Project import generated by Copybara.
GitOrigin-RevId: 34ad166a830d3ac1541dcce571c52231f2f0865a
This commit is contained in:
parent
e03d386d75
commit
a4fd2de975
950 changed files with 10578 additions and 8115 deletions
|
@ -6,9 +6,7 @@
|
|||
<para>
|
||||
Kakoune can be built to autoload plugins:
|
||||
<programlisting>(kakoune.override {
|
||||
configure = {
|
||||
plugins = with pkgs.kakounePlugins; [ parinfer-rust ];
|
||||
};
|
||||
})</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -522,6 +522,16 @@ args.stdenv.mkDerivation (args // {
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
If it’s a <emphasis>terminal emulator</emphasis>:
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
<filename>applications/terminal-emulators</filename> (e.g. <filename>alacritty</filename> or <filename>rxvt</filename> or <filename>termite</filename>)
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
If it’s for <emphasis>video playback / editing</emphasis>:
|
||||
|
|
|
@ -265,6 +265,20 @@ To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This sc
|
|||
|
||||
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of Language Server Protocol integration with vim/neovim.
|
||||
|
||||
## Updating plugins in nixpkgs
|
||||
|
||||
Run the update script with a GitHub API token that has at least `public_repo` access. Running the script without the token is likely to result in rate-limiting (429 errors). For steps on creating an API token, please refer to [GitHub's token documentation](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token).
|
||||
|
||||
```sh
|
||||
GITHUB_API_TOKEN=my_token ./pkgs/misc/vim-plugins/update.py
|
||||
```
|
||||
|
||||
Alternatively, set the number of processes to a lower count to avoid rate-limiting.
|
||||
|
||||
```sh
|
||||
./pkgs/misc/vim-plugins/update.py --proc 1
|
||||
```
|
||||
|
||||
## Important repositories
|
||||
|
||||
- [vim-pi](https://bitbucket.org/vimcommunity/vim-pi) is a plugin repository
|
||||
|
|
2
third_party/nixpkgs/lib/sources.nix
vendored
2
third_party/nixpkgs/lib/sources.nix
vendored
|
@ -6,6 +6,7 @@ let
|
|||
hasContext
|
||||
match
|
||||
readDir
|
||||
split
|
||||
storeDir
|
||||
tryEval
|
||||
;
|
||||
|
@ -15,7 +16,6 @@ let
|
|||
isString
|
||||
pathExists
|
||||
readFile
|
||||
split
|
||||
;
|
||||
in
|
||||
rec {
|
||||
|
|
|
@ -1303,10 +1303,12 @@
|
|||
name = "Vladimir Serov";
|
||||
keys = [
|
||||
# compare with https://keybase.io/cab404
|
||||
{ longkeyid = "1BB96810926F4E715DEF567E6BA7C26C3FDF7BB3";
|
||||
{
|
||||
longkeyid = "1BB96810926F4E715DEF567E6BA7C26C3FDF7BB3";
|
||||
fingerprint = "rsa3072/0xCBDECF658C38079E";
|
||||
}
|
||||
{ longkeyid = "1EBC648C64D6045463013B3EB7EFFC271D55DB8A";
|
||||
{
|
||||
longkeyid = "1EBC648C64D6045463013B3EB7EFFC271D55DB8A";
|
||||
fingerprint = "ed25519/0xB7EFFC271D55DB8A";
|
||||
}
|
||||
];
|
||||
|
@ -1431,10 +1433,12 @@
|
|||
githubId = 2054509;
|
||||
name = "Constantine Evans";
|
||||
keys = [
|
||||
{ longkeyid = "rsa4096/0xB67DB1D20A93A9F9";
|
||||
{
|
||||
longkeyid = "rsa4096/0xB67DB1D20A93A9F9";
|
||||
fingerprint = "32B1 6EE7 DBA5 16DE 526E 4C5A B67D B1D2 0A93 A9F9";
|
||||
}
|
||||
{ longkeyid = "rsa4096/0x1A1D58B86AE2AABD";
|
||||
{
|
||||
longkeyid = "rsa4096/0x1A1D58B86AE2AABD";
|
||||
fingerprint = "669C 1D24 5A87 DB34 6BE4 3216 1A1D 58B8 6AE2 AABD";
|
||||
}
|
||||
];
|
||||
|
@ -5685,12 +5689,6 @@
|
|||
githubId = 1387206;
|
||||
name = "Mike Sperber";
|
||||
};
|
||||
mildlyincompetent = {
|
||||
email = "nix@kch.dev";
|
||||
github = "mildlyincompetent";
|
||||
githubId = 19479662;
|
||||
name = "Kajetan Champlewski";
|
||||
};
|
||||
millerjason = {
|
||||
email = "mailings-github@millerjason.com";
|
||||
github = "millerjason";
|
||||
|
@ -6615,6 +6613,12 @@
|
|||
githubId = 131844;
|
||||
name = "Igor Pashev";
|
||||
};
|
||||
pasqui23 = {
|
||||
email = "p3dimaria@hotmail.it";
|
||||
github = "pasqui23";
|
||||
githubId = 6931743;
|
||||
name = "pasqui23";
|
||||
};
|
||||
patryk27 = {
|
||||
email = "wychowaniec.patryk@gmail.com";
|
||||
github = "Patryk27";
|
||||
|
@ -7275,10 +7279,12 @@
|
|||
github = "rissson";
|
||||
githubId = 18313093;
|
||||
keys = [
|
||||
{ longkeyid = "rsa4096/0xF6FD87B15C263EC9";
|
||||
{
|
||||
longkeyid = "rsa4096/0xF6FD87B15C263EC9";
|
||||
fingerprint = "8A0E 6A7C 08AB B9DE 67DE 2A13 F6FD 87B1 5C26 3EC9";
|
||||
}
|
||||
{ longkeyid = "ed25519/0xBBB7A6801DF1E03F";
|
||||
{
|
||||
longkeyid = "ed25519/0xBBB7A6801DF1E03F";
|
||||
fingerprint = "C0A7 A9BB 115B C857 4D75 EA99 BBB7 A680 1DF1 E03F";
|
||||
}
|
||||
];
|
||||
|
@ -7401,6 +7407,12 @@
|
|||
githubId = 1217934;
|
||||
name = "José Romildo Malaquias";
|
||||
};
|
||||
ronanmacf = {
|
||||
email = "macfhlar@tcd.ie";
|
||||
github = "ronanmacf";
|
||||
githubId = 25930627;
|
||||
name = "Ronan Mac Fhlannchadha";
|
||||
};
|
||||
rongcuid = {
|
||||
email = "rongcuid@outlook.com";
|
||||
github = "rongcuid";
|
||||
|
@ -8358,7 +8370,7 @@
|
|||
name = "Szczyp";
|
||||
};
|
||||
szlend = {
|
||||
email = "pub+nix@zlender.si";
|
||||
email = "pub.nix@zlender.si";
|
||||
github = "szlend";
|
||||
githubId = 7301807;
|
||||
name = "Simon Žlender";
|
||||
|
@ -9244,6 +9256,12 @@
|
|||
email = "kirill.wedens@gmail.com";
|
||||
name = "wedens";
|
||||
};
|
||||
wheelsandmetal = {
|
||||
email = "jakob@schmutz.co.uk";
|
||||
github = "wheelsandmetal";
|
||||
githubId = 13031455;
|
||||
name = "Jakob Schmutz";
|
||||
};
|
||||
WhittlesJr = {
|
||||
email = "alex.joseph.whitt@gmail.com";
|
||||
github = "WhittlesJr";
|
||||
|
@ -9328,7 +9346,7 @@
|
|||
email = "worldofpeace@protonmail.ch";
|
||||
github = "worldofpeace";
|
||||
githubId = 28888242;
|
||||
name = "worldofpeace";
|
||||
name = "WORLDofPEACE";
|
||||
};
|
||||
wscott = {
|
||||
email = "wsc9tt@gmail.com";
|
||||
|
@ -9880,4 +9898,10 @@
|
|||
github = "wilsonehusin";
|
||||
githubId = 14004487;
|
||||
};
|
||||
bb2020 = {
|
||||
email = "bb2020@users.noreply.github.com";
|
||||
github = "bb2020";
|
||||
githubId = 19290397;
|
||||
name = "Tunc Uzlu";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -63,6 +63,7 @@ let
|
|||
"--stringparam html.script './highlightjs/highlight.pack.js ./highlightjs/loader.js'"
|
||||
"--param xref.with.number.and.title 1"
|
||||
"--param toc.section.depth 0"
|
||||
"--param generate.consistent.ids 1"
|
||||
"--stringparam admon.style ''"
|
||||
"--stringparam callout.graphics.extension .svg"
|
||||
"--stringparam current.docid manual"
|
||||
|
|
|
@ -49,6 +49,12 @@
|
|||
<option>--flake</option> <replaceable>flake-uri</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--impure</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--channel</option>
|
||||
|
@ -100,6 +106,12 @@
|
|||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--keep-going</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--help</option>
|
||||
|
@ -295,6 +307,17 @@
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--keep-going</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Causes Nix to continue building derivations as far as possible
|
||||
in the face of failed builds.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--help</option>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-release-20.09">
|
||||
<title>Release 20.09 (“Nightingale”, 2020.10/26)</title>
|
||||
<title>Release 20.09 (“Nightingale”, 2020.10/27)</title>
|
||||
|
||||
<para>
|
||||
Support is planned until the end of April 2021, handing over to 21.03.
|
||||
|
@ -50,7 +50,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Desktop Enironments:
|
||||
Desktop Environments:
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
|
@ -65,7 +65,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>.
|
||||
gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -75,7 +75,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link>.
|
||||
NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -89,28 +89,28 @@
|
|||
|
||||
<listitem>
|
||||
<para>
|
||||
Agda ecosystem was heavily reworked (see more details below).
|
||||
Agda ecosystem was heavily reworked (see more details below)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
PHP now defaults to PHP 7.4, updated from 7.3.
|
||||
PHP now defaults to PHP 7.4, updated from 7.3
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release.
|
||||
PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Python 3 now defaults to Python 3.8 instead of 3.7.
|
||||
Python 3 now defaults to Python 3.8 instead of 3.7
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Python 3.5 has reached its upstream EOL at the end of September 2020: it
|
||||
has been removed from the list of available packages.
|
||||
Python 3.5 reached its upstream EOL at the end of September 2020: it
|
||||
has been removed from the list of available packages
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -191,7 +191,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project.
|
||||
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the <link xlink:href="https://sourceforge.net/projects/g15daemon/">g15daemon project</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -200,7 +200,7 @@
|
|||
allows to restrict non-default entries in the boot menu to one or more
|
||||
users. The users and passwords are defined via the option
|
||||
<option>boot.loader.grub.users</option>.
|
||||
Note: Password support is only avaiable in GRUB version 2.
|
||||
Note: Password support is only available in GRUB version 2.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -257,27 +257,27 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware.
|
||||
<xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module.
|
||||
<xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays.
|
||||
<xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards.
|
||||
<xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers.
|
||||
<xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -289,12 +289,12 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking.
|
||||
<xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration.
|
||||
<xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -306,12 +306,12 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root.
|
||||
<xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support.
|
||||
<xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -323,7 +323,7 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-boot.initrd.network.openvpn.enable" /> Start an OpenVPN client during initrd boot.
|
||||
<xref linkend="opt-boot.initrd.network.openvpn.enable" /> start an OpenVPN client during initrd boot
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -335,17 +335,17 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-boot.enableContainers" /> Use nixos-containers.
|
||||
<xref linkend="opt-boot.enableContainers" /> use nixos-containers
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-virtualisation.oci-containers.containers" /> Run OCI (Docker) containers.
|
||||
<xref linkend="opt-virtualisation.oci-containers.containers" /> run OCI (Docker) containers
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-virtualisation.podman.enable" /> Daemonless container engine.
|
||||
<xref linkend="opt-virtualisation.podman.enable" /> daemonless container engine
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -358,242 +358,237 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.ankisyncd.enable" /> Anki sync server.
|
||||
<xref linkend="opt-services.ankisyncd.enable" /> Anki sync server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.bazarr.enable" /> subtitle manager for Sonarr and Radarr.
|
||||
<xref linkend="opt-services.bazarr.enable" /> Subtitle manager for Sonarr and Radarr
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC.
|
||||
<xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet.
|
||||
<xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.cage.enable" /> Wayland cage service.
|
||||
<xref linkend="opt-services.cage.enable" /> Wayland cage service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser.
|
||||
<xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating helpers and shifts on large events.
|
||||
<xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating volunteers and shifts on large events
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.espanso.enable" /> text-expander written in rust.
|
||||
<xref linkend="opt-services.espanso.enable" /> text-expander written in rust
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client.
|
||||
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client.
|
||||
<xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool.
|
||||
<xref linkend="opt-services.go-neb.enable" /> Matrix bot
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.go-neb.enable" /> Matrix bot.
|
||||
<xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service.
|
||||
<xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent.
|
||||
<xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet.
|
||||
<xref linkend="opt-services.jirafeau.enable" /> A web file repository
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.jirafeau.enable" /> a web file repository.
|
||||
<xref linkend="opt-services.jitsi-meet.enable" /> Secure, simple and scalable video conferences
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.jitsi-meet.enable" /> secure, simple and scalable video conferences.
|
||||
<xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router.
|
||||
<xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server.
|
||||
<xref linkend="opt-services.k3s.enable" /> Lightweight Kubernetes distribution
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.k3s.enable" /> lightweight kubernetes distribution.
|
||||
<xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server.
|
||||
<xref linkend="opt-services.malcontent.enable" /> Parental Control support
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.malcontent.enable" /> parental control support.
|
||||
<xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge.
|
||||
<xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge.
|
||||
<xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service.
|
||||
<xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server.
|
||||
<xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon.
|
||||
<xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge.
|
||||
<xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service.
