Project import generated by Copybara.

GitOrigin-RevId: f91ee3065de91a3531329a674a45ddcb3467a650
This commit is contained in:
Default email 2023-05-24 16:37:59 +03:00
parent 86f193d44a
commit 94427deb9d
4607 changed files with 264461 additions and 208111 deletions

View file

@ -101,3 +101,7 @@ end_of_line = unset
insert_final_newline = unset insert_final_newline = unset
trim_trailing_whitespace = unset trim_trailing_whitespace = unset
charset = unset charset = unset
[lib/tests/*.plist]
indent_style = tab
insert_final_newline = unset

View file

@ -1,6 +1,6 @@
**/deps.nix linguist-generated **/deps.nix linguist-generated
**/deps.json linguist-generated **/deps.json linguist-generated
**/deps.toml lingust-generated **/deps.toml linguist-generated
**/node-packages.nix linguist-generated **/node-packages.nix linguist-generated
pkgs/applications/editors/emacs-modes/*-generated.nix linguist-generated pkgs/applications/editors/emacs-modes/*-generated.nix linguist-generated

View file

@ -22,19 +22,19 @@
/.editorconfig @Mic92 @zowoq /.editorconfig @Mic92 @zowoq
# Libraries # Libraries
/lib @edolstra @nbp @infinisil /lib @edolstra @infinisil
/lib/systems @alyssais @nbp @ericson2314 @matthewbauer /lib/systems @alyssais @ericson2314 @matthewbauer
/lib/generators.nix @edolstra @nbp @Profpatsch /lib/generators.nix @edolstra @Profpatsch
/lib/cli.nix @edolstra @nbp @Profpatsch /lib/cli.nix @edolstra @Profpatsch
/lib/debug.nix @edolstra @nbp @Profpatsch /lib/debug.nix @edolstra @Profpatsch
/lib/asserts.nix @edolstra @nbp @Profpatsch /lib/asserts.nix @edolstra @Profpatsch
/lib/path.* @infinisil @fricklerhandwerk /lib/path.* @infinisil @fricklerhandwerk
# Nixpkgs Internals # Nixpkgs Internals
/default.nix @nbp /default.nix @Ericson2314
/pkgs/top-level/default.nix @nbp @Ericson2314 /pkgs/top-level/default.nix @Ericson2314
/pkgs/top-level/impure.nix @nbp @Ericson2314 /pkgs/top-level/impure.nix @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer /pkgs/top-level/stage.nix @Ericson2314 @matthewbauer
/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer /pkgs/top-level/splice.nix @Ericson2314 @matthewbauer
/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer /pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer
/pkgs/stdenv/generic @Ericson2314 @matthewbauer /pkgs/stdenv/generic @Ericson2314 @matthewbauer
@ -67,22 +67,9 @@
/doc/using @fricklerhandwerk /doc/using @fricklerhandwerk
# NixOS Internals # NixOS Internals
/nixos/default.nix @nbp @infinisil /nixos/default.nix @infinisil
/nixos/lib/from-env.nix @nbp @infinisil /nixos/lib/from-env.nix @infinisil
/nixos/lib/eval-config.nix @nbp @infinisil /nixos/lib/eval-config.nix @infinisil
/nixos/doc/manual/configuration/abstractions.xml @nbp
/nixos/doc/manual/configuration/config-file.xml @nbp
/nixos/doc/manual/configuration/config-syntax.xml @nbp
/nixos/doc/manual/configuration/modularity.xml @nbp
/nixos/doc/manual/development/assertions.xml @nbp
/nixos/doc/manual/development/meta-attributes.xml @nbp
/nixos/doc/manual/development/option-declarations.xml @nbp
/nixos/doc/manual/development/option-def.xml @nbp
/nixos/doc/manual/development/option-types.xml @nbp
/nixos/doc/manual/development/replace-modules.xml @nbp
/nixos/doc/manual/development/writing-modules.xml @nbp
/nixos/doc/manual/man-nixos-option.xml @nbp
/nixos/modules/installer/tools/nixos-option.sh @nbp
/nixos/modules/system @dasJ /nixos/modules/system @dasJ
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius /nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius /nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius

View file

@ -38,6 +38,10 @@ jobs:
into: staging-next-22.11 into: staging-next-22.11
- from: staging-next-22.11 - from: staging-next-22.11
into: staging-22.11 into: staging-22.11
- from: release-23.05
into: staging-next-23.05
- from: staging-next-23.05
into: staging-23.05
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3

View file

@ -1 +1 @@
23.05 23.11

View file

@ -1,7 +1,7 @@
{ pkgs ? import ../../.. {} }: { pkgs ? import ../../.. {} }:
let let
inherit (pkgs) lib; inherit (pkgs) lib;
manpageURLs = builtins.fromJSON (builtins.readFile (pkgs.path + "/doc/manpage-urls.json")); manpageURLs = lib.importJSON (pkgs.path + "/doc/manpage-urls.json");
in pkgs.writeText "link-manpages.lua" '' in pkgs.writeText "link-manpages.lua" ''
--[[ --[[
Adds links to known man pages that aren't already in a link. Adds links to known man pages that aren't already in a link.

View file

@ -1,9 +1,12 @@
# buildFHSEnv {#sec-fhs-environments} # buildFHSEnv {#sec-fhs-environments}
`buildFHSEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are: `buildFHSEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root filesystem with the host's `/nix/store`, so its footprint in terms of disk space is quite small. This allows you to run software which is hard or unfeasible to patch for NixOS; 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries for instance.
It uses Linux' namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without requiring elevated privileges. It works similar to containerisation technology such as Docker or FlatPak but provides no security-relevant separation from the host system.
Accepted arguments are:
- `name` - `name`
Environment name. The name of the environment and the wrapper executable.
- `targetPkgs` - `targetPkgs`
Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed. Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed.
- `multiPkgs` - `multiPkgs`
@ -17,33 +20,35 @@
- `extraInstallCommands` - `extraInstallCommands`
Additional commands to be executed for finalizing the derivation with runner script. Additional commands to be executed for finalizing the derivation with runner script.
- `runScript` - `runScript`
A command that would be executed inside the sandbox and passed all the command line arguments. It defaults to `bash`. A shell command to be executed inside the sandbox. It defaults to `bash`. Command line arguments passed to the resulting wrapper are appended to this command by default.
This command must be escaped; i.e. `"foo app" --do-stuff --with "some file"`. See `lib.escapeShellArgs`.
- `profile` - `profile`
Optional script for `/etc/profile` within the sandbox. Optional script for `/etc/profile` within the sandbox.
One can create a simple environment using a `shell.nix` like that: You can create a simple environment using a `shell.nix` like this:
```nix ```nix
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSEnv { (pkgs.buildFHSEnv {
name = "simple-x11-env"; name = "simple-x11-env";
targetPkgs = pkgs: (with pkgs; targetPkgs = pkgs: (with pkgs; [
[ udev udev
alsa-lib alsa-lib
]) ++ (with pkgs.xorg; ]) ++ (with pkgs.xorg; [
[ libX11 libX11
libXcursor libXcursor
libXrandr libXrandr
]); ]);
multiPkgs = pkgs: (with pkgs; multiPkgs = pkgs: (with pkgs; [
[ udev udev
alsa-lib alsa-lib
]); ]);
runScript = "bash"; runScript = "bash";
}).env }).env
``` ```
Running `nix-shell` would then drop you into a shell with these libraries and binaries available. You can use this to run closed-source applications which expect FHS structure without hassles: simply change `runScript` to the application path, e.g. `./bin/start.sh` -- relative paths are supported. Running `nix-shell` on it would drop you into a shell inside an FHS env where those libraries and binaries are available in FHS-compliant paths. Applications that expect an FHS structure (i.e. proprietary binaries) can run inside this environment without modification.
You can build a wrapper by running your binary in `runScript`, e.g. `./bin/start.sh`. Relative paths work as expected.
Additionally, the FHS builder links all relocated gsettings-schemas (the glib setup-hook moves them to `share/gsettings-schemas/${name}/glib-2.0/schemas`) to their standard FHS location. This means you don't need to wrap binaries with `wrapGAppsHook`. Additionally, the FHS builder links all relocated gsettings-schemas (the glib setup-hook moves them to `share/gsettings-schemas/${name}/glib-2.0/schemas`) to their standard FHS location. This means you don't need to wrap binaries with `wrapGAppsHook`.

View file

@ -164,6 +164,26 @@ tests.fetchgit = testers.invalidateFetcherByDrvHash fetchgit {
}; };
``` ```
## `runNixOSTest` {#tester-runNixOSTest}
A helper function that behaves exactly like the NixOS `runTest`, except it also assigns this Nixpkgs package set as the `pkgs` of the test and makes the `nixpkgs.*` options read-only.
If your test is part of the Nixpkgs repository, or if you need a more general entrypoint, see ["Calling a test" in the NixOS manual](https://nixos.org/manual/nixos/stable/index.html#sec-calling-nixos-tests).
Example:
```nix
pkgs.testers.runNixOSTest ({ lib, ... }: {
name = "hello";
nodes.machine = { pkgs, ... }: {
environment.systemPackages = [ pkgs.hello ];
};
testScript = ''
machine.succeed("hello")
'';
})
```
## `nixosTest` {#tester-nixosTest} ## `nixosTest` {#tester-nixosTest}
Run a NixOS VM network test using this evaluation of Nixpkgs. Run a NixOS VM network test using this evaluation of Nixpkgs.

View file

@ -45,7 +45,10 @@ let
# NB: This file describes the Nixpkgs manual, which happens to use module # NB: This file describes the Nixpkgs manual, which happens to use module
# docs infra originally developed for NixOS. # docs infra originally developed for NixOS.
optionsDoc = pkgs.nixosOptionsDoc { optionsDoc = pkgs.nixosOptionsDoc {
inherit (pkgs.lib.evalModules { modules = [ ../../pkgs/top-level/config.nix ]; }) options; inherit (pkgs.lib.evalModules {
modules = [ ../../pkgs/top-level/config.nix ];
class = "nixpkgsConfig";
}) options;
documentType = "none"; documentType = "none";
transformOptions = opt: transformOptions = opt:
opt // { opt // {

View file

@ -27,7 +27,7 @@ package set to make it the default. This guarantees you get a consistent package
set. set.
```nix ```nix
mypkg = let mypkg = let
cudaPackages = cudaPackages_11_5.overrideScope' (final: prev { cudaPackages = cudaPackages_11_5.overrideScope' (final: prev: {
cudnn = prev.cudnn_8_3_2; cudnn = prev.cudnn_8_3_2;
}}); }});
in callPackage { inherit cudaPackages; }; in callPackage { inherit cudaPackages; };

View file

@ -0,0 +1,65 @@
# Dart {#sec-language-dart}
## Dart applications {#ssec-dart-applications}
The function `buildDartApplication` builds Dart applications managed with pub.
It fetches its Dart dependencies automatically through `fetchDartDeps`, and (through a series of hooks) builds and installs the executables specified in the pubspec file. The hooks can be used in other derivations, if needed. The phases can also be overridden to do something different from installing binaries.
If you are packaging a Flutter desktop application, use [`buildFlutterApplication`](#ssec-dart-flutter) instead.
`vendorHash`: is the hash of the output of the dependency fetcher derivation. To obtain it, simply set it to `lib.fakeHash` (or omit it) and run the build ([more details here](#sec-source-hashes)).
If the upstream source is missing a `pubspec.lock` file, you'll have to vendor one and specify it using `pubspecLockFile`. If it is needed, one will be generated for you and printed when attempting to build the derivation.
The `dart` commands run can be overridden through `pubGetScript` and `dartCompileCommand`, you can also add flags using `dartCompileFlags` or `dartJitFlags`.
Dart supports multiple [outputs types](https://dart.dev/tools/dart-compile#types-of-output), you can choose between them using `dartOutputType` (defaults to `exe`). If you want to override the binaries path or the source path they come from, you can use `dartEntryPoints`. Outputs that require a runtime will automatically be wrapped with the relevant runtime (`dartaotruntime` for `aot-snapshot`, `dart run` for `jit-snapshot` and `kernel`, `node` for `js`), this can be overridden through `dartRuntimeCommand`.
```nix
{ buildDartApplication, fetchFromGitHub }:
buildDartApplication rec {
pname = "dart-sass";
version = "1.62.1";
src = fetchFromGitHub {
owner = "sass";
repo = pname;
rev = version;
hash = "sha256-U6enz8yJcc4Wf8m54eYIAnVg/jsGi247Wy8lp1r1wg4=";
};
pubspecLockFile = ./pubspec.lock;
vendorHash = "sha256-Atm7zfnDambN/BmmUf4BG0yUz/y6xWzf0reDw3Ad41s=";
}
```
## Flutter applications {#ssec-dart-flutter}
The function `buildFlutterApplication` builds Flutter applications.
The deps.json file must always be provided when packaging in Nixpkgs. It will be generated and printed if the derivation is attempted to be built without one. Alternatively, `autoDepsList` may be set to `true` when outside of Nixpkgs, as it relies on import-from-derivation.
A `pubspec.lock` file must be available. See the [Dart documentation](#ssec-dart-applications) for more details.
```nix
{ flutter, fetchFromGitHub }:
flutter.buildFlutterApplication {
pname = "firmware-updater";
version = "unstable-2023-04-30";
src = fetchFromGitHub {
owner = "canonical";
repo = "firmware-updater";
rev = "6e7dbdb64e344633ea62874b54ff3990bd3b8440";
sha256 = "sha256-s5mwtr5MSPqLMN+k851+pFIFFPa0N1hqz97ys050tFA=";
fetchSubmodules = true;
};
pubspecLockFile = ./pubspec.lock;
depsListFile = ./deps.json;
vendorHash = "sha256-cdMO+tr6kYiN5xKXa+uTMAcFf2C75F3wVPrn21G4QPQ=";
}
```

View file

@ -14,6 +14,7 @@
<xi:include href="crystal.section.xml" /> <xi:include href="crystal.section.xml" />
<xi:include href="cuda.section.xml" /> <xi:include href="cuda.section.xml" />
<xi:include href="cuelang.section.xml" /> <xi:include href="cuelang.section.xml" />
<xi:include href="dart.section.xml" />
<xi:include href="dhall.section.xml" /> <xi:include href="dhall.section.xml" />
<xi:include href="dotnet.section.xml" /> <xi:include href="dotnet.section.xml" />
<xi:include href="emscripten.section.xml" /> <xi:include href="emscripten.section.xml" />

View file

@ -38,12 +38,12 @@ Here is a simple package example.
- It uses the `fetchFromGitHub` fetcher to get its source. - It uses the `fetchFromGitHub` fetcher to get its source.
- `duneVersion = "2"` ensures that Dune version 2 is used for the - It also accept `duneVersion` parameter (valid value are `"1"`, `"2"`, and
build (this is the default; valid values are `"1"`, `"2"`, and `"3"`); `"3"`). The recommended practice it to set only if you don't want the default
note that there is also a legacy `useDune2` boolean attribute: value and/or it depends on something else like package version. You might see
set to `false` it corresponds to `duneVersion = "1"`; set to `true` it a not-supported argument `useDune2`. The behavior was `useDune2 = true;` =>
corresponds to `duneVersion = "2"`. If both arguments (`duneVersion` and `duneVersion = "2";` and `useDune2 = false;` => `duneVersion = "1";`. It was
`useDune2`) are given, the second one (`useDune2`) is silently ignored. used at the time when dune3 didn't existed.
- It sets the optional `doCheck` attribute such that tests will be run with - It sets the optional `doCheck` attribute such that tests will be run with
`dune runtest -p angstrom` after the build (`dune build -p angstrom`) is `dune runtest -p angstrom` after the build (`dune build -p angstrom`) is
@ -71,7 +71,6 @@ Here is a simple package example.
buildDunePackage rec { buildDunePackage rec {
pname = "angstrom"; pname = "angstrom";
version = "0.15.0"; version = "0.15.0";
duneVersion = "2";
minimalOCamlVersion = "4.04"; minimalOCamlVersion = "4.04";
@ -104,8 +103,6 @@ buildDunePackage rec {
pname = "wtf8"; pname = "wtf8";
version = "1.0.2"; version = "1.0.2";
useDune2 = true;
minimalOCamlVersion = "4.02"; minimalOCamlVersion = "4.02";
src = fetchurl { src = fetchurl {

View file

@ -118,7 +118,7 @@ ImageExifTool = buildPerlPackage {
hash = "sha256-vOhB/FwQMC8PPvdnjDvxRpU6jAZcC6GMQfc0AH4uwKg="; hash = "sha256-vOhB/FwQMC8PPvdnjDvxRpU6jAZcC6GMQfc0AH4uwKg=";
}; };
buildInputs = lib.optional stdenv.isDarwin shortenPerlShebang; nativeBuildInputs = lib.optional stdenv.isDarwin shortenPerlShebang;
postInstall = lib.optionalString stdenv.isDarwin '' postInstall = lib.optionalString stdenv.isDarwin ''
shortenPerlShebang $out/bin/exiftool shortenPerlShebang $out/bin/exiftool
''; '';

View file

@ -10,7 +10,7 @@ Several versions of the Python interpreter are available on Nix, as well as a
high amount of packages. The attribute `python3` refers to the default high amount of packages. The attribute `python3` refers to the default
interpreter, which is currently CPython 3.10. The attribute `python` refers to interpreter, which is currently CPython 3.10. The attribute `python` refers to
CPython 2.7 for backwards-compatibility. It is also possible to refer to CPython 2.7 for backwards-compatibility. It is also possible to refer to
specific versions, e.g. `python39` refers to CPython 3.9, and `pypy` refers to specific versions, e.g. `python311` refers to CPython 3.11, and `pypy` refers to
the default PyPy interpreter. the default PyPy interpreter.
Python is used a lot, and in different ways. This affects also how it is Python is used a lot, and in different ways. This affects also how it is
@ -26,10 +26,10 @@ however, are in separate sets, with one set per interpreter version.
The interpreters have several common attributes. One of these attributes is The interpreters have several common attributes. One of these attributes is
`pkgs`, which is a package set of Python libraries for this specific `pkgs`, which is a package set of Python libraries for this specific
interpreter. E.g., the `toolz` package corresponding to the default interpreter interpreter. E.g., the `toolz` package corresponding to the default interpreter
is `python.pkgs.toolz`, and the CPython 3.9 version is `python39.pkgs.toolz`. is `python.pkgs.toolz`, and the CPython 3.11 version is `python311.pkgs.toolz`.
The main package set contains aliases to these package sets, e.g. The main package set contains aliases to these package sets, e.g.
`pythonPackages` refers to `python.pkgs` and `python39Packages` to `pythonPackages` refers to `python.pkgs` and `python311Packages` to
`python39.pkgs`. `python311.pkgs`.
#### Installing Python and packages {#installing-python-and-packages} #### Installing Python and packages {#installing-python-and-packages}
@ -54,7 +54,7 @@ with `python.buildEnv` or `python.withPackages` where the interpreter and other
executables are wrapped to be able to find each other and all of the modules. executables are wrapped to be able to find each other and all of the modules.
In the following examples we will start by creating a simple, ad-hoc environment In the following examples we will start by creating a simple, ad-hoc environment
with a nix-shell that has `numpy` and `toolz` in Python 3.9; then we will create with a nix-shell that has `numpy` and `toolz` in Python 3.11; then we will create
a re-usable environment in a single-file Python script; then we will create a a re-usable environment in a single-file Python script; then we will create a
full Python environment for development with this same environment. full Python environment for development with this same environment.
@ -70,10 +70,10 @@ temporary shell session with a Python and a *precise* list of packages (plus
their runtime dependencies), with no other Python packages in the Python their runtime dependencies), with no other Python packages in the Python
interpreter's scope. interpreter's scope.
To create a Python 3.9 session with `numpy` and `toolz` available, run: To create a Python 3.11 session with `numpy` and `toolz` available, run:
```sh ```sh
$ nix-shell -p 'python39.withPackages(ps: with ps; [ numpy toolz ])' $ nix-shell -p 'python311.withPackages(ps: with ps; [ numpy toolz ])'
``` ```
By default `nix-shell` will start a `bash` session with this interpreter in our By default `nix-shell` will start a `bash` session with this interpreter in our
@ -81,8 +81,7 @@ By default `nix-shell` will start a `bash` session with this interpreter in our
```Python console ```Python console
[nix-shell:~/src/nixpkgs]$ python3 [nix-shell:~/src/nixpkgs]$ python3
Python 3.9.12 (main, Mar 23 2022, 21:36:19) Python 3.11.3 (main, Apr 4 2023, 22:36:41) [GCC 12.2.0] on linux
[GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information. Type "help", "copyright", "credits" or "license" for more information.
>>> import numpy; import toolz >>> import numpy; import toolz
``` ```
@ -102,16 +101,12 @@ will still get 1 wrapped Python interpreter. We can start the interpreter
directly like so: directly like so:
```sh ```sh
$ nix-shell -p "python39.withPackages (ps: with ps; [ numpy toolz requests ])" --run python3 $ nix-shell -p "python311.withPackages (ps: with ps; [ numpy toolz requests ])" --run python3
this derivation will be built: this derivation will be built:
/nix/store/mpn7k6bkjl41fm51342rafaqfsl10qs4-python3-3.9.12-env.drv /nix/store/r19yf5qgfiakqlhkgjahbg3zg79549n4-python3-3.11.2-env.drv
this path will be fetched (0.09 MiB download, 0.41 MiB unpacked): building '/nix/store/r19yf5qgfiakqlhkgjahbg3zg79549n4-python3-3.11.2-env.drv'...
/nix/store/5gaiacnzi096b6prc6aa1pwrhncmhc8b-python3.9-toolz-0.11.2 created 273 symlinks in user environment
copying path '/nix/store/5gaiacnzi096b6prc6aa1pwrhncmhc8b-python3.9-toolz-0.11.2' from 'https://cache.nixos.org'... Python 3.11.2 (main, Feb 7 2023, 13:52:42) [GCC 12.2.0] on linux
building '/nix/store/mpn7k6bkjl41fm51342rafaqfsl10qs4-python3-3.9.12-env.drv'...
created 279 symlinks in user environment
Python 3.9.12 (main, Mar 23 2022, 21:36:19)
[GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information. Type "help", "copyright", "credits" or "license" for more information.
>>> import requests >>> import requests
>>> >>>
@ -150,7 +145,7 @@ Executing this script requires a `python3` that has `numpy`. Using what we learn
in the previous section, we could startup a shell and just run it like so: in the previous section, we could startup a shell and just run it like so:
```ShellSession ```ShellSession
$ nix-shell -p 'python39.withPackages(ps: with ps; [ numpy ])' --run 'python3 foo.py' $ nix-shell -p 'python311.withPackages (ps: with ps; [ numpy ])' --run 'python3 foo.py'
The dot product of [1 2] and [3 4] is: 11 The dot product of [1 2] and [3 4] is: 11
``` ```
@ -190,17 +185,17 @@ can make it fully reproducible by pinning the `nixpkgs` import:
```python ```python
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i python3 -p "python3.withPackages(ps: [ ps.numpy ])" #!nix-shell -i python3 -p "python3.withPackages (ps: [ ps.numpy ])"
#!nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/d373d80b1207d52621961b16aa4a3438e4f98167.tar.gz #!nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/e51209796c4262bfb8908e3d6d72302fe4e96f5f.tar.gz
import numpy as np import numpy as np
a = np.array([1,2]) a = np.array([1,2])
b = np.array([3,4]) b = np.array([3,4])
print(f"The dot product of {a} and {b} is: {np.dot(a, b)}") print(f"The dot product of {a} and {b} is: {np.dot(a, b)}")
``` ```
This will execute with the exact same versions of Python 3.8, numpy, and system This will execute with the exact same versions of Python 3.10, numpy, and system
dependencies a year from now as it does today, because it will always use dependencies a year from now as it does today, because it will always use
exactly git commit `d373d80b1207d52621961b16aa4a3438e4f98167` of Nixpkgs for all exactly git commit `e51209796c4262bfb8908e3d6d72302fe4e96f5f` of Nixpkgs for all
of the package versions. of the package versions.
This is also a great way to ensure the script executes identically on different This is also a great way to ensure the script executes identically on different
@ -213,12 +208,15 @@ create a single script with Python dependencies, but in the course of normal
development we're usually working in an entire package repository. development we're usually working in an entire package repository.
As explained in the Nix manual, `nix-shell` can also load an expression from a As explained in the Nix manual, `nix-shell` can also load an expression from a
`.nix` file. Say we want to have Python 3.9, `numpy` and `toolz`, like before, `.nix` file. Say we want to have Python 3.11, `numpy` and `toolz`, like before,
in an environment. We can add a `shell.nix` file describing our dependencies: in an environment. We can add a `shell.nix` file describing our dependencies:
```nix ```nix
with import <nixpkgs> {}; with import <nixpkgs> {};
(python39.withPackages (ps: [ps.numpy ps.toolz])).env (python311.withPackages (ps: with ps; [
numpy
toolz
])).env
``` ```
And then at the command line, just typing `nix-shell` produces the same And then at the command line, just typing `nix-shell` produces the same
@ -232,7 +230,7 @@ What's happening here?
imports the `<nixpkgs>` function, `{}` calls it and the `with` statement imports the `<nixpkgs>` function, `{}` calls it and the `with` statement
brings all attributes of `nixpkgs` in the local scope. These attributes form brings all attributes of `nixpkgs` in the local scope. These attributes form
the main package set. the main package set.
2. Then we create a Python 3.9 environment with the `withPackages` function, as before. 2. Then we create a Python 3.11 environment with the `withPackages` function, as before.
3. The `withPackages` function expects us to provide a function as an argument 3. The `withPackages` function expects us to provide a function as an argument
that takes the set of all Python packages and returns a list of packages to that takes the set of all Python packages and returns a list of packages to
include in the environment. Here, we select the packages `numpy` and `toolz` include in the environment. Here, we select the packages `numpy` and `toolz`
@ -243,7 +241,7 @@ To combine this with `mkShell` you can:
```nix ```nix
with import <nixpkgs> {}; with import <nixpkgs> {};
let let
pythonEnv = python39.withPackages (ps: [ pythonEnv = python311.withPackages (ps: [
ps.numpy ps.numpy
ps.toolz ps.toolz
]); ]);
@ -327,7 +325,7 @@ on NixOS.
{ # ... { # ...
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(python38.withPackages(ps: with ps; [ numpy toolz ])) (python310.withPackages(ps: with ps; [ numpy toolz ]))
]; ];
} }
``` ```
@ -348,20 +346,32 @@ building Python libraries is `buildPythonPackage`. Let's see how we can build th
`toolz` package. `toolz` package.
```nix ```nix
{ lib, buildPythonPackage, fetchPypi }: { lib
, buildPythonPackage
, fetchPypi
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "toolz"; pname = "toolz";
version = "0.10.0"; version = "0.10.0";
format = "setuptools";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
hash = "sha256-CP3V73yWSArRHBLUct4hrNMjWZlvaaUlkpm1QP66RWA="; hash = "sha256-CP3V73yWSArRHBLUct4hrNMjWZlvaaUlkpm1QP66RWA=";
}; };
# has no tests
doCheck = false; doCheck = false;
pythonImportsCheck = [
"toolz.itertoolz"
"toolz.functoolz"
"toolz.dicttoolz"
];
meta = with lib; { meta = with lib; {
changelog = "https://github.com/pytoolz/toolz/releases/tag/${version}";
homepage = "https://github.com/pytoolz/toolz"; homepage = "https://github.com/pytoolz/toolz";
description = "List processing tools and functional utilities"; description = "List processing tools and functional utilities";
license = licenses.bsd3; license = licenses.bsd3;
@ -376,13 +386,14 @@ arguments is the name of the package, which consists of a basename (generally
following the name on PyPi) and a version. Another argument, `src` specifies the following the name on PyPi) and a version. Another argument, `src` specifies the
source, which in this case is fetched from PyPI using the helper function source, which in this case is fetched from PyPI using the helper function
`fetchPypi`. The argument `doCheck` is used to set whether tests should be run `fetchPypi`. The argument `doCheck` is used to set whether tests should be run
when building the package. Furthermore, we specify some (optional) meta when building the package. Since there are no tests, we rely on `pythonImportsCheck`
to test whether the package can be imported. Furthermore, we specify some meta
information. The output of the function is a derivation. information. The output of the function is a derivation.
An expression for `toolz` can be found in the Nixpkgs repository. As explained An expression for `toolz` can be found in the Nixpkgs repository. As explained
in the introduction of this Python section, a derivation of `toolz` is available in the introduction of this Python section, a derivation of `toolz` is available
for each interpreter version, e.g. `python39.pkgs.toolz` refers to the `toolz` for each interpreter version, e.g. `python311.pkgs.toolz` refers to the `toolz`
derivation corresponding to the CPython 3.9 interpreter. derivation corresponding to the CPython 3.11 interpreter.
The above example works when you're directly working on The above example works when you're directly working on
`pkgs/top-level/python-packages.nix` in the Nixpkgs repository. Often though, `pkgs/top-level/python-packages.nix` in the Nixpkgs repository. Often though,
@ -395,29 +406,35 @@ and adds it along with a `numpy` package to a Python environment.
with import <nixpkgs> {}; with import <nixpkgs> {};
( let ( let
my_toolz = python39.pkgs.buildPythonPackage rec { my_toolz = python311.pkgs.buildPythonPackage rec {
pname = "toolz"; pname = "toolz";
version = "0.10.0"; version = "0.10.0";
format = "setuptools";
src = python39.pkgs.fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
hash = "sha256-CP3V73yWSArRHBLUct4hrNMjWZlvaaUlkpm1QP66RWA="; hash = "sha256-CP3V73yWSArRHBLUct4hrNMjWZlvaaUlkpm1QP66RWA=";
}; };
# has no tests
doCheck = false; doCheck = false;
meta = { meta = {
homepage = "https://github.com/pytoolz/toolz/"; homepage = "https://github.com/pytoolz/toolz/";
description = "List processing tools and functional utilities"; description = "List processing tools and functional utilities";
# [...]
}; };
}; };
in python38.withPackages (ps: [ps.numpy my_toolz]) in python311.withPackages (ps: with ps; [
numpy
my_toolz
])
).env ).env
``` ```
Executing `nix-shell` will result in an environment in which you can use Executing `nix-shell` will result in an environment in which you can use
Python 3.9 and the `toolz` package. As you can see we had to explicitly mention Python 3.11 and the `toolz` package. As you can see we had to explicitly mention
for which Python version we want to build a package. for which Python version we want to build a package.
So, what did we do here? Well, we took the Nix expression that we used earlier So, what did we do here? Well, we took the Nix expression that we used earlier
@ -442,21 +459,39 @@ The following example shows which arguments are given to `buildPythonPackage` in
order to build [`datashape`](https://github.com/blaze/datashape). order to build [`datashape`](https://github.com/blaze/datashape).
```nix ```nix
{ lib, buildPythonPackage, fetchPypi, numpy, multipledispatch, python-dateutil, pytest }: { lib
, buildPythonPackage
, fetchPypi
# dependencies
, numpy, multipledispatch, python-dateutil
# tests
, pytest
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "datashape"; pname = "datashape";
version = "0.4.7"; version = "0.4.7";
format = "setuptools";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
hash = "sha256-FLLvdm1MllKrgTGC6Gb0k0deZeVYvtCCLji/B7uhong="; hash = "sha256-FLLvdm1MllKrgTGC6Gb0k0deZeVYvtCCLji/B7uhong=";
}; };
nativeCheckInputs = [ pytest ]; propagatedBuildInputs = [
propagatedBuildInputs = [ numpy multipledispatch python-dateutil ]; multipledispatch
numpy
python-dateutil
];
nativeCheckInputs = [
pytest
];
meta = with lib; { meta = with lib; {
changelog = "https://github.com/blaze/datashape/releases/tag/${version}";
homepage = "https://github.com/ContinuumIO/datashape"; homepage = "https://github.com/ContinuumIO/datashape";
description = "A data description language"; description = "A data description language";
license = licenses.bsd2; license = licenses.bsd2;
@ -466,9 +501,9 @@ buildPythonPackage rec {
``` ```
We can see several runtime dependencies, `numpy`, `multipledispatch`, and We can see several runtime dependencies, `numpy`, `multipledispatch`, and
`python-dateutil`. Furthermore, we have one `nativeCheckInputs`, i.e. `pytest`. `pytest` is a `python-dateutil`. Furthermore, we have `nativeCheckInputs` with `pytest`.
test runner and is only used during the `checkPhase` and is therefore not added `pytest` is a test runner and is only used during the `checkPhase` and is
to `propagatedBuildInputs`. therefore not added to `propagatedBuildInputs`.
In the previous case we had only dependencies on other Python packages to consider. In the previous case we had only dependencies on other Python packages to consider.
Occasionally you have also system libraries to consider. E.g., `lxml` provides Occasionally you have also system libraries to consider. E.g., `lxml` provides
@ -476,20 +511,29 @@ Python bindings to `libxml2` and `libxslt`. These libraries are only required
when building the bindings and are therefore added as `buildInputs`. when building the bindings and are therefore added as `buildInputs`.
```nix ```nix
{ lib, pkgs, buildPythonPackage, fetchPypi }: { lib
, pkgs
, buildPythonPackage
, fetchPypi
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "lxml"; pname = "lxml";
version = "3.4.4"; version = "3.4.4";
format = "setuptools";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
hash = "sha256-s9NiusRxFydHzaNRMjjxFcvWxfi45jGb9ql6eJJyQJk="; hash = "sha256-s9NiusRxFydHzaNRMjjxFcvWxfi45jGb9ql6eJJyQJk=";
}; };
buildInputs = [ pkgs.libxml2 pkgs.libxslt ]; buildInputs = [
pkgs.libxml2
pkgs.libxslt
];
meta = with lib; { meta = with lib; {
changelog = "https://github.com/lxml/lxml/releases/tag/lxml-${version}";
description = "Pythonic binding for the libxml2 and libxslt libraries"; description = "Pythonic binding for the libxml2 and libxslt libraries";
homepage = "https://lxml.de"; homepage = "https://lxml.de";
license = licenses.bsd3; license = licenses.bsd3;
@ -509,30 +553,47 @@ The bindings don't expect to find each of them in a different folder, and
therefore we have to set `LDFLAGS` and `CFLAGS`. therefore we have to set `LDFLAGS` and `CFLAGS`.
```nix ```nix
{ lib, pkgs, buildPythonPackage, fetchPypi, numpy, scipy }: { lib
, pkgs
, buildPythonPackage
, fetchPypi
# dependencies
, numpy
, scipy
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "pyFFTW"; pname = "pyFFTW";
version = "0.9.2"; version = "0.9.2";
format = "setuptools";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
hash = "sha256-9ru2r6kwhUCaskiFoaPNuJCfCVoUL01J40byvRt4kHQ="; hash = "sha256-9ru2r6kwhUCaskiFoaPNuJCfCVoUL01J40byvRt4kHQ=";
}; };
buildInputs = [ pkgs.fftw pkgs.fftwFloat pkgs.fftwLongDouble]; buildInputs = [
pkgs.fftw
pkgs.fftwFloat
pkgs.fftwLongDouble
];
propagatedBuildInputs = [ numpy scipy ]; propagatedBuildInputs = [
numpy
# Tests cannot import pyfftw. pyfftw works fine though. scipy
doCheck = false; ];
preConfigure = '' preConfigure = ''
export LDFLAGS="-L${pkgs.fftw.dev}/lib -L${pkgs.fftwFloat.out}/lib -L${pkgs.fftwLongDouble.out}/lib" export LDFLAGS="-L${pkgs.fftw.dev}/lib -L${pkgs.fftwFloat.out}/lib -L${pkgs.fftwLongDouble.out}/lib"
export CFLAGS="-I${pkgs.fftw.dev}/include -I${pkgs.fftwFloat.dev}/include -I${pkgs.fftwLongDouble.dev}/include" export CFLAGS="-I${pkgs.fftw.dev}/include -I${pkgs.fftwFloat.dev}/include -I${pkgs.fftwLongDouble.dev}/include"
''; '';
# Tests cannot import pyfftw. pyfftw works fine though.
doCheck = false;
meta = with lib; { meta = with lib; {
changelog = "https://github.com/pyFFTW/pyFFTW/releases/tag/v${version}";
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms"; description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = "http://hgomersall.github.com/pyFFTW"; homepage = "http://hgomersall.github.com/pyFFTW";
license = with licenses; [ bsd2 bsd3 ]; license = with licenses; [ bsd2 bsd3 ];
@ -590,7 +651,7 @@ To filter tests using pytest, one can do the following:
checkPhase = '' checkPhase = ''
runHook preCheck runHook preCheck
pytest tests/ --ignore=tests/integration -k 'not download and not update' pytest tests/ --ignore=tests/integration -k 'not download and not update' --ignore=tests/test_failing.py
runHook postCheck runHook postCheck
''; '';
@ -618,10 +679,15 @@ when a package may need many items disabled to run the test suite.
Using the example above, the analogous `pytestCheckHook` usage would be: Using the example above, the analogous `pytestCheckHook` usage would be:
``` ```
nativeCheckInputs = [ pytestCheckHook ]; nativeCheckInputs = [
pytestCheckHook
];
# requires additional data # requires additional data
pytestFlagsArray = [ "tests/" "--ignore=tests/integration" ]; pytestFlagsArray = [
"tests/"
"--ignore=tests/integration"
];
disabledTests = [ disabledTests = [
# touches network # touches network
@ -663,7 +729,10 @@ To help ensure the package still works, `pythonImportsCheck` can attempt to impo
the listed modules. the listed modules.
``` ```
pythonImportsCheck = [ "requests" "urllib" ]; pythonImportsCheck = [
"requests"
"urllib"
];
``` ```
roughly translates to: roughly translates to:
@ -704,9 +773,16 @@ pkg3>=1.0,<=2.0
we can do: we can do:
``` ```
nativeBuildInputs = [ pythonRelaxDepsHook ]; nativeBuildInputs = [
pythonRelaxDeps = [ "pkg1" "pkg3" ]; pythonRelaxDepsHook
pythonRemoveDeps = [ "pkg2" ]; ];
pythonRelaxDeps = [
"pkg1"
"pkg3"
];
pythonRemoveDeps = [
"pkg2"
];
``` ```
which would result in the following `requirements.txt` file: which would result in the following `requirements.txt` file:
@ -749,9 +825,13 @@ with the exception of `other` (see `format` in
`unittestCheckHook` is a hook which will substitute the setuptools `test` command for a `checkPhase` which runs `python -m unittest discover`: `unittestCheckHook` is a hook which will substitute the setuptools `test` command for a `checkPhase` which runs `python -m unittest discover`:
``` ```
nativeCheckInputs = [ unittestCheckHook ]; nativeCheckInputs = [
unittestCheckHook
];
unittestFlagsArray = [ "-s" "tests" "-v" ]; unittestFlagsArray = [
"-s" "tests" "-v"
];
``` ```
#### Using sphinxHook {#using-sphinxhook} #### Using sphinxHook {#using-sphinxhook}
@ -816,7 +896,7 @@ If we create a `shell.nix` file which calls `buildPythonPackage`, and if `src`
is a local source, and if the local source has a `setup.py`, then development is a local source, and if the local source has a `setup.py`, then development
mode is activated. mode is activated.
In the following example, we create a simple environment that has a Python 3.9 In the following example, we create a simple environment that has a Python 3.11
version of our package in it, as well as its dependencies and other packages we version of our package in it, as well as its dependencies and other packages we
like to have in the environment, all specified with `propagatedBuildInputs`. like to have in the environment, all specified with `propagatedBuildInputs`.
Indeed, we can just add any package we like to have in our environment to Indeed, we can just add any package we like to have in our environment to
@ -824,12 +904,16 @@ Indeed, we can just add any package we like to have in our environment to
```nix ```nix
with import <nixpkgs> {}; with import <nixpkgs> {};
with python39Packages; with python311Packages;
buildPythonPackage rec { buildPythonPackage rec {
name = "mypackage"; name = "mypackage";
src = ./path/to/package/source; src = ./path/to/package/source;
propagatedBuildInputs = [ pytest numpy pkgs.libsndfile ]; propagatedBuildInputs = [
pytest
numpy
pkgs.libsndfile
];
} }
``` ```
@ -857,11 +941,14 @@ Let's split the package definition from the environment definition.
We first create a function that builds `toolz` in `~/path/to/toolz/release.nix` We first create a function that builds `toolz` in `~/path/to/toolz/release.nix`
```nix ```nix
{ lib, buildPythonPackage }: { lib
, buildPythonPackage
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "toolz"; pname = "toolz";
version = "0.10.0"; version = "0.10.0";
format = "setuptools";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
@ -869,6 +956,7 @@ buildPythonPackage rec {
}; };
meta = with lib; { meta = with lib; {
changelog = "https://github.com/pytoolz/toolz/releases/tag/${version}";
homepage = "https://github.com/pytoolz/toolz/"; homepage = "https://github.com/pytoolz/toolz/";
description = "List processing tools and functional utilities"; description = "List processing tools and functional utilities";
license = licenses.bsd3; license = licenses.bsd3;
@ -885,9 +973,13 @@ with import <nixpkgs> {};
( let ( let
toolz = callPackage /path/to/toolz/release.nix { toolz = callPackage /path/to/toolz/release.nix {
buildPythonPackage = python38Packages.buildPythonPackage; buildPythonPackage = python310
Packages.buildPythonPackage;
}; };
in python38.withPackages (ps: [ ps.numpy toolz ]) in python310.withPackages (ps: [
ps.numpy
toolz
])
).env ).env
``` ```
@ -895,17 +987,17 @@ Important to remember is that the Python version for which the package is made
depends on the `python` derivation that is passed to `buildPythonPackage`. Nix depends on the `python` derivation that is passed to `buildPythonPackage`. Nix
tries to automatically pass arguments when possible, which is why generally you tries to automatically pass arguments when possible, which is why generally you
don't explicitly define which `python` derivation should be used. In the above don't explicitly define which `python` derivation should be used. In the above
example we use `buildPythonPackage` that is part of the set `python38Packages`, example we use `buildPythonPackage` that is part of the set `python3Packages`,
and in this case the `python38` interpreter is automatically used. and in this case the `python3` interpreter is automatically used.
## Reference {#reference} ## Reference {#reference}
### Interpreters {#interpreters} ### Interpreters {#interpreters}
Versions 2.7, 3.7, 3.8, 3.9 and 3.10 of the CPython interpreter are available Versions 2.7, 3.8, 3.9, 3.10 and 3.11 of the CPython interpreter are available
as respectively `python27`, `python37`, `python38`, `python39` and `python310`. as respectively `python27`, python38`, `python39`, `python310` and `python311`.
The aliases `python2` and `python3` correspond to respectively `python27` and The aliases `python2` and `python3` correspond to respectively `python27` and
`python39`. The attribute `python` maps to `python2`. The PyPy interpreters `python310`. The attribute `python` maps to `python2`. The PyPy interpreters
compatible with Python 2.7 and 3 are available as `pypy27` and `pypy3`, with compatible with Python 2.7 and 3 are available as `pypy27` and `pypy3`, with
aliases `pypy2` mapping to `pypy27` and `pypy` mapping to `pypy2`. The Nix aliases `pypy2` mapping to `pypy27` and `pypy` mapping to `pypy2`. The Nix
expressions for the interpreters can be found in expressions for the interpreters can be found in
@ -928,7 +1020,7 @@ Each interpreter has the following attributes:
- `buildEnv`. Function to build python interpreter environments with extra packages bundled together. See section *python.buildEnv function* for usage and documentation. - `buildEnv`. Function to build python interpreter environments with extra packages bundled together. See section *python.buildEnv function* for usage and documentation.
- `withPackages`. Simpler interface to `buildEnv`. See section *python.withPackages function* for usage and documentation. - `withPackages`. Simpler interface to `buildEnv`. See section *python.withPackages function* for usage and documentation.
- `sitePackages`. Alias for `lib/${libPrefix}/site-packages`. - `sitePackages`. Alias for `lib/${libPrefix}/site-packages`.
- `executable`. Name of the interpreter executable, e.g. `python3.8`. - `executable`. Name of the interpreter executable, e.g. `python3.10`.
- `pkgs`. Set of Python packages for that specific interpreter. The package set can be modified by overriding the interpreter and passing `packageOverrides`. - `pkgs`. Set of Python packages for that specific interpreter. The package set can be modified by overriding the interpreter and passing `packageOverrides`.
### Optimizations {#optimizations} ### Optimizations {#optimizations}
@ -968,7 +1060,7 @@ attribute set is created for each available Python interpreter. The available
sets are sets are
* `pkgs.python27Packages` * `pkgs.python27Packages`
* `pkgs.python37Packages` * `pkgs.python3Packages`
* `pkgs.python38Packages` * `pkgs.python38Packages`
* `pkgs.python39Packages` * `pkgs.python39Packages`
* `pkgs.python310Packages` * `pkgs.python310Packages`
@ -978,7 +1070,7 @@ sets are
and the aliases and the aliases
* `pkgs.python2Packages` pointing to `pkgs.python27Packages` * `pkgs.python2Packages` pointing to `pkgs.python27Packages`
* `pkgs.python3Packages` pointing to `pkgs.python39Packages` * `pkgs.python3Packages` pointing to `pkgs.python310Packages`
* `pkgs.pythonPackages` pointing to `pkgs.python2Packages` * `pkgs.pythonPackages` pointing to `pkgs.python2Packages`
#### `buildPythonPackage` function {#buildpythonpackage-function} #### `buildPythonPackage` function {#buildpythonpackage-function}
@ -990,11 +1082,28 @@ using setup hooks.
The following is an example: The following is an example:
```nix ```nix
{ lib, buildPythonPackage, fetchPypi, hypothesis, setuptools-scm, attrs, py, setuptools, six, pluggy }: { lib
, buildPythonPackage
, fetchPypi
# build-system
, setuptools-scm
# dependencies
, attrs
, pluggy
, py
, setuptools
, six
# tests
, hypothesis
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "pytest"; pname = "pytest";
version = "3.3.1"; version = "3.3.1";
format = "setuptools";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
@ -1006,13 +1115,28 @@ buildPythonPackage rec {
rm testing/test_argcomplete.py rm testing/test_argcomplete.py
''; '';
nativeCheckInputs = [ hypothesis ]; nativeBuildInputs = [
nativeBuildInputs = [ setuptools-scm ]; setuptools-scm
propagatedBuildInputs = [ attrs py setuptools six pluggy ]; ];
propagatedBuildInputs = [
attrs
py
setuptools
six
pluggy
];
nativeCheckInputs = [
hypothesis
];
meta = with lib; { meta = with lib; {
maintainers = with maintainers; [ domenkozar lovek323 madjar lsix ]; changelog = "https://github.com/pytest-dev/pytest/releases/tag/${version}";
description = "Framework for writing tests"; description = "Framework for writing tests";
homepage = "https://github.com/pytest-dev/pytest";
license = licenses.mit;
maintainers = with maintainers; [ domenkozar lovek323 madjar lsix ];
}; };
} }
``` ```
@ -1105,7 +1229,7 @@ with import <nixpkgs> {};
packageOverrides = self: super: { packageOverrides = self: super: {
pandas = super.pandas.overridePythonAttrs(old: rec { pandas = super.pandas.overridePythonAttrs(old: rec {
version = "0.19.1"; version = "0.19.1";
src = super.fetchPypi { src = fetchPypi {
pname = "pandas"; pname = "pandas";
inherit version; inherit version;
hash = "sha256-JQn+rtpy/OA2deLszSKEuxyttqBzcAil50H+JDHUdCE="; hash = "sha256-JQn+rtpy/OA2deLszSKEuxyttqBzcAil50H+JDHUdCE=";
@ -1114,7 +1238,7 @@ with import <nixpkgs> {};
}; };
in pkgs.python3.override {inherit packageOverrides; self = python;}; in pkgs.python3.override {inherit packageOverrides; self = python;};
in python.withPackages(ps: [ps.blaze])).env in python.withPackages(ps: [ ps.blaze ])).env
``` ```
#### Optional extra dependencies {#python-optional-dependencies} #### Optional extra dependencies {#python-optional-dependencies}
@ -1160,18 +1284,25 @@ called with `callPackage` and passed `python` or `pythonPackages` (possibly
specifying an interpreter version), like this: specifying an interpreter version), like this:
```nix ```nix
{ lib, python3 }: { lib
, python3
, fetchPypi
}:
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {
pname = "luigi"; pname = "luigi";
version = "2.7.9"; version = "2.7.9";
format = "setuptools";
src = python3.pkgs.fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
hash = "sha256-Pe229rT0aHwA98s+nTHQMEFKZPo/yw6sot8MivFDvAw="; hash = "sha256-Pe229rT0aHwA98s+nTHQMEFKZPo/yw6sot8MivFDvAw=";
}; };
propagatedBuildInputs = with python3.pkgs; [ tornado python-daemon ]; propagatedBuildInputs = with python3.pkgs; [
tornado
python-daemon
];
meta = with lib; { meta = with lib; {
... ...
@ -1253,7 +1384,10 @@ running `nix-shell` with the following `shell.nix`
with import <nixpkgs> {}; with import <nixpkgs> {};
(python3.buildEnv.override { (python3.buildEnv.override {
extraLibs = with python3Packages; [ numpy requests ]; extraLibs = with python3Packages; [
numpy
requests
];
}).env }).env
``` ```
@ -1279,7 +1413,7 @@ example for the Pyramid Web Framework environment can be written like this:
```nix ```nix
with import <nixpkgs> {}; with import <nixpkgs> {};
python.withPackages (ps: [ps.pyramid]) python.withPackages (ps: [ ps.pyramid ])
``` ```
`withPackages` passes the correct package set for the specific interpreter `withPackages` passes the correct package set for the specific interpreter
@ -1289,7 +1423,7 @@ version as an argument to the function. In the above example, `ps` equals
```nix ```nix
with import <nixpkgs> {}; with import <nixpkgs> {};
python3.withPackages (ps: [ps.pyramid]) python3.withPackages (ps: [ ps.pyramid ])
``` ```
Now, `ps` is set to `python3Packages`, matching the version of the interpreter. Now, `ps` is set to `python3Packages`, matching the version of the interpreter.
@ -1301,7 +1435,10 @@ thus be also written like this:
```nix ```nix
with import <nixpkgs> {}; with import <nixpkgs> {};
(python38.withPackages (ps: [ps.numpy ps.requests])).env (python3.withPackages (ps: with ps; [
numpy
requests
])).env
``` ```
In contrast to `python.buildEnv`, `python.withPackages` does not support the In contrast to `python.buildEnv`, `python.withPackages` does not support the
@ -1393,7 +1530,7 @@ has security implications and is relevant for those using Python in a
When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will
have timestamp 1. The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1` have timestamp 1. The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1`
and [PYTHONHASHSEED=0](https://docs.python.org/3.8/using/cmdline.html#envvar-PYTHONHASHSEED). and [PYTHONHASHSEED=0](https://docs.python.org/3.11/using/cmdline.html#envvar-PYTHONHASHSEED).
Both are also exported in `nix-shell`. Both are also exported in `nix-shell`.
### Automatic tests {#automatic-tests} ### Automatic tests {#automatic-tests}
@ -1408,22 +1545,27 @@ example of such a situation is when `py.test` is used.
#### Common issues {#common-issues} #### Common issues {#common-issues}
* Non-working tests can often be deselected. By default `buildPythonPackage` * Non-working tests can often be deselected. By default `buildPythonPackage`
runs `python setup.py test`. Most Python modules follows the standard test runs `python setup.py test`. which is deprecated. Most Python modules however
protocol where the pytest runner can be used instead. `py.test` supports a do follow the standard test protocol where the pytest runner can be used
`-k` parameter to ignore test methods or classes: instead. `pytest` supports the `-k` and `--ignore` parameters to ignore test
methods or classes as well as whole files. For `pytestCheckHook` these are
conveniently exposed as `disabledTests` and `disabledTestPaths` respectively.
```nix ```nix
buildPythonPackage { buildPythonPackage {
# ... # ...
# assumes the tests are located in tests nativeCheckInputs = [
nativeCheckInputs = [ pytest ]; pytestCheckHook
checkPhase = '' ];
runHook preCheck
py.test -k 'not function_name and not other_function' tests disabledTests = [
"function_name"
"other_function"
];
runHook postCheck disabledTestPaths = [
''; "this/file.py"
];
} }
``` ```
@ -1451,9 +1593,13 @@ with import <nixpkgs> {};
packageOverrides = self: super: { packageOverrides = self: super: {
pandas = super.pandas.overridePythonAttrs(old: {name="foo";}); pandas = super.pandas.overridePythonAttrs(old: {name="foo";});
}; };
in pkgs.python38.override {inherit packageOverrides;}; in pkgs.python310.override {
inherit packageOverrides;
};
in python.withPackages(ps: [ps.pandas])).env in python.withPackages (ps: [
ps.pandas
])).env
``` ```
Using `nix-build` on this expression will build an environment that contains the Using `nix-build` on this expression will build an environment that contains the
@ -1473,7 +1619,11 @@ with import <nixpkgs> {};
packageOverrides = self: super: { packageOverrides = self: super: {
scipy = super.scipy_0_17; scipy = super.scipy_0_17;
}; };
in (pkgs.python38.override {inherit packageOverrides;}).withPackages (ps: [ps.blaze]) in (pkgs.python310.override {
inherit packageOverrides;
}).withPackages (ps: [
ps.blaze
])
).env ).env
``` ```
@ -1487,11 +1637,11 @@ If you want the whole of Nixpkgs to use your modifications, then you can use
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
newpkgs = import pkgs.path { overlays = [ (self: super: { newpkgs = import pkgs.path { overlays = [ (self: super: {
python38 = let python310 = let
packageOverrides = python-self: python-super: { packageOverrides = python-self: python-super: {
numpy = python-super.numpy_1_18; numpy = python-super.numpy_1_18;
}; };
in super.python38.override {inherit packageOverrides;}; in super.python310.override {inherit packageOverrides;};
} ) ]; }; } ) ]; };
in newpkgs.inkscape in newpkgs.inkscape
``` ```

View file

@ -535,7 +535,9 @@ directory of the `tokenizers` project's source archive, we use
```nix ```nix
{ fetchFromGitHub { fetchFromGitHub
, buildPythonPackage , buildPythonPackage
, cargo
, rustPlatform , rustPlatform
, rustc
, setuptools-rust , setuptools-rust
}: }:
@ -558,11 +560,12 @@ buildPythonPackage rec {
sourceRoot = "source/bindings/python"; sourceRoot = "source/bindings/python";
nativeBuildInputs = [ setuptools-rust ] ++ (with rustPlatform; [ nativeBuildInputs = [
cargoSetupHook cargo
rust.cargo rustPlatform.cargoSetupHook
rust.rustc rustc
]); setuptools-rust
];
# ... # ...
} }

View file

@ -12,7 +12,11 @@
<xi:include href="using/configuration.chapter.xml" /> <xi:include href="using/configuration.chapter.xml" />
<xi:include href="using/overlays.chapter.xml" /> <xi:include href="using/overlays.chapter.xml" />
<xi:include href="using/overrides.chapter.xml" /> <xi:include href="using/overrides.chapter.xml" />
</part>
<part>
<title>Nixpkgs <code>lib</code></title>
<xi:include href="functions.xml" /> <xi:include href="functions.xml" />
<xi:include href="module-system/module-system.chapter.xml" />
</part> </part>
<part xml:id="part-stdenv"> <part xml:id="part-stdenv">
<title>Standard environment</title> <title>Standard environment</title>

View file

@ -0,0 +1,105 @@
# Module System {#module-system}
## Introduction {#module-system-introduction}
The module system is a language for handling configuration, implemented as a Nix library.
Compared to plain Nix, it adds documentation, type checking and composition or extensibility.
::: {.note}
This chapter is new and not complete yet. For a gentle introduction to the module system, in the context of NixOS, see [Writing NixOS Modules](https://nixos.org/manual/nixos/unstable/index.html#sec-writing-modules) in the NixOS manual.
:::
## `lib.evalModules` {#module-system-lib-evalModules}
Evaluate a set of modules. This function is typically only used once per application (e.g. once in NixOS, once in Home Manager, ...).
### Parameters {#module-system-lib-evalModules-parameters}
#### `modules` {#module-system-lib-evalModules-param-modules}
A list of modules. These are merged together to form the final configuration.
<!-- TODO link to section about merging, TBD -->
#### `specialArgs` {#module-system-lib-evalModules-param-specialArgs}
An attribute set of module arguments that can be used in `imports`.
This is in contrast to `config._module.args`, which is only available after all `imports` have been resolved.
#### `class` {#module-system-lib-evalModules-param-class}
If the `class` attribute is set and non-`null`, the module system will reject `imports` with a different `_class` declaration.
The `class` value should be a string in lower [camel case](https://en.wikipedia.org/wiki/Camel_case).
If applicable, the `class` should match the "prefix" of the attributes used in (experimental) [flakes](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#description). Some examples are:
- `nixos` as in `flake.nixosModules`
- `nixosTest`: modules that constitute a [NixOS VM test](https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests)
<!-- We've only just started with `class`. You're invited to add a few more. -->
#### `prefix` {#module-system-lib-evalModules-param-prefix}
A list of strings representing the location at or below which all options are evaluated. This is used by `types.submodule` to improve error reporting and find the implicit `name` module argument.
### Return value {#module-system-lib-evalModules-return-value}
The result is an attribute set with the following attributes:
#### `options` {#module-system-lib-evalModules-return-value-options}
The nested attribute set of all option declarations.
#### `config` {#module-system-lib-evalModules-return-value-config}
The nested attribute set of all option values.
#### `type` {#module-system-lib-evalModules-return-value-type}
A module system type. This type is an instance of `types.submoduleWith` containing the current [`modules`](#module-system-lib-evalModules-param-modules).
The option definitions that are typed with this type will extend the current set of modules, like [`extendModules`](#module-system-lib-evalModules-return-value-extendModules).
However, the value returned from the type is just the [`config`](#module-system-lib-evalModules-return-value-config), like any submodule.
If you're familiar with prototype inheritance, you can think of this `evalModules` invocation as the prototype, and usages of this type as the instances.
This type is also available to the [`modules`](#module-system-lib-evalModules-param-modules) as the module argument `moduleType`.
<!-- TODO: document the module arguments. Using moduleType is like saying: suppose this configuration was extended. -->
#### `extendModules` {#module-system-lib-evalModules-return-value-extendModules}
A function similar to `evalModules` but building on top of the already passed [`modules`](#module-system-lib-evalModules-param-modules). Its arguments, `modules` and `specialArgs` are added to the existing values.
If you're familiar with prototype inheritance, you can think of the current, actual `evalModules` invocation as the prototype, and the return value of `extendModules` as the instance.
This functionality is also available to modules as the `extendModules` module argument.
::: {.note}
**Evaluation Performance**
`extendModules` returns a configuration that shares very little with the original `evalModules` invocation, because the module arguments may be different.
So if you have a configuration that has been (or will be) largely evaluated, almost none of the computation is shared with the configuration returned by `extendModules`.
The real work of module evaluation happens while computing the values in `config` and `options`, so multiple invocations of `extendModules` have a particularly small cost, as long as only the final `config` and `options` are evaluated.
If you do reference multiple `config` (or `options`) from before and after `extendModules`, evaluation performance is the same as with multiple `evalModules` invocations, because the new modules' ability to override existing configuration fundamentally requires constructing a new `config` and `options` fixpoint.
:::
#### `_module` {#module-system-lib-evalModules-return-value-_module}
A portion of the configuration tree which is elided from `config`.
<!-- TODO: when markdown migration is complete, make _module docs visible again and reference _module docs. Maybe move those docs into this chapter? -->
#### `_type` {#module-system-lib-evalModules-return-value-_type}
A nominal type marker, always `"configuration"`.
#### `class` {#module-system-lib-evalModules-return-value-_configurationClass}
The [`class` argument](#module-system-lib-evalModules-param-class).

View file

@ -257,7 +257,7 @@ propagated-dep(mapOffset(h0, t0, h1),
``` ```
let mapOffset(h, t, i) = i + (if i <= 0 then h else t - 1) let mapOffset(h, t, i) = i + (if i <= 0 then h else t - 1)
dep(h0, _, A, B) dep(h0, t0, A, B)
propagated-dep(h1, t1, B, C) propagated-dep(h1, t1, B, C)
h0 + h1 in {-1, 0, 1} h0 + h1 in {-1, 0, 1}
h0 + t1 in {-1, 0, -1} h0 + t1 in {-1, 0, -1}
@ -1204,7 +1204,7 @@ Nix itself considers a build-time dependency as merely something that should pre
In order to alleviate this burden, the setup hook mechanism was written, where any package can include a shell script that \[by convention rather than enforcement by Nix\], any downstream reverse-dependency will source as part of its build process. That allows the downstream dependency to merely specify its dependencies, and lets those dependencies effectively initialize themselves. No boilerplate mirroring the list of dependencies is needed. In order to alleviate this burden, the setup hook mechanism was written, where any package can include a shell script that \[by convention rather than enforcement by Nix\], any downstream reverse-dependency will source as part of its build process. That allows the downstream dependency to merely specify its dependencies, and lets those dependencies effectively initialize themselves. No boilerplate mirroring the list of dependencies is needed.
The setup hook mechanism is a bit of a sledgehammer though: a powerful feature with a broad and indiscriminate area of effect. The combination of its power and implicit use may be expedient, but isnt without costs. Nix itself is unchanged, but the spirit of added dependencies being effect-free is violated even if the letter isnt. For example, if a derivation path is mentioned more than once, Nix itself doesnt care and simply makes sure the dependency derivation is already built just the same—depending is just needing something to exist, and needing is idempotent. However, a dependency specified twice will have its setup hook run twice, and that could easily change the build environment (though a well-written setup hook will therefore strive to be idempotent so this is in fact not observable). More broadly, setup hooks are anti-modular in that multiple dependencies, whether the same or different, should not interfere and yet their setup hooks may well do so. The setup hook mechanism is a bit of a sledgehammer though: a powerful feature with a broad and indiscriminate area of effect. The combination of its power and implicit use may be expedient, but isnt without costs. Nix itself is unchanged, but the spirit of added dependencies being effect-free is violated even if the latter isnt. For example, if a derivation path is mentioned more than once, Nix itself doesnt care and simply makes sure the dependency derivation is already built just the same—depending is just needing something to exist, and needing is idempotent. However, a dependency specified twice will have its setup hook run twice, and that could easily change the build environment (though a well-written setup hook will therefore strive to be idempotent so this is in fact not observable). More broadly, setup hooks are anti-modular in that multiple dependencies, whether the same or different, should not interfere and yet their setup hooks may well do so.
The most typical use of the setup hook is actually to add other hooks which are then run (i.e. after all the setup hooks) on each dependency. For example, the C compiler wrappers setup hook feeds itself flags for each dependency that contains relevant libraries and headers. This is done by defining a bash function, and appending its name to one of `envBuildBuildHooks`, `envBuildHostHooks`, `envBuildTargetHooks`, `envHostHostHooks`, `envHostTargetHooks`, or `envTargetTargetHooks`. These 6 bash variables correspond to the 6 sorts of dependencies by platform (theres 12 total but we ignore the propagated/non-propagated axis). The most typical use of the setup hook is actually to add other hooks which are then run (i.e. after all the setup hooks) on each dependency. For example, the C compiler wrappers setup hook feeds itself flags for each dependency that contains relevant libraries and headers. This is done by defining a bash function, and appending its name to one of `envBuildBuildHooks`, `envBuildHostHooks`, `envBuildTargetHooks`, `envHostHostHooks`, `envHostTargetHooks`, or `envTargetTargetHooks`. These 6 bash variables correspond to the 6 sorts of dependencies by platform (theres 12 total but we ignore the propagated/non-propagated axis).

View file

@ -57,6 +57,19 @@
nixosModules = { nixosModules = {
notDetected = ./nixos/modules/installer/scan/not-detected.nix; notDetected = ./nixos/modules/installer/scan/not-detected.nix;
/*
Make the `nixpkgs.*` configuration read-only. Guarantees that `pkgs`
is the way you initialize it.
Example:
{
imports = [ nixpkgs.nixosModules.readOnlyPkgs ];
nixpkgs.pkgs = nixpkgs.legacyPackages.x86_64-linux;
}
*/
readOnlyPkgs = ./nixos/modules/misc/nixpkgs/read-only.nix;
}; };
}; };
} }

View file

@ -117,10 +117,11 @@ let
inherit (self.meta) addMetaAttrs dontDistribute setName updateName inherit (self.meta) addMetaAttrs dontDistribute setName updateName
appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
hiPrioSet getLicenseFromSpdxId getExe; hiPrioSet getLicenseFromSpdxId getExe;
inherit (self.sources) pathType pathIsDirectory cleanSourceFilter inherit (self.filesystem) pathType pathIsDirectory pathIsRegularFile;
inherit (self.sources) cleanSourceFilter
cleanSource sourceByRegex sourceFilesBySuffices cleanSource sourceByRegex sourceFilesBySuffices
commitIdFromGitRepo cleanSourceWith pathHasContext commitIdFromGitRepo cleanSourceWith pathHasContext
canCleanSource pathIsRegularFile pathIsGitRepo; canCleanSource pathIsGitRepo;
inherit (self.modules) evalModules setDefaultModuleLocation inherit (self.modules) evalModules setDefaultModuleLocation
unifyModuleSyntax applyModuleArgsIfFunction mergeModules unifyModuleSyntax applyModuleArgsIfFunction mergeModules
mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions

View file

@ -1,13 +1,93 @@
# Functions for copying sources to the Nix store. # Functions for querying information about the filesystem
# without copying any files to the Nix store.
{ lib }: { lib }:
# Tested in lib/tests/filesystem.sh
let let
inherit (builtins)
readDir
pathExists
;
inherit (lib.strings) inherit (lib.strings)
hasPrefix hasPrefix
; ;
inherit (lib.filesystem)
pathType
;
in in
{ {
/*
The type of a path. The path needs to exist and be accessible.
The result is either "directory" for a directory, "regular" for a regular file, "symlink" for a symlink, or "unknown" for anything else.
Type:
pathType :: Path -> String
Example:
pathType /.
=> "directory"
pathType /some/file.nix
=> "regular"
*/
pathType =
builtins.readFileType or
# Nix <2.14 compatibility shim
(path:
if ! pathExists path
# Fail irrecoverably to mimic the historic behavior of this function and
# the new builtins.readFileType
then abort "lib.filesystem.pathType: Path ${toString path} does not exist."
# The filesystem root is the only path where `dirOf / == /` and
# `baseNameOf /` is not valid. We can detect this and directly return
# "directory", since we know the filesystem root can't be anything else.
else if dirOf path == path
then "directory"
else (readDir (dirOf path)).${baseNameOf path}
);
/*
Whether a path exists and is a directory.
Type:
pathIsDirectory :: Path -> Bool
Example:
pathIsDirectory /.
=> true
pathIsDirectory /this/does/not/exist
=> false
pathIsDirectory /some/file.nix
=> false
*/
pathIsDirectory = path:
pathExists path && pathType path == "directory";
/*
Whether a path exists and is a regular file, meaning not a symlink or any other special file type.
Type:
pathIsRegularFile :: Path -> Bool
Example:
pathIsRegularFile /.
=> false
pathIsRegularFile /this/does/not/exist
=> false
pathIsRegularFile /some/file.nix
=> true
*/
pathIsRegularFile = path:
pathExists path && pathType path == "regular";
/* /*
A map of all haskell packages defined in the given path, A map of all haskell packages defined in the given path,
identified by having a cabal file with the same name as the identified by having a cabal file with the same name as the

View file

@ -355,6 +355,7 @@ rec {
# PLIST handling # PLIST handling
toPlist = {}: v: let toPlist = {}: v: let
isFloat = builtins.isFloat or (x: false); isFloat = builtins.isFloat or (x: false);
isPath = x: builtins.typeOf x == "path";
expr = ind: x: with builtins; expr = ind: x: with builtins;
if x == null then "" else if x == null then "" else
if isBool x then bool ind x else if isBool x then bool ind x else
@ -362,6 +363,7 @@ rec {
if isString x then str ind x else if isString x then str ind x else
if isList x then list ind x else if isList x then list ind x else
if isAttrs x then attrs ind x else if isAttrs x then attrs ind x else
if isPath x then str ind (toString x) else
if isFloat x then float ind x else if isFloat x then float ind x else
abort "generators.toPlist: should never happen (v = ${v})"; abort "generators.toPlist: should never happen (v = ${v})";
@ -429,11 +431,12 @@ ${expr "" v}
/* /*
Translate a simple Nix expression to Lua representation with occasional Translate a simple Nix expression to Lua representation with occasional
Lua-inlines that can be construted by mkLuaInline function. Lua-inlines that can be constructed by mkLuaInline function.
Configuration: Configuration:
* multiline - by default is true which results in indented block-like view. * multiline - by default is true which results in indented block-like view.
* indent - initial indent. * indent - initial indent.
* asBindings - by default generate single value, but with this use attrset to set global vars.
Attention: Attention:
Regardless of multiline parameter there is no trailing newline. Regardless of multiline parameter there is no trailing newline.
@ -464,18 +467,35 @@ ${expr "" v}
/* If this option is true, the output is indented with newlines for attribute sets and lists */ /* If this option is true, the output is indented with newlines for attribute sets and lists */
multiline ? true, multiline ? true,
/* Initial indentation level */ /* Initial indentation level */
indent ? "" indent ? "",
/* Interpret as variable bindings */
asBindings ? false,
}@args: v: }@args: v:
with builtins; with builtins;
let let
innerIndent = "${indent} "; innerIndent = "${indent} ";
introSpace = if multiline then "\n${innerIndent}" else " "; introSpace = if multiline then "\n${innerIndent}" else " ";
outroSpace = if multiline then "\n${indent}" else " "; outroSpace = if multiline then "\n${indent}" else " ";
innerArgs = args // { indent = innerIndent; }; innerArgs = args // {
indent = if asBindings then indent else innerIndent;
asBindings = false;
};
concatItems = concatStringsSep ",${introSpace}"; concatItems = concatStringsSep ",${introSpace}";
isLuaInline = { _type ? null, ... }: _type == "lua-inline"; isLuaInline = { _type ? null, ... }: _type == "lua-inline";
generatedBindings =
assert lib.assertMsg (badVarNames == []) "Bad Lua var names: ${toPretty {} badVarNames}";
libStr.concatStrings (
lib.attrsets.mapAttrsToList (key: value: "${indent}${key} = ${toLua innerArgs value}\n") v
);
# https://en.wikibooks.org/wiki/Lua_Programming/variable#Variable_names
matchVarName = match "[[:alpha:]_][[:alnum:]_]*(\\.[[:alpha:]_][[:alnum:]_]*)*";
badVarNames = filter (name: matchVarName name == null) (attrNames v);
in in
if v == null then if asBindings then
generatedBindings
else if v == null then
"nil" "nil"
else if isInt v || isFloat v || isString v || isBool v then else if isInt v || isFloat v || isString v || isBool v then
builtins.toJSON v builtins.toJSON v

View file

@ -8,9 +8,10 @@ with lib;
option = x: option = x:
x // { optional = true; }; x // { optional = true; };
yes = { tristate = "y"; optional = false; }; yes = { tristate = "y"; optional = false; };
no = { tristate = "n"; optional = false; }; no = { tristate = "n"; optional = false; };
module = { tristate = "m"; optional = false; }; module = { tristate = "m"; optional = false; };
unset = { tristate = null; optional = false; };
freeform = x: { freeform = x; optional = false; }; freeform = x: { freeform = x; optional = false; };
/* /*

View file

@ -202,6 +202,12 @@ in mkLicense lset) ({
fullName = "Business Source License 1.1"; fullName = "Business Source License 1.1";
url = "https://mariadb.com/bsl11"; url = "https://mariadb.com/bsl11";
free = false; free = false;
redistributable = true;
};
caossl = {
fullName = "Computer Associates Open Source Licence Version 1.0";
url = "http://jxplorer.org/licence.html";
}; };
cal10 = { cal10 = {
@ -230,6 +236,12 @@ in mkLicense lset) ({
free = false; free = false;
}; };
cc-by-nc-nd-40 = {
spdxId = "CC-BY-NC-ND-4.0";
fullName = "Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International";
free = false;
};
cc-by-nc-sa-20 = { cc-by-nc-sa-20 = {
spdxId = "CC-BY-NC-SA-2.0"; spdxId = "CC-BY-NC-SA-2.0";
fullName = "Creative Commons Attribution Non Commercial Share Alike 2.0"; fullName = "Creative Commons Attribution Non Commercial Share Alike 2.0";
@ -607,6 +619,12 @@ in mkLicense lset) ({
fullName = "Licence Art Libre 1.3"; fullName = "Licence Art Libre 1.3";
}; };
lens = {
fullName = "Lens Terms of Service Agreement";
url = "https://k8slens.dev/licenses/tos";
free = false;
};
lgpl2Only = { lgpl2Only = {
spdxId = "LGPL-2.0-only"; spdxId = "LGPL-2.0-only";
fullName = "GNU Library General Public License v2 only"; fullName = "GNU Library General Public License v2 only";

View file

@ -63,39 +63,8 @@ let
decls decls
)); ));
in /* See https://nixos.org/manual/nixpkgs/unstable/#module-system-lib-evalModules
or file://./../doc/module-system/module-system.chapter.md
rec {
/*
Evaluate a set of modules. The result is a set with the attributes:
options: The nested set of all option declarations,
config: The nested set of all option values.
type: A module system type representing the module set as a submodule,
to be extended by configuration from the containing module set.
This is also available as the module argument moduleType.
extendModules: A function similar to evalModules but building on top
of the module set. Its arguments, modules and specialArgs are
added to the existing values.
Using extendModules a few times has no performance impact as long
as you only reference the final options and config.
If you do reference multiple config (or options) from before and
after extendModules, performance is the same as with multiple
evalModules invocations, because the new modules' ability to
override existing configuration fundamentally requires a new
fixpoint to be constructed.
This is also available as a module argument.
_module: A portion of the configuration tree which is elided from
config. It contains some values that are mostly internal to the
module system implementation.
!!! Please think twice before adding to this argument list! The more !!! Please think twice before adding to this argument list! The more
that is specified here instead of in the modules themselves the harder that is specified here instead of in the modules themselves the harder
@ -110,8 +79,12 @@ rec {
# there's _module.args. If specialArgs.modulesPath is defined it will be # there's _module.args. If specialArgs.modulesPath is defined it will be
# used as the base path for disabledModules. # used as the base path for disabledModules.
specialArgs ? {} specialArgs ? {}
, # This would be remove in the future, Prefer _module.args option instead. , # `class`:
args ? {} # A nominal type for modules. When set and non-null, this adds a check to
# make sure that only compatible modules are imported.
# This would be remove in the future, Prefer _module.args option instead.
class ? null
, args ? {}
, # This would be remove in the future, Prefer _module.check option instead. , # This would be remove in the future, Prefer _module.check option instead.
check ? true check ? true
}: }:
@ -260,6 +233,7 @@ rec {
merged = merged =
let collected = collectModules let collected = collectModules
class
(specialArgs.modulesPath or "") (specialArgs.modulesPath or "")
(regularModules ++ [ internalModule ]) (regularModules ++ [ internalModule ])
({ inherit lib options config specialArgs; } // specialArgs); ({ inherit lib options config specialArgs; } // specialArgs);
@ -336,38 +310,64 @@ rec {
prefix ? [], prefix ? [],
}: }:
evalModules (evalModulesArgs // { evalModules (evalModulesArgs // {
inherit class;
modules = regularModules ++ modules; modules = regularModules ++ modules;
specialArgs = evalModulesArgs.specialArgs or {} // specialArgs; specialArgs = evalModulesArgs.specialArgs or {} // specialArgs;
prefix = extendArgs.prefix or evalModulesArgs.prefix or []; prefix = extendArgs.prefix or evalModulesArgs.prefix or [];
}); });
type = lib.types.submoduleWith { type = lib.types.submoduleWith {
inherit modules specialArgs; inherit modules specialArgs class;
}; };
result = withWarnings { result = withWarnings {
_type = "configuration";
options = checked options; options = checked options;
config = checked (removeAttrs config [ "_module" ]); config = checked (removeAttrs config [ "_module" ]);
_module = checked (config._module); _module = checked (config._module);
inherit extendModules type; inherit extendModules type;
class = class;
}; };
in result; in result;
# collectModules :: (modulesPath: String) -> (modules: [ Module ]) -> (args: Attrs) -> [ Module ] # collectModules :: (class: String) -> (modulesPath: String) -> (modules: [ Module ]) -> (args: Attrs) -> [ Module ]
# #
# Collects all modules recursively through `import` statements, filtering out # Collects all modules recursively through `import` statements, filtering out
# all modules in disabledModules. # all modules in disabledModules.
collectModules = let collectModules = class: let
# Like unifyModuleSyntax, but also imports paths and calls functions if necessary # Like unifyModuleSyntax, but also imports paths and calls functions if necessary
loadModule = args: fallbackFile: fallbackKey: m: loadModule = args: fallbackFile: fallbackKey: m:
if isFunction m || isAttrs m then if isFunction m then
unifyModuleSyntax fallbackFile fallbackKey (applyModuleArgsIfFunction fallbackKey m args) unifyModuleSyntax fallbackFile fallbackKey (applyModuleArgs fallbackKey m args)
else if isAttrs m then
if m._type or "module" == "module" then
unifyModuleSyntax fallbackFile fallbackKey m
else if m._type == "if" || m._type == "override" then
loadModule args fallbackFile fallbackKey { config = m; }
else
throw (
"Could not load a value as a module, because it is of type ${lib.strings.escapeNixString m._type}"
+ lib.optionalString (fallbackFile != unknownModule) ", in file ${toString fallbackFile}."
+ lib.optionalString (m._type == "configuration") " If you do intend to import this configuration, please only import the modules that make up the configuration. You may have to create a `let` binding, file or attribute to give yourself access to the relevant modules.\nWhile loading a configuration into the module system is a very sensible idea, it can not be done cleanly in practice."
# Extended explanation: That's because a finalized configuration is more than just a set of modules. For instance, it has its own `specialArgs` that, by the nature of `specialArgs` can't be loaded through `imports` or the the `modules` argument. So instead, we have to ask you to extract the relevant modules and use those instead. This way, we keep the module system comparatively simple, and hopefully avoid a bad surprise down the line.
)
else if isList m then else if isList m then
let defs = [{ file = fallbackFile; value = m; }]; in let defs = [{ file = fallbackFile; value = m; }]; in
throw "Module imports can't be nested lists. Perhaps you meant to remove one level of lists? Definitions: ${showDefs defs}" throw "Module imports can't be nested lists. Perhaps you meant to remove one level of lists? Definitions: ${showDefs defs}"
else unifyModuleSyntax (toString m) (toString m) (applyModuleArgsIfFunction (toString m) (import m) args); else unifyModuleSyntax (toString m) (toString m) (applyModuleArgsIfFunction (toString m) (import m) args);
checkModule =
if class != null
then
m:
if m._class != null -> m._class == class
then m
else
throw "The module ${m._file or m.key} was imported into ${class} instead of ${m._class}."
else
m: m;
/* /*
Collects all modules recursively into the form Collects all modules recursively into the form
@ -401,7 +401,7 @@ rec {
}; };
in parentFile: parentKey: initialModules: args: collectResults (imap1 (n: x: in parentFile: parentKey: initialModules: args: collectResults (imap1 (n: x:
let let
module = loadModule args parentFile "${parentKey}:anon-${toString n}" x; module = checkModule (loadModule args parentFile "${parentKey}:anon-${toString n}" x);
collectedImports = collectStructuredModules module._file module.key module.imports args; collectedImports = collectStructuredModules module._file module.key module.imports args;
in { in {
key = module.key; key = module.key;
@ -465,11 +465,12 @@ rec {
else config; else config;
in in
if m ? config || m ? options then if m ? config || m ? options then
let badAttrs = removeAttrs m ["_file" "key" "disabledModules" "imports" "options" "config" "meta" "freeformType"]; in let badAttrs = removeAttrs m ["_class" "_file" "key" "disabledModules" "imports" "options" "config" "meta" "freeformType"]; in
if badAttrs != {} then if badAttrs != {} then
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: ${toString (attrNames badAttrs)}) into the explicit `config' attribute." throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: ${toString (attrNames badAttrs)}) into the explicit `config' attribute."
else else
{ _file = toString m._file or file; { _file = toString m._file or file;
_class = m._class or null;
key = toString m.key or key; key = toString m.key or key;
disabledModules = m.disabledModules or []; disabledModules = m.disabledModules or [];
imports = m.imports or []; imports = m.imports or [];
@ -480,14 +481,18 @@ rec {
# shorthand syntax # shorthand syntax
lib.throwIfNot (isAttrs m) "module ${file} (${key}) does not look like a module." lib.throwIfNot (isAttrs m) "module ${file} (${key}) does not look like a module."
{ _file = toString m._file or file; { _file = toString m._file or file;
_class = m._class or null;
key = toString m.key or key; key = toString m.key or key;
disabledModules = m.disabledModules or []; disabledModules = m.disabledModules or [];
imports = m.require or [] ++ m.imports or []; imports = m.require or [] ++ m.imports or [];
options = {}; options = {};
config = addFreeformType (removeAttrs m ["_file" "key" "disabledModules" "require" "imports" "freeformType"]); config = addFreeformType (removeAttrs m ["_class" "_file" "key" "disabledModules" "require" "imports" "freeformType"]);
}; };
applyModuleArgsIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then applyModuleArgsIfFunction = key: f: args@{ config, options, lib, ... }:
if isFunction f then applyModuleArgs key f args else f;
applyModuleArgs = key: f: args@{ config, options, lib, ... }:
let let
# Module arguments are resolved in a strict manner when attribute set # Module arguments are resolved in a strict manner when attribute set
# deconstruction is used. As the arguments are now defined with the # deconstruction is used. As the arguments are now defined with the
@ -511,9 +516,7 @@ rec {
# context on the explicit arguments of "args" too. This update # context on the explicit arguments of "args" too. This update
# operator is used to make the "args@{ ... }: with args.lib;" notation # operator is used to make the "args@{ ... }: with args.lib;" notation
# works. # works.
in f (args // extraArgs) in f (args // extraArgs);
else
f;
/* Merge a list of modules. This will recurse over the option /* Merge a list of modules. This will recurse over the option
declarations in all modules, combining them into a single set. declarations in all modules, combining them into a single set.
@ -1218,4 +1221,67 @@ rec {
_file = file; _file = file;
config = lib.importTOML file; config = lib.importTOML file;
}; };
private = lib.mapAttrs
(k: lib.warn "External use of `lib.modules.${k}` is deprecated. If your use case isn't covered by non-deprecated functions, we'd like to know more and perhaps support your use case well, instead of providing access to these low level functions. In this case please open an issue in https://github.com/nixos/nixpkgs/issues/.")
{
inherit
applyModuleArgsIfFunction
dischargeProperties
evalOptionValue
mergeModules
mergeModules'
pushDownProperties
unifyModuleSyntax
;
collectModules = collectModules null;
};
in
private //
{
# NOTE: not all of these functions are necessarily public interfaces; some
# are just needed by types.nix, but are not meant to be consumed
# externally.
inherit
defaultOrderPriority
defaultOverridePriority
defaultPriority
doRename
evalModules
filterOverrides
filterOverrides'
fixMergeModules
fixupOptionType # should be private?
importJSON
importTOML
mergeDefinitions
mergeOptionDecls # should be private?
mkAfter
mkAliasAndWrapDefinitions
mkAliasAndWrapDefsWithPriority
mkAliasDefinitions
mkAliasIfDef
mkAliasOptionModule
mkAliasOptionModuleMD
mkAssert
mkBefore
mkChangedOptionModule
mkDefault
mkDerivedConfig
mkFixStrictness
mkForce
mkIf
mkImageMediaOverride
mkMerge
mkMergedOptionModule
mkOptionDefault
mkOrder
mkOverride
mkRemovedOptionModule
mkRenamedOptionModule
mkRenamedOptionModuleWith
mkVMOverride
setDefaultModuleLocation
sortProperties;
} }

View file

@ -155,6 +155,8 @@ rec {
# Name for the package, shown in option description # Name for the package, shown in option description
name: name:
{ {
# Whether the package can be null, for example to disable installing a package altogether.
nullable ? false,
# The attribute path where the default package is located (may be omitted) # The attribute path where the default package is located (may be omitted)
default ? name, default ? name,
# A string or an attribute path to use as an example (may be omitted) # A string or an attribute path to use as an example (may be omitted)
@ -164,19 +166,24 @@ rec {
}: }:
let let
name' = if isList name then last name else name; name' = if isList name then last name else name;
in mkOption ({
type = with lib.types; (if nullable then nullOr else lib.id) package;
description = "The ${name'} package to use."
+ (if extraDescription == "" then "" else " ") + extraDescription;
} // (if default != null then let
default' = if isList default then default else [ default ]; default' = if isList default then default else [ default ];
defaultPath = concatStringsSep "." default'; defaultPath = concatStringsSep "." default';
defaultValue = attrByPath default' defaultValue = attrByPath default'
(throw "${defaultPath} cannot be found in pkgs") pkgs; (throw "${defaultPath} cannot be found in pkgs") pkgs;
in mkOption { in {
default = defaultValue;
defaultText = literalExpression ("pkgs." + defaultPath); defaultText = literalExpression ("pkgs." + defaultPath);
type = lib.types.package; } else if nullable then {
description = "The ${name'} package to use." default = null;
+ (if extraDescription == "" then "" else " ") + extraDescription; } else { }) // lib.optionalAttrs (example != null) {
${if default != null then "default" else null} = defaultValue; example = literalExpression
${if example != null then "example" else null} = literalExpression
(if isList example then "pkgs." + concatStringsSep "." example else example); (if isList example then "pkgs." + concatStringsSep "." example else example);
}; });
/* Like mkPackageOption, but emit an mdDoc description instead of DocBook. */ /* Like mkPackageOption, but emit an mdDoc description instead of DocBook. */
mkPackageOptionMD = pkgs: name: extra: mkPackageOptionMD = pkgs: name: extra:
@ -261,7 +268,7 @@ rec {
concatMap (opt: concatMap (opt:
let let
name = showOption opt.loc; name = showOption opt.loc;
docOption = rec { docOption = {
loc = opt.loc; loc = opt.loc;
inherit name; inherit name;
description = opt.description or null; description = opt.description or null;
@ -280,9 +287,9 @@ rec {
renderOptionValue opt.example renderOptionValue opt.example
); );
} }
// optionalAttrs (opt ? default) { // optionalAttrs (opt ? defaultText || opt ? default) {
default = default =
builtins.addErrorContext "while evaluating the default value of option `${name}`" ( builtins.addErrorContext "while evaluating the ${if opt?defaultText then "defaultText" else "default value"} of option `${name}`" (
renderOptionValue (opt.defaultText or opt.default) renderOptionValue (opt.defaultText or opt.default)
); );
} }

View file

@ -18,21 +18,11 @@ let
pathExists pathExists
readFile readFile
; ;
inherit (lib.filesystem)
/* pathType
Returns the type of a path: regular (for file), symlink, or directory. pathIsDirectory
*/ pathIsRegularFile
pathType = path: getAttr (baseNameOf path) (readDir (dirOf path)); ;
/*
Returns true if the path exists and is a directory, false otherwise.
*/
pathIsDirectory = path: if pathExists path then (pathType path) == "directory" else false;
/*
Returns true if the path exists and is a regular file, false otherwise.
*/
pathIsRegularFile = path: if pathExists path then (pathType path) == "regular" else false;
/* /*
A basic filter for `cleanSourceWith` that removes A basic filter for `cleanSourceWith` that removes
@ -271,11 +261,20 @@ let
}; };
in { in {
inherit
pathType
pathIsDirectory
pathIsRegularFile
pathType = lib.warnIf (lib.isInOldestRelease 2305)
"lib.sources.pathType has been moved to lib.filesystem.pathType."
lib.filesystem.pathType;
pathIsDirectory = lib.warnIf (lib.isInOldestRelease 2305)
"lib.sources.pathIsDirectory has been moved to lib.filesystem.pathIsDirectory."
lib.filesystem.pathIsDirectory;
pathIsRegularFile = lib.warnIf (lib.isInOldestRelease 2305)
"lib.sources.pathIsRegularFile has been moved to lib.filesystem.pathIsRegularFile."
lib.filesystem.pathIsRegularFile;
inherit
pathIsGitRepo pathIsGitRepo
commitIdFromGitRepo commitIdFromGitRepo

View file

@ -50,6 +50,7 @@ rec {
else if final.isFreeBSD then "fblibc" else if final.isFreeBSD then "fblibc"
else if final.isNetBSD then "nblibc" else if final.isNetBSD then "nblibc"
else if final.isAvr then "avrlibc" else if final.isAvr then "avrlibc"
else if final.isGhcjs then null
else if final.isNone then "newlib" else if final.isNone then "newlib"
# TODO(@Ericson2314) think more about other operating systems # TODO(@Ericson2314) think more about other operating systems
else "native/impure"; else "native/impure";
@ -120,7 +121,7 @@ rec {
({ ({
linux-kernel = args.linux-kernel or {}; linux-kernel = args.linux-kernel or {};
gcc = args.gcc or {}; gcc = args.gcc or {};
rustc = args.rust or {}; rustc = args.rustc or {};
} // platforms.select final) } // platforms.select final)
linux-kernel gcc rustc; linux-kernel gcc rustc;
@ -144,6 +145,7 @@ rec {
else if final.isS390 && !final.isS390x then null else if final.isS390 && !final.isS390x then null
else if final.isx86_64 then "x86_64" else if final.isx86_64 then "x86_64"
else if final.isx86 then "i386" else if final.isx86 then "i386"
else if final.isMips64 then "mips64${lib.optionalString final.isLittleEndian "el"}"
else final.uname.processor; else final.uname.processor;
# Name used by UEFI for architectures. # Name used by UEFI for architectures.

View file

@ -90,10 +90,6 @@ rec {
config = "mipsel-unknown-linux-gnu"; config = "mipsel-unknown-linux-gnu";
} // platforms.fuloong2f_n32; } // platforms.fuloong2f_n32;
loongarch64-linux = {
config = "loongarch64-unknown-linux-gnu";
};
# can execute on 32bit chip # can execute on 32bit chip
mips-linux-gnu = { config = "mips-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32; mips-linux-gnu = { config = "mips-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;
mipsel-linux-gnu = { config = "mipsel-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32; mipsel-linux-gnu = { config = "mipsel-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;
@ -139,6 +135,10 @@ rec {
libc = "newlib"; libc = "newlib";
}; };
loongarch64-linux = {
config = "loongarch64-unknown-linux-gnu";
};
mmix = { mmix = {
config = "mmix-unknown-mmixware"; config = "mmix-unknown-mmixware";
libc = "newlib"; libc = "newlib";

92
third_party/nixpkgs/lib/tests/filesystem.sh vendored Executable file
View file

@ -0,0 +1,92 @@
#!/usr/bin/env bash
# Tests lib/filesystem.nix
# Run:
# [nixpkgs]$ lib/tests/filesystem.sh
# or:
# [nixpkgs]$ nix-build lib/tests/release.nix
set -euo pipefail
shopt -s inherit_errexit
# Use
# || die
die() {
echo >&2 "test case failed: " "$@"
exit 1
}
if test -n "${TEST_LIB:-}"; then
NIX_PATH=nixpkgs="$(dirname "$TEST_LIB")"
else
NIX_PATH=nixpkgs="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.."; pwd)"
fi
export NIX_PATH
work="$(mktemp -d)"
clean_up() {
rm -rf "$work"
}
trap clean_up EXIT
cd "$work"
mkdir directory
touch regular
ln -s target symlink
mkfifo fifo
checkPathType() {
local path=$1
local expectedPathType=$2
local actualPathType=$(nix-instantiate --eval --strict --json 2>&1 \
-E '{ path }: let lib = import <nixpkgs/lib>; in lib.filesystem.pathType path' \
--argstr path "$path")
if [[ "$actualPathType" != "$expectedPathType" ]]; then
die "lib.filesystem.pathType \"$path\" == $actualPathType, but $expectedPathType was expected"
fi
}
checkPathType "/" '"directory"'
checkPathType "$PWD/directory" '"directory"'
checkPathType "$PWD/regular" '"regular"'
checkPathType "$PWD/symlink" '"symlink"'
checkPathType "$PWD/fifo" '"unknown"'
checkPathType "$PWD/non-existent" "error: evaluation aborted with the following error message: 'lib.filesystem.pathType: Path $PWD/non-existent does not exist.'"
checkPathIsDirectory() {
local path=$1
local expectedIsDirectory=$2
local actualIsDirectory=$(nix-instantiate --eval --strict --json 2>&1 \
-E '{ path }: let lib = import <nixpkgs/lib>; in lib.filesystem.pathIsDirectory path' \
--argstr path "$path")
if [[ "$actualIsDirectory" != "$expectedIsDirectory" ]]; then
die "lib.filesystem.pathIsDirectory \"$path\" == $actualIsDirectory, but $expectedIsDirectory was expected"
fi
}
checkPathIsDirectory "/" "true"
checkPathIsDirectory "$PWD/directory" "true"
checkPathIsDirectory "$PWD/regular" "false"
checkPathIsDirectory "$PWD/symlink" "false"
checkPathIsDirectory "$PWD/fifo" "false"
checkPathIsDirectory "$PWD/non-existent" "false"
checkPathIsRegularFile() {
local path=$1
local expectedIsRegularFile=$2
local actualIsRegularFile=$(nix-instantiate --eval --strict --json 2>&1 \
-E '{ path }: let lib = import <nixpkgs/lib>; in lib.filesystem.pathIsRegularFile path' \
--argstr path "$path")
if [[ "$actualIsRegularFile" != "$expectedIsRegularFile" ]]; then
die "lib.filesystem.pathIsRegularFile \"$path\" == $actualIsRegularFile, but $expectedIsRegularFile was expected"
fi
}
checkPathIsRegularFile "/" "false"
checkPathIsRegularFile "$PWD/directory" "false"
checkPathIsRegularFile "$PWD/regular" "true"
checkPathIsRegularFile "$PWD/symlink" "false"
checkPathIsRegularFile "$PWD/fifo" "false"
checkPathIsRegularFile "$PWD/non-existent" "false"
echo >&2 tests ok

View file

@ -4,6 +4,11 @@
with import ../default.nix; with import ../default.nix;
let let
testingThrow = expr: {
expr = (builtins.tryEval (builtins.seq expr "didn't throw"));
expected = { success = false; value = false; };
};
testingDeepThrow = expr: testingThrow (builtins.deepSeq expr expr);
testSanitizeDerivationName = { name, expected }: testSanitizeDerivationName = { name, expected }:
let let
@ -914,6 +919,30 @@ runTests {
expected = "«foo»"; expected = "«foo»";
}; };
testToPlist =
let
deriv = derivation { name = "test"; builder = "/bin/sh"; system = "aarch64-linux"; };
in {
expr = mapAttrs (const (generators.toPlist { })) {
value = {
nested.values = rec {
int = 42;
float = 0.1337;
bool = true;
emptystring = "";
string = "fn\${o}\"r\\d";
newlinestring = "\n";
path = /. + "/foo";
null_ = null;
list = [ 3 4 "test" ];
emptylist = [];
attrs = { foo = null; "foo b/ar" = "baz"; };
emptyattrs = {};
};
};
};
expected = { value = builtins.readFile ./test-to-plist-expected.plist; };
};
testToLuaEmptyAttrSet = { testToLuaEmptyAttrSet = {
expr = generators.toLua {} {}; expr = generators.toLua {} {};
@ -962,6 +991,41 @@ runTests {
expected = ''{ 41, 43 }''; expected = ''{ 41, 43 }'';
}; };
testToLuaEmptyBindings = {
expr = generators.toLua { asBindings = true; } {};
expected = "";
};
testToLuaBindings = {
expr = generators.toLua { asBindings = true; } { x1 = 41; _y = { a = 43; }; };
expected = ''
_y = {
["a"] = 43
}
x1 = 41
'';
};
testToLuaPartialTableBindings = {
expr = generators.toLua { asBindings = true; } { "x.y" = 42; };
expected = ''
x.y = 42
'';
};
testToLuaIndentedBindings = {
expr = generators.toLua { asBindings = true; indent = " "; } { x = { y = 42; }; };
expected = " x = {\n [\"y\"] = 42\n }\n";
};
testToLuaBindingsWithSpace = testingThrow (
generators.toLua { asBindings = true; } { "with space" = 42; }
);
testToLuaBindingsWithLeadingDigit = testingThrow (
generators.toLua { asBindings = true; } { "11eleven" = 42; }
);
testToLuaBasicExample = { testToLuaBasicExample = {
expr = generators.toLua {} { expr = generators.toLua {} {
cmd = [ "typescript-language-server" "--stdio" ]; cmd = [ "typescript-language-server" "--stdio" ];

View file

@ -166,6 +166,7 @@ checkConfigError 'The option .* does not exist. Definition values:\n\s*- In .*'
checkConfigOutput '^true$' "$@" ./define-module-check.nix checkConfigOutput '^true$' "$@" ./define-module-check.nix
# Check coerced value. # Check coerced value.
set --
checkConfigOutput '^"42"$' config.value ./declare-coerced-value.nix checkConfigOutput '^"42"$' config.value ./declare-coerced-value.nix
checkConfigOutput '^"24"$' config.value ./declare-coerced-value.nix ./define-value-string.nix checkConfigOutput '^"24"$' config.value ./declare-coerced-value.nix ./define-value-string.nix
checkConfigError 'A definition for option .* is not.*string or signed integer convertible to it.*. Definition values:\n\s*- In .*: \[ \]' config.value ./declare-coerced-value.nix ./define-value-list.nix checkConfigError 'A definition for option .* is not.*string or signed integer convertible to it.*. Definition values:\n\s*- In .*: \[ \]' config.value ./declare-coerced-value.nix ./define-value-list.nix
@ -181,6 +182,11 @@ checkConfigOutput '^true$' config.enableAlias ./alias-with-priority.nix
checkConfigOutput '^false$' config.enable ./alias-with-priority-can-override.nix checkConfigOutput '^false$' config.enable ./alias-with-priority-can-override.nix
checkConfigOutput '^false$' config.enableAlias ./alias-with-priority-can-override.nix checkConfigOutput '^false$' config.enableAlias ./alias-with-priority-can-override.nix
# Check mkPackageOption
checkConfigOutput '^"hello"$' config.package.pname ./declare-mkPackageOption.nix
checkConfigError 'The option .undefinedPackage. is used but not defined' config.undefinedPackage ./declare-mkPackageOption.nix
checkConfigOutput '^null$' config.nullablePackage ./declare-mkPackageOption.nix
# submoduleWith # submoduleWith
## specialArgs should work ## specialArgs should work
@ -254,6 +260,8 @@ checkConfigError 'A definition for option .* is not of type .*' \
## Freeform modules ## Freeform modules
# Assigning without a declared option should work # Assigning without a declared option should work
checkConfigOutput '^"24"$' config.value ./freeform-attrsOf.nix ./define-value-string.nix checkConfigOutput '^"24"$' config.value ./freeform-attrsOf.nix ./define-value-string.nix
# Shorthand modules interpret `meta` and `class` as config items
checkConfigOutput '^true$' options._module.args.value.result ./freeform-attrsOf.nix ./define-freeform-keywords-shorthand.nix
# No freeform assignments shouldn't make it error # No freeform assignments shouldn't make it error
checkConfigOutput '^{ }$' config ./freeform-attrsOf.nix checkConfigOutput '^{ }$' config ./freeform-attrsOf.nix
# but only if the type matches # but only if the type matches
@ -359,6 +367,24 @@ checkConfigOutput 'ok' config.freeformItems.foo.bar ./adhoc-freeformType-survive
# because of an `extendModules` bug, issue 168767. # because of an `extendModules` bug, issue 168767.
checkConfigOutput '^1$' config.sub.specialisation.value ./extendModules-168767-imports.nix checkConfigOutput '^1$' config.sub.specialisation.value ./extendModules-168767-imports.nix
# Class checks, evalModules
checkConfigOutput '^{ }$' config.ok.config ./class-check.nix
checkConfigOutput '"nixos"' config.ok.class ./class-check.nix
checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nixos instead of darwin.' config.fail.config ./class-check.nix
checkConfigError 'The module foo.nix#darwinModules.default was imported into nixos instead of darwin.' config.fail-anon.config ./class-check.nix
# Class checks, submoduleWith
checkConfigOutput '^{ }$' config.sub.nixosOk ./class-check.nix
checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nixos instead of darwin.' config.sub.nixosFail.config ./class-check.nix
# submoduleWith type merge with different class
checkConfigError 'error: A submoduleWith option is declared multiple times with conflicting class values "darwin" and "nixos".' config.sub.mergeFail.config ./class-check.nix
# _type check
checkConfigError 'Could not load a value as a module, because it is of type "flake", in file .*/module-imports-_type-check.nix' config.ok.config ./module-imports-_type-check.nix
checkConfigOutput '^true$' "$@" config.enable ./declare-enable.nix ./define-enable-with-top-level-mkIf.nix
checkConfigError 'Could not load a value as a module, because it is of type "configuration", in file .*/import-configuration.nix.*please only import the modules that make up the configuration.*' config ./import-configuration.nix
# doRename works when `warnings` does not exist. # doRename works when `warnings` does not exist.
checkConfigOutput '^1234$' config.c.d.e ./doRename-basic.nix checkConfigOutput '^1234$' config.c.d.e ./doRename-basic.nix
# doRename adds a warning. # doRename adds a warning.

View file

@ -0,0 +1,76 @@
{ lib, ... }: {
options = {
sub = {
nixosOk = lib.mkOption {
type = lib.types.submoduleWith {
class = "nixos";
modules = [ ];
};
};
# Same but will have bad definition
nixosFail = lib.mkOption {
type = lib.types.submoduleWith {
class = "nixos";
modules = [ ];
};
};
mergeFail = lib.mkOption {
type = lib.types.submoduleWith {
class = "nixos";
modules = [ ];
};
default = { };
};
};
};
imports = [
{
options = {
sub = {
mergeFail = lib.mkOption {
type = lib.types.submoduleWith {
class = "darwin";
modules = [ ];
};
};
};
};
}
];
config = {
_module.freeformType = lib.types.anything;
ok =
lib.evalModules {
class = "nixos";
modules = [
./module-class-is-nixos.nix
];
};
fail =
lib.evalModules {
class = "nixos";
modules = [
./module-class-is-nixos.nix
./module-class-is-darwin.nix
];
};
fail-anon =
lib.evalModules {
class = "nixos";
modules = [
./module-class-is-nixos.nix
{ _file = "foo.nix#darwinModules.default";
_class = "darwin";
config = {};
imports = [];
}
];
};
sub.nixosOk = { _class = "nixos"; };
sub.nixosFail = { imports = [ ./module-class-is-darwin.nix ]; };
};
}

View file

@ -0,0 +1,19 @@
{ lib, ... }: let
pkgs.hello = {
type = "derivation";
pname = "hello";
};
in {
options = {
package = lib.mkPackageOption pkgs "hello" { };
undefinedPackage = lib.mkPackageOption pkgs "hello" {
default = null;
};
nullablePackage = lib.mkPackageOption pkgs "hello" {
nullable = true;
default = null;
};
};
}

View file

@ -0,0 +1,5 @@
{ lib, ... }:
# I think this might occur more realistically in a submodule
{
imports = [ (lib.mkIf true { enable = true; }) ];
}

View file

@ -0,0 +1,15 @@
{ config, ... }: {
class = { "just" = "data"; };
a = "one";
b = "two";
meta = "meta";
_module.args.result =
let r = builtins.removeAttrs config [ "_module" ];
in builtins.trace (builtins.deepSeq r r) (r == {
a = "one";
b = "two";
class = { "just" = "data"; };
meta = "meta";
});
}

View file

@ -0,0 +1,12 @@
{ lib, ... }:
let
myconf = lib.evalModules { modules = [ { } ]; };
in
{
imports = [
# We can't do this. A configuration is not equal to its set of a modules.
# Equating those would lead to a mess, as specialArgs, anonymous modules
# that can't be deduplicated, and possibly more come into play.
myconf
];
}

View file

@ -0,0 +1,4 @@
{
_class = "darwin";
config = {};
}

View file

@ -0,0 +1,4 @@
{
_class = "nixos";
config = {};
}

View file

@ -0,0 +1,3 @@
{
imports = [ { _type = "flake"; } ];
}

View file

@ -44,6 +44,9 @@ pkgs.runCommand "nixpkgs-lib-tests" {
echo "Running lib/tests/modules.sh" echo "Running lib/tests/modules.sh"
bash lib/tests/modules.sh bash lib/tests/modules.sh
echo "Running lib/tests/filesystem.sh"
TEST_LIB=$PWD/lib bash lib/tests/filesystem.sh
echo "Running lib/tests/sources.sh" echo "Running lib/tests/sources.sh"
TEST_LIB=$PWD/lib bash lib/tests/sources.sh TEST_LIB=$PWD/lib bash lib/tests/sources.sh

View file

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>nested</key>
<dict>
<key>values</key>
<dict>
<key>attrs</key>
<dict>
<key>foo b/ar</key>
<string>baz</string>
</dict>
<key>bool</key>
<true/>
<key>emptyattrs</key>
<dict>
</dict>
<key>emptylist</key>
<array>
</array>
<key>emptystring</key>
<string></string>
<key>float</key>
<real>0.133700</real>
<key>int</key>
<integer>42</integer>
<key>list</key>
<array>
<integer>3</integer>
<integer>4</integer>
<string>test</string>
</array>
<key>newlinestring</key>
<string>
</string>
<key>path</key>
<string>/foo</string>
<key>string</key>
<string>fn${o}"r\d</string>
</dict>
</dict>
</dict>
</plist>

View file

@ -195,7 +195,7 @@ rec {
On each release the first letter is bumped and a new animal is chosen On each release the first letter is bumped and a new animal is chosen
starting with that new letter. starting with that new letter.
*/ */
codeName = "Stoat"; codeName = "Tapir";
/* Returns the current nixpkgs version suffix as string. */ /* Returns the current nixpkgs version suffix as string. */
versionSuffix = versionSuffix =

View file

@ -476,6 +476,14 @@ rec {
check = x: isDerivation x && hasAttr "shellPath" x; check = x: isDerivation x && hasAttr "shellPath" x;
}; };
pkgs = addCheck
(unique { message = "A Nixpkgs pkgs set can not be merged with another pkgs set."; } attrs // {
name = "pkgs";
descriptionClass = "noun";
description = "Nixpkgs package set";
})
(x: (x._type or null) == "pkgs");
path = mkOptionType { path = mkOptionType {
name = "path"; name = "path";
descriptionClass = "noun"; descriptionClass = "noun";
@ -696,6 +704,7 @@ rec {
, specialArgs ? {} , specialArgs ? {}
, shorthandOnlyDefinesConfig ? false , shorthandOnlyDefinesConfig ? false
, description ? null , description ? null
, class ? null
}@attrs: }@attrs:
let let
inherit (lib.modules) evalModules; inherit (lib.modules) evalModules;
@ -707,7 +716,7 @@ rec {
) defs; ) defs;
base = evalModules { base = evalModules {
inherit specialArgs; inherit class specialArgs;
modules = [{ modules = [{
# This is a work-around for the fact that some sub-modules, # This is a work-around for the fact that some sub-modules,
# such as the one included in an attribute set, expects an "args" # such as the one included in an attribute set, expects an "args"
@ -762,9 +771,16 @@ rec {
functor = defaultFunctor name // { functor = defaultFunctor name // {
type = types.submoduleWith; type = types.submoduleWith;
payload = { payload = {
inherit modules specialArgs shorthandOnlyDefinesConfig description; inherit modules class specialArgs shorthandOnlyDefinesConfig description;
}; };
binOp = lhs: rhs: { binOp = lhs: rhs: {
class =
# `or null` was added for backwards compatibility only. `class` is
# always set in the current version of the module system.
if lhs.class or null == null then rhs.class or null
else if rhs.class or null == null then lhs.class or null
else if lhs.class or null == rhs.class then lhs.class or null
else throw "A submoduleWith option is declared multiple times with conflicting class values \"${toString lhs.class}\" and \"${toString rhs.class}\".";
modules = lhs.modules ++ rhs.modules; modules = lhs.modules ++ rhs.modules;
specialArgs = specialArgs =
let intersecting = builtins.intersectAttrs lhs.specialArgs rhs.specialArgs; let intersecting = builtins.intersectAttrs lhs.specialArgs rhs.specialArgs;

View file

@ -50,7 +50,8 @@
More fields may be added in the future, however, in order to comply with GDPR this file should stay as minimal as possible. More fields may be added in the future, however, in order to comply with GDPR this file should stay as minimal as possible.
When editing this file: When editing this file:
* keep the list alphabetically sorted * keep the list alphabetically sorted, check with:
nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix
* test the validity of the format with: * test the validity of the format with:
nix-build lib/tests/maintainers.nix nix-build lib/tests/maintainers.nix
@ -579,6 +580,12 @@
githubId = 20405311; githubId = 20405311;
name = "Aksh Gupta"; name = "Aksh Gupta";
}; };
alanpearce = {
email = "alan@alanpearce.eu";
github = "alanpearce";
githubId = 850317;
name = "Alan Pearce";
};
alapshin = { alapshin = {
email = "alapshin@fastmail.com"; email = "alapshin@fastmail.com";
github = "alapshin"; github = "alapshin";
@ -990,7 +997,7 @@
name = "Stanislas Lange"; name = "Stanislas Lange";
}; };
AngryAnt = { AngryAnt = {
name = "Emil Johansen"; name = "Emil \"AngryAnt\" Johansen";
email = "git@eej.dk"; email = "git@eej.dk";
matrix = "@angryant:envs.net"; matrix = "@angryant:envs.net";
github = "AngryAnt"; github = "AngryAnt";
@ -1061,6 +1068,12 @@
githubId = 1342360; githubId = 1342360;
name = "Andrew Morgan"; name = "Andrew Morgan";
}; };
anomalocaris = {
email = "duncan@anomalocaris.xyz";
github = "Anomalocaridid";
githubId = 29845794;
name = "Duncan Russell";
};
anpin = { anpin = {
email = "pavel@anpin.fyi"; email = "pavel@anpin.fyi";
github = "anpin"; github = "anpin";
@ -1520,6 +1533,12 @@
githubId = 12958979; githubId = 12958979;
name = "Mika Naylor"; name = "Mika Naylor";
}; };
autrimpo = {
email = "michal@koutensky.net";
github = "autrimpo";
githubId = 5968483;
name = "Michal Koutenský";
};
autumnal = { autumnal = {
name = "Sven Friedrich"; name = "Sven Friedrich";
email = "sven@autumnal.de"; email = "sven@autumnal.de";
@ -1654,6 +1673,16 @@
githubId = 1017537; githubId = 1017537;
name = "Bruno Bieth"; name = "Bruno Bieth";
}; };
badele = {
name = "Bruno Adelé";
email = "brunoadele@gmail.com";
matrix = "@badele:matrix.org";
github = "badele";
githubId = 2806307;
keys = [{
fingerprint = "00F4 21C4 C537 7BA3 9820 E13F 6B95 E13D E469 CC5D";
}];
};
badmutex = { badmutex = {
email = "github@badi.sh"; email = "github@badi.sh";
github = "badmutex"; github = "badmutex";
@ -1922,6 +1951,12 @@
githubId = 75972; githubId = 75972;
name = "Ben Booth"; name = "Ben Booth";
}; };
benwis = {
name = "Ben Wishovich";
email = "ben@benw.is";
github = "benwis";
githubId = 6953353;
};
berberman = { berberman = {
email = "berberman@yandex.com"; email = "berberman@yandex.com";
matrix = "@berberman:mozilla.org"; matrix = "@berberman:mozilla.org";
@ -2086,6 +2121,12 @@
githubId = 16330; githubId = 16330;
name = "Mathijs Kwik"; name = "Mathijs Kwik";
}; };
blusk = {
email = "bluskript@gmail.com";
github = "Bluskript";
githubId = 52386117;
name = "Blusk";
};
bmilanov = { bmilanov = {
name = "Biser Milanov"; name = "Biser Milanov";
email = "bmilanov11+nixpkgs@gmail.com"; email = "bmilanov11+nixpkgs@gmail.com";
@ -2390,6 +2431,12 @@
githubId = 51231053; githubId = 51231053;
name = "Daniel"; name = "Daniel";
}; };
cadkin = {
email = "cva@siliconslumber.net";
name = "Cameron Adkins";
github = "cadkin";
githubId = 34077838;
};
cafkafk = { cafkafk = {
email = "christina@cafkafk.com"; email = "christina@cafkafk.com";
matrix = "@cafkafk:matrix.cafkafk.com"; matrix = "@cafkafk:matrix.cafkafk.com";
@ -2635,6 +2682,12 @@
} }
]; ];
}; };
Ch1keen = {
email = "gihoong7@gmail.com";
github = "Ch1keen";
githubId = 40013212;
name = "Han Jeongjun";
};
chaduffy = { chaduffy = {
email = "charles@dyfis.net"; email = "charles@dyfis.net";
github = "charles-dyfis-net"; github = "charles-dyfis-net";
@ -2729,7 +2782,7 @@
name = "Hubert Jasudowicz"; name = "Hubert Jasudowicz";
}; };
chkno = { chkno = {
email = "chuck@intelligence.org"; email = "scottworley@scottworley.com";
github = "chkno"; github = "chkno";
githubId = 1118859; githubId = 1118859;
name = "Scott Worley"; name = "Scott Worley";
@ -3450,6 +3503,12 @@
githubId = 1298344; githubId = 1298344;
name = "Daniel Fullmer"; name = "Daniel Fullmer";
}; };
daniyalsuri6 = {
email = "daniyal.suri@gmail.com";
github = "daniyalsuri6";
githubId = 107034852;
name = "Daniyal Suri";
};
dansbandit = { dansbandit = {
github = "dansbandit"; github = "dansbandit";
githubId = 4530687; githubId = 4530687;
@ -3732,13 +3791,6 @@
githubId = 62989; githubId = 62989;
name = "Demyan Rogozhin"; name = "Demyan Rogozhin";
}; };
dennajort = {
email = "gosselinjb@gmail.com";
matrix = "@dennajort:matrix.org";
github = "dennajort";
githubId = 1536838;
name = "Jean-Baptiste Gosselin";
};
derchris = { derchris = {
email = "derchris@me.com"; email = "derchris@me.com";
github = "derchrisuk"; github = "derchrisuk";
@ -4453,6 +4505,12 @@
githubId = 103082; githubId = 103082;
name = "Ed Brindley"; name = "Ed Brindley";
}; };
elesiuta = {
email = "elesiuta@gmail.com";
github = "elesiuta";
githubId = 8146662;
name = "Eric Lesiuta";
};
eliandoran = { eliandoran = {
email = "contact@eliandoran.me"; email = "contact@eliandoran.me";
name = "Elian Doran"; name = "Elian Doran";
@ -4563,9 +4621,15 @@
githubId = 18535642; githubId = 18535642;
name = "Emily"; name = "Emily";
}; };
emilylange = {
email = "nix@emilylange.de";
github = "emilylange";
githubId = 55066419;
name = "Emily Lange";
};
emilytrau = { emilytrau = {
name = "Emily Trau"; name = "Emily Trau";
email = "nix@angus.ws"; email = "emily+nix@downunderctf.com";
github = "emilytrau"; github = "emilytrau";
githubId = 13267947; githubId = 13267947;
}; };
@ -4924,6 +4988,12 @@
githubId = 25955146; githubId = 25955146;
name = "eyJhb"; name = "eyJhb";
}; };
f2k1de = {
name = "f2k1de";
email = "hi@f2k1.de";
github = "f2k1de";
githubId = 11199213;
};
f4814n = { f4814n = {
email = "me@f4814n.de"; email = "me@f4814n.de";
github = "f4814"; github = "f4814";
@ -5689,6 +5759,12 @@
githubId = 1713676; githubId = 1713676;
name = "Luis G. Torres"; name = "Luis G. Torres";
}; };
giorgiga = {
email = "giorgio.gallo@bitnic.it";
github = "giorgiga";
githubId = 471835;
name = "Giorgio Gallo";
};
GKasparov = { GKasparov = {
email = "mizozahr@gmail.com"; email = "mizozahr@gmail.com";
github = "GKasparov"; github = "GKasparov";
@ -5860,6 +5936,12 @@
fingerprint = "7FC7 98AB 390E 1646 ED4D 8F1F 797F 6238 68CD 00C2"; fingerprint = "7FC7 98AB 390E 1646 ED4D 8F1F 797F 6238 68CD 00C2";
}]; }];
}; };
greg = {
email = "greg.hellings@gmail.com";
github = "greg-hellings";
githubId = 273582;
name = "greg";
};
greizgh = { greizgh = {
email = "greizgh@ephax.org"; email = "greizgh@ephax.org";
github = "greizgh"; github = "greizgh";
@ -6170,6 +6252,12 @@
githubId = 982322; githubId = 982322;
name = "Henrik Olsson"; name = "Henrik Olsson";
}; };
henrirosten = {
email = "henri.rosten@unikie.com";
github = "henrirosten";
githubId = 49935860;
name = "Henri Rosten";
};
henrytill = { henrytill = {
email = "henrytill@gmail.com"; email = "henrytill@gmail.com";
github = "henrytill"; github = "henrytill";
@ -6240,6 +6328,14 @@
github = "higebu"; github = "higebu";
githubId = 733288; githubId = 733288;
}; };
hikari = {
email = "HikariNee@protonmail.com";
github = "HikariNee";
githubId = 72349937;
name = "Hikari";
};
hiljusti = { hiljusti = {
name = "J.R. Hill"; name = "J.R. Hill";
email = "hiljusti@so.dang.cool"; email = "hiljusti@so.dang.cool";
@ -6252,6 +6348,7 @@
githubId = 19825977; githubId = 19825977;
name = "Hiren Shah"; name = "Hiren Shah";
}; };
hiro98 = { hiro98 = {
email = "hiro@protagon.space"; email = "hiro@protagon.space";
github = "vale981"; github = "vale981";
@ -6528,6 +6625,11 @@
github = "icewind1991"; github = "icewind1991";
githubId = 1283854; githubId = 1283854;
}; };
icyrockcom = {
github = "icyrockcom";
githubId = 785140;
name = "icyrock";
};
icy-thought = { icy-thought = {
name = "Icy-Thought"; name = "Icy-Thought";
email = "gilganyx@pm.me"; email = "gilganyx@pm.me";
@ -6535,6 +6637,12 @@
github = "Icy-Thought"; github = "Icy-Thought";
githubId = 53710398; githubId = 53710398;
}; };
idlip = {
name = "Dilip";
email = "igoldlip@gmail.com";
github = "idlip";
githubId = 117019901;
};
idontgetoutmuch = { idontgetoutmuch = {
email = "dominic@steinitz.org"; email = "dominic@steinitz.org";
github = "idontgetoutmuch"; github = "idontgetoutmuch";
@ -6685,11 +6793,11 @@
githubId = 36667224; githubId = 36667224;
name = "Yingchi Long"; name = "Yingchi Long";
}; };
indeednotjames = { indexyz = {
email = "nix@indeednotjames.com"; email = "indexyz@pm.me";
github = "IndeedNotJames"; github = "5aaee9";
githubId = 55066419; githubId = 7685264;
name = "Emily Lange"; name = "Indexyz";
}; };
ineol = { ineol = {
email = "leo.stefanesco@gmail.com"; email = "leo.stefanesco@gmail.com";
@ -6729,6 +6837,15 @@
githubId = 54999; githubId = 54999;
name = "Ariel Nunez"; name = "Ariel Nunez";
}; };
Intuinewin = {
email = "antoinelabarussias@gmail.com";
github = "Intuinewin";
githubId = 13691729;
name = "Antoine Labarussias";
keys = [{
fingerprint = "5CB5 9AA0 D180 1997 2FB3 E0EC 943A 1DE9 372E BE4E";
}];
};
ionutnechita = { ionutnechita = {
email = "ionut_n2001@yahoo.com"; email = "ionut_n2001@yahoo.com";
github = "ionutnechita"; github = "ionutnechita";
@ -6995,7 +7112,7 @@
}; };
jayesh-bhoot = { jayesh-bhoot = {
name = "Jayesh Bhoot"; name = "Jayesh Bhoot";
email = "jayesh@bhoot.sh"; email = "jb@jayeshbhoot.com";
github = "jayeshbhoot"; github = "jayeshbhoot";
githubId = 1915507; githubId = 1915507;
}; };
@ -7030,6 +7147,13 @@
githubId = 221929; githubId = 221929;
name = "Jean-Baptiste Giraudeau"; name = "Jean-Baptiste Giraudeau";
}; };
jbgosselin = {
email = "gosselinjb@gmail.com";
matrix = "@dennajort:matrix.org";
github = "jbgosselin";
githubId = 1536838;
name = "Jean-Baptiste Gosselin";
};
jboy = { jboy = {
email = "jboy+nixos@bius.moe"; email = "jboy+nixos@bius.moe";
githubId = 2187261; githubId = 2187261;
@ -7361,6 +7485,12 @@
fingerprint = "B768 6CD7 451A 650D 9C54 4204 6710 CF0C 1CBD 7762"; fingerprint = "B768 6CD7 451A 650D 9C54 4204 6710 CF0C 1CBD 7762";
}]; }];
}; };
jleightcap = {
email = "jack@leightcap.com";
github = "jleightcap";
githubId = 30168080;
name = "Jack Leightcap";
};
jlesquembre = { jlesquembre = {
email = "jl@lafuente.me"; email = "jl@lafuente.me";
github = "jlesquembre"; github = "jlesquembre";
@ -7824,6 +7954,12 @@
githubId = 1792886; githubId = 1792886;
name = "Julien Malka"; name = "Julien Malka";
}; };
juliusrickert = {
email = "nixpkgs@juliusrickert.de";
github = "juliusrickert";
githubId = 5007494;
name = "Julius Rickert";
};
julm = { julm = {
email = "julm+nixpkgs@sourcephile.fr"; email = "julm+nixpkgs@sourcephile.fr";
github = "ju1m"; github = "ju1m";
@ -7842,6 +7978,12 @@
githubId = 2469618; githubId = 2469618;
name = "Junji Hashimoto"; name = "Junji Hashimoto";
}; };
jurraca = {
email = "julienu@pm.me";
github = "jurraca";
githubId = 5124422;
name = "Julien Urraca";
};
justinas = { justinas = {
email = "justinas@justinas.org"; email = "justinas@justinas.org";
github = "justinas"; github = "justinas";
@ -8022,6 +8164,13 @@
githubId = 524492; githubId = 524492;
name = "Sergey Kazenyuk"; name = "Sergey Kazenyuk";
}; };
kbdharun = {
email = "kbdharunkrishna@gmail.com";
matrix = "@kbdk:matrix.org";
github = "kbdharun";
githubId = 26346867;
name = "K.B.Dharun Krishna";
};
kcalvinalvin = { kcalvinalvin = {
email = "calvin@kcalvinalvin.info"; email = "calvin@kcalvinalvin.info";
github = "kcalvinalvin"; github = "kcalvinalvin";
@ -8144,6 +8293,12 @@
githubId = 16481032; githubId = 16481032;
name = "Kiba Fox"; name = "Kiba Fox";
}; };
kidanger = {
email = "angerj.dev@gmail.com";
github = "kidanger";
githubId = 297479;
name = "Jérémy Anger";
};
kidd = { kidd = {
email = "raimonster@gmail.com"; email = "raimonster@gmail.com";
github = "kidd"; github = "kidd";
@ -8643,6 +8798,12 @@
githubId = 621759; githubId = 621759;
name = "Lassulus"; name = "Lassulus";
}; };
laurent-f1z1 = {
email = "laurent.nixpkgs@fainsin.bzh";
github = "Laurent2916";
githubId = 21087104;
name = "Laurent Fainsin";
};
layus = { layus = {
email = "layus.on@gmail.com"; email = "layus.on@gmail.com";
github = "layus"; github = "layus";
@ -8747,6 +8908,12 @@
githubId = 567634; githubId = 567634;
name = "Daniel Kuehn"; name = "Daniel Kuehn";
}; };
lelgenio = {
email = "lelgenio@disroot.org";
github = "lelgenio";
githubId = 31388299;
name = "Leonardo Eugênio";
};
leo60228 = { leo60228 = {
email = "leo@60228.dev"; email = "leo@60228.dev";
matrix = "@leo60228:matrix.org"; matrix = "@leo60228:matrix.org";
@ -8769,6 +8936,12 @@
githubId = 1572058; githubId = 1572058;
name = "Leonardo Cecchi"; name = "Leonardo Cecchi";
}; };
leonid = {
email = "belyaev.l@northeastern.edu";
github = "leonidbelyaev";
githubId = 77865363;
name = "Leonid Belyaev";
};
leshainc = { leshainc = {
email = "leshainc@fomalhaut.me"; email = "leshainc@fomalhaut.me";
github = "LeshaInc"; github = "LeshaInc";
@ -8839,6 +9012,12 @@
githubId = 1769386; githubId = 1769386;
name = "Liam Diprose"; name = "Liam Diprose";
}; };
liberatys = {
email = "liberatys@hey.com";
name = "Nick Anthony Flueckiger";
github = "liberatys";
githubId = 35100156;
};
libjared = { libjared = {
email = "jared@perrycode.com"; email = "jared@perrycode.com";
github = "libjared"; github = "libjared";
@ -8951,6 +9130,12 @@
fingerprint = "74F5 E5CC 19D3 B5CB 608F 6124 68FF 81E6 A785 0F49"; fingerprint = "74F5 E5CC 19D3 B5CB 608F 6124 68FF 81E6 A785 0F49";
}]; }];
}; };
lizelive = {
email = "nixpkgs@lize.live";
github = "lizelive";
githubId = 40217331;
name = "LizeLive";
};
lluchs = { lluchs = {
email = "lukas.werling@gmail.com"; email = "lukas.werling@gmail.com";
github = "lluchs"; github = "lluchs";
@ -10121,6 +10306,15 @@
github = "michaelgrahamevans"; github = "michaelgrahamevans";
githubId = 5932424; githubId = 5932424;
}; };
michaelpachec0 = {
email = "michaelpacheco@protonmail.com";
name = "Michael Pacheco";
github = "MichaelPachec0";
githubId = 48970112;
keys = [ {
fingerprint = "8D12 991F 5558 C501 70B2 779C 7811 46B0 B5F9 5F64";
}];
};
michaelpj = { michaelpj = {
email = "michaelpj@gmail.com"; email = "michaelpj@gmail.com";
github = "michaelpj"; github = "michaelpj";
@ -11066,12 +11260,28 @@
githubId = 13920346; githubId = 13920346;
name = "Sébastien Iooss"; name = "Sébastien Iooss";
}; };
networkexception = {
name = "networkException";
email = "nix@nwex.de";
matrix = "@networkexception:chat.upi.li";
github = "networkException";
githubId = 42888162;
keys = [{
fingerprint = "A0B9 48C5 A263 55C2 035F 8567 FBB7 2A94 52D9 1A72";
}];
};
neverbehave = { neverbehave = {
email = "i@never.pet"; email = "i@never.pet";
github = "NeverBehave"; github = "NeverBehave";
githubId = 17120571; githubId = 17120571;
name = "Xinhao Luo"; name = "Xinhao Luo";
}; };
nevivurn = {
email = "nevivurn@nevi.dev";
github = "nevivurn";
githubId = 7698349;
name = "Yongun Seong";
};
newam = { newam = {
email = "alex@thinglab.org"; email = "alex@thinglab.org";
github = "newAM"; github = "newAM";
@ -11124,6 +11334,11 @@
github = "NickCao"; github = "NickCao";
githubId = 15247171; githubId = 15247171;
}; };
nickgerace = {
name = "Nick Gerace";
github = "nickgerace";
githubId = 39320683;
};
nickhu = { nickhu = {
email = "me@nickhu.co.uk"; email = "me@nickhu.co.uk";
github = "NickHu"; github = "NickHu";
@ -12157,6 +12372,16 @@
githubId = 581269; githubId = 581269;
name = "Philip Potter"; name = "Philip Potter";
}; };
philclifford = {
email = "philip.clifford@gmail.com";
matrix = "@phil8o:matrix.org";
github = "philclifford";
githubId = 8797027;
keys = [{
fingerprint = "FC15 E59F 0CFA 9329 101B 71D9 92F7 A790 E9BA F1F7";
}];
name = "Phil Clifford";
};
phile314 = { phile314 = {
email = "nix@314.ch"; email = "nix@314.ch";
github = "phile314"; github = "phile314";
@ -12284,6 +12509,12 @@
githubId = 3737; githubId = 3737;
name = "Peter Jones"; name = "Peter Jones";
}; };
pjrm = {
email = "pedrojrmagalhaes@gmail.com";
github = "pjrm";
githubId = 4622652;
name = "Pedro Magalhães";
};
pkharvey = { pkharvey = {
email = "kayharvey@protonmail.com"; email = "kayharvey@protonmail.com";
github = "pkharvey"; github = "pkharvey";
@ -12513,9 +12744,9 @@
githubId = 17690377; githubId = 17690377;
}; };
ppom = { ppom = {
name = "Paco Pompeani"; name = "ppom";
email = "paco@ecomail.io"; email = "ppom@ecomail.fr";
github = "aopom"; github = "ppom0";
githubId = 38916722; githubId = 38916722;
}; };
pradeepchhetri = { pradeepchhetri = {
@ -12871,6 +13102,12 @@
githubId = 903072; githubId = 903072;
name = "Raghav Sood"; name = "Raghav Sood";
}; };
ragingpastry = {
email = "senior.crepe@gmail.com";
github = "ragingpastry";
githubId = 6778250;
name = "Nick Wilburn";
};
raitobezarius = { raitobezarius = {
email = "ryan@lahfa.xyz"; email = "ryan@lahfa.xyz";
matrix = "@raitobezarius:matrix.org"; matrix = "@raitobezarius:matrix.org";
@ -13394,6 +13631,12 @@
githubId = 710906; githubId = 710906;
name = "Roel van Dijk"; name = "Roel van Dijk";
}; };
rogarb = {
email = "rogarb@rgarbage.fr";
github = "rogarb";
githubId = 69053978;
name = "rogarb";
};
roman = { roman = {
email = "open-source@roman-gonzalez.info"; email = "open-source@roman-gonzalez.info";
github = "roman"; github = "roman";
@ -14004,6 +14247,13 @@
github = "sei40kr"; github = "sei40kr";
githubId = 11665236; githubId = 11665236;
}; };
seirl = {
name = "Antoine Pietri";
email = "antoine.pietri1@gmail.com";
github = "seirl";
githubId = 4927883;
matrix = "@seirl:matrix.org";
};
sellout = { sellout = {
email = "greg@technomadic.org"; email = "greg@technomadic.org";
github = "sellout"; github = "sellout";
@ -14128,9 +14378,11 @@
name = "Scott Hamilton"; name = "Scott Hamilton";
}; };
ShamrockLee = { ShamrockLee = {
name = "Shamrock Lee"; email = "shamrocklee@posteo.net";
github = "ShamrockLee"; github = "ShamrockLee";
githubId = 44064051; githubId = 44064051;
matrix = "@shamrocklee:matrix.org";
name = "Yueh-Shun Li";
}; };
shanesveller = { shanesveller = {
email = "shane@sveller.dev"; email = "shane@sveller.dev";
@ -14195,6 +14447,12 @@
githubId = 251028; githubId = 251028;
name = "Shell Turner"; name = "Shell Turner";
}; };
shhht = {
name = "shhht";
email = "stp.tjeerd@gmail.com";
github = "shhht";
githubId = 118352823;
};
shikanime = { shikanime = {
name = "William Phetsinorath"; name = "William Phetsinorath";
email = "deva.shikanime@protonmail.com"; email = "deva.shikanime@protonmail.com";
@ -14216,6 +14474,12 @@
githubId = 487050; githubId = 487050;
name = "Shea Levy"; name = "Shea Levy";
}; };
shlok = {
email = "sd-nix-maintainer@quant.is";
github = "shlok";
githubId = 3000933;
name = "Shlok Datye";
};
shmish111 = { shmish111 = {
email = "shmish111@gmail.com"; email = "shmish111@gmail.com";
github = "shmish111"; github = "shmish111";
@ -14417,6 +14681,15 @@
githubId = 12828415; githubId = 12828415;
name = "Michel Weitbrecht"; name = "Michel Weitbrecht";
}; };
slwst = {
email = "email@slw.st";
github = "slwst";
githubId = 11047377;
name = "slwst";
keys = [{
fingerprint = "6CEB 4A2F E6DC C345 1B2B 4733 AD52 C5FB 3EFE CC7A";
}];
};
smakarov = { smakarov = {
email = "setser200018@gmail.com"; email = "setser200018@gmail.com";
github = "SeTSeR"; github = "SeTSeR";
@ -14594,6 +14867,12 @@
githubId = 2825204; githubId = 2825204;
name = "Steven Pease"; name = "Steven Pease";
}; };
spectre256 = {
name = "Ellis Gibbons";
email = "egibbons256@gmail.com";
github = "spectre256";
githubId = 72505298;
};
spencerjanssen = { spencerjanssen = {
email = "spencerjanssen@gmail.com"; email = "spencerjanssen@gmail.com";
matrix = "@sjanssen:matrix.org"; matrix = "@sjanssen:matrix.org";
@ -14613,12 +14892,6 @@
githubId = 6391601; githubId = 6391601;
name = "Roger Mason"; name = "Roger Mason";
}; };
spwhitt = {
email = "sw@swhitt.me";
github = "spwhitt";
githubId = 1414088;
name = "Spencer Whitt";
};
squalus = { squalus = {
email = "squalus@squalus.net"; email = "squalus@squalus.net";
github = "squalus"; github = "squalus";
@ -14701,7 +14974,7 @@
name = "Christoph Honal"; name = "Christoph Honal";
}; };
star-szr = { star-szr = {
email = "nixpkgs@scottr.mailworks.org"; email = "nixpkgs@szr.fastmail.com";
github = "star-szr"; github = "star-szr";
githubId = 327943; githubId = 327943;
name = "Scott Zhu Reeves"; name = "Scott Zhu Reeves";
@ -15228,6 +15501,12 @@
}]; }];
name = "David Tchekachev"; name = "David Tchekachev";
}; };
tcheronneau = {
email = "nix@mcth.fr";
github = "tcheronneau";
githubId = 7914437;
name = "Thomas Cheronneau";
};
tckmn = { tckmn = {
email = "andy@tck.mn"; email = "andy@tck.mn";
github = "tckmn"; github = "tckmn";
@ -15467,6 +15746,15 @@
githubId = 57180880; githubId = 57180880;
name = "Ansh Tyagi"; name = "Ansh Tyagi";
}; };
therealr5 = {
email = "rouven@rfive.de";
github = "therealr5";
githubId = 72568063;
name = "Rouven Seifert";
keys = [{
fingerprint = "1169 87A8 DD3F 78FF 8601 BF4D B95E 8FE6 B11C 4D09";
}];
};
therishidesai = { therishidesai = {
email = "desai.rishi1@gmail.com"; email = "desai.rishi1@gmail.com";
github = "therishidesai"; github = "therishidesai";
@ -15514,6 +15802,18 @@
githubId = 3268082; githubId = 3268082;
name = "Thibaut Marty"; name = "Thibaut Marty";
}; };
thielema = {
name = "Henning Thielemann";
email = "nix@henning-thielemann.de";
github = "thielema";
githubId = 898989;
};
thilobillerbeck = {
name = "Thilo Billerbeck";
email = "thilo.billerbeck@officerent.de";
github = "thilobillerbeck";
githubId = 7442383;
};
thled = { thled = {
name = "Thomas Le Duc"; name = "Thomas Le Duc";
email = "dev@tleduc.de"; email = "dev@tleduc.de";
@ -15609,10 +15909,11 @@
githubId = 18621411; githubId = 18621411;
}; };
tilpner = { tilpner = {
email = "till@hoeppner.ws"; name = "Till Höppner";
email = "nixpkgs@tilpner.com";
matrix = "@tilpner:tx0.co";
github = "tilpner"; github = "tilpner";
githubId = 4322055; githubId = 4322055;
name = "Till Höppner";
}; };
timbertson = { timbertson = {
email = "tim@gfxmonk.net"; email = "tim@gfxmonk.net";
@ -15758,6 +16059,12 @@
githubId = 8577941; githubId = 8577941;
name = "Kevin Rauscher"; name = "Kevin Rauscher";
}; };
tomaskala = {
email = "public+nixpkgs@tomaskala.com";
github = "tomaskala";
githubId = 7727887;
name = "Tomas Kala";
};
tomberek = { tomberek = {
email = "tomberek@gmail.com"; email = "tomberek@gmail.com";
matrix = "@tomberek:matrix.org"; matrix = "@tomberek:matrix.org";
@ -16153,6 +16460,12 @@
githubId = 15697697; githubId = 15697697;
name = "Kasper Gałkowski"; name = "Kasper Gałkowski";
}; };
utkarshgupta137 = {
email = "utkarshgupta137@gmail.com";
github = "utkarshgupta137";
githubId = 5155100;
name = "Utkarsh Gupta";
};
uvnikita = { uvnikita = {
email = "uv.nikita@gmail.com"; email = "uv.nikita@gmail.com";
github = "uvNikita"; github = "uvNikita";
@ -17443,6 +17756,12 @@
githubId = 393108; githubId = 393108;
name = "Damien Diederen"; name = "Damien Diederen";
}; };
zumorica = {
name = "Vera Aguilera Puerto";
email = "gradientvera+nix@outlook.com";
github = "Zumorica";
githubId = 6766154;
};
zupo = { zupo = {
name = "Nejc Zupan"; name = "Nejc Zupan";
email = "nejczupan+nix@gmail.com"; email = "nejczupan+nix@gmail.com";

View file

@ -50,19 +50,22 @@ while (@ARGV) {
} }
} }
my $bucket;
# S3 setup. if (not defined $ENV{DEBUG}) {
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "AWS_ACCESS_KEY_ID not set\n"; # S3 setup.
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "AWS_SECRET_ACCESS_KEY not set\n"; my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "AWS_ACCESS_KEY_ID not set\n";
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "AWS_SECRET_ACCESS_KEY not set\n";
my $s3 = Net::Amazon::S3->new( my $s3 = Net::Amazon::S3->new(
{ aws_access_key_id => $aws_access_key_id, { aws_access_key_id => $aws_access_key_id,
aws_secret_access_key => $aws_secret_access_key, aws_secret_access_key => $aws_secret_access_key,
retry => 1, retry => 1,
host => "s3-eu-west-1.amazonaws.com", host => "s3-eu-west-1.amazonaws.com",
}); });
my $bucket = $s3->bucket("nixpkgs-tarballs") or die; $bucket = $s3->bucket("nixpkgs-tarballs") or die;
}
my $doWrite = 0; my $doWrite = 0;
my $cacheFile = ($ENV{"HOME"} or die "\$HOME is not set") . "/.cache/nix/copy-tarballs"; my $cacheFile = ($ENV{"HOME"} or die "\$HOME is not set") . "/.cache/nix/copy-tarballs";
@ -159,13 +162,18 @@ elsif (defined $expr) {
# Check every fetchurl call discovered by find-tarballs.nix. # Check every fetchurl call discovered by find-tarballs.nix.
my $mirrored = 0; my $mirrored = 0;
my $have = 0; my $have = 0;
foreach my $fetch (sort { $a->{url} cmp $b->{url} } @{$fetches}) { foreach my $fetch (sort { $a->{urls}->[0] cmp $b->{urls}->[0] } @{$fetches}) {
my $url = $fetch->{url}; my $urls = $fetch->{urls};
my $algo = $fetch->{type}; my $algo = $fetch->{type};
my $hash = $fetch->{hash}; my $hash = $fetch->{hash};
my $name = $fetch->{name}; my $name = $fetch->{name};
my $isPatch = $fetch->{isPatch}; my $isPatch = $fetch->{isPatch};
if ($isPatch) {
print STDERR "skipping $urls->[0] (support for patches is missing)\n";
next;
}
if ($hash =~ /^([a-z0-9]+)-([A-Za-z0-9+\/=]+)$/) { if ($hash =~ /^([a-z0-9]+)-([A-Za-z0-9+\/=]+)$/) {
$algo = $1; $algo = $1;
$hash = `nix hash to-base16 $hash` or die; $hash = `nix hash to-base16 $hash` or die;
@ -180,62 +188,60 @@ elsif (defined $expr) {
chomp $hash; chomp $hash;
} }
if (defined $ENV{DEBUG}) {
print "$url $algo $hash\n";
next;
}
if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
print STDERR "skipping $url (unsupported scheme)\n";
next;
}
if ($isPatch) {
print STDERR "skipping $url (support for patches is missing)\n";
next;
}
next if defined $exclude && $url =~ /$exclude/;
if (alreadyMirrored($algo, $hash)) {
$have++;
next;
}
my $storePath = makeFixedOutputPath(0, $algo, $hash, $name); my $storePath = makeFixedOutputPath(0, $algo, $hash, $name);
print STDERR "mirroring $url ($storePath, $algo, $hash)...\n"; for my $url (@$urls) {
if (defined $ENV{DEBUG}) {
print "$url $algo $hash\n";
next;
}
if ($dryRun) { if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
print STDERR "skipping $url (unsupported scheme)\n";
next;
}
next if defined $exclude && $url =~ /$exclude/;
if (alreadyMirrored($algo, $hash)) {
$have++;
last;
}
print STDERR "mirroring $url ($storePath, $algo, $hash)...\n";
if ($dryRun) {
$mirrored++;
last;
}
# Substitute the output.
if (!isValidPath($storePath)) {
system("nix-store", "-r", $storePath);
}
# Otherwise download the file using nix-prefetch-url.
if (!isValidPath($storePath)) {
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
waitpid($pid, 0) or die;
if ($? != 0) {
print STDERR "failed to fetch $url: $?\n";
next;
}
<$fh>; my $storePath2 = <$fh>; chomp $storePath2;
if ($storePath ne $storePath2) {
warn "strange: $storePath != $storePath2\n";
next;
}
}
uploadFile($storePath, $url);
$mirrored++; $mirrored++;
next; last;
} }
# Substitute the output.
if (!isValidPath($storePath)) {
system("nix-store", "-r", $storePath);
}
# Otherwise download the file using nix-prefetch-url.
if (!isValidPath($storePath)) {
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
waitpid($pid, 0) or die;
if ($? != 0) {
print STDERR "failed to fetch $url: $?\n";
next;
}
<$fh>; my $storePath2 = <$fh>; chomp $storePath2;
if ($storePath ne $storePath2) {
warn "strange: $storePath != $storePath2\n";
next;
}
}
uploadFile($storePath, $url);
$mirrored++;
} }
print STDERR "mirrored $mirrored files, already have $have files\n"; print STDERR "mirrored $mirrored files, already have $have files\n";

View file

@ -9,12 +9,12 @@ let
root = expr; root = expr;
uniqueUrls = map (x: x.file) (genericClosure { uniqueFiles = map (x: x.file) (genericClosure {
startSet = map (file: { key = file.url; inherit file; }) urls; startSet = map (file: { key = with file; (if type == null then "" else type + "+") + hash; inherit file; }) files;
operator = const [ ]; operator = const [ ];
}); });
urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies; files = map (drv: { urls = drv.urls or [ drv.url ]; hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies;
fetchurlDependencies = fetchurlDependencies =
filter filter
@ -47,4 +47,4 @@ let
canEval = val: (builtins.tryEval val).success; canEval = val: (builtins.tryEval val).success;
in uniqueUrls in uniqueFiles

View file

@ -32,8 +32,6 @@ EOF
sort -iu "$tmpfile" >> "$broken_config" sort -iu "$tmpfile" >> "$broken_config"
clear="env -u HOME -u NIXPKGS_CONFIG" clear="env -u HOME -u NIXPKGS_CONFIG"
$clear maintainers/scripts/haskell/regenerate-hackage-packages.sh $clear maintainers/scripts/haskell/regenerate-hackage-packages.sh
$clear maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh
$clear maintainers/scripts/haskell/regenerate-hackage-packages.sh
evalline=$(maintainers/scripts/haskell/hydra-report.hs eval-info) evalline=$(maintainers/scripts/haskell/hydra-report.hs eval-info)
if [[ "${1:-}" == "--do-commit" ]]; then if [[ "${1:-}" == "--do-commit" ]]; then

View file

@ -53,6 +53,10 @@ if ! gh auth status 2>/dev/null ; then
die "You must setup the \`gh\` command. Run \`gh auth login\`." die "You must setup the \`gh\` command. Run \`gh auth login\`."
fi fi
# Make sure this is configured before we start doing anything
push_remote="$(git config branch.haskell-updates.pushRemote \
|| die 'Can'\''t determine pushRemote for haskell-updates. Please set using `git config branch.haskell-updates.pushremote <remote name>`.')"
# Fetch nixpkgs to get an up-to-date origin/haskell-updates branch. # Fetch nixpkgs to get an up-to-date origin/haskell-updates branch.
echo "Fetching origin..." echo "Fetching origin..."
git fetch origin >/dev/null git fetch origin >/dev/null
@ -85,11 +89,12 @@ echo "Updating Stackage..."
echo "Updating Hackage hashes..." echo "Updating Hackage hashes..."
./maintainers/scripts/haskell/update-hackage.sh --do-commit ./maintainers/scripts/haskell/update-hackage.sh --do-commit
echo "Regenerating Hackage packages..." echo "Regenerating Hackage packages..."
./maintainers/scripts/haskell/regenerate-hackage-packages.sh --do-commit # Using fast here because after the hackage-update eval errors will likely break the transitive dependencies check.
./maintainers/scripts/haskell/regenerate-hackage-packages.sh --fast --do-commit
# Push these new commits to the haskell-updates branch # Push these new commits to the haskell-updates branch
echo "Pushing commits just created to the remote haskell-updates branch..." echo "Pushing commits just created to the remote $push_remote/haskell-updates branch..."
git push git push "$push_remote" haskell-updates
# Open new PR # Open new PR
new_pr_body=$(cat <<EOF new_pr_body=$(cat <<EOF

View file

@ -1,22 +1,69 @@
#! /usr/bin/env nix-shell #! /usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils haskellPackages.cabal2nix-unstable git nix -I nixpkgs=. #! nix-shell -i bash -p coreutils haskellPackages.cabal2nix-unstable git nix -I nixpkgs=.
# This script is used to regenerate nixpkgs' Haskell package set, using the
# tool hackage2nix from the nixos/cabal2nix repo. hackage2nix looks at the
# config files in pkgs/development/haskell-modules/configuration-hackage2nix
# and generates a Nix expression for package version specified there, using the
# Cabal files from the Hackage database (available under all-cabal-hashes) and
# its companion tool cabal2nix.
#
# Related scripts are update-hackage.sh, for updating the snapshot of the
# Hackage database used by hackage2nix, and update-cabal2nix-unstable.sh,
# for updating the version of hackage2nix used to perform this task.
#
# Note that this script doesn't gcroot anything, so it may be broken by an
# unfortunately timed nix-store --gc.
set -euo pipefail set -euo pipefail
self=$0
print_help () {
cat <<END_HELP
Usage: $self [options]
Options:
--do-commit Commit changes to this file.
-f | --fast Do not update the transitive-broken.yaml file.
-h | --help Show this help.
This script is used to regenerate nixpkgs' Haskell package set, using the
tool hackage2nix from the nixos/cabal2nix repo. hackage2nix looks at the
config files in pkgs/development/haskell-modules/configuration-hackage2nix
and generates a Nix expression for package version specified there, using the
Cabal files from the Hackage database (available under all-cabal-hashes) and
its companion tool cabal2nix.
Unless --fast is used, it will then use the generated nix expression by
running regenerate-transitive-broken-packages.sh which updates the transitive-broken.yaml
file. Then it re-runs hackage2nix.
Related scripts are update-hackage.sh, for updating the snapshot of the
Hackage database used by hackage2nix, and update-cabal2nix-unstable.sh,
for updating the version of hackage2nix used to perform this task.
Note that this script doesn't gcroot anything, so it may be broken by an
unfortunately timed nix-store --gc.
END_HELP
}
DO_COMMIT=0
REGENERATE_TRANSITIVE=1
options=$(getopt -o "fh" -l "help,fast,do-commit" -- "$@")
eval set -- "$options"
while true; do
case "$1" in
--do-commit)
DO_COMMIT=1
;;
-f|--fast)
REGENERATE_TRANSITIVE=0
;;
-h|--help)
print_help
exit 0
;;
--)
break;;
*)
print_help
exit 1
;;
esac
shift
done
HACKAGE2NIX="${HACKAGE2NIX:-hackage2nix}" HACKAGE2NIX="${HACKAGE2NIX:-hackage2nix}"
# To prevent hackage2nix fails because of encoding. # To prevent hackage2nix fails because of encoding.
@ -25,14 +72,7 @@ export LC_ALL=C.UTF-8
config_dir=pkgs/development/haskell-modules/configuration-hackage2nix config_dir=pkgs/development/haskell-modules/configuration-hackage2nix
echo "Obtaining Hackage data" run_hackage2nix() {
extraction_derivation='with import ./. {}; runCommandLocal "unpacked-cabal-hashes" { } "tar xf ${all-cabal-hashes} --strip-components=1 --one-top-level=$out"'
unpacked_hackage="$(nix-build -E "$extraction_derivation" --no-out-link)"
echo "Generating compiler configuration"
compiler_config="$(nix-build -A haskellPackages.cabal2nix-unstable.compilerConfig --no-out-link)"
echo "Starting hackage2nix to regenerate pkgs/development/haskell-modules/hackage-packages.nix ..."
"$HACKAGE2NIX" \ "$HACKAGE2NIX" \
--hackage "$unpacked_hackage" \ --hackage "$unpacked_hackage" \
--preferred-versions <(for n in "$unpacked_hackage"/*/preferred-versions; do cat "$n"; echo; done) \ --preferred-versions <(for n in "$unpacked_hackage"/*/preferred-versions; do cat "$n"; echo; done) \
@ -42,8 +82,33 @@ echo "Starting hackage2nix to regenerate pkgs/development/haskell-modules/hackag
--config "$config_dir/stackage.yaml" \ --config "$config_dir/stackage.yaml" \
--config "$config_dir/broken.yaml" \ --config "$config_dir/broken.yaml" \
--config "$config_dir/transitive-broken.yaml" --config "$config_dir/transitive-broken.yaml"
}
if [[ "${1:-}" == "--do-commit" ]]; then echo "Obtaining Hackage data …"
extraction_derivation='with import ./. {}; runCommandLocal "unpacked-cabal-hashes" { } "tar xf ${all-cabal-hashes} --strip-components=1 --one-top-level=$out"'
unpacked_hackage="$(nix-build -E "$extraction_derivation" --no-out-link)"
echo "Generating compiler configuration …"
compiler_config="$(nix-build -A haskellPackages.cabal2nix-unstable.compilerConfig --no-out-link)"
echo "Running hackage2nix to regenerate pkgs/development/haskell-modules/hackage-packages.nix …"
run_hackage2nix
if [[ "$REGENERATE_TRANSITIVE" -eq 1 ]]; then
echo "Regenerating transitive-broken.yaml … (pass --fast to $self to skip this step)"
maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh
echo "Running hackage2nix again to reflect changes in transitive-broken.yaml …"
run_hackage2nix
fi
if [[ "$DO_COMMIT" -eq 1 ]]; then
git add pkgs/development/haskell-modules/configuration-hackage2nix/transitive-broken.yaml
git add pkgs/development/haskell-modules/hackage-packages.nix git add pkgs/development/haskell-modules/hackage-packages.nix
git commit -F - << EOF git commit -F - << EOF
haskellPackages: regenerate package set based on current config haskellPackages: regenerate package set based on current config

View file

@ -1,9 +1,18 @@
#! /usr/bin/env nix-shell #! /usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils jq nix -I nixpkgs=. #! nix-shell -i bash -p coreutils jq nix -I nixpkgs=.
set -euo pipefail
TMP_TEMPLATE=transitive-broken.XXXXXXX
readonly TMP_TEMPLATE
tmpfile=$(mktemp "$TMP_TEMPLATE")
trap 'rm -f "${tmpfile}"' 0
config_file=pkgs/development/haskell-modules/configuration-hackage2nix/transitive-broken.yaml config_file=pkgs/development/haskell-modules/configuration-hackage2nix/transitive-broken.yaml
cat > $config_file << EOF cat > $tmpfile << EOF
# This file is automatically generated by # This file is automatically generated by
# maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh # maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh
# It is supposed to list all haskellPackages that cannot evaluate because they # It is supposed to list all haskellPackages that cannot evaluate because they
@ -11,5 +20,6 @@ cat > $config_file << EOF
dont-distribute-packages: dont-distribute-packages:
EOF EOF
echo "Regenerating list of transitive broken packages ..." nix-instantiate --eval --option restrict-eval true -I . --strict --json maintainers/scripts/haskell/transitive-broken-packages.nix | jq -r . | LC_ALL=C.UTF-8 sort -i >> $tmpfile
nix-instantiate --eval --option restrict-eval true -I . --strict --json maintainers/scripts/haskell/transitive-broken-packages.nix | jq -r . | LC_ALL=C.UTF-8 sort -i >> $config_file
mv $tmpfile $config_file

View file

@ -100,11 +100,12 @@ def convert_to_throw(date_older_list: list[str]) -> list[tuple[str, str]]:
date_older_list.remove(line) date_older_list.remove(line)
continue continue
alias = before_equal.strip() alias = before_equal
alias_unquoted = before_equal.strip('"')
after_equal_list = [x.strip(";:") for x in after_equal.split()] after_equal_list = [x.strip(";:") for x in after_equal.split()]
converted = ( converted = (
f"{indent}{alias} = throw \"'{alias}' has been renamed to/replaced by" f"{indent}{alias} = throw \"'{alias_unquoted}' has been renamed to/replaced by"
f" '{after_equal_list.pop(0)}'\";" f" '{after_equal_list.pop(0)}'\";"
f' # Converted to throw {datetime.today().strftime("%Y-%m-%d")}' f' # Converted to throw {datetime.today().strftime("%Y-%m-%d")}'
) )

View file

@ -149,6 +149,17 @@ with lib.maintainers; {
enableFeatureFreezePing = true; enableFeatureFreezePing = true;
}; };
cuda = {
members = [
connorbaker
samuela
SomeoneSerge
];
scope = "Maintain CUDA-enabled packages";
shortName = "Cuda";
githubTeams = [ "cuda-maintainers" ];
};
darwin = { darwin = {
members = [ members = [
toonn toonn
@ -512,6 +523,7 @@ with lib.maintainers; {
mate = { mate = {
members = [ members = [
bobby285271
j03 j03
romildo romildo
]; ];
@ -534,6 +546,17 @@ with lib.maintainers; {
shortName = "Matrix"; shortName = "Matrix";
}; };
minimal-bootstrap = {
members = [
artturin
emilytrau
ericson2314
jk
];
scope = "Maintain the minimal-bootstrap toolchain and related packages.";
shortName = "Minimal Bootstrap";
};
mobile = { mobile = {
members = [ members = [
samueldr samueldr
@ -818,6 +841,7 @@ with lib.maintainers; {
xfce = { xfce = {
members = [ members = [
bobby285271
romildo romildo
muscaln muscaln
]; ];

View file

@ -25,6 +25,8 @@ These include `pkgs.nixosTest`, `testing-python.nix` and `make-test-python.nix`.
## Testing changes to the test framework {#sec-test-the-test-framework} ## Testing changes to the test framework {#sec-test-the-test-framework}
We currently have limited unit tests for the framework itself. You may run these with `nix-build -A nixosTests.nixos-test-driver`.
When making significant changes to the test framework, we run the tests on Hydra, to avoid disrupting the larger NixOS project. When making significant changes to the test framework, we run the tests on Hydra, to avoid disrupting the larger NixOS project.
For this, we use the `python-test-refactoring` branch in the `NixOS/nixpkgs` repository, and its [corresponding Hydra jobset](https://hydra.nixos.org/jobset/nixos/python-test-refactoring). For this, we use the `python-test-refactoring` branch in the `NixOS/nixpkgs` repository, and its [corresponding Hydra jobset](https://hydra.nixos.org/jobset/nixos/python-test-refactoring).

View file

@ -13,7 +13,7 @@ checking for entire option trees, it is only recommended for use in
submodules. submodules.
::: {#ex-freeform-module .example} ::: {#ex-freeform-module .example}
**Example: Freeform submodule** ### Freeform submodule
The following shows a submodule assigning a freeform type that allows The following shows a submodule assigning a freeform type that allows
arbitrary attributes with `str` values below `settings`, but also arbitrary attributes with `str` values below `settings`, but also

View file

@ -77,6 +77,7 @@ The option's description is "Whether to enable \<name\>.".
For example: For example:
::: {#ex-options-declarations-util-mkEnableOption-magic .example} ::: {#ex-options-declarations-util-mkEnableOption-magic .example}
### `mkEnableOption` usage
```nix ```nix
lib.mkEnableOption (lib.mdDoc "magic") lib.mkEnableOption (lib.mdDoc "magic")
# is like # is like
@ -126,6 +127,7 @@ During the transition to CommonMark documentation `mkPackageOption` creates an o
Examples: Examples:
::: {#ex-options-declarations-util-mkPackageOption-hello .example} ::: {#ex-options-declarations-util-mkPackageOption-hello .example}
### Simple `mkPackageOption` usage
```nix ```nix
lib.mkPackageOptionMD pkgs "hello" { } lib.mkPackageOptionMD pkgs "hello" { }
# is like # is like
@ -139,6 +141,7 @@ lib.mkOption {
::: :::
::: {#ex-options-declarations-util-mkPackageOption-ghc .example} ::: {#ex-options-declarations-util-mkPackageOption-ghc .example}
### `mkPackageOption` with explicit default and example
```nix ```nix
lib.mkPackageOptionMD pkgs "GHC" { lib.mkPackageOptionMD pkgs "GHC" {
default = [ "ghc" ]; default = [ "ghc" ];
@ -156,6 +159,7 @@ lib.mkOption {
::: :::
::: {#ex-options-declarations-util-mkPackageOption-extraDescription .example} ::: {#ex-options-declarations-util-mkPackageOption-extraDescription .example}
### `mkPackageOption` with additional description text
```nix ```nix
mkPackageOption pkgs [ "python39Packages" "pytorch" ] { mkPackageOption pkgs [ "python39Packages" "pytorch" ] {
extraDescription = "This is an example and doesn't actually do anything."; extraDescription = "This is an example and doesn't actually do anything.";
@ -217,7 +221,7 @@ changing the main service module file and the type system automatically
enforces that there can only be a single display manager enabled. enforces that there can only be a single display manager enabled.
::: {#ex-option-declaration-eot-service .example} ::: {#ex-option-declaration-eot-service .example}
**Example: Extensible type placeholder in the service module** ### Extensible type placeholder in the service module
```nix ```nix
services.xserver.displayManager.enable = mkOption { services.xserver.displayManager.enable = mkOption {
description = "Display manager to use"; description = "Display manager to use";
@ -227,7 +231,7 @@ services.xserver.displayManager.enable = mkOption {
::: :::
::: {#ex-option-declaration-eot-backend-gdm .example} ::: {#ex-option-declaration-eot-backend-gdm .example}
**Example: Extending `services.xserver.displayManager.enable` in the `gdm` module** ### Extending `services.xserver.displayManager.enable` in the `gdm` module
```nix ```nix
services.xserver.displayManager.enable = mkOption { services.xserver.displayManager.enable = mkOption {
type = with types; nullOr (enum [ "gdm" ]); type = with types; nullOr (enum [ "gdm" ]);
@ -236,7 +240,7 @@ services.xserver.displayManager.enable = mkOption {
::: :::
::: {#ex-option-declaration-eot-backend-sddm .example} ::: {#ex-option-declaration-eot-backend-sddm .example}
**Example: Extending `services.xserver.displayManager.enable` in the `sddm` module** ### Extending `services.xserver.displayManager.enable` in the `sddm` module
```nix ```nix
services.xserver.displayManager.enable = mkOption { services.xserver.displayManager.enable = mkOption {
type = with types; nullOr (enum [ "sddm" ]); type = with types; nullOr (enum [ "sddm" ]);

View file

@ -36,7 +36,7 @@ merging is handled.
together. This type is recommended when the option type is unknown. together. This type is recommended when the option type is unknown.
::: {#ex-types-anything .example} ::: {#ex-types-anything .example}
**Example: `types.anything` Example** ### `types.anything`
Two definitions of this type like Two definitions of this type like
@ -99,6 +99,10 @@ merging is handled.
problems. problems.
::: :::
`types.pkgs`
: A type for the top level Nixpkgs package set.
### Numeric types {#sec-option-types-numeric} ### Numeric types {#sec-option-types-numeric}
`types.int` `types.int`
@ -356,7 +360,7 @@ you will still need to provide a default value (e.g. an empty attribute set)
if you want to allow users to leave it undefined. if you want to allow users to leave it undefined.
::: {#ex-submodule-direct .example} ::: {#ex-submodule-direct .example}
**Example: Directly defined submodule** ### Directly defined submodule
```nix ```nix
options.mod = mkOption { options.mod = mkOption {
description = "submodule example"; description = "submodule example";
@ -375,7 +379,7 @@ options.mod = mkOption {
::: :::
::: {#ex-submodule-reference .example} ::: {#ex-submodule-reference .example}
**Example: Submodule defined as a reference** ### Submodule defined as a reference
```nix ```nix
let let
modOptions = { modOptions = {
@ -403,7 +407,7 @@ multiple definitions of the submodule option set
([Example: Definition of a list of submodules](#ex-submodule-listof-definition)). ([Example: Definition of a list of submodules](#ex-submodule-listof-definition)).
::: {#ex-submodule-listof-declaration .example} ::: {#ex-submodule-listof-declaration .example}
**Example: Declaration of a list of submodules** ### Declaration of a list of submodules
```nix ```nix
options.mod = mkOption { options.mod = mkOption {
description = "submodule example"; description = "submodule example";
@ -422,7 +426,7 @@ options.mod = mkOption {
::: :::
::: {#ex-submodule-listof-definition .example} ::: {#ex-submodule-listof-definition .example}
**Example: Definition of a list of submodules** ### Definition of a list of submodules
```nix ```nix
config.mod = [ config.mod = [
{ foo = 1; bar = "one"; } { foo = 1; bar = "one"; }
@ -437,7 +441,7 @@ multiple named definitions of the submodule option set
([Example: Definition of attribute sets of submodules](#ex-submodule-attrsof-definition)). ([Example: Definition of attribute sets of submodules](#ex-submodule-attrsof-definition)).
::: {#ex-submodule-attrsof-declaration .example} ::: {#ex-submodule-attrsof-declaration .example}
**Example: Declaration of attribute sets of submodules** ### Declaration of attribute sets of submodules
```nix ```nix
options.mod = mkOption { options.mod = mkOption {
description = "submodule example"; description = "submodule example";
@ -456,7 +460,7 @@ options.mod = mkOption {
::: :::
::: {#ex-submodule-attrsof-definition .example} ::: {#ex-submodule-attrsof-definition .example}
**Example: Definition of attribute sets of submodules** ### Definition of attribute sets of submodules
```nix ```nix
config.mod.one = { foo = 1; bar = "one"; }; config.mod.one = { foo = 1; bar = "one"; };
config.mod.two = { foo = 2; bar = "two"; }; config.mod.two = { foo = 2; bar = "two"; };
@ -476,7 +480,7 @@ Types are mainly characterized by their `check` and `merge` functions.
([Example: Overriding a type check](#ex-extending-type-check-2)). ([Example: Overriding a type check](#ex-extending-type-check-2)).
::: {#ex-extending-type-check-1 .example} ::: {#ex-extending-type-check-1 .example}
**Example: Adding a type check** ### Adding a type check
```nix ```nix
byte = mkOption { byte = mkOption {
@ -487,7 +491,7 @@ Types are mainly characterized by their `check` and `merge` functions.
::: :::
::: {#ex-extending-type-check-2 .example} ::: {#ex-extending-type-check-2 .example}
**Example: Overriding a type check** ### Overriding a type check
```nix ```nix
nixThings = mkOption { nixThings = mkOption {

View file

@ -143,7 +143,7 @@ These functions all return an attribute set with these values:
::: :::
::: {#ex-settings-nix-representable .example} ::: {#ex-settings-nix-representable .example}
**Example: Module with conventional `settings` option** ### Module with conventional `settings` option
The following shows a module for an example program that uses a JSON The following shows a module for an example program that uses a JSON
configuration file. It demonstrates how above values can be used, along configuration file. It demonstrates how above values can be used, along
@ -218,7 +218,7 @@ the port, which will enforce it to be a valid integer and make it show
up in the manual. up in the manual.
::: {#ex-settings-typed-attrs .example} ::: {#ex-settings-typed-attrs .example}
**Example: Declaring a type-checked `settings` attribute** ### Declaring a type-checked `settings` attribute
```nix ```nix
settings = lib.mkOption { settings = lib.mkOption {
type = lib.types.submodule { type = lib.types.submodule {

View file

@ -37,7 +37,7 @@ options, but does not declare any. The structure of full NixOS modules
is shown in [Example: Structure of NixOS Modules](#ex-module-syntax). is shown in [Example: Structure of NixOS Modules](#ex-module-syntax).
::: {#ex-module-syntax .example} ::: {#ex-module-syntax .example}
**Example: Structure of NixOS Modules** ### Structure of NixOS Modules
```nix ```nix
{ config, pkgs, ... }: { config, pkgs, ... }:
@ -100,7 +100,7 @@ Exec directives](#exec-escaping-example) for an example. When using these
functions system environment substitution should *not* be disabled explicitly. functions system environment substitution should *not* be disabled explicitly.
::: {#locate-example .example} ::: {#locate-example .example}
**Example: NixOS Module for the "locate" Service** ### NixOS Module for the "locate" Service
```nix ```nix
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
@ -161,7 +161,7 @@ in {
::: :::
::: {#exec-escaping-example .example} ::: {#exec-escaping-example .example}
**Example: Escaping in Exec directives** ### Escaping in Exec directives
```nix ```nix
{ config, lib, pkgs, utils, ... }: { config, lib, pkgs, utils, ... }:

View file

@ -130,6 +130,11 @@ starting them in parallel:
start_all() start_all()
``` ```
If the hostname of a node contains characters that can't be used in a
Python variable name, those characters will be replaced with
underscores in the variable name, so `nodes.machine-a` will be exposed
to Python as `machine_a`.
## Machine objects {#ssec-machine-objects} ## Machine objects {#ssec-machine-objects}
The following methods are available on machine objects: The following methods are available on machine objects:

View file

@ -538,7 +538,7 @@ drive (here `/dev/sda`). [Example: NixOS Configuration](#ex-config) shows a
corresponding configuration Nix expression. corresponding configuration Nix expression.
::: {#ex-partition-scheme-MBR .example} ::: {#ex-partition-scheme-MBR .example}
**Example: Example partition schemes for NixOS on `/dev/sda` (MBR)** ### Example partition schemes for NixOS on `/dev/sda` (MBR)
```ShellSession ```ShellSession
# parted /dev/sda -- mklabel msdos # parted /dev/sda -- mklabel msdos
# parted /dev/sda -- mkpart primary 1MB -8GB # parted /dev/sda -- mkpart primary 1MB -8GB
@ -547,7 +547,7 @@ corresponding configuration Nix expression.
::: :::
::: {#ex-partition-scheme-UEFI .example} ::: {#ex-partition-scheme-UEFI .example}
**Example: Example partition schemes for NixOS on `/dev/sda` (UEFI)** ### Example partition schemes for NixOS on `/dev/sda` (UEFI)
```ShellSession ```ShellSession
# parted /dev/sda -- mklabel gpt # parted /dev/sda -- mklabel gpt
# parted /dev/sda -- mkpart primary 512MB -8GB # parted /dev/sda -- mkpart primary 512MB -8GB
@ -558,7 +558,7 @@ corresponding configuration Nix expression.
::: :::
::: {#ex-install-sequence .example} ::: {#ex-install-sequence .example}
**Example: Commands for Installing NixOS on `/dev/sda`** ### Commands for Installing NixOS on `/dev/sda`
With a partitioned disk. With a partitioned disk.
@ -578,7 +578,7 @@ With a partitioned disk.
::: :::
::: {#ex-config .example} ::: {#ex-config .example}
**Example: NixOS Configuration** ### Example: NixOS Configuration
```ShellSession ```ShellSession
{ config, pkgs, ... }: { { config, pkgs, ... }: {
imports = [ imports = [

View file

@ -17,7 +17,7 @@ In any manpage, commands, flags and arguments to the *current* executable should
- Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`. - Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`.
- Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments. - Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments.
- Required flags or arguments should not be marked. - Required flags or arguments should not be marked.
- Mutually exclusive groups of arguments should be enclosed in curly brackets, preferrably created with `Bro`/`Brc` blocks. - Mutually exclusive groups of arguments should be enclosed in curly brackets, preferably created with `Bro`/`Brc` blocks.
When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly: When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly:
``` ```
@ -45,7 +45,7 @@ Larger code blocks or those that cannot be shown inline should use indented lite
... ...
.Ed .Ed
``` ```
Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be subsituted into them: Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be substituted into them:
``` ```
.Bd -literal -offset indent .Bd -literal -offset indent
{ {

View file

@ -4,7 +4,7 @@ This manual describes how to install, use and extend NixOS, a Linux distribution
Additional information regarding the Nix package manager and the Nixpkgs project can be found in respectively the [Nix manual](https://nixos.org/nix/manual) and the [Nixpkgs manual](https://nixos.org/nixpkgs/manual). Additional information regarding the Nix package manager and the Nixpkgs project can be found in respectively the [Nix manual](https://nixos.org/nix/manual) and the [Nixpkgs manual](https://nixos.org/nixpkgs/manual).
If you encounter problems, please report them on the [`Discourse`](https://discourse.nixos.org), the [Matrix room](https://matrix.to/#nix:nixos.org), or on the [`#nixos` channel on Libera.Chat](irc://irc.libera.chat/#nixos). Alternatively, consider [contributing to this manual](#chap-contributing). Bugs should be reported in [NixOS GitHub issue tracker](https://github.com/NixOS/nixpkgs/issues). If you encounter problems, please report them on the [`Discourse`](https://discourse.nixos.org), the [Matrix room](https://matrix.to/#/%23nix:nixos.org), or on the [`#nixos` channel on Libera.Chat](irc://irc.libera.chat/#nixos). Alternatively, consider [contributing to this manual](#chap-contributing). Bugs should be reported in [NixOS GitHub issue tracker](https://github.com/NixOS/nixpkgs/issues).
::: {.note} ::: {.note}
Commands prefixed with `#` have to be run as root, either requiring to login as root user or temporarily switching to it using `sudo` for example. Commands prefixed with `#` have to be run as root, either requiring to login as root user or temporarily switching to it using `sudo` for example.

View file

@ -3,6 +3,7 @@
This section lists the release notes for each stable version of NixOS and current unstable revision. This section lists the release notes for each stable version of NixOS and current unstable revision.
```{=include=} sections ```{=include=} sections
rl-2311.section.md
rl-2305.section.md rl-2305.section.md
rl-2211.section.md rl-2211.section.md
rl-2205.section.md rl-2205.section.md

View file

@ -20,7 +20,7 @@ When upgrading from a previous release, please be aware of the following incompa
- A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.) - A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html). - Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to avoid breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
- Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`. - Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`.
@ -28,7 +28,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused. - `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused.
- Gitlab's maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI. - Gitlab's maintenance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
- `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79). - `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79).

View file

@ -275,7 +275,7 @@ When upgrading from a previous release, please be aware of the following incompa
You can check that backups still work by running `systemctl start mysql-backup` then `systemctl status mysql-backup`. You can check that backups still work by running `systemctl start mysql-backup` then `systemctl status mysql-backup`.
- Templated systemd services e.g `container@name` are now handled currectly when switching to a new configuration, resulting in them being reloaded. - Templated systemd services e.g `container@name` are now handled correctly when switching to a new configuration, resulting in them being reloaded.
- Steam: the `newStdcpp` parameter was removed and should not be needed anymore. - Steam: the `newStdcpp` parameter was removed and should not be needed anymore.

View file

@ -174,7 +174,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The `openssh` package now includes Kerberos support by default; the `openssh_with_kerberos` package is now a deprecated alias. If you do not want Kerberos support, you can do `openssh.override { withKerberos = false; }`. Note, this also applies to the `openssh_hpn` package. - The `openssh` package now includes Kerberos support by default; the `openssh_with_kerberos` package is now a deprecated alias. If you do not want Kerberos support, you can do `openssh.override { withKerberos = false; }`. Note, this also applies to the `openssh_hpn` package.
- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved. - `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatibility, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved.
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected. - The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.

View file

@ -81,7 +81,7 @@ When upgrading from a previous release, please be aware of the following incompa
The slurmctld now runs as user `slurm` instead of `root`. If you want to keep slurmctld running as `root`, set `services.slurm.user = root`. The slurmctld now runs as user `slurm` instead of `root`. If you want to keep slurmctld running as `root`, set `services.slurm.user = root`.
The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occour more than once in the configuration. The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occur more than once in the configuration.
- The `solr` package has been upgraded from 4.10.3 to 7.5.0 and has undergone some major changes. The `services.solr` module has been updated to reflect these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading. - The `solr` package has been upgraded from 4.10.3 to 7.5.0 and has undergone some major changes. The `services.solr` module has been updated to reflect these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading.
@ -91,7 +91,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device "default" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options. - Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device "default" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network. - The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interfering with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters. If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters.
@ -135,7 +135,7 @@ When upgrading from a previous release, please be aware of the following incompa
- GitLab Shell previously used the nix store paths for the `gitlab-shell` command in its `authorized_keys` file, which might stop working after garbage collection. To circumvent that, we regenerated that file on each startup. As `gitlab-shell` has now been changed to use `/var/run/current-system/sw/bin/gitlab-shell`, this is not necessary anymore, but there might be leftover lines with a nix store path. Regenerate the `authorized_keys` file via `sudo -u git -H gitlab-rake gitlab:shell:setup` in that case. - GitLab Shell previously used the nix store paths for the `gitlab-shell` command in its `authorized_keys` file, which might stop working after garbage collection. To circumvent that, we regenerated that file on each startup. As `gitlab-shell` has now been changed to use `/var/run/current-system/sw/bin/gitlab-shell`, this is not necessary anymore, but there might be leftover lines with a nix store path. Regenerate the `authorized_keys` file via `sudo -u git -H gitlab-rake gitlab:shell:setup` in that case.
- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`. - The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previously shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`.
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should. - The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.

View file

@ -194,7 +194,7 @@ When upgrading from a previous release, please be aware of the following incompa
`security.acme.preDelay` and `security.acme.activationDelay` options have been removed. To execute a service before certificates are provisioned or renewed add a `RequiredBy=acme-${cert}.service` to any service. `security.acme.preDelay` and `security.acme.activationDelay` options have been removed. To execute a service before certificates are provisioned or renewed add a `RequiredBy=acme-${cert}.service` to any service.
Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually. Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certificates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually.
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180). For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).

View file

@ -130,7 +130,7 @@ In addition to 1119 new, 118 updated, and 476 removed options; 61 new modules we
- [services.cage.enable](options.html#opt-services.cage.enable) Wayland cage service - [services.cage.enable](options.html#opt-services.cage.enable) Wayland cage service
- [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed throught the browser - [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed through the browser
- [services.engelsystem.enable](options.html#opt-services.engelsystem.enable) Tool for coordinating volunteers and shifts on large events - [services.engelsystem.enable](options.html#opt-services.engelsystem.enable) Tool for coordinating volunteers and shifts on large events
@ -552,7 +552,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`. - The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`.
- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent. - The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundant.
- The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed. - The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed.

View file

@ -197,7 +197,7 @@ When upgrading from a previous release, please be aware of the following incompa
Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments `repoJson` and `repoXmls` have been added to allow overriding the built-in androidenv repo.json with your own. Additionally, license files are now written to allow compatibility with Gradle-based tools, and the `extraLicenses` argument has been added to accept more SDK licenses if your project requires it. See the androidenv documentation for more details. Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments `repoJson` and `repoXmls` have been added to allow overriding the built-in androidenv repo.json with your own. Additionally, license files are now written to allow compatibility with Gradle-based tools, and the `extraLicenses` argument has been added to accept more SDK licenses if your project requires it. See the androidenv documentation for more details.
- The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input paramater `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achived like this: - The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input parameter `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achieved like this:
```nix ```nix
self: super: self: super:
@ -272,7 +272,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`. - `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`.
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements. - `services.minio.dataDir` changed type to a list of paths, required for specifying multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements.
- All CUDA toolkit versions prior to CUDA 10 have been removed. - All CUDA toolkit versions prior to CUDA 10 have been removed.
@ -375,7 +375,7 @@ When upgrading from a previous release, please be aware of the following incompa
- When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those. - When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those.
- The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantialy improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles. - The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantially improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles.
- The GNOME desktop manager once again installs gnome.epiphany by default. - The GNOME desktop manager once again installs gnome.epiphany by default.

View file

@ -375,7 +375,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument. - `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. - The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`hardware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
- The fontconfig service's dpi option has been removed. - The fontconfig service's dpi option has been removed.
Fontconfig should use Xft settings by default so there's no need to override one value in multiple places. Fontconfig should use Xft settings by default so there's no need to override one value in multiple places.

View file

@ -10,7 +10,7 @@ In addition to numerous new and upgraded packages, this release has the followin
for Flakes, but also marks the `nix` command as experimental which now has to for Flakes, but also marks the `nix` command as experimental which now has to
be enabled via the configuration explicitly. For more information and be enabled via the configuration explicitly. For more information and
instructions for upgrades, see the instructions for upgrades, see the
relase notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html), release notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html),
[nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html), [nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html),
[nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html), [nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html),
[nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and [nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and
@ -278,11 +278,11 @@ In addition to numerous new and upgraded packages, this release has the followin
- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`. - `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`.
Additionally with 2.5 the argon2 module was included in the standard distrubtion and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`. Additionally with 2.5 the argon2 module was included in the standard distribution and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`.
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`. - `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your environment consider adding `openssh` to it or switching to `gitFull`.
- `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`. - `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`.
This change may require a reboot to take effect, and k3s may not be able to run if the boot cgroup hierarchy does not match its configuration. This change may require a reboot to take effect, and k3s may not be able to run if the boot cgroup hierarchy does not match its configuration.
@ -639,7 +639,7 @@ In addition to numerous new and upgraded packages, this release has the followin
changes in the database scheme and configuration format. changes in the database scheme and configuration format.
- Some top-level settings under [services.epgstation](#opt-services.epgstation.enable) - Some top-level settings under [services.epgstation](#opt-services.epgstation.enable)
is now deprecated because it was redudant due to the same options being is now deprecated because it was redundant due to the same options being
present in [services.epgstation.settings](#opt-services.epgstation.settings). present in [services.epgstation.settings](#opt-services.epgstation.settings).
- The option `services.epgstation.basicAuth` was removed because basic - The option `services.epgstation.basicAuth` was removed because basic
@ -653,7 +653,7 @@ In addition to numerous new and upgraded packages, this release has the followin
option now expects options for `config.yml` in EPGStation v2. option now expects options for `config.yml` in EPGStation v2.
- Existing data for the [services.epgstation](#opt-services.epgstation.enable) - Existing data for the [services.epgstation](#opt-services.epgstation.enable)
module would have to be backed up prior to the upgrade. To back up exising module would have to be backed up prior to the upgrade. To back up existing
data to `/tmp/epgstation.bak`, run data to `/tmp/epgstation.bak`, run
`sudo -u epgstation epgstation run backup /tmp/epgstation.bak`. `sudo -u epgstation epgstation run backup /tmp/epgstation.bak`.
To import that data after to the upgrade, run To import that data after to the upgrade, run
@ -804,7 +804,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `influxdb2` package was split into `influxdb2-server` and - The `influxdb2` package was split into `influxdb2-server` and
`influxdb2-cli`, matching the split that took place upstream. A `influxdb2-cli`, matching the split that took place upstream. A
combined `influxdb2` package is still provided in this release for combined `influxdb2` package is still provided in this release for
backwards compatibilty, but will be removed at a later date. backwards compatibility, but will be removed at a later date.
- The `unifi` package was switched from `unifi6` to `unifi7`. - The `unifi` package was switched from `unifi6` to `unifi7`.
Direct downgrades from Unifi 7 to Unifi 6 are not possible and require restoring from a backup made by Unifi 6. Direct downgrades from Unifi 7 to Unifi 6 are not possible and require restoring from a backup made by Unifi 6.

View file

@ -205,7 +205,7 @@ In addition to numerous new and upgraded packages, this release includes the fol
- Linux 4.9 has been removed because it will reach its end of life within the lifespan of 22.11. - Linux 4.9 has been removed because it will reach its end of life within the lifespan of 22.11.
- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden. - (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintenance burden.
Use `configure.packages` instead. Use `configure.packages` instead.
- Neovim can not be configured with plug anymore (still works for vim). - Neovim can not be configured with plug anymore (still works for vim).
@ -221,7 +221,7 @@ In addition to numerous new and upgraded packages, this release includes the fol
- `mysql57` has been removed. Please update to `mysql80` or `mariadb`. See the [upgrade guide](https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/) for more information. - `mysql57` has been removed. Please update to `mysql80` or `mariadb`. See the [upgrade guide](https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/) for more information.
- Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be neccesary. - Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be necessary.
- `k3s` supports `clusterInit` option, and it is enabled by default, for servers. - `k3s` supports `clusterInit` option, and it is enabled by default, for servers.
- `percona-server56` has been removed. Please migrate to `mysql` or `mariadb` if possible. - `percona-server56` has been removed. Please migrate to `mysql` or `mariadb` if possible.

View file

@ -24,6 +24,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- KDE Plasma has been updated to v5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what is changed. - KDE Plasma has been updated to v5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what is changed.
- Python implements [PEP 668](https://peps.python.org/pep-0668/), providing better feedback to users that try to run `pip install` system-wide.
- `nixos-rebuild` now supports an extra `--specialisation` option that can be used to change specialisation for `switch` and `test` commands. - `nixos-rebuild` now supports an extra `--specialisation` option that can be used to change specialisation for `switch` and `test` commands.
- `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code). - `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code).
@ -36,6 +38,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable). - [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable).
- [Pixelfed](https://pixelfed.org/), an Instagram-like ActivityPub server. Available as [services.pixelfed](options.html#opt-services.pixelfed.enable).
- [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable). - [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable).
- [webhook](https://github.com/adnanh/webhook), a lightweight webhook server. Available as [services.webhook](#opt-services.webhook.enable). - [webhook](https://github.com/adnanh/webhook), a lightweight webhook server. Available as [services.webhook](#opt-services.webhook.enable).
@ -46,25 +50,40 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable). - [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable).
- [Deepin Desktop Environment](https://github.com/linuxdeepin/dde), an elegant, easy to use and reliable desktop environment. Available as [services.xserver.desktopManager.deepin](options.html#opt-services.xserver.desktopManager.deepin).
- [system-repart](https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html), grow and add partitions to a partition table. Available as [systemd.repart](options.html#opt-systemd.repart) and [boot.initrd.systemd.repart](options.html#opt-boot.initrd.systemd.repart)
- [frigate](https://frigate.video), an open source NVR built around real-time AI object detection. Available as [services.frigate](#opt-services.frigate.enable).
- [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion). - [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion).
- [readarr](https://github.com/Readarr/Readarr), Book Manager and Automation (Sonarr for Ebooks). Available as [services.readarr](options.html#opt-services.readarr.enable). - [readarr](https://github.com/Readarr/Readarr), Book Manager and Automation (Sonarr for Ebooks). Available as [services.readarr](options.html#opt-services.readarr.enable).
- [gemstash](https://github.com/rubygems/gemstash), a RubyGems.org cache and private gem server. Available as [services.gemstash](#opt-services.gemstash.enable). - [gemstash](https://github.com/rubygems/gemstash), a RubyGems.org cache and private gem server. Available as [services.gemstash](#opt-services.gemstash.enable).
- [gitea-actions-runner](https://gitea.com/gitea/act_runner), a CI runner for Gitea/Forgejo Actions. Available as [services.gitea-actions-runner](#opt-services.gitea-actions-runner.instances).
- [gmediarender](https://github.com/hzeller/gmrender-resurrect), a simple, headless UPnP/DLNA renderer. Available as [services.gmediarender](options.html#opt-services.gmediarender.enable). - [gmediarender](https://github.com/hzeller/gmrender-resurrect), a simple, headless UPnP/DLNA renderer. Available as [services.gmediarender](options.html#opt-services.gmediarender.enable).
- [go2rtc](https://github.com/AlexxIT/go2rtc), a camera streaming appliation with support for RTSP, WebRTC, HomeKit, FFMPEG, RTMP and other protocols. Available as [services.go2rtc](options.html#opt-services.go2rtc.enable).
- [harmonia](https://github.com/nix-community/harmonia/), Nix binary cache implemented in rust using libnix-store. Available as [services.harmonia](options.html#opt-services.harmonia.enable).
- [hyprland](https://github.com/hyprwm/hyprland), a dynamic tiling Wayland compositor that doesn't sacrifice on its looks. Available as [programs.hyprland](#opt-programs.hyprland.enable). - [hyprland](https://github.com/hyprwm/hyprland), a dynamic tiling Wayland compositor that doesn't sacrifice on its looks. Available as [programs.hyprland](#opt-programs.hyprland.enable).
- [minipro](https://gitlab.com/DavidGriffith/minipro/), an open source program for controlling the MiniPRO TL866xx series of chip programmers. Available as [programs.minipro](options.html#opt-programs.minipro.enable). - [minipro](https://gitlab.com/DavidGriffith/minipro/), an open source program for controlling the MiniPRO TL866xx series of chip programmers. Available as [programs.minipro](options.html#opt-programs.minipro.enable).
- [stevenblack-blocklist](https://github.com/StevenBlack/hosts), A unified hosts file with base extensions for blocking unwanted websites. Available as [networking.stevenblack](options.html#opt-networking.stevenblack.enable). - [stevenblack-blocklist](https://github.com/StevenBlack/hosts), A unified hosts file with base extensions for blocking unwanted websites. Available as [networking.stevenblack](options.html#opt-networking.stevenblack.enable).
- [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Availabe as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie). - [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Available as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie).
- [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable). - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable).
- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable). - [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).
- [kavita](https://kavitareader.com), a self-hosted digital library. Available as [services.kavita](options.html#opt-services.kavita.enable).
- [monica](https://www.monicahq.com), an open source personal CRM. Available as [services.monica](options.html#opt-services.monica.enable). - [monica](https://www.monicahq.com), an open source personal CRM. Available as [services.monica](options.html#opt-services.monica.enable).
- [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable). - [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable).
@ -73,7 +92,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable). - [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable).
- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Mutiple servers may be configured below [services.tts.servers](#opt-services.tts.servers). - [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Multiple servers may be configured below [services.tts.servers](#opt-services.tts.servers).
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
@ -81,14 +100,24 @@ In addition to numerous new and upgraded packages, this release has the followin
- [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable). - [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable).
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). - [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable).
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and receives MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
- [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable) - [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
- [keyd](https://github.com/rvaiya/keyd), a key remapping daemon for linux. Available as [services.keyd](#opt-services.keyd.enable). - [keyd](https://github.com/rvaiya/keyd), a key remapping daemon for linux. Available as [services.keyd](#opt-services.keyd.enable).
- [consul-template](https://github.com/hashicorp/consul-template/), a template rendering, notifier, and supervisor for HashiCorp Consul and Vault data. Available as [services.consul-template](#opt-services.consul-template.instances).
- [vault-agent](https://developer.hashicorp.com/vault/docs/agent), a template rendering and API auth proxy for HashiCorp Vault, similar to `consul-template`. Available as [services.vault-agent](#opt-services.vault-agent.instances).
- [trippy](https://github.com/fujiapple852/trippy), a network diagnostic tool. Available as [programs.trippy](#opt-programs.trippy.enable).
- [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable). - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable).
- [rshim](https://github.com/Mellanox/rshim-user-space), the user-space rshim driver for the BlueField SoC. Available as [services.rshim](options.html#opt-services.rshim.enable).
- [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable). - [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable).
- [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable).
@ -99,8 +128,14 @@ In addition to numerous new and upgraded packages, this release has the followin
- [stargazer](https://sr.ht/~zethra/stargazer/), a fast and easy to use Gemini server. Available as [services.stargazer](#opt-services.stargazer.enable). - [stargazer](https://sr.ht/~zethra/stargazer/), a fast and easy to use Gemini server. Available as [services.stargazer](#opt-services.stargazer.enable).
- [sniffnet](https://github.com/GyulyVGC/sniffnet), an application to monitor your network traffic. Available as [programs.sniffnet](#opt-programs.sniffnet.enable).
- [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable).
- [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable).
- [birdwatcher](github.com/alice-lg/birdwatcher), a small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon. Available as [services.birdwatcher](#opt-services.birdwatcher.enable).
- [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable).
- [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met. - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.
@ -117,6 +152,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable). - [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable).
- [lldap](https://github.com/lldap/lldap), a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. Available as [services.lldap](#opt-services.lldap.enable).
- [ReGreet](https://github.com/rharish101/ReGreet), a clean and customizable greeter for greetd. Available as [programs.regreet](#opt-programs.regreet.enable). - [ReGreet](https://github.com/rharish101/ReGreet), a clean and customizable greeter for greetd. Available as [programs.regreet](#opt-programs.regreet.enable).
- [v4l2-relayd](https://git.launchpad.net/v4l2-relayd), a streaming relay for v4l2loopback using gstreamer. Available as [services.v4l2-relayd](#opt-services.v4l2-relayd.instances._name_.enable). - [v4l2-relayd](https://git.launchpad.net/v4l2-relayd), a streaming relay for v4l2loopback using gstreamer. Available as [services.v4l2-relayd](#opt-services.v4l2-relayd.instances._name_.enable).
@ -125,12 +162,16 @@ In addition to numerous new and upgraded packages, this release has the followin
- [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable). - [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable).
- [openvscode-server](https://github.com/gitpod-io/openvscode-server), run VS Code on a remote machine with access through a modern web browser from any device, anywhere. Available as [services.openvscode-server](#opt-services.openvscode-server.enable).
## Backward Incompatibilities {#sec-release-23.05-incompatibilities} ## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead. - `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead.
- `services.asusd` configuration now uses strings instead of structured configuration, as upstream switched to the [RON](https://github.com/ron-rs/ron) configuration format. Support for structured configuration may return when [RON](https://github.com/ron-rs/ron) generation is implemented in nixpkgs.
- `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages). - `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages).
- `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`. - `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`.
@ -139,6 +180,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes` - The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes`
- Many `services.syncthing` options have been moved to `services.syncthing.settings`, as part of [RFC 42](https://github.com/NixOS/rfcs/pull/42)'s implementation, see [#226088](https://github.com/NixOS/nixpkgs/pull/226088).
- The `ssh` module does not read `/etc/ssh/ssh_known_hosts2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2). - The `ssh` module does not read `/etc/ssh/ssh_known_hosts2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
- The openssh module does not read `~/.ssh/authorized_keys2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2). - The openssh module does not read `~/.ssh/authorized_keys2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
@ -147,8 +190,12 @@ In addition to numerous new and upgraded packages, this release has the followin
- `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories. - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.
- `graylog` has been updated to version 5, which can not be upgraded directly from the previously packaged version 3.3. If you had installed the previously packaged version 3.3, please follow the [upgrade path](https://go2docs.graylog.org/5-0/upgrading_graylog/upgrade_path.htm) from 3.3 to 4.0 to 4.3 to 5.0.
- `nushell` has been updated to at least version 0.77.0, which includes potential breaking changes in aliases. The old aliases are now available as `old-alias` but it is recommended you migrate to the new format. See [Reworked aliases](https://www.nushell.sh/blog/2023-03-14-nushell_0_77.html#reworked-aliases-breaking-changes-kubouch). - `nushell` has been updated to at least version 0.77.0, which includes potential breaking changes in aliases. The old aliases are now available as `old-alias` but it is recommended you migrate to the new format. See [Reworked aliases](https://www.nushell.sh/blog/2023-03-14-nushell_0_77.html#reworked-aliases-breaking-changes-kubouch).
- `gajim` has been updated to version 1.7.3 which has disabled legacy ciphers. See [changelog for version 1.7.0](https://dev.gajim.org/gajim/gajim/-/releases/1.7.0).
- `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative. - `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative.
- The [services.kubo.settings](#opt-services.kubo.settings) option is now no longer stateful. If you changed any of the options in [services.kubo.settings](#opt-services.kubo.settings) in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update. - The [services.kubo.settings](#opt-services.kubo.settings) option is now no longer stateful. If you changed any of the options in [services.kubo.settings](#opt-services.kubo.settings) in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update.
@ -158,10 +205,32 @@ In addition to numerous new and upgraded packages, this release has the followin
- The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services.
This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service`
- The mailman service now defaults to using a randomly generated REST API password instead of a hardcoded one.
- `minio` removed support for its legacy filesystem backend in [RELEASE.2022-10-29T06-21-33Z](https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z). This means if your storage was created with the old format, minio will no longer start. Unfortunately minio doesn't provide a an automatic migration, they only provide [instructions how to manually convert the node](https://min.io/docs/minio/windows/operations/install-deploy-manage/migrate-fs-gateway.html). To facilitate this migration we keep around the last version that still supports the old filesystem backend as `minio_legacy_fs`. Use it via `services.minio.package = minio_legacy_fs;` to export your data before switching to the new version. See the corresponding [issue](https://github.com/NixOS/nixpkgs/issues/199318) for more details. - `minio` removed support for its legacy filesystem backend in [RELEASE.2022-10-29T06-21-33Z](https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z). This means if your storage was created with the old format, minio will no longer start. Unfortunately minio doesn't provide a an automatic migration, they only provide [instructions how to manually convert the node](https://min.io/docs/minio/windows/operations/install-deploy-manage/migrate-fs-gateway.html). To facilitate this migration we keep around the last version that still supports the old filesystem backend as `minio_legacy_fs`. Use it via `services.minio.package = minio_legacy_fs;` to export your data before switching to the new version. See the corresponding [issue](https://github.com/NixOS/nixpkgs/issues/199318) for more details.
- `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/). - `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/).
- The attributes used by `services.snapper.configs.<name>` have changed. Migrate from this:
```nix
services.snapper.configs.example = {
subvolume = "/example";
extraConfig = ''
ALLOW_USERS="alice"
'';
};
```
to this:
```nix
services.snapper.configs.example = {
SUBVOLUME = "/example";
ALLOW_USERS = [ "alice" ];
};
```
- The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. - The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
- The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. - The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
@ -170,6 +239,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using `fcitx5-rime.override { rimeDataPkgs = [ pkgs.rime-data, package2, ... ]; }` - The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using `fcitx5-rime.override { rimeDataPkgs = [ pkgs.rime-data, package2, ... ]; }`
- The udev hwdb.bin file is now built with systemd-hwdb rather than the [deprecated "udevadm hwdb"](https://github.com/systemd/systemd/pull/25714). This may impact mappings where the same key is defined in multiple matching entries. The updated behavior will select the latest definition in case of conflict. In general, this should be a positive change, as the hwdb source files are designed with this ordering in mind. As an example, the mapping of the HP Dev One keyboard scan code for "mute mic" is corrected by this update. This change may impact users who have worked-around previously incorrect mappings.
- Kime has been updated from 2.5.6 to 3.0.2 and the `i18n.inputMethod.kime.config` option has been removed. Users should use `daemonModules`, `iconColor`, and `extraConfig` options under `i18n.inputMethod.kime` instead. - Kime has been updated from 2.5.6 to 3.0.2 and the `i18n.inputMethod.kime.config` option has been removed. Users should use `daemonModules`, `iconColor`, and `extraConfig` options under `i18n.inputMethod.kime` instead.
- `tut` has been updated from 1.0.34 to 2.0.0, and now uses the TOML format for the configuration file instead of INI. Additional information can be found [here](https://github.com/RasmusLindroth/tut/releases/tag/2.0.0). - `tut` has been updated from 1.0.34 to 2.0.0, and now uses the TOML format for the configuration file instead of INI. Additional information can be found [here](https://github.com/RasmusLindroth/tut/releases/tag/2.0.0).
@ -190,6 +261,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `fail2ban` has been updated to 1.0.2, which has a few breaking changes compared to 0.11.2 ([changelog for 1.0.1](https://github.com/fail2ban/fail2ban/blob/1.0.1/ChangeLog), [changelog for 1.0.2](https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog)) - `fail2ban` has been updated to 1.0.2, which has a few breaking changes compared to 0.11.2 ([changelog for 1.0.1](https://github.com/fail2ban/fail2ban/blob/1.0.1/ChangeLog), [changelog for 1.0.2](https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog))
- `albert` has been updated from 0.17.6 to 0.20.13, and 0.18.0 changed the config format and many plugins ([changelog for 0.18.0](https://github.com/albertlauncher/albert/blob/v0.18.0/CHANGELOG.md))
- Calling `makeSetupHook` without passing a `name` argument is deprecated. - Calling `makeSetupHook` without passing a `name` argument is deprecated.
- Top-level buildPlatform,hostPlatform,targetPlatform have been deprecated, use stdenv.X instead. - Top-level buildPlatform,hostPlatform,targetPlatform have been deprecated, use stdenv.X instead.
@ -206,6 +279,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name. - The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name.
- [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) now uses socket authentication and is no longer compatible with password authentication.
- If you want the module to manage the database for you, unset [`services.nextcloud.config.dbpassFile`](#opt-services.nextcloud.config.dbpassFile) (and [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost), if it's set).
- If you want to use password authentication **and** create the database locally, you will have to use [`services.mysql`](#opt-services.mysql.enable) to set it up.
- `protonmail-bridge` package has been updated to major version 3. - `protonmail-bridge` package has been updated to major version 3.
- Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`. - Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`.
@ -218,7 +295,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `nix.readOnlyStore` option has been renamed to `boot.readOnlyNixStore` to clarify that it configures the NixOS boot process, not the Nix daemon. - The `nix.readOnlyStore` option has been renamed to `boot.readOnlyNixStore` to clarify that it configures the NixOS boot process, not the Nix daemon.
- Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constitutents: `xorg.libX11`, `freetype` and others. - Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constituents: `xorg.libX11`, `freetype` and others.
- The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows: - The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows:
- If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default. - If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default.
@ -233,10 +310,16 @@ In addition to numerous new and upgraded packages, this release has the followin
[upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126) [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126)
for more details and available replacements. for more details and available replacements.
- The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatibility. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed).
- [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use. - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use.
- [services.xserver.libinput.enable](options.html#opt-services.xserver.libinput.enable) is now set by default, enabling the more actively maintained and consistently behaved input device driver.
- To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`. - To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`.
- In `services.fail2ban`, `bantime-increment.<name>` options now default to `null` (except `bantime-increment.enable`) and are used to set the corresponding option in `jail.local` only if not `null`. Also, enforce that `bantime-increment.formula` and `bantime-increment.multipliers` are not both specified.
- The default Asterisk package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`. - The default Asterisk package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`.
- conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround. - conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround.
@ -253,6 +336,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `baget` package and module was removed due to being unmaintained. - The `baget` package and module was removed due to being unmaintained.
- The `qlandkartegt` and `garmindev` packages were removed due to being unmaintained and insecure.
- `go-ethereum` package has been updated to v1.11.5 and the `puppeth` command is no longer available as of v1.11.0. - `go-ethereum` package has been updated to v1.11.5 and the `puppeth` command is no longer available as of v1.11.0.
- The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required) - The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required)
@ -260,6 +345,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `zplug` package changes its output path from `$out` to `$out/share/zplug`. Users should update their dependency on `${pkgs.zplug}/init.zsh` to `${pkgs.zplug}/share/zplug/init.zsh`. - The `zplug` package changes its output path from `$out` to `$out/share/zplug`. Users should update their dependency on `${pkgs.zplug}/init.zsh` to `${pkgs.zplug}/share/zplug/init.zsh`.
- The `pict-rs` package was updated from an 0.3 alpha release to 0.3 stable, and related environment variables now require two underscores instead of one.
- `espanso` has been updated to major version 2. Therefore, migration steps may need to be performed. See [the official migration instructions](https://espanso.org/docs/migration/overview/) for how to perform these migrations. Further, `espanso-wayland` can now be used for Wayland support.
## Other Notable Changes {#sec-release-23.05-notable-changes} ## Other Notable Changes {#sec-release-23.05-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -304,13 +393,17 @@ In addition to numerous new and upgraded packages, this release has the followin
replacement. It stores backups as volume dump files and thus better integrates replacement. It stores backups as volume dump files and thus better integrates
into contemporary backup solutions. into contemporary backup solutions.
- `services.maddy` now allows to configure users and their credentials using `services.maddy.ensureCredentials`. - `services.maddy` got several updates:
- Configuration of users and their credentials using `services.maddy.ensureCredentials`.
- TLS configuration is now possible via `services.maddy.tls` with two loaders present: ACME and file based.
- The `dnsmasq` service now takes configuration via the - The `dnsmasq` service now takes configuration via the
`services.dnsmasq.settings` attribute set. The option `services.dnsmasq.settings` attribute set. The option
`services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches `services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
end of life. end of life.
- `kube3d` has now been renamed to `k3d` since the 3d editor that originally took that name has been dropped from nixpkgs. `kube3d` will continue to work as an alias for now.
- The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed. - The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed.
The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans. The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans.
Passing plain PHP is no longer possible. Passing plain PHP is no longer possible.
@ -337,6 +430,28 @@ In addition to numerous new and upgraded packages, this release has the followin
- `nextcloud` has an option to enable SSE-C in S3. - `nextcloud` has an option to enable SSE-C in S3.
- NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to setup the plain encryption device over the
underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so:
```nix
{
swapDevices = [
{
device = "/dev/disk/by-partlabel/swapspace";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}
];
}
```
- New option `security.pam.zfs` to enable unlocking and mounting of encrypted ZFS home dataset at login.
- `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`. - `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`.
Before upgrading, read the release notes for PeerTube: Before upgrading, read the release notes for PeerTube:
- [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0) - [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0)
@ -355,6 +470,8 @@ In addition to numerous new and upgraded packages, this release has the followin
} }
``` ```
- `services.netdata` offers a `deadlineBeforeStopSec` option which enable users who have netdata instance that takes time to initialize to not have systemd kill them for no reason.
- `services.dhcpcd` service now don't solicit or accept IPv6 Router Advertisements on interfaces that use static IPv6 addresses. - `services.dhcpcd` service now don't solicit or accept IPv6 Router Advertisements on interfaces that use static IPv6 addresses.
If network uses both IPv6 Unique local addresses (ULA) and global IPv6 address auto-configuration with SLAAC, must add the parameter `networking.dhcpcd.IPv6rs = true;`. If network uses both IPv6 Unique local addresses (ULA) and global IPv6 address auto-configuration with SLAAC, must add the parameter `networking.dhcpcd.IPv6rs = true;`.
@ -452,6 +569,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `make-disk-image` handles `contents` arguments that are directories better, fixing a bug where it used to put them in a subdirectory of the intended `target`. - `make-disk-image` handles `contents` arguments that are directories better, fixing a bug where it used to put them in a subdirectory of the intended `target`.
- The option `services.jitsi-videobridge.apis` has been renamed to `colibriRestApi` and turned into a boolean. Setting it to `true` will enable the private rest API, useful for monitoring using `services.prometheus.exporters.jitsi.enable`. Learn more about the API: "[The COLIBRI control interface (/colibri/)](https://github.com/jitsi/jitsi-videobridge/blob/v2.3/doc/rest.md)".
## Detailed migration information {#sec-release-23.05-migration} ## Detailed migration information {#sec-release-23.05-migration}
### Pipewire configuration overrides {#sec-release-23.05-migration-pipewire} ### Pipewire configuration overrides {#sec-release-23.05-migration-pipewire}
@ -460,7 +579,7 @@ In addition to numerous new and upgraded packages, this release has the followin
The Pipewire config semantics don't really match the NixOS module semantics, so it's extremely awkward to override the default config, especially when lists are involved. Vendoring the configuration files in nixpkgs also creates unnecessary maintenance overhead. The Pipewire config semantics don't really match the NixOS module semantics, so it's extremely awkward to override the default config, especially when lists are involved. Vendoring the configuration files in nixpkgs also creates unnecessary maintenance overhead.
Also, upstream added a lot of accomodations to allow doing most of the things you'd want to do with a config edit in better ways. Also, upstream added a lot of accommodations to allow doing most of the things you'd want to do with a config edit in better ways.
#### Migrating your configuration {#sec-release-23.05-migration-pipewire-how} #### Migrating your configuration {#sec-release-23.05-migration-pipewire-how}

View file

@ -0,0 +1,19 @@
# Release 23.11 (“Tapir”, 2023.11/??) {#sec-release-23.11}
## Highlights {#sec-release-23.11-highlights}
- Create the first release note entry in this section!
## New Services {#sec-release-23.11-new-services}
- Create the first release note entry in this section!
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-23.11-incompatibilities}
- Create the first release note entry in this section!
## Other Notable Changes {#sec-release-23.11-notable-changes}
- Create the first release note entry in this section!

View file

@ -33,6 +33,7 @@ let
]; ];
specialArgs = { specialArgs = {
inherit config pkgs utils; inherit config pkgs utils;
class = "nixos";
}; };
}; };
docs = import "${nixosPath}/doc/manual" { docs = import "${nixosPath}/doc/manual" {

View file

@ -38,6 +38,7 @@ let
# is experimental. # is experimental.
lib.evalModules { lib.evalModules {
inherit prefix modules; inherit prefix modules;
class = "nixos";
specialArgs = { specialArgs = {
modulesPath = builtins.toString ../modules; modulesPath = builtins.toString ../modules;
} // specialArgs; } // specialArgs;

View file

@ -38,6 +38,8 @@ let pkgs_ = pkgs;
in in
let let
inherit (lib) optional;
evalModulesMinimal = (import ./default.nix { evalModulesMinimal = (import ./default.nix {
inherit lib; inherit lib;
# Implicit use of feature is noted in implementation. # Implicit use of feature is noted in implementation.
@ -47,15 +49,19 @@ let
pkgsModule = rec { pkgsModule = rec {
_file = ./eval-config.nix; _file = ./eval-config.nix;
key = _file; key = _file;
config = { config = lib.mkMerge (
# Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override (optional (system != null) {
# this. Since the latter defaults to the former, the former should # Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override
# default to the argument. That way this new default could propagate all # this. Since the latter defaults to the former, the former should
# they way through, but has the last priority behind everything else. # default to the argument. That way this new default could propagate all
nixpkgs.system = lib.mkIf (system != null) (lib.mkDefault system); # they way through, but has the last priority behind everything else.
nixpkgs.system = lib.mkDefault system;
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_); })
}; ++
(optional (pkgs_ != null) {
_module.args.pkgs = lib.mkForce pkgs_;
})
);
}; };
withWarnings = x: withWarnings = x:

View file

@ -511,7 +511,7 @@ let format' = format; in let
${if format == "raw" then '' ${if format == "raw" then ''
mv $diskImage $out/${filename} mv $diskImage $out/${filename}
'' else '' '' else ''
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${format} ${compress} $diskImage $out/${filename} ${pkgs.qemu-utils}/bin/qemu-img convert -f raw -O ${format} ${compress} $diskImage $out/${filename}
''} ''}
diskImage=$out/${filename} diskImage=$out/${filename}
''; '';

View file

@ -47,16 +47,16 @@ assert usbBootable -> isohybridMbrImage != "";
stdenv.mkDerivation { stdenv.mkDerivation {
name = isoName; name = isoName;
builder = ./make-iso9660-image.sh; __structuredAttrs = true;
buildCommandPath = ./make-iso9660-image.sh;
nativeBuildInputs = [ xorriso syslinux zstd libossp_uuid ]; nativeBuildInputs = [ xorriso syslinux zstd libossp_uuid ];
inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable; inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable;
# !!! should use XML.
sources = map (x: x.source) contents; sources = map (x: x.source) contents;
targets = map (x: x.target) contents; targets = map (x: x.target) contents;
# !!! should use XML.
objects = map (x: x.object) storeContents; objects = map (x: x.object) storeContents;
symlinks = map (x: x.symlink) storeContents; symlinks = map (x: x.symlink) storeContents;

View file

@ -1,12 +1,3 @@
source $stdenv/setup
sources_=($sources)
targets_=($targets)
objects=($objects)
symlinks=($symlinks)
# Remove the initial slash from a path, since genisofs likes it that way. # Remove the initial slash from a path, since genisofs likes it that way.
stripSlash() { stripSlash() {
res="$1" res="$1"
@ -35,13 +26,13 @@ if test -n "$bootable"; then
# The -boot-info-table option modifies the $bootImage file, so # The -boot-info-table option modifies the $bootImage file, so
# find it in `contents' and make a copy of it (since the original # find it in `contents' and make a copy of it (since the original
# is read-only in the Nix store...). # is read-only in the Nix store...).
for ((i = 0; i < ${#targets_[@]}; i++)); do for ((i = 0; i < ${#targets[@]}; i++)); do
stripSlash "${targets_[$i]}" stripSlash "${targets[$i]}"
if test "$res" = "$bootImage"; then if test "$res" = "$bootImage"; then
echo "copying the boot image ${sources_[$i]}" echo "copying the boot image ${sources[$i]}"
cp "${sources_[$i]}" boot.img cp "${sources[$i]}" boot.img
chmod u+w boot.img chmod u+w boot.img
sources_[$i]=boot.img sources[$i]=boot.img
fi fi
done done
@ -66,9 +57,9 @@ touch pathlist
# Add the individual files. # Add the individual files.
for ((i = 0; i < ${#targets_[@]}; i++)); do for ((i = 0; i < ${#targets[@]}; i++)); do
stripSlash "${targets_[$i]}" stripSlash "${targets[$i]}"
addPath "$res" "${sources_[$i]}" addPath "$res" "${sources[$i]}"
done done

View file

@ -261,8 +261,8 @@ let
mv $bootDiskImage $out/${bootFilename} mv $bootDiskImage $out/${bootFilename}
mv $rootDiskImage $out/${rootFilename} mv $rootDiskImage $out/${rootFilename}
'' else '' '' else ''
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $bootDiskImage $out/${bootFilename} ${pkgs.qemu_kvm}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $bootDiskImage $out/${bootFilename}
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename} ${pkgs.qemu_kvm}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename}
''} ''}
bootDiskImage=$out/${bootFilename} bootDiskImage=$out/${bootFilename}
rootDiskImage=$out/${rootFilename} rootDiskImage=$out/${rootFilename}

View file

@ -244,7 +244,7 @@ let
${if formatOpt == "raw" then '' ${if formatOpt == "raw" then ''
mv $rootDiskImage $out/${rootFilename} mv $rootDiskImage $out/${rootFilename}
'' else '' '' else ''
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename} ${pkgs.qemu_kvm}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename}
''} ''}
rootDiskImage=$out/${rootFilename} rootDiskImage=$out/${rootFilename}
set -x set -x

View file

@ -10,6 +10,7 @@
stdenv.mkDerivation { stdenv.mkDerivation {
name = "squashfs.img"; name = "squashfs.img";
__structuredAttrs = true;
nativeBuildInputs = [ squashfsTools ]; nativeBuildInputs = [ squashfsTools ];

View file

@ -289,9 +289,9 @@ in rec {
// optionalAttrs (config.requisite != []) // optionalAttrs (config.requisite != [])
{ Requisite = toString config.requisite; } { Requisite = toString config.requisite; }
// optionalAttrs (config ? restartTriggers && config.restartTriggers != []) // optionalAttrs (config ? restartTriggers && config.restartTriggers != [])
{ X-Restart-Triggers = toString config.restartTriggers; } { X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers" (toString config.restartTriggers)}"; }
// optionalAttrs (config ? reloadTriggers && config.reloadTriggers != []) // optionalAttrs (config ? reloadTriggers && config.reloadTriggers != [])
{ X-Reload-Triggers = toString config.reloadTriggers; } { X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers" (toString config.reloadTriggers)}"; }
// optionalAttrs (config.description != "") { // optionalAttrs (config.description != "") {
Description = config.description; } Description = config.description; }
// optionalAttrs (config.documentation != []) { // optionalAttrs (config.documentation != []) {

View file

@ -80,7 +80,7 @@ in rec {
description = lib.mdDoc '' description = lib.mdDoc ''
Units that want (i.e. depend on) this unit. The default method for Units that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units `["multi-user.target"]` for system services. Likewise for user units
(`systemd.user.<name>.*`) set it to `["default.target"]` to make a unit (`systemd.user.<name>.*`) set it to `["default.target"]` to make a unit
start by default when the user `<name>` logs on. start by default when the user `<name>` logs on.

View file

@ -2,6 +2,7 @@ from contextlib import contextmanager
from pathlib import Path from pathlib import Path
from typing import Any, Dict, Iterator, List, Union, Optional, Callable, ContextManager from typing import Any, Dict, Iterator, List, Union, Optional, Callable, ContextManager
import os import os
import re
import tempfile import tempfile
from test_driver.logger import rootlog from test_driver.logger import rootlog
@ -28,6 +29,10 @@ def get_tmp_dir() -> Path:
return tmp_dir return tmp_dir
def pythonize_name(name: str) -> str:
return re.sub(r"^[^A-z_]|[^A-z0-9_]", "_", name)
class Driver: class Driver:
"""A handle to the driver that sets up the environment """A handle to the driver that sets up the environment
and runs the tests""" and runs the tests"""
@ -113,7 +118,7 @@ class Driver:
polling_condition=self.polling_condition, polling_condition=self.polling_condition,
Machine=Machine, # for typing Machine=Machine, # for typing
) )
machine_symbols = {m.name: m for m in self.machines} machine_symbols = {pythonize_name(m.name): m for m in self.machines}
# If there's exactly one machine, make it available under the name # If there's exactly one machine, make it available under the name
# "machine", even if it's not called that. # "machine", even if it's not called that.
if len(self.machines) == 1: if len(self.machines) == 1:

View file

@ -7,6 +7,7 @@ import io
import os import os
import queue import queue
import re import re
import select
import shlex import shlex
import shutil import shutil
import socket import socket
@ -99,7 +100,7 @@ def _perform_ocr_on_screenshot(
+ "-blur 1x65535" + "-blur 1x65535"
) )
tess_args = f"-c debug_file=/dev/null --psm 11" tess_args = "-c debug_file=/dev/null --psm 11"
cmd = f"convert {magick_args} '{screenshot_path}' 'tiff:{screenshot_path}.tiff'" cmd = f"convert {magick_args} '{screenshot_path}' 'tiff:{screenshot_path}.tiff'"
ret = subprocess.run(cmd, shell=True, capture_output=True) ret = subprocess.run(cmd, shell=True, capture_output=True)
@ -132,7 +133,7 @@ def retry(fn: Callable, timeout: int = 900) -> None:
class StartCommand: class StartCommand:
"""The Base Start Command knows how to append the necesary """The Base Start Command knows how to append the necessary
runtime qemu options as determined by a particular test driver runtime qemu options as determined by a particular test driver
run. Any such start command is expected to happily receive and run. Any such start command is expected to happily receive and
append additional qemu args. append additional qemu args.
@ -154,6 +155,7 @@ class StartCommand:
# qemu options # qemu options
qemu_opts = ( qemu_opts = (
" -device virtio-serial" " -device virtio-serial"
# Note: virtconsole will map to /dev/hvc0 in Linux guests
" -device virtconsole,chardev=shell" " -device virtconsole,chardev=shell"
" -device virtio-rng-pci" " -device virtio-rng-pci"
" -serial stdio" " -serial stdio"
@ -209,7 +211,7 @@ class StartCommand:
class NixStartScript(StartCommand): class NixStartScript(StartCommand):
"""A start script from nixos/modules/virtualiation/qemu-vm.nix """A start script from nixos/modules/virtualiation/qemu-vm.nix
that also satisfies the requirement of the BaseStartCommand. that also satisfies the requirement of the BaseStartCommand.
These Nix commands have the particular charactersitic that the These Nix commands have the particular characteristic that the
machine name can be extracted out of them via a regex match. machine name can be extracted out of them via a regex match.
(Admittedly a _very_ implicit contract, evtl. TODO fix) (Admittedly a _very_ implicit contract, evtl. TODO fix)
""" """
@ -524,8 +526,10 @@ class Machine:
if timeout is not None: if timeout is not None:
timeout_str = f"timeout {timeout}" timeout_str = f"timeout {timeout}"
# While sh is bash on NixOS, this is not the case for every distro.
# We explicitly call bash here to allow for the driver to boot other distros as well.
out_command = ( out_command = (
f"{timeout_str} sh -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n" f"{timeout_str} bash -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n"
) )
assert self.shell assert self.shell
@ -719,6 +723,15 @@ class Machine:
self.wait_for_unit(jobname) self.wait_for_unit(jobname)
def connect(self) -> None: def connect(self) -> None:
def shell_ready(timeout_secs: int) -> bool:
"""We sent some data from the backdoor service running on the guest
to indicate that the backdoor shell is ready.
As soon as we read some data from the socket here, we assume that
our root shell is operational.
"""
(ready, _, _) = select.select([self.shell], [], [], timeout_secs)
return bool(ready)
if self.connected: if self.connected:
return return
@ -728,8 +741,11 @@ class Machine:
assert self.shell assert self.shell
tic = time.time() tic = time.time()
self.shell.recv(1024) # TODO: do we want to bail after a set number of attempts?
# TODO: Timeout while not shell_ready(timeout_secs=30):
self.log("Guest root shell did not produce any data yet...")
self.log(self.shell.recv(1024).decode())
toc = time.time() toc = time.time()
self.log("connected to guest root shell") self.log("connected to guest root shell")
@ -950,7 +966,7 @@ class Machine:
Prepares the machine to be reconnected which is useful if the Prepares the machine to be reconnected which is useful if the
machine was started with `allow_reboot = True` machine was started with `allow_reboot = True`
""" """
self.send_key(f"ctrl-alt-delete") self.send_key("ctrl-alt-delete")
self.connected = False self.connected = False
def wait_for_x(self) -> None: def wait_for_x(self) -> None:

View file

@ -1,7 +1,10 @@
{ lib }: { lib }:
let let
evalTest = module: lib.evalModules { modules = testModules ++ [ module ]; }; evalTest = module: lib.evalModules {
modules = testModules ++ [ module ];
class = "nixosTest";
};
runTest = module: (evalTest ({ config, ... }: { imports = [ module ]; result = config.test; })).config.result; runTest = module: (evalTest ({ config, ... }: { imports = [ module ]; result = config.test; })).config.result;
testModules = [ testModules = [

View file

@ -21,29 +21,20 @@ let
in in
nodesList ++ lib.optional (lib.length nodesList == 1 && !lib.elem "machine" nodesList) "machine"; nodesList ++ lib.optional (lib.length nodesList == 1 && !lib.elem "machine" nodesList) "machine";
# TODO: This is an implementation error and needs fixing pythonizeName = name:
# the testing famework cannot legitimately restrict hostnames further let
# beyond RFC1035 head = lib.substring 0 1 name;
invalidNodeNames = lib.filter tail = lib.substring 1 (-1) name;
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null) in
nodeHostNames; (if builtins.match "[A-z_]" head == null then "_" else head) +
lib.stringAsChars (c: if builtins.match "[A-z0-9_]" c == null then "_" else c) tail;
uniqueVlans = lib.unique (builtins.concatLists vlans); uniqueVlans = lib.unique (builtins.concatLists vlans);
vlanNames = map (i: "vlan${toString i}: VLan;") uniqueVlans; vlanNames = map (i: "vlan${toString i}: VLan;") uniqueVlans;
machineNames = map (name: "${name}: Machine;") nodeHostNames; pythonizedNames = map pythonizeName nodeHostNames;
machineNames = map (name: "${name}: Machine;") pythonizedNames;
withChecks = withChecks = lib.warnIf config.skipLint "Linting is disabled";
if lib.length invalidNodeNames > 0 then
throw ''
Cannot create machines out of (${lib.concatStringsSep ", " invalidNodeNames})!
All machines are referenced as python variables in the testing framework which will break the
script when special characters are used.
This is an IMPLEMENTATION ERROR and needs to be fixed. Meanwhile,
please stick to alphanumeric chars and underscores as separation.
''
else
lib.warnIf config.skipLint "Linting is disabled";
driver = driver =
hostPkgs.runCommand "nixos-test-driver-${config.name}" hostPkgs.runCommand "nixos-test-driver-${config.name}"
@ -87,7 +78,7 @@ let
${testDriver}/bin/generate-driver-symbols ${testDriver}/bin/generate-driver-symbols
${lib.optionalString (!config.skipLint) '' ${lib.optionalString (!config.skipLint) ''
PYFLAKES_BUILTINS="$( PYFLAKES_BUILTINS="$(
echo -n ${lib.escapeShellArg (lib.concatStringsSep "," nodeHostNames)}, echo -n ${lib.escapeShellArg (lib.concatStringsSep "," pythonizedNames)},
< ${lib.escapeShellArg "driver-symbols"} < ${lib.escapeShellArg "driver-symbols"}
)" ${hostPkgs.python3Packages.pyflakes}/bin/pyflakes $out/test-script )" ${hostPkgs.python3Packages.pyflakes}/bin/pyflakes $out/test-script
''} ''}

View file

@ -1,13 +1,22 @@
testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: testModuleArgs@{ config, lib, hostPkgs, nodes, ... }:
let let
inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc; inherit (lib)
literalExpression
system = hostPkgs.stdenv.hostPlatform.system; literalMD
mapAttrs
mdDoc
mkDefault
mkIf
mkOption mkForce
optional
optionalAttrs
types
;
baseOS = baseOS =
import ../eval-config.nix { import ../eval-config.nix {
inherit system; system = null; # use modularly defined system
inherit (config.node) specialArgs; inherit (config.node) specialArgs;
modules = [ config.defaults ]; modules = [ config.defaults ];
baseModules = (import ../../modules/module-list.nix) ++ baseModules = (import ../../modules/module-list.nix) ++
@ -17,11 +26,17 @@ let
({ config, ... }: ({ config, ... }:
{ {
virtualisation.qemu.package = testModuleArgs.config.qemu.package; virtualisation.qemu.package = testModuleArgs.config.qemu.package;
})
(optionalAttrs (!config.node.pkgsReadOnly) {
key = "nodes.nix-pkgs";
config = {
# Ensure we do not use aliases. Ideally this is only set # Ensure we do not use aliases. Ideally this is only set
# when the test framework is used by Nixpkgs NixOS tests. # when the test framework is used by Nixpkgs NixOS tests.
nixpkgs.config.allowAliases = false; nixpkgs.config.allowAliases = false;
}) # TODO: switch to nixpkgs.hostPlatform and make sure containers-imperative test still evaluates.
nixpkgs.system = hostPkgs.stdenv.hostPlatform.system;
};
})
testModuleArgs.config.extraBaseModules testModuleArgs.config.extraBaseModules
]; ];
}; };
@ -68,6 +83,30 @@ in
default = { }; default = { };
}; };
node.pkgs = mkOption {
description = mdDoc ''
The Nixpkgs to use for the nodes.
Setting this will make the `nixpkgs.*` options read-only, to avoid mistakenly testing with a Nixpkgs configuration that diverges from regular use.
'';
type = types.nullOr types.pkgs;
default = null;
defaultText = literalMD ''
`null`, so construct `pkgs` according to the `nixpkgs.*` options as usual.
'';
};
node.pkgsReadOnly = mkOption {
description = mdDoc ''
Whether to make the `nixpkgs.*` options read-only. This is only relevant when [`node.pkgs`](#test-opt-node.pkgs) is set.
Set this to `false` when any of the [`nodes`](#test-opt-nodes) needs to configure any of the `nixpkgs.*` options. This will slow down evaluation of your test a bit.
'';
type = types.bool;
default = config.node.pkgs != null;
defaultText = literalExpression ''node.pkgs != null'';
};
node.specialArgs = mkOption { node.specialArgs = mkOption {
type = types.lazyAttrsOf types.raw; type = types.lazyAttrsOf types.raw;
default = { }; default = { };
@ -100,5 +139,11 @@ in
config.nodes; config.nodes;
passthru.nodes = config.nodesCompat; passthru.nodes = config.nodesCompat;
defaults = mkIf config.node.pkgsReadOnly {
nixpkgs.pkgs = config.node.pkgs;
imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
};
}; };
} }

View file

@ -2,8 +2,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
{ {
imports = imports =
[ ../../../modules/virtualisation/cloudstack-config.nix ]; [ ../../../modules/virtualisation/cloudstack-config.nix ];

View file

@ -10,7 +10,7 @@ in {
imports = [ ../../../modules/virtualisation/amazon-image.nix ]; imports = [ ../../../modules/virtualisation/amazon-image.nix ];
# Amazon recomments setting this to the highest possible value for a good EBS # Amazon recommends setting this to the highest possible value for a good EBS
# experience, which prior to 4.15 was 255. # experience, which prior to 4.15 was 255.
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes
config.boot.kernelParams = config.boot.kernelParams =
@ -102,8 +102,8 @@ in {
${pkgs.jq}/bin/jq -n \ ${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \ --arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg root_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ --arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ --arg boot_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \ --arg boot_mode "${amiBootMode}" \
--arg root "$rootDisk" \ --arg root "$rootDisk" \
--arg boot "$bootDisk" \ --arg boot "$bootDisk" \
@ -142,7 +142,7 @@ in {
${pkgs.jq}/bin/jq -n \ ${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \ --arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ --arg logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \ --arg boot_mode "${amiBootMode}" \
--arg file "$diskImage" \ --arg file "$diskImage" \
'{} '{}

View file

@ -4,8 +4,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
{ {
imports = imports =
[ # Include the default lxd configuration. [ # Include the default lxd configuration.

View file

@ -1,7 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
with lib;
{ {
imports = [ imports = [
../../../modules/virtualisation/lxc-container.nix ../../../modules/virtualisation/lxc-container.nix

View file

@ -1,7 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
with lib;
# WARNING: THIS CONFIGURATION IS AUTOGENERATED AND WILL BE OVERWRITTEN AUTOMATICALLY # WARNING: THIS CONFIGURATION IS AUTOGENERATED AND WILL BE OVERWRITTEN AUTOMATICALLY
{ {

View file

@ -85,7 +85,7 @@ in
${pkgs.jq}/bin/jq -n \ ${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \ --arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg root_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ --arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${imageBootMode}" \ --arg boot_mode "${imageBootMode}" \
--arg root "$rootDisk" \ --arg root "$rootDisk" \
'{} '{}

View file

@ -29,7 +29,6 @@
# GNU GRUB, where available. # GNU GRUB, where available.
boot.loader.grub.enable = !pkgs.stdenv.isAarch32; boot.loader.grub.enable = !pkgs.stdenv.isAarch32;
boot.loader.grub.version = 2;
# GNU lsh. # GNU lsh.
services.openssh.enable = false; services.openssh.enable = false;

Some files were not shown because too many files have changed in this diff Show more