00jjcw76l12ppx3q1xhly7q10jfi2kx62a8z3r1k7m2593k8c4vq";
vendorSha256 = "0jb6aqdv9yx7fxbkgd73rx6kvxagxscrin5b5bal3ig7ys1ghpsp";
doCheck = false;

View file

@ -0,0 +1,77 @@
{ stdenv
, autoPatchelfHook
, curl
, dpkg
, fetchurl
, gcc
, lib
, libGLU
, libcork
, makeDesktopItem
, qt5
, quazip_qt4
, zlib
}:
stdenv.mkDerivation rec {
pname = "ideamaker";
version = "4.0.1";
src = fetchurl {
# N.B. Unfortunately ideamaker adds a number after the patch number in
# their release scheme which is not referenced anywhere other than in
# the download URL. Because of this, I have chosen to not use ${version}
# and just handwrite the correct values in the following URL, hopefully
# avoiding surprises for the next person that comes to update this
# package.
url = "https://download.raise3d.com/ideamaker/release/4.0.1/ideaMaker_4.0.1.4802-ubuntu_amd64.deb";
sha256 = "0a1jcakdglcr4kz0kyq692dbjk6aq2yqcp3i6gzni91k791h49hp";
};
nativeBuildInputs = [ autoPatchelfHook dpkg qt5.wrapQtAppsHook ];
buildInputs = [
curl
gcc.cc.lib
libGLU
libcork
qt5.qtbase
qt5.qtserialport
quazip_qt4
zlib
];
unpackPhase = ''
runHook preUnpack
dpkg-deb -x $src .
runHook postUnpack
'';
installPhase = ''
runHook preInstall
mkdir -p $out/{bin,share/pixmaps}
cp usr/lib/x86_64-linux-gnu/ideamaker/ideamaker $out/bin
ln -s "${desktopItem}/share/applications" $out/share/
cp usr/share/ideamaker/icons/ideamaker-icon.png $out/share/pixmaps/${pname}.png
runHook postInstall
'';
desktopItem = makeDesktopItem {
name = pname;
exec = pname;
icon = pname;
desktopName = "Ideamaker";
genericName = meta.description;
categories = "Utility;Viewer;Engineering;";
mimeType = "application/sla";
};
meta = with lib; {
homepage = "https://www.raise3d.com/ideamaker/";
description = "Raise3D's 3D slicer software";
license = licenses.unfree;
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ lovesegfault ];
};
}

View file

@ -4,7 +4,7 @@ let
throwSystem = throw "Unsupported system: ${system}";
pname = "keeweb";
version = "1.15.7";
version = "1.16.0";
name = "${pname}-${version}";
suffix = {
@ -15,8 +15,8 @@ let
src = fetchurl {
url = "https://github.com/keeweb/keeweb/releases/download/v${version}/KeeWeb-${version}.${suffix}";
sha256 = {
x86_64-linux = "0cy0avl0m07xs523xm0rzsmifl28sv4rjb2jj3x492qmr2v64ckk";
x86_64-darwin = "0r8c3zi0ibj0bb0gfc1axfn0y4qpjqfr0xpcxf810d65kaz6wic4";
x86_64-linux = "1pivic7n5nv00s8bb51i2jz2mxgjn92hkc8n0p8662ai1cdng47g";
x86_64-darwin = "0q6k0qgkgzid9yjbfsfpp8l9dr0n8xp25a4jf2bxwickm4irs9mz";
}.${system} or throwSystem;
};

View file

@ -3,12 +3,12 @@
}:
mkDerivation rec {
version = "2.3.5.2";
version = "2.3.6";
pname = "lyx";
src = fetchurl {
url = "ftp://ftp.lyx.org/pub/lyx/stable/2.3.x/${pname}-${version}.tar.xz";
sha256 = "1pwdh0ljd7lm5a83vsqmp4695irhig07wxa90jc23ng5gap589na";
sha256 = "160whjwwrmxizdakjlkf9xc86bhqfnslw47fixgqq4qhbapcxxkg";
};
# LaTeX is used from $PATH, as people often want to have it with extra pkgs

View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "navi";
version = "2.12.1";
version = "2.13.0";
src = fetchFromGitHub {
owner = "denisidoro";
repo = "navi";
rev = "v${version}";
sha256 = "1vrj8ad004h6jgmcb56f3f19s4xk6gvcpwysj78bxzgpa1998r3r";
sha256 = "04ks38s6d3nkdj0arhxw8f3sfw796l97fbqxsm7b9g5d2953a6cs";
};
cargoSha256 = "0yifgcf2pfszzny523ax7pb9a5r3012nynbnhdqg0j1ia1pdymf3";
cargoSha256 = "1zwar1l793809bsgqnwrgi50y76bd78qd4s8lw6d64f4z72dh80g";
nativeBuildInputs = [ makeWrapper ];

View file

@ -30,12 +30,12 @@ let
in stdenv.mkDerivation rec {
pname = "obsidian";
version = "0.9.15";
version = "0.9.17";
src = fetchurl {
url =
"https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/obsidian-${version}.asar.gz";
sha256 = "0cfzci2l1bbjc5mqs3hjyy3grz5jk3qbna57vfcvxz36kcd5djv5";
sha256 = "0spa5zsipd456dcsp7ww24ab5vk4vmwyvrdmraw3hcsbnj9vcnwa";
};
nativeBuildInputs = [ makeWrapper graphicsmagick ];

View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "pueue";
version = "0.8.1";
version = "0.8.2";
src = fetchFromGitHub {
owner = "Nukesor";
repo = pname;
rev = "v${version}";
sha256 = "0rqnbils0r98qglhm2jafw5d119fqdzszmk825yc0bma4icm7xzp";
sha256 = "1vdlsfnqnyri0ny2g695lhivs9m25v9lsqf1valwbjv9l9vjxfqa";
};
cargoSha256 = "1f3g5i0yh82qll1hyihrvv08pbd4h9vzs6jy6bf94bzabyjsgnzv";
cargoSha256 = "0qziwb69qpbziz772np8dcb1dvxg6m506k5kl63m75z4zicgykcv";
nativeBuildInputs = [ installShellFiles ];

View file

@ -158,7 +158,7 @@ stdenv.mkDerivation rec {
contribute to your favorite creators automatically.
'';
license = licenses.mpl20;
maintainers = with maintainers; [ uskudnik rht jefflabonte ];
maintainers = with maintainers; [ uskudnik rht jefflabonte nasirhm ];
platforms = [ "x86_64-linux" ];
};
}

View file

@ -31,9 +31,9 @@
}
},
"dev": {
"version": "88.0.4324.11",
"sha256": "123gqbxrn508wxdj3is0kzccml5zwnf8pfl90xdizvzcm3wy5315",
"sha256bin64": "11bswhxpnw7qi6lagfpgxh4yh56w7l0bc3rqwf975cbq2cnzpjby",
"version": "88.0.4324.27",
"sha256": "0mciiyh3sn2zrl8g6znylc2pm9sb0wzsclgavf7mmlknri5sjblc",
"sha256bin64": "0ax27j42167yyx90h5k6ra898kn626w5cvgmafm3al9kyfsx36m4",
"deps": {
"gn": {
"version": "2020-11-05",

View file

@ -118,6 +118,7 @@ buildStdenv.mkDerivation ({
patches = [
./env_var_for_system_dir.patch
./no-buildconfig-ffx76.patch
] ++
# there are two flavors of pipewire support

View file

@ -1,4 +1,4 @@
{ config, stdenv, lib, callPackage, fetchurl, nss_3_44 }:
{ stdenv, lib, callPackage, fetchurl, fetchpatch }:
let
common = opts: callPackage (import ./common.nix opts) {};
@ -14,7 +14,14 @@ rec {
};
patches = [
./no-buildconfig-ffx76.patch
# Fix compilation on aarch64 with newer rust version
# See https://bugzilla.mozilla.org/show_bug.cgi?id=1677690
# and https://bugzilla.redhat.com/show_bug.cgi?id=1897675
(fetchpatch {
name = "aarch64-simd-bgz-1677690.patch";
url = "https://github.com/mozilla/gecko-dev/commit/71597faac0fde4f608a60dd610d0cefac4972cc3.patch";
sha256 = "1f61nsgbv2c2ylgjs7wdahxrrlgc19gjy5nzs870zr1g832ybwin";
})
];
meta = {
@ -41,10 +48,6 @@ rec {
sha512 = "20h53cn7p4dds1yfm166iwbjdmw4fkv5pfk4z0pni6x8ddjvg19imzs6ggmpnfhaji8mnlknm7xp5j7x9vi24awvdxdds5n88rh25hd";
};
patches = [
./no-buildconfig-ffx76.patch
];
meta = {
description = "A web browser built from Firefox Extended Support Release source tree";
homepage = "http://www.mozilla.com/en-US/firefox/";

View file

@ -1,4 +1,5 @@
{ stdenv, lib, makeDesktopItem, makeWrapper, lndir, config
, replace, fetchurl, zip, unzip, jq
## various stuff that can be plugged in
, flashplayer, hal-flash
@ -31,6 +32,16 @@ let
, forceWayland ? false
, useGlvnd ? true
, cfg ? config.${browserName} or {}
## Following options are needed for extra prefs & policies
# For more information about anti tracking (german website)
# visit https://wiki.kairaven.de/open/app/firefox
, extraPrefs ? ""
# For more information about policies visit
# https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
, extraPolicies ? {}
, firefoxLibName ? "firefox" # Important for tor package or the like
, extraExtensions ? [ ]
}:
assert forceWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used
@ -81,6 +92,61 @@ let
++ pkcs11Modules;
gtk_modules = [ libcanberra-gtk2 ];
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
policiesJson = builtins.toFile "policies.json"
(builtins.toJSON enterprisePolicies);
extensions = builtins.map (a:
if ! (builtins.hasAttr "extid" a) then
throw "extraExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"
else
a
) extraExtensions;
enterprisePolicies =
{
policies = {
DisableAppUpdate = true;
} //
{
ExtensionSettings = {
"*" = {
blocked_install_message = "You can't have manual extension mixed with nix extensions";
installation_mode = "blocked";
};
} // lib.foldr (e: ret:
ret // {
"${e.extid}" = {
installation_mode = "allowed";
};
}
) {} extensions;
}
// extraPolicies;
};
mozillaCfg = builtins.toFile "mozilla.cfg" ''
// First line must be a comment
// Disables addon signature checking
// to be able to install addons that do not have an extid
// Security is maintained because only user whitelisted addons
// with a checksum can be installed
lockPref("xpinstall.signatures.required", false);
${extraPrefs}
'';
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
in stdenv.mkDerivation {
inherit pname version;
@ -106,6 +172,7 @@ let
nativeBuildInputs = [ makeWrapper lndir ];
buildInputs = lib.optional (browser ? gtk3) browser.gtk3;
buildCommand = lib.optionalString stdenv.isDarwin ''
mkdir -p $out/Applications
cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications
@ -117,7 +184,66 @@ let
exit 1
fi
makeWrapper "$(readlink -v --canonicalize-existing "${browser}${browser.execdir or "/bin"}/${browserName}")" \
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# Link the runtime. The executable itself has to be copied,
# because it will resolve paths relative to its true location.
# Any symbolic links have to be replicated as well.
cd "${browser}"
find . -type d -exec mkdir -p "$out"/{} \;
find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \;
find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do
cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f"
chmod a+rwx "$out/$f"
done
# fix links and absolute references
cd "${browser}"
find . -type l -print0 | while read -d $'\0' l; do
target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")"
ln -sfT "$target" "$out/$l"
done
# This will not patch binaries, only "text" files.
# Its there for the wrapper mostly.
cd "$out"
${replace}/bin/replace-literal -esfR -- "${browser}" "$out"
# create the wrapper
executablePrefix="$out${browser.execdir or "/bin"}"
executablePath="$executablePrefix/${browserName}"
if [ ! -x "$executablePath" ]
then
echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'"
exit 1
fi
if [ ! -L "$executablePath" ]
then
# Careful here, the file at executablePath may already be
# a wrapper. That is why we postfix it with -old instead
# of -wrapped.
oldExe="$executablePrefix"/".${browserName}"-old
mv "$executablePath" "$oldExe"
else
oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
fi
if [ ! -x "${browser}${browser.execdir or "/bin"}/${browserName}" ]
then
echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'"
exit 1
fi
makeWrapper "$oldExe" \
"$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \
--suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \
--suffix LD_LIBRARY_PATH ':' "$libs" \
@ -137,6 +263,11 @@ let
--suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share'
''
}
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
if [ -e "${browser}/share/icons" ]; then
mkdir -p "$out/share"
@ -166,6 +297,43 @@ let
# For manpages, in case the program supplies them
mkdir -p $out/nix-support
echo ${browser} > $out/nix-support/propagated-user-env-packages
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# user customization
mkdir -p $out/lib/${firefoxLibName}
# creating policies.json
mkdir -p "$out/lib/${firefoxLibName}/distribution"
POL_PATH="$out/lib/${firefoxLibName}/distribution/policies.json"
rm -f "$POL_PATH"
cat ${policiesJson} >> "$POL_PATH"
# preparing for autoconfig
mkdir -p "$out/lib/${firefoxLibName}/defaults/pref"
cat > "$out/lib/${firefoxLibName}/defaults/pref/autoconfig.js" <<EOF
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
cat > "$out/lib/${firefoxLibName}/mozilla.cfg" < ${mozillaCfg}
mkdir -p $out/lib/${firefoxLibName}/distribution/extensions
for i in ${toString extensions}; do
ln -s -t $out/lib/${firefoxLibName}/distribution/extensions $i/*
done
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
'';
preferLocalBuild = true;

View file

@ -16,14 +16,14 @@ let
in stdenv.mkDerivation rec {
pname = "palemoon";
version = "28.15.0";
version = "28.16.0";
src = fetchFromGitHub {
githubBase = "repo.palemoon.org";
owner = "MoonchildProductions";
repo = "Pale-Moon";
rev = "${version}_Release";
sha256 = "1sbs3gcwfx58mxc0x1g6jklmvpa9dw2bq3i8y9645gfa1s12p8wy";
sha256 = "1svwbiar7c38c8xfw249mwnvayqq5868nkks7cbv9nyf2m9yap56";
fetchSubmodules = true;
};

View file

@ -2,15 +2,15 @@
buildGoModule rec {
pname = "istioctl";
version = "1.7.5";
version = "1.8.0";
src = fetchFromGitHub {
owner = "istio";
repo = "istio";
rev = version;
sha256 = "10h2ak3s74xb1rjvc6bc5yiyq2k8qbv07wxnshiqp5cnd6pjni0w";
sha256 = "0fwc56797gmcg9pcy0jpv5lb0b6wwiqh242xn1chd4a4hp8in7h9";
};
vendorSha256 = "1xj77w2h7qg808v6ll8hm5nvnb2lwky789aikgxli2k6m0cy0c5k";
vendorSha256 = "0ing5pih2rz974dcianlb05fpgrj3y7h32awf3cp41gh448gxd24";
doCheck = false;

View file

@ -1,42 +1,94 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils curl jq
#! nix-shell -i bash -p coreutils curl jq moreutils
# shellcheck shell=bash
# vim: ft=sh
#
# Update a terraform provider to the latest version advertised at the
# provider source address.
#
# Update a terraform provider to the latest version advertised at
# the provider source address.
set -euo pipefail
USAGE=$(cat<<DOC
Specify the terraform provider name to update.
show_usage() {
cat <<DOC
Usage: ./update-provider [--force] [--vendor] [<owner>/]<provider>
Example:
To update nixpkgs.terraform-providers.aws run:
./update-provider aws
Update a single provider in the providers.json inventory file.
For example to update 'terraform-providers.aws' run:
./update-provider aws
If the provider is not in the list already, use the form '<owner>/<provider>'
to add the provider to the list:
./update-provider hetznercloud/hcloud
Options:
* --force: Force the update even if the version matches.
* --vendor: Switch from go package to go modules with vendor.
* --vendor-sha256 <sha256>: Override the SHA256 or "null".
DOC
)
}
provider_name="${1:-}"
if [ -z "$provider_name" ]; then
echo "No providers specified!"
force=
provider=
vendor=
vendorSha256=
while [[ $# -gt 0 ]]; do
case "$1" in
-h | --help)
show_usage
exit
;;
--force)
force=1
shift
;;
--vendor)
force=1
vendor=1
shift
;;
--vendor-sha256)
force=1
vendorSha256=$2
shift 2
;;
*)
if [[ -n "$provider" ]]; then
echo "ERROR: provider name was passed two times: '$provider' and '$1'"
echo "Use --help for more info"
exit 1
fi
provider=$1
shift
esac
done
if [[ -z "$provider" ]]; then
echo "ERROR: No providers specified!"
echo
echo "$USAGE"
show_usage
exit 1
fi
provider_source_address="$(jq -r ".$provider_name.\"provider-source-address\"" providers.json)"
provider_name=$(basename "$provider")
if [ "$provider_source_address" == "null" ]; then
echo "No provider source address specified with provider: $provider_name"
exit 1
fi
# Usage: read_attr <key>
read_attr() {
jq -r ".\"$provider_name\".\"$1\"" providers.json
}
# The provider source address (used inside Terraform `required_providers` block) is
# used to compute the registry API endpoint
#
# registry.terraform.io/hashicorp/aws (provider source address)
# registry.terraform.io/providers/hashicorp/aws (provider URL for the website)
# registry.terraform.io/v1/providers/hashicorp/aws (provider URL for the JSON API)
registry_response=$(curl -s https://"${provider_source_address/\///v1/providers/}")
# Usage: update_attr <key> <value>
update_attr() {
if [[ "$2" == "null" ]]; then
jq -S ".\"$provider_name\".\"$1\" = null" providers.json | sponge providers.json
else
jq -S ".\"$provider_name\".\"$1\" = \"$2\"" providers.json | sponge providers.json
fi
}
prefetch_github() {
# of a given owner, repo and rev, fetch the tarball and return the output of
@ -47,31 +99,80 @@ prefetch_github() {
nix-prefetch-url --unpack "https://github.com/$owner/$repo/archive/$rev.tar.gz"
}
old_source_address="$(read_attr provider-source-address)"
old_vendor_sha256=$(read_attr vendorSha256)
old_version=$(read_attr version)
if [[ $provider =~ ^[^/]+/[^/]+$ ]]; then
source_address=registry.terraform.io/$provider
else
source_address=$old_source_address
fi
if [[ "$source_address" == "null" ]]; then
echo "Could not find the source address for provider: $provider"
exit 1
fi
update_attr "provider-source-address" "$source_address"
# The provider source address (used inside Terraform `required_providers` block) is
# used to compute the registry API endpoint
#
# registry.terraform.io/hashicorp/aws (provider source address)
# registry.terraform.io/providers/hashicorp/aws (provider URL for the website)
# registry.terraform.io/v1/providers/hashicorp/aws (provider URL for the JSON API)
registry_response=$(curl -s https://"${source_address/\///v1/providers/}")
version="$(jq -r '.version' <<< "$registry_response")"
if [[ "$old_version" = "$version" && "$force" != 1 && -z "$vendorSha256" && "$old_vendor_sha256" != "$vendorSha256" ]]; then
echo "$provider_name is already at version $version"
exit
fi
update_attr version "$version"
provider_source_url="$(jq -r '.source' <<< "$registry_response")"
org="$(echo "$provider_source_url" | cut -d '/' -f 4)"
update_attr owner "$org"
repo="$(echo "$provider_source_url" | cut -d '/' -f 5)"
update_attr repo "$repo"
rev="$(jq -r '.tag' <<< "$registry_response")"
update_attr rev "$rev"
sha256=$(prefetch_github "$org" "$repo" "$rev")
update_attr sha256 "$sha256"
version="$(jq -r '.version' <<< "$registry_response")"
repo_root=$(git rev-parse --show-toplevel)
updated_provider="$(mktemp)"
cat <<EOF >> "$updated_provider"
{
"$provider_name": {
"owner": "$org",
"repo": "$repo",
"rev": "$rev",
"sha256": "$sha256",
"version": "$version",
"provider-source-address": "$provider_source_address"
}
}
EOF
if [[ -z "$vendorSha256" ]]; then
if [[ "$old_vendor_sha256" == null ]]; then
vendorSha256=null
elif [[ -n "$old_vendor_sha256" || "$vendor" = 1 ]]; then
echo "=== Calculating vendorSha256 ==="
update_attr vendorSha256 "0000000000000000000000000000000000000000000000000000000000000000"
# Hackish way to find out the desired sha256. First build, then extract the
# error message from the logs.
set +e
nix-build --no-out-link "$repo_root" -A "terraform-providers.$provider_name.go-modules" 2>vendor_log.txt
set -e
logs=$(< vendor_log.txt)
if ! [[ $logs =~ got:\ +([^\ ]+) ]]; then
echo "ERROR: could not find new hash in output:"
cat vendor_log.txt
rm -f vendor_log.txt
exit 1
fi
rm -f vendor_log.txt
vendorSha256=${BASH_REMATCH[1]}
# Deal with nix unstable
if [[ $vendorSha256 = sha256-* ]]; then
vendorSha256=$(nix to-base32 "$vendorSha256")
fi
fi
fi
original_provider_list="$(mktemp)"
cat providers.json > "$original_provider_list"
if [[ -n "$vendorSha256" ]]; then
update_attr vendorSha256 "$vendorSha256"
fi
jq --sort-keys --slurp '.[0] * .[1]' "$original_provider_list" "$updated_provider" > providers.json
# Check that the provider builds
echo "=== Building terraform-providers.$provider_name ==="
nix-build "$repo_root" -A "terraform-providers.$provider_name"

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "rssguard";
version = "3.8.2";
version = "3.8.3";
src = fetchFromGitHub {
owner = "martinrotter";
repo = pname;
rev = version;
sha256 = "0vy89ih586s89s29dzzggk7bkaz70mzrc9islirk01s1jal1jn0v";
sha256 = "1704nj77h6s88l4by3wxl5l770gaig90mv3ix80r00nh8mhzq44q";
};
buildInputs = [ qtwebengine qttools ];

View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "toxic";
version = "0.9.0";
version = "0.9.1";
src = fetchFromGitHub {
owner = "Tox";
repo = "toxic";
rev = "v${version}";
sha256 = "1y0k9vfb4818b3s313jlxbpjwdxd62cc4kc1vpxdjvs8mx543vrv";
sha256 = "1j0yd33sm824dy4mhwfxqkywa46yhqy5hd5wq4lp7lgl6m6mypar";
};
makeFlags = [ "PREFIX=$(out)"];

Some files were not shown because too many files have changed in this diff Show more