|
||||
<xref linkend="opt-services.nix-store-gcs-proxy" /> Google storage bucket to be used as a nix store
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.nix-store-gcs-proxy" /> Enable a Google storage bucket to be used as a nix store.
|
||||
<xref linkend="opt-services.onedrive.enable" /> OneDrive sync service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.onedrive.enable" /> OneDrive sync service.
|
||||
<xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service.
|
||||
<xref linkend="opt-services.pixiecore.enable" /> Manage network booting of machines
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.pixiecore.enable" /> manage network booting of machines.
|
||||
<xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server.
|
||||
<xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon.
|
||||
<xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge.
|
||||
<xref linkend="opt-services.rss-bridge.enable" /> Generate RSS and Atom feeds
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.rss-bridge.enable" /> generate RSS and Atom feeds.
|
||||
<xref linkend="opt-services.rtorrent.enable" /> rTorrent service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.rtorrent.enable" /> rTorrent service.
|
||||
<xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server.
|
||||
<xref linkend="opt-services.sogo.enable" /> SOGo groupware
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.sogo.enable" /> SOGo groupware.
|
||||
<xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server.
|
||||
<xref linkend="opt-services.torque.mom.enable" /> torque computing node
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.torque.mom.enable" /> torque computing node.
|
||||
<xref linkend="opt-services.torque.server.enable" /> torque server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.torque.server.enable" /> enable torque server.
|
||||
<xref linkend="opt-services.tuptime.enable" /> A total uptime service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.tuptime.enable" /> a total uptime service.
|
||||
<xref linkend="opt-services.urserver.enable" /> X11 remote server
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.urserver.enable" /> X11 remote server.
|
||||
<xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service.
|
||||
<xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge.
|
||||
<xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -733,7 +728,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
|
|||
It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instantiation:
|
||||
<programlisting>{
|
||||
services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec {
|
||||
phantomJsSupport = false;
|
||||
phantomJsSupport = true;
|
||||
});
|
||||
}</programlisting>
|
||||
</para>
|
||||
|
@ -1623,7 +1618,7 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
|
|||
nixpkgs. It was a work in progress to package the
|
||||
<link xlink:href="https://www.deepin.org/en/dde/">Deepin Desktop Environment (DDE)</link>,
|
||||
including libraries, tools and applications, and it was still
|
||||
missing a service to lauch the desktop environment. It has shown
|
||||
missing a service to launch the desktop environment. It has shown
|
||||
to no longer be a feasible goal due to reasons discussed in
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/94870">issue #94870</link>.
|
||||
The package <literal>netease-cloud-music</literal> has also been
|
||||
|
@ -1668,4 +1663,131 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
|
|||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-release-20.09-contributions">
|
||||
<title>Contributions</title>
|
||||
<para>
|
||||
I, Jonathan Ringer, would like to thank the following individuals for their work on nixpkgs. This release could not be done without the hard work of the NixOS community. There were 31282 contributions across 1313 contributors.
|
||||
</para>
|
||||
<orderedlist>
|
||||
<para>
|
||||
Top contributors to NixOS/Nixpkgs from the 20.03 release to the 20.09 release:
|
||||
</para>
|
||||
<listitem>
|
||||
<para>
|
||||
2288 Mario Rodas
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
1837 Frederik Rietdijk
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
946 Jörg Thalheim
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
925 Maximilian Bosch
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
687 Jonathan Ringer
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
651 Jan Tojnar
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
622 Daniël de Kok
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
605 WORLDofPEACE
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
597 Florian Klink
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
528 José Romildo Malaquias
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<orderedlist>
|
||||
<para>
|
||||
Top contributors to stabilizing this release (Zero Hydra Failures period):
|
||||
</para>
|
||||
<listitem>
|
||||
<para>
|
||||
281 volth
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
101 Robert Scott
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
86 Tim Steinbach
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
76 WORLDofPEACE
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
49 Maximilian Bosch
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
42 Thomas Tuegel
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
37 Doron Behar
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
36 Vladimír Čunát
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
27 Jonathan Ringer
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
27 Maciej Krüger
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
I, Jonathan Ringer, would also like to personally thank @WORLDofPEACE for their help in mentoring me on the release process. Special thanks also goes to Thomas Tuegel for helping immensely with stabilizing Qt, KDE, and Plasma5; I would also like to thank Robert Scott for his numerous fixes and pull request reviews.
|
||||
</para>
|
||||
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -132,6 +132,14 @@
|
|||
to <package>nextcloud20</package>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details.
|
||||
</para>
|
||||
<para>
|
||||
All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -28,6 +28,9 @@
|
|||
# partition of reasonable size is created in addition to the root partition.
|
||||
# For "legacy", the msdos partition table is used and a single large root
|
||||
# partition is created.
|
||||
# For "legacy+gpt", the GPT partition table is used, a 1MiB no-fs partition for
|
||||
# use by the bootloader is created, and a single large root partition is
|
||||
# created.
|
||||
# For "hybrid", the GPT partition table is used and a mandatory ESP
|
||||
# partition of reasonable size is created in addition to the root partition.
|
||||
# Also a legacy MBR will be present.
|
||||
|
@ -54,7 +57,7 @@
|
|||
format ? "raw"
|
||||
}:
|
||||
|
||||
assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "hybrid" || partitionTableType == "none";
|
||||
assert partitionTableType == "legacy" || partitionTableType == "legacy+gpt" || partitionTableType == "efi" || partitionTableType == "hybrid" || partitionTableType == "none";
|
||||
# We use -E offset=X below, which is only supported by e2fsprogs
|
||||
assert partitionTableType != "none" -> fsType == "ext4";
|
||||
|
||||
|
@ -75,6 +78,7 @@ let format' = format; in let
|
|||
|
||||
rootPartition = { # switch-case
|
||||
legacy = "1";
|
||||
"legacy+gpt" = "2";
|
||||
efi = "2";
|
||||
hybrid = "3";
|
||||
}.${partitionTableType};
|
||||
|
@ -85,6 +89,16 @@ let format' = format; in let
|
|||
mklabel msdos \
|
||||
mkpart primary ext4 1MiB -1
|
||||
'';
|
||||
"legacy+gpt" = ''
|
||||
parted --script $diskImage -- \
|
||||
mklabel gpt \
|
||||
mkpart no-fs 1MB 2MB \
|
||||
set 1 bios_grub on \
|
||||
align-check optimal 1 \
|
||||
mkpart primary ext4 2MB -1 \
|
||||
align-check optimal 2 \
|
||||
print
|
||||
'';
|
||||
efi = ''
|
||||
parted --script $diskImage -- \
|
||||
mklabel gpt \
|
||||
|
|
|
@ -57,7 +57,7 @@ in {
|
|||
inherit (cfg) contents format name;
|
||||
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
|
||||
partitionTableType = if config.ec2.efi then "efi"
|
||||
else if config.ec2.hvm then "legacy"
|
||||
else if config.ec2.hvm then "legacy+gpt"
|
||||
else "none";
|
||||
diskSize = cfg.sizeMB;
|
||||
fsType = "ext4";
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -p awscli -p jq -p qemu -i bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
# Uploads and registers NixOS images built from the
|
||||
# <nixos/release.nix> amazonImage attribute. Images are uploaded and
|
||||
# registered via a home region, and then copied to other regions.
|
||||
|
||||
# The home region requires an s3 bucket, and a "vmimport" IAM role
|
||||
# with access to the S3 bucket. Configuration of the vmimport role is
|
||||
# documented in
|
||||
# The home region requires an s3 bucket, and an IAM role named "vmimport"
|
||||
# (by default) with access to the S3 bucket. The name can be
|
||||
# configured with the "service_role_name" variable. Configuration of the
|
||||
# vmimport role is documented in
|
||||
# https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
|
||||
|
||||
# set -x
|
||||
|
@ -17,6 +19,7 @@ set -euo pipefail
|
|||
state_dir=$HOME/amis/ec2-images
|
||||
home_region=eu-west-1
|
||||
bucket=nixos-amis
|
||||
service_role_name=vmimport
|
||||
|
||||
regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1
|
||||
us-east-1 us-east-2 us-west-1 us-west-2
|
||||
|
@ -64,7 +67,7 @@ image_logical_bytes=$(read_image_info .logical_bytes)
|
|||
|
||||
# Derived attributes
|
||||
|
||||
image_logical_gigabytes=$((($image_logical_bytes-1)/1024/1024/1024+1)) # Round to the next GB
|
||||
image_logical_gigabytes=$(((image_logical_bytes-1)/1024/1024/1024+1)) # Round to the next GB
|
||||
|
||||
case "$image_system" in
|
||||
aarch64-linux)
|
||||
|
@ -100,7 +103,7 @@ write_state() {
|
|||
local type=$2
|
||||
local val=$3
|
||||
|
||||
mkdir -p $state_dir
|
||||
mkdir -p "$state_dir"
|
||||
echo "$val" > "$state_dir/$state_key.$type"
|
||||
}
|
||||
|
||||
|
@ -110,8 +113,8 @@ wait_for_import() {
|
|||
local state snapshot_id
|
||||
log "Waiting for import task $task_id to be completed"
|
||||
while true; do
|
||||
read state progress snapshot_id < <(
|
||||
aws ec2 describe-import-snapshot-tasks --region $region --import-task-ids "$task_id" | \
|
||||
read -r state progress snapshot_id < <(
|
||||
aws ec2 describe-import-snapshot-tasks --region "$region" --import-task-ids "$task_id" | \
|
||||
jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail | "\(.Status) \(.Progress) \(.SnapshotId)"'
|
||||
)
|
||||
log " ... state=$state progress=$progress snapshot_id=$snapshot_id"
|
||||
|
@ -125,6 +128,8 @@ wait_for_import() {
|
|||
;;
|
||||
*)
|
||||
log "Unexpected snapshot import state: '${state}'"
|
||||
log "Full response: "
|
||||
aws ec2 describe-import-snapshot-tasks --region "$region" --import-task-ids "$task_id" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
@ -138,8 +143,8 @@ wait_for_image() {
|
|||
log "Waiting for image $ami_id to be available"
|
||||
|
||||
while true; do
|
||||
read state < <(
|
||||
aws ec2 describe-images --image-ids "$ami_id" --region $region | \
|
||||
read -r state < <(
|
||||
aws ec2 describe-images --image-ids "$ami_id" --region "$region" | \
|
||||
jq -r ".Images[].State"
|
||||
)
|
||||
log " ... state=$state"
|
||||
|
@ -163,7 +168,7 @@ make_image_public() {
|
|||
local region=$1
|
||||
local ami_id=$2
|
||||
|
||||
wait_for_image $region "$ami_id"
|
||||
wait_for_image "$region" "$ami_id"
|
||||
|
||||
log "Making image $ami_id public"
|
||||
|
||||
|
@ -177,27 +182,30 @@ upload_image() {
|
|||
local aws_path=${image_file#/}
|
||||
|
||||
local state_key="$region.$image_label.$image_system"
|
||||
local task_id=$(read_state "$state_key" task_id)
|
||||
local snapshot_id=$(read_state "$state_key" snapshot_id)
|
||||
local ami_id=$(read_state "$state_key" ami_id)
|
||||
local task_id
|
||||
task_id=$(read_state "$state_key" task_id)
|
||||
local snapshot_id
|
||||
snapshot_id=$(read_state "$state_key" snapshot_id)
|
||||
local ami_id
|
||||
ami_id=$(read_state "$state_key" ami_id)
|
||||
|
||||
if [ -z "$task_id" ]; then
|
||||
log "Checking for image on S3"
|
||||
if ! aws s3 ls --region "$region" "s3://${bucket}/${aws_path}" >&2; then
|
||||
log "Image missing from aws, uploading"
|
||||
aws s3 cp --region $region "$image_file" "s3://${bucket}/${aws_path}" >&2
|
||||
aws s3 cp --region "$region" "$image_file" "s3://${bucket}/${aws_path}" >&2
|
||||
fi
|
||||
|
||||
log "Importing image from S3 path s3://$bucket/$aws_path"
|
||||
|
||||
task_id=$(aws ec2 import-snapshot --disk-container "{
|
||||
task_id=$(aws ec2 import-snapshot --role-name "$service_role_name" --disk-container "{
|
||||
\"Description\": \"nixos-image-${image_label}-${image_system}\",
|
||||
\"Format\": \"vhd\",
|
||||
\"UserBucket\": {
|
||||
\"S3Bucket\": \"$bucket\",
|
||||
\"S3Key\": \"$aws_path\"
|
||||
}
|
||||
}" --region $region | jq -r '.ImportTaskId')
|
||||
}" --region "$region" | jq -r '.ImportTaskId')
|
||||
|
||||
write_state "$state_key" task_id "$task_id"
|
||||
fi
|
||||
|
@ -221,16 +229,16 @@ upload_image() {
|
|||
--virtualization-type hvm
|
||||
)
|
||||
|
||||
block_device_mappings+=(DeviceName=/dev/sdb,VirtualName=ephemeral0)
|
||||
block_device_mappings+=(DeviceName=/dev/sdc,VirtualName=ephemeral1)
|
||||
block_device_mappings+=(DeviceName=/dev/sdd,VirtualName=ephemeral2)
|
||||
block_device_mappings+=(DeviceName=/dev/sde,VirtualName=ephemeral3)
|
||||
block_device_mappings+=("DeviceName=/dev/sdb,VirtualName=ephemeral0")
|
||||
block_device_mappings+=("DeviceName=/dev/sdc,VirtualName=ephemeral1")
|
||||
block_device_mappings+=("DeviceName=/dev/sdd,VirtualName=ephemeral2")
|
||||
block_device_mappings+=("DeviceName=/dev/sde,VirtualName=ephemeral3")
|
||||
|
||||
ami_id=$(
|
||||
aws ec2 register-image \
|
||||
--name "$image_name" \
|
||||
--description "$image_description" \
|
||||
--region $region \
|
||||
--region "$region" \
|
||||
--architecture $amazon_arch \
|
||||
--block-device-mappings "${block_device_mappings[@]}" \
|
||||
"${extra_flags[@]}" \
|
||||
|
@ -240,7 +248,7 @@ upload_image() {
|
|||
write_state "$state_key" ami_id "$ami_id"
|
||||
fi
|
||||
|
||||
make_image_public $region "$ami_id"
|
||||
make_image_public "$region" "$ami_id"
|
||||
|
||||
echo "$ami_id"
|
||||
}
|
||||
|
@ -268,7 +276,7 @@ copy_to_region() {
|
|||
write_state "$state_key" ami_id "$ami_id"
|
||||
fi
|
||||
|
||||
make_image_public $region "$ami_id"
|
||||
make_image_public "$region" "$ami_id"
|
||||
|
||||
echo "$ami_id"
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ let
|
|||
|
||||
x11Fonts = pkgs.runCommand "X11-fonts" { preferLocalBuild = true; } ''
|
||||
mkdir -p "$out/share/X11/fonts"
|
||||
font_regexp='.*\.\(ttf\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?'
|
||||
font_regexp='.*\.\(ttf\|ttc\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?'
|
||||
find ${toString config.fonts.fonts} -regex "$font_regexp" \
|
||||
-exec ln -sf -t "$out/share/X11/fonts" '{}' \;
|
||||
cd "$out/share/X11/fonts"
|
||||
|
|
|
@ -64,7 +64,7 @@ while [ "$#" -gt 0 ]; do
|
|||
--no-bootloader)
|
||||
noBootLoader=1
|
||||
;;
|
||||
--show-trace)
|
||||
--show-trace|--impure|--keep-going)
|
||||
extraBuildFlags+=("$i")
|
||||
;;
|
||||
--help)
|
||||
|
|
|
@ -468,7 +468,7 @@ in
|
|||
#minecraft = 114; # unused
|
||||
vault = 115;
|
||||
#ripped = 116; # unused
|
||||
#murmur = 117; # unused
|
||||
murmur = 117;
|
||||
foundationdb = 118;
|
||||
newrelic = 119;
|
||||
starbound = 120;
|
||||
|
|
|
@ -173,6 +173,7 @@
|
|||
./programs/wavemon.nix
|
||||
./programs/waybar.nix
|
||||
./programs/wireshark.nix
|
||||
./programs/wshowkeys.nix
|
||||
./programs/x2goserver.nix
|
||||
./programs/xfs_quota.nix
|
||||
./programs/xonsh.nix
|
||||
|
|
22
third_party/nixpkgs/nixos/modules/programs/wshowkeys.nix
vendored
Normal file
22
third_party/nixpkgs/nixos/modules/programs/wshowkeys.nix
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.programs.wshowkeys;
|
||||
in {
|
||||
meta.maintainers = with maintainers; [ primeos ];
|
||||
|
||||
options = {
|
||||
programs.wshowkeys = {
|
||||
enable = mkEnableOption ''
|
||||
wshowkeys (displays keypresses on screen on supported Wayland
|
||||
compositors). It requires root permissions to read input events, but
|
||||
these permissions are dropped after startup'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
security.wrappers.wshowkeys.source = "${pkgs.wshowkeys}/bin/wshowkeys";
|
||||
};
|
||||
}
|
|
@ -63,7 +63,7 @@ let
|
|||
script = with builtins; concatStringsSep "\n" (mapAttrsToList (cert: data: ''
|
||||
for fixpath in /var/lib/acme/${escapeShellArg cert} /var/lib/acme/.lego/${escapeShellArg cert}; do
|
||||
if [ -d "$fixpath" ]; then
|
||||
chmod -R 750 "$fixpath"
|
||||
chmod -R u=rwX,g=rX,o= "$fixpath"
|
||||
chown -R acme:${data.group} "$fixpath"
|
||||
fi
|
||||
done
|
||||
|
@ -271,7 +271,7 @@ let
|
|||
|
||||
mv domainhash.txt certificates/
|
||||
chmod 640 certificates/*
|
||||
chmod -R 700 accounts/*
|
||||
chmod -R u=rwX,g=,o= accounts/*
|
||||
|
||||
# Group might change between runs, re-apply it
|
||||
chown 'acme:${data.group}' certificates/*
|
||||
|
|
|
@ -25,19 +25,18 @@ in
|
|||
];
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.services.hercules-ci-agent = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
path = [ config.nix.package ];
|
||||
startLimitBurst = 30 * 1000000; # practically infinite
|
||||
serviceConfig = {
|
||||
User = "hercules-ci-agent";
|
||||
ExecStart = command;
|
||||
ExecStartPre = testCommand;
|
||||
Restart = "on-failure";
|
||||
RestartSec = 120;
|
||||
StartLimitBurst = 30 * 1000000; # practically infinite
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -69,11 +69,16 @@ in
|
|||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Defines how users authenticate themselves to the server. By
|
||||
default, "trust" access to local users will always be granted
|
||||
along with any other custom options. If you do not want this,
|
||||
set this option using "lib.mkForce" to override this
|
||||
behaviour.
|
||||
Defines how users authenticate themselves to the server. See the
|
||||
<link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">
|
||||
PostgreSQL documentation for pg_hba.conf</link>
|
||||
for details on the expected format of this option. By default,
|
||||
peer based authentication will be used for users connecting
|
||||
via the Unix socket, and md5 password authentication will be
|
||||
used for users connecting via TCP. Any added rules will be
|
||||
inserted above the default rules. If you'd like to replace the
|
||||
default rules entirely, you can use <function>lib.mkForce</function> in your
|
||||
module.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -40,10 +40,10 @@ let cfg = config.services.victoriametrics; in
|
|||
systemd.services.victoriametrics = {
|
||||
description = "VictoriaMetrics time series database";
|
||||
after = [ "network.target" ];
|
||||
startLimitBurst = 5;
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 1;
|
||||
StartLimitBurst = 5;
|
||||
StateDirectory = "victoriametrics";
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
|
|
|
@ -151,14 +151,13 @@ in with lib; {
|
|||
description = "LCDproc - client";
|
||||
after = [ "lcdd.service" ];
|
||||
wantedBy = [ "lcd.target" ];
|
||||
# Allow restarting for eternity
|
||||
startLimitIntervalSec = lib.mkIf cfg.client.restartForever 0;
|
||||
serviceConfig = serviceCfg // {
|
||||
ExecStart = "${pkg}/bin/lcdproc -f -c ${clientCfg}";
|
||||
# If the server is being restarted at the same time, the client will
|
||||
# fail as it cannot connect, so space it out a bit.
|
||||
RestartSec = "5";
|
||||
# Allow restarting for eternity
|
||||
StartLimitIntervalSec = lib.mkIf cfg.client.restartForever "0";
|
||||
StartLimitBurst = lib.mkIf cfg.client.restartForever "0";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -39,7 +39,7 @@ in
|
|||
default = "";
|
||||
description = ''
|
||||
Verbatim additional configuration variables for TLP.
|
||||
DEPRECATED: use services.tlp.config instead.
|
||||
DEPRECATED: use services.tlp.settings instead.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -3,7 +3,12 @@
|
|||
with lib;
|
||||
let
|
||||
cfg = config.services.undervolt;
|
||||
cliArgs = lib.cli.toGNUCommandLineShell {} {
|
||||
|
||||
mkPLimit = limit: window:
|
||||
if (isNull limit && isNull window) then null
|
||||
else assert asserts.assertMsg (!isNull limit && !isNull window) "Both power limit and window must be set";
|
||||
"${toString limit} ${toString window}";
|
||||
cliArgs = lib.cli.toGNUCommandLine {} {
|
||||
inherit (cfg)
|
||||
verbose
|
||||
temp
|
||||
|
@ -21,6 +26,9 @@ let
|
|||
|
||||
temp-bat = cfg.tempBat;
|
||||
temp-ac = cfg.tempAc;
|
||||
|
||||
power-limit-long = mkPLimit cfg.p1.limit cfg.p1.window;
|
||||
power-limit-short = mkPLimit cfg.p2.limit cfg.p2.window;
|
||||
};
|
||||
in
|
||||
{
|
||||
|
@ -104,6 +112,40 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
p1.limit = mkOption {
|
||||
type = with types; nullOr int;
|
||||
default = null;
|
||||
description = ''
|
||||
The P1 Power Limit in Watts.
|
||||
Both limit and window must be set.
|
||||
'';
|
||||
};
|
||||
p1.window = mkOption {
|
||||
type = with types; nullOr (oneOf [ float int ]);
|
||||
default = null;
|
||||
description = ''
|
||||
The P1 Time Window in seconds.
|
||||
Both limit and window must be set.
|
||||
'';
|
||||
};
|
||||
|
||||
p2.limit = mkOption {
|
||||
type = with types; nullOr int;
|
||||
default = null;
|
||||
description = ''
|
||||
The P2 Power Limit in Watts.
|
||||
Both limit and window must be set.
|
||||
'';
|
||||
};
|
||||
p2.window = mkOption {
|
||||
type = with types; nullOr (oneOf [ float int ]);
|
||||
default = null;
|
||||
description = ''
|
||||
The P2 Time Window in seconds.
|
||||
Both limit and window must be set.
|
||||
'';
|
||||
};
|
||||
|
||||
useTimer = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -133,7 +175,7 @@ in
|
|||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
Restart = "no";
|
||||
ExecStart = "${pkgs.undervolt}/bin/undervolt ${cliArgs}";
|
||||
ExecStart = "${pkgs.undervolt}/bin/undervolt ${toString cliArgs}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -427,12 +427,12 @@ in
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
restartTriggers = [ cfg.configFile modulesDir ];
|
||||
|
||||
startLimitIntervalSec = 60; # 1 min
|
||||
serviceConfig = {
|
||||
ExecStart = "${dovecotPkg}/sbin/dovecot -F";
|
||||
ExecReload = "${dovecotPkg}/sbin/doveadm reload";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "1s";
|
||||
StartLimitInterval = "1min";
|
||||
RuntimeDirectory = [ "dovecot2" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -37,9 +37,9 @@ in {
|
|||
description = "Autorandr execution hook";
|
||||
after = [ "sleep.target" ];
|
||||
|
||||
startLimitIntervalSec = 5;
|
||||
startLimitBurst = 1;
|
||||
serviceConfig = {
|
||||
StartLimitInterval = 5;
|
||||
StartLimitBurst = 1;
|
||||
ExecStart = "${pkgs.autorandr}/bin/autorandr --batch --change --default ${cfg.defaultTarget}";
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = false;
|
||||
|
|
|
@ -126,12 +126,12 @@ in
|
|||
GPU_USE_SYNC_OBJECTS = "1";
|
||||
};
|
||||
|
||||
startLimitIntervalSec = 60; # 1 min
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.cgminer}/bin/cgminer --syslog --text-only --config ${cgminerConfig}";
|
||||
User = cfg.user;
|
||||
RestartSec = "30s";
|
||||
Restart = "always";
|
||||
StartLimitInterval = "1m";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -32,14 +32,14 @@ in
|
|||
wantedBy = [ "graphical-session.target" ];
|
||||
partOf = [ "graphical-session.target" ];
|
||||
|
||||
startLimitIntervalSec = 350;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.safeeyes}/bin/safeeyes
|
||||
'';
|
||||
Restart = "on-failure";
|
||||
RestartSec = 3;
|
||||
StartLimitInterval = 350;
|
||||
StartLimitBurst = 10;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ let
|
|||
|
||||
cmdlineArgs = cfg.extraFlags ++ [
|
||||
"--storage.tsdb.path=${workingDir}/data/"
|
||||
"--config.file=${prometheusYml}"
|
||||
"--config.file=/run/prometheus/prometheus-substituted.yaml"
|
||||
"--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}"
|
||||
"--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"
|
||||
"--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s"
|
||||
|
@ -522,6 +522,45 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/root/prometheus.env";
|
||||
description = ''
|
||||
Environment file as defined in <citerefentry>
|
||||
<refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>.
|
||||
|
||||
Secrets may be passed to the service without adding them to the
|
||||
world-readable Nix store, by specifying placeholder variables as
|
||||
the option value in Nix and setting these variables accordingly in the
|
||||
environment file.
|
||||
|
||||
Environment variables from this file will be interpolated into the
|
||||
config file using envsubst with this syntax:
|
||||
<literal>$ENVIRONMENT ''${VARIABLE}</literal>
|
||||
|
||||
<programlisting>
|
||||
# Example scrape config entry handling an OAuth bearer token
|
||||
{
|
||||
job_name = "home_assistant";
|
||||
metrics_path = "/api/prometheus";
|
||||
scheme = "https";
|
||||
bearer_token = "\''${HOME_ASSISTANT_BEARER_TOKEN}";
|
||||
[...]
|
||||
}
|
||||
</programlisting>
|
||||
|
||||
<programlisting>
|
||||
# Content of the environment file
|
||||
HOME_ASSISTANT_BEARER_TOKEN=someoauthbearertoken
|
||||
</programlisting>
|
||||
|
||||
Note that this file needs to be available on the host on which
|
||||
<literal>Prometheus</literal> is running.
|
||||
'';
|
||||
};
|
||||
|
||||
configText = mkOption {
|
||||
type = types.nullOr types.lines;
|
||||
default = null;
|
||||
|
@ -662,12 +701,19 @@ in {
|
|||
systemd.services.prometheus = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
preStart = ''
|
||||
${lib.getBin pkgs.envsubst}/bin/envsubst -o "/run/prometheus/prometheus-substituted.yaml" \
|
||||
-i "${prometheusYml}"
|
||||
'';
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/prometheus" +
|
||||
optionalString (length cmdlineArgs != 0) (" \\\n " +
|
||||
concatStringsSep " \\\n " cmdlineArgs);
|
||||
User = "prometheus";
|
||||
Restart = "always";
|
||||
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
|
||||
RuntimeDirectory = "prometheus";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
WorkingDirectory = workingDir;
|
||||
StateDirectory = cfg.stateDir;
|
||||
};
|
||||
|
|
|
@ -31,14 +31,14 @@ in
|
|||
after = [ "NetworkManager-wait-online.service" "network.target" ];
|
||||
preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer";
|
||||
|
||||
startLimitIntervalSec = 60;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart = "${pkgs.teamviewer}/bin/teamviewerd -d";
|
||||
PIDFile = "/run/teamviewerd.pid";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
Restart = "on-abort";
|
||||
StartLimitInterval = "60";
|
||||
StartLimitBurst = "10";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -28,6 +28,9 @@ let
|
|||
|
||||
# Don't start services that are not yet initialized
|
||||
unitConfig.ConditionPathExists = "/var/lib/${stateDirectory}/keyring";
|
||||
startLimitBurst =
|
||||
if daemonType == "osd" then 30 else if lib.elem daemonType ["mgr" "mds"] then 3 else 5;
|
||||
startLimitIntervalSec = 60 * 30; # 30 mins
|
||||
|
||||
serviceConfig = {
|
||||
LimitNOFILE = 1048576;
|
||||
|
@ -39,8 +42,6 @@ let
|
|||
ProtectHome = "true";
|
||||
ProtectSystem = "full";
|
||||
Restart = "on-failure";
|
||||
StartLimitBurst = "5";
|
||||
StartLimitInterval = "30min";
|
||||
StateDirectory = stateDirectory;
|
||||
User = "ceph";
|
||||
Group = if daemonType == "osd" then "disk" else "ceph";
|
||||
|
@ -48,13 +49,10 @@ let
|
|||
-f --cluster ${clusterName} --id ${daemonId}'';
|
||||
} // optionalAttrs (daemonType == "osd") {
|
||||
ExecStartPre = ''${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}'';
|
||||
StartLimitBurst = "30";
|
||||
RestartSec = "20s";
|
||||
PrivateDevices = "no"; # osd needs disk access
|
||||
} // optionalAttrs ( daemonType == "mon") {
|
||||
RestartSec = "10";
|
||||
} // optionalAttrs (lib.elem daemonType ["mgr" "mds"]) {
|
||||
StartLimitBurst = "3";
|
||||
};
|
||||
});
|
||||
|
||||
|
|
|
@ -87,9 +87,37 @@ in
|
|||
description = "Babel routing daemon";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile}";
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile} -I /run/babeld/babeld.pid -S /var/lib/babeld/state";
|
||||
CapabilityBoundingSet = [ "CAP_NET_ADMIN" ];
|
||||
IPAddressAllow = [ "fe80::/64" "ff00::/8" "::1/128" "127.0.0.0/8" ];
|
||||
IPAddressDeny = "any";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = false; # Couldn't write sysctl: Read-only file system
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
RestrictAddressFamilies = [ "AF_NETLINK" "AF_INET6" ];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
RemoveIPC = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = false; # kernel_route(ADD): Operation not permitted
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [ "@system-service" ];
|
||||
UMask = "0177";
|
||||
RuntimeDirectory = "babeld";
|
||||
StateDirectory = "babeld";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -158,15 +158,21 @@ let
|
|||
type = types.attrs;
|
||||
default = {};
|
||||
example = literalExample '' {
|
||||
alternative_estimate_fee = "whatthefee-disabled";
|
||||
alternative_estimate_fee_params = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}";
|
||||
fiat_rates = "coingecko";
|
||||
fiat_rates_params = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}";
|
||||
coin_shortcut = "BTC";
|
||||
coin_label = "Bitcoin";
|
||||
xpub_magic = 76067358;
|
||||
xpub_magic_segwit_p2sh = 77429938;
|
||||
xpub_magic_segwit_native = 78792518;
|
||||
"alternative_estimate_fee" = "whatthefee-disabled";
|
||||
"alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}";
|
||||
"fiat_rates" = "coingecko";
|
||||
"fiat_rates_params" = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}";
|
||||
"coin_shortcut" = "BTC";
|
||||
"coin_label" = "Bitcoin";
|
||||
"parse" = true;
|
||||
"subversion" = "";
|
||||
"address_format" = "";
|
||||
"xpub_magic" = 76067358;
|
||||
"xpub_magic_segwit_p2sh" = 77429938;
|
||||
"xpub_magic_segwit_native" = 78792518;
|
||||
"mempool_workers" = 8;
|
||||
"mempool_sub_workers" = 2;
|
||||
"block_addresses_to_keep" = 300;
|
||||
}'';
|
||||
description = ''
|
||||
Additional configurations to be appended to <filename>coin.conf</filename>.
|
||||
|
|
|
@ -264,10 +264,10 @@ in
|
|||
''
|
||||
);
|
||||
|
||||
startLimitIntervalSec = 0;
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
Restart = "always";
|
||||
StartLimitInterval = 0;
|
||||
RestartSec = 1;
|
||||
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID";
|
||||
ProtectSystem = true;
|
||||
|
|
|
@ -41,6 +41,7 @@ in {
|
|||
systemd.services.dnsdist = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
startLimitIntervalSec = 0;
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
|
||||
|
|
|
@ -29,9 +29,9 @@ with lib;
|
|||
# Needed for ping
|
||||
"/run/wrappers"
|
||||
];
|
||||
startLimitBurst = 5;
|
||||
startLimitIntervalSec = 20;
|
||||
serviceConfig = {
|
||||
StartLimitBurst = 5;
|
||||
StartLimitIntervalSec = 20;
|
||||
ExecStart = "${pkgs.mullvad-vpn}/bin/mullvad-daemon -v --disable-stdout-timestamps";
|
||||
Restart = "always";
|
||||
RestartSec = 1;
|
||||
|
|
|
@ -278,6 +278,10 @@ in
|
|||
home = "/var/lib/murmur";
|
||||
createHome = true;
|
||||
uid = config.ids.uids.murmur;
|
||||
group = "murmur";
|
||||
};
|
||||
users.groups.murmur = {
|
||||
gid = config.ids.gids.murmur;
|
||||
};
|
||||
|
||||
systemd.services.murmur = {
|
||||
|
@ -300,6 +304,7 @@ in
|
|||
RuntimeDirectory = "murmur";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
User = "murmur";
|
||||
Group = "murmur";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -165,6 +165,8 @@ in
|
|||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
startLimitIntervalSec = 120;
|
||||
startLimitBurst = 5;
|
||||
serviceConfig = {
|
||||
User = "namecoin";
|
||||
Group = "namecoin";
|
||||
|
@ -176,8 +178,6 @@ in
|
|||
TimeoutStopSec = "60s";
|
||||
TimeoutStartSec = "2s";
|
||||
Restart = "always";
|
||||
StartLimitInterval = "120s";
|
||||
StartLimitBurst = "5";
|
||||
};
|
||||
|
||||
preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") ''
|
||||
|
|
|
@ -28,9 +28,9 @@ in {
|
|||
environment = {
|
||||
SERVICE_RUN_MODE = "1";
|
||||
};
|
||||
startLimitIntervalSec = 5;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
StartLimitInterval = 5;
|
||||
StartLimitBurst = 10;
|
||||
ExecStart = "${pkgs.nextdns}/bin/nextdns run ${escapeShellArgs config.services.nextdns.arguments}";
|
||||
RestartSec = 120;
|
||||
LimitMEMLOCK = "infinity";
|
||||
|
|
|
@ -42,9 +42,9 @@ in
|
|||
description = "A HTTP nix store that proxies requests to Google Storage";
|
||||
wantedBy = ["multi-user.target"];
|
||||
|
||||
startLimitIntervalSec = 10;
|
||||
serviceConfig = {
|
||||
RestartSec = 5;
|
||||
StartLimitInterval = 10;
|
||||
ExecStart = ''
|
||||
${pkgs.nix-store-gcs-proxy}/bin/nix-store-gcs-proxy \
|
||||
--bucket-name ${cfg.bucketName} \
|
||||
|
|
|
@ -916,14 +916,14 @@ in
|
|||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
startLimitBurst = 4;
|
||||
startLimitIntervalSec = 5 * 60; # 5 mins
|
||||
serviceConfig = {
|
||||
ExecStart = "${nsdPkg}/sbin/nsd -d -c ${nsdEnv}/nsd.conf";
|
||||
StandardError = "null";
|
||||
PIDFile = pidFile;
|
||||
Restart = "always";
|
||||
RestartSec = "4s";
|
||||
StartLimitBurst = 4;
|
||||
StartLimitInterval = "5min";
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
|
|
|
@ -103,6 +103,8 @@ in
|
|||
rm -f '${cfg.stateDir}/supybot.cfg.bak'
|
||||
'';
|
||||
|
||||
startLimitIntervalSec = 5 * 60; # 5 min
|
||||
startLimitBurst = 1;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pyEnv}/bin/supybot ${cfg.stateDir}/supybot.cfg";
|
||||
PIDFile = "/run/supybot.pid";
|
||||
|
@ -110,8 +112,6 @@ in
|
|||
Group = "supybot";
|
||||
UMask = "0007";
|
||||
Restart = "on-abort";
|
||||
StartLimitInterval = "5m";
|
||||
StartLimitBurst = "1";
|
||||
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
|
|
|
@ -17,6 +17,7 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.tailscale ]; # for the CLI
|
||||
systemd.services.tailscale = {
|
||||
description = "Tailscale client daemon";
|
||||
|
||||
|
@ -24,10 +25,7 @@ in {
|
|||
wants = [ "network-pre.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
unitConfig = {
|
||||
StartLimitIntervalSec = 0;
|
||||
StartLimitBurst = 0;
|
||||
};
|
||||
startLimitIntervalSec = 0;
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart =
|
||||
|
|
|
@ -131,6 +131,8 @@ in
|
|||
|
||||
restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients.
|
||||
|
||||
startLimitIntervalSec = 60;
|
||||
startLimitBurst = 3;
|
||||
serviceConfig = {
|
||||
User = "vault";
|
||||
Group = "vault";
|
||||
|
@ -145,8 +147,6 @@ in
|
|||
KillSignal = "SIGINT";
|
||||
TimeoutStopSec = "30s";
|
||||
Restart = "on-failure";
|
||||
StartLimitInterval = "60s";
|
||||
StartLimitBurst = 3;
|
||||
};
|
||||
|
||||
unitConfig.RequiresMountsFor = optional (cfg.storagePath != null) cfg.storagePath;
|
||||
|
|
|
@ -197,7 +197,7 @@ in
|
|||
install -D -m 600 -o '${cfg.user}' -g '${cfg.group}' /dev/stdin \
|
||||
'${cfg.home}/${settingsDir}/settings.json'
|
||||
'')];
|
||||
ExecStart="${pkgs.transmission}/bin/transmission-daemon -f";
|
||||
ExecStart="${pkgs.transmission}/bin/transmission-daemon -f -g ${cfg.home}/${settingsDir}";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
|
|
@ -10,7 +10,7 @@ in {
|
|||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Whether to enable engelsystem, an online tool for coordinating helpers
|
||||
Whether to enable engelsystem, an online tool for coordinating volunteers
|
||||
and shifts on large events.
|
||||
'';
|
||||
type = lib.types.bool;
|
||||
|
|
|
@ -224,6 +224,8 @@ in
|
|||
chmod -R u+w ${dataDir}/${wikiIdent}/underlay
|
||||
'';
|
||||
|
||||
startLimitIntervalSec = 30;
|
||||
|
||||
serviceConfig = {
|
||||
User = user;
|
||||
Group = group;
|
||||
|
@ -237,7 +239,6 @@ in
|
|||
|
||||
Restart = "on-failure";
|
||||
RestartSec = "2s";
|
||||
StartLimitIntervalSec = "30s";
|
||||
|
||||
StateDirectory = "moin/${wikiIdent}";
|
||||
StateDirectoryMode = "0750";
|
||||
|
|
|
@ -549,9 +549,7 @@ in {
|
|||
};
|
||||
"/" = {
|
||||
priority = 900;
|
||||
extraConfig = if major < 20
|
||||
then "rewrite ^ /index.php;"
|
||||
else "try_files $uri $uri/ /index.php$request_uri;";
|
||||
extraConfig = "rewrite ^ /index.php;";
|
||||
};
|
||||
"~ ^/store-apps" = {
|
||||
priority = 201;
|
||||
|
@ -575,7 +573,7 @@ in {
|
|||
"~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)".extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
${if major < 20 then "~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" else "~ \\.php(?:$|/)"} = {
|
||||
"~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" = {
|
||||
priority = 500;
|
||||
extraConfig = ''
|
||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||
|
|
|
@ -37,11 +37,60 @@ in {
|
|||
description = "Shiori simple bookmarks manager";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment.SHIORI_DIR = "/var/lib/shiori";
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'";
|
||||
|
||||
DynamicUser = true;
|
||||
Environment = "SHIORI_DIR=/var/lib/shiori";
|
||||
StateDirectory = "shiori";
|
||||
# As the RootDirectory
|
||||
RuntimeDirectory = "shiori";
|
||||
|
||||
# Security options
|
||||
|
||||
BindReadOnlyPaths = [
|
||||
"/nix/store"
|
||||
|
||||
# For SSL certificates, and the resolv.conf
|
||||
"/etc"
|
||||
];
|
||||
|
||||
CapabilityBoundingSet = "";
|
||||
|
||||
DeviceAllow = "";
|
||||
|
||||
LockPersonality = true;
|
||||
|
||||
MemoryDenyWriteExecute = true;
|
||||
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
|
||||
RestrictNamespaces = true;
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
|
||||
RootDirectory = "/run/shiori";
|
||||
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
|
||||
"~@chown" "~@cpu-emulation" "~@debug" "~@ipc" "~@keyring" "~@memlock"
|
||||
"~@module" "~@obsolete" "~@privileged" "~@process" "~@raw-io"
|
||||
"~@resources" "~@setuid"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -24,6 +24,10 @@ let
|
|||
${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${adaptedConfig} ${tlsJSON} > $out
|
||||
'';
|
||||
in {
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2")
|
||||
];
|
||||
|
||||
options.services.caddy = {
|
||||
enable = mkEnableOption "Caddy web server";
|
||||
|
||||
|
@ -66,12 +70,6 @@ in {
|
|||
description = "Email address (for Let's Encrypt certificate)";
|
||||
};
|
||||
|
||||
agree = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = "Agree to Let's Encrypt Subscriber Agreement";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
default = "/var/lib/caddy";
|
||||
type = types.path;
|
||||
|
@ -103,6 +101,8 @@ in {
|
|||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
startLimitIntervalSec = 14400;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/caddy run --config ${configJSON}";
|
||||
ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}";
|
||||
|
@ -110,8 +110,6 @@ in {
|
|||
User = "caddy";
|
||||
Group = "caddy";
|
||||
Restart = "on-abnormal";
|
||||
StartLimitIntervalSec = 14400;
|
||||
StartLimitBurst = 10;
|
||||
AmbientCapabilities = "cap_net_bind_service";
|
||||
CapabilityBoundingSet = "cap_net_bind_service";
|
||||
NoNewPrivileges = true;
|
||||
|
|
|
@ -261,10 +261,7 @@ let
|
|||
ssl_trusted_certificate ${vhost.sslTrustedCertificate};
|
||||
''}
|
||||
|
||||
${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) ''
|
||||
auth_basic secured;
|
||||
auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth};
|
||||
''}
|
||||
${mkBasicAuth vhostName vhost}
|
||||
|
||||
${mkLocations vhost.locations}
|
||||
|
||||
|
@ -293,9 +290,19 @@ let
|
|||
${optionalString (config.return != null) "return ${config.return};"}
|
||||
${config.extraConfig}
|
||||
${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"}
|
||||
${mkBasicAuth "sublocation" config}
|
||||
}
|
||||
'') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));
|
||||
mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" (
|
||||
|
||||
mkBasicAuth = name: zone: optionalString (zone.basicAuthFile != null || zone.basicAuth != {}) (let
|
||||
auth_file = if zone.basicAuthFile != null
|
||||
then zone.basicAuthFile
|
||||
else mkHtpasswd name zone.basicAuth;
|
||||
in ''
|
||||
auth_basic secured;
|
||||
auth_basic_user_file ${auth_file};
|
||||
'');
|
||||
mkHtpasswd = name: authDef: pkgs.writeText "${name}.htpasswd" (
|
||||
concatStringsSep "\n" (mapAttrsToList (user: password: ''
|
||||
${user}:{PLAIN}${password}
|
||||
'') authDef)
|
||||
|
@ -693,6 +700,8 @@ in
|
|||
${cfg.preStart}
|
||||
${execCommand} -t
|
||||
'';
|
||||
|
||||
startLimitIntervalSec = 60;
|
||||
serviceConfig = {
|
||||
ExecStart = execCommand;
|
||||
ExecReload = [
|
||||
|
@ -701,7 +710,6 @@ in
|
|||
];
|
||||
Restart = "always";
|
||||
RestartSec = "10s";
|
||||
StartLimitInterval = "1min";
|
||||
# User and group
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
|
|
@ -9,6 +9,34 @@ with lib;
|
|||
|
||||
{
|
||||
options = {
|
||||
basicAuth = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{
|
||||
user = "password";
|
||||
};
|
||||
'';
|
||||
description = ''
|
||||
Basic Auth protection for a vhost.
|
||||
|
||||
WARNING: This is implemented to store the password in plain text in the
|
||||
Nix store.
|
||||
'';
|
||||
};
|
||||
|
||||
basicAuthFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
Basic Auth password file for a vhost.
|
||||
Can be created via: <command>htpasswd -c <filename> <username></command>.
|
||||
|
||||
WARNING: The generate file contains the users' passwords in a
|
||||
non-cryptographically-securely hashed way.
|
||||
'';
|
||||
};
|
||||
|
||||
proxyPass = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
|
|
@ -198,7 +198,7 @@ with lib;
|
|||
Basic Auth protection for a vhost.
|
||||
|
||||
WARNING: This is implemented to store the password in plain text in the
|
||||
nix store.
|
||||
Nix store.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -207,7 +207,10 @@ with lib;
|
|||
default = null;
|
||||
description = ''
|
||||
Basic Auth password file for a vhost.
|
||||
Can be created via: <command>htpasswd -c <filename> <username></command>
|
||||
Can be created via: <command>htpasswd -c <filename> <username></command>.
|
||||
|
||||
WARNING: The generate file contains the users' passwords in a
|
||||
non-cryptographically-securely hashed way.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -136,6 +136,8 @@ in {
|
|||
description = "Traefik web server";
|
||||
after = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
startLimitIntervalSec = 86400;
|
||||
startLimitBurst = 5;
|
||||
serviceConfig = {
|
||||
ExecStart =
|
||||
"${cfg.package}/bin/traefik --configfile=${staticConfigFile}";
|
||||
|
@ -143,8 +145,6 @@ in {
|
|||
User = "traefik";
|
||||
Group = cfg.group;
|
||||
Restart = "on-failure";
|
||||
StartLimitInterval = 86400;
|
||||
StartLimitBurst = 5;
|
||||
AmbientCapabilities = "cap_net_bind_service";
|
||||
CapabilityBoundingSet = "cap_net_bind_service";
|
||||
NoNewPrivileges = true;
|
||||
|
|
|
@ -200,7 +200,7 @@ in
|
|||
|
||||
security.wrappers = {
|
||||
kcheckpass.source = "${lib.getBin plasma5.kscreenlocker}/libexec/kcheckpass";
|
||||
start_kdeinit.source = "${lib.getBin pkgs.kinit}/libexec/kf5/start_kdeinit";
|
||||
start_kdeinit.source = "${lib.getBin pkgs.kdeFrameworks.kinit}/libexec/kf5/start_kdeinit";
|
||||
kwin_wayland = {
|
||||
source = "${lib.getBin plasma5.kwin}/bin/kwin_wayland";
|
||||
capabilities = "cap_sys_nice+ep";
|
||||
|
|
|
@ -9,7 +9,12 @@ let
|
|||
cfg = dmcfg.sddm;
|
||||
xEnv = config.systemd.services.display-manager.environment;
|
||||
|
||||
inherit (pkgs) sddm;
|
||||
sddm = if config.services.xserver.desktopManager.lxqt.enable then
|
||||
# TODO: Move lxqt to libsForQt515
|
||||
pkgs.libsForQt514.sddm
|
||||
else
|
||||
pkgs.libsForQt5.sddm
|
||||
;
|
||||
|
||||
xserverWrapper = pkgs.writeScript "xserver-wrapper" ''
|
||||
#!/bin/sh
|
||||
|
|
|
@ -82,6 +82,15 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
executable = mkOption {
|
||||
type = types.str;
|
||||
default = "/bin/redshift";
|
||||
example = "/bin/redshift-gtk";
|
||||
description = ''
|
||||
Redshift executable to use within the package.
|
||||
'';
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
|
@ -114,7 +123,7 @@ in {
|
|||
partOf = [ "graphical-session.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/redshift \
|
||||
${cfg.package}${cfg.executable} \
|
||||
-l ${providerString} \
|
||||
-t ${toString cfg.temperature.day}:${toString cfg.temperature.night} \
|
||||
-b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \
|
||||
|
|
|
@ -678,14 +678,14 @@ in
|
|||
|
||||
script = "${cfg.displayManager.job.execCmd}";
|
||||
|
||||
# Stop restarting if the display manager stops (crashes) 2 times
|
||||
# in one minute. Starting X typically takes 3-4s.
|
||||
startLimitIntervalSec = 30;
|
||||
startLimitBurst = 3;
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = "200ms";
|
||||
SyslogIdentifier = "display-manager";
|
||||
# Stop restarting if the display manager stops (crashes) 2 times
|
||||
# in one minute. Starting X typically takes 3-4s.
|
||||
StartLimitInterval = "30s";
|
||||
StartLimitBurst = "3";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -648,11 +648,13 @@ let
|
|||
"RapidCommit"
|
||||
"ForceDHCPv6PDOtherInformation"
|
||||
"PrefixDelegationHint"
|
||||
"RouteMetric"
|
||||
])
|
||||
(assertValueOneOf "UseDNS" boolValues)
|
||||
(assertValueOneOf "UseNTP" boolValues)
|
||||
(assertValueOneOf "RapidCommit" boolValues)
|
||||
(assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues)
|
||||
(assertInt "RouteMetric")
|
||||
];
|
||||
|
||||
sectionDHCPServer = checkUnitConfig "DHCPServer" [
|
||||
|
|
|
@ -120,7 +120,7 @@ eval "exec $logOutFd>&1 $logErrFd>&2"
|
|||
if test -w /dev/kmsg; then
|
||||
tee -i < /tmp/stage-1-init.log.fifo /proc/self/fd/"$logOutFd" | while read -r line; do
|
||||
if test -n "$line"; then
|
||||
echo "<7>stage-1-init: $line" > /dev/kmsg
|
||||
echo "<7>stage-1-init: [$(date)] $line" > /dev/kmsg
|
||||
fi
|
||||
done &
|
||||
else
|
||||
|
@ -356,6 +356,7 @@ mountFS() {
|
|||
case $options in
|
||||
*x-nixos.autoresize*)
|
||||
if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then
|
||||
modprobe "$fsType"
|
||||
echo "resizing $device..."
|
||||
e2fsck -fp "$device"
|
||||
resize2fs "$device"
|
||||
|
|
|
@ -210,12 +210,21 @@ in rec {
|
|||
'';
|
||||
};
|
||||
|
||||
startLimitBurst = mkOption {
|
||||
type = types.int;
|
||||
description = ''
|
||||
Configure unit start rate limiting. Units which are started
|
||||
more than startLimitBurst times within an interval time
|
||||
interval are not permitted to start any more.
|
||||
'';
|
||||
};
|
||||
|
||||
startLimitIntervalSec = mkOption {
|
||||
type = types.int;
|
||||
description = ''
|
||||
Configure unit start rate limiting. Units which are started
|
||||
more than burst times within an interval time interval are
|
||||
not permitted to start any more.
|
||||
more than startLimitBurst times within an interval time
|
||||
interval are not permitted to start any more.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -245,8 +254,7 @@ in rec {
|
|||
serviceConfig = mkOption {
|
||||
default = {};
|
||||
example =
|
||||
{ StartLimitInterval = 10;
|
||||
RestartSec = 5;
|
||||
{ RestartSec = 5;
|
||||
};
|
||||
type = types.addCheck (types.attrsOf unitOption) checkService;
|
||||
description = ''
|
||||
|
|
|
@ -243,6 +243,8 @@ let
|
|||
OnFailure = toString config.onFailure; }
|
||||
// optionalAttrs (options.startLimitIntervalSec.isDefined) {
|
||||
StartLimitIntervalSec = toString config.startLimitIntervalSec;
|
||||
} // optionalAttrs (options.startLimitBurst.isDefined) {
|
||||
StartLimitBurst = toString config.startLimitBurst;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -884,14 +886,25 @@ in
|
|||
|
||||
config = {
|
||||
|
||||
warnings = concatLists (mapAttrsToList (name: service:
|
||||
warnings = concatLists (
|
||||
mapAttrsToList
|
||||
(name: service:
|
||||
let
|
||||
type = service.serviceConfig.Type or "";
|
||||
restart = service.serviceConfig.Restart or "no";
|
||||
in optional
|
||||
(type == "oneshot" && (restart == "always" || restart == "on-success"))
|
||||
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'")
|
||||
cfg.services);
|
||||
hasDeprecated = builtins.hasAttr "StartLimitInterval" service.serviceConfig;
|
||||
in
|
||||
concatLists [
|
||||
(optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
|
||||
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'"
|
||||
)
|
||||
(optional hasDeprecated
|
||||
"Service '${name}.service' uses the attribute 'StartLimitInterval' in the Service section, which is deprecated. See https://github.com/NixOS/nixpkgs/issues/45786."
|
||||
)
|
||||
]
|
||||
)
|
||||
cfg.services
|
||||
);
|
||||
|
||||
system.build.units = cfg.units;
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ in
|
|||
];
|
||||
boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ];
|
||||
boot.initrd.availableKernelModules = [ "ixgbevf" "ena" "nvme" ];
|
||||
boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" ];
|
||||
boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" "random.trust_cpu=on" ];
|
||||
|
||||
# Prevent the nouveau kernel module from being loaded, as it
|
||||
# interferes with the nvidia/nvidia-uvm modules needed for CUDA.
|
||||
|
|
|
@ -329,5 +329,24 @@ let self = {
|
|||
"20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86";
|
||||
"20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d";
|
||||
|
||||
latest = self."20.03";
|
||||
# 20.09.1465.9a0b14b097d
|
||||
"20.09".eu-west-1.hvm-ebs = "ami-0d90f16418e3c364c";
|
||||
"20.09".eu-west-2.hvm-ebs = "ami-0635ec0780ea57cfe";
|
||||
"20.09".eu-west-3.hvm-ebs = "ami-0714e94352f2eabb9";
|
||||
"20.09".eu-central-1.hvm-ebs = "ami-0979d39762a4d2a02";
|
||||
"20.09".eu-north-1.hvm-ebs = "ami-0b14e273185c66e9b";
|
||||
"20.09".us-east-1.hvm-ebs = "ami-0f8b063ac3f2d9645";
|
||||
"20.09".us-east-2.hvm-ebs = "ami-0959202a0393fdd0c";
|
||||
"20.09".us-west-1.hvm-ebs = "ami-096d50833b785478b";
|
||||
"20.09".us-west-2.hvm-ebs = "ami-0fc31031df0df6104";
|
||||
"20.09".ca-central-1.hvm-ebs = "ami-0787786a38cde3905";
|
||||
"20.09".ap-southeast-1.hvm-ebs = "ami-0b3f693d3a2a0b9ae";
|
||||
"20.09".ap-southeast-2.hvm-ebs = "ami-02471872bc876b610";
|
||||
"20.09".ap-northeast-1.hvm-ebs = "ami-06505fd2bf44a59a7";
|
||||
"20.09".ap-northeast-2.hvm-ebs = "ami-0754b4c014eea1e8a";
|
||||
"20.09".ap-south-1.hvm-ebs = "ami-05100e32242ae65a6";
|
||||
"20.09".ap-east-1.hvm-ebs = "ami-045288859a39de009";
|
||||
"20.09".sa-east-1.hvm-ebs = "ami-0a937748db48fb00d";
|
||||
|
||||
latest = self."20.09";
|
||||
}; in self
|
||||
|
|
|
@ -242,6 +242,7 @@ in
|
|||
nfs4 = handleTest ./nfs { version = 4; };
|
||||
nghttpx = handleTest ./nghttpx.nix {};
|
||||
nginx = handleTest ./nginx.nix {};
|
||||
nginx-auth = handleTest ./nginx-auth.nix {};
|
||||
nginx-etag = handleTest ./nginx-etag.nix {};
|
||||
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
|
||||
nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {};
|
||||
|
|
21
third_party/nixpkgs/nixos/tests/common/acme/server/README.md
vendored
Normal file
21
third_party/nixpkgs/nixos/tests/common/acme/server/README.md
vendored
Normal file
|
@ -0,0 +1,21 @@
|
|||
# Fake Certificate Authority for ACME testing
|
||||
|
||||
This will set up a test node running [pebble](https://github.com/letsencrypt/pebble)
|
||||
to serve ACME certificate requests.
|
||||
|
||||
## "Snake oil" certs
|
||||
|
||||
The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235).
|
||||
The root of the issue is that Nix will hash the derivation based on the arguments
|
||||
to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will
|
||||
always generate a random certificate even if the arguments are unchanged. As a
|
||||
result, it's possible to end up in a situation where the cached and local
|
||||
generated certs mismatch and cause issues with testing.
|
||||
|
||||
To generate new certificates, run the following commands:
|
||||
|
||||
```bash
|
||||
nix-build generate-certs.nix
|
||||
cp result/* .
|
||||
rm result
|
||||
```
|
19
third_party/nixpkgs/nixos/tests/common/acme/server/acme.test.cert.pem
vendored
Normal file
19
third_party/nixpkgs/nixos/tests/common/acme/server/acme.test.cert.pem
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDLDCCAhSgAwIBAgIIRDAN3FHH//IwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMB4XDTIwMTAyMTEzMjgzNloXDTIyMTEy
|
||||
MDEzMjgzNlowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9
|
||||
Z4Xu5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeH
|
||||
pImHO/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCN
|
||||
Xf/LjIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/l
|
||||
EnHrkcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOY
|
||||
H+RfQfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABo3YwdDAOBgNVHQ8B
|
||||
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
|
||||
/wQCMAAwHwYDVR0jBBgwFoAU+8IZlLV/Qp5CXqpXMLvtxWlxcJwwFAYDVR0RBA0w
|
||||
C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQB0pe8I5/VDkB5VMgQB2GJV
|
||||
GKzyigfWbVez9uLmqMj9PPP/zzYKSYeq+91aMuOZrnH7NqBxSTwanULkmqAmhbJJ
|
||||
YkXw+FlFekf9FyxcuArzwzzNZDSGcjcdXpN8S2K1qkBd00iSJF9kU7pdZYCIKR20
|
||||
QirdBrELEfsJ3GU62a6N3a2YsrisZUvq5TbjGJDcytAtt+WG3gmV7RInLdFfPwbw
|
||||
bEHPCnx0uiV0nxLjd/aVT+RceVrFQVt4hR99jLoMlBitSKluZ1ljsrpIyroBhQT0
|
||||
pp/pVi6HJdijG0fsPrC325NEGAwcpotLUhczoeM/rffKJd54wLhDkfYxOyRZXivs
|
||||
-----END CERTIFICATE-----
|
27
third_party/nixpkgs/nixos/tests/common/acme/server/acme.test.key.pem
vendored
Normal file
27
third_party/nixpkgs/nixos/tests/common/acme/server/acme.test.key.pem
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9Z4Xu
|
||||
5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeHpImH
|
||||
O/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCNXf/L
|
||||
jIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/lEnHr
|
||||
kcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOYH+Rf
|
||||
QfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABAoIBADox/2FwVFo8ioS4
|
||||
R+Ex5OZjMAcjU6sX/516jTmlT05q2+UFerYgqB/YqXqtW/V9/brulN8VhmRRuRbO
|
||||
grq9TBu5o3hMDK0f18EkZB/MBnLbx594H033y6gEkPBZAyhRYtuNOEH3VwxdZhtW
|
||||
1Lu1EoiYSUqLcNMBy6+KWJ8GRaXyacMYBlj2lMHmyzkA/t1+2mwTGC3lT6zN0F5Y
|
||||
E5umXOxsn6Tb6q3KM9O5IvtmMMKpgj4HIHZLZ6j40nNgHwGRaAv4Sha/vx0DeBw3
|
||||
6VlNiTTPdShEkhESlM5/ocqTfI92VHJpM5gkqTYOWBi2aKIPfAopXoqoJdWl4pQ/
|
||||
NCFIu2ECgYEAzntNKIcQtf0ewe0/POo07SIFirvz6jVtYNMTzeQfL6CoEjYArJeu
|
||||
Vzc4wEQfA4ZFVerBb1/O6M449gI3zex1PH4AX0h8q8DSjrppK1Jt2TnpVh97k7Gg
|
||||
Tnat/M/yW3lWYkcMVJJ3AYurXLFTT1dYP0HvBwZN04yInrEcPNXKfmcCgYEAywyJ
|
||||
51d4AE94PrANathKqSI/gk8sP+L1gzylZCcUEAiGk/1r45iYB4HN2gvWbS+CvSdp
|
||||
F7ShlDWrTaNh2Bm1dgTjc4pWb4J+CPy/KN2sgLwIuM4+ZWIZmEDcio6khrM/gNqK
|
||||
aR7xUsvWsqU26O84woY/xR8IHjSNF7cFWE1H2c8CgYEAt6SSi2kVQ8dMg84uYE8t
|
||||
o3qO00U3OycpkOQqyQQLeKC62veMwfRl6swCfX4Y11mkcTXJtPTRYd2Ia8StPUkB
|
||||
PDwUuKoPt/JXUvoYb59wc7M+BIsbrdBdc2u6cw+/zfutCNuH6/AYSBeg4WAVaIuW
|
||||
wSwzG1xP+8cR+5IqOzEqWCECgYATweeVTCyQEyuHJghYMi2poXx+iIesu7/aAkex
|
||||
pB/Oo5W8xrb90XZRnK7UHbzCqRHWqAQQ23Gxgztk9ZXqui2vCzC6qGZauV7cLwPG
|
||||
zTMg36sVmHP314DYEM+k59ZYiQ6P0jQPoIQo407D2VGrfsOOIhQIcUmP7tsfyJ5L
|
||||
hlGMfwKBgGq4VNnnuX8I5kl03NpaKfG+M8jEHmVwtI9RkPTCCX9bMjeG0cDxqPTF
|
||||
TRkf3r8UWQTZ5QfAfAXYAOlZvmGhHjSembRbXMrMdi3rGsYRSrQL6n5NHnORUaMy
|
||||
FCWo4gyAnniry7tx9dVNgmHmbjEHuQnf8AC1r3dibRCjvJWUiQ8H
|
||||
-----END RSA PRIVATE KEY-----
|
20
third_party/nixpkgs/nixos/tests/common/acme/server/ca.cert.pem
vendored
Normal file
20
third_party/nixpkgs/nixos/tests/common/acme/server/ca.cert.pem
vendored
Normal file
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSzCCAjOgAwIBAgIIeHRvRrNvbGQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMCAXDTIwMTAyMTEzMjgzNloYDzIxMjAx
|
||||
MDIxMTMyODM2WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3ODc0NmYwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrNTzVLDJOKtGYGLU98EEcLKps
|
||||
tXHCLC6G54LKbEcU80fn+ArX8qsPSHyhdXQkcYjq6Vh/EDJ1TctyRSnvAjwyG4Aa
|
||||
1Zy1QFc/JnjMjvzimCkUc9lQ+wkLwHSM/KGwR1cGjmtQ/EMClZTA0NwulJsXMKVz
|
||||
bd5asXbq/yJTQ5Ww25HtdNjwRQXTvB7r3IKcY+DsED9CvFvC9oG/ZhtZqZuyyRdC
|
||||
kFUrrv8WNUDkWSN+lMR6xMx8v0583IN6f11IhX0b+svK98G81B2eswBdkzvVyv9M
|
||||
unZBO0JuJG8sdM502KhWLmzBC1ZbvgUBF9BumDRpMFH4DCj7+qQ2taWeGyc7AgMB
|
||||
AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
|
||||
BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT7whmUtX9CnkJe
|
||||
qlcwu+3FaXFwnDAfBgNVHSMEGDAWgBT7whmUtX9CnkJeqlcwu+3FaXFwnDANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEARMe1wKmF33GjEoLLw0oDDS4EdAv26BzCwtrlljsEtwQN
|
||||
95oSzUNd6o4Js7WCG2o543OX6cxzM+yju8TES3+vJKDgsbNMU0bWCv//tdrb0/G8
|
||||
OkU3Kfi5q4fOauZ1pqGv/pXdfYhZ5ieB/zwis3ykANe5JfB0XqwCb1Vd0C3UCIS2
|
||||
NPKngRwNSzphIsbzfvxGDkdM1enuGl5CVyDhrwTMqGaJGDSOv6U5jKFxKRvigqTN
|
||||
Ls9lPmT5NXYETduWLBR3yUIdH6kZXrcozZ02B9vjOB2Cv4RMDc+9eM30CLIWpf1I
|
||||
097e7JkhzxFhfC/bMMt3P1FeQc+fwH91wdBmNi7tQw==
|
||||
-----END CERTIFICATE-----
|
27
third_party/nixpkgs/nixos/tests/common/acme/server/ca.key.pem
vendored
Normal file
27
third_party/nixpkgs/nixos/tests/common/acme/server/ca.key.pem
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAqzU81SwyTirRmBi1PfBBHCyqbLVxwiwuhueCymxHFPNH5/gK
|
||||
1/KrD0h8oXV0JHGI6ulYfxAydU3LckUp7wI8MhuAGtWctUBXPyZ4zI784pgpFHPZ
|
||||
UPsJC8B0jPyhsEdXBo5rUPxDApWUwNDcLpSbFzClc23eWrF26v8iU0OVsNuR7XTY
|
||||
8EUF07we69yCnGPg7BA/QrxbwvaBv2YbWambsskXQpBVK67/FjVA5FkjfpTEesTM
|
||||
fL9OfNyDen9dSIV9G/rLyvfBvNQdnrMAXZM71cr/TLp2QTtCbiRvLHTOdNioVi5s
|
||||
wQtWW74FARfQbpg0aTBR+Awo+/qkNrWlnhsnOwIDAQABAoIBAA3ykVkgd5ysmlSU
|
||||
trcsCnHcJaojgff6l3PACoSpG4VWaGY6a8+54julgRm6MtMBONFCX0ZCsImj484U
|
||||
Wl0xRmwil2YYPuL5MeJgJPktMObY1IfpBCw3tz3w2M3fiuCMf0d2dMGtO1xLiUnH
|
||||
+hgFXTkfamsj6ThkOrbcQBSebeRxbKM5hqyCaQoieV+0IJnyxUVq/apib8N50VsH
|
||||
SHd4oqLUuEZgg6N70+l5DpzedJUb4nrwS/KhUHUBgnoPItYBCiGPmrwLk7fUhPs6
|
||||
kTDqJDtc/xW/JbjmzhWEpVvtumcC/OEKULss7HLdeQqwVBrRQkznb0M9AnSra3d0
|
||||
X11/Y4ECgYEA3FC8SquLPFb2lHK4+YbJ4Ac6QVWeYFEHiZ0Rj+CmONmjcAvOGLPE
|
||||
SblRLm3Nbrkxbm8FF6/AfXa/rviAKEVPs5xqGfSDw/3n1uInPcmShiBCLwM/jHH5
|
||||
NeVG+R5mTg5zyQ/pQMLWRcs+Ail+ZAnZuoGpW3Cdc8OtCUYFQ7XB6nsCgYEAxvBJ
|
||||
zFxcTtsDzWbMWXejugQiUqJcEbKWwEfkRbf3J2rAVO2+EFr7LxdRfN2VwPiTQcWc
|
||||
LnN2QN+ouOjqBMTh3qm5oQY+TLLHy86k9g1k0gXWkMRQgP2ZdfWH1HyrwjLUgLe1
|
||||
VezFN7N1azgy6xFkInAAvuA4loxElZNvkGBgekECgYA/Xw26ILvNIGqO6qzgQXAh
|
||||
+5I7JsiGheg4IjDiBMlrQtbrLMoceuD0H9UFGNplhel9DXwWgxxIOncKejpK2x0A
|
||||
2fX+/0FDh+4+9hA5ipiV8gN3iGSoHkSDxy5yC9d7jlapt+TtFt4Rd1OfxZWwatDw
|
||||
/8jaH3t6yAcmyrhK8KYVrwKBgAE5KwsBqmOlvyE9N5Z5QN189wUREIXfVkP6bTHs
|
||||
jq2EX4hmKdwJ4y+H8i1VY31bSfSGlY5HkXuWpH/2lrHO0CDBZG3UDwADvWzIaYVF
|
||||
0c/kz0v2mRQh+xaZmus4lQnNrDbaalgL666LAPbW0qFVaws3KxoBYPe0BxvwWyhF
|
||||
H3LBAoGBAKRRNsq2pWQ8Gqxc0rVoH0FlexU9U2ci3lsLmgEB0A/o/kQkSyAxaRM+
|
||||
VdKp3sWfO8o8lX5CVQslCNBSjDTNcat3Co4NEBLg6Xv1yKN/WN1GhusnchP9szsP
|
||||
oU47gC89QhUyWSd6vvr2z2NG9C3cACxe4dhDSHQcE4nHSldzCKv2
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -51,10 +51,7 @@
|
|||
# that it has to be started _before_ the ACME service.
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
testCerts = import ./snakeoil-certs.nix {
|
||||
minica = pkgs.minica;
|
||||
mkDerivation = pkgs.stdenv.mkDerivation;
|
||||
};
|
||||
testCerts = import ./snakeoil-certs.nix;
|
||||
domain = testCerts.domain;
|
||||
|
||||
resolver = let
|
||||
|
|
29
third_party/nixpkgs/nixos/tests/common/acme/server/generate-certs.nix
vendored
Normal file
29
third_party/nixpkgs/nixos/tests/common/acme/server/generate-certs.nix
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
# Minica can provide a CA key and cert, plus a key
|
||||
# and cert for our fake CA server's Web Front End (WFE).
|
||||
{
|
||||
pkgs ? import <nixpkgs> {},
|
||||
minica ? pkgs.minica,
|
||||
mkDerivation ? pkgs.stdenv.mkDerivation
|
||||
}:
|
||||
let
|
||||
conf = import ./snakeoil-certs.nix;
|
||||
domain = conf.domain;
|
||||
in mkDerivation {
|
||||
name = "test-certs";
|
||||
buildInputs = [ minica ];
|
||||
phases = [ "buildPhase" "installPhase" ];
|
||||
|
||||
buildPhase = ''
|
||||
minica \
|
||||
--ca-key ca.key.pem \
|
||||
--ca-cert ca.cert.pem \
|
||||
--domains ${domain}
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
mv ca.*.pem $out/
|
||||
mv ${domain}/key.pem $out/${domain}.key.pem
|
||||
mv ${domain}/cert.pem $out/${domain}.cert.pem
|
||||
'';
|
||||
}
|
|
@ -1,37 +1,13 @@
|
|||
# Minica can provide a CA key and cert, plus a key
|
||||
# and cert for our fake CA server's Web Front End (WFE).
|
||||
{ minica, mkDerivation }:
|
||||
let
|
||||
domain = "acme.test";
|
||||
|
||||
selfSignedCertData = mkDerivation {
|
||||
name = "test-certs";
|
||||
buildInputs = [ minica ];
|
||||
phases = [ "buildPhase" "installPhase" ];
|
||||
|
||||
buildPhase = ''
|
||||
mkdir ca
|
||||
minica \
|
||||
--ca-key ca/key.pem \
|
||||
--ca-cert ca/cert.pem \
|
||||
--domains ${domain}
|
||||
chmod 600 ca/*
|
||||
chmod 640 ${domain}/*.pem
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
mv ${domain} ca $out/
|
||||
'';
|
||||
};
|
||||
in {
|
||||
inherit domain;
|
||||
ca = {
|
||||
cert = "${selfSignedCertData}/ca/cert.pem";
|
||||
key = "${selfSignedCertData}/ca/key.pem";
|
||||
cert = ./ca.cert.pem;
|
||||
key = ./ca.key.pem;
|
||||
};
|
||||
"${domain}" = {
|
||||
cert = "${selfSignedCertData}/${domain}/cert.pem";
|
||||
key = "${selfSignedCertData}/${domain}/key.pem";
|
||||
cert = ./. + "/${domain}.cert.pem";
|
||||
key = ./. + "/${domain}.key.pem";
|
||||
};
|
||||
}
|
||||
|
|
91
third_party/nixpkgs/nixos/tests/firefox.nix
vendored
91
third_party/nixpkgs/nixos/tests/firefox.nix
vendored
|
@ -11,26 +11,105 @@ import ./make-test-python.nix ({ pkgs, esr ? false, ... }: {
|
|||
environment.systemPackages =
|
||||
(if esr then [ pkgs.firefox-esr ] else [ pkgs.firefox ])
|
||||
++ [ pkgs.xdotool ];
|
||||
|
||||
# Need some more memory to record audio.
|
||||
virtualisation.memorySize = "500";
|
||||
|
||||
# Create a virtual sound device, with mixing
|
||||
# and all, for recording audio.
|
||||
boot.kernelModules = [ "snd-aloop" ];
|
||||
sound.enable = true;
|
||||
sound.extraConfig = ''
|
||||
pcm.!default {
|
||||
type plug
|
||||
slave.pcm pcm.dmixer
|
||||
}
|
||||
pcm.dmixer {
|
||||
type dmix
|
||||
ipc_key 1
|
||||
slave {
|
||||
pcm "hw:Loopback,0,0"
|
||||
rate 48000
|
||||
periods 128
|
||||
period_time 0
|
||||
period_size 1024
|
||||
buffer_size 8192
|
||||
}
|
||||
}
|
||||
pcm.recorder {
|
||||
type hw
|
||||
card "Loopback"
|
||||
device 1
|
||||
subdevice 0
|
||||
}
|
||||
'';
|
||||
|
||||
systemd.services.audio-recorder = {
|
||||
description = "Record NixOS test audio to /tmp/record.wav";
|
||||
script = "${pkgs.alsaUtils}/bin/arecord -D recorder -f S16_LE -r48000 /tmp/record.wav";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
from contextlib import contextmanager
|
||||
|
||||
|
||||
@contextmanager
|
||||
def audio_recording(machine: Machine) -> None:
|
||||
"""
|
||||
Perform actions while recording the
|
||||
machine audio output.
|
||||
"""
|
||||
machine.systemctl("start audio-recorder")
|
||||
yield
|
||||
machine.systemctl("stop audio-recorder")
|
||||
|
||||
|
||||
def wait_for_sound(machine: Machine) -> None:
|
||||
"""
|
||||
Wait until any sound has been emitted.
|
||||
"""
|
||||
machine.wait_for_file("/tmp/record.wav")
|
||||
while True:
|
||||
# Get at most 2M of the recording
|
||||
machine.execute("tail -c 2M /tmp/record.wav > /tmp/last")
|
||||
# Get the exact size
|
||||
size = int(machine.succeed("stat -c '%s' /tmp/last").strip())
|
||||
# Compare it against /dev/zero using `cmp` (skipping 50B of WAVE header).
|
||||
# If some non-NULL bytes are found it returns 1.
|
||||
status, output = machine.execute(
|
||||
f"cmp -i 50 -n {size - 50} /tmp/last /dev/zero 2>&1"
|
||||
)
|
||||
if status == 1:
|
||||
break
|
||||
machine.sleep(2)
|
||||
|
||||
|
||||
machine.wait_for_x()
|
||||
|
||||
with subtest("wait until Firefox has finished loading the Valgrind docs page"):
|
||||
with subtest("Wait until Firefox has finished loading the Valgrind docs page"):
|
||||
machine.execute(
|
||||
"xterm -e 'firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' &"
|
||||
)
|
||||
machine.wait_for_window("Valgrind")
|
||||
machine.sleep(40)
|
||||
|
||||
with subtest("Check whether Firefox can play sound"):
|
||||
with audio_recording(machine):
|
||||
machine.succeed(
|
||||
"firefox file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga &"
|
||||
)
|
||||
wait_for_sound(machine)
|
||||
machine.copy_from_vm("/tmp/record.wav")
|
||||
|
||||
with subtest("Close sound test tab"):
|
||||
machine.execute("xdotool key ctrl+w")
|
||||
|
||||
with subtest("Close default browser prompt"):
|
||||
machine.execute("xdotool key space")
|
||||
|
||||
with subtest("Hide default browser window"):
|
||||
machine.sleep(2)
|
||||
machine.execute("xdotool key F12")
|
||||
|
||||
with subtest("wait until Firefox draws the developer tool panel"):
|
||||
with subtest("Wait until Firefox draws the developer tool panel"):
|
||||
machine.sleep(10)
|
||||
machine.succeed("xwininfo -root -tree | grep Valgrind")
|
||||
machine.screenshot("screen")
|
||||
|
|
47
third_party/nixpkgs/nixos/tests/nginx-auth.nix
vendored
Normal file
47
third_party/nixpkgs/nixos/tests/nginx-auth.nix
vendored
Normal file
|
@ -0,0 +1,47 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "nginx-auth";
|
||||
|
||||
nodes = {
|
||||
webserver = { pkgs, lib, ... }: {
|
||||
services.nginx = let
|
||||
root = pkgs.runCommand "testdir" {} ''
|
||||
mkdir "$out"
|
||||
echo hello world > "$out/index.html"
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
|
||||
virtualHosts.lockedroot = {
|
||||
inherit root;
|
||||
basicAuth.alice = "jane";
|
||||
};
|
||||
|
||||
virtualHosts.lockedsubdir = {
|
||||
inherit root;
|
||||
locations."/sublocation/" = {
|
||||
alias = "${root}/";
|
||||
basicAuth.bob = "john";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
webserver.wait_for_unit("nginx")
|
||||
webserver.wait_for_open_port(80)
|
||||
|
||||
webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot")
|
||||
webserver.succeed(
|
||||
"curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot"
|
||||
)
|
||||
|
||||
webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir")
|
||||
webserver.fail(
|
||||
"curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html"
|
||||
)
|
||||
webserver.succeed(
|
||||
"curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html"
|
||||
)
|
||||
'';
|
||||
})
|
|
@ -19,7 +19,6 @@ let
|
|||
secret_key = s3.secretKey;
|
||||
insecure = true;
|
||||
signature_version2 = false;
|
||||
encrypt_sse = false;
|
||||
put_user_metadata = {};
|
||||
http_config = {
|
||||
idle_conn_timeout = "0s";
|
||||
|
|
|
@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
|
|||
src = fetchFromGitHub {
|
||||
owner = "sjaehn";
|
||||
repo = pname;
|
||||
rev = "${version}";
|
||||
rev = version;
|
||||
sha256 = "1nd6byy75f0rbz9dm9drhxmpsfhxhg0y7q3v2m3098llynhy9k2j";
|
||||
};
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
|
|||
src = fetchFromGitHub {
|
||||
owner = "sjaehn";
|
||||
repo = pname;
|
||||
rev = "${version}";
|
||||
rev = version;
|
||||
sha256 = "0hagnn104ybzdp13r95idw20fhmzif8p3kmiypnr20m6c64rdd29";
|
||||
};
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
|
|||
src = fetchFromGitHub {
|
||||
owner = "sjaehn";
|
||||
repo = pname;
|
||||
rev = "${version}";
|
||||
rev = version;
|
||||
sha256 = "1f7xrljvsy7a1p8c7wln2zhwarl3ara7gbjxkpyh47wfdpigpdb0";
|
||||
};
|
||||
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
mkDerivation rec {
|
||||
pname = "drumkv1";
|
||||
version = "0.9.16";
|
||||
version = "0.9.18";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/drumkv1/${pname}-${version}.tar.gz";
|
||||
sha256 = "1r55575w9r0ifysw9mgxjvv0fszvx8ykjgim3zczf3mb5s9ngavv";
|
||||
sha256 = "1bzkaz7sqx1pvirja8zm7i2ckzl5ad6xspr4840389ik3l8qpnr5";
|
||||
};
|
||||
|
||||
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ];
|
||||
|
|
|
@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [ alsaLib audiofile libjack2 liblo liboil libsamplerate libsndfile lilv lv2 ];
|
||||
|
||||
meta = {
|
||||
description = "Ecasound is a software package designed for multitrack audio processing";
|
||||
description = "Software package designed for multitrack audio processing";
|
||||
license = with stdenv.lib.licenses; [ gpl2 lgpl21 ];
|
||||
homepage = "http://nosignal.fi/ecasound/";
|
||||
};
|
||||
|
|
|
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
meta = {
|
||||
homepage = "http://eflite.sourceforge.net";
|
||||
description = "EFlite is a speech server for screen readers";
|
||||
description = "Speech server for screen readers";
|
||||
longDescription = ''
|
||||
EFlite is a speech server for Emacspeak and other screen
|
||||
readers that allows them to interface with Festival Lite,
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
{ stdenv, fetchFromGitLab, cmake, pkg-config, redkite, libsndfile, rapidjson, libjack2, lv2, libX11, cairo }:
|
||||
{ stdenv, fetchFromGitLab, cmake, pkg-config, redkite, libsndfile, rapidjson
|
||||
, libjack2, lv2, libX11, cairo }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "geonkick";
|
||||
version = "2.3.8";
|
||||
version = "2.5.0";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "iurie-sw";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "07809yy2q7dd6fcp0yndlg1vw2ca2zisnsplb3xrxvzdvrqlw910";
|
||||
sha256 = "19zbz4v2n5ph4af721xls7ignmis2q2yqyd0m97g9b3njrgnfy3n";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
|
@ -16,13 +17,16 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [ redkite libsndfile rapidjson libjack2 lv2 libX11 cairo ];
|
||||
|
||||
# https://github.com/iurie-sw/geonkick/issues/120
|
||||
cmakeFlags = [ "-DGKICK_REDKITE_SDK_PATH=${redkite}" "-DCMAKE_INSTALL_LIBDIR=lib" ];
|
||||
cmakeFlags = [
|
||||
"-DGKICK_REDKITE_SDK_PATH=${redkite}"
|
||||
"-DCMAKE_INSTALL_LIBDIR=lib"
|
||||
];
|
||||
|
||||
meta = {
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://gitlab.com/iurie-sw/geonkick";
|
||||
description = "A free software percussion synthesizer";
|
||||
license = stdenv.lib.licenses.gpl3Plus;
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
maintainers = [ stdenv.lib.maintainers.magnetophon ];
|
||||
license = licenses.gpl3Plus;
|
||||
platforms = platforms.linux;
|
||||
maintainers = [ maintainers.magnetophon ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,12 +3,12 @@
|
|||
|
||||
mkDerivation rec {
|
||||
pname = "jamulus";
|
||||
version = "3.5.10";
|
||||
version = "3.6.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "corrados";
|
||||
repo = "jamulus";
|
||||
rev = "r${stdenv.lib.replaceStrings [ "." ] [ "_" ] version}";
|
||||
sha256 = "0bw2v40csjmlkvkhr3dh0g1a7mfqrs1xkqjsii61yfzy2ckbsi82";
|
||||
sha256 = "06x9b2kjsgk8kddhif0x59nwzhnwjmq40x3w5nrphqaimqlrhlcf";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config qmake ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, mkDerivation, lib, fetchzip, cmake, pkgconfig
|
||||
{ stdenv, mkDerivation, lib, fetchFromGitHub, cmake, pkgconfig
|
||||
, alsaLib, freetype, libjack2, lame, libogg, libpulseaudio, libsndfile, libvorbis
|
||||
, portaudio, portmidi, qtbase, qtdeclarative, qtgraphicaleffects
|
||||
, qtquickcontrols2, qtscript, qtsvg, qttools
|
||||
|
@ -7,12 +7,13 @@
|
|||
|
||||
mkDerivation rec {
|
||||
pname = "musescore";
|
||||
version = "3.5.0";
|
||||
version = "3.5.2";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://github.com/musescore/MuseScore/releases/download/v3.5/MuseScore-${version}.zip";
|
||||
sha256 = "0m598xh0s4f5m4l2ymy7g44bbvc14bcfi4gifhjnrg091rsk57c9";
|
||||
stripRoot = false;
|
||||
src = fetchFromGitHub {
|
||||
owner = "musescore";
|
||||
repo = "MuseScore";
|
||||
rev = "v${version}";
|
||||
sha256 = "VA0+npLUUXQJHalD01pmFTTum2Re7FiiyAwU1XvR93s=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -14,16 +14,16 @@ let
|
|||
in
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "ncspot";
|
||||
version = "0.2.3";
|
||||
version = "0.2.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "hrkfdn";
|
||||
repo = "ncspot";
|
||||
rev = "v${version}";
|
||||
sha256 = "08lxdd6biypxmzfc34cbrpsp9ajb157my4vc51ra5237b7jmy6vk";
|
||||
sha256 = "0vdg1ybzfj7xg8nmrb8q9vr8bpwcs52730v9v0413wjyxb7hcll2";
|
||||
};
|
||||
|
||||
cargoSha256 = "110mqm1md8x7vjw3hsy4yz8nj38h6mwrr357awchq52inxj3jmbk";
|
||||
cargoSha256 = "0afaxx8dv7jn48934ba0r8kd1h8l3k00sl83v07a1xqmfcmil2qf";
|
||||
|
||||
cargoBuildFlags = [ "--no-default-features" "--features" "${lib.concatStringsSep "," features}" ];
|
||||
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
{ stdenv, lib, cmake, pkgconfig, libogg, fetchFromGitHub, libiconv }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "opustags";
|
||||
version = "1.3.0";
|
||||
version = "1.4.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "fmang";
|
||||
repo = "opustags";
|
||||
rev = version;
|
||||
sha256 = "09z0cdg20algaj2yyhfz3hxh1biwjjvzx1pc2vdc64n8lkswqsc1";
|
||||
sha256 = "1y0czl72paawy342ff9ickaamkih43k59yfcdw7bnddypyfa7nbg";
|
||||
};
|
||||
|
||||
buildInputs = [ libogg ];
|
||||
|
|
|
@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Picoloop is a synth and a stepsequencer (a clone of the famous nanoloop)";
|
||||
description = "A synth and a stepsequencer (a clone of the famous nanoloop)";
|
||||
homepage = "https://github.com/yoyz/picoloop";
|
||||
platforms = platforms.linux;
|
||||
license = licenses.bsd3;
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ergo";
|
||||
version = "3.3.4";
|
||||
version = "3.3.5";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
|
||||
sha256 = "0psq0nxb4c0fsxjzjxb4sy6lh4kj4w8aizd81r92fdv8izbm25sk";
|
||||
sha256 = "0bxzpwwb42bppqli3zggx3lah7g6kwmy6k6k6dinypj6x0bafqcg";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
|
|
@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core }:
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "exodus";
|
||||
version = "20.8.28";
|
||||
version = "20.10.23";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
|
||||
sha256 = "fde9165f71f0d641f6892ddce3ec26d200e8095a383f2b4c8f924de4041d65ef";
|
||||
sha256 = "083hcxljqg36ilpy6xa4j455ngpc775qgam0dbj26kg7sh33dz2c";
|
||||
};
|
||||
|
||||
sourceRoot = ".";
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
|
||||
let
|
||||
pname = "ledger-live-desktop";
|
||||
version = "2.14.0";
|
||||
version = "2.15.0";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage";
|
||||
sha256 = "057g77nd8qxi8dw9sp7x068wsxmrpnsdfrca876f0bpw7lpb0bqq";
|
||||
sha256 = "06sm4ah05j0f3bxb1sbdi8mazmxk166y2gaycll6p2xhd105ins3";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extractType2 {
|
||||
|
|
|
@ -27,13 +27,13 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero-gui";
|
||||
version = "0.17.1.0";
|
||||
version = "0.17.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero-gui";
|
||||
rev = "v${version}";
|
||||
sha256 = "07r78ipv4g3i6z822kq380vi3qwlb958rccsy6lyybkhj9y0rx84";
|
||||
sha256 = "0aqhp4rmqsgwjb875kgh6qwz0wyyiag1fksyic9cnhgg5j5y95nx";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -75,11 +75,7 @@ stdenv.mkDerivation rec {
|
|||
'add_subdirectory(monero EXCLUDE_FROM_ALL)'
|
||||
'';
|
||||
|
||||
preConfigure = ''
|
||||
# because $out needs to be expanded
|
||||
cmakeFlagsArray+=("-DCMAKE_INSTALL_PREFIX=$out/bin")
|
||||
cmakeFlagsArray+=("-DARCH=${arch}")
|
||||
'';
|
||||
cmakeFlags = [ "-DARCH=${arch}" ];
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "monero-wallet-gui";
|
||||
|
|
|
@ -17,13 +17,13 @@ assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero";
|
||||
version = "0.17.1.0";
|
||||
version = "0.17.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero";
|
||||
rev = "v${version}";
|
||||
sha256 = "1cngniv7sndy8r0fcfgk737640k53q3kwd36g891p5igcb985qdw";
|
||||
sha256 = "18x27dm24k04vx0yz57zi02rk0wrmbn4wr8alqf48dq6z9wr0fhp";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
|
|||
enableParallelBuilding = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Sumokoin is a fork of Monero and a truely fungible cryptocurrency";
|
||||
description = "A fork of Monero and a truely fungible cryptocurrency";
|
||||
homepage = "https://www.sumokoin.org/";
|
||||
license = licenses.bsd3;
|
||||
maintainers = with maintainers; [ fpletz ];
|
||||
|
|
|
@ -19,9 +19,9 @@ let
|
|||
sha256Hash = "sha256-qbxmR9g8DSKzcP09bJuc+am79BSXWG39UQxFEb1bZ88=";
|
||||
};
|
||||
latestVersion = { # canary & dev
|
||||
version = "4.2.0.14"; # "Android Studio 4.2 Canary 14"
|
||||
build = "202.6907010";
|
||||
sha256Hash = "sha256-A6nl4uN25CWOjpwBvOQG26EZnJP5tNvSrGtoF+IQmtY=";
|
||||
version = "4.2.0.15"; # "Android Studio 4.2 Canary 15"
|
||||
build = "202.6922807";
|
||||
sha256Hash = "sha256-PXFNnPSJbdp9NtkMDR3Vq+vpWqd85Io2FmXPhRLRk/8=";
|
||||
};
|
||||
in {
|
||||
# Attributes are named by their corresponding release channels
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "glow";
|
||||
version = "1.0.2";
|
||||
version = "1.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "charmbracelet";
|
||||
repo = "glow";
|
||||
rev = "v${version}";
|
||||
sha256 ="0jyl5ln7c2naawmw7bljzrldr96xyb5rbis6y6blmyghr0vx07zb";
|
||||
sha256 = "016psbm93ni81k87i9gx3cjr59j1fmpq5x8vz0ydabczzdshd1py";
|
||||
};
|
||||
|
||||
vendorSha256 = "0z3r8fvpy36ybgb18sr0lril1sg8z7s99xv1a6g1v3zdnj3zimav";
|
||||
vendorSha256 = "0gvlbj8b5sqk93ahg4b2krwrmr8ljz7cah77fxaxcd98apap0pw6";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
|
|
|
@ -30,6 +30,15 @@ stdenv.mkDerivation rec {
|
|||
$out/bin/kak -ui json -E "kill 0"
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
# make share/kak/autoload a directory, so we can use symlinkJoin with plugins
|
||||
cd "$out/share/kak"
|
||||
autoload_target=$(readlink autoload)
|
||||
rm autoload
|
||||
mkdir autoload
|
||||
ln -s --relative "$autoload_target" autoload
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = "http://kakoune.org/";
|
||||
description = "A vim inspired text editor";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ pkgs, parinfer-rust }:
|
||||
{ pkgs, parinfer-rust, rep }:
|
||||
|
||||
{
|
||||
inherit parinfer-rust;
|
||||
inherit parinfer-rust rep;
|
||||
|
||||
case-kak = pkgs.callPackage ./case.kak.nix { };
|
||||
kak-ansi = pkgs.callPackage ./kak-ansi.nix { };
|
||||
|
|
|
@ -1,44 +1,31 @@
|
|||
{ stdenv, bash }:
|
||||
with stdenv.lib;
|
||||
|
||||
kakoune:
|
||||
{ symlinkJoin, makeWrapper, kakoune, plugins ? [], configure ? {} }:
|
||||
|
||||
let
|
||||
getPlugins = { plugins ? [] }: plugins;
|
||||
# "plugins" is the preferred way, but some configurations may be
|
||||
# using "configure.plugins", so accept both
|
||||
requestedPlugins = plugins ++ (configure.plugins or []);
|
||||
|
||||
wrapper = { configure ? {} }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "kakoune";
|
||||
version = getVersion kakoune;
|
||||
in
|
||||
symlinkJoin {
|
||||
name = "kakoune-${kakoune.version}";
|
||||
|
||||
src = ./.;
|
||||
buildCommand = ''
|
||||
mkdir -p $out/share/kak
|
||||
for plugin in ${strings.escapeShellArgs (getPlugins configure)}; do
|
||||
if [[ -d $plugin/share/kak/autoload ]]; then
|
||||
find "$plugin/share/kak/autoload" -type f -name '*.kak'| while read rcfile; do
|
||||
printf 'source "%s"\n' "$rcfile"
|
||||
done
|
||||
fi
|
||||
done >>$out/share/kak/plugins.kak
|
||||
buildInputs = [ makeWrapper ];
|
||||
|
||||
mkdir -p $out/bin
|
||||
substitute ${src}/wrapper.sh $out/bin/kak \
|
||||
--subst-var-by bash "${bash}" \
|
||||
--subst-var-by kakoune "${kakoune}" \
|
||||
--subst-var-by out "$out"
|
||||
chmod +x $out/bin/kak
|
||||
paths = [ kakoune ] ++ requestedPlugins;
|
||||
|
||||
postBuild = ''
|
||||
# location of kak binary is used to find ../share/kak/autoload,
|
||||
# unless explicitly overriden with KAKOUNE_RUNTIME
|
||||
rm "$out/bin/kak"
|
||||
makeWrapper "${kakoune}/bin/kak" "$out/bin/kak" --set KAKOUNE_RUNTIME "$out/share/kak"
|
||||
|
||||
# currently kakoune ignores doc files if they are symlinks, so workaround by
|
||||
# copying doc files over, so they become regular files...
|
||||
mkdir "$out/DELETE_ME"
|
||||
mv "$out/share/kak/doc" "$out/DELETE_ME"
|
||||
cp -r --dereference "$out/DELETE_ME/doc" "$out/share/kak"
|
||||
rm -Rf "$out/DELETE_ME"
|
||||
'';
|
||||
|
||||
preferLocalBuild = true;
|
||||
buildInputs = [ bash kakoune ];
|
||||
passthru = { unwrapped = kakoune; };
|
||||
|
||||
meta = kakoune.meta // {
|
||||
# prefer wrapper over the package
|
||||
priority = (kakoune.meta.priority or 0) - 1;
|
||||
hydraPlatforms = [];
|
||||
};
|
||||
};
|
||||
in
|
||||
makeOverridable wrapper
|
||||
meta = kakoune.meta // { priority = (kakoune.meta.priority or 0) - 1; };
|
||||
}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
#!@bash@/bin/bash
|
||||
|
||||
# We use the -E option to load plugins. This only makes sense when we are
|
||||
# starting a new session, so we detect that. Also, Kakoune can only handle
|
||||
# one -E option, so we prepend loading plugins to an existing one.
|
||||
args=( "$@" )
|
||||
loadPlugins=true
|
||||
EValueOffset=-1
|
||||
pluginScript='@out@/share/kak/plugins.kak'
|
||||
|
||||
for (( i = 0; i < ${#args[@]}; i++ )); do
|
||||
case "${args[i]}" in
|
||||
-n|-c|-l|-p|-clear|-version) loadPlugins=false;;
|
||||
-E) EValueOffset=$(( i + 1 ));;
|
||||
--) break;;
|
||||
esac
|
||||
case "${args[i]}" in
|
||||
-E|-c|-e|-s|-p|-f|-i|-ui|-debug) i=$(( i + 1 ));;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ $loadPlugins = true ]]; then
|
||||
if (( EValueOffset >= 0 )); then
|
||||
args[EValueOffset]="source '$pluginScript'"$'\n'"${args[EValueOffset]}"
|
||||
else
|
||||
args=( "-E" "source '$pluginScript'" "${args[@]}" )
|
||||
fi
|
||||
fi
|
||||
|
||||
exec @kakoune@/bin/kak "${args[@]}"
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue