Project import generated by Copybara.
GitOrigin-RevId: d5f237872975e6fb6f76eef1368b5634ffcd266f
This commit is contained in:
parent
af9b73b83f
commit
792b51d22f
1707 changed files with 32039 additions and 22422 deletions
7
third_party/nixpkgs/.editorconfig
vendored
7
third_party/nixpkgs/.editorconfig
vendored
|
@ -80,10 +80,3 @@ trim_trailing_whitespace = unset
|
||||||
|
|
||||||
[pkgs/tools/misc/timidity/timidity.cfg]
|
[pkgs/tools/misc/timidity/timidity.cfg]
|
||||||
trim_trailing_whitespace = unset
|
trim_trailing_whitespace = unset
|
||||||
|
|
||||||
[pkgs/tools/security/enpass/data.json]
|
|
||||||
insert_final_newline = unset
|
|
||||||
trim_trailing_whitespace = unset
|
|
||||||
|
|
||||||
[pkgs/top-level/emscripten-packages.nix]
|
|
||||||
trim_trailing_whitespace = unset
|
|
||||||
|
|
3
third_party/nixpkgs/.github/CODEOWNERS
vendored
3
third_party/nixpkgs/.github/CODEOWNERS
vendored
|
@ -119,6 +119,7 @@
|
||||||
# Rust
|
# Rust
|
||||||
/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
|
/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
|
||||||
/pkgs/build-support/rust @zowoq
|
/pkgs/build-support/rust @zowoq
|
||||||
|
/doc/languages-frameworks/rust.section.md @zowoq
|
||||||
|
|
||||||
# Darwin-related
|
# Darwin-related
|
||||||
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
|
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
|
||||||
|
@ -217,7 +218,7 @@
|
||||||
/nixos/modules/services/mail/rspamd.nix @peti
|
/nixos/modules/services/mail/rspamd.nix @peti
|
||||||
|
|
||||||
# Emacs
|
# Emacs
|
||||||
/pkgs/applications/editors/emacs-modes @adisbladis
|
/pkgs/applications/editors/emacs/elisp-packages @adisbladis
|
||||||
/pkgs/applications/editors/emacs @adisbladis
|
/pkgs/applications/editors/emacs @adisbladis
|
||||||
/pkgs/top-level/emacs-packages.nix @adisbladis
|
/pkgs/top-level/emacs-packages.nix @adisbladis
|
||||||
|
|
||||||
|
|
2
third_party/nixpkgs/.github/labeler.yml
vendored
2
third_party/nixpkgs/.github/labeler.yml
vendored
|
@ -16,7 +16,7 @@
|
||||||
- nixos/modules/services/editors/emacs.nix
|
- nixos/modules/services/editors/emacs.nix
|
||||||
- nixos/modules/services/editors/emacs.xml
|
- nixos/modules/services/editors/emacs.xml
|
||||||
- nixos/tests/emacs-daemon.nix
|
- nixos/tests/emacs-daemon.nix
|
||||||
- pkgs/applications/editors/emacs-modes/**/*
|
- pkgs/applications/editors/emacs/elisp-packages/**/*
|
||||||
- pkgs/applications/editors/emacs/**/*
|
- pkgs/applications/editors/emacs/**/*
|
||||||
- pkgs/build-support/emacs/**/*
|
- pkgs/build-support/emacs/**/*
|
||||||
- pkgs/top-level/emacs-packages.nix
|
- pkgs/top-level/emacs-packages.nix
|
||||||
|
|
4
third_party/nixpkgs/README.md
vendored
4
third_party/nixpkgs/README.md
vendored
|
@ -3,8 +3,8 @@
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<a href="https://www.codetriage.com/nixos/nixpkgs"><img src="https://www.codetriage.com/nixos/nixpkgs/badges/users.svg" alt="Code Triagers badge" /></a>
|
<a href="https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
|
||||||
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporter&color=brightgreen" alt="Open Collective supporters" /></a>
|
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=supporters&color=brightgreen" alt="Open Collective supporters" /></a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over
|
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over
|
||||||
|
|
|
@ -103,7 +103,8 @@ Sample template for a new package review is provided below.
|
||||||
- [ ] `meta.maintainers` is set
|
- [ ] `meta.maintainers` is set
|
||||||
- [ ] build time only dependencies are declared in `nativeBuildInputs`
|
- [ ] build time only dependencies are declared in `nativeBuildInputs`
|
||||||
- [ ] source is fetched using the appropriate function
|
- [ ] source is fetched using the appropriate function
|
||||||
- [ ] phases are respected
|
- [ ] the list of `phases` is not overridden
|
||||||
|
- [ ] when a phase (like `installPhase`) is overridden it starts with `runHook preInstall` and ends with `runHook postInstall`.
|
||||||
- [ ] patches that are remotely available are fetched with `fetchpatch`
|
- [ ] patches that are remotely available are fetched with `fetchpatch`
|
||||||
|
|
||||||
##### Possible improvements
|
##### Possible improvements
|
||||||
|
|
20
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
20
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -325,6 +325,8 @@ This generic command invokes a number of *phases*. Package builds are split into
|
||||||
|
|
||||||
Each phase can be overridden in its entirety either by setting the environment variable `namePhase` to a string containing some shell commands to be executed, or by redefining the shell function `namePhase`. The former is convenient to override a phase from the derivation, while the latter is convenient from a build script. However, typically one only wants to *add* some commands to a phase, e.g. by defining `postInstall` or `preFixup`, as skipping some of the default actions may have unexpected consequences. The default script for each phase is defined in the file `pkgs/stdenv/generic/setup.sh`.
|
Each phase can be overridden in its entirety either by setting the environment variable `namePhase` to a string containing some shell commands to be executed, or by redefining the shell function `namePhase`. The former is convenient to override a phase from the derivation, while the latter is convenient from a build script. However, typically one only wants to *add* some commands to a phase, e.g. by defining `postInstall` or `preFixup`, as skipping some of the default actions may have unexpected consequences. The default script for each phase is defined in the file `pkgs/stdenv/generic/setup.sh`.
|
||||||
|
|
||||||
|
When overriding a phase, for example `installPhase`, it is important to start with `runHook preInstall` and end it with `runHook postInstall`, otherwise `preInstall` and `postInstall` will not be run. Even if you don't use them directly, it is good practice to do so anyways for downstream users who would want to add a `postInstall` by overriding your derivation.
|
||||||
|
|
||||||
While inside an interactive `nix-shell`, if you wanted to run all phases in the order they would be run in an actual build, you can invoke `genericBuild` yourself.
|
While inside an interactive `nix-shell`, if you wanted to run all phases in the order they would be run in an actual build, you can invoke `genericBuild` yourself.
|
||||||
|
|
||||||
### Controlling phases {#ssec-controlling-phases}
|
### Controlling phases {#ssec-controlling-phases}
|
||||||
|
@ -337,7 +339,8 @@ There are a number of variables that control what phases are executed and in wha
|
||||||
|
|
||||||
Specifies the phases. You can change the order in which phases are executed, or add new phases, by setting this variable. If it’s not set, the default value is used, which is `$prePhases unpackPhase patchPhase $preConfigurePhases configurePhase $preBuildPhases buildPhase checkPhase $preInstallPhases installPhase fixupPhase installCheckPhase $preDistPhases distPhase $postPhases`.
|
Specifies the phases. You can change the order in which phases are executed, or add new phases, by setting this variable. If it’s not set, the default value is used, which is `$prePhases unpackPhase patchPhase $preConfigurePhases configurePhase $preBuildPhases buildPhase checkPhase $preInstallPhases installPhase fixupPhase installCheckPhase $preDistPhases distPhase $postPhases`.
|
||||||
|
|
||||||
Usually, if you just want to add a few phases, it’s more convenient to set one of the variables below (such as `preInstallPhases`), as you then don’t specify all the normal phases.
|
It is discouraged to set this variable, as it is easy to miss some important functionality hidden in some of the less obviously needed phases (like `fixupPhase` which patches the shebang of scripts).
|
||||||
|
Usually, if you just want to add a few phases, it’s more convenient to set one of the variables below (such as `preInstallPhases`).
|
||||||
|
|
||||||
##### `prePhases` {#var-stdenv-prePhases}
|
##### `prePhases` {#var-stdenv-prePhases}
|
||||||
|
|
||||||
|
@ -794,7 +797,7 @@ Hook executed at the start of the distribution phase.
|
||||||
|
|
||||||
Hook executed at the end of the distribution phase.
|
Hook executed at the end of the distribution phase.
|
||||||
|
|
||||||
## Shell functions {#ssec-stdenv-functions}
|
## Shell functions and utilities {#ssec-stdenv-functions}
|
||||||
|
|
||||||
The standard environment provides a number of useful functions.
|
The standard environment provides a number of useful functions.
|
||||||
|
|
||||||
|
@ -818,6 +821,19 @@ There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/bui
|
||||||
|
|
||||||
Using the `makeBinaryWrapper` implementation is usually preferred, as it creates a tiny _compiled_ wrapper executable, that can be used as a shebang interpreter. This is needed mostly on Darwin, where shebangs cannot point to scripts, [due to a limitation with the `execve`-syscall](https://stackoverflow.com/questions/67100831/macos-shebang-with-absolute-path-not-working). Compiled wrappers generated by `makeBinaryWrapper` can be inspected with `less <path-to-wrapper>` - by scrolling past the binary data you should be able to see the shell command that generated the executable and there see the environment variables that were injected into the wrapper.
|
Using the `makeBinaryWrapper` implementation is usually preferred, as it creates a tiny _compiled_ wrapper executable, that can be used as a shebang interpreter. This is needed mostly on Darwin, where shebangs cannot point to scripts, [due to a limitation with the `execve`-syscall](https://stackoverflow.com/questions/67100831/macos-shebang-with-absolute-path-not-working). Compiled wrappers generated by `makeBinaryWrapper` can be inspected with `less <path-to-wrapper>` - by scrolling past the binary data you should be able to see the shell command that generated the executable and there see the environment variables that were injected into the wrapper.
|
||||||
|
|
||||||
|
### `remove-references-to -t` \<storepath\> [ `-t` \<storepath\> ... ] \<file\> ... {#fun-remove-references-to}
|
||||||
|
|
||||||
|
Removes the references of the specified files to the specified store files. This is done without changing the size of the file by replacing the hash by `eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee`, and should work on compiled executables. This is meant to be used to remove the dependency of the output on inputs that are known to be unnecessary at runtime. Of course, reckless usage will break the patched programs.
|
||||||
|
To use this, add `removeReferencesTo` to `nativeBuildInputs`.
|
||||||
|
|
||||||
|
As `remove-references-to` is an actual executable and not a shell function, it can be used with `find`.
|
||||||
|
Example removing all references to the compiler in the output:
|
||||||
|
```nix
|
||||||
|
postInstall = ''
|
||||||
|
find "$out" -type f -exec remove-references-to -t ${stdenv.cc} '{}' +
|
||||||
|
'';
|
||||||
|
```
|
||||||
|
|
||||||
### `substitute` \<infile\> \<outfile\> \<subs\> {#fun-substitute}
|
### `substitute` \<infile\> \<outfile\> \<subs\> {#fun-substitute}
|
||||||
|
|
||||||
Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form:
|
Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form:
|
||||||
|
|
5
third_party/nixpkgs/lib/licenses.nix
vendored
5
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -596,6 +596,11 @@ in mkLicense lset) ({
|
||||||
spdxId = "MIT";
|
spdxId = "MIT";
|
||||||
fullName = "MIT License";
|
fullName = "MIT License";
|
||||||
};
|
};
|
||||||
|
# https://spdx.org/licenses/MIT-feh.html
|
||||||
|
mit-feh = {
|
||||||
|
spdxId = "MIT-feh";
|
||||||
|
fullName = "feh License";
|
||||||
|
};
|
||||||
|
|
||||||
mitAdvertising = {
|
mitAdvertising = {
|
||||||
spdxId = "MIT-advertising";
|
spdxId = "MIT-advertising";
|
||||||
|
|
104
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
104
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -145,6 +145,12 @@
|
||||||
githubId = 16829510;
|
githubId = 16829510;
|
||||||
name = "Aaron Janse";
|
name = "Aaron Janse";
|
||||||
};
|
};
|
||||||
|
aaronjheng = {
|
||||||
|
email = "wentworth@outlook.com";
|
||||||
|
github = "aaronjheng";
|
||||||
|
githubId = 806876;
|
||||||
|
name = "Aaron Jheng";
|
||||||
|
};
|
||||||
aaronschif = {
|
aaronschif = {
|
||||||
email = "aaronschif@gmail.com";
|
email = "aaronschif@gmail.com";
|
||||||
github = "aaronschif";
|
github = "aaronschif";
|
||||||
|
@ -759,13 +765,6 @@
|
||||||
githubId = 11699655;
|
githubId = 11699655;
|
||||||
name = "Stanislas Lange";
|
name = "Stanislas Lange";
|
||||||
};
|
};
|
||||||
angustrau = {
|
|
||||||
name = "Angus Trau";
|
|
||||||
email = "nix@angus.ws";
|
|
||||||
matrix = "@angustrau:matrix.org";
|
|
||||||
github = "angustrau";
|
|
||||||
githubId = 13267947;
|
|
||||||
};
|
|
||||||
anhdle14 = {
|
anhdle14 = {
|
||||||
name = "Le Anh Duc";
|
name = "Le Anh Duc";
|
||||||
email = "anhdle14@icloud.com";
|
email = "anhdle14@icloud.com";
|
||||||
|
@ -1077,6 +1076,12 @@
|
||||||
githubId = 55833;
|
githubId = 55833;
|
||||||
name = "Troels Henriksen";
|
name = "Troels Henriksen";
|
||||||
};
|
};
|
||||||
|
atila = {
|
||||||
|
name = "Átila Saraiva";
|
||||||
|
email = "atilasaraiva@gmail.com";
|
||||||
|
github = "AtilaSaraiva";
|
||||||
|
githubId = 29521461;
|
||||||
|
};
|
||||||
atkinschang = {
|
atkinschang = {
|
||||||
email = "atkinschang+nixpkgs@gmail.com";
|
email = "atkinschang+nixpkgs@gmail.com";
|
||||||
github = "AtkinsChang";
|
github = "AtkinsChang";
|
||||||
|
@ -1195,6 +1200,12 @@
|
||||||
githubId = 262763;
|
githubId = 262763;
|
||||||
name = "Ayaz Hafiz";
|
name = "Ayaz Hafiz";
|
||||||
};
|
};
|
||||||
|
azuwis = {
|
||||||
|
email = "azuwis@gmail.com";
|
||||||
|
github = "azuwis";
|
||||||
|
githubId = 9315;
|
||||||
|
name = "Zhong Jianxin";
|
||||||
|
};
|
||||||
b4dm4n = {
|
b4dm4n = {
|
||||||
email = "fabianm88@gmail.com";
|
email = "fabianm88@gmail.com";
|
||||||
github = "B4dM4n";
|
github = "B4dM4n";
|
||||||
|
@ -3388,6 +3399,12 @@
|
||||||
githubId = 18535642;
|
githubId = 18535642;
|
||||||
name = "Emily";
|
name = "Emily";
|
||||||
};
|
};
|
||||||
|
emilytrau = {
|
||||||
|
name = "Emily Trau";
|
||||||
|
email = "nix@angus.ws";
|
||||||
|
github = "emilytrau";
|
||||||
|
githubId = 13267947;
|
||||||
|
};
|
||||||
enderger = {
|
enderger = {
|
||||||
email = "endergeryt@gmail.com";
|
email = "endergeryt@gmail.com";
|
||||||
github = "enderger";
|
github = "enderger";
|
||||||
|
@ -3931,6 +3948,12 @@
|
||||||
githubId = 1276854;
|
githubId = 1276854;
|
||||||
name = "Florian Peter";
|
name = "Florian Peter";
|
||||||
};
|
};
|
||||||
|
fbeffa = {
|
||||||
|
email = "beffa@fbengineering.ch";
|
||||||
|
github = "fedeinthemix";
|
||||||
|
githubId = 7670450;
|
||||||
|
name = "Federico Beffa";
|
||||||
|
};
|
||||||
fbrs = {
|
fbrs = {
|
||||||
email = "yuuki@protonmail.com";
|
email = "yuuki@protonmail.com";
|
||||||
github = "cideM";
|
github = "cideM";
|
||||||
|
@ -4023,6 +4046,12 @@
|
||||||
github = "fitzgibbon";
|
github = "fitzgibbon";
|
||||||
githubId = 617048;
|
githubId = 617048;
|
||||||
};
|
};
|
||||||
|
fkautz = {
|
||||||
|
name = "Frederick F. Kautz IV";
|
||||||
|
email = "fkautz@alumni.cmu.edu";
|
||||||
|
github = "fkautz";
|
||||||
|
githubId = 135706;
|
||||||
|
};
|
||||||
Flakebi = {
|
Flakebi = {
|
||||||
email = "flakebi@t-online.de";
|
email = "flakebi@t-online.de";
|
||||||
github = "Flakebi";
|
github = "Flakebi";
|
||||||
|
@ -6056,6 +6085,12 @@
|
||||||
githubId = 810075;
|
githubId = 810075;
|
||||||
name = "Juan Rodal";
|
name = "Juan Rodal";
|
||||||
};
|
};
|
||||||
|
juboba = {
|
||||||
|
email = "juboba@gmail.com";
|
||||||
|
github = "juboba";
|
||||||
|
githubId = 1189739;
|
||||||
|
name = "Julio Borja Barra";
|
||||||
|
};
|
||||||
juliendehos = {
|
juliendehos = {
|
||||||
email = "dehos@lisic.univ-littoral.fr";
|
email = "dehos@lisic.univ-littoral.fr";
|
||||||
github = "juliendehos";
|
github = "juliendehos";
|
||||||
|
@ -6309,6 +6344,12 @@
|
||||||
githubId = 209729;
|
githubId = 209729;
|
||||||
name = "Kevin Griffin";
|
name = "Kevin Griffin";
|
||||||
};
|
};
|
||||||
|
kevink = {
|
||||||
|
email = "kevin@kevink.dev";
|
||||||
|
github = "Unkn0wnCat";
|
||||||
|
githubId = 8211181;
|
||||||
|
name = "Kevin Kandlbinder";
|
||||||
|
};
|
||||||
kfollesdal = {
|
kfollesdal = {
|
||||||
email = "kfollesdal@gmail.com";
|
email = "kfollesdal@gmail.com";
|
||||||
github = "kfollesdal";
|
github = "kfollesdal";
|
||||||
|
@ -7087,6 +7128,12 @@
|
||||||
githubId = 30698906;
|
githubId = 30698906;
|
||||||
name = "Luna D Dragon";
|
name = "Luna D Dragon";
|
||||||
};
|
};
|
||||||
|
LunNova = {
|
||||||
|
email = "nixpkgs-maintainer@lunnova.dev";
|
||||||
|
github = "LunNova";
|
||||||
|
githubId = 782440;
|
||||||
|
name = "Luna Nova";
|
||||||
|
};
|
||||||
lionello = {
|
lionello = {
|
||||||
email = "lio@lunesu.com";
|
email = "lio@lunesu.com";
|
||||||
github = "lionello";
|
github = "lionello";
|
||||||
|
@ -8078,13 +8125,6 @@
|
||||||
githubId = 1001112;
|
githubId = 1001112;
|
||||||
name = "Marcin Janczyk";
|
name = "Marcin Janczyk";
|
||||||
};
|
};
|
||||||
mjlbach = {
|
|
||||||
email = "m.j.lbach@gmail.com";
|
|
||||||
matrix = "@atrius:matrix.org";
|
|
||||||
github = "mjlbach";
|
|
||||||
githubId = 13316262;
|
|
||||||
name = "Michael Lingelbach";
|
|
||||||
};
|
|
||||||
mjp = {
|
mjp = {
|
||||||
email = "mike@mythik.co.uk";
|
email = "mike@mythik.co.uk";
|
||||||
github = "MikePlayle";
|
github = "MikePlayle";
|
||||||
|
@ -8893,9 +8933,9 @@
|
||||||
githubId = 2946283;
|
githubId = 2946283;
|
||||||
name = "Brian Cohen";
|
name = "Brian Cohen";
|
||||||
};
|
};
|
||||||
novoxudonoser = {
|
novoxd = {
|
||||||
email = "radnovox@gmail.com";
|
email = "radnovox@gmail.com";
|
||||||
github = "novoxudonoser";
|
github = "novoxd";
|
||||||
githubId = 6052922;
|
githubId = 6052922;
|
||||||
name = "Kirill Struokov";
|
name = "Kirill Struokov";
|
||||||
};
|
};
|
||||||
|
@ -10074,6 +10114,20 @@
|
||||||
githubId = 16624;
|
githubId = 16624;
|
||||||
name = "Maxim Ivanov";
|
name = "Maxim Ivanov";
|
||||||
};
|
};
|
||||||
|
reckenrode = {
|
||||||
|
name = "Randy Eckenrode";
|
||||||
|
email = "randy@largeandhighquality.com";
|
||||||
|
matrix = "@reckenrode:matrix.org";
|
||||||
|
github = "reckenrode";
|
||||||
|
githubId = 7413633;
|
||||||
|
keys = [
|
||||||
|
# compare with https://keybase.io/reckenrode
|
||||||
|
{
|
||||||
|
longkeyid = "ed25519/0xFBF19A982CCE0048";
|
||||||
|
fingerprint = "01D7 5486 3A6D 64EA AC77 0D26 FBF1 9A98 2CCE 0048";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
redfish64 = {
|
redfish64 = {
|
||||||
email = "engler@gmail.com";
|
email = "engler@gmail.com";
|
||||||
github = "redfish64";
|
github = "redfish64";
|
||||||
|
@ -11042,6 +11096,16 @@
|
||||||
github = "shikanime";
|
github = "shikanime";
|
||||||
githubId = 22115108;
|
githubId = 22115108;
|
||||||
};
|
};
|
||||||
|
shiryel = {
|
||||||
|
email = "contact@shiryel.com";
|
||||||
|
name = "Shiryel";
|
||||||
|
github = "shiryel";
|
||||||
|
githubId = 35617139;
|
||||||
|
keys = [{
|
||||||
|
longkeyid = "ed25519/0xC4041EA6B32633DE";
|
||||||
|
fingerprint = "AB63 4CD9 3322 BD42 6231 F764 C404 1EA6 B326 33DE";
|
||||||
|
}];
|
||||||
|
};
|
||||||
shlevy = {
|
shlevy = {
|
||||||
email = "shea@shealevy.com";
|
email = "shea@shealevy.com";
|
||||||
github = "shlevy";
|
github = "shlevy";
|
||||||
|
@ -13161,6 +13225,12 @@
|
||||||
githubId = 1297598;
|
githubId = 1297598;
|
||||||
name = "Konrad Borowski";
|
name = "Konrad Borowski";
|
||||||
};
|
};
|
||||||
|
xgroleau = {
|
||||||
|
email = "xgroleau@gmail.com";
|
||||||
|
github = "xgroleau";
|
||||||
|
githubId = 31734358;
|
||||||
|
name = "Xavier Groleau";
|
||||||
|
};
|
||||||
xiorcale = {
|
xiorcale = {
|
||||||
email = "quentin.vaucher@pm.me";
|
email = "quentin.vaucher@pm.me";
|
||||||
github = "xiorcale";
|
github = "xiorcale";
|
||||||
|
@ -13217,7 +13287,7 @@
|
||||||
};
|
};
|
||||||
yana = {
|
yana = {
|
||||||
email = "yana@riseup.net";
|
email = "yana@riseup.net";
|
||||||
github = "alpakido";
|
github = "sowelisuwi";
|
||||||
githubId = 1643293;
|
githubId = 1643293;
|
||||||
name = "Yana Timoshenko";
|
name = "Yana Timoshenko";
|
||||||
};
|
};
|
||||||
|
|
|
@ -214,7 +214,6 @@ with lib.maintainers; {
|
||||||
mguentner
|
mguentner
|
||||||
ekleog
|
ekleog
|
||||||
ralith
|
ralith
|
||||||
mjlbach
|
|
||||||
dandellion
|
dandellion
|
||||||
sumnerevans
|
sumnerevans
|
||||||
];
|
];
|
||||||
|
@ -223,7 +222,7 @@ with lib.maintainers; {
|
||||||
|
|
||||||
openstack = {
|
openstack = {
|
||||||
members = [
|
members = [
|
||||||
angustrau
|
emilytrau
|
||||||
SuperSandro2000
|
SuperSandro2000
|
||||||
];
|
];
|
||||||
scope = "Maintain the ecosystem around OpenStack";
|
scope = "Maintain the ecosystem around OpenStack";
|
||||||
|
|
72
third_party/nixpkgs/nixos/doc/manual/development/activation-script.section.md
vendored
Normal file
72
third_party/nixpkgs/nixos/doc/manual/development/activation-script.section.md
vendored
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
# Activation script {#sec-activation-script}
|
||||||
|
|
||||||
|
The activation script is a bash script called to activate the new
|
||||||
|
configuration which resides in a NixOS system in `$out/activate`. Since its
|
||||||
|
contents depend on your system configuration, the contents may differ.
|
||||||
|
This chapter explains how the script works in general and some common NixOS
|
||||||
|
snippets. Please be aware that the script is executed on every boot and system
|
||||||
|
switch, so tasks that can be performed in other places should be performed
|
||||||
|
there (for example letting a directory of a service be created by systemd using
|
||||||
|
mechanisms like `StateDirectory`, `CacheDirectory`, ... or if that's not
|
||||||
|
possible using `preStart` of the service).
|
||||||
|
|
||||||
|
Activation scripts are defined as snippets using
|
||||||
|
[](#opt-system.activationScripts). They can either be a simple multiline string
|
||||||
|
or an attribute set that can depend on other snippets. The builder for the
|
||||||
|
activation script will take these dependencies into account and order the
|
||||||
|
snippets accordingly. As a simple example:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
system.activationScripts.my-activation-script = {
|
||||||
|
deps = [ "etc" ];
|
||||||
|
# supportsDryActivation = true;
|
||||||
|
text = ''
|
||||||
|
echo "Hallo i bims"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
This example creates an activation script snippet that is run after the `etc`
|
||||||
|
snippet. The special variable `supportsDryActivation` can be set so the snippet
|
||||||
|
is also run when `nixos-rebuild dry-activate` is run. To differentiate between
|
||||||
|
real and dry activation, the `$NIXOS_ACTION` environment variable can be
|
||||||
|
read which is set to `dry-activate` when a dry activation is done.
|
||||||
|
|
||||||
|
An activation script can write to special files instructing
|
||||||
|
`switch-to-configuration` to restart/reload units. The script will take these
|
||||||
|
requests into account and will incorperate the unit configuration as described
|
||||||
|
above. This means that the activation script will "fake" a modified unit file
|
||||||
|
and `switch-to-configuration` will act accordingly. By doing so, configuration
|
||||||
|
like [systemd.services.\<name\>.restartIfChanged](#opt-systemd.services) is
|
||||||
|
respected. Since the activation script is run **after** services are already
|
||||||
|
stopped, [systemd.services.\<name\>.stopIfChanged](#opt-systemd.services)
|
||||||
|
cannot be taken into account anymore and the unit is always restarted instead
|
||||||
|
of being stopped and started afterwards.
|
||||||
|
|
||||||
|
The files that can be written to are `/run/nixos/activation-restart-list` and
|
||||||
|
`/run/nixos/activation-reload-list` with their respective counterparts for
|
||||||
|
dry activation being `/run/nixos/dry-activation-restart-list` and
|
||||||
|
`/run/nixos/dry-activation-reload-list`. Those files can contain
|
||||||
|
newline-separated lists of unit names where duplicates are being ignored. These
|
||||||
|
files are not create automatically and activation scripts must take the
|
||||||
|
possiblility into account that they have to create them first.
|
||||||
|
|
||||||
|
## NixOS snippets {#sec-activation-script-nixos-snippets}
|
||||||
|
|
||||||
|
There are some snippets NixOS enables by default because disabling them would
|
||||||
|
most likely break you system. This section lists a few of them and what they
|
||||||
|
do:
|
||||||
|
|
||||||
|
- `binsh` creates `/bin/sh` which points to the runtime shell
|
||||||
|
- `etc` sets up the contents of `/etc`, this includes systemd units and
|
||||||
|
excludes `/etc/passwd`, `/etc/group`, and `/etc/shadow` (which are managed by
|
||||||
|
the `users` snippet)
|
||||||
|
- `hostname` sets the system's hostname in the kernel (not in `/etc`)
|
||||||
|
- `modprobe` sets the path to the `modprobe` binary for module auto-loading
|
||||||
|
- `nix` prepares the nix store and adds a default initial channel
|
||||||
|
- `specialfs` is responsible for mounting filesystems like `/proc` and `sys`
|
||||||
|
- `users` creates and removes users and groups by managing `/etc/passwd`,
|
||||||
|
`/etc/group` and `/etc/shadow`. This also creates home directories
|
||||||
|
- `usrbinenv` creates `/usr/bin/env`
|
||||||
|
- `var` creates some directories in `/var` that are not service-specific
|
||||||
|
- `wrappers` creates setuid wrappers like `ping` and `sudo`
|
|
@ -12,6 +12,7 @@
|
||||||
<xi:include href="../from_md/development/sources.chapter.xml" />
|
<xi:include href="../from_md/development/sources.chapter.xml" />
|
||||||
<xi:include href="../from_md/development/writing-modules.chapter.xml" />
|
<xi:include href="../from_md/development/writing-modules.chapter.xml" />
|
||||||
<xi:include href="../from_md/development/building-parts.chapter.xml" />
|
<xi:include href="../from_md/development/building-parts.chapter.xml" />
|
||||||
|
<xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" />
|
||||||
<xi:include href="../from_md/development/writing-documentation.chapter.xml" />
|
<xi:include href="../from_md/development/writing-documentation.chapter.xml" />
|
||||||
<xi:include href="../from_md/development/building-nixos.chapter.xml" />
|
<xi:include href="../from_md/development/building-nixos.chapter.xml" />
|
||||||
<xi:include href="../from_md/development/nixos-tests.chapter.xml" />
|
<xi:include href="../from_md/development/nixos-tests.chapter.xml" />
|
||||||
|
|
57
third_party/nixpkgs/nixos/doc/manual/development/unit-handling.section.md
vendored
Normal file
57
third_party/nixpkgs/nixos/doc/manual/development/unit-handling.section.md
vendored
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
# Unit handling {#sec-unit-handling}
|
||||||
|
|
||||||
|
To figure out what units need to be started/stopped/restarted/reloaded, the
|
||||||
|
script first checks the current state of the system, similar to what `systemctl
|
||||||
|
list-units` shows. For each of the units, the script goes through the following
|
||||||
|
checks:
|
||||||
|
|
||||||
|
- Is the unit file still in the new system? If not, **stop** the service unless
|
||||||
|
it sets `X-StopOnRemoval` in the `[Unit]` section to `false`.
|
||||||
|
|
||||||
|
- Is it a `.target` unit? If so, **start** it unless it sets
|
||||||
|
`RefuseManualStart` in the `[Unit]` section to `true` or `X-OnlyManualStart`
|
||||||
|
in the `[Unit]` section to `true`. Also **stop** the unit again unless it
|
||||||
|
sets `X-StopOnReconfiguration` to `false`.
|
||||||
|
|
||||||
|
- Are the contents of the unit files different? They are compared by parsing
|
||||||
|
them and comparing their contents. If they are different but only
|
||||||
|
`X-Reload-Triggers` in the `[Unit]` section is changed, **reload** the unit.
|
||||||
|
The NixOS module system allows setting these triggers with the option
|
||||||
|
[systemd.services.\<name\>.reloadTriggers](#opt-systemd.services). If the
|
||||||
|
unit files differ in any way, the following actions are performed:
|
||||||
|
|
||||||
|
- `.path` and `.slice` units are ignored. There is no need to restart them
|
||||||
|
since changes in their values are applied by systemd when systemd is
|
||||||
|
reloaded.
|
||||||
|
|
||||||
|
- `.mount` units are **reload**ed. These mostly come from the `/etc/fstab`
|
||||||
|
parser.
|
||||||
|
|
||||||
|
- `.socket` units are currently ignored. This is to be fixed at a later
|
||||||
|
point.
|
||||||
|
|
||||||
|
- The rest of the units (mostly `.service` units) are then **reload**ed if
|
||||||
|
`X-ReloadIfChanged` in the `[Service]` section is set to `true` (exposed
|
||||||
|
via [systemd.services.\<name\>.reloadIfChanged](#opt-systemd.services)).
|
||||||
|
|
||||||
|
- If the reload flag is not set, some more flags decide if the unit is
|
||||||
|
skipped. These flags are `X-RestartIfChanged` in the `[Service]` section
|
||||||
|
(exposed via
|
||||||
|
[systemd.services.\<name\>.restartIfChanged](#opt-systemd.services)),
|
||||||
|
`RefuseManualStop` in the `[Unit]` section, and `X-OnlyManualStart` in the
|
||||||
|
`[Unit]` section.
|
||||||
|
|
||||||
|
- The rest of the behavior is decided whether the unit has `X-StopIfChanged`
|
||||||
|
in the `[Service]` section set (exposed via
|
||||||
|
[systemd.services.\<name\>.stopIfChanged](#opt-systemd.services)). This is
|
||||||
|
set to `true` by default and must be explicitly turned off if not wanted.
|
||||||
|
If the flag is enabled, the unit is **stop**ped and then **start**ed. If
|
||||||
|
not, the unit is **restart**ed. The goal of the flag is to make sure that
|
||||||
|
the new unit never runs in the old environment which is still in place
|
||||||
|
before the activation script is run.
|
||||||
|
|
||||||
|
- The last thing that is taken into account is whether the unit is a service
|
||||||
|
and socket-activated. Due to a bug, this is currently only done when
|
||||||
|
`X-StopIfChanged` is set. If the unit is socket-activated, the socket is
|
||||||
|
stopped and started, and the service is stopped and to be started by socket
|
||||||
|
activation.
|
53
third_party/nixpkgs/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md
vendored
Normal file
53
third_party/nixpkgs/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
# What happens during a system switch? {#sec-switching-systems}
|
||||||
|
|
||||||
|
Running `nixos-rebuild switch` is one of the more common tasks under NixOS.
|
||||||
|
This chapter explains some of the internals of this command to make it simpler
|
||||||
|
for new module developers to configure their units correctly and to make it
|
||||||
|
easier to understand what is happening and why for curious administrators.
|
||||||
|
|
||||||
|
`nixos-rebuild`, like many deployment solutions, calls `switch-to-configuration`
|
||||||
|
which resides in a NixOS system at `$out/bin/switch-to-configuration`. The
|
||||||
|
script is called with the action that is to be performed like `switch`, `test`,
|
||||||
|
`boot`. There is also the `dry-activate` action which does not really perform
|
||||||
|
the actions but rather prints what it would do if you called it with `test`.
|
||||||
|
This feature can be used to check what service states would be changed if the
|
||||||
|
configuration was switched to.
|
||||||
|
|
||||||
|
If the action is `switch` or `boot`, the bootloader is updated first so the
|
||||||
|
configuration will be the next one to boot. Unless `NIXOS_NO_SYNC` is set to
|
||||||
|
`1`, `/nix/store` is synced to disk.
|
||||||
|
|
||||||
|
If the action is `switch` or `test`, the currently running system is inspected
|
||||||
|
and the actions to switch to the new system are calculated. This process takes
|
||||||
|
two data sources into account: `/etc/fstab` and the current systemd status.
|
||||||
|
Mounts and swaps are read from `/etc/fstab` and the corresponding actions are
|
||||||
|
generated. If a new mount is added, for example, the proper `.mount` unit is
|
||||||
|
marked to be started. The current systemd state is inspected, the difference
|
||||||
|
between the current system and the desired configuration is calculated and
|
||||||
|
actions are generated to get to this state. There are a lot of nuances that can
|
||||||
|
be controlled by the units which are explained here.
|
||||||
|
|
||||||
|
After calculating what should be done, the actions are carried out. The order
|
||||||
|
of actions is always the same:
|
||||||
|
- Stop units (`systemctl stop`)
|
||||||
|
- Run activation script (`$out/activate`)
|
||||||
|
- See if the activation script requested more units to restart
|
||||||
|
- Restart systemd if needed (`systemd daemon-reexec`)
|
||||||
|
- Forget about the failed state of units (`systemctl reset-failed`)
|
||||||
|
- Reload systemd (`systemctl daemon-reload`)
|
||||||
|
- Reload systemd user instances (`systemctl --user daemon-reload`)
|
||||||
|
- Set up tmpfiles (`systemd-tmpfiles --create`)
|
||||||
|
- Reload units (`systemctl reload`)
|
||||||
|
- Restart units (`systemctl restart`)
|
||||||
|
- Start units (`systemctl start`)
|
||||||
|
- Inspect what changed during these actions and print units that failed and
|
||||||
|
that were newly started
|
||||||
|
|
||||||
|
Most of these actions are either self-explaining but some of them have to do
|
||||||
|
with our units or the activation script. For this reason, these topics are
|
||||||
|
explained in the next sections.
|
||||||
|
|
||||||
|
```{=docbook}
|
||||||
|
<xi:include href="unit-handling.section.xml" />
|
||||||
|
<xi:include href="activation-script.section.xml" />
|
||||||
|
```
|
150
third_party/nixpkgs/nixos/doc/manual/from_md/development/activation-script.section.xml
vendored
Normal file
150
third_party/nixpkgs/nixos/doc/manual/from_md/development/activation-script.section.xml
vendored
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-activation-script">
|
||||||
|
<title>Activation script</title>
|
||||||
|
<para>
|
||||||
|
The activation script is a bash script called to activate the new
|
||||||
|
configuration which resides in a NixOS system in
|
||||||
|
<literal>$out/activate</literal>. Since its contents depend on your
|
||||||
|
system configuration, the contents may differ. This chapter explains
|
||||||
|
how the script works in general and some common NixOS snippets.
|
||||||
|
Please be aware that the script is executed on every boot and system
|
||||||
|
switch, so tasks that can be performed in other places should be
|
||||||
|
performed there (for example letting a directory of a service be
|
||||||
|
created by systemd using mechanisms like
|
||||||
|
<literal>StateDirectory</literal>,
|
||||||
|
<literal>CacheDirectory</literal>, … or if that’s not possible using
|
||||||
|
<literal>preStart</literal> of the service).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Activation scripts are defined as snippets using
|
||||||
|
<xref linkend="opt-system.activationScripts" />. They can either be
|
||||||
|
a simple multiline string or an attribute set that can depend on
|
||||||
|
other snippets. The builder for the activation script will take
|
||||||
|
these dependencies into account and order the snippets accordingly.
|
||||||
|
As a simple example:
|
||||||
|
</para>
|
||||||
|
<programlisting language="bash">
|
||||||
|
system.activationScripts.my-activation-script = {
|
||||||
|
deps = [ "etc" ];
|
||||||
|
# supportsDryActivation = true;
|
||||||
|
text = ''
|
||||||
|
echo "Hallo i bims"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
This example creates an activation script snippet that is run after
|
||||||
|
the <literal>etc</literal> snippet. The special variable
|
||||||
|
<literal>supportsDryActivation</literal> can be set so the snippet
|
||||||
|
is also run when <literal>nixos-rebuild dry-activate</literal> is
|
||||||
|
run. To differentiate between real and dry activation, the
|
||||||
|
<literal>$NIXOS_ACTION</literal> environment variable can be read
|
||||||
|
which is set to <literal>dry-activate</literal> when a dry
|
||||||
|
activation is done.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
An activation script can write to special files instructing
|
||||||
|
<literal>switch-to-configuration</literal> to restart/reload units.
|
||||||
|
The script will take these requests into account and will
|
||||||
|
incorperate the unit configuration as described above. This means
|
||||||
|
that the activation script will <quote>fake</quote> a modified unit
|
||||||
|
file and <literal>switch-to-configuration</literal> will act
|
||||||
|
accordingly. By doing so, configuration like
|
||||||
|
<link linkend="opt-systemd.services">systemd.services.<name>.restartIfChanged</link>
|
||||||
|
is respected. Since the activation script is run
|
||||||
|
<emphasis role="strong">after</emphasis> services are already
|
||||||
|
stopped,
|
||||||
|
<link linkend="opt-systemd.services">systemd.services.<name>.stopIfChanged</link>
|
||||||
|
cannot be taken into account anymore and the unit is always
|
||||||
|
restarted instead of being stopped and started afterwards.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The files that can be written to are
|
||||||
|
<literal>/run/nixos/activation-restart-list</literal> and
|
||||||
|
<literal>/run/nixos/activation-reload-list</literal> with their
|
||||||
|
respective counterparts for dry activation being
|
||||||
|
<literal>/run/nixos/dry-activation-restart-list</literal> and
|
||||||
|
<literal>/run/nixos/dry-activation-reload-list</literal>. Those
|
||||||
|
files can contain newline-separated lists of unit names where
|
||||||
|
duplicates are being ignored. These files are not create
|
||||||
|
automatically and activation scripts must take the possiblility into
|
||||||
|
account that they have to create them first.
|
||||||
|
</para>
|
||||||
|
<section xml:id="sec-activation-script-nixos-snippets">
|
||||||
|
<title>NixOS snippets</title>
|
||||||
|
<para>
|
||||||
|
There are some snippets NixOS enables by default because disabling
|
||||||
|
them would most likely break you system. This section lists a few
|
||||||
|
of them and what they do:
|
||||||
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>binsh</literal> creates <literal>/bin/sh</literal>
|
||||||
|
which points to the runtime shell
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>etc</literal> sets up the contents of
|
||||||
|
<literal>/etc</literal>, this includes systemd units and
|
||||||
|
excludes <literal>/etc/passwd</literal>,
|
||||||
|
<literal>/etc/group</literal>, and
|
||||||
|
<literal>/etc/shadow</literal> (which are managed by the
|
||||||
|
<literal>users</literal> snippet)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>hostname</literal> sets the system’s hostname in the
|
||||||
|
kernel (not in <literal>/etc</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>modprobe</literal> sets the path to the
|
||||||
|
<literal>modprobe</literal> binary for module auto-loading
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>nix</literal> prepares the nix store and adds a
|
||||||
|
default initial channel
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>specialfs</literal> is responsible for mounting
|
||||||
|
filesystems like <literal>/proc</literal> and
|
||||||
|
<literal>sys</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>users</literal> creates and removes users and groups
|
||||||
|
by managing <literal>/etc/passwd</literal>,
|
||||||
|
<literal>/etc/group</literal> and
|
||||||
|
<literal>/etc/shadow</literal>. This also creates home
|
||||||
|
directories
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>usrbinenv</literal> creates
|
||||||
|
<literal>/usr/bin/env</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>var</literal> creates some directories in
|
||||||
|
<literal>/var</literal> that are not service-specific
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>wrappers</literal> creates setuid wrappers like
|
||||||
|
<literal>ping</literal> and <literal>sudo</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
||||||
|
</section>
|
119
third_party/nixpkgs/nixos/doc/manual/from_md/development/unit-handling.section.xml
vendored
Normal file
119
third_party/nixpkgs/nixos/doc/manual/from_md/development/unit-handling.section.xml
vendored
Normal file
|
@ -0,0 +1,119 @@
|
||||||
|
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-unit-handling">
|
||||||
|
<title>Unit handling</title>
|
||||||
|
<para>
|
||||||
|
To figure out what units need to be
|
||||||
|
started/stopped/restarted/reloaded, the script first checks the
|
||||||
|
current state of the system, similar to what
|
||||||
|
<literal>systemctl list-units</literal> shows. For each of the
|
||||||
|
units, the script goes through the following checks:
|
||||||
|
</para>
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Is the unit file still in the new system? If not,
|
||||||
|
<emphasis role="strong">stop</emphasis> the service unless it
|
||||||
|
sets <literal>X-StopOnRemoval</literal> in the
|
||||||
|
<literal>[Unit]</literal> section to <literal>false</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Is it a <literal>.target</literal> unit? If so,
|
||||||
|
<emphasis role="strong">start</emphasis> it unless it sets
|
||||||
|
<literal>RefuseManualStart</literal> in the
|
||||||
|
<literal>[Unit]</literal> section to <literal>true</literal> or
|
||||||
|
<literal>X-OnlyManualStart</literal> in the
|
||||||
|
<literal>[Unit]</literal> section to <literal>true</literal>.
|
||||||
|
Also <emphasis role="strong">stop</emphasis> the unit again
|
||||||
|
unless it sets <literal>X-StopOnReconfiguration</literal> to
|
||||||
|
<literal>false</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Are the contents of the unit files different? They are compared
|
||||||
|
by parsing them and comparing their contents. If they are
|
||||||
|
different but only <literal>X-Reload-Triggers</literal> in the
|
||||||
|
<literal>[Unit]</literal> section is changed,
|
||||||
|
<emphasis role="strong">reload</emphasis> the unit. The NixOS
|
||||||
|
module system allows setting these triggers with the option
|
||||||
|
<link linkend="opt-systemd.services">systemd.services.<name>.reloadTriggers</link>.
|
||||||
|
If the unit files differ in any way, the following actions are
|
||||||
|
performed:
|
||||||
|
</para>
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>.path</literal> and <literal>.slice</literal> units
|
||||||
|
are ignored. There is no need to restart them since changes
|
||||||
|
in their values are applied by systemd when systemd is
|
||||||
|
reloaded.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>.mount</literal> units are
|
||||||
|
<emphasis role="strong">reload</emphasis>ed. These mostly
|
||||||
|
come from the <literal>/etc/fstab</literal> parser.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>.socket</literal> units are currently ignored. This
|
||||||
|
is to be fixed at a later point.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The rest of the units (mostly <literal>.service</literal>
|
||||||
|
units) are then <emphasis role="strong">reload</emphasis>ed
|
||||||
|
if <literal>X-ReloadIfChanged</literal> in the
|
||||||
|
<literal>[Service]</literal> section is set to
|
||||||
|
<literal>true</literal> (exposed via
|
||||||
|
<link linkend="opt-systemd.services">systemd.services.<name>.reloadIfChanged</link>).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If the reload flag is not set, some more flags decide if the
|
||||||
|
unit is skipped. These flags are
|
||||||
|
<literal>X-RestartIfChanged</literal> in the
|
||||||
|
<literal>[Service]</literal> section (exposed via
|
||||||
|
<link linkend="opt-systemd.services">systemd.services.<name>.restartIfChanged</link>),
|
||||||
|
<literal>RefuseManualStop</literal> in the
|
||||||
|
<literal>[Unit]</literal> section, and
|
||||||
|
<literal>X-OnlyManualStart</literal> in the
|
||||||
|
<literal>[Unit]</literal> section.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The rest of the behavior is decided whether the unit has
|
||||||
|
<literal>X-StopIfChanged</literal> in the
|
||||||
|
<literal>[Service]</literal> section set (exposed via
|
||||||
|
<link linkend="opt-systemd.services">systemd.services.<name>.stopIfChanged</link>).
|
||||||
|
This is set to <literal>true</literal> by default and must
|
||||||
|
be explicitly turned off if not wanted. If the flag is
|
||||||
|
enabled, the unit is
|
||||||
|
<emphasis role="strong">stop</emphasis>ped and then
|
||||||
|
<emphasis role="strong">start</emphasis>ed. If not, the unit
|
||||||
|
is <emphasis role="strong">restart</emphasis>ed. The goal of
|
||||||
|
the flag is to make sure that the new unit never runs in the
|
||||||
|
old environment which is still in place before the
|
||||||
|
activation script is run.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The last thing that is taken into account is whether the
|
||||||
|
unit is a service and socket-activated. Due to a bug, this
|
||||||
|
is currently only done when
|
||||||
|
<literal>X-StopIfChanged</literal> is set. If the unit is
|
||||||
|
socket-activated, the socket is stopped and started, and the
|
||||||
|
service is stopped and to be started by socket activation.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
|
@ -0,0 +1,122 @@
|
||||||
|
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="sec-switching-systems">
|
||||||
|
<title>What happens during a system switch?</title>
|
||||||
|
<para>
|
||||||
|
Running <literal>nixos-rebuild switch</literal> is one of the more
|
||||||
|
common tasks under NixOS. This chapter explains some of the
|
||||||
|
internals of this command to make it simpler for new module
|
||||||
|
developers to configure their units correctly and to make it easier
|
||||||
|
to understand what is happening and why for curious administrators.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<literal>nixos-rebuild</literal>, like many deployment solutions,
|
||||||
|
calls <literal>switch-to-configuration</literal> which resides in a
|
||||||
|
NixOS system at <literal>$out/bin/switch-to-configuration</literal>.
|
||||||
|
The script is called with the action that is to be performed like
|
||||||
|
<literal>switch</literal>, <literal>test</literal>,
|
||||||
|
<literal>boot</literal>. There is also the
|
||||||
|
<literal>dry-activate</literal> action which does not really perform
|
||||||
|
the actions but rather prints what it would do if you called it with
|
||||||
|
<literal>test</literal>. This feature can be used to check what
|
||||||
|
service states would be changed if the configuration was switched
|
||||||
|
to.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
If the action is <literal>switch</literal> or
|
||||||
|
<literal>boot</literal>, the bootloader is updated first so the
|
||||||
|
configuration will be the next one to boot. Unless
|
||||||
|
<literal>NIXOS_NO_SYNC</literal> is set to <literal>1</literal>,
|
||||||
|
<literal>/nix/store</literal> is synced to disk.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
If the action is <literal>switch</literal> or
|
||||||
|
<literal>test</literal>, the currently running system is inspected
|
||||||
|
and the actions to switch to the new system are calculated. This
|
||||||
|
process takes two data sources into account:
|
||||||
|
<literal>/etc/fstab</literal> and the current systemd status. Mounts
|
||||||
|
and swaps are read from <literal>/etc/fstab</literal> and the
|
||||||
|
corresponding actions are generated. If a new mount is added, for
|
||||||
|
example, the proper <literal>.mount</literal> unit is marked to be
|
||||||
|
started. The current systemd state is inspected, the difference
|
||||||
|
between the current system and the desired configuration is
|
||||||
|
calculated and actions are generated to get to this state. There are
|
||||||
|
a lot of nuances that can be controlled by the units which are
|
||||||
|
explained here.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
After calculating what should be done, the actions are carried out.
|
||||||
|
The order of actions is always the same:
|
||||||
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Stop units (<literal>systemctl stop</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Run activation script (<literal>$out/activate</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
See if the activation script requested more units to restart
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Restart systemd if needed
|
||||||
|
(<literal>systemd daemon-reexec</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Forget about the failed state of units
|
||||||
|
(<literal>systemctl reset-failed</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Reload systemd (<literal>systemctl daemon-reload</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Reload systemd user instances
|
||||||
|
(<literal>systemctl --user daemon-reload</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Set up tmpfiles (<literal>systemd-tmpfiles --create</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Reload units (<literal>systemctl reload</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Restart units (<literal>systemctl restart</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Start units (<literal>systemctl start</literal>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Inspect what changed during these actions and print units that
|
||||||
|
failed and that were newly started
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
<para>
|
||||||
|
Most of these actions are either self-explaining but some of them
|
||||||
|
have to do with our units or the activation script. For this reason,
|
||||||
|
these topics are explained in the next sections.
|
||||||
|
</para>
|
||||||
|
<xi:include href="unit-handling.section.xml" />
|
||||||
|
<xi:include href="activation-script.section.xml" />
|
||||||
|
</chapter>
|
|
@ -7,11 +7,11 @@
|
||||||
<para>
|
<para>
|
||||||
These instructions assume that you have an existing PXE or iPXE
|
These instructions assume that you have an existing PXE or iPXE
|
||||||
infrastructure and simply want to add the NixOS installer as another
|
infrastructure and simply want to add the NixOS installer as another
|
||||||
option. To build the necessary files from a recent version of
|
option. To build the necessary files from your current version of
|
||||||
nixpkgs, you can run:
|
nixpkgs, you can run:
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
nix-build -A netboot.x86_64-linux nixos/release.nix
|
nix-build -A netboot.x86_64-linux '<nixpkgs/nixos/release.nix>'
|
||||||
</programlisting>
|
</programlisting>
|
||||||
<para>
|
<para>
|
||||||
This will create a <literal>result</literal> directory containing: *
|
This will create a <literal>result</literal> directory containing: *
|
||||||
|
|
|
@ -42,6 +42,14 @@
|
||||||
upgrade notes</link>.
|
upgrade notes</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
systemd services can now set
|
||||||
|
<link linkend="opt-systemd.services">systemd.services.<name>.reloadTriggers</link>
|
||||||
|
instead of <literal>reloadIfChanged</literal> for a more
|
||||||
|
granular distinction between reloads and restarts.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="sec-release-22.05-new-services">
|
<section xml:id="sec-release-22.05-new-services">
|
||||||
|
@ -114,6 +122,14 @@
|
||||||
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
|
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>,
|
||||||
|
an easy to use tool to change the mapping of your input device
|
||||||
|
buttons. Available at
|
||||||
|
<link xlink:href="options.html#opt-services.input-remapper.enable">services.input-remapper</link>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<link xlink:href="https://invoiceplane.com">InvoicePlane</link>,
|
<link xlink:href="https://invoiceplane.com">InvoicePlane</link>,
|
||||||
|
@ -144,6 +160,14 @@
|
||||||
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
|
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://github.com/mbrubeck/agate">agate</link>,
|
||||||
|
a very simple server for the Gemini hypertext protocol.
|
||||||
|
Available as
|
||||||
|
<link xlink:href="options.html#opt-services.agate.enable">services.agate</link>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>,
|
<link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>,
|
||||||
|
@ -214,6 +238,13 @@
|
||||||
<link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
|
<link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>,
|
||||||
|
fast and lightweight DNS proxy as ad-blocker for local network
|
||||||
|
with many features.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="sec-release-22.05-incompatibilities">
|
<section xml:id="sec-release-22.05-incompatibilities">
|
||||||
|
@ -253,6 +284,23 @@
|
||||||
<literal>(ghc.withPackages.override { useLLVM = true; }) (p: [])</literal>.
|
<literal>(ghc.withPackages.override { useLLVM = true; }) (p: [])</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>home-assistant</literal> module now requires
|
||||||
|
users that don’t want their configuration to be managed
|
||||||
|
declaratively to set
|
||||||
|
<literal>services.home-assistant.config = null;</literal>.
|
||||||
|
This is required due to the way default settings are handled
|
||||||
|
with the new settings style.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Additionally the default list of
|
||||||
|
<literal>extraComponents</literal> now includes the minimal
|
||||||
|
dependencies to successfully complete the
|
||||||
|
<link xlink:href="https://www.home-assistant.io/getting-started/onboarding/">onboarding</link>
|
||||||
|
procedure.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>pkgs.emacsPackages.orgPackages</literal> is removed
|
<literal>pkgs.emacsPackages.orgPackages</literal> is removed
|
||||||
|
@ -270,6 +318,17 @@
|
||||||
removed due to it being an outdated version.
|
removed due to it being an outdated version.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>services.kubernetes.scheduler.{port,address}</literal>
|
||||||
|
now set <literal>--secure-port</literal> and
|
||||||
|
<literal>--bind-address</literal> instead of
|
||||||
|
<literal>--port</literal> and <literal>--address</literal>,
|
||||||
|
since the former have been deprecated and are no longer
|
||||||
|
functional in kubernetes>=1.23. Ensure that you are not
|
||||||
|
relying on the insecure behaviour before upgrading.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The DHCP server (<literal>services.dhcpd4</literal>,
|
The DHCP server (<literal>services.dhcpd4</literal>,
|
||||||
|
@ -354,6 +413,15 @@
|
||||||
<literal>virtualisation.docker.daemon.settings</literal>.
|
<literal>virtualisation.docker.daemon.settings</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Ntopng (<literal>services.ntopng</literal>) is updated to
|
||||||
|
5.2.1 and uses a separate Redis instance if
|
||||||
|
<literal>system.stateVersion</literal> is at least
|
||||||
|
<literal>22.05</literal>. Existing setups shouldn’t be
|
||||||
|
affected.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The backward compatibility in
|
The backward compatibility in
|
||||||
|
@ -550,6 +618,15 @@
|
||||||
honors <literal>restartIfChanged</literal> and
|
honors <literal>restartIfChanged</literal> and
|
||||||
<literal>reloadIfChanged</literal> of the units.
|
<literal>reloadIfChanged</literal> of the units.
|
||||||
</para>
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Preferring to reload instead of restarting can still
|
||||||
|
be achieved using
|
||||||
|
<literal>/run/nixos/activation-reload-list</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
|
@ -609,6 +686,12 @@
|
||||||
wrapper for <literal>assert</literal> conditions.
|
wrapper for <literal>assert</literal> conditions.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>vpnc</literal> package has been changed to use
|
||||||
|
GnuTLS instead of OpenSSL by default for licensing reasons.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
|
<literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
|
||||||
|
@ -858,6 +941,12 @@
|
||||||
<literal>programs.starship.settings</literal>.
|
<literal>programs.starship.settings</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <link xlink:href="https://dino.im">Dino</link> XMPP client
|
||||||
|
was updated to 0.3, adding support for audio and video calls.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>services.mattermost.plugins</literal> has been added
|
<literal>services.mattermost.plugins</literal> has been added
|
||||||
|
|
|
@ -5,11 +5,11 @@ setup.
|
||||||
|
|
||||||
These instructions assume that you have an existing PXE or iPXE
|
These instructions assume that you have an existing PXE or iPXE
|
||||||
infrastructure and simply want to add the NixOS installer as another
|
infrastructure and simply want to add the NixOS installer as another
|
||||||
option. To build the necessary files from a recent version of nixpkgs,
|
option. To build the necessary files from your current version of nixpkgs,
|
||||||
you can run:
|
you can run:
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
nix-build -A netboot.x86_64-linux nixos/release.nix
|
nix-build -A netboot.x86_64-linux '<nixpkgs/nixos/release.nix>'
|
||||||
```
|
```
|
||||||
|
|
||||||
This will create a `result` directory containing: \* `bzImage` -- the
|
This will create a `result` directory containing: \* `bzImage` -- the
|
||||||
|
|
|
@ -17,6 +17,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
|
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
|
||||||
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
|
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
|
||||||
|
|
||||||
|
- systemd services can now set [systemd.services.\<name\>.reloadTriggers](#opt-systemd.services) instead of `reloadIfChanged` for a more granular distinction between reloads and restarts.
|
||||||
|
|
||||||
## New Services {#sec-release-22.05-new-services}
|
## New Services {#sec-release-22.05-new-services}
|
||||||
|
|
||||||
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
|
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
|
||||||
|
@ -37,6 +39,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
|
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
|
||||||
|
|
||||||
|
- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](options.html#opt-services.input-remapper.enable).
|
||||||
|
|
||||||
- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable).
|
- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable).
|
||||||
|
|
||||||
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
|
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
|
||||||
|
@ -45,6 +49,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
|
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
|
||||||
|
|
||||||
|
- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](options.html#opt-services.agate.enable).
|
||||||
|
|
||||||
- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](options.html#opt-services.archisteamfarm.enable).
|
- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](options.html#opt-services.archisteamfarm.enable).
|
||||||
|
|
||||||
- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable).
|
- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable).
|
||||||
|
@ -65,6 +71,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable)
|
- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable)
|
||||||
|
|
||||||
|
- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features.
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
||||||
|
@ -87,6 +95,15 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
`useLLVM`. So instead of `(ghc.withPackages (p: [])).override { withLLVM = true; }`,
|
`useLLVM`. So instead of `(ghc.withPackages (p: [])).override { withLLVM = true; }`,
|
||||||
one needs to use `(ghc.withPackages.override { useLLVM = true; }) (p: [])`.
|
one needs to use `(ghc.withPackages.override { useLLVM = true; }) (p: [])`.
|
||||||
|
|
||||||
|
- The `home-assistant` module now requires users that don't want their
|
||||||
|
configuration to be managed declaratively to set
|
||||||
|
`services.home-assistant.config = null;`. This is required
|
||||||
|
due to the way default settings are handled with the new settings style.
|
||||||
|
|
||||||
|
Additionally the default list of `extraComponents` now includes the minimal
|
||||||
|
dependencies to successfully complete the [onboarding](https://www.home-assistant.io/getting-started/onboarding/)
|
||||||
|
procedure.
|
||||||
|
|
||||||
- `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated.
|
- `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated.
|
||||||
The packages in the top level of `pkgs.emacsPackages`, such as org and
|
The packages in the top level of `pkgs.emacsPackages`, such as org and
|
||||||
org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and
|
org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and
|
||||||
|
@ -94,6 +111,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
|
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
|
||||||
|
|
||||||
|
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
|
||||||
|
|
||||||
- The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened.
|
- The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened.
|
||||||
The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities.
|
The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities.
|
||||||
The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed.
|
The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed.
|
||||||
|
@ -117,6 +136,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
|
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
|
||||||
|
|
||||||
|
- Ntopng (`services.ntopng`) is updated to 5.2.1 and uses a separate Redis instance if `system.stateVersion` is at least `22.05`. Existing setups shouldn't be affected.
|
||||||
|
|
||||||
- The backward compatibility in `services.wordpress` to configure sites with
|
- The backward compatibility in `services.wordpress` to configure sites with
|
||||||
the old interface has been removed. Please use `services.wordpress.sites`
|
the old interface has been removed. Please use `services.wordpress.sites`
|
||||||
instead.
|
instead.
|
||||||
|
@ -179,6 +200,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `switch-to-configuration` (the script that is run when running `nixos-rebuild switch` for example) has been reworked
|
- `switch-to-configuration` (the script that is run when running `nixos-rebuild switch` for example) has been reworked
|
||||||
* The interface that allows activation scripts to restart units has been streamlined. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
|
* The interface that allows activation scripts to restart units has been streamlined. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
|
||||||
|
* Preferring to reload instead of restarting can still be achieved using `/run/nixos/activation-reload-list`.
|
||||||
* The script now uses a proper ini-file parser to parse systemd units. Some values are now only searched in one section instead of in the entire unit. This is only relevant for units that don't use the NixOS systemd moule.
|
* The script now uses a proper ini-file parser to parse systemd units. Some values are now only searched in one section instead of in the entire unit. This is only relevant for units that don't use the NixOS systemd moule.
|
||||||
* `RefuseManualStop`, `X-OnlyManualStart`, `X-StopOnRemoval`, `X-StopOnReconfiguration` are only searched in the `[Unit]` section
|
* `RefuseManualStop`, `X-OnlyManualStart`, `X-StopOnRemoval`, `X-StopOnReconfiguration` are only searched in the `[Unit]` section
|
||||||
* `X-ReloadIfChanged`, `X-RestartIfChanged`, `X-StopIfChanged` are only searched in the `[Service]` section
|
* `X-ReloadIfChanged`, `X-RestartIfChanged`, `X-StopIfChanged` are only searched in the `[Service]` section
|
||||||
|
@ -193,6 +215,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.
|
- `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.
|
||||||
|
|
||||||
|
- The `vpnc` package has been changed to use GnuTLS instead of OpenSSL by default for licensing reasons.
|
||||||
|
|
||||||
- `pkgs.vimPlugins.onedark-nvim` now refers to [navarasu/onedark.nvim](https://github.com/navarasu/onedark.nvim)
|
- `pkgs.vimPlugins.onedark-nvim` now refers to [navarasu/onedark.nvim](https://github.com/navarasu/onedark.nvim)
|
||||||
(formerly refers to [olimorris/onedarkpro.nvim](https://github.com/olimorris/onedarkpro.nvim)).
|
(formerly refers to [olimorris/onedarkpro.nvim](https://github.com/olimorris/onedarkpro.nvim)).
|
||||||
|
|
||||||
|
@ -291,6 +315,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
|
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
|
||||||
providing the options `programs.starship.enable` and `programs.starship.settings`.
|
providing the options `programs.starship.enable` and `programs.starship.settings`.
|
||||||
|
|
||||||
|
- The [Dino](https://dino.im) XMPP client was updated to 0.3, adding support for audio and video calls.
|
||||||
|
|
||||||
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
|
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
|
||||||
Plugins are automatically repackaged using autoPatchelf.
|
Plugins are automatically repackaged using autoPatchelf.
|
||||||
|
|
||||||
|
|
|
@ -201,6 +201,17 @@ in rec {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
reloadTriggers = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf unitOption;
|
||||||
|
description = ''
|
||||||
|
An arbitrary list of items such as derivations. If any item
|
||||||
|
in the list changes between reconfigurations, the service will
|
||||||
|
be reloaded. If anything but a reload trigger changes in the
|
||||||
|
unit file, the unit will be restarted instead.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
onFailure = mkOption {
|
onFailure = mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
type = types.listOf unitNameType;
|
type = types.listOf unitNameType;
|
||||||
|
@ -338,6 +349,11 @@ in rec {
|
||||||
configuration switch if its definition has changed. If
|
configuration switch if its definition has changed. If
|
||||||
enabled, the value of <option>restartIfChanged</option> is
|
enabled, the value of <option>restartIfChanged</option> is
|
||||||
ignored.
|
ignored.
|
||||||
|
|
||||||
|
This option should not be used anymore in favor of
|
||||||
|
<option>reloadTriggers</option> which allows more granular
|
||||||
|
control of when a service is reloaded and when a service
|
||||||
|
is restarted.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -241,9 +241,15 @@ class LegacyStartCommand(StartCommand):
|
||||||
cdrom: Optional[str] = None,
|
cdrom: Optional[str] = None,
|
||||||
usb: Optional[str] = None,
|
usb: Optional[str] = None,
|
||||||
bios: Optional[str] = None,
|
bios: Optional[str] = None,
|
||||||
|
qemuBinary: Optional[str] = None,
|
||||||
qemuFlags: Optional[str] = None,
|
qemuFlags: Optional[str] = None,
|
||||||
):
|
):
|
||||||
self._cmd = "qemu-kvm -m 384"
|
if qemuBinary is not None:
|
||||||
|
self._cmd = qemuBinary
|
||||||
|
else:
|
||||||
|
self._cmd = "qemu-kvm"
|
||||||
|
|
||||||
|
self._cmd += " -m 384"
|
||||||
|
|
||||||
# networking
|
# networking
|
||||||
net_backend = "-netdev user,id=net0"
|
net_backend = "-netdev user,id=net0"
|
||||||
|
@ -381,6 +387,7 @@ class Machine:
|
||||||
cdrom=args.get("cdrom"),
|
cdrom=args.get("cdrom"),
|
||||||
usb=args.get("usb"),
|
usb=args.get("usb"),
|
||||||
bios=args.get("bios"),
|
bios=args.get("bios"),
|
||||||
|
qemuBinary=args.get("qemuBinary"),
|
||||||
qemuFlags=args.get("qemuFlags"),
|
qemuFlags=args.get("qemuFlags"),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -24,10 +24,6 @@ let kernelVersion = config.boot.kernelPackages.kernel.version; in
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf config.networking.enableB43Firmware {
|
config = mkIf config.networking.enableB43Firmware {
|
||||||
assertions = singleton
|
|
||||||
{ assertion = lessThan 0 (builtins.compareVersions kernelVersion "3.2");
|
|
||||||
message = "b43 firmware for kernels older than 3.2 not packaged yet!";
|
|
||||||
};
|
|
||||||
hardware.firmware = [ pkgs.b43Firmware_5_1_138 ];
|
hardware.firmware = [ pkgs.b43Firmware_5_1_138 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -16,11 +16,6 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
assertions = singleton {
|
|
||||||
assertion = versionAtLeast kernelPackages.kernel.version "3.2";
|
|
||||||
message = "Magewell Pro Capture family module is not supported for kernels older than 3.2";
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.kernelModules = [ "ProCapture" ];
|
boot.kernelModules = [ "ProCapture" ];
|
||||||
|
|
||||||
environment.systemPackages = [ kernelPackages.mwprocapture ];
|
environment.systemPackages = [ kernelPackages.mwprocapture ];
|
||||||
|
|
|
@ -450,6 +450,7 @@
|
||||||
./services/hardware/undervolt.nix
|
./services/hardware/undervolt.nix
|
||||||
./services/hardware/vdr.nix
|
./services/hardware/vdr.nix
|
||||||
./services/hardware/xow.nix
|
./services/hardware/xow.nix
|
||||||
|
./services/home-automation/home-assistant.nix
|
||||||
./services/logging/SystemdJournal2Gelf.nix
|
./services/logging/SystemdJournal2Gelf.nix
|
||||||
./services/logging/awstats.nix
|
./services/logging/awstats.nix
|
||||||
./services/logging/filebeat.nix
|
./services/logging/filebeat.nix
|
||||||
|
@ -545,8 +546,8 @@
|
||||||
./services/misc/headphones.nix
|
./services/misc/headphones.nix
|
||||||
./services/misc/heisenbridge.nix
|
./services/misc/heisenbridge.nix
|
||||||
./services/misc/greenclip.nix
|
./services/misc/greenclip.nix
|
||||||
./services/misc/home-assistant.nix
|
|
||||||
./services/misc/ihaskell.nix
|
./services/misc/ihaskell.nix
|
||||||
|
./services/misc/input-remapper.nix
|
||||||
./services/misc/irkerd.nix
|
./services/misc/irkerd.nix
|
||||||
./services/misc/jackett.nix
|
./services/misc/jackett.nix
|
||||||
./services/misc/jellyfin.nix
|
./services/misc/jellyfin.nix
|
||||||
|
@ -595,6 +596,7 @@
|
||||||
./services/misc/redmine.nix
|
./services/misc/redmine.nix
|
||||||
./services/misc/rippled.nix
|
./services/misc/rippled.nix
|
||||||
./services/misc/ripple-data-api.nix
|
./services/misc/ripple-data-api.nix
|
||||||
|
./services/misc/rmfakecloud.nix
|
||||||
./services/misc/serviio.nix
|
./services/misc/serviio.nix
|
||||||
./services/misc/safeeyes.nix
|
./services/misc/safeeyes.nix
|
||||||
./services/misc/sdrplay.nix
|
./services/misc/sdrplay.nix
|
||||||
|
@ -716,6 +718,7 @@
|
||||||
./services/networking/bird.nix
|
./services/networking/bird.nix
|
||||||
./services/networking/bitlbee.nix
|
./services/networking/bitlbee.nix
|
||||||
./services/networking/blockbook-frontend.nix
|
./services/networking/blockbook-frontend.nix
|
||||||
|
./services/networking/blocky.nix
|
||||||
./services/networking/charybdis.nix
|
./services/networking/charybdis.nix
|
||||||
./services/networking/cjdns.nix
|
./services/networking/cjdns.nix
|
||||||
./services/networking/cntlm.nix
|
./services/networking/cntlm.nix
|
||||||
|
@ -759,7 +762,6 @@
|
||||||
./services/networking/go-neb.nix
|
./services/networking/go-neb.nix
|
||||||
./services/networking/go-shadowsocks2.nix
|
./services/networking/go-shadowsocks2.nix
|
||||||
./services/networking/gobgpd.nix
|
./services/networking/gobgpd.nix
|
||||||
./services/networking/gogoclient.nix
|
|
||||||
./services/networking/gvpe.nix
|
./services/networking/gvpe.nix
|
||||||
./services/networking/hans.nix
|
./services/networking/hans.nix
|
||||||
./services/networking/haproxy.nix
|
./services/networking/haproxy.nix
|
||||||
|
@ -1056,6 +1058,7 @@
|
||||||
./services/web-apps/wordpress.nix
|
./services/web-apps/wordpress.nix
|
||||||
./services/web-apps/youtrack.nix
|
./services/web-apps/youtrack.nix
|
||||||
./services/web-apps/zabbix.nix
|
./services/web-apps/zabbix.nix
|
||||||
|
./services/web-servers/agate.nix
|
||||||
./services/web-servers/apache-httpd/default.nix
|
./services/web-servers/apache-httpd/default.nix
|
||||||
./services/web-servers/caddy/default.nix
|
./services/web-servers/caddy/default.nix
|
||||||
./services/web-servers/darkhttpd.nix
|
./services/web-servers/darkhttpd.nix
|
||||||
|
|
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
|
@ -90,6 +90,8 @@ with lib;
|
||||||
|
|
||||||
(mkRemovedOptionModule [ "services" "shellinabox" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "shellinabox" ] "The corresponding package was removed from nixpkgs.")
|
||||||
|
|
||||||
|
(mkRemovedOptionModule [ "services" "gogoclient" ] "The corresponding package was removed from nixpkgs.")
|
||||||
|
|
||||||
# Do NOT add any option renames here, see top of the file
|
# Do NOT add any option renames here, see top of the file
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -92,7 +92,6 @@ let
|
||||||
, permissions
|
, permissions
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
assert (lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3");
|
|
||||||
''
|
''
|
||||||
cp ${securityWrapper}/bin/security-wrapper "$wrapperDir/${program}"
|
cp ${securityWrapper}/bin/security-wrapper "$wrapperDir/${program}"
|
||||||
echo -n "${source}" > "$wrapperDir/${program}.real"
|
echo -n "${source}" > "$wrapperDir/${program}.real"
|
||||||
|
|
|
@ -9,6 +9,13 @@ in
|
||||||
services.jmusicbot = {
|
services.jmusicbot = {
|
||||||
enable = mkEnableOption "jmusicbot, a Discord music bot that's easy to set up and run yourself";
|
enable = mkEnableOption "jmusicbot, a Discord music bot that's easy to set up and run yourself";
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.jmusicbot;
|
||||||
|
defaultText = literalExpression "pkgs.jmusicbot";
|
||||||
|
description = "JMusicBot package to use";
|
||||||
|
};
|
||||||
|
|
||||||
stateDir = mkOption {
|
stateDir = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -27,7 +34,7 @@ in
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
description = "Discord music bot that's easy to set up and run yourself!";
|
description = "Discord music bot that's easy to set up and run yourself!";
|
||||||
serviceConfig = mkMerge [{
|
serviceConfig = mkMerge [{
|
||||||
ExecStart = "${pkgs.jmusicbot}/bin/JMusicBot";
|
ExecStart = "${cfg.package}/bin/JMusicBot";
|
||||||
WorkingDirectory = cfg.stateDir;
|
WorkingDirectory = cfg.stateDir;
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = 20;
|
RestartSec = 20;
|
||||||
|
|
|
@ -113,9 +113,10 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.mysql-backup = {
|
services.mysql-backup = {
|
||||||
description = "Mysql backup service";
|
description = "MySQL backup service";
|
||||||
enable = true;
|
enable = true;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
};
|
};
|
||||||
script = backupScript;
|
script = backupScript;
|
||||||
|
|
|
@ -66,12 +66,12 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Slice = "kubernetes.slice";
|
Slice = "kubernetes.slice";
|
||||||
ExecStart = ''${top.package}/bin/kube-scheduler \
|
ExecStart = ''${top.package}/bin/kube-scheduler \
|
||||||
--address=${cfg.address} \
|
--bind-address=${cfg.address} \
|
||||||
${optionalString (cfg.featureGates != [])
|
${optionalString (cfg.featureGates != [])
|
||||||
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
|
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
|
||||||
--kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
|
--kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
|
||||||
--leader-elect=${boolToString cfg.leaderElect} \
|
--leader-elect=${boolToString cfg.leaderElect} \
|
||||||
--port=${toString cfg.port} \
|
--secure-port=${toString cfg.port} \
|
||||||
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
|
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
|
||||||
${cfg.extraOpts}
|
${cfg.extraOpts}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -164,8 +164,6 @@ in
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
systemd.services.undervolt = {
|
systemd.services.undervolt = {
|
||||||
path = [ pkgs.undervolt ];
|
|
||||||
|
|
||||||
description = "Intel Undervolting Service";
|
description = "Intel Undervolting Service";
|
||||||
|
|
||||||
# Apply undervolt on boot, nixos generation switch and resume
|
# Apply undervolt on boot, nixos generation switch and resume
|
||||||
|
@ -175,7 +173,7 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
Restart = "no";
|
Restart = "no";
|
||||||
ExecStart = "${pkgs.undervolt}/bin/undervolt ${toString cliArgs}";
|
ExecStart = "${cfg.package}/bin/undervolt ${toString cliArgs}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -4,35 +4,27 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.home-assistant;
|
cfg = config.services.home-assistant;
|
||||||
|
format = pkgs.formats.yaml {};
|
||||||
|
|
||||||
# cfg.config != null can be assumed here
|
# Render config attribute sets to YAML
|
||||||
configJSON = pkgs.writeText "configuration.json"
|
# Values that are null will be filtered from the output, so this is one way to have optional
|
||||||
(builtins.toJSON (if cfg.applyDefaultConfig then
|
# options shown in settings.
|
||||||
(recursiveUpdate defaultConfig cfg.config) else cfg.config));
|
# We post-process the result to add support for YAML functions, like secrets or includes, see e.g.
|
||||||
|
# https://www.home-assistant.io/docs/configuration/secrets/
|
||||||
|
filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ null ])) cfg.config or {};
|
||||||
configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } ''
|
configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } ''
|
||||||
${pkgs.remarshal}/bin/json2yaml -i ${configJSON} -o $out
|
cp ${format.generate "configuration.yaml" filteredConfig} $out
|
||||||
# Hack to support custom yaml objects,
|
|
||||||
# i.e. secrets: https://www.home-assistant.io/docs/configuration/secrets/
|
|
||||||
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
|
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
|
||||||
'';
|
'';
|
||||||
|
lovelaceConfig = cfg.lovelaceConfig or {};
|
||||||
|
lovelaceConfigFile = format.generate "ui-lovelace.yaml" lovelaceConfig;
|
||||||
|
|
||||||
lovelaceConfigJSON = pkgs.writeText "ui-lovelace.json"
|
# Components advertised by the home-assistant package
|
||||||
(builtins.toJSON cfg.lovelaceConfig);
|
|
||||||
lovelaceConfigFile = pkgs.runCommand "ui-lovelace.yaml" { preferLocalBuild = true; } ''
|
|
||||||
${pkgs.remarshal}/bin/json2yaml -i ${lovelaceConfigJSON} -o $out
|
|
||||||
'';
|
|
||||||
|
|
||||||
availableComponents = cfg.package.availableComponents;
|
availableComponents = cfg.package.availableComponents;
|
||||||
|
|
||||||
|
# Components that were added by overriding the package
|
||||||
explicitComponents = cfg.package.extraComponents;
|
explicitComponents = cfg.package.extraComponents;
|
||||||
|
useExplicitComponent = component: elem component explicitComponents;
|
||||||
usedPlatforms = config:
|
|
||||||
if isAttrs config then
|
|
||||||
optional (config ? platform) config.platform
|
|
||||||
++ concatMap usedPlatforms (attrValues config)
|
|
||||||
else if isList config then
|
|
||||||
concatMap usedPlatforms config
|
|
||||||
else [ ];
|
|
||||||
|
|
||||||
# Given a component "platform", looks up whether it is used in the config
|
# Given a component "platform", looks up whether it is used in the config
|
||||||
# as `platform = "platform";`.
|
# as `platform = "platform";`.
|
||||||
|
@ -42,33 +34,45 @@ let
|
||||||
# platform = "mqtt";
|
# platform = "mqtt";
|
||||||
# ...
|
# ...
|
||||||
# } ];
|
# } ];
|
||||||
|
usedPlatforms = config:
|
||||||
|
if isAttrs config then
|
||||||
|
optional (config ? platform) config.platform
|
||||||
|
++ concatMap usedPlatforms (attrValues config)
|
||||||
|
else if isList config then
|
||||||
|
concatMap usedPlatforms config
|
||||||
|
else [ ];
|
||||||
|
|
||||||
useComponentPlatform = component: elem component (usedPlatforms cfg.config);
|
useComponentPlatform = component: elem component (usedPlatforms cfg.config);
|
||||||
|
|
||||||
useExplicitComponent = component: elem component explicitComponents;
|
# Returns whether component is used in config, explicitly passed into package or
|
||||||
|
# configured in the module.
|
||||||
# Returns whether component is used in config or explicitly passed into package
|
|
||||||
useComponent = component:
|
useComponent = component:
|
||||||
hasAttrByPath (splitString "." component) cfg.config
|
hasAttrByPath (splitString "." component) cfg.config
|
||||||
|| useComponentPlatform component
|
|| useComponentPlatform component
|
||||||
|| useExplicitComponent component;
|
|| useExplicitComponent component
|
||||||
|
|| builtins.elem component cfg.extraComponents;
|
||||||
|
|
||||||
# List of components used in config
|
# Final list of components passed into the package to include required dependencies
|
||||||
extraComponents = filter useComponent availableComponents;
|
extraComponents = filter useComponent availableComponents;
|
||||||
|
|
||||||
package = if (cfg.autoExtraComponents && cfg.config != null)
|
package = (cfg.package.override (oldArgs: {
|
||||||
then (cfg.package.override { inherit extraComponents; })
|
# Respect overrides that already exist in the passed package and
|
||||||
else cfg.package;
|
# concat it with values passed via the module.
|
||||||
|
extraComponents = oldArgs.extraComponents or [] ++ extraComponents;
|
||||||
# If you are changing this, please update the description in applyDefaultConfig
|
extraPackages = ps: (oldArgs.extraPackages or (_: []) ps) ++ (cfg.extraPackages ps);
|
||||||
defaultConfig = {
|
}));
|
||||||
homeassistant.time_zone = config.time.timeZone;
|
|
||||||
http.server_port = cfg.port;
|
|
||||||
} // optionalAttrs (cfg.lovelaceConfig != null) {
|
|
||||||
lovelace.mode = "yaml";
|
|
||||||
};
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
meta.maintainers = teams.home-assistant.members;
|
imports = [
|
||||||
|
# Migrations in NixOS 22.05
|
||||||
|
(mkRemovedOptionModule [ "services" "home-assistant" "applyDefaultConfig" ] "The default config was migrated into services.home-assistant.config")
|
||||||
|
(mkRemovedOptionModule [ "services" "home-assistant" "autoExtraComponents" ] "Components are now parsed from services.home-assistant.config unconditionally")
|
||||||
|
(mkRenamedOptionModule [ "services" "home-assistant" "port" ] [ "services" "home-assistant" "config" "http" "server_port" ])
|
||||||
|
];
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
buildDocsInSandbox = false;
|
||||||
|
maintainers = teams.home-assistant.members;
|
||||||
|
};
|
||||||
|
|
||||||
options.services.home-assistant = {
|
options.services.home-assistant = {
|
||||||
# Running home-assistant on NixOS is considered an installation method that is unsupported by the upstream project.
|
# Running home-assistant on NixOS is considered an installation method that is unsupported by the upstream project.
|
||||||
|
@ -81,42 +85,166 @@ in {
|
||||||
description = "The config directory, where your <filename>configuration.yaml</filename> is located.";
|
description = "The config directory, where your <filename>configuration.yaml</filename> is located.";
|
||||||
};
|
};
|
||||||
|
|
||||||
port = mkOption {
|
extraComponents = mkOption {
|
||||||
default = 8123;
|
type = types.listOf (types.enum availableComponents);
|
||||||
type = types.port;
|
default = [
|
||||||
description = "The port on which to listen.";
|
# List of components required to complete the onboarding
|
||||||
|
"default_config"
|
||||||
|
"met"
|
||||||
|
"esphome"
|
||||||
|
] ++ optionals (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) [
|
||||||
|
# Use the platform as an indicator that we might be running on a RaspberryPi and include
|
||||||
|
# relevant components
|
||||||
|
"rpi_power"
|
||||||
|
];
|
||||||
|
example = literalExpression ''
|
||||||
|
[
|
||||||
|
"analytics"
|
||||||
|
"default_config"
|
||||||
|
"esphome"
|
||||||
|
"my"
|
||||||
|
"shopping_list"
|
||||||
|
"wled"
|
||||||
|
]
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
List of <link xlink:href="https://www.home-assistant.io/integrations/">components</link> that have their dependencies included in the package.
|
||||||
|
|
||||||
|
The component name can be found in the URL, for example <literal>https://www.home-assistant.io/integrations/ffmpeg/</literal> would map to <literal>ffmpeg</literal>.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
applyDefaultConfig = mkOption {
|
extraPackages = mkOption {
|
||||||
default = true;
|
type = types.functionTo (types.listOf types.package);
|
||||||
type = types.bool;
|
default = _: [];
|
||||||
|
defaultText = literalExpression ''
|
||||||
|
python3Packages: with python3Packages; [];
|
||||||
|
'';
|
||||||
|
example = literalExpression ''
|
||||||
|
python3Packages: with python3Packages; [
|
||||||
|
# postgresql support
|
||||||
|
psycopg2
|
||||||
|
];
|
||||||
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
Setting this option enables a few configuration options for HA based on NixOS configuration (such as time zone) to avoid having to manually specify configuration we already have.
|
List of packages to add to propagatedBuildInputs.
|
||||||
</para>
|
|
||||||
<para>
|
A popular example is <package>python3Packages.psycopg2</package>
|
||||||
Currently one side effect of enabling this is that the <literal>http</literal> component will be enabled.
|
for PostgreSQL support in the recorder component.
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
This only takes effect if <literal>config != null</literal> in order to ensure that a manually managed <filename>configuration.yaml</filename> is not overwritten.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkOption {
|
config = mkOption {
|
||||||
|
type = types.submodule {
|
||||||
|
freeformType = format.type;
|
||||||
|
options = {
|
||||||
|
# This is a partial selection of the most common options, so new users can quickly
|
||||||
|
# pick up how to match home-assistants config structure to ours. It also lets us preset
|
||||||
|
# config values intelligently.
|
||||||
|
|
||||||
|
homeassistant = {
|
||||||
|
# https://www.home-assistant.io/docs/configuration/basic/
|
||||||
|
name = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
# Migrate to new option types later: https://github.com/NixOS/nixpkgs/pull/75584
|
example = "Home";
|
||||||
type = with lib.types; let
|
description = ''
|
||||||
valueType = nullOr (oneOf [
|
Name of the location where Home Assistant is running.
|
||||||
bool
|
'';
|
||||||
int
|
};
|
||||||
float
|
|
||||||
str
|
latitude = mkOption {
|
||||||
(lazyAttrsOf valueType)
|
type = types.nullOr (types.either types.float types.str);
|
||||||
(listOf valueType)
|
default = null;
|
||||||
]) // {
|
example = 52.3;
|
||||||
description = "Yaml value";
|
description = ''
|
||||||
emptyValue.value = {};
|
Latitude of your location required to calculate the time the sun rises and sets.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
longitude = mkOption {
|
||||||
|
type = types.nullOr (types.either types.float types.str);
|
||||||
|
default = null;
|
||||||
|
example = 4.9;
|
||||||
|
description = ''
|
||||||
|
Longitude of your location required to calculate the time the sun rises and sets.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
unit_system = mkOption {
|
||||||
|
type = types.nullOr (types.enum [ "metric" "imperial" ]);
|
||||||
|
default = null;
|
||||||
|
example = "metric";
|
||||||
|
description = ''
|
||||||
|
The unit system to use. This also sets temperature_unit, Celsius for Metric and Fahrenheit for Imperial.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
temperature_unit = mkOption {
|
||||||
|
type = types.nullOr (types.enum [ "C" "F" ]);
|
||||||
|
default = null;
|
||||||
|
example = "C";
|
||||||
|
description = ''
|
||||||
|
Override temperature unit set by unit_system. <literal>C</literal> for Celsius, <literal>F</literal> for Fahrenheit.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
time_zone = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = config.time.timeZone or null;
|
||||||
|
defaultText = literalExpression ''
|
||||||
|
config.time.timeZone or null
|
||||||
|
'';
|
||||||
|
example = "Europe/Amsterdam";
|
||||||
|
description = ''
|
||||||
|
Pick your time zone from the column TZ of Wikipedia’s <link xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">list of tz database time zones</link>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
http = {
|
||||||
|
# https://www.home-assistant.io/integrations/http/
|
||||||
|
server_host = mkOption {
|
||||||
|
type = types.either types.str (types.listOf types.str);
|
||||||
|
default = [
|
||||||
|
"0.0.0.0"
|
||||||
|
"::"
|
||||||
|
];
|
||||||
|
example = "::1";
|
||||||
|
description = ''
|
||||||
|
Only listen to incoming requests on specific IP/host. The default listed assumes support for IPv4 and IPv6.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
server_port = mkOption {
|
||||||
|
default = 8123;
|
||||||
|
type = types.port;
|
||||||
|
description = ''
|
||||||
|
The port on which to listen.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
lovelace = {
|
||||||
|
# https://www.home-assistant.io/lovelace/dashboards/
|
||||||
|
mode = mkOption {
|
||||||
|
type = types.enum [ "yaml" "storage" ];
|
||||||
|
default = if cfg.lovelaceConfig != null
|
||||||
|
then "yaml"
|
||||||
|
else "storage";
|
||||||
|
defaultText = literalExpression ''
|
||||||
|
if cfg.lovelaceConfig != null
|
||||||
|
then "yaml"
|
||||||
|
else "storage";
|
||||||
|
'';
|
||||||
|
example = "yaml";
|
||||||
|
description = ''
|
||||||
|
In what mode should the main Lovelace panel be, <literal>yaml</literal> or <literal>storage</literal> (UI managed).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
in valueType;
|
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
{
|
{
|
||||||
homeassistant = {
|
homeassistant = {
|
||||||
|
@ -130,15 +258,19 @@ in {
|
||||||
frontend = {
|
frontend = {
|
||||||
themes = "!include_dir_merge_named themes";
|
themes = "!include_dir_merge_named themes";
|
||||||
};
|
};
|
||||||
http = { };
|
http = {};
|
||||||
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
Your <filename>configuration.yaml</filename> as a Nix attribute set.
|
Your <filename>configuration.yaml</filename> as a Nix attribute set.
|
||||||
Beware that setting this option will delete your previous <filename>configuration.yaml</filename>.
|
|
||||||
<link xlink:href="https://www.home-assistant.io/docs/configuration/secrets/">Secrets</link>
|
YAML functions like <link xlink:href="https://www.home-assistant.io/docs/configuration/secrets/">secrets</link>
|
||||||
are encoded as strings as shown in the example.
|
can be passed as a string and will be unquoted automatically.
|
||||||
|
|
||||||
|
Unless this option is explicitly set to <literal>null</literal>
|
||||||
|
we assume your <filename>configuration.yaml</filename> is
|
||||||
|
managed through this module and thereby overwritten on startup.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -147,16 +279,18 @@ in {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
description = ''
|
description = ''
|
||||||
Whether to make <filename>configuration.yaml</filename> writable.
|
Whether to make <filename>configuration.yaml</filename> writable.
|
||||||
This only has an effect if <option>config</option> is set.
|
|
||||||
This will allow you to edit it from Home Assistant's web interface.
|
This will allow you to edit it from Home Assistant's web interface.
|
||||||
|
|
||||||
|
This only has an effect if <option>config</option> is set.
|
||||||
However, bear in mind that it will be overwritten at every start of the service.
|
However, bear in mind that it will be overwritten at every start of the service.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
lovelaceConfig = mkOption {
|
lovelaceConfig = mkOption {
|
||||||
default = null;
|
default = null;
|
||||||
type = with types; nullOr attrs;
|
type = types.nullOr format.type;
|
||||||
# from https://www.home-assistant.io/lovelace/yaml-mode/
|
# from https://www.home-assistant.io/lovelace/dashboards/
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
{
|
{
|
||||||
title = "My Awesome Home";
|
title = "My Awesome Home";
|
||||||
|
@ -172,8 +306,8 @@ in {
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
Your <filename>ui-lovelace.yaml</filename> as a Nix attribute set.
|
Your <filename>ui-lovelace.yaml</filename> as a Nix attribute set.
|
||||||
Setting this option will automatically add
|
Setting this option will automatically set <literal>lovelace.mode</literal> to <literal>yaml</literal>.
|
||||||
<literal>lovelace.mode = "yaml";</literal> to your <option>config</option>.
|
|
||||||
Beware that setting this option will delete your previous <filename>ui-lovelace.yaml</filename>
|
Beware that setting this option will delete your previous <filename>ui-lovelace.yaml</filename>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -183,8 +317,10 @@ in {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
description = ''
|
description = ''
|
||||||
Whether to make <filename>ui-lovelace.yaml</filename> writable.
|
Whether to make <filename>ui-lovelace.yaml</filename> writable.
|
||||||
This only has an effect if <option>lovelaceConfig</option> is set.
|
|
||||||
This will allow you to edit it from Home Assistant's web interface.
|
This will allow you to edit it from Home Assistant's web interface.
|
||||||
|
|
||||||
|
This only has an effect if <option>lovelaceConfig</option> is set.
|
||||||
However, bear in mind that it will be overwritten at every start of the service.
|
However, bear in mind that it will be overwritten at every start of the service.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -201,11 +337,18 @@ in {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
pkgs.home-assistant.override {
|
pkgs.home-assistant.override {
|
||||||
extraPackages = ps: with ps; [ colorlog ];
|
extraPackages = python3Packages: with python3Packages; [
|
||||||
|
psycopg2
|
||||||
|
];
|
||||||
|
extraComponents = [
|
||||||
|
"default_config"
|
||||||
|
"esphome"
|
||||||
|
"met"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
Home Assistant package to use. By default the tests are disabled, as they take a considerable amout of time to complete.
|
The Home Assistant package to use.
|
||||||
Override <literal>extraPackages</literal> or <literal>extraComponents</literal> in order to add additional dependencies.
|
Override <literal>extraPackages</literal> or <literal>extraComponents</literal> in order to add additional dependencies.
|
||||||
If you specify <option>config</option> and do not set <option>autoExtraComponents</option>
|
If you specify <option>config</option> and do not set <option>autoExtraComponents</option>
|
||||||
to <literal>false</literal>, overriding <literal>extraComponents</literal> will have no effect.
|
to <literal>false</literal>, overriding <literal>extraComponents</literal> will have no effect.
|
||||||
|
@ -213,21 +356,6 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
autoExtraComponents = mkOption {
|
|
||||||
default = true;
|
|
||||||
type = types.bool;
|
|
||||||
description = ''
|
|
||||||
If set to <literal>true</literal>, the components used in <literal>config</literal>
|
|
||||||
are set as the specified package's <literal>extraComponents</literal>.
|
|
||||||
This in turn adds all packaged dependencies to the derivation.
|
|
||||||
You might still see import errors in your log.
|
|
||||||
In this case, you will need to package the necessary dependencies yourself
|
|
||||||
or ask for someone else to package them.
|
|
||||||
If a dependency is packaged but not automatically added to this list,
|
|
||||||
you might need to specify it in <literal>extraPackages</literal>.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -240,18 +368,30 @@ in {
|
||||||
|
|
||||||
systemd.services.home-assistant = {
|
systemd.services.home-assistant = {
|
||||||
description = "Home Assistant";
|
description = "Home Assistant";
|
||||||
after = [ "network.target" ];
|
after = [
|
||||||
preStart = optionalString (cfg.config != null) (if cfg.configWritable then ''
|
"network-online.target"
|
||||||
|
|
||||||
|
# prevent races with database creation
|
||||||
|
"mysql.service"
|
||||||
|
"postgresql.service"
|
||||||
|
];
|
||||||
|
preStart = let
|
||||||
|
copyConfig = if cfg.configWritable then ''
|
||||||
cp --no-preserve=mode ${configFile} "${cfg.configDir}/configuration.yaml"
|
cp --no-preserve=mode ${configFile} "${cfg.configDir}/configuration.yaml"
|
||||||
'' else ''
|
'' else ''
|
||||||
rm -f "${cfg.configDir}/configuration.yaml"
|
rm -f "${cfg.configDir}/configuration.yaml"
|
||||||
ln -s ${configFile} "${cfg.configDir}/configuration.yaml"
|
ln -s ${configFile} "${cfg.configDir}/configuration.yaml"
|
||||||
'') + optionalString (cfg.lovelaceConfig != null) (if cfg.lovelaceConfigWritable then ''
|
'';
|
||||||
|
copyLovelaceConfig = if cfg.lovelaceConfigWritable then ''
|
||||||
cp --no-preserve=mode ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
|
cp --no-preserve=mode ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
|
||||||
'' else ''
|
'' else ''
|
||||||
rm -f "${cfg.configDir}/ui-lovelace.yaml"
|
rm -f "${cfg.configDir}/ui-lovelace.yaml"
|
||||||
ln -s ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
|
ln -s ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
|
||||||
'');
|
'';
|
||||||
|
in
|
||||||
|
(optionalString (cfg.config != null) copyConfig) +
|
||||||
|
(optionalString (cfg.lovelaceConfig != null) copyLovelaceConfig)
|
||||||
|
;
|
||||||
serviceConfig = let
|
serviceConfig = let
|
||||||
# List of capabilities to equip home-assistant with, depending on configured components
|
# List of capabilities to equip home-assistant with, depending on configured components
|
||||||
capabilities = [
|
capabilities = [
|
|
@ -98,7 +98,7 @@
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
To use the Antispam Module, add <package>matrix-synapse-plugins.matrix-synapse-mjolnir-antispam</package>
|
To use the Antispam Module, add <package>matrix-synapse-plugins.matrix-synapse-mjolnir-antispam</package>
|
||||||
to the Synapse plugin list and enable the <literal>mjolnir.AntiSpam</literal> module.
|
to the Synapse plugin list and enable the <literal>mjolnir.Module</literal> module.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{
|
{
|
||||||
|
@ -108,7 +108,7 @@
|
||||||
];
|
];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
modules:
|
modules:
|
||||||
- module: mjolnir.AntiSpam
|
- module: mjolnir.Module
|
||||||
config:
|
config:
|
||||||
# Prevent servers/users in the ban lists from inviting users on this
|
# Prevent servers/users in the ban lists from inviting users on this
|
||||||
# server to rooms. Default true.
|
# server to rooms. Default true.
|
||||||
|
|
|
@ -39,9 +39,11 @@ in {
|
||||||
default = "127.0.0.1";
|
default = "127.0.0.1";
|
||||||
description = ''
|
description = ''
|
||||||
The host name or IP address on which to bind Airsonic.
|
The host name or IP address on which to bind Airsonic.
|
||||||
Only relevant if you have multiple network interfaces and want
|
The default value is appropriate for first launch, when the
|
||||||
to make Airsonic available on only one of them. The default value
|
default credentials are easy to guess. It is also appropriate
|
||||||
will bind Airsonic to all available network interfaces.
|
if you intend to use the virtualhost option in the service
|
||||||
|
module. In other cases, you may want to change this to a
|
||||||
|
specific IP or 0.0.0.0 to listen on all interfaces.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,7 @@ let
|
||||||
redis = {
|
redis = {
|
||||||
bin = "${pkgs.redis}/bin/redis-cli";
|
bin = "${pkgs.redis}/bin/redis-cli";
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = 6379;
|
port = config.services.redis.servers.gitlab.port;
|
||||||
database = 0;
|
database = 0;
|
||||||
namespace = "resque:gitlab";
|
namespace = "resque:gitlab";
|
||||||
};
|
};
|
||||||
|
@ -450,7 +450,8 @@ in {
|
||||||
|
|
||||||
redisUrl = mkOption {
|
redisUrl = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "redis://localhost:6379/";
|
default = "redis://localhost:${toString config.services.redis.servers.gitlab.port}/";
|
||||||
|
defaultText = literalExpression ''redis://localhost:''${toString config.services.redis.servers.gitlab.port}/'';
|
||||||
description = "Redis URL for all GitLab services except gitlab-shell";
|
description = "Redis URL for all GitLab services except gitlab-shell";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -961,7 +962,11 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# Redis is required for the sidekiq queue runner.
|
# Redis is required for the sidekiq queue runner.
|
||||||
services.redis.enable = mkDefault true;
|
services.redis.servers.gitlab = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
port = mkDefault 31636;
|
||||||
|
bind = mkDefault "127.0.0.1";
|
||||||
|
};
|
||||||
|
|
||||||
# We use postgres as the main data store.
|
# We use postgres as the main data store.
|
||||||
services.postgresql = optionalAttrs databaseActuallyCreateLocally {
|
services.postgresql = optionalAttrs databaseActuallyCreateLocally {
|
||||||
|
@ -1249,13 +1254,13 @@ in {
|
||||||
systemd.services.gitlab-sidekiq = {
|
systemd.services.gitlab-sidekiq = {
|
||||||
after = [
|
after = [
|
||||||
"network.target"
|
"network.target"
|
||||||
"redis.service"
|
"redis-gitlab.service"
|
||||||
"postgresql.service"
|
"postgresql.service"
|
||||||
"gitlab-config.service"
|
"gitlab-config.service"
|
||||||
"gitlab-db-config.service"
|
"gitlab-db-config.service"
|
||||||
];
|
];
|
||||||
bindsTo = [
|
bindsTo = [
|
||||||
"redis.service"
|
"redis-gitlab.service"
|
||||||
"gitlab-config.service"
|
"gitlab-config.service"
|
||||||
"gitlab-db-config.service"
|
"gitlab-db-config.service"
|
||||||
] ++ optional (cfg.databaseHost == "") "postgresql.service";
|
] ++ optional (cfg.databaseHost == "") "postgresql.service";
|
||||||
|
@ -1370,7 +1375,7 @@ in {
|
||||||
|
|
||||||
systemd.services.gitlab-mailroom = mkIf (gitlabConfig.production.incoming_email.enabled or false) {
|
systemd.services.gitlab-mailroom = mkIf (gitlabConfig.production.incoming_email.enabled or false) {
|
||||||
description = "GitLab incoming mail daemon";
|
description = "GitLab incoming mail daemon";
|
||||||
after = [ "network.target" "redis.service" "gitlab-config.service" ];
|
after = [ "network.target" "redis-gitlab.service" "gitlab-config.service" ];
|
||||||
bindsTo = [ "gitlab-config.service" ];
|
bindsTo = [ "gitlab-config.service" ];
|
||||||
wantedBy = [ "gitlab.target" ];
|
wantedBy = [ "gitlab.target" ];
|
||||||
partOf = [ "gitlab.target" ];
|
partOf = [ "gitlab.target" ];
|
||||||
|
@ -1391,12 +1396,12 @@ in {
|
||||||
after = [
|
after = [
|
||||||
"gitlab-workhorse.service"
|
"gitlab-workhorse.service"
|
||||||
"network.target"
|
"network.target"
|
||||||
"redis.service"
|
"redis-gitlab.service"
|
||||||
"gitlab-config.service"
|
"gitlab-config.service"
|
||||||
"gitlab-db-config.service"
|
"gitlab-db-config.service"
|
||||||
];
|
];
|
||||||
bindsTo = [
|
bindsTo = [
|
||||||
"redis.service"
|
"redis-gitlab.service"
|
||||||
"gitlab-config.service"
|
"gitlab-config.service"
|
||||||
"gitlab-db-config.service"
|
"gitlab-db-config.service"
|
||||||
] ++ optional (cfg.databaseHost == "") "postgresql.service";
|
] ++ optional (cfg.databaseHost == "") "postgresql.service";
|
||||||
|
|
29
third_party/nixpkgs/nixos/modules/services/misc/input-remapper.nix
vendored
Normal file
29
third_party/nixpkgs/nixos/modules/services/misc/input-remapper.nix
vendored
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let cfg = config.services.input-remapper; in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.input-remapper = {
|
||||||
|
enable = mkEnableOption "input-remapper, an easy to use tool to change the mapping of your input device buttons.";
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.input-remapper;
|
||||||
|
defaultText = literalExpression "pkgs.input-remapper";
|
||||||
|
description = ''
|
||||||
|
The input-remapper package to use.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
# FIXME: udev rule hangs sometimes when lots of devices connected, so let's not use it
|
||||||
|
# config.services.udev.packages = mapper-pkg;
|
||||||
|
services.dbus.packages = cfg.package;
|
||||||
|
systemd.packages = cfg.package;
|
||||||
|
environment.systemPackages = cfg.package;
|
||||||
|
systemd.services.input-remapper.wantedBy = [ "graphical.target" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -6,7 +6,7 @@ let
|
||||||
cfg = config.services.mbpfan;
|
cfg = config.services.mbpfan;
|
||||||
verbose = if cfg.verbose then "v" else "";
|
verbose = if cfg.verbose then "v" else "";
|
||||||
settingsFormat = pkgs.formats.ini {};
|
settingsFormat = pkgs.formats.ini {};
|
||||||
settingsFile = settingsFormat.generate "config.conf" cfg.settings;
|
settingsFile = settingsFormat.generate "mbpfan.ini" cfg.settings;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options.services.mbpfan = {
|
options.services.mbpfan = {
|
||||||
|
@ -36,29 +36,35 @@ in {
|
||||||
freeformType = settingsFormat.type;
|
freeformType = settingsFormat.type;
|
||||||
|
|
||||||
options.general.min_fan1_speed = mkOption {
|
options.general.min_fan1_speed = mkOption {
|
||||||
type = types.int;
|
type = types.nullOr types.int;
|
||||||
default = 2000;
|
default = 2000;
|
||||||
description = "The minimum fan speed.";
|
description = ''
|
||||||
|
The minimum fan speed. Setting to null enables automatic detection.
|
||||||
|
Check minimum fan limits with "cat /sys/devices/platform/applesmc.768/fan*_min".
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
options.general.max_fan1_speed = mkOption {
|
options.general.max_fan1_speed = mkOption {
|
||||||
type = types.int;
|
type = types.nullOr types.int;
|
||||||
default = 6199;
|
default = 6199;
|
||||||
description = "The maximum fan speed.";
|
description = ''
|
||||||
|
The maximum fan speed. Setting to null enables automatic detection.
|
||||||
|
Check maximum fan limits with "cat /sys/devices/platform/applesmc.768/fan*_max".
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
options.general.low_temp = mkOption {
|
options.general.low_temp = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 55;
|
default = 55;
|
||||||
description = "The low temperature.";
|
description = "Temperature below which fan speed will be at minimum. Try ranges 55-63.";
|
||||||
};
|
};
|
||||||
options.general.high_temp = mkOption {
|
options.general.high_temp = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 58;
|
default = 58;
|
||||||
description = "The high temperature.";
|
description = "Fan will increase speed when higher than this temperature. Try ranges 58-66.";
|
||||||
};
|
};
|
||||||
options.general.max_temp = mkOption {
|
options.general.max_temp = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 86;
|
default = 86;
|
||||||
description = "The maximum temperature.";
|
description = "Fan will run at full speed above this temperature. Do not set it > 90.";
|
||||||
};
|
};
|
||||||
options.general.polling_interval = mkOption {
|
options.general.polling_interval = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
|
|
|
@ -366,6 +366,7 @@ in {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig.ExecStart = "${binaryCommand} --port ${toString cfg.port} ${interfaceFlag} ${configFlag} --home ${cfg.dataDir}";
|
serviceConfig.ExecStart = "${binaryCommand} --port ${toString cfg.port} ${interfaceFlag} ${configFlag} --home ${cfg.dataDir}";
|
||||||
serviceConfig.User = cfg.user;
|
serviceConfig.User = cfg.user;
|
||||||
|
serviceConfig.Group = cfg.group;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups = optionalAttrs (cfg.group == "mediatomb") {
|
users.groups = optionalAttrs (cfg.group == "mediatomb") {
|
||||||
|
|
|
@ -680,7 +680,7 @@ in
|
||||||
(if machine.sshKey != null then machine.sshKey else "-")
|
(if machine.sshKey != null then machine.sshKey else "-")
|
||||||
(toString machine.maxJobs)
|
(toString machine.maxJobs)
|
||||||
(toString machine.speedFactor)
|
(toString machine.speedFactor)
|
||||||
(concatStringsSep "," machine.supportedFeatures)
|
(concatStringsSep "," (machine.supportedFeatures ++ machine.mandatoryFeatures))
|
||||||
(concatStringsSep "," machine.mandatoryFeatures)
|
(concatStringsSep "," machine.mandatoryFeatures)
|
||||||
]
|
]
|
||||||
++ optional (isNixAtLeast "2.4pre") (if machine.publicHostKey != null then machine.publicHostKey else "-")))
|
++ optional (isNixAtLeast "2.4pre") (if machine.publicHostKey != null then machine.publicHostKey else "-")))
|
||||||
|
|
|
@ -6,12 +6,18 @@ let
|
||||||
|
|
||||||
defaultUser = "paperless";
|
defaultUser = "paperless";
|
||||||
|
|
||||||
|
hasCustomRedis = hasAttr "PAPERLESS_REDIS" cfg.extraConfig;
|
||||||
|
|
||||||
env = {
|
env = {
|
||||||
PAPERLESS_DATA_DIR = cfg.dataDir;
|
PAPERLESS_DATA_DIR = cfg.dataDir;
|
||||||
PAPERLESS_MEDIA_ROOT = cfg.mediaDir;
|
PAPERLESS_MEDIA_ROOT = cfg.mediaDir;
|
||||||
PAPERLESS_CONSUMPTION_DIR = cfg.consumptionDir;
|
PAPERLESS_CONSUMPTION_DIR = cfg.consumptionDir;
|
||||||
GUNICORN_CMD_ARGS = "--bind=${cfg.address}:${toString cfg.port}";
|
GUNICORN_CMD_ARGS = "--bind=${cfg.address}:${toString cfg.port}";
|
||||||
} // lib.mapAttrs (_: toString) cfg.extraConfig;
|
} // (
|
||||||
|
lib.mapAttrs (_: toString) cfg.extraConfig
|
||||||
|
) // (optionalAttrs (!hasCustomRedis) {
|
||||||
|
PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless-ng.unixSocket}";
|
||||||
|
});
|
||||||
|
|
||||||
manage = let
|
manage = let
|
||||||
setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env);
|
setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env);
|
||||||
|
@ -30,7 +36,7 @@ let
|
||||||
"-/etc/hosts"
|
"-/etc/hosts"
|
||||||
"-/etc/localtime"
|
"-/etc/localtime"
|
||||||
"-/run/postgresql"
|
"-/run/postgresql"
|
||||||
];
|
] ++ (optional (!hasCustomRedis) config.services.redis.servers.paperless-ng.unixSocket);
|
||||||
BindPaths = [
|
BindPaths = [
|
||||||
cfg.consumptionDir
|
cfg.consumptionDir
|
||||||
cfg.dataDir
|
cfg.dataDir
|
||||||
|
@ -44,8 +50,7 @@ let
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
PrivateMounts = true;
|
PrivateMounts = true;
|
||||||
# Needs to connect to redis
|
PrivateNetwork = true;
|
||||||
# PrivateNetwork = true;
|
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
PrivateUsers = true;
|
PrivateUsers = true;
|
||||||
ProcSubset = "pid";
|
ProcSubset = "pid";
|
||||||
|
@ -65,6 +70,7 @@ let
|
||||||
RestrictNamespaces = true;
|
RestrictNamespaces = true;
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
RestrictSUIDSGID = true;
|
RestrictSUIDSGID = true;
|
||||||
|
SupplementaryGroups = optional (!hasCustomRedis) config.services.redis.servers.paperless-ng.user;
|
||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
|
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
|
||||||
# Does not work well with the temporary root
|
# Does not work well with the temporary root
|
||||||
|
@ -190,7 +196,7 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Enable redis if no special url is set
|
# Enable redis if no special url is set
|
||||||
services.redis.enable = mkIf (!hasAttr "PAPERLESS_REDIS" env) true;
|
services.redis.servers.paperless-ng.enable = mkIf (!hasCustomRedis) true;
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
|
"d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
|
||||||
|
@ -234,6 +240,8 @@ in
|
||||||
echo "$superuserState" > "$superuserStateFile"
|
echo "$superuserState" > "$superuserStateFile"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
} // optionalAttrs (!hasCustomRedis) {
|
||||||
|
after = [ "redis-paperless-ng.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Password copying can't be implemented as a privileged preStart script
|
# Password copying can't be implemented as a privileged preStart script
|
||||||
|
@ -248,6 +256,8 @@ in
|
||||||
'${cfg.passwordFile}' '${cfg.dataDir}/superuser-password'
|
'${cfg.passwordFile}' '${cfg.dataDir}/superuser-password'
|
||||||
'';
|
'';
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
|
# Needs to talk to mail server for automated import rules
|
||||||
|
PrivateNetwork = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -279,6 +289,8 @@ in
|
||||||
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
|
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
|
||||||
# gunicorn needs setuid
|
# gunicorn needs setuid
|
||||||
SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "@setuid" ];
|
SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "@setuid" ];
|
||||||
|
# Needs to serve web page
|
||||||
|
PrivateNetwork = false;
|
||||||
};
|
};
|
||||||
environment = env // {
|
environment = env // {
|
||||||
PATH = mkForce cfg.package.path;
|
PATH = mkForce cfg.package.path;
|
||||||
|
|
147
third_party/nixpkgs/nixos/modules/services/misc/rmfakecloud.nix
vendored
Normal file
147
third_party/nixpkgs/nixos/modules/services/misc/rmfakecloud.nix
vendored
Normal file
|
@ -0,0 +1,147 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.rmfakecloud;
|
||||||
|
serviceDataDir = "/var/lib/rmfakecloud";
|
||||||
|
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
services.rmfakecloud = {
|
||||||
|
enable = mkEnableOption "rmfakecloud remarkable self-hosted cloud";
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.rmfakecloud;
|
||||||
|
defaultText = literalExpression "pkgs.rmfakecloud";
|
||||||
|
description = ''
|
||||||
|
rmfakecloud package to use.
|
||||||
|
|
||||||
|
The default does not include the web user interface.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
storageUrl = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "https://local.appspot.com";
|
||||||
|
description = ''
|
||||||
|
URL used by the tablet to access the rmfakecloud service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 3000;
|
||||||
|
description = ''
|
||||||
|
Listening port number.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
logLevel = mkOption {
|
||||||
|
type = types.enum [ "info" "debug" "warn" "error" ];
|
||||||
|
default = "info";
|
||||||
|
description = ''
|
||||||
|
Logging level.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraSettings = mkOption {
|
||||||
|
type = with types; attrsOf str;
|
||||||
|
default = { };
|
||||||
|
example = { DATADIR = "/custom/path/for/rmfakecloud/data"; };
|
||||||
|
description = ''
|
||||||
|
Extra settings in the form of a set of key-value pairs.
|
||||||
|
For tokens and secrets, use `environmentFile` instead.
|
||||||
|
|
||||||
|
Available settings are listed on
|
||||||
|
https://ddvk.github.io/rmfakecloud/install/configuration/.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environmentFile = mkOption {
|
||||||
|
type = with types; nullOr path;
|
||||||
|
default = null;
|
||||||
|
example = "/etc/secrets/rmfakecloud.env";
|
||||||
|
description = ''
|
||||||
|
Path to an environment file loaded for the rmfakecloud service.
|
||||||
|
|
||||||
|
This can be used to securely store tokens and secrets outside of the
|
||||||
|
world-readable Nix store. Since this file is read by systemd, it may
|
||||||
|
have permission 0400 and be owned by root.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.rmfakecloud = {
|
||||||
|
description = "rmfakecloud remarkable self-hosted cloud";
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
STORAGE_URL = cfg.storageUrl;
|
||||||
|
PORT = toString cfg.port;
|
||||||
|
LOGLEVEL = cfg.logLevel;
|
||||||
|
} // cfg.extraSettings;
|
||||||
|
|
||||||
|
preStart = ''
|
||||||
|
# Generate the secret key used to sign client session tokens.
|
||||||
|
# Replacing it invalidates the previously established sessions.
|
||||||
|
if [ -z "$JWT_SECRET_KEY" ] && [ ! -f jwt_secret_key ]; then
|
||||||
|
(umask 077; touch jwt_secret_key)
|
||||||
|
cat /dev/urandom | tr -cd '[:alnum:]' | head -c 48 >> jwt_secret_key
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
script = ''
|
||||||
|
if [ -z "$JWT_SECRET_KEY" ]; then
|
||||||
|
export JWT_SECRET_KEY="$(cat jwt_secret_key)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
${cfg.package}/bin/rmfakecloud
|
||||||
|
'';
|
||||||
|
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
wants = [ "network-online.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
|
|
||||||
|
EnvironmentFile =
|
||||||
|
mkIf (cfg.environmentFile != null) cfg.environmentFile;
|
||||||
|
|
||||||
|
AmbientCapabilities =
|
||||||
|
mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
|
||||||
|
|
||||||
|
DynamicUser = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
CapabilityBoundingSet = [ "" ];
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProcSubset = "pid";
|
||||||
|
RemoveIPC = true;
|
||||||
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
WorkingDirectory = serviceDataDir;
|
||||||
|
StateDirectory = baseNameOf serviceDataDir;
|
||||||
|
UMask = 0027;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with maintainers; [ pacien ];
|
||||||
|
}
|
40
third_party/nixpkgs/nixos/modules/services/networking/blocky.nix
vendored
Normal file
40
third_party/nixpkgs/nixos/modules/services/networking/blocky.nix
vendored
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.blocky;
|
||||||
|
|
||||||
|
format = pkgs.formats.yaml { };
|
||||||
|
configFile = format.generate "config.yaml" cfg.settings;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.blocky = {
|
||||||
|
enable = mkEnableOption "Fast and lightweight DNS proxy as ad-blocker for local network with many features";
|
||||||
|
|
||||||
|
settings = mkOption {
|
||||||
|
type = format.type;
|
||||||
|
default = { };
|
||||||
|
description = ''
|
||||||
|
Blocky configuration. Refer to
|
||||||
|
<link xlink:href="https://0xerr0r.github.io/blocky/configuration/"/>
|
||||||
|
for details on supported values.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.blocky = {
|
||||||
|
description = "A DNS proxy and ad-blocker for the local network";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
DynamicUser = true;
|
||||||
|
ExecStart = "${pkgs.blocky}/bin/blocky --config ${configFile}";
|
||||||
|
|
||||||
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -179,10 +179,6 @@ let
|
||||||
) cfg.allowedUDPPortRanges
|
) cfg.allowedUDPPortRanges
|
||||||
) allInterfaces)}
|
) allInterfaces)}
|
||||||
|
|
||||||
# Accept IPv4 multicast. Not a big security risk since
|
|
||||||
# probably nobody is listening anyway.
|
|
||||||
#iptables -A nixos-fw -d 224.0.0.0/4 -j nixos-fw-accept
|
|
||||||
|
|
||||||
# Optionally respond to ICMPv4 pings.
|
# Optionally respond to ICMPv4 pings.
|
||||||
${optionalString cfg.allowPing ''
|
${optionalString cfg.allowPing ''
|
||||||
iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null)
|
iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null)
|
||||||
|
@ -437,8 +433,6 @@ in
|
||||||
drop the packet if the source address is not reachable via any
|
drop the packet if the source address is not reachable via any
|
||||||
interface) or false. Defaults to the value of
|
interface) or false. Defaults to the value of
|
||||||
kernelHasRPFilter.
|
kernelHasRPFilter.
|
||||||
|
|
||||||
(needs kernel 3.3+)
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,87 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let cfg = config.services.gogoclient;
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
|
|
||||||
###### interface
|
|
||||||
|
|
||||||
options = {
|
|
||||||
services.gogoclient = {
|
|
||||||
enable = mkOption {
|
|
||||||
default = false;
|
|
||||||
type = types.bool;
|
|
||||||
description = ''
|
|
||||||
Enable the gogoCLIENT IPv6 tunnel.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
autorun = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = true;
|
|
||||||
description = ''
|
|
||||||
Whether to automatically start the tunnel.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
username = mkOption {
|
|
||||||
default = "";
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
Your Gateway6 login name, if any.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
password = mkOption {
|
|
||||||
default = "";
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
Path to a file (as a string), containing your gogoNET password, if any.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
server = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "anonymous.freenet6.net";
|
|
||||||
example = "broker.freenet6.net";
|
|
||||||
description = "The Gateway6 server to be used.";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
###### implementation
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
boot.kernelModules = [ "tun" ];
|
|
||||||
|
|
||||||
networking.enableIPv6 = true;
|
|
||||||
|
|
||||||
systemd.services.gogoclient = {
|
|
||||||
description = "ipv6 tunnel";
|
|
||||||
|
|
||||||
after = [ "network.target" ];
|
|
||||||
requires = [ "network.target" ];
|
|
||||||
|
|
||||||
unitConfig.RequiresMountsFor = "/var/lib/gogoc";
|
|
||||||
|
|
||||||
script = let authMethod = if cfg.password == "" then "anonymous" else "any"; in ''
|
|
||||||
mkdir -p -m 700 /var/lib/gogoc
|
|
||||||
cat ${pkgs.gogoclient}/share/${pkgs.gogoclient.name}/gogoc.conf.sample | \
|
|
||||||
${pkgs.gnused}/bin/sed \
|
|
||||||
-e "s|^userid=|&${cfg.username}|" \
|
|
||||||
-e "s|^passwd=|&${optionalString (cfg.password != "") "$(cat ${cfg.password})"}|" \
|
|
||||||
-e "s|^server=.*|server=${cfg.server}|" \
|
|
||||||
-e "s|^auth_method=.*|auth_method=${authMethod}|" \
|
|
||||||
-e "s|^#log_file=|log_file=1|" > /var/lib/gogoc/gogoc.conf
|
|
||||||
cd /var/lib/gogoc
|
|
||||||
exec ${pkgs.gogoclient}/bin/gogoc -y -f /var/lib/gogoc/gogoc.conf
|
|
||||||
'';
|
|
||||||
} // optionalAttrs cfg.autorun {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -3,7 +3,7 @@
|
||||||
let
|
let
|
||||||
|
|
||||||
inherit (lib.options) literalExpression mkEnableOption mkOption;
|
inherit (lib.options) literalExpression mkEnableOption mkOption;
|
||||||
inherit (lib.types) bool enum ints lines attrsOf nullOr path str submodule;
|
inherit (lib.types) bool enum ints lines attrsOf nonEmptyStr nullOr path str submodule;
|
||||||
inherit (lib.modules) mkDefault mkIf mkMerge;
|
inherit (lib.modules) mkDefault mkIf mkMerge;
|
||||||
|
|
||||||
commonDescr = ''
|
commonDescr = ''
|
||||||
|
@ -17,8 +17,6 @@ let
|
||||||
configuration to yield an operational system.
|
configuration to yield an operational system.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
str1 = lib.types.addCheck str (s: s!=""); # non-empty string
|
|
||||||
|
|
||||||
configAttrType =
|
configAttrType =
|
||||||
# Options in HylaFAX configuration files can be
|
# Options in HylaFAX configuration files can be
|
||||||
# booleans, strings, integers, or list thereof
|
# booleans, strings, integers, or list thereof
|
||||||
|
@ -37,7 +35,7 @@ let
|
||||||
modemConfigOptions = { name, config, ... }: {
|
modemConfigOptions = { name, config, ... }: {
|
||||||
options = {
|
options = {
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = str1;
|
type = nonEmptyStr;
|
||||||
example = "ttyS1";
|
example = "ttyS1";
|
||||||
description = ''
|
description = ''
|
||||||
Name of modem device,
|
Name of modem device,
|
||||||
|
@ -45,7 +43,7 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
type = mkOption {
|
type = mkOption {
|
||||||
type = str1;
|
type = nonEmptyStr;
|
||||||
example = "cirrus";
|
example = "cirrus";
|
||||||
description = ''
|
description = ''
|
||||||
Name of modem configuration file,
|
Name of modem configuration file,
|
||||||
|
@ -135,14 +133,14 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
countryCode = mkOption {
|
countryCode = mkOption {
|
||||||
type = nullOr str1;
|
type = nullOr nonEmptyStr;
|
||||||
default = null;
|
default = null;
|
||||||
example = "49";
|
example = "49";
|
||||||
description = "Country code for server and all modems.";
|
description = "Country code for server and all modems.";
|
||||||
};
|
};
|
||||||
|
|
||||||
areaCode = mkOption {
|
areaCode = mkOption {
|
||||||
type = nullOr str1;
|
type = nullOr nonEmptyStr;
|
||||||
default = null;
|
default = null;
|
||||||
example = "30";
|
example = "30";
|
||||||
description = "Area code for server and all modems.";
|
description = "Area code for server and all modems.";
|
||||||
|
@ -279,7 +277,7 @@ in
|
||||||
each time the spooling area is initialized.
|
each time the spooling area is initialized.
|
||||||
'';
|
'';
|
||||||
faxcron.enable.frequency = mkOption {
|
faxcron.enable.frequency = mkOption {
|
||||||
type = nullOr str1;
|
type = nullOr nonEmptyStr;
|
||||||
default = null;
|
default = null;
|
||||||
example = "daily";
|
example = "daily";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -319,7 +317,7 @@ in
|
||||||
each time the spooling area is initialized.
|
each time the spooling area is initialized.
|
||||||
'';
|
'';
|
||||||
faxqclean.enable.frequency = mkOption {
|
faxqclean.enable.frequency = mkOption {
|
||||||
type = nullOr str1;
|
type = nullOr nonEmptyStr;
|
||||||
default = null;
|
default = null;
|
||||||
example = "daily";
|
example = "daily";
|
||||||
description = ''
|
description = ''
|
||||||
|
|
|
@ -242,21 +242,6 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
retain_attached_hw_handler = mkOption {
|
|
||||||
type = nullOr (enum [ "yes" "no" ]);
|
|
||||||
default = null; # real default: "yes"
|
|
||||||
description = ''
|
|
||||||
(Obsolete for kernels >= 4.3) If set to "yes" and the SCSI layer has
|
|
||||||
already attached a hardware_handler to the device, multipath will not
|
|
||||||
force the device to use the hardware_handler specified by mutipath.conf.
|
|
||||||
If the SCSI layer has not attached a hardware handler, multipath will
|
|
||||||
continue to use its configured hardware handler.
|
|
||||||
|
|
||||||
Important Note: Linux kernel 4.3 or newer always behaves as if
|
|
||||||
"retain_attached_hw_handler yes" was set.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
detect_prio = mkOption {
|
detect_prio = mkOption {
|
||||||
type = nullOr (enum [ "yes" "no" ]);
|
type = nullOr (enum [ "yes" "no" ]);
|
||||||
default = null; # real default: "yes"
|
default = null; # real default: "yes"
|
||||||
|
|
|
@ -6,7 +6,13 @@ let
|
||||||
|
|
||||||
cfg = config.services.ntopng;
|
cfg = config.services.ntopng;
|
||||||
opt = options.services.ntopng;
|
opt = options.services.ntopng;
|
||||||
redisCfg = config.services.redis;
|
|
||||||
|
createRedis = cfg.redis.createInstance != null;
|
||||||
|
redisService =
|
||||||
|
if cfg.redis.createInstance == "" then
|
||||||
|
"redis.service"
|
||||||
|
else
|
||||||
|
"redis-${cfg.redis.createInstance}.service";
|
||||||
|
|
||||||
configFile = if cfg.configText != "" then
|
configFile = if cfg.configText != "" then
|
||||||
pkgs.writeText "ntopng.conf" ''
|
pkgs.writeText "ntopng.conf" ''
|
||||||
|
@ -15,8 +21,10 @@ let
|
||||||
else
|
else
|
||||||
pkgs.writeText "ntopng.conf" ''
|
pkgs.writeText "ntopng.conf" ''
|
||||||
${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
|
${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
|
||||||
--http-port=${toString cfg.http-port}
|
--http-port=${toString cfg.httpPort}
|
||||||
--redis=localhost:${toString redisCfg.port}
|
--redis=${cfg.redis.address}
|
||||||
|
--data-dir=/var/lib/ntopng
|
||||||
|
--user=ntopng
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -24,6 +32,10 @@ in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkRenamedOptionModule [ "services" "ntopng" "http-port" ] [ "services" "ntopng" "httpPort" ])
|
||||||
|
];
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.ntopng = {
|
services.ntopng = {
|
||||||
|
@ -56,7 +68,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
http-port = mkOption {
|
httpPort = mkOption {
|
||||||
default = 3000;
|
default = 3000;
|
||||||
type = types.int;
|
type = types.int;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -64,6 +76,24 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
redis.address = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = literalExpression "config.services.redis.ntopng.unixSocket";
|
||||||
|
description = ''
|
||||||
|
Redis address - may be a Unix socket or a network host and port.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
redis.createInstance = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = if versionAtLeast config.system.stateVersion "22.05" then "ntopng" else "";
|
||||||
|
description = ''
|
||||||
|
Local Redis instance name. Set to <literal>null</literal> to disable
|
||||||
|
local Redis instance. Defaults to <literal>""</literal> for
|
||||||
|
<literal>system.stateVersion</literal> older than 22.05.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
configText = mkOption {
|
configText = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -95,23 +125,36 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
# ntopng uses redis for data storage
|
# ntopng uses redis for data storage
|
||||||
services.redis.enable = true;
|
services.ntopng.redis.address =
|
||||||
|
mkIf createRedis config.services.redis.servers.${cfg.redis.createInstance}.unixSocket;
|
||||||
|
|
||||||
|
services.redis.servers = mkIf createRedis {
|
||||||
|
${cfg.redis.createInstance} = {
|
||||||
|
enable = true;
|
||||||
|
user = mkIf (cfg.redis.createInstance == "ntopng") "ntopng";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# nice to have manual page and ntopng command in PATH
|
# nice to have manual page and ntopng command in PATH
|
||||||
environment.systemPackages = [ pkgs.ntopng ];
|
environment.systemPackages = [ pkgs.ntopng ];
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [ "d /var/lib/ntopng 0700 ntopng ntopng -" ];
|
||||||
|
|
||||||
systemd.services.ntopng = {
|
systemd.services.ntopng = {
|
||||||
description = "Ntopng Network Monitor";
|
description = "Ntopng Network Monitor";
|
||||||
requires = [ "redis.service" ];
|
requires = optional createRedis redisService;
|
||||||
after = [ "network.target" "redis.service" ];
|
after = [ "network.target" ] ++ optional createRedis redisService;
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = "mkdir -p /var/lib/ntopng/";
|
|
||||||
serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
|
serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
|
||||||
unitConfig.Documentation = "man:ntopng(8)";
|
unitConfig.Documentation = "man:ntopng(8)";
|
||||||
};
|
};
|
||||||
|
|
||||||
# ntopng drops priveleges to user "nobody" and that user is already defined
|
users.extraUsers.ntopng = {
|
||||||
# in users-groups.nix.
|
group = "ntopng";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.ntopng = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,9 @@ let
|
||||||
http_access deny all
|
http_access deny all
|
||||||
|
|
||||||
# Squid normally listens to port 3128
|
# Squid normally listens to port 3128
|
||||||
http_port ${toString cfg.proxyPort}
|
http_port ${
|
||||||
|
optionalString (cfg.proxyAddress != null) "${cfg.proxyAddress}:"
|
||||||
|
}${toString cfg.proxyPort}
|
||||||
|
|
||||||
# Leave coredumps in the first cache dir
|
# Leave coredumps in the first cache dir
|
||||||
coredump_dir /var/cache/squid
|
coredump_dir /var/cache/squid
|
||||||
|
@ -109,6 +111,12 @@ in
|
||||||
description = "Whether to run squid web proxy.";
|
description = "Whether to run squid web proxy.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
proxyAddress = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "IP address on which squid will listen.";
|
||||||
|
};
|
||||||
|
|
||||||
proxyPort = mkOption {
|
proxyPort = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 3128;
|
default = 3128;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, nixosTests, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.step-ca;
|
cfg = config.services.step-ca;
|
||||||
settingsFormat = (pkgs.formats.json { });
|
settingsFormat = (pkgs.formats.json { });
|
||||||
|
@ -82,8 +82,6 @@ in
|
||||||
});
|
});
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
passthru.tests.step-ca = nixosTests.step-ca;
|
|
||||||
|
|
||||||
assertions =
|
assertions =
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
|
|
|
@ -92,6 +92,7 @@ let
|
||||||
|
|
||||||
mastodonEnv = pkgs.writeShellScriptBin "mastodon-env" ''
|
mastodonEnv = pkgs.writeShellScriptBin "mastodon-env" ''
|
||||||
set -a
|
set -a
|
||||||
|
export RAILS_ROOT="${cfg.package}"
|
||||||
source "${envFile}"
|
source "${envFile}"
|
||||||
source /var/lib/mastodon/.secrets_env
|
source /var/lib/mastodon/.secrets_env
|
||||||
eval -- "\$@"
|
eval -- "\$@"
|
||||||
|
|
|
@ -192,6 +192,7 @@ in {
|
||||||
# Copy config folder
|
# Copy config folder
|
||||||
chmod g+s "${dataDir}"
|
chmod g+s "${dataDir}"
|
||||||
cp -r "${cfg.package}/share/config" "${dataDir}/"
|
cp -r "${cfg.package}/share/config" "${dataDir}/"
|
||||||
|
mkdir -p "${dataDir}/misc"
|
||||||
chmod -R u+rwX,g+rwX,o-rwx "${dataDir}"
|
chmod -R u+rwX,g+rwX,o-rwx "${dataDir}"
|
||||||
|
|
||||||
# check whether user setup has already been done
|
# check whether user setup has already been done
|
||||||
|
|
148
third_party/nixpkgs/nixos/modules/services/web-servers/agate.nix
vendored
Normal file
148
third_party/nixpkgs/nixos/modules/services/web-servers/agate.nix
vendored
Normal file
|
@ -0,0 +1,148 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.agate;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.agate = {
|
||||||
|
enable = mkEnableOption "Agate Server";
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.agate;
|
||||||
|
defaultText = literalExpression "pkgs.agate";
|
||||||
|
description = "The package to use";
|
||||||
|
};
|
||||||
|
|
||||||
|
addresses = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [ "0.0.0.0:1965" ];
|
||||||
|
description = ''
|
||||||
|
Addresses to listen on, IP:PORT, if you haven't disabled forwarding
|
||||||
|
only set IPv4.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
contentDir = mkOption {
|
||||||
|
default = "/var/lib/agate/content";
|
||||||
|
type = types.path;
|
||||||
|
description = "Root of the content directory.";
|
||||||
|
};
|
||||||
|
|
||||||
|
certificatesDir = mkOption {
|
||||||
|
default = "/var/lib/agate/certificates";
|
||||||
|
type = types.path;
|
||||||
|
description = "Root of the certificate directory.";
|
||||||
|
};
|
||||||
|
|
||||||
|
hostnames = mkOption {
|
||||||
|
default = [ ];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
description = ''
|
||||||
|
Domain name of this Gemini server, enables checking hostname and port
|
||||||
|
in requests. (multiple occurences means basic vhosts)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
language = mkOption {
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
description = "RFC 4646 Language code for text/gemini documents.";
|
||||||
|
};
|
||||||
|
|
||||||
|
onlyTls_1_3 = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = "Only use TLSv1.3 (default also allows TLSv1.2).";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraArgs = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [ "" ];
|
||||||
|
example = [ "--log-ip" ];
|
||||||
|
description = "Extra arguments to use running agate.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
# available for generating certs by hand
|
||||||
|
# it can be a bit arduous with openssl
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
systemd.services.agate = {
|
||||||
|
description = "Agate";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" "network-online.target" ];
|
||||||
|
|
||||||
|
script =
|
||||||
|
let
|
||||||
|
prefixKeyList = key: list: concatMap (v: [ key v ]) list;
|
||||||
|
addresses = prefixKeyList "--addr" cfg.addresses;
|
||||||
|
hostnames = prefixKeyList "--hostname" cfg.hostnames;
|
||||||
|
in
|
||||||
|
''
|
||||||
|
exec ${cfg.package}/bin/agate ${
|
||||||
|
escapeShellArgs (
|
||||||
|
[
|
||||||
|
"--content" "${cfg.contentDir}"
|
||||||
|
"--certs" "${cfg.certificatesDir}"
|
||||||
|
] ++
|
||||||
|
addresses ++
|
||||||
|
(optionals (cfg.hostnames != []) hostnames) ++
|
||||||
|
(optionals (cfg.language != null) [ "--lang" cfg.language ]) ++
|
||||||
|
(optionals cfg.onlyTls_1_3 [ "--only-tls13" ]) ++
|
||||||
|
(optionals (cfg.extraArgs != []) cfg.extraArgs)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "5s";
|
||||||
|
DynamicUser = true;
|
||||||
|
StateDirectory = "agate";
|
||||||
|
|
||||||
|
# Security options:
|
||||||
|
AmbientCapabilities = "";
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
|
||||||
|
# ProtectClock= adds DeviceAllow=char-rtc r
|
||||||
|
DeviceAllow = "";
|
||||||
|
|
||||||
|
LockPersonality = true;
|
||||||
|
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||||
|
RestrictRealtime = true;
|
||||||
|
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallErrorNumber = "EPERM";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"~@cpu-emulation"
|
||||||
|
"~@debug"
|
||||||
|
"~@keyring"
|
||||||
|
"~@memlock"
|
||||||
|
"~@obsolete"
|
||||||
|
"~@privileged"
|
||||||
|
"~@setuid"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,7 +5,7 @@ use warnings;
|
||||||
use Config::IniFiles;
|
use Config::IniFiles;
|
||||||
use File::Path qw(make_path);
|
use File::Path qw(make_path);
|
||||||
use File::Basename;
|
use File::Basename;
|
||||||
use File::Slurp;
|
use File::Slurp qw(read_file write_file edit_file);
|
||||||
use Net::DBus;
|
use Net::DBus;
|
||||||
use Sys::Syslog qw(:standard :macros);
|
use Sys::Syslog qw(:standard :macros);
|
||||||
use Cwd 'abs_path';
|
use Cwd 'abs_path';
|
||||||
|
@ -20,12 +20,19 @@ my $restartListFile = "/run/nixos/restart-list";
|
||||||
my $reloadListFile = "/run/nixos/reload-list";
|
my $reloadListFile = "/run/nixos/reload-list";
|
||||||
|
|
||||||
# Parse restart/reload requests by the activation script.
|
# Parse restart/reload requests by the activation script.
|
||||||
# Activation scripts may write newline-separated units to this
|
# Activation scripts may write newline-separated units to the restart
|
||||||
# file and switch-to-configuration will handle them. While
|
# file and switch-to-configuration will handle them. While
|
||||||
# `stopIfChanged = true` is ignored, switch-to-configuration will
|
# `stopIfChanged = true` is ignored, switch-to-configuration will
|
||||||
# handle `restartIfChanged = false` and `reloadIfChanged = true`.
|
# handle `restartIfChanged = false` and `reloadIfChanged = true`.
|
||||||
|
# This is the same as specifying a restart trigger in the NixOS module.
|
||||||
|
#
|
||||||
|
# The reload file asks the script to reload a unit. This is the same as
|
||||||
|
# specifying a reload trigger in the NixOS module and can be ignored if
|
||||||
|
# the unit is restarted in this activation.
|
||||||
my $restartByActivationFile = "/run/nixos/activation-restart-list";
|
my $restartByActivationFile = "/run/nixos/activation-restart-list";
|
||||||
|
my $reloadByActivationFile = "/run/nixos/activation-reload-list";
|
||||||
my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list";
|
my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list";
|
||||||
|
my $dryReloadByActivationFile = "/run/nixos/dry-activation-reload-list";
|
||||||
|
|
||||||
make_path("/run/nixos", { mode => oct(755) });
|
make_path("/run/nixos", { mode => oct(755) });
|
||||||
|
|
||||||
|
@ -131,6 +138,10 @@ sub parseSystemdIni {
|
||||||
|
|
||||||
# Copy over all sections
|
# Copy over all sections
|
||||||
foreach my $sectionName (keys %fileContents) {
|
foreach my $sectionName (keys %fileContents) {
|
||||||
|
if ($sectionName eq "Install") {
|
||||||
|
# Skip the [Install] section because it has no relevant keys for us
|
||||||
|
next;
|
||||||
|
}
|
||||||
# Copy over all keys
|
# Copy over all keys
|
||||||
foreach my $iniKey (keys %{$fileContents{$sectionName}}) {
|
foreach my $iniKey (keys %{$fileContents{$sectionName}}) {
|
||||||
# Ensure the value is an array so it's easier to work with
|
# Ensure the value is an array so it's easier to work with
|
||||||
|
@ -162,13 +173,18 @@ sub parseSystemdIni {
|
||||||
#
|
#
|
||||||
# If a directory with the same basename ending in .d exists next to the unit file, it will be
|
# If a directory with the same basename ending in .d exists next to the unit file, it will be
|
||||||
# assumed to contain override files which will be parsed as well and handled properly.
|
# assumed to contain override files which will be parsed as well and handled properly.
|
||||||
sub parseUnit {
|
sub parse_unit {
|
||||||
my ($unitPath) = @_;
|
my ($unit_path) = @_;
|
||||||
|
|
||||||
# Parse the main unit and all overrides
|
# Parse the main unit and all overrides
|
||||||
my %unitData;
|
my %unit_data;
|
||||||
parseSystemdIni(\%unitData, $_) for glob("${unitPath}{,.d/*.conf}");
|
# Replace \ with \\ so glob() still works with units that have a \ in them
|
||||||
return %unitData;
|
# Valid characters in unit names are ASCII letters, digits, ":", "-", "_", ".", and "\"
|
||||||
|
$unit_path =~ s/\\/\\\\/gmsx;
|
||||||
|
foreach (glob "${unit_path}{,.d/*.conf}") {
|
||||||
|
parseSystemdIni(\%unit_data, "$_")
|
||||||
|
}
|
||||||
|
return %unit_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Checks whether a specified boolean in a systemd unit is true
|
# Checks whether a specified boolean in a systemd unit is true
|
||||||
|
@ -192,16 +208,96 @@ sub recordUnit {
|
||||||
write_file($fn, { append => 1 }, "$unit\n") if $action ne "dry-activate";
|
write_file($fn, { append => 1 }, "$unit\n") if $action ne "dry-activate";
|
||||||
}
|
}
|
||||||
|
|
||||||
# As a fingerprint for determining whether a unit has changed, we use
|
# The opposite of recordUnit, removes a unit name from a file
|
||||||
# its absolute path. If it has an override file, we append *its*
|
sub unrecord_unit {
|
||||||
# absolute path as well.
|
my ($fn, $unit) = @_;
|
||||||
sub fingerprintUnit {
|
edit_file { s/^$unit\n//msx } $fn if $action ne "dry-activate";
|
||||||
my ($s) = @_;
|
}
|
||||||
return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : "");
|
|
||||||
|
# Compare the contents of two unit files and return whether the unit
|
||||||
|
# needs to be restarted or reloaded. If the units differ, the service
|
||||||
|
# is restarted unless the only difference is `X-Reload-Triggers` in the
|
||||||
|
# `Unit` section. If this is the only modification, the unit is reloaded
|
||||||
|
# instead of restarted.
|
||||||
|
# Returns:
|
||||||
|
# - 0 if the units are equal
|
||||||
|
# - 1 if the units are different and a restart action is required
|
||||||
|
# - 2 if the units are different and a reload action is required
|
||||||
|
sub compare_units {
|
||||||
|
my ($old_unit, $new_unit) = @_;
|
||||||
|
my $ret = 0;
|
||||||
|
|
||||||
|
my $comp_array = sub {
|
||||||
|
my ($a, $b) = @_;
|
||||||
|
return join("\0", @{$a}) eq join("\0", @{$b});
|
||||||
|
};
|
||||||
|
|
||||||
|
# Comparison hash for the sections
|
||||||
|
my %section_cmp = map { $_ => 1 } keys %{$new_unit};
|
||||||
|
# Iterate over the sections
|
||||||
|
foreach my $section_name (keys %{$old_unit}) {
|
||||||
|
# Missing section in the new unit?
|
||||||
|
if (not exists $section_cmp{$section_name}) {
|
||||||
|
if ($section_name eq 'Unit' and %{$old_unit->{'Unit'}} == 1 and defined(%{$old_unit->{'Unit'}}{'X-Reload-Triggers'})) {
|
||||||
|
# If a new [Unit] section was removed that only contained X-Reload-Triggers,
|
||||||
|
# do nothing.
|
||||||
|
next;
|
||||||
|
} else {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
delete $section_cmp{$section_name};
|
||||||
|
# Comparison hash for the section contents
|
||||||
|
my %ini_cmp = map { $_ => 1 } keys %{$new_unit->{$section_name}};
|
||||||
|
# Iterate over the keys of the section
|
||||||
|
foreach my $ini_key (keys %{$old_unit->{$section_name}}) {
|
||||||
|
delete $ini_cmp{$ini_key};
|
||||||
|
my @old_value = @{$old_unit->{$section_name}{$ini_key}};
|
||||||
|
# If the key is missing in the new unit, they are different...
|
||||||
|
if (not $new_unit->{$section_name}{$ini_key}) {
|
||||||
|
# ... unless the key that is now missing was the reload trigger
|
||||||
|
if ($section_name eq 'Unit' and $ini_key eq 'X-Reload-Triggers') {
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
my @new_value = @{$new_unit->{$section_name}{$ini_key}};
|
||||||
|
# If the contents are different, the units are different
|
||||||
|
if (not $comp_array->(\@old_value, \@new_value)) {
|
||||||
|
# Check if only the reload triggers changed
|
||||||
|
if ($section_name eq 'Unit' and $ini_key eq 'X-Reload-Triggers') {
|
||||||
|
$ret = 2;
|
||||||
|
} else {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# A key was introduced that was missing in the old unit
|
||||||
|
if (%ini_cmp) {
|
||||||
|
if ($section_name eq 'Unit' and %ini_cmp == 1 and defined($ini_cmp{'X-Reload-Triggers'})) {
|
||||||
|
# If the newly introduced key was the reload triggers, reload the unit
|
||||||
|
$ret = 2;
|
||||||
|
} else {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
# A section was introduced that was missing in the old unit
|
||||||
|
if (%section_cmp) {
|
||||||
|
if (%section_cmp == 1 and defined($section_cmp{'Unit'}) and %{$new_unit->{'Unit'}} == 1 and defined(%{$new_unit->{'Unit'}}{'X-Reload-Triggers'})) {
|
||||||
|
# If a new [Unit] section was introduced that only contains X-Reload-Triggers,
|
||||||
|
# reload instead of restarting
|
||||||
|
$ret = 2;
|
||||||
|
} else {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub handleModifiedUnit {
|
sub handleModifiedUnit {
|
||||||
my ($unit, $baseName, $newUnitFile, $activePrev, $unitsToStop, $unitsToStart, $unitsToReload, $unitsToRestart, $unitsToSkip) = @_;
|
my ($unit, $baseName, $newUnitFile, $newUnitInfo, $activePrev, $unitsToStop, $unitsToStart, $unitsToReload, $unitsToRestart, $unitsToSkip) = @_;
|
||||||
|
|
||||||
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.path$/ || $unit =~ /\.slice$/) {
|
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.path$/ || $unit =~ /\.slice$/) {
|
||||||
# Do nothing. These cannot be restarted directly.
|
# Do nothing. These cannot be restarted directly.
|
||||||
|
@ -219,8 +315,8 @@ sub handleModifiedUnit {
|
||||||
# Revert of the attempt: https://github.com/NixOS/nixpkgs/pull/147609
|
# Revert of the attempt: https://github.com/NixOS/nixpkgs/pull/147609
|
||||||
# More details: https://github.com/NixOS/nixpkgs/issues/74899#issuecomment-981142430
|
# More details: https://github.com/NixOS/nixpkgs/issues/74899#issuecomment-981142430
|
||||||
} else {
|
} else {
|
||||||
my %unitInfo = parseUnit($newUnitFile);
|
my %unitInfo = $newUnitInfo ? %{$newUnitInfo} : parse_unit($newUnitFile);
|
||||||
if (parseSystemdBool(\%unitInfo, "Service", "X-ReloadIfChanged", 0)) {
|
if (parseSystemdBool(\%unitInfo, "Service", "X-ReloadIfChanged", 0) and not $unitsToRestart->{$unit} and not $unitsToStop->{$unit}) {
|
||||||
$unitsToReload->{$unit} = 1;
|
$unitsToReload->{$unit} = 1;
|
||||||
recordUnit($reloadListFile, $unit);
|
recordUnit($reloadListFile, $unit);
|
||||||
}
|
}
|
||||||
|
@ -234,6 +330,11 @@ sub handleModifiedUnit {
|
||||||
# stopped and started.
|
# stopped and started.
|
||||||
$unitsToRestart->{$unit} = 1;
|
$unitsToRestart->{$unit} = 1;
|
||||||
recordUnit($restartListFile, $unit);
|
recordUnit($restartListFile, $unit);
|
||||||
|
# Remove from units to reload so we don't restart and reload
|
||||||
|
if ($unitsToReload->{$unit}) {
|
||||||
|
delete $unitsToReload->{$unit};
|
||||||
|
unrecord_unit($reloadListFile, $unit);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
# If this unit is socket-activated, then stop the
|
# If this unit is socket-activated, then stop the
|
||||||
# socket unit(s) as well, and restart the
|
# socket unit(s) as well, and restart the
|
||||||
|
@ -254,6 +355,11 @@ sub handleModifiedUnit {
|
||||||
recordUnit($startListFile, $socket);
|
recordUnit($startListFile, $socket);
|
||||||
$socketActivated = 1;
|
$socketActivated = 1;
|
||||||
}
|
}
|
||||||
|
# Remove from units to reload so we don't restart and reload
|
||||||
|
if ($unitsToReload->{$unit}) {
|
||||||
|
delete $unitsToReload->{$unit};
|
||||||
|
unrecord_unit($reloadListFile, $unit);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -268,6 +374,11 @@ sub handleModifiedUnit {
|
||||||
}
|
}
|
||||||
|
|
||||||
$unitsToStop->{$unit} = 1;
|
$unitsToStop->{$unit} = 1;
|
||||||
|
# Remove from units to reload so we don't restart and reload
|
||||||
|
if ($unitsToReload->{$unit}) {
|
||||||
|
delete $unitsToReload->{$unit};
|
||||||
|
unrecord_unit($reloadListFile, $unit);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -306,12 +417,12 @@ while (my ($unit, $state) = each %{$activePrev}) {
|
||||||
|
|
||||||
if (-e $prevUnitFile && ($state->{state} eq "active" || $state->{state} eq "activating")) {
|
if (-e $prevUnitFile && ($state->{state} eq "active" || $state->{state} eq "activating")) {
|
||||||
if (! -e $newUnitFile || abs_path($newUnitFile) eq "/dev/null") {
|
if (! -e $newUnitFile || abs_path($newUnitFile) eq "/dev/null") {
|
||||||
my %unitInfo = parseUnit($prevUnitFile);
|
my %unitInfo = parse_unit($prevUnitFile);
|
||||||
$unitsToStop{$unit} = 1 if parseSystemdBool(\%unitInfo, "Unit", "X-StopOnRemoval", 1);
|
$unitsToStop{$unit} = 1 if parseSystemdBool(\%unitInfo, "Unit", "X-StopOnRemoval", 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
elsif ($unit =~ /\.target$/) {
|
elsif ($unit =~ /\.target$/) {
|
||||||
my %unitInfo = parseUnit($newUnitFile);
|
my %unitInfo = parse_unit($newUnitFile);
|
||||||
|
|
||||||
# Cause all active target units to be restarted below.
|
# Cause all active target units to be restarted below.
|
||||||
# This should start most changed units we stop here as
|
# This should start most changed units we stop here as
|
||||||
|
@ -344,8 +455,16 @@ while (my ($unit, $state) = each %{$activePrev}) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) {
|
else {
|
||||||
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
my %old_unit_info = parse_unit($prevUnitFile);
|
||||||
|
my %new_unit_info = parse_unit($newUnitFile);
|
||||||
|
my $diff = compare_units(\%old_unit_info, \%new_unit_info);
|
||||||
|
if ($diff eq 1) {
|
||||||
|
handleModifiedUnit($unit, $baseName, $newUnitFile, \%new_unit_info, $activePrev, \%unitsToStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
||||||
|
} elsif ($diff eq 2 and not $unitsToRestart{$unit}) {
|
||||||
|
$unitsToReload{$unit} = 1;
|
||||||
|
recordUnit($reloadListFile, $unit);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -361,17 +480,6 @@ sub pathToUnitName {
|
||||||
return $escaped;
|
return $escaped;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub unique {
|
|
||||||
my %seen;
|
|
||||||
my @res;
|
|
||||||
foreach my $name (@_) {
|
|
||||||
next if $seen{$name};
|
|
||||||
$seen{$name} = 1;
|
|
||||||
push @res, $name;
|
|
||||||
}
|
|
||||||
return @res;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Compare the previous and new fstab to figure out which filesystems
|
# Compare the previous and new fstab to figure out which filesystems
|
||||||
# need a remount or need to be unmounted. New filesystems are mounted
|
# need a remount or need to be unmounted. New filesystems are mounted
|
||||||
# automatically by starting local-fs.target. FIXME: might be nicer if
|
# automatically by starting local-fs.target. FIXME: might be nicer if
|
||||||
|
@ -407,9 +515,13 @@ foreach my $device (keys %$prevSwaps) {
|
||||||
# "systemctl stop" here because systemd has lots of alias
|
# "systemctl stop" here because systemd has lots of alias
|
||||||
# units that prevent a stop from actually calling
|
# units that prevent a stop from actually calling
|
||||||
# "swapoff".
|
# "swapoff".
|
||||||
|
if ($action ne "dry-activate") {
|
||||||
|
print STDERR "would stop swap device: $device\n";
|
||||||
|
} else {
|
||||||
print STDERR "stopping swap device: $device\n";
|
print STDERR "stopping swap device: $device\n";
|
||||||
system("@utillinux@/sbin/swapoff", $device);
|
system("@utillinux@/sbin/swapoff", $device);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
# FIXME: update swap options (i.e. its priority).
|
# FIXME: update swap options (i.e. its priority).
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -469,10 +581,20 @@ if ($action eq "dry-activate") {
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
handleModifiedUnit($unit, $baseName, $newUnitFile, undef, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
||||||
}
|
}
|
||||||
unlink($dryRestartByActivationFile);
|
unlink($dryRestartByActivationFile);
|
||||||
|
|
||||||
|
foreach (split('\n', read_file($dryReloadByActivationFile, err_mode => 'quiet') // "")) {
|
||||||
|
my $unit = $_;
|
||||||
|
|
||||||
|
if (defined($activePrev->{$unit}) and not $unitsToRestart{$unit} and not $unitsToStop{$unit}) {
|
||||||
|
$unitsToReload{$unit} = 1;
|
||||||
|
recordUnit($reloadListFile, $unit);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
unlink($dryReloadByActivationFile);
|
||||||
|
|
||||||
print STDERR "would restart systemd\n" if $restartSystemd;
|
print STDERR "would restart systemd\n" if $restartSystemd;
|
||||||
print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n"
|
print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n"
|
||||||
if scalar(keys %unitsToReload) > 0;
|
if scalar(keys %unitsToReload) > 0;
|
||||||
|
@ -525,11 +647,22 @@ foreach (split('\n', read_file($restartByActivationFile, err_mode => 'quiet') //
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
handleModifiedUnit($unit, $baseName, $newUnitFile, undef, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
||||||
}
|
}
|
||||||
# We can remove the file now because it has been propagated to the other restart/reload files
|
# We can remove the file now because it has been propagated to the other restart/reload files
|
||||||
unlink($restartByActivationFile);
|
unlink($restartByActivationFile);
|
||||||
|
|
||||||
|
foreach (split('\n', read_file($reloadByActivationFile, err_mode => 'quiet') // "")) {
|
||||||
|
my $unit = $_;
|
||||||
|
|
||||||
|
if (defined($activePrev->{$unit}) and not $unitsToRestart{$unit} and not $unitsToStop{$unit}) {
|
||||||
|
$unitsToReload{$unit} = 1;
|
||||||
|
recordUnit($reloadListFile, $unit);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# We can remove the file now because it has been propagated to the other reload file
|
||||||
|
unlink($reloadByActivationFile);
|
||||||
|
|
||||||
# Restart systemd if necessary. Note that this is done using the
|
# Restart systemd if necessary. Note that this is done using the
|
||||||
# current version of systemd, just in case the new one has trouble
|
# current version of systemd, just in case the new one has trouble
|
||||||
# communicating with the running pid 1.
|
# communicating with the running pid 1.
|
||||||
|
|
|
@ -117,7 +117,7 @@ let
|
||||||
configurationName = config.boot.loader.grub.configurationName;
|
configurationName = config.boot.loader.grub.configurationName;
|
||||||
|
|
||||||
# Needed by switch-to-configuration.
|
# Needed by switch-to-configuration.
|
||||||
perl = pkgs.perl.withPackages (p: with p; [ FileSlurp NetDBus XMLParser XMLTwig ConfigIniFiles ]);
|
perl = pkgs.perl.withPackages (p: with p; [ ConfigIniFiles FileSlurp NetDBus ]);
|
||||||
};
|
};
|
||||||
|
|
||||||
# Handle assertions and warnings
|
# Handle assertions and warnings
|
||||||
|
|
|
@ -243,6 +243,8 @@ let
|
||||||
{ Requisite = toString config.requisite; }
|
{ Requisite = toString config.requisite; }
|
||||||
// optionalAttrs (config.restartTriggers != [])
|
// optionalAttrs (config.restartTriggers != [])
|
||||||
{ X-Restart-Triggers = toString config.restartTriggers; }
|
{ X-Restart-Triggers = toString config.restartTriggers; }
|
||||||
|
// optionalAttrs (config.reloadTriggers != [])
|
||||||
|
{ X-Reload-Triggers = toString config.reloadTriggers; }
|
||||||
// optionalAttrs (config.description != "") {
|
// optionalAttrs (config.description != "") {
|
||||||
Description = config.description; }
|
Description = config.description; }
|
||||||
// optionalAttrs (config.documentation != []) {
|
// optionalAttrs (config.documentation != []) {
|
||||||
|
@ -917,6 +919,9 @@ in
|
||||||
(optional hasDeprecated
|
(optional hasDeprecated
|
||||||
"Service '${name}.service' uses the attribute 'StartLimitInterval' in the Service section, which is deprecated. See https://github.com/NixOS/nixpkgs/issues/45786."
|
"Service '${name}.service' uses the attribute 'StartLimitInterval' in the Service section, which is deprecated. See https://github.com/NixOS/nixpkgs/issues/45786."
|
||||||
)
|
)
|
||||||
|
(optional (service.reloadIfChanged && service.reloadTriggers != [])
|
||||||
|
"Service '${name}.service' has both 'reloadIfChanged' and 'reloadTriggers' set. This is probably not what you want, because 'reloadTriggers' behave the same whay as 'restartTriggers' if 'reloadIfChanged' is set."
|
||||||
|
)
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cfg.services
|
cfg.services
|
||||||
|
|
|
@ -48,7 +48,12 @@ in
|
||||||
what = "tmpfs";
|
what = "tmpfs";
|
||||||
where = "/tmp";
|
where = "/tmp";
|
||||||
type = "tmpfs";
|
type = "tmpfs";
|
||||||
mountConfig.Options = [ "mode=1777" "strictatime" "rw" "nosuid" "nodev" "size=${toString cfg.tmpOnTmpfsSize}" ];
|
mountConfig.Options = concatStringsSep "," [ "mode=1777"
|
||||||
|
"strictatime"
|
||||||
|
"rw"
|
||||||
|
"nosuid"
|
||||||
|
"nodev"
|
||||||
|
"size=${toString cfg.tmpOnTmpfsSize}" ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1325,22 +1325,13 @@ in
|
||||||
val = tempaddrValues.${opt}.sysctl;
|
val = tempaddrValues.${opt}.sysctl;
|
||||||
in nameValuePair "net.ipv6.conf.${replaceChars ["."] ["/"] i.name}.use_tempaddr" val));
|
in nameValuePair "net.ipv6.conf.${replaceChars ["."] ["/"] i.name}.use_tempaddr" val));
|
||||||
|
|
||||||
# Capabilities won't work unless we have at-least a 4.3 Linux
|
security.wrappers = {
|
||||||
# kernel because we need the ambient capability
|
|
||||||
security.wrappers = if (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") then {
|
|
||||||
ping = {
|
ping = {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
capabilities = "cap_net_raw+p";
|
capabilities = "cap_net_raw+p";
|
||||||
source = "${pkgs.iputils.out}/bin/ping";
|
source = "${pkgs.iputils.out}/bin/ping";
|
||||||
};
|
};
|
||||||
} else {
|
|
||||||
ping = {
|
|
||||||
setuid = true;
|
|
||||||
owner = "root";
|
|
||||||
group = "root";
|
|
||||||
source = "${pkgs.iputils.out}/bin/ping";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
security.apparmor.policies."bin.ping".profile = lib.mkIf config.security.apparmor.policies."bin.ping".enable (lib.mkAfter ''
|
security.apparmor.policies."bin.ping".profile = lib.mkIf config.security.apparmor.policies."bin.ping".enable (lib.mkAfter ''
|
||||||
/run/wrappers/bin/ping {
|
/run/wrappers/bin/ping {
|
||||||
|
|
|
@ -53,6 +53,7 @@ in
|
||||||
virtualisation.containerd = {
|
virtualisation.containerd = {
|
||||||
args.config = toString containerdConfigChecked;
|
args.config = toString containerdConfigChecked;
|
||||||
settings = {
|
settings = {
|
||||||
|
version = 2;
|
||||||
plugins."io.containerd.grpc.v1.cri" = {
|
plugins."io.containerd.grpc.v1.cri" = {
|
||||||
containerd.snapshotter =
|
containerd.snapshotter =
|
||||||
lib.mkIf config.boot.zfs.enabled (lib.mkOptionDefault "zfs");
|
lib.mkIf config.boot.zfs.enabled (lib.mkOptionDefault "zfs");
|
||||||
|
|
|
@ -32,6 +32,7 @@ in
|
||||||
acme = handleTest ./acme.nix {};
|
acme = handleTest ./acme.nix {};
|
||||||
adguardhome = handleTest ./adguardhome.nix {};
|
adguardhome = handleTest ./adguardhome.nix {};
|
||||||
aesmd = handleTest ./aesmd.nix {};
|
aesmd = handleTest ./aesmd.nix {};
|
||||||
|
agate = handleTest ./web-servers/agate.nix {};
|
||||||
agda = handleTest ./agda.nix {};
|
agda = handleTest ./agda.nix {};
|
||||||
airsonic = handleTest ./airsonic.nix {};
|
airsonic = handleTest ./airsonic.nix {};
|
||||||
amazon-init-shell = handleTest ./amazon-init-shell.nix {};
|
amazon-init-shell = handleTest ./amazon-init-shell.nix {};
|
||||||
|
@ -51,6 +52,7 @@ in
|
||||||
bitcoind = handleTest ./bitcoind.nix {};
|
bitcoind = handleTest ./bitcoind.nix {};
|
||||||
bittorrent = handleTest ./bittorrent.nix {};
|
bittorrent = handleTest ./bittorrent.nix {};
|
||||||
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
|
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
|
||||||
|
blocky = handleTest ./blocky.nix {};
|
||||||
boot = handleTestOn ["x86_64-linux" "aarch64-linux"] ./boot.nix {};
|
boot = handleTestOn ["x86_64-linux" "aarch64-linux"] ./boot.nix {};
|
||||||
boot-stage1 = handleTest ./boot-stage1.nix {};
|
boot-stage1 = handleTest ./boot-stage1.nix {};
|
||||||
borgbackup = handleTest ./borgbackup.nix {};
|
borgbackup = handleTest ./borgbackup.nix {};
|
||||||
|
|
34
third_party/nixpkgs/nixos/tests/blocky.nix
vendored
Normal file
34
third_party/nixpkgs/nixos/tests/blocky.nix
vendored
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
import ./make-test-python.nix {
|
||||||
|
name = "blocky";
|
||||||
|
|
||||||
|
nodes = {
|
||||||
|
server = { pkgs, ... }: {
|
||||||
|
environment.systemPackages = [ pkgs.dnsutils ];
|
||||||
|
services.blocky = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
customDNS = {
|
||||||
|
mapping = {
|
||||||
|
"printer.lan" = "192.168.178.3,2001:0db8:85a3:08d3:1319:8a2e:0370:7344";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
upstream = {
|
||||||
|
default = [ "8.8.8.8" "1.1.1.1" ];
|
||||||
|
};
|
||||||
|
port = 53;
|
||||||
|
httpPort = 5000;
|
||||||
|
logLevel = "info";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
with subtest("Service test"):
|
||||||
|
server.wait_for_unit("blocky.service")
|
||||||
|
server.wait_for_open_port(53)
|
||||||
|
server.wait_for_open_port(5000)
|
||||||
|
server.succeed("dig @127.0.0.1 +short -x 192.168.178.3 | grep -qF printer.lan")
|
||||||
|
'';
|
||||||
|
}
|
6
third_party/nixpkgs/nixos/tests/bpf.nix
vendored
6
third_party/nixpkgs/nixos/tests/bpf.nix
vendored
|
@ -18,8 +18,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
||||||
# simple BEGIN probe (user probe on bpftrace itself)
|
# simple BEGIN probe (user probe on bpftrace itself)
|
||||||
print(machine.succeed("bpftrace -e 'BEGIN { print(\"ok\"); exit(); }'"))
|
print(machine.succeed("bpftrace -e 'BEGIN { print(\"ok\"); exit(); }'"))
|
||||||
# tracepoint
|
# tracepoint
|
||||||
print(machine.succeed("bpftrace -e 'tracepoint:syscalls:sys_enter_* { print(probe); exit(); }'"))
|
print(machine.succeed("bpftrace -e 'tracepoint:syscalls:sys_enter_* { print(probe); exit() }'"))
|
||||||
# kprobe
|
# kprobe
|
||||||
print(machine.succeed("bpftrace -e 'kprobe:schedule { print(probe); exit() }'"))
|
print(machine.succeed("bpftrace -e 'kprobe:schedule { print(probe); exit() }'"))
|
||||||
|
# BTF
|
||||||
|
print(machine.succeed("bpftrace -e 'kprobe:schedule { "
|
||||||
|
" printf(\"tgid: %d\", ((struct task_struct*) curtask)->tgid); exit() "
|
||||||
|
"}'"))
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
|
@ -38,6 +38,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
|
||||||
machine.wait_for_unit("doh-proxy-rust.service")
|
machine.wait_for_unit("doh-proxy-rust.service")
|
||||||
machine.wait_for_open_port(53)
|
machine.wait_for_open_port(53)
|
||||||
machine.wait_for_open_port(3000)
|
machine.wait_for_open_port(3000)
|
||||||
machine.succeed(f"curl --fail '{url}?dns={query}' | grep -F {bin_ip}")
|
machine.succeed(f"curl --fail -H 'Accept: application/dns-message' '{url}?dns={query}' | grep -F {bin_ip}")
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
104
third_party/nixpkgs/nixos/tests/home-assistant.nix
vendored
104
third_party/nixpkgs/nixos/tests/home-assistant.nix
vendored
|
@ -10,6 +10,7 @@ in {
|
||||||
|
|
||||||
nodes.hass = { pkgs, ... }: {
|
nodes.hass = { pkgs, ... }: {
|
||||||
environment.systemPackages = with pkgs; [ mosquitto ];
|
environment.systemPackages = with pkgs; [ mosquitto ];
|
||||||
|
|
||||||
services.mosquitto = {
|
services.mosquitto = {
|
||||||
enable = true;
|
enable = true;
|
||||||
listeners = [ {
|
listeners = [ {
|
||||||
|
@ -21,14 +22,42 @@ in {
|
||||||
};
|
};
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
services.home-assistant = {
|
|
||||||
inherit configDir;
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
ensureDatabases = [ "hass" ];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "hass";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE hass" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.home-assistant = {
|
||||||
|
enable = true;
|
||||||
|
inherit configDir;
|
||||||
|
|
||||||
|
# tests loading components by overriding the package
|
||||||
package = (pkgs.home-assistant.override {
|
package = (pkgs.home-assistant.override {
|
||||||
|
extraPackages = ps: with ps; [
|
||||||
|
colorama
|
||||||
|
];
|
||||||
extraComponents = [ "zha" ];
|
extraComponents = [ "zha" ];
|
||||||
}).overrideAttrs (oldAttrs: {
|
}).overrideAttrs (oldAttrs: {
|
||||||
doInstallCheck = false;
|
doInstallCheck = false;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
# tests loading components from the module
|
||||||
|
extraComponents = [
|
||||||
|
"wake_on_lan"
|
||||||
|
];
|
||||||
|
|
||||||
|
# test extra package passing from the module
|
||||||
|
extraPackages = python3Packages: with python3Packages; [
|
||||||
|
psycopg2
|
||||||
|
];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
homeassistant = {
|
homeassistant = {
|
||||||
name = "Home";
|
name = "Home";
|
||||||
|
@ -37,34 +66,58 @@ in {
|
||||||
longitude = "0.0";
|
longitude = "0.0";
|
||||||
elevation = 0;
|
elevation = 0;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# configure the recorder component to use the postgresql db
|
||||||
|
recorder.db_url = "postgresql://@/hass";
|
||||||
|
|
||||||
|
# we can't load default_config, because the updater requires
|
||||||
|
# network access and would cause an error, so load frontend
|
||||||
|
# here explicitly.
|
||||||
|
# https://www.home-assistant.io/integrations/frontend/
|
||||||
frontend = {};
|
frontend = {};
|
||||||
|
|
||||||
|
# configure an mqtt broker connection
|
||||||
|
# https://www.home-assistant.io/integrations/mqtt
|
||||||
mqtt = {
|
mqtt = {
|
||||||
broker = "127.0.0.1";
|
broker = "127.0.0.1";
|
||||||
username = mqttUsername;
|
username = mqttUsername;
|
||||||
password = mqttPassword;
|
password = mqttPassword;
|
||||||
};
|
};
|
||||||
binary_sensor = [{
|
|
||||||
|
# create a mqtt sensor that syncs state with its mqtt topic
|
||||||
|
# https://www.home-assistant.io/integrations/sensor.mqtt/
|
||||||
|
binary_sensor = [ {
|
||||||
platform = "mqtt";
|
platform = "mqtt";
|
||||||
state_topic = "home-assistant/test";
|
state_topic = "home-assistant/test";
|
||||||
payload_on = "let_there_be_light";
|
payload_on = "let_there_be_light";
|
||||||
payload_off = "off";
|
payload_off = "off";
|
||||||
}];
|
} ];
|
||||||
wake_on_lan = {};
|
|
||||||
switch = [{
|
# set up a wake-on-lan switch to test capset capability required
|
||||||
|
# for the ping suid wrapper
|
||||||
|
# https://www.home-assistant.io/integrations/wake_on_lan/
|
||||||
|
switch = [ {
|
||||||
platform = "wake_on_lan";
|
platform = "wake_on_lan";
|
||||||
mac = "00:11:22:33:44:55";
|
mac = "00:11:22:33:44:55";
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
}];
|
} ];
|
||||||
# tests component-based capability assignment (CAP_NET_BIND_SERVICE)
|
|
||||||
|
# test component-based capability assignment (CAP_NET_BIND_SERVICE)
|
||||||
|
# https://www.home-assistant.io/integrations/emulated_hue/
|
||||||
emulated_hue = {
|
emulated_hue = {
|
||||||
host_ip = "127.0.0.1";
|
host_ip = "127.0.0.1";
|
||||||
listen_port = 80;
|
listen_port = 80;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# show mqtt interaction in the log
|
||||||
|
# https://www.home-assistant.io/integrations/logger/
|
||||||
logger = {
|
logger = {
|
||||||
default = "info";
|
default = "info";
|
||||||
logs."homeassistant.components.mqtt" = "debug";
|
logs."homeassistant.components.mqtt" = "debug";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# configure the sample lovelace dashboard
|
||||||
lovelaceConfig = {
|
lovelaceConfig = {
|
||||||
title = "My Awesome Home";
|
title = "My Awesome Home";
|
||||||
views = [{
|
views = [{
|
||||||
|
@ -81,34 +134,57 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript = ''
|
testScript = ''
|
||||||
|
import re
|
||||||
|
|
||||||
start_all()
|
start_all()
|
||||||
|
|
||||||
|
# Parse the package path out of the systemd unit, as we cannot
|
||||||
|
# access the final package, that is overriden inside the module,
|
||||||
|
# by any other means.
|
||||||
|
pattern = re.compile(r"path=(?P<path>[\/a-z0-9-.]+)\/bin\/hass")
|
||||||
|
response = hass.execute("systemctl show -p ExecStart home-assistant.service")[1]
|
||||||
|
match = pattern.search(response)
|
||||||
|
package = match.group('path')
|
||||||
|
|
||||||
hass.wait_for_unit("home-assistant.service")
|
hass.wait_for_unit("home-assistant.service")
|
||||||
|
|
||||||
with subtest("Check that YAML configuration file is in place"):
|
with subtest("Check that YAML configuration file is in place"):
|
||||||
hass.succeed("test -L ${configDir}/configuration.yaml")
|
hass.succeed("test -L ${configDir}/configuration.yaml")
|
||||||
with subtest("lovelace config is copied because lovelaceConfigWritable = true"):
|
|
||||||
|
with subtest("Check the lovelace config is copied because lovelaceConfigWritable = true"):
|
||||||
hass.succeed("test -f ${configDir}/ui-lovelace.yaml")
|
hass.succeed("test -f ${configDir}/ui-lovelace.yaml")
|
||||||
|
|
||||||
|
with subtest("Check extraComponents and extraPackages are considered from the package"):
|
||||||
|
hass.succeed(f"grep -q 'colorama' {package}/extra_packages")
|
||||||
|
hass.succeed(f"grep -q 'zha' {package}/extra_components")
|
||||||
|
|
||||||
|
with subtest("Check extraComponents and extraPackages are considered from the module"):
|
||||||
|
hass.succeed(f"grep -q 'psycopg2' {package}/extra_packages")
|
||||||
|
hass.succeed(f"grep -q 'wake_on_lan' {package}/extra_components")
|
||||||
|
|
||||||
with subtest("Check that Home Assistant's web interface and API can be reached"):
|
with subtest("Check that Home Assistant's web interface and API can be reached"):
|
||||||
|
hass.wait_until_succeeds("journalctl -u home-assistant.service | grep -q 'Home Assistant initialized in'")
|
||||||
hass.wait_for_open_port(8123)
|
hass.wait_for_open_port(8123)
|
||||||
hass.succeed("curl --fail http://localhost:8123/lovelace")
|
hass.succeed("curl --fail http://localhost:8123/lovelace")
|
||||||
|
|
||||||
with subtest("Toggle a binary sensor using MQTT"):
|
with subtest("Toggle a binary sensor using MQTT"):
|
||||||
hass.wait_for_open_port(1883)
|
hass.wait_for_open_port(1883)
|
||||||
hass.succeed(
|
hass.succeed(
|
||||||
"mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"
|
"mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"
|
||||||
)
|
)
|
||||||
|
|
||||||
with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):
|
with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):
|
||||||
hass.wait_for_open_port(80)
|
hass.wait_for_open_port(80)
|
||||||
hass.succeed("curl --fail http://localhost:80/description.xml")
|
hass.succeed("curl --fail http://localhost:80/description.xml")
|
||||||
|
|
||||||
with subtest("Check extra components are considered in systemd unit hardening"):
|
with subtest("Check extra components are considered in systemd unit hardening"):
|
||||||
hass.succeed("systemctl show -p DeviceAllow home-assistant.service | grep -q char-ttyUSB")
|
hass.succeed("systemctl show -p DeviceAllow home-assistant.service | grep -q char-ttyUSB")
|
||||||
|
|
||||||
with subtest("Print log to ease debugging"):
|
with subtest("Print log to ease debugging"):
|
||||||
output_log = hass.succeed("cat ${configDir}/home-assistant.log")
|
output_log = hass.succeed("cat ${configDir}/home-assistant.log")
|
||||||
print("\n### home-assistant.log ###\n")
|
print("\n### home-assistant.log ###\n")
|
||||||
print(output_log + "\n")
|
print(output_log + "\n")
|
||||||
|
|
||||||
# wait for home-assistant to fully boot
|
|
||||||
hass.sleep(30)
|
|
||||||
hass.wait_for_unit("home-assistant.service")
|
|
||||||
|
|
||||||
with subtest("Check that no errors were logged"):
|
with subtest("Check that no errors were logged"):
|
||||||
assert "ERROR" not in output_log
|
assert "ERROR" not in output_log
|
||||||
|
|
||||||
|
@ -117,7 +193,7 @@ in {
|
||||||
assert "let_there_be_light" in output_log
|
assert "let_there_be_light" in output_log
|
||||||
|
|
||||||
with subtest("Check systemd unit hardening"):
|
with subtest("Check systemd unit hardening"):
|
||||||
hass.log(hass.succeed("systemctl show home-assistant.service"))
|
hass.log(hass.succeed("systemctl cat home-assistant.service"))
|
||||||
hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
|
hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
|
@ -672,7 +672,7 @@ let
|
||||||
basicAuth.nextcloud-exporter = "snakeoilpw";
|
basicAuth.nextcloud-exporter = "snakeoilpw";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
root = "${pkgs.prometheus-nextcloud-exporter.src}/serverinfo/testdata";
|
root = "${pkgs.prometheus-nextcloud-exporter.src}/serverinfo/testdata";
|
||||||
tryFiles = "/negative-space.xml =404";
|
tryFiles = "/negative-space.json =404";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
19
third_party/nixpkgs/nixos/tests/sourcehut.nix
vendored
19
third_party/nixpkgs/nixos/tests/sourcehut.nix
vendored
|
@ -125,13 +125,18 @@ in
|
||||||
virtualisation.memorySize = 2 * 1024;
|
virtualisation.memorySize = 2 * 1024;
|
||||||
networking.domain = domain;
|
networking.domain = domain;
|
||||||
networking.extraHosts = ''
|
networking.extraHosts = ''
|
||||||
${config.networking.primaryIPAddress} meta.${domain}
|
|
||||||
${config.networking.primaryIPAddress} builds.${domain}
|
${config.networking.primaryIPAddress} builds.${domain}
|
||||||
|
${config.networking.primaryIPAddress} git.${domain}
|
||||||
|
${config.networking.primaryIPAddress} meta.${domain}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.sourcehut = {
|
services.sourcehut = {
|
||||||
enable = true;
|
enable = true;
|
||||||
services = [ "meta" "builds" ];
|
services = [
|
||||||
|
"builds"
|
||||||
|
"git"
|
||||||
|
"meta"
|
||||||
|
];
|
||||||
nginx.enable = true;
|
nginx.enable = true;
|
||||||
nginx.virtualHost = {
|
nginx.virtualHost = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -148,6 +153,8 @@ in
|
||||||
#enableWorker = true;
|
#enableWorker = true;
|
||||||
inherit images;
|
inherit images;
|
||||||
};
|
};
|
||||||
|
git.enable = true;
|
||||||
|
|
||||||
settings."sr.ht" = {
|
settings."sr.ht" = {
|
||||||
global-domain = config.networking.domain;
|
global-domain = config.networking.domain;
|
||||||
service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01";
|
service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01";
|
||||||
|
@ -157,6 +164,10 @@ in
|
||||||
oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc";
|
oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc";
|
||||||
oauth-client-id = "299db9f9c2013170";
|
oauth-client-id = "299db9f9c2013170";
|
||||||
};
|
};
|
||||||
|
settings."git.sr.ht" = {
|
||||||
|
oauth-client-secret = pkgs.writeText "gitsrht-oauth-client-secret" "3597288dc2c716e567db5384f493b09d";
|
||||||
|
oauth-client-id = "d07cb713d920702e";
|
||||||
|
};
|
||||||
settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA=";
|
settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA=";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -193,5 +204,9 @@ in
|
||||||
machine.wait_for_open_port(5002)
|
machine.wait_for_open_port(5002)
|
||||||
machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}")
|
machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}")
|
||||||
#machine.wait_for_unit("buildsrht-worker.service")
|
#machine.wait_for_unit("buildsrht-worker.service")
|
||||||
|
|
||||||
|
# Testing gitsrht
|
||||||
|
machine.wait_for_unit("gitsrht.service")
|
||||||
|
machine.succeed("curl -sL http://git.${domain} | grep git.${domain}")
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
283
third_party/nixpkgs/nixos/tests/switch-test.nix
vendored
283
third_party/nixpkgs/nixos/tests/switch-test.nix
vendored
|
@ -18,6 +18,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
ExecStart = "${pkgs.coreutils}/bin/true";
|
ExecStart = "${pkgs.coreutils}/bin/true";
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/true";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -70,6 +71,97 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
simpleServiceWithExtraSection.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.packages = [ (pkgs.writeTextFile {
|
||||||
|
name = "systemd-extra-section";
|
||||||
|
destination = "/etc/systemd/system/test.service";
|
||||||
|
text = ''
|
||||||
|
[X-Test]
|
||||||
|
X-Test-Value=a
|
||||||
|
'';
|
||||||
|
}) ];
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceWithExtraSectionOtherName.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.packages = [ (pkgs.writeTextFile {
|
||||||
|
name = "systemd-extra-section";
|
||||||
|
destination = "/etc/systemd/system/test.service";
|
||||||
|
text = ''
|
||||||
|
[X-Test2]
|
||||||
|
X-Test-Value=a
|
||||||
|
'';
|
||||||
|
}) ];
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceWithInstallSection.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.packages = [ (pkgs.writeTextFile {
|
||||||
|
name = "systemd-extra-section";
|
||||||
|
destination = "/etc/systemd/system/test.service";
|
||||||
|
text = ''
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
'';
|
||||||
|
}) ];
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceWithExtraKey.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.services.test.serviceConfig."X-Test" = "test";
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceWithExtraKeyOtherValue.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.services.test.serviceConfig."X-Test" = "test2";
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceWithExtraKeyOtherName.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.services.test.serviceConfig."X-Test2" = "test";
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceReloadTrigger.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.services.test.reloadTriggers = [ "/dev/null" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceReloadTriggerModified.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.services.test.reloadTriggers = [ "/dev/zero" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceReloadTriggerModifiedAndSomethingElse.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.services.test = {
|
||||||
|
reloadTriggers = [ "/dev/zero" ];
|
||||||
|
serviceConfig."X-Test" = "test";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
simpleServiceReloadTriggerModifiedSomethingElse.configuration = {
|
||||||
|
imports = [ simpleServiceNostop.configuration ];
|
||||||
|
systemd.services.test.serviceConfig."X-Test" = "test";
|
||||||
|
};
|
||||||
|
|
||||||
|
unitWithBackslash.configuration = {
|
||||||
|
systemd.services."escaped\\x2ddash" = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
ExecStart = "${pkgs.coreutils}/bin/true";
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/true";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
unitWithBackslashModified.configuration = {
|
||||||
|
imports = [ unitWithBackslash.configuration ];
|
||||||
|
systemd.services."escaped\\x2ddash".serviceConfig.X-Test = "test";
|
||||||
|
};
|
||||||
|
|
||||||
restart-and-reload-by-activation-script.configuration = {
|
restart-and-reload-by-activation-script.configuration = {
|
||||||
systemd.services = rec {
|
systemd.services = rec {
|
||||||
simple-service = {
|
simple-service = {
|
||||||
|
@ -93,6 +185,17 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
no-restart-service = simple-service // {
|
no-restart-service = simple-service // {
|
||||||
restartIfChanged = false;
|
restartIfChanged = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
reload-triggers = simple-service // {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
reload-triggers-and-restart-by-as = simple-service;
|
||||||
|
|
||||||
|
reload-triggers-and-restart = simple-service // {
|
||||||
|
stopIfChanged = false; # easier to check for this
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
system.activationScripts.restart-and-reload-test = {
|
system.activationScripts.restart-and-reload-test = {
|
||||||
|
@ -101,19 +204,33 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
text = ''
|
text = ''
|
||||||
if [ "$NIXOS_ACTION" = dry-activate ]; then
|
if [ "$NIXOS_ACTION" = dry-activate ]; then
|
||||||
f=/run/nixos/dry-activation-restart-list
|
f=/run/nixos/dry-activation-restart-list
|
||||||
|
g=/run/nixos/dry-activation-reload-list
|
||||||
else
|
else
|
||||||
f=/run/nixos/activation-restart-list
|
f=/run/nixos/activation-restart-list
|
||||||
|
g=/run/nixos/activation-reload-list
|
||||||
fi
|
fi
|
||||||
cat <<EOF >> "$f"
|
cat <<EOF >> "$f"
|
||||||
simple-service.service
|
simple-service.service
|
||||||
simple-restart-service.service
|
simple-restart-service.service
|
||||||
simple-reload-service.service
|
simple-reload-service.service
|
||||||
no-restart-service.service
|
no-restart-service.service
|
||||||
|
reload-triggers-and-restart-by-as.service
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF >> "$g"
|
||||||
|
reload-triggers.service
|
||||||
|
reload-triggers-and-restart-by-as.service
|
||||||
|
reload-triggers-and-restart.service
|
||||||
EOF
|
EOF
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
restart-and-reload-by-activation-script-modified.configuration = {
|
||||||
|
imports = [ restart-and-reload-by-activation-script.configuration ];
|
||||||
|
systemd.services.reload-triggers-and-restart.serviceConfig.X-Modified = "test";
|
||||||
|
};
|
||||||
|
|
||||||
mount.configuration = {
|
mount.configuration = {
|
||||||
systemd.mounts = [
|
systemd.mounts = [
|
||||||
{
|
{
|
||||||
|
@ -241,6 +358,8 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
raise Exception(f"Unexpected string '{needle}' was found")
|
raise Exception(f"Unexpected string '{needle}' was found")
|
||||||
|
|
||||||
|
|
||||||
|
machine.wait_for_unit("multi-user.target")
|
||||||
|
|
||||||
machine.succeed(
|
machine.succeed(
|
||||||
"${stderrRunner} ${originalSystem}/bin/switch-to-configuration test"
|
"${stderrRunner} ${originalSystem}/bin/switch-to-configuration test"
|
||||||
)
|
)
|
||||||
|
@ -331,6 +450,25 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
assert_lacks(out, "as well:")
|
assert_lacks(out, "as well:")
|
||||||
assert_contains(out, "would start the following units: test.service\n")
|
assert_contains(out, "would start the following units: test.service\n")
|
||||||
|
|
||||||
|
# Ensure \ works in unit names
|
||||||
|
out = switch_to_specialisation("${machine}", "unitWithBackslash")
|
||||||
|
assert_contains(out, "stopping the following units: test.service\n")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_lacks(out, "\nrestarting the following units:")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_contains(out, "the following new units were started: escaped\\x2ddash.service\n")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
out = switch_to_specialisation("${machine}", "unitWithBackslashModified")
|
||||||
|
assert_contains(out, "stopping the following units: escaped\\x2ddash.service\n")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_lacks(out, "\nrestarting the following units:")
|
||||||
|
assert_contains(out, "\nstarting the following units: escaped\\x2ddash.service\n")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
with subtest("failing units"):
|
with subtest("failing units"):
|
||||||
# Let the simple service fail
|
# Let the simple service fail
|
||||||
switch_to_specialisation("${machine}", "simpleServiceModified")
|
switch_to_specialisation("${machine}", "simpleServiceModified")
|
||||||
|
@ -379,6 +517,130 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
assert_contains(out, "Main PID:") # output of systemctl
|
assert_contains(out, "Main PID:") # output of systemctl
|
||||||
assert_lacks(out, "as well:")
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
with subtest("unit file parser"):
|
||||||
|
# Switch to a well-known state
|
||||||
|
switch_to_specialisation("${machine}", "simpleServiceNostop")
|
||||||
|
|
||||||
|
# Add a section
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceWithExtraSection")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Rename it
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceWithExtraSectionOtherName")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Remove it
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceNostop")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# [Install] section is ignored
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceWithInstallSection")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_lacks(out, "\nrestarting the following units:")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Add a key
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceWithExtraKey")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Change its value
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceWithExtraKeyOtherValue")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Rename it
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceWithExtraKeyOtherName")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Remove it
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceNostop")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Add a reload trigger
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceReloadTrigger")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_contains(out, "reloading the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nrestarting the following units:")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Modify the reload trigger
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceReloadTriggerModified")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_contains(out, "reloading the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nrestarting the following units:")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Modify the reload trigger and something else
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceReloadTriggerModifiedAndSomethingElse")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
# Remove the reload trigger
|
||||||
|
out = switch_to_specialisation("${machine}", "simpleServiceReloadTriggerModifiedSomethingElse")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_lacks(out, "reloading the following units:")
|
||||||
|
assert_lacks(out, "\nrestarting the following units:")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "the following new units were started:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
with subtest("restart and reload by activation script"):
|
with subtest("restart and reload by activation script"):
|
||||||
switch_to_specialisation("${machine}", "simpleServiceNorestart")
|
switch_to_specialisation("${machine}", "simpleServiceNorestart")
|
||||||
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
|
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
|
||||||
|
@ -386,23 +648,32 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
assert_lacks(out, "NOT restarting the following changed units:")
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
assert_lacks(out, "reloading the following units:")
|
assert_lacks(out, "reloading the following units:")
|
||||||
assert_lacks(out, "restarting the following units:")
|
assert_lacks(out, "restarting the following units:")
|
||||||
assert_contains(out, "\nstarting the following units: no-restart-service.service, simple-reload-service.service, simple-restart-service.service, simple-service.service\n")
|
assert_contains(out, "\nstarting the following units: no-restart-service.service, reload-triggers-and-restart-by-as.service, simple-reload-service.service, simple-restart-service.service, simple-service.service\n")
|
||||||
assert_lacks(out, "as well:")
|
assert_lacks(out, "as well:")
|
||||||
# Switch to the same system where the example services get restarted
|
# Switch to the same system where the example services get restarted
|
||||||
# by the activation script
|
# and reloaded by the activation script
|
||||||
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
|
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
|
||||||
assert_lacks(out, "stopping the following units:")
|
assert_lacks(out, "stopping the following units:")
|
||||||
assert_lacks(out, "NOT restarting the following changed units:")
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
assert_contains(out, "reloading the following units: simple-reload-service.service\n")
|
assert_contains(out, "reloading the following units: reload-triggers-and-restart.service, reload-triggers.service, simple-reload-service.service\n")
|
||||||
assert_contains(out, "restarting the following units: simple-restart-service.service, simple-service.service\n")
|
assert_contains(out, "restarting the following units: reload-triggers-and-restart-by-as.service, simple-restart-service.service, simple-service.service\n")
|
||||||
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
|
assert_lacks(out, "as well:")
|
||||||
|
# Switch to the same system and see if the service gets restarted when it's modified
|
||||||
|
# while the fact that it's supposed to be reloaded by the activation script is ignored.
|
||||||
|
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script-modified")
|
||||||
|
assert_lacks(out, "stopping the following units:")
|
||||||
|
assert_lacks(out, "NOT restarting the following changed units:")
|
||||||
|
assert_contains(out, "reloading the following units: reload-triggers.service, simple-reload-service.service\n")
|
||||||
|
assert_contains(out, "restarting the following units: reload-triggers-and-restart-by-as.service, reload-triggers-and-restart.service, simple-restart-service.service, simple-service.service\n")
|
||||||
assert_lacks(out, "\nstarting the following units:")
|
assert_lacks(out, "\nstarting the following units:")
|
||||||
assert_lacks(out, "as well:")
|
assert_lacks(out, "as well:")
|
||||||
# The same, but in dry mode
|
# The same, but in dry mode
|
||||||
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script", action="dry-activate")
|
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script", action="dry-activate")
|
||||||
assert_lacks(out, "would stop the following units:")
|
assert_lacks(out, "would stop the following units:")
|
||||||
assert_lacks(out, "would NOT stop the following changed units:")
|
assert_lacks(out, "would NOT stop the following changed units:")
|
||||||
assert_contains(out, "would reload the following units: simple-reload-service.service\n")
|
assert_contains(out, "would reload the following units: reload-triggers.service, simple-reload-service.service\n")
|
||||||
assert_contains(out, "would restart the following units: simple-restart-service.service, simple-service.service\n")
|
assert_contains(out, "would restart the following units: reload-triggers-and-restart-by-as.service, reload-triggers-and-restart.service, simple-restart-service.service, simple-service.service\n")
|
||||||
assert_lacks(out, "\nwould start the following units:")
|
assert_lacks(out, "\nwould start the following units:")
|
||||||
assert_lacks(out, "as well:")
|
assert_lacks(out, "as well:")
|
||||||
|
|
||||||
|
|
29
third_party/nixpkgs/nixos/tests/web-servers/agate.nix
vendored
Normal file
29
third_party/nixpkgs/nixos/tests/web-servers/agate.nix
vendored
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
import ../make-test-python.nix (
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
name = "agate";
|
||||||
|
meta = with lib.maintainers; { maintainers = [ jk ]; };
|
||||||
|
|
||||||
|
nodes = {
|
||||||
|
geminiserver = { pkgs, ... }: {
|
||||||
|
services.agate = {
|
||||||
|
enable = true;
|
||||||
|
hostnames = [ "localhost" ];
|
||||||
|
contentDir = pkgs.writeTextDir "index.gmi" ''
|
||||||
|
# Hello NixOS!
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = { nodes, ... }: ''
|
||||||
|
geminiserver.wait_for_unit("agate")
|
||||||
|
geminiserver.wait_for_open_port(1965)
|
||||||
|
|
||||||
|
with subtest("check is serving over gemini"):
|
||||||
|
response = geminiserver.succeed("${pkgs.gmni}/bin/gmni -j once -i -N gemini://localhost:1965")
|
||||||
|
print(response)
|
||||||
|
assert "Hello NixOS!" in response
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
)
|
|
@ -6,11 +6,11 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "bitwig-studio";
|
pname = "bitwig-studio";
|
||||||
version = "4.1.2";
|
version = "4.1.6";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://downloads.bitwig.com/stable/${version}/${pname}-${version}.deb";
|
url = "https://downloads.bitwig.com/stable/${version}/${pname}-${version}.deb";
|
||||||
sha256 = "sha256-fXrpTOA6Uh4DgGU+3A7SV23Sb+Z2Ud4rCPmMk5I1MnA=";
|
sha256 = "sha256-Q4YYdMUd/T8tGGcakhoLdHvWsHwOq7LgIb77sr2OWuQ=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];
|
nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];
|
||||||
|
|
|
@ -11,14 +11,14 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "callaudiod";
|
pname = "callaudiod";
|
||||||
version = "0.1.1";
|
version = "0.1.3";
|
||||||
|
|
||||||
src = fetchFromGitLab {
|
src = fetchFromGitLab {
|
||||||
domain = "gitlab.com";
|
domain = "gitlab.com";
|
||||||
owner = "mobian1";
|
owner = "mobian1";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "sha256-VASBYx/SZo2GJ8znthFIdjtZKbYVssWO1xhYcZMz9hI=";
|
sha256 = "sha256-WZ23jacCsZiNeMJfnYMaGdHXY9OCIBbeU9dWGDroaHE=";
|
||||||
};
|
};
|
||||||
|
|
||||||
strictDeps = true;
|
strictDeps = true;
|
||||||
|
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
|
||||||
description = "Daemon for dealing with audio routing during phone calls";
|
description = "Daemon for dealing with audio routing during phone calls";
|
||||||
homepage = "https://gitlab.com/mobian1/callaudiod";
|
homepage = "https://gitlab.com/mobian1/callaudiod";
|
||||||
license = licenses.gpl3Plus;
|
license = licenses.gpl3Plus;
|
||||||
maintainers = with maintainers; [ pacman99 ];
|
maintainers = with maintainers; [ pacman99 tomfitzhenry ];
|
||||||
platforms = platforms.linux;
|
platforms = platforms.linux;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,13 +9,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "freac";
|
pname = "freac";
|
||||||
version = "1.1.5";
|
version = "1.1.6";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "enzo1982";
|
owner = "enzo1982";
|
||||||
repo = "freac";
|
repo = "freac";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-cRmN9D/+FLiXqZW/PYhw61EoZuL3y61YtQ/ZNjnhfmY=";
|
sha256 = "sha256-PDFc/RhxIe6M3lfVHE1QmJnu5Sy+q/yrXrXPV/8X51o=";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
|
|
|
@ -3,13 +3,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "geonkick";
|
pname = "geonkick";
|
||||||
version = "2.8.0";
|
version = "2.8.1";
|
||||||
|
|
||||||
src = fetchFromGitLab {
|
src = fetchFromGitLab {
|
||||||
owner = "iurie-sw";
|
owner = "iurie-sw";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "0dpwdjyy6phhr1jm1cabj2gc3rfsdan513mijbgnpzkq9w9jfb60";
|
sha256 = "sha256-wSlZ9pVVqlrPSz20pRdcRLq6pTcibxD7326l9WY7ZDY=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake pkg-config ];
|
nativeBuildInputs = [ cmake pkg-config ];
|
||||||
|
|
|
@ -16,20 +16,20 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "helvum";
|
pname = "helvum";
|
||||||
version = "0.3.2";
|
version = "0.3.4";
|
||||||
|
|
||||||
src = fetchFromGitLab {
|
src = fetchFromGitLab {
|
||||||
domain = "gitlab.freedesktop.org";
|
domain = "gitlab.freedesktop.org";
|
||||||
owner = "ryuukyu";
|
owner = "pipewire";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "sha256-Kt6gnMRTOVXqjAjEZKlylcGhzl52ZzPNVbJhwzLhzkM=";
|
sha256 = "0nhv6zw2zzxz2bg2zj32w1brywnm5lv6j3cvmmvwshc389z2k5x1";
|
||||||
};
|
};
|
||||||
|
|
||||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||||
inherit src;
|
inherit src;
|
||||||
name = "${pname}-${version}";
|
name = "${pname}-${version}";
|
||||||
hash = "sha256-kxJRY9GSPwnb431iYCfJdGcl5HjpFr2KkWrFDpGajp8=";
|
hash = "sha256-EIHO9qVPIXgezfFOaarlTU0an762nFmX1ELbQuAZ7rY";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
|
@ -51,21 +51,9 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
LIBCLANG_PATH = "${libclang.lib}/lib";
|
LIBCLANG_PATH = "${libclang.lib}/lib";
|
||||||
|
|
||||||
patches = [
|
|
||||||
# enables us to use gtk4-update-icon-cache instead of gtk3 one
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://gitlab.freedesktop.org/ryuukyu/helvum/-/merge_requests/24.patch";
|
|
||||||
sha256 = "sha256-WmI6taBL/6t587j06n0mwByQ8x0eUA5ECvGNjg2/vtk=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
postPatch = ''
|
|
||||||
patchShebangs build-aux/cargo.sh
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "A GTK patchbay for pipewire";
|
description = "A GTK patchbay for pipewire";
|
||||||
homepage = "https://gitlab.freedesktop.org/ryuukyu/helvum";
|
homepage = "https://gitlab.freedesktop.org/pipewire/helvum";
|
||||||
license = licenses.gpl3Only;
|
license = licenses.gpl3Only;
|
||||||
maintainers = with maintainers; [ fufexan ];
|
maintainers = with maintainers; [ fufexan ];
|
||||||
platforms = platforms.linux;
|
platforms = platforms.linux;
|
||||||
|
|
|
@ -15,13 +15,13 @@
|
||||||
|
|
||||||
python3Packages.buildPythonApplication rec {
|
python3Packages.buildPythonApplication rec {
|
||||||
pname = "indicator-sound-switcher";
|
pname = "indicator-sound-switcher";
|
||||||
version = "2.3.6";
|
version = "2.3.7";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "yktoo";
|
owner = "yktoo";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "APU8Y0xUhRd9RbMSG9TD0TBvFLu/VlLGauf56z8gZDw=";
|
sha256 = "sha256-agzU3Z3E6NvCnlsz9L719LqMTm8EmYg3TY/2lWTYgKs=";
|
||||||
};
|
};
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
{ lib, stdenv, fetchurl, alsa-lib, libjack2, fftwFloat, libclthreads, libclxclient, libX11, libXft, zita-alsa-pcmi, }:
|
{ lib, stdenv, fetchurl, alsa-lib, libjack2, fftwFloat, libclthreads, libclxclient, libX11, libXft, zita-alsa-pcmi, }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
version = "0.9.2";
|
version = "0.9.4";
|
||||||
pname = "japa";
|
pname = "japa";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${pname}-${version}.tar.bz2";
|
url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${pname}-${version}.tar.bz2";
|
||||||
sha256 = "1zmi4wg23hwsypg3h6y3qb72cbrihqcs19qrbzgs5a67d13q4897";
|
sha256 = "sha256-t9wlZr+pE5u6yTpATWDQseC/rf4TFbtG0X9tnTdkB8I=";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [ alsa-lib libjack2 fftwFloat libclthreads libclxclient libX11 libXft zita-alsa-pcmi ];
|
buildInputs = [ alsa-lib libjack2 fftwFloat libclthreads libclxclient libX11 libXft zita-alsa-pcmi ];
|
||||||
|
|
|
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
|
||||||
cp $src $out/lib/JMusicBot
|
cp $src $out/lib/JMusicBot
|
||||||
|
|
||||||
makeWrapper ${jre}/bin/java $out/bin/JMusicBot \
|
makeWrapper ${jre}/bin/java $out/bin/JMusicBot \
|
||||||
--add-flags "-Xmx1G -Dnogui=true -jar $out/lib/JMusicBot"
|
--add-flags "-Xmx1G -Dnogui=true -Djava.util.concurrent.ForkJoinPool.common.parallelism=1 -jar $out/lib/JMusicBot"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
|
|
|
@ -28,11 +28,11 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "kid3";
|
pname = "kid3";
|
||||||
version = "3.9.0";
|
version = "3.9.1";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://download.kde.org/stable/${pname}/${version}/${pname}-${version}.tar.xz";
|
url = "https://download.kde.org/stable/${pname}/${version}/${pname}-${version}.tar.xz";
|
||||||
sha256 = "sha256-d0Y+swzzGk1FzQ3EK8sN8i1Nf6CRIPMAYgTUYN71FXU=";
|
sha256 = "sha256-N/HDwfJn7Py4y/GZcIDbeoMEqG+SuRGO23ITZMot8cc=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
|
|
|
@ -53,13 +53,13 @@
|
||||||
|
|
||||||
mkDerivation rec {
|
mkDerivation rec {
|
||||||
pname = "mixxx";
|
pname = "mixxx";
|
||||||
version = "2.3.1";
|
version = "2.3.2";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "mixxxdj";
|
owner = "mixxxdj";
|
||||||
repo = "mixxx";
|
repo = "mixxx";
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "sha256-6M1qaRyRYWTIKqclewuD+RUVDdxVbBHcfpw2qYgO6BA=";
|
sha256 = "sha256-EnOO5OGcaIITqfF9gpGktarzYOx128C1M2VmYNzdRsA=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake pkg-config ];
|
nativeBuildInputs = [ cmake pkg-config ];
|
||||||
|
@ -117,7 +117,7 @@ mkDerivation rec {
|
||||||
|
|
||||||
# mixxx installs udev rules to DATADIR instead of SYSCONFDIR
|
# mixxx installs udev rules to DATADIR instead of SYSCONFDIR
|
||||||
# let's disable this and install udev rules manually via postInstall
|
# let's disable this and install udev rules manually via postInstall
|
||||||
# see https://github.com/mixxxdj/mixxx/blob/2.3.1/CMakeLists.txt#L1381-L1392
|
# see https://github.com/mixxxdj/mixxx/blob/2.3.2/CMakeLists.txt#L1381-L1392
|
||||||
cmakeFlags = [
|
cmakeFlags = [
|
||||||
"-DINSTALL_USER_UDEV_RULES=OFF"
|
"-DINSTALL_USER_UDEV_RULES=OFF"
|
||||||
];
|
];
|
||||||
|
|
|
@ -11,11 +11,11 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "ocenaudio";
|
pname = "ocenaudio";
|
||||||
version = "3.11.2";
|
version = "3.11.5";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://www.ocenaudio.com/downloads/index.php/ocenaudio_debian9_64.deb?version=${version}";
|
url = "https://www.ocenaudio.com/downloads/index.php/ocenaudio_debian9_64.deb?version=${version}";
|
||||||
sha256 = "sha256-kvmBOw8fQZSC1jC8FRVq4v+i7mM6ol2IrDTqfJtuZYc=";
|
sha256 = "sha256-YkSsvhBbju/NEkT7RspZQYnLkcx/5POA8VtxCAL3Wcc=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
|
|
|
@ -13,6 +13,9 @@ stdenv.mkDerivation {
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
patchShebangs tool
|
patchShebangs tool
|
||||||
|
sed -i tool \
|
||||||
|
-e 's@ncurses_dir=.*@ncurses_dir="${ncurses}"@' \
|
||||||
|
-e 's@portmidi_dir=.*@portmidi_dir="${portmidi}"@' tool
|
||||||
'';
|
'';
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
|
|
@ -2,12 +2,12 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
pname = "plexamp";
|
pname = "plexamp";
|
||||||
version = "3.9.1";
|
version = "4.0.0";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
|
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
|
||||||
name="${pname}-${version}.AppImage";
|
name="${pname}-${version}.AppImage";
|
||||||
sha512 = "uassNLdCXx3WLarUMJNhU8fbXugG7yTLMQacPAszLoRdmbMwcN6wT7ED26VhlNVhY3xr02GjZSDw4/LADZWqKw==";
|
sha512 = "C6fR3HyXZ5dXvKqtADjCm9WwsnI/wKhlR0K4+zkEW4JNmozmZvdB9eDIoS32wgTe23phtwazbXwroK/Xb0kZmQ==";
|
||||||
};
|
};
|
||||||
|
|
||||||
appimageContents = appimageTools.extractType2 {
|
appimageContents = appimageTools.extractType2 {
|
||||||
|
@ -33,7 +33,7 @@ in appimageTools.wrapType2 {
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
|
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
|
||||||
homepage = "https://plexamp.com/";
|
homepage = "https://plexamp.com/";
|
||||||
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/37";
|
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/38";
|
||||||
license = licenses.unfree;
|
license = licenses.unfree;
|
||||||
maintainers = with maintainers; [ killercup synthetica ];
|
maintainers = with maintainers; [ killercup synthetica ];
|
||||||
platforms = [ "x86_64-linux" ];
|
platforms = [ "x86_64-linux" ];
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
python3Packages.buildPythonApplication rec {
|
python3Packages.buildPythonApplication rec {
|
||||||
pname = "pyradio";
|
pname = "pyradio";
|
||||||
version = "0.8.9.10";
|
version = "0.8.9.14";
|
||||||
|
|
||||||
propagatedBuildInputs = with python3Packages; [
|
propagatedBuildInputs = with python3Packages; [
|
||||||
requests
|
requests
|
||||||
|
@ -14,7 +14,7 @@ python3Packages.buildPythonApplication rec {
|
||||||
owner = "coderholic";
|
owner = "coderholic";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "1cvrvy5ll97yyrzakxr8lb25qxmzk9fvcabsgc98jf89ikxgax4w";
|
sha256 = "sha256-9q+YsQPFB7Ql5WnXvPj100cD7pGkmr1hHztqbpZStt8=";
|
||||||
};
|
};
|
||||||
|
|
||||||
checkPhase = ''
|
checkPhase = ''
|
||||||
|
|
|
@ -17,13 +17,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "reaper";
|
pname = "reaper";
|
||||||
version = "6.46";
|
version = "6.47";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://www.reaper.fm/files/${lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_${stdenv.hostPlatform.qemuArch}.tar.xz";
|
url = "https://www.reaper.fm/files/${lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_${stdenv.hostPlatform.qemuArch}.tar.xz";
|
||||||
hash = {
|
hash = {
|
||||||
x86_64-linux = "sha256-cHjiO2hRK8gUaq2VfuE9GOtRJ0JyfH2rhdIbK+RxoEM=";
|
x86_64-linux = "sha256-31HmIx/ohbrzu5uj8KOOZiHNCmXwng9h+fIGaJfYyqA=";
|
||||||
aarch64-linux = "sha256-j+05SdyDWzI1fekwwQ2RAGontEvppkUWPYfZEtOVXYg=";
|
aarch64-linux = "sha256-CMmcBpaZ6BEZJ1144aQhOJ/o2NrGD7/8aq+ObLVMXYE=";
|
||||||
}.${stdenv.hostPlatform.system};
|
}.${stdenv.hostPlatform.system};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
24
third_party/nixpkgs/pkgs/applications/audio/sptlrx/default.nix
vendored
Normal file
24
third_party/nixpkgs/pkgs/applications/audio/sptlrx/default.nix
vendored
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{ lib, buildGoModule, fetchFromGitHub }:
|
||||||
|
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "sptlrx";
|
||||||
|
version = "0.1.0";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "raitonoberu";
|
||||||
|
repo = pname;
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "sha256-Wk4vXm6sB+Rw0VFAhfD0GKxsP+1LwpS6VFHa3UENuJk=";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorSha256 = "sha256-l5gIbjB2rJyNmZBqrHo4kwClmAgjgDWHTs5KWzrfC08=";
|
||||||
|
|
||||||
|
ldflags = [ "-s" "-w" ];
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Spotify lyrics in your terminal";
|
||||||
|
homepage = "https://github.com/raitonoberu/sptlrx";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ MoritzBoehme ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -13,11 +13,11 @@ let
|
||||||
in
|
in
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "SunVox";
|
pname = "SunVox";
|
||||||
version = "1.9.6c";
|
version = "2.0c";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://www.warmplace.ru/soft/sunvox/sunvox-${version}.zip";
|
url = "http://www.warmplace.ru/soft/sunvox/sunvox-${version}.zip";
|
||||||
sha256 = "10lqbm1grw0sqasx7i6528cishv5ksdf9zbb3ygxd8c1iwaxzhb9";
|
sha256 = "949e5348da9faa92ce17aac943b58027bdb797b65c7f5f365ef0610bb6dd8a3d";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ unzip ];
|
nativeBuildInputs = [ unzip ];
|
||||||
|
|
|
@ -21,13 +21,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "tauon";
|
pname = "tauon";
|
||||||
version = "7.0.1";
|
version = "7.1.1";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "Taiko2k";
|
owner = "Taiko2k";
|
||||||
repo = "TauonMusicBox";
|
repo = "TauonMusicBox";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-Sw9w6vFXk2Cx7LdfMsou9IDheVckdusc0iGWkVsVtCQ=";
|
sha256 = "sha256-eVliTSFTBG56mU1Crt3syoYxKclz/6W15y/30C+Tf1g=";
|
||||||
};
|
};
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
|
|
|
@ -8,12 +8,12 @@
|
||||||
, gettext
|
, gettext
|
||||||
, itstool
|
, itstool
|
||||||
, glib
|
, glib
|
||||||
, gtk3
|
, gtk4
|
||||||
, coreutils
|
, coreutils
|
||||||
, libsoup
|
, libsoup_3
|
||||||
, libsecret
|
, libsecret
|
||||||
, libhandy
|
, libadwaita
|
||||||
, wrapGAppsHook
|
, wrapGAppsHook4
|
||||||
, libgpg-error
|
, libgpg-error
|
||||||
, json-glib
|
, json-glib
|
||||||
, duplicity
|
, duplicity
|
||||||
|
@ -21,14 +21,14 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "deja-dup";
|
pname = "deja-dup";
|
||||||
version = "42.8";
|
version = "43.2";
|
||||||
|
|
||||||
src = fetchFromGitLab {
|
src = fetchFromGitLab {
|
||||||
domain = "gitlab.gnome.org";
|
domain = "gitlab.gnome.org";
|
||||||
owner = "World";
|
owner = "World";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "sha256-DkRqZAj47wzt4lDvhAbO0PYcRA7oHEo2k69IMLOD3Ps=";
|
sha256 = "sha256-iFrPx/m/nTdm7xVVd1SZh5QNpSqI+TCbMfx0/jLgc1c=";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches = [
|
patches = [
|
||||||
|
@ -45,15 +45,15 @@ stdenv.mkDerivation rec {
|
||||||
vala
|
vala
|
||||||
gettext
|
gettext
|
||||||
itstool
|
itstool
|
||||||
wrapGAppsHook
|
wrapGAppsHook4
|
||||||
];
|
];
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
libsoup
|
libsoup_3
|
||||||
glib
|
glib
|
||||||
gtk3
|
gtk4
|
||||||
libsecret
|
libsecret
|
||||||
libhandy
|
libadwaita
|
||||||
libgpg-error
|
libgpg-error
|
||||||
json-glib
|
json-glib
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
--- a/libdeja/tools/duplicity/DuplicityInstance.vala
|
--- a/libdeja/duplicity/DuplicityInstance.vala
|
||||||
+++ b/libdeja/tools/duplicity/DuplicityInstance.vala
|
+++ b/libdeja/duplicity/DuplicityInstance.vala
|
||||||
@@ -159,7 +159,7 @@
|
@@ -114,7 +114,7 @@ internal class DuplicityInstance : Object
|
||||||
// We already are pretty sure we don't have other duplicities in our
|
// We already are pretty sure we don't have other duplicities in our
|
||||||
// archive directories, because we use our own and we ensure we only have
|
// archive directories, because we use our own and we ensure we only have
|
||||||
// one deja-dup running at a time via DBus.
|
// one deja-dup running at a time via DBus.
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
version = "0.13.0.0";
|
version = "0.14.1.0";
|
||||||
in
|
in
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
pname = "aeon";
|
pname = "aeon";
|
||||||
|
@ -15,7 +15,7 @@ stdenv.mkDerivation {
|
||||||
repo = "aeon";
|
repo = "aeon";
|
||||||
rev = "v${version}-aeon";
|
rev = "v${version}-aeon";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
sha256 = "07d87n1j4dc9gfwj6xy5jdpryn45095xdh961g6xjnjzc5fivjch";
|
sha256 = "sha256-yej4w/2m9YXsMobqHwzA5GBbduhaeTVvmnHUJNWX87E=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake pkg-config git doxygen graphviz ];
|
nativeBuildInputs = [ cmake pkg-config git doxygen graphviz ];
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "ergo";
|
pname = "ergo";
|
||||||
version = "4.0.20.1";
|
version = "4.0.23";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
|
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
|
||||||
sha256 = "sha256-uKt0TNKcqiXiT5MnsguU5fTdUyFgV7Km5KjrFS/7tws=";
|
sha256 = "sha256-ZpBTfL8ghLOo8C9yDUfKelblpIlwdVAOgYVvqmxJQXo=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
|
@ -2,16 +2,16 @@
|
||||||
|
|
||||||
buildGoModule rec {
|
buildGoModule rec {
|
||||||
pname = "erigon";
|
pname = "erigon";
|
||||||
version = "2021.09.04";
|
version = "2022.01.02";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "ledgerwatch";
|
owner = "ledgerwatch";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "0l0w1badhvlh1rgqzvlmy5k7xhb1nf4f5dmhkl935a5ila08aak3";
|
sha256 = "sha256-PzLFwpLKPMV9J2+hqwFppdrFvGxyWpSzYDiQTWZXKco=";
|
||||||
};
|
};
|
||||||
|
|
||||||
vendorSha256 = "sha256-i8BaT9C39tmHU3GGgd0hUB1PHXnoAdNYRIqZA1ggbjQ=";
|
vendorSha256 = "sha256-YslMHpc3ApPiZOhNZrKoLaQcUWZwj7WLxmzYFyThnRo=";
|
||||||
proxyVendor = true;
|
proxyVendor = true;
|
||||||
|
|
||||||
# Build errors in mdbx when format hardening is enabled:
|
# Build errors in mdbx when format hardening is enabled:
|
||||||
|
|
|
@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core, libxkbcommon, mesa }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "exodus";
|
pname = "exodus";
|
||||||
version = "21.10.25";
|
version = "21.12.3";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
|
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
|
||||||
sha256 = "a85ddda4e73dfadddbb77cf9bc84c30fc6b893ead46367d702976bbf4da5afa4";
|
sha256 = "sha256-8Jgg9OxptkhD1SBjVBoklHQVCUOO+EePWnyEajqlivE=";
|
||||||
};
|
};
|
||||||
|
|
||||||
sourceRoot = ".";
|
sourceRoot = ".";
|
||||||
|
|
|
@ -9,16 +9,16 @@ let
|
||||||
|
|
||||||
in buildGoModule rec {
|
in buildGoModule rec {
|
||||||
pname = "go-ethereum";
|
pname = "go-ethereum";
|
||||||
version = "1.10.15";
|
version = "1.10.16";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "ethereum";
|
owner = "ethereum";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "0f6n9rg42ph47mvykc9f0lf99yzwqy4jm7mlzyks4l6i6fl1g3q1";
|
sha256 = "sha256-l+hxAUw55d9MYLIUdF6qSEIelJQYRCvHyw1yuossmyA=";
|
||||||
};
|
};
|
||||||
|
|
||||||
vendorSha256 = "1s5yfpk2yn7f3zwjl2fdrh6c63ki2b8rlmnlss27yxibsidaj0yd";
|
vendorSha256 = "sha256-keeox2d2WEzY9ynEcovPaU95YzVQlbTu1i7PLpjkjZU=";
|
||||||
|
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
|
|
|
@ -2,12 +2,12 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
pname = "ledger-live-desktop";
|
pname = "ledger-live-desktop";
|
||||||
version = "2.38.2";
|
version = "2.38.3";
|
||||||
name = "${pname}-${version}";
|
name = "${pname}-${version}";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage";
|
url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage";
|
||||||
hash = "sha256-k6Rbxpe5BpRmlE+WL7iiFUtRCs5KlrLH2c3iSucUhqo=";
|
hash = "sha256-svNsVdenolrfMGKJvB/8HQMq08Ov5Oe5QooI1jFAcbI=";
|
||||||
};
|
};
|
||||||
|
|
||||||
appimageContents = appimageTools.extractType2 {
|
appimageContents = appimageTools.extractType2 {
|
||||||
|
|
|
@ -4,21 +4,48 @@
|
||||||
, llvmPackages
|
, llvmPackages
|
||||||
, protobuf
|
, protobuf
|
||||||
, rustPlatform
|
, rustPlatform
|
||||||
|
, writeShellScriptBin
|
||||||
}:
|
}:
|
||||||
rustPlatform.buildRustPackage rec {
|
rustPlatform.buildRustPackage rec {
|
||||||
pname = "polkadot";
|
pname = "polkadot";
|
||||||
version = "0.9.14";
|
version = "0.9.16";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "paritytech";
|
owner = "paritytech";
|
||||||
repo = "polkadot";
|
repo = "polkadot";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-SCi+hpdMUTX1NLF1RUce0d/2G19sVfJ5IsmM1xcAUKo=";
|
sha256 = "sha256-NXuYUmo80rrBZCcuISKon48SKyyJrkzCEhggxaJNfBM=";
|
||||||
|
|
||||||
|
# see the comment below on fakeGit for how this is used
|
||||||
|
leaveDotGit = true;
|
||||||
|
postFetch = ''
|
||||||
|
( cd $out; git rev-parse --short HEAD > .git_commit )
|
||||||
|
rm -rf $out/.git
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
cargoSha256 = "sha256-ZcIsbMI96qX0LLJXmkCRS9g40ccZOH/upPbAA7XEZIw=";
|
cargoSha256 = "sha256-PIORMTzQbMdlrKwuF4MiGrLlg2nQpgLRsaHHeiCbqrg=";
|
||||||
|
|
||||||
nativeBuildInputs = [ clang ];
|
nativeBuildInputs =
|
||||||
|
let
|
||||||
|
# the build process of polkadot requires a .git folder in order to determine
|
||||||
|
# the git commit hash that is being built and add it to the version string.
|
||||||
|
# since having a .git folder introduces reproducibility issues to the nix
|
||||||
|
# build, we check the git commit hash after fetching the source and save it
|
||||||
|
# into a .git_commit file, and then delete the .git folder. then we create a
|
||||||
|
# fake git command that will just return the contents of this file, which will
|
||||||
|
# be used when the polkadot build calls `git rev-parse` to fetch the commit
|
||||||
|
# hash.
|
||||||
|
fakeGit = writeShellScriptBin "git" ''
|
||||||
|
if [[ $@ = "rev-parse --short HEAD" ]]; then
|
||||||
|
cat /build/source/.git_commit
|
||||||
|
else
|
||||||
|
>&2 echo "Unknown command: $@"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
[ clang fakeGit ];
|
||||||
|
|
||||||
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
|
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
|
||||||
PROTOC = "${protobuf}/bin/protoc";
|
PROTOC = "${protobuf}/bin/protoc";
|
||||||
|
|
|
@ -10,16 +10,16 @@
|
||||||
}:
|
}:
|
||||||
rustPlatform.buildRustPackage rec {
|
rustPlatform.buildRustPackage rec {
|
||||||
pname = "snarkos";
|
pname = "snarkos";
|
||||||
version = "unstable-2021-01-21";
|
version = "2.0.2";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "AleoHQ";
|
owner = "AleoHQ";
|
||||||
repo = "snarkOS";
|
repo = "snarkOS";
|
||||||
rev = "7068dc0394139c887f5187288ca2af54bc729614";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-fgdIJX/Ep3amPAjo00BtNGSXhaItw41S1XliDXk6b7k=";
|
sha256 = "sha256-sS8emB+uhWuoq5ISuT8FgSSzX7/WDoOY8hHzPE/EX3o=";
|
||||||
};
|
};
|
||||||
|
|
||||||
cargoSha256 = "sha256-bax7cnqVY49rdcWs73+KqW+dzPebKLlsbPvOM1d25zA=";
|
cargoSha256 = "sha256-XS6dw6BIoJdigEso/J1dUaAp7AIAda3HrKnCoBynRv8=";
|
||||||
|
|
||||||
# buildAndTestSubdir = "cli";
|
# buildAndTestSubdir = "cli";
|
||||||
|
|
||||||
|
|
|
@ -1,104 +0,0 @@
|
||||||
{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper, makeDesktopItem
|
|
||||||
, nodejs, yarn, electron_7, jre8, tor }:
|
|
||||||
|
|
||||||
let
|
|
||||||
system = stdenv.hostPlatform.system;
|
|
||||||
electron = electron_7;
|
|
||||||
|
|
||||||
in stdenv.mkDerivation rec {
|
|
||||||
pname = "whirlpool-gui";
|
|
||||||
version = "0.10.1";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "Samourai-Wallet";
|
|
||||||
repo = pname;
|
|
||||||
rev = version;
|
|
||||||
sha256 = "ru6WJQRulhnQCPY2E0x9M6xXtFdj/pg2fu4HpQxhImU=";
|
|
||||||
};
|
|
||||||
|
|
||||||
yarnCache = stdenv.mkDerivation {
|
|
||||||
name = "${pname}-${version}-${system}-yarn-cache";
|
|
||||||
inherit src;
|
|
||||||
dontInstall = true;
|
|
||||||
nativeBuildInputs = [ yarn ];
|
|
||||||
buildPhase = ''
|
|
||||||
export HOME=$NIX_BUILD_ROOT
|
|
||||||
|
|
||||||
yarn config set yarn-offline-mirror $out
|
|
||||||
yarn --frozen-lockfile --ignore-scripts --ignore-platform \
|
|
||||||
--ignore-engines --no-progress --non-interactive
|
|
||||||
'';
|
|
||||||
|
|
||||||
outputHashMode = "recursive";
|
|
||||||
outputHashAlgo = "sha256";
|
|
||||||
outputHash = {
|
|
||||||
x86_64-linux = "6fl4cSwHXWgQcYlqxCae0p1Ppcb9fI5fFrxm7y6wxTo=";
|
|
||||||
}.${system} or (throw "Unsupported platform ${system}");
|
|
||||||
};
|
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper nodejs yarn ];
|
|
||||||
|
|
||||||
configurePhase = ''
|
|
||||||
# Yarn and bundler wants a real home directory to write cache, config, etc to
|
|
||||||
export HOME=$NIX_BUILD_ROOT
|
|
||||||
|
|
||||||
# Make yarn install packages from our offline cache, not the registry
|
|
||||||
yarn config --offline set yarn-offline-mirror ${yarnCache}
|
|
||||||
'';
|
|
||||||
|
|
||||||
buildPhase = ''
|
|
||||||
yarn install --offline --ignore-scripts --frozen-lockfile --no-progress --non-interactive
|
|
||||||
|
|
||||||
patchShebangs node_modules/
|
|
||||||
|
|
||||||
yarn build
|
|
||||||
'';
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/{bin,share,libexec/whirlpool-gui/app}
|
|
||||||
|
|
||||||
# install production dependencies
|
|
||||||
yarn install \
|
|
||||||
--offline --frozen-lockfile --ignore-scripts \
|
|
||||||
--no-progress --non-interactive \
|
|
||||||
--production --no-bin-links \
|
|
||||||
--modules-folder $out/libexec/whirlpool-gui/node_modules
|
|
||||||
|
|
||||||
# copy application
|
|
||||||
cp -r app/{dist,app.html,main.prod.js,main.prod.js.map,img} $out/libexec/whirlpool-gui/app
|
|
||||||
cp -r package.json resources $out/libexec/whirlpool-gui
|
|
||||||
|
|
||||||
# make desktop item
|
|
||||||
ln -s "${desktopItem}/share/applications" "$out/share/applications"
|
|
||||||
|
|
||||||
# wrap electron
|
|
||||||
makeWrapper '${electron}/bin/electron' "$out/bin/whirlpool-gui" \
|
|
||||||
--add-flags "$out/libexec/whirlpool-gui" \
|
|
||||||
--prefix PATH : "${jre8}/bin:${tor}/bin"
|
|
||||||
'';
|
|
||||||
|
|
||||||
desktopItem = makeDesktopItem {
|
|
||||||
name = "whirlpool-gui";
|
|
||||||
exec = "whirlpool-gui";
|
|
||||||
icon = "whirlpool-gui";
|
|
||||||
desktopName = "Whirlpool";
|
|
||||||
genericName = "Whirlpool";
|
|
||||||
comment = meta.description;
|
|
||||||
categories = "Network;";
|
|
||||||
extraEntries = ''
|
|
||||||
StartupWMClass=whrilpool-gui
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
passthru.prefetchYarnCache = lib.overrideDerivation yarnCache (d: {
|
|
||||||
outputHash = lib.fakeSha256;
|
|
||||||
});
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "Desktop GUI for Whirlpool by Samourai-Wallet";
|
|
||||||
homepage = "https://www.samouraiwallet.com/whirlpool";
|
|
||||||
license = licenses.unlicense;
|
|
||||||
maintainers = [ maintainers.offline ];
|
|
||||||
platforms = [ "x86_64-linux" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -5,13 +5,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "bonzomatic";
|
pname = "bonzomatic";
|
||||||
version = "2021-03-07";
|
version = "2022-02-05";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "Gargaj";
|
owner = "Gargaj";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "0gbh7kj7irq2hyvlzjgbs9fcns9kamz7g5p6msv12iw75z9yi330";
|
sha256 = "sha256-y0zNluIDxms+Lpg7yBiEJNNyxx5TLaSiWBKXjqXiVJg=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake makeWrapper ];
|
nativeBuildInputs = [ cmake makeWrapper ];
|
||||||
|
|
|
@ -741,10 +741,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "corfu";
|
pname = "corfu";
|
||||||
ename = "corfu";
|
ename = "corfu";
|
||||||
version = "0.18";
|
version = "0.19";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/corfu-0.18.tar";
|
url = "https://elpa.gnu.org/packages/corfu-0.19.tar";
|
||||||
sha256 = "1g1b05wc9qql5qw3diprx0ay2rmq7963gdgyh7bi5i0xlfaspbgi";
|
sha256 = "0jilhsddzjm0is7kqdklpr2ih50k2c3sik2i9vlgcizxqaqss97c";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1236,10 +1236,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "eev";
|
pname = "eev";
|
||||||
ename = "eev";
|
ename = "eev";
|
||||||
version = "20220120";
|
version = "20220212";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/eev-20220120.tar";
|
url = "https://elpa.gnu.org/packages/eev-20220212.tar";
|
||||||
sha256 = "0wbm7bd48vl66vhraqfwycz989hd36whris1xa5rbhfbxgz2d1sx";
|
sha256 = "1w04jwh8y6l1fgx6sahwj9znw9cm83a1lld5vdgnbsww2m5nk8zm";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1339,10 +1339,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "elisp-benchmarks";
|
pname = "elisp-benchmarks";
|
||||||
ename = "elisp-benchmarks";
|
ename = "elisp-benchmarks";
|
||||||
version = "1.13";
|
version = "1.14";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/elisp-benchmarks-1.13.tar";
|
url = "https://elpa.gnu.org/packages/elisp-benchmarks-1.14.tar";
|
||||||
sha256 = "13gvljqj7k8qpyn9fcwa6gl3kqakiy5rqx5s3afdc2y356a06wr6";
|
sha256 = "1n9p4kl4d5rcbjgl8yifv0nqnrzxsx937fm0d2j589gg28rzlqpb";
|
||||||
};
|
};
|
||||||
packageRequires = [];
|
packageRequires = [];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1594,10 +1594,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "flymake";
|
pname = "flymake";
|
||||||
ename = "flymake";
|
ename = "flymake";
|
||||||
version = "1.2.1";
|
version = "1.2.2";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/flymake-1.2.1.tar";
|
url = "https://elpa.gnu.org/packages/flymake-1.2.2.tar";
|
||||||
sha256 = "1j4j1mxqvkpdccrm5khykmdpm8z9p0pxvnsw4cz9b76xzfdzy5pz";
|
sha256 = "04pa6mayyqrhrijk0rmmrd7k7al9caqyrb5qzkzwbna9ykb1j4zp";
|
||||||
};
|
};
|
||||||
packageRequires = [ eldoc emacs project ];
|
packageRequires = [ eldoc emacs project ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -2216,7 +2216,7 @@
|
||||||
version = "1.0.15";
|
version = "1.0.15";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/jsonrpc-1.0.15.tar";
|
url = "https://elpa.gnu.org/packages/jsonrpc-1.0.15.tar";
|
||||||
sha256 = "1hx378rg12jz2zm105cvrqk0nqyzsn04l59d903l98d6lbd96rsw";
|
sha256 = "0biwvkvd48xqvigzs00yz4mk847xzyzm7p0lkns58fxph9nkg4h5";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -2426,7 +2426,7 @@
|
||||||
version = "3.2.1";
|
version = "3.2.1";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/map-3.2.1.tar";
|
url = "https://elpa.gnu.org/packages/map-3.2.1.tar";
|
||||||
sha256 = "1vy231m2fm5cgz5nib14ib7ifprajhnbmzf6x4id48h2491m1n24";
|
sha256 = "1zj0y3nvkrd2v43za214xr3h9z6wyp7r5s6nf5g1pj272yb871d1";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -2483,10 +2483,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "mct";
|
pname = "mct";
|
||||||
ename = "mct";
|
ename = "mct";
|
||||||
version = "0.4.2";
|
version = "0.5.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/mct-0.4.2.tar";
|
url = "https://elpa.gnu.org/packages/mct-0.5.0.tar";
|
||||||
sha256 = "0as8298mb136az555zag5q3xvc7d0z508d3siii60wmzs9dyb8dx";
|
sha256 = "0yv0hqkyh5vpmf5i50fdc2rw3ssvrd9pn3n65v3gmb195gzmn6r9";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -2625,7 +2625,7 @@
|
||||||
version = "2.0.0";
|
version = "2.0.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/modus-themes-2.0.0.tar";
|
url = "https://elpa.gnu.org/packages/modus-themes-2.0.0.tar";
|
||||||
sha256 = "16kvkm7hsdk6jfdjkzafwdkwwri7cqki29qxqqhzkpwwghqlissl";
|
sha256 = "15d1ywj8k4yh57arzv7z2ir49gf2j7a80pscrfgxsypnyl2dkkfa";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -3021,6 +3021,21 @@
|
||||||
license = lib.licenses.free;
|
license = lib.licenses.free;
|
||||||
};
|
};
|
||||||
}) {};
|
}) {};
|
||||||
|
org-remark = callPackage ({ elpaBuild, emacs, fetchurl, lib, org }:
|
||||||
|
elpaBuild {
|
||||||
|
pname = "org-remark";
|
||||||
|
ename = "org-remark";
|
||||||
|
version = "1.0.2";
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://elpa.gnu.org/packages/org-remark-1.0.2.tar";
|
||||||
|
sha256 = "12g9kmr0gfs1pi1410akvcaiax0dswbw09sgqbib58mikb3074nv";
|
||||||
|
};
|
||||||
|
packageRequires = [ emacs org ];
|
||||||
|
meta = {
|
||||||
|
homepage = "https://elpa.gnu.org/packages/org-remark.html";
|
||||||
|
license = lib.licenses.free;
|
||||||
|
};
|
||||||
|
}) {};
|
||||||
org-transclusion = callPackage ({ elpaBuild, emacs, fetchurl, lib, org }:
|
org-transclusion = callPackage ({ elpaBuild, emacs, fetchurl, lib, org }:
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "org-transclusion";
|
pname = "org-transclusion";
|
||||||
|
@ -3145,10 +3160,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "parser-generator";
|
pname = "parser-generator";
|
||||||
ename = "parser-generator";
|
ename = "parser-generator";
|
||||||
version = "0.1.3";
|
version = "0.1.4";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/parser-generator-0.1.3.tar";
|
url = "https://elpa.gnu.org/packages/parser-generator-0.1.4.tar";
|
||||||
sha256 = "13ssmdlni9ma6iafr4zwa2jlmq6rdlaafkdpli1a4jrk6ri6w996";
|
sha256 = "0712y22cl6i98jlhmsm436v0mlmscbypc15sdkn704a491ipq2qj";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -3268,7 +3283,7 @@
|
||||||
version = "0.8.1";
|
version = "0.8.1";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/project-0.8.1.tar";
|
url = "https://elpa.gnu.org/packages/project-0.8.1.tar";
|
||||||
sha256 = "1x3zkbjsi04v5ny3yxqrb75vcacrj9kxmpm9mvkp0n07j5g34f68";
|
sha256 = "0q2js8qihlhchpx2mx0f992ygslsqri2q4iv8kcl4fx31lpp7c1k";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs xref ];
|
packageRequires = [ emacs xref ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -3343,7 +3358,7 @@
|
||||||
version = "0.28";
|
version = "0.28";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/python-0.28.tar";
|
url = "https://elpa.gnu.org/packages/python-0.28.tar";
|
||||||
sha256 = "1pvhsdjla1rvw223h7irmbzzsrixnpy1rsskiq9xmkpkc688b6pm";
|
sha256 = "1kc596b8bbcp8y87kqyxsv3bblz8l0vyc0d645ayb1cmwwvk35d5";
|
||||||
};
|
};
|
||||||
packageRequires = [ cl-lib emacs ];
|
packageRequires = [ cl-lib emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -3802,7 +3817,6 @@
|
||||||
license = lib.licenses.free;
|
license = lib.licenses.free;
|
||||||
};
|
};
|
||||||
}) {};
|
}) {};
|
||||||
# removed duplicated shell-command-plus
|
|
||||||
shell-command-plus = callPackage ({ elpaBuild, emacs, fetchurl, lib }:
|
shell-command-plus = callPackage ({ elpaBuild, emacs, fetchurl, lib }:
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "shell-command-plus";
|
pname = "shell-command-plus";
|
||||||
|
@ -3945,7 +3959,7 @@
|
||||||
version = "1.1.2";
|
version = "1.1.2";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/so-long-1.1.2.tar";
|
url = "https://elpa.gnu.org/packages/so-long-1.1.2.tar";
|
||||||
sha256 = "053msvy2pyispwg4zzpaczfkl6rvnwfklm4jdsbjhqm0kx4vlcs9";
|
sha256 = "0gb5ypl9phhv8sx7akw9xn7njfq86yqngixhxf8qj1fxp57gfpdb";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -3964,7 +3978,7 @@
|
||||||
version = "3.2.1";
|
version = "3.2.1";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/soap-client-3.2.1.tar";
|
url = "https://elpa.gnu.org/packages/soap-client-3.2.1.tar";
|
||||||
sha256 = "0ajv6l1p8dinnlybwzvv4c2i6291is6isjxb2h4apg27g66qbcki";
|
sha256 = "0v3aj059cvfv5yc9fx8naq8ygphlpbasc1nksgfim8iyk9wg7l3n";
|
||||||
};
|
};
|
||||||
packageRequires = [ cl-lib emacs ];
|
packageRequires = [ cl-lib emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -4549,7 +4563,7 @@
|
||||||
version = "2021.10.14.127365406";
|
version = "2021.10.14.127365406";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/verilog-mode-2021.10.14.127365406.tar";
|
url = "https://elpa.gnu.org/packages/verilog-mode-2021.10.14.127365406.tar";
|
||||||
sha256 = "0d842dwg98srv73nkg69c7x24rw20mxgqmb4k1qcbl02bwxkfmsm";
|
sha256 = "1v0ld310rs86vzmlw7phv1b5p59faqs9wg4p8jpbnb9ap9lwidnl";
|
||||||
};
|
};
|
||||||
packageRequires = [];
|
packageRequires = [];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -4734,10 +4748,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "which-key";
|
pname = "which-key";
|
||||||
ename = "which-key";
|
ename = "which-key";
|
||||||
version = "3.5.1";
|
version = "3.6.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/which-key-3.5.1.tar";
|
url = "https://elpa.gnu.org/packages/which-key-3.6.0.tar";
|
||||||
sha256 = "187cssvqpd0wj01rgd19pp1k6aj9m2n5fdqznkga6w1h6cb5cm2b";
|
sha256 = "05wy147734mlpzwwxdhidnsplrz2vzs1whczzs4jw1i7kp7jvy3v";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -4892,7 +4906,7 @@
|
||||||
version = "1.3.2";
|
version = "1.3.2";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.gnu.org/packages/xref-1.3.2.tar";
|
url = "https://elpa.gnu.org/packages/xref-1.3.2.tar";
|
||||||
sha256 = "13bsaxdxwn14plaam0hsrswngh3rm2k29v5ybjgjyjy4d5vwz78j";
|
sha256 = "1bwvli2d6d06gh004hnbbwy6rkn0jv1d1s7slfladqjjdkpjvpzd";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
|
|
@ -454,10 +454,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "elpher";
|
pname = "elpher";
|
||||||
ename = "elpher";
|
ename = "elpher";
|
||||||
version = "3.3.1";
|
version = "3.3.2";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/elpher-3.3.1.tar";
|
url = "https://elpa.nongnu.org/nongnu/elpher-3.3.2.tar";
|
||||||
sha256 = "056z3ryj2288wgl8h4b33v9hybm8n2kfrqyb22bmlq1npcixyjl7";
|
sha256 = "1w34agw5qfgbpk6s2bllvgkj4wm1rlcyn33yfgj2xr4a5gfcs30a";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -752,10 +752,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "geiser-gambit";
|
pname = "geiser-gambit";
|
||||||
ename = "geiser-gambit";
|
ename = "geiser-gambit";
|
||||||
version = "0.17";
|
version = "0.18.1";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/geiser-gambit-0.17.tar";
|
url = "https://elpa.nongnu.org/nongnu/geiser-gambit-0.18.1.tar";
|
||||||
sha256 = "12r9h1dl0y9j421v0idvr9ljj93962xfrs0nff5lmx5z1cayq456";
|
sha256 = "03cv51war65yrg5qswwlx755byn2nlm1qvbzqqminnidz64kfd3v";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs geiser ];
|
packageRequires = [ emacs geiser ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1039,31 +1039,31 @@
|
||||||
license = lib.licenses.free;
|
license = lib.licenses.free;
|
||||||
};
|
};
|
||||||
}) {};
|
}) {};
|
||||||
helm = callPackage ({ elpaBuild, fetchurl, lib }:
|
helm = callPackage ({ elpaBuild, fetchurl, helm-core, lib, popup }:
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "helm";
|
pname = "helm";
|
||||||
ename = "helm";
|
ename = "helm";
|
||||||
version = "3.8.3";
|
version = "3.8.4";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/helm-3.8.3.tar";
|
url = "https://elpa.nongnu.org/nongnu/helm-3.8.4.tar";
|
||||||
sha256 = "00qjcv4qxjw50zp5dzvn79c0xpyla4h41fxkr2jjszq6qzgd92cv";
|
sha256 = "0yc7ijap3g68w7npgwymzlp5bcawk3lhnp0004m03zfdbxhmkq0z";
|
||||||
};
|
};
|
||||||
packageRequires = [];
|
packageRequires = [ helm-core popup ];
|
||||||
meta = {
|
meta = {
|
||||||
homepage = "https://elpa.gnu.org/packages/helm.html";
|
homepage = "https://elpa.gnu.org/packages/helm.html";
|
||||||
license = lib.licenses.free;
|
license = lib.licenses.free;
|
||||||
};
|
};
|
||||||
}) {};
|
}) {};
|
||||||
helm-core = callPackage ({ elpaBuild, fetchurl, lib }:
|
helm-core = callPackage ({ async, elpaBuild, emacs, fetchurl, lib }:
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "helm-core";
|
pname = "helm-core";
|
||||||
ename = "helm-core";
|
ename = "helm-core";
|
||||||
version = "3.8.3";
|
version = "3.8.4";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/helm-core-3.8.3.tar";
|
url = "https://elpa.nongnu.org/nongnu/helm-core-3.8.4.tar";
|
||||||
sha256 = "11ggn1fmi8wbg2igs5lqppyccgpz8kyfzl17wqkr5xy69lr1jn5g";
|
sha256 = "0a1liapy345nlqjgxbzad0mkdbs4g6619cqplwiyh89x0lm0jprx";
|
||||||
};
|
};
|
||||||
packageRequires = [];
|
packageRequires = [ async emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
homepage = "https://elpa.gnu.org/packages/helm-core.html";
|
homepage = "https://elpa.gnu.org/packages/helm-core.html";
|
||||||
license = lib.licenses.free;
|
license = lib.licenses.free;
|
||||||
|
@ -1126,10 +1126,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "iedit";
|
pname = "iedit";
|
||||||
ename = "iedit";
|
ename = "iedit";
|
||||||
version = "0.9.9.9";
|
version = "0.9.9.9.9";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/iedit-0.9.9.9.tar";
|
url = "https://elpa.nongnu.org/nongnu/iedit-0.9.9.9.9.tar";
|
||||||
sha256 = "1kwm7pa1x5dbn9irdrz9vg5zivrqx1w2ywrbpglk2lgd9kff0nsj";
|
sha256 = "1ic780gd7n2qrpbqr0vy62p7wsrskyvyr571m8m3j25fii8v8cxg";
|
||||||
};
|
};
|
||||||
packageRequires = [];
|
packageRequires = [];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1220,10 +1220,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "keycast";
|
pname = "keycast";
|
||||||
ename = "keycast";
|
ename = "keycast";
|
||||||
version = "1.1.3";
|
version = "1.2.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/keycast-1.1.3.tar";
|
url = "https://elpa.nongnu.org/nongnu/keycast-1.2.0.tar";
|
||||||
sha256 = "0b4vyaxqdw11ai81vnvif8i02jcaf5hk64kbb7bs90527zwz2fw0";
|
sha256 = "0iiksz8lcz9y5yplw455v2zgvq2jz6jc2ic3ybax10v3wgxnhiad";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1325,10 +1325,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "markdown-mode";
|
pname = "markdown-mode";
|
||||||
ename = "markdown-mode";
|
ename = "markdown-mode";
|
||||||
version = "2.4";
|
version = "2.5";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/markdown-mode-2.4.tar";
|
url = "https://elpa.nongnu.org/nongnu/markdown-mode-2.5.tar";
|
||||||
sha256 = "002nvc2p7jzznr743znbml3vj8a3kvdd89rlbi28f5ha14g2567z";
|
sha256 = "195p4bz2k5rs6222pfxv6rk2r22snx33gvc1x3rs020lacppbhik";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1604,10 +1604,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "orgit";
|
pname = "orgit";
|
||||||
ename = "orgit";
|
ename = "orgit";
|
||||||
version = "1.7.2";
|
version = "1.8.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/orgit-1.7.2.tar";
|
url = "https://elpa.nongnu.org/nongnu/orgit-1.8.0.tar";
|
||||||
sha256 = "1kf72l8h3wqgnrchy6wvhm3nmc9drh82yw5211f4xgg2ckr60rn1";
|
sha256 = "03qjhiv3smnpjciz5sfri7v5gzgcnk5g0lhgm06flqnarfrrkn1h";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs magit org ];
|
packageRequires = [ emacs magit org ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1640,10 +1640,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "parseclj";
|
pname = "parseclj";
|
||||||
ename = "parseclj";
|
ename = "parseclj";
|
||||||
version = "1.0.6";
|
version = "1.1.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/parseclj-1.0.6.tar";
|
url = "https://elpa.nongnu.org/nongnu/parseclj-1.1.0.tar";
|
||||||
sha256 = "0cs6a394pll9sl8ybpsygg9mkznpz119f8hjgw3n7mgkwfc5a30k";
|
sha256 = "0h6fia59crqb1y83a04sjlhlpm6349s6c14zsiqsfi73m97dli6p";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -1655,10 +1655,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "parseedn";
|
pname = "parseedn";
|
||||||
ename = "parseedn";
|
ename = "parseedn";
|
||||||
version = "1.0.6";
|
version = "1.1.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/parseedn-1.0.6.tar";
|
url = "https://elpa.nongnu.org/nongnu/parseedn-1.1.0.tar";
|
||||||
sha256 = "1274pr91hcrvy4srdy2dw14hbcg2qy24z4klx6mashgzb1r42n3d";
|
sha256 = "1by9cy7pn12124vbg59c9qmn2k8v5dbqq4c8if81fclrccjqhrz4";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs map parseclj ];
|
packageRequires = [ emacs map parseclj ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -2009,10 +2009,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "subed";
|
pname = "subed";
|
||||||
ename = "subed";
|
ename = "subed";
|
||||||
version = "1.0.2";
|
version = "1.0.3";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/subed-1.0.2.tar";
|
url = "https://elpa.nongnu.org/nongnu/subed-1.0.3.tar";
|
||||||
sha256 = "187ksczrqqzjnbvh8px3xvqyf38i7ac24z1qxzybd4vx2n071v64";
|
sha256 = "0wibakmp1lhfyr6sifb7f3jcqp2s5sy0z37ad9n1n9rhj5q8yhzg";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -2146,6 +2146,21 @@
|
||||||
license = lib.licenses.free;
|
license = lib.licenses.free;
|
||||||
};
|
};
|
||||||
}) {};
|
}) {};
|
||||||
|
typescript-mode = callPackage ({ elpaBuild, emacs, fetchurl, lib }:
|
||||||
|
elpaBuild {
|
||||||
|
pname = "typescript-mode";
|
||||||
|
ename = "typescript-mode";
|
||||||
|
version = "0.4";
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://elpa.nongnu.org/nongnu/typescript-mode-0.4.tar";
|
||||||
|
sha256 = "1102c35w2b66q5acvhsk6yigzhp6n3rl0s28xnvb74ansk4rz35k";
|
||||||
|
};
|
||||||
|
packageRequires = [ emacs ];
|
||||||
|
meta = {
|
||||||
|
homepage = "https://elpa.gnu.org/packages/typescript-mode.html";
|
||||||
|
license = lib.licenses.free;
|
||||||
|
};
|
||||||
|
}) {};
|
||||||
ujelly-theme = callPackage ({ elpaBuild, fetchurl, lib }:
|
ujelly-theme = callPackage ({ elpaBuild, fetchurl, lib }:
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "ujelly-theme";
|
pname = "ujelly-theme";
|
||||||
|
@ -2245,10 +2260,10 @@
|
||||||
elpaBuild {
|
elpaBuild {
|
||||||
pname = "with-editor";
|
pname = "with-editor";
|
||||||
ename = "with-editor";
|
ename = "with-editor";
|
||||||
version = "3.1.1";
|
version = "3.2.0";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://elpa.nongnu.org/nongnu/with-editor-3.1.1.tar";
|
url = "https://elpa.nongnu.org/nongnu/with-editor-3.2.0.tar";
|
||||||
sha256 = "175k68mr0n3v5l3gbv2fsdfznm9yjy32l3ay6hj0d4c53kw76hvn";
|
sha256 = "1rsggbhkngzbcmg3076jbi1sfkzz8p4s5i00sk0ywc6vkmsp6s1k";
|
||||||
};
|
};
|
||||||
packageRequires = [ emacs ];
|
packageRequires = [ emacs ];
|
||||||
meta = {
|
meta = {
|
||||||
|
|
File diff suppressed because it is too large
Load diff
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue