Project import generated by Copybara.

GitOrigin-RevId: 33d1e753c82ffc557b4a585c77de43d4c922ebb5
This commit is contained in:
Default email 2024-05-15 17:35:15 +02:00
parent a3d12aeef9
commit 5c370c0b2a
7595 changed files with 198761 additions and 236152 deletions

View file

@ -105,3 +105,12 @@ fb0e5be84331188a69b3edd31679ca6576edb75a
# {pkgs/development/cuda-modules,pkgs/test/cuda,pkgs/top-level/cuda-packages.nix}: reformat all CUDA files with nixfmt-rfc-style 2023-03-01 # {pkgs/development/cuda-modules,pkgs/test/cuda,pkgs/top-level/cuda-packages.nix}: reformat all CUDA files with nixfmt-rfc-style 2023-03-01
802a1b4d3338f24cbc4efd704616654456d75a94 802a1b4d3338f24cbc4efd704616654456d75a94
# postgresql: move packages.nix to ext/default.nix
719034f6f6749d624faa28dff259309fc0e3e730
# pkgs/os-specific/bsd: Reformat with nixfmt-rfc-style 2024-03-01
3fe3b055adfc020e6a923c466b6bcd978a13069a
# k3s: format with nixfmt-rfc-style
6cfcd3c75428ede517bc6b15a353d704837a2830

View file

@ -13,7 +13,6 @@
# GitHub actions # GitHub actions
/.github/workflows @NixOS/Security @Mic92 @zowoq /.github/workflows @NixOS/Security @Mic92 @zowoq
/.github/workflows/merge-staging @FRidh
# EditorConfig # EditorConfig
/.editorconfig @Mic92 @zowoq /.editorconfig @Mic92 @zowoq
@ -42,7 +41,7 @@
/pkgs/top-level/splice.nix @Ericson2314 /pkgs/top-level/splice.nix @Ericson2314
/pkgs/top-level/release-cross.nix @Ericson2314 /pkgs/top-level/release-cross.nix @Ericson2314
/pkgs/stdenv/generic @Ericson2314 /pkgs/stdenv/generic @Ericson2314
/pkgs/stdenv/generic/check-meta.nix @Ericson2314 @piegamesde /pkgs/stdenv/generic/check-meta.nix @Ericson2314
/pkgs/stdenv/cross @Ericson2314 /pkgs/stdenv/cross @Ericson2314
/pkgs/build-support/cc-wrapper @Ericson2314 /pkgs/build-support/cc-wrapper @Ericson2314
/pkgs/build-support/bintools-wrapper @Ericson2314 /pkgs/build-support/bintools-wrapper @Ericson2314
@ -125,10 +124,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius @ma27
/pkgs/common-updater/scripts/update-source-version @jtojnar /pkgs/common-updater/scripts/update-source-version @jtojnar
# Python-related code and docs # Python-related code and docs
/maintainers/scripts/update-python-libraries @FRidh /doc/languages-frameworks/python.section.md @mweinelt
/pkgs/development/interpreters/python @FRidh /pkgs/development/interpreters/python/hooks @jonringer
/doc/languages-frameworks/python.section.md @FRidh @mweinelt
/pkgs/development/interpreters/python/hooks @FRidh @jonringer
# Haskell # Haskell
/doc/languages-frameworks/haskell.section.md @sternenseemann @maralorn @ncfavier /doc/languages-frameworks/haskell.section.md @sternenseemann @maralorn @ncfavier
@ -140,18 +137,14 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius @ma27
/pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn @ncfavier /pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn @ncfavier
# Perl # Perl
/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ /pkgs/development/interpreters/perl @stigtsp @zakame @dasJ @marcusramberg
/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ /pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ @marcusramberg
/pkgs/development/perl-modules @stigtsp @zakame @dasJ /pkgs/development/perl-modules @stigtsp @zakame @dasJ @marcusramberg
# R # R
/pkgs/applications/science/math/R @jbedo /pkgs/applications/science/math/R @jbedo
/pkgs/development/r-modules @jbedo /pkgs/development/r-modules @jbedo
# Ruby
/pkgs/development/interpreters/ruby @marsam
/pkgs/development/ruby-modules @marsam
# Rust # Rust
/pkgs/development/compilers/rust @Mic92 @zowoq @winterqt @figsoda /pkgs/development/compilers/rust @Mic92 @zowoq @winterqt @figsoda
/pkgs/build-support/rust @zowoq @winterqt @figsoda /pkgs/build-support/rust @zowoq @winterqt @figsoda
@ -198,7 +191,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/maintainers/scripts/kde @K900 @NickCao @SuperSandro2000 @ttuegel /maintainers/scripts/kde @K900 @NickCao @SuperSandro2000 @ttuegel
# PostgreSQL and related stuff # PostgreSQL and related stuff
/pkgs/servers/sql/postgresql @thoughtpolice @marsam /pkgs/servers/sql/postgresql @thoughtpolice
/nixos/modules/services/databases/postgresql.xml @thoughtpolice /nixos/modules/services/databases/postgresql.xml @thoughtpolice
/nixos/modules/services/databases/postgresql.nix @thoughtpolice /nixos/modules/services/databases/postgresql.nix @thoughtpolice
/nixos/tests/postgresql.nix @thoughtpolice /nixos/tests/postgresql.nix @thoughtpolice
@ -312,13 +305,6 @@ nixos/modules/services/networking/networkmanager.nix @Janik-Haag
# terraform providers # terraform providers
/pkgs/applications/networking/cluster/terraform-providers @zowoq /pkgs/applications/networking/cluster/terraform-providers @zowoq
# Matrix
/pkgs/servers/heisenbridge @piegamesde
/pkgs/servers/matrix-conduit @piegamesde
/nixos/modules/services/misc/heisenbridge.nix @piegamesde
/nixos/modules/services/misc/matrix-conduit.nix @piegamesde
/nixos/tests/matrix-conduit.nix @piegamesde
# Forgejo # Forgejo
nixos/modules/services/misc/forgejo.nix @bendlas @emilylange nixos/modules/services/misc/forgejo.nix @bendlas @emilylange
pkgs/applications/version-management/forgejo @bendlas @emilylange pkgs/applications/version-management/forgejo @bendlas @emilylange
@ -359,8 +345,11 @@ pkgs/development/tools/continuous-integration/buildbot @Mic92 @zowoq
# Pretix # Pretix
pkgs/by-name/pr/pretix/ @mweinelt pkgs/by-name/pr/pretix/ @mweinelt
pkgs/by-name/pr/pretalx/ @mweinelt
nixos/modules/services/web-apps/pretix.nix @mweinelt nixos/modules/services/web-apps/pretix.nix @mweinelt
nixos/modules/services/web-apps/pretalx.nix @mweinelt
nixos/tests/web-apps/pretix.nix @mweinelt nixos/tests/web-apps/pretix.nix @mweinelt
nixos/tests/web-apps/pretalx.nix @mweinelt
# incus/lxc/lxd # incus/lxc/lxd
nixos/maintainers/scripts/lxd/ @adamcstephens nixos/maintainers/scripts/lxd/ @adamcstephens

View file

@ -113,6 +113,14 @@
- pkgs/applications/editors/jupyter-kernels/**/* - pkgs/applications/editors/jupyter-kernels/**/*
- pkgs/applications/editors/jupyter/**/* - pkgs/applications/editors/jupyter/**/*
"6.topic: k3s":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/services/cluster/k3s/**/*
- nixos/tests/k3s/**/*
- pkgs/applications/networking/cluster/k3s/**/*
"6.topic: kernel": "6.topic: kernel":
- any: - any:
- changed-files: - changed-files:
@ -369,3 +377,8 @@
- changed-files: - changed-files:
- any-glob-to-any-file: - any-glob-to-any-file:
- nixos/modules/**/* - nixos/modules/**/*
"8.has: maintainer-list (update)":
- any:
- changed-files:
- any-glob-to-any-file:
- maintainers/maintainer-list.nix

View file

@ -20,7 +20,7 @@ jobs:
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: Create backport PRs - name: Create backport PRs

View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
with: with:

View file

@ -16,9 +16,14 @@ on:
# so it shouldn't be a problem # so it shouldn't be a problem
types: [opened, synchronize, reopened, edited] types: [opened, synchronize, reopened, edited]
permissions: permissions: {}
# We need this permission to cancel the workflow run if there's a merge conflict
actions: write # Create a check-by-name concurrency group based on the pull request number. if
# an event triggers a run on the same PR while a previous run is still in
# progress, the previous run will be canceled and the new one will start.
concurrency:
group: check-by-name-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs: jobs:
check: check:
@ -39,7 +44,7 @@ jobs:
# https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests # https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests
# Retry the API query this many times # Retry the API query this many times
retryCount=3 retryCount=5
# Start with 5 seconds, but double every retry # Start with 5 seconds, but double every retry
retryInterval=5 retryInterval=5
while true; do while true; do
@ -72,31 +77,27 @@ jobs:
if [[ "$mergeable" == "true" ]]; then if [[ "$mergeable" == "true" ]]; then
echo "The PR can be merged, checking the merge commit $mergedSha" echo "The PR can be merged, checking the merge commit $mergedSha"
else
echo "The PR cannot be merged, it has a merge conflict, cancelling the workflow.."
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/cancel
sleep 60
# If it's still not canceled after a minute, something probably went wrong, just exit
exit 1
fi
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 else
echo "The PR cannot be merged, it has a merge conflict, skipping the rest.."
fi
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
if: env.mergedSha
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: ${{ env.mergedSha }} ref: ${{ env.mergedSha }}
# Fetches the merge commit and its parents # Fetches the merge commit and its parents
fetch-depth: 2 fetch-depth: 2
- name: Checking out base branch - name: Checking out base branch
if: env.mergedSha
run: | run: |
base=$(mktemp -d) base=$(mktemp -d)
git worktree add "$base" "$(git rev-parse HEAD^1)" git worktree add "$base" "$(git rev-parse HEAD^1)"
echo "base=$base" >> "$GITHUB_ENV" echo "base=$base" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
if: env.mergedSha
- name: Fetching the pinned tool - name: Fetching the pinned tool
if: env.mergedSha
# Update the pinned version using pkgs/test/check-by-name/update-pinned-tool.sh # Update the pinned version using pkgs/test/check-by-name/update-pinned-tool.sh
run: | run: |
# The pinned version of the tooling to use # The pinned version of the tooling to use
@ -107,6 +108,11 @@ jobs:
# Adds a result symlink as a GC root # Adds a result symlink as a GC root
nix-store --realise "$toolPath" --add-root result nix-store --realise "$toolPath" --add-root result
- name: Running nixpkgs-check-by-name - name: Running nixpkgs-check-by-name
if: env.mergedSha
env:
# Force terminal colors to be enabled. The library that
# nixpkgs-check-by-name uses respects: https://bixense.com/clicolors/
CLICOLOR_FORCE: 1
run: | run: |
if result/bin/nixpkgs-check-by-name --base "$base" .; then if result/bin/nixpkgs-check-by-name --base "$base" .; then
exit 0 exit 0

View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS' if: github.repository_owner == 'NixOS'
steps: steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
fetch-depth: 0 fetch-depth: 0
filter: blob:none filter: blob:none

View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS' if: github.repository_owner == 'NixOS'
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge

View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS' if: github.repository_owner == 'NixOS'
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
@ -32,11 +32,20 @@ jobs:
# Each environment variable beginning with NIX_FMT_PATHS_ is a list of # Each environment variable beginning with NIX_FMT_PATHS_ is a list of
# paths to check with nixfmt. # paths to check with nixfmt.
env: env:
NIX_FMT_PATHS_BSD: pkgs/os-specific/bsd
NIX_FMT_PATHS_MPVSCRIPTS: pkgs/applications/video/mpv/scripts
# Format paths related to the Nixpkgs CUDA ecosystem. # Format paths related to the Nixpkgs CUDA ecosystem.
NIX_FMT_PATHS_CUDA: | NIX_FMT_PATHS_CUDA: |
pkgs/development/cuda-modules pkgs/development/cuda-modules
pkgs/test/cuda pkgs/test/cuda
pkgs/top-level/cuda-packages.nix pkgs/top-level/cuda-packages.nix
NIX_FMT_PATHS_K3S: |
nixos/modules/services/cluster/k3s
nixos/tests/k3s
pkgs/applications/networking/cluster/k3s
NIX_FMT_PATHS_VSCODE_EXTS: pkgs/applications/editors/vscode/extensions
NIX_FMT_PATHS_PHP_PACKAGES: pkgs/development/php-packages
NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php
# Iterate over all environment variables beginning with NIX_FMT_PATHS_. # Iterate over all environment variables beginning with NIX_FMT_PATHS_.
run: | run: |
for env_var in "${!NIX_FMT_PATHS_@}"; do for env_var in "${!NIX_FMT_PATHS_@}"; do

View file

@ -24,7 +24,7 @@ jobs:
- name: print list of changed files - name: print list of changed files
run: | run: |
cat "$HOME/changed_files" cat "$HOME/changed_files"
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge

View file

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS' if: github.repository_owner == 'NixOS'
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge

View file

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS' if: github.repository_owner == 'NixOS'
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge

View file

@ -24,7 +24,7 @@ jobs:
if [[ -s "$HOME/changed_files" ]]; then if [[ -s "$HOME/changed_files" ]]; then
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV" echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
fi fi
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with: with:
# pull_request_target checks out the base branch by default # pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge

View file

@ -41,7 +41,7 @@ jobs:
into: staging-23.11 into: staging-23.11
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0

View file

@ -39,7 +39,7 @@ jobs:
into: staging into: staging
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0

View file

@ -16,7 +16,7 @@ jobs:
if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
with: with:
nix_path: nixpkgs=channel:nixpkgs-unstable nix_path: nixpkgs=channel:nixpkgs-unstable
@ -46,7 +46,7 @@ jobs:
run: | run: |
git clean -f git clean -f
- name: create PR - name: create PR
uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2 uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4
with: with:
body: | body: |
Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action. Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action.

View file

@ -321,7 +321,7 @@ All the review template samples provided in this section are generic and meant a
To get more information about how to review specific parts of Nixpkgs, refer to the documents linked to in the [overview section][overview]. To get more information about how to review specific parts of Nixpkgs, refer to the documents linked to in the [overview section][overview].
If a pull request contains documentation changes that might require feedback from the documentation team, ping [@NixOS/documentation-reviewers](https://github.com/orgs/nixos/teams/documentation-reviewers) on the pull request. If a pull request contains documentation changes that might require feedback from the documentation team, ping [@NixOS/documentation-team](https://github.com/orgs/nixos/teams/documentation-team) on the pull request.
If you consider having enough knowledge and experience in a topic and would like to be a long-term reviewer for related submissions, please contact the current reviewers for that topic. They will give you information about the reviewing process. The main reviewers for a topic can be hard to find as there is no list, but checking past pull requests to see who reviewed or git-blaming the code to see who committed to that topic can give some hints. If you consider having enough knowledge and experience in a topic and would like to be a long-term reviewer for related submissions, please contact the current reviewers for that topic. They will give you information about the reviewing process. The main reviewers for a topic can be hard to find as there is no list, but checking past pull requests to see who reviewed or git-blaming the code to see who committed to that topic can give some hints.
@ -512,6 +512,7 @@ To get a sense for what changes are considered mass rebuilds, see [previously me
- Check for unnecessary whitespace with `git diff --check` before committing. - Check for unnecessary whitespace with `git diff --check` before committing.
- If you have commits `pkg-name: oh, forgot to insert whitespace`: squash commits in this case. Use `git rebase -i`. - If you have commits `pkg-name: oh, forgot to insert whitespace`: squash commits in this case. Use `git rebase -i`.
See [Squashing Commits](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History#_squashing) for additional information.
- For consistency, there should not be a period at the end of the commit message's summary line (the first line of the commit message). - For consistency, there should not be a period at the end of the commit message's summary line (the first line of the commit message).

View file

@ -62,7 +62,7 @@ Allow linking arbitrary place in the text (e.g. individual list items, sentences
They are defined using a hybrid of the link syntax with the attributes syntax known from headings, called [bracketed spans](https://github.com/jgm/commonmark-hs/blob/master/commonmark-extensions/test/bracketed_spans.md): They are defined using a hybrid of the link syntax with the attributes syntax known from headings, called [bracketed spans](https://github.com/jgm/commonmark-hs/blob/master/commonmark-extensions/test/bracketed_spans.md):
```markdown ```markdown
- []{#ssec-gnome-hooks-glib} `glib` setup hook will populate `GSETTINGS_SCHEMAS_PATH` and then `wrapGAppsHook` will prepend it to `XDG_DATA_DIRS`. - []{#ssec-gnome-hooks-glib} `glib` setup hook will populate `GSETTINGS_SCHEMAS_PATH` and then `wrapGApps*` hook will prepend it to `XDG_DATA_DIRS`.
``` ```
#### Automatic links #### Automatic links
@ -345,4 +345,4 @@ Typographic replacements are enabled. Check the [list of possible replacement pa
## Getting help ## Getting help
If you need documentation-specific help or reviews, ping [@NixOS/documentation-reviewers](https://github.com/orgs/nixos/teams/documentation-reviewers) on your pull request. If you need documentation-specific help or reviews, ping [@NixOS/documentation-team](https://github.com/orgs/nixos/teams/documentation-team) on your pull request.

View file

@ -6,7 +6,11 @@ It uses Linux' namespaces feature to create temporary lightweight environments w
Accepted arguments are: Accepted arguments are:
- `name` - `name`
The name of the environment and the wrapper executable. The name of the environment, and the wrapper executable if `pname` is unset.
- `pname`
The pname of the environment and the wrapper executable.
- `version`
The version of the environment.
- `targetPkgs` - `targetPkgs`
Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed. Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed.
- `multiPkgs` - `multiPkgs`
@ -53,4 +57,4 @@ You can create a simple environment using a `shell.nix` like this:
Running `nix-shell` on it would drop you into a shell inside an FHS env where those libraries and binaries are available in FHS-compliant paths. Applications that expect an FHS structure (i.e. proprietary binaries) can run inside this environment without modification. Running `nix-shell` on it would drop you into a shell inside an FHS env where those libraries and binaries are available in FHS-compliant paths. Applications that expect an FHS structure (i.e. proprietary binaries) can run inside this environment without modification.
You can build a wrapper by running your binary in `runScript`, e.g. `./bin/start.sh`. Relative paths work as expected. You can build a wrapper by running your binary in `runScript`, e.g. `./bin/start.sh`. Relative paths work as expected.
Additionally, the FHS builder links all relocated gsettings-schemas (the glib setup-hook moves them to `share/gsettings-schemas/${name}/glib-2.0/schemas`) to their standard FHS location. This means you don't need to wrap binaries with `wrapGAppsHook`. Additionally, the FHS builder links all relocated gsettings-schemas (the glib setup-hook moves them to `share/gsettings-schemas/${name}/glib-2.0/schemas`) to their standard FHS location. This means you don't need to wrap binaries with `wrapGApps*` hook.

View file

@ -111,7 +111,7 @@ in pkgs.stdenv.mkDerivation {
${lib-docs}/index.md \ ${lib-docs}/index.md \
> ./functions/library.md > ./functions/library.md
substitute ./manual.md.in ./manual.md \ substitute ./manual.md.in ./manual.md \
--replace '@MANUAL_VERSION@' '${pkgs.lib.version}' --replace-fail '@MANUAL_VERSION@' '${pkgs.lib.version}'
mkdir -p out/media mkdir -p out/media

