Project import generated by Copybara.

GitOrigin-RevId: 6f0c00907bbd81b47052eef59f7b284926a77289
This commit is contained in:
Default email 2020-11-24 21:58:05 +01:00
parent 4c0778487f
commit 93ffb054db
668 changed files with 25836 additions and 6850 deletions

View file

@ -213,7 +213,7 @@
/doc/builders/images/dockertools.xml @roberth /doc/builders/images/dockertools.xml @roberth
# Blockchains # Blockchains
/pkgs/applications/blockchains @mmahut /pkgs/applications/blockchains @mmahut @RaghavSood
# Go # Go
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq /pkgs/development/compilers/go @kalbasit @Mic92 @zowoq

View file

@ -640,13 +640,7 @@ rec {
unique [ 3 2 3 4 ] unique [ 3 2 3 4 ]
=> [ 3 2 4 ] => [ 3 2 4 ]
*/ */
unique = list: unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
if list == [] then
[]
else
let
x = head list;
in [x] ++ unique (remove x list);
/* Intersects list 'e' and another list. O(nm) complexity. /* Intersects list 'e' and another list. O(nm) complexity.

View file

@ -34,6 +34,11 @@ rec {
platform = platforms.raspberrypi; platform = platforms.raspberrypi;
}; };
remarkable1 = {
config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.zero-gravitas;
};
armv7l-hf-multiplatform = { armv7l-hf-multiplatform = {
config = "armv7l-unknown-linux-gnueabihf"; config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.armv7l-hf-multiplatform; platform = platforms.armv7l-hf-multiplatform;

View file

@ -203,6 +203,20 @@ rec {
# Legacy attribute, for compatibility with existing configs only. # Legacy attribute, for compatibility with existing configs only.
raspberrypi2 = armv7l-hf-multiplatform; raspberrypi2 = armv7l-hf-multiplatform;
zero-gravitas = {
name = "zero-gravitas";
kernelBaseConfig = "zero-gravitas_defconfig";
kernelArch = "arm";
# kernelTarget verified by checking /boot on reMarkable 1 device
kernelTarget = "zImage";
kernelAutoModules = false;
kernelDTB = true;
gcc = {
fpu = "neon";
cpu = "cortex-a9";
};
};
scaleway-c1 = armv7l-hf-multiplatform // { scaleway-c1 = armv7l-hf-multiplatform // {
gcc = { gcc = {
cpu = "cortex-a9"; cpu = "cortex-a9";

View file

@ -5496,6 +5496,12 @@
githubId = 1191859; githubId = 1191859;
name = "Maxim Krivchikov"; name = "Maxim Krivchikov";
}; };
mazurel = {
email = "mateusz.mazur@yahoo.com";
github = "Mazurel";
githubId = 22836301;
name = "Mateusz Mazur";
};
mbakke = { mbakke = {
email = "mbakke@fastmail.com"; email = "mbakke@fastmail.com";
github = "mbakke"; github = "mbakke";
@ -9998,4 +10004,10 @@
github = "pulsation"; github = "pulsation";
githubId = 1838397; githubId = 1838397;
}; };
zupo = {
name = "Nejc Zupan";
email = "nejczupan+nix@gmail.com";
github = "zupo";
githubId = 311580;
};
} }

View file

@ -23,6 +23,7 @@
<xi:include href="xfce.xml" /> <xi:include href="xfce.xml" />
<xi:include href="networking.xml" /> <xi:include href="networking.xml" />
<xi:include href="linux-kernel.xml" /> <xi:include href="linux-kernel.xml" />
<xi:include href="subversion.xml" />
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" /> <xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
<xi:include href="profiles.xml" /> <xi:include href="profiles.xml" />
<xi:include href="kubernetes.xml" /> <xi:include href="kubernetes.xml" />

View file

@ -0,0 +1,140 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-subversion">
<title>Subversion</title>
<para>
<link xlink:href="https://subversion.apache.org/">Subversion</link>
is a centralized version-control system. It can use a <link
xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing">variety
of protocols</link> for communication between client and server.
</para>
<section xml:id="module-services-subversion-apache-httpd">
<title>Subversion inside Apache HTTP</title>
<para>
This section focuses on configuring a web-based server on top of
the Apache HTTP server, which uses
<link xlink:href="http://www.webdav.org/">WebDAV</link>/<link
xlink:href="http://www.webdav.org/deltav/WWW10/deltav-intro.htm">DeltaV</link>
for communication.
</para>
<para>For more information on the general setup, please refer to
the <link
xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd">the
appropriate section of the Subversion book</link>.
</para>
<para>To configure, include in
<literal>/etc/nixos/configuration.nix</literal> code to activate
Apache HTTP, setting <xref linkend="opt-services.httpd.adminAddr" />
appropriately:
</para>
<para>
<programlisting>
services.httpd.enable = true;
services.httpd.adminAddr = ...;
networking.firewall.allowedTCPPorts = [ 80 443 ];
</programlisting>
</para>
<para>For a simple Subversion server with basic authentication,
configure the Subversion module for Apache as follows, setting
<literal>hostName</literal> and <literal>documentRoot</literal>
appropriately, and <literal>SVNParentPath</literal> to the parent
directory of the repositories,
<literal>AuthzSVNAccessFile</literal> to the location of the
<code>.authz</code> file describing access permission, and
<literal>AuthUserFile</literal> to the password file.
</para>
<para>
<programlisting>
services.httpd.extraModules = [
# note that order is *super* important here
{ name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; }
{ name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; }
];
services.httpd.virtualHosts = {
"svn" = {
hostName = HOSTNAME;
documentRoot = DOCUMENTROOT;
locations."/svn".extraConfig = ''
DAV svn
SVNParentPath REPO_PARENT
AuthzSVNAccessFile ACCESS_FILE
AuthName "SVN Repositories"
AuthType Basic
AuthUserFile PASSWORD_FILE
Require valid-user
'';
}
</programlisting>
</para>
<para>
The key <code>"svn"</code> is just a symbolic name identifying the
virtual host. The <code>"/svn"</code> in
<code>locations."/svn".extraConfig</code> is the path underneath
which the repositories will be served.
</para>
<para><link
xlink:href="https://wiki.archlinux.org/index.php/Subversion">This
page</link> explains how to set up the Subversion configuration
itself. This boils down to the following:
</para>
<para>
Underneath <literal>REPO_PARENT</literal> repositories can be set up
as follows:
</para>
<para>
<screen>
<prompt>$ </prompt> svn create REPO_NAME
</screen>
</para>
<para>Repository files need to be accessible by
<literal>wwwrun</literal>:
</para>
<para>
<screen>
<prompt>$ </prompt> chown -R wwwrun:wwwrun REPO_PARENT
</screen>
</para>
<para>
The password file <literal>PASSWORD_FILE</literal> can be created as follows:
</para>
<para>
<screen>
<prompt>$ </prompt> htpasswd -cs PASSWORD_FILE USER_NAME
</screen>
</para>
<para>
Additional users can be set up similarly, omitting the
<code>c</code> flag:
</para>
<para>
<screen>
<prompt>$ </prompt> htpasswd -s PASSWORD_FILE USER_NAME
</screen>
</para>
<para>
The file describing access permissions
<literal>ACCESS_FILE</literal> will look something like
the following:
</para>
<para>
<programlisting>
[/]
* = r
[REPO_NAME:/]
USER_NAME = rw
</programlisting>
</para>
<para>The Subversion repositories will be accessible as <code>http://HOSTNAME/svn/REPO_NAME</code>.</para>
</section>
</chapter>

View file

@ -56,6 +56,11 @@
section of the NixOS manual</link> for more information. section of the NixOS manual</link> for more information.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<xref linkend="opt-services.samba-wsdd.enable" /> Web Services Dynamic Discovery host daemon
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -101,6 +106,13 @@
for more info. for more info.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Setting <option>services.openssh.authorizedKeysFiles</option> now also affects which keys <option>security.pam.enableSSHAgentAuth</option> will use.
WARNING: If you are using these options in combination do make sure that any key paths you use are present in <option>services.openssh.authorizedKeysFiles</option>!
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The option <option>fonts.enableFontDir</option> has been renamed to The option <option>fonts.enableFontDir</option> has been renamed to
@ -185,6 +197,48 @@
which is the new stable release. OpenAFS 1.6 was removed. which is the new stable release. OpenAFS 1.6 was removed.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>openldap</literal> module now has support for OLC-style
configuration, users of the <literal>configDir</literal> option may wish
to migrate. If you continue to use <literal>configDir</literal>, ensure that
<literal>olcPidFile</literal> is set to <literal>/run/slapd/slapd.pid</literal>.
</para>
<para>
As a result, <literal>extraConfig</literal> and <literal>extraDatabaseConfig</literal>
are removed. To help with migration, you can convert your <literal>slapd.conf</literal>
file to OLC configuration with the following script (find the location of this
configuration file by running <literal>systemctl status openldap</literal>, it is the
<literal>-f</literal> option.
</para>
<programlisting>
TMPDIR=$(mktemp -d)
slaptest -f /path/to/slapd.conf $TMPDIR
slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
</programlisting>
<para>
This will dump your current configuration in LDIF format, which should be
straightforward to convert into Nix settings. This does not show your schema
configuration, as this is unnecessarily verbose for users of the default schemas
and <literal>slaptest</literal> is buggy with schemas directly in the config file.
</para>
</listitem>
<listitem>
<para>
Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance
metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and
restarting the instance will now cause it to fetch and apply the new user data.
</para>
<warning>
<para>
Specifically, <literal>/etc/ec2-metadata</literal> is re-populated on each boot. Some NixOS scripts that read
from this directory are guarded to only run if the files they want to manipulate do not already exist, and so
will not re-apply their changes if the IMDS response changes. Examples: <literal>root</literal>'s SSH key is
only added if <literal>/root/.ssh/authorized_keys</literal> does not exist, and SSH host keys are only set from
user data if they do not exist in <literal>/etc/ssh</literal>.
</para>
</warning>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

View file

@ -134,7 +134,7 @@ let format' = format; in let
binPath = with pkgs; makeBinPath ( binPath = with pkgs; makeBinPath (
[ rsync [ rsync
utillinux util-linux
parted parted
e2fsprogs e2fsprogs
lkl lkl
@ -239,7 +239,7 @@ let format' = format; in let
in pkgs.vmTools.runInLinuxVM ( in pkgs.vmTools.runInLinuxVM (
pkgs.runCommand name pkgs.runCommand name
{ preVM = prepareImage; { preVM = prepareImage;
buildInputs = with pkgs; [ utillinux e2fsprogs dosfstools ]; buildInputs = with pkgs; [ util-linux e2fsprogs dosfstools ];
postVM = '' postVM = ''
${if format == "raw" then '' ${if format == "raw" then ''
mv $diskImage $out/${filename} mv $diskImage $out/${filename}

View file

@ -187,7 +187,7 @@ in
before = [ "${realDevice'}.swap" ]; before = [ "${realDevice'}.swap" ];
# If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot # If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ]; after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
path = [ pkgs.utillinux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup; path = [ pkgs.util-linux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
script = script =
'' ''

View file

@ -37,7 +37,7 @@ let
pkgs.procps pkgs.procps
pkgs.su pkgs.su
pkgs.time pkgs.time
pkgs.utillinux pkgs.util-linux
pkgs.which pkgs.which
pkgs.zstd pkgs.zstd
]; ];

View file

@ -80,15 +80,6 @@ in
''; '';
}; };
memoryMax = mkOption {
default = null;
type = with types; nullOr int;
description = ''
Maximum total amount of memory (in bytes) that can be used by the zram
swap devices.
'';
};
priority = mkOption { priority = mkOption {
default = 5; default = 5;
type = types.int; type = types.int;
@ -155,16 +146,11 @@ in
# Calculate memory to use for zram # Calculate memory to use for zram
mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / { mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / {
value=int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024); print int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024)
${if cfg.memoryMax != null then ''
memory_max=int(${toString cfg.memoryMax}/${toString devicesCount});
if (value > memory_max) { value = memory_max }
'' else ""}
print value
}' /proc/meminfo) }' /proc/meminfo)
${pkgs.utillinux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev} ${pkgs.util-linux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
${pkgs.utillinux}/sbin/mkswap /dev/${dev} ${pkgs.util-linux}/sbin/mkswap /dev/${dev}
''; '';
restartIfChanged = false; restartIfChanged = false;
}; };

View file

@ -147,10 +147,10 @@ in
sdImage.storePaths = [ config.system.build.toplevel ]; sdImage.storePaths = [ config.system.build.toplevel ];
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs, system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
mtools, libfaketime, utillinux, zstd }: stdenv.mkDerivation { mtools, libfaketime, util-linux, zstd }: stdenv.mkDerivation {
name = config.sdImage.imageName; name = config.sdImage.imageName;
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux zstd ]; nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime util-linux zstd ];
inherit (config.sdImage) compressImage; inherit (config.sdImage) compressImage;
@ -221,7 +221,7 @@ in
set -euo pipefail set -euo pipefail
set -x set -x
# Figure out device names for the boot device and root filesystem. # Figure out device names for the boot device and root filesystem.
rootPart=$(${pkgs.utillinux}/bin/findmnt -n -o SOURCE /) rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /)
bootDevice=$(lsblk -npo PKNAME $rootPart) bootDevice=$(lsblk -npo PKNAME $rootPart)
# Resize the root partition and the filesystem to fit the disk # Resize the root partition and the filesystem to fit the disk

View file

@ -96,7 +96,7 @@ in
boot.initrd.extraUtilsCommands = boot.initrd.extraUtilsCommands =
'' ''
copy_bin_and_libs ${pkgs.utillinux}/sbin/hwclock copy_bin_and_libs ${pkgs.util-linux}/sbin/hwclock
''; '';
boot.initrd.postDeviceCommands = boot.initrd.postDeviceCommands =

View file

@ -135,7 +135,7 @@ in
#keys = 96; # unused #keys = 96; # unused
#haproxy = 97; # dynamically allocated as of 2020-03-11 #haproxy = 97; # dynamically allocated as of 2020-03-11
mongodb = 98; mongodb = 98;
openldap = 99; #openldap = 99; # dynamically allocated as of PR#94610
#users = 100; # unused #users = 100; # unused
cgminer = 101; cgminer = 101;
munin = 102; munin = 102;
@ -451,7 +451,7 @@ in
keys = 96; keys = 96;
#haproxy = 97; # dynamically allocated as of 2020-03-11 #haproxy = 97; # dynamically allocated as of 2020-03-11
#mongodb = 98; # unused #mongodb = 98; # unused
openldap = 99; #openldap = 99; # dynamically allocated as of PR#94610
munin = 102; munin = 102;
#logcheck = 103; # unused #logcheck = 103; # unused
#nix-ssh = 104; # unused #nix-ssh = 104; # unused

View file

@ -583,6 +583,7 @@
./services/network-filesystems/orangefs/client.nix ./services/network-filesystems/orangefs/client.nix
./services/network-filesystems/rsyncd.nix ./services/network-filesystems/rsyncd.nix
./services/network-filesystems/samba.nix ./services/network-filesystems/samba.nix
./services/network-filesystems/samba-wsdd.nix
./services/network-filesystems/tahoe.nix ./services/network-filesystems/tahoe.nix
./services/network-filesystems/diod.nix ./services/network-filesystems/diod.nix
./services/network-filesystems/u9fs.nix ./services/network-filesystems/u9fs.nix

View file

@ -110,7 +110,7 @@ in {
"L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod" "L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
"L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp" "L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
"L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed" "L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
"L+ /usr/local/bin/setsid - - - - ${utillinux}/bin/setsid" "L+ /usr/local/bin/setsid - - - - ${util-linux}/bin/setsid"
"L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr" "L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
"L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap" "L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
]; ];

View file

@ -396,7 +396,7 @@ let
${optionalString cfg.logFailures ${optionalString cfg.logFailures
"auth required pam_tally.so"} "auth required pam_tally.so"}
${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"} "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"}
${optionalString cfg.fprintAuth ${optionalString cfg.fprintAuth
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"} "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth ${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth

View file

@ -60,7 +60,7 @@ in
<!-- if activated, requires ofl from hxtools to be present --> <!-- if activated, requires ofl from hxtools to be present -->
<logout wait="0" hup="no" term="no" kill="no" /> <logout wait="0" hup="no" term="no" kill="no" />
<!-- set PATH variable for pam_mount module --> <!-- set PATH variable for pam_mount module -->
<path>${pkgs.utillinux}/bin</path> <path>${pkgs.util-linux}/bin</path>
<!-- create mount point if not present --> <!-- create mount point if not present -->
<mkmountpoint enable="1" remove="true" /> <mkmountpoint enable="1" remove="true" />

View file

@ -163,8 +163,8 @@ in
# These are mount related wrappers that require the +s permission. # These are mount related wrappers that require the +s permission.
fusermount.source = "${pkgs.fuse}/bin/fusermount"; fusermount.source = "${pkgs.fuse}/bin/fusermount";
fusermount3.source = "${pkgs.fuse3}/bin/fusermount3"; fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
mount.source = "${lib.getBin pkgs.utillinux}/bin/mount"; mount.source = "${lib.getBin pkgs.util-linux}/bin/mount";
umount.source = "${lib.getBin pkgs.utillinux}/bin/umount"; umount.source = "${lib.getBin pkgs.util-linux}/bin/umount";
}; };
boot.specialFileSystems.${parentWrapperDir} = { boot.specialFileSystems.${parentWrapperDir} = {

View file

@ -45,7 +45,7 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
path = with pkgs; [ path = with pkgs; [
utillinux # for dmesg util-linux # for dmesg
]; ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.salt}/bin/salt-master"; ExecStart = "${pkgs.salt}/bin/salt-master";

View file

@ -50,7 +50,7 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
path = with pkgs; [ path = with pkgs; [
utillinux util-linux
]; ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.salt}/bin/salt-minion"; ExecStart = "${pkgs.salt}/bin/salt-minion";

View file

@ -308,7 +308,7 @@ in
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
path = with pkgs; [ iputils tarsnap utillinux ]; path = with pkgs; [ iputils tarsnap util-linux ];
# In order for the persistent tarsnap timer to work reliably, we have to # In order for the persistent tarsnap timer to work reliably, we have to
# make sure that the tarsnap server is reachable after systemd starts up # make sure that the tarsnap server is reachable after systemd starts up
@ -355,7 +355,7 @@ in
description = "Tarsnap restore '${name}'"; description = "Tarsnap restore '${name}'";
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
path = with pkgs; [ iputils tarsnap utillinux ]; path = with pkgs; [ iputils tarsnap util-linux ];
script = let script = let
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"''; tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';

View file

@ -241,7 +241,7 @@ in
description = "Kubernetes Kubelet Service"; description = "Kubernetes Kubelet Service";
wantedBy = [ "kubernetes.target" ]; wantedBy = [ "kubernetes.target" ];
after = [ "network.target" "docker.service" "kube-apiserver.service" ]; after = [ "network.target" "docker.service" "kube-apiserver.service" ];
path = with pkgs; [ gitMinimal openssh docker utillinux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path; path = with pkgs; [ gitMinimal openssh docker util-linux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path;
preStart = '' preStart = ''
${concatMapStrings (img: '' ${concatMapStrings (img: ''
echo "Seeding docker image: ${img}" echo "Seeding docker image: ${img}"

View file

@ -32,7 +32,7 @@ in
environment.systemPackages = [ pkgs.torque ]; environment.systemPackages = [ pkgs.torque ];
systemd.services.torque-mom-init = { systemd.services.torque-mom-init = {
path = with pkgs; [ torque utillinux procps inetutils ]; path = with pkgs; [ torque util-linux procps inetutils ];
script = '' script = ''
pbs_mkdirs -v aux pbs_mkdirs -v aux

View file

@ -21,7 +21,7 @@ in
environment.systemPackages = [ pkgs.torque ]; environment.systemPackages = [ pkgs.torque ];
systemd.services.torque-server-init = { systemd.services.torque-server-init = {
path = with pkgs; [ torque utillinux procps inetutils ]; path = with pkgs; [ torque util-linux procps inetutils ];
script = '' script = ''
tmpsetup=$(mktemp -t torque-XXXX) tmpsetup=$(mktemp -t torque-XXXX)

View file

@ -541,7 +541,7 @@ in
jq jq
moreutils moreutils
remarshal remarshal
utillinux util-linux
cfg.package cfg.package
] ++ cfg.extraPackages; ] ++ cfg.extraPackages;
reloadIfChanged = true; reloadIfChanged = true;

View file

@ -233,7 +233,7 @@ in
type = types.str; type = types.str;
default = "Check.Valid=1,Check.Unexpired=1"; default = "Check.Valid=1,Check.Unexpired=1";
description = '' description = ''
"Peer verification string". This may be used to adjust which TLS "Peer verification string". This may be used to adjust which TLS
client certificates a server will accept, as a form of user client certificates a server will accept, as a form of user
authorization; for example, it may only accept TLS clients who authorization; for example, it may only accept TLS clients who
offer a certificate abiding by some locality or organization name. offer a certificate abiding by some locality or organization name.

View file

@ -1,43 +1,121 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.services.openldap; cfg = config.services.openldap;
legacyOptions = [ "rootpwFile" "suffix" "dataDir" "rootdn" "rootpw" ];
openldap = cfg.package; openldap = cfg.package;
configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; ldapValueType = let
configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas '' # Can't do types.either with multiple non-overlapping submodules, so define our own
include ${openldap.out}/etc/schema/core.schema singleLdapValueType = lib.mkOptionType rec {
include ${openldap.out}/etc/schema/cosine.schema name = "LDAP";
include ${openldap.out}/etc/schema/inetorgperson.schema description = "LDAP value";
include ${openldap.out}/etc/schema/nis.schema check = x: lib.isString x || (lib.isAttrs x && (x ? path || x ? base64));
'') + '' merge = lib.mergeEqualOption;
${cfg.extraConfig} };
database ${cfg.database} # We don't coerce to lists of single values, as some values must be unique
suffix ${cfg.suffix} in types.either singleLdapValueType (types.listOf singleLdapValueType);
rootdn ${cfg.rootdn}
${if (cfg.rootpw != null) then ''
rootpw ${cfg.rootpw}
'' else ''
include ${cfg.rootpwFile}
''}
directory ${cfg.dataDir}
${cfg.extraDatabaseConfig}
'');
configOpts = if cfg.configDir == null then "-f ${configFile}"
else "-F ${cfg.configDir}";
in
{ ldapAttrsType =
let
options = {
attrs = mkOption {
type = types.attrsOf ldapValueType;
default = {};
description = "Attributes of the parent entry.";
};
children = mkOption {
# Hide the child attributes, to avoid infinite recursion in e.g. documentation
# Actual Nix evaluation is lazy, so this is not an issue there
type = let
hiddenOptions = lib.mapAttrs (name: attr: attr // { visible = false; }) options;
in types.attrsOf (types.submodule { options = hiddenOptions; });
default = {};
description = "Child entries of the current entry, with recursively the same structure.";
example = lib.literalExample ''
{
"cn=schema" = {
# The attribute used in the DN must be defined
attrs = { cn = "schema"; };
children = {
# This entry's DN is expanded to "cn=foo,cn=schema"
"cn=foo" = { ... };
};
# These includes are inserted after "cn=schema", but before "cn=foo,cn=schema"
includes = [ ... ];
};
}
'';
};
includes = mkOption {
type = types.listOf types.path;
default = [];
description = ''
LDIF files to include after the parent's attributes but before its children.
'';
};
};
in types.submodule { inherit options; };
###### interface valueToLdif = attr: values: let
listValues = if lib.isList values then values else lib.singleton values;
in map (value:
if lib.isAttrs value then
if lib.hasAttr "path" value
then "${attr}:< file://${value.path}"
else "${attr}:: ${value.base64}"
else "${attr}: ${lib.replaceStrings [ "\n" ] [ "\n " ] value}"
) listValues;
attrsToLdif = dn: { attrs, children, includes, ... }: [''
dn: ${dn}
${lib.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList valueToLdif attrs))}
''] ++ (map (path: "include: file://${path}\n") includes) ++ (
lib.flatten (lib.mapAttrsToList (name: value: attrsToLdif "${name},${dn}" value) children)
);
in {
imports = let
deprecationNote = "This option is removed due to the deprecation of `slapd.conf` upstream. Please migrate to `services.openldap.settings`, see the release notes for advice with this process.";
mkDatabaseOption = old: new:
lib.mkChangedOptionModule [ "services" "openldap" old ] [ "services" "openldap" "settings" "children" ]
(config: let
database = lib.getAttrFromPath [ "services" "openldap" "database" ] config;
value = lib.getAttrFromPath [ "services" "openldap" old ] config;
in lib.setAttrByPath ([ "olcDatabase={1}${database}" "attrs" ] ++ new) value);
in [
(lib.mkRemovedOptionModule [ "services" "openldap" "extraConfig" ] deprecationNote)
(lib.mkRemovedOptionModule [ "services" "openldap" "extraDatabaseConfig" ] deprecationNote)
(lib.mkChangedOptionModule [ "services" "openldap" "logLevel" ] [ "services" "openldap" "settings" "attrs" "olcLogLevel" ]
(config: lib.splitString " " (lib.getAttrFromPath [ "services" "openldap" "logLevel" ] config)))
(lib.mkChangedOptionModule [ "services" "openldap" "defaultSchemas" ] [ "services" "openldap" "settings" "children" "cn=schema" "includes"]
(config: lib.optionals (lib.getAttrFromPath [ "services" "openldap" "defaultSchemas" ] config) (
map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ])))
(lib.mkChangedOptionModule [ "services" "openldap" "database" ] [ "services" "openldap" "settings" "children" ]
(config: let
database = lib.getAttrFromPath [ "services" "openldap" "database" ] config;
in {
"olcDatabase={1}${database}".attrs = {
# objectClass is case-insensitive, so don't need to capitalize ${database}
objectClass = [ "olcdatabaseconfig" "olc${database}config" ];
olcDatabase = "{1}${database}";
olcDbDirectory = lib.mkDefault "/var/db/openldap";
};
"cn=schema".includes = lib.mkDefault (
map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ]
);
}))
(mkDatabaseOption "rootpwFile" [ "olcRootPW" "path" ])
(mkDatabaseOption "suffix" [ "olcSuffix" ])
(mkDatabaseOption "dataDir" [ "olcDbDirectory" ])
(mkDatabaseOption "rootdn" [ "olcRootDN" ])
(mkDatabaseOption "rootpw" [ "olcRootPW" ])
];
options = { options = {
services.openldap = { services.openldap = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -77,224 +155,170 @@ in
example = [ "ldaps:///" ]; example = [ "ldaps:///" ];
}; };
dataDir = mkOption { settings = mkOption {
type = types.path; type = ldapAttrsType;
default = "/var/db/openldap"; description = "Configuration for OpenLDAP, in OLC format";
description = "The database directory."; example = lib.literalExample ''
}; {
attrs.olcLogLevel = [ "stats" ];
defaultSchemas = mkOption { children = {
type = types.bool; "cn=schema".includes = [
default = true; "\${pkgs.openldap}/etc/schema/core.ldif"
description = '' "\${pkgs.openldap}/etc/schema/cosine.ldif"
Include the default schemas core, cosine, inetorgperson and nis. "\${pkgs.openldap}/etc/schema/inetorgperson.ldif"
This setting will be ignored if configDir is set. ];
"olcDatabase={-1}frontend" = {
attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{-1}frontend";
olcAccess = [ "{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop" ];
};
};
"olcDatabase={0}config" = {
attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{0}config";
olcAccess = [ "{0}to * by * none break" ];
};
};
"olcDatabase={1}mdb" = {
attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/db/ldap";
olcDbIndex = [
"objectClass eq"
"cn pres,eq"
"uid pres,eq"
"sn pres,eq,subany"
];
olcSuffix = "dc=example,dc=com";
olcAccess = [ "{0}to * by * read break" ];
};
};
};
};
''; '';
}; };
database = mkOption { # This option overrides settings
type = types.str;
default = "mdb";
description = ''
Database type to use for the LDAP.
This setting will be ignored if configDir is set.
'';
};
suffix = mkOption {
type = types.str;
example = "dc=example,dc=org";
description = ''
Specify the DN suffix of queries that will be passed to this backend
database.
This setting will be ignored if configDir is set.
'';
};
rootdn = mkOption {
type = types.str;
example = "cn=admin,dc=example,dc=org";
description = ''
Specify the distinguished name that is not subject to access control
or administrative limit restrictions for operations on this database.
This setting will be ignored if configDir is set.
'';
};
rootpw = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password for the root user.
This setting will be ignored if configDir is set.
Using this option will store the root password in plain text in the
world-readable nix store. To avoid this the <literal>rootpwFile</literal> can be used.
'';
};
rootpwFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password file for the root user.
The file should contain the string <literal>rootpw</literal> followed by the password.
e.g.: <literal>rootpw mysecurepassword</literal>
'';
};
logLevel = mkOption {
type = types.str;
default = "0";
example = "acl trace";
description = "The log level selector of slapd.";
};
configDir = mkOption { configDir = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = "Use this optional config directory instead of using slapd.conf"; description = ''
Use this config directory instead of generating one from the
<literal>settings</literal> option. Overrides all NixOS settings. If
you use this option,ensure `olcPidFile` is set to `/run/slapd/slapd.conf`.
'';
example = "/var/db/slapd.d"; example = "/var/db/slapd.d";
}; };
extraConfig = mkOption {
type = types.lines;
default = "";
description = "
slapd.conf configuration
";
example = literalExample ''
'''
include ${openldap.out}/etc/schema/core.schema
include ${openldap.out}/etc/schema/cosine.schema
include ${openldap.out}/etc/schema/inetorgperson.schema
include ${openldap.out}/etc/schema/nis.schema
database bdb
suffix dc=example,dc=org
rootdn cn=admin,dc=example,dc=org
# NOTE: change after first start
rootpw secret
directory /var/db/openldap
'''
'';
};
declarativeContents = mkOption { declarativeContents = mkOption {
type = with types; nullOr lines; type = with types; attrsOf lines;
default = null; default = {};
description = '' description = ''
Declarative contents for the LDAP database, in LDIF format. Declarative contents for the LDAP database, in LDIF format by suffix.
Note a few facts when using it. First, the database All data will be erased when starting the LDAP server. Modifications
<emphasis>must</emphasis> be stored in the directory defined by to the database are not prevented, they are just dropped on the next
<code>dataDir</code>. Second, all <code>dataDir</code> will be erased reboot of the server. Performance-wise the database and indexes are
when starting the LDAP server. Third, modifications to the database rebuilt on each server startup, so this will slow down server startup,
are not prevented, they are just dropped on the next reboot of the
server. Finally, performance-wise the database and indexes are rebuilt
on each server startup, so this will slow down server startup,
especially with large databases. especially with large databases.
''; '';
example = '' example = lib.literalExample ''
dn: dc=example,dc=org {
objectClass: domain "dc=example,dc=org" = '''
dc: example dn= dn: dc=example,dc=org
objectClass: domain
dc: example
dn: ou=users,dc=example,dc=org dn: ou=users,dc=example,dc=org
objectClass = organizationalUnit objectClass = organizationalUnit
ou: users ou: users
# ... # ...
''';
}
''; '';
}; };
extraDatabaseConfig = mkOption {
type = types.lines;
default = "";
description = ''
slapd.conf configuration after the database option.
This setting will be ignored if configDir is set.
'';
example = ''
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber
# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15
'';
};
}; };
}; };
meta = { meta.maintainers = with lib.maintainters; [ mic92 kwohlfahrt ];
maintainers = [ lib.maintainers.mic92 ];
};
###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = map (opt: {
{ assertion = ((getAttr opt cfg) != "_mkMergedOptionModule") -> (cfg.database != "_mkMergedOptionModule");
assertion = cfg.configDir != null || cfg.rootpwFile != null || cfg.rootpw != null; message = "Legacy OpenLDAP option `services.openldap.${opt}` requires `services.openldap.database` (use value \"mdb\" if unsure)";
message = "services.openldap: Unless configDir is set, either rootpw or rootpwFile must be set"; }) legacyOptions;
}
];
environment.systemPackages = [ openldap ]; environment.systemPackages = [ openldap ];
# Literal attributes must always be set
services.openldap.settings = {
attrs = {
objectClass = "olcGlobal";
cn = "config";
olcPidFile = "/run/slapd/slapd.pid";
};
children."cn=schema".attrs = {
cn = "schema";
objectClass = "olcSchemaConfig";
};
};
systemd.services.openldap = { systemd.services.openldap = {
description = "LDAP server"; description = "LDAP server";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = '' preStart = let
settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings));
dbSettings = lib.filterAttrs (name: value: lib.hasPrefix "olcDatabase=" name) cfg.settings.children;
dataDirs = lib.mapAttrs' (name: value: lib.nameValuePair value.attrs.olcSuffix value.attrs.olcDbDirectory)
(lib.filterAttrs (_: value: value.attrs ? olcDbDirectory) dbSettings);
dataFiles = lib.mapAttrs (dn: contents: pkgs.writeText "${dn}.ldif" contents) cfg.declarativeContents;
mkLoadScript = dn: let
dataDir = lib.escapeShellArg (getAttr dn dataDirs);
in ''
rm -rf ${dataDir}/*
${openldap}/bin/slapadd -F ${lib.escapeShellArg configDir} -b ${dn} -l ${getAttr dn dataFiles}
chown -R "${cfg.user}:${cfg.group}" ${dataDir}
'';
in ''
mkdir -p /run/slapd mkdir -p /run/slapd
chown -R "${cfg.user}:${cfg.group}" /run/slapd chown -R "${cfg.user}:${cfg.group}" /run/slapd
${optionalString (cfg.declarativeContents != null) ''
rm -Rf "${cfg.dataDir}"
''}
mkdir -p "${cfg.dataDir}"
${optionalString (cfg.declarativeContents != null) ''
${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile}
''}
chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}"
${openldap}/bin/slaptest ${configOpts} mkdir -p ${lib.escapeShellArg configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)}
chown "${cfg.user}:${cfg.group}" ${lib.escapeShellArg configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)}
${lib.optionalString (cfg.configDir == null) (''
rm -Rf ${configDir}/*
${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile}
'')}
chown -R "${cfg.user}:${cfg.group}" ${lib.escapeShellArg configDir}
${lib.concatStrings (map mkLoadScript (lib.attrNames cfg.declarativeContents))}
${openldap}/bin/slaptest -u -F ${lib.escapeShellArg configDir}
''; '';
serviceConfig.ExecStart = serviceConfig = {
"${openldap.out}/libexec/slapd -d '${cfg.logLevel}' " + ExecStart = lib.escapeShellArgs ([
"-u '${cfg.user}' -g '${cfg.group}' " + "${openldap}/libexec/slapd" "-u" cfg.user "-g" cfg.group "-F" configDir
"-h '${concatStringsSep " " cfg.urlList}' " + "-h" (lib.concatStringsSep " " cfg.urlList)
"${configOpts}"; ]);
Type = "forking";
PIDFile = cfg.settings.attrs.olcPidFile;
};
}; };
users.users.openldap = users.users = lib.optionalAttrs (cfg.user == "openldap") {
{ name = cfg.user; openldap = {
group = cfg.group; group = cfg.group;
uid = config.ids.uids.openldap; isSystemUser = true;
};
users.groups.openldap =
{ name = cfg.group;
gid = config.ids.gids.openldap;
}; };
};
users.groups = lib.optionalAttrs (cfg.group == "openldap") {
openldap = {};
};
}; };
} }

View file

@ -118,7 +118,7 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
path = [ path = [
pkgs.utillinux # for `logger` pkgs.util-linux # for `logger`
pkgs.bash pkgs.bash
]; ];

View file

@ -36,7 +36,7 @@ in {
description = "Profile Sync daemon"; description = "Profile Sync daemon";
wants = [ "psd-resync.service" ]; wants = [ "psd-resync.service" ];
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ]; path = with pkgs; [ rsync kmod gawk nettools util-linux profile-sync-daemon ];
unitConfig = { unitConfig = {
RequiresMountsFor = [ "/home/" ]; RequiresMountsFor = [ "/home/" ];
}; };
@ -55,7 +55,7 @@ in {
wants = [ "psd-resync.timer" ]; wants = [ "psd-resync.timer" ];
partOf = [ "psd.service" ]; partOf = [ "psd.service" ];
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ]; path = with pkgs; [ rsync kmod gawk nettools util-linux profile-sync-daemon ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync"; ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync";

View file

@ -57,8 +57,8 @@ let
substituteInPlace $i \ substituteInPlace $i \
--replace \"/sbin/modprobe \"${pkgs.kmod}/bin/modprobe \ --replace \"/sbin/modprobe \"${pkgs.kmod}/bin/modprobe \
--replace \"/sbin/mdadm \"${pkgs.mdadm}/sbin/mdadm \ --replace \"/sbin/mdadm \"${pkgs.mdadm}/sbin/mdadm \
--replace \"/sbin/blkid \"${pkgs.utillinux}/sbin/blkid \ --replace \"/sbin/blkid \"${pkgs.util-linux}/sbin/blkid \
--replace \"/bin/mount \"${pkgs.utillinux}/bin/mount \ --replace \"/bin/mount \"${pkgs.util-linux}/bin/mount \
--replace /usr/bin/readlink ${pkgs.coreutils}/bin/readlink \ --replace /usr/bin/readlink ${pkgs.coreutils}/bin/readlink \
--replace /usr/bin/basename ${pkgs.coreutils}/bin/basename --replace /usr/bin/basename ${pkgs.coreutils}/bin/basename
done done
@ -280,7 +280,7 @@ in
services.udev.packages = [ extraUdevRules extraHwdbFile ]; services.udev.packages = [ extraUdevRules extraHwdbFile ];
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ]; services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.util-linux udev ];
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ]; boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];

View file

@ -834,12 +834,6 @@ in
}; };
services.postfix.masterConfig = { services.postfix.masterConfig = {
smtp_inet = {
name = "smtp";
type = "inet";
private = false;
command = "smtpd";
};
pickup = { pickup = {
private = false; private = false;
wakeup = 60; wakeup = 60;
@ -921,6 +915,12 @@ in
in concatLists (mapAttrsToList mkKeyVal cfg.submissionOptions); in concatLists (mapAttrsToList mkKeyVal cfg.submissionOptions);
}; };
} // optionalAttrs cfg.enableSmtp { } // optionalAttrs cfg.enableSmtp {
smtp_inet = {
name = "smtp";
type = "inet";
private = false;
command = "smtpd";
};
smtp = {}; smtp = {};
relay = { relay = {
command = "smtp"; command = "smtp";

View file

@ -408,7 +408,7 @@ in
}; };
imports = [ imports = [
(mkRemovedOptionModule [ "services" "rspamd" "socketActivation" ] (mkRemovedOptionModule [ "services" "rspamd" "socketActivation" ]
"Socket activation never worked correctly and could at this time not be fixed and so was removed") "Socket activation never worked correctly and could at this time not be fixed and so was removed")
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ]) (mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ]) (mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
(mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service") (mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service")

View file

@ -31,7 +31,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.packages = [ pkgs.utillinux ]; systemd.packages = [ pkgs.util-linux ];
systemd.timers.fstrim = { systemd.timers.fstrim = {
timerConfig = { timerConfig = {

View file

@ -43,9 +43,13 @@ let
[gitlab-shell] [gitlab-shell]
dir = "${cfg.packages.gitlab-shell}" dir = "${cfg.packages.gitlab-shell}"
[gitlab]
secret_file = "${cfg.statePath}/gitlab_shell_secret" secret_file = "${cfg.statePath}/gitlab_shell_secret"
gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}" url = "http+unix://${pathUrlQuote gitlabSocket}"
http_settings = { self_signed_cert = false }
[gitlab.http-settings]
self_signed_cert = false
${concatStringsSep "\n" (attrValues (mapAttrs (k: v: '' ${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
[[storage]] [[storage]]
@ -119,6 +123,7 @@ let
receive_pack = true; receive_pack = true;
}; };
workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret"; workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret";
gitlab_kas.secret_file = "${cfg.statePath}/.gitlab_kas_secret";
git.bin_path = "git"; git.bin_path = "git";
monitoring = { monitoring = {
ip_whitelist = [ "127.0.0.0/8" "::1/128" ]; ip_whitelist = [ "127.0.0.0/8" "::1/128" ];
@ -653,7 +658,7 @@ in {
script = '' script = ''
set -eu set -eu
PSQL="${pkgs.utillinux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}" PSQL="${pkgs.util-linux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'") current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
@ -668,6 +673,7 @@ in {
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
fi fi
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm" $PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS btree_gist;"
''; '';
serviceConfig = { serviceConfig = {
@ -750,7 +756,8 @@ in {
}; };
systemd.services.gitaly = { systemd.services.gitaly = {
after = [ "network.target" ]; after = [ "network.target" "gitlab.service" ];
requires = [ "gitlab.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [ path = with pkgs; [
openssh openssh
@ -839,7 +846,7 @@ in {
}; };
systemd.services.gitlab = { systemd.services.gitlab = {
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "gitlab-postgresql.service" "redis.service" ]; after = [ "gitlab-workhorse.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
requires = [ "gitlab-sidekiq.service" ]; requires = [ "gitlab-sidekiq.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = gitlabEnv; environment = gitlabEnv;

View file

@ -713,7 +713,7 @@ in {
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) } ${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
--keys-directory ${cfg.dataDir} --keys-directory ${cfg.dataDir}
''; '';
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };

View file

@ -539,7 +539,7 @@ in
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
systemd.services.nix-daemon = systemd.services.nix-daemon =
{ path = [ nix pkgs.utillinux config.programs.ssh.package ] { path = [ nix pkgs.util-linux config.programs.ssh.package ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ]; ++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars environment = cfg.envVars

View file

@ -39,7 +39,7 @@ in
default = false; default = false;
description = '' description = ''
Whether to enable the Siproxd SIP Whether to enable the Siproxd SIP
proxy/masquerading daemon. proxy/masquerading daemon.
''; '';
}; };
@ -57,29 +57,29 @@ in
hostsAllowReg = mkOption { hostsAllowReg = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "192.168.1.0/24" "192.168.2.0/24" ]; example = [ "192.168.1.0/24" "192.168.2.0/24" ];
description = '' description = ''
Acess control list for incoming SIP registrations. Acess control list for incoming SIP registrations.
''; '';
}; };
hostsAllowSip = mkOption { hostsAllowSip = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "123.45.0.0/16" "123.46.0.0/16" ]; example = [ "123.45.0.0/16" "123.46.0.0/16" ];
description = '' description = ''
Acess control list for incoming SIP traffic. Acess control list for incoming SIP traffic.
''; '';
}; };
hostsDenySip = mkOption { hostsDenySip = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "10.0.0.0/8" "11.0.0.0/8" ]; example = [ "10.0.0.0/8" "11.0.0.0/8" ];
description = '' description = ''
Acess control list for denying incoming Acess control list for denying incoming
SIP registrations and traffic. SIP registrations and traffic.
''; '';
}; };
@ -87,7 +87,7 @@ in
type = types.int; type = types.int;
default = 5060; default = 5060;
description = '' description = ''
Port to listen for incoming SIP messages. Port to listen for incoming SIP messages.
''; '';
}; };

View file

@ -25,7 +25,7 @@ in
svnBaseDir = mkOption { svnBaseDir = mkOption {
default = "/repos"; default = "/repos";
description = "Base directory from which Subversion repositories are accessed."; description = "Base directory from which Subversion repositories are accessed.";
}; };
}; };

View file

@ -142,7 +142,7 @@ in {
serviceConfig = { serviceConfig = {
Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules"; Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";
ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}"; ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
ExecReload = "${pkgs.utillinux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID"; ExecReload = "${pkgs.util-linux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
TimeoutStopSec = 60; TimeoutStopSec = 60;
Restart = "on-failure"; Restart = "on-failure";
# User and group # User and group

View file

@ -36,7 +36,7 @@ let
$SMARTD_MESSAGE $SMARTD_MESSAGE
EOF EOF
} | ${pkgs.utillinux}/bin/wall 2>/dev/null } | ${pkgs.util-linux}/bin/wall 2>/dev/null
''} ''}
${optionalString nx.enable '' ${optionalString nx.enable ''
export DISPLAY=${nx.display} export DISPLAY=${nx.display}

View file

@ -108,10 +108,10 @@ in
extmap = mkOption { extmap = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = ''
File name extension mappings. File name extension mappings.
See <literal>man extmap.conf</literal> for more information. See <literal>man extmap.conf</literal> for more information.
''; '';
}; };
@ -132,10 +132,10 @@ in
Type = "forking"; Type = "forking";
GuessMainPID = "no"; GuessMainPID = "no";
PIDFile = "/run/lock/netatalk"; PIDFile = "/run/lock/netatalk";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID"; ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID";
ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}"; ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID"; ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
Restart = "always"; Restart = "always";
RestartSec = 1; RestartSec = 1;
}; };

View file

@ -244,7 +244,7 @@ in
# postStop, then we get a hang + kernel oops, because AFS can't be # postStop, then we get a hang + kernel oops, because AFS can't be
# stopped simply by sending signals to processes. # stopped simply by sending signals to processes.
preStop = '' preStop = ''
${pkgs.utillinux}/bin/umount ${cfg.mountPoint} ${pkgs.util-linux}/bin/umount ${cfg.mountPoint}
${openafsBin}/sbin/afsd -shutdown ${openafsBin}/sbin/afsd -shutdown
${pkgs.kmod}/sbin/rmmod libafs ${pkgs.kmod}/sbin/rmmod libafs
''; '';

View file

@ -0,0 +1,124 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.samba-wsdd;
in {
options = {
services.samba-wsdd = {
enable = mkEnableOption ''
Enable Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,
to be found by Web Service Discovery Clients like Windows.
<note>
<para>If you use the firewall consider adding the following:</para>
<programlisting>
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
</programlisting>
</note>
'';
interface = mkOption {
type = types.nullOr types.str;
default = null;
example = "eth0";
description = "Interface or address to use.";
};
hoplimit = mkOption {
type = types.nullOr types.int;
default = null;
example = 2;
description = "Hop limit for multicast packets (default = 1).";
};
workgroup = mkOption {
type = types.nullOr types.str;
default = null;
example = "HOME";
description = "Set workgroup name (default WORKGROUP).";
};
hostname = mkOption {
type = types.nullOr types.str;
default = null;
example = "FILESERVER";
description = "Override (NetBIOS) hostname to be used (default hostname).";
};
domain = mkOption {
type = types.nullOr types.str;
default = null;
description = "Set domain name (disables workgroup).";
};
discovery = mkOption {
type = types.bool;
default = false;
description = "Enable discovery operation mode.";
};
listen = mkOption {
type = types.str;
default = "/run/wsdd/wsdd.sock";
description = "Listen on path or localhost port in discovery mode.";
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [ "--shortlog" ];
example = [ "--verbose" "--no-http" "--ipv4only" "--no-host" ];
description = "Additional wsdd options.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.wsdd ];
systemd.services.samba-wsdd = {
description = "Web Services Dynamic Discovery host daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
Type = "simple";
ExecStart = ''
${pkgs.wsdd}/bin/wsdd ${optionalString (cfg.interface != null) "--interface '${cfg.interface}'"} \
${optionalString (cfg.hoplimit != null) "--hoplimit '${toString cfg.hoplimit}'"} \
${optionalString (cfg.workgroup != null) "--workgroup '${cfg.workgroup}'"} \
${optionalString (cfg.hostname != null) "--hostname '${cfg.hostname}'"} \
${optionalString (cfg.domain != null) "--domain '${cfg.domain}'"} \
${optionalString cfg.discovery "--discovery --listen '${cfg.listen}'"} \
${escapeShellArgs cfg.extraOptions}
'';
# Runtime directory and mode
RuntimeDirectory = "wsdd";
RuntimeDirectoryMode = "0750";
# Access write directories
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
PrivateMounts = true;
# System Call Filtering
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @resources @swap";
};
};
};
}

View file

@ -112,7 +112,7 @@ in
description = '' description = ''
Must be set to a unique identifier, preferably a UUID according to Must be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with `uuidgen` command, found in RFC 4122. UUIDs can be generated with `uuidgen` command, found in
the `utillinux` package. the `util-linux` package.
''; '';
}; };
port = mkOption { port = mkOption {
@ -232,7 +232,7 @@ in
description = '' description = ''
Must be set to a unique identifier, preferably a UUID according to Must be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with `uuidgen` command, found in RFC 4122. UUIDs can be generated with `uuidgen` command, found in
the `utillinux` package. the `util-linux` package.
''; '';
}; };
port = mkOption { port = mkOption {
@ -370,7 +370,7 @@ in
description = '' description = ''
Must be set to a unique identifier, preferably a UUID according to Must be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with `uuidgen` command, found in RFC 4122. UUIDs can be generated with `uuidgen` command, found in
the `utillinux` package. the `util-linux` package.
''; '';
}; };
port = mkOption { port = mkOption {

View file

@ -29,9 +29,11 @@ in
key = mkOption { key = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
description = "HMAC url validation key (hexadecimal encoded). description = ''
Leave blank to disable. Without validation key, anyone can HMAC url validation key (hexadecimal encoded).
submit proxy requests. Leave blank to disable."; Leave blank to disable. Without validation key, anyone can
submit proxy requests. Leave blank to disable.
'';
defaultText = "No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey"; defaultText = "No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey";
}; };
@ -85,10 +87,10 @@ in
serviceConfig = { serviceConfig = {
User = "morty"; User = "morty";
ExecStart = ''${cfg.package}/bin/morty \ ExecStart = ''${cfg.package}/bin/morty \
-listen ${cfg.listenAddress}:${toString cfg.port} \ -listen ${cfg.listenAddress}:${toString cfg.port} \
${optionalString cfg.ipv6 "-ipv6"} \ ${optionalString cfg.ipv6 "-ipv6"} \
${optionalString (cfg.key != "") "-key " + cfg.key} \ ${optionalString (cfg.key != "") "-key " + cfg.key} \
''; '';
}; };
}; };
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];

View file

@ -15,6 +15,9 @@ with lib;
config = mkIf cfg.enable { config = mkIf cfg.enable {
boot.kernelModules = [ "tun" ]; boot.kernelModules = [ "tun" ];
# mullvad-daemon writes to /etc/iproute2/rt_tables
networking.iproute2.enable = true;
systemd.services.mullvad-daemon = { systemd.services.mullvad-daemon = {
description = "Mullvad VPN daemon"; description = "Mullvad VPN daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

View file

@ -465,7 +465,7 @@ in {
restartTriggers = [ configFile overrideNameserversScript ]; restartTriggers = [ configFile overrideNameserversScript ];
# useful binaries for user-specified hooks # useful binaries for user-specified hooks
path = [ pkgs.iproute pkgs.utillinux pkgs.coreutils ]; path = [ pkgs.iproute pkgs.util-linux pkgs.coreutils ];
aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ]; aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
}; };

View file

@ -477,7 +477,7 @@ in
# https://github.com/NixOS/nixpkgs/pull/10155 # https://github.com/NixOS/nixpkgs/pull/10155
# https://github.com/NixOS/nixpkgs/pull/41745 # https://github.com/NixOS/nixpkgs/pull/41745
services.openssh.authorizedKeysFiles = services.openssh.authorizedKeysFiles =
[ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; [ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
services.openssh.extraConfig = mkOrder 0 services.openssh.extraConfig = mkOrder 0
'' ''

View file

@ -63,7 +63,7 @@ in {
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl"; description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ]; path = with pkgs; [ kmod iproute iptables util-linux ];
environment = { environment = {
STRONGSWAN_CONF = pkgs.writeTextFile { STRONGSWAN_CONF = pkgs.writeTextFile {
name = "strongswan.conf"; name = "strongswan.conf";

View file

@ -1173,20 +1173,20 @@ in {
ppk = mkPrefixedAttrsOfParams { ppk = mkPrefixedAttrsOfParams {
secret = mkOptionalStrParam '' secret = mkOptionalStrParam ''
Value of the PPK. It may either be an ASCII string, a hex encoded string Value of the PPK. It may either be an ASCII string, a hex encoded string
if it has a <literal>0x</literal> prefix or a Base64 encoded string if if it has a <literal>0x</literal> prefix or a Base64 encoded string if
it has a <literal>0s</literal> prefix in its value. Should have at least it has a <literal>0s</literal> prefix in its value. Should have at least
256 bits of entropy for 128-bit security. 256 bits of entropy for 128-bit security.
''; '';
id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") '' id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
PPK identity the PPK belongs to. Multiple unique identities may be PPK identity the PPK belongs to. Multiple unique identities may be
specified, each having an <literal>id</literal> prefix, if a secret is specified, each having an <literal>id</literal> prefix, if a secret is
shared between multiple peers. shared between multiple peers.
''; '';
} '' } ''
Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
defined in a unique section having the <literal>ppk</literal> prefix. defined in a unique section having the <literal>ppk</literal> prefix.
''; '';
private = mkPrefixedAttrsOfParams { private = mkPrefixedAttrsOfParams {

View file

@ -152,7 +152,7 @@ in
systemd.services.strongswan = { systemd.services.strongswan = {
description = "strongSwan IPSec Service"; description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux path = with pkgs; [ kmod iproute iptables util-linux ]; # XXX Linux
after = [ "network-online.target" ]; after = [ "network-online.target" ];
environment = { environment = {
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; }; STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; };

View file

@ -21,7 +21,7 @@ let
RegTestBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}"; RegTestBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}";
}; };
configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions); configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions);
in { in {

View file

@ -448,7 +448,7 @@ in
default = false; default = false;
description = '' description = ''
In case when running behind a reverse proxy, controls whether headers In case when running behind a reverse proxy, controls whether headers
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
proxy will require this flag to be set to avoid logging the reverse proxy will require this flag to be set to avoid logging the reverse
proxy IP address. proxy IP address.
''; '';
@ -524,7 +524,7 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = ''
Profile access endpoint. Profile access endpoint.
''; '';
}; };

View file

@ -9,7 +9,7 @@ let cfg = config.services.cloud-init;
nettools nettools
openssh openssh
shadow shadow
utillinux util-linux
] ++ optional cfg.btrfs.enable btrfs-progs ] ++ optional cfg.btrfs.enable btrfs-progs
++ optional cfg.ext4.enable e2fsprogs ++ optional cfg.ext4.enable e2fsprogs
; ;

View file

@ -397,9 +397,9 @@ in
mr ${getLib pkgs.openssl}/lib/libcrypto*.so*, mr ${getLib pkgs.openssl}/lib/libcrypto*.so*,
mr ${getLib pkgs.openssl}/lib/libssl*.so*, mr ${getLib pkgs.openssl}/lib/libssl*.so*,
mr ${getLib pkgs.systemd}/lib/libsystemd*.so*, mr ${getLib pkgs.systemd}/lib/libsystemd*.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so*, mr ${getLib pkgs.util-linuxMinimal.out}/lib/libblkid.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so*, mr ${getLib pkgs.util-linuxMinimal.out}/lib/libmount.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so*, mr ${getLib pkgs.util-linuxMinimal.out}/lib/libuuid.so*,
mr ${getLib pkgs.xz}/lib/liblzma*.so*, mr ${getLib pkgs.xz}/lib/liblzma*.so*,
mr ${getLib pkgs.zlib}/lib/libz*.so*, mr ${getLib pkgs.zlib}/lib/libz*.so*,

View file

@ -5,7 +5,7 @@ with lib;
let let
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}"; autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
gettyCmd = extraArgs: "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}"; gettyCmd = extraArgs: "@${pkgs.util-linux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
in in

View file

@ -143,7 +143,7 @@ in
Set a UUID that uniquely identifies the server. Set a UUID that uniquely identifies the server.
This can be generated with This can be generated with
<literal>nix-shell -p utillinux --run uuidgen</literal>. <literal>nix-shell -p util-linux --run uuidgen</literal>.
''; '';
}; };
}; };

View file

@ -750,8 +750,8 @@ in
# Get rid of old semaphores. These tend to accumulate across # Get rid of old semaphores. These tend to accumulate across
# server restarts, eventually preventing it from restarting # server restarts, eventually preventing it from restarting
# successfully. # successfully.
for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do for i in $(${pkgs.util-linux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do
${pkgs.utillinux}/bin/ipcrm -s $i ${pkgs.util-linux}/bin/ipcrm -s $i
done done
''; '';

View file

@ -32,7 +32,7 @@ with lib;
path = path =
[ pkgs.xorg.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth [ pkgs.xorg.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth
pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash pkgs.nettools pkgs.shadow pkgs.procps pkgs.util-linux pkgs.bash
]; ];
environment.FD_GEOM = "1024x786x24"; environment.FD_GEOM = "1024x786x24";

View file

@ -16,8 +16,8 @@ in
services.xserver.windowManager.session = singleton { services.xserver.windowManager.session = singleton {
name = "evilwm"; name = "evilwm";
start = '' start = ''
${pkgs.evilwm}/bin/evilwm & ${pkgs.evilwm}/bin/evilwm &
waitPID=$! waitPID=$!
''; '';
}; };
environment.systemPackages = [ pkgs.evilwm ]; environment.systemPackages = [ pkgs.evilwm ];

View file

@ -25,7 +25,7 @@ let
stdenv.cc.libc # nscd in update-users-groups.pl stdenv.cc.libc # nscd in update-users-groups.pl
shadow shadow
nettools # needed for hostname nettools # needed for hostname
utillinux # needed for mount and mountpoint util-linux # needed for mount and mountpoint
]; ];
scriptType = with types; scriptType = with types;

View file

@ -97,10 +97,11 @@ let
allowSubstitutes = false; allowSubstitutes = false;
buildCommand = systemBuilder; buildCommand = systemBuilder;
inherit (pkgs) utillinux coreutils; inherit (pkgs) coreutils;
systemd = config.systemd.package; systemd = config.systemd.package;
shell = "${pkgs.bash}/bin/sh"; shell = "${pkgs.bash}/bin/sh";
su = "${pkgs.shadow.su}/bin/su"; su = "${pkgs.shadow.su}/bin/su";
utillinux = pkgs.util-linux;
kernelParams = config.boot.kernelParams; kernelParams = config.boot.kernelParams;
installBootLoader = installBootLoader =

View file

@ -20,8 +20,8 @@ with lib;
boot.initrd.extraUtilsCommands = '' boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.gawk}/bin/gawk copy_bin_and_libs ${pkgs.gawk}/bin/gawk
copy_bin_and_libs ${pkgs.gnused}/bin/sed copy_bin_and_libs ${pkgs.gnused}/bin/sed
copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk copy_bin_and_libs ${pkgs.util-linux}/sbin/sfdisk
copy_bin_and_libs ${pkgs.utillinux}/sbin/lsblk copy_bin_and_libs ${pkgs.util-linux}/sbin/lsblk
substitute "${pkgs.cloud-utils.guest}/bin/.growpart-wrapped" "$out/bin/growpart" \ substitute "${pkgs.cloud-utils.guest}/bin/.growpart-wrapped" "$out/bin/growpart" \
--replace "${pkgs.bash}/bin/sh" "/bin/sh" \ --replace "${pkgs.bash}/bin/sh" "/bin/sh" \

View file

@ -66,7 +66,7 @@ let
extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios; default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
path = with pkgs; makeBinPath ( path = with pkgs; makeBinPath (
[ coreutils gnused gnugrep findutils diffutils btrfs-progs utillinux mdadm ] [ coreutils gnused gnugrep findutils diffutils btrfs-progs util-linux mdadm ]
++ optional (cfg.efiSupport && (cfg.version == 2)) efibootmgr ++ optional (cfg.efiSupport && (cfg.version == 2)) efibootmgr
++ optionals cfg.useOSProber [ busybox os-prober ]); ++ optionals cfg.useOSProber [ busybox os-prober ]);
font = if cfg.font == null then "" font = if cfg.font == null then ""
@ -705,7 +705,7 @@ in
let let
install-grub-pl = pkgs.substituteAll { install-grub-pl = pkgs.substituteAll {
src = ./install-grub.pl; src = ./install-grub.pl;
inherit (pkgs) utillinux; utillinux = pkgs.util-linux;
btrfsprogs = pkgs.btrfs-progs; btrfsprogs = pkgs.btrfs-progs;
}; };
in pkgs.writeScript "install-grub.sh" ('' in pkgs.writeScript "install-grub.sh" (''

View file

@ -18,7 +18,7 @@ with lib;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}"; ExecStart = "${pkgs.util-linux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}";
}; };
}; };

View file

@ -107,8 +107,8 @@ let
copy_bin_and_libs $BIN copy_bin_and_libs $BIN
done done
# Copy some utillinux stuff. # Copy some util-linux stuff.
copy_bin_and_libs ${pkgs.utillinux}/sbin/blkid copy_bin_and_libs ${pkgs.util-linux}/sbin/blkid
# Copy dmsetup and lvm. # Copy dmsetup and lvm.
copy_bin_and_libs ${getBin pkgs.lvm2}/bin/dmsetup copy_bin_and_libs ${getBin pkgs.lvm2}/bin/dmsetup
@ -235,7 +235,7 @@ let
--replace scsi_id ${extraUtils}/bin/scsi_id \ --replace scsi_id ${extraUtils}/bin/scsi_id \
--replace cdrom_id ${extraUtils}/bin/cdrom_id \ --replace cdrom_id ${extraUtils}/bin/cdrom_id \
--replace ${pkgs.coreutils}/bin/basename ${extraUtils}/bin/basename \ --replace ${pkgs.coreutils}/bin/basename ${extraUtils}/bin/basename \
--replace ${pkgs.utillinux}/bin/blkid ${extraUtils}/bin/blkid \ --replace ${pkgs.util-linux}/bin/blkid ${extraUtils}/bin/blkid \
--replace ${getBin pkgs.lvm2}/bin ${extraUtils}/bin \ --replace ${getBin pkgs.lvm2}/bin ${extraUtils}/bin \
--replace ${pkgs.mdadm}/sbin ${extraUtils}/sbin \ --replace ${pkgs.mdadm}/sbin ${extraUtils}/sbin \
--replace ${pkgs.bash}/bin/sh ${extraUtils}/bin/sh \ --replace ${pkgs.bash}/bin/sh ${extraUtils}/bin/sh \

View file

@ -17,7 +17,7 @@ let
inherit (config.system.build) earlyMountScript; inherit (config.system.build) earlyMountScript;
path = lib.makeBinPath ([ path = lib.makeBinPath ([
pkgs.coreutils pkgs.coreutils
pkgs.utillinux pkgs.util-linux
] ++ lib.optional useHostResolvConf pkgs.openresolv); ] ++ lib.optional useHostResolvConf pkgs.openresolv);
fsPackagesPath = lib.makeBinPath config.system.fsPackages; fsPackagesPath = lib.makeBinPath config.system.fsPackages;
postBootCommands = pkgs.writeText "local-cmds" postBootCommands = pkgs.writeText "local-cmds"

View file

@ -286,7 +286,7 @@ in
before = [ mountPoint' "systemd-fsck@${device'}.service" ]; before = [ mountPoint' "systemd-fsck@${device'}.service" ];
requires = [ device'' ]; requires = [ device'' ];
after = [ device'' ]; after = [ device'' ];
path = [ pkgs.utillinux ] ++ config.system.fsPackages; path = [ pkgs.util-linux ] ++ config.system.fsPackages;
script = script =
'' ''
if ! [ -e "${fs.device}" ]; then exit 1; fi if ! [ -e "${fs.device}" ]; then exit 1; fi

View file

@ -18,9 +18,9 @@
boot.initrd.postDeviceCommands = '' boot.initrd.postDeviceCommands = ''
# Hacky!!! fuse hard-codes the path to mount # Hacky!!! fuse hard-codes the path to mount
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
''; '';
}) })

View file

@ -440,7 +440,7 @@ in
pkgs.gnugrep pkgs.gnugrep
pkgs.gnused pkgs.gnused
pkgs.nettools pkgs.nettools
pkgs.utillinux pkgs.util-linux
]; ];
}; };

View file

@ -1246,7 +1246,7 @@ in
''; '';
# Udev attributes for systemd to name the device and to create a .device target. # Udev attributes for systemd to name the device and to create a .device target.
systemdAttrs = n: ''NAME:="${n}", ENV{INTERFACE}:="${n}", ENV{SYSTEMD_ALIAS}:="/sys/subsystem/net/devices/${n}", TAG+="systemd"''; systemdAttrs = n: ''NAME:="${n}", ENV{INTERFACE}="${n}", ENV{SYSTEMD_ALIAS}="/sys/subsystem/net/devices/${n}", TAG+="systemd"'';
in in
flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device: flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device:
let let

View file

@ -124,7 +124,7 @@ in
boot.initrd.extraUtilsCommands = boot.initrd.extraUtilsCommands =
'' ''
# We need swapon in the initrd. # We need swapon in the initrd.
copy_bin_and_libs ${pkgs.utillinux}/sbin/swapon copy_bin_and_libs ${pkgs.util-linux}/sbin/swapon
''; '';
# Don't put old configurations in the GRUB menu. The user has no # Don't put old configurations in the GRUB menu. The user has no

View file

@ -22,7 +22,7 @@ let
nettools # for hostname nettools # for hostname
procps # for pidof procps # for pidof
shadow # for useradd, usermod shadow # for useradd, usermod
utillinux # for (u)mount, fdisk, sfdisk, mkswap util-linux # for (u)mount, fdisk, sfdisk, mkswap
parted parted
]; ];
pythonPath = [ pythonPackages.pyasn1 ]; pythonPath = [ pythonPackages.pyasn1 ];

View file

@ -27,7 +27,7 @@ in
popd popd
''; '';
diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw"; diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw";
buildInputs = [ pkgs.utillinux pkgs.perl ]; buildInputs = [ pkgs.util-linux pkgs.perl ];
exportReferencesGraph = exportReferencesGraph =
[ "closure" config.system.build.toplevel ]; [ "closure" config.system.build.toplevel ];
} }

View file

@ -8,9 +8,14 @@
# Make sure that every package you depend on here is already listed as # Make sure that every package you depend on here is already listed as
# a channel blocker for both the full-sized and small channels. # a channel blocker for both the full-sized and small channels.
# Otherwise, we risk breaking user deploys in released channels. # Otherwise, we risk breaking user deploys in released channels.
#
# Also note: OpenStack's metadata service for its instances aims to be
# compatible with the EC2 IMDS. Where possible, try to keep the set of
# fetched metadata in sync with ./openstack-metadata-fetcher.nix .
'' ''
metaDir=${targetRoot}etc/ec2-metadata metaDir=${targetRoot}etc/ec2-metadata
mkdir -m 0755 -p "$metaDir" mkdir -m 0755 -p "$metaDir"
rm -f "$metaDir/*"
get_imds_token() { get_imds_token() {
# retry-delay of 1 selected to give the system a second to get going, # retry-delay of 1 selected to give the system a second to get going,
@ -61,19 +66,12 @@
echo "getting EC2 instance metadata..." echo "getting EC2 instance metadata..."
if ! [ -e "$metaDir/ami-manifest-path" ]; then wget_imds() {
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@";
fi }
if ! [ -e "$metaDir/user-data" ]; then wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data" wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
fi wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
if ! [ -e "$metaDir/hostname" ]; then
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
fi
if ! [ -e "$metaDir/public-keys-0-openssh-key" ]; then
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
fi
'' ''

View file

@ -614,17 +614,17 @@ in
''; '';
}; };
timeoutStartSec = mkOption { timeoutStartSec = mkOption {
type = types.str; type = types.str;
default = "1min"; default = "1min";
description = '' description = ''
Time for the container to start. In case of a timeout, Time for the container to start. In case of a timeout,
the container processes get killed. the container processes get killed.
See <citerefentry><refentrytitle>systemd.time</refentrytitle> See <citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> <manvolnum>7</manvolnum></citerefentry>
for more information about the format. for more information about the format.
''; '';
}; };
bindMounts = mkOption { bindMounts = mkOption {
type = with types; attrsOf (submodule bindMountOpts); type = with types; attrsOf (submodule bindMountOpts);

View file

@ -1,23 +1,21 @@
{ targetRoot, wgetExtraOptions }: { targetRoot, wgetExtraOptions }:
# OpenStack's metadata service aims to be EC2-compatible. Where
# possible, try to keep the set of fetched metadata in sync with
# ./ec2-metadata-fetcher.nix .
'' ''
metaDir=${targetRoot}etc/ec2-metadata metaDir=${targetRoot}etc/ec2-metadata
mkdir -m 0755 -p "$metaDir" mkdir -m 0755 -p "$metaDir"
rm -f "$metaDir/*"
echo "getting EC2 instance metadata..." echo "getting instance metadata..."
if ! [ -e "$metaDir/ami-manifest-path" ]; then wget_imds() {
wget ${wgetExtraOptions} -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path wget ${wgetExtraOptions} "$@"
fi }
if ! [ -e "$metaDir/user-data" ]; then wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
wget ${wgetExtraOptions} -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data" wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
fi wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
if ! [ -e "$metaDir/hostname" ]; then
wget ${wgetExtraOptions} -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
fi
if ! [ -e "$metaDir/public-keys-0-openssh-key" ]; then
wget ${wgetExtraOptions} -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
fi
'' ''

View file

@ -190,7 +190,7 @@ let
'' else '' '' else ''
''} ''}
''; '';
buildInputs = [ pkgs.utillinux ]; buildInputs = [ pkgs.util-linux ];
QEMU_OPTS = "-nographic -serial stdio -monitor none" QEMU_OPTS = "-nographic -serial stdio -monitor none"
+ lib.optionalString cfg.useEFIBoot ( + lib.optionalString cfg.useEFIBoot (
" -drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}" " -drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}"

View file

@ -201,8 +201,8 @@ in
'' ''
if [ -d /proc/xen ]; then if [ -d /proc/xen ]; then
${pkgs.kmod}/bin/modprobe xenfs 2> /dev/null ${pkgs.kmod}/bin/modprobe xenfs 2> /dev/null
${pkgs.utillinux}/bin/mountpoint -q /proc/xen || \ ${pkgs.util-linux}/bin/mountpoint -q /proc/xen || \
${pkgs.utillinux}/bin/mount -t xenfs none /proc/xen ${pkgs.util-linux}/bin/mount -t xenfs none /proc/xen
fi fi
''; '';

View file

@ -315,6 +315,7 @@ in
runInMachine = handleTest ./run-in-machine.nix {}; runInMachine = handleTest ./run-in-machine.nix {};
rxe = handleTest ./rxe.nix {}; rxe = handleTest ./rxe.nix {};
samba = handleTest ./samba.nix {}; samba = handleTest ./samba.nix {};
samba-wsdd = handleTest ./samba-wsdd.nix {};
sanoid = handleTest ./sanoid.nix {}; sanoid = handleTest ./sanoid.nix {};
sbt = handleTest ./sbt.nix {}; sbt = handleTest ./sbt.nix {};
sbt-extras = handleTest ./sbt-extras.nix {}; sbt-extras = handleTest ./sbt-extras.nix {};

View file

@ -33,9 +33,9 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword; initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;
smtp.enable = true; smtp.enable = true;
secrets = { secrets = {
secretFile = pkgs.writeText "secret" "Aig5zaic"; secretFile = pkgs.writeText "secret" "r8X9keSKynU7p4aKlh4GO1Bo77g5a7vj";
otpFile = pkgs.writeText "otpsecret" "Riew9mue"; otpFile = pkgs.writeText "otpsecret" "Zu5hGx3YvQx40DvI8WoZJQpX2paSDOlG";
dbFile = pkgs.writeText "dbsecret" "we2quaeZ"; dbFile = pkgs.writeText "dbsecret" "lsGltKWTejOf6JxCVa7nLDenzkO9wPLR";
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out"; jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
}; };
}; };

View file

@ -12,9 +12,9 @@ import ./make-test-python.nix ({ pkgs, ... }:
{ ... }: { ... }:
{ services.morty = { { services.morty = {
enable = true; enable = true;
key = "78a9cd0cfee20c672f78427efb2a2a96036027f0"; key = "78a9cd0cfee20c672f78427efb2a2a96036027f0";
port = 3001; port = 3001;
}; };
}; };
}; };

View file

@ -1,33 +1,125 @@
import ./make-test-python.nix { { pkgs, system ? builtins.currentSystem, ... }: let
name = "openldap"; dbContents = ''
dn: dc=example
machine = { pkgs, ... }: { objectClass: domain
services.openldap = { dc: example
enable = true;
suffix = "dc=example";
rootdn = "cn=root,dc=example";
rootpw = "notapassword";
database = "bdb";
extraDatabaseConfig = ''
directory /var/db/openldap
'';
declarativeContents = ''
dn: dc=example
objectClass: domain
dc: example
dn: ou=users,dc=example
objectClass: organizationalUnit
ou: users
'';
};
};
dn: ou=users,dc=example
objectClass: organizationalUnit
ou: users
'';
testScript = '' testScript = ''
machine.wait_for_unit("openldap.service") machine.wait_for_unit("openldap.service")
machine.succeed( machine.succeed(
"systemctl status openldap.service",
'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"', 'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
) )
''; '';
in {
# New-style configuration
current = import ./make-test-python.nix {
inherit testScript;
name = "openldap";
machine = { pkgs, ... }: {
environment.etc."openldap/root_password".text = "notapassword";
services.openldap = {
enable = true;
settings = {
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
"${pkgs.openldap}/etc/schema/nis.ldif"
];
"olcDatabase={1}mdb" = {
# This tests string, base64 and path values, as well as lists of string values
attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/db/openldap";
olcSuffix = "dc=example";
olcRootDN = {
# cn=root,dc=example
base64 = "Y249cm9vdCxkYz1leGFtcGxl";
};
olcRootPW = {
path = "/etc/openldap/root_password";
};
};
};
};
};
declarativeContents."dc=example" = dbContents;
};
};
};
# Old-style configuration
oldOptions = import ./make-test-python.nix {
inherit testScript;
name = "openldap";
machine = { pkgs, ... }: {
services.openldap = {
enable = true;
logLevel = "stats acl";
defaultSchemas = true;
database = "mdb";
suffix = "dc=example";
rootdn = "cn=root,dc=example";
rootpw = "notapassword";
declarativeContents."dc=example" = dbContents;
};
};
};
# Manually managed configDir, for example if dynamic config is essential
manualConfigDir = import ./make-test-python.nix {
name = "openldap";
machine = { pkgs, ... }: {
services.openldap = {
enable = true;
configDir = "/var/db/slapd.d";
};
};
testScript = let
contents = pkgs.writeText "data.ldif" dbContents;
config = pkgs.writeText "config.ldif" ''
dn: cn=config
cn: config
objectClass: olcGlobal
olcLogLevel: stats
olcPidFile: /run/slapd/slapd.pid
dn: cn=schema,cn=config
cn: schema
objectClass: olcSchemaConfig
include: file://${pkgs.openldap}/etc/schema/core.ldif
include: file://${pkgs.openldap}/etc/schema/cosine.ldif
include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/db/openldap
olcDbIndex: objectClass eq
olcSuffix: dc=example
olcRootDN: cn=root,dc=example
olcRootPW: notapassword
'';
in ''
machine.succeed(
"mkdir -p /var/db/slapd.d /var/db/openldap",
"slapadd -F /var/db/slapd.d -n0 -l ${config}",
"slapadd -F /var/db/slapd.d -n1 -l ${contents}",
"chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
"systemctl restart openldap",
)
'' + testScript;
};
} }

View file

@ -9,7 +9,7 @@ let
${parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s ${parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s
mkdir /mnt mkdir /mnt
${e2fsprogs}/bin/mkfs.ext4 /dev/vda1 ${e2fsprogs}/bin/mkfs.ext4 /dev/vda1
${utillinux}/bin/mount -t ext4 /dev/vda1 /mnt ${util-linux}/bin/mount -t ext4 /dev/vda1 /mnt
if test -e /mnt/.debug; then if test -e /mnt/.debug; then
exec ${bash}/bin/sh exec ${bash}/bin/sh

View file

@ -55,7 +55,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
parentHash = parentHash =
"0x0000000000000000000000000000000000000000000000000000000000000000"; "0x0000000000000000000000000000000000000000000000000000000000000000";
timestamp = "0x5cffc201"; timestamp = "0x5cffc201";
}; };
}; };
}; };
}; };

View file

@ -209,7 +209,7 @@ in
return false return false
end, end,
score = 5.0, score = 5.0,
description = 'Allow no cows', description = 'Allow no cows',
group = "cows", group = "cows",
} }
rspamd_logger.infox(rspamd_config, 'Work dammit!!!') rspamd_logger.infox(rspamd_config, 'Work dammit!!!')

View file

@ -0,0 +1,44 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "samba-wsdd";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ izorkin ];
nodes = {
client_wsdd = { pkgs, ... }: {
services.samba-wsdd = {
enable = true;
interface = "eth1";
workgroup = "WORKGROUP";
hostname = "CLIENT-WSDD";
discovery = true;
extraOptions = [ "--no-host" ];
};
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
};
server_wsdd = { ... }: {
services.samba-wsdd = {
enable = true;
interface = "eth1";
workgroup = "WORKGROUP";
hostname = "SERVER-WSDD";
};
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
};
};
testScript = ''
client_wsdd.start()
client_wsdd.wait_for_unit("samba-wsdd")
server_wsdd.start()
server_wsdd.wait_for_unit("samba-wsdd")
client_wsdd.wait_until_succeeds(
"echo list | ${pkgs.libressl.nc}/bin/nc -U /run/wsdd/wsdd.sock | grep -i SERVER-WSDD"
)
'';
})

View file

@ -1,4 +1,4 @@
import ./make-test-python.nix ({ pkgs, ... }: ({ pkgs, ... }:
let let
dbDomain = "example.org"; dbDomain = "example.org";
dbSuffix = "dc=example,dc=org"; dbSuffix = "dc=example,dc=org";
@ -7,8 +7,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
ldapRootPassword = "foobar"; ldapRootPassword = "foobar";
testUser = "alice"; testUser = "alice";
in in import ./make-test-python.nix {
{
name = "sssd-ldap"; name = "sssd-ldap";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {
@ -18,34 +17,53 @@ import ./make-test-python.nix ({ pkgs, ... }:
machine = { pkgs, ... }: { machine = { pkgs, ... }: {
services.openldap = { services.openldap = {
enable = true; enable = true;
rootdn = "cn=${ldapRootUser},${dbSuffix}"; settings = {
rootpw = ldapRootPassword; children = {
suffix = dbSuffix; "cn=schema".includes = [
declarativeContents = '' "${pkgs.openldap}/etc/schema/core.ldif"
dn: ${dbSuffix} "${pkgs.openldap}/etc/schema/cosine.ldif"
objectClass: top "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
objectClass: dcObject "${pkgs.openldap}/etc/schema/nis.ldif"
objectClass: organization ];
o: ${dbDomain} "olcDatabase={1}mdb" = {
attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/db/openldap";
olcSuffix = dbSuffix;
olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
olcRootPW = ldapRootPassword;
};
};
};
};
declarativeContents = {
${dbSuffix} = ''
dn: ${dbSuffix}
objectClass: top
objectClass: dcObject
objectClass: organization
o: ${dbDomain}
dn: ou=posix,${dbSuffix} dn: ou=posix,${dbSuffix}
objectClass: top objectClass: top
objectClass: organizationalUnit objectClass: organizationalUnit
dn: ou=accounts,ou=posix,${dbSuffix} dn: ou=accounts,ou=posix,${dbSuffix}
objectClass: top objectClass: top
objectClass: organizationalUnit objectClass: organizationalUnit
dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
objectClass: person objectClass: person
objectClass: posixAccount objectClass: posixAccount
# userPassword: somePasswordHash # userPassword: somePasswordHash
homeDirectory: /home/${testUser} homeDirectory: /home/${testUser}
uidNumber: 1234 uidNumber: 1234
gidNumber: 1234 gidNumber: 1234
cn: "" cn: ""
sn: "" sn: ""
''; '';
};
}; };
services.sssd = { services.sssd = {

View file

@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
systemd.shutdown.test = pkgs.writeScript "test.shutdown" '' systemd.shutdown.test = pkgs.writeScript "test.shutdown" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
PATH=${lib.makeBinPath (with pkgs; [ utillinux coreutils ])} PATH=${lib.makeBinPath (with pkgs; [ util-linux coreutils ])}
mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared
touch /tmp/shared/shutdown-test touch /tmp/shared/shutdown-test
umount /tmp/shared umount /tmp/shared

View file

@ -24,7 +24,7 @@ let
miniInit = '' miniInit = ''
#!${pkgs.runtimeShell} -xe #!${pkgs.runtimeShell} -xe
export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.utillinux ]}" export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.util-linux ]}"
mkdir -p /run/dbus mkdir -p /run/dbus
cat > /etc/passwd <<EOF cat > /etc/passwd <<EOF
@ -72,7 +72,7 @@ let
boot.initrd.extraUtilsCommands = '' boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf" copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf"
copy_bin_and_libs "${pkgs.utillinux}/bin/unshare" copy_bin_and_libs "${pkgs.util-linux}/bin/unshare"
${(attrs.extraUtilsCommands or (const "")) pkgs} ${(attrs.extraUtilsCommands or (const "")) pkgs}
''; '';
@ -122,7 +122,7 @@ let
"$diskImage" "$out/disk.vdi" "$diskImage" "$out/disk.vdi"
''; '';
buildInputs = [ pkgs.utillinux pkgs.perl ]; buildInputs = [ pkgs.util-linux pkgs.perl ];
} '' } ''
${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s ${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s

View file

@ -1,4 +1,4 @@
{ fetchurl, bitwig-studio1, pulseaudio, xorg }: { fetchurl, bitwig-studio1, pulseaudio, libjack2, xorg }:
bitwig-studio1.overrideAttrs (oldAttrs: rec { bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}"; name = "bitwig-studio-${version}";
@ -11,7 +11,7 @@ bitwig-studio1.overrideAttrs (oldAttrs: rec {
buildInputs = oldAttrs.buildInputs ++ [ xorg.libXtst ]; buildInputs = oldAttrs.buildInputs ++ [ xorg.libXtst ];
runtimeDependencies = [ pulseaudio ]; runtimeDependencies = [ pulseaudio libjack2 ];
installPhase = '' installPhase = ''
${oldAttrs.installPhase} ${oldAttrs.installPhase}

View file

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, makeWrapper, rofi, mpc_cli, perl, { stdenv, fetchFromGitHub, makeWrapper, rofi, mpc_cli, perl,
utillinux, pythonPackages, libnotify }: util-linux, pythonPackages, libnotify }:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "clerk-2016-10-14"; name = "clerk-2016-10-14";
@ -18,7 +18,7 @@ stdenv.mkDerivation {
installPhase = '' installPhase = ''
DESTDIR=$out PREFIX=/ make install DESTDIR=$out PREFIX=/ make install
wrapProgram $out/bin/clerk \ wrapProgram $out/bin/clerk \
--prefix PATH : "${stdenv.lib.makeBinPath [ rofi mpc_cli perl utillinux libnotify ]}" --prefix PATH : "${stdenv.lib.makeBinPath [ rofi mpc_cli perl util-linux libnotify ]}"
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

View file

@ -9,13 +9,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ft2-clone"; pname = "ft2-clone";
version = "1.40"; version = "1.41_fix";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "8bitbubsy"; owner = "8bitbubsy";
repo = "ft2-clone"; repo = "ft2-clone";
rev = "v${version}"; rev = "v${version}";
sha256 = "0qc3hai6fhn4amk5ixmxx3yswsi25qpax0r9nvvnyhbcb6crqcs1"; sha256 = "0c7jli79ckachl5n2rbhc4yzml8nc36pl9yzxcwgaz544q8pzmaa";
}; };
nativeBuildInputs = [ cmake ]; nativeBuildInputs = [ cmake ];

View file

@ -4,7 +4,7 @@
let let
pname = "HybridReverb2"; pname = "HybridReverb2";
version = "2.1.1"; version = "2.1.2";
owner = "jpcima"; owner = "jpcima";
DBversion = "1.0.0"; DBversion = "1.0.0";
in in
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
inherit owner; inherit owner;
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "15mba9qvlis0qrklr50wp3jdysvmk33m7pvclp0k1is9pirj97cb"; sha256 = "16r20plz1w068bgbkrydv01a991ygjybdya3ah7bhp3m5xafjwqb";
fetchSubmodules = true; fetchSubmodules = true;
}; };

View file

@ -1,16 +0,0 @@
commit 4ec09e6f6e00e40622a5207ed24dc657da9a9090
Author: Pavol Rusnak <stick@gk2.sk>
Date: Tue Dec 4 12:06:22 2018 +0100
build: add install: true to executable in meson.build
diff --git a/meson.build b/meson.build
index 050e1b1..9224ed5 100644
--- a/meson.build
+++ b/meson.build
@@ -39,4 +39,5 @@ endforeach
# compile the main project
executable('luppp', luppp_src + [version_hxx],
+ install: true,
dependencies: deps)

View file

@ -1,4 +1,5 @@
{ stdenv, fetchFromGitHub { stdenv
, fetchFromGitHub
, meson , meson
, ninja , ninja
, pkgconfig , pkgconfig
@ -12,26 +13,32 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "luppp"; pname = "luppp";
version = "1.2.0"; version = "1.2.1";
patches = [ ./build-install.patch ];
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "openAVproductions"; owner = "openAVproductions";
repo = "openAV-Luppp"; repo = "openAV-Luppp";
rev = "release-${version}"; rev = "release-${version}";
sha256 = "194yq0lqc2psq9vyxmzif40ccawcvd9jndcn18mkz4f8h5w5rc1a"; sha256 = "1ncbn099fyfnr7jw2bp3wf2g9k738lw53m6ssw6wji2wxwmghv78";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
meson ninja pkgconfig meson
ninja
pkgconfig
]; ];
buildInputs = [ buildInputs = [
jack2 cairo liblo libsndfile libsamplerate ntk jack2
cairo
liblo
libsndfile
libsamplerate
ntk
]; ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
homepage = "http://openavproductions.com/luppp/"; homepage = "http://openavproductions.com/luppp/"; # https does not work
description = "A music creation tool, intended for live use"; description = "A music creation tool, intended for live use";
license = licenses.gpl3Plus; license = licenses.gpl3Plus;
maintainers = with maintainers; [ prusnak ]; maintainers = with maintainers; [ prusnak ];

View file

@ -13,13 +13,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "mamba"; pname = "mamba";
version = "1.7"; version = "1.8";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "brummer10"; owner = "brummer10";
repo = "Mamba"; repo = "Mamba";
rev = "v${version}"; rev = "v${version}";
sha256 = "1i78snpyxap2r4899967nyfr8hg20k45nsbshs9h6hdxbfwhikbc"; sha256 = "049gvdvvv3hkh1b47h0bia02g1p71agwh6g7q0n4yxz4d81b8kha";
fetchSubmodules = true; fetchSubmodules = true;
}; };

View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl, lib, libX11, libXext, alsaLib, freetype, brand, type, version, homepage, sha256, ... }: { stdenv, fetchurl, lib, libX11, libXext, alsaLib, freetype, brand, type, version, homepage, url, sha256, ... }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
inherit type; inherit type;
baseName = "${type}-Edit"; baseName = "${type}-Edit";
name = "${lib.toLower baseName}-${version}"; name = "${lib.toLower baseName}-${version}";
src = fetchurl { src = fetchurl {
url = "http://downloads.music-group.com/software/behringer/${type}/${type}-Edit_LINUX_64bit_${version}.tar.gz"; inherit url;
inherit sha256; inherit sha256;
}; };

Some files were not shown because too many files have changed in this diff Show more