Project import generated by Copybara.

GitOrigin-RevId: b3616bd96400ce0252c241d76fcafb64389defc6
This commit is contained in:
Default email 2021-01-15 23:18:51 +01:00
parent d12fb60c20
commit a5adf1ddd8
9177 changed files with 54612 additions and 40009 deletions

View file

@ -37,6 +37,7 @@
/pkgs/build-support/cc-wrapper @Ericson2314 @orivej
/pkgs/build-support/bintools-wrapper @Ericson2314 @orivej
/pkgs/build-support/setup-hooks @Ericson2314
/pkgs/build-support/setup-hooks/auto-patchelf.sh @aszlig
# Nixpkgs build-support
/pkgs/build-support/writers @lassulus @Profpatsch
@ -157,8 +158,8 @@
/nixos/modules/services/networking/ntp @thoughtpolice
# Dhall
/pkgs/development/dhall-modules @Gabriel439 @Profpatsch
/pkgs/development/interpreters/dhall @Gabriel439 @Profpatsch
/pkgs/development/dhall-modules @Gabriel439 @Profpatsch @ehmry
/pkgs/development/interpreters/dhall @Gabriel439 @Profpatsch @ehmry
# Idris
/pkgs/development/idris-modules @Infinisil

View file

@ -57,6 +57,7 @@ Follow these steps to backport a change into a release branch in compliance with
3. Create a branch for your change, e.g. `git checkout -b backport`.
4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe <original commit>` and add a reason. Otherwise use `git cherry-pick -x <original commit>`. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.09`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.09]`.
6. When the backport pull request is merged and you have the necessary privileges you can also replace the label `9.needs: port to stable` with `8.has: port to stable` on the original pull request. This way maintainers can keep track of missing backports easier.
## Reviewing contributions

View file

@ -25,7 +25,7 @@ jobs:
- name: Fetch editorconfig-checker
if: env.PR_DIFF
env:
ECC_VERSION: "2.2.0"
ECC_VERSION: "2.3.1"
ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download"
run: |
curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \

View file

@ -2,12 +2,12 @@
## Configuring Emacs {#sec-emacs-config}
The Emacs package comes with some extra helpers to make it easier to configure. `emacsWithPackages` allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use `company` `counsel`, `flycheck`, `ivy`, `magit`, `projectile`, and `use-package` you could use this as a `~/.config/nixpkgs/config.nix` override:
The Emacs package comes with some extra helpers to make it easier to configure. `emacs.pkgs.withPackages` allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use `company` `counsel`, `flycheck`, `ivy`, `magit`, `projectile`, and `use-package` you could use this as a `~/.config/nixpkgs/config.nix` override:
```nix
{
packageOverrides = pkgs: with pkgs; {
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
myEmacs = emacs.pkgs.withPackages (epkgs: (with epkgs.melpaStablePackages; [
company
counsel
flycheck
@ -84,7 +84,7 @@ You can install it like any other packages via `nix-env -iA myEmacs`. However, t
(projectile-global-mode))
'';
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
myEmacs = emacs.pkgs.withPackages (epkgs: (with epkgs.melpaStablePackages; [
(runCommand "default.el" {} ''
mkdir -p $out/share/emacs/site-lisp
cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
@ -103,14 +103,14 @@ You can install it like any other packages via `nix-env -iA myEmacs`. However, t
This provides a fairly full Emacs start file. It will load in addition to the user's presonal config. You can always disable it by passing `-q` to the Emacs command.
Sometimes `emacsWithPackages` is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in `pkgs/top-level/emacs-packages.nix`). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use `overrideScope'`.
Sometimes `emacs.pkgs.withPackages` is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in `pkgs/top-level/emacs-packages.nix`). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use `overrideScope'`.
```nix
overrides = self: super: rec {
haskell-mode = self.melpaPackages.haskell-mode;
...
};
((emacsPackagesGen emacs).overrideScope' overrides).emacsWithPackages
((emacsPackagesFor emacs).overrideScope' overrides).emacs.pkgs.withPackages
(p: with p; [
# here both these package will use haskell-mode of our own choice
ghc-mod

View file

@ -0,0 +1,50 @@
# Fish {#sec-fish}
Fish is a "smart and user-friendly command line shell" with support for plugins.
## Vendor Fish scripts {#sec-fish-vendor}
Any package may ship its own Fish completions, configuration snippets, and
functions. Those should be installed to
`$out/share/fish/vendor_{completions,conf,functions}.d` respectively.
When the `programs.fish.enable` and
`programs.fish.vendor.{completions,config,functions}.enable` options from the
NixOS Fish module are set to true, those paths are symlinked in the current
system environment and automatically loaded by Fish.
## Packaging Fish plugins {#sec-fish-plugins-pkg}
While packages providing standalone executables belong to the top level,
packages which have the sole purpose of extending Fish belong to the
`fishPlugins` scope and should be registered in
`pkgs/shells/fish/plugins/default.nix`.
The `buildFishPlugin` utility function can be used to automatically copy Fish
scripts from `$src/{completions,conf,conf.d,functions}` to the standard vendor
installation paths. It also sets up the test environment so that the optional
`checkPhase` is executed in a Fish shell with other already packaged plugins
and package-local Fish functions specified in `checkPlugins` and
`checkFunctionDirs` respectively.
See `pkgs/shells/fish/plugins/pure.nix` for an example of Fish plugin package
using `buildFishPlugin` and running unit tests with the `fishtape` test runner.
## Fish wrapper {#sec-fish-wrapper}
The `wrapFish` package is a wrapper around Fish which can be used to create
Fish shells initialised with some plugins as well as completions, configuration
snippets and functions sourced from the given paths. This provides a convenient
way to test Fish plugins and scripts without having to alter the environment.
```nix
wrapFish {
pluginPkgs = with fishPlugins; [ pure foreign-env ];
completionDirs = [];
functionDirs = [];
confDirs = [ "/path/to/some/fish/init/dir/" ];
}
```

View file

@ -11,6 +11,7 @@
<xi:include href="elm.xml" />
<xi:include href="emacs.section.xml" />
<xi:include href="firefox.section.xml" />
<xi:include href="fish.section.xml" />
<xi:include href="ibus.xml" />
<xi:include href="kakoune.section.xml" />
<xi:include href="linux.section.xml" />

View file

@ -178,6 +178,15 @@ args.stdenv.mkDerivation (args // {
</programlisting>
</para>
</listitem>
<listitem>
<para>
Prefer using the top-level <varname>lib</varname> over its alias
<literal>stdenv.lib</literal>. <varname>lib</varname> is unrelated to
<varname>stdenv</varname>, and so <literal>stdenv.lib</literal> should only
be used as a convenience alias when developing to avoid having to modify
the function inputs just to test something out.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-package-naming">

View file

@ -13,21 +13,19 @@ with import <nixpkgs> {};
let
androidComposition = androidenv.composeAndroidPackages {
toolsVersion = "25.2.5";
platformToolsVersion = "27.0.1";
buildToolsVersions = [ "27.0.3" ];
toolsVersion = "26.1.1";
platformToolsVersion = "30.0.5";
buildToolsVersions = [ "30.0.3" ];
includeEmulator = false;
emulatorVersion = "27.2.0";
platformVersions = [ "24" ];
emulatorVersion = "30.3.4";
platformVersions = [ "28" "29" "30" ];
includeSources = false;
includeDocs = false;
includeSystemImages = false;
systemImageTypes = [ "default" ];
abiVersions = [ "armeabi-v7a" ];
lldbVersions = [ "2.0.2558144" ];
cmakeVersions = [ "3.6.4111459" ];
includeNDK = false;
ndkVersion = "16.1.4479499";
systemImageTypes = [ "google_apis_playstore" ];
abiVersions = [ "armeabi-v7a" "arm64-v8a" ];
cmakeVersions = [ "3.10.2" ];
includeNDK = true;
ndkVersion = "22.0.7026061";
useGoogleAPIs = false;
useGoogleTVAddOns = false;
includeExtras = [
@ -46,13 +44,11 @@ The following parameters are supported:
* `toolsVersion`, specifies the version of the tools package to use
* `platformsToolsVersion` specifies the version of the `platform-tools` plugin
* `buildToolsVersion` specifies the versions of the `build-tools` plugins to
* `buildToolsVersions` specifies the versions of the `build-tools` plugins to
use.
* `includeEmulator` specifies whether to deploy the emulator package (`false`
by default). When enabled, the version of the emulator to deploy can be
specified by setting the `emulatorVersion` parameter.
* `includeDocs` specifies whether the documentation catalog should be included.
* `lldbVersions` specifies what LLDB versions should be deployed.
* `cmakeVersions` specifies which CMake versions should be deployed.
* `includeNDK` specifies that the Android NDK bundle should be included.
Defaults to: `false`.
@ -82,6 +78,38 @@ For each requested system image we can specify the following options:
Most of the function arguments have reasonable default settings.
You can specify license names:
* `extraLicenses` is a list of of license names.
You can get these names from repo.json or `querypackages.sh licenses`. The SDK
license (`android-sdk-license`) is accepted for you if you set accept_license
to true. If you are doing something like working with preview SDKs, you will
want to add `android-sdk-preview-license` or whichever license applies here.
Additionally, you can override the repositories that composeAndroidPackages will
pull from:
* `repoJson` specifies a path to a generated repo.json file. You can generate this
by running `generate.sh`, which in turn will call into `mkrepo.rb`.
* `repoXmls` is an attribute set containing paths to repo XML files. If specified,
it takes priority over `repoJson`, and will trigger a local build writing out a
repo.json to the Nix store based on the given repository XMLs.
```nix
repoXmls = {
packages = [ ./xml/repository2-1.xml ];
images = [
./xml/android-sys-img2-1.xml
./xml/android-tv-sys-img2-1.xml
./xml/android-wear-sys-img2-1.xml
./xml/android-wear-cn-sys-img2-1.xml
./xml/google_apis-sys-img2-1.xml
./xml/google_apis_playstore-sys-img2-1.xml
];
addons = [ ./xml/addon2-1.xml ];
};
```
When building the above expression with:
```bash
@ -104,8 +132,8 @@ in
androidComposition.platform-tools
```
Using predefine Android package compositions
--------------------------------------------
Using predefined Android package compositions
---------------------------------------------
In addition to composing an Android package set manually, it is also possible
to use a predefined composition that contains all basic packages for a specific
Android version, such as version 9.0 (API-level 28).
@ -209,27 +237,104 @@ androidenv.emulateApp {
In addition to prebuilt APKs, you can also bind the APK parameter to a
`buildApp {}` function invocation shown in the previous example.
Notes on environment variables in Android projects
--------------------------------------------------
* `ANDROID_SDK_ROOT` should point to the Android SDK. In your Nix expressions, this should be
`${androidComposition.androidsdk}/libexec/android-sdk`. Note that `ANDROID_HOME` is deprecated,
but if you rely on tools that need it, you can export it too.
* `ANDROID_NDK_ROOT` should point to the Android NDK, if you're doing NDK development.
In your Nix expressions, this should be `${ANDROID_SDK_ROOT}/ndk-bundle`.
If you are running the Android Gradle plugin, you need to export GRADLE_OPTS to override aapt2
to point to the aapt2 binary in the Nix store as well, or use a FHS environment so the packaged
aapt2 can run. If you don't want to use a FHS environment, something like this should work:
```nix
let
buildToolsVersion = "30.0.3";
# Use buildToolsVersion when you define androidComposition
androidComposition = <...>;
in
pkgs.mkShell rec {
ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk";
ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle";
# Use the same buildToolsVersion here
GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${ANDROID_SDK_ROOT}/build-tools/${buildToolsVersion}/aapt2";
}
```
If you are using cmake, you need to add it to PATH in a shell hook or FHS env profile.
The path is suffixed with a build number, but properly prefixed with the version.
So, something like this should suffice:
```nix
let
cmakeVersion = "3.10.2";
# Use cmakeVersion when you define androidComposition
androidComposition = <...>;
in
pkgs.mkShell rec {
ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk";
ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle";
# Use the same cmakeVersion here
shellHook = ''
export PATH="$(echo "$ANDROID_SDK_ROOT/cmake/${cmakeVersion}".*/bin):$PATH"
'';
}
```
Note that running Android Studio with ANDROID_SDK_ROOT set will automatically write a
`local.properties` file with `sdk.dir` set to $ANDROID_SDK_ROOT if one does not already
exist. If you are using the NDK as well, you may have to add `ndk.dir` to this file.
An example shell.nix that does all this for you is provided in examples/shell.nix.
This shell.nix includes a shell hook that overwrites local.properties with the correct
sdk.dir and ndk.dir values. This will ensure that the SDK and NDK directories will
both be correct when you run Android Studio inside nix-shell.
Notes on improving build.gradle compatibility
---------------------------------------------
Ensure that your buildToolsVersion and ndkVersion match what is declared in androidenv.
If you are using cmake, make sure its declared version is correct too.
Otherwise, you may get cryptic errors from aapt2 and the Android Gradle plugin warning
that it cannot install the build tools because the SDK directory is not writeable.
```gradle
android {
buildToolsVersion "30.0.3"
ndkVersion = "22.0.7026061"
externalNativeBuild {
cmake {
version "3.10.2"
}
}
}
```
Querying the available versions of each plugin
----------------------------------------------
When using any of the previously shown functions, it may be a bit inconvenient
to find out what options are supported, since the Android SDK provides many
plugins.
repo.json provides all the options in one file now.
A shell script in the `pkgs/development/mobile/androidenv/` subdirectory can be used to retrieve all
possible options:
```bash
sh ./querypackages.sh packages build-tools
./querypackages.sh packages
```
The above command-line instruction queries all build-tools versions in the
generated `packages.nix` expression.
The above command-line instruction queries all package versions in repo.json.
Updating the generated expressions
----------------------------------
Most of the Nix expressions are generated from XML files that the Android
package manager uses. To update the expressions run the `generate.sh` script
that is stored in the `pkgs/development/mobile/androidenv/` sub directory:
repo.json is generated from XML files that the Android Studio package manager uses.
To update the expressions run the `generate.sh` script that is stored in the
`pkgs/development/mobile/androidenv/` subdirectory:
```bash
./generate.sh

View file

@ -3,37 +3,39 @@
## Coq derivation: `coq`
The Coq derivation is overridable through the `coq.override overrides`, where overrides is an attribute set which contains the arguments to override. We recommend overriding either of the following
+ `version` (optional, defaults to the latest version of Coq selected for nixpkgs, see `pkgs/top-level/coq-packages` to witness this choice), which follows the conventions explained in the `coqPackages` section below,
+ `customOCamlPackage` (optional, defaults to `null`, which lets Coq choose a version automatically), which can be set to any of the ocaml packages attribute of `ocaml-ng` (such as `ocaml-ng.ocamlPackages_4_10` which is the default for Coq 8.11 for example).
+ `coq-version` (optional, defaults to the short version e.g. "8.10"), is a version number of the form "x.y" that indicates which Coq's version build behavior to mimic when using a source which is not a release. E.g. `coq.override { version = "d370a9d1328a4e1cdb9d02ee032f605a9d94ec7a"; coq-version = "8.10"; }`.
* `version` (optional, defaults to the latest version of Coq selected for nixpkgs, see `pkgs/top-level/coq-packages` to witness this choice), which follows the conventions explained in the `coqPackages` section below,
* `customOCamlPackage` (optional, defaults to `null`, which lets Coq choose a version automatically), which can be set to any of the ocaml packages attribute of `ocaml-ng` (such as `ocaml-ng.ocamlPackages_4_10` which is the default for Coq 8.11 for example).
* `coq-version` (optional, defaults to the short version e.g. "8.10"), is a version number of the form "x.y" that indicates which Coq's version build behavior to mimic when using a source which is not a release. E.g. `coq.override { version = "d370a9d1328a4e1cdb9d02ee032f605a9d94ec7a"; coq-version = "8.10"; }`.
## Coq packages attribute sets: `coqPackages`
The recommended way of defining a derivation for a Coq library, is to use the `coqPackages.mkCoqDerivation` function, which is essentially a specialization of `mkDerivation` taking into account most of the specifics of Coq libraries. The following attributes are supported:
- `pname` (required) is the name of the package,
- `version` (optional, defaults to `null`), is the version to fetch and build,
* `pname` (required) is the name of the package,
* `version` (optional, defaults to `null`), is the version to fetch and build,
this attribute is interpreted in several ways depending on its type and pattern:
+ if it is a known released version string, i.e. from the `release` attribute below, the according release is picked, and the `version` attribute of the resulting derivation is set to this release string,
+ if it is a majorMinor `"x.y"` prefix of a known released version (as defined above), then the latest `"x.y.z"` known released version is selected (for the ordering given by `versionAtLeast`),
+ if it is a path or a string representing an absolute path (i.e. starting with `"/"`), the provided path is selected as a source, and the `version` attribute of the resulting derivation is set to `"dev"`,
+ if it is a string of the form `owner:branch` then it tries to download the `branch` of owner `owner` for a project of the same name using the same vcs, and the `version` attribute of the resulting derivation is set to `"dev"`, additionally if the owner is not provided (i.e. if the `owner:` prefix is missing), it defaults to the original owner of the package (see below),
+ if it is a string of the form `"#N"`, and the domain is github, then it tries to download the current head of the pull request `#N` from github,
- `defaultVersion` (optional). Coq libraries may be compatible with some specific versions of Coq only. The `defaultVersion` attribute is used when no `version` is provided (or if `version = null`) to select the version of the library to use by default, depending on the context. This selection will mainly depend on a `coq` version number but also possibly on other packages versions (e.g. `mathcomp`). If its value ends up to be `null`, the package is marked for removal in end-user `coqPackages` attribute set.
- `release` (optional, defaults to `{}`), lists all the known releases of the library and for each of them provides an attribute set with at least a `sha256` attribute (you may use the shell command `nix-prefetch-url --unpack <archive-url>` to find it, where `<archive-url>` is for example `https://github.com/owner/repo/archive/version.tar.gz`), each attribute set of the list of releases also takes optional overloading arguments for the fetcher as below (i.e.`domain`, `owner`, `repo`, `rev` assuming the default fetcher is used) and optional overrides for the result of the fetcher (i.e. `version` and `src`).
- `fetcher` (optional, default to a generic fetching mechanism supporting github or gitlab based infrastructures), is a function that takes at least an `owner`, a `repo`, a `rev`, and a `sha256` and returns an attribute set with a `version` and `src`.
- `repo` (optional, defaults to the value of `pname`),
- `owner` (optional, defaults to `"coq-community"`).
- `domain` (optional, defaults to `"github.com"`), domains including the strings `"github"` or `"gitlab"` in their names are automatically supported, otherwise, one must change the `fetcher` argument to support them (cf `pkgs/development/coq-modules/heq/default.nix` for an example),
- `releaseRev` (optional, defaults to `(v: v)`), provides a default mapping from release names to revision hashes/branch names/tags,
- `displayVersion` (optional), provides a way to alter the computation of `name` from `pname`, by explaining how to display version numbers,
- `namePrefix` (optional), provides a way to alter the computation of `name` from `pname`, by explaining which dependencies must occur in `name`,
- `extraBuildInputs` (optional), by default `buildInputs` just contains `coq`, this allows to add more build inputs,
- `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `extraBuildInputs` to depend on the same package set Coq was built against.
- `enableParallelBuilding` (optional, defaults to `true`), since it is activated by default, we provide a way to disable it.
- `extraInstallFlags` (optional), allows to extend `installFlags` which initializes the variable `COQMF_COQLIB` so as to install in the proper subdirectory. Indeed Coq libraries should be installed in `$(out)/lib/coq/${coq.coq-version}/user-contrib/`. Such directories are automatically added to the `$COQPATH` environment variable by the hook defined in the Coq derivation.
- `setCOQBIN` (optional, defaults to `true`), by default, the environment variable `$COQBIN` is set to the current Coq's binary, but one can disable this behavior by setting it to `false`,
- `useMelquiondRemake` (optional, default to `null`) is an attribute set, which, if given, overloads the `preConfigurePhases`, `configureFlags`, `buildPhase`, and `installPhase` attributes of the derivation for a specific use in libraries using `remake` as set up by Guillaume Melquiond for `flocq`, `gappalib`, `interval`, and `coquelicot` (see the corresponding derivation for concrete examples of use of this option). For backward compatibility, the attribute `useMelquiondRemake.logpath` must be set to the logical root of the library (otherwise, one can pass `useMelquiondRemake = {}` to activate this without backward compatibility).
- `dropAttrs`, `keepAttrs`, `dropDerivationAttrs` are all optional and allow to tune which attribute is added or removed from the final call to `mkDerivation`.
* if it is a known released version string, i.e. from the `release` attribute below, the according release is picked, and the `version` attribute of the resulting derivation is set to this release string,
* if it is a majorMinor `"x.y"` prefix of a known released version (as defined above), then the latest `"x.y.z"` known released version is selected (for the ordering given by `versionAtLeast`),
* if it is a path or a string representing an absolute path (i.e. starting with `"/"`), the provided path is selected as a source, and the `version` attribute of the resulting derivation is set to `"dev"`,
* if it is a string of the form `owner:branch` then it tries to download the `branch` of owner `owner` for a project of the same name using the same vcs, and the `version` attribute of the resulting derivation is set to `"dev"`, additionally if the owner is not provided (i.e. if the `owner:` prefix is missing), it defaults to the original owner of the package (see below),
* if it is a string of the form `"#N"`, and the domain is github, then it tries to download the current head of the pull request `#N` from github,
* `defaultVersion` (optional). Coq libraries may be compatible with some specific versions of Coq only. The `defaultVersion` attribute is used when no `version` is provided (or if `version = null`) to select the version of the library to use by default, depending on the context. This selection will mainly depend on a `coq` version number but also possibly on other packages versions (e.g. `mathcomp`). If its value ends up to be `null`, the package is marked for removal in end-user `coqPackages` attribute set.
* `release` (optional, defaults to `{}`), lists all the known releases of the library and for each of them provides an attribute set with at least a `sha256` attribute (you may use the shell command `nix-prefetch-url --unpack <archive-url>` to find it, where `<archive-url>` is for example `https://github.com/owner/repo/archive/version.tar.gz`), each attribute set of the list of releases also takes optional overloading arguments for the fetcher as below (i.e.`domain`, `owner`, `repo`, `rev` assuming the default fetcher is used) and optional overrides for the result of the fetcher (i.e. `version` and `src`).
* `fetcher` (optional, default to a generic fetching mechanism supporting github or gitlab based infrastructures), is a function that takes at least an `owner`, a `repo`, a `rev`, and a `sha256` and returns an attribute set with a `version` and `src`.
* `repo` (optional, defaults to the value of `pname`),
* `owner` (optional, defaults to `"coq-community"`).
* `domain` (optional, defaults to `"github.com"`), domains including the strings `"github"` or `"gitlab"` in their names are automatically supported, otherwise, one must change the `fetcher` argument to support them (cf `pkgs/development/coq-modules/heq/default.nix` for an example),
* `releaseRev` (optional, defaults to `(v: v)`), provides a default mapping from release names to revision hashes/branch names/tags,
* `displayVersion` (optional), provides a way to alter the computation of `name` from `pname`, by explaining how to display version numbers,
* `namePrefix` (optional), provides a way to alter the computation of `name` from `pname`, by explaining which dependencies must occur in `name`,
* `extraBuildInputs` (optional), by default `buildInputs` just contains `coq`, this allows to add more build inputs,
* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `extraBuildInputs` to depend on the same package set Coq was built against.
* `enableParallelBuilding` (optional, defaults to `true`), since it is activated by default, we provide a way to disable it.
* `extraInstallFlags` (optional), allows to extend `installFlags` which initializes the variable `COQMF_COQLIB` so as to install in the proper subdirectory. Indeed Coq libraries should be installed in `$(out)/lib/coq/${coq.coq-version}/user-contrib/`. Such directories are automatically added to the `$COQPATH` environment variable by the hook defined in the Coq derivation.
* `setCOQBIN` (optional, defaults to `true`), by default, the environment variable `$COQBIN` is set to the current Coq's binary, but one can disable this behavior by setting it to `false`,
* `useMelquiondRemake` (optional, default to `null`) is an attribute set, which, if given, overloads the `preConfigurePhases`, `configureFlags`, `buildPhase`, and `installPhase` attributes of the derivation for a specific use in libraries using `remake` as set up by Guillaume Melquiond for `flocq`, `gappalib`, `interval`, and `coquelicot` (see the corresponding derivation for concrete examples of use of this option). For backward compatibility, the attribute `useMelquiondRemake.logpath` must be set to the logical root of the library (otherwise, one can pass `useMelquiondRemake = {}` to activate this without backward compatibility).
* `dropAttrs`, `keepAttrs`, `dropDerivationAttrs` are all optional and allow to tune which attribute is added or removed from the final call to `mkDerivation`.
It also takes other standard `mkDerivation` attributes, they are added as such, except for `meta` which extends an automatically computed `meta` (where the `platform` is the same as `coq` and the homepage is automatically computed).

View file

@ -102,7 +102,7 @@ See the `zlib` example:
echo "================= /testing zlib using node ================="
'';
postPatch = pkgs.stdenv.lib.optionalString pkgs.stdenv.isDarwin ''
postPatch = pkgs.lib.optionalString pkgs.stdenv.isDarwin ''
substituteInPlace configure \
--replace '/usr/bin/libtool' 'ar' \
--replace 'AR="libtool"' 'AR="ar"' \

View file

@ -181,7 +181,7 @@ luaposix = buildLuarocksPackage {
disabled = (luaOlder "5.1") || (luaAtLeast "5.4");
propagatedBuildInputs = [ bit32 lua std_normalize ];
meta = with stdenv.lib; {
meta = with lib; {
homepage = "https://github.com/luaposix/luaposix/";
description = "Lua bindings for POSIX";
maintainers = with maintainers; [ vyp lblasc ];
@ -243,4 +243,3 @@ Following rules should be respected:
* Make sure libraries build for all Lua interpreters.
* Commit names of Lua libraries should reflect that they are Lua libraries, so write for example `luaPackages.luafilesystem: 1.11 -> 1.12`.

View file

@ -116,7 +116,7 @@ The first step will be to build the Maven project as a fixed-output derivation i
> Traditionally the Maven repository is at `~/.m2/repository`. We will override this to be the `$out` directory.
```nix
{ stdenv, maven }:
{ stdenv, lib, maven }:
stdenv.mkDerivation {
name = "maven-repository";
buildInputs = [ maven ];
@ -139,7 +139,7 @@ stdenv.mkDerivation {
outputHashAlgo = "sha256";
outputHashMode = "recursive";
# replace this with the correct SHA256
outputHash = stdenv.lib.fakeSha256;
outputHash = lib.fakeSha256;
}
```

View file

@ -7,7 +7,7 @@ Given that most of the OCaml ecosystem is now built with dune, nixpkgs includes
Here is a simple package example. It defines an (optional) attribute `minimumOCamlVersion` that will be used to throw a descriptive evaluation error if building with an older OCaml is attempted. It uses the `fetchFromGitHub` fetcher to get its source. It sets the `doCheck` (optional) attribute to `true` which means that tests will be run with `dune runtest -p angstrom` after the build (`dune build -p angstrom`) is complete. It uses `alcotest` as a build input (because it is needed to run the tests) and `bigstringaf` and `result` as propagated build inputs (thus they will also be available to libraries depending on this library). The library will be installed using the `angstrom.install` file that dune generates.
```nix
{ stdenv
{ lib
, fetchFromGitHub
, buildDunePackage
, alcotest
@ -35,8 +35,8 @@ buildDunePackage rec {
meta = {
homepage = "https://github.com/inhabitedtype/angstrom";
description = "OCaml parser combinators built for speed and memory efficiency";
license = stdenv.lib.licenses.bsd3;
maintainers = with stdenv.lib.maintainers; [ sternenseemann ];
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ sternenseemann ];
};
}
```
@ -44,7 +44,7 @@ buildDunePackage rec {
Here is a second example, this time using a source archive generated with `dune-release`. It is a good idea to use this archive when it is available as it will usually contain substituted variables such as a `%%VERSION%%` field. This library does not depend on any other OCaml library and no tests are run after building it.
```nix
{ stdenv
{ lib
, fetchurl
, buildDunePackage
}:
@ -60,7 +60,7 @@ buildDunePackage rec {
sha256 = "1msg3vycd3k8qqj61sc23qks541cxpb97vrnrvrhjnqxsqnh6ygq";
};
meta = with stdenv.lib; {
meta = with lib; {
homepage = "https://github.com/flowtype/ocaml-wtf8";
description = "WTF-8 is a superset of UTF-8 that allows unpaired surrogates.";
license = licenses.mit;

View file

@ -110,7 +110,7 @@ ClassC3Componentised = buildPerlPackage rec {
On Darwin, if a script has too many `-Idir` flags in its first line (its “shebang line”), it will not run. This can be worked around by calling the `shortenPerlShebang` function from the `postInstall` phase:
```nix
{ stdenv, buildPerlPackage, fetchurl, shortenPerlShebang }:
{ stdenv, lib, buildPerlPackage, fetchurl, shortenPerlShebang }:
ImageExifTool = buildPerlPackage {
pname = "Image-ExifTool";
@ -121,8 +121,8 @@ ImageExifTool = buildPerlPackage {
sha256 = "0d8v48y94z8maxkmw1rv7v9m0jg2dc8xbp581njb6yhr7abwqdv3";
};
buildInputs = stdenv.lib.optional stdenv.isDarwin shortenPerlShebang;
postInstall = stdenv.lib.optional stdenv.isDarwin ''
buildInputs = lib.optional stdenv.isDarwin shortenPerlShebang;
postInstall = lib.optional stdenv.isDarwin ''
shortenPerlShebang $out/bin/exiftool
'';
};
@ -151,7 +151,7 @@ $ nix-generate-from-cpan XML::Simple
propagatedBuildInputs = [ XMLNamespaceSupport XMLSAX XMLSAXExpat ];
meta = {
description = "An API for simple XML files";
license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ];
license = with lib.licenses; [ artistic1 gpl1Plus ];
};
};
```

View file

@ -105,6 +105,12 @@ mv cran-packages.nix.new cran-packages.nix
Rscript generate-r-packages.R bioc > bioc-packages.nix.new
mv bioc-packages.nix.new bioc-packages.nix
Rscript generate-r-packages.R bioc-annotation > bioc-annotation-packages.nix.new
mv bioc-annotation-packages.nix.new bioc-annotation-packages.nix
Rscript generate-r-packages.R bioc-experiment > bioc-experiment-packages.nix.new
mv bioc-experiment-packages.nix.new bioc-experiment-packages.nix
```
`generate-r-packages.R <repo>` reads `<repo>-packages.nix`, therefor the renaming.

View file

@ -32,7 +32,7 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "03wf9r2csi6jpa7v5sw5lpxkrk4wfzwmzx7k3991q3bdjzcwnnwp";
meta = with stdenv.lib; {
meta = with lib; {
description = "A fast line-oriented regex search tool, similar to ag and ack";
homepage = "https://github.com/BurntSushi/ripgrep";
license = licenses.unlicense;
@ -58,13 +58,13 @@ then be taken from the failed build. A fake hash can be used for
`cargoSha256` as follows:
```
cargoSha256 = stdenv.lib.fakeSha256;
cargoSha256 = lib.fakeSha256;
```
For `cargoHash` you can use:
```
cargoHash = stdenv.lib.fakeHash;
cargoHash = lib.fakeHash;
```
Per the instructions in the [Cargo Book](https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html)

View file

@ -5,7 +5,7 @@
<para>
Nix packages can declare <emphasis>meta-attributes</emphasis> that contain information about a package such as a description, its homepage, its license, and so on. For instance, the GNU Hello package has a <varname>meta</varname> declaration like this:
<programlisting>
meta = with stdenv.lib; {
meta = with lib; {
description = "A program that produces a familiar, friendly greeting";
longDescription = ''
GNU Hello is a program that prints "Hello, world!" when you run it.
@ -155,7 +155,7 @@ hello-2.3 A program that produces a familiar, friendly greeting
<itemizedlist>
<listitem>
<para>
Single license referenced by attribute (preferred) <literal>stdenv.lib.licenses.gpl3Only</literal>.
Single license referenced by attribute (preferred) <literal>lib.licenses.gpl3Only</literal>.
</para>
</listitem>
<listitem>
@ -170,7 +170,7 @@ hello-2.3 A program that produces a familiar, friendly greeting
</listitem>
<listitem>
<para>
Multiple licenses referenced by attribute (preferred) <literal>with stdenv.lib.licenses; [ asl20 free ofl ]</literal>.
Multiple licenses referenced by attribute (preferred) <literal>with lib.licenses; [ asl20 free ofl ]</literal>.
</para>
</listitem>
<listitem>
@ -211,9 +211,9 @@ hello-2.3 A program that produces a familiar, friendly greeting
<para>
The list of Nix platform types on which the package is supported. Hydra builds packages according to the platform specified. If no platform is specified, the package does not have prebuilt binaries. An example is:
<programlisting>
meta.platforms = stdenv.lib.platforms.linux;
meta.platforms = lib.platforms.linux;
</programlisting>
Attribute Set <varname>stdenv.lib.platforms</varname> defines <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix"> various common lists</link> of platforms types.
Attribute Set <varname>lib.platforms</varname> defines <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix"> various common lists</link> of platforms types.
</para>
</listitem>
</varlistentry>
@ -262,7 +262,7 @@ meta.platforms = stdenv.lib.platforms.linux;
<para>
The list of Nix platform types for which the Hydra instance at <literal>hydra.nixos.org</literal> will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of <varname>meta.platforms</varname>. Thus, the only reason to set <varname>meta.hydraPlatforms</varname> is if you want <literal>hydra.nixos.org</literal> to build the package on a subset of <varname>meta.platforms</varname>, or not at all, e.g.
<programlisting>
meta.platforms = stdenv.lib.platforms.linux;
meta.platforms = lib.platforms.linux;
meta.hydraPlatforms = [];
</programlisting>
</para>
@ -294,7 +294,7 @@ meta.hydraPlatforms = [];
<title>Licenses</title>
<para>
The <varname>meta.license</varname> attribute should preferrably contain a value from <varname>stdenv.lib.licenses</varname> defined in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix"> <filename>nixpkgs/lib/licenses.nix</filename></link>, or in-place license description of the same format if the license is unlikely to be useful in another expression.
The <varname>meta.license</varname> attribute should preferrably contain a value from <varname>lib.licenses</varname> defined in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix"> <filename>nixpkgs/lib/licenses.nix</filename></link>, or in-place license description of the same format if the license is unlikely to be useful in another expression.
</para>
<para>
@ -302,7 +302,7 @@ meta.hydraPlatforms = [];
<variablelist>
<varlistentry>
<term>
<varname>stdenv.lib.licenses.free</varname>, <varname>"free"</varname>
<varname>lib.licenses.free</varname>, <varname>"free"</varname>
</term>
<listitem>
<para>
@ -312,7 +312,7 @@ meta.hydraPlatforms = [];
</varlistentry>
<varlistentry>
<term>
<varname>stdenv.lib.licenses.unfreeRedistributable</varname>, <varname>"unfree-redistributable"</varname>
<varname>lib.licenses.unfreeRedistributable</varname>, <varname>"unfree-redistributable"</varname>
</term>
<listitem>
<para>
@ -325,7 +325,7 @@ meta.hydraPlatforms = [];
</varlistentry>
<varlistentry>
<term>
<varname>stdenv.lib.licenses.unfree</varname>, <varname>"unfree"</varname>
<varname>lib.licenses.unfree</varname>, <varname>"unfree"</varname>
</term>
<listitem>
<para>
@ -335,7 +335,7 @@ meta.hydraPlatforms = [];
</varlistentry>
<varlistentry>
<term>
<varname>stdenv.lib.licenses.unfreeRedistributableFirmware</varname>, <varname>"unfree-redistributable-firmware"</varname>
<varname>lib.licenses.unfreeRedistributableFirmware</varname>, <varname>"unfree-redistributable-firmware"</varname>
</term>
<listitem>
<para>

View file

@ -32,7 +32,7 @@ stdenv.mkDerivation {
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
makeFlags = stdenv.lib.optional stdenv.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
makeFlags = lib.optional stdenv.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
}
</programlisting>
</listitem>

View file

@ -157,7 +157,7 @@
The following example configuration whitelists the licenses <literal>amd</literal> and <literal>wtfpl</literal>:
<programlisting>
{
whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
whitelistedLicenses = with lib.licenses; [ amd wtfpl ];
}
</programlisting>
</para>
@ -165,7 +165,7 @@
The following example configuration blacklists the <literal>gpl3Only</literal> and <literal>agpl3Only</literal> licenses:
<programlisting>
{
blacklistedLicenses = with stdenv.lib.licenses; [ agpl3Only gpl3Only ];
blacklistedLicenses = with lib.licenses; [ agpl3Only gpl3Only ];
}
</programlisting>
</para>

View file

@ -3771,6 +3771,12 @@
githubId = 7481521;
name = "Balázs Lengyel";
};
ilian = {
email = "ilian@tuta.io";
github = "ilian";
githubId = 25505957;
name = "Ilian";
};
ilikeavocadoes = {
email = "ilikeavocadoes@hush.com";
github = "ilikeavocadoes";
@ -4666,6 +4672,12 @@
githubId = 494012;
name = "Kevin Cox";
};
kevingriffin = {
email = "me@kevin.jp";
github = "kevingriffin";
githubId = 209729;
name = "Kevin Griffin";
};
kfollesdal = {
email = "kfollesdal@gmail.com";
github = "kfollesdal";
@ -5490,6 +5502,12 @@
githubId = 346094;
name = "Michael Alyn Miller";
};
manojkarthick = {
email = "smanojkarthick@gmail.com";
github = "manojkarthick";
githubId = 7802795;
name = "Manoj Karthick";
};
manveru = {
email = "m.fellinger@gmail.com";
github = "manveru";
@ -5690,6 +5708,12 @@
githubId = 2971615;
name = "Marius Bergmann";
};
mcaju = {
email = "cajum.bugs@yandex.com";
github = "CajuM";
githubId = 10420834;
name = "Mihai-Drosi Caju";
};
mcbeth = {
email = "mcbeth@broggs.org";
github = "mcbeth";
@ -5911,6 +5935,12 @@
githubId = 1387206;
name = "Mike Sperber";
};
milesbreslin = {
email = "milesbreslin@gmail.com";
github = "milesbreslin";
githubId = 38543128;
name = "Miles Breslin";
};
millerjason = {
email = "mailings-github@millerjason.com";
github = "millerjason";
@ -6385,6 +6415,12 @@
githubId = 364510;
name = "Tobias Geerinckx-Rice";
};
ndl = {
email = "ndl@endl.ch";
github = "ndl";
githubId = 137805;
name = "Alexander Tsvyashchenko";
};
neeasade = {
email = "nathanisom27@gmail.com";
github = "neeasade";
@ -6529,12 +6565,6 @@
github = "NobbZ";
githubId = 58951;
};
nocent = {
email = "nocent@protonmail.ch";
github = "nocent";
githubId = 25505957;
name = "nocent";
};
nocoolnametom = {
email = "nocoolnametom@gmail.com";
github = "nocoolnametom";
@ -6985,6 +7015,12 @@
githubId = 28323;
name = "Peter Simons";
};
petterstorvik = {
email = "petterstorvik@gmail.com";
github = "storvik";
githubId = 3438604;
name = "Petter Storvik";
};
philandstuff = {
email = "philip.g.potter@gmail.com";
github = "philandstuff";
@ -7557,6 +7593,12 @@
githubId = 395821;
name = "rht";
};
rhoriguchi = {
email = "ryan.horiguchi@gmail.com";
github = "rhoriguchi ";
githubId = 6047658;
name = "Ryan Horiguchi";
};
richardipsum = {
email = "richardipsum@fastmail.co.uk";
github = "richardipsum";
@ -8629,6 +8671,12 @@
githubId = 2666479;
name = "Y Nguyen";
};
superherointj = {
name = "Sérgio G.";
email = "5861043+superherointj@users.noreply.github.com";
github = "superherointj";
githubId = 5861043;
};
SuperSandro2000 = {
email = "sandro.jaeckel@gmail.com";
github = "SuperSandro2000";
@ -8879,6 +8927,12 @@
githubId = 649832;
name = "Teo Klestrup Röijezon";
};
terin = {
email = "terinjokes@gmail.com";
github = "terinjokes";
githubId = 273509;
name = "Terin Stock";
};
terlar = {
email = "terlar@gmail.com";
github = "terlar";
@ -9251,6 +9305,12 @@
githubId = 303489;
name = "Manuel Bärenz";
};
tu-maurice = {
email = "valentin.gehrke+nixpkgs@zom.bi";
github = "tu-maurice";
githubId = 16151097;
name = "Valentin Gehrke";
};
tv = {
email = "tv@krebsco.de";
github = "4z3";

View file

@ -1,4 +1,4 @@
{ stdenv, makeWrapper, perl, perlPackages }:
{ stdenv, lib, makeWrapper, perl, perlPackages }:
stdenv.mkDerivation {
name = "nix-generate-from-cpan-3";
@ -18,8 +18,8 @@ stdenv.mkDerivation {
'';
meta = {
maintainers = with stdenv.lib.maintainers; [ eelco rycee ];
maintainers = with lib.maintainers; [ eelco rycee ];
description = "Utility to generate a Nix expression for a Perl package from CPAN";
platforms = stdenv.lib.platforms.unix;
platforms = lib.platforms.unix;
};
}

View file

@ -309,7 +309,7 @@ sub render_license {
# "GPL v2" or to "GPL v2 or later".
my $amb = 0;
# Whether the license is available inside `stdenv.lib.licenses`.
# Whether the license is available inside `lib.licenses`.
my $in_set = 1;
my $nix_license = $LICENSE_MAP{$cpan_license};
@ -331,7 +331,7 @@ sub render_license {
# Avoid defining the license line.
}
elsif ($in_set) {
my $lic = 'stdenv.lib.licenses';
my $lic = 'lib.licenses';
if ( @$licenses == 1 ) {
$license_line = "$lic.$licenses->[0]";
}
@ -449,7 +449,7 @@ print <<EOF;
meta = {
EOF
print <<EOF if defined $homepage;
homepage = $homepage;
homepage = "$homepage";
EOF
print <<EOF if defined $description && $description ne "Unknown";
description = "$description";

View file

@ -1343,6 +1343,14 @@ CREATE ROLE postgres LOGIN SUPERUSER;
It was chosen to do this as it has a usability breaking issue (see issue <link xlink:href="https://github.com/NixOS/nixpkgs/issues/98819">#98819</link>)
that makes it unsuitable to be a default app.
</para>
<note>
<para>
Issue <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/98819">#98819</link>
is now fixed and <package>gnome3.epiphany</package> is once
again installed by default.
</para>
</note>
</listitem>
<listitem>
<para>

View file

@ -107,6 +107,15 @@
user D-Bus session available also for non-graphical logins.
</para>
</listitem>
<listitem>
<para>
The <varname>networking.wireless.iwd</varname> module now installs
the upstream-provided 80-iwd.link file, which sets the NamePolicy=
for all wlan devices to "keep kernel", to avoid race conditions
between iwd and networkd. If you don't want this, you can set
<literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>rubyMinimal</literal> was removed due to being unused and
@ -176,6 +185,30 @@
with <literal>mkfs.xfs -m reflink=0</literal>.
</para>
</listitem>
<listitem>
<para>
The uWSGI server is now built with POSIX capabilities. As a consequence,
root is no longer required in emperor mode and the service defaults to
running as the unprivileged <literal>uwsgi</literal> user. Any additional
capability can be added via the new option
<xref linkend="opt-services.uwsgi.capabilities"/>.
The previous behaviour can be restored by setting:
<programlisting>
<xref linkend="opt-services.uwsgi.user"/> = "root";
<xref linkend="opt-services.uwsgi.group"/> = "root";
<xref linkend="opt-services.uwsgi.instance"/> =
{
uid = "uwsgi";
gid = "uwsgi";
};
</programlisting>
</para>
<para>
Another incompatibility from the previous release is that vassals running under a
different user or group need to use <literal>immediate-{uid,gid}</literal>
instead of the usual <literal>uid,gid</literal> options.
</para>
</listitem>
<listitem>
<para>
<package>btc1</package> has been abandoned upstream, and removed.
@ -223,6 +256,22 @@
which is the new stable release. OpenAFS 1.6 was removed.
</para>
</listitem>
<listitem>
<para>
MariaDB has been updated to 10.5.
Before you upgrade, it would be best to take a backup of your database and read
<link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105">
Incompatible Changes Between 10.4 and 10.5</link>.
After the upgrade you will need to run <literal>mysql_upgrade</literal>.
</para>
</listitem>
<listitem>
<para>
The TokuDB storage engine dropped in <package>mariadb</package> 10.5 and removed in <package>mariadb</package> 10.6.
It is recommended to switch to RocksDB. See also <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link> and
<link xlink:href="https://jira.mariadb.org/browse/MDEV-19780">MDEV-19780: Remove the TokuDB storage engine</link>.
</para>
</listitem>
<listitem>
<para>
The <literal>openldap</literal> module now has support for OLC-style
@ -321,8 +370,8 @@
</listitem>
<listitem>
<para>
<package>fish-foreign-env</package> is now an alias for the
<package>fishPlugins.foreign-env</package> package, in which the fish
The <package>fish-foreign-env</package> package has been replaced with
<package>fishPlugins.foreign-env</package>, in which the fish
functions have been relocated to the
<literal>vendor_functions.d</literal> directory to be loaded automatically.
</para>
@ -353,6 +402,34 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
official documentation</link> of the json_exporter.
</para>
</listitem>
<listitem>
<para>
Androidenv was updated, removing the <literal>includeDocs</literal> and <literal>lldbVersions</literal>
arguments. Docs only covered a single version of the Android SDK, LLDB is now bundled with the NDK,
and both are no longer available to download from the Android package repositories. Additionally, since
the package lists have been updated, some older versions of Android packages may not be bundled. If you
depend on older versions of Android packages, we recommend overriding the repo.
</para>
<para>
Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments
<literal>repoJson</literal> and <literal>repoXmls</literal> have been added to allow overriding the built-in
androidenv repo.json with your own. Additionally, license files are now written to allow compatibility
with Gradle-based tools, and the <literal>extraLicenses</literal> argument has been added to accept more
SDK licenses if your project requires it. See the androidenv documentation for more details.
</para>
</listitem>
<listitem>
<para>
The Searx module has been updated with the ability to configure the
service declaratively and uWSGI integration.
The option <literal>services.searx.configFile</literal> has been renamed
to <xref linkend="opt-services.searx.settingsFile"/> for consistency with
the new <xref linkend="opt-services.searx.settings"/>. In addition, the
<literal>searx</literal> uid and gid reservations have been removed
since they were not necessary: the service is now running with a
dynamically allocated uid.
</para>
</listitem>
</itemizedlist>
</section>
@ -504,6 +581,17 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
The option's description was incorrect regarding ownership management and has been simplified greatly.
</para>
</listitem>
<listitem>
<para>
The GNOME desktop manager once again installs <package>gnome3.epiphany</package> by default.
</para>
</listitem>
<listitem>
<para>
NixOS now generates empty <literal>/etc/netgroup</literal>.
<literal>/etc/netgroup</literal> defines network-wide groups and may affect to setups using NIS.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -219,7 +219,7 @@ upload_image() {
log "Registering snapshot $snapshot_id as AMI"
local block_device_mappings=(
"DeviceName=/dev/xvda,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp2}"
"DeviceName=/dev/xvda,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp3}"
)
local extra_flags=(

View file

@ -193,6 +193,10 @@ in
cat ${escapeShellArgs cfg.hostFiles} > $out
'';
# /etc/netgroup: Network-wide groups.
netgroup.text = mkDefault ''
'';
# /etc/host.conf: resolver configuration file
"host.conf".text = ''
multi on

View file

@ -29,7 +29,7 @@ in
options.i18n = {
inputMethod = {
enabled = mkOption {
type = types.nullOr (types.enum [ "ibus" "fcitx" "nabi" "uim" "hime" ]);
type = types.nullOr (types.enum [ "ibus" "fcitx" "fcitx5" "nabi" "uim" "hime" ]);
default = null;
example = "fcitx";
description = ''

View file

@ -0,0 +1,33 @@
{ config, pkgs, lib, ... }:
with lib;
let
im = config.i18n.inputMethod;
cfg = im.fcitx5;
fcitx5Package = pkgs.fcitx5-with-addons.override { inherit (cfg) addons; };
in
{
options = {
i18n.inputMethod.fcitx5 = {
addons = mkOption {
type = with types; listOf package;
default = [];
example = with pkgs; [ fcitx5-rime ];
description = ''
Enabled Fcitx5 addons.
'';
};
};
};
config = mkIf (im.enabled == "fcitx5") {
i18n.inputMethod.package = fcitx5Package;
environment.variables = {
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
};
};
}

View file

@ -425,7 +425,12 @@ in
};
isoImage.squashfsCompression = mkOption {
default = "xz -Xdict-size 100%";
default = with pkgs.stdenv.targetPlatform; "xz -Xdict-size 100% "
+ lib.optionalString (isx86_32 || isx86_64) "-Xbcj x86"
# Untested but should also reduce size for these platforms
+ lib.optionalString (isAarch32 || isAarch64) "-Xbcj arm"
+ lib.optionalString (isPowerPC) "-Xbcj powerpc"
+ lib.optionalString (isSparc) "-Xbcj sparc";
description = ''
Compression settings to use for the squashfs nix store.
'';

View file

@ -143,7 +143,7 @@ in
nix-ssh = 104;
dictd = 105;
couchdb = 106;
searx = 107;
#searx = 107; # dynamically allocated as of 2020-10-27
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;
@ -457,7 +457,7 @@ in
#nix-ssh = 104; # unused
dictd = 105;
couchdb = 106;
searx = 107;
#searx = 107; # dynamically allocated as of 2020-10-27
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;

View file

@ -82,6 +82,7 @@
./hardware/xpadneo.nix
./i18n/input-method/default.nix
./i18n/input-method/fcitx.nix
./i18n/input-method/fcitx5.nix
./i18n/input-method/hime.nix
./i18n/input-method/ibus.nix
./i18n/input-method/nabi.nix
@ -101,6 +102,7 @@
./misc/version.nix
./misc/nixops-autoluks.nix
./programs/adb.nix
./programs/appgate-sdp.nix
./programs/atop.nix
./programs/autojump.nix
./programs/bandwhich.nix
@ -226,6 +228,7 @@
./services/audio/icecast.nix
./services/audio/liquidsoap.nix
./services/audio/mpd.nix
./services/audio/mpdscribble.nix
./services/audio/mopidy.nix
./services/audio/roon-server.nix
./services/audio/slimserver.nix
@ -492,6 +495,7 @@
./services/misc/nix-ssh-serve.nix
./services/misc/novacomd.nix
./services/misc/nzbget.nix
./services/misc/nzbhydra2.nix
./services/misc/octoprint.nix
./services/misc/osrm.nix
./services/misc/packagekit.nix
@ -896,6 +900,7 @@
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix
./services/web-apps/virtlyst.nix
./services/web-apps/whitebophir.nix
./services/web-apps/wordpress.nix
./services/web-apps/youtrack.nix
./services/web-apps/zabbix.nix
@ -951,6 +956,7 @@
./services/x11/urxvtd.nix
./services/x11/window-managers/awesome.nix
./services/x11/window-managers/default.nix
./services/x11/window-managers/clfswm.nix
./services/x11/window-managers/fluxbox.nix
./services/x11/window-managers/icewm.nix
./services/x11/window-managers/bspwm.nix

View file

@ -3,8 +3,10 @@
# enabled in the initrd. Its primary use is in the NixOS installation
# CDs.
{ ... }:
{ pkgs, lib,... }:
let
platform = pkgs.stdenv.hostPlatform;
in
{
# The initrd has to contain any module that might be necessary for
@ -42,7 +44,10 @@
"virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "virtio_balloon" "virtio_console"
# VMware support.
"mptspi" "vmw_balloon" "vmwgfx" "vmw_vmci" "vmw_vsock_vmci_transport" "vmxnet3" "vsock"
"mptspi" "vmxnet3" "vsock"
] ++ lib.optional platform.isx86 "vmw_balloon"
++ lib.optionals (!platform.isAarch64) [ # not sure where else they're missing
"vmw_vmci" "vmwgfx" "vmw_vsock_vmci_transport"
# Hyper-V support.
"hv_storvsc"

View file

@ -40,7 +40,7 @@ let
}
''}
${credentialsPlaceholder cfg.credentials}
${optionalString (cfg.credentials != []) (credentialsPlaceholder cfg.credentials)}
${cfg.extraConfig}
'';
@ -234,9 +234,10 @@ in {
ExecStartPre = pkgs.writeShellScript "mpd-start-pre" ''
set -euo pipefail
install -m 600 ${mpdConf} /run/mpd/mpd.conf
${pkgs.replace}/bin/replace-literal -fe ${
${optionalString (cfg.credentials != [])
"${pkgs.replace}/bin/replace-literal -fe ${
concatStringsSep " -a " (imap0 (i: c: "\"{{password-${toString i}}}\" \"$(cat ${c.passwordFile})\"") cfg.credentials)
} /run/mpd/mpd.conf
} /run/mpd/mpd.conf"}
'';
RuntimeDirectory = "mpd";
Type = "notify";

View file

@ -0,0 +1,202 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mpdscribble;
mpdCfg = config.services.mpd;
endpointUrls = {
"last.fm" = "http://post.audioscrobbler.com";
"libre.fm" = "http://turtle.libre.fm";
"jamendo" = "http://postaudioscrobbler.jamendo.com";
"listenbrainz" = "http://proxy.listenbrainz.org";
};
mkSection = secname: secCfg: ''
[${secname}]
url = ${secCfg.url}
username = ${secCfg.username}
password = {{${secname}_PASSWORD}}
journal = /var/lib/mpdscribble/${secname}.journal
'';
endpoints = concatStringsSep "\n" (mapAttrsToList mkSection cfg.endpoints);
cfgTemplate = pkgs.writeText "mpdscribble.conf" ''
## This file was automatically genenrated by NixOS and will be overwritten.
## Do not edit. Edit your NixOS configuration instead.
## mpdscribble - an audioscrobbler for the Music Player Daemon.
## http://mpd.wikia.com/wiki/Client:mpdscribble
# HTTP proxy URL.
${optionalString (cfg.proxy != null) "proxy = ${cfg.proxy}"}
# The location of the mpdscribble log file. The special value
# "syslog" makes mpdscribble use the local syslog daemon. On most
# systems, log messages will appear in /var/log/daemon.log then.
# "-" means log to stderr (the current terminal).
log = -
# How verbose mpdscribble's logging should be. Default is 1.
verbose = ${toString cfg.verbose}
# How often should mpdscribble save the journal file? [seconds]
journal_interval = ${toString cfg.journalInterval}
# The host running MPD, possibly protected by a password
# ([PASSWORD@]HOSTNAME).
host = ${(optionalString (cfg.passwordFile != null) "{{MPD_PASSWORD}}@") + cfg.host}
# The port that the MPD listens on and mpdscribble should try to
# connect to.
port = ${toString cfg.port}
${endpoints}
'';
cfgFile = "/run/mpdscribble/mpdscribble.conf";
replaceSecret = secretFile: placeholder: targetFile:
optionalString (secretFile != null) ''
${pkgs.replace}/bin/replace-literal -ef ${placeholder} "$(cat ${secretFile})" ${targetFile}'';
preStart = pkgs.writeShellScript "mpdscribble-pre-start" ''
cp -f "${cfgTemplate}" "${cfgFile}"
${replaceSecret cfg.passwordFile "{{MPD_PASSWORD}}" cfgFile}
${concatStringsSep "\n" (mapAttrsToList (secname: cfg:
replaceSecret cfg.passwordFile "{{${secname}_PASSWORD}}" cfgFile)
cfg.endpoints)}
'';
localMpd = (cfg.host == "localhost" || cfg.host == "127.0.0.1");
in {
###### interface
options.services.mpdscribble = {
enable = mkEnableOption "mpdscribble";
proxy = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
HTTP proxy URL.
'';
};
verbose = mkOption {
default = 1;
type = types.int;
description = ''
Log level for the mpdscribble daemon.
'';
};
journalInterval = mkOption {
default = 600;
example = 60;
type = types.int;
description = ''
How often should mpdscribble save the journal file? [seconds]
'';
};
host = mkOption {
default = (if mpdCfg.network.listenAddress != "any" then
mpdCfg.network.listenAddress
else
"localhost");
type = types.str;
description = ''
Host for the mpdscribble daemon to search for a mpd daemon on.
'';
};
passwordFile = mkOption {
default = if localMpd then
(findFirst
(c: any (x: x == "read") c.permissions)
{ passwordFile = null; }
mpdCfg.credentials).passwordFile
else
null;
type = types.nullOr types.str;
description = ''
File containing the password for the mpd daemon.
If there is a local mpd configured using <option>services.mpd.credentials</option>
the default is automatically set to a matching passwordFile of the local mpd.
'';
};
port = mkOption {
default = mpdCfg.network.port;
type = types.port;
description = ''
Port for the mpdscribble daemon to search for a mpd daemon on.
'';
};
endpoints = mkOption {
type = (let
endpoint = { name, ... }: {
options = {
url = mkOption {
type = types.str;
default = endpointUrls.${name} or "";
description =
"The url endpoint where the scrobble API is listening.";
};
username = mkOption {
type = types.str;
description = ''
Username for the scrobble service.
'';
};
passwordFile = mkOption {
type = types.nullOr types.str;
description =
"File containing the password, either as MD5SUM or cleartext.";
};
};
};
in types.attrsOf (types.submodule endpoint));
default = { };
example = {
"last.fm" = {
username = "foo";
passwordFile = "/run/secrets/lastfm_password";
};
};
description = ''
Endpoints to scrobble to.
If the endpoint is one of "${
concatStringsSep "\", \"" (attrNames endpointUrls)
}" the url is set automatically.
'';
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.mpdscribble = {
after = [ "network.target" ] ++ (optional localMpd "mpd.service");
description = "mpdscribble mpd scrobble client";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = "mpdscribble";
RuntimeDirectory = "mpdscribble";
RuntimeDirectoryMode = "700";
# TODO use LoadCredential= instead of running preStart with full privileges?
ExecStartPre = "+${preStart}";
ExecStart =
"${pkgs.mpdscribble}/bin/mpdscribble --no-daemon --conf ${cfgFile}";
};
};
};
}

View file

@ -29,13 +29,7 @@ in
options = {
services.tarsnap = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable periodic tarsnap backups.
'';
};
enable = mkEnableOption "periodic tarsnap backups";
keyfile = mkOption {
type = types.str;
@ -279,7 +273,8 @@ in
Tarsnap archive configurations. Each attribute names an archive
to be created at a given time interval, according to the options
associated with it. When uploading to the tarsnap server,
archive names are suffixed by a 1 second resolution timestamp.
archive names are suffixed by a 1 second resolution timestamp,
with the format <literal>%Y%m%d%H%M%S</literal>.
For each member of the set is created a timer which triggers the
instanced <literal>tarsnap-archive-name</literal> service unit. You may use

View file

@ -59,6 +59,7 @@ in
port = mkOption {
default = "3050";
type = types.port;
description = ''
Port Firebird uses.
'';
@ -66,6 +67,7 @@ in
user = mkOption {
default = "firebird";
type = types.str;
description = ''
User account under which firebird runs.
'';
@ -73,6 +75,7 @@ in
baseDir = mkOption {
default = "/var/db/firebird"; # ubuntu is using /var/lib/firebird/2.1/data/.. ?
type = types.str;
description = ''
Location containing data/ and system/ directories.
data/ stores the databases, system/ stores the password database security2.fdb.

View file

@ -17,39 +17,44 @@ in
options = {
services.memcached = {
enable = mkEnableOption "Memcached";
user = mkOption {
type = types.str;
default = "memcached";
description = "The user to run Memcached as";
};
listen = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The IP address to bind to";
description = "The IP address to bind to.";
};
port = mkOption {
type = types.port;
default = 11211;
description = "The port to bind to";
description = "The port to bind to.";
};
enableUnixSocket = mkEnableOption "unix socket at /run/memcached/memcached.sock";
maxMemory = mkOption {
type = types.ints.unsigned;
default = 64;
description = "The maximum amount of memory to use for storage, in megabytes.";
};
maxConnections = mkOption {
type = types.ints.unsigned;
default = 1024;
description = "The maximum number of simultaneous connections";
description = "The maximum number of simultaneous connections.";
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = "A list of extra options that will be added as a suffix when running memcached";
description = "A list of extra options that will be added as a suffix when running memcached.";
};
};

View file

@ -41,16 +41,19 @@ in
};
user = mkOption {
type = types.str;
default = "mongodb";
description = "User account under which MongoDB runs";
};
bind_ip = mkOption {
type = types.str;
default = "127.0.0.1";
description = "IP to bind to";
};
quiet = mkOption {
type = types.bool;
default = false;
description = "quieter output";
};
@ -68,16 +71,19 @@ in
};
dbpath = mkOption {
type = types.str;
default = "/var/db/mongodb";
description = "Location where MongoDB stores its files";
};
pidFile = mkOption {
type = types.str;
default = "/run/mongodb.pid";
description = "Location of MongoDB pid file";
};
replSetName = mkOption {
type = types.str;
default = "";
description = ''
If this instance is part of a replica set, set its name here.
@ -86,6 +92,7 @@ in
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
storage.journal.enabled: false

View file

@ -244,7 +244,7 @@ in {
};
};
meta.maintainers = with lib.maintainters; [ mic92 kwohlfahrt ];
meta.maintainers = with lib.maintainers; [ mic92 kwohlfahrt ];
config = mkIf cfg.enable {
assertions = map (opt: {

View file

@ -122,12 +122,29 @@ in
};
slaveOf = mkOption {
default = null; # { ip, port }
description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave.";
type = with types; nullOr (submodule ({ ... }: {
options = {
ip = mkOption {
type = str;
description = "IP of the Redis master";
example = "192.168.1.100";
};
port = mkOption {
type = port;
description = "port of the Redis master";
default = 6379;
};
};
}));
default = null;
description = "IP and port to which this redis instance acts as a slave.";
example = { ip = "192.168.1.100"; port = 6379; };
};
masterAuth = mkOption {
type = with types; nullOr str;
default = null;
description = ''If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization

View file

@ -16,28 +16,33 @@ with lib;
enable = mkEnableOption "Virtuoso Opensource database server";
config = mkOption {
type = types.lines;
default = "";
description = "Extra options to put into Virtuoso configuration file.";
};
parameters = mkOption {
type = types.lines;
default = "";
description = "Extra options to put into [Parameters] section of Virtuoso configuration file.";
};
listenAddress = mkOption {
type = types.str;
default = "1111";
example = "myserver:1323";
description = "ip:port or port to listen on.";
};
httpListenAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "myserver:8080";
description = "ip:port or port for Virtuoso HTTP server to listen on.";
};
dirsAllowed = mkOption {
type = types.nullOr types.str; # XXX Maybe use a list in the future?
default = null;
example = "/www, /home/";
description = "A list of directories Virtuoso is allowed to access";

View file

@ -156,7 +156,7 @@ $ ./result/bin/emacs
let
myEmacs = pkgs.emacs; <co xml:id="ex-emacsNix-2" />
emacsWithPackages = (pkgs.emacsPackagesGen myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" />
emacsWithPackages = (pkgs.emacsPackagesFor myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" />
in
emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ <co xml:id="ex-emacsNix-4" />
magit # ; Integrate git &lt;C-x g&gt;
@ -254,10 +254,10 @@ in
<example xml:id="module-services-emacs-querying-packages">
<title>Querying Emacs packages</title>
<programlisting><![CDATA[
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.elpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaStablePackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.orgPackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.elpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.melpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.melpaStablePackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.orgPackages
]]></programlisting>
</example>
</para>

View file

@ -25,8 +25,6 @@ let
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may";
mainCf = let
escape = replaceStrings ["$"] ["$$"];
mkList = items: "\n " + concatStringsSep ",\n " items;
@ -510,14 +508,6 @@ in
'';
};
useDane = mkOption {
type = types.bool;
default = false;
description = ''
Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details.
'';
};
sslCert = mkOption {
type = types.str;
default = "";
@ -819,13 +809,13 @@ in
// optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; }
// optionalAttrs (cfg.tlsTrustedAuthorities != "") {
smtp_tls_CAfile = cfg.tlsTrustedAuthorities;
smtp_tls_security_level = smtpTlsSecurityLevel;
smtp_tls_security_level = mkDefault "may";
}
// optionalAttrs (cfg.sslCert != "") {
smtp_tls_cert_file = cfg.sslCert;
smtp_tls_key_file = cfg.sslKey;
smtp_tls_security_level = smtpTlsSecurityLevel;
smtp_tls_security_level = mkDefault "may";
smtpd_tls_cert_file = cfg.sslCert;
smtpd_tls_key_file = cfg.sslKey;
@ -969,5 +959,9 @@ in
imports = [
(mkRemovedOptionModule [ "services" "postfix" "sslCACert" ]
"services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig.")
(mkChangedOptionModule [ "services" "postfix" "useDane" ]
[ "services" "postfix" "config" "smtp_tls_security_level" ]
(config: mkIf config.services.postfix.useDane "dane"))
];
}

View file

@ -349,7 +349,7 @@ in
{
DOMAIN = cfg.domain;
STATIC_ROOT_PATH = cfg.staticRootPath;
LFS_JWT_SECRET = "#jwtsecret#";
LFS_JWT_SECRET = "#lfsjwtsecret#";
ROOT_URL = cfg.rootUrl;
}
(mkIf cfg.enableUnixSocket {
@ -381,6 +381,7 @@ in
security = {
SECRET_KEY = "#secretkey#";
INTERNAL_TOKEN = "#internaltoken#";
INSTALL_LOCK = true;
};
@ -396,6 +397,10 @@ in
mailer = mkIf (cfg.mailerPasswordFile != null) {
PASSWD = "#mailerpass#";
};
oauth2 = {
JWT_SECRET = "#oauth2jwtsecret#";
};
};
services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) {
@ -453,12 +458,22 @@ in
description = "gitea";
after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service";
wantedBy = [ "multi-user.target" ];
path = [ gitea pkgs.gitAndTools.git ];
path = [ gitea pkgs.git ];
# In older versions the secret naming for JWT was kind of confusing.
# The file jwt_secret hold the value for LFS_JWT_SECRET and JWT_SECRET
# wasn't persistant at all.
# To fix that, there is now the file oauth2_jwt_secret containing the
# values for JWT_SECRET and the file jwt_secret gets renamed to
# lfs_jwt_secret.
# We have to consider this to stay compatible with older installations.
preStart = let
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
jwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret";
oauth2JwtSecret = "${cfg.stateDir}/custom/conf/oauth2_jwt_secret";
oldLfsJwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret"; # old file for LFS_JWT_SECRET
lfsJwtSecret = "${cfg.stateDir}/custom/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET
internalToken = "${cfg.stateDir}/custom/conf/internal_token";
in ''
# copy custom configuration and generate a random secret key if needed
${optionalString (cfg.useWizard == false) ''
@ -468,24 +483,41 @@ in
${gitea}/bin/gitea generate secret SECRET_KEY > ${secretKey}
fi
if [ ! -e ${jwtSecret} ]; then
${gitea}/bin/gitea generate secret LFS_JWT_SECRET > ${jwtSecret}
# Migrate LFS_JWT_SECRET filename
if [[ -e ${oldLfsJwtSecret} && ! -e ${lfsJwtSecret} ]]; then
mv ${oldLfsJwtSecret} ${lfsJwtSecret}
fi
KEY="$(head -n1 ${secretKey})"
if [ ! -e ${oauth2JwtSecret} ]; then
${gitea}/bin/gitea generate secret JWT_SECRET > ${oauth2JwtSecret}
fi
if [ ! -e ${lfsJwtSecret} ]; then
${gitea}/bin/gitea generate secret LFS_JWT_SECRET > ${lfsJwtSecret}
fi
if [ ! -e ${internalToken} ]; then
${gitea}/bin/gitea generate secret INTERNAL_TOKEN > ${internalToken}
fi
SECRETKEY="$(head -n1 ${secretKey})"
DBPASS="$(head -n1 ${cfg.database.passwordFile})"
JWTSECRET="$(head -n1 ${jwtSecret})"
OAUTH2JWTSECRET="$(head -n1 ${oauth2JwtSecret})"
LFSJWTSECRET="$(head -n1 ${lfsJwtSecret})"
INTERNALTOKEN="$(head -n1 ${internalToken})"
${if (cfg.mailerPasswordFile == null) then ''
MAILERPASSWORD="#mailerpass#"
'' else ''
MAILERPASSWORD="$(head -n1 ${cfg.mailerPasswordFile} || :)"
''}
sed -e "s,#secretkey#,$KEY,g" \
sed -e "s,#secretkey#,$SECRETKEY,g" \
-e "s,#dbpass#,$DBPASS,g" \
-e "s,#jwtsecret#,$JWTSECRET,g" \
-e "s,#oauth2jwtsecret#,$OAUTH2JWTSECRET,g" \
-e "s,#lfsjwtsecret#,$LFSJWTSECRET,g" \
-e "s,#internaltoken#,$INTERNALTOKEN,g" \
-e "s,#mailerpass#,$MAILERPASSWORD,g" \
-i ${runConfig}
chmod 640 ${runConfig} ${secretKey} ${jwtSecret}
chmod 640 ${runConfig} ${secretKey} ${oauth2JwtSecret} ${lfsJwtSecret} ${internalToken}
''}
# update all hooks' binary paths
@ -605,5 +637,5 @@ in
timerConfig.OnCalendar = cfg.dump.interval;
};
};
meta.maintainers = with lib.maintainers; [ srhb ];
meta.maintainers = with lib.maintainers; [ srhb ma27 ];
}

View file

@ -736,7 +736,7 @@ in {
environment = gitlabEnv;
path = with pkgs; [
postgresqlPackage
gitAndTools.git
git
ruby
openssh
nodejs
@ -764,7 +764,7 @@ in {
path = with pkgs; [
openssh
procps # See https://gitlab.com/gitlab-org/gitaly/issues/1562
gitAndTools.git
git
cfg.packages.gitaly.rubyEnv
cfg.packages.gitaly.rubyEnv.wrappedRuby
gzip
@ -806,7 +806,7 @@ in {
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
exiftool
gitAndTools.git
git
gnutar
gzip
openssh
@ -854,7 +854,7 @@ in {
environment = gitlabEnv;
path = with pkgs; [
postgresqlPackage
gitAndTools.git
git
openssh
nodejs
procps

View file

@ -227,6 +227,6 @@ in
};
environment.systemPackages = [ pkgs.gitolite pkgs.git ]
++ optional cfg.enableGitAnnex pkgs.gitAndTools.git-annex;
++ optional cfg.enableGitAnnex pkgs.git-annex;
});
}

View file

@ -69,6 +69,9 @@ in {
# i.e. to delegate from the host being accessible as ${config.networking.domain}
# to another host actually running the Matrix homeserver.
"${config.networking.domain}" = {
<link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/server".extraConfig</link> =
let
# use 443 instead of the default 8448 port to unite

View file

@ -0,0 +1,78 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.services.nzbhydra2;
in {
options = {
services.nzbhydra2 = {
enable = mkEnableOption "NZBHydra2";
dataDir = mkOption {
type = types.str;
default = "/var/lib/nzbhydra2";
description = "The directory where NZBHydra2 stores its data files.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description =
"Open ports in the firewall for the NZBHydra2 web interface.";
};
package = mkOption {
type = types.package;
default = pkgs.nzbhydra2;
defaultText = "pkgs.nzbhydra2";
description = "NZBHydra2 package to use.";
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules =
[ "d '${cfg.dataDir}' 0700 nzbhydra2 nzbhydra2 - -" ];
systemd.services.nzbhydra2 = {
description = "NZBHydra2";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "nzbhydra2";
Group = "nzbhydra2";
ExecStart =
"${cfg.package}/bin/nzbhydra2 --nobrowser --datafolder '${cfg.dataDir}'";
Restart = "on-failure";
# Hardening
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
DevicePolicy = "closed";
ProtectSystem = "strict";
ReadWritePaths = cfg.dataDir;
ProtectHome = "read-only";
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies ="AF_UNIX AF_INET AF_INET6 AF_NETLINK";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
LockPersonality = true;
};
};
networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ 5076 ]; };
users.users.nzbhydra2 = {
group = "nzbhydra2";
isSystemUser = true;
};
users.groups.nzbhydra2 = {};
};
}

View file

@ -230,7 +230,7 @@ in
production = {
scm_subversion_command = "${pkgs.subversion}/bin/svn";
scm_mercurial_command = "${pkgs.mercurial}/bin/hg";
scm_git_command = "${pkgs.gitAndTools.git}/bin/git";
scm_git_command = "${pkgs.git}/bin/git";
scm_cvs_command = "${pkgs.cvs}/bin/cvs";
scm_bazaar_command = "${pkgs.breezy}/bin/bzr";
scm_darcs_command = "${pkgs.darcs}/bin/darcs";
@ -299,7 +299,7 @@ in
breezy
cvs
darcs
gitAndTools.git
git
mercurial
subversion
];

View file

@ -370,6 +370,14 @@ let
List of file service discovery configurations.
'';
gce_sd_configs = mkOpt (types.listOf promTypes.gce_sd_config) ''
List of Google Compute Engine service discovery configurations.
See <link
xlink:href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config">the
relevant Prometheus configuration docs</link> for more detail.
'';
static_configs = mkOpt (types.listOf promTypes.static_config) ''
List of labeled target groups for this job.
'';
@ -555,6 +563,52 @@ let
};
};
promTypes.gce_sd_config = types.submodule {
options = {
# Use `mkOption` instead of `mkOpt` for project and zone because they are
# required configuration values for `gce_sd_config`.
project = mkOption {
type = types.str;
description = ''
The GCP Project.
'';
};
zone = mkOption {
type = types.str;
description = ''
The zone of the scrape targets. If you need multiple zones use multiple
gce_sd_configs.
'';
};
filter = mkOpt types.str ''
Filter can be used optionally to filter the instance list by other
criteria Syntax of this filter string is described here in the filter
query parameter section: <link
xlink:href="https://cloud.google.com/compute/docs/reference/latest/instances/list"
/>.
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the cloud instance list.
'';
port = mkDefOpt types.port "80" ''
The port to scrape metrics from. If using the public IP address, this
must instead be specified in the relabeling rule.
'';
tag_separator = mkDefOpt types.str "," ''
The tag separator used to separate concatenated GCE instance network tags.
See the GCP documentation on network tags for more information: <link
xlink:href="https://cloud.google.com/vpc/docs/add-remove-network-tags"
/>
'';
};
};
promTypes.relabel_config = types.submodule {
options = {
source_labels = mkOpt (types.listOf types.str) ''

View file

@ -22,6 +22,11 @@ in {
systemd.packages = [ pkgs.iwd ];
systemd.network.links."80-iwd" = {
matchConfig.Type = "wlan";
linkConfig.NamePolicy = "keep kernel";
};
systemd.services.iwd.wantedBy = [ "multi-user.target" ];
};

View file

@ -109,6 +109,13 @@ in
description = "Host to bind to. Defaults binding on all addresses.";
};
package = mkOption {
type = types.package;
default = pkgs.murmur;
defaultText = "pkgs.murmur";
description = "Overridable attribute of the murmur package to use.";
};
password = mkOption {
type = types.str;
default = "";
@ -299,7 +306,7 @@ in
Type = if forking then "forking" else "simple";
PIDFile = mkIf forking "/run/murmur/murmurd.pid";
EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
ExecStart = "${pkgs.murmur}/bin/murmurd -ini /run/murmur/murmurd.ini";
ExecStart = "${cfg.package}/bin/murmurd -ini /run/murmur/murmurd.ini";
Restart = "always";
RuntimeDirectory = "murmur";
RuntimeDirectoryMode = "0700";

View file

@ -1,34 +1,114 @@
{ config, lib, pkgs, ... }:
{ options, config, lib, pkgs, ... }:
with lib;
let
runDir = "/run/searx";
cfg = config.services.searx;
configFile = cfg.configFile;
generateConfig = ''
cd ${runDir}
# write NixOS settings as JSON
cat <<'EOF' > settings.yml
${builtins.toJSON cfg.settings}
EOF
# substitute environment variables
env -0 | while IFS='=' read -r -d ''' n v; do
sed "s#@$n@#$v#g" -i settings.yml
done
# set strict permissions
chmod 400 settings.yml
'';
settingType = with types; (oneOf
[ bool int float str
(listOf settingType)
(attrsOf settingType)
]) // { description = "JSON value"; };
in
{
imports = [
(mkRenamedOptionModule
[ "services" "searx" "configFile" ]
[ "services" "searx" "settingsFile" ])
];
###### interface
options = {
services.searx = {
enable = mkEnableOption
"the searx server. See https://github.com/asciimoo/searx";
enable = mkOption {
type = types.bool;
default = false;
relatedPackages = [ "searx" ];
description = "Whether to enable Searx, the meta search engine.";
};
configFile = mkOption {
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
description = "
The path of the Searx server configuration file. If no file
is specified, a default file is used (default config file has
debug mode enabled).
";
description = ''
Environment file (see <literal>systemd.exec(5)</literal>
"EnvironmentFile=" section for the syntax) to define variables for
Searx. This option can be used to safely include secret keys into the
Searx configuration.
'';
};
settings = mkOption {
type = types.attrsOf settingType;
default = { };
example = literalExample ''
{ server.port = 8080;
server.bind_address = "0.0.0.0";
server.secret_key = "@SEARX_SECRET_KEY@";
engines = lib.singleton
{ name = "wolframalpha";
shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
};
}
'';
description = ''
Searx settings. These will be merged with (taking precedence over)
the default configuration. It's also possible to refer to
environment variables
(defined in <xref linkend="opt-services.searx.environmentFile"/>)
using the syntax <literal>@VARIABLE_NAME@</literal>.
<note>
<para>
For available settings, see the Searx
<link xlink:href="https://searx.github.io/searx/admin/settings.html">docs</link>.
</para>
</note>
'';
};
settingsFile = mkOption {
type = types.path;
default = "${runDir}/settings.yml";
description = ''
The path of the Searx server settings.yml file. If no file is
specified, a default file is used (default config file has debug mode
enabled). Note: setting this options overrides
<xref linkend="opt-services.searx.settings"/>.
<warning>
<para>
This file, along with any secret key it contains, will be copied
into the world-readable Nix store.
</para>
</warning>
'';
};
package = mkOption {
@ -38,6 +118,38 @@ in
description = "searx package to use.";
};
runInUwsgi = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run searx in uWSGI as a "vassal", instead of using its
built-in HTTP server. This is the recommended mode for public or
large instances, but is unecessary for LAN or local-only use.
<warning>
<para>
The built-in HTTP server logs all queries by default.
</para>
</warning>
'';
};
uwsgiConfig = mkOption {
type = options.services.uwsgi.instance.type;
default = { http = ":8080"; };
example = literalExample ''
{
disable-logging = true;
http = ":8080"; # serve via HTTP...
socket = "/run/searx/searx.sock"; # ...or UNIX socket
}
'';
description = ''
Additional configuration of the uWSGI vassal running searx. It
should notably specify on which interfaces and ports the vassal
should listen.
'';
};
};
};
@ -45,36 +157,74 @@ in
###### implementation
config = mkIf config.services.searx.enable {
users.users.searx =
{ uid = config.ids.uids.searx;
description = "Searx user";
createHome = true;
home = "/var/lib/searx";
};
users.groups.searx =
{ gid = config.ids.gids.searx;
};
systemd.services.searx =
{
description = "Searx server, the meta search engine.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "searx";
ExecStart = "${cfg.package}/bin/searx-run";
};
} // (optionalAttrs (configFile != null) {
environment.SEARX_SETTINGS_PATH = configFile;
});
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
users.users.searx =
{ description = "Searx daemon user";
group = "searx";
isSystemUser = true;
};
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
users.groups.searx = { };
systemd.services.searx-init = {
description = "Initialise Searx settings";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "searx";
RuntimeDirectory = "searx";
RuntimeDirectoryMode = "750";
} // optionalAttrs (cfg.environmentFile != null)
{ EnvironmentFile = builtins.toPath cfg.environmentFile; };
script = generateConfig;
};
systemd.services.searx = mkIf (!cfg.runInUwsgi) {
description = "Searx server, the meta search engine.";
wantedBy = [ "network.target" "multi-user.target" ];
requires = [ "searx-init.service" ];
after = [ "searx-init.service" ];
serviceConfig = {
User = "searx";
Group = "searx";
ExecStart = "${cfg.package}/bin/searx-run";
} // optionalAttrs (cfg.environmentFile != null)
{ EnvironmentFile = builtins.toPath cfg.environmentFile; };
environment.SEARX_SETTINGS_PATH = cfg.settingsFile;
};
systemd.services.uwsgi = mkIf (cfg.runInUwsgi)
{ requires = [ "searx-init.service" ];
after = [ "searx-init.service" ];
};
services.searx.settings = {
# merge NixOS settings with defaults settings.yml
use_default_settings = mkDefault true;
};
services.uwsgi = mkIf (cfg.runInUwsgi) {
enable = true;
plugins = [ "python3" ];
instance.type = "emperor";
instance.vassals.searx = {
type = "normal";
strict = true;
immediate-uid = "searx";
immediate-gid = "searx";
lazy-apps = true;
enable-threads = true;
module = "searx.webapp";
env = [ "SEARX_SETTINGS_PATH=${cfg.settingsFile}" ];
pythonPackages = self: [ cfg.package ];
} // cfg.uwsgiConfig;
};
};
meta.maintainers = with maintainers; [ rnhmjoj ];
}

View file

@ -43,9 +43,9 @@ in
config = mkIf cfg.enable {
services.dbus.packages = [ pkgs.fprintd ];
services.dbus.packages = [ cfg.package ];
environment.systemPackages = [ pkgs.fprintd ];
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];

View file

@ -909,8 +909,11 @@ in
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts =
concatMap (o: optional (isInt o && o > 0 || o ? "port" && isInt o.port && o.port > 0) o.port)
(flatten [
concatMap (o:
if isInt o && o > 0 then [o]
else if o ? "port" && isInt o.port && o.port > 0 then [o.port]
else []
) (flatten [
cfg.settings.ORPort
cfg.settings.DirPort
]);

View file

@ -44,7 +44,7 @@ let
in
{
options.services.ihatemoney = {
enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode running as root";
enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode";
backend = mkOption {
type = types.enum [ "sqlite" "postgresql" ];
default = "sqlite";
@ -116,16 +116,13 @@ in
services.uwsgi = {
enable = true;
plugins = [ "python3" ];
# the vassal needs to be able to setuid
user = "root";
group = "root";
instance = {
type = "emperor";
vassals.ihatemoney = {
type = "normal";
strict = true;
uid = user;
gid = group;
immediate-uid = user;
immediate-gid = group;
# apparently flask uses threads: https://github.com/spiral-project/ihatemoney/commit/c7815e48781b6d3a457eaff1808d179402558f8c
enable-threads = true;
module = "wsgi:application";

View file

@ -0,0 +1,45 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.whitebophir;
in {
options = {
services.whitebophir = {
enable = mkEnableOption "whitebophir, an online collaborative whiteboard server (persistent state will be maintained under <filename>/var/lib/whitebophir</filename>)";
package = mkOption {
default = pkgs.whitebophir;
defaultText = "pkgs.whitebophir";
type = types.package;
description = "Whitebophir package to use.";
};
port = mkOption {
type = types.port;
default = 5001;
description = "Port to bind to.";
};
};
};
config = mkIf cfg.enable {
systemd.services.whitebophir = {
description = "Whitebophir Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
PORT = "${toString cfg.port}";
WBO_HISTORY_DIR = "/var/lib/whitebophir";
};
serviceConfig = {
DynamicUser = true;
ExecStart = "${cfg.package}/bin/whitebophir";
Restart = "always";
StateDirectory = "whitebophir";
};
};
};
}

View file

@ -5,11 +5,24 @@ with lib;
let
cfg = config.services.uwsgi;
isEmperor = cfg.instance.type == "emperor";
imperialPowers =
[
# spawn other user processes
"CAP_SETUID" "CAP_SETGID"
"CAP_SYS_CHROOT"
# transfer capabilities
"CAP_SETPCAP"
# create other user sockets
"CAP_CHOWN"
];
buildCfg = name: c:
let
plugins =
if any (n: !any (m: m == n) cfg.plugins) (c.plugins or [])
then throw "`plugins` attribute in UWSGI configuration contains plugins not in config.services.uwsgi.plugins"
then throw "`plugins` attribute in uWSGI configuration contains plugins not in config.services.uwsgi.plugins"
else c.plugins or cfg.plugins;
hasPython = v: filter (n: n == "python${v}") plugins != [];
@ -18,7 +31,7 @@ let
python =
if hasPython2 && hasPython3 then
throw "`plugins` attribute in UWSGI configuration shouldn't contain both python2 and python3"
throw "`plugins` attribute in uWSGI configuration shouldn't contain both python2 and python3"
else if hasPython2 then cfg.package.python2
else if hasPython3 then cfg.package.python3
else null;
@ -43,7 +56,7 @@ let
oldPaths = filter (x: x != null) (map getPath env');
in env' ++ [ "PATH=${optionalString (oldPaths != []) "${last oldPaths}:"}${pythonEnv}/bin" ];
}
else if c.type == "emperor"
else if isEmperor
then {
emperor = if builtins.typeOf c.vassals != "set" then c.vassals
else pkgs.buildEnv {
@ -51,7 +64,7 @@ let
paths = mapAttrsToList buildCfg c.vassals;
};
} // removeAttrs c [ "type" "vassals" ]
else throw "`type` attribute in UWSGI configuration should be either 'normal' or 'emperor'";
else throw "`type` attribute in uWSGI configuration should be either 'normal' or 'emperor'";
};
in pkgs.writeTextDir "${name}.json" (builtins.toJSON uwsgiCfg);
@ -79,7 +92,7 @@ in {
};
instance = mkOption {
type = with lib.types; let
type = with types; let
valueType = nullOr (oneOf [
bool
int
@ -137,31 +150,65 @@ in {
user = mkOption {
type = types.str;
default = "uwsgi";
description = "User account under which uwsgi runs.";
description = "User account under which uWSGI runs.";
};
group = mkOption {
type = types.str;
default = "uwsgi";
description = "Group account under which uwsgi runs.";
description = "Group account under which uWSGI runs.";
};
capabilities = mkOption {
type = types.listOf types.str;
apply = caps: caps ++ optionals isEmperor imperialPowers;
default = [ ];
example = literalExample ''
[
"CAP_NET_BIND_SERVICE" # bind on ports <1024
"CAP_NET_RAW" # open raw sockets
]
'';
description = ''
Grant capabilities to the uWSGI instance. See the
<literal>capabilities(7)</literal> for available values.
<note>
<para>
uWSGI runs as an unprivileged user (even as Emperor) with the minimal
capabilities required. This option can be used to add fine-grained
permissions without running the service as root.
</para>
<para>
When in Emperor mode, any capability to be inherited by a vassal must
be specified again in the vassal configuration using <literal>cap</literal>.
See the uWSGI <link
xlink:href="https://uwsgi-docs.readthedocs.io/en/latest/Capabilities.html">docs</link>
for more information.
</para>
</note>
'';
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = optional (cfg.runDir != "/run/uwsgi") ''
d ${cfg.runDir} 775 ${cfg.user} ${cfg.group}
'';
systemd.services.uwsgi = {
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p ${cfg.runDir}
chown ${cfg.user}:${cfg.group} ${cfg.runDir}
'';
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Type = "notify";
ExecStart = "${cfg.package}/bin/uwsgi --uid ${cfg.user} --gid ${cfg.group} --json ${buildCfg "server" cfg.instance}/server.json";
ExecStart = "${cfg.package}/bin/uwsgi --json ${buildCfg "server" cfg.instance}/server.json";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
NotifyAccess = "main";
KillSignal = "SIGQUIT";
AmbientCapabilities = cfg.capabilities;
CapabilityBoundingSet = cfg.capabilities;
};
};

View file

@ -19,7 +19,7 @@ let
defaultFavoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
'';
nixos-gsettings-desktop-schemas = let
@ -409,9 +409,7 @@ in
baobab
cheese
eog
/* Not in good standing on nixos:
* https://github.com/NixOS/nixpkgs/issues/98819
/* epiphany */
epiphany
gedit
gnome-calculator
gnome-calendar

View file

@ -15,10 +15,10 @@ in
services.xserver.windowManager.session = singleton {
name = "clfswm";
start = ''
${pkgs.clfswm}/bin/clfswm &
${pkgs.lispPackages.clfswm}/bin/clfswm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.clfswm ];
environment.systemPackages = [ pkgs.lispPackages.clfswm ];
};
}

View file

@ -13,6 +13,7 @@ in
./berry.nix
./bspwm.nix
./cwm.nix
./clfswm.nix
./dwm.nix
./evilwm.nix
./exwm.nix

View file

@ -48,7 +48,7 @@ in
description = ''
Extra packages available to Emacs. The value must be a
function which receives the attrset defined in
<varname>emacsPackages</varname> as the sole argument.
<varname>emacs.pkgs</varname> as the sole argument.
'';
};
};

View file

@ -20,7 +20,7 @@ let
timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
isAarch64 = pkgs.stdenv.hostPlatform.isAarch64;
optional = pkgs.stdenv.lib.optionalString;
optional = pkgs.lib.optionalString;
configTxt =
pkgs.writeText "config.txt" (''

View file

@ -22,7 +22,7 @@ let
rootModules = config.boot.initrd.availableKernelModules ++ config.boot.initrd.kernelModules;
kernel = modulesTree;
firmware = firmware;
allowMissing = true;
allowMissing = false;
};
@ -513,7 +513,12 @@ in
};
boot.initrd.compressor = mkOption {
default = "gzip";
default = (
if lib.versionAtLeast config.boot.kernelPackages.kernel.version "5.9"
then "zstd"
else "gzip"
);
defaultText = "zstd if the kernel supports it (5.9+), gzip if not.";
type = types.unspecified; # We don't have a function type...
description = ''
The compressor to use on the initrd image. May be any of:

View file

@ -34,6 +34,7 @@ with lib;
{
what = "tmpfs";
where = "/tmp";
type = "tmpfs";
mountConfig.Options = [ "mode=1777" "strictatime" "rw" "nosuid" "nodev" "size=50%" ];
}
];

View file

@ -155,13 +155,11 @@ in
users.groups.docker.gid = config.ids.gids.docker;
systemd.packages = [ cfg.package ];
# TODO: remove once docker 20.10 is released
systemd.enableUnifiedCgroupHierarchy = false;
systemd.services.docker = {
wantedBy = optional cfg.enableOnBoot "multi-user.target";
environment = proxy_env;
serviceConfig = {
Type = "notify";
ExecStart = [
""
''
@ -215,13 +213,10 @@ in
message = "Option enableNvidia requires 32bit support libraries";
}];
}
(mkIf cfg.enableNvidia {
environment.etc."nvidia-container-runtime/config.toml".source = "${pkgs.nvidia-docker}/etc/config.toml";
})
]);
imports = [
(mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed in favor of starting docker at boot")
(mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed and socket activation is now always active")
];
}

View file

@ -329,24 +329,24 @@ let self = {
"20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86";
"20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d";
# 20.09.1632.a6a3a368dda
"20.09".eu-west-1.hvm-ebs = "ami-01a79d5ce435f4db3";
"20.09".eu-west-2.hvm-ebs = "ami-0cbe14f32904e6331";
"20.09".eu-west-3.hvm-ebs = "ami-07f493412d6213de6";
"20.09".eu-central-1.hvm-ebs = "ami-01d4a0c2248cbfe38";
"20.09".eu-north-1.hvm-ebs = "ami-0003f54dd99d68e0f";
"20.09".us-east-1.hvm-ebs = "ami-068a62d478710462d";
"20.09".us-east-2.hvm-ebs = "ami-01ac677ff61399caa";
"20.09".us-west-1.hvm-ebs = "ami-04befdb203b4b17f6";
"20.09".us-west-2.hvm-ebs = "ami-0fb7bd4a43261c6b2";
"20.09".ca-central-1.hvm-ebs = "ami-06d5ee429f153f856";
"20.09".ap-southeast-1.hvm-ebs = "ami-0db0304e23c535b2a";
"20.09".ap-southeast-2.hvm-ebs = "ami-045983c4db7e36447";
"20.09".ap-northeast-1.hvm-ebs = "ami-0beb18d632cf64e5a";
"20.09".ap-northeast-2.hvm-ebs = "ami-0dd0316af578862db";
"20.09".ap-south-1.hvm-ebs = "ami-008d15ced81c88aed";
"20.09".ap-east-1.hvm-ebs = "ami-071f49713f86ea965";
"20.09".sa-east-1.hvm-ebs = "ami-05ded1ae35209b5a8";
# 20.09.2016.19db3e5ea27
"20.09".eu-west-1.hvm-ebs = "ami-0057cb7d614329fa2";
"20.09".eu-west-2.hvm-ebs = "ami-0d46f16e0bb0ec8fd";
"20.09".eu-west-3.hvm-ebs = "ami-0e8985c3ea42f87fe";
"20.09".eu-central-1.hvm-ebs = "ami-0eed77c38432886d2";
"20.09".eu-north-1.hvm-ebs = "ami-0be5bcadd632bea14";
"20.09".us-east-1.hvm-ebs = "ami-0a2cce52b42daccc8";
"20.09".us-east-2.hvm-ebs = "ami-09378bf487b07a4d8";
"20.09".us-west-1.hvm-ebs = "ami-09b4337b2a9e77485";
"20.09".us-west-2.hvm-ebs = "ami-081d3bb5fbee0a1ac";
"20.09".ca-central-1.hvm-ebs = "ami-020c24c6c607e7ac7";
"20.09".ap-southeast-1.hvm-ebs = "ami-08f648d5db009e67d";
"20.09".ap-southeast-2.hvm-ebs = "ami-0be390efaccbd40f9";
"20.09".ap-northeast-1.hvm-ebs = "ami-0c3311601cbe8f927";
"20.09".ap-northeast-2.hvm-ebs = "ami-0020146701f4d56cf";
"20.09".ap-south-1.hvm-ebs = "ami-0117e2bd876bb40d1";
"20.09".ap-east-1.hvm-ebs = "ami-0c42f97e5b1fda92f";
"20.09".sa-east-1.hvm-ebs = "ami-021637976b094959d";
latest = self."20.09";
}; in self

View file

@ -2,7 +2,6 @@
let
cfg = config.virtualisation.podman;
toml = pkgs.formats.toml { };
nvidia-docker = pkgs.nvidia-docker.override { containerRuntimePath = "${pkgs.runc}/bin/runc"; };
inherit (lib) mkOption types;
@ -100,8 +99,8 @@ in
containersConf.extraConfig = lib.optionalString cfg.enableNvidia
(builtins.readFile (toml.generate "podman.nvidia.containers.conf" {
engine = {
conmon_env_vars = [ "PATH=${lib.makeBinPath [ nvidia-docker ]}" ];
runtimes.nvidia = [ "${nvidia-docker}/bin/nvidia-container-runtime" ];
conmon_env_vars = [ "PATH=${lib.makeBinPath [ pkgs.nvidia-podman ]}" ];
runtimes.nvidia = [ "${pkgs.nvidia-podman}/bin/nvidia-container-runtime" ];
};
}));
};
@ -111,14 +110,7 @@ in
assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
message = "Option dockerCompat conflicts with docker";
}
{
assertion = cfg.enableNvidia -> !config.virtualisation.docker.enableNvidia;
message = "Option enableNvidia conflicts with docker.enableNvidia";
}
];
}
(lib.mkIf cfg.enableNvidia {
environment.etc."nvidia-container-runtime/config.toml".source = "${nvidia-docker}/etc/podman-config.toml";
})
]);
}

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "3proxy";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ misuzu ];
};

View file

@ -9,7 +9,7 @@ let
in
{
name = "agda";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ alexarice turion ];
};

View file

@ -274,6 +274,7 @@ in
novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
nsd = handleTest ./nsd.nix {};
nzbget = handleTest ./nzbget.nix {};
nzbhydra2 = handleTest ./nzbhydra2.nix {};
oh-my-zsh = handleTest ./oh-my-zsh.nix {};
openarena = handleTest ./openarena.nix {};
openldap = handleTest ./openldap.nix {};
@ -341,6 +342,7 @@ in
sbt-extras = handleTest ./sbt-extras.nix {};
scala = handleTest ./scala.nix {};
sddm = handleTest ./sddm.nix {};
searx = handleTest ./searx.nix {};
service-runner = handleTest ./service-runner.nix {};
shadow = handleTest ./shadow.nix {};
shadowsocks = handleTest ./shadowsocks {};

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "ammonite";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ nequissimus ];
};

View file

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
{
name = "atd";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ bjornfor ];
};

View file

@ -8,7 +8,7 @@
# Test whether `avahi-daemon' and `libnss-mdns' work as expected.
import ./make-test-python.nix {
name = "avahi";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ eelco ];
};

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "awscli";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ nequissimus ];
};

View file

@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, lib, ...} : {
name = "babeld";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ hexa ];
};

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "bat";
meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; };
meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus ]; };
machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.bat ]; };

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "bcachefs";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ chiiruno ];
meta.maintainers = with pkgs.lib.maintainers; [ chiiruno ];
machine = { pkgs, ... }: {
virtualisation.emptyDiskImages = [ 4096 ];

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "bitcoind";
meta = with pkgs.stdenv.lib; {
meta = with pkgs.lib; {
maintainers = with maintainers; [ _1000101 ];
};

View file

@ -35,7 +35,7 @@ in
{
name = "bittorrent";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ domenkozar eelco rob bobvanderlinden ];
};

View file

@ -27,7 +27,7 @@ let
makeBitwardenTest = backend: makeTest {
name = "bitwarden_rs-${backend}";
meta = {
maintainers = with pkgs.stdenv.lib.maintainers; [ jjjollyjim ];
maintainers = with pkgs.lib.maintainers; [ jjjollyjim ];
};
nodes = {

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "blockbook-frontend";
meta = with pkgs.stdenv.lib; {
meta = with pkgs.lib; {
maintainers = with maintainers; [ _1000101 ];
};

View file

@ -158,5 +158,5 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.succeed('pgrep -a -f "^kcanary$"')
'';
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ aszlig ];
meta.maintainers = with pkgs.lib.maintainers; [ aszlig ];
})

View file

@ -36,7 +36,7 @@ let
in {
name = "borgbackup";
meta = with pkgs.stdenv.lib; {
meta = with pkgs.lib; {
maintainers = with maintainers; [ dotlambda ];
};

View file

@ -109,5 +109,5 @@ import ./make-test-python.nix {
bbworker.fail("nc -z bbmaster 8011")
'';
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ nand0p ];
meta.maintainers = with pkgs.lib.maintainers; [ nand0p ];
} {}

View file

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
{
name = "buildkite-agent";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ flokli ];
};

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "caddy";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ xfix Br1ght0ne ];
};

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... } : {
name = "cadvisor";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ offline ];
};

View file

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
{
name = "cage";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ matthewbauer flokli ];
};

View file

@ -9,7 +9,7 @@ let
in
{
name = "cagebreak";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ berbiche ];
};

View file

@ -218,7 +218,7 @@ let
'';
in {
name = "basic-multi-node-ceph-cluster";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ lejonet ];
};

View file

@ -184,7 +184,7 @@ let
'';
in {
name = "basic-single-node-ceph-cluster";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ lejonet johanot ];
};

View file

@ -11,7 +11,7 @@ import ./make-test-python.nix ({ pkgs, ...} : let
in {
name = "charliecloud";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ bzizou ];
};

View file

@ -19,7 +19,7 @@ in
import ./make-test-python.nix ({ pkgs, ...} : {
name = "cjdns";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ ehmry ];
};

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "clickhouse";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
meta.maintainers = with pkgs.lib.maintainers; [ ma27 ];
machine = {
services.clickhouse.enable = true;

View file

@ -40,7 +40,7 @@ let
};
in makeTest {
name = "cloud-init";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ lewo ];
};
machine = { ... }:

View file

@ -99,7 +99,7 @@ let
in import ./make-test-python.nix ({ pkgs, ...} : {
name = "cockroachdb";
meta.maintainers = with pkgs.stdenv.lib.maintainers;
meta.maintainers = with pkgs.lib.maintainers;
[ thoughtpolice ];
nodes = {

View file

@ -9,7 +9,7 @@ in
import ./make-test-python.nix ({ pkgs, ...} : {
name = "containers-bridge";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ aristid aszlig eelco kampfschlaefer ];
};

View file

@ -2,7 +2,7 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "containers-extra_veth";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ kampfschlaefer ];
};

View file

@ -2,7 +2,7 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "containers-hosts";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ montag451 ];
};

Some files were not shown because too many files have changed in this diff Show more