View file

@ -9,14 +9,14 @@ In Nixpkgs, `zig.hook` overrides the default build, check and install phases.
```nix ```nix
{ lib { lib
, stdenv , stdenv
, zig_0_11 , zig
}: }:
stdenv.mkDerivation { stdenv.mkDerivation {
# . . . # . . .
nativeBuildInputs = [ nativeBuildInputs = [
zig_0_11.hook zig.hook
]; ];
zigBuildFlags = [ "-Dman-pages=true" ]; zigBuildFlags = [ "-Dman-pages=true" ];

View file

@ -148,4 +148,4 @@ All new projects should use the CUDA redistributables available in [`cudaPackage
| Find libraries | `configurePhase` | Missing dependency on a `dev` output | Add the missing dependency | The `dev` output typically contain CMake configuration files | | Find libraries | `configurePhase` | Missing dependency on a `dev` output | Add the missing dependency | The `dev` output typically contain CMake configuration files |
| Find libraries | `buildPhase` or `patchelf` | Missing dependency on a `lib` or `static` output | Add the missing dependency | The `lib` or `static` output typically contain the libraries | | Find libraries | `buildPhase` or `patchelf` | Missing dependency on a `lib` or `static` output | Add the missing dependency | The `lib` or `static` output typically contain the libraries |
In the scenario you are unable to run the resulting binary: this is arguably the most complicated as it could be any combination of the previous reasons. This type of failure typically occurs when a library attempts to load or open a library it depends on that it does not declare in its `DT_NEEDED` section. As a first step, ensure that dependencies are patched with [`cudaPackages.autoAddDriverRunpath`](https://search.nixos.org/packages?channel=unstable&type=packages&query=cudaPackages.autoAddDriverRunpath). Failing that, try running the application with [`nixGL`](https://github.com/guibou/nixGL) or a similar wrapper tool. If that works, it likely means that the application is attempting to load a library that is not in the `RPATH` or `RUNPATH` of the binary. In the scenario you are unable to run the resulting binary: this is arguably the most complicated as it could be any combination of the previous reasons. This type of failure typically occurs when a library attempts to load or open a library it depends on that it does not declare in its `DT_NEEDED` section. As a first step, ensure that dependencies are patched with [`autoAddDriverRunpath`](https://search.nixos.org/packages?channel=unstable&type=packages&query=autoAddDriverRunpath). Failing that, try running the application with [`nixGL`](https://github.com/guibou/nixGL) or a similar wrapper tool. If that works, it likely means that the application is attempting to load a library that is not in the `RPATH` or `RUNPATH` of the binary.

View file

@ -8,7 +8,7 @@ Programs in the GNOME universe are written in various languages but they all use
[GSettings](https://developer.gnome.org/gio/stable/GSettings.html) API is often used for storing settings. GSettings schemas are required, to know the type and other metadata of the stored values. GLib looks for `glib-2.0/schemas/gschemas.compiled` files inside the directories of `XDG_DATA_DIRS`. [GSettings](https://developer.gnome.org/gio/stable/GSettings.html) API is often used for storing settings. GSettings schemas are required, to know the type and other metadata of the stored values. GLib looks for `glib-2.0/schemas/gschemas.compiled` files inside the directories of `XDG_DATA_DIRS`.
On Linux, GSettings API is implemented using [dconf](https://wiki.gnome.org/Projects/dconf) backend. You will need to add `dconf` [GIO module](#ssec-gnome-gio-modules) to `GIO_EXTRA_MODULES` variable, otherwise the `memory` backend will be used and the saved settings will not be persistent. On Linux, GSettings API is implemented using [dconf](https://gitlab.gnome.org/GNOME/dconf) backend. You will need to add `dconf` [GIO module](#ssec-gnome-gio-modules) to `GIO_EXTRA_MODULES` variable, otherwise the `memory` backend will be used and the saved settings will not be persistent.
Last you will need the dconf database D-Bus service itself. You can enable it using `programs.dconf.enable`. Last you will need the dconf database D-Bus service itself. You can enable it using `programs.dconf.enable`.
@ -76,13 +76,13 @@ Previously, a GTK theme needed to be in `XDG_DATA_DIRS`. This is no longer neces
### GObject introspection typelibs {#ssec-gnome-typelibs} ### GObject introspection typelibs {#ssec-gnome-typelibs}
[GObject introspection](https://wiki.gnome.org/Projects/GObjectIntrospection) allows applications to use C libraries in other languages easily. It does this through `typelib` files searched in `GI_TYPELIB_PATH`. [GObject introspection](https://gitlab.gnome.org/GNOME/gobject-introspection) allows applications to use C libraries in other languages easily. It does this through `typelib` files searched in `GI_TYPELIB_PATH`.
### Various plug-ins {#ssec-gnome-plugins} ### Various plug-ins {#ssec-gnome-plugins}
If your application uses [GStreamer](https://gstreamer.freedesktop.org/) or [Grilo](https://wiki.gnome.org/Projects/Grilo), you should set `GST_PLUGIN_SYSTEM_PATH_1_0` and `GRL_PLUGIN_PATH`, respectively. If your application uses [GStreamer](https://gstreamer.freedesktop.org/) or [Grilo](https://gitlab.gnome.org/GNOME/grilo), you should set `GST_PLUGIN_SYSTEM_PATH_1_0` and `GRL_PLUGIN_PATH`, respectively.
## Onto `wrapGAppsHook` {#ssec-gnome-hooks} ## Onto `wrapGApps*` hooks {#ssec-gnome-hooks}
Given the requirements above, the package expression would become messy quickly: Given the requirements above, the package expression would become messy quickly:
@ -102,27 +102,29 @@ Given the requirements above, the package expression would become messy quickly:
} }
``` ```
Fortunately, there is [`wrapGAppsHook`]{#ssec-gnome-hooks-wrapgappshook}. It works in conjunction with other setup hooks that populate environment variables, and it will then wrap all executables in `bin` and `libexec` directories using said variables. For convenience, it also adds `dconf.lib` for a GIO module implementing a GSettings backend using `dconf`, `gtk3` for GSettings schemas, and `librsvg` for GdkPixbuf loader to the closure. Fortunately, we have a [family of hooks]{#ssec-gnome-hooks-wrapgappshook} that automate this. They work in conjunction with other setup hooks that populate environment variables, and will then wrap all executables in `bin` and `libexec` directories using said variables.
There is also [`wrapGAppsHook4`]{#ssec-gnome-hooks-wrapgappshook4}, which replaces GTK 3 with GTK 4. Instead of `wrapGAppsHook`, this should be used for all GTK4 applications. - [`wrapGAppsHook3`]{#ssec-gnome-hooks-wrapgappshook3} for GTK 3 apps. For convenience, it also adds `dconf.lib` for a GIO module implementing a GSettings backend using `dconf`, `gtk3` for GSettings schemas, and `librsvg` for GdkPixbuf loader to the closure.
- [`wrapGAppsHook4`]{#ssec-gnome-hooks-wrapgappshook4} for GTK 4 apps. Same as `wrapGAppsHook3` but replaces `gtk3` with `gtk4`.
- [`wrapGAppsNoGuiHook`]{#ssec-gnome-hooks-wrapgappsnoguihook} for programs without a graphical interface. Same as the above but does not bring `gtk3` and `librsvg` into the closure.
In case you are packaging a program without a graphical interface, you might want to use [`wrapGAppsNoGuiHook`]{#ssec-gnome-hooks-wrapgappsnoguihook}, which runs the same script as `wrapGAppsHook` but does not bring `gtk3` and `librsvg` into the closure. The hooks do the the following:
- `wrapGAppsHook` itself will add the packages `share` directory to `XDG_DATA_DIRS`. - `wrapGApps*` hook itself will add the packages `share` directory to `XDG_DATA_DIRS`.
- []{#ssec-gnome-hooks-glib} `glib` setup hook will populate `GSETTINGS_SCHEMAS_PATH` and then `wrapGAppsHook` will prepend it to `XDG_DATA_DIRS`. - []{#ssec-gnome-hooks-glib} `glib` setup hook will populate `GSETTINGS_SCHEMAS_PATH` and then `wrapGApps*` hook will prepend it to `XDG_DATA_DIRS`.
- []{#ssec-gnome-hooks-gdk-pixbuf} `gdk-pixbuf` setup hook will populate `GDK_PIXBUF_MODULE_FILE` with the path to biggest `loaders.cache` file from the dependencies containing [GdkPixbuf loaders](#ssec-gnome-gdk-pixbuf-loaders). This works fine when there are only two packages containing loaders (`gdk-pixbuf` and e.g. `librsvg`) it will choose the second one, reasonably expecting that it will be bigger since it describes extra loader in addition to the default ones. But when there are more than two loader packages, this logic will break. One possible solution would be constructing a custom cache file for each package containing a program like `services/x11/gdk-pixbuf.nix` NixOS module does. `wrapGAppsHook` copies the `GDK_PIXBUF_MODULE_FILE` environment variable into the produced wrapper. - []{#ssec-gnome-hooks-gdk-pixbuf} `gdk-pixbuf` setup hook will populate `GDK_PIXBUF_MODULE_FILE` with the path to biggest `loaders.cache` file from the dependencies containing [GdkPixbuf loaders](#ssec-gnome-gdk-pixbuf-loaders). This works fine when there are only two packages containing loaders (`gdk-pixbuf` and e.g. `librsvg`) it will choose the second one, reasonably expecting that it will be bigger since it describes extra loader in addition to the default ones. But when there are more than two loader packages, this logic will break. One possible solution would be constructing a custom cache file for each package containing a program like `services/x11/gdk-pixbuf.nix` NixOS module does. `wrapGApps*` hook copies the `GDK_PIXBUF_MODULE_FILE` environment variable into the produced wrapper.
- []{#ssec-gnome-hooks-gtk-drop-icon-theme-cache} One of `gtk3`s setup hooks will remove `icon-theme.cache` files from packages icon theme directories to avoid conflicts. Icon theme packages should prevent this with `dontDropIconThemeCache = true;`. - []{#ssec-gnome-hooks-gtk-drop-icon-theme-cache} One of `gtk3`s setup hooks will remove `icon-theme.cache` files from packages icon theme directories to avoid conflicts. Icon theme packages should prevent this with `dontDropIconThemeCache = true;`.
- []{#ssec-gnome-hooks-dconf} `dconf.lib` is a dependency of `wrapGAppsHook`, which then also adds it to the `GIO_EXTRA_MODULES` variable. - []{#ssec-gnome-hooks-dconf} `dconf.lib` is a dependency of `wrapGApps*` hook, which then also adds it to the `GIO_EXTRA_MODULES` variable.
- []{#ssec-gnome-hooks-hicolor-icon-theme} `hicolor-icon-theme`s setup hook will add icon themes to `XDG_ICON_DIRS`. - []{#ssec-gnome-hooks-hicolor-icon-theme} `hicolor-icon-theme`s setup hook will add icon themes to `XDG_ICON_DIRS`.
- []{#ssec-gnome-hooks-gobject-introspection} `gobject-introspection` setup hook populates `GI_TYPELIB_PATH` variable with `lib/girepository-1.0` directories of dependencies, which is then added to wrapper by `wrapGAppsHook`. It also adds `share` directories of dependencies to `XDG_DATA_DIRS`, which is intended to promote GIR files but it also [pollutes the closures](https://github.com/NixOS/nixpkgs/issues/32790) of packages using `wrapGAppsHook`. - []{#ssec-gnome-hooks-gobject-introspection} `gobject-introspection` setup hook populates `GI_TYPELIB_PATH` variable with `lib/girepository-1.0` directories of dependencies, which is then added to wrapper by `wrapGApps*` hook. It also adds `share` directories of dependencies to `XDG_DATA_DIRS`, which is intended to promote GIR files but it also [pollutes the closures](https://github.com/NixOS/nixpkgs/issues/32790) of packages using `wrapGApps*` hook.
- []{#ssec-gnome-hooks-gst-grl-plugins} Setup hooks of `gst_all_1.gstreamer` and `grilo` will populate the `GST_PLUGIN_SYSTEM_PATH_1_0` and `GRL_PLUGIN_PATH` variables, respectively, which will then be added to the wrapper by `wrapGAppsHook`. - []{#ssec-gnome-hooks-gst-grl-plugins} Setup hooks of `gst_all_1.gstreamer` and `grilo` will populate the `GST_PLUGIN_SYSTEM_PATH_1_0` and `GRL_PLUGIN_PATH` variables, respectively, which will then be added to the wrapper by `wrapGApps*` hook.
You can also pass additional arguments to `makeWrapper` using `gappsWrapperArgs` in `preFixup` hook: You can also pass additional arguments to `makeWrapper` using `gappsWrapperArgs` in `preFixup` hook:
@ -147,15 +149,15 @@ Most GNOME package offer [`updateScript`](#var-passthru-updateScript), it is the
### `GLib-GIO-ERROR **: 06:04:50.903: No GSettings schemas are installed on the system` {#ssec-gnome-common-issues-no-schemas} ### `GLib-GIO-ERROR **: 06:04:50.903: No GSettings schemas are installed on the system` {#ssec-gnome-common-issues-no-schemas}
There are no schemas available in `XDG_DATA_DIRS`. Temporarily add a random package containing schemas like `gsettings-desktop-schemas` to `buildInputs`. [`glib`](#ssec-gnome-hooks-glib) and [`wrapGAppsHook`](#ssec-gnome-hooks-wrapgappshook) setup hooks will take care of making the schemas available to application and you will see the actual missing schemas with the [next error](#ssec-gnome-common-issues-missing-schema). Or you can try looking through the source code for the actual schemas used. There are no schemas available in `XDG_DATA_DIRS`. Temporarily add a random package containing schemas like `gsettings-desktop-schemas` to `buildInputs`. [`glib`](#ssec-gnome-hooks-glib) and [`wrapGApps*`](#ssec-gnome-hooks-wrapgappshook) setup hooks will take care of making the schemas available to application and you will see the actual missing schemas with the [next error](#ssec-gnome-common-issues-missing-schema). Or you can try looking through the source code for the actual schemas used.
### `GLib-GIO-ERROR **: 06:04:50.903: Settings schema org.gnome.foo is not installed` {#ssec-gnome-common-issues-missing-schema} ### `GLib-GIO-ERROR **: 06:04:50.903: Settings schema org.gnome.foo is not installed` {#ssec-gnome-common-issues-missing-schema}
Package is missing some GSettings schemas. You can find out the package containing the schema with `nix-locate org.gnome.foo.gschema.xml` and let the hooks handle the wrapping as [above](#ssec-gnome-common-issues-no-schemas). Package is missing some GSettings schemas. You can find out the package containing the schema with `nix-locate org.gnome.foo.gschema.xml` and let the hooks handle the wrapping as [above](#ssec-gnome-common-issues-no-schemas).
### When using `wrapGAppsHook` with special derivers you can end up with double wrapped binaries. {#ssec-gnome-common-issues-double-wrapped} ### When using `wrapGApps*` hook with special derivers you can end up with double wrapped binaries. {#ssec-gnome-common-issues-double-wrapped}
This is because derivers like `python.pkgs.buildPythonApplication` or `qt5.mkDerivation` have setup-hooks automatically added that produce wrappers with makeWrapper. The simplest way to workaround that is to disable the `wrapGAppsHook` automatic wrapping with `dontWrapGApps = true;` and pass the arguments it intended to pass to makeWrapper to another. This is because derivers like `python.pkgs.buildPythonApplication` or `qt5.mkDerivation` have setup-hooks automatically added that produce wrappers with makeWrapper. The simplest way to workaround that is to disable the `wrapGApps*` hook automatic wrapping with `dontWrapGApps = true;` and pass the arguments it intended to pass to makeWrapper to another.
In the case of a Python application it could look like: In the case of a Python application it could look like:
@ -165,7 +167,7 @@ python3.pkgs.buildPythonApplication {
version = "3.32.2"; version = "3.32.2";
nativeBuildInputs = [ nativeBuildInputs = [
wrapGAppsHook wrapGAppsHook3
gobject-introspection gobject-introspection
# ... # ...
]; ];
@ -187,7 +189,7 @@ mkDerivation {
version = "3.47.0"; version = "3.47.0";
nativeBuildInputs = [ nativeBuildInputs = [
wrapGAppsHook wrapGAppsHook3
qmake qmake
# ... # ...
]; ];

View file

@ -2,7 +2,7 @@
## Building Go modules with `buildGoModule` {#ssec-language-go} ## Building Go modules with `buildGoModule` {#ssec-language-go}
The function `buildGoModule` builds Go programs managed with Go modules. It builds [Go Modules](https://github.com/golang/go/wiki/Modules) through a two phase build: The function `buildGoModule` builds Go programs managed with Go modules. It builds [Go Modules](https://go.dev/wiki/Modules) through a two phase build:
- An intermediate fetcher derivation called `goModules`. This derivation will be used to fetch all the dependencies of the Go module. - An intermediate fetcher derivation called `goModules`. This derivation will be used to fetch all the dependencies of the Go module.
- A final derivation will use the output of the intermediate derivation to build the binaries and produce the final output. - A final derivation will use the output of the intermediate derivation to build the binaries and produce the final output.

View file

@ -230,7 +230,7 @@ completely incompatible with packages from `haskellPackages`.
Every haskell package set has its own haskell-aware `mkDerivation` which is used Every haskell package set has its own haskell-aware `mkDerivation` which is used
to build its packages. Generally you won't have to interact with this builder to build its packages. Generally you won't have to interact with this builder
since [cabal2nix][cabal2nix] can generate packages since [cabal2nix](#haskell-cabal2nix) can generate packages
using it for an arbitrary cabal package definition. Still it is useful to know using it for an arbitrary cabal package definition. Still it is useful to know
the parameters it takes when you need to the parameters it takes when you need to
[override](#haskell-overriding-haskell-packages) a generated Nix expression. [override](#haskell-overriding-haskell-packages) a generated Nix expression.
@ -1123,18 +1123,75 @@ for [this to work][optparse-applicative-completions].
Note that this feature is automatically disabled when cross-compiling, since it Note that this feature is automatically disabled when cross-compiling, since it
requires executing the binaries in question. requires executing the binaries in question.
## Import-from-Derivation helpers {#haskell-import-from-derivation}
### cabal2nix {#haskell-cabal2nix}
[`cabal2nix`][cabal2nix] can generate Nix package definitions for arbitrary
Haskell packages using [import from derivation][import-from-derivation].
`cabal2nix` will generate Nix expressions that look like this:
```nix
# cabal get mtl-2.2.1 && cd mtl-2.2.1 && cabal2nix .
{ mkDerivation, base, lib, transformers }:
mkDerivation {
pname = "mtl";
version = "2.2.1";
src = ./.;
libraryHaskellDepends = [ base transformers ];
homepage = "http://github.com/ekmett/mtl";
description = "Monad classes, using functional dependencies";
license = lib.licenses.bsd3;
}
```
This expression should be called with `haskellPackages.callPackage`, which will
supply [`haskellPackages.mkDerivation`](#haskell-mkderivation) and the Haskell
dependencies as arguments.
`callCabal2nix name src args`
: Create a package named `name` from the source derivation `src` using
`cabal2nix`.
`args` are extra arguments provided to `haskellPackages.callPackage`.
`callCabal2nixWithOptions name src opts args`
: Create a package named `name` from the source derivation `src` using
`cabal2nix`.
`opts` are extra options for calling `cabal2nix`. If `opts` is a string, it
will be used as extra command line arguments for `cabal2nix`, e.g. `--subpath
path/to/dir/containing/cabal-file`. Otherwise, `opts` should be an AttrSet
which can contain the following attributes:
`extraCabal2nixOptions`
: Extra command line arguments for `cabal2nix`.
`srcModifier`
: A function which is used to modify the given `src` instead of the default
filter.
The default source filter will remove all files from `src` except for
`.cabal` files and `package.yaml` files.
<!--
`callHackage`
: TODO
`callHackageDirect`
: TODO
`developPackage`
: TODO
-->
<!-- <!--
TODO(@NixOS/haskell): finish these planned sections TODO(@NixOS/haskell): finish these planned sections
### Overriding the entire package set ### Overriding the entire package set
## Import-from-Derivation helpers
* `callCabal2nix`
* `callHackage`, `callHackageDirect`
* `developPackage`
## Contributing {#haskell-contributing} ## Contributing {#haskell-contributing}
### Fixing a broken package {#haskell-fixing-a-broken-package} ### Fixing a broken package {#haskell-fixing-a-broken-package}
@ -1309,3 +1366,4 @@ relevant.
[profiling]: https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/profiling.html [profiling]: https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/profiling.html
[search.nixos.org]: https://search.nixos.org [search.nixos.org]: https://search.nixos.org
[turtle]: https://hackage.haskell.org/package/turtle [turtle]: https://hackage.haskell.org/package/turtle
[import-from-derivation]: https://nixos.org/manual/nix/stable/language/import-from-derivation

View file

@ -7,10 +7,11 @@ Nixpkgs provides a couple of facilities for working with this tool.
## Writing packages providing pkg-config modules {#pkg-config-writing-packages} ## Writing packages providing pkg-config modules {#pkg-config-writing-packages}
Packages should set `meta.pkgConfigModules` with the list of package config modules they provide. Packages should set `meta.pkgConfigModules` with the list of package config modules they provide.
They should also use `testers.testMetaPkgConfig` to check that the final built package matches that list. They should also use `testers.hasPkgConfigModules` to check that the final built package matches that list,
and optionally check that the pkgconf modules' version metadata matches the derivation's.
Additionally, the [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), will do extra checks on to-be-installed pkg-config modules. Additionally, the [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), will do extra checks on to-be-installed pkg-config modules.
A good example of all these things is zlib: A good example of all these things is miniz:
```nix ```nix
{ pkg-config, testers, ... }: { pkg-config, testers, ... }:
@ -20,11 +21,14 @@ stdenv.mkDerivation (finalAttrs: {
nativeBuildInputs = [ pkg-config validatePkgConfig ]; nativeBuildInputs = [ pkg-config validatePkgConfig ];
passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; passthru.tests.pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
versionCheck = true;
};
meta = { meta = {
/* ... */ /* ... */
pkgConfigModules = [ "zlib" ]; pkgConfigModules = [ "miniz" ];
}; };
}) })
``` ```

View file

@ -878,7 +878,6 @@ buildPythonPackage rec {
homepage = "https://github.com/pytoolz/toolz"; homepage = "https://github.com/pytoolz/toolz";
description = "List processing tools and functional utilities"; description = "List processing tools and functional utilities";
license = lib.licenses.bsd3; license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ fridh ];
}; };
} }
``` ```
@ -1013,7 +1012,6 @@ buildPythonPackage rec {
homepage = "https://github.com/ContinuumIO/datashape"; homepage = "https://github.com/ContinuumIO/datashape";
description = "A data description language"; description = "A data description language";
license = lib.licenses.bsd2; license = lib.licenses.bsd2;
maintainers = with lib.maintainers; [ fridh ];
}; };
} }
``` ```
@ -1134,7 +1132,6 @@ buildPythonPackage rec {
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms"; description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = "http://hgomersall.github.com/pyFFTW"; homepage = "http://hgomersall.github.com/pyFFTW";
license = with lib.licenses; [ bsd2 bsd3 ]; license = with lib.licenses; [ bsd2 bsd3 ];
maintainers = with lib.maintainers; [ fridh ];
}; };
} }
``` ```
@ -1494,7 +1491,6 @@ buildPythonPackage rec {
homepage = "https://github.com/pytoolz/toolz/"; homepage = "https://github.com/pytoolz/toolz/";
description = "List processing tools and functional utilities"; description = "List processing tools and functional utilities";
license = lib.licenses.bsd3; license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ fridh ];
}; };
} }
``` ```

View file

@ -101,7 +101,7 @@ For example, a package which requires dynamic linking and cannot be linked stati
```nix ```nix
{ {
meta.platforms = lib.platforms.all; meta.platforms = lib.platforms.all;
meta.badPlatforms = [ lib.systems.inspect.patterns.isStatic ]; meta.badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ];
} }
``` ```

View file

@ -47,7 +47,7 @@ let
# misc # misc
asserts = callLibs ./asserts.nix; asserts = callLibs ./asserts.nix;
debug = callLibs ./debug.nix; debug = callLibs ./debug.nix;
misc = callLibs ./deprecated.nix; misc = callLibs ./deprecated/misc.nix;
# domain-specific # domain-specific
fetchers = callLibs ./fetchers.nix; fetchers = callLibs ./fetchers.nix;
@ -89,7 +89,7 @@ let
recurseIntoAttrs dontRecurseIntoAttrs cartesianProduct cartesianProductOfSets recurseIntoAttrs dontRecurseIntoAttrs cartesianProduct cartesianProductOfSets
mapCartesianProduct updateManyAttrsByPath; mapCartesianProduct updateManyAttrsByPath;
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1 inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count ifilter0 concatMap flatten remove findSingle findFirst any all count
optional optionals toList range replicate partition zipListsWith zipLists optional optionals toList range replicate partition zipListsWith zipLists
reverseList listDfs toposort sort sortOn naturalSort compareLists take reverseList listDfs toposort sort sortOn naturalSort compareLists take
drop sublist last init crossLists unique allUnique intersectLists drop sublist last init crossLists unique allUnique intersectLists

View file

@ -0,0 +1,11 @@
# lib/deprecated
Do not add any new functions to this directory.
This directory contains the `lib.misc` sublibrary, which - as a location - is deprecated.
Furthermore, some of the functions inside are of *dubious* utility, and should perhaps be avoided,
while some functions *may still be needed*.
This directory does not play a role in the deprecation process for library functions.
They should be deprecated in place, by putting a `lib.warn` or `lib.warnIf` call around the function.

View file

@ -8,6 +8,7 @@
# derivation like fetchurl is allowed to do so since its result is # derivation like fetchurl is allowed to do so since its result is
# by definition pure. # by definition pure.
"http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
"HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
]; ];
} }

View file

@ -53,6 +53,53 @@ rec {
inherit type isGVariant; inherit type isGVariant;
intConstructors = [
{
name = "mkInt32";
type = type.int32;
min = -2147483648;
max = 2147483647;
}
{
name = "mkUint32";
type = type.uint32;
min = 0;
max = 4294967295;
}
{
name = "mkInt64";
type = type.int64;
# Nix does not support such large numbers.
min = null;
max = null;
}
{
name = "mkUint64";
type = type.uint64;
min = 0;
# Nix does not support such large numbers.
max = null;
}
{
name = "mkInt16";
type = type.int16;
min = -32768;
max = 32767;
}
{
name = "mkUint16";
type = type.uint16;
min = 0;
max = 65535;
}
{
name = "mkUchar";
type = type.uchar;
min = 0;
max = 255;
}
];
/* Returns the GVariant value that most closely matches the given Nix value. /* Returns the GVariant value that most closely matches the given Nix value.
If no GVariant value can be found unambiguously then error is thrown. If no GVariant value can be found unambiguously then error is thrown.
@ -70,8 +117,20 @@ rec {
mkArray v mkArray v
else if isGVariant v then else if isGVariant v then
v v
else if builtins.isInt v then
let
validConstructors = builtins.filter ({ min, max, ... }: (min == null || min <= v) && (max == null || v <= max)) intConstructors;
in
throw ''
The GVariant type for number ${builtins.toString v} is unclear.
Please wrap the value with one of the following, depending on the value type in GSettings schema:
${lib.concatMapStringsSep "\n" ({ name, type, ...}: "- `lib.gvariant.${name}` for `${type}`") validConstructors}
''
else if builtins.isAttrs v then
throw "Cannot construct GVariant value from an attribute set. If you want to construct a dictionary, you will need to create an array containing items constructed with `lib.gvariant.mkDictionaryEntry`."
else else
throw "The GVariant type of ${v} can't be inferred."; throw "The GVariant type of ${builtins.typeOf v} can't be inferred.";
/* Returns the GVariant array from the given type of the elements and a Nix list. /* Returns the GVariant array from the given type of the elements and a Nix list.

View file

@ -632,6 +632,11 @@ in mkLicense lset) ({
url = "https://old.calculate-linux.org/packages/licenses/iASL"; url = "https://old.calculate-linux.org/packages/licenses/iASL";
}; };
icu = {
spdxId = "ICU";
fullName = "ICU";
};
ijg = { ijg = {
spdxId = "IJG"; spdxId = "IJG";
fullName = "Independent JPEG Group License"; fullName = "Independent JPEG Group License";
@ -1168,6 +1173,11 @@ in mkLicense lset) ({
# channel and NixOS images. # channel and NixOS images.
}; };
unicode-30 = {
spdxId = "Unicode-3.0";
fullName = "Unicode License v3";
};
unicode-dfs-2015 = { unicode-dfs-2015 = {
spdxId = "Unicode-DFS-2015"; spdxId = "Unicode-DFS-2015";
fullName = "Unicode License Agreement - Data Files and Software (2015)"; fullName = "Unicode License Agreement - Data Files and Software (2015)";

View file

@ -4,7 +4,7 @@
{ lib }: { lib }:
let let
inherit (lib.strings) toInt; inherit (lib.strings) toInt;
inherit (lib.trivial) compare min id warn; inherit (lib.trivial) compare min id warn pipe;
inherit (lib.attrsets) mapAttrs; inherit (lib.attrsets) mapAttrs;
in in
rec { rec {
@ -333,6 +333,54 @@ rec {
*/ */
imap1 = f: list: genList (n: f (n + 1) (elemAt list n)) (length list); imap1 = f: list: genList (n: f (n + 1) (elemAt list n)) (length list);
/**
Filter a list for elements that satisfy a predicate function.
The predicate function is called with both the index and value for each element.
It must return `true`/`false` to include/exclude a given element in the result.
This function is strict in the result of the predicate function for each element.
This function has O(n) complexity.
Also see [`builtins.filter`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-filter) (available as `lib.lists.filter`),
which can be used instead when the index isn't needed.
# Inputs
`ipred`
: The predicate function, it takes two arguments:
- 1. (int): the index of the element.
- 2. (a): the value of the element.
It must return `true`/`false` to include/exclude a given element from the result.
`list`
: The list to filter using the predicate.
# Type
```
ifilter0 :: (int -> a -> bool) -> [a] -> [a]
```
# Examples
:::{.example}
## `lib.lists.ifilter0` usage example
```nix
ifilter0 (i: v: i == 0 || v > 2) [ 1 2 3 ]
=> [ 1 3 ]
```
:::
*/
ifilter0 =
ipred:
input:
map (idx: elemAt input idx) (
filter (idx: ipred idx (elemAt input idx)) (
genList (x: x) (length input)
)
);
/** /**
Map and concatenate the result. Map and concatenate the result.

View file

@ -81,6 +81,8 @@ let
&& final.parsed.kernel == platform.parsed.kernel; && final.parsed.kernel == platform.parsed.kernel;
isCompatible = _: throw "2022-05-23: isCompatible has been removed in favor of canExecute, refer to the 22.11 changelog for details"; isCompatible = _: throw "2022-05-23: isCompatible has been removed in favor of canExecute, refer to the 22.11 changelog for details";
# Derived meta-data # Derived meta-data
useLLVM = final.isFreeBSD;
libc = libc =
/**/ if final.isDarwin then "libSystem" /**/ if final.isDarwin then "libSystem"
else if final.isMinGW then "msvcrt" else if final.isMinGW then "msvcrt"

View file

@ -13,7 +13,7 @@ let
"x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin" "x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin"
# FreeBSD # FreeBSD
"i686-freebsd13" "x86_64-freebsd13" "i686-freebsd" "x86_64-freebsd"
# Genode # Genode
"aarch64-genode" "i686-genode" "x86_64-genode" "aarch64-genode" "i686-genode" "x86_64-genode"

View file

@ -235,6 +235,11 @@ rec {
libc = "newlib"; libc = "newlib";
}; };
microblaze-embedded = {
config = "microblazeel-none-elf";
libc = "newlib";
};
# #
# Redox # Redox
# #
@ -323,7 +328,7 @@ rec {
# BSDs # BSDs
x86_64-freebsd = { x86_64-freebsd = {
config = "x86_64-unknown-freebsd13"; config = "x86_64-unknown-freebsd";
useLLVM = true; useLLVM = true;
}; };

View file

@ -326,11 +326,7 @@ rec {
# the normalized name for macOS. # the normalized name for macOS.
macos = { execFormat = macho; families = { inherit darwin; }; name = "darwin"; }; macos = { execFormat = macho; families = { inherit darwin; }; name = "darwin"; };
ios = { execFormat = macho; families = { inherit darwin; }; }; ios = { execFormat = macho; families = { inherit darwin; }; };
# A tricky thing about FreeBSD is that there is no stable ABI across freebsd = { execFormat = elf; families = { inherit bsd; }; name = "freebsd"; };
# versions. That means that putting in the version as part of the
# config string is paramount.
freebsd12 = { execFormat = elf; families = { inherit bsd; }; name = "freebsd"; version = 12; };
freebsd13 = { execFormat = elf; families = { inherit bsd; }; name = "freebsd"; version = 13; };
linux = { execFormat = elf; families = { }; }; linux = { execFormat = elf; families = { }; };
netbsd = { execFormat = elf; families = { inherit bsd; }; }; netbsd = { execFormat = elf; families = { inherit bsd; }; };
none = { execFormat = unknown; families = { }; }; none = { execFormat = unknown; families = { }; };

View file

@ -63,8 +63,10 @@ let
hasAttrByPath hasAttrByPath
hasInfix hasInfix
id id
ifilter0
isStorePath isStorePath
lazyDerivation lazyDerivation
length
lists lists
listToAttrs listToAttrs
makeExtensible makeExtensible
@ -651,6 +653,31 @@ runTests {
expected = ["b" "c"]; expected = ["b" "c"];
}; };
testIfilter0Example = {
expr = ifilter0 (i: v: i == 0 || v > 2) [ 1 2 3 ];
expected = [ 1 3 ];
};
testIfilter0Empty = {
expr = ifilter0 (i: v: abort "shouldn't be evaluated!") [ ];
expected = [ ];
};
testIfilter0IndexOnly = {
expr = length (ifilter0 (i: v: mod i 2 == 0) [ (throw "0") (throw "1") (throw "2") (throw "3")]);
expected = 2;
};
testIfilter0All = {
expr = ifilter0 (i: v: true) [ 10 11 12 13 14 15 ];
expected = [ 10 11 12 13 14 15 ];
};
testIfilter0First = {
expr = ifilter0 (i: v: i == 0) [ 10 11 12 13 14 15 ];
expected = [ 10 ];
};
testIfilter0Last = {
expr = ifilter0 (i: v: i == 5) [ 10 11 12 13 14 15 ];
expected = [ 15 ];
};
testFold = testFold =
let let
f = op: fold: fold op 0 (range 0 100); f = op: fold: fold op 0 (range 0 100);

View file

@ -2,7 +2,7 @@
# Don't test properties of pkgs.lib, but rather the lib in the parent directory # Don't test properties of pkgs.lib, but rather the lib in the parent directory
pkgs ? import ../.. {} // { lib = throw "pkgs.lib accessed, but the lib tests should use nixpkgs' lib path directly!"; }, pkgs ? import ../.. {} // { lib = throw "pkgs.lib accessed, but the lib tests should use nixpkgs' lib path directly!"; },
nix ? pkgs-nixVersions.stable, nix ? pkgs-nixVersions.stable,
nixVersions ? [ pkgs-nixVersions.minimum nix pkgs-nixVersions.unstable ], nixVersions ? [ pkgs-nixVersions.minimum nix pkgs-nixVersions.latest ],
pkgs-nixVersions ? import ./nix-for-tests.nix { inherit pkgs; }, pkgs-nixVersions ? import ./nix-for-tests.nix { inherit pkgs; },
}: }:

View file

@ -40,7 +40,7 @@ lib.runTests (
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-netbsd" "armv6l-none" "armv7a-linux" "armv7a-netbsd" "armv7l-linux" "armv7l-netbsd" "arm-none" "armv7a-darwin" ]; testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-netbsd" "armv6l-none" "armv7a-linux" "armv7a-netbsd" "armv7l-linux" "armv7l-netbsd" "arm-none" "armv7a-darwin" ];
testarmv7 = mseteq armv7 [ "armv7a-darwin" "armv7a-linux" "armv7l-linux" "armv7a-netbsd" "armv7l-netbsd" ]; testarmv7 = mseteq armv7 [ "armv7a-darwin" "armv7a-linux" "armv7l-linux" "armv7a-netbsd" "armv7l-netbsd" ];
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd13" "i686-genode" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ]; testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-genode" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
testmips = mseteq mips [ "mips-none" "mips64-none" "mips-linux" "mips64-linux" "mips64el-linux" "mipsel-linux" "mipsel-netbsd" ]; testmips = mseteq mips [ "mips-none" "mips64-none" "mips-linux" "mips64-linux" "mips64el-linux" "mipsel-linux" "mipsel-netbsd" ];
testmmix = mseteq mmix [ "mmix-mmixware" ]; testmmix = mseteq mmix [ "mmix-mmixware" ];
testpower = mseteq power [ "powerpc-netbsd" "powerpc-none" "powerpc64-linux" "powerpc64le-linux" "powerpcle-none" ]; testpower = mseteq power [ "powerpc-netbsd" "powerpc-none" "powerpc64-linux" "powerpc64le-linux" "powerpcle-none" ];
@ -48,11 +48,11 @@ lib.runTests (
testriscv32 = mseteq riscv32 [ "riscv32-linux" "riscv32-netbsd" "riscv32-none" ]; testriscv32 = mseteq riscv32 [ "riscv32-linux" "riscv32-netbsd" "riscv32-none" ];
testriscv64 = mseteq riscv64 [ "riscv64-linux" "riscv64-netbsd" "riscv64-none" ]; testriscv64 = mseteq riscv64 [ "riscv64-linux" "riscv64-netbsd" "riscv64-none" ];
tests390x = mseteq s390x [ "s390x-linux" "s390x-none" ]; tests390x = mseteq s390x [ "s390x-linux" "s390x-none" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd13" "x86_64-genode" "x86_64-redox" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ]; testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-redox" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ]; testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ];
testdarwin = mseteq darwin [ "x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin" ]; testdarwin = mseteq darwin [ "x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin" ];
testfreebsd = mseteq freebsd [ "i686-freebsd13" "x86_64-freebsd13" ]; testfreebsd = mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ];
testgenode = mseteq genode [ "aarch64-genode" "i686-genode" "x86_64-genode" ]; testgenode = mseteq genode [ "aarch64-genode" "i686-genode" "x86_64-genode" ];
testredox = mseteq redox [ "x86_64-redox" ]; testredox = mseteq redox [ "x86_64-redox" ];
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */); testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);

File diff suppressed because it is too large Load diff

View file

@ -5,7 +5,7 @@ let
trace = if builtins.getEnv "VERBOSE" == "1" then builtins.trace else (x: y: y); trace = if builtins.getEnv "VERBOSE" == "1" then builtins.trace else (x: y: y);
rel = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" "xbursttools" ]; rel = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ];
# Add the recurseForDerivations attribute to ensure that # Add the recurseForDerivations attribute to ensure that
# nix-instantiate recurses into nested attribute sets. # nix-instantiate recurses into nested attribute sets.

View file

@ -28,6 +28,7 @@ OK_MISSING_BY_PACKAGE = {
"discover": { "discover": {
"rpm-ostree-1", # we don't have rpm-ostree (duh) "rpm-ostree-1", # we don't have rpm-ostree (duh)
"Snapd", # we don't have snaps and probably never will "Snapd", # we don't have snaps and probably never will
"packagekitqt6", # intentionally disabled
}, },
"elisa": { "elisa": {
"UPNPQT", # upstream says it's broken "UPNPQT", # upstream says it's broken
@ -36,6 +37,9 @@ OK_MISSING_BY_PACKAGE = {
"Sphinx", # only used for docs, bloats closure size "Sphinx", # only used for docs, bloats closure size
"QCollectionGenerator" "QCollectionGenerator"
}, },
"gwenview": {
"Tiff", # duplicate?
},
"kio-extras-kf5": { "kio-extras-kf5": {
"KDSoapWSDiscoveryClient", # actually vendored on KF5 version "KDSoapWSDiscoveryClient", # actually vendored on KF5 version
}, },

View file

@ -1,19 +1,19 @@
name,src,ref,server,version,luaversion,maintainers name,rockspec,ref,server,version,luaversion,maintainers
alt-getopt,,,,,,arobyn alt-getopt,,,,,,arobyn
bit32,,,,5.3.0-1,5.1,lblasc bit32,,,,5.3.0-1,5.1,lblasc
argparse,,,,,, argparse,,,,,,
basexx,,,,,, basexx,,,,,,
binaryheap,,,,,,vcunat binaryheap,,,,,,vcunat
busted,,,,,, busted,,,,,,
cassowary,,,,,,marsam alerque cassowary,,,,,,alerque
cldr,,,,,,alerque cldr,,,,,,alerque
compat53,,,,,,vcunat compat53,,,,,,vcunat
commons.nvim,,,,,,mrcjkb commons.nvim,,,,,,mrcjkb
cosmo,,,,,,marsam cosmo,,,,,,
coxpcall,,,,1.17.0-1,, coxpcall,,,,1.17.0-1,,
cqueues,,,,,,vcunat cqueues,,,,,,vcunat
cyan,,,,,, cyan,,,,,,
digestif,https://github.com/astoff/digestif.git,,,,5.3, digestif,,,,,5.3,
dkjson,,,,,, dkjson,,,,,,
fennel,,,,,,misterio77 fennel,,,,,,misterio77
fidget.nvim,,,,,,mrcjkb fidget.nvim,,,,,,mrcjkb
@ -22,8 +22,8 @@ fluent,,,,,,alerque
funnyfiles.nvim,,,,,,mrcjkb funnyfiles.nvim,,,,,,mrcjkb
fzf-lua,,,,,,mrcjkb fzf-lua,,,,,,mrcjkb
fzy,,,,,,mrcjkb fzy,,,,,,mrcjkb
gitsigns.nvim,https://github.com/lewis6991/gitsigns.nvim.git,,,,5.1, gitsigns.nvim,https://raw.githubusercontent.com/lewis6991/gitsigns.nvim/main/gitsigns.nvim-scm-1.rockspec,,,,5.1,
haskell-tools.nvim,,,,,, haskell-tools.nvim,,,,,,mrcjkb
http,,,,0.3-0,,vcunat http,,,,0.3-0,,vcunat
image.nvim,,,,,,teto image.nvim,,,,,,teto
inspect,,,,,, inspect,,,,,,
@ -31,7 +31,7 @@ jsregexp,,,,,,
ldbus,,,http://luarocks.org/dev,,, ldbus,,,http://luarocks.org/dev,,,
ldoc,,,,,, ldoc,,,,,,
lgi,,,,,, lgi,,,,,,
linenoise,https://github.com/hoelzro/lua-linenoise.git,,,,, linenoise,https://raw.githubusercontent.com/hoelzro/lua-linenoise/master/linenoise-0.9-1.rockspec,,,,,
ljsyscall,,,,,5.1,lblasc ljsyscall,,,,,5.1,lblasc
lmathx,,,,,5.3,alexshpilkin lmathx,,,,,5.3,alexshpilkin
lmpfrlib,,,,,5.3,alexshpilkin lmpfrlib,,,,,5.3,alexshpilkin
@ -54,13 +54,13 @@ lua-resty-jwt,,,,,,
lua-resty-openidc,,,,,, lua-resty-openidc,,,,,,
lua-resty-openssl,,,,,, lua-resty-openssl,,,,,,
lua-resty-session,,,,,, lua-resty-session,,,,,,
lua-rtoml,https://github.com/lblasc/lua-rtoml,,,,,lblasc lua-rtoml,https://raw.githubusercontent.com/lblasc/lua-rtoml/main/lua-rtoml-0.2-0.rockspec,,,,,lblasc
lua-subprocess,https://github.com/0x0ade/lua-subprocess,,,,5.1,scoder12 lua-subprocess,https://raw.githubusercontent.com/0x0ade/lua-subprocess/master/subprocess-scm-1.rockspec,,,,5.1,scoder12
lua-term,,,,,, lua-term,,,,,,
lua-toml,,,,,, lua-toml,,,,,,
lua-zlib,,,,,,koral lua-zlib,,,,,,koral
lua_cliargs,,,,,, lua_cliargs,,,,,,
luabitop,https://github.com/teto/luabitop.git,,,,, luabitop,https://raw.githubusercontent.com/teto/luabitop/master/luabitop-1.0.2-3.rockspec,,,,,
luacheck,,,,,, luacheck,,,,,,
luacov,,,,,, luacov,,,,,,
luadbi,,,,,, luadbi,,,,,,
@ -78,12 +78,14 @@ luaossl,,,,,5.1,
luaposix,,,,34.1.1-1,,vyp lblasc luaposix,,,,34.1.1-1,,vyp lblasc
luarepl,,,,,, luarepl,,,,,,
luarocks-build-rust-mlua,,,,,,mrcjkb luarocks-build-rust-mlua,,,,,,mrcjkb
luarocks-build-treesitter-parser,,,,,,mrcjkb
luasec,,,,,,flosse luasec,,,,,,flosse
luasnip,,,,,, luasnip,,,,,,
luasocket,,,,,, luasocket,,,,,,
luasql-sqlite3,,,,,,vyp luasql-sqlite3,,,,,,vyp
luassert,,,,,, luassert,,,,,,
luasystem,,,,,, luasystem,,,,,,
luatext,,,,,,
luaunbound,,,,,, luaunbound,,,,,,
luaunit,,,,,,lockejan luaunit,,,,,,lockejan
luautf8,,,,,,pstn luautf8,,,,,,pstn
@ -93,7 +95,7 @@ lua-yajl,,,,,,pstn
lua-iconv,,,,7.0.0,, lua-iconv,,,,7.0.0,,
luuid,,,,20120509-2,, luuid,,,,20120509-2,,
luv,,,,1.44.2-1,, luv,,,,1.44.2-1,,
lush.nvim,https://github.com/rktjmp/lush.nvim,,,,,teto lush.nvim,,,https://luarocks.org/dev,,,teto
lyaml,,,,,,lblasc lyaml,,,,,,lblasc
magick,,,,,5.1,donovanglover magick,,,,,5.1,donovanglover
markdown,,,,,, markdown,,,,,,
@ -101,27 +103,27 @@ mediator_lua,,,,,,
middleclass,,,,,, middleclass,,,,,,
mimetypes,,,,,, mimetypes,,,,,,
mpack,,,,,, mpack,,,,,,
moonscript,https://github.com/leafo/moonscript.git,dev-1,,,,arobyn moonscript,https://raw.githubusercontent.com/leafo/moonscript/master/moonscript-dev-1.rockspec,,,,,arobyn
neotest,,,,,,mrcjkb neotest,,,,,,mrcjkb
nlua,,,,,,teto nlua,,,,,,teto
nui.nvim,,,,,,mrcjkb nui.nvim,,,,,,mrcjkb
nvim-cmp,https://github.com/hrsh7th/nvim-cmp,,,,, nvim-cmp,https://raw.githubusercontent.com/hrsh7th/nvim-cmp/main/nvim-cmp-scm-1.rockspec,,,,,
nvim-nio,,,,,,mrcjkb nvim-nio,,,,,,mrcjkb
pathlib.nvim,,,,,, pathlib.nvim,,,,,,
penlight,https://github.com/lunarmodules/Penlight.git,,,,,alerque penlight,,,,,,alerque
plenary.nvim,https://github.com/nvim-lua/plenary.nvim.git,,,,5.1, plenary.nvim,https://raw.githubusercontent.com/nvim-lua/plenary.nvim/master/plenary.nvim-scm-1.rockspec,,,,5.1,
rapidjson,https://github.com/xpol/lua-rapidjson.git,,,,, rapidjson,,,,,,
rocks.nvim,,,,,5.1,teto mrcjkb
rest.nvim,,,,,5.1,teto rest.nvim,,,,,5.1,teto
rocks.nvim,,,,,,mrcjkb rocks.nvim,,,,,,mrcjkb
rocks-git.nvim,,,,,,mrcjkb rocks-git.nvim,,,,,,mrcjkb
rocks-config.nvim,,,,,,mrcjkb rocks-config.nvim,,,,,,mrcjkb
rocks-dev.nvim,,,,,,mrcjkb rocks-dev.nvim,,,,,,mrcjkb
rtp.nvim,,,,,,mrcjkb
rustaceanvim,,,,,,mrcjkb rustaceanvim,,,,,,mrcjkb
say,https://github.com/Olivine-Labs/say.git,,,,, say,,,,,,
serpent,,,,,,lockejan serpent,,,,,,lockejan
sqlite,,,,,, sqlite,,,,,,
std._debug,https://github.com/lua-stdlib/_debug.git,,,,, std._debug,,,,,,
std.normalize,,,,,, std.normalize,,,,,,
stdlib,,,,41.2.2,,vyp stdlib,,,,41.2.2,,vyp
teal-language-server,,,http://luarocks.org/dev,,, teal-language-server,,,http://luarocks.org/dev,,,
@ -131,6 +133,7 @@ tiktoken_core,,,,,,natsukium
tl,,,,,,mephistophiles tl,,,,,,mephistophiles
toml,,,,,,mrcjkb toml,,,,,,mrcjkb
toml-edit,,,,,5.1,mrcjkb toml-edit,,,,,5.1,mrcjkb
vstruct,https://github.com/ToxicFrog/vstruct.git,,,,, tree-sitter-norg,,,,,5.1,mrcjkb
vstruct,,,,,,
vusted,,,,,,figsoda vusted,,,,,,figsoda
xml2lua,,,,,,teto xml2lua,,,,,,teto

1 name src rockspec ref server version luaversion maintainers
2 alt-getopt arobyn
3 bit32 5.3.0-1 5.1 lblasc
4 argparse
5 basexx
6 binaryheap vcunat
7 busted
8 cassowary marsam alerque alerque
9 cldr alerque
10 compat53 vcunat
11 commons.nvim mrcjkb
12 cosmo marsam
13 coxpcall 1.17.0-1
14 cqueues vcunat
15 cyan
16 digestif https://github.com/astoff/digestif.git 5.3
17 dkjson
18 fennel misterio77
19 fidget.nvim mrcjkb
22 funnyfiles.nvim mrcjkb
23 fzf-lua mrcjkb
24 fzy mrcjkb
25 gitsigns.nvim https://github.com/lewis6991/gitsigns.nvim.git https://raw.githubusercontent.com/lewis6991/gitsigns.nvim/main/gitsigns.nvim-scm-1.rockspec 5.1
26 haskell-tools.nvim mrcjkb
27 http 0.3-0 vcunat
28 image.nvim teto
29 inspect
31 ldbus http://luarocks.org/dev
32 ldoc
33 lgi
34 linenoise https://github.com/hoelzro/lua-linenoise.git https://raw.githubusercontent.com/hoelzro/lua-linenoise/master/linenoise-0.9-1.rockspec
35 ljsyscall 5.1 lblasc
36 lmathx 5.3 alexshpilkin
37 lmpfrlib 5.3 alexshpilkin
54 lua-resty-openidc
55 lua-resty-openssl
56 lua-resty-session
57 lua-rtoml https://github.com/lblasc/lua-rtoml https://raw.githubusercontent.com/lblasc/lua-rtoml/main/lua-rtoml-0.2-0.rockspec lblasc
58 lua-subprocess https://github.com/0x0ade/lua-subprocess https://raw.githubusercontent.com/0x0ade/lua-subprocess/master/subprocess-scm-1.rockspec 5.1 scoder12
59 lua-term
60 lua-toml
61 lua-zlib koral
62 lua_cliargs
63 luabitop https://github.com/teto/luabitop.git https://raw.githubusercontent.com/teto/luabitop/master/luabitop-1.0.2-3.rockspec
64 luacheck
65 luacov
66 luadbi
78 luaposix 34.1.1-1 vyp lblasc
79 luarepl
80 luarocks-build-rust-mlua mrcjkb
81 luarocks-build-treesitter-parser mrcjkb
82 luasec flosse
83 luasnip
84 luasocket
85 luasql-sqlite3 vyp
86 luassert
87 luasystem
88 luatext
89 luaunbound
90 luaunit lockejan
91 luautf8 pstn
95 lua-iconv 7.0.0
96 luuid 20120509-2
97 luv 1.44.2-1
98 lush.nvim https://github.com/rktjmp/lush.nvim https://luarocks.org/dev teto
99 lyaml lblasc
100 magick 5.1 donovanglover
101 markdown
103 middleclass
104 mimetypes
105 mpack
106 moonscript https://github.com/leafo/moonscript.git https://raw.githubusercontent.com/leafo/moonscript/master/moonscript-dev-1.rockspec dev-1 arobyn
107 neotest mrcjkb
108 nlua teto
109 nui.nvim mrcjkb
110 nvim-cmp https://github.com/hrsh7th/nvim-cmp https://raw.githubusercontent.com/hrsh7th/nvim-cmp/main/nvim-cmp-scm-1.rockspec
111 nvim-nio mrcjkb
112 pathlib.nvim
113 penlight https://github.com/lunarmodules/Penlight.git alerque
114 plenary.nvim https://github.com/nvim-lua/plenary.nvim.git https://raw.githubusercontent.com/nvim-lua/plenary.nvim/master/plenary.nvim-scm-1.rockspec 5.1
115 rapidjson https://github.com/xpol/lua-rapidjson.git
rocks.nvim 5.1 teto mrcjkb
116 rest.nvim 5.1 teto
117 rocks.nvim mrcjkb
118 rocks-git.nvim mrcjkb
119 rocks-config.nvim mrcjkb
120 rocks-dev.nvim mrcjkb
121 rtp.nvim mrcjkb
122 rustaceanvim mrcjkb
123 say https://github.com/Olivine-Labs/say.git
124 serpent lockejan
125 sqlite
126 std._debug https://github.com/lua-stdlib/_debug.git
127 std.normalize
128 stdlib 41.2.2 vyp
129 teal-language-server http://luarocks.org/dev
133 tl mephistophiles
134 toml mrcjkb
135 toml-edit 5.1 mrcjkb
136 vstruct tree-sitter-norg https://github.com/ToxicFrog/vstruct.git 5.1 mrcjkb
137 vstruct
138 vusted figsoda
139 xml2lua teto

View file

@ -32,7 +32,6 @@ with lib.maintainers; {
acme = { acme = {
members = [ members = [
aanderse aanderse
andrew-d
arianvp arianvp
emily emily
flokli flokli
@ -46,7 +45,6 @@ with lib.maintainers; {
bazel = { bazel = {
members = [ members = [
mboes mboes
marsam
uri-canva uri-canva
cbley cbley
olebedev olebedev
@ -99,7 +97,6 @@ with lib.maintainers; {
budgie = { budgie = {
members = [ members = [
bobby285271 bobby285271
federicoschonborn
]; ];
scope = "Maintain Budgie desktop environment"; scope = "Maintain Budgie desktop environment";
shortName = "Budgie"; shortName = "Budgie";
@ -265,8 +262,9 @@ with lib.maintainers; {
}; };
docs = { docs = {
members = [ members = [ ];
ryantm githubTeams = [
"documentation-team"
]; ];
scope = "Maintain nixpkgs/NixOS documentation and tools for building it."; scope = "Maintain nixpkgs/NixOS documentation and tools for building it.";
shortName = "Docs"; shortName = "Docs";
@ -380,7 +378,6 @@ with lib.maintainers; {
krav krav
talyz talyz
yayayayaka yayayayaka
yuka
]; ];
scope = "Maintain gitlab packages."; scope = "Maintain gitlab packages.";
shortName = "gitlab"; shortName = "gitlab";
@ -408,7 +405,6 @@ with lib.maintainers; {
hedning hedning
jtojnar jtojnar
dasj19 dasj19
amaxine
]; ];
githubTeams = [ githubTeams = [
"gnome" "gnome"
@ -467,6 +463,14 @@ with lib.maintainers; {
shortName = "Home Assistant"; shortName = "Home Assistant";
}; };
infisical = {
members = [
akhilmhdh
];
scope = "Maintain Infisical";
shortName = "Infisical";
};
iog = { iog = {
members = [ members = [
cleverca22 cleverca22
@ -531,7 +535,6 @@ with lib.maintainers; {
members = [ members = [
aanderse aanderse
edwtjo edwtjo
MP2E
thiagokokada thiagokokada
]; ];
scope = "Maintain Libretro, RetroArch and related packages."; scope = "Maintain Libretro, RetroArch and related packages.";
@ -723,6 +726,16 @@ with lib.maintainers; {
enableFeatureFreezePing = true; enableFeatureFreezePing = true;
}; };
lix = {
members = [
raitobezarius
qyriad
];
scope = "Maintain the Lix package manager inside of Nixpkgs.";
shortName = "Lix ecosystem";
enableFeatureFreezePing = true;
};
module-system = { module-system = {
members = [ members = [
infinisil infinisil
@ -736,7 +749,6 @@ with lib.maintainers; {
node = { node = {
members = [ members = [
lilyinstarlight lilyinstarlight
marsam
winter winter
]; ];
scope = "Maintain Node.js runtimes and build tooling."; scope = "Maintain Node.js runtimes and build tooling.";
@ -802,6 +814,7 @@ with lib.maintainers; {
aanderse aanderse
drupol drupol
ma27 ma27
patka
talyz talyz
]; ];
githubTeams = [ githubTeams = [
@ -834,7 +847,6 @@ with lib.maintainers; {
python = { python = {
members = [ members = [
fridh
hexa hexa
jonringer jonringer
tjni tjni
@ -864,8 +876,10 @@ with lib.maintainers; {
r = { r = {
members = [ members = [
b-rodrigues
bcdarwin bcdarwin
jbedo jbedo
kupac
]; ];
scope = "Maintain the R programming language and related packages."; scope = "Maintain the R programming language and related packages.";
shortName = "R"; shortName = "R";
@ -906,7 +920,6 @@ with lib.maintainers; {
ruby = { ruby = {
members = [ members = [
marsam
]; ];
scope = "Maintain the Ruby interpreter and related packages."; scope = "Maintain the Ruby interpreter and related packages.";
shortName = "Ruby"; shortName = "Ruby";

View file

@ -10,14 +10,12 @@ If you find yourself repeating yourself over and over, its time to abstract.
adminAddr = "alice@example.org"; adminAddr = "alice@example.org";
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
enablePHP = true;
}; };
"wiki.example.org" = { "wiki.example.org" = {
documentRoot = "/webroot/wiki.example.org"; documentRoot = "/webroot/wiki.example.org";
adminAddr = "alice@example.org"; adminAddr = "alice@example.org";
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
enablePHP = true;
}; };
}; };
} }
@ -35,7 +33,7 @@ in
{ {
services.httpd.virtualHosts = services.httpd.virtualHosts =
{ "blog.example.org" = (commonConfig // { documentRoot = "/webroot/blog.example.org"; }); { "blog.example.org" = (commonConfig // { documentRoot = "/webroot/blog.example.org"; });
"wiki.example.org" = (commonConfig // { documentRoot = "/webroot/wiki.example.com"; }); "wiki.example.org" = (commonConfig // { documentRoot = "/webroot/wiki.example.org"; });
}; };
} }
``` ```

View file

@ -6,5 +6,5 @@ graphical installation CD.
It sets [](#opt-services.xserver.enable), It sets [](#opt-services.xserver.enable),
[](#opt-services.displayManager.sddm.enable), [](#opt-services.displayManager.sddm.enable),
[](#opt-services.xserver.desktopManager.plasma5.enable), [](#opt-services.xserver.desktopManager.plasma5.enable),
and [](#opt-services.xserver.libinput.enable) to true. It also and [](#opt-services.libinput.enable) to true. It also
includes glxinfo and firefox in the system packages list. includes glxinfo and firefox in the system packages list.

View file

@ -207,7 +207,7 @@ Latitude series) can be enabled as follows:
```nix ```nix
{ {
services.xserver.libinput.enable = true; services.libinput.enable = true;
} }
``` ```
@ -216,7 +216,7 @@ For instance, the following disables tap-to-click behavior:
```nix ```nix
{ {
services.xserver.libinput.touchpad.tapping = false; services.libinput.touchpad.tapping = false;
} }
``` ```

View file

@ -80,17 +80,17 @@ let
cp -r --no-preserve=all $inputs/* . cp -r --no-preserve=all $inputs/* .
substituteInPlace ./manual.md \ substituteInPlace ./manual.md \
--replace '@NIXOS_VERSION@' "${version}" --replace-fail '@NIXOS_VERSION@' "${version}"
substituteInPlace ./configuration/configuration.md \ substituteInPlace ./configuration/configuration.md \
--replace \ --replace-fail \
'@MODULE_CHAPTERS@' \ '@MODULE_CHAPTERS@' \
${escapeShellArg (concatMapStringsSep "\n" (p: "${p.value}") config.meta.doc)} ${escapeShellArg (concatMapStringsSep "\n" (p: "${p.value}") config.meta.doc)}
substituteInPlace ./nixos-options.md \ substituteInPlace ./nixos-options.md \
--replace \ --replace-fail \
'@NIXOS_OPTIONS_JSON@' \ '@NIXOS_OPTIONS_JSON@' \
${optionsDoc.optionsJSON}/${common.outputPath}/options.json ${optionsDoc.optionsJSON}/${common.outputPath}/options.json
substituteInPlace ./development/writing-nixos-tests.section.md \ substituteInPlace ./development/writing-nixos-tests.section.md \
--replace \ --replace-fail \
'@NIXOS_TEST_OPTIONS_JSON@' \ '@NIXOS_TEST_OPTIONS_JSON@' \
${testOptionsDoc.optionsJSON}/${common.outputPath}/options.json ${testOptionsDoc.optionsJSON}/${common.outputPath}/options.json
sed -e '/@PYTHON_MACHINE_METHODS@/ {' -e 'r ${testDriverMachineDocstrings}/machine-methods.md' -e 'd' -e '}' \ sed -e '/@PYTHON_MACHINE_METHODS@/ {' -e 'r ${testDriverMachineDocstrings}/machine-methods.md' -e 'd' -e '}' \

View file

@ -42,9 +42,11 @@ The first steps to all these are the same:
will be safer to use the `nixos-*` channels instead: will be safer to use the `nixos-*` channels instead:
```ShellSession ```ShellSession
$ nix-channel --add https://nixos.org/channels/nixos-version nixpkgs $ nix-channel --add https://nixos.org/channels/nixos-<version> nixpkgs
``` ```
Where `<version>` corresponds to the latest version available on [channels.nixos.org](https://channels.nixos.org/).
You may want to throw in a `nix-channel --update` for good measure. You may want to throw in a `nix-channel --update` for good measure.
1. Install the NixOS installation tools: 1. Install the NixOS installation tools:

View file

@ -3,8 +3,8 @@
Installing NixOS into a VirtualBox guest is convenient for users who Installing NixOS into a VirtualBox guest is convenient for users who
want to try NixOS without installing it on bare metal. If you want to want to try NixOS without installing it on bare metal. If you want to
use a pre-made VirtualBox appliance, it is available at [the downloads use a pre-made VirtualBox appliance, it is available at [the downloads
page](https://nixos.org/nixos/download.html). If you want to set up a page](https://nixos.org/download/#nixos-virtualbox). If you want to set
VirtualBox guest manually, follow these instructions: up a VirtualBox guest manually, follow these instructions:
1. Add a New Machine in VirtualBox with OS Type "Linux / Other Linux" 1. Add a New Machine in VirtualBox with OS Type "Linux / Other Linux"

View file

@ -33,8 +33,8 @@ To see what channels are available, go to <https://channels.nixos.org>.
contains the channel's latest version and includes ISO images and contains the channel's latest version and includes ISO images and
VirtualBox appliances.) Please note that during the release process, VirtualBox appliances.) Please note that during the release process,
channels that are not yet released will be present here as well. See the channels that are not yet released will be present here as well. See the
Getting NixOS page <https://nixos.org/nixos/download.html> to find the Getting NixOS page <https://nixos.org/download/> to find the newest
newest supported stable release. supported stable release.
When you first install NixOS, you're automatically subscribed to the When you first install NixOS, you're automatically subscribed to the
NixOS channel that corresponds to your installation source. For NixOS channel that corresponds to your installation source. For

View file

@ -10,7 +10,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- `cryptsetup` has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. - `cryptsetup` has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption.
Take the time to review [the release notes](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.7.0/docs/v2.7.0-ReleaseNotes). Take the time to review [the release notes](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.7.0/docs/v2.7.0-ReleaseNotes).
One of the highlight is that it is now possible to use hardware OPAL-based encryption of your disk with `cryptsetup`, it has a lot of caveats, see the above notes for the full details. One of the highlights is that it is now possible to use hardware OPAL-based encryption of your disk with `cryptsetup`. It has a lot of caveats, see the above notes for the full details.
- `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment. - `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment.
@ -30,9 +30,13 @@ In addition to numerous new and upgraded packages, this release has the followin
To disable this, set [nixpkgs.flake.setNixPath](#opt-nixpkgs.flake.setNixPath) and [nixpkgs.flake.setFlakeRegistry](#opt-nixpkgs.flake.setFlakeRegistry) to false. To disable this, set [nixpkgs.flake.setNixPath](#opt-nixpkgs.flake.setNixPath) and [nixpkgs.flake.setFlakeRegistry](#opt-nixpkgs.flake.setFlakeRegistry) to false.
- Julia environments can now be built with arbitrary packages from the ecosystem using the `.withPackages` function. For example: `julia.withPackages ["Plots"]`. - `nixVersions.unstable` was removed. Instead the following attributes are provided:
- `nixVersions.git` which tracks the latest Nix master and is roughly updated once a week. This is intended to enable people to easily test unreleased changes of Nix to catch regressions earlier.
- `nixVersions.latest` which points to the latest Nix version packaged in nixpkgs.
- The PipeWire and WirePlumber modules have removed support for using - `julia` environments can now be built with arbitrary packages from the ecosystem using the `.withPackages` function. For example: `julia.withPackages ["Plots"]`.
- `pipewire` and `wireplumber` modules have removed support for using
`environment.etc."pipewire/..."` and `environment.etc."wireplumber/..."`. `environment.etc."pipewire/..."` and `environment.etc."wireplumber/..."`.
Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for PipeWire and Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for PipeWire and
`services.pipewire.wireplumber.configPackages` for WirePlumber instead." `services.pipewire.wireplumber.configPackages` for WirePlumber instead."
@ -41,18 +45,18 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
Refer to upstream [upgrade instructions](https://goteleport.com/docs/management/operations/upgrading/) Refer to upstream [upgrade instructions](https://goteleport.com/docs/management/operations/upgrading/)
and release notes for [v15](https://goteleport.com/docs/changelog/#1500-013124). and release notes for [v15](https://goteleport.com/docs/changelog/#1500-013124).
- A new option `systemd.sysusers.enable` was added. If enabled, users and - `systemd.sysusers.enable` option was added. If enabled, users and
groups are created with systemd-sysusers instead of with a custom perl script. groups are created with systemd-sysusers instead of with a custom perl script.
- The default dbus implementation has transitioned to dbus-broker from the classic dbus daemon for better performance and reliability. Users can revert to the classic dbus daemon by setting `services.dbus.implementation = "dbus";`. For detailed deviations, refer to [dbus-broker's deviations page](https://github.com/bus1/dbus-broker/wiki/Deviations). - `virtualisation.docker.enableNvidia` and `virtualisation.podman.enableNvidia` options are deprecated. `hardware.nvidia-container-toolkit.enable` should be used instead. This option will expose GPUs on containers with the `--device` CLI option. This is supported by Docker 25, Podman 3.2.0 and Singularity 4. Any container runtime that supports the CDI specification will take advantage of this feature.
- A new option `virtualisation.containers.cdi` was added. It contains `static` and `dynamic` attributes (corresponding to `/etc/cdi` and `/run/cdi` respectively) to configure the Container Device Interface (CDI). - `system.etc.overlay.enable` option was added. If enabled, `/etc` is
- `virtualisation.docker.enableNvidia` and `virtualisation.podman.enableNvidia` options are deprecated. `virtualisation.containers.cdi.dynamic.nvidia.enable` should be used instead. This option will expose GPUs on containers with the `--device` CLI option. This is supported by Docker 25, Podman 3.2.0 and Singularity 4. Any container runtime that supports the CDI specification will take advantage of this feature.
- A new option `system.etc.overlay.enable` was added. If enabled, `/etc` is
mounted via an overlayfs instead of being created by a custom perl script. mounted via an overlayfs instead of being created by a custom perl script.
- For each supporting version of the Linux kernel firmware blobs
are compressed with zstd. For firmware blobs this means an increase of 4.4% in size, however
a significantly higher decompression speed.
- NixOS AMIs are now uploaded regularly to a new AWS Account. - NixOS AMIs are now uploaded regularly to a new AWS Account.
Instructions on how to use them can be found on <https://nixos.github.io/amis>. Instructions on how to use them can be found on <https://nixos.github.io/amis>.
We are working on integration the data into the NixOS homepage. We are working on integration the data into the NixOS homepage.
@ -69,16 +73,16 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
} }
``` ```
- The initial Incus LTS release (v6.0.x) is now available through `virtualisation.incus` as the default. Users who wish to continue using the non-LTS release will need to set `virtualisation.incus.package = pkgs.incus`. Stable release users are encouraged to stay on the LTS release as non-LTS releases will by default not be backported. - `virtialisation.incus` now defaults to the newly-added `incus-lts` release (v6.0.x). Users who wish to continue using the non-LTS release will need to set `virtualisation.incus.package = pkgs.incus`. Stable release users are encouraged to stay on the LTS release as non-LTS releases will by default not be backported.
- Canonical LXD has been upgraded to v5.21.x, an LTS release. The LTS release is now the only supported LXD release. Users are encouraged to [migrate to Incus](https://linuxcontainers.org/incus/docs/main/howto/server_migrate_lxd/) for better support on NixOS. - Canonical `lxd` has been upgraded to v5.21.x, an LTS release. The LTS release is now the only supported LXD release. Users are encouraged to [migrate to Incus](https://linuxcontainers.org/incus/docs/main/howto/server_migrate_lxd/) for better support on NixOS.
- lua interpreters default LUA_PATH and LUA_CPATH are not overriden by nixpkgs - `lua` interpreters default LUA_PATH and LUA_CPATH are not overriden by nixpkgs
anymore, we patch LUA_ROOT instead which is more respectful to upstream. anymore, we patch LUA_ROOT instead which is more respectful to upstream.
- Plasma 6 is now available and can be installed with `services.xserver.desktopManager.plasma6.enable = true;`. Plasma 5 will likely be deprecated in the next release (24.11). Note that Plasma 6 runs as Wayland by default, and the X11 session needs to be explicitly selected if necessary. - `plasma6` is now available and can be installed with `services.xserver.desktopManager.plasma6.enable = true;`. Plasma 5 will likely be deprecated in the next release (24.11). Note that Plasma 6 runs as Wayland by default, and the X11 session needs to be explicitly selected if necessary.
- The desktop mode of Lomiri (formerly known as Unity8), using Mir 2.x to function as a Wayland compositor, is now available and can be installed with `services.desktopManager.lomiri.enable = true`. Note that some core applications, services and indicators have yet to be packaged, and some functions may remain incomplete, but the base experience should be there. - `lomiri` (formerly known as Unity8) desktop mode, using Mir 2.x to function as a Wayland compositor, is now available and can be installed with `services.desktopManager.lomiri.enable = true`. Note that some core applications, services and indicators have yet to be packaged, and some functions may remain incomplete, but the base experience should be there.
## New Services {#sec-release-24.05-new-services} ## New Services {#sec-release-24.05-new-services}
@ -92,15 +96,17 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- [PhotonVision](https://photonvision.org/), a free, fast, and easy-to-use computer vision solution for the FIRST® Robotics Competition. - [PhotonVision](https://photonvision.org/), a free, fast, and easy-to-use computer vision solution for the FIRST® Robotics Competition.
- [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable) - [clatd](https://github.com/toreanderson/clatd), a CLAT / SIIT-DC Edge Relay implementation for Linux.
- [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable).
- [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable). - [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).
- [ryzen-monitor-ng](https://github.com/mann1x/ryzen_monitor_ng), a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as [programs.ryzen-monitor-ng](#opt-programs.ryzen-monitor-ng.enable) - [ryzen-monitor-ng](https://github.com/mann1x/ryzen_monitor_ng), a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as [programs.ryzen-monitor-ng](#opt-programs.ryzen-monitor-ng.enable).
- [ryzen-smu](https://gitlab.com/leogx9r/ryzen_smu), Linux kernel driver to expose the SMU (System Management Unit) for certain AMD Ryzen Processors. Includes the userspace program `monitor_cpu`. Available at [hardward.cpu.amd.ryzen-smu](#opt-hardware.cpu.amd.ryzen-smu.enable) - [ryzen-smu](https://gitlab.com/leogx9r/ryzen_smu), Linux kernel driver to expose the SMU (System Management Unit) for certain AMD Ryzen Processors. Includes the userspace program `monitor_cpu`. Available at [hardward.cpu.amd.ryzen-smu](#opt-hardware.cpu.amd.ryzen-smu.enable).
- systemd's gateway, upload, and remote services, which provides ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable). - `systemd`'s `gateway`, `upload`, and `remote` services, which provide ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable).
- [GNS3](https://www.gns3.com/), a network software emulator. Available as [services.gns3-server](#opt-services.gns3-server.enable). - [GNS3](https://www.gns3.com/), a network software emulator. Available as [services.gns3-server](#opt-services.gns3-server.enable).
@ -122,14 +128,18 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- [Python Matter Server](https://github.com/home-assistant-libs/python-matter-server), a - [Python Matter Server](https://github.com/home-assistant-libs/python-matter-server), a
Matter Controller Server exposing websocket connections for use with other services, notably Home Assistant. Matter Controller Server exposing websocket connections for use with other services, notably Home Assistant.
Available as [services.matter-server](#opt-services.matter-server.enable) Available as [services.matter-server](#opt-services.matter-server.enable).
- [db-rest](https://github.com/derhuerst/db-rest), a wrapper around Deutsche Bahn's internal API for public transport data. Available as [services.db-rest](#opt-services.db-rest.enable). - [db-rest](https://github.com/derhuerst/db-rest), a wrapper around Deutsche Bahn's internal API for public transport data. Available as [services.db-rest](#opt-services.db-rest.enable).
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable). - [mautrix-signal](https://github.com/mautrix/signal), a Matrix-Signal puppeting bridge. Available as [services.mautrix-signal](#opt-services.mautrix-signal.enable).
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares.
- [mautrix-meta](https://github.com/mautrix/meta), a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge. Available as services.mautrix-meta - [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server software.
- [mautrix-meta](https://github.com/mautrix/meta), a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge. Available as services.mautrix-meta.
- [Jottacloud Command-line Tool](https://docs.jottacloud.com/en/articles/1436834-jottacloud-command-line-tool), a CLI for the [Jottacloud](https://jottacloud.com/) cloud storage provider. Available as [services.jotta-cli](#opt-services.jotta-cli.enable).
- [transfer-sh](https://github.com/dutchcoders/transfer.sh), a tool that supports easy and fast file sharing from the command-line. Available as [services.transfer-sh](#opt-services.transfer-sh.enable). - [transfer-sh](https://github.com/dutchcoders/transfer.sh), a tool that supports easy and fast file sharing from the command-line. Available as [services.transfer-sh](#opt-services.transfer-sh.enable).
@ -139,7 +149,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [Suwayomi Server](https://github.com/Suwayomi/Suwayomi-Server), a free and open source manga reader server that runs extensions built for [Tachiyomi](https://tachiyomi.org). Available as [services.suwayomi-server](#opt-services.suwayomi-server.enable). - [Suwayomi Server](https://github.com/Suwayomi/Suwayomi-Server), a free and open source manga reader server that runs extensions built for [Tachiyomi](https://tachiyomi.org). Available as [services.suwayomi-server](#opt-services.suwayomi-server.enable).
- A self-hosted management server for the [Netbird](https://netbird.io). Available as [services.netbird.server](#opt-services.netbird.server.enable). - [Netbird](https://netbird.io), an open-source VPN management platform, now has a self-hosted management server. Available as [services.netbird.server](#opt-services.netbird.server.enable).
- [ping_exporter](https://github.com/czerwonk/ping_exporter), a Prometheus exporter for ICMP echo requests. Available as [services.prometheus.exporters.ping](#opt-services.prometheus.exporters.ping.enable). - [ping_exporter](https://github.com/czerwonk/ping_exporter), a Prometheus exporter for ICMP echo requests. Available as [services.prometheus.exporters.ping](#opt-services.prometheus.exporters.ping.enable).
@ -151,9 +161,13 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable). - [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable).
- [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix]($opt-services-pretix.enable). - [intel-gpu-tools](https://drm.pages.freedesktop.org/igt-gpu-tools), tools for development and testing of the Intel DRM driver. Available as [hardware.intel-gpu-tools](#opt-hardware.intel-gpu-tools.enable).
- [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks]($opt-services-microsocks.enable). - [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix](#opt-services.pretix.enable).
- [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks](#opt-services.microsocks.enable).
- [inadyn](https://github.com/troglobit/inadyn), a Dynamic DNS client with built-in support for multiple providers. Available as [services.inadyn](#opt-services.inadyn.enable).
- [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable). - [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
@ -161,43 +175,69 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [armagetronad](https://wiki.armagetronad.org), a mid-2000s 3D lightcycle game widely played at iD Tech Camps. You can define multiple servers using `services.armagetronad.<server>.enable`. - [armagetronad](https://wiki.armagetronad.org), a mid-2000s 3D lightcycle game widely played at iD Tech Camps. You can define multiple servers using `services.armagetronad.<server>.enable`.
- [wyoming-satellite](https://github.com/rhasspy/wyoming-satellite), a voice assistant satellite for Home Assistant using the Wyoming protocol. Available as [services.wyoming.satellite]($opt-services.wyoming.satellite.enable). - [wyoming-satellite](https://github.com/rhasspy/wyoming-satellite), a voice assistant satellite for Home Assistant using the Wyoming protocol. Available as [services.wyoming.satellite](#opt-services.wyoming.satellite.enable).
- [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable). - [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable).
- binfmt option for AppImage-run to support running [AppImage](https://appimage.org/)'s seamlessly on NixOS.. Available as [programs.appimage.binfmt](#opt-programs.appimage.binfmt). - [AppImage](https://appimage.org/), a tool to package desktop applications, now has a `binfmt` option to support running AppImages seamlessly on NixOS. Available as [programs.appimage.binfmt](#opt-programs.appimage.binfmt).
- [nh](https://github.com/viperML/nh), yet another Nix CLI helper. Available as [programs.nh](#opt-programs.nh.enable). - [nh](https://github.com/viperML/nh), yet another Nix CLI helper. Available as [programs.nh](#opt-programs.nh.enable).
- [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable) - [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable).
- [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer. - [xdg-terminal-exec](https://github.com/Vladimir-csp/xdg-terminal-exec), the proposed Default Terminal Execution Specification.
- [Scrutiny](https://github.com/AnalogJ/scrutiny), a S.M.A.R.T monitoring tool for hard disks with a web frontend. - [your_spotify](https://github.com/Yooooomi/your_spotify), a self hosted Spotify tracking dashboard. Available as [services.your_spotify](#opt-services.your_spotify.enable)
- [davis](https://github.com/tchapi/davis), a simple CardDav and CalDav server inspired by Baïkal. Available as [services.davis]($opt-services-davis.enable). - [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer. Available as [services.rustdesk-server](#opt-services.rustdesk-server.enable).
- [Firefly-iii](https://www.firefly-iii.org), a free and open source personal finance manager. Available as [services.firefly-iii](#opt-services.firefly-iii.enable) - [Scrutiny](https://github.com/AnalogJ/scrutiny), a S.M.A.R.T monitoring tool for hard disks with a web frontend. Available as [services.scrutiny](#opt-services.scrutiny.enable).
- [davis](https://github.com/tchapi/davis), a simple CardDav and CalDav server inspired by Baïkal. Available as [services.davis](#opt-services.davis.enable).
- [Firefly-iii](https://www.firefly-iii.org), a free and open source personal finance manager. Available as [services.firefly-iii](#opt-services.firefly-iii.enable).
- [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable). - [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable).
- [wastebin](https://github.com/matze/wastebin), a pastebin server written in rust. Available as [services.wastebin](#opt-services.wastebin.enable). - [wastebin](https://github.com/matze/wastebin), a pastebin server written in rust. Available as [services.wastebin](#opt-services.wastebin.enable).
- [Mealie](https://nightly.mealie.io/), a self-hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in NuxtJS for a pleasant user experience for the whole family. Available as [services.mealie](#opt-services.mealie.enable) - [Mealie](https://nightly.mealie.io/), a self-hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in NuxtJS for a pleasant user experience for the whole family. Available as [services.mealie](#opt-services.mealie.enable).
- [Sunshine](https://app.lizardbyte.dev/Sunshine), a self-hosted game stream host for Moonlight. Available as [services.sunshine](#opt-services.sunshine.enable). - [Sunshine](https://app.lizardbyte.dev/Sunshine), a self-hosted game stream host for Moonlight. Available as [services.sunshine](#opt-services.sunshine.enable).
- [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable) - [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable).
- [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable). - [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable).
- [isolate](https://github.com/ioi/isolate), a sandbox for securely executing untrusted programs. Available as [security.isolate](#opt-security.isolate.enable).
- [ydotool](https://github.com/ReimuNotMoe/ydotool), a generic command-line automation tool now has a module. Available as [programs.ydotool](#opt-programs.ydotool.enable).
- [private-gpt](https://github.com/zylon-ai/private-gpt), a service to interact with your documents using the power of LLMs, 100% privately, no data leaks. Available as [services.private-gpt](#opt-services.private-gpt.enable).
- [keto](https://www.ory.sh/keto/), a permission & access control server, the first open source implementation of ["Zanzibar: Google's Consistent, Global Authorization System"](https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/).
## Backward Incompatibilities {#sec-release-24.05-incompatibilities} ## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- `k3s`: was updated to version [v1.29](https://github.com/k3s-io/k3s/releases/tag/v1.29.1%2Bk3s2), all previous versions (k3s_1_26, k3s_1_27, k3s_1_28) will be removed. See [changelog and upgrade notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes) for more information. - `k3s`: was updated to version [v1.29](https://github.com/k3s-io/k3s/releases/tag/v1.29.1%2Bk3s2), all previous versions (k3s_1_26, k3s_1_27, k3s_1_28) will be removed. See [changelog and upgrade notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes) for more information.
- `himalaya` was updated to `v1.0.0-beta.4`, which introduces breaking changes. Check out the [release note](https://github.com/soywod/himalaya/releases/tag/v1.0.0-beta.4) for details. - `himalaya` was updated to v1.0.0-beta.4, which introduces breaking changes. Check out the [release note](https://github.com/soywod/himalaya/releases/tag/v1.0.0-beta.4) for details.
- `security.pam.enableSSHAgentAuth` was replaced by the `sshAgentAuth` attrset, and **only**
`authorized_keys` files listed in [`sshAgentAuth.authorizedKeysFiles`] are trusted,
defaulting to `/etc/ssh/authorized_keys.d/%u`.
::: {.warning}
Users of {manpage}`pam_ssh_agent_auth(8)` must take care that the pubkeys they use (for instance with `sudo`)
are listed in [`sshAgentAuth.authorizedKeysFiles`].
:::
::: {.note}
Previously, all `services.openssh.authorizedKeysFiles` were trusted, including `~/.ssh/authorized_keys`,
which results in an **insecure** configuration; see [#31611](https://github.com/NixOS/nixpkgs/issues/31611).
:::
[`sshAgentAuth.authorizedKeysFiles`]: #opt-security.pam.sshAgentAuth.authorizedKeysFiles
- The `power.ups` module now generates `upsd.conf`, `upsd.users` and `upsmon.conf` automatically from a set of new configuration options. This breaks compatibility with existing `power.ups` setups where these files were created manually. Back up these files before upgrading NixOS. - The `power.ups` module now generates `upsd.conf`, `upsd.users` and `upsmon.conf` automatically from a set of new configuration options. This breaks compatibility with existing `power.ups` setups where these files were created manually. Back up these files before upgrading NixOS.
@ -208,11 +248,13 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `cudaPackages.autoFixElfFiles` has been deprecated for `pkgs.autoFixElfFiles`. Functionality has not changed, but the setuphook has been renamed and moved to the top-level package scope. - `cudaPackages.autoFixElfFiles` has been deprecated for `pkgs.autoFixElfFiles`. Functionality has not changed, but the setuphook has been renamed and moved to the top-level package scope.
- `appimageTools.wrapAppImage` now creates the binary at `$out/bin/${pname}` rather than `$out/bin/${pname}-${version}`, which will break downstream workarounds.
- `pdns` was updated to version [v4.9.x](https://doc.powerdns.com/authoritative/changelog/4.9.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-4-9-0) for details. - `pdns` was updated to version [v4.9.x](https://doc.powerdns.com/authoritative/changelog/4.9.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-4-9-0) for details.
- `unrar` was updated to v7. See [changelog](https://www.rarlab.com/unrar7notes.htm) for more information. - `unrar` was updated to v7. See [changelog](https://www.rarlab.com/unrar7notes.htm) for more information.
- `git-town` was updated from version `11` to `13`. See the [changelog](https://github.com/git-town/git-town/blob/main/CHANGELOG.md#1300-2024-03-22) for breaking changes. - `git-town` was updated from version 11 to 13. See the [changelog](https://github.com/git-town/git-town/blob/main/CHANGELOG.md#1300-2024-03-22) for breaking changes.
- `k9s` was updated to v0.31. There have been various breaking changes in the config file format, - `k9s` was updated to v0.31. There have been various breaking changes in the config file format,
check out the changelog of [v0.29](https://github.com/derailed/k9s/releases/tag/v0.29.0), check out the changelog of [v0.29](https://github.com/derailed/k9s/releases/tag/v0.29.0),
@ -220,22 +262,25 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
[v0.31](https://github.com/derailed/k9s/releases/tag/v0.31.0) for details. It is recommended [v0.31](https://github.com/derailed/k9s/releases/tag/v0.31.0) for details. It is recommended
to back up your current configuration and let k9s recreate the new base configuration. to back up your current configuration and let k9s recreate the new base configuration.
- the .csv format used to define lua packages to be updated via
`luarocks-packages-updater` has changed: `src` (URL towards a git repository) has now become `rockspec` (URL towards a rockspec) to remove ambiguity regarding which rockspec to use and simplify implementation.
- NixOS AMIs are now uploaded regularly to a new AWS Account. - NixOS AMIs are now uploaded regularly to a new AWS Account.
Instructions on how to use them can be found on <https://nixos.github.io/amis>. Instructions on how to use them can be found on <https://nixos.github.io/amis>.
We are working on integration the data into the NixOS homepage. We are working on integration the data into the NixOS homepage.
The list in `nixos/modules/virtualisation/amazon-ec2-amis.nix` will stop The list in `nixos/modules/virtualisation/amazon-ec2-amis.nix` will stop
being updated and will be removed in the future. being updated and will be removed in the future.
- The option `services.postgresql.ensureUsers._.ensurePermissions` has been removed as it's - The option `services.postgresql.ensureUsers._.ensurePermissions` has been removed as it is
not declarative and is broken with newer postgresql versions. Consider using not declarative and is broken with newer postgresql versions. Consider using
[](#opt-services.postgresql.ensureUsers._.ensureDBOwnership) [](#opt-services.postgresql.ensureUsers._.ensureDBOwnership)
instead or a tool that's more suited for managing the data inside a postgresql database. instead or a tool that is more suited for managing the data inside a postgresql database.
- `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details. - `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details.
- `nvtop` family of packages was reorganized into nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are now named as `nvtopPackages.{amd,nvidia,intel,msm}` - `nvtop` family of packages was reorganized into nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are now named as `nvtopPackages.{amd,nvidia,intel,msm}`.
- `neo4j` has been updated to 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/) - `neo4j` has been updated to version 5. You may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/).
- `services.neo4j.allowUpgrade` was removed and no longer has any effect. Neo4j 5 supports automatic rolling upgrades. - `services.neo4j.allowUpgrade` was removed and no longer has any effect. Neo4j 5 supports automatic rolling upgrades.
@ -243,43 +288,49 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `mongodb-4_4` has been removed as it has reached end of life. Consequently, `unifi7` and `unifi8` now use MongoDB 5.0 by default. - `mongodb-4_4` has been removed as it has reached end of life. Consequently, `unifi7` and `unifi8` now use MongoDB 5.0 by default.
- `mongodb-5_0` and newer requires a cpu with the avx instruction set to run.
- `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details. - `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details.
- `boot.supportedFilesystems` and `boot.initrd.supportedFilesystems` are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using `supportedFilesystems.fs or false` instead of using `lib.elem "fs" supportedFilesystems` as was done previously. - `boot.supportedFilesystems` and `boot.initrd.supportedFilesystems` are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using `supportedFilesystems.fs or false` instead of using `lib.elem "fs" supportedFilesystems` as was done previously.
- `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`. - `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`.
This was done so that secrets aren't stored in the world-readable nix store. This was done so that secrets aren't stored in the world-readable nix store.
To migrate, you will have create a file with the same exact string, and change To migrate, you will have to create a file with the same exact string, and change
your module options to point to that file. For example, `services.aria2.rpcSecret = your module options to point to that file. For example, `services.aria2.rpcSecret =
"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"` "mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`
where the file `secret_file` contains the string `mysecret`. where the file `secret_file` contains the string `mysecret`.
- The `system.forbiddenDependenciesRegex` option has been renamed to `system.forbiddenDependenciesRegexes` and now has the type of `listOf string` instead of `string` to accept multiple regexes.
- `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading - `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading
to another signature algorithm. It is however possible, for the time being, to restore the DSA keys support using `override` to set `dsaKeysSupport = true`. to another signature algorithm. However, for the time being it is possible to restore DSA key support using `override` to set `dsaKeysSupport = true`.
- `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias. - `buildGoModule` now throws an error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.
- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857) - `services.invidious.settings.db.user`, the default database username has changed from `kemal` to `invidious`. Setups involving an externally-provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857).
- `writeReferencesToFile` is deprecated in favour of the new trivial build helper `writeClosure`. The latter accepts a list of paths and has an unambiguous name and cleaner implementation. - `writeReferencesToFile` is deprecated in favour of the new trivial build helper `writeClosure`. The latter accepts a list of paths and has an unambiguous name and cleaner implementation.
- `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`. - `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`.
- `paperless`' `services.paperless.extraConfig` setting has been removed and converted to the freeform type and option named `services.paperless.settings`. - `paperless`' `services.paperless.extraConfig` setting has been removed and converted to the free-form type and option named `services.paperless.settings`.
- `davfs2`' `services.davfs2.extraConfig` setting has been deprecated and converted to the freeform type option named `services.davfs2.settings` according to RFC42. - `davfs2`' `services.davfs2.extraConfig` setting has been deprecated and converted to the free-form type option named `services.davfs2.settings` according to RFC42.
- `services.homepage-dashboard` now takes it's configuration using native Nix expressions, rather than dumping templated configurations into `/var/lib/homepage-dashboard` where they were previously managed manually. There are now new options which allow the configuration of bookmarks, services, widgets and custom CSS/JS natively in Nix. - `services.homepage-dashboard` now takes its configuration using native Nix expressions, rather than dumping templated configurations into `/var/lib/homepage-dashboard` where they were previously managed manually. There are now new options which allow the configuration of bookmarks, services, widgets and custom CSS/JS natively in Nix.
- `hare` may now be cross-compiled. For that to work, however, `haredoc` needed to stop being built together with it. Thus, the latter is now its own package with the name of `haredoc`. - `hare` may now be cross-compiled. For that to work, however, `haredoc` needed to stop being built together with it. Thus, the latter is now its own package with the name of `haredoc`.
- The legacy and long deprecated systemd target `network-interfaces.target` has been removed. Use `network.target` instead. - `network-interfaces.target` system target was removed as it has been deprecated for a long time. Use `network.target` instead.
- `services.redis.vmOverCommit` now defaults to `true` and no longer enforces Transparent Hugepages (THP) to be disabled. Redis only works with THP configured to `madvise` which is the kernel's default.
- `azure-cli` now has extension support. For example, to install the `aks-preview` extension, use - `azure-cli` now has extension support. For example, to install the `aks-preview` extension, use
```nix ```nix
environment.systemPackages = [ environment.systemPackages = [
(azure-cli.withExtensions [ azure-cli.extensions.aks-preview ]); (azure-cli.withExtensions [ azure-cli.extensions.aks-preview ])
]; ];
``` ```
To make the `azure-cli` immutable and prevent clashes in case `azure-cli` is also installed via other package managers, some configuration files were moved into the derivation. To make the `azure-cli` immutable and prevent clashes in case `azure-cli` is also installed via other package managers, some configuration files were moved into the derivation.
@ -291,17 +342,23 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- Proxies are now defined with a new option `settings.proxies` which takes a list of proxies. - Proxies are now defined with a new option `settings.proxies` which takes a list of proxies.
- Consult the [upstream documentation](https://github.com/fatedier/frp#example-usage) for more details on the changes. - Consult the [upstream documentation](https://github.com/fatedier/frp#example-usage) for more details on the changes.
- `mkosi` was updated to v20. Parts of the user interface have changed. Consult the - `mkosi` was updated to v22. Parts of the user interface have changed. Consult the
release notes of [v19](https://github.com/systemd/mkosi/releases/tag/v19) and release notes of [v19](https://github.com/systemd/mkosi/releases/tag/v19),
[v20](https://github.com/systemd/mkosi/releases/tag/v20) for a list of changes. [v20](https://github.com/systemd/mkosi/releases/tag/v20),
[v21](https://github.com/systemd/mkosi/releases/tag/v21) and
[v22](https://github.com/systemd/mkosi/releases/tag/v22) for a list of changes.
- `gonic` has been updated to v0.16.4. Config now requires `playlists-path` to be set. See the rest of the [v0.16.0 release notes](https://github.com/sentriz/gonic/releases/tag/v0.16.0) for more details. - `gonic` has been updated to v0.16.4. Config now requires `playlists-path` to be set. See the rest of the [v0.16.0 release notes](https://github.com/sentriz/gonic/releases/tag/v0.16.0) for more details.
- The `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed. - `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed.
- The `services.vikunja.setupNginx` setting has been removed. Users now need to setup the webserver configuration on their own with a proxy pass to the vikunja service. - `services.vikunja.setupNginx` setting has been removed. Users now need to setup the webserver configuration on their own with a proxy pass to the vikunja service.
- The `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200). - `services.vmagent` module deprecates `dataDir`, `group` and `user` setting in favor of systemd provided CacheDirectory and DynamicUser.
- `services.vmagent.remoteWriteUrl` setting has been renamed to `services.vmagent.remoteWrite.url` and now defaults to `null`.
- `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200).
- `services.nginx` will no longer advertise HTTP/3 availability automatically. This must now be manually added, preferably to each location block. - `services.nginx` will no longer advertise HTTP/3 availability automatically. This must now be manually added, preferably to each location block.
Example: Example:
@ -317,27 +374,31 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
} }
``` ```
- The package `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few. - `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few.
- The `kanata` package has been updated to v1.5.0, which includes [breaking changes](https://github.com/jtroo/kanata/releases/tag/v1.5.0). - `kanata` package has been updated to v1.6.1, which includes breaking changes. Check out the changelog of [v1.5.0](https://github.com/jtroo/kanata/releases/tag/v1.5.0) and [v1.6.0](https://github.com/jtroo/kanata/releases/tag/v1.6.0) for details.
- The `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8). - `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8).
- Files are now handled in binary mode; this could break programs with embedded UTF-8 characters. - Files are now handled in binary mode; this could break programs with embedded UTF-8 characters.
- The ROM was updated to match ComputerCraft version v1.109.2. - The ROM was updated to match ComputerCraft version v1.109.2.
- The bundled Lua was updated to Lua v5.2, which includes breaking changes. See the [Lua manual](https://www.lua.org/manual/5.2/manual.html#8) for more information. - The bundled Lua was updated to Lua v5.2, which includes breaking changes. See the [Lua manual](https://www.lua.org/manual/5.2/manual.html#8) for more information.
- The WebSocket API [was rewritten](https://github.com/MCJack123/craftos2/issues/337), which introduced breaking changes. - The WebSocket API [was rewritten](https://github.com/MCJack123/craftos2/issues/337), which introduced breaking changes.
- The `gtest` package has been updated past v1.13.0, which requires C++14 or higher. - `gtest` package has been updated past v1.13.0, which requires C++14 or higher.
- The latest available version of Nextcloud is v28 (available as `pkgs.nextcloud28`). The installation logic is as follows: - Nextcloud 26 has been removed since it's not maintained anymore by upstream.
- The latest available version of Nextcloud is v29 (available as `pkgs.nextcloud29`). The installation logic is as follows:
- If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**) - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)
- If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud28` will be installed by default. - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud29` will be installed by default.
- If [`system.stateVersion`](#opt-system.stateVersion) is >=23.11, `pkgs.nextcloud27` will be installed by default. - If [`system.stateVersion`](#opt-system.stateVersion) is >=23.11, `pkgs.nextcloud27` will be installed by default.
- Please note that an upgrade from v26 (or older) to v28 directly is not possible. Please upgrade to `nextcloud27` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud27;`](options.html#opt-services.nextcloud.package). - Please note that an upgrade from v27 (or older) to v29 directly is not possible. Please upgrade to `nextcloud28` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud28;`](options.html#opt-services.nextcloud.package).
- Known warnings after the upgrade are documented in [](#module-services-nextcloud-known-warnings) from now on.
- The "Photos" app only displays Media from inside the `Photos` directory. This can be changed manually in the "Photos" tab below "Photos settings".
- The vendored third party libraries have been mostly removed from `cudaPackages.nsight_systems`, which we now only ship for `cudaPackages_11_8` and later due to outdated dependencies. Users comfortable with the vendored dependencies may use `overrideAttrs` to amend the `postPatch` phase and the `meta.broken` correspondingly. Alternatively, one could package the deprecated `boost170` locally, as required for `cudaPackages_11_4.nsight_systems`. - The vendored third party libraries have been mostly removed from `cudaPackages.nsight_systems`, which we now only ship for `cudaPackages_11_8` and later due to outdated dependencies. Users comfortable with the vendored dependencies may use `overrideAttrs` to amend the `postPatch` phase and the `meta.broken` correspondingly. Alternatively, one could package the deprecated `boost170` locally, as required for `cudaPackages_11_4.nsight_systems`.
- The `cudaPackages` package scope has been updated to `cudaPackages_12`. - `cudaPackages` package scope has been updated to `cudaPackages_12`.
- The deprecated `cudaPackages.cudatoolkit` has been replaced with a - The deprecated `cudaPackages.cudatoolkit` has been replaced with a
symlink-based wrapper for the splayed redistributable CUDA packages. The symlink-based wrapper for the splayed redistributable CUDA packages. The
@ -345,10 +406,19 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
like e.g. tensorflow. The original runfile-based `cudatoolkit` is still like e.g. tensorflow. The original runfile-based `cudatoolkit` is still
available as `cudatoolkit-legacy-runfile`. available as `cudatoolkit-legacy-runfile`.
- The `halloy` package was updated past 2024.5 which introduced a breaking change by switching the config format from YAML to TOML. See https://github.com/squidowl/halloy/releases/tag/2024.5 for details. - `halloy` package was updated past 2024.5 which introduced a breaking change by switching the config format from YAML to TOML. See https://github.com/squidowl/halloy/releases/tag/2024.5 for details.
- If `services.smokeping.webService` was enabled, smokeping is now served via nginx instead of thttpd. This change brings the following consequences:
- The default port for smokeping is now the nginx default port 80 instead of 8081.
- The option `services.smokeping.port` has been removed. To customize the port, use `services.nginx.virtualHosts.smokeping.listen.*.port`.
- The `wpaperd` package has a breaking change moving to 1.0.1, previous version 0.3.0 had 2 different configuration files, one for wpaperd and one for the wallpapers. Remove the former and move the latter (`wallpaper.toml`) to `config.toml`.
- Ada packages (libraries and tools) have been moved into the `gnatPackages` scope. `gnatPackages` uses the default GNAT compiler, `gnat12Packages` and `gnat13Packages` use the respective matching compiler version. - Ada packages (libraries and tools) have been moved into the `gnatPackages` scope. `gnatPackages` uses the default GNAT compiler, `gnat12Packages` and `gnat13Packages` use the respective matching compiler version.
- Paths provided as `restartTriggers` and `reloadTriggers` for systemd units will now be copied into the nix store to make the behavior consistent.
Previously, `restartTriggers = [ ./config.txt ]`, if defined in a flake, would trigger a restart when any part of the flake changed; and if not defined in a flake, would never trigger a restart even if the contents of `config.txt` changed.
- `spark2014` has been renamed to `gnatprove`. A version of `gnatprove` matching different GNAT versions is available from the different `gnatPackages` sets. - `spark2014` has been renamed to `gnatprove`. A version of `gnatprove` matching different GNAT versions is available from the different `gnatPackages` sets.
- `services.resolved.fallbackDns` can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead. - `services.resolved.fallbackDns` can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead.
@ -362,10 +432,12 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `xxd` has been moved from `vim` default output to its own output to reduce closure size. The canonical way to reference it across all platforms is `unixtools.xxd`. - `xxd` has been moved from `vim` default output to its own output to reduce closure size. The canonical way to reference it across all platforms is `unixtools.xxd`.
- The `stalwart-mail` package has been updated to v0.5.3, which includes [breaking changes](https://github.com/stalwartlabs/mail-server/blob/v0.5.3/UPGRADING.md). - `stalwart-mail` package has been updated to v0.5.3, which includes [breaking changes](https://github.com/stalwartlabs/mail-server/blob/v0.5.3/UPGRADING.md).
- `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2. - `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2.
- `services.oauth2_proxy` was renamed to `services.oauth2-proxy`. Also the corresponding service, user and group were renamed.
- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively. - `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts. Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.
@ -396,21 +468,30 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
upgrade NetBox by changing `services.netbox.package`. Database migrations upgrade NetBox by changing `services.netbox.package`. Database migrations
will be run automatically. will be run automatically.
- The executable file names for `firefox-devedition`, `firefox-beta`, `firefox-esr` now matches their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher. - `gauge` now supports installing plugins using nix. For the old imperative approach, switch to `gauge-unwrapped`.
You can load plugins from an existing gauge manifest file using `gauge.fromManifest ./path/to/manifest.json` or
specify plugins in nix using `gauge.withPlugins (p: with p; [ js html-report xml-report ])`.
- `firefox-devedition`, `firefox-beta`, `firefox-esr` executable file names for now match their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.
- `chromium` and `ungoogled-chromium` had a long stanging issue regarding Widevine DRM handling in nixpkgs fixed.
`chromium` now no longer automatically downloads Widevine when encountering DRM protected content.
To be able to play DRM protected content in `chromium` now, you have to explicitly opt-in as originally intended using `chromium.override { enableWideVine = true; }`.
This override has been added almost 10 years ago.
- switch-to-configuration does not directly call systemd-tmpfiles anymore. - switch-to-configuration does not directly call systemd-tmpfiles anymore.
Instead, the new artificial sysinit-reactivation.target is introduced which Instead, the new artificial sysinit-reactivation.target is introduced which
allows to restart multiple services that are ordered before sysinit.target allows to restart multiple services that are ordered before sysinit.target
and respect the ordering between the services. and respect the ordering between the services.
- The `systemd.oomd` module behavior is changed as: - `systemd.oomd` module behavior is changed as:
- Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358). - Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358).
Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6) Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6).
- Remove swap policy. This helps prevent killing processes when user's swap is small. - Remove swap policy. This helps prevent killing processes when user's swap is small.
- Expand the memory pressure policy to system.slice, user-.slice, and all user owned slices. Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/7665e1796f915dedbf8e014f0a78f4f576d609bb) - Expand the memory pressure policy to system.slice, user-.slice, and all user owned slices. Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/7665e1796f915dedbf8e014f0a78f4f576d609bb).
- `systemd.oomd.enableUserServices` is renamed to `systemd.oomd.enableUserSlices`. - `systemd.oomd.enableUserServices` is renamed to `systemd.oomd.enableUserSlices`.
@ -423,7 +504,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable). - [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable).
- The `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes: - `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes:
- The main binary for the package is now named `jdtls` instead of `jdt-language-server`, equivalent to what most editors expect the binary to be named. - The main binary for the package is now named `jdtls` instead of `jdt-language-server`, equivalent to what most editors expect the binary to be named.
@ -445,21 +526,23 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- Ruby plugin support has been disabled in DFHack. Many of the Ruby plugins have been converted to Lua, and support was removed upstream due to frequent crashes. - Ruby plugin support has been disabled in DFHack. Many of the Ruby plugins have been converted to Lua, and support was removed upstream due to frequent crashes.
- The `livebook` package is now built as a `mix release` instead of an `escript`. - `livebook` package is now built as a `mix release` instead of an `escript`.
This means that configuration now has to be done using [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) instead of command line arguments. This means that configuration now has to be done using [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) instead of command line arguments.
This has the further implication that the `livebook` service configuration has changed: This has the further implication that the `livebook` service configuration has changed:
- The `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter. - `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter.
Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead. Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead.
- `akkoma` now requires explicitly setting the base URL for uploaded media (`settings."Pleroma.Upload".base_url`), as well as for the media proxy if enabled (`settings."Media"`). - `akkoma` now requires explicitly setting the base URL for uploaded media (`settings."Pleroma.Upload".base_url`), as well as for the media proxy if enabled (`settings."Media"`).
This is recommended to be a separate (sub)domain to the one Akkoma is hosted at. This is recommended to be a separate (sub)domain to the one Akkoma is hosted at.
See [here](https://meta.akkoma.dev/t/akkoma-stable-2024-03-securer-i-barely-know-her/681#explicit-upload-and-media-proxy-domains-5) for more details. See [here](https://meta.akkoma.dev/t/akkoma-stable-2024-03-securer-i-barely-know-her/681#explicit-upload-and-media-proxy-domains-5) for more details.
- The `crystal` package has been updated to 1.11.x, which has some breaking changes. - `crystal` package has been updated to 1.11.x, which has some breaking changes.
Refer to crystal's changelog for more information. ([v1.10](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1100-2023-10-09), [v1.11](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1110-2024-01-08)) Refer to crystal's changelog for more information. ([v1.10](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1100-2023-10-09), [v1.11](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1110-2024-01-08))
- The `erlang-ls` package no longer ships the `els_dap` binary as of v0.51.0. - `erlang-ls` package no longer ships the `els_dap` binary as of v0.51.0.
- `icu` no longer includes `install-sh` and `mkinstalldirs` in the shared folder.
## Other Notable Changes {#sec-release-24.05-notable-changes} ## Other Notable Changes {#sec-release-24.05-notable-changes}
@ -467,14 +550,14 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `addDriverRunpath` has been added to facilitate the deprecation of the old `addOpenGLRunpath` setuphook. This change is motivated by the evolution of the setuphook to include all hardware acceleration. - `addDriverRunpath` has been added to facilitate the deprecation of the old `addOpenGLRunpath` setuphook. This change is motivated by the evolution of the setuphook to include all hardware acceleration.
- Cinnamon has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions. - `cinnamon` has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions.
- MATE has been updated to 1.28. - `mate` has been updated to 1.28.
- To properly support panel plugins built with Wayland (in-process) support, we are introducing `services.xserver.desktopManager.mate.extraPanelApplets` option, please use that for installing panel applets. - To properly support panel plugins built with Wayland (in-process) support, we are introducing `services.xserver.desktopManager.mate.extraPanelApplets` option, please use that for installing panel applets.
- Similarly, please use `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions. - Similarly, please use `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions.
- To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early stage and introduces a new set of Wayfire closure. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM for display manager. - To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early stage and introduces a new set of Wayfire closure. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM for display manager.
- The Budgie module installs gnome-terminal by default (instead of mate-terminal). - `services.xserver.desktopManager.budgie` installs `gnome.gnome-terminal` by default (instead of `mate.mate-terminal`).
- New `boot.loader.systemd-boot.xbootldrMountPoint` allows setting up a separate [XBOOTLDR partition](https://uapi-group.org/specifications/specs/boot_loader_specification/) to store boot files. Useful on systems with a small EFI System partition that cannot be easily repartitioned. - New `boot.loader.systemd-boot.xbootldrMountPoint` allows setting up a separate [XBOOTLDR partition](https://uapi-group.org/specifications/specs/boot_loader_specification/) to store boot files. Useful on systems with a small EFI System partition that cannot be easily repartitioned.
@ -483,19 +566,32 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list. - `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list.
For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``; For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``;
- The Matrix homeserver [Synapse](https://element-hq.github.io/synapse/) module now supports configuring UNIX domain socket [listeners](#opt-services.matrix-synapse.settings.listeners) through the `path` option. - `services.openssh` now has an option `authorizedKeysInHomedir`, controlling whether `~/.ssh/authorizedKeys` is
added to `authorizedKeysFiles`.
::: {.note}
This option currently defaults to `true` for NixOS 24.05, preserving the previous behaviour.
This is expected to change in NixOS 24.11.
:::
::: {.warning}
Users should check that their SSH keys are in `users.users.*.openssh`, or that they have another way to access
and administer the system, before setting this option to `false`.
:::
- [`matrix-synapse`](https://element-hq.github.io/synapse/) homeserver module now supports configuring UNIX domain socket [`listeners`](#opt-services.matrix-synapse.settings.listeners) through the `path` option.
The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets. The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets.
- The initrd ssh daemon module got a new option to add authorized keys via a list of files using `boot.initrd.network.ssh.authorizedKeyFiles`. - `boot.initrd.network.ssh.authorizedKeyFiles` is a new option in the initrd ssh daemon module, for adding authorized keys via list of files.
- `appimage`, `appimageTools.wrapAppImage` and `buildFHSEnvBubblewrap` now properly accepts `pname` and `version`.
- Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles. - Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles.
The `nimPackages` and `nim2Packages` sets have been removed. The `nimPackages` and `nim2Packages` sets have been removed.
See https://nixos.org/manual/nixpkgs/unstable#nim for more information. See https://nixos.org/manual/nixpkgs/unstable#nim for more information.
- Programs written in [D](https://dlang.org/) using the `dub` build system and package manager can now be built using `buildDubPackage` utilizing lockfiles provided by the new `dub-to-nix` helper program. - `buildDubPackage` can now be used to build Programs written in [D](https://dlang.org/) using the `dub` build system and package manager.
See the [D section](https://nixos.org/manual/nixpkgs/unstable#dlang) in the manual for more information. See the [D section](https://nixos.org/manual/nixpkgs/unstable#dlang) in the manual for more information.
- [Portunus](https://github.com/majewsky/portunus) has been updated to major version 2. - [`portunus`](https://github.com/majewsky/portunus) has been updated to major version 2.
This version of Portunus supports strong password hashes, but the legacy hash SHA-256 is also still supported to ensure a smooth migration of existing user accounts. This version of Portunus supports strong password hashes, but the legacy hash SHA-256 is also still supported to ensure a smooth migration of existing user accounts.
After upgrading, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all user accounts to strong password hashes. After upgrading, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all user accounts to strong password hashes.
Support for weak password hashes will be removed in NixOS 24.11. Support for weak password hashes will be removed in NixOS 24.11.
@ -504,9 +600,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc. - `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc.
- [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0. - [`lilypond`](https://lilypond.org/index.html) and [`denemo`](https://www.denemo.org) are now compiled with Guile 3.0.
- Garage has been updated to v1.x.x. Users should read the [upstream release notes](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.0) and follow the documentation when changing over their `services.garage.package` and performing this manual upgrade. - `garage` has been updated to v1.x.x. Users should read the [upstream release notes](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.0) and follow the documentation when changing over their `services.garage.package` and performing this manual upgrade.
- The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default. - The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default.
@ -520,7 +616,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.settings.trusted_domains) and - `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.settings.trusted_domains) and
- `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.settings.trusted_proxies). - `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.settings.trusted_proxies).
- The option [`services.nextcloud.config.dbport`] of the Nextcloud module was removed to match upstream. - `services.nextcloud.config.dbport` option of the Nextcloud module was removed to match upstream.
The port can be specified in [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost). The port can be specified in [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost).
- A new abstraction to create both read-only as well as writable overlay file - A new abstraction to create both read-only as well as writable overlay file
@ -528,7 +624,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
[fileSystems.overlay](#opt-fileSystems._name_.overlay.lowerdir). See also the [fileSystems.overlay](#opt-fileSystems._name_.overlay.lowerdir). See also the
[NixOS docs](#sec-overlayfs). [NixOS docs](#sec-overlayfs).
- systemd units can now specify the `Upholds=` and `UpheldBy=` unit dependencies via the aptly - `systemd` units can now specify the `Upholds=` and `UpheldBy=` unit dependencies via the aptly
named `upholds` and `upheldBy` options. These options get systemd to enforce that the named `upholds` and `upheldBy` options. These options get systemd to enforce that the
dependencies remain continuosly running for as long as the dependent unit is in a running state. dependencies remain continuosly running for as long as the dependent unit is in a running state.
@ -541,33 +637,27 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.). - New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.).
The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime. The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime.
- With a bump to `sonarr` v4, existing config database files will be upgraded automatically, but note that some old apparently-working configs [might actually be corrupt and fail to upgrade cleanly](https://forums.sonarr.tv/t/sonarr-v4-released/33089). - `sonarr` version bumped to from 3.0.10 to 4.0.3. Consequently existing config database files will be upgraded automatically, but note that some old apparently-working configs [might actually be corrupt and fail to upgrade cleanly](https://forums.sonarr.tv/t/sonarr-v4-released/33089).
- The Yama LSM is now enabled by default in the kernel, which prevents ptracing - The kernel Yama LSM is now enabled by default, which prevents ptracing
non-child processes. This means you will not be able to attach gdb to an non-child processes. This means you will not be able to attach gdb to an
existing process, but will need to start that process from gdb (so it is a existing process, but will need to start that process from gdb (so it is a
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0. child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
- The netbird module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels). - `netbird` module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels).
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or - [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
`globalRedirect` can now have redirect codes other than 301 through `globalRedirect` can now have redirect codes other than 301 through `redirectCode`.
- `bacula` now allows to configure `TLS` for encrypted communication. - `bacula` now allows to configure `TLS` for encrypted communication.
`redirectCode`. - `libjxl` version bumped from 0.8.2 to 0.9.1 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`.
- `libjxl` 0.9.0 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`. - `mockgen` package source has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock).
- The source of the `mockgen` package has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock).
- `security.pam.enableSSHAgentAuth` was renamed to `security.pam.sshAgentAuth.enable` and an `authorizedKeysFiles`
option was added, to control which `authorized_keys` files are trusted. It defaults to the previous behaviour,
**which is insecure**: see [#31611](https://github.com/NixOS/nixpkgs/issues/31611).
- [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11. - [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11.
- A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features). - `pkgsExtraHardening`, a new top-level package set, was added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features).
- `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module - `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module
(such as msmtp or Postfix). It no longer requires using a special ZFS build with email support. (such as msmtp or Postfix). It no longer requires using a special ZFS build with email support.
@ -576,59 +666,65 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `nextcloud-setup.service` no longer changes the group of each file & directory inside `/var/lib/nextcloud/{config,data,store-apps}` if one of these directories has the wrong owner group. This was part of transitioning the group used for `/var/lib/nextcloud`, but isn't necessary anymore. - `nextcloud-setup.service` no longer changes the group of each file & directory inside `/var/lib/nextcloud/{config,data,store-apps}` if one of these directories has the wrong owner group. This was part of transitioning the group used for `/var/lib/nextcloud`, but isn't necessary anymore.
- `services.kavita` now uses the freeform option `services.kavita.settings` for the application settings file. - `services.kavita` now uses the free-form option `services.kavita.settings` for the application settings file.
The options `services.kavita.ipAdresses` and `services.kavita.port` now exist at `services.kavita.settings.IpAddresses` The options `services.kavita.ipAdresses` and `services.kavita.port` now exist at `services.kavita.settings.IpAddresses`
and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with
512+ bits instead of 128+ bits. 512+ bits instead of 128+ bits.
- `kavita` has been updated to 0.8.0, requiring a manual forced library scan on all libraries for migration. Refer to upstream's [release notes](https://github.com/Kareadita/Kavita/releases/tag/v0.8.0) for details. - `kavita` has been updated to 0.8.0, requiring a manual forced library scan on all libraries for migration. Refer to upstream's [release notes](https://github.com/Kareadita/Kavita/releases/tag/v0.8.0) for details.
- The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`. - `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`.
- `services.soju` now has a wrapper for the `sojuctl` command, pointed at the service config file. It also has the new option `adminSocket.enable`, which creates a unix admin socket at `/run/soju/admin`. - `services.soju` now has a wrapper for the `sojuctl` command, pointed at the service config file. It also has the new option `adminSocket.enable`, which creates a unix admin socket at `/run/soju/admin`.
- Gitea 1.21 upgrade has several breaking changes, including: - `gitea` upgrade to 1.21 has several breaking changes, including:
- Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*` - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`
- New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command. - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.
- The `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed. - `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed.
- The `services.teeworlds` module now has a wealth of configuration options, including a new `package` option. - `services.teeworlds` module now has a wealth of configuration options, including a new `package` option.
- The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399). - `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
- The `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and was changed to use the ini type instead of using a multiline string. - `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and was changed to use the ini type instead of using a multiline string.
- The module `services.github-runner` has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration. - `services.github-runner` module has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration.
- The `services.slskd` has been refactored to include more configuation options in - `services.slskd` has been refactored to include more configuation options in
the freeform `services.slskd.settings` option, and some defaults (including listen ports) the free-form `services.slskd.settings` option, and some defaults (including listen ports)
have been changed to match the upstream defaults. Additionally, disk logging is now have been changed to match the upstream defaults. Additionally, disk logging is now
disabled by default, and the log rotation timer has been removed. disabled by default, and the log rotation timer has been removed.
The nginx virtualhost option is now of the `vhost-options` type. The nginx virtualhost option is now of the `vhost-options` type.
- The `btrbk` module now automatically selects and provides required compression - `services.btrbk` now automatically selects and provides required compression
program depending on the configured `stream_compress` option. Since this program depending on the configured `stream_compress` option. Since this
replaces the need for the `extraPackages` option, this option will be replaces the need for the `extraPackages` option, this option will be
deprecated in future releases. deprecated in future releases.
- The `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`. - `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`.
- When merging systemd unit options (of type `unitOption`), - `systemd`: when merging unit options (of type `unitOption`),
if at least one definition is a list, all those which aren't are now lifted into a list, if at least one definition is a list, all those which aren't are now lifted into a list,
making it possible to accumulate definitions without resorting to `mkForce`, making it possible to accumulate definitions without resorting to `mkForce`,
hence to retain the definitions not anticipating that need. hence to retain the definitions not anticipating that need.
- YouTrack is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details. - Lisp modules: previously deprecated interface based on `common-lisp.sh` has now been removed.
- QtMultimedia has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS). - `youtrack` is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details.
- `qt6.qtmultimedia` has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS).
The previous native backends remain available but are now minimally maintained. Refer to [upstream documentation](https://doc.qt.io/qt-6/qtmultimedia-index.html#ffmpeg-as-the-default-backend) for further details about each platform. The previous native backends remain available but are now minimally maintained. Refer to [upstream documentation](https://doc.qt.io/qt-6/qtmultimedia-index.html#ffmpeg-as-the-default-backend) for further details about each platform.
- The `drbd` out-of-tree Linux kernel driver has been added in version `9.2.7`. With it the DRBD 9.x features can be used instead of the 8.x features provided by the `8.4.11` in-tree driver. - `drbd` out-of-tree Linux kernel driver has been added in version 9.2.7. With it the DRBD 9.x features can be used instead of the 8.x features provided by the 8.4.11 in-tree driver.
- The oil shell's c++ version is now available as `oils-for-unix`. The python version is still available as `oil` - `oils-for-unix`, the oil shell's c++ version is now available. The python version is still available as `oil`.
- `documentation.man.mandoc` now by default uses `MANPATH` to set the directories where mandoc will search for manual pages. - `documentation.man.mandoc` now by default uses `MANPATH` to set the directories where mandoc will search for manual pages.
This enables mandoc to find manual pages in Nix profiles. To set the manual search paths via the `mandoc.conf` configuration file like before, use `documentation.man.mandoc.settings.manpath` instead. This enables mandoc to find manual pages in Nix profiles. To set the manual search paths via the `mandoc.conf` configuration file like before, use `documentation.man.mandoc.settings.manpath` instead.
- The `grafana-loki` package was updated to 3.0.0 which includes [breaking changes](https://github.com/grafana/loki/releases/tag/v3.0.0) - The `systemd-confinement` module extension is now compatible with `DynamicUser=true` and thus `ProtectSystem=strict` too.
- `grafana-loki` package was updated to 3.0.0 which includes [breaking changes](https://github.com/grafana/loki/releases/tag/v3.0.0).
- `programs.fish.package` now allows you to override the package used in the `fish` module.

View file

@ -35,6 +35,8 @@ rec {
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=max,accel=kvm:tcg -cpu max"; aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=max,accel=kvm:tcg -cpu max";
powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv";
powerpc64-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; powerpc64-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv";
riscv32-linux = "${qemuPkg}/bin/qemu-system-riscv32 -machine virt";
riscv64-linux = "${qemuPkg}/bin/qemu-system-riscv64 -machine virt";
x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu max"; x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu max";
}; };
otherHostGuestMatrix = { otherHostGuestMatrix = {

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs }: { config, lib, pkgs, utils }:
let let
inherit (lib) inherit (lib)
@ -14,10 +14,13 @@ let
elem elem
filter filter
filterAttrs filterAttrs
flatten
flip flip
head head
isInt isInt
isFloat
isList isList
isPath
length length
makeBinPath makeBinPath
makeSearchPathOutput makeSearchPathOutput
@ -28,6 +31,7 @@ let
optional optional
optionalAttrs optionalAttrs
optionalString optionalString
pipe
range range
replaceStrings replaceStrings
reverseList reverseList
@ -149,7 +153,7 @@ in rec {
"Systemd ${group} field `${name}' is outside the range [${toString min},${toString max}]"; "Systemd ${group} field `${name}' is outside the range [${toString min},${toString max}]";
assertRangeOrOneOf = name: min: max: values: group: attr: assertRangeOrOneOf = name: min: max: values: group: attr:
optional (attr ? ${name} && !((min <= attr.${name} && max >= attr.${name}) || elem attr.${name} values)) optional (attr ? ${name} && !(((isInt attr.${name} || isFloat attr.${name}) && min <= attr.${name} && max >= attr.${name}) || elem attr.${name} values))
"Systemd ${group} field `${name}' is not a value in range [${toString min},${toString max}], or one of ${toString values}"; "Systemd ${group} field `${name}' is not a value in range [${toString min},${toString max}], or one of ${toString values}";
assertMinimum = name: min: group: attr: assertMinimum = name: min: group: attr:
@ -366,9 +370,17 @@ in rec {
// optionalAttrs (config.requisite != []) // optionalAttrs (config.requisite != [])
{ Requisite = toString config.requisite; } { Requisite = toString config.requisite; }
// optionalAttrs (config ? restartTriggers && config.restartTriggers != []) // optionalAttrs (config ? restartTriggers && config.restartTriggers != [])
{ X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (toString config.restartTriggers)}"; } { X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (pipe config.restartTriggers [
flatten
(map (x: if isPath x then "${x}" else x))
toString
])}"; }
// optionalAttrs (config ? reloadTriggers && config.reloadTriggers != []) // optionalAttrs (config ? reloadTriggers && config.reloadTriggers != [])
{ X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (toString config.reloadTriggers)}"; } { X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (pipe config.reloadTriggers [
flatten
(map (x: if isPath x then "${x}" else x))
toString
])}"; }
// optionalAttrs (config.description != "") { // optionalAttrs (config.description != "") {
Description = config.description; } Description = config.description; }
// optionalAttrs (config.documentation != []) { // optionalAttrs (config.documentation != []) {
@ -385,8 +397,41 @@ in rec {
}; };
}; };
serviceConfig = { config, ... }: { serviceConfig = { name, config, ... }: {
config.environment.PATH = mkIf (config.path != []) "${makeBinPath config.path}:${makeSearchPathOutput "bin" "sbin" config.path}"; config = {
name = "${name}.service";
environment.PATH = mkIf (config.path != []) "${makeBinPath config.path}:${makeSearchPathOutput "bin" "sbin" config.path}";
};
};
pathConfig = { name, config, ... }: {
config = {
name = "${name}.path";
};
};
socketConfig = { name, config, ... }: {
config = {
name = "${name}.socket";
};
};
sliceConfig = { name, config, ... }: {
config = {
name = "${name}.slice";
};
};
targetConfig = { name, config, ... }: {
config = {
name = "${name}.target";
};
};
timerConfig = { name, config, ... }: {
config = {
name = "${name}.timer";
};
}; };
stage2ServiceConfig = { stage2ServiceConfig = {
@ -405,6 +450,7 @@ in rec {
mountConfig = { config, ... }: { mountConfig = { config, ... }: {
config = { config = {
name = "${utils.escapeSystemdPath config.where}.mount";
mountConfig = mountConfig =
{ What = config.what; { What = config.what;
Where = config.where; Where = config.where;
@ -418,6 +464,7 @@ in rec {
automountConfig = { config, ... }: { automountConfig = { config, ... }: {
config = { config = {
name = "${utils.escapeSystemdPath config.where}.automount";
automountConfig = automountConfig =
{ Where = config.where; { Where = config.where;
}; };
@ -433,8 +480,8 @@ in rec {
WantedBy=${concatStringsSep " " def.wantedBy} WantedBy=${concatStringsSep " " def.wantedBy}
''; '';
targetToUnit = name: def: targetToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = text =
'' ''
[Unit] [Unit]
@ -442,8 +489,8 @@ in rec {
''; '';
}; };
serviceToUnit = name: def: serviceToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def ('' text = commonUnitText def (''
[Service] [Service]
'' + (let env = cfg.globalEnvironment // def.environment; '' + (let env = cfg.globalEnvironment // def.environment;
@ -452,7 +499,7 @@ in rec {
"Environment=${toJSON "${n}=${env.${n}}"}\n"; "Environment=${toJSON "${n}=${env.${n}}"}\n";
# systemd max line length is now 1MiB # systemd max line length is now 1MiB
# https://github.com/systemd/systemd/commit/e6dde451a51dc5aaa7f4d98d39b8fe735f73d2af # https://github.com/systemd/systemd/commit/e6dde451a51dc5aaa7f4d98d39b8fe735f73d2af
in if stringLength s >= 1048576 then throw "The value of the environment variable ${n} in systemd service ${name}.service is too long." else s) (attrNames env)) in if stringLength s >= 1048576 then throw "The value of the environment variable ${n} in systemd service ${def.name}.service is too long." else s) (attrNames env))
+ (if def ? reloadIfChanged && def.reloadIfChanged then '' + (if def ? reloadIfChanged && def.reloadIfChanged then ''
X-ReloadIfChanged=true X-ReloadIfChanged=true
'' else if (def ? restartIfChanged && !def.restartIfChanged) then '' '' else if (def ? restartIfChanged && !def.restartIfChanged) then ''
@ -463,8 +510,8 @@ in rec {
'' + attrsToSection def.serviceConfig); '' + attrsToSection def.serviceConfig);
}; };
socketToUnit = name: def: socketToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def '' text = commonUnitText def ''
[Socket] [Socket]
${attrsToSection def.socketConfig} ${attrsToSection def.socketConfig}
@ -473,40 +520,40 @@ in rec {
''; '';
}; };
timerToUnit = name: def: timerToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def '' text = commonUnitText def ''
[Timer] [Timer]
${attrsToSection def.timerConfig} ${attrsToSection def.timerConfig}
''; '';
}; };
pathToUnit = name: def: pathToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def '' text = commonUnitText def ''
[Path] [Path]
${attrsToSection def.pathConfig} ${attrsToSection def.pathConfig}
''; '';
}; };
mountToUnit = name: def: mountToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def '' text = commonUnitText def ''
[Mount] [Mount]
${attrsToSection def.mountConfig} ${attrsToSection def.mountConfig}
''; '';
}; };
automountToUnit = name: def: automountToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def '' text = commonUnitText def ''
[Automount] [Automount]
${attrsToSection def.automountConfig} ${attrsToSection def.automountConfig}
''; '';
}; };
sliceToUnit = name: def: sliceToUnit = def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def '' text = commonUnitText def ''
[Slice] [Slice]
${attrsToSection def.sliceConfig} ${attrsToSection def.sliceConfig}

View file

@ -5,8 +5,13 @@ let
automountConfig automountConfig
makeUnit makeUnit
mountConfig mountConfig
pathConfig
sliceConfig
socketConfig
stage1ServiceConfig stage1ServiceConfig
stage2ServiceConfig stage2ServiceConfig
targetConfig
timerConfig
unitConfig unitConfig
; ;
@ -48,29 +53,32 @@ let
; ;
in in
rec { {
units = attrsOf (submodule ({ name, config, ... }: { units = attrsOf (submodule ({ name, config, ... }: {
options = concreteUnitOptions; options = concreteUnitOptions;
config = { unit = mkDefault (makeUnit name config); }; config = {
name = mkDefault name;
unit = mkDefault (makeUnit name config);
};
})); }));
services = attrsOf (submodule [ stage2ServiceOptions unitConfig stage2ServiceConfig ]); services = attrsOf (submodule [ stage2ServiceOptions unitConfig stage2ServiceConfig ]);
initrdServices = attrsOf (submodule [ stage1ServiceOptions unitConfig stage1ServiceConfig ]); initrdServices = attrsOf (submodule [ stage1ServiceOptions unitConfig stage1ServiceConfig ]);
targets = attrsOf (submodule [ stage2CommonUnitOptions unitConfig ]); targets = attrsOf (submodule [ stage2CommonUnitOptions unitConfig targetConfig ]);
initrdTargets = attrsOf (submodule [ stage1CommonUnitOptions unitConfig ]); initrdTargets = attrsOf (submodule [ stage1CommonUnitOptions unitConfig targetConfig ]);
sockets = attrsOf (submodule [ stage2SocketOptions unitConfig ]); sockets = attrsOf (submodule [ stage2SocketOptions unitConfig socketConfig]);
initrdSockets = attrsOf (submodule [ stage1SocketOptions unitConfig ]); initrdSockets = attrsOf (submodule [ stage1SocketOptions unitConfig socketConfig ]);
timers = attrsOf (submodule [ stage2TimerOptions unitConfig ]); timers = attrsOf (submodule [ stage2TimerOptions unitConfig timerConfig ]);
initrdTimers = attrsOf (submodule [ stage1TimerOptions unitConfig ]); initrdTimers = attrsOf (submodule [ stage1TimerOptions unitConfig timerConfig ]);
paths = attrsOf (submodule [ stage2PathOptions unitConfig ]); paths = attrsOf (submodule [ stage2PathOptions unitConfig pathConfig ]);
initrdPaths = attrsOf (submodule [ stage1PathOptions unitConfig ]); initrdPaths = attrsOf (submodule [ stage1PathOptions unitConfig pathConfig ]);
slices = attrsOf (submodule [ stage2SliceOptions unitConfig ]); slices = attrsOf (submodule [ stage2SliceOptions unitConfig sliceConfig ]);
initrdSlices = attrsOf (submodule [ stage1SliceOptions unitConfig ]); initrdSlices = attrsOf (submodule [ stage1SliceOptions unitConfig sliceConfig ]);
mounts = listOf (submodule [ stage2MountOptions unitConfig mountConfig ]); mounts = listOf (submodule [ stage2MountOptions unitConfig mountConfig ]);
initrdMounts = listOf (submodule [ stage1MountOptions unitConfig mountConfig ]); initrdMounts = listOf (submodule [ stage1MountOptions unitConfig mountConfig ]);

View file

@ -65,6 +65,14 @@ in rec {
''; '';
}; };
name = lib.mkOption {
type = lib.types.str;
description = ''
The name of this systemd unit, including its extension.
This can be used to refer to this unit from other systemd units.
'';
};
overrideStrategy = mkOption { overrideStrategy = mkOption {
default = "asDropinIfExists"; default = "asDropinIfExists";
type = types.enum [ "asDropinIfExists" "asDropin" ]; type = types.enum [ "asDropinIfExists" "asDropin" ];

View file

@ -139,7 +139,7 @@ in
enableOCR = mkOption { enableOCR = mkOption {
description = '' description = ''
Whether to enable Optical Character Recognition functionality for Whether to enable Optical Character Recognition functionality for
testing graphical programs. See [Machine objects](`ssec-machine-objects`). testing graphical programs. See [`Machine objects`](#ssec-machine-objects).
''; '';
type = types.bool; type = types.bool;
default = false; default = false;

View file

@ -35,7 +35,8 @@ let
inherit (lib.strings) toJSON normalizePath escapeC; inherit (lib.strings) toJSON normalizePath escapeC;
in in
rec { let
utils = rec {
# Copy configuration files to avoid having the entire sources in the system closure # Copy configuration files to avoid having the entire sources in the system closure
copyFile = filePath: pkgs.runCommand (builtins.unsafeDiscardStringContext (baseNameOf filePath)) {} '' copyFile = filePath: pkgs.runCommand (builtins.unsafeDiscardStringContext (baseNameOf filePath)) {} ''
@ -262,11 +263,12 @@ rec {
filter (x: !(elem (getName x) namesToRemove)) packages; filter (x: !(elem (getName x) namesToRemove)) packages;
systemdUtils = { systemdUtils = {
lib = import ./systemd-lib.nix { inherit lib config pkgs; }; lib = import ./systemd-lib.nix { inherit lib config pkgs utils; };
unitOptions = import ./systemd-unit-options.nix { inherit lib systemdUtils; }; unitOptions = import ./systemd-unit-options.nix { inherit lib systemdUtils; };
types = import ./systemd-types.nix { inherit lib systemdUtils pkgs; }; types = import ./systemd-types.nix { inherit lib systemdUtils pkgs; };
network = { network = {
units = import ./systemd-network-units.nix { inherit lib systemdUtils; }; units = import ./systemd-network-units.nix { inherit lib systemdUtils; };
}; };
}; };
} };
in utils

View file

@ -9,8 +9,23 @@ let
graphene-hardened = { graphene-hardened = {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so"; libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
description = '' description = ''
An allocator designed to mitigate memory corruption attacks, such as Hardened memory allocator coming from GrapheneOS project.
those caused by use-after-free bugs. The default configuration template has all normal optional security
features enabled and is quite aggressive in terms of sacrificing
performance and memory usage for security.
'';
};
graphene-hardened-light = {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc-light.so";
description = ''
Hardened memory allocator coming from GrapheneOS project.
The light configuration template disables the slab quarantines,
write after free check, slot randomization and raises the guard
slab interval from 1 to 8 but leaves zero-on-free and slab canaries enabled.
The light configuration has solid performance and memory usage while still
being far more secure than mainstream allocators with much better security
properties.
''; '';
}; };

View file

@ -31,8 +31,11 @@ with lib;
cairo = super.cairo.override { x11Support = false; }; cairo = super.cairo.override { x11Support = false; };
dbus = super.dbus.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; };
fastfetch = super.fastfetch.override { vulkanSupport = false; waylandSupport = false; x11Support = false; }; fastfetch = super.fastfetch.override { vulkanSupport = false; waylandSupport = false; x11Support = false; };
ffmpeg = super.ffmpeg.override { ffmpegVariant = "headless"; };
ffmpeg_4 = super.ffmpeg_4.override { ffmpegVariant = "headless"; }; ffmpeg_4 = super.ffmpeg_4.override { ffmpegVariant = "headless"; };
ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; }; ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; };
ffmpeg_6 = super.ffmpeg_6.override { ffmpegVariant = "headless"; };
ffmpeg_7 = super.ffmpeg_7.override { ffmpegVariant = "headless"; };
# dep of graphviz, libXpm is optional for Xpm support # dep of graphviz, libXpm is optional for Xpm support
gd = super.gd.override { withXorg = false; }; gd = super.gd.override { withXorg = false; };
ghostscript = super.ghostscript.override { cupsSupport = false; x11Support = false; }; ghostscript = super.ghostscript.override { cupsSupport = false; x11Support = false; };
@ -44,7 +47,7 @@ with lib;
gst_all_1 = super.gst_all_1 // { gst_all_1 = super.gst_all_1 // {
gst-plugins-bad = super.gst_all_1.gst-plugins-bad.override { guiSupport = false; }; gst-plugins-bad = super.gst_all_1.gst-plugins-bad.override { guiSupport = false; };
gst-plugins-base = super.gst_all_1.gst-plugins-base.override { enableWayland = false; enableX11 = false; }; gst-plugins-base = super.gst_all_1.gst-plugins-base.override { enableWayland = false; enableX11 = false; };
gst-plugins-good = super.gst_all_1.gst-plugins-good.override { enableX11 = false; }; gst-plugins-good = super.gst_all_1.gst-plugins-good.override { enableWayland = false; enableX11 = false; gtkSupport = false; qt5Support = false; qt6Support = false; };
}; };
imagemagick = super.imagemagick.override { libX11Support = false; libXtSupport = false; }; imagemagick = super.imagemagick.override { libX11Support = false; libXtSupport = false; };
imagemagickBig = super.imagemagickBig.override { libX11Support = false; libXtSupport = false; }; imagemagickBig = super.imagemagickBig.override { libX11Support = false; libXtSupport = false; };

View file

@ -31,7 +31,7 @@ with lib;
# attrNames (filterAttrs # attrNames (filterAttrs
# (_: drv: (builtins.tryEval (isDerivation drv && drv ? terminfo)).value) # (_: drv: (builtins.tryEval (isDerivation drv && drv ? terminfo)).value)
# pkgs) # pkgs)
environment.systemPackages = mkIf config.environment.enableAllTerminfo (map (x: x.terminfo) (with pkgs; [ environment.systemPackages = mkIf config.environment.enableAllTerminfo (map (x: x.terminfo) (with pkgs.pkgsBuildBuild; [
alacritty alacritty
contour contour
foot foot

View file

@ -0,0 +1,54 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.xdg.terminal-exec;
inherit (lib) mkIf mkEnableOption mkOption mkPackageOption types;
in
{
meta.maintainers = with lib.maintainers; [ Cryolitia ];
###### interface
options = {
xdg.terminal-exec = {
enable = mkEnableOption "xdg-terminal-exec, the [proposed](https://gitlab.freedesktop.org/xdg/xdg-specs/-/merge_requests/46) Default Terminal Execution Specification";
package = mkPackageOption pkgs "xdg-terminal-exec" { };
settings = mkOption {
type = with types; attrsOf (listOf str);
default = { };
description = ''
Configuration options for the Default Terminal Execution Specification.
The keys are the desktop environments that are matched (case-insensitively) against `$XDG_CURRENT_DESKTOP`,
or `default` which is used when the current desktop environment is not found in the configuration.
The values are a list of terminals' [desktop file IDs](https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s02.html#desktop-file-id) to try in order of decreasing priority.
'';
example = {
default = [ "kitty.desktop" ];
GNOME = [ "com.raggesilver.BlackBox.desktop" "org.gnome.Terminal.desktop" ];
};
};
};
};
###### implementation
config = mkIf cfg.enable {
environment = {
systemPackages = [ cfg.package ];
etc = lib.mapAttrs' (
desktop: terminals:
# map desktop name such as GNOME to `xdg/gnome-xdg-terminals.list`, default to `xdg/xdg-terminals.list`
lib.nameValuePair (
"xdg/${if desktop == "default" then "" else "${lib.toLower desktop}-"}xdg-terminals.list"
) { text = lib.concatLines terminals; }
) cfg.settings;
};
};
}

View file

@ -19,7 +19,9 @@ let
[Startup] [Startup]
sync_effects_enabled = ${toPyBoolStr cfg.syncEffectsEnabled} sync_effects_enabled = ${toPyBoolStr cfg.syncEffectsEnabled}
devices_off_on_screensaver = ${toPyBoolStr cfg.devicesOffOnScreensaver} devices_off_on_screensaver = ${toPyBoolStr cfg.devicesOffOnScreensaver}
mouse_battery_notifier = ${toPyBoolStr cfg.mouseBatteryNotifier} battery_notifier = ${toPyBoolStr cfg.batteryNotifier.enable}
battery_notifier_freq = ${builtins.toString cfg.batteryNotifier.frequency}
battery_notifier_percent = ${builtins.toString cfg.batteryNotifier.percentage}
[Statistics] [Statistics]
key_statistics = ${toPyBoolStr cfg.keyStatistics} key_statistics = ${toPyBoolStr cfg.keyStatistics}
@ -78,13 +80,40 @@ in
''; '';
}; };
mouseBatteryNotifier = mkOption { batteryNotifier = mkOption {
description = ''
Settings for device battery notifications.
'';
default = {};
type = types.submodule {
options = {
enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = ''
Mouse battery notifier. Mouse battery notifier.
''; '';
}; };
frequency = mkOption {
type = types.int;
default = 600;
description = ''
How often battery notifications should be shown (in seconds).
A value of 0 disables notifications.
'';
};
percentage = mkOption {
type = types.int;
default = 33;
description = ''
At what battery percentage the device should reach before
sending notifications.
'';
};
};
};
};
keyStatistics = mkOption { keyStatistics = mkOption {
type = types.bool; type = types.bool;
@ -106,6 +135,10 @@ in
}; };
}; };
imports = [
(mkRenamedOptionModule [ "hardware" "openrazer" "mouseBatteryNotifier" ] [ "hardware" "openrazer" "batteryNotifier" "enable" ])
];
config = mkIf cfg.enable { config = mkIf cfg.enable {
boot.extraModulePackages = [ kernelPackages.openrazer ]; boot.extraModulePackages = [ kernelPackages.openrazer ];
boot.kernelModules = drivers; boot.kernelModules = drivers;

View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let
cfg = config.hardware.intel-gpu-tools;
in
{
options = {
hardware.intel-gpu-tools = {
enable = lib.mkEnableOption "a setcap wrapper for intel-gpu-tools";
};
};
config = lib.mkIf cfg.enable {
security.wrappers.intel_gpu_top = {
owner = "root";
group = "root";
source = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top";
capabilities = "cap_perfmon+ep";
};
};
meta = {
maintainers = with lib.maintainers; [ kira-bruneau ];
};
}

View file

@ -185,7 +185,7 @@ in
# }; # };
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; # services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
# users.users.alice = { # users.users.alice = {

View file

@ -101,6 +101,7 @@ let
libPath = filter (pkgs.path + "/lib"); libPath = filter (pkgs.path + "/lib");
pkgsLibPath = filter (pkgs.path + "/pkgs/pkgs-lib"); pkgsLibPath = filter (pkgs.path + "/pkgs/pkgs-lib");
nixosPath = filter (pkgs.path + "/nixos"); nixosPath = filter (pkgs.path + "/nixos");
NIX_ABORT_ON_WARN = warningsAreErrors;
modules = modules =
"[ " "[ "
+ concatMapStringsSep " " (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy + concatMapStringsSep " " (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy

View file

@ -45,6 +45,7 @@
./config/xdg/portals/lxqt.nix ./config/xdg/portals/lxqt.nix
./config/xdg/portals/wlr.nix ./config/xdg/portals/wlr.nix
./config/xdg/sounds.nix ./config/xdg/sounds.nix
./config/xdg/terminal-exec.nix
./config/zram.nix ./config/zram.nix
./hardware/acpilight.nix ./hardware/acpilight.nix
./hardware/all-firmware.nix ./hardware/all-firmware.nix
@ -106,6 +107,7 @@
./hardware/video/bumblebee.nix ./hardware/video/bumblebee.nix
./hardware/video/capture/mwprocapture.nix ./hardware/video/capture/mwprocapture.nix
./hardware/video/displaylink.nix ./hardware/video/displaylink.nix
./hardware/video/intel-gpu-tools.nix
./hardware/video/nvidia.nix ./hardware/video/nvidia.nix
./hardware/video/switcheroo-control.nix ./hardware/video/switcheroo-control.nix
./hardware/video/uvcvideo/default.nix ./hardware/video/uvcvideo/default.nix
@ -306,6 +308,7 @@
./programs/xwayland.nix ./programs/xwayland.nix
./programs/yabar.nix ./programs/yabar.nix
./programs/yazi.nix ./programs/yazi.nix
./programs/ydotool.nix
./programs/yubikey-touch-detector.nix ./programs/yubikey-touch-detector.nix
./programs/zmap.nix ./programs/zmap.nix
./programs/zsh/oh-my-zsh.nix ./programs/zsh/oh-my-zsh.nix
@ -325,6 +328,7 @@
./security/duosec.nix ./security/duosec.nix
./security/google_oslogin.nix ./security/google_oslogin.nix
./security/ipa.nix ./security/ipa.nix
./security/isolate.nix
./security/krb5 ./security/krb5
./security/lock-kernel-modules.nix ./security/lock-kernel-modules.nix
./security/misc.nix ./security/misc.nix
@ -558,8 +562,9 @@
./services/hardware/joycond.nix ./services/hardware/joycond.nix
./services/hardware/kanata.nix ./services/hardware/kanata.nix
./services/hardware/lcd.nix ./services/hardware/lcd.nix
./services/hardware/libinput.nix
./services/hardware/lirc.nix ./services/hardware/lirc.nix
./services/hardware/nvidia-container-toolkit-cdi-generator ./services/hardware/nvidia-container-toolkit
./services/hardware/monado.nix ./services/hardware/monado.nix
./services/hardware/nvidia-optimus.nix ./services/hardware/nvidia-optimus.nix
./services/hardware/openrgb.nix ./services/hardware/openrgb.nix
@ -662,6 +667,7 @@
./services/matrix/maubot.nix ./services/matrix/maubot.nix
./services/matrix/mautrix-facebook.nix ./services/matrix/mautrix-facebook.nix
./services/matrix/mautrix-meta.nix ./services/matrix/mautrix-meta.nix
./services/matrix/mautrix-signal.nix
./services/matrix/mautrix-telegram.nix ./services/matrix/mautrix-telegram.nix
./services/matrix/mautrix-whatsapp.nix ./services/matrix/mautrix-whatsapp.nix
./services/matrix/mjolnir.nix ./services/matrix/mjolnir.nix
@ -694,6 +700,7 @@
./services/misc/cpuminer-cryptonight.nix ./services/misc/cpuminer-cryptonight.nix
./services/misc/db-rest.nix ./services/misc/db-rest.nix
./services/misc/devmon.nix ./services/misc/devmon.nix
./services/misc/devpi-server.nix
./services/misc/dictd.nix ./services/misc/dictd.nix
./services/misc/disnix.nix ./services/misc/disnix.nix
./services/misc/docker-registry.nix ./services/misc/docker-registry.nix
@ -771,6 +778,7 @@
./services/misc/polaris.nix ./services/misc/polaris.nix
./services/misc/portunus.nix ./services/misc/portunus.nix
./services/misc/preload.nix ./services/misc/preload.nix
./services/misc/private-gpt.nix
./services/misc/prowlarr.nix ./services/misc/prowlarr.nix
./services/misc/pufferpanel.nix ./services/misc/pufferpanel.nix
./services/misc/pykms.nix ./services/misc/pykms.nix
@ -944,6 +952,7 @@
./services/networking/charybdis.nix ./services/networking/charybdis.nix
./services/networking/chisel-server.nix ./services/networking/chisel-server.nix
./services/networking/cjdns.nix ./services/networking/cjdns.nix
./services/networking/clatd.nix
./services/networking/cloudflare-dyndns.nix ./services/networking/cloudflare-dyndns.nix
./services/networking/cloudflared.nix ./services/networking/cloudflared.nix
./services/networking/cntlm.nix ./services/networking/cntlm.nix
@ -1012,6 +1021,7 @@
./services/networking/icecream/daemon.nix ./services/networking/icecream/daemon.nix
./services/networking/icecream/scheduler.nix ./services/networking/icecream/scheduler.nix
./services/networking/imaginary.nix ./services/networking/imaginary.nix
./services/networking/inadyn.nix
./services/networking/inspircd.nix ./services/networking/inspircd.nix
./services/networking/iodine.nix ./services/networking/iodine.nix
./services/networking/iperf3.nix ./services/networking/iperf3.nix
@ -1026,6 +1036,7 @@
./services/networking/jigasi.nix ./services/networking/jigasi.nix
./services/networking/jitsi-videobridge.nix ./services/networking/jitsi-videobridge.nix
./services/networking/jool.nix ./services/networking/jool.nix
./services/networking/jotta-cli.nix
./services/networking/kea.nix ./services/networking/kea.nix
./services/networking/keepalived/default.nix ./services/networking/keepalived/default.nix
./services/networking/keybase.nix ./services/networking/keybase.nix
@ -1253,8 +1264,8 @@
./services/security/kanidm.nix ./services/security/kanidm.nix
./services/security/munge.nix ./services/security/munge.nix
./services/security/nginx-sso.nix ./services/security/nginx-sso.nix
./services/security/oauth2_proxy.nix ./services/security/oauth2-proxy.nix
./services/security/oauth2_proxy_nginx.nix ./services/security/oauth2-proxy-nginx.nix
./services/security/opensnitch.nix ./services/security/opensnitch.nix
./services/security/pass-secret-service.nix ./services/security/pass-secret-service.nix
./services/security/physlock.nix ./services/security/physlock.nix
@ -1420,6 +1431,7 @@
./services/web-apps/windmill.nix ./services/web-apps/windmill.nix
./services/web-apps/wordpress.nix ./services/web-apps/wordpress.nix
./services/web-apps/writefreely.nix ./services/web-apps/writefreely.nix
./services/web-apps/your_spotify.nix
./services/web-apps/youtrack.nix ./services/web-apps/youtrack.nix
./services/web-apps/zabbix.nix ./services/web-apps/zabbix.nix
./services/web-apps/zitadel.nix ./services/web-apps/zitadel.nix
@ -1471,7 +1483,6 @@
./services/x11/gdk-pixbuf.nix ./services/x11/gdk-pixbuf.nix
./services/x11/hardware/cmt.nix ./services/x11/hardware/cmt.nix
./services/x11/hardware/digimend.nix ./services/x11/hardware/digimend.nix
./services/x11/hardware/libinput.nix
./services/x11/hardware/synaptics.nix ./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix ./services/x11/hardware/wacom.nix
./services/x11/imwheel.nix ./services/x11/imwheel.nix

View file

@ -7,10 +7,12 @@
services.xserver = { services.xserver = {
enable = true; enable = true;
desktopManager.plasma5.enable = true; desktopManager.plasma5.enable = true;
libinput.enable = true; # for touchpad support on many laptops
}; };
services.displayManager.sddm.enable = true; services = {
displayManager.sddm.enable = true;
libinput.enable = true; # for touchpad support on many laptops
};
# Enable sound in virtualbox appliances. # Enable sound in virtualbox appliances.
hardware.pulseaudio.enable = true; hardware.pulseaudio.enable = true;

View file

@ -26,6 +26,6 @@
# Check that the system does not contain a Nix store path that contains the # Check that the system does not contain a Nix store path that contains the
# string "perl". # string "perl".
system.forbiddenDependenciesRegex = "perl"; system.forbiddenDependenciesRegexes = ["perl"];
} }

View file

@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
let let
cfg = config.programs._1password-gui; cfg = config.programs._1password-gui;
@ -9,25 +7,25 @@ let
in in
{ {
imports = [ imports = [
(mkRemovedOptionModule [ "programs" "_1password-gui" "gid" ] '' (lib.mkRemovedOptionModule [ "programs" "_1password-gui" "gid" ] ''
A preallocated GID will be used instead. A preallocated GID will be used instead.
'') '')
]; ];
options = { options = {
programs._1password-gui = { programs._1password-gui = {
enable = mkEnableOption "the 1Password GUI application"; enable = lib.mkEnableOption "the 1Password GUI application";
polkitPolicyOwners = mkOption { polkitPolicyOwners = lib.mkOption {
type = types.listOf types.str; type = lib.types.listOf lib.types.str;
default = [ ]; default = [ ];
example = literalExpression ''["user1" "user2" "user3"]''; example = lib.literalExpression ''["user1" "user2" "user3"]'';
description = '' description = ''
A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms. A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
''; '';
}; };
package = mkPackageOption pkgs "1Password GUI" { package = lib.mkPackageOption pkgs "1Password GUI" {
default = [ "_1password-gui" ]; default = [ "_1password-gui" ];
}; };
}; };
@ -39,7 +37,7 @@ in
polkitPolicyOwners = cfg.polkitPolicyOwners; polkitPolicyOwners = cfg.polkitPolicyOwners;
}; };
in in
mkIf cfg.enable { lib.mkIf cfg.enable {
environment.systemPackages = [ package ]; environment.systemPackages = [ package ];
users.groups.onepassword.gid = config.ids.gids.onepassword; users.groups.onepassword.gid = config.ids.gids.onepassword;

View file

@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
let let
cfg = config.programs._1password; cfg = config.programs._1password;
@ -9,22 +7,22 @@ let
in in
{ {
imports = [ imports = [
(mkRemovedOptionModule [ "programs" "_1password" "gid" ] '' (lib.mkRemovedOptionModule [ "programs" "_1password" "gid" ] ''
A preallocated GID will be used instead. A preallocated GID will be used instead.
'') '')
]; ];
options = { options = {
programs._1password = { programs._1password = {
enable = mkEnableOption "the 1Password CLI tool"; enable = lib.mkEnableOption "the 1Password CLI tool";
package = mkPackageOption pkgs "1Password CLI" { package = lib.mkPackageOption pkgs "1Password CLI" {
default = [ "_1password" ]; default = [ "_1password" ];
}; };
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
users.groups.onepassword-cli.gid = config.ids.gids.onepassword-cli; users.groups.onepassword-cli.gid = config.ids.gids.onepassword-cli;

View file

@ -1,16 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
{ {
meta.maintainers = [ maintainers.mic92 ]; meta.maintainers = [ lib.maintainers.mic92 ];
###### interface ###### interface
options = { options = {
programs.adb = { programs.adb = {
enable = mkOption { enable = lib.mkOption {
default = false; default = false;
type = types.bool; type = lib.types.bool;
description = '' description = ''
Whether to configure system to use Android Debug Bridge (adb). Whether to configure system to use Android Debug Bridge (adb).
To grant access to a user, it must be part of adbusers group: To grant access to a user, it must be part of adbusers group:
@ -21,7 +19,7 @@ with lib;
}; };
###### implementation ###### implementation
config = mkIf config.programs.adb.enable { config = lib.mkIf config.programs.adb.enable {
services.udev.packages = [ pkgs.android-udev-rules ]; services.udev.packages = [ pkgs.android-udev-rules ];
environment.systemPackages = [ pkgs.android-tools ]; environment.systemPackages = [ pkgs.android-tools ];
users.groups.adbusers = {}; users.groups.adbusers = {};

View file

@ -1,19 +1,17 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
let let
cfg = config.programs.alvr; cfg = config.programs.alvr;
in in
{ {
options = { options = {
programs.alvr = { programs.alvr = {
enable = mkEnableOption "ALVR, the VR desktop streamer"; enable = lib.mkEnableOption "ALVR, the VR desktop streamer";
package = mkPackageOption pkgs "alvr" { }; package = lib.mkPackageOption pkgs "alvr" { };
openFirewall = mkOption { openFirewall = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to open the default ports in the firewall for the ALVR server. Whether to open the default ports in the firewall for the ALVR server.
@ -22,14 +20,14 @@ in
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
networking.firewall = mkIf cfg.openFirewall { networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ 9943 9944 ]; allowedTCPPorts = [ 9943 9944 ];
allowedUDPPorts = [ 9943 9944 ]; allowedUDPPorts = [ 9943 9944 ];
}; };
}; };
meta.maintainers = with maintainers; [ passivelemon ]; meta.maintainers = with lib.maintainers; [ passivelemon ];
} }

View file

@ -1,15 +1,13 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
{ {
options = { options = {
programs.appgate-sdp = { programs.appgate-sdp = {
enable = mkEnableOption "the AppGate SDP VPN client"; enable = lib.mkEnableOption "the AppGate SDP VPN client";
}; };
}; };
config = mkIf config.programs.appgate-sdp.enable { config = lib.mkIf config.programs.appgate-sdp.enable {
boot.kernelModules = [ "tun" ]; boot.kernelModules = [ "tun" ];
environment.systemPackages = [ pkgs.appgate-sdp ]; environment.systemPackages = [ pkgs.appgate-sdp ];
services.dbus.packages = [ pkgs.appgate-sdp ]; services.dbus.packages = [ pkgs.appgate-sdp ];

View file

@ -2,8 +2,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let cfg = config.programs.atop; let cfg = config.programs.atop;
in in
@ -14,31 +12,31 @@ in
programs.atop = rec { programs.atop = rec {
enable = mkEnableOption "Atop, a tool for monitoring system resources"; enable = lib.mkEnableOption "Atop, a tool for monitoring system resources";
package = mkPackageOption pkgs "atop" { }; package = lib.mkPackageOption pkgs "atop" { };
netatop = { netatop = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to install and enable the netatop kernel module. Whether to install and enable the netatop kernel module.
Note: this sets the kernel taint flag "O" for loading out-of-tree modules. Note: this sets the kernel taint flag "O" for loading out-of-tree modules.
''; '';
}; };
package = mkOption { package = lib.mkOption {
type = types.package; type = lib.types.package;
default = config.boot.kernelPackages.netatop; default = config.boot.kernelPackages.netatop;
defaultText = literalExpression "config.boot.kernelPackages.netatop"; defaultText = lib.literalExpression "config.boot.kernelPackages.netatop";
description = '' description = ''
Which package to use for netatop. Which package to use for netatop.
''; '';
}; };
}; };
atopgpu.enable = mkOption { atopgpu.enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to install and enable the atopgpud daemon to get information about Whether to install and enable the atopgpud daemon to get information about
@ -46,8 +44,8 @@ in
''; '';
}; };
setuidWrapper.enable = mkOption { setuidWrapper.enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to install a setuid wrapper for Atop. This is required to use some of Whether to install a setuid wrapper for Atop. This is required to use some of
@ -56,24 +54,24 @@ in
''; '';
}; };
atopService.enable = mkOption { atopService.enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Whether to enable the atop service responsible for storing statistics for Whether to enable the atop service responsible for storing statistics for
long-term analysis. long-term analysis.
''; '';
}; };
atopRotateTimer.enable = mkOption { atopRotateTimer.enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Whether to enable the atop-rotate timer, which restarts the atop service Whether to enable the atop-rotate timer, which restarts the atop service
daily to make sure the data files are rotate. daily to make sure the data files are rotate.
''; '';
}; };
atopacctService.enable = mkOption { atopacctService.enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Whether to enable the atopacct service which manages process accounting. Whether to enable the atopacct service which manages process accounting.
@ -81,8 +79,8 @@ in
two refresh intervals. two refresh intervals.
''; '';
}; };
settings = mkOption { settings = lib.mkOption {
type = types.attrs; type = lib.types.attrs;
default = { }; default = { };
example = { example = {
flags = "a1f"; flags = "a1f";
@ -95,7 +93,7 @@ in
}; };
}; };
config = mkIf cfg.enable ( config = lib.mkIf cfg.enable (
let let
atop = atop =
if cfg.atopgpu.enable then if cfg.atopgpu.enable then
@ -104,11 +102,11 @@ in
cfg.package; cfg.package;
in in
{ {
environment.etc = mkIf (cfg.settings != { }) { environment.etc = lib.mkIf (cfg.settings != { }) {
atoprc.text = concatStrings atoprc.text = lib.concatStrings
(mapAttrsToList (lib.mapAttrsToList
(n: v: '' (n: v: ''
${n} ${toString v} ${n} ${builtins.toString v}
'') '')
cfg.settings); cfg.settings);
}; };
@ -122,8 +120,8 @@ in
wantedBy = [ (if type == "services" then "multi-user.target" else if type == "timers" then "timers.target" else null) ]; wantedBy = [ (if type == "services" then "multi-user.target" else if type == "timers" then "timers.target" else null) ];
}; };
}; };
mkService = mkSystemd "services"; mkService = lib.mkSystemd "services";
mkTimer = mkSystemd "timers"; mkTimer = lib.mkSystemd "timers";
in in
{ {
packages = [ atop (lib.mkIf cfg.netatop.enable cfg.netatop.package) ]; packages = [ atop (lib.mkIf cfg.netatop.enable cfg.netatop.package) ];

View file

@ -1,15 +1,13 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.ausweisapp; cfg = config.programs.ausweisapp;
in in
{ {
options.programs.ausweisapp = { options.programs.ausweisapp = {
enable = mkEnableOption "AusweisApp"; enable = lib.mkEnableOption "AusweisApp";
openFirewall = mkOption { openFirewall = lib.mkOption {
description = '' description = ''
Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp. Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp.
''; '';
@ -18,7 +16,7 @@ in
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ ausweisapp ]; environment.systemPackages = with pkgs; [ ausweisapp ];
networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 24727 ]; networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 24727 ];
}; };

View file

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.autojump; cfg = config.programs.autojump;
prg = config.programs; prg = config.programs;
@ -10,8 +8,8 @@ in
options = { options = {
programs.autojump = { programs.autojump = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to enable autojump. Whether to enable autojump.
@ -22,12 +20,12 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.pathsToLink = [ "/share/autojump" ]; environment.pathsToLink = [ "/share/autojump" ];
environment.systemPackages = [ pkgs.autojump ]; environment.systemPackages = [ pkgs.autojump ];
programs.bash.interactiveShellInit = "source ${pkgs.autojump}/share/autojump/autojump.bash"; programs.bash.interactiveShellInit = "source ${pkgs.autojump}/share/autojump/autojump.bash";
programs.zsh.interactiveShellInit = mkIf prg.zsh.enable "source ${pkgs.autojump}/share/autojump/autojump.zsh"; programs.zsh.interactiveShellInit = lib.mkIf prg.zsh.enable "source ${pkgs.autojump}/share/autojump/autojump.zsh";
programs.fish.interactiveShellInit = mkIf prg.fish.enable "source ${pkgs.autojump}/share/autojump/autojump.fish"; programs.fish.interactiveShellInit = lib.mkIf prg.fish.enable "source ${pkgs.autojump}/share/autojump/autojump.fish";
}; };
} }

View file

@ -1,15 +1,13 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let cfg = config.programs.bandwhich; let cfg = config.programs.bandwhich;
in { in {
meta.maintainers = with maintainers; [ Br1ght0ne ]; meta.maintainers = with lib.maintainers; [ Br1ght0ne ];
options = { options = {
programs.bandwhich = { programs.bandwhich = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to add bandwhich to the global environment and configure a Whether to add bandwhich to the global environment and configure a
@ -19,7 +17,7 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ bandwhich ]; environment.systemPackages = with pkgs; [ bandwhich ];
security.wrappers.bandwhich = { security.wrappers.bandwhich = {
owner = "root"; owner = "root";

View file

@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
let let
prg = config.programs; prg = config.programs;
cfg = prg.bash-my-aws; cfg = prg.bash-my-aws;
@ -13,11 +11,11 @@ in
{ {
options = { options = {
programs.bash-my-aws = { programs.bash-my-aws = {
enable = mkEnableOption "bash-my-aws"; enable = lib.mkEnableOption "bash-my-aws";
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ bash-my-aws ]; environment.systemPackages = with pkgs; [ bash-my-aws ];
programs.bash.interactiveShellInit = initScript; programs.bash.interactiveShellInit = initScript;

View file

@ -1,18 +1,16 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
enable = config.programs.bash.enableCompletion; enable = config.programs.bash.enableCompletion;
in in
{ {
options = { options = {
programs.bash.enableCompletion = mkEnableOption "Bash completion for all interactive bash shells" // { programs.bash.enableCompletion = lib.mkEnableOption "Bash completion for all interactive bash shells" // {
default = true; default = true;
}; };
}; };
config = mkIf enable { config = lib.mkIf enable {
programs.bash.promptPluginInit = '' programs.bash.promptPluginInit = ''
# Check whether we're running a version of Bash that has support for # Check whether we're running a version of Bash that has support for
# programmable completion. If we do, enable all modules installed in # programmable completion. If we do, enable all modules installed in

View file

@ -3,24 +3,22 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfge = config.environment; cfge = config.environment;
cfg = config.programs.bash; cfg = config.programs.bash;
bashAliases = concatStringsSep "\n" ( bashAliases = builtins.concatStringsSep "\n" (
mapAttrsFlatten (k: v: "alias -- ${k}=${escapeShellArg v}") lib.mapAttrsFlatten (k: v: "alias -- ${k}=${lib.escapeShellArg v}")
(filterAttrs (k: v: v != null) cfg.shellAliases) (lib.filterAttrs (k: v: v != null) cfg.shellAliases)
); );
in in
{ {
imports = [ imports = [
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "") (lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
]; ];
options = { options = {
@ -28,7 +26,7 @@ in
programs.bash = { programs.bash = {
/* /*
enable = mkOption { enable = lib.mkOption {
default = true; default = true;
description = '' description = ''
Whenever to configure Bash as an interactive shell. Whenever to configure Bash as an interactive shell.
@ -38,44 +36,44 @@ in
set this variable if you have another shell configured set this variable if you have another shell configured
with NixOS. with NixOS.
''; '';
type = types.bool; type = lib.types.bool;
}; };
*/ */
shellAliases = mkOption { shellAliases = lib.mkOption {
default = {}; default = {};
description = '' description = ''
Set of aliases for bash shell, which overrides {option}`environment.shellAliases`. Set of aliases for bash shell, which overrides {option}`environment.shellAliases`.
See {option}`environment.shellAliases` for an option format description. See {option}`environment.shellAliases` for an option format description.
''; '';
type = with types; attrsOf (nullOr (either str path)); type = with lib.types; attrsOf (nullOr (either str path));
}; };
shellInit = mkOption { shellInit = lib.mkOption {
default = ""; default = "";
description = '' description = ''
Shell script code called during bash shell initialisation. Shell script code called during bash shell initialisation.
''; '';
type = types.lines; type = lib.types.lines;
}; };
loginShellInit = mkOption { loginShellInit = lib.mkOption {
default = ""; default = "";
description = '' description = ''
Shell script code called during login bash shell initialisation. Shell script code called during login bash shell initialisation.
''; '';
type = types.lines; type = lib.types.lines;
}; };
interactiveShellInit = mkOption { interactiveShellInit = lib.mkOption {
default = ""; default = "";
description = '' description = ''
Shell script code called during interactive bash shell initialisation. Shell script code called during interactive bash shell initialisation.
''; '';
type = types.lines; type = lib.types.lines;
}; };
promptInit = mkOption { promptInit = lib.mkOption {
default = '' default = ''
# Provide a nice prompt if the terminal supports it. # Provide a nice prompt if the terminal supports it.
if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then
@ -95,15 +93,15 @@ in
description = '' description = ''
Shell script code used to initialise the bash prompt. Shell script code used to initialise the bash prompt.
''; '';
type = types.lines; type = lib.types.lines;
}; };
promptPluginInit = mkOption { promptPluginInit = lib.mkOption {
default = ""; default = "";
description = '' description = ''
Shell script code used to initialise bash prompt plugins. Shell script code used to initialise bash prompt plugins.
''; '';
type = types.lines; type = lib.types.lines;
internal = true; internal = true;
}; };
@ -111,11 +109,11 @@ in
}; };
config = /* mkIf cfg.enable */ { config = /* lib.mkIf cfg.enable */ {
programs.bash = { programs.bash = {
shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases; shellAliases = builtins.mapAttrs (name: lib.mkDefault) cfge.shellAliases;
shellInit = '' shellInit = ''
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then
@ -196,11 +194,11 @@ in
# Configuration for readline in bash. We use "option default" # Configuration for readline in bash. We use "option default"
# priority to allow user override using both .text and .source. # priority to allow user override using both .text and .source.
environment.etc.inputrc.source = mkOptionDefault ./inputrc; environment.etc.inputrc.source = lib.mkOptionDefault ./inputrc;
users.defaultUserShell = mkDefault pkgs.bashInteractive; users.defaultUserShell = lib.mkDefault pkgs.bashInteractive;
environment.pathsToLink = optionals cfg.enableCompletion [ environment.pathsToLink = lib.optionals cfg.enableCompletion [
"/etc/bash_completion.d" "/etc/bash_completion.d"
"/share/bash-completion" "/share/bash-completion"
]; ];

View file

@ -1,16 +1,15 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
with lib;
let let
cfg = config.programs.bash.blesh; cfg = config.programs.bash.blesh;
in { in {
options = { options = {
programs.bash.blesh.enable = mkEnableOption "blesh, a full-featured line editor written in pure Bash"; programs.bash.blesh.enable = lib.mkEnableOption "blesh, a full-featured line editor written in pure Bash";
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.bash.interactiveShellInit = mkBefore '' programs.bash.interactiveShellInit = lib.mkBefore ''
source ${pkgs.blesh}/share/blesh/ble.sh source ${pkgs.blesh}/share/blesh/ble.sh
''; '';
}; };
meta.maintainers = with maintainers; [ laalsaas ]; meta.maintainers = with lib.maintainers; [ laalsaas ];
} }

View file

@ -1,18 +1,16 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
enable = config.programs.bash.enableLsColors; enable = config.programs.bash.enableLsColors;
in in
{ {
options = { options = {
programs.bash.enableLsColors = mkEnableOption "extra colors in directory listings" // { programs.bash.enableLsColors = lib.mkEnableOption "extra colors in directory listings" // {
default = true; default = true;
}; };
}; };
config = mkIf enable { config = lib.mkIf enable {
programs.bash.promptPluginInit = '' programs.bash.promptPluginInit = ''
eval "$(${pkgs.coreutils}/bin/dircolors -b)" eval "$(${pkgs.coreutils}/bin/dircolors -b)"
''; '';

View file

@ -1,36 +1,34 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.bash.undistractMe; cfg = config.programs.bash.undistractMe;
in in
{ {
options = { options = {
programs.bash.undistractMe = { programs.bash.undistractMe = {
enable = mkEnableOption "notifications when long-running terminal commands complete"; enable = lib.mkEnableOption "notifications when long-running terminal commands complete";
playSound = mkEnableOption "notification sounds when long-running terminal commands complete"; playSound = lib.mkEnableOption "notification sounds when long-running terminal commands complete";
timeout = mkOption { timeout = lib.mkOption {
default = 10; default = 10;
description = '' description = ''
Number of seconds it would take for a command to be considered long-running. Number of seconds it would take for a command to be considered long-running.
''; '';
type = types.int; type = lib.types.int;
}; };
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.bash.promptPluginInit = '' programs.bash.promptPluginInit = ''
export LONG_RUNNING_COMMAND_TIMEOUT=${toString cfg.timeout} export LONG_RUNNING_COMMAND_TIMEOUT=${builtins.toString cfg.timeout}
export UDM_PLAY_SOUND=${if cfg.playSound then "1" else "0"} export UDM_PLAY_SOUND=${if cfg.playSound then "1" else "0"}
. "${pkgs.undistract-me}/etc/profile.d/undistract-me.sh" . "${pkgs.undistract-me}/etc/profile.d/undistract-me.sh"
''; '';
}; };
meta = { meta = {
maintainers = with maintainers; [ kira-bruneau ]; maintainers = with lib.maintainers; [ kira-bruneau ];
}; };
} }

View file

@ -1,12 +1,10 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
{ {
options.programs.browserpass.enable = mkEnableOption "Browserpass native messaging host"; options.programs.browserpass.enable = lib.mkEnableOption "Browserpass native messaging host";
config = mkIf config.programs.browserpass.enable { config = lib.mkIf config.programs.browserpass.enable {
environment.etc = let environment.etc = let
appId = "com.github.browserpass.native.json"; appId = "com.github.browserpass.native.json";
source = part: "${pkgs.browserpass}/lib/browserpass/${part}/${appId}"; source = part: "${pkgs.browserpass}/lib/browserpass/${part}/${appId}";

View file

@ -1,19 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.calls; cfg = config.programs.calls;
in { in {
options = { options = {
programs.calls = { programs.calls = {
enable = mkEnableOption '' enable = lib.mkEnableOption ''
GNOME calls: a phone dialer and call handler GNOME calls: a phone dialer and call handler
''; '';
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.dconf.enable = true; programs.dconf.enable = true;
environment.systemPackages = [ environment.systemPackages = [

View file

@ -1,36 +1,34 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let cfg = config.programs.cdemu; let cfg = config.programs.cdemu;
in { in {
options = { options = {
programs.cdemu = { programs.cdemu = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
{command}`cdemu` for members of {command}`cdemu` for members of
{option}`programs.cdemu.group`. {option}`programs.cdemu.group`.
''; '';
}; };
group = mkOption { group = lib.mkOption {
type = types.str; type = lib.types.str;
default = "cdrom"; default = "cdrom";
description = '' description = ''
Group that users must be in to use {command}`cdemu`. Group that users must be in to use {command}`cdemu`.
''; '';
}; };
gui = mkOption { gui = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Whether to install the {command}`cdemu` GUI (gCDEmu). Whether to install the {command}`cdemu` GUI (gCDEmu).
''; '';
}; };
image-analyzer = mkOption { image-analyzer = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Whether to install the image analyzer. Whether to install the image analyzer.
@ -39,7 +37,7 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
boot = { boot = {
extraModulePackages = [ config.boot.kernelPackages.vhba ]; extraModulePackages = [ config.boot.kernelPackages.vhba ];
@ -68,8 +66,8 @@ in {
environment.systemPackages = environment.systemPackages =
[ pkgs.cdemu-daemon pkgs.cdemu-client ] [ pkgs.cdemu-daemon pkgs.cdemu-client ]
++ optional cfg.gui pkgs.gcdemu ++ lib.optional cfg.gui pkgs.gcdemu
++ optional cfg.image-analyzer pkgs.image-analyzer; ++ lib.optional cfg.image-analyzer pkgs.image-analyzer;
}; };
} }

View file

@ -2,8 +2,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
let let
cfg = config.programs.cfs-zen-tweaks; cfg = config.programs.cfs-zen-tweaks;
@ -13,14 +11,14 @@ in
{ {
meta = { meta = {
maintainers = with maintainers; [ mkg20001 ]; maintainers = with lib.maintainers; [ mkg20001 ];
}; };
options = { options = {
programs.cfs-zen-tweaks.enable = mkEnableOption "CFS Zen Tweaks"; programs.cfs-zen-tweaks.enable = lib.mkEnableOption "CFS Zen Tweaks";
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.packages = [ pkgs.cfs-zen-tweaks ]; systemd.packages = [ pkgs.cfs-zen-tweaks ];
systemd.services.set-cfs-tweaks.wantedBy = [ systemd.services.set-cfs-tweaks.wantedBy = [

View file

@ -1,11 +1,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.chromium; cfg = config.programs.chromium;
defaultProfile = filterAttrs (k: v: v != null) { defaultProfile = lib.filterAttrs (k: v: v != null) {
HomepageLocation = cfg.homepageLocation; HomepageLocation = cfg.homepageLocation;
DefaultSearchProviderEnabled = cfg.defaultSearchProviderEnabled; DefaultSearchProviderEnabled = cfg.defaultSearchProviderEnabled;
DefaultSearchProviderSearchURL = cfg.defaultSearchProviderSearchURL; DefaultSearchProviderSearchURL = cfg.defaultSearchProviderSearchURL;
@ -19,14 +17,14 @@ in
options = { options = {
programs.chromium = { programs.chromium = {
enable = mkEnableOption "{command}`chromium` policies"; enable = lib.mkEnableOption "{command}`chromium` policies";
enablePlasmaBrowserIntegration = mkEnableOption "Native Messaging Host for Plasma Browser Integration"; enablePlasmaBrowserIntegration = lib.mkEnableOption "Native Messaging Host for Plasma Browser Integration";
plasmaBrowserIntegrationPackage = mkPackageOption pkgs [ "plasma5Packages" "plasma-browser-integration" ] { }; plasmaBrowserIntegrationPackage = lib.mkPackageOption pkgs [ "plasma5Packages" "plasma-browser-integration" ] { };
extensions = mkOption { extensions = lib.mkOption {
type = with types; nullOr (listOf str); type = with lib.types; nullOr (listOf str);
description = '' description = ''
List of chromium extensions to install. List of chromium extensions to install.
For list of plugins ids see id in url of extensions on For list of plugins ids see id in url of extensions on
@ -38,7 +36,7 @@ in
for additional details. for additional details.
''; '';
default = null; default = null;
example = literalExpression '' example = lib.literalExpression ''
[ [
"chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet
"mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot "mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot
@ -48,36 +46,36 @@ in
''; '';
}; };
homepageLocation = mkOption { homepageLocation = lib.mkOption {
type = types.nullOr types.str; type = lib.types.nullOr lib.types.str;
description = "Chromium default homepage"; description = "Chromium default homepage";
default = null; default = null;
example = "https://nixos.org"; example = "https://nixos.org";
}; };
defaultSearchProviderEnabled = mkOption { defaultSearchProviderEnabled = lib.mkOption {
type = types.nullOr types.bool; type = lib.types.nullOr lib.types.bool;
description = "Enable the default search provider."; description = "Enable the default search provider.";
default = null; default = null;
example = true; example = true;
}; };
defaultSearchProviderSearchURL = mkOption { defaultSearchProviderSearchURL = lib.mkOption {
type = types.nullOr types.str; type = lib.types.nullOr lib.types.str;
description = "Chromium default search provider url."; description = "Chromium default search provider url.";
default = null; default = null;
example = "https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}"; example = "https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}";
}; };
defaultSearchProviderSuggestURL = mkOption { defaultSearchProviderSuggestURL = lib.mkOption {
type = types.nullOr types.str; type = lib.types.nullOr lib.types.str;
description = "Chromium default search provider url for suggestions."; description = "Chromium default search provider url for suggestions.";
default = null; default = null;
example = "https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"; example = "https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}";
}; };
extraOpts = mkOption { extraOpts = lib.mkOption {
type = types.attrs; type = lib.types.attrs;
description = '' description = ''
Extra chromium policy options. A list of available policies Extra chromium policy options. A list of available policies
can be found in the Chrome Enterprise documentation: can be found in the Chrome Enterprise documentation:
@ -85,7 +83,7 @@ in
Make sure the selected policy is supported on Linux and your browser version. Make sure the selected policy is supported on Linux and your browser version.
''; '';
default = {}; default = {};
example = literalExpression '' example = lib.literalExpression ''
{ {
"BrowserSignin" = 0; "BrowserSignin" = 0;
"SyncDisabled" = true; "SyncDisabled" = true;
@ -99,8 +97,8 @@ in
''; '';
}; };
initialPrefs = mkOption { initialPrefs = lib.mkOption {
type = types.attrs; type = lib.types.attrs;
description = '' description = ''
Initial preferences are used to configure the browser for the first run. Initial preferences are used to configure the browser for the first run.
Unlike {option}`programs.chromium.extraOpts`, initialPrefs can be changed by users in the browser settings. Unlike {option}`programs.chromium.extraOpts`, initialPrefs can be changed by users in the browser settings.
@ -108,7 +106,7 @@ in
<https://www.chromium.org/administrators/configuring-other-preferences/> <https://www.chromium.org/administrators/configuring-other-preferences/>
''; '';
default = {}; default = {};
example = literalExpression '' example = lib.literalExpression ''
{ {
"first_run_tabs" = [ "first_run_tabs" = [
"https://nixos.org/" "https://nixos.org/"

View file

@ -1,18 +1,16 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.cnping; cfg = config.programs.cnping;
in in
{ {
options = { options = {
programs.cnping = { programs.cnping = {
enable = mkEnableOption "a setcap wrapper for cnping"; enable = lib.mkEnableOption "a setcap wrapper for cnping";
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
security.wrappers.cnping = { security.wrappers.cnping = {
source = "${pkgs.cnping}/bin/cnping"; source = "${pkgs.cnping}/bin/cnping";
capabilities = "cap_net_raw+ep"; capabilities = "cap_net_raw+ep";

View file

@ -5,8 +5,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.command-not-found; cfg = config.programs.command-not-found;
commandNotFound = pkgs.substituteAll { commandNotFound = pkgs.substituteAll {
@ -23,8 +21,8 @@ in
{ {
options.programs.command-not-found = { options.programs.command-not-found = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Whether interactive shells should show which Nix package (if Whether interactive shells should show which Nix package (if
@ -32,7 +30,7 @@ in
''; '';
}; };
dbPath = mkOption { dbPath = lib.mkOption {
default = "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite" ; default = "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite" ;
description = '' description = ''
Absolute path to programs.sqlite. Absolute path to programs.sqlite.
@ -40,11 +38,11 @@ in
By default this file will be provided by your channel By default this file will be provided by your channel
(nixexprs.tar.xz). (nixexprs.tar.xz).
''; '';
type = types.path; type = lib.types.path;
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.bash.interactiveShellInit = programs.bash.interactiveShellInit =
'' ''
# This function is called whenever a command is not found. # This function is called whenever a command is not found.

View file

@ -1,14 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let cfg = config.programs.criu; let cfg = config.programs.criu;
in { in {
options = { options = {
programs.criu = { programs.criu = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Install {command}`criu` along with necessary kernel options. Install {command}`criu` along with necessary kernel options.
@ -16,7 +14,7 @@ in {
}; };
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
system.requiredKernelConfig = with config.lib.kernelConfig; [ system.requiredKernelConfig = with config.lib.kernelConfig; [
(isYes "CHECKPOINT_RESTORE") (isYes "CHECKPOINT_RESTORE")
]; ];

View file

@ -1,29 +1,27 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.digitalbitbox; cfg = config.programs.digitalbitbox;
in in
{ {
options.programs.digitalbitbox = { options.programs.digitalbitbox = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Installs the Digital Bitbox application and enables the complementary hardware module. Installs the Digital Bitbox application and enables the complementary hardware module.
''; '';
}; };
package = mkPackageOption pkgs "digitalbitbox" { package = lib.mkPackageOption pkgs "digitalbitbox" {
extraDescription = '' extraDescription = ''
This can be used to install a package with udev rules that differ from the defaults. This can be used to install a package with udev rules that differ from the defaults.
''; '';
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
hardware.digitalbitbox = { hardware.digitalbitbox = {
enable = true; enable = true;

View file

@ -1,19 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.dmrconfig; cfg = config.programs.dmrconfig;
in { in {
meta.maintainers = with maintainers; [ ]; meta.maintainers = with lib.maintainers; [ ];
###### interface ###### interface
options = { options = {
programs.dmrconfig = { programs.dmrconfig = {
enable = mkOption { enable = lib.mkOption {
default = false; default = false;
type = types.bool; type = lib.types.bool;
description = '' description = ''
Whether to configure system to enable use of dmrconfig. This Whether to configure system to enable use of dmrconfig. This
enables the required udev rules and installs the program. enables the required udev rules and installs the program.
@ -21,12 +19,12 @@ in {
relatedPackages = [ "dmrconfig" ]; relatedPackages = [ "dmrconfig" ];
}; };
package = mkPackageOption pkgs "dmrconfig" { }; package = lib.mkPackageOption pkgs "dmrconfig" { };
}; };
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
services.udev.packages = [ cfg.package ]; services.udev.packages = [ cfg.package ];
}; };

View file

@ -1,10 +1,8 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
with lib;
{ {
options.programs.droidcam = { options.programs.droidcam = {
enable = mkEnableOption "DroidCam client"; enable = lib.mkEnableOption "DroidCam client";
}; };
config = lib.mkIf config.programs.droidcam.enable { config = lib.mkIf config.programs.droidcam.enable {

View file

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.dublin-traceroute; cfg = config.programs.dublin-traceroute;
@ -10,22 +8,22 @@ in {
options = { options = {
programs.dublin-traceroute = { programs.dublin-traceroute = {
enable = mkEnableOption '' enable = lib.mkEnableOption ''
dublin-traceroute, add it to the global environment and configure a setcap wrapper for it. dublin-traceroute, add it to the global environment and configure a setcap wrapper for it.
''; '';
package = mkPackageOption pkgs "dublin-traceroute" { }; package = lib.mkPackageOption pkgs "dublin-traceroute" { };
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
security.wrappers.dublin-traceroute = { security.wrappers.dublin-traceroute = {
owner = "root"; owner = "root";
group = "root"; group = "root";
capabilities = "cap_net_raw+p"; capabilities = "cap_net_raw+p";
source = getExe cfg.package; source = lib.getExe cfg.package;
}; };
}; };
} }

View file

@ -1,16 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.programs.ecryptfs; cfg = config.programs.ecryptfs;
in { in {
options.programs.ecryptfs = { options.programs.ecryptfs = {
enable = mkEnableOption "ecryptfs setuid mount wrappers"; enable = lib.mkEnableOption "ecryptfs setuid mount wrappers";
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
security.wrappers = { security.wrappers = {
"mount.ecryptfs_private" = { "mount.ecryptfs_private" = {

Some files were not shown because too many files have changed in this diff Show more