Project import generated by Copybara.
GitOrigin-RevId: 988cc958c57ce4350ec248d2d53087777f9e1949
This commit is contained in:
parent
ffe3f91058
commit
5557ff764c
1009 changed files with 35449 additions and 25368 deletions
6
third_party/nixpkgs/.editorconfig
vendored
6
third_party/nixpkgs/.editorconfig
vendored
|
@ -95,3 +95,9 @@ trim_trailing_whitespace = unset
|
|||
|
||||
[pkgs/tools/misc/timidity/timidity.cfg]
|
||||
trim_trailing_whitespace = unset
|
||||
|
||||
[pkgs/tools/virtualization/ovftool/*.ova]
|
||||
end_of_line = unset
|
||||
insert_final_newline = unset
|
||||
trim_trailing_whitespace = unset
|
||||
charset = unset
|
||||
|
|
|
@ -75,7 +75,7 @@ in pkgs.runCommand "doc-support" {}
|
|||
ln -s ${epub-xsl} ./epub.xsl
|
||||
ln -s ${xhtml-xsl} ./xhtml.xsl
|
||||
|
||||
ln -s ${../../nixos/doc/xmlformat.conf} ./xmlformat.conf
|
||||
ln -s ${./xmlformat.conf} ./xmlformat.conf
|
||||
ln -s ${pkgs.documentation-highlighter} ./highlightjs
|
||||
|
||||
echo -n "${version}" > ./version
|
||||
|
|
|
@ -137,7 +137,12 @@ set the default version to a version older than the newest on Hackage. We do
|
|||
this to get them or their reverse dependencies to compile in our package set.
|
||||
4. For all packages, for which the newest Hackage version is not the default
|
||||
version, there will also be a `haskellPackages.foo_x_y_z` package with the
|
||||
newest version.
|
||||
newest version. The `x_y_z` part encodes the version with dots replaced by
|
||||
underscores. When the newest version changes by a new release to Hackage the
|
||||
old package will disappear under that name and be replaced by a newer one under
|
||||
the name with the new version. The package name including the version will
|
||||
also disappear when the default version e.g. from Stackage catches up with the
|
||||
newest version from Hackage.
|
||||
5. For some packages, we also manually add other `haskellPackages.foo_x_y_z`
|
||||
versions, if they are required for a certain build.
|
||||
|
||||
|
@ -161,12 +166,14 @@ given in the `.cabal` file of your package and all its dependencies.
|
|||
|
||||
The [Haskell builder in nixpkgs](#haskell-mkderivation) does no such thing.
|
||||
It will simply take as input packages with names off the desired dependencies
|
||||
and just check whether they fulfill the version bounds and (by default, see
|
||||
`jailbreak`) fail if they don’t.
|
||||
and just check whether they fulfill the version bounds and fail if they don’t
|
||||
(by default, see `jailbreak` to circumvent this).
|
||||
|
||||
The package resolution is done by the `haskellPackages.callPackage` function
|
||||
which will, e.g., use `haskellPackages.aeson` for a package input of name
|
||||
`aeson`.
|
||||
The `haskellPackages.callPackage` function does the package resolution.
|
||||
It will, e.g., use `haskellPackages.aeson`which has the default version as
|
||||
described above for a package input of name `aeson`. (More general:
|
||||
`<packages>.callPackage f` will call `f` with named inputs provided from the
|
||||
package set `<packages>`.)
|
||||
While this is the default behavior, it is possible to override the dependencies
|
||||
for a specific package, see
|
||||
[`override` and `overrideScope`](#haskell-overriding-haskell-packages).
|
||||
|
|
21
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
21
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -95,6 +95,27 @@ installPhase() {
|
|||
genericBuild
|
||||
```
|
||||
|
||||
### Building a `stdenv` package in `nix-shell` {#sec-building-stdenv-package-in-nix-shell}
|
||||
|
||||
To build a `stdenv` package in a [`nix-shell`](https://nixos.org/manual/nix/unstable/command-ref/nix-shell.html), use
|
||||
|
||||
```bash
|
||||
nix-shell '<nixpkgs>' -A some_package
|
||||
eval ${unpackPhase:-unpackPhase}
|
||||
cd $sourceRoot
|
||||
eval ${patchPhase:-patchPhase}
|
||||
eval ${configurePhase:-configurePhase}
|
||||
eval ${buildPhase:-buildPhase}
|
||||
```
|
||||
|
||||
To modify a [phase](#sec-stdenv-phases), first print it with
|
||||
|
||||
```bash
|
||||
type buildPhase
|
||||
```
|
||||
|
||||
then change it in a text editor, and paste it back to the terminal.
|
||||
|
||||
## Tools provided by `stdenv` {#sec-tools-of-stdenv}
|
||||
|
||||
The standard environment provides the following packages:
|
||||
|
|
10
third_party/nixpkgs/lib/options.nix
vendored
10
third_party/nixpkgs/lib/options.nix
vendored
|
@ -337,19 +337,17 @@ rec {
|
|||
|
||||
# Helper functions.
|
||||
|
||||
/* Convert an option, described as a list of the option parts in to a
|
||||
safe, human readable version.
|
||||
/* Convert an option, described as a list of the option parts to a
|
||||
human-readable version.
|
||||
|
||||
Example:
|
||||
(showOption ["foo" "bar" "baz"]) == "foo.bar.baz"
|
||||
(showOption ["foo" "bar.baz" "tux"]) == "foo.bar.baz.tux"
|
||||
(showOption ["foo" "bar.baz" "tux"]) == "foo.\"bar.baz\".tux"
|
||||
(showOption ["windowManager" "2bwm" "enable"]) == "windowManager.\"2bwm\".enable"
|
||||
|
||||
Placeholders will not be quoted as they are not actual values:
|
||||
(showOption ["foo" "*" "bar"]) == "foo.*.bar"
|
||||
(showOption ["foo" "<name>" "bar"]) == "foo.<name>.bar"
|
||||
|
||||
Unlike attributes, options can also start with numbers:
|
||||
(showOption ["windowManager" "2bwm" "enable"]) == "windowManager.2bwm.enable"
|
||||
*/
|
||||
showOption = parts: let
|
||||
escapeOptionPart = part:
|
||||
|
|
|
@ -1417,6 +1417,12 @@
|
|||
githubId = 12958979;
|
||||
name = "Mika Naylor";
|
||||
};
|
||||
avakhrenev = {
|
||||
email = "avakhrenev@gmail.com";
|
||||
github = "avakhrenev";
|
||||
githubId = 1060224;
|
||||
name = "Alexey Vakhrenev";
|
||||
};
|
||||
avaq = {
|
||||
email = "nixpkgs@account.avaq.it";
|
||||
github = "Avaq";
|
||||
|
@ -2461,6 +2467,12 @@
|
|||
githubId = 3471749;
|
||||
name = "Claudio Bley";
|
||||
};
|
||||
cbrewster = {
|
||||
email = "cbrewster@hey.com";
|
||||
github = "cbrewster";
|
||||
githubId = 9086315;
|
||||
name = "Connor Brewster";
|
||||
};
|
||||
cburstedde = {
|
||||
email = "burstedde@ins.uni-bonn.de";
|
||||
github = "cburstedde";
|
||||
|
@ -3398,6 +3410,12 @@
|
|||
githubId = 6754950;
|
||||
name = "David Armstrong Lewis";
|
||||
};
|
||||
davidcromp = {
|
||||
email = "davidcrompton1192@gmail.com";
|
||||
github = "DavidCromp";
|
||||
githubId = 10701143;
|
||||
name = "David Crompton";
|
||||
};
|
||||
davidrusu = {
|
||||
email = "davidrusu.me@gmail.com";
|
||||
github = "davidrusu";
|
||||
|
@ -3756,12 +3774,6 @@
|
|||
githubId = 14034137;
|
||||
name = "Mostly Void";
|
||||
};
|
||||
dizfer = {
|
||||
email = "david@izquierdofernandez.com";
|
||||
github = "DIzFer";
|
||||
githubId = 8852888;
|
||||
name = "David Izquierdo";
|
||||
};
|
||||
djacu = {
|
||||
email = "daniel.n.baker@gmail.com";
|
||||
github = "djacu";
|
||||
|
@ -5912,6 +5924,15 @@
|
|||
githubId = 41522204;
|
||||
name = "hexchen";
|
||||
};
|
||||
heyimnova = {
|
||||
email = "git@heyimnova.dev";
|
||||
github = "heyimnova";
|
||||
githubId = 115728866;
|
||||
name = "Nova Witterick";
|
||||
keys = [{
|
||||
fingerprint = "4304 6B43 8D83 078E 3DF7 10D6 DEB0 E15C 6D2A 5A7C";
|
||||
}];
|
||||
};
|
||||
hh = {
|
||||
email = "hh@m-labs.hk";
|
||||
github = "HarryMakes";
|
||||
|
@ -7293,6 +7314,12 @@
|
|||
github = "jorsn";
|
||||
githubId = 4646725;
|
||||
};
|
||||
joshniemela = {
|
||||
name = "Joshua Niemelä";
|
||||
email = "josh@jniemela.dk";
|
||||
github = "joshniemela";
|
||||
githubId = 88747315;
|
||||
};
|
||||
joshuafern = {
|
||||
name = "Joshua Fern";
|
||||
email = "joshuafern@protonmail.com";
|
||||
|
@ -8573,6 +8600,12 @@
|
|||
githubId = 22085373;
|
||||
name = "Luis Hebendanz";
|
||||
};
|
||||
luizirber = {
|
||||
email = "nixpkgs@luizirber.org";
|
||||
github = "luizirber";
|
||||
githubId = 6642;
|
||||
name = "Luiz Irber";
|
||||
};
|
||||
luizribeiro = {
|
||||
email = "nixpkgs@l9o.dev";
|
||||
matrix = "@luizribeiro:matrix.org";
|
||||
|
@ -9177,6 +9210,12 @@
|
|||
githubId = 952712;
|
||||
name = "Matt Christ";
|
||||
};
|
||||
matthew-levan = {
|
||||
email = "matthew@coeli.network";
|
||||
github = "matthew-levan";
|
||||
githubId = 91502660;
|
||||
name = "Matthew LeVan";
|
||||
};
|
||||
matthewcroughan = {
|
||||
email = "matt@croughan.sh";
|
||||
github = "MatthewCroughan";
|
||||
|
@ -11317,6 +11356,12 @@
|
|||
githubId = 15645854;
|
||||
name = "Brad Christensen";
|
||||
};
|
||||
paveloom = {
|
||||
email = "paveloom@riseup.net";
|
||||
github = "paveloom";
|
||||
githubId = 49961859;
|
||||
name = "Pavel Sobolev";
|
||||
};
|
||||
payas = {
|
||||
email = "relekarpayas@gmail.com";
|
||||
github = "bhankas";
|
||||
|
@ -14915,7 +14960,7 @@
|
|||
};
|
||||
toastal = {
|
||||
email = "toastal+nix@posteo.net";
|
||||
matrix = "@toastal:chat.mozilla.org";
|
||||
matrix = "@toastal:mozilla.org";
|
||||
github = "toastal";
|
||||
githubId = 561087;
|
||||
name = "toastal";
|
||||
|
|
|
@ -66,6 +66,28 @@ let
|
|||
if !builtins.isList files then [ files ] else files
|
||||
);
|
||||
|
||||
packageSetsWithVersionedHead = pkgs.haskell.packages // (
|
||||
let
|
||||
headSet = pkgs.haskell.packages.ghcHEAD;
|
||||
# Determine the next GHC release version following GHC HEAD.
|
||||
# GHC HEAD always has an uneven, tentative version number, e.g. 9.7.
|
||||
# GHC releases always have even numbers, i.e. GHC 9.8 is branched off from
|
||||
# GHC HEAD 9.7. Since we use the to be release number for GHC HEAD's
|
||||
# configuration file, we need to calculate this here.
|
||||
headVersion = lib.pipe headSet.ghc.version [
|
||||
lib.versions.splitVersion
|
||||
(lib.take 2)
|
||||
lib.concatStrings
|
||||
lib.strings.toInt
|
||||
(builtins.add 1)
|
||||
toString
|
||||
];
|
||||
in
|
||||
{
|
||||
"ghc${headVersion}" = headSet;
|
||||
}
|
||||
);
|
||||
|
||||
setsForFile = fileName:
|
||||
let
|
||||
# extract the unique part of the config's file name
|
||||
|
@ -77,12 +99,12 @@ let
|
|||
builtins.match "ghc-([0-9]+).([0-9]+).x" configName
|
||||
);
|
||||
# return all package sets under haskell.packages matching the version components
|
||||
setsForVersion = builtins.map (name: pkgs.haskell.packages.${name}) (
|
||||
setsForVersion = builtins.map (name: packageSetsWithVersionedHead.${name}) (
|
||||
builtins.filter (setName:
|
||||
lib.hasPrefix "ghc${configVersion}" setName
|
||||
&& (skipBinaryGHCs -> !(lib.hasInfix "Binary" setName))
|
||||
) (
|
||||
builtins.attrNames pkgs.haskell.packages
|
||||
builtins.attrNames packageSetsWithVersionedHead
|
||||
)
|
||||
);
|
||||
|
||||
|
|
|
@ -63,11 +63,13 @@ sed -r \
|
|||
-e '/ lsp-test /d' \
|
||||
-e '/ hie-bios /d' \
|
||||
-e '/ ShellCheck /d' \
|
||||
-e '/ Agda /d' \
|
||||
< "${tmpfile_new}" >> $stackage_config
|
||||
# Explanations:
|
||||
# cabal2nix, distribution-nixpkgs, jailbreak-cabal, language-nix: These are our packages and we know what we are doing.
|
||||
# lsp, lsp-types, lsp-test, hie-bios: These are tightly coupled to hls which is not in stackage. They have no rdeps in stackage.
|
||||
# ShellCheck: latest version of command-line dev tool.
|
||||
# Agda: The Agda community is fast-moving; we strive to always include the newest versions of Agda and the Agda packages in nixpkgs.
|
||||
|
||||
if [[ "${1:-}" == "--do-commit" ]]; then
|
||||
git add $stackage_config
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
generated
|
||||
manual-combined.xml
|
30
third_party/nixpkgs/nixos/doc/manual/Makefile
vendored
30
third_party/nixpkgs/nixos/doc/manual/Makefile
vendored
|
@ -1,30 +0,0 @@
|
|||
.PHONY: all
|
||||
all: manual-combined.xml
|
||||
|
||||
.PHONY: debug
|
||||
debug: generated manual-combined.xml
|
||||
|
||||
manual-combined.xml: generated *.xml **/*.xml
|
||||
rm -f ./manual-combined.xml
|
||||
nix-shell --pure -Q --packages xmloscopy \
|
||||
--run "xmloscopy --docbook5 ./manual.xml ./manual-combined.xml"
|
||||
|
||||
.PHONY: format
|
||||
format:
|
||||
nix-shell --pure -Q --packages xmlformat \
|
||||
--run "find ../../ -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \
|
||||
xmlformat --config-file '../xmlformat.conf' -i {}"
|
||||
|
||||
.PHONY: fix-misc-xml
|
||||
fix-misc-xml:
|
||||
find . -iname '*.xml' -type f \
|
||||
-exec ../varlistentry-fixer.rb {} ';'
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -f manual-combined.xml generated
|
||||
|
||||
generated:
|
||||
nix-build ../../release.nix \
|
||||
--attr manualGeneratedSources.x86_64-linux \
|
||||
--out-link ./generated
|
|
@ -21,8 +21,8 @@ which is often not what you want. By contrast, in the imperative
|
|||
approach, containers are configured and updated independently from the
|
||||
host system.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="imperative-containers.section.xml" />
|
||||
<xi:include href="declarative-containers.section.xml" />
|
||||
<xi:include href="container-networking.section.xml" />
|
||||
```{=include=} sections
|
||||
imperative-containers.section.md
|
||||
declarative-containers.section.md
|
||||
container-networking.section.md
|
||||
```
|
||||
|
|
14
third_party/nixpkgs/nixos/doc/manual/administration/running.md
vendored
Normal file
14
third_party/nixpkgs/nixos/doc/manual/administration/running.md
vendored
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Administration {#ch-running}
|
||||
|
||||
This chapter describes various aspects of managing a running NixOS system, such as how to use the {command}`systemd` service manager.
|
||||
|
||||
```{=include=} chapters
|
||||
service-mgmt.chapter.md
|
||||
rebooting.chapter.md
|
||||
user-sessions.chapter.md
|
||||
control-groups.chapter.md
|
||||
logging.chapter.md
|
||||
cleaning-store.chapter.md
|
||||
containers.chapter.md
|
||||
troubleshooting.chapter.md
|
||||
```
|
|
@ -1,21 +0,0 @@
|
|||
<part xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="ch-running">
|
||||
<title>Administration</title>
|
||||
<partintro xml:id="ch-running-intro">
|
||||
<para>
|
||||
This chapter describes various aspects of managing a running NixOS system,
|
||||
such as how to use the <command>systemd</command> service manager.
|
||||
</para>
|
||||
</partintro>
|
||||
<xi:include href="../from_md/administration/service-mgmt.chapter.xml" />
|
||||
<xi:include href="../from_md/administration/rebooting.chapter.xml" />
|
||||
<xi:include href="../from_md/administration/user-sessions.chapter.xml" />
|
||||
<xi:include href="../from_md/administration/control-groups.chapter.xml" />
|
||||
<xi:include href="../from_md/administration/logging.chapter.xml" />
|
||||
<xi:include href="../from_md/administration/cleaning-store.chapter.xml" />
|
||||
<xi:include href="../from_md/administration/containers.chapter.xml" />
|
||||
<xi:include href="../from_md/administration/troubleshooting.chapter.xml" />
|
||||
</part>
|
|
@ -3,10 +3,10 @@
|
|||
This chapter describes solutions to common problems you might encounter
|
||||
when you manage your NixOS system.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="boot-problems.section.xml" />
|
||||
<xi:include href="maintenance-mode.section.xml" />
|
||||
<xi:include href="rollback.section.xml" />
|
||||
<xi:include href="store-corruption.section.xml" />
|
||||
<xi:include href="network-problems.section.xml" />
|
||||
```{=include=} sections
|
||||
boot-problems.section.md
|
||||
maintenance-mode.section.md
|
||||
rollback.section.md
|
||||
store-corruption.section.md
|
||||
network-problems.section.md
|
||||
```
|
||||
|
|
|
@ -11,8 +11,8 @@ manual](https://nixos.org/nix/manual/#chap-writing-nix-expressions), but
|
|||
here we give a short overview of the most important constructs useful in
|
||||
NixOS configuration files.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="config-file.section.xml" />
|
||||
<xi:include href="abstractions.section.xml" />
|
||||
<xi:include href="modularity.section.xml" />
|
||||
```{=include=} sections
|
||||
config-file.section.md
|
||||
abstractions.section.md
|
||||
modularity.section.md
|
||||
```
|
||||
|
|
27
third_party/nixpkgs/nixos/doc/manual/configuration/configuration.md
vendored
Normal file
27
third_party/nixpkgs/nixos/doc/manual/configuration/configuration.md
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
# Configuration {#ch-configuration}
|
||||
|
||||
This chapter describes how to configure various aspects of a NixOS machine through the configuration file {file}`/etc/nixos/configuration.nix`. As described in [](#sec-changing-config), changes to this file only take effect after you run {command}`nixos-rebuild`.
|
||||
|
||||
```{=include=} chapters
|
||||
config-syntax.chapter.md
|
||||
package-mgmt.chapter.md
|
||||
user-mgmt.chapter.md
|
||||
file-systems.chapter.md
|
||||
x-windows.chapter.md
|
||||
wayland.chapter.md
|
||||
gpu-accel.chapter.md
|
||||
xfce.chapter.md
|
||||
networking.chapter.md
|
||||
linux-kernel.chapter.md
|
||||
subversion.chapter.md
|
||||
```
|
||||
|
||||
```{=include=} chapters
|
||||
@MODULE_CHAPTERS@
|
||||
```
|
||||
|
||||
```{=include=} chapters
|
||||
profiles.chapter.md
|
||||
kubernetes.chapter.md
|
||||
```
|
||||
<!-- Apache; libvirtd virtualisation -->
|
|
@ -1,31 +0,0 @@
|
|||
<part xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="ch-configuration">
|
||||
<title>Configuration</title>
|
||||
<partintro xml:id="ch-configuration-intro">
|
||||
<para>
|
||||
This chapter describes how to configure various aspects of a NixOS machine
|
||||
through the configuration file
|
||||
<filename>/etc/nixos/configuration.nix</filename>. As described in
|
||||
<xref linkend="sec-changing-config" />, changes to this file only take
|
||||
effect after you run <command>nixos-rebuild</command>.
|
||||
</para>
|
||||
</partintro>
|
||||
<xi:include href="../from_md/configuration/config-syntax.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/package-mgmt.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/user-mgmt.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/file-systems.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/x-windows.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/wayland.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/gpu-accel.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/xfce.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/networking.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/linux-kernel.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/subversion.chapter.xml" />
|
||||
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
|
||||
<xi:include href="../from_md/configuration/profiles.chapter.xml" />
|
||||
<xi:include href="../from_md/configuration/kubernetes.chapter.xml" />
|
||||
<!-- Apache; libvirtd virtualisation -->
|
||||
</part>
|
|
@ -40,7 +40,7 @@ configuration use `pkgs` prefix (variable).
|
|||
To "uninstall" a package, simply remove it from
|
||||
[](#opt-environment.systemPackages) and run `nixos-rebuild switch`.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="customizing-packages.section.xml" />
|
||||
<xi:include href="adding-custom-packages.section.xml" />
|
||||
```{=include=} sections
|
||||
customizing-packages.section.md
|
||||
adding-custom-packages.section.md
|
||||
```
|
||||
|
|
|
@ -36,7 +36,7 @@ dropping you to the emergency shell. You can make a mount asynchronous
|
|||
and non-critical by adding `options = [ "nofail" ];`.
|
||||
:::
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="luks-file-systems.section.xml" />
|
||||
<xi:include href="sshfs-file-systems.section.xml" />
|
||||
```{=include=} sections
|
||||
luks-file-systems.section.md
|
||||
sshfs-file-systems.section.md
|
||||
```
|
||||
|
|
|
@ -3,14 +3,14 @@
|
|||
This section describes how to configure networking components
|
||||
on your NixOS machine.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="network-manager.section.xml" />
|
||||
<xi:include href="ssh.section.xml" />
|
||||
<xi:include href="ipv4-config.section.xml" />
|
||||
<xi:include href="ipv6-config.section.xml" />
|
||||
<xi:include href="firewall.section.xml" />
|
||||
<xi:include href="wireless.section.xml" />
|
||||
<xi:include href="ad-hoc-network-config.section.xml" />
|
||||
<xi:include href="renaming-interfaces.section.xml" />
|
||||
```{=include=} sections
|
||||
network-manager.section.md
|
||||
ssh.section.md
|
||||
ipv4-config.section.md
|
||||
ipv6-config.section.md
|
||||
firewall.section.md
|
||||
wireless.section.md
|
||||
ad-hoc-network-config.section.md
|
||||
renaming-interfaces.section.md
|
||||
```
|
||||
<!-- TODO: OpenVPN, NAT -->
|
||||
|
|
|
@ -12,7 +12,7 @@ NixOS has two distinct styles of package management:
|
|||
`nix-env` command. This style allows mixing packages from different
|
||||
Nixpkgs versions. It's the only choice for non-root users.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="declarative-packages.section.xml" />
|
||||
<xi:include href="ad-hoc-packages.section.xml" />
|
||||
```{=include=} sections
|
||||
declarative-packages.section.md
|
||||
ad-hoc-packages.section.md
|
||||
```
|
||||
|
|
|
@ -19,16 +19,16 @@ install media, many are actually intended to be used in real installs.
|
|||
What follows is a brief explanation on the purpose and use-case for each
|
||||
profile. Detailing each option configured by each one is out of scope.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="profiles/all-hardware.section.xml" />
|
||||
<xi:include href="profiles/base.section.xml" />
|
||||
<xi:include href="profiles/clone-config.section.xml" />
|
||||
<xi:include href="profiles/demo.section.xml" />
|
||||
<xi:include href="profiles/docker-container.section.xml" />
|
||||
<xi:include href="profiles/graphical.section.xml" />
|
||||
<xi:include href="profiles/hardened.section.xml" />
|
||||
<xi:include href="profiles/headless.section.xml" />
|
||||
<xi:include href="profiles/installation-device.section.xml" />
|
||||
<xi:include href="profiles/minimal.section.xml" />
|
||||
<xi:include href="profiles/qemu-guest.section.xml" />
|
||||
```{=include=} sections
|
||||
profiles/all-hardware.section.md
|
||||
profiles/base.section.md
|
||||
profiles/clone-config.section.md
|
||||
profiles/demo.section.md
|
||||
profiles/docker-container.section.md
|
||||
profiles/graphical.section.md
|
||||
profiles/hardened.section.md
|
||||
profiles/headless.section.md
|
||||
profiles/installation-device.section.md
|
||||
profiles/minimal.section.md
|
||||
profiles/qemu-guest.section.md
|
||||
```
|
||||
|
|
125
third_party/nixpkgs/nixos/doc/manual/default.nix
vendored
125
third_party/nixpkgs/nixos/doc/manual/default.nix
vendored
|
@ -68,56 +68,6 @@ let
|
|||
optionIdPrefix = "test-opt-";
|
||||
};
|
||||
|
||||
sources = runCommand "manual-sources" {
|
||||
inputs = lib.sourceFilesBySuffices ./. [ ".xml" ".md" ];
|
||||
nativeBuildInputs = [ pkgs.nixos-render-docs ];
|
||||
} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
cp -r --no-preserve=all $inputs/* .
|
||||
|
||||
declare -a convert_args
|
||||
while read -r mf; do
|
||||
if [[ "$mf" = *.chapter.md ]]; then
|
||||
convert_args+=("--chapter")
|
||||
else
|
||||
convert_args+=("--section")
|
||||
fi
|
||||
|
||||
convert_args+=("from_md/''${mf%.md}.xml" "$mf")
|
||||
done < <(find . -type f -name '*.md')
|
||||
|
||||
nixos-render-docs manual docbook-fragment \
|
||||
--manpage-urls ${manpageUrls} \
|
||||
"''${convert_args[@]}"
|
||||
'';
|
||||
|
||||
modulesDoc = runCommand "modules.xml" {
|
||||
nativeBuildInputs = [ pkgs.nixos-render-docs ];
|
||||
} ''
|
||||
nixos-render-docs manual docbook-section \
|
||||
--manpage-urls ${manpageUrls} \
|
||||
"$out" \
|
||||
--section \
|
||||
--section-id modules \
|
||||
--chapters ${lib.concatMapStrings (p: "${p.value} ") config.meta.doc}
|
||||
'';
|
||||
|
||||
generatedSources = runCommand "generated-docbook" {} ''
|
||||
mkdir $out
|
||||
ln -s ${modulesDoc} $out/modules.xml
|
||||
ln -s ${optionsDoc.optionsDocBook} $out/options-db.xml
|
||||
ln -s ${testOptionsDoc.optionsDocBook} $out/test-options-db.xml
|
||||
printf "%s" "${version}" > $out/version
|
||||
'';
|
||||
|
||||
copySources =
|
||||
''
|
||||
cp -prd $sources/* . # */
|
||||
ln -s ${generatedSources} ./generated
|
||||
chmod -R u+w .
|
||||
'';
|
||||
|
||||
toc = builtins.toFile "toc.xml"
|
||||
''
|
||||
<toc role="chunk-toc">
|
||||
|
@ -148,18 +98,7 @@ let
|
|||
"--stringparam chunk.toc ${toc}"
|
||||
];
|
||||
|
||||
manual-combined = runCommand "nixos-manual-combined"
|
||||
{ inherit sources;
|
||||
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
|
||||
meta.description = "The NixOS manual as plain docbook XML";
|
||||
}
|
||||
''
|
||||
${copySources}
|
||||
|
||||
xmllint --xinclude --output ./manual-combined.xml ./manual.xml
|
||||
xmllint --xinclude --noxincludenode \
|
||||
--output ./man-pages-combined.xml ./man-pages.xml
|
||||
|
||||
linterFunctions = ''
|
||||
# outputs the context of an xmllint error output
|
||||
# LEN lines around the failing line are printed
|
||||
function context {
|
||||
|
@ -194,24 +133,67 @@ let
|
|||
2>&1 | context 1>&2
|
||||
# ^ redirect assumes xmllint doesn’t print to stdout
|
||||
}
|
||||
'';
|
||||
|
||||
manual-combined = runCommand "nixos-manual-combined"
|
||||
{ inputs = lib.sourceFilesBySuffices ./. [ ".xml" ".md" ];
|
||||
nativeBuildInputs = [ pkgs.nixos-render-docs pkgs.libxml2.bin pkgs.libxslt.bin ];
|
||||
meta.description = "The NixOS manual as plain docbook XML";
|
||||
}
|
||||
''
|
||||
cp -r --no-preserve=all $inputs/* .
|
||||
|
||||
substituteInPlace ./manual.md \
|
||||
--replace '@NIXOS_VERSION@' "${version}"
|
||||
substituteInPlace ./configuration/configuration.md \
|
||||
--replace \
|
||||
'@MODULE_CHAPTERS@' \
|
||||
${lib.escapeShellArg (lib.concatMapStringsSep "\n" (p: "${p.value}") config.meta.doc)}
|
||||
substituteInPlace ./nixos-options.md \
|
||||
--replace \
|
||||
'@NIXOS_OPTIONS_JSON@' \
|
||||
${optionsDoc.optionsJSON}/share/doc/nixos/options.json
|
||||
substituteInPlace ./development/writing-nixos-tests.section.md \
|
||||
--replace \
|
||||
'@NIXOS_TEST_OPTIONS_JSON@' \
|
||||
${testOptionsDoc.optionsJSON}/share/doc/nixos/options.json
|
||||
|
||||
nixos-render-docs -j $NIX_BUILD_CORES manual docbook \
|
||||
--manpage-urls ${manpageUrls} \
|
||||
--revision ${lib.escapeShellArg revision} \
|
||||
./manual.md \
|
||||
./manual-combined.xml
|
||||
|
||||
${linterFunctions}
|
||||
|
||||
mkdir $out
|
||||
cp manual-combined.xml $out/
|
||||
cp man-pages-combined.xml $out/
|
||||
|
||||
lintrng $out/manual-combined.xml
|
||||
lintrng $out/man-pages-combined.xml
|
||||
'';
|
||||
|
||||
manpages-combined = runCommand "nixos-manpages-combined.xml"
|
||||
{ nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
|
||||
meta.description = "The NixOS manpages as plain docbook XML";
|
||||
}
|
||||
''
|
||||
mkdir generated
|
||||
cp -prd ${./man-pages.xml} man-pages.xml
|
||||
ln -s ${optionsDoc.optionsDocBook} generated/options-db.xml
|
||||
|
||||
xmllint --xinclude --noxincludenode --output $out ./man-pages.xml
|
||||
|
||||
${linterFunctions}
|
||||
|
||||
lintrng $out
|
||||
'';
|
||||
|
||||
in rec {
|
||||
inherit generatedSources;
|
||||
|
||||
inherit (optionsDoc) optionsJSON optionsNix optionsDocBook optionsUsedDocbook;
|
||||
|
||||
# Generate the NixOS manual.
|
||||
manualHTML = runCommand "nixos-manual-html"
|
||||
{ inherit sources;
|
||||
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
|
||||
{ nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
|
||||
meta.description = "The NixOS manual in HTML format";
|
||||
allowedReferences = ["out"];
|
||||
}
|
||||
|
@ -248,8 +230,7 @@ in rec {
|
|||
manualHTMLIndex = "${manualHTML}/share/doc/nixos/index.html";
|
||||
|
||||
manualEpub = runCommand "nixos-manual-epub"
|
||||
{ inherit sources;
|
||||
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin buildPackages.zip ];
|
||||
{ nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin buildPackages.zip ];
|
||||
}
|
||||
''
|
||||
# Generate the epub manual.
|
||||
|
@ -300,11 +281,11 @@ in rec {
|
|||
--param man.endnotes.are.numbered 0 \
|
||||
--param man.break.after.slash 1 \
|
||||
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
|
||||
${manual-combined}/man-pages-combined.xml
|
||||
${manpages-combined}
|
||||
''
|
||||
else ''
|
||||
mkdir -p $out/share/man/man5
|
||||
nixos-render-docs options manpage \
|
||||
nixos-render-docs -j $NIX_BUILD_CORES options manpage \
|
||||
--revision ${lib.escapeShellArg revision} \
|
||||
${optionsJSON}/share/doc/nixos/options.json \
|
||||
$out/share/man/man5/configuration.nix.5
|
||||
|
|
43
third_party/nixpkgs/nixos/doc/manual/development/developing-the-test-driver.chapter.md
vendored
Normal file
43
third_party/nixpkgs/nixos/doc/manual/development/developing-the-test-driver.chapter.md
vendored
Normal file
|
@ -0,0 +1,43 @@
|
|||
|
||||
# Developing the NixOS Test Driver {#chap-developing-the-test-driver}
|
||||
|
||||
The NixOS test framework is a project of its own.
|
||||
|
||||
It consists of roughly the following components:
|
||||
|
||||
- `nixos/lib/test-driver`: The Python framework that sets up the test and runs the [`testScript`](#test-opt-testScript)
|
||||
- `nixos/lib/testing`: The Nix code responsible for the wiring, written using the (NixOS) Module System.
|
||||
|
||||
These components are exposed publicly through:
|
||||
|
||||
- `nixos/lib/default.nix`: The public interface that exposes the `nixos/lib/testing` entrypoint.
|
||||
- `flake.nix`: Exposes the `lib.nixos`, including the public test interface.
|
||||
|
||||
Beyond the test driver itself, its integration into NixOS and Nixpkgs is important.
|
||||
|
||||
- `pkgs/top-level/all-packages.nix`: Defines the `nixosTests` attribute, used
|
||||
by the package `tests` attributes and OfBorg.
|
||||
- `nixos/release.nix`: Defines the `tests` attribute built by Hydra, independently, but analogous to `nixosTests`
|
||||
- `nixos/release-combined.nix`: Defines which tests are channel blockers.
|
||||
|
||||
Finally, we have legacy entrypoints that users should move away from, but are cared for on a best effort basis.
|
||||
These include `pkgs.nixosTest`, `testing-python.nix` and `make-test-python.nix`.
|
||||
|
||||
## Testing changes to the test framework {#sec-test-the-test-framework}
|
||||
|
||||
When making significant changes to the test framework, we run the tests on Hydra, to avoid disrupting the larger NixOS project.
|
||||
|
||||
For this, we use the `python-test-refactoring` branch in the `NixOS/nixpkgs` repository, and its [corresponding Hydra jobset](https://hydra.nixos.org/jobset/nixos/python-test-refactoring).
|
||||
This branch is used as a pointer, and not as a feature branch.
|
||||
|
||||
1. Rebase the PR onto a recent, good evaluation of `nixos-unstable`
|
||||
2. Create a baseline evaluation by force-pushing this revision of `nixos-unstable` to `python-test-refactoring`.
|
||||
3. Note the evaluation number (we'll call it `<previous>`)
|
||||
4. Push the PR to `python-test-refactoring` and evaluate the PR on Hydra
|
||||
5. Create a comparison URL by navigating to the latest build of the PR and adding to the URL `?compare=<previous>`. This is not necessary for the evaluation that comes right after the baseline.
|
||||
|
||||
Review the removed tests and newly failed tests using the constructed URL; otherwise you will accidentally compare iterations of the PR instead of changes to the PR base.
|
||||
|
||||
As we currently have some flaky tests, newly failing tests are expected, but should be reviewed to make sure that
|
||||
- The number of failures did not increase significantly.
|
||||
- All failures that do occur can reasonably be assumed to fail for a different reason than the changes.
|
15
third_party/nixpkgs/nixos/doc/manual/development/development.md
vendored
Normal file
15
third_party/nixpkgs/nixos/doc/manual/development/development.md
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
# Development {#ch-development}
|
||||
|
||||
This chapter describes how you can modify and extend NixOS.
|
||||
|
||||
```{=include=} chapters
|
||||
sources.chapter.md
|
||||
writing-modules.chapter.md
|
||||
building-parts.chapter.md
|
||||
bootspec.chapter.md
|
||||
what-happens-during-a-system-switch.chapter.md
|
||||
writing-documentation.chapter.md
|
||||
nixos-tests.chapter.md
|
||||
developing-the-test-driver.chapter.md
|
||||
testing-installer.chapter.md
|
||||
```
|
|
@ -1,20 +0,0 @@
|
|||
<part xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="ch-development">
|
||||
<title>Development</title>
|
||||
<partintro xml:id="ch-development-intro">
|
||||
<para>
|
||||
This chapter describes how you can modify and extend NixOS.
|
||||
</para>
|
||||
</partintro>
|
||||
<xi:include href="../from_md/development/sources.chapter.xml" />
|
||||
<xi:include href="../from_md/development/writing-modules.chapter.xml" />
|
||||
<xi:include href="../from_md/development/building-parts.chapter.xml" />
|
||||
<xi:include href="../from_md/development/bootspec.chapter.xml" />
|
||||
<xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" />
|
||||
<xi:include href="../from_md/development/writing-documentation.chapter.xml" />
|
||||
<xi:include href="../from_md/development/nixos-tests.chapter.xml" />
|
||||
<xi:include href="../from_md/development/testing-installer.chapter.xml" />
|
||||
</part>
|
|
@ -5,9 +5,9 @@ NixOS tests are kept in the directory `nixos/tests`, and are executed
|
|||
(using Nix) by a testing framework that automatically starts one or more
|
||||
virtual machines containing the NixOS system(s) required for the test.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="writing-nixos-tests.section.xml" />
|
||||
<xi:include href="running-nixos-tests.section.xml" />
|
||||
<xi:include href="running-nixos-tests-interactively.section.xml" />
|
||||
<xi:include href="linking-nixos-tests-to-packages.section.xml" />
|
||||
```{=include=} sections
|
||||
writing-nixos-tests.section.md
|
||||
running-nixos-tests.section.md
|
||||
running-nixos-tests-interactively.section.md
|
||||
linking-nixos-tests-to-packages.section.md
|
||||
```
|
||||
|
|
|
@ -47,7 +47,7 @@ Most of these actions are either self-explaining but some of them have to do
|
|||
with our units or the activation script. For this reason, these topics are
|
||||
explained in the next sections.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="unit-handling.section.xml" />
|
||||
<xi:include href="activation-script.section.xml" />
|
||||
```{=include=} sections
|
||||
unit-handling.section.md
|
||||
activation-script.section.md
|
||||
```
|
||||
|
|
|
@ -83,7 +83,7 @@ Keep the following guidelines in mind when you create and add a topic:
|
|||
|
||||
## Adding a Topic to the Book {#sec-writing-docs-adding-a-topic}
|
||||
|
||||
Open the parent XML file and add an `xi:include` element to the list of
|
||||
Open the parent CommonMark file and add a line to the list of
|
||||
chapters with the file name of the topic that you created. If you
|
||||
created a `section`, you add the file to the `chapter` file. If you created
|
||||
a `chapter`, you add the file to the `part` file.
|
||||
|
|
|
@ -189,14 +189,14 @@ in {
|
|||
```
|
||||
:::
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="option-declarations.section.xml" />
|
||||
<xi:include href="option-types.section.xml" />
|
||||
<xi:include href="option-def.section.xml" />
|
||||
<xi:include href="assertions.section.xml" />
|
||||
<xi:include href="meta-attributes.section.xml" />
|
||||
<xi:include href="importing-modules.section.xml" />
|
||||
<xi:include href="replace-modules.section.xml" />
|
||||
<xi:include href="freeform-modules.section.xml" />
|
||||
<xi:include href="settings-options.section.xml" />
|
||||
```{=include=} sections
|
||||
option-declarations.section.md
|
||||
option-types.section.md
|
||||
option-def.section.md
|
||||
assertions.section.md
|
||||
meta-attributes.section.md
|
||||
importing-modules.section.md
|
||||
replace-modules.section.md
|
||||
freeform-modules.section.md
|
||||
settings-options.section.md
|
||||
```
|
||||
|
|
|
@ -470,6 +470,8 @@ In that case, `numpy` is chosen from the generic `python3Packages`.
|
|||
|
||||
The following options can be used when writing tests.
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="../../generated/test-options-db.xml" xpointer="test-options-list"/>
|
||||
```{=include=} options
|
||||
id-prefix: test-opt-
|
||||
list-id: test-options-list
|
||||
source: @NIXOS_TEST_OPTIONS_JSON@
|
||||
```
|
||||
|
|
11
third_party/nixpkgs/nixos/doc/manual/installation/installation.md
vendored
Normal file
11
third_party/nixpkgs/nixos/doc/manual/installation/installation.md
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Installation {#ch-installation}
|
||||
|
||||
This section describes how to obtain, install, and configure NixOS for first-time use.
|
||||
|
||||
```{=include=} chapters
|
||||
obtaining.chapter.md
|
||||
installing.chapter.md
|
||||
changing-config.chapter.md
|
||||
upgrading.chapter.md
|
||||
building-nixos.chapter.md
|
||||
```
|
|
@ -1,18 +0,0 @@
|
|||
<part xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="ch-installation">
|
||||
<title>Installation</title>
|
||||
<partintro xml:id="ch-installation-intro">
|
||||
<para>
|
||||
This section describes how to obtain, install, and configure NixOS for
|
||||
first-time use.
|
||||
</para>
|
||||
</partintro>
|
||||
<xi:include href="../from_md/installation/obtaining.chapter.xml" />
|
||||
<xi:include href="../from_md/installation/installing.chapter.xml" />
|
||||
<xi:include href="../from_md/installation/changing-config.chapter.xml" />
|
||||
<xi:include href="../from_md/installation/upgrading.chapter.xml" />
|
||||
<xi:include href="../from_md/installation/building-nixos.chapter.xml" />
|
||||
</part>
|
|
@ -602,11 +602,11 @@ With a partitioned disk.
|
|||
|
||||
## Additional installation notes {#sec-installation-additional-notes}
|
||||
|
||||
```{=docbook}
|
||||
<xi:include href="installing-usb.section.xml" />
|
||||
<xi:include href="installing-pxe.section.xml" />
|
||||
<xi:include href="installing-kexec.section.xml" />
|
||||
<xi:include href="installing-virtualbox-guest.section.xml" />
|
||||
<xi:include href="installing-from-other-distro.section.xml" />
|
||||
<xi:include href="installing-behind-a-proxy.section.xml" />
|
||||
```{=include=} sections
|
||||
installing-usb.section.md
|
||||
installing-pxe.section.md
|
||||
installing-kexec.section.md
|
||||
installing-virtualbox-guest.section.md
|
||||
installing-from-other-distro.section.md
|
||||
installing-behind-a-proxy.section.md
|
||||
```
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
<refentry xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refmeta>
|
||||
<refentrytitle><filename>configuration.nix</filename>
|
||||
</refentrytitle><manvolnum>5</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><filename>configuration.nix</filename></refname>
|
||||
<refpurpose>NixOS system configuration specification</refpurpose>
|
||||
</refnamediv>
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
The file <filename>/etc/nixos/configuration.nix</filename> contains the
|
||||
declarative specification of your NixOS system configuration. The command
|
||||
<command>nixos-rebuild</command> takes this file and realises the system
|
||||
configuration specified therein.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
You can use the following options in <filename>configuration.nix</filename>.
|
||||
</para>
|
||||
<xi:include href="./generated/options-db.xml"
|
||||
xpointer="configuration-variable-list" />
|
||||
</refsection>
|
||||
</refentry>
|
|
@ -14,5 +14,33 @@
|
|||
<copyright><year>2007-2022</year><holder>Eelco Dolstra and the Nixpkgs/NixOS contributors</holder>
|
||||
</copyright>
|
||||
</info>
|
||||
<xi:include href="man-configuration.xml" />
|
||||
<refentry>
|
||||
<refmeta>
|
||||
<refentrytitle><filename>configuration.nix</filename>
|
||||
</refentrytitle><manvolnum>5</manvolnum>
|
||||
<refmiscinfo class="source">NixOS</refmiscinfo>
|
||||
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname><filename>configuration.nix</filename></refname>
|
||||
<refpurpose>NixOS system configuration specification</refpurpose>
|
||||
</refnamediv>
|
||||
<refsection>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
The file <filename>/etc/nixos/configuration.nix</filename> contains the
|
||||
declarative specification of your NixOS system configuration. The command
|
||||
<command>nixos-rebuild</command> takes this file and realises the system
|
||||
configuration specified therein.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
You can use the following options in <filename>configuration.nix</filename>.
|
||||
</para>
|
||||
<xi:include href="./generated/options-db.xml"
|
||||
xpointer="configuration-variable-list" />
|
||||
</refsection>
|
||||
</refentry>
|
||||
</reference>
|
||||
|
|
53
third_party/nixpkgs/nixos/doc/manual/manual.md
vendored
Normal file
53
third_party/nixpkgs/nixos/doc/manual/manual.md
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
# NixOS Manual {#book-nixos-manual}
|
||||
## Version @NIXOS_VERSION@
|
||||
|
||||
<!--
|
||||
this is the top-level structure file for the nixos manual.
|
||||
|
||||
the manual structure extends the nixpkgs commonmark further with include
|
||||
blocks to allow better organization of input text. there are six types of
|
||||
include blocks: preface, parts, chapters, sections, appendix, and options.
|
||||
each type except `options`` corresponds to the docbook elements of (roughly)
|
||||
the same name, and can itself can further include blocks to denote its
|
||||
substructure.
|
||||
|
||||
non-`options`` include blocks are fenced code blocks that list a number of
|
||||
files to include, in the form
|
||||
|
||||
```{=include=} <type>
|
||||
<file-name-1>
|
||||
<file-name-2>
|
||||
<...>
|
||||
```
|
||||
|
||||
`options` include blocks do not list file names but contain a list of key-value
|
||||
pairs that describe the options to be included and how to convert them into
|
||||
elements of the manual output type:
|
||||
|
||||
```{=include=} options
|
||||
id-prefix: <options id prefix>
|
||||
list-id: <variable list element id>
|
||||
source: <path to options.json>
|
||||
```
|
||||
|
||||
-->
|
||||
|
||||
```{=include=} preface
|
||||
preface.md
|
||||
```
|
||||
|
||||
```{=include=} parts
|
||||
installation/installation.md
|
||||
configuration/configuration.md
|
||||
administration/running.md
|
||||
development/development.md
|
||||
```
|
||||
|
||||
```{=include=} chapters
|
||||
contributing-to-this-manual.chapter.md
|
||||
```
|
||||
|
||||
```{=include=} appendix
|
||||
nixos-options.md
|
||||
release-notes/release-notes.md
|
||||
```
|
23
third_party/nixpkgs/nixos/doc/manual/manual.xml
vendored
23
third_party/nixpkgs/nixos/doc/manual/manual.xml
vendored
|
@ -1,23 +0,0 @@
|
|||
<book xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="book-nixos-manual">
|
||||
<info>
|
||||
<title>NixOS Manual</title>
|
||||
<subtitle>Version <xi:include href="./generated/version" parse="text" />
|
||||
</subtitle>
|
||||
</info>
|
||||
<xi:include href="preface.xml" />
|
||||
<xi:include href="installation/installation.xml" />
|
||||
<xi:include href="configuration/configuration.xml" />
|
||||
<xi:include href="administration/running.xml" />
|
||||
<xi:include href="development/development.xml" />
|
||||
<xi:include href="./from_md/contributing-to-this-manual.chapter.xml" />
|
||||
<appendix xml:id="ch-options">
|
||||
<title>Configuration Options</title>
|
||||
<xi:include href="./generated/options-db.xml"
|
||||
xpointer="configuration-variable-list" />
|
||||
</appendix>
|
||||
<xi:include href="release-notes/release-notes.xml" />
|
||||
</book>
|
7
third_party/nixpkgs/nixos/doc/manual/nixos-options.md
vendored
Normal file
7
third_party/nixpkgs/nixos/doc/manual/nixos-options.md
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Configuration Options {#ch-options}
|
||||
|
||||
```{=include=} options
|
||||
id-prefix: opt-
|
||||
list-id: configuration-variable-list
|
||||
source: @NIXOS_OPTIONS_JSON@
|
||||
```
|
11
third_party/nixpkgs/nixos/doc/manual/preface.md
vendored
Normal file
11
third_party/nixpkgs/nixos/doc/manual/preface.md
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Preface {#preface}
|
||||
|
||||
This manual describes how to install, use and extend NixOS, a Linux distribution based on the purely functional package management system [Nix](https://nixos.org/nix), that is composed using modules and packages defined in the [Nixpkgs](https://nixos.org/nixpkgs) project.
|
||||
|
||||
Additional information regarding the Nix package manager and the Nixpkgs project can be found in respectively the [Nix manual](https://nixos.org/nix/manual) and the [Nixpkgs manual](https://nixos.org/nixpkgs/manual).
|
||||
|
||||
If you encounter problems, please report them on the [`Discourse`](https://discourse.nixos.org), the [Matrix room](https://matrix.to/#nix:nixos.org), or on the [`#nixos` channel on Libera.Chat](irc://irc.libera.chat/#nixos). Alternatively, consider [contributing to this manual](#chap-contributing). Bugs should be reported in [NixOS’ GitHub issue tracker](https://github.com/NixOS/nixpkgs/issues).
|
||||
|
||||
::: {.note}
|
||||
Commands prefixed with `#` have to be run as root, either requiring to login as root user or temporarily switching to it using `sudo` for example.
|
||||
:::
|
42
third_party/nixpkgs/nixos/doc/manual/preface.xml
vendored
42
third_party/nixpkgs/nixos/doc/manual/preface.xml
vendored
|
@ -1,42 +0,0 @@
|
|||
<preface xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="preface">
|
||||
<title>Preface</title>
|
||||
<para>
|
||||
This manual describes how to install, use and extend NixOS, a Linux
|
||||
distribution based on the purely functional package management system
|
||||
<link xlink:href="https://nixos.org/nix">Nix</link>, that is composed
|
||||
using modules and packages defined in the
|
||||
<link xlink:href="https://nixos.org/nixpkgs">Nixpkgs</link> project.
|
||||
</para>
|
||||
<para>
|
||||
Additional information regarding the Nix package manager and the Nixpkgs
|
||||
project can be found in respectively the
|
||||
<link xlink:href="https://nixos.org/nix/manual">Nix manual</link> and the
|
||||
<link xlink:href="https://nixos.org/nixpkgs/manual">Nixpkgs manual</link>.
|
||||
</para>
|
||||
<para>
|
||||
If you encounter problems, please report them on the
|
||||
<literal
|
||||
xlink:href="https://discourse.nixos.org">Discourse</literal>,
|
||||
the <link
|
||||
xlink:href="https://matrix.to/#nix:nixos.org">Matrix room</link>,
|
||||
or on the <link
|
||||
xlink:href="irc://irc.libera.chat/#nixos">
|
||||
<literal>#nixos</literal> channel on Libera.Chat</link>.
|
||||
Alternatively, consider <link
|
||||
xlink:href="#chap-contributing">
|
||||
contributing to this manual</link>. Bugs should be
|
||||
reported in
|
||||
<link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/issues">NixOS’
|
||||
GitHub issue tracker</link>.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
Commands prefixed with <literal>#</literal> have to be run as root, either
|
||||
requiring to login as root user or temporarily switching to it using
|
||||
<literal>sudo</literal> for example.
|
||||
</para>
|
||||
</note>
|
||||
</preface>
|
25
third_party/nixpkgs/nixos/doc/manual/release-notes/release-notes.md
vendored
Normal file
25
third_party/nixpkgs/nixos/doc/manual/release-notes/release-notes.md
vendored
Normal file
|
@ -0,0 +1,25 @@
|
|||
# Release Notes {#ch-release-notes}
|
||||
|
||||
This section lists the release notes for each stable version of NixOS and current unstable revision.
|
||||
|
||||
```{=include=} sections
|
||||
rl-2305.section.md
|
||||
rl-2211.section.md
|
||||
rl-2205.section.md
|
||||
rl-2111.section.md
|
||||
rl-2105.section.md
|
||||
rl-2009.section.md
|
||||
rl-2003.section.md
|
||||
rl-1909.section.md
|
||||
rl-1903.section.md
|
||||
rl-1809.section.md
|
||||
rl-1803.section.md
|
||||
rl-1709.section.md
|
||||
rl-1703.section.md
|
||||
rl-1609.section.md
|
||||
rl-1603.section.md
|
||||
rl-1509.section.md
|
||||
rl-1412.section.md
|
||||
rl-1404.section.md
|
||||
rl-1310.section.md
|
||||
```
|
|
@ -1,30 +0,0 @@
|
|||
<appendix xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="ch-release-notes">
|
||||
<title>Release Notes</title>
|
||||
<para>
|
||||
This section lists the release notes for each stable version of NixOS and
|
||||
current unstable revision.
|
||||
</para>
|
||||
<xi:include href="../from_md/release-notes/rl-2305.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-2211.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-2205.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-2111.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-2105.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-2009.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-2003.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1909.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1903.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1809.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1803.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1709.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1703.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1609.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1603.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1509.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1412.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1404.section.xml" />
|
||||
<xi:include href="../from_md/release-notes/rl-1310.section.xml" />
|
||||
</appendix>
|
|
@ -40,8 +40,12 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
|
||||
|
||||
- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Mutiple servers may be configured below [services.tts.servers](#opt-services.tts.servers).
|
||||
|
||||
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
|
||||
|
||||
- [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable).
|
||||
|
||||
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
||||
|
||||
- [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
let
|
||||
pkgs = import ../../.. { };
|
||||
in
|
||||
pkgs.mkShell {
|
||||
name = "nixos-manual";
|
||||
|
||||
packages = with pkgs; [ xmlformat jing xmloscopy ruby ];
|
||||
}
|
124
third_party/nixpkgs/nixos/doc/varlistentry-fixer.rb
vendored
124
third_party/nixpkgs/nixos/doc/varlistentry-fixer.rb
vendored
|
@ -1,124 +0,0 @@
|
|||
#!/usr/bin/env ruby
|
||||
|
||||
# This script is written intended as a living, evolving tooling
|
||||
# to fix oopsies within the docbook documentation.
|
||||
#
|
||||
# This is *not* a formatter. It, instead, handles some known cases
|
||||
# where something bad happened, and fixing it manually is tedious.
|
||||
#
|
||||
# Read the code to see the different cases it handles.
|
||||
#
|
||||
# ALWAYS `make format` after fixing with this!
|
||||
# ALWAYS read the changes, this tool isn't yet proven to be always right.
|
||||
|
||||
require "rexml/document"
|
||||
include REXML
|
||||
|
||||
if ARGV.length < 1 then
|
||||
$stderr.puts "Needs a filename."
|
||||
exit 1
|
||||
end
|
||||
|
||||
filename = ARGV.shift
|
||||
doc = Document.new(File.open(filename))
|
||||
|
||||
$touched = false
|
||||
|
||||
# Fixing varnames having a sibling element without spacing.
|
||||
# This is to fix an initial `xmlformat` issue where `term`
|
||||
# would mangle as spaces.
|
||||
#
|
||||
# <varlistentry>
|
||||
# <term><varname>types.separatedString</varname><replaceable>sep</replaceable> <----
|
||||
# </term>
|
||||
# ...
|
||||
#
|
||||
# Generates: types.separatedStringsep
|
||||
# ^^^^
|
||||
#
|
||||
# <varlistentry xml:id='fun-makeWrapper'>
|
||||
# <term>
|
||||
# <function>makeWrapper</function><replaceable>executable</replaceable><replaceable>wrapperfile</replaceable><replaceable>args</replaceable> <----
|
||||
# </term>
|
||||
#
|
||||
# Generates: makeWrapperexecutablewrapperfileargs
|
||||
# ^^^^ ^^^^ ^^ ^^
|
||||
#
|
||||
# <term>
|
||||
# <option>--option</option><replaceable>name</replaceable><replaceable>value</replaceable> <-----
|
||||
# </term>
|
||||
#
|
||||
# Generates: --optionnamevalue
|
||||
# ^^ ^^
|
||||
doc.elements.each("//varlistentry/term") do |term|
|
||||
["varname", "function", "option", "replaceable"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
# <cmdsynopsis>
|
||||
# <command>nixos-option</command>
|
||||
# <arg>
|
||||
# <option>-I</option><replaceable>path</replaceable> <------
|
||||
# </arg>
|
||||
#
|
||||
# Generates: -Ipath
|
||||
# ^^
|
||||
doc.elements.each("//cmdsynopsis/arg") do |term|
|
||||
["option", "replaceable"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# <cmdsynopsis>
|
||||
# <arg>
|
||||
# <group choice='req'>
|
||||
# <arg choice='plain'>
|
||||
# <option>--profile-name</option>
|
||||
# </arg>
|
||||
#
|
||||
# <arg choice='plain'>
|
||||
# <option>-p</option>
|
||||
# </arg>
|
||||
# </group><replaceable>name</replaceable> <----
|
||||
# </arg>
|
||||
#
|
||||
# Generates: [{--profile-name | -p }name]
|
||||
# ^^^^
|
||||
doc.elements.each("//cmdsynopsis/arg") do |term|
|
||||
["group"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
if $touched then
|
||||
doc.context[:attribute_quote] = :quote
|
||||
doc.write(output: File.open(filename, "w"))
|
||||
end
|
|
@ -91,18 +91,24 @@ let
|
|||
in rec {
|
||||
inherit optionsNix;
|
||||
|
||||
optionsAsciiDoc = pkgs.runCommand "options.adoc" {} ''
|
||||
${pkgs.python3Minimal}/bin/python ${./generateDoc.py} \
|
||||
--format asciidoc \
|
||||
optionsAsciiDoc = pkgs.runCommand "options.adoc" {
|
||||
nativeBuildInputs = [ pkgs.nixos-render-docs ];
|
||||
} ''
|
||||
nixos-render-docs -j $NIX_BUILD_CORES options asciidoc \
|
||||
--manpage-urls ${pkgs.path + "/doc/manpage-urls.json"} \
|
||||
--revision ${lib.escapeShellArg revision} \
|
||||
${optionsJSON}/share/doc/nixos/options.json \
|
||||
> $out
|
||||
$out
|
||||
'';
|
||||
|
||||
optionsCommonMark = pkgs.runCommand "options.md" {} ''
|
||||
${pkgs.python3Minimal}/bin/python ${./generateDoc.py} \
|
||||
--format commonmark \
|
||||
optionsCommonMark = pkgs.runCommand "options.md" {
|
||||
nativeBuildInputs = [ pkgs.nixos-render-docs ];
|
||||
} ''
|
||||
nixos-render-docs -j $NIX_BUILD_CORES options commonmark \
|
||||
--manpage-urls ${pkgs.path + "/doc/manpage-urls.json"} \
|
||||
--revision ${lib.escapeShellArg revision} \
|
||||
${optionsJSON}/share/doc/nixos/options.json \
|
||||
> $out
|
||||
$out
|
||||
'';
|
||||
|
||||
optionsJSON = pkgs.runCommand "options.json"
|
||||
|
@ -152,7 +158,7 @@ in rec {
|
|||
pkgs.nixos-render-docs
|
||||
];
|
||||
} ''
|
||||
nixos-render-docs options docbook \
|
||||
nixos-render-docs -j $NIX_BUILD_CORES options docbook \
|
||||
--manpage-urls ${pkgs.path + "/doc/manpage-urls.json"} \
|
||||
--revision ${lib.escapeShellArg revision} \
|
||||
--document-type ${lib.escapeShellArg documentType} \
|
||||
|
|
|
@ -1,112 +0,0 @@
|
|||
import argparse
|
||||
import json
|
||||
import sys
|
||||
|
||||
formats = ['commonmark', 'asciidoc']
|
||||
|
||||
parser = argparse.ArgumentParser(
|
||||
description = 'Generate documentation for a set of JSON-formatted NixOS options'
|
||||
)
|
||||
parser.add_argument(
|
||||
'nix_options_path',
|
||||
help = 'a path to a JSON file containing the NixOS options'
|
||||
)
|
||||
parser.add_argument(
|
||||
'-f',
|
||||
'--format',
|
||||
choices = formats,
|
||||
required = True,
|
||||
help = f'the documentation format to generate'
|
||||
)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
class OptionsEncoder(json.JSONEncoder):
|
||||
def encode(self, obj):
|
||||
# Unpack literal expressions and other Nix types.
|
||||
# Don't escape the strings: they were escaped when initially serialized to JSON.
|
||||
if isinstance(obj, dict):
|
||||
_type = obj.get('_type')
|
||||
if _type is not None:
|
||||
if _type == 'literalExpression' or _type == 'literalDocBook':
|
||||
return obj['text']
|
||||
|
||||
if _type == 'derivation':
|
||||
return obj['name']
|
||||
|
||||
raise Exception(f'Unexpected type `{_type}` in {json.dumps(obj)}')
|
||||
|
||||
return super().encode(obj)
|
||||
|
||||
def generate_commonmark(options):
|
||||
for (name, value) in options.items():
|
||||
print('##', name.replace('<', '<').replace('>', '>'))
|
||||
print(value['description'])
|
||||
print()
|
||||
if 'type' in value:
|
||||
print('*_Type_*')
|
||||
print ('```')
|
||||
print(value['type'])
|
||||
print ('```')
|
||||
print()
|
||||
print()
|
||||
if 'default' in value:
|
||||
print('*_Default_*')
|
||||
print('```')
|
||||
print(json.dumps(value['default'], cls=OptionsEncoder, ensure_ascii=False, separators=(',', ':')))
|
||||
print('```')
|
||||
print()
|
||||
print()
|
||||
if 'example' in value:
|
||||
print('*_Example_*')
|
||||
print('```')
|
||||
print(json.dumps(value['example'], cls=OptionsEncoder, ensure_ascii=False, separators=(',', ':')))
|
||||
print('```')
|
||||
print()
|
||||
print()
|
||||
|
||||
# TODO: declarations: link to github
|
||||
def generate_asciidoc(options):
|
||||
for (name, value) in options.items():
|
||||
print(f'== {name}')
|
||||
print()
|
||||
print(value['description'])
|
||||
print()
|
||||
print('[discrete]')
|
||||
print('=== details')
|
||||
print()
|
||||
print(f'Type:: {value["type"]}')
|
||||
if 'default' in value:
|
||||
print('Default::')
|
||||
print('+')
|
||||
print('----')
|
||||
print(json.dumps(value['default'], cls=OptionsEncoder, ensure_ascii=False, separators=(',', ':')))
|
||||
print('----')
|
||||
print()
|
||||
else:
|
||||
print('No Default:: {blank}')
|
||||
if value['readOnly']:
|
||||
print('Read Only:: {blank}')
|
||||
else:
|
||||
print()
|
||||
if 'example' in value:
|
||||
print('Example::')
|
||||
print('+')
|
||||
print('----')
|
||||
print(json.dumps(value['example'], cls=OptionsEncoder, ensure_ascii=False, separators=(',', ':')))
|
||||
print('----')
|
||||
print()
|
||||
else:
|
||||
print('No Example:: {blank}')
|
||||
print()
|
||||
|
||||
with open(args.nix_options_path) as nix_options_json:
|
||||
options = json.load(nix_options_json)
|
||||
|
||||
if args.format == 'commonmark':
|
||||
generate_commonmark(options)
|
||||
elif args.format == 'asciidoc':
|
||||
generate_asciidoc(options)
|
||||
else:
|
||||
raise Exception(f'Unsupported documentation format `--format {args.format}`')
|
||||
|
|
@ -22,7 +22,7 @@ in
|
|||
};
|
||||
timeout = lib.mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null; # NOTE: null values are filtered out by `meta`.
|
||||
default = 3600; # 1 hour
|
||||
description = mdDoc ''
|
||||
The [{option}`test`](#test-opt-test)'s [`meta.timeout`](https://nixos.org/manual/nixpkgs/stable/#var-meta-timeout) in seconds.
|
||||
'';
|
||||
|
|
|
@ -168,7 +168,6 @@ in
|
|||
"${config.boot.initrd.systemd.package.kbd}/bin/setfont"
|
||||
"${config.boot.initrd.systemd.package.kbd}/bin/loadkeys"
|
||||
"${config.boot.initrd.systemd.package.kbd.gzip}/bin/gzip" # Fonts and keyboard layouts are compressed
|
||||
"${config.boot.initrd.systemd.package.kbd.gzip}/bin/.gzip-wrapped"
|
||||
] ++ optionals (hasPrefix builtins.storeDir cfg.font) [
|
||||
"${cfg.font}"
|
||||
] ++ optionals (hasPrefix builtins.storeDir cfg.keyMap) [
|
||||
|
|
|
@ -67,6 +67,7 @@ with lib;
|
|||
stoken = super.stoken.override { withGTK3 = false; };
|
||||
# translateManpages -> perlPackages.po4a -> texlive-combined-basic -> texlive-core-big -> libX11
|
||||
util-linux = super.util-linux.override { translateManpages = false; };
|
||||
vim-full = super.vim-full.override { guiSupport = false; };
|
||||
zbar = super.zbar.override { enableVideo = false; withXorg = false; };
|
||||
}));
|
||||
};
|
||||
|
|
|
@ -65,8 +65,6 @@ in {
|
|||
] ++ optional pkgs.stdenv.hostPlatform.isAarch raspberrypiWirelessFirmware
|
||||
++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
|
||||
rtl8723bs-firmware
|
||||
] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "5.16") [
|
||||
rtw89-firmware
|
||||
];
|
||||
hardware.wirelessRegulatoryDatabase = true;
|
||||
})
|
||||
|
|
18
third_party/nixpkgs/nixos/modules/hardware/flipperzero.nix
vendored
Normal file
18
third_party/nixpkgs/nixos/modules/hardware/flipperzero.nix
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.hardware.flipperzero;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options.hardware.flipperzero.enable = mkEnableOption (mdDoc "udev rules and software for Flipper Zero devices");
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.qFlipper ];
|
||||
services.udev.packages = [ pkgs.qFlipper ];
|
||||
};
|
||||
}
|
|
@ -392,7 +392,7 @@ in
|
|||
tape = 25;
|
||||
video = 26;
|
||||
dialout = 27;
|
||||
#polkituser = 28; # currently unused, polkitd doesn't need a group
|
||||
polkituser = 28;
|
||||
utmp = 29;
|
||||
# ddclient = 30; # converted to DynamicUser = true
|
||||
davfs2 = 31;
|
||||
|
|
|
@ -53,6 +53,7 @@
|
|||
./hardware/cpu/intel-sgx.nix
|
||||
./hardware/device-tree.nix
|
||||
./hardware/digitalbitbox.nix
|
||||
./hardware/flipperzero.nix
|
||||
./hardware/flirc.nix
|
||||
./hardware/gkraken.nix
|
||||
./hardware/gpgsmartcards.nix
|
||||
|
@ -314,6 +315,7 @@
|
|||
./services/audio/snapserver.nix
|
||||
./services/audio/spotifyd.nix
|
||||
./services/audio/squeezelite.nix
|
||||
./services/audio/tts.nix
|
||||
./services/audio/ympd.nix
|
||||
./services/backup/automysqlbackup.nix
|
||||
./services/backup/bacula.nix
|
||||
|
@ -912,6 +914,7 @@
|
|||
./services/networking/ndppd.nix
|
||||
./services/networking/nebula.nix
|
||||
./services/networking/netbird.nix
|
||||
./services/networking/networkd-dispatcher.nix
|
||||
./services/networking/networkmanager.nix
|
||||
./services/networking/nextdns.nix
|
||||
./services/networking/nftables.nix
|
||||
|
|
|
@ -22,6 +22,5 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
services.udev.packages = [ cfg.package ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
users.groups.flashrom = { };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -113,7 +113,7 @@ in
|
|||
group = "polkituser";
|
||||
};
|
||||
|
||||
users.groups.polkituser = {};
|
||||
users.groups.polkituser.gid = config.ids.gids.polkituser;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
151
third_party/nixpkgs/nixos/modules/services/audio/tts.nix
vendored
Normal file
151
third_party/nixpkgs/nixos/modules/services/audio/tts.nix
vendored
Normal file
|
@ -0,0 +1,151 @@
|
|||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.services.tts;
|
||||
in
|
||||
|
||||
{
|
||||
options.services.tts = let
|
||||
inherit (lib) literalExpression mkOption mdDoc mkEnableOption types;
|
||||
in {
|
||||
servers = mkOption {
|
||||
type = types.attrsOf (types.submodule (
|
||||
{ ... }: {
|
||||
options = {
|
||||
enable = mkEnableOption (mdDoc "Coqui TTS server");
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
example = 5000;
|
||||
description = mdDoc ''
|
||||
Port to bind the TTS server to.
|
||||
'';
|
||||
};
|
||||
|
||||
model = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "tts_models/en/ljspeech/tacotron2-DDC";
|
||||
example = null;
|
||||
description = mdDoc ''
|
||||
Name of the model to download and use for speech synthesis.
|
||||
|
||||
Check `tts-server --list_models` for possible values.
|
||||
|
||||
Set to `null` to use a custom model.
|
||||
'';
|
||||
};
|
||||
|
||||
useCuda = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = mdDoc ''
|
||||
Whether to offload computation onto a CUDA compatible GPU.
|
||||
'';
|
||||
};
|
||||
|
||||
extraArgs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = mdDoc ''
|
||||
Extra arguments to pass to the server commandline.
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
));
|
||||
default = {};
|
||||
example = literalExpression ''
|
||||
{
|
||||
english = {
|
||||
port = 5300;
|
||||
model = "tts_models/en/ljspeech/tacotron2-DDC";
|
||||
};
|
||||
german = {
|
||||
port = 5301;
|
||||
model = "tts_models/de/thorsten/tacotron2-DDC";
|
||||
};
|
||||
dutch = {
|
||||
port = 5302;
|
||||
model = "tts_models/nl/mai/tacotron2-DDC";
|
||||
};
|
||||
}
|
||||
'';
|
||||
description = mdDoc ''
|
||||
TTS server instances.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = let
|
||||
inherit (lib) mkIf mapAttrs' nameValuePair optionalString concatMapStringsSep escapeShellArgs;
|
||||
in mkIf (cfg.servers != {}) {
|
||||
systemd.services = mapAttrs' (server: options:
|
||||
nameValuePair "tts-${server}" {
|
||||
description = "Coqui TTS server instance ${server}";
|
||||
after = [
|
||||
"network-online.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"multi-user.target"
|
||||
];
|
||||
path = with pkgs; [
|
||||
espeak-ng
|
||||
];
|
||||
environment.HOME = "/var/lib/tts";
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
User = "tts";
|
||||
StateDirectory = "tts";
|
||||
ExecStart = "${pkgs.tts}/bin/tts-server --port ${toString options.port}"
|
||||
+ optionalString (options.model != null) " --model_name ${options.model}"
|
||||
+ optionalString (options.useCuda) " --use_cuda"
|
||||
+ (concatMapStringsSep " " escapeShellArgs options.extraArgs);
|
||||
CapabilityBoundingSet = "";
|
||||
DeviceAllow = if options.useCuda then [
|
||||
# https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf
|
||||
"/dev/nvidia1"
|
||||
"/dev/nvidia2"
|
||||
"/dev/nvidia3"
|
||||
"/dev/nvidia4"
|
||||
"/dev/nvidia-caps/nvidia-cap1"
|
||||
"/dev/nvidia-caps/nvidia-cap2"
|
||||
"/dev/nvidiactl"
|
||||
"/dev/nvidia-modeset"
|
||||
"/dev/nvidia-uvm"
|
||||
"/dev/nvidia-uvm-tools"
|
||||
] else "";
|
||||
DevicePolicy = "closed";
|
||||
LockPersonality = true;
|
||||
# jit via numba->llvmpipe
|
||||
MemoryDenyWriteExecute = false;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectProc = "invisible";
|
||||
ProcSubset = "pid";
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged"
|
||||
];
|
||||
UMask = "0077";
|
||||
};
|
||||
}) cfg.servers;
|
||||
};
|
||||
}
|
|
@ -128,7 +128,7 @@ To backup your home directory to borgbase you have to:
|
|||
- Initialize the repository on the server. Eg.
|
||||
|
||||
sudo borg init --encryption=repokey-blake2 \
|
||||
-rsh "ssh -i /run/keys/id_ed25519_borgbase" \
|
||||
--rsh "ssh -i /run/keys/id_ed25519_borgbase" \
|
||||
zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo
|
||||
|
||||
- Add it to your NixOS configuration, e.g.
|
||||
|
|
|
@ -34,7 +34,7 @@ let
|
|||
text = if (cfg.configFile != null) then ''
|
||||
cp ${cfg.configFile} ${configPath}
|
||||
# make config file readable by service
|
||||
chown -R --reference=$HOME $(dirname ${configPath})
|
||||
chown -R --reference="$HOME" "$(dirname ${configPath})"
|
||||
'' else ''
|
||||
export CONFIG_FILE=${configPath}
|
||||
|
||||
|
|
|
@ -8,19 +8,9 @@ let
|
|||
keyboard = {
|
||||
options = {
|
||||
devices = mkOption {
|
||||
type = types.addCheck (types.listOf types.str)
|
||||
(devices: (length devices) > 0);
|
||||
type = types.listOf types.str;
|
||||
example = [ "/dev/input/by-id/usb-0000_0000-event-kbd" ];
|
||||
# TODO replace note with tip, which has not been implemented yet in
|
||||
# nixos/lib/make-options-doc/mergeJSON.py
|
||||
description = mdDoc ''
|
||||
Paths to keyboard devices.
|
||||
|
||||
::: {.note}
|
||||
To avoid unnecessary triggers of the service unit, unplug devices in
|
||||
the order of the list.
|
||||
:::
|
||||
'';
|
||||
description = mdDoc "Paths to keyboard devices.";
|
||||
};
|
||||
config = mkOption {
|
||||
type = types.lines;
|
||||
|
@ -44,8 +34,10 @@ let
|
|||
cap (tap-hold 100 100 caps lctl))
|
||||
'';
|
||||
description = mdDoc ''
|
||||
Configuration other than `defcfg`. See [example config
|
||||
files](https://github.com/jtroo/kanata) for more information.
|
||||
Configuration other than `defcfg`.
|
||||
|
||||
See [example config files](https://github.com/jtroo/kanata)
|
||||
for more information.
|
||||
'';
|
||||
};
|
||||
extraDefCfg = mkOption {
|
||||
|
@ -53,8 +45,12 @@ let
|
|||
default = "";
|
||||
example = "danger-enable-cmd yes";
|
||||
description = mdDoc ''
|
||||
Configuration of `defcfg` other than `linux-dev`. See [example
|
||||
config files](https://github.com/jtroo/kanata) for more information.
|
||||
Configuration of `defcfg` other than `linux-dev` (generated
|
||||
from the devices option) and
|
||||
`linux-continue-if-no-devs-found` (hardcoded to be yes).
|
||||
|
||||
See [example config files](https://github.com/jtroo/kanata)
|
||||
for more information.
|
||||
'';
|
||||
};
|
||||
extraArgs = mkOption {
|
||||
|
@ -67,8 +63,7 @@ let
|
|||
default = null;
|
||||
example = 6666;
|
||||
description = mdDoc ''
|
||||
Port to run the notification server on. `null` will not run the
|
||||
server.
|
||||
Port to run the TCP server on. `null` will not run the server.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -76,28 +71,23 @@ let
|
|||
|
||||
mkName = name: "kanata-${name}";
|
||||
|
||||
mkDevices = devices: concatStringsSep ":" devices;
|
||||
mkDevices = devices:
|
||||
optionalString ((length devices) > 0) "linux-dev ${concatStringsSep ":" devices}";
|
||||
|
||||
mkConfig = name: keyboard: pkgs.writeText "${mkName name}-config.kdb" ''
|
||||
(defcfg
|
||||
${keyboard.extraDefCfg}
|
||||
linux-dev ${mkDevices keyboard.devices})
|
||||
${mkDevices keyboard.devices}
|
||||
linux-continue-if-no-devs-found yes)
|
||||
|
||||
${keyboard.config}
|
||||
'';
|
||||
|
||||
mkService = name: keyboard: nameValuePair (mkName name) {
|
||||
description = "kanata for ${mkDevices keyboard.devices}";
|
||||
|
||||
# Because path units are used to activate service units, which
|
||||
# will start the old stopped services during "nixos-rebuild
|
||||
# switch", stopIfChanged here is a workaround to make sure new
|
||||
# services are running after "nixos-rebuild switch".
|
||||
stopIfChanged = false;
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/kanata \
|
||||
${getExe cfg.package} \
|
||||
--cfg ${mkConfig name keyboard} \
|
||||
--symlink-path ''${RUNTIME_DIRECTORY}/${name} \
|
||||
${optionalString (keyboard.port != null) "--port ${toString keyboard.port}"} \
|
||||
|
@ -146,37 +136,10 @@ let
|
|||
UMask = "0077";
|
||||
};
|
||||
};
|
||||
|
||||
mkPathName = i: name: "${mkName name}-${toString i}";
|
||||
|
||||
mkPath = name: n: i: device:
|
||||
nameValuePair (mkPathName i name) {
|
||||
description =
|
||||
"${toString (i+1)}/${toString n} kanata trigger for ${name}, watching ${device}";
|
||||
wantedBy = optional (i == 0) "multi-user.target";
|
||||
pathConfig = {
|
||||
PathExists = device;
|
||||
# (ab)use systemd.path to construct a trigger chain so that the
|
||||
# service unit is only started when all paths exist
|
||||
# however, manual of systemd.path says Unit's suffix is not ".path"
|
||||
Unit =
|
||||
if (i + 1) == n
|
||||
then "${mkName name}.service"
|
||||
else "${mkPathName (i + 1) name}.path";
|
||||
};
|
||||
unitConfig.StopPropagatedFrom = optional (i > 0) "${mkName name}.service";
|
||||
};
|
||||
|
||||
mkPaths = name: keyboard:
|
||||
let
|
||||
n = length keyboard.devices;
|
||||
in
|
||||
imap0 (mkPath name n) keyboard.devices
|
||||
;
|
||||
in
|
||||
{
|
||||
options.services.kanata = {
|
||||
enable = mkEnableOption (lib.mdDoc "kanata");
|
||||
enable = mkEnableOption (mdDoc "kanata");
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.kanata;
|
||||
|
@ -201,14 +164,7 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
hardware.uinput.enable = true;
|
||||
|
||||
systemd = {
|
||||
paths = trivial.pipe cfg.keyboards [
|
||||
(mapAttrsToList mkPaths)
|
||||
concatLists
|
||||
listToAttrs
|
||||
];
|
||||
services = mapAttrs' mkService cfg.keyboards;
|
||||
};
|
||||
systemd.services = mapAttrs' mkService cfg.keyboards;
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ linj ];
|
||||
|
|
|
@ -409,6 +409,7 @@ in {
|
|||
(optionalString (cfg.config != null) copyConfig) +
|
||||
(optionalString (cfg.lovelaceConfig != null) copyLovelaceConfig)
|
||||
;
|
||||
environment.PYTHONPATH = package.pythonPath;
|
||||
serviceConfig = let
|
||||
# List of capabilities to equip home-assistant with, depending on configured components
|
||||
capabilities = lib.unique ([
|
||||
|
|
|
@ -223,14 +223,31 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
ensureAccounts = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
List of IMAP accounts which get automatically created. Note that for
|
||||
a complete setup, user credentials for these accounts are required too
|
||||
and can be created using the command `maddyctl creds`.
|
||||
This option does not delete accounts which are not (anymore) listed.
|
||||
'';
|
||||
example = [
|
||||
"user1@localhost"
|
||||
"user2@localhost"
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd = {
|
||||
|
||||
packages = [ pkgs.maddy ];
|
||||
services.maddy = {
|
||||
services = {
|
||||
maddy = {
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
@ -239,6 +256,26 @@ in {
|
|||
restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
maddy-ensure-accounts = {
|
||||
script = ''
|
||||
${optionalString (cfg.ensureAccounts != []) ''
|
||||
${concatMapStrings (account: ''
|
||||
if ! ${pkgs.maddy}/bin/maddyctl imap-acct list | grep "${account}"; then
|
||||
${pkgs.maddy}/bin/maddyctl imap-acct create ${account}
|
||||
fi
|
||||
'') cfg.ensureAccounts}
|
||||
''}
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User= "maddy";
|
||||
};
|
||||
after = [ "maddy.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
environment.etc."maddy/maddy.conf" = {
|
||||
|
|
|
@ -96,7 +96,7 @@ in {
|
|||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
File containing environment variables to be passed to the mautrix-telegram service.
|
||||
File containing environment variables to be passed to the mautrix-facebook service.
|
||||
|
||||
Any config variable can be overridden by setting `MAUTRIX_FACEBOOK_SOME_KEY` to override the `some.key` variable.
|
||||
'';
|
||||
|
|
|
@ -137,7 +137,7 @@ in {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
|
||||
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
|
||||
path = [ pkgs.lottieconverter ];
|
||||
path = [ pkgs.lottieconverter pkgs.ffmpeg-full ];
|
||||
|
||||
# mautrix-telegram tries to generate a dotfile in the home directory of
|
||||
# the running user if using a postgresql database:
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
@ -16,17 +15,19 @@ in {
|
|||
type = types.package;
|
||||
default = pkgs.mbpfan;
|
||||
defaultText = literalExpression "pkgs.mbpfan";
|
||||
description = lib.mdDoc ''
|
||||
The package used for the mbpfan daemon.
|
||||
'';
|
||||
description = lib.mdDoc "The package used for the mbpfan daemon.";
|
||||
};
|
||||
|
||||
verbose = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
If true, sets the log level to verbose.
|
||||
'';
|
||||
description = lib.mdDoc "If true, sets the log level to verbose.";
|
||||
};
|
||||
|
||||
aggressive = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc "If true, favors higher default fan speeds.";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
|
@ -35,24 +36,14 @@ in {
|
|||
type = types.submodule {
|
||||
freeformType = settingsFormat.type;
|
||||
|
||||
options.general.min_fan1_speed = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = 2000;
|
||||
description = lib.mdDoc ''
|
||||
You can check minimum and maximum fan limits with
|
||||
`cat /sys/devices/platform/applesmc.768/fan*_min` and
|
||||
`cat /sys/devices/platform/applesmc.768/fan*_max` respectively.
|
||||
Setting to null implies using default value from applesmc.
|
||||
'';
|
||||
};
|
||||
options.general.low_temp = mkOption {
|
||||
type = types.int;
|
||||
default = 55;
|
||||
default = 63;
|
||||
description = lib.mdDoc "If temperature is below this, fans will run at minimum speed.";
|
||||
};
|
||||
options.general.high_temp = mkOption {
|
||||
type = types.int;
|
||||
default = 58;
|
||||
default = 66;
|
||||
description = lib.mdDoc "If temperature is above this, fan speed will gradually increase.";
|
||||
};
|
||||
options.general.max_temp = mkOption {
|
||||
|
@ -79,10 +70,16 @@ in {
|
|||
];
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
boot.kernelModules = [ "coretemp" "applesmc" ];
|
||||
services.mbpfan.settings = mkIf cfg.aggressive {
|
||||
general.min_fan1_speed = mkDefault 2000;
|
||||
general.low_temp = mkDefault 55;
|
||||
general.high_temp = mkDefault 58;
|
||||
general.max_temp = mkDefault 70;
|
||||
};
|
||||
|
||||
environment.etc."mbpfan.conf".source = settingsFile;
|
||||
boot.kernelModules = [ "coretemp" "applesmc" ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
environment.etc."mbpfan.conf".source = settingsFile;
|
||||
|
||||
systemd.services.mbpfan = {
|
||||
description = "A fan manager daemon for MacBook Pro";
|
||||
|
|
|
@ -25,6 +25,13 @@ in {
|
|||
Specify a configuration file that Mimir should use.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
default = pkgs.mimir;
|
||||
defaultText = lib.literalExpression "pkgs.mimir";
|
||||
type = types.package;
|
||||
description = lib.mdDoc ''Mimir package to use.'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -53,7 +60,7 @@ in {
|
|||
else cfg.configFile;
|
||||
in
|
||||
{
|
||||
ExecStart = "${pkgs.mimir}/bin/mimir --config.file=${conf}";
|
||||
ExecStart = "${cfg.package}/bin/mimir --config.file=${conf}";
|
||||
DynamicUser = true;
|
||||
Restart = "always";
|
||||
ProtectSystem = "full";
|
||||
|
|
|
@ -409,7 +409,7 @@ in
|
|||
|
||||
provision = {
|
||||
enable = cfg.provision.grafana.datasource || cfg.provision.grafana.dashboard;
|
||||
datasources =
|
||||
datasources.settings.datasources =
|
||||
let
|
||||
esVersion = lib.getVersion config.services.elasticsearch.package;
|
||||
in
|
||||
|
@ -435,7 +435,7 @@ in
|
|||
};
|
||||
}
|
||||
];
|
||||
dashboards = lib.mkIf cfg.provision.grafana.dashboard [{
|
||||
dashboards.settings.providers = lib.mkIf cfg.provision.grafana.dashboard [{
|
||||
name = "parsedmarc";
|
||||
options.path = "${pkgs.python3Packages.parsedmarc.dashboard}";
|
||||
}];
|
||||
|
|
63
third_party/nixpkgs/nixos/modules/services/networking/networkd-dispatcher.nix
vendored
Normal file
63
third_party/nixpkgs/nixos/modules/services/networking/networkd-dispatcher.nix
vendored
Normal file
|
@ -0,0 +1,63 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.networkd-dispatcher;
|
||||
in {
|
||||
options = {
|
||||
services.networkd-dispatcher = {
|
||||
|
||||
enable = mkEnableOption (mdDoc ''
|
||||
Networkd-dispatcher service for systemd-networkd connection status
|
||||
change. See [https://gitlab.com/craftyguy/networkd-dispatcher](upstream instructions)
|
||||
for usage.
|
||||
'');
|
||||
|
||||
scriptDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/networkd-dispatcher";
|
||||
description = mdDoc ''
|
||||
This directory is used for keeping various scripts read and run by
|
||||
networkd-dispatcher. See [https://gitlab.com/craftyguy/networkd-dispatcher](upstream instructions)
|
||||
for directory structure and script usage.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd = {
|
||||
|
||||
packages = [ pkgs.networkd-dispatcher ];
|
||||
services.networkd-dispatcher = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# Override existing ExecStart definition
|
||||
serviceConfig.ExecStart = [
|
||||
""
|
||||
"${pkgs.networkd-dispatcher}/bin/networkd-dispatcher -v --script-dir ${cfg.scriptDir} $networkd_dispatcher_args"
|
||||
];
|
||||
};
|
||||
|
||||
# Directory structure required according to upstream instructions
|
||||
# https://gitlab.com/craftyguy/networkd-dispatcher
|
||||
tmpfiles.rules = [
|
||||
"d '${cfg.scriptDir}' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/routable.d' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/dormant.d' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/no-carrier.d' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/off.d' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/carrier.d' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/degraded.d' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/configuring.d' 0750 root root - -"
|
||||
"d '${cfg.scriptDir}/configured.d' 0750 root root - -"
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
|
|
@ -82,8 +82,8 @@ in {
|
|||
};
|
||||
|
||||
boot.kernel.sysctl = mkIf (cfg.useRoutingFeatures == "server" || cfg.useRoutingFeatures == "both") {
|
||||
"net.ipv4.conf.all.forwarding" = mkDefault true;
|
||||
"net.ipv6.conf.all.forwarding" = mkDefault true;
|
||||
"net.ipv4.conf.all.forwarding" = mkOverride 97 true;
|
||||
"net.ipv6.conf.all.forwarding" = mkOverride 97 true;
|
||||
};
|
||||
|
||||
networking.firewall.checkReversePath = mkIf (cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both") "loose";
|
||||
|
|
|
@ -12,11 +12,22 @@ with lib;
|
|||
config = mkIf config.services.v2raya.enable {
|
||||
environment.systemPackages = [ pkgs.v2raya ];
|
||||
|
||||
systemd.services.v2raya = {
|
||||
systemd.services.v2raya =
|
||||
let
|
||||
nftablesEnabled = config.networking.nftables.enable;
|
||||
iptablesServices = [
|
||||
"iptables.service"
|
||||
] ++ optional config.networking.enableIPv6 "ip6tables.service";
|
||||
tableServices = if nftablesEnabled then [ "nftables.service" ] else iptablesServices;
|
||||
in
|
||||
{
|
||||
unitConfig = {
|
||||
Description = "v2rayA service";
|
||||
Documentation = "https://github.com/v2rayA/v2rayA/wiki";
|
||||
After = [ "network.target" "nss-lookup.target" "iptables.service" "ip6tables.service" ];
|
||||
After = [
|
||||
"network.target"
|
||||
"nss-lookup.target"
|
||||
] ++ tableServices;
|
||||
Wants = [ "network.target" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -615,6 +615,7 @@ in
|
|||
s3_endpoint = null;
|
||||
s3_http_continue_timeout = null;
|
||||
s3_install_cors_rule = null;
|
||||
s3_asset_cdn_url = null;
|
||||
|
||||
max_user_api_reqs_per_minute = 20;
|
||||
max_user_api_reqs_per_day = 2880;
|
||||
|
@ -647,6 +648,9 @@ in
|
|||
multisite_config_path = "config/multisite.yml";
|
||||
enable_long_polling = null;
|
||||
long_polling_interval = null;
|
||||
preload_link_header = false;
|
||||
redirect_avatar_requests = false;
|
||||
pg_force_readonly_mode = false;
|
||||
};
|
||||
|
||||
services.redis.servers.discourse =
|
||||
|
@ -1011,6 +1015,7 @@ in
|
|||
notification_email = cfg.mail.notificationEmailAddress;
|
||||
contact_email = cfg.mail.contactEmailAddress;
|
||||
};
|
||||
security.force_https = tlsEnabled;
|
||||
email = {
|
||||
manual_polling_enabled = cfg.mail.incoming.enable;
|
||||
reply_by_email_enabled = cfg.mail.incoming.enable;
|
||||
|
|
|
@ -270,7 +270,7 @@ in
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package.fhs}/bin/onlyoffice-wrapper DocService/docservice /run/onlyoffice/config";
|
||||
ExecStartPre = onlyoffice-prestart;
|
||||
ExecStartPre = [ onlyoffice-prestart ];
|
||||
Group = "onlyoffice";
|
||||
Restart = "always";
|
||||
RuntimeDirectory = "onlyoffice";
|
||||
|
|
|
@ -316,11 +316,13 @@ in {
|
|||
mkdir -p -m 0755 /run/binfmt
|
||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
|
||||
'';
|
||||
systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {}) [
|
||||
systemd = lib.mkIf (config.boot.binfmt.registrations != {}) {
|
||||
additionalUpstreamSystemUnits = [
|
||||
"proc-sys-fs-binfmt_misc.automount"
|
||||
"proc-sys-fs-binfmt_misc.mount"
|
||||
"systemd-binfmt.service"
|
||||
];
|
||||
systemd.services.systemd-binfmt.restartTriggers = [ (builtins.toJSON config.boot.binfmt.registrations) ];
|
||||
services.systemd-binfmt.restartTriggers = [ (builtins.toJSON config.boot.binfmt.registrations) ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -427,9 +427,6 @@ in {
|
|||
# fido2 support
|
||||
"${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so"
|
||||
"${pkgs.libfido2}/lib/libfido2.so.1"
|
||||
|
||||
# the unwrapped systemd-cryptsetup executable
|
||||
"${cfg.package}/lib/systemd/.systemd-cryptsetup-wrapped"
|
||||
] ++ jobScripts;
|
||||
|
||||
targets.initrd.aliases = ["default.target"];
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.boot.initrd.systemd.repart;
|
||||
cfg = config.systemd.repart;
|
||||
initrdCfg = config.boot.initrd.systemd.repart;
|
||||
|
||||
writeDefinition = name: partitionConfig: pkgs.writeText
|
||||
"${name}.conf"
|
||||
|
@ -24,11 +25,25 @@ let
|
|||
'';
|
||||
in
|
||||
{
|
||||
options.boot.initrd.systemd.repart = {
|
||||
options = {
|
||||
boot.initrd.systemd.repart.enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // {
|
||||
description = lib.mdDoc ''
|
||||
Grow and add partitions to a partition table at boot time in the initrd.
|
||||
systemd-repart only works with GPT partition tables.
|
||||
|
||||
To run systemd-repart after the initrd, see
|
||||
`options.systemd.repart.enable`.
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.repart = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // {
|
||||
description = lib.mdDoc ''
|
||||
Grow and add partitions to a partition table a boot time in the initrd.
|
||||
Grow and add partitions to a partition table.
|
||||
systemd-repart only works with GPT partition tables.
|
||||
|
||||
To run systemd-repart while in the initrd, see
|
||||
`options.boot.initrd.systemd.repart.enable`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -54,15 +69,15 @@ in
|
|||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Link the definitions into /etc so that they are included in the
|
||||
# /nix/store of the sysroot. This also allows the user to run the
|
||||
# systemd-repart binary after activation manually while automatically
|
||||
# picking up the definition files.
|
||||
config = lib.mkIf (cfg.enable || initrdCfg.enable) {
|
||||
# Always link the definitions into /etc so that they are also included in
|
||||
# the /nix/store of the sysroot during early userspace (i.e. while in the
|
||||
# initrd).
|
||||
environment.etc."repart.d".source = definitionsDirectory;
|
||||
|
||||
boot.initrd.systemd = {
|
||||
boot.initrd.systemd = lib.mkIf initrdCfg.enable {
|
||||
additionalUpstreamUnits = [
|
||||
"systemd-repart.service"
|
||||
];
|
||||
|
@ -73,7 +88,7 @@ in
|
|||
|
||||
# Override defaults in upstream unit.
|
||||
services.systemd-repart = {
|
||||
# Unset the coniditions as they cannot be met before activation because
|
||||
# Unset the conditions as they cannot be met before activation because
|
||||
# the definition files are not stored in the expected locations.
|
||||
unitConfig.ConditionDirectoryNotEmpty = [
|
||||
" " # required to unset the previous value.
|
||||
|
@ -97,5 +112,12 @@ in
|
|||
after = [ "sysroot.mount" ];
|
||||
};
|
||||
};
|
||||
|
||||
systemd = lib.mkIf cfg.enable {
|
||||
additionalUpstreamSystemUnits = [
|
||||
"systemd-repart.service"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -163,7 +163,7 @@ in
|
|||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [{
|
||||
boot.kernelModules = [ "bridge" "veth" ];
|
||||
boot.kernelModules = [ "bridge" "veth" "br_netfilter" "xt_nat" ];
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.conf.all.forwarding" = mkOverride 98 true;
|
||||
"net.ipv4.conf.default.forwarding" = mkOverride 98 true;
|
||||
|
|
|
@ -514,6 +514,7 @@ in
|
|||
};
|
||||
in [ extraConfig ] ++ (map (x: x.value) defs);
|
||||
prefix = [ "containers" name ];
|
||||
inherit (config) specialArgs;
|
||||
}).config;
|
||||
};
|
||||
};
|
||||
|
@ -555,6 +556,16 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
specialArgs = mkOption {
|
||||
type = types.attrsOf types.unspecified;
|
||||
default = {};
|
||||
description = lib.mdDoc ''
|
||||
A set of special arguments to be passed to NixOS modules.
|
||||
This will be merged into the `specialArgs` used to evaluate
|
||||
the NixOS configurations.
|
||||
'';
|
||||
};
|
||||
|
||||
ephemeral = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
|
|
@ -9,8 +9,7 @@ let
|
|||
extraPackages = cfg.extraPackages
|
||||
# setuid shadow
|
||||
++ [ "/run/wrappers" ]
|
||||
# include pkgs.zfs by default in the wrapped podman used by the module so it is cached
|
||||
++ (if (builtins.elem "zfs" config.boot.supportedFilesystems) then [ config.boot.zfs.package ] else [ pkgs.zfs ]);
|
||||
++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package;
|
||||
});
|
||||
|
||||
# Provides a fake "docker" binary mapping to podman
|
||||
|
@ -184,6 +183,10 @@ in
|
|||
|
||||
systemd.packages = [ cfg.package ];
|
||||
|
||||
systemd.services.podman.serviceConfig = {
|
||||
ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
|
||||
};
|
||||
|
||||
systemd.services.podman-prune = {
|
||||
description = "Prune podman resources";
|
||||
|
||||
|
@ -204,6 +207,10 @@ in
|
|||
systemd.sockets.podman.wantedBy = [ "sockets.target" ];
|
||||
systemd.sockets.podman.socketConfig.SocketGroup = "podman";
|
||||
|
||||
systemd.user.services.podman.serviceConfig = {
|
||||
ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
|
||||
};
|
||||
|
||||
systemd.user.sockets.podman.wantedBy = [ "sockets.target" ];
|
||||
|
||||
systemd.tmpfiles.packages = [
|
||||
|
|
1
third_party/nixpkgs/nixos/release.nix
vendored
1
third_party/nixpkgs/nixos/release.nix
vendored
|
@ -144,7 +144,6 @@ in rec {
|
|||
manual = manualHTML; # TODO(@oxij): remove eventually
|
||||
manualEpub = (buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualEpub));
|
||||
manpages = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manpages);
|
||||
manualGeneratedSources = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.generatedSources);
|
||||
options = (buildFromConfig ({ ... }: { }) (config: config.system.build.manual.optionsJSON)).x86_64-linux;
|
||||
|
||||
|
||||
|
|
|
@ -368,6 +368,7 @@ in {
|
|||
login = handleTest ./login.nix {};
|
||||
logrotate = handleTest ./logrotate.nix {};
|
||||
loki = handleTest ./loki.nix {};
|
||||
luks = handleTest ./luks.nix {};
|
||||
lvm2 = handleTest ./lvm2 {};
|
||||
lxd = handleTest ./lxd.nix {};
|
||||
lxd-nftables = handleTest ./lxd-nftables.nix {};
|
||||
|
@ -646,6 +647,7 @@ in {
|
|||
systemd-confinement = handleTest ./systemd-confinement.nix {};
|
||||
systemd-coredump = handleTest ./systemd-coredump.nix {};
|
||||
systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {};
|
||||
systemd-credentials-tpm2 = handleTest ./systemd-credentials-tpm2.nix {};
|
||||
systemd-escaping = handleTest ./systemd-escaping.nix {};
|
||||
systemd-initrd-btrfs-raid = handleTest ./systemd-initrd-btrfs-raid.nix {};
|
||||
systemd-initrd-luks-fido2 = handleTest ./systemd-initrd-luks-fido2.nix {};
|
||||
|
@ -656,6 +658,7 @@ in {
|
|||
systemd-initrd-shutdown = handleTest ./systemd-shutdown.nix { systemdStage1 = true; };
|
||||
systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {};
|
||||
systemd-initrd-swraid = handleTest ./systemd-initrd-swraid.nix {};
|
||||
systemd-initrd-vconsole = handleTest ./systemd-initrd-vconsole.nix {};
|
||||
systemd-journal = handleTest ./systemd-journal.nix {};
|
||||
systemd-machinectl = handleTest ./systemd-machinectl.nix {};
|
||||
systemd-networkd = handleTest ./systemd-networkd.nix {};
|
||||
|
|
|
@ -40,7 +40,7 @@ import ./make-test-python.nix (
|
|||
|
||||
networking.extraHosts = ''
|
||||
127.0.0.1 ${discourseDomain}
|
||||
${nodes.client.config.networking.primaryIPAddress} ${clientDomain}
|
||||
${nodes.client.networking.primaryIPAddress} ${clientDomain}
|
||||
'';
|
||||
|
||||
services.postfix = {
|
||||
|
@ -90,7 +90,7 @@ import ./make-test-python.nix (
|
|||
|
||||
networking.extraHosts = ''
|
||||
127.0.0.1 ${clientDomain}
|
||||
${nodes.discourse.config.networking.primaryIPAddress} ${discourseDomain}
|
||||
${nodes.discourse.networking.primaryIPAddress} ${discourseDomain}
|
||||
'';
|
||||
|
||||
services.dovecot2 = {
|
||||
|
@ -178,8 +178,8 @@ import ./make-test-python.nix (
|
|||
discourse.wait_until_succeeds("curl -sS -f https://${discourseDomain}")
|
||||
discourse.succeed(
|
||||
"curl -sS -f https://${discourseDomain}/session/csrf -c cookie -b cookie -H 'Accept: application/json' | jq -r '\"X-CSRF-Token: \" + .csrf' > csrf_token",
|
||||
"curl -sS -f https://${discourseDomain}/session -c cookie -b cookie -H @csrf_token -H 'Accept: application/json' -d 'login=${nodes.discourse.config.services.discourse.admin.username}' -d \"password=${adminPassword}\" | jq -e '.user.username == \"${nodes.discourse.config.services.discourse.admin.username}\"'",
|
||||
"curl -sS -f https://${discourseDomain}/login -v -H 'Accept: application/json' -c cookie -b cookie 2>&1 | grep ${nodes.discourse.config.services.discourse.admin.username}",
|
||||
"curl -sS -f https://${discourseDomain}/session -c cookie -b cookie -H @csrf_token -H 'Accept: application/json' -d 'login=${nodes.discourse.services.discourse.admin.username}' -d \"password=${adminPassword}\" | jq -e '.user.username == \"${nodes.discourse.services.discourse.admin.username}\"'",
|
||||
"curl -sS -f https://${discourseDomain}/login -v -H 'Accept: application/json' -c cookie -b cookie 2>&1 | grep ${nodes.discourse.services.discourse.admin.username}",
|
||||
)
|
||||
|
||||
client.wait_for_unit("postfix.service")
|
||||
|
|
|
@ -103,6 +103,16 @@ class ReqHandler(BaseHTTPRequestHandler):
|
|||
self._send_json_ok(gen_mockuser(username=username, uid=uid, gid=uid, home_directory=f"/home/{username}", snakeoil_pubkey=SNAKEOIL_PUBLIC_KEY))
|
||||
return
|
||||
|
||||
# we need to provide something at the groups endpoint.
|
||||
# the nss module does segfault if we don't.
|
||||
elif pu.path == "/computeMetadata/v1/oslogin/groups":
|
||||
self._send_json_ok({
|
||||
"posixGroups": [
|
||||
{"name" : "demo", "gid" : 4294967295}
|
||||
],
|
||||
})
|
||||
return
|
||||
|
||||
# authorize endpoint
|
||||
elif pu.path == "/computeMetadata/v1/oslogin/authorize":
|
||||
# is user allowed to login?
|
||||
|
|
|
@ -22,22 +22,23 @@ in {
|
|||
enable = true;
|
||||
inherit configDir;
|
||||
|
||||
# tests loading components by overriding the package
|
||||
# provide dependencies through package overrides
|
||||
package = (pkgs.home-assistant.override {
|
||||
extraPackages = ps: with ps; [
|
||||
colorama
|
||||
];
|
||||
extraComponents = [ "zha" ];
|
||||
}).overrideAttrs (oldAttrs: {
|
||||
doInstallCheck = false;
|
||||
extraComponents = [
|
||||
# test char-tty device allow propagation into the service
|
||||
"zha"
|
||||
];
|
||||
});
|
||||
|
||||
# tests loading components from the module
|
||||
# provide component dependencies explicitly from the module
|
||||
extraComponents = [
|
||||
"wake_on_lan"
|
||||
"mqtt"
|
||||
];
|
||||
|
||||
# test extra package passing from the module
|
||||
# provide package for postgresql support
|
||||
extraPackages = python3Packages: with python3Packages; [
|
||||
psycopg2
|
||||
];
|
||||
|
@ -111,36 +112,38 @@ in {
|
|||
};
|
||||
|
||||
testScript = { nodes, ... }: let
|
||||
system = nodes.hass.config.system.build.toplevel;
|
||||
system = nodes.hass.system.build.toplevel;
|
||||
in
|
||||
''
|
||||
import re
|
||||
import json
|
||||
|
||||
start_all()
|
||||
|
||||
# Parse the package path out of the systemd unit, as we cannot
|
||||
# access the final package, that is overridden inside the module,
|
||||
# by any other means.
|
||||
pattern = re.compile(r"path=(?P<path>[\/a-z0-9-.]+)\/bin\/hass")
|
||||
response = hass.execute("systemctl show -p ExecStart home-assistant.service")[1]
|
||||
match = pattern.search(response)
|
||||
assert match
|
||||
package = match.group('path')
|
||||
|
||||
|
||||
def get_journal_cursor(host) -> str:
|
||||
exit, out = host.execute("journalctl -u home-assistant.service -n1 -o json-pretty --output-fields=__CURSOR")
|
||||
def get_journal_cursor() -> str:
|
||||
exit, out = hass.execute("journalctl -u home-assistant.service -n1 -o json-pretty --output-fields=__CURSOR")
|
||||
assert exit == 0
|
||||
return json.loads(out)["__CURSOR"]
|
||||
|
||||
|
||||
def wait_for_homeassistant(host, cursor):
|
||||
host.wait_until_succeeds(f"journalctl --after-cursor='{cursor}' -u home-assistant.service | grep -q 'Home Assistant initialized in'")
|
||||
def get_journal_since(cursor) -> str:
|
||||
exit, out = hass.execute(f"journalctl --after-cursor='{cursor}' -u home-assistant.service")
|
||||
assert exit == 0
|
||||
return out
|
||||
|
||||
|
||||
def get_unit_property(property) -> str:
|
||||
exit, out = hass.execute(f"systemctl show --property={property} home-assistant.service")
|
||||
assert exit == 0
|
||||
return out
|
||||
|
||||
|
||||
def wait_for_homeassistant(cursor):
|
||||
hass.wait_until_succeeds(f"journalctl --after-cursor='{cursor}' -u home-assistant.service | grep -q 'Home Assistant initialized in'")
|
||||
|
||||
|
||||
hass.wait_for_unit("home-assistant.service")
|
||||
cursor = get_journal_cursor(hass)
|
||||
cursor = get_journal_cursor()
|
||||
|
||||
with subtest("Check that YAML configuration file is in place"):
|
||||
hass.succeed("test -L ${configDir}/configuration.yaml")
|
||||
|
@ -148,19 +151,22 @@ in {
|
|||
with subtest("Check the lovelace config is copied because lovelaceConfigWritable = true"):
|
||||
hass.succeed("test -f ${configDir}/ui-lovelace.yaml")
|
||||
|
||||
with subtest("Check extraComponents and extraPackages are considered from the package"):
|
||||
hass.succeed(f"grep -q 'colorama' {package}/extra_packages")
|
||||
hass.succeed(f"grep -q 'zha' {package}/extra_components")
|
||||
|
||||
with subtest("Check extraComponents and extraPackages are considered from the module"):
|
||||
hass.succeed(f"grep -q 'psycopg2' {package}/extra_packages")
|
||||
hass.succeed(f"grep -q 'wake_on_lan' {package}/extra_components")
|
||||
|
||||
with subtest("Check that Home Assistant's web interface and API can be reached"):
|
||||
wait_for_homeassistant(hass, cursor)
|
||||
wait_for_homeassistant(cursor)
|
||||
hass.wait_for_open_port(8123)
|
||||
hass.succeed("curl --fail http://localhost:8123/lovelace")
|
||||
|
||||
with subtest("Check that optional dependencies are in the PYTHONPATH"):
|
||||
env = get_unit_property("Environment")
|
||||
python_path = env.split("PYTHONPATH=")[1].split()[0]
|
||||
for package in ["colorama", "paho-mqtt", "psycopg2"]:
|
||||
assert package in python_path, f"{package} not in PYTHONPATH"
|
||||
|
||||
with subtest("Check that declaratively configured components get setup"):
|
||||
journal = get_journal_since(cursor)
|
||||
for domain in ["emulated_hue", "wake_on_lan"]:
|
||||
assert f"Setup of domain {domain} took" in journal, f"{domain} setup missing"
|
||||
|
||||
with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):
|
||||
hass.wait_for_open_port(80)
|
||||
hass.succeed("curl --fail http://localhost:80/description.xml")
|
||||
|
@ -169,25 +175,28 @@ in {
|
|||
hass.succeed("systemctl show -p DeviceAllow home-assistant.service | grep -q char-ttyUSB")
|
||||
|
||||
with subtest("Check service reloads when configuration changes"):
|
||||
# store the old pid of the process
|
||||
pid = hass.succeed("systemctl show --property=MainPID home-assistant.service")
|
||||
cursor = get_journal_cursor(hass)
|
||||
cursor = get_journal_cursor()
|
||||
hass.succeed("${system}/specialisation/differentName/bin/switch-to-configuration test")
|
||||
new_pid = hass.succeed("systemctl show --property=MainPID home-assistant.service")
|
||||
assert pid == new_pid, "The PID of the process should not change between process reloads"
|
||||
wait_for_homeassistant(hass, cursor)
|
||||
wait_for_homeassistant(cursor)
|
||||
|
||||
with subtest("check service restarts when package changes"):
|
||||
with subtest("Check service restarts when dependencies change"):
|
||||
pid = new_pid
|
||||
cursor = get_journal_cursor(hass)
|
||||
cursor = get_journal_cursor()
|
||||
hass.succeed("${system}/specialisation/newFeature/bin/switch-to-configuration test")
|
||||
new_pid = hass.succeed("systemctl show --property=MainPID home-assistant.service")
|
||||
assert pid != new_pid, "The PID of the process shoudl change when the HA binary changes"
|
||||
wait_for_homeassistant(hass, cursor)
|
||||
assert pid != new_pid, "The PID of the process should change when its PYTHONPATH changess"
|
||||
wait_for_homeassistant(cursor)
|
||||
|
||||
with subtest("Check that new components get setup after restart"):
|
||||
journal = get_journal_since(cursor)
|
||||
for domain in ["esphome"]:
|
||||
assert f"Setup of domain {domain} took" in journal, f"{domain} setup missing"
|
||||
|
||||
with subtest("Check that no errors were logged"):
|
||||
output_log = hass.succeed("cat ${configDir}/home-assistant.log")
|
||||
assert "ERROR" not in output_log
|
||||
hass.fail("journalctl -u home-assistant -o cat | grep -q ERROR")
|
||||
|
||||
with subtest("Check systemd unit hardening"):
|
||||
hass.log(hass.succeed("systemctl cat home-assistant.service"))
|
||||
|
|
|
@ -77,6 +77,9 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
|
|||
machine.succeed("k3s kubectl wait --for 'condition=Ready' pod/test")
|
||||
machine.succeed("k3s kubectl delete -f ${testPodYaml}")
|
||||
|
||||
# regression test for #176445
|
||||
machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'")
|
||||
|
||||
machine.shutdown()
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -4,6 +4,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
|
|||
name = "keepassxc";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ turion ];
|
||||
timeout = 1800;
|
||||
};
|
||||
|
||||
nodes.machine = { ... }:
|
||||
|
@ -55,9 +56,12 @@ import ./make-test-python.nix ({ pkgs, ...} :
|
|||
machine.sleep(5)
|
||||
# Regression #163482: keepassxc did not crash
|
||||
machine.succeed("ps -e | grep keepassxc")
|
||||
machine.wait_for_text("foo.kdbx")
|
||||
machine.wait_for_text("Open database")
|
||||
machine.send_key("ret")
|
||||
machine.sleep(1)
|
||||
|
||||
# Wait for the enter password screen to appear.
|
||||
machine.wait_for_text("/home/alice/foo.kdbx")
|
||||
|
||||
# Click on "Browse" button to select keyfile
|
||||
machine.send_key("tab")
|
||||
machine.send_chars("/home/alice/foo.keyfile")
|
||||
|
|
69
third_party/nixpkgs/nixos/tests/luks.nix
vendored
Normal file
69
third_party/nixpkgs/nixos/tests/luks.nix
vendored
Normal file
|
@ -0,0 +1,69 @@
|
|||
import ./make-test-python.nix ({ lib, pkgs, ... }: {
|
||||
name = "luks";
|
||||
|
||||
nodes.machine = { pkgs, ... }: {
|
||||
# Use systemd-boot
|
||||
virtualisation = {
|
||||
emptyDiskImages = [ 512 512 ];
|
||||
useBootLoader = true;
|
||||
useEFIBoot = true;
|
||||
};
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
boot.kernelParams = lib.mkOverride 5 [ "console=tty1" ];
|
||||
|
||||
environment.systemPackages = with pkgs; [ cryptsetup ];
|
||||
|
||||
specialisation = rec {
|
||||
boot-luks.configuration = {
|
||||
boot.initrd.luks.devices = lib.mkVMOverride {
|
||||
# We have two disks and only type one password - key reuse is in place
|
||||
cryptroot.device = "/dev/vdc";
|
||||
cryptroot2.device = "/dev/vdd";
|
||||
};
|
||||
virtualisation.bootDevice = "/dev/mapper/cryptroot";
|
||||
};
|
||||
boot-luks-custom-keymap.configuration = lib.mkMerge [
|
||||
boot-luks.configuration
|
||||
{
|
||||
console.keyMap = "neo";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
enableOCR = true;
|
||||
|
||||
testScript = ''
|
||||
# Create encrypted volume
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
|
||||
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdd -")
|
||||
|
||||
# Boot from the encrypted disk
|
||||
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")
|
||||
machine.succeed("sync")
|
||||
machine.crash()
|
||||
|
||||
# Boot and decrypt the disk
|
||||
machine.start()
|
||||
machine.wait_for_text("Passphrase for")
|
||||
machine.send_chars("supersecret\n")
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
|
||||
|
||||
# Boot from the encrypted disk with custom keymap
|
||||
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-custom-keymap.conf")
|
||||
machine.succeed("sync")
|
||||
machine.crash()
|
||||
|
||||
# Boot and decrypt the disk
|
||||
machine.start()
|
||||
machine.wait_for_text("Passphrase for")
|
||||
machine.send_chars("havfkhfrkfl\n")
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
|
||||
'';
|
||||
})
|
2
third_party/nixpkgs/nixos/tests/maddy.nix
vendored
2
third_party/nixpkgs/nixos/tests/maddy.nix
vendored
|
@ -9,6 +9,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
hostname = "server";
|
||||
primaryDomain = "server";
|
||||
openFirewall = true;
|
||||
ensureAccounts = [ "postmaster@server" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -50,7 +51,6 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
server.wait_for_open_port(587)
|
||||
|
||||
server.succeed("maddyctl creds create --password test postmaster@server")
|
||||
server.succeed("maddyctl imap-acct create postmaster@server")
|
||||
|
||||
client.succeed("send-testmail")
|
||||
client.succeed("test-imap")
|
||||
|
|
6
third_party/nixpkgs/nixos/tests/miriway.nix
vendored
6
third_party/nixpkgs/nixos/tests/miriway.nix
vendored
|
@ -3,7 +3,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
|||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ OPNA2608 ];
|
||||
# FIXME On ARM Miriway inside the VM doesn't receive keyboard inputs, why?
|
||||
# Natively running Mir has problems with capturing the first registered libinput device.
|
||||
# In our VM runners on ARM and on some hardware configs (my RPi4, distro-independent), this misses the keyboard.
|
||||
# It can be worked around by dis- and reconnecting the affected hardware, but we can't do this in these tests.
|
||||
# https://github.com/MirServer/mir/issues/2837
|
||||
broken = pkgs.stdenv.hostPlatform.isAarch;
|
||||
};
|
||||
|
||||
|
@ -30,6 +33,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
|||
enable = true;
|
||||
config = ''
|
||||
add-wayland-extensions=all
|
||||
enable-x11=
|
||||
|
||||
ctrl-alt=t:foot --maximized
|
||||
ctrl-alt=a:env WINIT_UNIX_BACKEND=x11 WAYLAND_DISPLAY=invalid alacritty --option window.startup_mode=maximized
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "pass-secret-service";
|
||||
meta.maintainers = with lib; [ aidalgol ];
|
||||
meta.maintainers = [ lib.maintainers.aidalgol ];
|
||||
|
||||
nodes.machine = { nodes, pkgs, ... }:
|
||||
{
|
||||
|
|
105
third_party/nixpkgs/nixos/tests/podman/default.nix
vendored
105
third_party/nixpkgs/nixos/tests/podman/default.nix
vendored
|
@ -6,7 +6,10 @@ import ../make-test-python.nix (
|
|||
};
|
||||
|
||||
nodes = {
|
||||
podman = { pkgs, ... }: {
|
||||
rootful = { pkgs, ... }: {
|
||||
virtualisation.podman.enable = true;
|
||||
};
|
||||
rootless = { pkgs, ... }: {
|
||||
virtualisation.podman.enable = true;
|
||||
|
||||
users.users.alice = {
|
||||
|
@ -49,99 +52,107 @@ import ../make-test-python.nix (
|
|||
return f"su {user} -l -c {cmd}"
|
||||
|
||||
|
||||
podman.wait_for_unit("sockets.target")
|
||||
rootful.wait_for_unit("sockets.target")
|
||||
rootless.wait_for_unit("sockets.target")
|
||||
dns.wait_for_unit("sockets.target")
|
||||
docker.wait_for_unit("sockets.target")
|
||||
start_all()
|
||||
|
||||
with subtest("Run container as root with runc"):
|
||||
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
|
||||
podman.succeed(
|
||||
rootful.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
|
||||
rootful.succeed(
|
||||
"podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
|
||||
)
|
||||
podman.succeed("podman ps | grep sleeping")
|
||||
podman.succeed("podman stop sleeping")
|
||||
podman.succeed("podman rm sleeping")
|
||||
rootful.succeed("podman ps | grep sleeping")
|
||||
rootful.succeed("podman stop sleeping")
|
||||
rootful.succeed("podman rm sleeping")
|
||||
|
||||
with subtest("Run container as root with crun"):
|
||||
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
|
||||
podman.succeed(
|
||||
rootful.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
|
||||
rootful.succeed(
|
||||
"podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
|
||||
)
|
||||
podman.succeed("podman ps | grep sleeping")
|
||||
podman.succeed("podman stop sleeping")
|
||||
podman.succeed("podman rm sleeping")
|
||||
rootful.succeed("podman ps | grep sleeping")
|
||||
rootful.succeed("podman stop sleeping")
|
||||
rootful.succeed("podman rm sleeping")
|
||||
|
||||
with subtest("Run container as root with the default backend"):
|
||||
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
|
||||
podman.succeed(
|
||||
rootful.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
|
||||
rootful.succeed(
|
||||
"podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
|
||||
)
|
||||
podman.succeed("podman ps | grep sleeping")
|
||||
podman.succeed("podman stop sleeping")
|
||||
podman.succeed("podman rm sleeping")
|
||||
rootful.succeed("podman ps | grep sleeping")
|
||||
rootful.succeed("podman stop sleeping")
|
||||
rootful.succeed("podman rm sleeping")
|
||||
|
||||
# start systemd session for rootless
|
||||
podman.succeed("loginctl enable-linger alice")
|
||||
podman.succeed(su_cmd("whoami"))
|
||||
podman.sleep(1)
|
||||
rootless.succeed("loginctl enable-linger alice")
|
||||
rootless.succeed(su_cmd("whoami"))
|
||||
rootless.sleep(1)
|
||||
|
||||
with subtest("Run container rootless with runc"):
|
||||
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
|
||||
podman.succeed(
|
||||
rootless.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
|
||||
rootless.succeed(
|
||||
su_cmd(
|
||||
"podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
|
||||
)
|
||||
)
|
||||
podman.succeed(su_cmd("podman ps | grep sleeping"))
|
||||
podman.succeed(su_cmd("podman stop sleeping"))
|
||||
podman.succeed(su_cmd("podman rm sleeping"))
|
||||
rootless.succeed(su_cmd("podman ps | grep sleeping"))
|
||||
rootless.succeed(su_cmd("podman stop sleeping"))
|
||||
rootless.succeed(su_cmd("podman rm sleeping"))
|
||||
|
||||
with subtest("Run container rootless with crun"):
|
||||
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
|
||||
podman.succeed(
|
||||
rootless.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
|
||||
rootless.succeed(
|
||||
su_cmd(
|
||||
"podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
|
||||
)
|
||||
)
|
||||
podman.succeed(su_cmd("podman ps | grep sleeping"))
|
||||
podman.succeed(su_cmd("podman stop sleeping"))
|
||||
podman.succeed(su_cmd("podman rm sleeping"))
|
||||
rootless.succeed(su_cmd("podman ps | grep sleeping"))
|
||||
rootless.succeed(su_cmd("podman stop sleeping"))
|
||||
rootless.succeed(su_cmd("podman rm sleeping"))
|
||||
|
||||
with subtest("Run container rootless with the default backend"):
|
||||
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
|
||||
podman.succeed(
|
||||
rootless.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
|
||||
rootless.succeed(
|
||||
su_cmd(
|
||||
"podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
|
||||
)
|
||||
)
|
||||
podman.succeed(su_cmd("podman ps | grep sleeping"))
|
||||
podman.succeed(su_cmd("podman stop sleeping"))
|
||||
podman.succeed(su_cmd("podman rm sleeping"))
|
||||
rootless.succeed(su_cmd("podman ps | grep sleeping"))
|
||||
rootless.succeed(su_cmd("podman stop sleeping"))
|
||||
rootless.succeed(su_cmd("podman rm sleeping"))
|
||||
|
||||
with subtest("rootlessport"):
|
||||
rootless.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
|
||||
rootless.succeed(
|
||||
su_cmd(
|
||||
"podman run -d -p 9000:8888 --name=rootlessport -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${pkgs.writeTextDir "index.html" "<h1>Testing</h1>"} scratchimg ${pkgs.python3}/bin/python -m http.server 8888"
|
||||
)
|
||||
)
|
||||
rootless.succeed(su_cmd("podman ps | grep rootlessport"))
|
||||
rootless.wait_until_succeeds(su_cmd("${pkgs.curl}/bin/curl localhost:9000 | grep Testing"))
|
||||
rootless.succeed(su_cmd("podman stop rootlessport"))
|
||||
rootless.succeed(su_cmd("podman rm rootlessport"))
|
||||
|
||||
with subtest("Run container with init"):
|
||||
podman.succeed(
|
||||
rootful.succeed(
|
||||
"tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - busybox"
|
||||
)
|
||||
pid = podman.succeed("podman run --rm busybox readlink /proc/self").strip()
|
||||
pid = rootful.succeed("podman run --rm busybox readlink /proc/self").strip()
|
||||
assert pid == "1"
|
||||
pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
|
||||
pid = rootful.succeed("podman run --rm --init busybox readlink /proc/self").strip()
|
||||
assert pid == "2"
|
||||
|
||||
with subtest("aardvark-dns"):
|
||||
dns.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
|
||||
dns.succeed(
|
||||
"podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${pkgs.writeTextDir "index.html" "<h1>Hi</h1>"} scratchimg ${pkgs.python3}/bin/python -m http.server 8000"
|
||||
"podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${pkgs.writeTextDir "index.html" "<h1>Testing</h1>"} scratchimg ${pkgs.python3}/bin/python -m http.server 8000"
|
||||
)
|
||||
dns.succeed("podman ps | grep webserver")
|
||||
dns.succeed("""
|
||||
for i in `seq 0 120`; do
|
||||
podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${pkgs.curl}/bin/curl http://webserver:8000 >/dev/console \
|
||||
&& exit 0
|
||||
sleep 0.5
|
||||
done
|
||||
exit 1
|
||||
""")
|
||||
dns.wait_until_succeeds(
|
||||
"podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${pkgs.curl}/bin/curl http://webserver:8000 | grep Testing"
|
||||
)
|
||||
dns.succeed("podman stop webserver")
|
||||
dns.succeed("podman rm webserver")
|
||||
|
||||
|
|
8
third_party/nixpkgs/nixos/tests/quake3.nix
vendored
8
third_party/nixpkgs/nixos/tests/quake3.nix
vendored
|
@ -1,4 +1,4 @@
|
|||
import ./make-test-python.nix ({ pkgs, ...} :
|
||||
import ./make-test-python.nix ({ pkgs, lib, ...} :
|
||||
|
||||
let
|
||||
|
||||
|
@ -11,9 +11,9 @@ let
|
|||
};
|
||||
|
||||
# Only allow the demo data to be used (only if it's unfreeRedistributable).
|
||||
unfreePredicate = pkg: with pkgs.lib; let
|
||||
unfreePredicate = pkg: with lib; let
|
||||
allowPackageNames = [ "quake3-demodata" "quake3-pointrelease" ];
|
||||
allowLicenses = [ pkgs.lib.licenses.unfreeRedistributable ];
|
||||
allowLicenses = [ lib.licenses.unfreeRedistributable ];
|
||||
in elem pkg.pname allowPackageNames &&
|
||||
elem (pkg.meta.license or null) allowLicenses;
|
||||
|
||||
|
@ -31,7 +31,7 @@ in
|
|||
|
||||
rec {
|
||||
name = "quake3";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
meta = with lib.maintainers; {
|
||||
maintainers = [ domenkozar eelco ];
|
||||
};
|
||||
|
||||
|
|
124
third_party/nixpkgs/nixos/tests/systemd-credentials-tpm2.nix
vendored
Normal file
124
third_party/nixpkgs/nixos/tests/systemd-credentials-tpm2.nix
vendored
Normal file
|
@ -0,0 +1,124 @@
|
|||
import ./make-test-python.nix ({ lib, pkgs, system, ... }:
|
||||
|
||||
let
|
||||
tpmSocketPath = "/tmp/swtpm-sock";
|
||||
tpmDeviceModels = {
|
||||
x86_64-linux = "tpm-tis";
|
||||
aarch64-linux = "tpm-tis-device";
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
name = "systemd-credentials-tpm2";
|
||||
|
||||
meta = {
|
||||
maintainers = with pkgs.lib.maintainers; [ tmarkus ];
|
||||
};
|
||||
|
||||
nodes.machine = { pkgs, ... }: {
|
||||
virtualisation = {
|
||||
qemu.options = [
|
||||
"-chardev socket,id=chrtpm,path=${tpmSocketPath}"
|
||||
"-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm"
|
||||
"-device ${tpmDeviceModels.${system}},tpmdev=tpm_dev_0"
|
||||
];
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [ "tpm_tis" ];
|
||||
|
||||
environment.systemPackages = with pkgs; [ diffutils ];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
import subprocess
|
||||
from tempfile import TemporaryDirectory
|
||||
|
||||
# From systemd-initrd-luks-tpm2.nix
|
||||
class Tpm:
|
||||
def __init__(self):
|
||||
self.state_dir = TemporaryDirectory()
|
||||
self.start()
|
||||
|
||||
def start(self):
|
||||
self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm",
|
||||
"socket",
|
||||
"--tpmstate", f"dir={self.state_dir.name}",
|
||||
"--ctrl", "type=unixio,path=${tpmSocketPath}",
|
||||
"--tpm2",
|
||||
])
|
||||
|
||||
# Check whether starting swtpm failed
|
||||
try:
|
||||
exit_code = self.proc.wait(timeout=0.2)
|
||||
if exit_code is not None and exit_code != 0:
|
||||
raise Exception("failed to start swtpm")
|
||||
except subprocess.TimeoutExpired:
|
||||
pass
|
||||
|
||||
"""Check whether the swtpm process exited due to an error"""
|
||||
def check(self):
|
||||
exit_code = self.proc.poll()
|
||||
if exit_code is not None and exit_code != 0:
|
||||
raise Exception("swtpm process died")
|
||||
|
||||
CRED_NAME = "testkey"
|
||||
CRED_RAW_FILE = f"/root/{CRED_NAME}"
|
||||
CRED_FILE = f"/root/{CRED_NAME}.cred"
|
||||
|
||||
def systemd_run(machine, cmd):
|
||||
machine.log(f"Executing command (via systemd-run): \"{cmd}\"")
|
||||
|
||||
(status, out) = machine.execute( " ".join([
|
||||
"systemd-run",
|
||||
"--service-type=exec",
|
||||
"--quiet",
|
||||
"--wait",
|
||||
"-E PATH=\"$PATH\"",
|
||||
"-p StandardOutput=journal",
|
||||
"-p StandardError=journal",
|
||||
f"-p LoadCredentialEncrypted={CRED_NAME}:{CRED_FILE}",
|
||||
f"$SHELL -c '{cmd}'"
|
||||
]) )
|
||||
|
||||
if status != 0:
|
||||
raise Exception(f"systemd_run failed (status {status})")
|
||||
|
||||
machine.log("systemd-run finished successfully")
|
||||
|
||||
tpm = Tpm()
|
||||
|
||||
@polling_condition
|
||||
def swtpm_running():
|
||||
tpm.check()
|
||||
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
with subtest("Check whether TPM device exists"):
|
||||
machine.succeed("test -e /dev/tpm0")
|
||||
machine.succeed("test -e /dev/tpmrm0")
|
||||
|
||||
with subtest("Check whether systemd-creds detects TPM2 correctly"):
|
||||
cmd = "systemd-creds has-tpm2"
|
||||
machine.log(f"Running \"{cmd}\"")
|
||||
(status, _) = machine.execute(cmd)
|
||||
|
||||
# Check exit code equals 0 or 1 (1 means firmware support is missing, which is OK here)
|
||||
if status != 0 and status != 1:
|
||||
raise Exception("systemd-creds failed to detect TPM2")
|
||||
|
||||
with subtest("Encrypt credential using systemd-creds"):
|
||||
machine.succeed(f"dd if=/dev/urandom of={CRED_RAW_FILE} bs=1k count=16")
|
||||
machine.succeed(f"systemd-creds --with-key=host+tpm2 encrypt --name=testkey {CRED_RAW_FILE} {CRED_FILE}")
|
||||
|
||||
with subtest("Write provided credential and check for equality"):
|
||||
CRED_OUT_FILE = f"/root/{CRED_NAME}.out"
|
||||
systemd_run(machine, f"systemd-creds cat testkey > {CRED_OUT_FILE}")
|
||||
machine.succeed(f"cmp --silent -- {CRED_RAW_FILE} {CRED_OUT_FILE}")
|
||||
|
||||
with subtest("Check whether systemd service can see credential in systemd-creds list"):
|
||||
systemd_run(machine, f"systemd-creds list | grep {CRED_NAME}")
|
||||
|
||||
with subtest("Check whether systemd service can access credential in $CREDENTIALS_DIRECTORY"):
|
||||
systemd_run(machine, f"cmp --silent -- $CREDENTIALS_DIRECTORY/{CRED_NAME} {CRED_RAW_FILE}")
|
||||
'';
|
||||
})
|
33
third_party/nixpkgs/nixos/tests/systemd-initrd-vconsole.nix
vendored
Normal file
33
third_party/nixpkgs/nixos/tests/systemd-initrd-vconsole.nix
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
import ./make-test-python.nix ({ lib, pkgs, ... }: {
|
||||
name = "systemd-initrd-vconsole";
|
||||
|
||||
nodes.machine = { pkgs, ... }: {
|
||||
boot.kernelParams = [ "rd.systemd.unit=rescue.target" ];
|
||||
|
||||
boot.initrd.systemd = {
|
||||
enable = true;
|
||||
emergencyAccess = true;
|
||||
};
|
||||
|
||||
console = {
|
||||
earlySetup = true;
|
||||
keyMap = "colemak";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
# Boot into rescue shell in initrd
|
||||
machine.start()
|
||||
machine.wait_for_console_text("Press Enter for maintenance")
|
||||
machine.send_console("\n")
|
||||
machine.wait_for_console_text("Logging in with home")
|
||||
|
||||
# Check keymap
|
||||
machine.send_console("(printf '%s to receive text: \\n' Ready && read text && echo \"$text\") </dev/tty1\n")
|
||||
machine.wait_for_console_text("Ready to receive text:")
|
||||
for key in "asdfjkl;\n":
|
||||
machine.send_key(key)
|
||||
machine.wait_for_console_text("arstneio")
|
||||
machine.send_console("systemctl poweroff\n")
|
||||
'';
|
||||
})
|
|
@ -52,9 +52,6 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
boot.initrd.systemd.enable = true;
|
||||
boot.initrd.systemd.repart.enable = true;
|
||||
|
||||
# systemd-repart operates on disks with a partition table. The qemu module,
|
||||
# however, creates separate filesystem images without a partition table, so
|
||||
# we have to create a disk image manually.
|
||||
|
@ -88,7 +85,10 @@ in
|
|||
nodes.machine = { config, pkgs, ... }: {
|
||||
imports = [ common ];
|
||||
|
||||
boot.initrd.systemd.repart.partitions = {
|
||||
boot.initrd.systemd.enable = true;
|
||||
|
||||
boot.initrd.systemd.repart.enable = true;
|
||||
systemd.repart.partitions = {
|
||||
"10-root" = {
|
||||
Type = "linux-generic";
|
||||
};
|
||||
|
@ -105,4 +105,30 @@ in
|
|||
assert "Growing existing partition 1." in systemd_repart_logs
|
||||
'';
|
||||
};
|
||||
|
||||
after-initrd = makeTest {
|
||||
name = "systemd-repart-after-initrd";
|
||||
meta.maintainers = with maintainers; [ nikstur ];
|
||||
|
||||
nodes.machine = { config, pkgs, ... }: {
|
||||
imports = [ common ];
|
||||
|
||||
systemd.repart.enable = true;
|
||||
systemd.repart.partitions = {
|
||||
"10-root" = {
|
||||
Type = "linux-generic";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
${useDiskImage nodes.machine}
|
||||
|
||||
machine.start()
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
systemd_repart_logs = machine.succeed("journalctl --unit systemd-repart.service")
|
||||
assert "Growing existing partition 1." in systemd_repart_logs
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -19,20 +19,20 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "amberol";
|
||||
version = "0.9.2";
|
||||
version = "unstable-2023-01-12";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
owner = "World";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-L8yHKwtCAZC1myIouL0Oq3lj0QPWn5dVe0g3nkyAKI8=";
|
||||
rev = "0623386c813d0d68564002324958cef7217cec7f";
|
||||
hash = "sha256-nVL4ydTg4ncDCA9J9qWv+RPDC0Txr/qpo5XxIUiV0zQ=";
|
||||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "${pname}-${version}";
|
||||
hash = "sha256-0XuWBUG37GNHRXgjz0/Vv6VSqaPG36xTj7oN0ukFIJY=";
|
||||
hash = "sha256-E0ivUWD3jP/T1GOJ11grDwcF+m92I+W2a2HhZX1bCso=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
meta = with lib; {
|
||||
description = "Realtime modular synthesizer for ALSA";
|
||||
homepage = "http://alsamodular.sourceforge.net";
|
||||
homepage = "https://alsamodular.sourceforge.net";
|
||||
license = licenses.gpl2;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ sjfloat ];
|
||||
|
|
|
@ -11,13 +11,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ashuffle";
|
||||
version = "3.13.4";
|
||||
version = "3.13.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "joshkunz";
|
||||
repo = "ashuffle";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-J6NN0Rsc9Zw9gagksDlwpwEErs+4XmrGF9YHKlAE1FA=";
|
||||
sha256 = "sha256-8XjLs4MI5MXvA6veCoTAj8tlYDe7YTggutO3F9eNyMM=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
meta = with lib; {
|
||||
description = "A range of synthesiser, electric piano and organ emulations";
|
||||
homepage = "http://bristol.sourceforge.net";
|
||||
homepage = "https://bristol.sourceforge.net";
|
||||
license = licenses.gpl3;
|
||||
platforms = ["x86_64-linux" "i686-linux"];
|
||||
maintainers = [ maintainers.goibhniu ];
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue