Project import generated by Copybara.

GitOrigin-RevId: c7d0dbe094c988209edac801eb2a0cc21aa498d8
This commit is contained in:
Default email 2021-02-22 21:28:39 +00:00
parent e6c0cdc415
commit 86f042a55b
294 changed files with 7506 additions and 3900 deletions

View file

@ -31,6 +31,8 @@ Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `sha25
Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`.
Additionally the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
## `fetchfossil`
Used with Fossil. Expects `url` to a Fossil archive, `rev`, and `sha256`.
@ -49,6 +51,8 @@ A number of fetcher functions wrap part of `fetchurl` and `fetchzip`. They are m
`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `sha256` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but `sha256` is currently preferred.
`fetchFromGitHub` uses `fetchzip` to download the source archive generated by GitHub for the specified revision. If `leaveDotGit`, `deepClone` or `fetchSubmodules` are set to `true`, `fetchFromGitHub` will use `fetchgit` instead. Refer to its section for documentation of these options.
## `fetchFromGitLab`
This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above.

View file

@ -19,7 +19,7 @@
<xi:include href="stdenv/meta.xml" />
<xi:include href="stdenv/multiple-output.xml" />
<xi:include href="stdenv/cross-compilation.chapter.xml" />
<xi:include href="stdenv/platform-notes.xml" />
<xi:include href="stdenv/platform-notes.chapter.xml" />
</part>
<part>
<title>Builders</title>

View file

@ -16,7 +16,7 @@ Nixpkgs follows the [conventions of GNU autoconf](https://gcc.gnu.org/onlinedocs
In Nixpkgs, these three platforms are defined as attribute sets under the names `buildPlatform`, `hostPlatform`, and `targetPlatform`. They are always defined as attributes in the standard environment. That means one can access them like:
```nix
{ stdenv, fooDep, barDep, .. }: ...stdenv.buildPlatform...
{ stdenv, fooDep, barDep, ... }: ...stdenv.buildPlatform...
```
`buildPlatform`
@ -99,15 +99,26 @@ Some examples will make this table clearer. Suppose there's some package that is
Some frequently encountered problems when packaging for cross-compilation should be answered here. Ideally, the information above is exhaustive, so this section cannot provide any new information, but it is ludicrous and cruel to expect everyone to spend effort working through the interaction of many features just to figure out the same answer to the same common problem. Feel free to add to this list!
#### My package fails to find a binutils command (`cc`/`ar`/`ld` etc.) {#cross-qa-fails-to-find-binutils}
Many packages assume that an unprefixed binutils (`cc`/`ar`/`ld` etc.) is available, but Nix doesn't provide one. It only provides a prefixed one, just as it only does for all the other binutils programs. It may be necessary to patch the package to fix the build system to use a prefix. For instance, instead of `cc`, use `${stdenv.cc.targetPrefix}cc`.
```nix
makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" ];
```
#### How do I avoid compiling a GCC cross-compiler from source? {#cross-qa-avoid-compiling-gcc-cross-compiler}
On less powerful machines, it can be inconvenient to cross-compile a package only to find out that GCC has to be compiled from source, which could take up to several hours. Nixpkgs maintains a limited [cross-related jobset on Hydra](https://hydra.nixos.org/jobset/nixpkgs/cross-trunk), which tests cross-compilation to various platforms from build platforms "x86\_64-darwin", "x86\_64-linux", and "aarch64-linux". See `pkgs/top-level/release-cross.nix` for the full list of target platforms and packages. For instance, the following invocation fetches the pre-built cross-compiled GCC for `armv6l-unknown-linux-gnueabihf` and builds GNU Hello from source.
```ShellSession
$ nix-build '<nixpkgs>' -A pkgsCross.raspberryPi.hello
```
#### What if my package's build system needs to build a C program to be run under the build environment? {#cross-qa-build-c-program-in-build-environment}
Add the following to your `mkDerivation` invocation.
```nix
depsBuildBuild = [ buildPackages.stdenv.cc ];
```
#### My package fails to find `ar`. {#cross-qa-fails-to-find-ar}
Many packages assume that an unprefixed `ar` is available, but Nix doesn't provide one. It only provides a prefixed one, just as it only does for all the other binutils programs. It may be necessary to patch the package to fix the build system to use a prefixed `ar`.
#### My package's testsuite needs to run host platform code. {#cross-testsuite-runs-host-code}
Add the following to your `mkDerivation` invocation.

View file

@ -0,0 +1,62 @@
# Platform Notes {#chap-platform-notes}
## Darwin (macOS) {#sec-darwin}
Some common issues when packaging software for Darwin:
- The Darwin `stdenv` uses clang instead of gcc. When referring to the compiler `$CC` or `cc` will work in both cases. Some builds hardcode gcc/g++ in their build scripts, that can usually be fixed with using something like `makeFlags = [ "CC=cc" ];` or by patching the build scripts.
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
buildPhase = ''
$CC -o hello hello.c
'';
}
```
- On Darwin, libraries are linked using absolute paths, libraries are resolved by their `install_name` at link time. Sometimes packages wont set this correctly causing the library lookups to fail at runtime. This can be fixed by adding extra linker flags or by running `install_name_tool -id` during the `fixupPhase`.
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
makeFlags = lib.optional stdenv.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
}
```
- Even if the libraries are linked using absolute paths and resolved via their `install_name` correctly, tests can sometimes fail to run binaries. This happens because the `checkPhase` runs before the libraries are installed.
This can usually be solved by running the tests after the `installPhase` or alternatively by using `DYLD_LIBRARY_PATH`. More information about this variable can be found in the *dyld(1)* manpage.
```
dyld: Library not loaded: /nix/store/7hnmbscpayxzxrixrgxvvlifzlxdsdir-jq-1.5-lib/lib/libjq.1.dylib
Referenced from: /private/tmp/nix-build-jq-1.5.drv-0/jq-1.5/tests/../jq
Reason: image not found
./tests/jqtest: line 5: 75779 Abort trap: 6
```
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
doInstallCheck = true;
installCheckTarget = "check";
}
```
- Some packages assume xcode is available and use `xcrun` to resolve build tools like `clang`, etc. This causes errors like `xcode-select: error: no developer tools were found at '/Applications/Xcode.app'` while the build doesnt actually depend on xcode.
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
prePatch = ''
substituteInPlace Makefile \
--replace '/usr/bin/xcrun clang' clang
'';
}
```
The package `xcbuild` can be used to build projects that really depend on Xcode. However, this replacement is not 100% compatible with Xcode and can occasionally cause issues.

View file

@ -1,83 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-platform-notes">
<title>Platform Notes</title>
<section xml:id="sec-darwin">
<title>Darwin (macOS)</title>
<para>
Some common issues when packaging software for Darwin:
</para>
<itemizedlist>
<listitem>
<para>
The Darwin <literal>stdenv</literal> uses clang instead of gcc. When referring to the compiler <varname>$CC</varname> or <command>cc</command> will work in both cases. Some builds hardcode gcc/g++ in their build scripts, that can usually be fixed with using something like <literal>makeFlags = [ "CC=cc" ];</literal> or by patching the build scripts.
</para>
<programlisting>
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
buildPhase = ''
$CC -o hello hello.c
'';
}
</programlisting>
</listitem>
<listitem>
<para>
On Darwin, libraries are linked using absolute paths, libraries are resolved by their <literal>install_name</literal> at link time. Sometimes packages won't set this correctly causing the library lookups to fail at runtime. This can be fixed by adding extra linker flags or by running <command>install_name_tool -id</command> during the <function>fixupPhase</function>.
</para>
<programlisting>
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
makeFlags = lib.optional stdenv.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
}
</programlisting>
</listitem>
<listitem>
<para>
Even if the libraries are linked using absolute paths and resolved via their <literal>install_name</literal> correctly, tests can sometimes fail to run binaries. This happens because the <varname>checkPhase</varname> runs before the libraries are installed.
</para>
<para>
This can usually be solved by running the tests after the <varname>installPhase</varname> or alternatively by using <varname>DYLD_LIBRARY_PATH</varname>. More information about this variable can be found in the <citerefentry>
<refentrytitle>dyld</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> manpage.
</para>
<programlisting>
dyld: Library not loaded: /nix/store/7hnmbscpayxzxrixrgxvvlifzlxdsdir-jq-1.5-lib/lib/libjq.1.dylib
Referenced from: /private/tmp/nix-build-jq-1.5.drv-0/jq-1.5/tests/../jq
Reason: image not found
./tests/jqtest: line 5: 75779 Abort trap: 6
</programlisting>
<programlisting>
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
doInstallCheck = true;
installCheckTarget = "check";
}
</programlisting>
</listitem>
<listitem>
<para>
Some packages assume xcode is available and use <command>xcrun</command> to resolve build tools like <command>clang</command>, etc. This causes errors like <code>xcode-select: error: no developer tools were found at '/Applications/Xcode.app'</code> while the build doesn't actually depend on xcode.
</para>
<programlisting>
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
prePatch = ''
substituteInPlace Makefile \
--replace '/usr/bin/xcrun clang' clang
'';
}
</programlisting>
<para>
The package <literal>xcbuild</literal> can be used to build projects that really depend on Xcode. However, this replacement is not 100% compatible with Xcode and can occasionally cause issues.
</para>
</listitem>
</itemizedlist>
</section>
</chapter>

View file

@ -82,6 +82,12 @@
githubId = 882455;
name = "Elliot Cameron";
};
_414owen = {
email = "owen@owen.cafe";
github = "414owen";
githubId = 1714287;
name = "Owen Shepherd";
};
_6AA4FD = {
email = "f6442954@gmail.com";
github = "6AA4FD";
@ -1597,12 +1603,6 @@
githubId = 89596;
name = "Florian Friesdorf";
};
charvp = {
email = "nixpkgs@cvpetegem.be";
github = "charvp";
githubId = 42220376;
name = "Charlotte Van Petegem";
};
chattered = {
email = "me@philscotted.com";
name = "Phil Scott";
@ -1711,6 +1711,12 @@
githubId = 2245737;
name = "Christopher Mark Poole";
};
chvp = {
email = "nixpkgs@cvpetegem.be";
github = "chvp";
githubId = 42220376;
name = "Charlotte Van Petegem";
};
ciil = {
email = "simon@lackerbauer.com";
github = "ciil";
@ -3291,6 +3297,12 @@
githubId = 10528737;
name = "Severin Fürbringer";
};
fufexan = {
email = "fufexan@protonmail.com";
github = "fufexan";
githubId = 36706276;
name = "Fufezan Mihai";
};
funfunctor = {
email = "eocallaghan@alterapraxis.com";
name = "Edward O'Callaghan";
@ -5890,6 +5902,12 @@
githubId = 22836301;
name = "Mateusz Mazur";
};
mbaeten = {
email = "mbaeten@users.noreply.github.com";
github = "mbaeten";
githubId = 2649304;
name = "M. Baeten";
};
mbakke = {
email = "mbakke@fastmail.com";
github = "mbakke";
@ -8319,6 +8337,12 @@
githubId = 2320433;
name = "Sam Boosalis";
};
sbruder = {
email = "nixos@sbruder.de";
github = "sbruder";
githubId = 15986681;
name = "Simon Bruder";
};
scalavision = {
email = "scalavision@gmail.com";
github = "scalavision";
@ -8878,7 +8902,7 @@
name = "Guillaume Loetscher";
};
sternenseemann = {
email = "post@lukasepple.de";
email = "sternenseemann@systemli.org";
github = "sternenseemann";
githubId = 3154475;
name = "Lukas Epple";
@ -9324,7 +9348,7 @@
name = "Jan Beinke";
};
thesola10 = {
email = "thesola10@bobile.fr";
email = "me@thesola.io";
github = "thesola10";
githubId = 7287268;
keys = [{

View file

@ -15,5 +15,6 @@
<xi:include href="firewall.xml" />
<xi:include href="wireless.xml" />
<xi:include href="ad-hoc-network-config.xml" />
<xi:include href="renaming-interfaces.xml" />
<!-- TODO: OpenVPN, NAT -->
</chapter>

View file

@ -16,6 +16,6 @@
On images where the installation media also becomes an installation target,
copying over <literal>configuration.nix</literal> should be disabled by
setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
For example, this is done in <literal>sd-image-aarch64.nix</literal>.
For example, this is done in <literal>sd-image-aarch64-installer.nix</literal>.
</para>
</section>

View file

@ -0,0 +1,67 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-rename-ifs">
<title>Renaming network interfaces</title>
<para>
NixOS uses the udev
<link xlink:href="https://systemd.io/PREDICTABLE_INTERFACE_NAMES/">predictable naming scheme</link>
to assign names to network interfaces. This means that by default
cards are not given the traditional names like
<literal>eth0</literal> or <literal>eth1</literal>, whose order can
change unpredictably across reboots. Instead, relying on physical
locations and firmware information, the scheme produces names like
<literal>ens1</literal>, <literal>enp2s0</literal>, etc.
</para>
<para>
These names are predictable but less memorable and not necessarily
stable: for example installing new hardware or changing firmware
settings can result in a
<link xlink:href="https://github.com/systemd/systemd/issues/3715#issue-165347602">name change</link>.
If this is undesirable, for example if you have a single ethernet
card, you can revert to the traditional scheme by setting
<xref linkend="opt-networking.usePredictableInterfaceNames"/> to
<literal>false</literal>.
</para>
<section xml:id="sec-custom-ifnames">
<title>Assigning custom names</title>
<para>
In case there are multiple interfaces of the same type, its better to
assign custom names based on the device hardware address. For
example, we assign the name <literal>wan</literal> to the interface
with MAC address <literal>52:54:00:12:01:01</literal> using a
netword link unit:
</para>
<programlisting>
<link linkend="opt-systemd.network.links">systemd.network.links."10-wan"</link> = {
matchConfig.MACAddress = "52:54:00:12:01:01";
linkConfig.Name = "wan";
};
</programlisting>
<para>
Note that links are directly read by udev, <emphasis>not networkd</emphasis>,
and will work even if networkd is disabled.
</para>
<para>
Alternatively, we can use a plain old udev rule:
</para>
<programlisting>
<link linkend="opt-services.udev.initrdRules">services.udev.initrdRules</link> = ''
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \
ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan"
'';
</programlisting>
<warning><para>
The rule must be installed in the initrd using
<literal>services.udev.initrdRules</literal>, not the usual
<literal>services.udev.extraRules</literal> option. This is to avoid race
conditions with other programs controlling the interface.
</para></warning>
</section>
</section>

View file

@ -83,17 +83,12 @@
VirtualBox settings (Machine / Settings / Shared Folders, then click on the
"Add" icon). Add the following to the
<literal>/etc/nixos/configuration.nix</literal> to auto-mount them. If you do
not add <literal>"nofail"</literal>, the system will not boot properly. The
same goes for disabling <literal>rngd</literal> which is normally used to get
randomness but this does not work in virtual machines.
not add <literal>"nofail"</literal>, the system will not boot properly.
</para>
<programlisting>
{ config, pkgs, ...} :
{
security.rngd.enable = false; // otherwise vm will not boot
...
fileSystems."/virtualboxshare" = {
fsType = "vboxsf";
device = "nameofthesharedfolder";

View file

@ -91,6 +91,21 @@
</para>
<itemizedlist>
<listitem>
<para>
If you are using <option>services.udev.extraRules</option> to assign
custom names to network interfaces, this may stop working due to a change
in the initialisation of dhcpcd and systemd networkd. To avoid this, either
move them to <option>services.udev.initrdRules</option> or see the new
<link linkend="sec-custom-ifnames">Assigning custom names</link> section
of the NixOS manual for an example using networkd links.
</para>
</listitem>
<listitem>
<para>
The <literal>systemConfig</literal> kernel parameter is no longer added to boot loader entries. It has been unused since September 2010, but if do have a system generation from that era, you will now be unable to boot into them.
</para>
</listitem>
<listitem>
<para>
<literal>systemd-journal2gelf</literal> no longer parses json and expects the receiving system to handle it. How to achieve this with Graylog is described in this <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub issue</link>.
@ -494,6 +509,15 @@ self: super:
<varname>services.flashpolicyd</varname> module.
</para>
</listitem>
<listitem>
<para>
The <literal>security.rngd</literal> module has been removed.
It was disabled by default in 20.09 as it was functionally redundant
with krngd in the linux kernel. It is not necessary for any device that the kernel recognises
as an hardware RNG, as it will automatically run the krngd task to periodically collect random
data from the device and mix it into the kernel's RNG.
</para>
</listitem>
</itemizedlist>
</section>

View file

@ -185,8 +185,6 @@ in
{ description = "Initialisation of swap device ${sw.device}";
wantedBy = [ "${realDevice'}.swap" ];
before = [ "${realDevice'}.swap" ];
# If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
path = [ pkgs.util-linux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
script =

View file

@ -1,7 +1,14 @@
{ pkgs, ... }:
{ config, ... }:
{
imports = [ ./sd-image-aarch64.nix ];
boot.kernelPackages = pkgs.linuxPackages_latest;
imports = [
../sd-card/sd-image-aarch64-new-kernel-installer.nix
];
config = {
warnings = [
''
.../cd-dvd/sd-image-aarch64-new-kernel.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-aarch64-new-kernel-installer.nix, instead.
''
];
};
}

View file

@ -1,80 +1,14 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-aarch64.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{ config, ... }:
{
imports = [
../../profiles/base.nix
../../profiles/installation-device.nix
./sd-image.nix
../sd-card/sd-image-aarch64-installer.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
boot.initrd.availableKernelModules = [
# Allows early (earlier) modesetting for the Raspberry Pi
"vc4" "bcm2835_dma" "i2c_bcm2835"
# Allows early (earlier) modesetting for Allwinner SoCs
"sun4i_drm" "sun8i_drm_hdmi" "sun8i_mixer"
];
sdImage = {
populateFirmwareCommands = let
configTxt = pkgs.writeText "config.txt" ''
[pi3]
kernel=u-boot-rpi3.bin
[pi4]
kernel=u-boot-rpi4.bin
enable_gic=1
armstub=armstub8-gic.bin
# Otherwise the resolution will be weird in most cases, compared to
# what the pi3 firmware does by default.
disable_overscan=1
[all]
# Boot in 64-bit mode.
arm_64bit=1
# U-Boot needs this to work, regardless of whether UART is actually used or not.
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
# a requirement in the future.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
# Add the config
cp ${configTxt} firmware/config.txt
# Add pi3 specific files
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
# Add pi4 specific files
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
config = {
warnings = [
''
.../cd-dvd/sd-image-aarch64.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-aarch64-installer.nix, instead.
''
];
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -1,57 +1,14 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{ config, ... }:
{
imports = [
../../profiles/base.nix
../../profiles/installation-device.nix
./sd-image.nix
../sd-card/sd-image-armv7l-multiplatform-installer.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelPackages = pkgs.linuxPackages_latest;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TK1)
# - ttymxc0: for i.MX6 (Wandboard)
# - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
# - ttyO0: for OMAP (BeagleBone Black)
# - ttySAC2: for Exynos (ODROID-XU3)
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=ttyO0,115200n8" "console=ttySAC2,115200n8" "console=tty0"];
sdImage = {
populateFirmwareCommands = let
configTxt = pkgs.writeText "config.txt" ''
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
[pi2]
kernel=u-boot-rpi2.bin
[pi3]
kernel=u-boot-rpi3.bin
# U-Boot used to need this to work, regardless of whether UART is actually used or not.
# TODO: check when/if this can be removed.
enable_uart=1
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin
cp ${pkgs.ubootRaspberryPi3_32bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
config = {
warnings = [
''
.../cd-dvd/sd-image-armv7l-multiplatform.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-armv7l-multiplatform-installer.nix, instead.
''
];
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -1,46 +1,14 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{ config, ... }:
{
imports = [
../../profiles/base.nix
../../profiles/installation-device.nix
./sd-image.nix
../sd-card/sd-image-raspberrypi-installer.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelPackages = pkgs.linuxPackages_rpi1;
sdImage = {
populateFirmwareCommands = let
configTxt = pkgs.writeText "config.txt" ''
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
[pi0]
kernel=u-boot-rpi0.bin
[pi1]
kernel=u-boot-rpi1.bin
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPiZero}/u-boot.bin firmware/u-boot-rpi0.bin
cp ${pkgs.ubootRaspberryPi}/u-boot.bin firmware/u-boot-rpi1.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
config = {
warnings = [
''
.../cd-dvd/sd-image-raspberrypi.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-raspberrypi-installer.nix, instead.
''
];
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -1,8 +1,14 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-raspberrypi4.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{ config, ... }:
{
imports = [ ./sd-image-aarch64.nix ];
boot.kernelPackages = pkgs.linuxPackages_rpi4;
imports = [
../sd-card/sd-image-raspberrypi4-installer.nix
];
config = {
warnings = [
''
.../cd-dvd/sd-image-raspberrypi4.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-raspberrypi4-installer.nix, instead.
''
];
};
}

View file

@ -1,245 +1,14 @@
# This module creates a bootable SD card image containing the given NixOS
# configuration. The generated image is MBR partitioned, with a FAT
# /boot/firmware partition, and ext4 root partition. The generated image
# is sized to fit its contents, and a boot script automatically resizes
# the root partition to fit the device on the first boot.
#
# The firmware partition is built with expectation to hold the Raspberry
# Pi firmware and bootloader, and be removed and replaced with a firmware
# build for the target SoC for other board families.
#
# The derivation for the SD image will be placed in
# config.system.build.sdImage
{ config, lib, pkgs, ... }:
with lib;
let
rootfsImage = pkgs.callPackage ../../../lib/make-ext4-fs.nix ({
inherit (config.sdImage) storePaths;
compressImage = true;
populateImageCommands = config.sdImage.populateRootCommands;
volumeLabel = "NIXOS_SD";
} // optionalAttrs (config.sdImage.rootPartitionUUID != null) {
uuid = config.sdImage.rootPartitionUUID;
});
in
{ config, ... }:
{
imports = [
(mkRemovedOptionModule [ "sdImage" "bootPartitionID" ] "The FAT partition for SD image now only holds the Raspberry Pi firmware files. Use firmwarePartitionID to configure that partition's ID.")
(mkRemovedOptionModule [ "sdImage" "bootSize" ] "The boot files for SD image have been moved to the main ext4 partition. The FAT partition now only holds the Raspberry Pi firmware files. Changing its size may not be required.")
../sd-card/sd-image.nix
];
options.sdImage = {
imageName = mkOption {
default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img";
description = ''
Name of the generated image file.
'';
};
imageBaseName = mkOption {
default = "nixos-sd-image";
description = ''
Prefix of the name of the generated image file.
'';
};
storePaths = mkOption {
type = with types; listOf package;
example = literalExample "[ pkgs.stdenv ]";
description = ''
Derivations to be included in the Nix store in the generated SD image.
'';
};
firmwarePartitionID = mkOption {
type = types.str;
default = "0x2178694e";
description = ''
Volume ID for the /boot/firmware partition on the SD card. This value
must be a 32-bit hexadecimal number.
'';
};
firmwarePartitionName = mkOption {
type = types.str;
default = "FIRMWARE";
description = ''
Name of the filesystem which holds the boot firmware.
'';
};
rootPartitionUUID = mkOption {
type = types.nullOr types.str;
default = null;
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
description = ''
UUID for the filesystem on the main NixOS partition on the SD card.
'';
};
firmwareSize = mkOption {
type = types.int;
# As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
default = 30;
description = ''
Size of the /boot/firmware partition, in megabytes.
'';
};
populateFirmwareCommands = mkOption {
example = literalExample "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
description = ''
Shell commands to populate the ./firmware directory.
All files in that directory are copied to the
/boot/firmware partition on the SD image.
'';
};
populateRootCommands = mkOption {
example = literalExample "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
description = ''
Shell commands to populate the ./files directory.
All files in that directory are copied to the
root (/) partition on the SD image. Use this to
populate the ./files/boot (/boot) directory.
'';
};
postBuildCommands = mkOption {
example = literalExample "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
default = "";
description = ''
Shell commands to run after the image is built.
Can be used for boards requiring to dd u-boot SPL before actual partitions.
'';
};
compressImage = mkOption {
type = types.bool;
default = true;
description = ''
Whether the SD image should be compressed using
<command>zstd</command>.
'';
};
};
config = {
fileSystems = {
"/boot/firmware" = {
device = "/dev/disk/by-label/${config.sdImage.firmwarePartitionName}";
fsType = "vfat";
# Alternatively, this could be removed from the configuration.
# The filesystem is not needed at runtime, it could be treated
# as an opaque blob instead of a discrete FAT32 filesystem.
options = [ "nofail" "noauto" ];
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
sdImage.storePaths = [ config.system.build.toplevel ];
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
mtools, libfaketime, util-linux, zstd }: stdenv.mkDerivation {
name = config.sdImage.imageName;
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime util-linux zstd ];
inherit (config.sdImage) compressImage;
buildCommand = ''
mkdir -p $out/nix-support $out/sd-image
export img=$out/sd-image/${config.sdImage.imageName}
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
if test -n "$compressImage"; then
echo "file sd-image $img.zst" >> $out/nix-support/hydra-build-products
else
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
fi
echo "Decompressing rootfs image"
zstd -d --no-progress "${rootfsImage}" -o ./root-fs.img
# Gap in front of the first partition, in MiB
gap=8
# Create the image file sized to fit /boot/firmware and /, plus slack for the gap.
rootSizeBlocks=$(du -B 512 --apparent-size ./root-fs.img | awk '{ print $1 }')
firmwareSizeBlocks=$((${toString config.sdImage.firmwareSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + firmwareSizeBlocks * 512 + gap * 1024 * 1024))
truncate -s $imageSize $img
# type=b is 'W95 FAT32', type=83 is 'Linux'.
# The "bootable" partition is where u-boot will look file for the bootloader
# information (dtbs, extlinux.conf file).
sfdisk $img <<EOF
label: dos
label-id: ${config.sdImage.firmwarePartitionID}
start=''${gap}M, size=$firmwareSizeBlocks, type=b
start=$((gap + ${toString config.sdImage.firmwareSize}))M, type=83, bootable
EOF
# Copy the rootfs into the SD image
eval $(partx $img -o START,SECTORS --nr 2 --pairs)
dd conv=notrunc if=./root-fs.img of=$img seek=$START count=$SECTORS
# Create a FAT32 /boot/firmware partition of suitable size into firmware_part.img
eval $(partx $img -o START,SECTORS --nr 1 --pairs)
truncate -s $((SECTORS * 512)) firmware_part.img
faketime "1970-01-01 00:00:00" mkfs.vfat -i ${config.sdImage.firmwarePartitionID} -n ${config.sdImage.firmwarePartitionName} firmware_part.img
# Populate the files intended for /boot/firmware
mkdir firmware
${config.sdImage.populateFirmwareCommands}
# Copy the populated /boot/firmware into the SD image
(cd firmware; mcopy -psvm -i ../firmware_part.img ./* ::)
# Verify the FAT partition before copying it.
fsck.vfat -vn firmware_part.img
dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS
${config.sdImage.postBuildCommands}
if test -n "$compressImage"; then
zstd -T$NIX_BUILD_CORES --rm $img
fi
'';
}) {};
boot.postBootCommands = ''
# On the first boot do some maintenance tasks
if [ -f /nix-path-registration ]; then
set -euo pipefail
set -x
# Figure out device names for the boot device and root filesystem.
rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /)
bootDevice=$(lsblk -npo PKNAME $rootPart)
partNum=$(lsblk -npo MAJ:MIN $rootPart | ${pkgs.gawk}/bin/awk -F: '{print $2}')
# Resize the root partition and the filesystem to fit the disk
echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
${pkgs.parted}/bin/partprobe
${pkgs.e2fsprogs}/bin/resize2fs $rootPart
# Register the contents of the initial Nix store
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Prevents this from running on later boots.
rm -f /nix-path-registration
fi
'';
warnings = [
''
.../cd-dvd/sd-image.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image.nix, instead.
''
];
};
}

View file

@ -26,7 +26,7 @@ let
# A clue for the kernel loading
kernelParams = pkgs.writeText "kernel-params.txt" ''
Kernel Parameters:
init=/boot/init systemConfig=/boot/init ${toString config.boot.kernelParams}
init=/boot/init ${toString config.boot.kernelParams}
'';
# System wide nixpkgs config

View file

@ -23,13 +23,13 @@ let
label nixos
MENU LABEL ^NixOS using nfsroot
KERNEL bzImage
append ip=dhcp nfsroot=/home/pcroot systemConfig=${config.system.build.toplevel} init=${config.system.build.toplevel}/init rw
append ip=dhcp nfsroot=/home/pcroot init=${config.system.build.toplevel}/init rw
# I don't know how to make this boot with nfsroot (using the initrd)
label nixos_initrd
MENU LABEL NixOS booting the poor ^initrd.
KERNEL bzImage
append initrd=initrd ip=dhcp nfsroot=/home/pcroot systemConfig=${config.system.build.toplevel} init=${config.system.build.toplevel}/init rw
append initrd=initrd ip=dhcp nfsroot=/home/pcroot init=${config.system.build.toplevel}/init rw
label memtest
MENU LABEL ^${pkgs.memtest86.name}

View file

@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-aarch64.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-aarch64-new-kernel.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
imports = [ ./sd-image-aarch64.nix ];
boot.kernelPackages = pkgs.linuxPackages_latest;
}

View file

@ -0,0 +1,75 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-aarch64.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
boot.initrd.availableKernelModules = [
# Allows early (earlier) modesetting for the Raspberry Pi
"vc4" "bcm2835_dma" "i2c_bcm2835"
# Allows early (earlier) modesetting for Allwinner SoCs
"sun4i_drm" "sun8i_drm_hdmi" "sun8i_mixer"
];
sdImage = {
populateFirmwareCommands = let
configTxt = pkgs.writeText "config.txt" ''
[pi3]
kernel=u-boot-rpi3.bin
[pi4]
kernel=u-boot-rpi4.bin
enable_gic=1
armstub=armstub8-gic.bin
# Otherwise the resolution will be weird in most cases, compared to
# what the pi3 firmware does by default.
disable_overscan=1
[all]
# Boot in 64-bit mode.
arm_64bit=1
# U-Boot needs this to work, regardless of whether UART is actually used or not.
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
# a requirement in the future.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
# Add the config
cp ${configTxt} firmware/config.txt
# Add pi3 specific files
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
# Add pi4 specific files
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

View file

@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-armv7l-multiplatform.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -0,0 +1,52 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-armv7l-multiplatform.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelPackages = pkgs.linuxPackages_latest;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TK1)
# - ttymxc0: for i.MX6 (Wandboard)
# - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
# - ttyO0: for OMAP (BeagleBone Black)
# - ttySAC2: for Exynos (ODROID-XU3)
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=ttyO0,115200n8" "console=ttySAC2,115200n8" "console=tty0"];
sdImage = {
populateFirmwareCommands = let
configTxt = pkgs.writeText "config.txt" ''
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
[pi2]
kernel=u-boot-rpi2.bin
[pi3]
kernel=u-boot-rpi3.bin
# U-Boot used to need this to work, regardless of whether UART is actually used or not.
# TODO: check when/if this can be removed.
enable_uart=1
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin
cp ${pkgs.ubootRaspberryPi3_32bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

View file

@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-raspberrypi.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -0,0 +1,41 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-raspberrypi.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelPackages = pkgs.linuxPackages_rpi1;
sdImage = {
populateFirmwareCommands = let
configTxt = pkgs.writeText "config.txt" ''
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
[pi0]
kernel=u-boot-rpi0.bin
[pi1]
kernel=u-boot-rpi1.bin
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPiZero}/u-boot.bin firmware/u-boot-rpi0.bin
cp ${pkgs.ubootRaspberryPi}/u-boot.bin firmware/u-boot-rpi1.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

View file

@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-raspberrypi4.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View file

@ -0,0 +1,8 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-raspberrypi4.nix -A config.system.build.sdImage
{ config, lib, pkgs, ... }:
{
imports = [ ./sd-image-aarch64.nix ];
boot.kernelPackages = pkgs.linuxPackages_rpi4;
}

View file

@ -0,0 +1,245 @@
# This module creates a bootable SD card image containing the given NixOS
# configuration. The generated image is MBR partitioned, with a FAT
# /boot/firmware partition, and ext4 root partition. The generated image
# is sized to fit its contents, and a boot script automatically resizes
# the root partition to fit the device on the first boot.
#
# The firmware partition is built with expectation to hold the Raspberry
# Pi firmware and bootloader, and be removed and replaced with a firmware
# build for the target SoC for other board families.
#
# The derivation for the SD image will be placed in
# config.system.build.sdImage
{ config, lib, pkgs, ... }:
with lib;
let
rootfsImage = pkgs.callPackage ../../../lib/make-ext4-fs.nix ({
inherit (config.sdImage) storePaths;
compressImage = true;
populateImageCommands = config.sdImage.populateRootCommands;
volumeLabel = "NIXOS_SD";
} // optionalAttrs (config.sdImage.rootPartitionUUID != null) {
uuid = config.sdImage.rootPartitionUUID;
});
in
{
imports = [
(mkRemovedOptionModule [ "sdImage" "bootPartitionID" ] "The FAT partition for SD image now only holds the Raspberry Pi firmware files. Use firmwarePartitionID to configure that partition's ID.")
(mkRemovedOptionModule [ "sdImage" "bootSize" ] "The boot files for SD image have been moved to the main ext4 partition. The FAT partition now only holds the Raspberry Pi firmware files. Changing its size may not be required.")
];
options.sdImage = {
imageName = mkOption {
default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img";
description = ''
Name of the generated image file.
'';
};
imageBaseName = mkOption {
default = "nixos-sd-image";
description = ''
Prefix of the name of the generated image file.
'';
};
storePaths = mkOption {
type = with types; listOf package;
example = literalExample "[ pkgs.stdenv ]";
description = ''
Derivations to be included in the Nix store in the generated SD image.
'';
};
firmwarePartitionID = mkOption {
type = types.str;
default = "0x2178694e";
description = ''
Volume ID for the /boot/firmware partition on the SD card. This value
must be a 32-bit hexadecimal number.
'';
};
firmwarePartitionName = mkOption {
type = types.str;
default = "FIRMWARE";
description = ''
Name of the filesystem which holds the boot firmware.
'';
};
rootPartitionUUID = mkOption {
type = types.nullOr types.str;
default = null;
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
description = ''
UUID for the filesystem on the main NixOS partition on the SD card.
'';
};
firmwareSize = mkOption {
type = types.int;
# As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
default = 30;
description = ''
Size of the /boot/firmware partition, in megabytes.
'';
};
populateFirmwareCommands = mkOption {
example = literalExample "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
description = ''
Shell commands to populate the ./firmware directory.
All files in that directory are copied to the
/boot/firmware partition on the SD image.
'';
};
populateRootCommands = mkOption {
example = literalExample "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
description = ''
Shell commands to populate the ./files directory.
All files in that directory are copied to the
root (/) partition on the SD image. Use this to
populate the ./files/boot (/boot) directory.
'';
};
postBuildCommands = mkOption {
example = literalExample "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
default = "";
description = ''
Shell commands to run after the image is built.
Can be used for boards requiring to dd u-boot SPL before actual partitions.
'';
};
compressImage = mkOption {
type = types.bool;
default = true;
description = ''
Whether the SD image should be compressed using
<command>zstd</command>.
'';
};
};
config = {
fileSystems = {
"/boot/firmware" = {
device = "/dev/disk/by-label/${config.sdImage.firmwarePartitionName}";
fsType = "vfat";
# Alternatively, this could be removed from the configuration.
# The filesystem is not needed at runtime, it could be treated
# as an opaque blob instead of a discrete FAT32 filesystem.
options = [ "nofail" "noauto" ];
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
sdImage.storePaths = [ config.system.build.toplevel ];
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
mtools, libfaketime, util-linux, zstd }: stdenv.mkDerivation {
name = config.sdImage.imageName;
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime util-linux zstd ];
inherit (config.sdImage) compressImage;
buildCommand = ''
mkdir -p $out/nix-support $out/sd-image
export img=$out/sd-image/${config.sdImage.imageName}
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
if test -n "$compressImage"; then
echo "file sd-image $img.zst" >> $out/nix-support/hydra-build-products
else
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
fi
echo "Decompressing rootfs image"
zstd -d --no-progress "${rootfsImage}" -o ./root-fs.img
# Gap in front of the first partition, in MiB
gap=8
# Create the image file sized to fit /boot/firmware and /, plus slack for the gap.
rootSizeBlocks=$(du -B 512 --apparent-size ./root-fs.img | awk '{ print $1 }')
firmwareSizeBlocks=$((${toString config.sdImage.firmwareSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + firmwareSizeBlocks * 512 + gap * 1024 * 1024))
truncate -s $imageSize $img
# type=b is 'W95 FAT32', type=83 is 'Linux'.
# The "bootable" partition is where u-boot will look file for the bootloader
# information (dtbs, extlinux.conf file).
sfdisk $img <<EOF
label: dos
label-id: ${config.sdImage.firmwarePartitionID}
start=''${gap}M, size=$firmwareSizeBlocks, type=b
start=$((gap + ${toString config.sdImage.firmwareSize}))M, type=83, bootable
EOF
# Copy the rootfs into the SD image
eval $(partx $img -o START,SECTORS --nr 2 --pairs)
dd conv=notrunc if=./root-fs.img of=$img seek=$START count=$SECTORS
# Create a FAT32 /boot/firmware partition of suitable size into firmware_part.img
eval $(partx $img -o START,SECTORS --nr 1 --pairs)
truncate -s $((SECTORS * 512)) firmware_part.img
faketime "1970-01-01 00:00:00" mkfs.vfat -i ${config.sdImage.firmwarePartitionID} -n ${config.sdImage.firmwarePartitionName} firmware_part.img
# Populate the files intended for /boot/firmware
mkdir firmware
${config.sdImage.populateFirmwareCommands}
# Copy the populated /boot/firmware into the SD image
(cd firmware; mcopy -psvm -i ../firmware_part.img ./* ::)
# Verify the FAT partition before copying it.
fsck.vfat -vn firmware_part.img
dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS
${config.sdImage.postBuildCommands}
if test -n "$compressImage"; then
zstd -T$NIX_BUILD_CORES --rm $img
fi
'';
}) {};
boot.postBootCommands = ''
# On the first boot do some maintenance tasks
if [ -f /nix-path-registration ]; then
set -euo pipefail
set -x
# Figure out device names for the boot device and root filesystem.
rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /)
bootDevice=$(lsblk -npo PKNAME $rootPart)
partNum=$(lsblk -npo MAJ:MIN $rootPart | ${pkgs.gawk}/bin/awk -F: '{print $2}')
# Resize the root partition and the filesystem to fit the disk
echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
${pkgs.parted}/bin/partprobe
${pkgs.e2fsprogs}/bin/resize2fs $rootPart
# Register the contents of the initial Nix store
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Prevents this from running on later boots.
rm -f /nix-path-registration
fi
'';
};
}

View file

@ -53,7 +53,7 @@ in
${pkgs.kexectools}/sbin/kexec -p /run/current-system/kernel \
--initrd=/run/current-system/initrd \
--reset-vga --console-vga \
--command-line="systemConfig=$(readlink -f /run/current-system) init=$(readlink -f /run/current-system/init) irqpoll maxcpus=1 reset_devices ${kernelParams}"
--command-line="init=$(readlink -f /run/current-system/init) irqpoll maxcpus=1 reset_devices ${kernelParams}"
'';
kernelParams = [
"crashkernel=${crashdump.reservedMemory}"

View file

@ -461,6 +461,7 @@
./services/misc/errbot.nix
./services/misc/etcd.nix
./services/misc/etebase-server.nix
./services/misc/etesync-dav.nix
./services/misc/ethminer.nix
./services/misc/exhibitor.nix
./services/misc/felix.nix

View file

@ -1,56 +1,16 @@
{ config, lib, pkgs, ... }:
with lib;
{ lib, ... }:
let
cfg = config.security.rngd;
removed = k: lib.mkRemovedOptionModule [ "security" "rngd" k ];
in
{
options = {
security.rngd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the rng daemon. Devices that the kernel recognises
as entropy sources are handled automatically by krngd.
'';
};
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to enable debug output (-d).";
};
};
};
config = mkIf cfg.enable {
systemd.services.rngd = {
bindsTo = [ "dev-random.device" ];
after = [ "dev-random.device" ];
# Clean shutdown without DefaultDependencies
conflicts = [ "shutdown.target" ];
before = [
"sysinit.target"
"shutdown.target"
];
description = "Hardware RNG Entropy Gatherer Daemon";
# rngd may have to start early to avoid entropy starvation during boot with encrypted swap
unitConfig.DefaultDependencies = false;
serviceConfig = {
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
+ optionalString cfg.debug " -d";
# PrivateTmp would introduce a circular dependency if /tmp is on tmpfs and swap is encrypted,
# thus depending on rngd before swap, while swap depends on rngd to avoid entropy starvation.
NoNewPrivileges = true;
PrivateNetwork = true;
ProtectSystem = "full";
ProtectHome = true;
};
};
};
imports = [
(removed "enable" ''
rngd is not necessary for any device that the kernel recognises
as an hardware RNG, as it will automatically run the krngd task
to periodically collect random data from the device and mix it
into the kernel's RNG.
'')
(removed "debug"
"The rngd module was removed, so its debug option does nothing.")
];
}

View file

@ -37,7 +37,8 @@ in {
services.pipewire.media-session = {
enable = mkOption {
type = types.bool;
default = true;
default = config.services.pipewire.enable;
defaultText = "config.services.pipewire.enable";
description = "Example pipewire session manager";
};

View file

@ -202,12 +202,26 @@ in
'';
};
extraRules = mkOption {
initrdRules = mkOption {
default = "";
example = ''
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card"
'';
type = types.lines;
description = ''
<command>udev</command> rules to include in the initrd
<emphasis>only</emphasis>. They'll be written into file
<filename>99-local.rules</filename>. Thus they are read and applied
after the essential initrd rules.
'';
};
extraRules = mkOption {
default = "";
example = ''
ENV{ID_VENDOR_ID}=="046d", ENV{ID_MODEL_ID}=="0825", ENV{PULSE_IGNORE}="1"
'';
type = types.lines;
description = ''
Additional <command>udev</command> rules. They'll be written
into file <filename>99-local.rules</filename>. Thus they are
@ -284,6 +298,13 @@ in
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
boot.initrd.extraUdevRulesCommands = optionalString (cfg.initrdRules != "")
''
cat <<'EOF' > $out/99-local.rules
${cfg.initrdRules}
EOF
'';
environment.etc =
{
"udev/rules.d".source = udevRules;

View file

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.etesync-dav;
in
{
options.services.etesync-dav = {
enable = mkEnableOption "etesync-dav";
host = mkOption {
type = types.str;
default = "localhost";
description = "The server host address.";
};
port = mkOption {
type = types.port;
default = 37358;
description = "The server host port.";
};
apiUrl = mkOption {
type = types.str;
default = "https://api.etesync.com/";
description = "The url to the etesync API.";
};
openFirewall = mkOption {
default = false;
type = types.bool;
description = "Whether to open the firewall for the specified port.";
};
sslCertificate = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/etesync.crt";
description = ''
Path to server SSL certificate. It will be copied into
etesync-dav's data directory.
'';
};
sslCertificateKey = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/etesync.key";
description = ''
Path to server SSL certificate key. It will be copied into
etesync-dav's data directory.
'';
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
systemd.services.etesync-dav = {
description = "etesync-dav - A CalDAV and CardDAV adapter for EteSync";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.etesync-dav ];
environment = {
ETESYNC_LISTEN_ADDRESS = cfg.host;
ETESYNC_LISTEN_PORT = toString cfg.port;
ETESYNC_URL = cfg.apiUrl;
ETESYNC_DATA_DIR = "/var/lib/etesync-dav";
};
serviceConfig = {
Type = "simple";
DynamicUser = true;
StateDirectory = "etesync-dav";
ExecStart = "${pkgs.etesync-dav}/bin/etesync-dav";
ExecStartPre = mkIf (cfg.sslCertificate != null || cfg.sslCertificateKey != null) (
pkgs.writers.writeBash "etesync-dav-copy-keys" ''
${optionalString (cfg.sslCertificate != null) ''
cp ${toString cfg.sslCertificate} $STATE_DIRECTORY/etesync.crt
''}
${optionalString (cfg.sslCertificateKey != null) ''
cp ${toString cfg.sslCertificateKey} $STATE_DIRECTORY/etesync.key
''}
''
);
Restart = "on-failure";
RestartSec = "30min 1s";
};
};
};
}

View file

@ -191,9 +191,8 @@ in
{ description = "DHCP Client";
wantedBy = [ "multi-user.target" ] ++ optional (!hasDefaultGatewaySet) "network-online.target";
wants = [ "network.target" "systemd-udev-settle.service" ];
wants = [ "network.target" ];
before = [ "network-online.target" ];
after = [ "systemd-udev-settle.service" ];
restartTriggers = [ exitHook ];

View file

@ -113,7 +113,6 @@ in
"~@memlock"
"~@resources"
"~@setuid"
"~@sync"
"~@timer"
];
};

View file

@ -82,11 +82,8 @@ in {
X-RestartIfChanged=false
'';
systemd.units."autovt@.service".unit = pkgs.runCommand "unit" { preferLocalBuild = true; }
''
mkdir -p $out
ln -s ${config.systemd.units."kmsconvt@.service".unit}/kmsconvt@.service $out/autovt@.service
'';
systemd.suppressedSystemUnits = [ "autovt@.service" ];
systemd.units."kmsconvt@.service".aliases = [ "autovt@.service" ];
systemd.services.systemd-vconsole-setup.enable = false;

View file

@ -44,7 +44,7 @@ in
'';
description = ''
Configuration for Miniflux, refer to
<link xlink:href="http://docs.miniflux.app/en/latest/configuration.html"/>
<link xlink:href="https://miniflux.app/docs/configuration.html"/>
for documentation on the supported values.
'';
};

View file

@ -183,14 +183,20 @@ in
"systemd-udev-settle.service"
];
systemd.services.display-manager.conflicts = [
"getty@tty${gdm.initialVT}.service"
# TODO: Add "plymouth-quit.service" so GDM can control when plymouth quits.
# Currently this breaks switching configurations while using plymouth.
"getty@tty${gdm.initialVT}.service"
"plymouth-quit.service"
];
systemd.services.display-manager.onFailure = [
"plymouth-quit.service"
];
# Prevent nixos-rebuild switch from bringing down the graphical
# session. (If multi-user.target wants plymouth-quit.service which
# conflicts display-manager.service, then when nixos-rebuild
# switch starts multi-user.target, display-manager.service is
# stopped so plymouth-quit.service can be started.)
systemd.services.plymouth-quit.wantedBy = lib.mkForce [];
systemd.services.display-manager.serviceConfig = {
# Restart = "always"; - already defined in xserver.nix
KillMode = "mixed";

View file

@ -109,7 +109,7 @@ addEntry() {
exit 1
fi
fi
echo " APPEND systemConfig=$path init=$path/init $extraParams"
echo " APPEND init=$path/init $extraParams"
}
tmpFile="$target/extlinux/extlinux.conf.tmp.$$"

View file

@ -102,10 +102,10 @@ if (stat($bootPath)->dev != stat("/nix/store")->dev) {
# Discover information about the location of the bootPath
struct(Fs => {
device => '$',
type => '$',
mount => '$',
});
device => '$',
type => '$',
mount => '$',
});
sub PathInMount {
my ($path, $mount) = @_;
my @splitMount = split /\//, $mount;
@ -154,16 +154,16 @@ sub GetFs {
return $bestFs;
}
struct (Grub => {
path => '$',
search => '$',
});
path => '$',
search => '$',
});
my $driveid = 1;
sub GrubFs {
my ($dir) = @_;
my $fs = GetFs($dir);
my $path = substr($dir, length($fs->mount));
if (substr($path, 0, 1) ne "/") {
$path = "/$path";
$path = "/$path";
}
my $search = "";
@ -251,8 +251,8 @@ my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n";
if ($grubVersion == 1) {
$conf .= "
default $defaultEntry
timeout $timeout
default $defaultEntry
timeout $timeout
";
if ($splashImage) {
copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath: $!\n";
@ -302,51 +302,51 @@ else {
if ($copyKernels == 0) {
$conf .= "
" . $grubStore->search;
" . $grubStore->search;
}
# FIXME: should use grub-mkconfig.
$conf .= "
" . $grubBoot->search . "
if [ -s \$prefix/grubenv ]; then
load_env
fi
" . $grubBoot->search . "
if [ -s \$prefix/grubenv ]; then
load_env
fi
# grub-reboot sets a one-time saved entry, which we process here and
# then delete.
if [ \"\${next_entry}\" ]; then
set default=\"\${next_entry}\"
set next_entry=
save_env next_entry
set timeout=1
else
set default=$defaultEntry
set timeout=$timeout
fi
# grub-reboot sets a one-time saved entry, which we process here and
# then delete.
if [ \"\${next_entry}\" ]; then
set default=\"\${next_entry}\"
set next_entry=
save_env next_entry
set timeout=1
else
set default=$defaultEntry
set timeout=$timeout
fi
# Setup the graphics stack for bios and efi systems
if [ \"\${grub_platform}\" = \"efi\" ]; then
insmod efi_gop
insmod efi_uga
else
insmod vbe
fi
# Setup the graphics stack for bios and efi systems
if [ \"\${grub_platform}\" = \"efi\" ]; then
insmod efi_gop
insmod efi_uga
else
insmod vbe
fi
";
if ($font) {
copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath: $!\n";
$conf .= "
insmod font
if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then
insmod gfxterm
if [ \"\${grub_platform}\" = \"efi\" ]; then
set gfxmode=$gfxmodeEfi
set gfxpayload=$gfxpayloadEfi
else
set gfxmode=$gfxmodeBios
set gfxpayload=$gfxpayloadBios
fi
terminal_output gfxterm
fi
insmod font
if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then
insmod gfxterm
if [ \"\${grub_platform}\" = \"efi\" ]; then
set gfxmode=$gfxmodeEfi
set gfxpayload=$gfxpayloadEfi
else
set gfxmode=$gfxmodeBios
set gfxpayload=$gfxpayloadBios
fi
terminal_output gfxterm
fi
";
}
if ($splashImage) {
@ -363,14 +363,14 @@ else {
}
copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath: $!\n";
$conf .= "
insmod " . substr($suffix, 1) . "
if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
insmod " . substr($suffix, 1) . "
if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
";
}
@ -380,21 +380,21 @@ else {
# Copy theme
rcopy($theme, "$bootPath/theme") or die "cannot copy $theme to $bootPath\n";
$conf .= "
# Sets theme.
set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt
export theme
# Load theme fonts, if any
";
# Sets theme.
set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt
export theme
# Load theme fonts, if any
";
find( { wanted => sub {
if ($_ =~ /\.pf2$/i) {
$font = File::Spec->abs2rel($File::Find::name, $theme);
$conf .= "
loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font
";
}
}, no_chdir => 1 }, $theme );
}
find( { wanted => sub {
if ($_ =~ /\.pf2$/i) {
$font = File::Spec->abs2rel($File::Find::name, $theme);
$conf .= "
loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font
";
}
}, no_chdir => 1 }, $theme );
}
}
$conf .= "$extraConfig\n";
@ -433,25 +433,25 @@ sub addEntry {
# Include second initrd with secrets
if (-e -x "$path/append-initrd-secrets") {
my $initrdName = basename($initrd);
my $initrdSecretsPath = "$bootPath/kernels/$initrdName-secrets";
my $initrdName = basename($initrd);
my $initrdSecretsPath = "$bootPath/kernels/$initrdName-secrets";
mkpath(dirname($initrdSecretsPath), 0, 0755);
my $oldUmask = umask;
# Make sure initrd is not world readable (won't work if /boot is FAT)
umask 0137;
my $initrdSecretsPathTemp = File::Temp::mktemp("$initrdSecretsPath.XXXXXXXX");
system("$path/append-initrd-secrets", $initrdSecretsPathTemp) == 0 or die "failed to create initrd secrets: $!\n";
# Check whether any secrets were actually added
if (-e $initrdSecretsPathTemp && ! -z _) {
rename $initrdSecretsPathTemp, $initrdSecretsPath or die "failed to move initrd secrets into place: $!\n";
$copied{$initrdSecretsPath} = 1;
$initrd .= " " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$initrdName-secrets";
} else {
unlink $initrdSecretsPathTemp;
rmdir dirname($initrdSecretsPathTemp);
}
umask $oldUmask;
mkpath(dirname($initrdSecretsPath), 0, 0755);
my $oldUmask = umask;
# Make sure initrd is not world readable (won't work if /boot is FAT)
umask 0137;
my $initrdSecretsPathTemp = File::Temp::mktemp("$initrdSecretsPath.XXXXXXXX");
system("$path/append-initrd-secrets", $initrdSecretsPathTemp) == 0 or die "failed to create initrd secrets: $!\n";
# Check whether any secrets were actually added
if (-e $initrdSecretsPathTemp && ! -z _) {
rename $initrdSecretsPathTemp, $initrdSecretsPath or die "failed to move initrd secrets into place: $!\n";
$copied{$initrdSecretsPath} = 1;
$initrd .= " " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$initrdName-secrets";
} else {
unlink $initrdSecretsPathTemp;
rmdir dirname($initrdSecretsPathTemp);
}
umask $oldUmask;
}
my $xen = -e "$path/xen.gz" ? copyToKernelsDir(Cwd::abs_path("$path/xen.gz")) : undef;
@ -459,9 +459,8 @@ sub addEntry {
# FIXME: $confName
my $kernelParams =
"systemConfig=" . Cwd::abs_path($path) . " " .
"init=" . Cwd::abs_path("$path/init") . " " .
readFile("$path/kernel-params");
"init=" . Cwd::abs_path("$path/init") . " " .
readFile("$path/kernel-params");
my $xenParams = $xen && -e "$path/xen-params" ? readFile("$path/xen-params") : "";
if ($grubVersion == 1) {
@ -503,9 +502,9 @@ foreach my $link (@links) {
my $date = strftime("%F", localtime(lstat($link)->mtime));
my $version =
-e "$link/nixos-version"
? readFile("$link/nixos-version")
: basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);
-e "$link/nixos-version"
? readFile("$link/nixos-version")
: basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);
if ($cfgName) {
$entryName = $cfgName;
@ -530,8 +529,8 @@ sub addProfile {
sub nrFromGen { my ($x) = @_; $x =~ /\/\w+-(\d+)-link/; return $1; }
my @links = sort
{ nrFromGen($b) <=> nrFromGen($a) }
(glob "$profile-*-link");
{ nrFromGen($b) <=> nrFromGen($a) }
(glob "$profile-*-link");
my $curEntry = 0;
foreach my $link (@links) {
@ -542,9 +541,9 @@ sub addProfile {
}
my $date = strftime("%F", localtime(lstat($link)->mtime));
my $version =
-e "$link/nixos-version"
? readFile("$link/nixos-version")
: basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);
-e "$link/nixos-version"
? readFile("$link/nixos-version")
: basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);
addEntry("NixOS - Configuration " . nrFromGen($link) . " ($date - $version)", $link);
}
@ -566,7 +565,7 @@ $extraPrepareConfig =~ s/\@bootPath\@/$bootPath/g;
# Run extraPrepareConfig in sh
if ($extraPrepareConfig ne "") {
system((get("shell"), "-c", $extraPrepareConfig));
system((get("shell"), "-c", $extraPrepareConfig));
}
# write the GRUB config.
@ -627,13 +626,13 @@ foreach my $fn (glob "$bootPath/kernels/*") {
#
struct(GrubState => {
name => '$',
version => '$',
efi => '$',
devices => '$',
efiMountPoint => '$',
extraGrubInstallArgs => '@',
});
name => '$',
version => '$',
efi => '$',
devices => '$',
efiMountPoint => '$',
extraGrubInstallArgs => '@',
});
# If you add something to the state file, only add it to the end
# because it is read line-by-line.
sub readGrubState {

View file

@ -49,7 +49,6 @@ addEntry() {
echo "#!/bin/sh"
echo "# $name"
echo "# created by init-script-builder.sh"
echo "export systemConfig=$(readlink -f $path)"
echo "exec $stage2"
)"

View file

@ -101,7 +101,7 @@ def write_entry(profile, generation, machine_id):
entry_file = "@efiSysMountPoint@/loader/entries/nixos-generation-%d.conf" % (generation)
generation_dir = os.readlink(system_dir(profile, generation))
tmp_path = "%s.tmp" % (entry_file)
kernel_params = "systemConfig=%s init=%s/init " % (generation_dir, generation_dir)
kernel_params = "init=%s/init " % generation_dir
with open("%s/kernel-params" % (generation_dir)) as params_file:
kernel_params = kernel_params + params_file.read()

View file

@ -1553,9 +1553,6 @@ in
wantedBy = [ "multi-user.target" ];
aliases = [ "dbus-org.freedesktop.network1.service" ];
restartTriggers = map (x: x.source) (attrValues unitFiles);
# prevent race condition with interface renaming (#39069)
requires = [ "systemd-udev-settle.service" ];
after = [ "systemd-udev-settle.service" ];
};
systemd.services.systemd-networkd-wait-online = {

View file

@ -38,6 +38,14 @@ in
enable = mkEnableOption "Plymouth boot splash screen";
font = mkOption {
default = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf";
type = types.path;
description = ''
Font file made available for displaying text on the splash screen.
'';
};
themePackages = mkOption {
default = [ nixosBreezePlymouth ];
type = types.listOf types.package;
@ -113,7 +121,7 @@ in
mkdir -p $out/lib/plymouth/renderers
# module might come from a theme
cp ${themesEnv}/lib/plymouth/{text,details,$moduleName}.so $out/lib/plymouth
cp ${themesEnv}/lib/plymouth/{text,details,label,$moduleName}.so $out/lib/plymouth
cp ${plymouth}/lib/plymouth/renderers/{drm,frame-buffer}.so $out/lib/plymouth/renderers
mkdir -p $out/share/plymouth/themes
@ -133,6 +141,17 @@ in
cp -r themes/* $out/share/plymouth/themes
cp ${cfg.logo} $out/share/plymouth/logo.png
mkdir -p $out/share/fonts
cp ${cfg.font} $out/share/fonts
mkdir -p $out/etc/fonts
cat > $out/etc/fonts/fonts.conf <<EOF
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
<fontconfig>
<dir>$out/share/fonts</dir>
</fontconfig>
EOF
'';
boot.initrd.extraUtilsCommandsTest = ''
@ -154,6 +173,7 @@ in
ln -s $extraUtils/share/plymouth/logo.png /etc/plymouth/logo.png
ln -s $extraUtils/share/plymouth/themes /etc/plymouth/themes
ln -s $extraUtils/lib/plymouth /etc/plymouth/plugins
ln -s $extraUtils/etc/fonts /etc/fonts
plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session
plymouth show-splash

View file

@ -205,13 +205,22 @@ let
''; # */
# Networkd link files are used early by udev to set up interfaces early.
# This must be done in stage 1 to avoid race conditions between udev and
# network daemons.
linkUnits = pkgs.runCommand "link-units" {
allowedReferences = [ extraUtils ];
preferLocalBuild = true;
} ''
} (''
mkdir -p $out
cp -v ${udev}/lib/systemd/network/*.link $out/
'';
'' + (
let
links = filterAttrs (n: v: hasSuffix ".link" n) config.systemd.network.units;
files = mapAttrsToList (n: v: "${v.unit}/${n}") links;
in
concatMapStringsSep "\n" (file: "cp -v ${file} $out/") files
));
udevRules = pkgs.runCommand "udev-rules" {
allowedReferences = [ extraUtils ];

View file

@ -0,0 +1,36 @@
#!/usr/bin/env bash
set -euo pipefail
WGET() {
wget --retry-connrefused -t 15 --waitretry=10 --header='Metadata-Flavor: Google' "$@"
}
# When dealing with cryptographic keys, we want to keep things private.
umask 077
mkdir -p /root/.ssh
echo "Fetching authorized keys..."
WGET -O /tmp/auth_keys http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys
# Read keys one by one, split in case Google decided
# to append metadata (it does sometimes) and add to
# authorized_keys if not already present.
touch /root/.ssh/authorized_keys
while IFS='' read -r line || [[ -n "$line" ]]; do
keyLine=$(echo -n "$line" | cut -d ':' -f2)
IFS=' ' read -r -a array <<<"$keyLine"
if [[ ${#array[@]} -ge 3 ]]; then
echo "${array[@]:0:3}" >>/tmp/new_keys
echo "Added ${array[*]:2} to authorized_keys"
fi
done </tmp/auth_keys
mv /tmp/new_keys /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
echo "Fetching host keys..."
WGET -O /tmp/ssh_host_ed25519_key http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key
WGET -O /tmp/ssh_host_ed25519_key.pub http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key_pub
mv -f /tmp/ssh_host_ed25519_key* /etc/ssh/
chmod 600 /etc/ssh/ssh_host_ed25519_key
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub

View file

@ -69,6 +69,31 @@ in
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
# Used by NixOps
systemd.services.fetch-instance-ssh-keys = {
description = "Fetch host keys and authorized_keys for root user";
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ pkgs.wget ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.runCommand "fetch-instance-ssh-keys" { } ''
cp ${./fetch-instance-ssh-keys.bash} $out
chmod +x $out
${pkgs.shfmt}/bin/shfmt -i 4 -d $out
${pkgs.shellcheck}/bin/shellcheck $out
patchShebangs $out
'';
PrivateTmp = true;
StandardError = "journal+console";
StandardOutput = "journal+console";
};
};
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = [ "network-online.target" "network.target" "rsyslog.service" ];

View file

@ -40,8 +40,6 @@ in {
environment.systemPackages = [ config.boot.kernelPackages.hyperv-daemons.bin ];
security.rngd.enable = false;
# enable hotadding cpu/memory
services.udev.packages = lib.singleton (pkgs.writeTextFile {
name = "hyperv-cpu-and-memory-hotadd-udev-rules";

View file

@ -171,23 +171,23 @@ in rec {
sd_image = forMatchingSystems [ "armv6l-linux" "armv7l-linux" "aarch64-linux" ] (system: makeSdImage {
module = {
armv6l-linux = ./modules/installer/cd-dvd/sd-image-raspberrypi.nix;
armv7l-linux = ./modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix;
aarch64-linux = ./modules/installer/cd-dvd/sd-image-aarch64.nix;
armv6l-linux = ./modules/installer/sd-card/sd-image-raspberrypi-installer.nix;
armv7l-linux = ./modules/installer/sd-card/sd-image-armv7l-multiplatform-installer.nix;
aarch64-linux = ./modules/installer/sd-card/sd-image-aarch64-installer.nix;
}.${system};
inherit system;
});
sd_image_new_kernel = forMatchingSystems [ "aarch64-linux" ] (system: makeSdImage {
module = {
aarch64-linux = ./modules/installer/cd-dvd/sd-image-aarch64-new-kernel.nix;
aarch64-linux = ./modules/installer/sd-card/sd-image-aarch64-new-kernel-installer.nix;
}.${system};
type = "minimal-new-kernel";
inherit system;
});
sd_image_raspberrypi4 = forMatchingSystems [ "aarch64-linux" ] (system: makeSdImage {
module = ./modules/installer/cd-dvd/sd-image-raspberrypi4.nix;
module = ./modules/installer/sd-card/sd-image-raspberrypi4-installer.nix;
inherit system;
});

View file

@ -187,6 +187,7 @@ in
k3s = handleTest ./k3s.nix {};
kafka = handleTest ./kafka.nix {};
keepalived = handleTest ./keepalived.nix {};
keepassxc = handleTest ./keepassxc.nix {};
kerberos = handleTest ./kerberos/default.nix {};
kernel-latest = handleTest ./kernel-latest.nix {};
kernel-lts = handleTest ./kernel-lts.nix {};
@ -345,7 +346,6 @@ in
samba-wsdd = handleTest ./samba-wsdd.nix {};
sanoid = handleTest ./sanoid.nix {};
sbt = handleTest ./sbt.nix {};
sbt-extras = handleTest ./sbt-extras.nix {};
sddm = handleTest ./sddm.nix {};
searx = handleTest ./searx.nix {};
service-runner = handleTest ./service-runner.nix {};

View file

@ -6,6 +6,7 @@ import ./make-test-python.nix {
services.bind.extraOptions = "empty-zones-enable no;";
services.bind.zones = lib.singleton {
name = ".";
master = true;
file = pkgs.writeText "root.zone" ''
$TTL 3600
. IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d )

View file

@ -0,0 +1,34 @@
import ./make-test-python.nix ({ pkgs, ...} :
{
name = "keepassxc";
meta = with pkgs.lib.maintainers; {
maintainers = [ turion ];
};
machine = { ... }:
{
imports = [
./common/user-account.nix
./common/x11.nix
];
services.xserver.enable = true;
test-support.displayManager.auto.user = "alice";
environment.systemPackages = [ pkgs.keepassxc ];
};
enableOCR = true;
testScript = { nodes, ... }: ''
start_all()
machine.wait_for_x()
# start KeePassXC window
machine.execute("su - alice -c keepassxc &")
machine.wait_for_text("KeePassXC ${pkgs.keepassxc.version}")
machine.screenshot("KeePassXC")
'';
})

View file

@ -35,7 +35,7 @@ let
extraConfig = flip concatMapStrings vlanIfs (n: ''
subnet 192.168.${toString n}.0 netmask 255.255.255.0 {
option routers 192.168.${toString n}.1;
range 192.168.${toString n}.2 192.168.${toString n}.254;
range 192.168.${toString n}.3 192.168.${toString n}.254;
}
'')
;
@ -672,6 +672,30 @@ let
), "The IPv6 routing table has not been properly cleaned:\n{}".format(ipv6Residue)
'';
};
rename = {
name = "RenameInterface";
machine = { pkgs, ... }: {
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = networkd;
useDHCP = false;
};
} //
(if networkd
then { systemd.network.links."10-custom_name" = {
matchConfig.MACAddress = "52:54:00:12:01:01";
linkConfig.Name = "custom_name";
};
}
else { services.udev.initrdRules = ''
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="custom_name"
'';
});
testScript = ''
machine.succeed("udevadm settle")
print(machine.succeed("ip link show dev custom_name"))
'';
};
# even with disabled networkd, systemd.network.links should work
# (as it's handled by udev, not networkd)
link = {

View file

@ -1,16 +0,0 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "sbt-extras";
meta = with pkgs.lib.maintainers; {
maintainers = [ nequissimus ];
};
machine = { pkgs, ... }:
{
environment.systemPackages = [ pkgs.sbt-extras ];
};
testScript =
''
machine.succeed("(sbt -h)")
'';
})

View file

@ -11,8 +11,8 @@ import ./make-test-python.nix ({ pkgs, ... }: {
environment.systemPackages = [ pkgs.curl ];
};
traefik = { config, pkgs, ... }: {
docker-containers.nginx = {
extraDockerOptions = [
virtualisation.oci-containers.containers.nginx = {
extraOptions = [
"-l" "traefik.enable=true"
"-l" "traefik.http.routers.nginx.entrypoints=web"
"-l" "traefik.http.routers.nginx.rule=Host(`nginx.traefik.test`)"

View file

@ -1,17 +1,27 @@
{ fetchFromGitHub, lib, rustPlatform }:
{ fetchFromGitHub, installShellFiles, lib, rustPlatform }:
rustPlatform.buildRustPackage rec {
pname = "mmtc";
version = "0.2.12";
version = "0.2.13";
src = fetchFromGitHub {
owner = "figsoda";
repo = pname;
rev = "v${version}";
sha256 = "1chcnv8wql6v2vckpzvq6sxgpss7mnxaj008jdm8xalhw9d496s4";
sha256 = "0ag87hgdg6fvk80fgznba0xjlcajks5w5s6y8lvwhz9irn2kq2rz";
};
cargoSha256 = "06b0hag3s5irvi57n0hc97agfw4sw783lkkl1b26iap6mfbvrqma";
cargoSha256 = "06xqh0mqbik00qyg8mn1ddbn15v3pdwvh1agghg22xgx53kmnxb3";
nativeBuildInputs = [ installShellFiles ];
preFixup = ''
completions=($releaseDir/build/mmtc-*/out/completions)
installShellCompletion ''${completions[0]}/mmtc.{bash,fish}
installShellCompletion --zsh ''${completions[0]}/_mmtc
'';
GEN_COMPLETIONS = "1";
meta = with lib; {
description = "Minimal mpd terminal client that aims to be simple yet highly configurable";

View file

@ -0,0 +1,103 @@
{ lib
, intltool
, mkDerivation
, installShellFiles
, pkg-config
, fetchFromGitHub
, dbus-glib
, desktop-file-utils
, hicolor-icon-theme
, pcre
, qtbase
, sqlite
, taglib
, zlib
, gtk3
, libpeas
, libcddb
, libcdio
, gst_all_1, withGstPlugins ? true
, glyr, withGlyr ? true
, liblastfmSF, withLastfm ? true
, libcdio-paranoia, withCD ? true
, keybinder3, withKeybinder ? false
, libnotify, withLibnotify ? false
, libsoup, withLibsoup ? false
, libgudev, withGudev ? false # experimental
, libmtp, withMtp ? false # experimental
, xfce, withXfce4ui ? false
, totem-pl-parser, withTotemPlParser ? false
# , grilo, withGrilo ? false
# , rygel, withRygel ? true
}:
assert withGlyr -> withLastfm;
assert withLastfm -> withCD;
mkDerivation rec {
pname = "pragha";
version = "1.3.4";
src = fetchFromGitHub {
owner = "pragha-music-player";
repo = "pragha";
rev = "v${version}";
sha256 = "sha256:0n8gx8amg5l9g4w7s4agjf8mlmpgjydgzx3vryp9lzzs9xrd5vqh";
};
nativeBuildInputs = [
intltool
pkg-config
xfce.xfce4-dev-tools
desktop-file-utils
installShellFiles
];
buildInputs = with gst_all_1; [
dbus-glib
gstreamer
gst-plugins-base
gtk3
hicolor-icon-theme
libpeas
pcre
qtbase
sqlite
taglib
zlib
]
++ lib.optionals withGstPlugins [ gst-plugins-good gst-plugins-bad gst-plugins-ugly ]
++ lib.optionals withCD [ libcddb libcdio libcdio-paranoia ]
++ lib.optional withGudev libgudev
++ lib.optional withKeybinder keybinder3
++ lib.optional withLibnotify libnotify
++ lib.optional withLastfm liblastfmSF
++ lib.optional withGlyr glyr
++ lib.optional withLibsoup libsoup
++ lib.optional withMtp libmtp
++ lib.optional withXfce4ui xfce.libxfce4ui
++ lib.optional withTotemPlParser totem-pl-parser
# ++ lib.optional withGrilo grilo
# ++ lib.optional withRygel rygel
;
CFLAGS = [ "-DHAVE_PARANOIA_NEW_INCLUDES" ];
NIX_CFLAGS_COMPILE = "-I${lib.getDev gst_all_1.gst-plugins-base}/include/gstreamer-1.0";
postInstall = ''
qtWrapperArgs+=(--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0")
install -m 444 data/${pname}.desktop $out/share/applications
install -d $out/share/pixmaps
installManPage data/${pname}.1
'';
meta = with lib; {
description = "A lightweight GTK+ music manager - fork of Consonance Music Manager";
homepage = "https://pragha-music-player.github.io/";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ mbaeten ];
platforms = platforms.unix;
};
}

View file

@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
description = "A simple integrated development environment for Java";
homepage = "https://www.bluej.org/";
license = licenses.gpl2ClasspathPlus;
maintainers = [ maintainers.charvp ];
maintainers = [ maintainers.chvp ];
platforms = platforms.unix;
};
}

View file

@ -113,6 +113,21 @@
jam-mode = callPackage ./jam-mode { };
llvm-mode = trivialBuild {
pname = "llvm-mode";
inherit (external.llvmPackages.llvm) src version;
dontConfigure = true;
buildPhase = ''
cp utils/emacs/*.el .
'';
meta = {
inherit (external.llvmPackages.llvm.meta) homepage license;
description = "Major mode for the LLVM assembler language.";
};
};
org-mac-link =
callPackage ./org-mac-link { };

View file

@ -159,10 +159,14 @@ let emacs = stdenv.mkDerivation (lib.optionalAttrs nativeComp {
'' + lib.optionalString (nativeComp && withNS) ''
ln -snf $out/lib/emacs/*/native-lisp $out/Applications/Emacs.app/Contents/native-lisp
'' + lib.optionalString nativeComp ''
$out/bin/emacs --batch \
-l comp --eval "(mapatoms (lambda (s) \
(when (subr-primitive-p (symbol-function s)) \
(comp-trampoline-compile s))))"
echo "Generating native-compiled trampolines..."
# precompile trampolines in parallel, but avoid spawning one process per trampoline.
# 1000 is a rough lower bound on the number of trampolines compiled.
$out/bin/emacs --batch --eval "(mapatoms (lambda (s) \
(when (subr-primitive-p (symbol-function s)) (print s))))" \
| xargs -n $((1000/NIX_BUILD_CORES + 1)) -P $NIX_BUILD_CORES \
$out/bin/emacs --batch -l comp --eval "(while argv \
(comp-trampoline-compile (intern (pop argv))))"
mkdir -p $out/share/emacs/native-lisp
$out/bin/emacs --batch \
--eval "(add-to-list 'comp-eln-load-path \"$out/share/emacs/native-lisp\")" \

View file

@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
description = "A simple integrated development environment for Java";
homepage = "https://www.greenfoot.org/";
license = licenses.gpl2ClasspathPlus;
maintainers = [ maintainers.charvp ];
maintainers = [ maintainers.chvp ];
platforms = platforms.unix;
};
}

View file

@ -1,7 +1,7 @@
{ pkgs, parinfer-rust, rep }:
{ pkgs, parinfer-rust, rep, kak-lsp }:
{
inherit parinfer-rust rep;
inherit parinfer-rust rep kak-lsp;
case-kak = pkgs.callPackage ./case.kak.nix { };
kak-ansi = pkgs.callPackage ./kak-ansi.nix { };

View file

@ -1,5 +1,5 @@
{ ripgrep, git, fzf, makeWrapper, vim_configurable, vimPlugins, fetchFromGitHub
, lib, stdenv, formats, spacevim_config ? import ./init.nix }:
, lib, stdenv, formats, runCommand, spacevim_config ? import ./init.nix }:
let
format = formats.toml {};
@ -10,28 +10,37 @@ let
# ~/.cache/vimfiles/repos
vimrcConfig.packages.myVimPackage = with vimPlugins; { start = [ ]; };
};
spacevimdir = format.generate "init.toml" spacevim_config;
spacevimdir = runCommand "SpaceVim.d" { } ''
mkdir -p $out
cp ${format.generate "init.toml" spacevim_config} $out/init.toml
'';
in stdenv.mkDerivation rec {
pname = "spacevim";
version = "1.5.0";
version = "1.6.0";
src = fetchFromGitHub {
owner = "SpaceVim";
repo = "SpaceVim";
rev = "v${version}";
sha256 = "1xw4l262x7wzs1m65bddwqf3qx4254ykddsw3c3p844pb3mzqhh7";
sha256 = "sha256-QQdtjEdbuzmf0Rw+u2ZltLihnJt8LqkfTrLDWLAnCLE=";
};
nativeBuildInputs = [ makeWrapper vim-customized];
buildInputs = [ vim-customized ];
buildPhase = ''
runHook preBuild
# generate the helptags
vim -u NONE -c "helptags $(pwd)/doc" -c q
runHook postBuild
'';
patches = [ ./helptags.patch ];
patches = [
# Don't generate helptags at runtime into read-only $SPACEVIMDIR
./helptags.patch
];
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp -r $(pwd) $out/SpaceVim
@ -40,6 +49,7 @@ in stdenv.mkDerivation rec {
makeWrapper "${vim-customized}/bin/vim" "$out/bin/spacevim" \
--add-flags "-u $out/SpaceVim/vimrc" --set SPACEVIMDIR "${spacevimdir}/" \
--prefix PATH : ${lib.makeBinPath [ fzf git ripgrep]}
runHook postInstall
'';
meta = with lib; {

View file

@ -2,7 +2,7 @@ diff --git a/autoload/SpaceVim.vim b/autoload/SpaceVim.vim
index 16688680..fcafd6f7 100644
--- a/autoload/SpaceVim.vim
+++ b/autoload/SpaceVim.vim
@@ -1255,13 +1255,6 @@ function! SpaceVim#end() abort
@@ -1355,13 +1355,6 @@ function! SpaceVim#end() abort
let &helplang = 'jp'
endif
""

View file

@ -10,11 +10,11 @@ with lib;
perlPackages.buildPerlPackage rec {
pname = "gscan2pdf";
version = "2.9.1";
version = "2.11.1";
src = fetchurl {
url = "mirror://sourceforge/gscan2pdf/${version}/${pname}-${version}.tar.xz";
sha256 = "1ls6n1a8vjgwkb40drpc3rapjligaf9fp218539fnwvhv26div69";
sha256 = "0aigngfi5dbjihn43c6sg865i1ybfzj0w81zclzy8r9nqiqq0wma";
};
nativeBuildInputs = [ wrapGAppsHook ];
@ -23,15 +23,19 @@ perlPackages.buildPerlPackage rec {
[ librsvg sane-backends sane-frontends ] ++
(with perlPackages; [
Gtk3
Gtk3ImageView
Gtk3SimpleList
Cairo
CairoGObject
Glib
GlibObjectIntrospection
GooCanvas2
GraphicsTIFF
IPCSystemSimple
LocaleCodes
LocaleGettext
PDFAPI2
PDFBuilder
ImagePNGLibpng
ImageSane
SetIntSpan
PerlMagick
@ -93,9 +97,21 @@ perlPackages.buildPerlPackage rec {
xvfb_run
file
tesseract # tests are expecting tesseract 3.x precisely
];
] ++ (with perlPackages; [
TestPod
]);
checkPhase = ''
# Temporarily disable a dubiously failing test:
# t/169_import_scan.t ........................... 1/1
# # Failed test 'variable-height scan imported with expected size'
# # at t/169_import_scan.t line 50.
# # got: '179'
# # expected: '296'
# # Looks like you failed 1 test of 1.
# t/169_import_scan.t ........................... Dubious, test returned 1 (wstat 256, 0x100)
rm t/169_import_scan.t
xvfb-run -s '-screen 0 800x600x24' \
make test
'';

View file

@ -8,11 +8,11 @@
stdenv.mkDerivation rec {
pname = "1password";
version = "0.9.12-3";
version = "0.9.13";
src = fetchurl {
url = "https://onepassword.s3.amazonaws.com/linux/appimage/${pname}-${version}.AppImage";
hash = "sha256-IK4BuZKM2U8vz7m8waJhoh3tQ539wGLcIDNiYGUou24=";
hash = "sha256-VdbdmpLiQGVFH3q6baE2yuuKz11Tn0gMpkGDI9KI3HQ=";
};
nativeBuildInputs = [ makeWrapper ];

View file

@ -2,13 +2,13 @@
buildGoPackage rec {
pname = "cointop";
version = "1.6.0";
version = "1.6.2";
src = fetchFromGitHub {
owner = "miguelmota";
repo = pname;
rev = "v${version}";
sha256 = "sha256-P2LR42Qn5bBF5xcfCbxiGFBwkW/kAKVGiyED37OdZLo=";
sha256 = "sha256-4Ae8lzaec7JeYfmeLleatUS/xQUjea7O4XJ9DOgJIMs=";
};
goPackagePath = "github.com/miguelmota/cointop";

View file

@ -3,13 +3,13 @@
mkDerivation rec {
pname = "coolreader";
version = "3.2.49";
version = "3.2.51";
src = fetchFromGitHub {
owner = "buggins";
repo = pname;
rev = "cr${version}";
sha256 = "10i3w4zjlilz3smjzbwm50d91ns3w0wlgmsf38fn2lv76zczv8ia";
sha256 = "sha256-rRWZHkuSNhAHwxKjpRgcNXO9vs/MDAgEuhRs8mRPjP4=";
};
nativeBuildInputs = [ cmake pkg-config ];

View file

@ -2,13 +2,13 @@
mkDerivation rec {
pname = "gpxsee";
version = "8.5";
version = "8.6";
src = fetchFromGitHub {
owner = "tumic0";
repo = "GPXSee";
rev = version;
sha256 = "sha256-ygBM8HtCF8d4KVOakP4ssFyTgAsPQDfjAMJaEqo+Ml4=";
sha256 = "sha256-RAqTwi65YskQhsjlHxQqy50R5s8z2yriWLkrg5J/eTc=";
};
patches = (substituteAll {

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "hugo";
version = "0.80.0";
version = "0.81.0";
src = fetchFromGitHub {
owner = "gohugoio";
repo = pname;
rev = "v${version}";
sha256 = "0xs9y5lj0mya6ag625x8j91mn9l9r13gxaqxyvl1fl40y2yjz1zm";
sha256 = "sha256-9YroUxcLixu+MNL37JByCulCHv0WxWGwqBQ/+FGtZLw=";
};
vendorSha256 = "172mcs8p43bsdkd2hxg9qn6018fh8f36kxx0vgnq5q6fqsb6s1f6";
vendorSha256 = "sha256-5gQyoLirXajkzxKxzcuPnjECL2mJPiHS65lYkyIpKs8=";
doCheck = false;

View file

@ -34,6 +34,8 @@
, withKeePassNetworking ? true
, withKeePassTouchID ? true
, withKeePassFDOSecrets ? true
, nixosTests
}:
with lib;
@ -118,6 +120,8 @@ stdenv.mkDerivation rec {
wrapQtApp $out/Applications/KeePassXC.app/Contents/MacOS/KeePassXC
'';
passthru.tests = nixosTests.keepassxc;
meta = {
description = "Password manager to store your passwords safely and auto-type them into your everyday websites and applications";
longDescription = "A community fork of KeePassX, which is itself a port of KeePass Password Safe. The goal is to extend and improve KeePassX with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager. Accessible via native cross-platform GUI, CLI, and browser integration with the KeePassXC Browser Extension (https://github.com/keepassxreboot/keepassxc-browser).";

View file

@ -8,22 +8,22 @@
rustPlatform.buildRustPackage rec {
pname = "reddsaver";
version = "0.3.0";
version = "0.3.1";
src = fetchFromGitHub {
owner = "manojkarthick";
repo = "reddsaver";
rev = "v${version}";
sha256 = "0wiyzbl9vqx5aq3lpaaqkm3ivj77lqd8bmh8ipgshdflgm1z6yvp";
sha256 = "0kww3abgvxr7azr7yb8aiw28fz13qb4sn3x7nnz1ihmd4yczi9fg";
};
cargoSha256 = "0kw5gk7pf4xkmjffs2jxm6sc4chybns88cii2wlgpyvgn4c3cwaa";
cargoSha256 = "09xm22vgmd3dc0wr6n3jczxvhwpcsijwfbv50dz1lnsx57g8mgmd";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl ]
++ lib.optional stdenv.isDarwin Security;
# package does not contain tests as of v0.3.0
# package does not contain tests as of v0.3.1
docCheck = false;
meta = with lib; {

View file

@ -1,4 +1,4 @@
{ symlinkJoin, lib, rofi-unwrapped, makeWrapper, hicolor-icon-theme, theme ? null, plugins ? [] }:
{ symlinkJoin, lib, rofi-unwrapped, makeWrapper, wrapGAppsHook, gdk-pixbuf, hicolor-icon-theme, theme ? null, plugins ? [] }:
symlinkJoin {
name = "rofi-${rofi-unwrapped.version}";
@ -7,16 +7,23 @@ symlinkJoin {
rofi-unwrapped.out
] ++ (lib.forEach plugins (p: p.out));
buildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper wrapGAppsHook ];
buildInputs = [ gdk-pixbuf ];
preferLocalBuild = true;
passthru.unwrapped = rofi-unwrapped;
dontWrapGApps = true;
postBuild = ''
rm -rf $out/bin
mkdir $out/bin
ln -s ${rofi-unwrapped}/bin/* $out/bin
rm $out/bin/rofi
gappsWrapperArgsHook
makeWrapper ${rofi-unwrapped}/bin/rofi $out/bin/rofi \
''${gappsWrapperArgs[@]} \
--prefix XDG_DATA_DIRS : ${hicolor-icon-theme}/share \
${lib.optionalString (plugins != []) ''--prefix XDG_DATA_DIRS : ${lib.concatStringsSep ":" (lib.forEach plugins (p: "${p.out}/share"))}''} \
${lib.optionalString (theme != null) ''--add-flags "-theme ${theme}"''} \

View file

@ -1,4 +1,6 @@
{ lib, stdenv, fetchFromGitHub
{ lib
, stdenv
, fetchFromGitHub
, meson
, ninja
, wayland
@ -9,22 +11,26 @@
, scdoc
, libnotify
, glib
, wrapGAppsHook
, hicolor-icon-theme
}:
stdenv.mkDerivation rec {
pname = "swappy";
version = "1.3.0";
version = "1.3.1";
src = fetchFromGitHub {
owner = "jtheoof";
repo = pname;
rev = "v${version}";
sha256 = "1bm184fbzylymh4kr7n8gy9plsdxif8xahc1zmkgdg1a0kwgws2x";
sha256 = "12z643c7vzffhjsxaz1lak99i4nwm688pha0hh4pg69jf5wz5xx3";
};
nativeBuildInputs = [ glib meson ninja pkg-config scdoc ];
nativeBuildInputs = [ glib meson ninja pkg-config scdoc wrapGAppsHook ];
buildInputs = [ cairo pango gtk libnotify wayland glib ];
buildInputs = [
cairo pango gtk libnotify wayland glib hicolor-icon-theme
];
strictDeps = true;

View file

@ -1,5 +1,20 @@
{ lib, stdenv, fetchurl, fetchsvn, makeWrapper, makeDesktopItem, jdk, jre, ant
, gtk3, gsettings-desktop-schemas, p7zip, libXxf86vm }:
{ lib
, stdenv
, fetchurl
, fetchsvn
, makeWrapper
, makeDesktopItem
# sweethome3d 6.4.2 does not yet build with jdk 9 and later.
# this is fixed on trunk (7699?) but let's build with jdk8 until then.
, jdk8
# it can run on the latest stable jre fine though
, jre
, ant
, gtk3
, gsettings-desktop-schemas
, p7zip
, libXxf86vm
}:
let
@ -27,23 +42,29 @@ let
categories = "Graphics;2DGraphics;3DGraphics;";
};
patchPhase = ''
postPatch = ''
patchelf --set-rpath ${libXxf86vm}/lib lib/java3d-1.6/linux/amd64/libnativewindow_awt.so
patchelf --set-rpath ${libXxf86vm}/lib lib/java3d-1.6/linux/amd64/libnativewindow_x11.so
patchelf --set-rpath ${libXxf86vm}/lib lib/java3d-1.6/linux/i586/libnativewindow_awt.so
patchelf --set-rpath ${libXxf86vm}/lib lib/java3d-1.6/linux/i586/libnativewindow_x11.so
'';
buildInputs = [ ant jdk makeWrapper p7zip gtk3 gsettings-desktop-schemas ];
buildInputs = [ ant jdk8 makeWrapper p7zip gtk3 gsettings-desktop-schemas ];
buildPhase = ''
runHook preBuild
ant furniture textures help
mkdir -p $out/share/{java,applications}
mv "build/"*.jar $out/share/java/.
ant
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp install/${module}-${version}.jar $out/share/java/.
@ -59,6 +80,8 @@ let
--set MESA_GL_VERSION_OVERRIDE 2.1 \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3.out}/share:${gsettings-desktop-schemas}/share:$out/share:$GSETTINGS_SCHEMAS_PATH" \
--add-flags "-Dsun.java2d.opengl=true -jar $out/share/java/${module}-${version}.jar -cp $out/share/java/Furniture.jar:$out/share/java/Textures.jar:$out/share/java/Help.jar -d${toString stdenv.hostPlatform.parsed.cpu.bits}"
runHook postInstall
'';
dontStrip = true;

View file

@ -1,5 +1,17 @@
{ lib, stdenv, fetchcvs, makeWrapper, makeDesktopItem, jdk, jre, ant
, gtk3, gsettings-desktop-schemas, sweethome3dApp }:
{ lib
, stdenv
, fetchcvs
, makeWrapper
, makeDesktopItem
# sweethome3d 6.4.2 does not yet build with jdk 9 and later.
# this is fixed on trunk (7699?) but let's build with jdk8 until then.
, jdk8
# it can run on the latest stable jre fine though
, jre
, ant
, gtk3
, gsettings-desktop-schemas
, sweethome3dApp }:
let
@ -23,15 +35,19 @@ let
categories = "Graphics;2DGraphics;3DGraphics;";
};
buildInputs = [ ant jre jdk makeWrapper gtk3 gsettings-desktop-schemas ];
buildInputs = [ ant jdk8 makeWrapper gtk3 gsettings-desktop-schemas ];
patchPhase = ''
postPatch = ''
sed -i -e 's,../SweetHome3D,${application.src},g' build.xml
sed -i -e 's,lib/macosx/java3d-1.6/jogl-all.jar,lib/java3d-1.6/jogl-all.jar,g' build.xml
'';
buildPhase = ''
ant -lib ${application.src}/libtest -lib ${application.src}/lib -lib ${jdk}/lib
runHook preBuild
ant -lib ${application.src}/libtest -lib ${application.src}/lib -lib ${jdk8}/lib
runHook postBuild
'';
installPhase = ''

View file

@ -5,19 +5,19 @@
rustPlatform.buildRustPackage rec {
pname = "taskwarrior-tui";
version = "0.9.10";
version = "0.10.4";
src = fetchFromGitHub {
owner = "kdheepak";
repo = "taskwarrior-tui";
rev = "v${version}";
sha256 = "sha256-NQzZhWoLeDF7iTgIljbVi0ULAe7DeIn45Cu6bgFCfKQ=";
sha256 = "1rs6xpnmqzp45jkdzi8x06i8764gk7zl86sp6s0hiirbfqf7vwsy";
};
# Because there's a test that requires terminal access
doCheck = false;
cargoSha256 = "sha256-9qfqQ7zFw+EwY7o35Y6RhBJ8h5eXnTAsdbqo/w0zO5w=";
cargoSha256 = "0xblxsp7jgqbb3kr5k7yy6ziz18a8wlkrhls0vz9ak2n0ngddg3r";
meta = with lib; {
description = "A terminal user interface for taskwarrior ";

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "ticker";
version = "3.0.0";
version = "3.1.7";
src = fetchFromGitHub {
owner = "achannarasappa";
repo = "ticker";
rev = "v${version}";
sha256 = "sha256-k4ahoaEI2HBoEcRQscpitp2tWsiWmSYaErnth99xOqw=";
sha256 = "sha256-OA01GYp6E0zsEwkUUtvpmvl0y/YTXChl0pwIKozB4Qg=";
};
vendorSha256 = "sha256-8Ew+K/uTFoBAhPQwebtjl6bJPiSEE3PaZCYZsQLOMkw=";
vendorSha256 = "sha256-aUBj7ZGWBeWc71y1CWm/KCw+El5TwH29S+KxyZGH1Zo=";
# Tests require internet
doCheck = false;

View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "tickrs";
version = "0.12.0";
version = "0.13.0";
src = fetchFromGitHub {
owner = "tarkah";
repo = pname;
rev = "v${version}";
sha256 = "sha256-F9PyJ2uvnKPcjHS4VeuVJuK48HiqqCG8kFzphGW4QyA=";
sha256 = "sha256-Gxrz0RNv7sEIfl0Ac5eLVXvbbxIWIL31mDOZrgY88ps=";
};
cargoSha256 = "sha256-0JSsCtAsqukFuwtbVS1L2jgLNBjquFBInjsJ1XVocjc=";
cargoSha256 = "sha256-9UlEmc9gbZDWelOPD3jZAIkVKNk9jMq5Ljzwur1UiGs=";
nativeBuildInputs = [ perl ];

View file

@ -133,7 +133,7 @@ stdenv.mkDerivation rec {
--replace "/bin/sh" "${bash}/bin/sh" \
--replace "cat" "${coreutils}/bin/cat" \
--replace "chattr" "${e2fsprogs}/bin/chattr" \
--replace "mv" "${coreutils}/bin/mv" \
--replace "mv " "${coreutils}/bin/mv " \
--replace "pkill" "${procps}/bin/pkill"
done
@ -145,7 +145,7 @@ stdenv.mkDerivation rec {
--replace "/bin/sh" "${bash}/bin/sh" \
--replace "/opt/" "$out/opt/" \
--replace "chattr" "${e2fsprogs}/bin/chattr" \
--replace "mv" "${coreutils}/bin/mv"
--replace "mv " "${coreutils}/bin/mv "
done
substituteInPlace $out/lib/systemd/system/appgatedriver.service \
@ -174,7 +174,7 @@ stdenv.mkDerivation rec {
'';
meta = with lib; {
description = "Appgate SDP (Software Defined Perimeter) desktop client";
homepage = https://www.appgate.com/support/software-defined-perimeter-support;
homepage = "https://www.appgate.com/support/software-defined-perimeter-support";
license = licenses.unfree;
platforms = platforms.linux;
maintainers = with maintainers; [ ymatsiuk ];

View file

@ -44,9 +44,9 @@
}
},
"ungoogled-chromium": {
"version": "88.0.4324.150",
"sha256": "1hrqrggg4g1hjmaajbpydwsij2mfkfj5ccs1lj76nv4qj91yj4mf",
"sha256bin64": "0xyhvhppxk95clk6vycg2yca1yyzpi13rs3lhs4j9a482api6ks0",
"version": "88.0.4324.182",
"sha256": "10av060ix6lgsvv99lyvyy03r0m3zwdg4hddbi6dycrdxk1iyh9h",
"sha256bin64": "1rjg23xiybpnis93yb5zkvglm3r4fds9ip5mgl6f682z5x0yj05b",
"deps": {
"gn": {
"version": "2020-11-05",
@ -55,8 +55,8 @@
"sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9"
},
"ungoogled-patches": {
"rev": "88.0.4324.150-1",
"sha256": "0hzap19pbnfcskpzbqq7dqrankmlrq9q7m1xrf7aygqiir0ksp4y"
"rev": "88.0.4324.182-1",
"sha256": "1c9y1dn9s06pskkjw2r8lsbplak8m2rwh4drixvjpif7b4cgdhay"
}
}
}

View file

@ -51,27 +51,6 @@ let
alsaSupport = browser.alsaSupport or false;
pipewireSupport = browser.pipewireSupport or false;
# FIXME: This should probably be an assertion now?
plugins =
let
removed = lib.filter (a: builtins.hasAttr a cfg) [
"enableAdobeFlash"
"enableAdobeReader"
"enableBluejeans"
"enableDjvu"
"enableFriBIDPlugin"
"enableGoogleTalkPlugin"
"enableMPlayer"
"enableVLC"
"icedtea"
"jre"
];
in if removed != [] then
throw "Your configuration mentions ${lib.concatMapStringsSep ", " (p: browserName + "." + p) removed}. All plugin related options have been removed, since Firefox from version 52 onwards no longer supports npapi plugins (see https://support.mozilla.org/en-US/kb/npapi-plugins)."
else
[]
;
nativeMessagingHosts =
([ ]
++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
@ -164,7 +143,24 @@ let
# #
#############################
in stdenv.mkDerivation {
# TODO: remove this after the next release (21.03)
configPlugins = lib.filter (a: builtins.hasAttr a cfg) [
"enableAdobeFlash"
"enableAdobeReader"
"enableBluejeans"
"enableDjvu"
"enableFriBIDPlugin"
"enableGoogleTalkPlugin"
"enableMPlayer"
"enableVLC"
"icedtea"
"jre"
];
pluginsError =
"Your configuration mentions ${lib.concatMapStringsSep ", " (p: browserName + "." + p) configPlugins}. All plugin related options have been removed, since Firefox from version 52 onwards no longer supports npapi plugins (see https://support.mozilla.org/en-US/kb/npapi-plugins).";
in if configPlugins != [] then throw pluginsError else
(stdenv.mkDerivation {
inherit pname version;
desktopItem = makeDesktopItem {
@ -262,12 +258,9 @@ let
makeWrapper "$oldExe" \
"$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \
--suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \
--suffix LD_LIBRARY_PATH ':' "$libs" \
--suffix-each GTK_PATH ':' "$gtk_modules" \
--suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \
--prefix PATH ':' "${xdg-utils}/bin" \
--prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \
--suffix PATH ':' "$out${browser.execdir or "/bin"}" \
--set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \
--set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
@ -351,9 +344,6 @@ let
preferLocalBuild = true;
# Let each plugin tell us (through its `mozillaPlugin') attribute
# where to find the plugin in its tree.
plugins = map (x: x + x.mozillaPlugin) plugins;
libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs;
gtk_modules = map (x: x + x.gtkModule) gtk_modules;
@ -362,14 +352,9 @@ let
disallowedRequisites = [ stdenv.cc ];
meta = browser.meta // {
description =
browser.meta.description
+ " (with plugins: "
+ lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins))
+ ")";
description = browser.meta.description;
hydraPlatforms = [];
priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package
};
};
in
lib.makeOverridable wrapper
});
in lib.makeOverridable wrapper

View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "fluxcd";
version = "0.8.1";
version = "0.8.2";
src = fetchFromGitHub {
owner = "fluxcd";
repo = "flux2";
rev = "v${version}";
sha256 = "1xxw6zk0lk4is220lydcx57mrsw6pk2rirsp4wjzvawjlv7wdv25";
sha256 = "1yrjgjagh7jfzgvnj9wr71mk34x7yf66fwyby73f1pfi2cg49nhp";
};
vendorSha256 = "0acxbmc4j1fcdja0s9g04f0kd34x54yfqismibfi40m2gzbg6ljr";

View file

@ -15,10 +15,10 @@ buildGoModule rec {
owner = "AkihiroSuda";
repo = pname;
rev = "v${version}";
sha256 = "sha256-lSvYiTh67gK9kJls7VsayV8T3H6RzFEEKe49BOWnUBw=";
sha256 = "sha256-QhAN30ge0dbC9dGT1yP4o0VgrcS9+g+r6YJ07ZjPJtg=";
};
vendorSha256 = "sha256-qywiaNoO3pI7sfyPbwWR8BLd86RvJ2xSWwCJUsm3RkM=";
vendorSha256 = "sha256-bX1GfKbAbdEAnW3kPNsbF/cJWufxvuhm//G88qJ3u08=";
nativeBuildInputs = [ makeWrapper ];
@ -30,6 +30,9 @@ buildGoModule rec {
"-X github.com/AkihiroSuda/nerdctl/pkg/version.Revision=<unknown>"
];
# Many checks require a containerd socket and running nerdctl after it's built
doCheck = false;
postInstall = ''
wrapProgram $out/bin/nerdctl \
--prefix PATH : "${lib.makeBinPath ([ buildkit ] ++ extraPackages)}" \
@ -39,6 +42,9 @@ buildGoModule rec {
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
# nerdctl expects XDG_RUNTIME_DIR to be set
export XDG_RUNTIME_DIR=$TMPDIR
$out/bin/nerdctl --help
# --version will error without containerd.sock access
$out/bin/nerdctl --help | grep "${version}"

View file

@ -5,13 +5,13 @@ buildGoModule rec {
/* Do not use "dev" as a version. If you do, Tilt will consider itself
running in development environment and try to serve assets from the
source tree, which is not there once build completes. */
version = "0.18.9";
version = "0.18.10";
src = fetchFromGitHub {
owner = "tilt-dev";
repo = pname;
rev = "v${version}";
sha256 = "sha256-bsLqTpBhYeDMAv8vmnbjz+bmkyGqX3V7OkOwCprftC0=";
sha256 = "sha256-SvvvHGR3UPyV61MaoFB68SaZKUT3ItYOPT1a7AddxlY=";
};
vendorSha256 = null;

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "dnscontrol";
version = "3.6.0";
version = "3.7.0";
src = fetchFromGitHub {
owner = "StackExchange";
repo = pname;
rev = "v${version}";
sha256 = "sha256-I1PaDHPocQuoSOyfnxDWwIR+7S9l/odX4SCeAae/jv8=";
sha256 = "sha256-el94Iq7/+1FfGpqbhKEO6FGpaCxoueoc/+Se+WfT+G0=";
};
vendorSha256 = "sha256-H0i5MoVX5O0CgHOvefDEyzBWvBZvJZUrC9xBq9CHgeE=";
vendorSha256 = "sha256-MSHg1RWjbXm1pf6HTyJL4FcnLuacL9fO1F6zbouVkWg=";
subPackages = [ "." ];

View file

@ -19,23 +19,27 @@
rustPlatform.buildRustPackage rec {
pname = "newsflash";
version = "1.1.1";
version = "1.2.2";
src = fetchFromGitLab {
owner = "news-flash";
repo = "news_flash_gtk";
rev = version;
sha256 = "1z47h23g87dqmr9sfjl36fs5xjm2wj7z2bri9g0a4jcpwzl5awsd";
hash = "sha256-TeheK14COX1NIrql74eI8Wx4jtpUP1eO5mugT5LzlPY=";
};
cargoSha256 = "0rnrdh9ganj63hf9j890yj9pahcgza95z7x020w72mbb4648hq26";
cargoHash = "sha256-Fbj4sabrwpfa0QNEN4l91y/6AuPIKu7QPzYNUO6RtU0=";
patches = [
# Post install tries to generate an icon cache & update the
# desktop database. The gtk setup hook drop-icon-theme-cache.sh
# would strip out the icon cache and the desktop database wouldn't
# be included in $out. They will generated by xdg.mime.enable &
# gtk.iconCache.enable instead.
./no-post-install.patch
];
postPatch = ''
chmod +x build-aux/cargo.sh
patchShebangs .
'';

View file

@ -1,19 +1,19 @@
{ lib, fetchurl, appimageTools }:
let
pname = "deltachat-electron";
version = "1.3.0";
version = "1.14.1";
name = "${pname}-${version}";
src = fetchurl {
url =
"https://download.delta.chat/desktop/v${version}/DeltaChat-${version}.AppImage";
sha256 = "1xyp8cg11px8rras12sncjmq85alyvz7ycw1v1py8w8rlz60wkij";
sha256 = "0w00qr8wwrxwa2g71biyz42k8y5y766m6k876bnzq927vcjilq6b";
};
appimageContents = appimageTools.extract { inherit name src; };
in appimageTools.wrapType2 {
in
appimageTools.wrapType2 {
inherit name src;
extraInstallCommands = ''

View file

@ -13,16 +13,16 @@
buildGoModule rec {
pname = "gomuks";
version = "0.2.2";
version = "0.2.3";
src = fetchFromGitHub {
owner = "tulir";
repo = pname;
rev = "v${version}";
sha256 = "169xyd44jyfh5njwmhsmkah8njfgnp9q9c2b13p0ry5saicwm5h5";
sha256 = "0g0aa6h6bm00mdgkb38wm66rcrhqfvs2xj9rl04bwprsa05q5lca";
};
vendorSha256 = "1l8qnz0qy90zpywfx7pbkqpxg7rkvc9j622zcmkf38kdc1z6w20a";
vendorSha256 = "14ya5advpv4q5il235h5dxy8c2ap2yzrvqs0sjqgw0v1vm6vpwdx";
doCheck = false;
@ -54,8 +54,8 @@ buildGoModule rec {
meta = with lib; {
homepage = "https://maunium.net/go/gomuks/";
description = "A terminal based Matrix client written in Go";
license = licenses.gpl3;
maintainers = with maintainers; [ charvp emily ];
license = licenses.agpl3Plus;
maintainers = with maintainers; [ chvp emily ];
platforms = platforms.unix;
};
}

View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "ipfs";
version = "0.7.0";
version = "0.8.0";
rev = "v${version}";
# go-ipfs makes changes to it's source tarball that don't match the git source.
src = fetchurl {
url = "https://github.com/ipfs/go-ipfs/releases/download/${rev}/go-ipfs-source.tar.gz";
sha256 = "1fkzwm4qxxpmbjammk6s5qcyjxivfa0ydqz4mpz1w756c4jq0jf3";
sha256 = "sha256-uK3+Ekr5AM6mmGmjFSj1Rotm5pbH657BYUlP9B39WEw=";
};
# tarball contains multiple files/directories

View file

@ -1,52 +1,135 @@
{ lib, config, fetchurl, stdenv, wrapGAppsHook, autoreconfHook
, curl, dbus, dbus-glib, enchant, gtk2, gnutls, gnupg, gpgme, gumbo
, libarchive, libcanberra-gtk2, libetpan, libnotify, libsoup, libxml2, networkmanager
, openldap, perl, pkg-config, poppler, python, shared-mime-info
, glib-networking, gsettings-desktop-schemas, libSM, libytnef, libical
# Build options
# TODO: A flag to build the manual.
# TODO: Plugins that complain about their missing dependencies, even when
# provided:
# gdata requires libgdata
# geolocation requires libchamplain
, enableLdap ? false
, enableNetworkManager ? config.networking.networkmanager.enable or false
{ stdenv, lib, fetchgit, wrapGAppsHook, autoreconfHook, bison, flex
, curl, gtk2, gtk3, pkg-config, python2, python3, shared-mime-info
, glib-networking, gsettings-desktop-schemas
# Use the experimental gtk3 branch.
, useGtk3 ? false
# Package compatibility: old parameters whose name were not directly derived
, enablePgp ? true
, enablePluginArchive ? false
, enablePluginLitehtmlViewer ? false
, enablePluginNotificationDialogs ? true
, enablePluginNotificationSounds ? true
, enablePluginPdf ? false
, enablePluginPython ? false
, enablePluginRavatar ? false
, enablePluginRssyl ? false
, enablePluginSmime ? false
, enablePluginSpamassassin ? false
, enablePluginSpamReport ? false
, enablePluginVcalendar ? false
, enableSpellcheck ? false
, enablePluginPdf ? true
, enablePluginRavatar ? true
, enableSpellcheck ? true
# Arguments to include external libraries
, enableLibSM ? true, libSM
, enableGnuTLS ? true, gnutls
, enableEnchant ? enableSpellcheck, enchant
, enableDbus ? true, dbus, dbus-glib
, enableLdap ? true, openldap
, enableNetworkManager ? true, networkmanager
, enableLibetpan ? true, libetpan
, enableValgrind ? true, valgrind
, enableSvg ? true, librsvg
# Configure claws-mail's plugins
, enablePluginAcpiNotifier ? true
, enablePluginAddressKeeper ? true
, enablePluginArchive ? true, libarchive
, enablePluginAttRemover ? true
, enablePluginAttachWarner ? true
, enablePluginBogofilter ? true
, enablePluginBsfilter ? true
, enablePluginClamd ? true
, enablePluginDillo ? true
, enablePluginFetchInfo ? true
, enablePluginLibravatar ? enablePluginRavatar
, enablePluginLitehtmlViewer ? true, gumbo
, enablePluginMailmbox ? true
, enablePluginManageSieve ? true
, enablePluginNewMail ? true
, enablePluginNotification ? (enablePluginNotificationDialogs || enablePluginNotificationSounds), libcanberra-gtk2, libcanberra-gtk3, libnotify
, enablePluginPdfViewer ? enablePluginPdf, poppler
, enablePluginPerl ? true, perl
, enablePluginPython ? true
, enablePluginPgp ? enablePgp, gnupg, gpgme
, enablePluginRssyl ? true, libxml2
, enablePluginSmime ? true
, enablePluginSpamassassin ? true
, enablePluginSpamReport ? true
, enablePluginTnefParse ? true, libytnef
, enablePluginVcalendar ? true, libical
}:
with lib;
stdenv.mkDerivation rec {
pname = "claws-mail";
version = "3.17.8";
let
version = if useGtk3 then "3.99.0" else "3.17.8";
src = fetchurl {
url = "https://www.claws-mail.org/download.php?file=releases/claws-mail-${version}.tar.xz";
sha256 = "sha256-zbeygUmV1vSpw7HwvBRn7Vw88qXg2hcwqqJaisyv3a8=";
# The official release uses gtk2 and contains the version tag.
gtk2src = {
sha256 = "0l4f8q11iyj8pi120lrapgq51k5j64xf0jlczkzbm99rym752ch5";
};
# The corresponding commit in the gtk3 branch.
gtk3src = {
sha256 = "176h1swh1zx6dqyzfz470x4a1xicnv0zhy8ir47k7p23g6y17i2k";
};
python = if useGtk3 then python3 else python2;
pythonPkgs = if useGtk3
then
with python.pkgs; [ python wrapPython pygobject3 ]
else
with python.pkgs; [ python wrapPython pygtk pygobject2 ];
features = [
{ flags = [ "acpi_notifier-plugin" ]; enabled = enablePluginAcpiNotifier; }
{ flags = [ "address_keeper-plugin" ]; enabled = enablePluginAddressKeeper; }
{ flags = [ "archive-plugin" ]; enabled = enablePluginArchive; deps = [ libarchive ]; }
{ flags = [ "att_remover-plugin" ]; enabled = enablePluginAttRemover; }
{ flags = [ "attachwarner-plugin" ]; enabled = enablePluginAttachWarner; }
{ flags = [ "bogofilter-plugin" ]; enabled = enablePluginBogofilter; }
{ flags = [ "bsfilter-plugin" ]; enabled = enablePluginBsfilter; }
{ flags = [ "clamd-plugin" ]; enabled = enablePluginClamd; }
{ flags = [ "dbus" ]; enabled = enableDbus; deps = [ dbus dbus-glib ]; }
{ flags = [ "dillo-plugin" ]; enabled = enablePluginDillo; }
{ flags = [ "enchant" ]; enabled = enableEnchant; deps = [ enchant ]; }
{ flags = [ "fetchinfo-plugin" ]; enabled = enablePluginFetchInfo; }
{ flags = [ "gnutls" ]; enabled = enableGnuTLS; deps = [ gnutls ]; }
{ flags = [ "ldap" ]; enabled = enableLdap; deps = [ openldap ]; }
{ flags = [ "libetpan" ]; enabled = enableLibetpan; deps = [ libetpan ]; }
{ flags = [ "libravatar-plugin" ]; enabled = enablePluginLibravatar; }
{ flags = [ "libsm" ]; enabled = enableLibSM; deps = [ libSM ]; }
{ flags = [ "litehtml_viewer-plugin" ]; enabled = enablePluginLitehtmlViewer; deps = [ gumbo ]; }
{ flags = [ "mailmbox-plugin" ]; enabled = enablePluginMailmbox; }
{ flags = [ "managesieve-plugin" ]; enabled = enablePluginManageSieve; }
{ flags = [ "networkmanager" ]; enabled = enableNetworkManager; deps = [ networkmanager ]; }
{ flags = [ "newmail-plugin" ]; enabled = enablePluginNewMail; }
{ flags = [ "notification-plugin" ]; enabled = enablePluginNotification; deps = [ libnotify ] ++ [(if useGtk3 then libcanberra-gtk3 else libcanberra-gtk2)]; }
{ flags = [ "pdf_viewer-plugin" ]; enabled = enablePluginPdfViewer; deps = [ poppler ]; }
{ flags = [ "perl-plugin" ]; enabled = enablePluginPerl; deps = [ perl ]; }
{ flags = [ "pgpcore-plugin" "pgpinline-plugin" "pgpmime-plugin" ]; enabled = enablePluginPgp; deps = [ gnupg gpgme ]; }
{ flags = [ "python-plugin" ]; enabled = enablePluginPython; }
{ flags = [ "rssyl-plugin" ]; enabled = enablePluginRssyl; deps = [ libxml2 ]; }
{ flags = [ "smime-plugin" ]; enabled = enablePluginSmime; }
{ flags = [ "spam_report-plugin" ]; enabled = enablePluginSpamReport; }
{ flags = [ "spamassassin-plugin" ]; enabled = enablePluginSpamassassin; }
{ flags = [ "svg" ]; enabled = enableSvg; deps = [ librsvg ]; }
{ flags = [ "tnef_parse-plugin" ]; enabled = enablePluginTnefParse; deps = [ libytnef ]; }
{ flags = [ "valgrind" ]; enabled = enableValgrind; deps = [ valgrind ]; }
{ flags = [ "vcalendar-plugin" ]; enabled = enablePluginVcalendar; deps = [ libical ]; }
];
in stdenv.mkDerivation rec {
pname = "claws-mail";
inherit version;
src = fetchgit ({
rev = version;
url = "git://git.claws-mail.org/claws.git";
} // (if useGtk3 then gtk3src else gtk2src));
outputs = [ "out" "dev" ];
patches = [
./mime.patch
];
patches = [ ./mime.patch ];
preConfigure = ''
# autotools check tries to dlopen libpython as a requirement for the python plugin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${python}/lib
# generate version without .git
[ -e version ] || echo "echo ${version}" > version
'';
postPatch = ''
@ -54,51 +137,30 @@ stdenv.mkDerivation rec {
--subst-var-by MIMEROOTDIR ${shared-mime-info}/share
'';
nativeBuildInputs = [ autoreconfHook pkg-config wrapGAppsHook python.pkgs.wrapPython ];
propagatedBuildInputs = with python.pkgs; [ python ] ++ optionals enablePluginPython [ pygtk pygobject2 ];
nativeBuildInputs = [ autoreconfHook pkg-config bison flex wrapGAppsHook ];
propagatedBuildInputs = pythonPkgs;
buildInputs =
[ curl dbus dbus-glib gtk2 gnutls gsettings-desktop-schemas
libetpan perl glib-networking libSM libytnef
]
++ optional enableSpellcheck enchant
++ optionals (enablePgp || enablePluginSmime) [ gnupg gpgme ]
++ optional enablePluginArchive libarchive
++ optional enablePluginNotificationSounds libcanberra-gtk2
++ optional enablePluginNotificationDialogs libnotify
++ optional enablePluginLitehtmlViewer gumbo
++ optional enablePluginRssyl libxml2
++ optional enableNetworkManager networkmanager
++ optional enableLdap openldap
++ optional enablePluginPdf poppler
++ optional enablePluginVcalendar libical;
[ curl gsettings-desktop-schemas glib-networking ]
++ [(if useGtk3 then gtk3 else gtk2)]
++ concatMap (f: optionals f.enabled f.deps) (filter (f: f ? deps) features)
;
configureFlags =
optional (!enableLdap) "--disable-ldap"
++ optional (!enableNetworkManager) "--disable-networkmanager"
++ optionals (!enablePgp) [
"--disable-pgpcore-plugin"
"--disable-pgpinline-plugin"
"--disable-pgpmime-plugin"
]
++ optional (!enablePluginArchive) "--disable-archive-plugin"
++ optional (!enablePluginLitehtmlViewer) "--disable-litehtml_viewer-plugin"
++ optional (!enablePluginPdf) "--disable-pdf_viewer-plugin"
++ optional (!enablePluginPython) "--disable-python-plugin"
++ optional (!enablePluginRavatar) "--disable-libravatar-plugin"
++ optional (!enablePluginRssyl) "--disable-rssyl-plugin"
++ optional (!enablePluginSmime) "--disable-smime-plugin"
++ optional (!enablePluginSpamassassin) "--disable-spamassassin-plugin"
++ optional (!enablePluginSpamReport) "--disable-spam_report-plugin"
++ optional (!enablePluginVcalendar) "--disable-vcalendar-plugin"
++ optional (!enableSpellcheck) "--disable-enchant";
[
"--disable-manual" # Missing docbook-tools, e.g., docbook2html
"--disable-compface" # Missing compface library
"--disable-jpilot" # Missing jpilot library
"--disable-gdata-plugin" # Complains about missing libgdata, even when provided
"--disable-fancy-plugin" # Missing libwebkit-1.0 library
] ++
(map (feature: map (flag: strings.enableFeature feature.enabled flag) feature.flags) features);
enableParallelBuilding = true;
pythonPath = with python.pkgs; [ pygobject2 pygtk ];
preFixup = ''
buildPythonPath "$out $pythonPath"
buildPythonPath "$out $pythonPkgs"
gappsWrapperArgs+=(--prefix XDG_DATA_DIRS : "${shared-mime-info}/share" --prefix PYTHONPATH : "$program_PYTHONPATH")
'';
@ -112,6 +174,6 @@ stdenv.mkDerivation rec {
homepage = "https://www.claws-mail.org/";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with maintainers; [ fpletz globin orivej ];
maintainers = with maintainers; [ fpletz globin orivej oxzi ajs124 ];
};
}

View file

@ -1,121 +0,0 @@
{ lib, config, fetchgit, stdenv, wrapGAppsHook, autoreconfHook, bison, flex
, curl, dbus, dbus-glib, enchant, gtk3, gnutls, gnupg, gpgme
, libarchive, libcanberra-gtk3, libetpan, libnotify, libsoup, libxml2, networkmanager
, openldap, perl, pkg-config, poppler, python, shared-mime-info, webkitgtk
, glib-networking, gsettings-desktop-schemas, libSM, libytnef, libical
# Build options
# TODO: A flag to build the manual.
# TODO: Plugins that complain about their missing dependencies, even when
# provided:
# gdata requires libgdata
# geolocation requires libchamplain
, enableLdap ? false
, enableNetworkManager ? config.networking.networkmanager.enable or false
, enablePgp ? true
, enablePluginArchive ? false
, enablePluginFancy ? true
, enablePluginNotificationDialogs ? true
, enablePluginNotificationSounds ? true
, enablePluginPdf ? false
, enablePluginPython ? false
, enablePluginRavatar ? false
, enablePluginRssyl ? false
, enablePluginSmime ? false
, enablePluginSpamassassin ? false
, enablePluginSpamReport ? false
, enablePluginVcalendar ? false
, enableSpellcheck ? false
}:
with lib;
stdenv.mkDerivation rec {
pname = "claws-mail-gtk3";
version = "3.99.0";
src = fetchgit {
url = "git://git.claws-mail.org/claws.git";
rev = version;
sha256 = "176h1swh1zx6dqyzfz470x4a1xicnv0zhy8ir47k7p23g6y17i2k";
};
outputs = [ "out" "dev" ];
patches = [ ./mime.patch ];
preConfigure = ''
# autotools check tries to dlopen libpython as a requirement for the python plugin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${python}/lib
# generate version without .git
[ -e version ] || echo "echo ${version}" > version
'';
postPatch = ''
substituteInPlace src/procmime.c \
--subst-var-by MIMEROOTDIR ${shared-mime-info}/share
'';
nativeBuildInputs = [ autoreconfHook bison flex pkg-config wrapGAppsHook python.pkgs.wrapPython ];
propagatedBuildInputs = with python.pkgs; [ python ] ++ optionals enablePluginPython [ pygtk pygobject2 ];
buildInputs =
[ curl dbus dbus-glib gtk3 gnutls gsettings-desktop-schemas
libetpan perl glib-networking libSM libytnef
]
++ optional enableSpellcheck enchant
++ optionals (enablePgp || enablePluginSmime) [ gnupg gpgme ]
++ optional enablePluginArchive libarchive
++ optional enablePluginNotificationSounds libcanberra-gtk3
++ optional enablePluginNotificationDialogs libnotify
++ optional enablePluginFancy libsoup
++ optional enablePluginRssyl libxml2
++ optional enableNetworkManager networkmanager
++ optional enableLdap openldap
++ optional enablePluginPdf poppler
++ optional enablePluginFancy webkitgtk
++ optional enablePluginVcalendar libical;
configureFlags =
optional (!enableLdap) "--disable-ldap"
++ optional (!enableNetworkManager) "--disable-networkmanager"
++ optionals (!enablePgp) [
"--disable-pgpcore-plugin"
"--disable-pgpinline-plugin"
"--disable-pgpmime-plugin"
]
++ optional (!enablePluginArchive) "--disable-archive-plugin"
++ optional (!enablePluginFancy) "--disable-fancy-plugin"
++ optional (!enablePluginPdf) "--disable-pdf_viewer-plugin"
++ optional (!enablePluginPython) "--disable-python-plugin"
++ optional (!enablePluginRavatar) "--disable-libravatar-plugin"
++ optional (!enablePluginRssyl) "--disable-rssyl-plugin"
++ optional (!enablePluginSmime) "--disable-smime-plugin"
++ optional (!enablePluginSpamassassin) "--disable-spamassassin-plugin"
++ optional (!enablePluginSpamReport) "--disable-spam_report-plugin"
++ optional (!enablePluginVcalendar) "--disable-vcalendar-plugin"
++ optional (!enableSpellcheck) "--disable-enchant";
enableParallelBuilding = true;
pythonPath = with python.pkgs; [ pygobject2 pygtk ];
preFixup = ''
buildPythonPath "$out $pythonPath"
gappsWrapperArgs+=(--prefix XDG_DATA_DIRS : "${shared-mime-info}/share" --prefix PYTHONPATH : "$program_PYTHONPATH")
'';
postInstall = ''
mkdir -p $out/share/applications
cp claws-mail.desktop $out/share/applications
'';
NIX_CFLAGS_COMPILE = [ "-Wno-deprecated-declarations" ];
meta = {
description = "The user-friendly, lightweight, and fast email client";
homepage = "https://www.claws-mail.org/";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with maintainers; [ fpletz globin orivej ];
};
}

View file

@ -41,11 +41,11 @@
stdenv.mkDerivation rec {
pname = "evolution";
version = "3.38.3";
version = "3.38.4";
src = fetchurl {
url = "mirror://gnome/sources/evolution/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "1kfshljvkpbh965rjlyy1qjjm0ic3rdxisyy9c5jjvv2qlk65b3z";
sha256 = "NB+S0k4rRMJ4mwA38aiU/xZUh9qksAuA+uMTii4Fr9Q=";
};
nativeBuildInputs = [

View file

@ -63,12 +63,11 @@ let
defaultSource = lib.findFirst (sourceMatches "en-US") {} sources;
source = lib.findFirst (sourceMatches systemLocale) defaultSource sources;
name = "thunderbird-bin-${version}";
in
stdenv.mkDerivation {
inherit name;
pname = "thunderbird-bin";
inherit version;
src = fetchurl {
url = "https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/${version}/${source.arch}/${source.locale}/thunderbird-${version}.tar.bz2";
@ -169,7 +168,8 @@ stdenv.mkDerivation {
'';
passthru.updateScript = import ./../../browsers/firefox-bin/update.nix {
inherit name writeScript xidel coreutils gnused gnugrep curl gnupg runtimeShell;
inherit writeScript xidel coreutils gnused gnugrep curl gnupg runtimeShell;
name = "thunderbird-bin-${version}";
baseName = "thunderbird";
channel = "release";
basePath = "pkgs/applications/networking/mailreaders/thunderbird-bin";

View file

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "shellhub-agent";
version = "0.5.1";
version = "0.5.2";
src = fetchFromGitHub {
owner = "shellhub-io";
repo = "shellhub";
rev = "v${version}";
sha256 = "1vg236vc2v4g47lb68hb1vy3phamhsyb383fdbblh3vc4vf46j8a";
sha256 = "1g3sjkc6p9w3mm7lnr513zwjh7y945hx311b6g068q2lywisqf0x";
};
modRoot = "./agent";

View file

@ -5,9 +5,9 @@
# overridable. This is useful when the upstream archive was replaced
# and nixpkgs is not in sync yet.
, officeVersion ? {
version = "980";
version = "982";
edition = "2018";
sha256 = "19pgil86aagiz6z4kx22gd4cxbbmrx42ix42arkfb6p6hav1plby";
hash = "sha256-euoZfAaDDTXzoaNLc/YdTngreTiYOBi7sGU161GP83w=";
}
, ... } @ args:
@ -19,7 +19,7 @@ callPackage ./generic.nix (args // rec {
suiteName = "FreeOffice";
src = fetchurl {
inherit (officeVersion) sha256;
inherit (officeVersion) hash;
url = "https://www.softmaker.net/down/softmaker-freeoffice-${version}-amd64.tgz";
};

Some files were not shown because too many files have changed in this diff Show more