Project import generated by Copybara.

GitOrigin-RevId: 6f0c00907bbd81b47052eef59f7b284926a77289
This commit is contained in:
Default email 2020-11-24 21:58:05 +01:00
parent 4c0778487f
commit 93ffb054db
668 changed files with 25836 additions and 6850 deletions

View file

@ -213,7 +213,7 @@
/doc/builders/images/dockertools.xml @roberth
# Blockchains
/pkgs/applications/blockchains @mmahut
/pkgs/applications/blockchains @mmahut @RaghavSood
# Go
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq

View file

@ -640,13 +640,7 @@ rec {
unique [ 3 2 3 4 ]
=> [ 3 2 4 ]
*/
unique = list:
if list == [] then
[]
else
let
x = head list;
in [x] ++ unique (remove x list);
unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
/* Intersects list 'e' and another list. O(nm) complexity.

View file

@ -34,6 +34,11 @@ rec {
platform = platforms.raspberrypi;
};
remarkable1 = {
config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.zero-gravitas;
};
armv7l-hf-multiplatform = {
config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.armv7l-hf-multiplatform;

View file

@ -203,6 +203,20 @@ rec {
# Legacy attribute, for compatibility with existing configs only.
raspberrypi2 = armv7l-hf-multiplatform;
zero-gravitas = {
name = "zero-gravitas";
kernelBaseConfig = "zero-gravitas_defconfig";
kernelArch = "arm";
# kernelTarget verified by checking /boot on reMarkable 1 device
kernelTarget = "zImage";
kernelAutoModules = false;
kernelDTB = true;
gcc = {
fpu = "neon";
cpu = "cortex-a9";
};
};
scaleway-c1 = armv7l-hf-multiplatform // {
gcc = {
cpu = "cortex-a9";

View file

@ -5496,6 +5496,12 @@
githubId = 1191859;
name = "Maxim Krivchikov";
};
mazurel = {
email = "mateusz.mazur@yahoo.com";
github = "Mazurel";
githubId = 22836301;
name = "Mateusz Mazur";
};
mbakke = {
email = "mbakke@fastmail.com";
github = "mbakke";
@ -9998,4 +10004,10 @@
github = "pulsation";
githubId = 1838397;
};
zupo = {
name = "Nejc Zupan";
email = "nejczupan+nix@gmail.com";
github = "zupo";
githubId = 311580;
};
}

View file

@ -23,6 +23,7 @@
<xi:include href="xfce.xml" />
<xi:include href="networking.xml" />
<xi:include href="linux-kernel.xml" />
<xi:include href="subversion.xml" />
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
<xi:include href="profiles.xml" />
<xi:include href="kubernetes.xml" />

View file

@ -0,0 +1,140 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-subversion">
<title>Subversion</title>
<para>
<link xlink:href="https://subversion.apache.org/">Subversion</link>
is a centralized version-control system. It can use a <link
xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing">variety
of protocols</link> for communication between client and server.
</para>
<section xml:id="module-services-subversion-apache-httpd">
<title>Subversion inside Apache HTTP</title>
<para>
This section focuses on configuring a web-based server on top of
the Apache HTTP server, which uses
<link xlink:href="http://www.webdav.org/">WebDAV</link>/<link
xlink:href="http://www.webdav.org/deltav/WWW10/deltav-intro.htm">DeltaV</link>
for communication.
</para>
<para>For more information on the general setup, please refer to
the <link
xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd">the
appropriate section of the Subversion book</link>.
</para>
<para>To configure, include in
<literal>/etc/nixos/configuration.nix</literal> code to activate
Apache HTTP, setting <xref linkend="opt-services.httpd.adminAddr" />
appropriately:
</para>
<para>
<programlisting>
services.httpd.enable = true;
services.httpd.adminAddr = ...;
networking.firewall.allowedTCPPorts = [ 80 443 ];
</programlisting>
</para>
<para>For a simple Subversion server with basic authentication,
configure the Subversion module for Apache as follows, setting
<literal>hostName</literal> and <literal>documentRoot</literal>
appropriately, and <literal>SVNParentPath</literal> to the parent
directory of the repositories,
<literal>AuthzSVNAccessFile</literal> to the location of the
<code>.authz</code> file describing access permission, and
<literal>AuthUserFile</literal> to the password file.
</para>
<para>
<programlisting>
services.httpd.extraModules = [
# note that order is *super* important here
{ name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; }
{ name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; }
];
services.httpd.virtualHosts = {
"svn" = {
hostName = HOSTNAME;
documentRoot = DOCUMENTROOT;
locations."/svn".extraConfig = ''
DAV svn
SVNParentPath REPO_PARENT
AuthzSVNAccessFile ACCESS_FILE
AuthName "SVN Repositories"
AuthType Basic
AuthUserFile PASSWORD_FILE
Require valid-user
'';
}
</programlisting>
</para>
<para>
The key <code>"svn"</code> is just a symbolic name identifying the
virtual host. The <code>"/svn"</code> in
<code>locations."/svn".extraConfig</code> is the path underneath
which the repositories will be served.
</para>
<para><link
xlink:href="https://wiki.archlinux.org/index.php/Subversion">This
page</link> explains how to set up the Subversion configuration
itself. This boils down to the following:
</para>
<para>
Underneath <literal>REPO_PARENT</literal> repositories can be set up
as follows:
</para>
<para>
<screen>
<prompt>$ </prompt> svn create REPO_NAME
</screen>
</para>
<para>Repository files need to be accessible by
<literal>wwwrun</literal>:
</para>
<para>
<screen>
<prompt>$ </prompt> chown -R wwwrun:wwwrun REPO_PARENT
</screen>
</para>
<para>
The password file <literal>PASSWORD_FILE</literal> can be created as follows:
</para>
<para>
<screen>
<prompt>$ </prompt> htpasswd -cs PASSWORD_FILE USER_NAME
</screen>
</para>
<para>
Additional users can be set up similarly, omitting the
<code>c</code> flag:
</para>
<para>
<screen>
<prompt>$ </prompt> htpasswd -s PASSWORD_FILE USER_NAME
</screen>
</para>
<para>
The file describing access permissions
<literal>ACCESS_FILE</literal> will look something like
the following:
</para>
<para>
<programlisting>
[/]
* = r
[REPO_NAME:/]
USER_NAME = rw
</programlisting>
</para>
<para>The Subversion repositories will be accessible as <code>http://HOSTNAME/svn/REPO_NAME</code>.</para>
</section>
</chapter>

View file

@ -56,6 +56,11 @@
section of the NixOS manual</link> for more information.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.samba-wsdd.enable" /> Web Services Dynamic Discovery host daemon
</para>
</listitem>
</itemizedlist>
</section>
@ -101,6 +106,13 @@
for more info.
</para>
</listitem>
<listitem>
<para>
Setting <option>services.openssh.authorizedKeysFiles</option> now also affects which keys <option>security.pam.enableSSHAgentAuth</option> will use.
WARNING: If you are using these options in combination do make sure that any key paths you use are present in <option>services.openssh.authorizedKeysFiles</option>!
</para>
</listitem>
<listitem>
<para>
The option <option>fonts.enableFontDir</option> has been renamed to
@ -185,6 +197,48 @@
which is the new stable release. OpenAFS 1.6 was removed.
</para>
</listitem>
<listitem>
<para>
The <literal>openldap</literal> module now has support for OLC-style
configuration, users of the <literal>configDir</literal> option may wish
to migrate. If you continue to use <literal>configDir</literal>, ensure that
<literal>olcPidFile</literal> is set to <literal>/run/slapd/slapd.pid</literal>.
</para>
<para>
As a result, <literal>extraConfig</literal> and <literal>extraDatabaseConfig</literal>
are removed. To help with migration, you can convert your <literal>slapd.conf</literal>
file to OLC configuration with the following script (find the location of this
configuration file by running <literal>systemctl status openldap</literal>, it is the
<literal>-f</literal> option.
</para>
<programlisting>
TMPDIR=$(mktemp -d)
slaptest -f /path/to/slapd.conf $TMPDIR
slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
</programlisting>
<para>
This will dump your current configuration in LDIF format, which should be
straightforward to convert into Nix settings. This does not show your schema
configuration, as this is unnecessarily verbose for users of the default schemas
and <literal>slaptest</literal> is buggy with schemas directly in the config file.
</para>
</listitem>
<listitem>
<para>
Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance
metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and
restarting the instance will now cause it to fetch and apply the new user data.
</para>
<warning>
<para>
Specifically, <literal>/etc/ec2-metadata</literal> is re-populated on each boot. Some NixOS scripts that read
from this directory are guarded to only run if the files they want to manipulate do not already exist, and so
will not re-apply their changes if the IMDS response changes. Examples: <literal>root</literal>'s SSH key is
only added if <literal>/root/.ssh/authorized_keys</literal> does not exist, and SSH host keys are only set from
user data if they do not exist in <literal>/etc/ssh</literal>.
</para>
</warning>
</listitem>
</itemizedlist>
</section>

View file

@ -134,7 +134,7 @@ let format' = format; in let
binPath = with pkgs; makeBinPath (
[ rsync
utillinux
util-linux
parted
e2fsprogs
lkl
@ -239,7 +239,7 @@ let format' = format; in let
in pkgs.vmTools.runInLinuxVM (
pkgs.runCommand name
{ preVM = prepareImage;
buildInputs = with pkgs; [ utillinux e2fsprogs dosfstools ];
buildInputs = with pkgs; [ util-linux e2fsprogs dosfstools ];
postVM = ''
${if format == "raw" then ''
mv $diskImage $out/${filename}

View file

@ -187,7 +187,7 @@ in
before = [ "${realDevice'}.swap" ];
# If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
path = [ pkgs.utillinux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
path = [ pkgs.util-linux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
script =
''

View file

@ -37,7 +37,7 @@ let
pkgs.procps
pkgs.su
pkgs.time
pkgs.utillinux
pkgs.util-linux
pkgs.which
pkgs.zstd
];

View file

@ -80,15 +80,6 @@ in
'';
};
memoryMax = mkOption {
default = null;
type = with types; nullOr int;
description = ''
Maximum total amount of memory (in bytes) that can be used by the zram
swap devices.
'';
};
priority = mkOption {
default = 5;
type = types.int;
@ -155,16 +146,11 @@ in
# Calculate memory to use for zram
mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / {
value=int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024);
${if cfg.memoryMax != null then ''
memory_max=int(${toString cfg.memoryMax}/${toString devicesCount});
if (value > memory_max) { value = memory_max }
'' else ""}
print value
print int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024)
}' /proc/meminfo)
${pkgs.utillinux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
${pkgs.utillinux}/sbin/mkswap /dev/${dev}
${pkgs.util-linux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
${pkgs.util-linux}/sbin/mkswap /dev/${dev}
'';
restartIfChanged = false;
};

View file

@ -147,10 +147,10 @@ in
sdImage.storePaths = [ config.system.build.toplevel ];
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
mtools, libfaketime, utillinux, zstd }: stdenv.mkDerivation {
mtools, libfaketime, util-linux, zstd }: stdenv.mkDerivation {
name = config.sdImage.imageName;
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux zstd ];
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime util-linux zstd ];
inherit (config.sdImage) compressImage;
@ -221,7 +221,7 @@ in
set -euo pipefail
set -x
# Figure out device names for the boot device and root filesystem.
rootPart=$(${pkgs.utillinux}/bin/findmnt -n -o SOURCE /)
rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /)
bootDevice=$(lsblk -npo PKNAME $rootPart)
# Resize the root partition and the filesystem to fit the disk

View file

@ -96,7 +96,7 @@ in
boot.initrd.extraUtilsCommands =
''
copy_bin_and_libs ${pkgs.utillinux}/sbin/hwclock
copy_bin_and_libs ${pkgs.util-linux}/sbin/hwclock
'';
boot.initrd.postDeviceCommands =

View file

@ -135,7 +135,7 @@ in
#keys = 96; # unused
#haproxy = 97; # dynamically allocated as of 2020-03-11
mongodb = 98;
openldap = 99;
#openldap = 99; # dynamically allocated as of PR#94610
#users = 100; # unused
cgminer = 101;
munin = 102;
@ -451,7 +451,7 @@ in
keys = 96;
#haproxy = 97; # dynamically allocated as of 2020-03-11
#mongodb = 98; # unused
openldap = 99;
#openldap = 99; # dynamically allocated as of PR#94610
munin = 102;
#logcheck = 103; # unused
#nix-ssh = 104; # unused

View file

@ -583,6 +583,7 @@
./services/network-filesystems/orangefs/client.nix
./services/network-filesystems/rsyncd.nix
./services/network-filesystems/samba.nix
./services/network-filesystems/samba-wsdd.nix
./services/network-filesystems/tahoe.nix
./services/network-filesystems/diod.nix
./services/network-filesystems/u9fs.nix

View file

@ -110,7 +110,7 @@ in {
"L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
"L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
"L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
"L+ /usr/local/bin/setsid - - - - ${utillinux}/bin/setsid"
"L+ /usr/local/bin/setsid - - - - ${util-linux}/bin/setsid"
"L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
"L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
];

View file

@ -396,7 +396,7 @@ let
${optionalString cfg.logFailures
"auth required pam_tally.so"}
${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"}
${optionalString cfg.fprintAuth
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth

View file

@ -60,7 +60,7 @@ in
<!-- if activated, requires ofl from hxtools to be present -->
<logout wait="0" hup="no" term="no" kill="no" />
<!-- set PATH variable for pam_mount module -->
<path>${pkgs.utillinux}/bin</path>
<path>${pkgs.util-linux}/bin</path>
<!-- create mount point if not present -->
<mkmountpoint enable="1" remove="true" />

View file

@ -163,8 +163,8 @@ in
# These are mount related wrappers that require the +s permission.
fusermount.source = "${pkgs.fuse}/bin/fusermount";
fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
mount.source = "${lib.getBin pkgs.utillinux}/bin/mount";
umount.source = "${lib.getBin pkgs.utillinux}/bin/umount";
mount.source = "${lib.getBin pkgs.util-linux}/bin/mount";
umount.source = "${lib.getBin pkgs.util-linux}/bin/umount";
};
boot.specialFileSystems.${parentWrapperDir} = {

View file

@ -45,7 +45,7 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = with pkgs; [
utillinux # for dmesg
util-linux # for dmesg
];
serviceConfig = {
ExecStart = "${pkgs.salt}/bin/salt-master";

View file

@ -50,7 +50,7 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = with pkgs; [
utillinux
util-linux
];
serviceConfig = {
ExecStart = "${pkgs.salt}/bin/salt-minion";

View file

@ -308,7 +308,7 @@ in
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
path = with pkgs; [ iputils tarsnap utillinux ];
path = with pkgs; [ iputils tarsnap util-linux ];
# In order for the persistent tarsnap timer to work reliably, we have to
# make sure that the tarsnap server is reachable after systemd starts up
@ -355,7 +355,7 @@ in
description = "Tarsnap restore '${name}'";
requires = [ "network-online.target" ];
path = with pkgs; [ iputils tarsnap utillinux ];
path = with pkgs; [ iputils tarsnap util-linux ];
script = let
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';

View file

@ -241,7 +241,7 @@ in
description = "Kubernetes Kubelet Service";
wantedBy = [ "kubernetes.target" ];
after = [ "network.target" "docker.service" "kube-apiserver.service" ];
path = with pkgs; [ gitMinimal openssh docker utillinux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path;
path = with pkgs; [ gitMinimal openssh docker util-linux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path;
preStart = ''
${concatMapStrings (img: ''
echo "Seeding docker image: ${img}"

View file

@ -32,7 +32,7 @@ in
environment.systemPackages = [ pkgs.torque ];
systemd.services.torque-mom-init = {
path = with pkgs; [ torque utillinux procps inetutils ];
path = with pkgs; [ torque util-linux procps inetutils ];
script = ''
pbs_mkdirs -v aux

View file

@ -21,7 +21,7 @@ in
environment.systemPackages = [ pkgs.torque ];
systemd.services.torque-server-init = {
path = with pkgs; [ torque utillinux procps inetutils ];
path = with pkgs; [ torque util-linux procps inetutils ];
script = ''
tmpsetup=$(mktemp -t torque-XXXX)

View file

@ -541,7 +541,7 @@ in
jq
moreutils
remarshal
utillinux
util-linux
cfg.package
] ++ cfg.extraPackages;
reloadIfChanged = true;

View file

@ -233,7 +233,7 @@ in
type = types.str;
default = "Check.Valid=1,Check.Unexpired=1";
description = ''
"Peer verification string". This may be used to adjust which TLS
"Peer verification string". This may be used to adjust which TLS
client certificates a server will accept, as a form of user
authorization; for example, it may only accept TLS clients who
offer a certificate abiding by some locality or organization name.

View file

@ -1,43 +1,121 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.openldap;
legacyOptions = [ "rootpwFile" "suffix" "dataDir" "rootdn" "rootpw" ];
openldap = cfg.package;
configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas ''
include ${openldap.out}/etc/schema/core.schema
include ${openldap.out}/etc/schema/cosine.schema
include ${openldap.out}/etc/schema/inetorgperson.schema
include ${openldap.out}/etc/schema/nis.schema
'') + ''
${cfg.extraConfig}
database ${cfg.database}
suffix ${cfg.suffix}
rootdn ${cfg.rootdn}
${if (cfg.rootpw != null) then ''
rootpw ${cfg.rootpw}
'' else ''
include ${cfg.rootpwFile}
''}
directory ${cfg.dataDir}
${cfg.extraDatabaseConfig}
'');
configOpts = if cfg.configDir == null then "-f ${configFile}"
else "-F ${cfg.configDir}";
in
ldapValueType = let
# Can't do types.either with multiple non-overlapping submodules, so define our own
singleLdapValueType = lib.mkOptionType rec {
name = "LDAP";
description = "LDAP value";
check = x: lib.isString x || (lib.isAttrs x && (x ? path || x ? base64));
merge = lib.mergeEqualOption;
};
# We don't coerce to lists of single values, as some values must be unique
in types.either singleLdapValueType (types.listOf singleLdapValueType);
{
ldapAttrsType =
let
options = {
attrs = mkOption {
type = types.attrsOf ldapValueType;
default = {};
description = "Attributes of the parent entry.";
};
children = mkOption {
# Hide the child attributes, to avoid infinite recursion in e.g. documentation
# Actual Nix evaluation is lazy, so this is not an issue there
type = let
hiddenOptions = lib.mapAttrs (name: attr: attr // { visible = false; }) options;
in types.attrsOf (types.submodule { options = hiddenOptions; });
default = {};
description = "Child entries of the current entry, with recursively the same structure.";
example = lib.literalExample ''
{
"cn=schema" = {
# The attribute used in the DN must be defined
attrs = { cn = "schema"; };
children = {
# This entry's DN is expanded to "cn=foo,cn=schema"
"cn=foo" = { ... };
};
# These includes are inserted after "cn=schema", but before "cn=foo,cn=schema"
includes = [ ... ];
};
}
'';
};
includes = mkOption {
type = types.listOf types.path;
default = [];
description = ''
LDIF files to include after the parent's attributes but before its children.
'';
};
};
in types.submodule { inherit options; };
###### interface
valueToLdif = attr: values: let
listValues = if lib.isList values then values else lib.singleton values;
in map (value:
if lib.isAttrs value then
if lib.hasAttr "path" value
then "${attr}:< file://${value.path}"
else "${attr}:: ${value.base64}"
else "${attr}: ${lib.replaceStrings [ "\n" ] [ "\n " ] value}"
) listValues;
attrsToLdif = dn: { attrs, children, includes, ... }: [''
dn: ${dn}
${lib.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList valueToLdif attrs))}
''] ++ (map (path: "include: file://${path}\n") includes) ++ (
lib.flatten (lib.mapAttrsToList (name: value: attrsToLdif "${name},${dn}" value) children)
);
in {
imports = let
deprecationNote = "This option is removed due to the deprecation of `slapd.conf` upstream. Please migrate to `services.openldap.settings`, see the release notes for advice with this process.";
mkDatabaseOption = old: new:
lib.mkChangedOptionModule [ "services" "openldap" old ] [ "services" "openldap" "settings" "children" ]
(config: let
database = lib.getAttrFromPath [ "services" "openldap" "database" ] config;
value = lib.getAttrFromPath [ "services" "openldap" old ] config;
in lib.setAttrByPath ([ "olcDatabase={1}${database}" "attrs" ] ++ new) value);
in [
(lib.mkRemovedOptionModule [ "services" "openldap" "extraConfig" ] deprecationNote)
(lib.mkRemovedOptionModule [ "services" "openldap" "extraDatabaseConfig" ] deprecationNote)
(lib.mkChangedOptionModule [ "services" "openldap" "logLevel" ] [ "services" "openldap" "settings" "attrs" "olcLogLevel" ]
(config: lib.splitString " " (lib.getAttrFromPath [ "services" "openldap" "logLevel" ] config)))
(lib.mkChangedOptionModule [ "services" "openldap" "defaultSchemas" ] [ "services" "openldap" "settings" "children" "cn=schema" "includes"]
(config: lib.optionals (lib.getAttrFromPath [ "services" "openldap" "defaultSchemas" ] config) (
map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ])))
(lib.mkChangedOptionModule [ "services" "openldap" "database" ] [ "services" "openldap" "settings" "children" ]
(config: let
database = lib.getAttrFromPath [ "services" "openldap" "database" ] config;
in {
"olcDatabase={1}${database}".attrs = {
# objectClass is case-insensitive, so don't need to capitalize ${database}
objectClass = [ "olcdatabaseconfig" "olc${database}config" ];
olcDatabase = "{1}${database}";
olcDbDirectory = lib.mkDefault "/var/db/openldap";
};
"cn=schema".includes = lib.mkDefault (
map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ]
);
}))
(mkDatabaseOption "rootpwFile" [ "olcRootPW" "path" ])
(mkDatabaseOption "suffix" [ "olcSuffix" ])
(mkDatabaseOption "dataDir" [ "olcDbDirectory" ])
(mkDatabaseOption "rootdn" [ "olcRootDN" ])
(mkDatabaseOption "rootpw" [ "olcRootPW" ])
];
options = {
services.openldap = {
enable = mkOption {
type = types.bool;
default = false;
@ -77,224 +155,170 @@ in
example = [ "ldaps:///" ];
};
dataDir = mkOption {
type = types.path;
default = "/var/db/openldap";
description = "The database directory.";
};
defaultSchemas = mkOption {
type = types.bool;
default = true;
description = ''
Include the default schemas core, cosine, inetorgperson and nis.
This setting will be ignored if configDir is set.
settings = mkOption {
type = ldapAttrsType;
description = "Configuration for OpenLDAP, in OLC format";
example = lib.literalExample ''
{
attrs.olcLogLevel = [ "stats" ];
children = {
"cn=schema".includes = [
"\${pkgs.openldap}/etc/schema/core.ldif"
"\${pkgs.openldap}/etc/schema/cosine.ldif"
"\${pkgs.openldap}/etc/schema/inetorgperson.ldif"
];
"olcDatabase={-1}frontend" = {
attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{-1}frontend";
olcAccess = [ "{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop" ];
};
};
"olcDatabase={0}config" = {
attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{0}config";
olcAccess = [ "{0}to * by * none break" ];
};
};
"olcDatabase={1}mdb" = {
attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/db/ldap";
olcDbIndex = [
"objectClass eq"
"cn pres,eq"
"uid pres,eq"
"sn pres,eq,subany"
];
olcSuffix = "dc=example,dc=com";
olcAccess = [ "{0}to * by * read break" ];
};
};
};
};
'';
};
database = mkOption {
type = types.str;
default = "mdb";
description = ''
Database type to use for the LDAP.
This setting will be ignored if configDir is set.
'';
};
suffix = mkOption {
type = types.str;
example = "dc=example,dc=org";
description = ''
Specify the DN suffix of queries that will be passed to this backend
database.
This setting will be ignored if configDir is set.
'';
};
rootdn = mkOption {
type = types.str;
example = "cn=admin,dc=example,dc=org";
description = ''
Specify the distinguished name that is not subject to access control
or administrative limit restrictions for operations on this database.
This setting will be ignored if configDir is set.
'';
};
rootpw = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password for the root user.
This setting will be ignored if configDir is set.
Using this option will store the root password in plain text in the
world-readable nix store. To avoid this the <literal>rootpwFile</literal> can be used.
'';
};
rootpwFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password file for the root user.
The file should contain the string <literal>rootpw</literal> followed by the password.
e.g.: <literal>rootpw mysecurepassword</literal>
'';
};
logLevel = mkOption {
type = types.str;
default = "0";
example = "acl trace";
description = "The log level selector of slapd.";
};
# This option overrides settings
configDir = mkOption {
type = types.nullOr types.path;
default = null;
description = "Use this optional config directory instead of using slapd.conf";
description = ''
Use this config directory instead of generating one from the
<literal>settings</literal> option. Overrides all NixOS settings. If
you use this option,ensure `olcPidFile` is set to `/run/slapd/slapd.conf`.
'';
example = "/var/db/slapd.d";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "
slapd.conf configuration
";
example = literalExample ''
'''
include ${openldap.out}/etc/schema/core.schema
include ${openldap.out}/etc/schema/cosine.schema
include ${openldap.out}/etc/schema/inetorgperson.schema
include ${openldap.out}/etc/schema/nis.schema
database bdb
suffix dc=example,dc=org
rootdn cn=admin,dc=example,dc=org
# NOTE: change after first start
rootpw secret
directory /var/db/openldap
'''
'';
};
declarativeContents = mkOption {
type = with types; nullOr lines;
default = null;
type = with types; attrsOf lines;
default = {};
description = ''
Declarative contents for the LDAP database, in LDIF format.
Declarative contents for the LDAP database, in LDIF format by suffix.
Note a few facts when using it. First, the database
<emphasis>must</emphasis> be stored in the directory defined by
<code>dataDir</code>. Second, all <code>dataDir</code> will be erased
when starting the LDAP server. Third, modifications to the database
are not prevented, they are just dropped on the next reboot of the
server. Finally, performance-wise the database and indexes are rebuilt
on each server startup, so this will slow down server startup,
All data will be erased when starting the LDAP server. Modifications
to the database are not prevented, they are just dropped on the next
reboot of the server. Performance-wise the database and indexes are
rebuilt on each server startup, so this will slow down server startup,
especially with large databases.
'';
example = ''
dn: dc=example,dc=org
objectClass: domain
dc: example
example = lib.literalExample ''
{
"dc=example,dc=org" = '''
dn= dn: dc=example,dc=org
objectClass: domain
dc: example
dn: ou=users,dc=example,dc=org
objectClass = organizationalUnit
ou: users
dn: ou=users,dc=example,dc=org
objectClass = organizationalUnit
ou: users
# ...
# ...
''';
}
'';
};
extraDatabaseConfig = mkOption {
type = types.lines;
default = "";
description = ''
slapd.conf configuration after the database option.
This setting will be ignored if configDir is set.
'';
example = ''
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber
# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15
'';
};
};
};
meta = {
maintainers = [ lib.maintainers.mic92 ];
};
###### implementation
meta.maintainers = with lib.maintainters; [ mic92 kwohlfahrt ];
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.configDir != null || cfg.rootpwFile != null || cfg.rootpw != null;
message = "services.openldap: Unless configDir is set, either rootpw or rootpwFile must be set";
}
];
assertions = map (opt: {
assertion = ((getAttr opt cfg) != "_mkMergedOptionModule") -> (cfg.database != "_mkMergedOptionModule");
message = "Legacy OpenLDAP option `services.openldap.${opt}` requires `services.openldap.database` (use value \"mdb\" if unsure)";
}) legacyOptions;
environment.systemPackages = [ openldap ];
# Literal attributes must always be set
services.openldap.settings = {
attrs = {
objectClass = "olcGlobal";
cn = "config";
olcPidFile = "/run/slapd/slapd.pid";
};
children."cn=schema".attrs = {
cn = "schema";
objectClass = "olcSchemaConfig";
};
};
systemd.services.openldap = {
description = "LDAP server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
preStart = let
settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings));
dbSettings = lib.filterAttrs (name: value: lib.hasPrefix "olcDatabase=" name) cfg.settings.children;
dataDirs = lib.mapAttrs' (name: value: lib.nameValuePair value.attrs.olcSuffix value.attrs.olcDbDirectory)
(lib.filterAttrs (_: value: value.attrs ? olcDbDirectory) dbSettings);
dataFiles = lib.mapAttrs (dn: contents: pkgs.writeText "${dn}.ldif" contents) cfg.declarativeContents;
mkLoadScript = dn: let
dataDir = lib.escapeShellArg (getAttr dn dataDirs);
in ''
rm -rf ${dataDir}/*
${openldap}/bin/slapadd -F ${lib.escapeShellArg configDir} -b ${dn} -l ${getAttr dn dataFiles}
chown -R "${cfg.user}:${cfg.group}" ${dataDir}
'';
in ''
mkdir -p /run/slapd
chown -R "${cfg.user}:${cfg.group}" /run/slapd
${optionalString (cfg.declarativeContents != null) ''
rm -Rf "${cfg.dataDir}"
''}
mkdir -p "${cfg.dataDir}"
${optionalString (cfg.declarativeContents != null) ''
${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile}
''}
chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}"
${openldap}/bin/slaptest ${configOpts}
mkdir -p ${lib.escapeShellArg configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)}
chown "${cfg.user}:${cfg.group}" ${lib.escapeShellArg configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)}
${lib.optionalString (cfg.configDir == null) (''
rm -Rf ${configDir}/*
${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile}
'')}
chown -R "${cfg.user}:${cfg.group}" ${lib.escapeShellArg configDir}
${lib.concatStrings (map mkLoadScript (lib.attrNames cfg.declarativeContents))}
${openldap}/bin/slaptest -u -F ${lib.escapeShellArg configDir}
'';
serviceConfig.ExecStart =
"${openldap.out}/libexec/slapd -d '${cfg.logLevel}' " +
"-u '${cfg.user}' -g '${cfg.group}' " +
"-h '${concatStringsSep " " cfg.urlList}' " +
"${configOpts}";
serviceConfig = {
ExecStart = lib.escapeShellArgs ([
"${openldap}/libexec/slapd" "-u" cfg.user "-g" cfg.group "-F" configDir
"-h" (lib.concatStringsSep " " cfg.urlList)
]);
Type = "forking";
PIDFile = cfg.settings.attrs.olcPidFile;
};
};
users.users.openldap =
{ name = cfg.user;
users.users = lib.optionalAttrs (cfg.user == "openldap") {
openldap = {
group = cfg.group;
uid = config.ids.uids.openldap;
};
users.groups.openldap =
{ name = cfg.group;
gid = config.ids.gids.openldap;
isSystemUser = true;
};
};
users.groups = lib.optionalAttrs (cfg.group == "openldap") {
openldap = {};
};
};
}

View file

@ -118,7 +118,7 @@ in
after = [ "network.target" ];
path = [
pkgs.utillinux # for `logger`
pkgs.util-linux # for `logger`
pkgs.bash
];

View file

@ -36,7 +36,7 @@ in {
description = "Profile Sync daemon";
wants = [ "psd-resync.service" ];
wantedBy = [ "default.target" ];
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
path = with pkgs; [ rsync kmod gawk nettools util-linux profile-sync-daemon ];
unitConfig = {
RequiresMountsFor = [ "/home/" ];
};
@ -55,7 +55,7 @@ in {
wants = [ "psd-resync.timer" ];
partOf = [ "psd.service" ];
wantedBy = [ "default.target" ];
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
path = with pkgs; [ rsync kmod gawk nettools util-linux profile-sync-daemon ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync";

View file

@ -57,8 +57,8 @@ let
substituteInPlace $i \
--replace \"/sbin/modprobe \"${pkgs.kmod}/bin/modprobe \
--replace \"/sbin/mdadm \"${pkgs.mdadm}/sbin/mdadm \
--replace \"/sbin/blkid \"${pkgs.utillinux}/sbin/blkid \
--replace \"/bin/mount \"${pkgs.utillinux}/bin/mount \
--replace \"/sbin/blkid \"${pkgs.util-linux}/sbin/blkid \
--replace \"/bin/mount \"${pkgs.util-linux}/bin/mount \
--replace /usr/bin/readlink ${pkgs.coreutils}/bin/readlink \
--replace /usr/bin/basename ${pkgs.coreutils}/bin/basename
done
@ -280,7 +280,7 @@ in
services.udev.packages = [ extraUdevRules extraHwdbFile ];
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ];
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.util-linux udev ];
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];

View file

@ -834,12 +834,6 @@ in
};
services.postfix.masterConfig = {
smtp_inet = {
name = "smtp";
type = "inet";
private = false;
command = "smtpd";
};
pickup = {
private = false;
wakeup = 60;
@ -921,6 +915,12 @@ in
in concatLists (mapAttrsToList mkKeyVal cfg.submissionOptions);
};
} // optionalAttrs cfg.enableSmtp {
smtp_inet = {
name = "smtp";
type = "inet";
private = false;
command = "smtpd";
};
smtp = {};
relay = {
command = "smtp";

View file

@ -408,7 +408,7 @@ in
};
imports = [
(mkRemovedOptionModule [ "services" "rspamd" "socketActivation" ]
"Socket activation never worked correctly and could at this time not be fixed and so was removed")
"Socket activation never worked correctly and could at this time not be fixed and so was removed")
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
(mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service")

View file

@ -31,7 +31,7 @@ in {
config = mkIf cfg.enable {
systemd.packages = [ pkgs.utillinux ];
systemd.packages = [ pkgs.util-linux ];
systemd.timers.fstrim = {
timerConfig = {

View file

@ -43,9 +43,13 @@ let
[gitlab-shell]
dir = "${cfg.packages.gitlab-shell}"
[gitlab]
secret_file = "${cfg.statePath}/gitlab_shell_secret"
gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}"
http_settings = { self_signed_cert = false }
url = "http+unix://${pathUrlQuote gitlabSocket}"
[gitlab.http-settings]
self_signed_cert = false
${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
[[storage]]
@ -119,6 +123,7 @@ let
receive_pack = true;
};
workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret";
gitlab_kas.secret_file = "${cfg.statePath}/.gitlab_kas_secret";
git.bin_path = "git";
monitoring = {
ip_whitelist = [ "127.0.0.0/8" "::1/128" ];
@ -653,7 +658,7 @@ in {
script = ''
set -eu
PSQL="${pkgs.utillinux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
PSQL="${pkgs.util-linux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
@ -668,6 +673,7 @@ in {
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
fi
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS btree_gist;"
'';
serviceConfig = {
@ -750,7 +756,8 @@ in {
};
systemd.services.gitaly = {
after = [ "network.target" ];
after = [ "network.target" "gitlab.service" ];
requires = [ "gitlab.service" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
openssh
@ -839,7 +846,7 @@ in {
};
systemd.services.gitlab = {
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
after = [ "gitlab-workhorse.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
requires = [ "gitlab-sidekiq.service" ];
wantedBy = [ "multi-user.target" ];
environment = gitlabEnv;

View file

@ -713,7 +713,7 @@ in {
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
--keys-directory ${cfg.dataDir}
'';
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
};
};

View file

@ -539,7 +539,7 @@ in
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
systemd.services.nix-daemon =
{ path = [ nix pkgs.utillinux config.programs.ssh.package ]
{ path = [ nix pkgs.util-linux config.programs.ssh.package ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars

View file

@ -39,7 +39,7 @@ in
default = false;
description = ''
Whether to enable the Siproxd SIP
proxy/masquerading daemon.
proxy/masquerading daemon.
'';
};
@ -57,29 +57,29 @@ in
hostsAllowReg = mkOption {
type = types.listOf types.str;
default = [ ];
default = [ ];
example = [ "192.168.1.0/24" "192.168.2.0/24" ];
description = ''
description = ''
Acess control list for incoming SIP registrations.
'';
};
hostsAllowSip = mkOption {
type = types.listOf types.str;
default = [ ];
default = [ ];
example = [ "123.45.0.0/16" "123.46.0.0/16" ];
description = ''
description = ''
Acess control list for incoming SIP traffic.
'';
};
hostsDenySip = mkOption {
type = types.listOf types.str;
default = [ ];
default = [ ];
example = [ "10.0.0.0/8" "11.0.0.0/8" ];
description = ''
description = ''
Acess control list for denying incoming
SIP registrations and traffic.
SIP registrations and traffic.
'';
};
@ -87,7 +87,7 @@ in
type = types.int;
default = 5060;
description = ''
Port to listen for incoming SIP messages.
Port to listen for incoming SIP messages.
'';
};

View file

@ -25,7 +25,7 @@ in
svnBaseDir = mkOption {
default = "/repos";
description = "Base directory from which Subversion repositories are accessed.";
description = "Base directory from which Subversion repositories are accessed.";
};
};

View file

@ -142,7 +142,7 @@ in {
serviceConfig = {
Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";
ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
ExecReload = "${pkgs.utillinux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
ExecReload = "${pkgs.util-linux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
TimeoutStopSec = 60;
Restart = "on-failure";
# User and group

View file

@ -36,7 +36,7 @@ let
$SMARTD_MESSAGE
EOF
} | ${pkgs.utillinux}/bin/wall 2>/dev/null
} | ${pkgs.util-linux}/bin/wall 2>/dev/null
''}
${optionalString nx.enable ''
export DISPLAY=${nx.display}

View file

@ -108,10 +108,10 @@ in
extmap = mkOption {
type = types.lines;
default = "";
description = ''
File name extension mappings.
See <literal>man extmap.conf</literal> for more information.
default = "";
description = ''
File name extension mappings.
See <literal>man extmap.conf</literal> for more information.
'';
};
@ -132,10 +132,10 @@ in
Type = "forking";
GuessMainPID = "no";
PIDFile = "/run/lock/netatalk";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID";
ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
Restart = "always";
RestartSec = 1;
};

View file

@ -244,7 +244,7 @@ in
# postStop, then we get a hang + kernel oops, because AFS can't be
# stopped simply by sending signals to processes.
preStop = ''
${pkgs.utillinux}/bin/umount ${cfg.mountPoint}
${pkgs.util-linux}/bin/umount ${cfg.mountPoint}
${openafsBin}/sbin/afsd -shutdown
${pkgs.kmod}/sbin/rmmod libafs
'';

View file

@ -0,0 +1,124 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.samba-wsdd;
in {
options = {
services.samba-wsdd = {
enable = mkEnableOption ''
Enable Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,
to be found by Web Service Discovery Clients like Windows.
<note>
<para>If you use the firewall consider adding the following:</para>
<programlisting>
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
</programlisting>
</note>
'';
interface = mkOption {
type = types.nullOr types.str;
default = null;
example = "eth0";
description = "Interface or address to use.";
};
hoplimit = mkOption {
type = types.nullOr types.int;
default = null;
example = 2;
description = "Hop limit for multicast packets (default = 1).";
};
workgroup = mkOption {
type = types.nullOr types.str;
default = null;
example = "HOME";
description = "Set workgroup name (default WORKGROUP).";
};
hostname = mkOption {
type = types.nullOr types.str;
default = null;
example = "FILESERVER";
description = "Override (NetBIOS) hostname to be used (default hostname).";
};
domain = mkOption {
type = types.nullOr types.str;
default = null;
description = "Set domain name (disables workgroup).";
};
discovery = mkOption {
type = types.bool;
default = false;
description = "Enable discovery operation mode.";
};
listen = mkOption {
type = types.str;
default = "/run/wsdd/wsdd.sock";
description = "Listen on path or localhost port in discovery mode.";
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [ "--shortlog" ];
example = [ "--verbose" "--no-http" "--ipv4only" "--no-host" ];
description = "Additional wsdd options.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.wsdd ];
systemd.services.samba-wsdd = {
description = "Web Services Dynamic Discovery host daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
Type = "simple";
ExecStart = ''
${pkgs.wsdd}/bin/wsdd ${optionalString (cfg.interface != null) "--interface '${cfg.interface}'"} \
${optionalString (cfg.hoplimit != null) "--hoplimit '${toString cfg.hoplimit}'"} \
${optionalString (cfg.workgroup != null) "--workgroup '${cfg.workgroup}'"} \
${optionalString (cfg.hostname != null) "--hostname '${cfg.hostname}'"} \
${optionalString (cfg.domain != null) "--domain '${cfg.domain}'"} \
${optionalString cfg.discovery "--discovery --listen '${cfg.listen}'"} \
${escapeShellArgs cfg.extraOptions}
'';
# Runtime directory and mode
RuntimeDirectory = "wsdd";
RuntimeDirectoryMode = "0750";
# Access write directories
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
PrivateMounts = true;
# System Call Filtering
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @resources @swap";
};
};
};
}

View file

@ -112,7 +112,7 @@ in
description = ''
Must be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
the `utillinux` package.
the `util-linux` package.
'';
};
port = mkOption {
@ -232,7 +232,7 @@ in
description = ''
Must be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
the `utillinux` package.
the `util-linux` package.
'';
};
port = mkOption {
@ -370,7 +370,7 @@ in
description = ''
Must be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
the `utillinux` package.
the `util-linux` package.
'';
};
port = mkOption {

View file

@ -29,9 +29,11 @@ in
key = mkOption {
type = types.str;
default = "";
description = "HMAC url validation key (hexadecimal encoded).
Leave blank to disable. Without validation key, anyone can
submit proxy requests. Leave blank to disable.";
description = ''
HMAC url validation key (hexadecimal encoded).
Leave blank to disable. Without validation key, anyone can
submit proxy requests. Leave blank to disable.
'';
defaultText = "No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey";
};
@ -85,10 +87,10 @@ in
serviceConfig = {
User = "morty";
ExecStart = ''${cfg.package}/bin/morty \
-listen ${cfg.listenAddress}:${toString cfg.port} \
${optionalString cfg.ipv6 "-ipv6"} \
${optionalString (cfg.key != "") "-key " + cfg.key} \
'';
-listen ${cfg.listenAddress}:${toString cfg.port} \
${optionalString cfg.ipv6 "-ipv6"} \
${optionalString (cfg.key != "") "-key " + cfg.key} \
'';
};
};
environment.systemPackages = [ cfg.package ];

View file

@ -15,6 +15,9 @@ with lib;
config = mkIf cfg.enable {
boot.kernelModules = [ "tun" ];
# mullvad-daemon writes to /etc/iproute2/rt_tables
networking.iproute2.enable = true;
systemd.services.mullvad-daemon = {
description = "Mullvad VPN daemon";
wantedBy = [ "multi-user.target" ];

View file

@ -465,7 +465,7 @@ in {
restartTriggers = [ configFile overrideNameserversScript ];
# useful binaries for user-specified hooks
path = [ pkgs.iproute pkgs.utillinux pkgs.coreutils ];
path = [ pkgs.iproute pkgs.util-linux pkgs.coreutils ];
aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
};

View file

@ -477,7 +477,7 @@ in
# https://github.com/NixOS/nixpkgs/pull/10155
# https://github.com/NixOS/nixpkgs/pull/41745
services.openssh.authorizedKeysFiles =
[ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
[ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
services.openssh.extraConfig = mkOrder 0
''

View file

@ -63,7 +63,7 @@ in {
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ];
path = with pkgs; [ kmod iproute iptables util-linux ];
environment = {
STRONGSWAN_CONF = pkgs.writeTextFile {
name = "strongswan.conf";

View file

@ -1173,20 +1173,20 @@ in {
ppk = mkPrefixedAttrsOfParams {
secret = mkOptionalStrParam ''
Value of the PPK. It may either be an ASCII string, a hex encoded string
if it has a <literal>0x</literal> prefix or a Base64 encoded string if
it has a <literal>0s</literal> prefix in its value. Should have at least
256 bits of entropy for 128-bit security.
Value of the PPK. It may either be an ASCII string, a hex encoded string
if it has a <literal>0x</literal> prefix or a Base64 encoded string if
it has a <literal>0s</literal> prefix in its value. Should have at least
256 bits of entropy for 128-bit security.
'';
id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
PPK identity the PPK belongs to. Multiple unique identities may be
specified, each having an <literal>id</literal> prefix, if a secret is
shared between multiple peers.
PPK identity the PPK belongs to. Multiple unique identities may be
specified, each having an <literal>id</literal> prefix, if a secret is
shared between multiple peers.
'';
} ''
Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
defined in a unique section having the <literal>ppk</literal> prefix.
Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
defined in a unique section having the <literal>ppk</literal> prefix.
'';
private = mkPrefixedAttrsOfParams {

View file

@ -152,7 +152,7 @@ in
systemd.services.strongswan = {
description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux
path = with pkgs; [ kmod iproute iptables util-linux ]; # XXX Linux
after = [ "network-online.target" ];
environment = {
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; };

View file

@ -21,7 +21,7 @@ let
RegTestBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}";
};
configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions);
configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions);
in {

View file

@ -448,7 +448,7 @@ in
default = false;
description = ''
In case when running behind a reverse proxy, controls whether headers
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
proxy will require this flag to be set to avoid logging the reverse
proxy IP address.
'';
@ -524,7 +524,7 @@ in
type = types.nullOr types.str;
default = null;
description = ''
Profile access endpoint.
Profile access endpoint.
'';
};

View file

@ -9,7 +9,7 @@ let cfg = config.services.cloud-init;
nettools
openssh
shadow
utillinux
util-linux
] ++ optional cfg.btrfs.enable btrfs-progs
++ optional cfg.ext4.enable e2fsprogs
;

View file

@ -397,9 +397,9 @@ in
mr ${getLib pkgs.openssl}/lib/libcrypto*.so*,
mr ${getLib pkgs.openssl}/lib/libssl*.so*,
mr ${getLib pkgs.systemd}/lib/libsystemd*.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so*,
mr ${getLib pkgs.util-linuxMinimal.out}/lib/libblkid.so*,
mr ${getLib pkgs.util-linuxMinimal.out}/lib/libmount.so*,
mr ${getLib pkgs.util-linuxMinimal.out}/lib/libuuid.so*,
mr ${getLib pkgs.xz}/lib/liblzma*.so*,
mr ${getLib pkgs.zlib}/lib/libz*.so*,

View file

@ -5,7 +5,7 @@ with lib;
let
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
gettyCmd = extraArgs: "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
gettyCmd = extraArgs: "@${pkgs.util-linux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
in

View file

@ -143,7 +143,7 @@ in
Set a UUID that uniquely identifies the server.
This can be generated with
<literal>nix-shell -p utillinux --run uuidgen</literal>.
<literal>nix-shell -p util-linux --run uuidgen</literal>.
'';
};
};

View file

@ -750,8 +750,8 @@ in
# Get rid of old semaphores. These tend to accumulate across
# server restarts, eventually preventing it from restarting
# successfully.
for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do
${pkgs.utillinux}/bin/ipcrm -s $i
for i in $(${pkgs.util-linux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do
${pkgs.util-linux}/bin/ipcrm -s $i
done
'';

View file

@ -32,7 +32,7 @@ with lib;
path =
[ pkgs.xorg.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth
pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash
pkgs.nettools pkgs.shadow pkgs.procps pkgs.util-linux pkgs.bash
];
environment.FD_GEOM = "1024x786x24";

View file

@ -16,8 +16,8 @@ in
services.xserver.windowManager.session = singleton {
name = "evilwm";
start = ''
${pkgs.evilwm}/bin/evilwm &
waitPID=$!
${pkgs.evilwm}/bin/evilwm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.evilwm ];

View file

@ -25,7 +25,7 @@ let
stdenv.cc.libc # nscd in update-users-groups.pl
shadow
nettools # needed for hostname
utillinux # needed for mount and mountpoint
util-linux # needed for mount and mountpoint
];
scriptType = with types;

View file

@ -97,10 +97,11 @@ let
allowSubstitutes = false;
buildCommand = systemBuilder;
inherit (pkgs) utillinux coreutils;
inherit (pkgs) coreutils;
systemd = config.systemd.package;
shell = "${pkgs.bash}/bin/sh";
su = "${pkgs.shadow.su}/bin/su";
utillinux = pkgs.util-linux;
kernelParams = config.boot.kernelParams;
installBootLoader =

View file

@ -20,8 +20,8 @@ with lib;
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.gawk}/bin/gawk
copy_bin_and_libs ${pkgs.gnused}/bin/sed
copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk
copy_bin_and_libs ${pkgs.utillinux}/sbin/lsblk
copy_bin_and_libs ${pkgs.util-linux}/sbin/sfdisk
copy_bin_and_libs ${pkgs.util-linux}/sbin/lsblk
substitute "${pkgs.cloud-utils.guest}/bin/.growpart-wrapped" "$out/bin/growpart" \
--replace "${pkgs.bash}/bin/sh" "/bin/sh" \

View file

@ -66,7 +66,7 @@ let
extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
path = with pkgs; makeBinPath (
[ coreutils gnused gnugrep findutils diffutils btrfs-progs utillinux mdadm ]
[ coreutils gnused gnugrep findutils diffutils btrfs-progs util-linux mdadm ]
++ optional (cfg.efiSupport && (cfg.version == 2)) efibootmgr
++ optionals cfg.useOSProber [ busybox os-prober ]);
font = if cfg.font == null then ""
@ -705,7 +705,7 @@ in
let
install-grub-pl = pkgs.substituteAll {
src = ./install-grub.pl;
inherit (pkgs) utillinux;
utillinux = pkgs.util-linux;
btrfsprogs = pkgs.btrfs-progs;
};
in pkgs.writeScript "install-grub.sh" (''

View file

@ -18,7 +18,7 @@ with lib;
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}";
ExecStart = "${pkgs.util-linux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}";
};
};

View file

@ -107,8 +107,8 @@ let
copy_bin_and_libs $BIN
done
# Copy some utillinux stuff.
copy_bin_and_libs ${pkgs.utillinux}/sbin/blkid
# Copy some util-linux stuff.
copy_bin_and_libs ${pkgs.util-linux}/sbin/blkid
# Copy dmsetup and lvm.
copy_bin_and_libs ${getBin pkgs.lvm2}/bin/dmsetup
@ -235,7 +235,7 @@ let
--replace scsi_id ${extraUtils}/bin/scsi_id \
--replace cdrom_id ${extraUtils}/bin/cdrom_id \
--replace ${pkgs.coreutils}/bin/basename ${extraUtils}/bin/basename \
--replace ${pkgs.utillinux}/bin/blkid ${extraUtils}/bin/blkid \
--replace ${pkgs.util-linux}/bin/blkid ${extraUtils}/bin/blkid \
--replace ${getBin pkgs.lvm2}/bin ${extraUtils}/bin \
--replace ${pkgs.mdadm}/sbin ${extraUtils}/sbin \
--replace ${pkgs.bash}/bin/sh ${extraUtils}/bin/sh \

View file

@ -17,7 +17,7 @@ let
inherit (config.system.build) earlyMountScript;
path = lib.makeBinPath ([
pkgs.coreutils
pkgs.utillinux
pkgs.util-linux
] ++ lib.optional useHostResolvConf pkgs.openresolv);
fsPackagesPath = lib.makeBinPath config.system.fsPackages;
postBootCommands = pkgs.writeText "local-cmds"

View file

@ -286,7 +286,7 @@ in
before = [ mountPoint' "systemd-fsck@${device'}.service" ];
requires = [ device'' ];
after = [ device'' ];
path = [ pkgs.utillinux ] ++ config.system.fsPackages;
path = [ pkgs.util-linux ] ++ config.system.fsPackages;
script =
''
if ! [ -e "${fs.device}" ]; then exit 1; fi

View file

@ -18,9 +18,9 @@
boot.initrd.postDeviceCommands = ''
# Hacky!!! fuse hard-codes the path to mount
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
'';
})

View file

@ -440,7 +440,7 @@ in
pkgs.gnugrep
pkgs.gnused
pkgs.nettools
pkgs.utillinux
pkgs.util-linux
];
};

View file

@ -1246,7 +1246,7 @@ in
'';
# Udev attributes for systemd to name the device and to create a .device target.
systemdAttrs = n: ''NAME:="${n}", ENV{INTERFACE}:="${n}", ENV{SYSTEMD_ALIAS}:="/sys/subsystem/net/devices/${n}", TAG+="systemd"'';
systemdAttrs = n: ''NAME:="${n}", ENV{INTERFACE}="${n}", ENV{SYSTEMD_ALIAS}="/sys/subsystem/net/devices/${n}", TAG+="systemd"'';
in
flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device:
let

View file

@ -124,7 +124,7 @@ in
boot.initrd.extraUtilsCommands =
''
# We need swapon in the initrd.
copy_bin_and_libs ${pkgs.utillinux}/sbin/swapon
copy_bin_and_libs ${pkgs.util-linux}/sbin/swapon
'';
# Don't put old configurations in the GRUB menu. The user has no

View file

@ -22,7 +22,7 @@ let
nettools # for hostname
procps # for pidof
shadow # for useradd, usermod
utillinux # for (u)mount, fdisk, sfdisk, mkswap
util-linux # for (u)mount, fdisk, sfdisk, mkswap
parted
];
pythonPath = [ pythonPackages.pyasn1 ];

View file

@ -27,7 +27,7 @@ in
popd
'';
diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw";
buildInputs = [ pkgs.utillinux pkgs.perl ];
buildInputs = [ pkgs.util-linux pkgs.perl ];
exportReferencesGraph =
[ "closure" config.system.build.toplevel ];
}

View file

@ -8,9 +8,14 @@
# Make sure that every package you depend on here is already listed as
# a channel blocker for both the full-sized and small channels.
# Otherwise, we risk breaking user deploys in released channels.
#
# Also note: OpenStack's metadata service for its instances aims to be
# compatible with the EC2 IMDS. Where possible, try to keep the set of
# fetched metadata in sync with ./openstack-metadata-fetcher.nix .
''
metaDir=${targetRoot}etc/ec2-metadata
mkdir -m 0755 -p "$metaDir"
rm -f "$metaDir/*"
get_imds_token() {
# retry-delay of 1 selected to give the system a second to get going,
@ -61,19 +66,12 @@
echo "getting EC2 instance metadata..."
if ! [ -e "$metaDir/ami-manifest-path" ]; then
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
fi
wget_imds() {
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@";
}
if ! [ -e "$metaDir/user-data" ]; then
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
fi
if ! [ -e "$metaDir/hostname" ]; then
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
fi
if ! [ -e "$metaDir/public-keys-0-openssh-key" ]; then
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
fi
wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
''

View file

@ -614,17 +614,17 @@ in
'';
};
timeoutStartSec = mkOption {
type = types.str;
default = "1min";
description = ''
Time for the container to start. In case of a timeout,
the container processes get killed.
See <citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>
for more information about the format.
'';
};
timeoutStartSec = mkOption {
type = types.str;
default = "1min";
description = ''
Time for the container to start. In case of a timeout,
the container processes get killed.
See <citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>
for more information about the format.
'';
};
bindMounts = mkOption {
type = with types; attrsOf (submodule bindMountOpts);

View file

@ -1,23 +1,21 @@
{ targetRoot, wgetExtraOptions }:
# OpenStack's metadata service aims to be EC2-compatible. Where
# possible, try to keep the set of fetched metadata in sync with
# ./ec2-metadata-fetcher.nix .
''
metaDir=${targetRoot}etc/ec2-metadata
mkdir -m 0755 -p "$metaDir"
rm -f "$metaDir/*"
echo "getting EC2 instance metadata..."
echo "getting instance metadata..."
if ! [ -e "$metaDir/ami-manifest-path" ]; then
wget ${wgetExtraOptions} -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
fi
wget_imds() {
wget ${wgetExtraOptions} "$@"
}
if ! [ -e "$metaDir/user-data" ]; then
wget ${wgetExtraOptions} -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
fi
if ! [ -e "$metaDir/hostname" ]; then
wget ${wgetExtraOptions} -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
fi
if ! [ -e "$metaDir/public-keys-0-openssh-key" ]; then
wget ${wgetExtraOptions} -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
fi
wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
''

View file

@ -190,7 +190,7 @@ let
'' else ''
''}
'';
buildInputs = [ pkgs.utillinux ];
buildInputs = [ pkgs.util-linux ];
QEMU_OPTS = "-nographic -serial stdio -monitor none"
+ lib.optionalString cfg.useEFIBoot (
" -drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}"

View file

@ -201,8 +201,8 @@ in
''
if [ -d /proc/xen ]; then
${pkgs.kmod}/bin/modprobe xenfs 2> /dev/null
${pkgs.utillinux}/bin/mountpoint -q /proc/xen || \
${pkgs.utillinux}/bin/mount -t xenfs none /proc/xen
${pkgs.util-linux}/bin/mountpoint -q /proc/xen || \
${pkgs.util-linux}/bin/mount -t xenfs none /proc/xen
fi
'';

View file

@ -315,6 +315,7 @@ in
runInMachine = handleTest ./run-in-machine.nix {};
rxe = handleTest ./rxe.nix {};
samba = handleTest ./samba.nix {};
samba-wsdd = handleTest ./samba-wsdd.nix {};
sanoid = handleTest ./sanoid.nix {};
sbt = handleTest ./sbt.nix {};
sbt-extras = handleTest ./sbt-extras.nix {};

View file

@ -33,9 +33,9 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;
smtp.enable = true;
secrets = {
secretFile = pkgs.writeText "secret" "Aig5zaic";
otpFile = pkgs.writeText "otpsecret" "Riew9mue";
dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
secretFile = pkgs.writeText "secret" "r8X9keSKynU7p4aKlh4GO1Bo77g5a7vj";
otpFile = pkgs.writeText "otpsecret" "Zu5hGx3YvQx40DvI8WoZJQpX2paSDOlG";
dbFile = pkgs.writeText "dbsecret" "lsGltKWTejOf6JxCVa7nLDenzkO9wPLR";
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
};
};

View file

@ -12,9 +12,9 @@ import ./make-test-python.nix ({ pkgs, ... }:
{ ... }:
{ services.morty = {
enable = true;
key = "78a9cd0cfee20c672f78427efb2a2a96036027f0";
port = 3001;
};
key = "78a9cd0cfee20c672f78427efb2a2a96036027f0";
port = 3001;
};
};
};

View file

@ -1,33 +1,125 @@
import ./make-test-python.nix {
name = "openldap";
machine = { pkgs, ... }: {
services.openldap = {
enable = true;
suffix = "dc=example";
rootdn = "cn=root,dc=example";
rootpw = "notapassword";
database = "bdb";
extraDatabaseConfig = ''
directory /var/db/openldap
'';
declarativeContents = ''
dn: dc=example
objectClass: domain
dc: example
dn: ou=users,dc=example
objectClass: organizationalUnit
ou: users
'';
};
};
{ pkgs, system ? builtins.currentSystem, ... }: let
dbContents = ''
dn: dc=example
objectClass: domain
dc: example
dn: ou=users,dc=example
objectClass: organizationalUnit
ou: users
'';
testScript = ''
machine.wait_for_unit("openldap.service")
machine.succeed(
"systemctl status openldap.service",
'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
)
'';
in {
# New-style configuration
current = import ./make-test-python.nix {
inherit testScript;
name = "openldap";
machine = { pkgs, ... }: {
environment.etc."openldap/root_password".text = "notapassword";
services.openldap = {
enable = true;
settings = {
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
"${pkgs.openldap}/etc/schema/nis.ldif"
];
"olcDatabase={1}mdb" = {
# This tests string, base64 and path values, as well as lists of string values
attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/db/openldap";
olcSuffix = "dc=example";
olcRootDN = {
# cn=root,dc=example
base64 = "Y249cm9vdCxkYz1leGFtcGxl";
};
olcRootPW = {
path = "/etc/openldap/root_password";
};
};
};
};
};
declarativeContents."dc=example" = dbContents;
};
};
};
# Old-style configuration
oldOptions = import ./make-test-python.nix {
inherit testScript;
name = "openldap";
machine = { pkgs, ... }: {
services.openldap = {
enable = true;
logLevel = "stats acl";
defaultSchemas = true;
database = "mdb";
suffix = "dc=example";
rootdn = "cn=root,dc=example";
rootpw = "notapassword";
declarativeContents."dc=example" = dbContents;
};
};
};
# Manually managed configDir, for example if dynamic config is essential
manualConfigDir = import ./make-test-python.nix {
name = "openldap";
machine = { pkgs, ... }: {
services.openldap = {
enable = true;
configDir = "/var/db/slapd.d";
};
};
testScript = let
contents = pkgs.writeText "data.ldif" dbContents;
config = pkgs.writeText "config.ldif" ''
dn: cn=config
cn: config
objectClass: olcGlobal
olcLogLevel: stats
olcPidFile: /run/slapd/slapd.pid
dn: cn=schema,cn=config
cn: schema
objectClass: olcSchemaConfig
include: file://${pkgs.openldap}/etc/schema/core.ldif
include: file://${pkgs.openldap}/etc/schema/cosine.ldif
include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/db/openldap
olcDbIndex: objectClass eq
olcSuffix: dc=example
olcRootDN: cn=root,dc=example
olcRootPW: notapassword
'';
in ''
machine.succeed(
"mkdir -p /var/db/slapd.d /var/db/openldap",
"slapadd -F /var/db/slapd.d -n0 -l ${config}",
"slapadd -F /var/db/slapd.d -n1 -l ${contents}",
"chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
"systemctl restart openldap",
)
'' + testScript;
};
}

View file

@ -9,7 +9,7 @@ let
${parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s
mkdir /mnt
${e2fsprogs}/bin/mkfs.ext4 /dev/vda1
${utillinux}/bin/mount -t ext4 /dev/vda1 /mnt
${util-linux}/bin/mount -t ext4 /dev/vda1 /mnt
if test -e /mnt/.debug; then
exec ${bash}/bin/sh

View file

@ -55,7 +55,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
parentHash =
"0x0000000000000000000000000000000000000000000000000000000000000000";
timestamp = "0x5cffc201";
};
};
};
};
};

View file

@ -209,7 +209,7 @@ in
return false
end,
score = 5.0,
description = 'Allow no cows',
description = 'Allow no cows',
group = "cows",
}
rspamd_logger.infox(rspamd_config, 'Work dammit!!!')

View file

@ -0,0 +1,44 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "samba-wsdd";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ izorkin ];
nodes = {
client_wsdd = { pkgs, ... }: {
services.samba-wsdd = {
enable = true;
interface = "eth1";
workgroup = "WORKGROUP";
hostname = "CLIENT-WSDD";
discovery = true;
extraOptions = [ "--no-host" ];
};
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
};
server_wsdd = { ... }: {
services.samba-wsdd = {
enable = true;
interface = "eth1";
workgroup = "WORKGROUP";
hostname = "SERVER-WSDD";
};
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
};
};
testScript = ''
client_wsdd.start()
client_wsdd.wait_for_unit("samba-wsdd")
server_wsdd.start()
server_wsdd.wait_for_unit("samba-wsdd")
client_wsdd.wait_until_succeeds(
"echo list | ${pkgs.libressl.nc}/bin/nc -U /run/wsdd/wsdd.sock | grep -i SERVER-WSDD"
)
'';
})

View file

@ -1,4 +1,4 @@
import ./make-test-python.nix ({ pkgs, ... }:
({ pkgs, ... }:
let
dbDomain = "example.org";
dbSuffix = "dc=example,dc=org";
@ -7,8 +7,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
ldapRootPassword = "foobar";
testUser = "alice";
in
{
in import ./make-test-python.nix {
name = "sssd-ldap";
meta = with pkgs.stdenv.lib.maintainers; {
@ -18,34 +17,53 @@ import ./make-test-python.nix ({ pkgs, ... }:
machine = { pkgs, ... }: {
services.openldap = {
enable = true;
rootdn = "cn=${ldapRootUser},${dbSuffix}";
rootpw = ldapRootPassword;
suffix = dbSuffix;
declarativeContents = ''
dn: ${dbSuffix}
objectClass: top
objectClass: dcObject
objectClass: organization
o: ${dbDomain}
settings = {
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
"${pkgs.openldap}/etc/schema/nis.ldif"
];
"olcDatabase={1}mdb" = {
attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/db/openldap";
olcSuffix = dbSuffix;
olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
olcRootPW = ldapRootPassword;
};
};
};
};
declarativeContents = {
${dbSuffix} = ''
dn: ${dbSuffix}
objectClass: top
objectClass: dcObject
objectClass: organization
o: ${dbDomain}
dn: ou=posix,${dbSuffix}
objectClass: top
objectClass: organizationalUnit
dn: ou=posix,${dbSuffix}
objectClass: top
objectClass: organizationalUnit
dn: ou=accounts,ou=posix,${dbSuffix}
objectClass: top
objectClass: organizationalUnit
dn: ou=accounts,ou=posix,${dbSuffix}
objectClass: top
objectClass: organizationalUnit
dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
objectClass: person
objectClass: posixAccount
# userPassword: somePasswordHash
homeDirectory: /home/${testUser}
uidNumber: 1234
gidNumber: 1234
cn: ""
sn: ""
'';
dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
objectClass: person
objectClass: posixAccount
# userPassword: somePasswordHash
homeDirectory: /home/${testUser}
uidNumber: 1234
gidNumber: 1234
cn: ""
sn: ""
'';
};
};
services.sssd = {

View file

@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
systemd.shutdown.test = pkgs.writeScript "test.shutdown" ''
#!${pkgs.runtimeShell}
PATH=${lib.makeBinPath (with pkgs; [ utillinux coreutils ])}
PATH=${lib.makeBinPath (with pkgs; [ util-linux coreutils ])}
mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared
touch /tmp/shared/shutdown-test
umount /tmp/shared

View file

@ -24,7 +24,7 @@ let
miniInit = ''
#!${pkgs.runtimeShell} -xe
export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.utillinux ]}"
export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.util-linux ]}"
mkdir -p /run/dbus
cat > /etc/passwd <<EOF
@ -72,7 +72,7 @@ let
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf"
copy_bin_and_libs "${pkgs.utillinux}/bin/unshare"
copy_bin_and_libs "${pkgs.util-linux}/bin/unshare"
${(attrs.extraUtilsCommands or (const "")) pkgs}
'';
@ -122,7 +122,7 @@ let
"$diskImage" "$out/disk.vdi"
'';
buildInputs = [ pkgs.utillinux pkgs.perl ];
buildInputs = [ pkgs.util-linux pkgs.perl ];
} ''
${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s

View file

@ -1,4 +1,4 @@
{ fetchurl, bitwig-studio1, pulseaudio, xorg }:
{ fetchurl, bitwig-studio1, pulseaudio, libjack2, xorg }:
bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}";
@ -11,7 +11,7 @@ bitwig-studio1.overrideAttrs (oldAttrs: rec {
buildInputs = oldAttrs.buildInputs ++ [ xorg.libXtst ];
runtimeDependencies = [ pulseaudio ];
runtimeDependencies = [ pulseaudio libjack2 ];
installPhase = ''
${oldAttrs.installPhase}

View file

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, makeWrapper, rofi, mpc_cli, perl,
utillinux, pythonPackages, libnotify }:
util-linux, pythonPackages, libnotify }:
stdenv.mkDerivation {
name = "clerk-2016-10-14";
@ -18,7 +18,7 @@ stdenv.mkDerivation {
installPhase = ''
DESTDIR=$out PREFIX=/ make install
wrapProgram $out/bin/clerk \
--prefix PATH : "${stdenv.lib.makeBinPath [ rofi mpc_cli perl utillinux libnotify ]}"
--prefix PATH : "${stdenv.lib.makeBinPath [ rofi mpc_cli perl util-linux libnotify ]}"
'';
meta = with stdenv.lib; {

View file

@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.40";
version = "1.41_fix";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "0qc3hai6fhn4amk5ixmxx3yswsi25qpax0r9nvvnyhbcb6crqcs1";
sha256 = "0c7jli79ckachl5n2rbhc4yzml8nc36pl9yzxcwgaz544q8pzmaa";
};
nativeBuildInputs = [ cmake ];

View file

@ -4,7 +4,7 @@
let
pname = "HybridReverb2";
version = "2.1.1";
version = "2.1.2";
owner = "jpcima";
DBversion = "1.0.0";
in
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
inherit owner;
repo = pname;
rev = "v${version}";
sha256 = "15mba9qvlis0qrklr50wp3jdysvmk33m7pvclp0k1is9pirj97cb";
sha256 = "16r20plz1w068bgbkrydv01a991ygjybdya3ah7bhp3m5xafjwqb";
fetchSubmodules = true;
};

View file

@ -1,16 +0,0 @@
commit 4ec09e6f6e00e40622a5207ed24dc657da9a9090
Author: Pavol Rusnak <stick@gk2.sk>
Date: Tue Dec 4 12:06:22 2018 +0100
build: add install: true to executable in meson.build
diff --git a/meson.build b/meson.build
index 050e1b1..9224ed5 100644
--- a/meson.build
+++ b/meson.build
@@ -39,4 +39,5 @@ endforeach
# compile the main project
executable('luppp', luppp_src + [version_hxx],
+ install: true,
dependencies: deps)

View file

@ -1,4 +1,5 @@
{ stdenv, fetchFromGitHub
{ stdenv
, fetchFromGitHub
, meson
, ninja
, pkgconfig
@ -12,26 +13,32 @@
stdenv.mkDerivation rec {
pname = "luppp";
version = "1.2.0";
patches = [ ./build-install.patch ];
version = "1.2.1";
src = fetchFromGitHub {
owner = "openAVproductions";
repo = "openAV-Luppp";
rev = "release-${version}";
sha256 = "194yq0lqc2psq9vyxmzif40ccawcvd9jndcn18mkz4f8h5w5rc1a";
sha256 = "1ncbn099fyfnr7jw2bp3wf2g9k738lw53m6ssw6wji2wxwmghv78";
};
nativeBuildInputs = [
meson ninja pkgconfig
meson
ninja
pkgconfig
];
buildInputs = [
jack2 cairo liblo libsndfile libsamplerate ntk
jack2
cairo
liblo
libsndfile
libsamplerate
ntk
];
meta = with stdenv.lib; {
homepage = "http://openavproductions.com/luppp/";
homepage = "http://openavproductions.com/luppp/"; # https does not work
description = "A music creation tool, intended for live use";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ prusnak ];

View file

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "mamba";
version = "1.7";
version = "1.8";
src = fetchFromGitHub {
owner = "brummer10";
repo = "Mamba";
rev = "v${version}";
sha256 = "1i78snpyxap2r4899967nyfr8hg20k45nsbshs9h6hdxbfwhikbc";
sha256 = "049gvdvvv3hkh1b47h0bia02g1p71agwh6g7q0n4yxz4d81b8kha";
fetchSubmodules = true;
};

View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl, lib, libX11, libXext, alsaLib, freetype, brand, type, version, homepage, sha256, ... }:
{ stdenv, fetchurl, lib, libX11, libXext, alsaLib, freetype, brand, type, version, homepage, url, sha256, ... }:
stdenv.mkDerivation rec {
inherit type;
baseName = "${type}-Edit";
name = "${lib.toLower baseName}-${version}";
src = fetchurl {
url = "http://downloads.music-group.com/software/behringer/${type}/${type}-Edit_LINUX_64bit_${version}.tar.gz";
inherit url;
inherit sha256;
};

Some files were not shown because too many files have changed in this diff Show more