Project import generated by Copybara.
GitOrigin-RevId: d603719ec6e294f034936c0d0dc06f689d91b6c3
This commit is contained in:
parent
b2ffaee37b
commit
bcb2f287e1
10042 changed files with 114819 additions and 64785 deletions
third_party/nixpkgs
.github
doc
build-helpers
default.nixfunctions/library
hooks
languages-frameworks
android.section.mddart.section.mdhare.section.mdhaskell.section.mdindex.mdjavascript.section.mdpython.section.mdrust.section.md
packages
stdenv.mdstdenv
lib
maintainers
nixos
doc/manual
configuration
development
release-notes
lib
modules
config
hardware
installer/netboot
misc
module-list.nixprograms
security/krb5
services
admin
audio
databases
desktop-managers
desktops
display-managers
games
hardware
logging
mail
matrix
misc
amazon-ssm-agent.nixanki-sync-server.mdgraphical-desktop.nixjellyfin.nixmqtt2influxdb.nixopen-webui.nixpghero.nixrenovate.nixsnapper.nix
monitoring
network-filesystems
networking
7
third_party/nixpkgs/.github/labeler.yml
vendored
7
third_party/nixpkgs/.github/labeler.yml
vendored
|
@ -145,6 +145,12 @@
|
|||
- any-glob-to-any-file:
|
||||
- lib/**
|
||||
|
||||
"6.topic: llvm/clang":
|
||||
- any:
|
||||
- changed-files:
|
||||
- any-glob-to-any-file:
|
||||
- pkgs/development/compilers/llvm/*
|
||||
|
||||
"6.topic: lua":
|
||||
- any:
|
||||
- changed-files:
|
||||
|
@ -212,6 +218,7 @@
|
|||
- pkgs/development/node-packages/**/*
|
||||
- pkgs/development/tools/yarn/*
|
||||
- pkgs/development/tools/yarn2nix-moretea/**/*
|
||||
- pkgs/development/tools/pnpm/**/*
|
||||
- pkgs/development/web/nodejs/*
|
||||
|
||||
"6.topic: ocaml":
|
||||
|
|
|
@ -4,6 +4,7 @@ on:
|
|||
branches:
|
||||
- 'release-**'
|
||||
- 'staging-**'
|
||||
- '!staging-next'
|
||||
|
||||
permissions: {}
|
||||
|
||||
|
|
|
@ -39,6 +39,9 @@ jobs:
|
|||
pkgs/development/cuda-modules
|
||||
pkgs/test/cuda
|
||||
pkgs/top-level/cuda-packages.nix
|
||||
NIX_FMT_PATHS_MAINTAINERS: |
|
||||
maintainers/maintainer-list.nix
|
||||
maintainers/team-list.nix
|
||||
NIX_FMT_PATHS_K3S: |
|
||||
nixos/modules/services/cluster/k3s
|
||||
nixos/tests/k3s
|
||||
|
|
|
@ -365,8 +365,8 @@ If `pname` and `version` are specified, `fetchurl` will use those values and wil
|
|||
_Default value:_ `{}`.
|
||||
|
||||
`passthru` (Attribute Set; _optional_)
|
||||
: Specifies any extra [passthru](#var-stdenv-passthru) attributes for the derivation returned by `fetchurl`.
|
||||
Note that `fetchurl` defines [passthru attributes of its own](#ssec-pkgs-fetchers-fetchurl-passthru-outputs).
|
||||
: Specifies any extra [`passthru`](#chap-passthru) attributes for the derivation returned by `fetchurl`.
|
||||
Note that `fetchurl` defines [`passthru` attributes of its own](#ssec-pkgs-fetchers-fetchurl-passthru-outputs).
|
||||
Attributes specified in `passthru` can override the default attributes returned by `fetchurl`.
|
||||
|
||||
_Default value:_ `{}`.
|
||||
|
@ -387,7 +387,7 @@ If `pname` and `version` are specified, `fetchurl` will use those values and wil
|
|||
|
||||
### Passthru outputs {#ssec-pkgs-fetchers-fetchurl-passthru-outputs}
|
||||
|
||||
`fetchurl` also defines its own [`passthru`](#var-stdenv-passthru) attributes:
|
||||
`fetchurl` also defines its own [`passthru`](#chap-passthru) attributes:
|
||||
|
||||
`url` (String)
|
||||
|
||||
|
|
|
@ -191,7 +191,7 @@ Similarly, if you encounter errors similar to `Error_Protocol ("certificate has
|
|||
|
||||
### Passthru outputs {#ssec-pkgs-dockerTools-buildImage-passthru-outputs}
|
||||
|
||||
`buildImage` defines a few [`passthru`](#var-stdenv-passthru) attributes:
|
||||
`buildImage` defines a few [`passthru`](#chap-passthru) attributes:
|
||||
|
||||
`buildArgs` (Attribute Set)
|
||||
|
||||
|
@ -576,13 +576,13 @@ This allows the function to produce reproducible images.
|
|||
|
||||
`passthru` (Attribute Set; _optional_)
|
||||
|
||||
: Use this to pass any attributes as [passthru](#var-stdenv-passthru) for the resulting derivation.
|
||||
: Use this to pass any attributes as [`passthru`](#chap-passthru) for the resulting derivation.
|
||||
|
||||
_Default value:_ `{}`
|
||||
|
||||
### Passthru outputs {#ssec-pkgs-dockerTools-streamLayeredImage-passthru-outputs}
|
||||
|
||||
`streamLayeredImage` also defines its own [`passthru`](#var-stdenv-passthru) attributes:
|
||||
`streamLayeredImage` also defines its own [`passthru`](#chap-passthru) attributes:
|
||||
|
||||
`imageTag` (String)
|
||||
|
||||
|
|
29
third_party/nixpkgs/doc/default.nix
vendored
29
third_party/nixpkgs/doc/default.nix
vendored
|
@ -2,6 +2,7 @@
|
|||
let
|
||||
inherit (pkgs) lib;
|
||||
inherit (lib) hasPrefix removePrefix;
|
||||
fs = lib.fileset;
|
||||
|
||||
common = import ./common.nix;
|
||||
|
||||
|
@ -99,20 +100,30 @@ in pkgs.stdenv.mkDerivation {
|
|||
nixos-render-docs
|
||||
];
|
||||
|
||||
src = ./.;
|
||||
src = fs.toSource {
|
||||
root = ./.;
|
||||
fileset = fs.unions [
|
||||
(fs.fileFilter (file:
|
||||
file.hasExt "md"
|
||||
|| file.hasExt "md.in"
|
||||
) ./.)
|
||||
./style.css
|
||||
./anchor-use.js
|
||||
./anchor.min.js
|
||||
./manpage-urls.json
|
||||
];
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
ln -s ${optionsDoc.optionsJSON}/share/doc/nixos/options.json ./config-options.json
|
||||
'';
|
||||
|
||||
buildPhase = let
|
||||
pythonInterpreterTable = pkgs.callPackage ./doc-support/python-interpreter-table.nix {};
|
||||
pythonSection = with lib.strings; replaceStrings
|
||||
[ "@python-interpreter-table@" ]
|
||||
[ pythonInterpreterTable ]
|
||||
(readFile ./languages-frameworks/python.section.md);
|
||||
in ''
|
||||
cp ${builtins.toFile "python.section.md" pythonSection} ./languages-frameworks/python.section.md
|
||||
pythonInterpreterTable = pkgs.callPackage ./doc-support/python-interpreter-table.nix {};
|
||||
|
||||
passAsFile = [ "pythonInterpreterTable" ];
|
||||
|
||||
buildPhase = ''
|
||||
substituteInPlace ./languages-frameworks/python.section.md --subst-var-by python-interpreter-table "$(<"$pythonInterpreterTablePath")"
|
||||
|
||||
cat \
|
||||
./functions/library.md.in \
|
||||
|
|
4
third_party/nixpkgs/doc/hooks/waf.section.md
vendored
4
third_party/nixpkgs/doc/hooks/waf.section.md
vendored
|
@ -20,10 +20,6 @@ If `wafPath` doesn't exist, then `wafHook` will copy the `waf` provided from Nix
|
|||
|
||||
Controls the flags passed to waf tool during build and install phases. For settings specific to build or install phases, use `wafBuildFlags` or `wafInstallFlags` respectively.
|
||||
|
||||
#### `dontAddWafCrossFlags` {#dont-add-waf-cross-flags}
|
||||
|
||||
When set to `true`, don't add cross compilation flags during configure phase.
|
||||
|
||||
#### `dontUseWafConfigure` {#dont-use-waf-configure}
|
||||
|
||||
When set to true, don't use the predefined `wafConfigurePhase`.
|
||||
|
|
|
@ -3,10 +3,36 @@
|
|||
The Android build environment provides three major features and a number of
|
||||
supporting features.
|
||||
|
||||
## Using androidenv with Android Studio {#using-androidenv-with-android-studio}
|
||||
|
||||
Use the `android-studio-full` attribute for a very complete Android SDK, including system images:
|
||||
|
||||
```nix
|
||||
buildInputs = [ android-studio-full ];
|
||||
```
|
||||
|
||||
This is identical to:
|
||||
|
||||
```nix
|
||||
buildInputs = [ androidStudioPackages.stable.full ];
|
||||
```
|
||||
|
||||
Alternatively, you can pass composeAndroidPackages to the `withSdk` passthru:
|
||||
|
||||
```nix
|
||||
buildInputs = [
|
||||
(android-studio.withSdk (androidenv.composeAndroidPackages {
|
||||
includeNDK = true;
|
||||
}).androidsdk)
|
||||
];
|
||||
```
|
||||
|
||||
These will export ANDROID_SDK_ROOT and ANDROID_NDK_ROOT to the SDK and NDK directories
|
||||
in the specified Android build environment.
|
||||
|
||||
## Deploying an Android SDK installation with plugins {#deploying-an-android-sdk-installation-with-plugins}
|
||||
|
||||
The first use case is deploying the SDK with a desired set of plugins or subsets
|
||||
of an SDK.
|
||||
Alternatively, you can deploy the SDK separately with a desired set of plugins, or subsets of an SDK.
|
||||
|
||||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
@ -145,16 +171,14 @@ androidComposition.platform-tools
|
|||
## Using predefined Android package compositions {#using-predefined-android-package-compositions}
|
||||
|
||||
In addition to composing an Android package set manually, it is also possible
|
||||
to use a predefined composition that contains all basic packages for a specific
|
||||
Android version, such as version 9.0 (API-level 28).
|
||||
to use a predefined composition that contains a fairly complete set of Android packages:
|
||||
|
||||
The following Nix expression can be used to deploy the entire SDK with all basic
|
||||
plugins:
|
||||
The following Nix expression can be used to deploy the entire SDK:
|
||||
|
||||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
||||
androidenv.androidPkgs_9_0.androidsdk
|
||||
androidenv.androidPkgs.androidsdk
|
||||
```
|
||||
|
||||
It is also possible to use one plugin only:
|
||||
|
@ -162,50 +186,9 @@ It is also possible to use one plugin only:
|
|||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
||||
androidenv.androidPkgs_9_0.platform-tools
|
||||
androidenv.androidPkgs.platform-tools
|
||||
```
|
||||
|
||||
## Building an Android application {#building-an-android-application}
|
||||
|
||||
In addition to the SDK, it is also possible to build an Ant-based Android
|
||||
project and automatically deploy all the Android plugins that a project
|
||||
requires.
|
||||
|
||||
|
||||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
||||
androidenv.buildApp {
|
||||
name = "MyAndroidApp";
|
||||
src = ./myappsources;
|
||||
release = true;
|
||||
|
||||
# If release is set to true, you need to specify the following parameters
|
||||
keyStore = ./keystore;
|
||||
keyAlias = "myfirstapp";
|
||||
keyStorePassword = "mykeystore";
|
||||
keyAliasPassword = "myfirstapp";
|
||||
|
||||
# Any Android SDK parameters that install all the relevant plugins that a
|
||||
# build requires
|
||||
platformVersions = [ "24" ];
|
||||
|
||||
# When we include the NDK, then ndk-build is invoked before Ant gets invoked
|
||||
includeNDK = true;
|
||||
}
|
||||
```
|
||||
|
||||
Aside from the app-specific build parameters (`name`, `src`, `release` and
|
||||
keystore parameters), the `buildApp {}` function supports all the function
|
||||
parameters that the SDK composition function (the function shown in the
|
||||
previous section) supports.
|
||||
|
||||
This build function is particularly useful when it is desired to use
|
||||
[Hydra](https://nixos.org/hydra): the Nix-based continuous integration solution
|
||||
to build Android apps. An Android APK gets exposed as a build product and can be
|
||||
installed on any Android device with a web browser by navigating to the build
|
||||
result page.
|
||||
|
||||
## Spawning emulator instances {#spawning-emulator-instances}
|
||||
|
||||
For testing purposes, it can also be quite convenient to automatically generate
|
||||
|
@ -349,3 +332,44 @@ To update the expressions run the `generate.sh` script that is stored in the
|
|||
```bash
|
||||
./generate.sh
|
||||
```
|
||||
|
||||
## Building an Android application with Ant {#building-an-android-application-with-ant}
|
||||
|
||||
In addition to the SDK, it is also possible to build an Ant-based Android
|
||||
project and automatically deploy all the Android plugins that a project
|
||||
requires. Most newer Android projects use Gradle, and this is included for historical
|
||||
purposes.
|
||||
|
||||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
||||
androidenv.buildApp {
|
||||
name = "MyAndroidApp";
|
||||
src = ./myappsources;
|
||||
release = true;
|
||||
|
||||
# If release is set to true, you need to specify the following parameters
|
||||
keyStore = ./keystore;
|
||||
keyAlias = "myfirstapp";
|
||||
keyStorePassword = "mykeystore";
|
||||
keyAliasPassword = "myfirstapp";
|
||||
|
||||
# Any Android SDK parameters that install all the relevant plugins that a
|
||||
# build requires
|
||||
platformVersions = [ "24" ];
|
||||
|
||||
# When we include the NDK, then ndk-build is invoked before Ant gets invoked
|
||||
includeNDK = true;
|
||||
}
|
||||
```
|
||||
|
||||
Aside from the app-specific build parameters (`name`, `src`, `release` and
|
||||
keystore parameters), the `buildApp {}` function supports all the function
|
||||
parameters that the SDK composition function (the function shown in the
|
||||
previous section) supports.
|
||||
|
||||
This build function is particularly useful when it is desired to use
|
||||
[Hydra](https://nixos.org/hydra): the Nix-based continuous integration solution
|
||||
to build Android apps. An Android APK gets exposed as a build product and can be
|
||||
installed on any Android device with a web browser by navigating to the build
|
||||
result page.
|
||||
|
|
|
@ -98,10 +98,12 @@ The function `buildFlutterApplication` builds Flutter applications.
|
|||
|
||||
See the [Dart documentation](#ssec-dart-applications) for more details on required files and arguments.
|
||||
|
||||
`flutter` in Nixpkgs always points to `flutterPackages.stable`, which is the latest packaged version. To avoid unforeseen breakage during upgrade, packages in Nixpkgs should use a specific flutter version, such as `flutter319` and `flutter322`, instead of using `flutter` directly.
|
||||
|
||||
```nix
|
||||
{ flutter, fetchFromGitHub }:
|
||||
|
||||
flutter.buildFlutterApplication {
|
||||
flutter322.buildFlutterApplication {
|
||||
pname = "firmware-updater";
|
||||
version = "0-unstable-2023-04-30";
|
||||
|
||||
|
|
53
third_party/nixpkgs/doc/languages-frameworks/hare.section.md
vendored
Normal file
53
third_party/nixpkgs/doc/languages-frameworks/hare.section.md
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
# Hare {#sec-language-hare}
|
||||
|
||||
## Building Hare programs with `hareHook` {#ssec-language-hare}
|
||||
|
||||
The `hareHook` package sets up the environment for building Hare programs by
|
||||
doing the following:
|
||||
|
||||
1. Setting the `HARECACHE`, `HAREPATH` and `NIX_HAREFLAGS` environment variables;
|
||||
1. Propagating `harec`, `qbe` and two wrapper scripts for the hare binary.
|
||||
|
||||
It is not a function as is the case for some other languages --- *e. g.*, Go or
|
||||
Rust ---, but a package to be added to `nativeBuildInputs`.
|
||||
|
||||
## Attributes of `hareHook` {#hareHook-attributes}
|
||||
|
||||
The following attributes are accepted by `hareHook`:
|
||||
|
||||
1. `hareBuildType`: Either `release` (default) or `debug`. It controls if the
|
||||
`-R` flag is added to `NIX_HAREFLAGS`.
|
||||
|
||||
## Example for `hareHook` {#ex-hareHook}
|
||||
|
||||
```nix
|
||||
{
|
||||
hareHook,
|
||||
lib,
|
||||
stdenv,
|
||||
}: stdenv.mkDerivation {
|
||||
pname = "<name>";
|
||||
version = "<version>";
|
||||
src = "<src>";
|
||||
|
||||
nativeBuildInputs = [ hareHook ];
|
||||
|
||||
meta = {
|
||||
description = "<description>";
|
||||
inherit (hareHook) badPlatforms platforms;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## Cross Compilation {#hareHook-cross-compilation}
|
||||
|
||||
`hareHook` should handle cross compilation out of the box. This is the main
|
||||
purpose of `NIX_HAREFLAGS`: In it, the `-a` flag is passed with the architecture
|
||||
of the `hostPlatform`.
|
||||
|
||||
However, manual intervention may be needed when a binary compiled by the build
|
||||
process must be run for the build to complete --- *e. g.*, when using Hare's
|
||||
`hare` module for code generation.
|
||||
|
||||
In those cases, `hareHook` provides the `hare-native` script, which is a wrapper
|
||||
around the hare binary for using the native (`buildPlatform`) toolchain.
|
|
@ -923,14 +923,61 @@ for this to work.
|
|||
|
||||
`justStaticExecutables drv`
|
||||
: Only build and install the executables produced by `drv`, removing everything
|
||||
that may refer to other Haskell packages' store paths (like libraries and
|
||||
documentation). This dramatically reduces the closure size of the resulting
|
||||
derivation. Note that the executables are only statically linked against their
|
||||
Haskell dependencies, but will still link dynamically against libc, GMP and
|
||||
other system library dependencies. If dependencies use their Cabal-generated
|
||||
`Paths_*` module, this may not work as well if GHC's dead code elimination
|
||||
is unable to remove the references to the dependency's store path that module
|
||||
contains.
|
||||
that may refer to other Haskell packages' store paths (like libraries and
|
||||
documentation). This dramatically reduces the closure size of the resulting
|
||||
derivation. Note that the executables are only statically linked against their
|
||||
Haskell dependencies, but will still link dynamically against libc, GMP and
|
||||
other system library dependencies.
|
||||
|
||||
If a library or its dependencies use their Cabal-generated
|
||||
`Paths_*` module, this may not work as well if GHC's dead code elimination is
|
||||
unable to remove the references to the dependency's store path that module
|
||||
contains.
|
||||
As a consequence, an unused reference may be created from the static binary to such a _library_ store path.
|
||||
(See [nixpkgs#164630][164630] for more information.)
|
||||
|
||||
Importing the `Paths_*` module may cause builds to fail with this message:
|
||||
|
||||
```
|
||||
error: output '/nix/store/64k8iw0ryz76qpijsnl9v87fb26v28z8-my-haskell-package-1.0.0.0' is not allowed to refer to the following paths:
|
||||
/nix/store/5q5s4a07gaz50h04zpfbda8xjs8wrnhg-ghc-9.6.3
|
||||
```
|
||||
|
||||
If that happens, first disable the check for GHC references and rebuild the
|
||||
derivation:
|
||||
|
||||
```nix
|
||||
pkgs.haskell.lib.overrideCabal
|
||||
(pkgs.haskell.lib.justStaticExecutables my-haskell-package)
|
||||
(drv: {
|
||||
disallowGhcReference = false;
|
||||
})
|
||||
```
|
||||
|
||||
Then use `strings` to determine which libraries are responsible:
|
||||
|
||||
```
|
||||
$ nix-build ...
|
||||
$ strings result/bin/my-haskell-binary | grep /nix/store/
|
||||
...
|
||||
/nix/store/n7ciwdlg8yyxdhbrgd6yc2d8ypnwpmgq-hs-opentelemetry-sdk-0.0.3.6/bin
|
||||
...
|
||||
```
|
||||
|
||||
Finally, use `remove-references-to` to delete those store paths from the produced output:
|
||||
|
||||
```nix
|
||||
pkgs.haskell.lib.overrideCabal
|
||||
(pkgs.haskell.lib.justStaticExecutables my-haskell-package)
|
||||
(drv: {
|
||||
postInstall = ''
|
||||
${drv.postInstall or ""}
|
||||
remove-references-to -t ${pkgs.haskellPackages.hs-opentelemetry-sdk}
|
||||
'';
|
||||
})
|
||||
```
|
||||
|
||||
[164630]: https://github.com/NixOS/nixpkgs/issues/164630
|
||||
|
||||
`enableSeparateBinOutput drv`
|
||||
: Install executables produced by `drv` to a separate `bin` output. This
|
||||
|
|
|
@ -19,6 +19,7 @@ dotnet.section.md
|
|||
emscripten.section.md
|
||||
gnome.section.md
|
||||
go.section.md
|
||||
hare.section.md
|
||||
haskell.section.md
|
||||
hy.section.md
|
||||
idris.section.md
|
||||
|
|
|
@ -310,6 +310,71 @@ See `node2nix` [docs](https://github.com/svanderburg/node2nix) for more info.
|
|||
- `node2nix` has some [bugs](https://github.com/svanderburg/node2nix/issues/238) related to working with lock files from npm distributed with `nodejs_16`.
|
||||
- `node2nix` does not like missing packages from npm. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of npm.
|
||||
|
||||
### pnpm {#javascript-pnpm}
|
||||
|
||||
Pnpm is available as the top-level package `pnpm`. Additionally, there are variants pinned to certain major versions, like `pnpm_8` and `pnpm_9`, which support different sets of lock file versions.
|
||||
|
||||
When packaging an application that includes a `pnpm-lock.yaml`, you need to fetch the pnpm store for that project using a fixed-output-derivation. The functions `pnpm_8.fetchDeps` and `pnpm_9.fetchDeps` can create this pnpm store derivation. In conjunction, the setup hooks `pnpm_8.configHook` and `pnpm_9.configHook` will prepare the build environment to install the prefetched dependencies store. Here is an example for a package that contains a `package.json` and a `pnpm-lock.yaml` files using the above `pnpm_` attributes:
|
||||
|
||||
```nix
|
||||
{
|
||||
stdenv,
|
||||
nodejs,
|
||||
# This is pinned as { pnpm = pnpm_9; }
|
||||
pnpm
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "foo";
|
||||
version = "0-unstable-1980-01-01";
|
||||
|
||||
src = ...;
|
||||
|
||||
nativeBuildInputs = [
|
||||
nodejs
|
||||
pnpm.configHook
|
||||
];
|
||||
|
||||
pnpmDeps = pnpm.fetchDeps {
|
||||
inherit (finalAttrs) pname version src;
|
||||
hash = "...";
|
||||
};
|
||||
})
|
||||
```
|
||||
|
||||
NOTE: It is highly recommended to use a pinned version of pnpm (i.e. `pnpm_8` or `pnpm_9`), to increase future reproducibility. It might also be required to use an older version, if the package needs support for a certain lock file version.
|
||||
|
||||
In case you are patching `package.json` or `pnpm-lock.yaml`, make sure to pass `finalAttrs.patches` to the function as well (i.e. `inherit (finalAttrs) patches`.
|
||||
|
||||
#### Dealing with `sourceRoot` {#javascript-pnpm-sourceRoot}
|
||||
|
||||
NOTE: Nixpkgs pnpm tooling doesn't support building projects with a `pnpm-workspace.yaml`, or building monorepos. It maybe possible to use `pnpm.fetchDeps` for these projects, but it may be hard or impossible to produce a binary from such projects ([an example attempt](https://github.com/NixOS/nixpkgs/pull/290715#issuecomment-2144543728)).
|
||||
|
||||
If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchDeps`. Note, that projects using `pnpm-workspace.yaml` are currently not supported, and will probably not work using this approach.
|
||||
If `sourceRoot` is different between the parent derivation and `fetchDeps`, you will have to set `pnpmRoot` to effectively be the same location as it is in `fetchDeps`.
|
||||
|
||||
Assuming the following directory structure, we can define `sourceRoot` and `pnpmRoot` as follows:
|
||||
|
||||
```
|
||||
.
|
||||
├── frontend
|
||||
│ ├── ...
|
||||
│ ├── package.json
|
||||
│ └── pnpm-lock.yaml
|
||||
└── ...
|
||||
```
|
||||
|
||||
```nix
|
||||
...
|
||||
pnpmDeps = pnpm.fetchDeps {
|
||||
...
|
||||
sourceRoot = "${finalAttrs.src.name}/frontend";
|
||||
};
|
||||
|
||||
# by default the working directory is the extracted source
|
||||
pnpmRoot = "frontend";
|
||||
```
|
||||
|
||||
### yarn2nix {#javascript-yarn2nix}
|
||||
|
||||
#### Preparation {#javascript-yarn2nix-preparation}
|
||||
|
|
|
@ -31,8 +31,8 @@ Each interpreter has the following attributes:
|
|||
|
||||
### Building packages and applications {#building-packages-and-applications}
|
||||
|
||||
Python libraries and applications that use `setuptools` or
|
||||
`distutils` are typically built with respectively the [`buildPythonPackage`](#buildpythonpackage-function) and
|
||||
Python libraries and applications that use tools to follow PEP 517 (e.g. `setuptools` or `hatchling`, etc.) or
|
||||
previous tools such as `distutils` are typically built with respectively the [`buildPythonPackage`](#buildpythonpackage-function) and
|
||||
[`buildPythonApplication`](#buildpythonapplication-function) functions. These two functions also support installing a `wheel`.
|
||||
|
||||
All Python packages reside in `pkgs/top-level/python-packages.nix` and all
|
||||
|
@ -78,6 +78,7 @@ The following is an example:
|
|||
, fetchPypi
|
||||
|
||||
# build-system
|
||||
, setuptools
|
||||
, setuptools-scm
|
||||
|
||||
# dependencies
|
||||
|
@ -107,6 +108,7 @@ buildPythonPackage rec {
|
|||
'';
|
||||
|
||||
build-system = [
|
||||
setuptools
|
||||
setuptools-scm
|
||||
];
|
||||
|
||||
|
@ -134,13 +136,13 @@ buildPythonPackage rec {
|
|||
|
||||
The `buildPythonPackage` mainly does four things:
|
||||
|
||||
* In the [`buildPhase`](#build-phase), it calls `${python.pythonOnBuildForHost.interpreter} setup.py bdist_wheel` to
|
||||
* In the [`buildPhase`](#build-phase), it calls `${python.pythonOnBuildForHost.interpreter} -m build --wheel` to
|
||||
build a wheel binary zipfile.
|
||||
* In the [`installPhase`](#ssec-install-phase), it installs the wheel file using `pip install *.whl`.
|
||||
* In the [`installPhase`](#ssec-install-phase), it installs the wheel file using `${python.pythonOnBuildForHost.interpreter} -m installer *.whl`.
|
||||
* In the [`postFixup`](#var-stdenv-postFixup) phase, the `wrapPythonPrograms` bash function is called to
|
||||
wrap all programs in the `$out/bin/*` directory to include `$PATH`
|
||||
environment variable and add dependent libraries to script's `sys.path`.
|
||||
* In the [`installCheck`](#ssec-installCheck-phase) phase, `${python.interpreter} setup.py test` is run.
|
||||
* In the [`installCheck`](#ssec-installCheck-phase) phase, `${python.interpreter} -m pytest` is run.
|
||||
|
||||
By default tests are run because [`doCheck = true`](#var-stdenv-doCheck). Test dependencies, like
|
||||
e.g. the test runner, should be added to [`nativeCheckInputs`](#var-stdenv-nativeCheckInputs).
|
||||
|
@ -177,10 +179,6 @@ following are specific to `buildPythonPackage`:
|
|||
`makeWrapperArgs = ["--set FOO BAR" "--set BAZ QUX"]`.
|
||||
* `namePrefix`: Prepends text to `${name}` parameter. In case of libraries, this
|
||||
defaults to `"python3.8-"` for Python 3.8, etc., and in case of applications to `""`.
|
||||
* `pipInstallFlags ? []`: A list of strings. Arguments to be passed to `pip
|
||||
install`. To pass options to `python setup.py install`, use
|
||||
`--install-option`. E.g., `pipInstallFlags=["--install-option='--cpp_implementation'"]`.
|
||||
* `pipBuildFlags ? []`: A list of strings. Arguments to be passed to `pip wheel`.
|
||||
* `pypaBuildFlags ? []`: A list of strings. Arguments to be passed to `python -m build --wheel`.
|
||||
* `pythonPath ? []`: List of packages to be added into `$PYTHONPATH`. Packages
|
||||
in `pythonPath` are not propagated (contrary to [`propagatedBuildInputs`](#var-stdenv-propagatedBuildInputs)).
|
||||
|
@ -298,7 +296,6 @@ python3Packages.buildPythonApplication rec {
|
|||
|
||||
build-system = with python3Packages; [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
dependencies = with python3Packages; [
|
||||
|
@ -465,13 +462,11 @@ are used in [`buildPythonPackage`](#buildpythonpackage-function).
|
|||
with the `eggInstallHook`
|
||||
- `eggBuildHook` to skip building for eggs.
|
||||
- `eggInstallHook` to install eggs.
|
||||
- `pipBuildHook` to build a wheel using `pip` and PEP 517. Note a build system
|
||||
(e.g. `setuptools` or `flit`) should still be added as `build-system`.
|
||||
- `pypaBuildHook` to build a wheel using
|
||||
[`pypa/build`](https://pypa-build.readthedocs.io/en/latest/index.html) and
|
||||
PEP 517/518. Note a build system (e.g. `setuptools` or `flit`) should still
|
||||
be added as `build-system`.
|
||||
- `pipInstallHook` to install wheels.
|
||||
- `pypaInstallHook` to install wheels.
|
||||
- `pytestCheckHook` to run tests with `pytest`. See [example usage](#using-pytestcheckhook).
|
||||
- `pythonCatchConflictsHook` to fail if the package depends on two different versions of the same dependency.
|
||||
- `pythonImportsCheckHook` to check whether importing the listed modules works.
|
||||
|
@ -609,7 +604,8 @@ that sets up an interpreter pointing to them. This matters much more for "big"
|
|||
modules like `pytorch` or `tensorflow`.
|
||||
|
||||
Module names usually match their names on [pypi.org](https://pypi.org/), but
|
||||
you can use the [Nixpkgs search website](https://nixos.org/nixos/packages.html)
|
||||
normalized according to PEP 503/508. (e.g. Foo__Bar.baz -> foo-bar-baz)
|
||||
You can use the [Nixpkgs search website](https://nixos.org/nixos/packages.html)
|
||||
to find them as well (along with non-python packages).
|
||||
|
||||
At this point we can create throwaway experimental Python environments with
|
||||
|
@ -837,7 +833,6 @@ building Python libraries is [`buildPythonPackage`](#buildpythonpackage-function
|
|||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, setuptools
|
||||
, wheel
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
|
@ -852,7 +847,6 @@ buildPythonPackage rec {
|
|||
|
||||
build-system = [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
# has no tests
|
||||
|
@ -876,7 +870,7 @@ buildPythonPackage rec {
|
|||
What happens here? The function [`buildPythonPackage`](#buildpythonpackage-function) is called and as argument
|
||||
it accepts a set. In this case the set is a recursive set, `rec`. One of the
|
||||
arguments is the name of the package, which consists of a basename (generally
|
||||
following the name on PyPi) and a version. Another argument, `src` specifies the
|
||||
following the name on PyPI) and a version. Another argument, `src` specifies the
|
||||
source, which in this case is fetched from PyPI using the helper function
|
||||
`fetchPypi`. The argument `doCheck` is used to set whether tests should be run
|
||||
when building the package. Since there are no tests, we rely on [`pythonImportsCheck`](#using-pythonimportscheck)
|
||||
|
@ -911,7 +905,6 @@ with import <nixpkgs> {};
|
|||
|
||||
build-system = [
|
||||
python311.pkgs.setuptools
|
||||
python311.pkgs.wheel
|
||||
];
|
||||
|
||||
# has no tests
|
||||
|
@ -964,13 +957,13 @@ order to build [`datashape`](https://github.com/blaze/datashape).
|
|||
, fetchPypi
|
||||
|
||||
# build dependencies
|
||||
, setuptools, wheel
|
||||
, setuptools
|
||||
|
||||
# dependencies
|
||||
, numpy, multipledispatch, python-dateutil
|
||||
|
||||
# tests
|
||||
, pytest
|
||||
, pytestCheckHook
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
|
@ -985,7 +978,6 @@ buildPythonPackage rec {
|
|||
|
||||
build-system = [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
dependencies = [
|
||||
|
@ -995,7 +987,7 @@ buildPythonPackage rec {
|
|||
];
|
||||
|
||||
nativeCheckInputs = [
|
||||
pytest
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
meta = {
|
||||
|
@ -1008,8 +1000,8 @@ buildPythonPackage rec {
|
|||
```
|
||||
|
||||
We can see several runtime dependencies, `numpy`, `multipledispatch`, and
|
||||
`python-dateutil`. Furthermore, we have [`nativeCheckInputs`](#var-stdenv-nativeCheckInputs) with `pytest`.
|
||||
`pytest` is a test runner and is only used during the [`checkPhase`](#ssec-check-phase) and is
|
||||
`python-dateutil`. Furthermore, we have [`nativeCheckInputs`](#var-stdenv-nativeCheckInputs) with `pytestCheckHook`.
|
||||
`pytestCheckHook` is a test runner hook and is only used during the [`checkPhase`](#ssec-check-phase) and is
|
||||
therefore not added to `dependencies`.
|
||||
|
||||
In the previous case we had only dependencies on other Python packages to consider.
|
||||
|
@ -1022,7 +1014,6 @@ when building the bindings and are therefore added as [`buildInputs`](#var-stden
|
|||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, setuptools
|
||||
, wheel
|
||||
, libxml2
|
||||
, libxslt
|
||||
}:
|
||||
|
@ -1039,7 +1030,6 @@ buildPythonPackage rec {
|
|||
|
||||
build-system = [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
@ -1047,6 +1037,14 @@ buildPythonPackage rec {
|
|||
libxslt
|
||||
];
|
||||
|
||||
# tests are meant to be ran "in-place" in the same directory as src
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"lxml"
|
||||
"lxml.etree"
|
||||
];
|
||||
|
||||
meta = {
|
||||
changelog = "https://github.com/lxml/lxml/releases/tag/lxml-${version}";
|
||||
description = "Pythonic binding for the libxml2 and libxslt libraries";
|
||||
|
@ -1074,7 +1072,6 @@ therefore we have to set `LDFLAGS` and `CFLAGS`.
|
|||
|
||||
# build dependencies
|
||||
, setuptools
|
||||
, wheel
|
||||
|
||||
# dependencies
|
||||
, fftw
|
||||
|
@ -1085,7 +1082,7 @@ therefore we have to set `LDFLAGS` and `CFLAGS`.
|
|||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pyFFTW";
|
||||
pname = "pyfftw";
|
||||
version = "0.9.2";
|
||||
pyproject = true;
|
||||
|
||||
|
@ -1096,7 +1093,6 @@ buildPythonPackage rec {
|
|||
|
||||
build-system = [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
@ -1118,6 +1114,8 @@ buildPythonPackage rec {
|
|||
# Tests cannot import pyfftw. pyfftw works fine though.
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [ "pyfftw" ];
|
||||
|
||||
meta = {
|
||||
changelog = "https://github.com/pyFFTW/pyFFTW/releases/tag/v${version}";
|
||||
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
|
||||
|
@ -1133,10 +1131,8 @@ Note also the line [`doCheck = false;`](#var-stdenv-doCheck), we explicitly disa
|
|||
|
||||
It is highly encouraged to have testing as part of the package build. This
|
||||
helps to avoid situations where the package was able to build and install,
|
||||
but is not usable at runtime. Currently, all packages will use the `test`
|
||||
command provided by the setup.py (i.e. `python setup.py test`). However,
|
||||
this is currently deprecated https://github.com/pypa/setuptools/pull/1878
|
||||
and your package should provide its own [`checkPhase`](#ssec-check-phase).
|
||||
but is not usable at runtime.
|
||||
Your package should provide its own [`checkPhase`](#ssec-check-phase).
|
||||
|
||||
::: {.note}
|
||||
The [`checkPhase`](#ssec-check-phase) for python maps to the `installCheckPhase` on a
|
||||
|
@ -1207,9 +1203,11 @@ been removed, in this case, it's recommended to use `pytestCheckHook`.
|
|||
|
||||
#### Using pytestCheckHook {#using-pytestcheckhook}
|
||||
|
||||
`pytestCheckHook` is a convenient hook which will substitute the setuptools
|
||||
`test` command for a [`checkPhase`](#ssec-check-phase) which runs `pytest`. This is also beneficial
|
||||
`pytestCheckHook` is a convenient hook which will set up (or configure)
|
||||
a [`checkPhase`](#ssec-check-phase) to run `pytest`. This is also beneficial
|
||||
when a package may need many items disabled to run the test suite.
|
||||
Most packages use `pytest` or `unittest`, which is compatible with `pytest`,
|
||||
so you will most likely use `pytestCheckHook`.
|
||||
|
||||
Using the example above, the analogous `pytestCheckHook` usage would be:
|
||||
|
||||
|
@ -1364,10 +1362,12 @@ instead of a dev dependency).
|
|||
Keep in mind that while the examples above are done with `requirements.txt`,
|
||||
`pythonRelaxDepsHook` works by modifying the resulting wheel file, so it should
|
||||
work with any of the [existing hooks](#setup-hooks).
|
||||
It indicates that `pythonRelaxDepsHook` has no effect on build time dependencies, such as in `build-system`.
|
||||
If a package requires incompatible build time dependencies, they should be removed in `postPatch` with `substituteInPlace` or something similar.
|
||||
|
||||
#### Using unittestCheckHook {#using-unittestcheckhook}
|
||||
|
||||
`unittestCheckHook` is a hook which will substitute the setuptools `test` command for a [`checkPhase`](#ssec-check-phase) which runs `python -m unittest discover`:
|
||||
`unittestCheckHook` is a hook which will set up (or configure) a [`checkPhase`](#ssec-check-phase) to run `python -m unittest discover`:
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -1381,6 +1381,8 @@ work with any of the [existing hooks](#setup-hooks).
|
|||
}
|
||||
```
|
||||
|
||||
`pytest` is compatible with `unittest`, so in most cases you can use `pytestCheckHook` instead.
|
||||
|
||||
#### Using sphinxHook {#using-sphinxhook}
|
||||
|
||||
The `sphinxHook` is a helpful tool to build documentation and manpages
|
||||
|
@ -1459,7 +1461,6 @@ We first create a function that builds `toolz` in `~/path/to/toolz/release.nix`
|
|||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, setuptools
|
||||
, wheel
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
|
@ -1474,7 +1475,6 @@ buildPythonPackage rec {
|
|||
|
||||
build-system = [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
meta = {
|
||||
|
@ -1494,10 +1494,9 @@ with import <nixpkgs> {};
|
|||
|
||||
( let
|
||||
toolz = callPackage /path/to/toolz/release.nix {
|
||||
buildPythonPackage = python310
|
||||
Packages.buildPythonPackage;
|
||||
buildPythonPackage = python3Packages.buildPythonPackage;
|
||||
};
|
||||
in python310.withPackages (ps: [
|
||||
in python3.withPackages (ps: [
|
||||
ps.numpy
|
||||
toolz
|
||||
])
|
||||
|
@ -1918,6 +1917,8 @@ because we can only provide security support for non-vendored dependencies.
|
|||
We recommend [nix-init](https://github.com/nix-community/nix-init) for creating new python packages within nixpkgs,
|
||||
as it already prefetches the source, parses dependencies for common formats and prefills most things in `meta`.
|
||||
|
||||
See also [contributing section](#contributing).
|
||||
|
||||
### Are Python interpreters built deterministically? {#deterministic-builds}
|
||||
|
||||
The Python interpreters are now built deterministically. Minor modifications had
|
||||
|
@ -1935,16 +1936,15 @@ Both are also exported in `nix-shell`.
|
|||
It is recommended to test packages as part of the build process.
|
||||
Source distributions (`sdist`) often include test files, but not always.
|
||||
|
||||
By default the command `python setup.py test` is run as part of the
|
||||
[`checkPhase`](#ssec-check-phase), but often it is necessary to pass a custom [`checkPhase`](#ssec-check-phase). An
|
||||
example of such a situation is when `py.test` is used.
|
||||
The best practice today is to pass a test hook (e.g. pytestCheckHook, unittestCheckHook) into nativeCheckInputs.
|
||||
This will reconfigure the checkPhase to make use of that particular test framework.
|
||||
Occasionally packages don't make use of a common test framework, which may then require a custom checkPhase.
|
||||
|
||||
#### Common issues {#common-issues}
|
||||
|
||||
* Non-working tests can often be deselected. By default [`buildPythonPackage`](#buildpythonpackage-function)
|
||||
runs `python setup.py test`. which is deprecated. Most Python modules however
|
||||
do follow the standard test protocol where the pytest runner can be used
|
||||
instead. `pytest` supports the `-k` and `--ignore` parameters to ignore test
|
||||
* Non-working tests can often be deselected. Most Python modules
|
||||
do follow the standard test protocol where the pytest runner can be used.
|
||||
`pytest` supports the `-k` and `--ignore` parameters to ignore test
|
||||
methods or classes as well as whole files. For `pytestCheckHook` these are
|
||||
conveniently exposed as `disabledTests` and `disabledTestPaths` respectively.
|
||||
|
||||
|
@ -1985,14 +1985,25 @@ The following rules are desired to be respected:
|
|||
* Python applications live outside of `python-packages.nix` and are packaged
|
||||
with [`buildPythonApplication`](#buildpythonapplication-function).
|
||||
* Make sure libraries build for all Python interpreters.
|
||||
* By default we enable tests. Make sure the tests are found and, in the case of
|
||||
If it fails to build on some Python versions, consider disabling them by setting `disable = pythonAtLeast "3.x"` along with a comment.
|
||||
* The two parameters, `pyproject` and `build-system` are set to avoid the legacy setuptools/distutils build.
|
||||
* Only unversioned attributes (e.g. `pydantic`, but not `pypdantic_1`) can be included in `dependencies`,
|
||||
since due to `PYTHONPATH` limitations we can only ever support a single version for libraries
|
||||
without running into duplicate module name conflicts.
|
||||
* The version restrictions of `dependencies` can be relaxed by [`pythonRelaxDepsHook`](#using-pythonrelaxdepshook).
|
||||
* Make sure the tests are enabled using for example [`pytestCheckHook`](#using-pytestcheckhook) and, in the case of
|
||||
libraries, are passing for all interpreters. If certain tests fail they can be
|
||||
disabled individually. Try to avoid disabling the tests altogether. In any
|
||||
case, when you disable tests, leave a comment explaining why.
|
||||
* `pythonImportsCheck` is set. This is still a good smoke test even if `pytestCheckHook` is set.
|
||||
* `meta.platforms` takes the default value in many cases.
|
||||
It does not need to be set explicitly unless the package requires a specific platform.
|
||||
* The file is formatted with `nixfmt-rfc-style`.
|
||||
* Commit names of Python libraries should reflect that they are Python
|
||||
libraries, so write for example `python311Packages.numpy: 1.11 -> 1.12`.
|
||||
It is highly recommended to specify the current default version to enable
|
||||
automatic build by ofborg.
|
||||
Note that `pythonPackages` is an alias for `python27Packages`.
|
||||
* Attribute names in `python-packages.nix` as well as `pname`s should match the
|
||||
library's name on PyPI, but be normalized according to [PEP
|
||||
0503](https://www.python.org/dev/peps/pep-0503/#normalized-names). This means
|
||||
|
@ -2006,6 +2017,8 @@ The following rules are desired to be respected:
|
|||
* Attribute names in `python-packages.nix` should be sorted alphanumerically to
|
||||
avoid merge conflicts and ease locating attributes.
|
||||
|
||||
This list is useful for reviewers as well as for self-checking when submitting packages.
|
||||
|
||||
## Package set maintenance {#python-package-set-maintenance}
|
||||
|
||||
The whole Python package set has a lot of packages that do not see regular
|
||||
|
|
|
@ -254,7 +254,7 @@ By default, it takes the `stdenv.hostPlatform.config` and replaces components
|
|||
where they are known to differ. But there are ways to customize the argument:
|
||||
|
||||
- To choose a different target by name, define
|
||||
`stdenv.hostPlatform.rustc.config` as that name (a string), and that
|
||||
`stdenv.hostPlatform.rust.rustcTarget` as that name (a string), and that
|
||||
name will be used instead.
|
||||
|
||||
For example:
|
||||
|
@ -262,7 +262,7 @@ where they are known to differ. But there are ways to customize the argument:
|
|||
```nix
|
||||
import <nixpkgs> {
|
||||
crossSystem = (import <nixpkgs/lib>).systems.examples.armhf-embedded // {
|
||||
rustc.config = "thumbv7em-none-eabi";
|
||||
rust.rustcTarget = "thumbv7em-none-eabi";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
@ -274,10 +274,10 @@ where they are known to differ. But there are ways to customize the argument:
|
|||
```
|
||||
|
||||
- To pass a completely custom target, define
|
||||
`stdenv.hostPlatform.rustc.config` with its name, and
|
||||
`stdenv.hostPlatform.rustc.platform` with the value. The value will be
|
||||
`stdenv.hostPlatform.rust.rustcTarget` with its name, and
|
||||
`stdenv.hostPlatform.rust.platform` with the value. The value will be
|
||||
serialized to JSON in a file called
|
||||
`${stdenv.hostPlatform.rustc.config}.json`, and the path of that file
|
||||
`${stdenv.hostPlatform.rust.rustcTarget}.json`, and the path of that file
|
||||
will be used instead.
|
||||
|
||||
For example:
|
||||
|
@ -285,8 +285,8 @@ where they are known to differ. But there are ways to customize the argument:
|
|||
```nix
|
||||
import <nixpkgs> {
|
||||
crossSystem = (import <nixpkgs/lib>).systems.examples.armhf-embedded // {
|
||||
rustc.config = "thumb-crazy";
|
||||
rustc.platform = { foo = ""; bar = ""; };
|
||||
rust.rustcTarget = "thumb-crazy";
|
||||
rust.platform = { foo = ""; bar = ""; };
|
||||
};
|
||||
}
|
||||
```
|
||||
|
|
|
@ -40,31 +40,29 @@ pkgs.linux_latest.override {
|
|||
## Manual kernel configuration {#sec-manual-kernel-configuration}
|
||||
|
||||
Sometimes it may not be desirable to use kernels built with `pkgs.buildLinux`, especially if most of the common configuration has to be altered or disabled to achieve a kernel as expected by the target use case.
|
||||
An example of this is building a kernel for use in a VM or micro VM. You can use `pkgs.linuxManualConfig` in these cases. It requires the `src`, `version`, and `configfile` attributes to be specified.
|
||||
An example of this is building a kernel for use in a VM or micro VM. You can use `pkgs.linuxPackages_custom` in these cases. It requires the `src`, `version`, and `configfile` attributes to be specified.
|
||||
|
||||
:::{.example #ex-using-linux-manual-config}
|
||||
|
||||
# Using `pkgs.linuxManualConfig` with a specific source, version, and config file
|
||||
# Using `pkgs.linuxPackages_custom` with a specific source, version, and config file
|
||||
|
||||
```nix
|
||||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
pkgs.linuxPackages_custom {
|
||||
version = "6.1.55";
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${version}.tar.xz";
|
||||
hash = "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8";
|
||||
};
|
||||
configfile = ./path_to_config_file;
|
||||
linux = pkgs.linuxManualConfig {
|
||||
inherit version src configfile;
|
||||
allowImportFromDerivation = true;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
If necessary, the version string can be slightly modified to explicitly mark it as a custom version. If you do so, ensure the `modDirVersion` attribute matches the source's version, otherwise the build will fail.
|
||||
|
||||
```nix
|
||||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
pkgs.linuxPackages_custom {
|
||||
version = "6.1.55-custom";
|
||||
modDirVersion = "6.1.55";
|
||||
src = pkgs.fetchurl {
|
||||
|
@ -72,16 +70,12 @@ If necessary, the version string can be slightly modified to explicitly mark it
|
|||
hash = "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8";
|
||||
};
|
||||
configfile = ./path_to_config_file;
|
||||
linux = pkgs.linuxManualConfig {
|
||||
inherit version modDirVersion src configfile;
|
||||
allowImportFromDerivation = true;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
:::
|
||||
|
||||
Additional attributes can be used with `linuxManualConfig` for further customisation. You're encouraged to read [the `pkgs.linuxManualConfig` source code](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/manual-config.nix) to understand how to use them.
|
||||
Additional attributes can be used with `linuxManualConfig` for further customisation instead of `linuxPackages_custom`. You're encouraged to read [the `pkgs.linuxManualConfig` source code](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/manual-config.nix) to understand how to use them.
|
||||
|
||||
To edit the `.config` file for Linux X.Y from within Nix, proceed as follows:
|
||||
|
||||
|
|
1
third_party/nixpkgs/doc/stdenv.md
vendored
1
third_party/nixpkgs/doc/stdenv.md
vendored
|
@ -3,6 +3,7 @@
|
|||
```{=include=} chapters
|
||||
stdenv/stdenv.chapter.md
|
||||
stdenv/meta.chapter.md
|
||||
stdenv/passthru.chapter.md
|
||||
stdenv/multiple-output.chapter.md
|
||||
stdenv/cross-compilation.chapter.md
|
||||
stdenv/platform-notes.chapter.md
|
||||
|
|
77
third_party/nixpkgs/doc/stdenv/meta.chapter.md
vendored
77
third_party/nixpkgs/doc/stdenv/meta.chapter.md
vendored
|
@ -110,83 +110,6 @@ Some packages use this to automatically detect the maximum set of features with
|
|||
For example, `systemd` [requires dynamic linking](https://github.com/systemd/systemd/issues/20600#issuecomment-912338965), and [has a `meta.badPlatforms` setting](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/pkgs/os-specific/linux/systemd/default.nix#L752) similar to the one above.
|
||||
Packages which can be built with or without `systemd` support will use `lib.meta.availableOn` to detect whether or not `systemd` is available on the [`hostPlatform`](#ssec-cross-platform-parameters) for which they are being built; if it is not available (e.g. due to a statically-linked host platform like `pkgsStatic`) this support will be disabled by default.
|
||||
|
||||
### `tests` {#var-meta-tests}
|
||||
|
||||
::: {.warning}
|
||||
This attribute is special in that it is not actually under the `meta` attribute set but rather under the `passthru` attribute set. This is due to how `meta` attributes work, and the fact that they are supposed to contain only metadata, not derivations.
|
||||
:::
|
||||
|
||||
An attribute set with tests as values. A test is a derivation that builds when the test passes and fails to build otherwise.
|
||||
|
||||
You can run these tests with:
|
||||
|
||||
```ShellSession
|
||||
$ cd path/to/nixpkgs
|
||||
$ nix-build -A your-package.tests
|
||||
```
|
||||
|
||||
#### Package tests {#var-meta-tests-packages}
|
||||
|
||||
Tests that are part of the source package are often executed in the `installCheckPhase`.
|
||||
|
||||
Prefer `passthru.tests` for tests that are introduced in nixpkgs because:
|
||||
|
||||
* `passthru.tests` tests the 'real' package, independently from the environment in which it was built
|
||||
* we can run `passthru.tests` independently
|
||||
* `installCheckPhase` adds overhead to each build
|
||||
|
||||
For more on how to write and run package tests, see [](#sec-package-tests).
|
||||
|
||||
#### NixOS tests {#var-meta-tests-nixos}
|
||||
|
||||
The NixOS tests are available as `nixosTests` in parameters of derivations. For instance, the OpenSMTPD derivation includes lines similar to:
|
||||
|
||||
```nix
|
||||
{ /* ... , */ nixosTests }:
|
||||
{
|
||||
# ...
|
||||
passthru.tests = {
|
||||
basic-functionality-and-dovecot-integration = nixosTests.opensmtpd;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
NixOS tests run in a VM, so they are slower than regular package tests. For more information see [NixOS module tests](https://nixos.org/manual/nixos/stable/#sec-nixos-tests).
|
||||
|
||||
Alternatively, you can specify other derivations as tests. You can make use of
|
||||
the optional parameter to inject the correct package without
|
||||
relying on non-local definitions, even in the presence of `overrideAttrs`.
|
||||
Here that's `finalAttrs.finalPackage`, but you could choose a different name if
|
||||
`finalAttrs` already exists in your scope.
|
||||
|
||||
`(mypkg.overrideAttrs f).passthru.tests` will be as expected, as long as the
|
||||
definition of `tests` does not rely on the original `mypkg` or overrides it in
|
||||
all places.
|
||||
|
||||
```nix
|
||||
# my-package/default.nix
|
||||
{ stdenv, callPackage }:
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
# ...
|
||||
passthru.tests.example = callPackage ./example.nix { my-package = finalAttrs.finalPackage; };
|
||||
})
|
||||
```
|
||||
|
||||
```nix
|
||||
# my-package/example.nix
|
||||
{ runCommand, lib, my-package, ... }:
|
||||
runCommand "my-package-test" {
|
||||
nativeBuildInputs = [ my-package ];
|
||||
src = lib.sources.sourcesByRegex ./. [ ".*.in" ".*.expected" ];
|
||||
} ''
|
||||
my-package --help
|
||||
my-package <example.in >example.actual
|
||||
diff -U3 --color=auto example.expected example.actual
|
||||
mkdir $out
|
||||
''
|
||||
```
|
||||
|
||||
|
||||
### `timeout` {#var-meta-timeout}
|
||||
|
||||
A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, Hydra will fail it due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`.
|
||||
|
|
157
third_party/nixpkgs/doc/stdenv/passthru.chapter.md
vendored
Normal file
157
third_party/nixpkgs/doc/stdenv/passthru.chapter.md
vendored
Normal file
|
@ -0,0 +1,157 @@
|
|||
# Passthru-attributes {#chap-passthru}
|
||||
[]{#var-stdenv-passthru} []{#special-variables} <!-- legacy anchors -->
|
||||
|
||||
As opposed to most other `mkDerivation` input attributes, `passthru` is not passed to the derivation's [`builder` executable](https://nixos.org/manual/nix/stable/expressions/derivations.html#attr-builder).
|
||||
Changing it will not trigger a rebuild – it is "passed through".
|
||||
Its value can be accessed as if it was set inside a derivation.
|
||||
|
||||
::: {.note}
|
||||
`passthru` attributes follow no particular schema, but there are a few [conventional patterns](#sec-common-passthru-attributes).
|
||||
:::
|
||||
|
||||
:::{.example #ex-accessing-passthru}
|
||||
|
||||
## Setting and accessing `passthru` attributes
|
||||
|
||||
```nix
|
||||
{ stdenv, fetchGit }:
|
||||
let
|
||||
hello = stdenv.mkDerivation {
|
||||
pname = "hello";
|
||||
src = fetchGit { /* ... */ };
|
||||
|
||||
passthru = {
|
||||
foo = "bar";
|
||||
baz = {
|
||||
value1 = 4;
|
||||
value2 = 5;
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
hello.baz.value1
|
||||
```
|
||||
|
||||
```
|
||||
4
|
||||
```
|
||||
:::
|
||||
|
||||
## Common `passthru`-attributes {#sec-common-passthru-attributes}
|
||||
|
||||
Many `passthru` attributes are situational, so this section only lists recurring patterns.
|
||||
They fall in one of these categories:
|
||||
|
||||
- Global conventions, which are applied almost universally in Nixpkgs.
|
||||
|
||||
Generally these don't entail any special support built into the derivation they belong to.
|
||||
Common examples of this type are [`passthru.tests`](#var-passthru-tests) and [`passthru.updateScript`](#var-passthru-updateScript).
|
||||
|
||||
- Conventions for adding extra functionality to a derivation.
|
||||
|
||||
These tend to entail support from the derivation or the `passthru` attribute in question.
|
||||
Common examples of this type are `passthru.optional-dependencies`, `passthru.withPlugins`, and `passthru.withPackages`.
|
||||
All of those allow associating the package with a set of components built for that specific package, such as when building Python runtime environments using (`python.withPackages`)[#python.withpackages-function].
|
||||
|
||||
Attributes that apply only to particular [build helpers](#part-builders) or [language ecosystems](#chap-language-support) are documented there.
|
||||
|
||||
### `passthru.tests` {#var-passthru-tests}
|
||||
[]{#var-meta-tests} <!-- legacy anchor -->
|
||||
|
||||
An attribute set with tests as values.
|
||||
A test is a derivation that builds when the test passes and fails to build otherwise.
|
||||
|
||||
Run these tests with:
|
||||
|
||||
```ShellSession
|
||||
$ cd path/to/nixpkgs
|
||||
$ nix-build -A your-package.tests
|
||||
```
|
||||
|
||||
:::{.note}
|
||||
The Nixpkgs systems for continuous integration [Hydra](https://hydra.nixos.org/) and [`nixpkgs-review`](https://github.com/Mic92/nixpkgs-review) don't build these derivations by default, and ([`@ofborg`](https://github.com/NixOS/ofborg)) only builds them when evaluating pull requests for that particular package, or when manually instructed.
|
||||
:::
|
||||
|
||||
#### Package tests {#var-passthru-tests-packages}
|
||||
[]{#var-meta-tests-packages} <!-- legacy anchor -->
|
||||
|
||||
Tests that are part of the source package, if they run quickly, are typically executed in the [`installCheckPhase`](#var-stdenv-phases).
|
||||
This phase is also suitable for performing a `--version` test for packages that support such flag.
|
||||
Most programs distributed by Nixpkgs support such a `--version` flag, and successfully calling the program with that flag indicates that the package at least got compiled properly.
|
||||
|
||||
:::{.example #ex-checking-build-installCheckPhase}
|
||||
|
||||
## Checking builds with `installCheckPhase`
|
||||
|
||||
When building `git`, a rudimentary test for successful compilation would be running `git --version`:
|
||||
|
||||
```nix
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "git";
|
||||
version = "1.2.3";
|
||||
# ...
|
||||
doInstallCheck = true;
|
||||
installCheckPhase = ''
|
||||
runHook preInstallCheck
|
||||
echo checking if 'git --version' mentions ${finalAttrs.version}
|
||||
$out/bin/git --version | grep ${finalAttrs.version}
|
||||
runHook postInstallCheck
|
||||
'';
|
||||
# ...
|
||||
})
|
||||
```
|
||||
:::
|
||||
|
||||
However, tests that are non-trivial will better fit into `passthru.tests` because they:
|
||||
|
||||
- Access the package as consumers would, independently from the environment in which it was built
|
||||
- Can be run and debugged without rebuilding the package, which is useful if that takes a long time
|
||||
- Don't add overhad to each build, as opposed to `installCheckPhase`
|
||||
|
||||
It is also possible to use `passthru.tests` to test the version with [`testVersion`](#tester-testVersion).
|
||||
|
||||
<!-- NOTE(@fricklerhandwerk): one may argue whether that testing guide should rather be in the user's manual -->
|
||||
For more on how to write and run package tests for Nixpkgs, see the [testing section in the package contributor guide](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#package-tests).
|
||||
|
||||
#### NixOS tests {#var-passthru-tests-nixos}
|
||||
[]{#var-meta-tests-nixos} <!-- legacy anchor -->
|
||||
|
||||
Tests written for NixOS are available as the `nixosTests` argument to package recipes.
|
||||
For instance, the [OpenSMTPD derivation](https://search.nixos.org/packages?show=opensmtpd) includes lines similar to:
|
||||
|
||||
```nix
|
||||
{ nixosTests, ... }:
|
||||
{
|
||||
# ...
|
||||
passthru.tests = {
|
||||
basic-functionality-and-dovecot-integration = nixosTests.opensmtpd;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
NixOS tests run in a virtual machine (VM), so they are slower than regular package tests.
|
||||
For more information see the NixOS manual on [NixOS module tests](https://nixos.org/manual/nixos/stable/#sec-nixos-tests).
|
||||
|
||||
### `passthru.updateScript` {#var-passthru-updateScript}
|
||||
<!-- legacy anchors -->
|
||||
[]{#var-passthru-updateScript-command}
|
||||
[]{#var-passthru-updateScript-set-command}
|
||||
[]{#var-passthru-updateScript-set-attrPath}
|
||||
[]{#var-passthru-updateScript-set-supportedFeatures}
|
||||
[]{#var-passthru-updateScript-env-UPDATE_NIX_NAME}
|
||||
[]{#var-passthru-updateScript-env-UPDATE_NIX_PNAME}
|
||||
[]{#var-passthru-updateScript-env-UPDATE_NIX_OLD_VERSION}
|
||||
[]{#var-passthru-updateScript-env-UPDATE_NIX_ATTR_PATH}
|
||||
[]{#var-passthru-updateScript-execution}
|
||||
[]{#var-passthru-updateScript-supported-features}
|
||||
[]{#var-passthru-updateScript-commit}
|
||||
[]{#var-passthru-updateScript-commit-attrPath}
|
||||
[]{#var-passthru-updateScript-commit-oldVersion}
|
||||
[]{#var-passthru-updateScript-commit-newVersion}
|
||||
[]{#var-passthru-updateScript-commit-files}
|
||||
[]{#var-passthru-updateScript-commit-commitBody}
|
||||
[]{#var-passthru-updateScript-commit-commitMessage}
|
||||
[]{#var-passthru-updateScript-example-commit}
|
||||
|
||||
Nixpkgs tries to automatically update all packages that have an `passthru.updateScript` attribute.
|
||||
See the [section on automatic package updates in the package contributor guide](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#automatic-package-updates) for details.
|
165
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
165
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -442,145 +442,6 @@ If set to `true`, `stdenv` will pass specific flags to `make` and other build to
|
|||
|
||||
Unless set to `false`, some build systems with good support for parallel building including `cmake`, `meson`, and `qmake` will set it to `true`.
|
||||
|
||||
### Special variables {#special-variables}
|
||||
|
||||
#### `passthru` {#var-stdenv-passthru}
|
||||
|
||||
This is an attribute set which can be filled with arbitrary values. For example:
|
||||
|
||||
```nix
|
||||
{
|
||||
passthru = {
|
||||
foo = "bar";
|
||||
baz = {
|
||||
value1 = 4;
|
||||
value2 = 5;
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
Values inside it are not passed to the builder, so you can change them without triggering a rebuild. However, they can be accessed outside of a derivation directly, as if they were set inside a derivation itself, e.g. `hello.baz.value1`. We don’t specify any usage or schema of `passthru` - it is meant for values that would be useful outside the derivation in other parts of a Nix expression (e.g. in other derivations). An example would be to convey some specific dependency of your derivation which contains a program with plugins support. Later, others who make derivations with plugins can use passed-through dependency to ensure that their plugin would be binary-compatible with built program.
|
||||
|
||||
#### `passthru.updateScript` {#var-passthru-updateScript}
|
||||
|
||||
A script to be run by `maintainers/scripts/update.nix` when the package is matched. The attribute can contain one of the following:
|
||||
|
||||
- []{#var-passthru-updateScript-command} an executable file, either on the file system:
|
||||
|
||||
```nix
|
||||
{
|
||||
passthru.updateScript = ./update.sh;
|
||||
}
|
||||
```
|
||||
|
||||
or inside the expression itself:
|
||||
|
||||
```nix
|
||||
{
|
||||
passthru.updateScript = writeScript "update-zoom-us" ''
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl pcre2 common-updater-scripts
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
version="$(curl -sI https://zoom.us/client/latest/zoom_x86_64.tar.xz | grep -Fi 'Location:' | pcre2grep -o1 '/(([0-9]\.?)+)/')"
|
||||
update-source-version zoom-us "$version"
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
- a list, a script followed by arguments to be passed to it:
|
||||
|
||||
```nix
|
||||
{
|
||||
passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ];
|
||||
}
|
||||
```
|
||||
|
||||
- an attribute set containing:
|
||||
- [`command`]{#var-passthru-updateScript-set-command} – a string or list in the [format expected by `passthru.updateScript`](#var-passthru-updateScript-command).
|
||||
- [`attrPath`]{#var-passthru-updateScript-set-attrPath} (optional) – a string containing the canonical attribute path for the package. If present, it will be passed to the update script instead of the attribute path on which the package was discovered during Nixpkgs traversal.
|
||||
- [`supportedFeatures`]{#var-passthru-updateScript-set-supportedFeatures} (optional) – a list of the [extra features](#var-passthru-updateScript-supported-features) the script supports.
|
||||
|
||||
```nix
|
||||
{
|
||||
passthru.updateScript = {
|
||||
command = [ ../../update.sh pname ];
|
||||
attrPath = pname;
|
||||
supportedFeatures = [ /* ... */ ];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
::: {.tip}
|
||||
A common pattern is to use the [`nix-update-script`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/common-updater/nix-update.nix) attribute provided in Nixpkgs, which runs [`nix-update`](https://github.com/Mic92/nix-update):
|
||||
|
||||
```nix
|
||||
{
|
||||
passthru.updateScript = nix-update-script { };
|
||||
}
|
||||
```
|
||||
|
||||
For simple packages, this is often enough, and will ensure that the package is updated automatically by [`nixpkgs-update`](https://ryantm.github.io/nixpkgs-update) when a new version is released. The [update bot](https://nix-community.org/update-bot) runs periodically to attempt to automatically update packages, and will run `passthru.updateScript` if set. While not strictly necessary if the project is listed on [Repology](https://repology.org), using `nix-update-script` allows the package to update via many more sources (e.g. GitHub releases).
|
||||
:::
|
||||
|
||||
##### How update scripts are executed? {#var-passthru-updateScript-execution}
|
||||
|
||||
Update scripts are to be invoked by `maintainers/scripts/update.nix` script. You can run `nix-shell maintainers/scripts/update.nix` in the root of Nixpkgs repository for information on how to use it. `update.nix` offers several modes for selecting packages to update (e.g. select by attribute path, traverse Nixpkgs and filter by maintainer, etc.), and it will execute update scripts for all matched packages that have an `updateScript` attribute.
|
||||
|
||||
Each update script will be passed the following environment variables:
|
||||
|
||||
- [`UPDATE_NIX_NAME`]{#var-passthru-updateScript-env-UPDATE_NIX_NAME} – content of the `name` attribute of the updated package.
|
||||
- [`UPDATE_NIX_PNAME`]{#var-passthru-updateScript-env-UPDATE_NIX_PNAME} – content of the `pname` attribute of the updated package.
|
||||
- [`UPDATE_NIX_OLD_VERSION`]{#var-passthru-updateScript-env-UPDATE_NIX_OLD_VERSION} – content of the `version` attribute of the updated package.
|
||||
- [`UPDATE_NIX_ATTR_PATH`]{#var-passthru-updateScript-env-UPDATE_NIX_ATTR_PATH} – attribute path the `update.nix` discovered the package on (or the [canonical `attrPath`](#var-passthru-updateScript-set-attrPath) when available). Example: `pantheon.elementary-terminal`
|
||||
|
||||
::: {.note}
|
||||
An update script will be usually run from the root of the Nixpkgs repository but you should not rely on that. Also note that `update.nix` executes update scripts in parallel by default so you should avoid running `git commit` or any other commands that cannot handle that.
|
||||
:::
|
||||
|
||||
::: {.tip}
|
||||
While update scripts should not create commits themselves, `maintainers/scripts/update.nix` supports automatically creating commits when running it with `--argstr commit true`. If you need to customize commit message, you can have the update script implement [`commit`](#var-passthru-updateScript-commit) feature.
|
||||
:::
|
||||
|
||||
##### Supported features {#var-passthru-updateScript-supported-features}
|
||||
###### `commit` {#var-passthru-updateScript-commit}
|
||||
|
||||
This feature allows update scripts to *ask* `update.nix` to create Git commits.
|
||||
|
||||
When support of this feature is declared, whenever the update script exits with `0` return status, it is expected to print a JSON list containing an object described below for each updated attribute to standard output.
|
||||
|
||||
When `update.nix` is run with `--argstr commit true` arguments, it will create a separate commit for each of the objects. An empty list can be returned when the script did not update any files, for example, when the package is already at the latest version.
|
||||
|
||||
The commit object contains the following values:
|
||||
|
||||
- [`attrPath`]{#var-passthru-updateScript-commit-attrPath} – a string containing attribute path.
|
||||
- [`oldVersion`]{#var-passthru-updateScript-commit-oldVersion} – a string containing old version.
|
||||
- [`newVersion`]{#var-passthru-updateScript-commit-newVersion} – a string containing new version.
|
||||
- [`files`]{#var-passthru-updateScript-commit-files} – a non-empty list of file paths (as strings) to add to the commit.
|
||||
- [`commitBody`]{#var-passthru-updateScript-commit-commitBody} (optional) – a string with extra content to be appended to the default commit message (useful for adding changelog links).
|
||||
- [`commitMessage`]{#var-passthru-updateScript-commit-commitMessage} (optional) – a string to use instead of the default commit message.
|
||||
|
||||
If the returned array contains exactly one object (e.g. `[{}]`), all values are optional and will be determined automatically.
|
||||
|
||||
::: {.example #var-passthru-updateScript-example-commit}
|
||||
# Standard output of an update script using commit feature
|
||||
|
||||
```json
|
||||
[
|
||||
{
|
||||
"attrPath": "volume_key",
|
||||
"oldVersion": "0.3.11",
|
||||
"newVersion": "0.3.12",
|
||||
"files": [
|
||||
"/path/to/nixpkgs/pkgs/development/libraries/volume-key/default.nix"
|
||||
]
|
||||
}
|
||||
]
|
||||
```
|
||||
:::
|
||||
|
||||
### Fixed-point arguments of `mkDerivation` {#mkderivation-recursive-attributes}
|
||||
|
||||
If you pass a function to `mkDerivation`, it will receive as its argument the final arguments, including the overrides when reinvoked via `overrideAttrs`. For example:
|
||||
|
@ -633,7 +494,7 @@ in pkg
|
|||
|
||||
Unlike the `pkg` binding in the above example, the `finalAttrs` parameter always references the final attributes. For instance `(pkg.overrideAttrs(x)).finalAttrs.finalPackage` is identical to `pkg.overrideAttrs(x)`, whereas `(pkg.overrideAttrs(x)).original` is the same as the original `pkg`.
|
||||
|
||||
See also the section about [`passthru.tests`](#var-meta-tests).
|
||||
See also the section about [`passthru.tests`](#var-passthru-tests).
|
||||
|
||||
## Phases {#sec-stdenv-phases}
|
||||
|
||||
|
@ -1145,7 +1006,7 @@ This setup works as follows:
|
|||
The installCheck phase checks whether the package was installed correctly by running its test suite against the installed directories. The default `installCheck` calls `make installcheck`.
|
||||
|
||||
It is often better to add tests that are not part of the source distribution to `passthru.tests` (see
|
||||
[](#var-meta-tests)). This avoids adding overhead to every build and enables us to run them independently.
|
||||
[](#var-passthru-tests)). This avoids adding overhead to every build and enables us to run them independently.
|
||||
|
||||
#### Variables controlling the installCheck phase {#variables-controlling-the-installcheck-phase}
|
||||
|
||||
|
@ -1558,6 +1419,8 @@ Both parameters take a list of flags as strings. The special `"all"` flag can be
|
|||
|
||||
For more in-depth information on these hardening flags and hardening in general, refer to the [Debian Wiki](https://wiki.debian.org/Hardening), [Ubuntu Wiki](https://wiki.ubuntu.com/Security/Features), [Gentoo Wiki](https://wiki.gentoo.org/wiki/Project:Hardened), and the [Arch Wiki](https://wiki.archlinux.org/title/Security).
|
||||
|
||||
Note that support for some hardening flags varies by compiler, CPU architecture, target OS and libc. Combinations of these that don't support a particular hardening flag will silently ignore attempts to enable it. To see exactly which hardening flags are being employed in any invocation, the `NIX_DEBUG` environment variable can be used.
|
||||
|
||||
### Hardening flags enabled by default {#sec-hardening-flags-enabled-by-default}
|
||||
|
||||
The following flags are enabled by default and might require disabling with `hardeningDisable` if the program to package is incompatible.
|
||||
|
@ -1607,6 +1470,16 @@ installwatch.c:3751:5: error: conflicting types for '__open_2'
|
|||
fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
|
||||
```
|
||||
|
||||
Disabling `fortify` implies disablement of `fortify3`
|
||||
|
||||
#### `fortify3` {#fortify3}
|
||||
|
||||
Adds the `-O2 -D_FORTIFY_SOURCE=3` compiler options. This expands the cases that can be protected by fortify-checks to include some situations with dynamic-length buffers whose length can be inferred at runtime using compiler hints.
|
||||
|
||||
Enabling this flag implies enablement of `fortify`. Disabling this flag does not imply disablement of `fortify`.
|
||||
|
||||
This flag can sometimes conflict with a build-system's own attempts at enabling fortify support and result in errors complaining about `redefinition of _FORTIFY_SOURCE`.
|
||||
|
||||
#### `pic` {#pic}
|
||||
|
||||
Adds the `-fPIC` compiler options. This options adds support for position independent code in shared libraries and thus making ASLR possible.
|
||||
|
@ -1655,6 +1528,16 @@ Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Execut
|
|||
Static libraries need to be compiled with `-fPIE` so that executables can link them in with the `-pie` linker option.
|
||||
If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
|
||||
|
||||
#### `zerocallusedregs` {#zerocallusedregs}
|
||||
|
||||
Adds the `-fzero-call-used-regs=used-gpr` compiler option. This causes the general-purpose registers that an architecture's calling convention considers "call-used" to be zeroed on return from the function. This can make it harder for attackers to construct useful ROP gadgets and also reduces the chance of data leakage from a function call.
|
||||
|
||||
#### `trivialautovarinit` {#trivialautovarinit}
|
||||
|
||||
Adds the `-ftrivial-auto-var-init=pattern` compiler option. This causes "trivially-initializable" uninitialized stack variables to be forcibly initialized with a nonzero value that is likely to cause a crash (and therefore be noticed). Uninitialized variables generally take on their values based on fragments of previous program state, and attackers can carefully manipulate that state to craft malicious initial values for these variables.
|
||||
|
||||
Use of this flag is controversial as it can prevent tools that detect uninitialized variable use (such as valgrind) from operating correctly.
|
||||
|
||||
[^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
|
||||
[^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
|
||||
[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency.
|
||||
|
|
22
third_party/nixpkgs/flake.nix
vendored
22
third_party/nixpkgs/flake.nix
vendored
|
@ -5,14 +5,15 @@
|
|||
|
||||
outputs = { self }:
|
||||
let
|
||||
jobs = import ./pkgs/top-level/release.nix {
|
||||
nixpkgs = self;
|
||||
};
|
||||
|
||||
libVersionInfoOverlay = import ./lib/flake-version-info.nix self;
|
||||
lib = (import ./lib).extend libVersionInfoOverlay;
|
||||
|
||||
forAllSystems = lib.genAttrs lib.systems.flakeExposed;
|
||||
|
||||
jobs = forAllSystems (system: import ./pkgs/top-level/release.nix {
|
||||
nixpkgs = self;
|
||||
inherit system;
|
||||
});
|
||||
in
|
||||
{
|
||||
lib = lib.extend (final: prev: {
|
||||
|
@ -43,12 +44,15 @@
|
|||
);
|
||||
});
|
||||
|
||||
checks.x86_64-linux = {
|
||||
tarball = jobs.tarball;
|
||||
checks = forAllSystems (system: {
|
||||
tarball = jobs.${system}.tarball;
|
||||
# Exclude power64 due to "libressl is not available on the requested hostPlatform" with hostPlatform being power64
|
||||
} // lib.optionalAttrs (self.legacyPackages.${system}.stdenv.isLinux && !self.legacyPackages.${system}.targetPlatform.isPower64) {
|
||||
# Test that ensures that the nixosSystem function can accept a lib argument
|
||||
# Note: prefer not to extend or modify `lib`, especially if you want to share reusable modules
|
||||
# alternatives include: `import` a file, or put a custom library in an option or in `_module.args.<libname>`
|
||||
nixosSystemAcceptsLib = (self.lib.nixosSystem {
|
||||
pkgs = self.legacyPackages.${system};
|
||||
lib = self.lib.extend (final: prev: {
|
||||
ifThisFunctionIsMissingTheTestFails = final.id;
|
||||
});
|
||||
|
@ -64,13 +68,13 @@
|
|||
})
|
||||
];
|
||||
}).config.system.build.toplevel;
|
||||
};
|
||||
});
|
||||
|
||||
htmlDocs = {
|
||||
nixpkgsManual = jobs.manual;
|
||||
nixpkgsManual = builtins.mapAttrs (_: jobSet: jobSet.manual) jobs;
|
||||
nixosManual = (import ./nixos/release-small.nix {
|
||||
nixpkgs = self;
|
||||
}).nixos.manual.x86_64-linux;
|
||||
}).nixos.manual;
|
||||
};
|
||||
|
||||
# The "legacy" in `legacyPackages` doesn't imply that the packages exposed
|
||||
|
|
6
third_party/nixpkgs/lib/licenses.nix
vendored
6
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -362,6 +362,12 @@ in mkLicense lset) ({
|
|||
fullName = "Creative Commons Attribution Share Alike 4.0";
|
||||
};
|
||||
|
||||
cc-sa-10 = {
|
||||
shortName = "CC-SA-1.0";
|
||||
fullName = "Creative Commons Share Alike 1.0";
|
||||
url = "https://creativecommons.org/licenses/sa/1.0";
|
||||
};
|
||||
|
||||
cddl = {
|
||||
spdxId = "CDDL-1.0";
|
||||
fullName = "Common Development and Distribution License 1.0";
|
||||
|
|
2
third_party/nixpkgs/lib/systems/default.nix
vendored
2
third_party/nixpkgs/lib/systems/default.nix
vendored
|
@ -81,7 +81,7 @@ let
|
|||
&& final.parsed.kernel == platform.parsed.kernel;
|
||||
isCompatible = _: throw "2022-05-23: isCompatible has been removed in favor of canExecute, refer to the 22.11 changelog for details";
|
||||
# Derived meta-data
|
||||
useLLVM = final.isFreeBSD;
|
||||
useLLVM = final.isFreeBSD || final.isOpenBSD;
|
||||
|
||||
libc =
|
||||
/**/ if final.isDarwin then "libSystem"
|
||||
|
|
6
third_party/nixpkgs/lib/systems/examples.nix
vendored
6
third_party/nixpkgs/lib/systems/examples.nix
vendored
|
@ -59,7 +59,7 @@ rec {
|
|||
|
||||
armv7a-android-prebuilt = {
|
||||
config = "armv7a-unknown-linux-androideabi";
|
||||
rustc.config = "armv7-linux-androideabi";
|
||||
rust.rustcTarget = "armv7-linux-androideabi";
|
||||
sdkVer = "28";
|
||||
ndkVer = "24";
|
||||
useAndroidPrebuilt = true;
|
||||
|
@ -67,7 +67,7 @@ rec {
|
|||
|
||||
aarch64-android-prebuilt = {
|
||||
config = "aarch64-unknown-linux-android";
|
||||
rustc.config = "aarch64-linux-android";
|
||||
rust.rustcTarget = "aarch64-linux-android";
|
||||
sdkVer = "28";
|
||||
ndkVer = "24";
|
||||
useAndroidPrebuilt = true;
|
||||
|
@ -207,7 +207,7 @@ rec {
|
|||
aarch64-embedded = {
|
||||
config = "aarch64-none-elf";
|
||||
libc = "newlib";
|
||||
rustc.config = "aarch64-unknown-none";
|
||||
rust.rustcTarget = "aarch64-unknown-none";
|
||||
};
|
||||
|
||||
aarch64be-embedded = {
|
||||
|
|
|
@ -16,12 +16,12 @@
|
|||
"armv6l-linux"
|
||||
"armv7l-linux"
|
||||
"i686-linux"
|
||||
"mipsel-linux"
|
||||
# "mipsel-linux" is excluded because it is not bootstrapped
|
||||
|
||||
# Other platforms with sufficient support in stdenv which is not formally
|
||||
# mandated by their platform tier.
|
||||
"aarch64-darwin"
|
||||
"armv5tel-linux"
|
||||
# "armv5tel-linux" is excluded because it is not bootstrapped
|
||||
"powerpc64le-linux"
|
||||
"riscv64-linux"
|
||||
|
||||
|
|
|
@ -535,11 +535,9 @@ rec {
|
|||
name = "riscv-multiplatform";
|
||||
target = "Image";
|
||||
autoModules = true;
|
||||
preferBuiltin = true;
|
||||
baseConfig = "defconfig";
|
||||
DTB = true;
|
||||
extraConfig = ''
|
||||
SERIAL_OF_PLATFORM y
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
4
third_party/nixpkgs/lib/tests/release.nix
vendored
4
third_party/nixpkgs/lib/tests/release.nix
vendored
|
@ -24,7 +24,9 @@ in
|
|||
#
|
||||
# https://github.com/NixOS/nixpkgs/issues/272591
|
||||
#
|
||||
[(import ../../pkgs/test/release {})]
|
||||
[(import ../../pkgs/test/release {
|
||||
inherit pkgs lib nix;
|
||||
})]
|
||||
;
|
||||
|
||||
}
|
||||
|
|
62
third_party/nixpkgs/lib/trivial.nix
vendored
62
third_party/nixpkgs/lib/trivial.nix
vendored
|
@ -403,7 +403,7 @@ in {
|
|||
On each release the first letter is bumped and a new animal is chosen
|
||||
starting with that new letter.
|
||||
*/
|
||||
codeName = "Vicuña";
|
||||
codeName = "Vicuna";
|
||||
|
||||
/**
|
||||
Returns the current nixpkgs version suffix as string.
|
||||
|
@ -623,6 +623,37 @@ in {
|
|||
/**
|
||||
Reads a JSON file.
|
||||
|
||||
# Examples
|
||||
:::{.example}
|
||||
## `lib.trivial.importJSON` usage example
|
||||
|
||||
example.json
|
||||
```json
|
||||
{
|
||||
"title": "Example JSON",
|
||||
"hello": {
|
||||
"world": "foo",
|
||||
"bar": {
|
||||
"foobar": true
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
```nix
|
||||
importJSON ./example.json
|
||||
=> {
|
||||
title = "Example JSON";
|
||||
hello = {
|
||||
world = "foo";
|
||||
bar = {
|
||||
foobar = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
:::
|
||||
|
||||
# Inputs
|
||||
|
||||
|
@ -642,6 +673,35 @@ in {
|
|||
/**
|
||||
Reads a TOML file.
|
||||
|
||||
# Examples
|
||||
:::{.example}
|
||||
## `lib.trivial.importTOML` usage example
|
||||
|
||||
example.toml
|
||||
```toml
|
||||
title = "TOML Example"
|
||||
|
||||
[hello]
|
||||
world = "foo"
|
||||
|
||||
[hello.bar]
|
||||
foobar = true
|
||||
```
|
||||
|
||||
```nix
|
||||
importTOML ./example.toml
|
||||
=> {
|
||||
title = "TOML Example";
|
||||
hello = {
|
||||
world = "foo";
|
||||
bar = {
|
||||
foobar = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
:::
|
||||
|
||||
# Inputs
|
||||
|
||||
|
|
2349
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
2349
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
File diff suppressed because it is too large
Load diff
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env nix-shell
|
||||
#! nix-shell -i perl -p perl perlPackages.NetAmazonS3 perlPackages.FileSlurp perlPackages.JSON perlPackages.LWPProtocolHttps nixUnstable nixUnstable.perl-bindings
|
||||
#! nix-shell -i perl -p perl perlPackages.NetAmazonS3 perlPackages.FileSlurp perlPackages.JSON perlPackages.LWPProtocolHttps nix nix.perl-bindings
|
||||
|
||||
# This command uploads tarballs to tarballs.nixos.org, the
|
||||
# content-addressed cache used by fetchurl as a fallback for when
|
||||
|
|
|
@ -27,8 +27,13 @@ import utils
|
|||
),
|
||||
default=pathlib.Path(__file__).parent.parent.parent.parent
|
||||
)
|
||||
def main(repo_metadata: pathlib.Path, nixpkgs: pathlib.Path):
|
||||
metadata = utils.KDERepoMetadata.from_repo_metadata_checkout(repo_metadata)
|
||||
@click.option(
|
||||
"--unstable",
|
||||
default=False,
|
||||
is_flag=True
|
||||
)
|
||||
def main(repo_metadata: pathlib.Path, nixpkgs: pathlib.Path, unstable: bool):
|
||||
metadata = utils.KDERepoMetadata.from_repo_metadata_checkout(repo_metadata, unstable)
|
||||
out_dir = nixpkgs / "pkgs/kde/generated"
|
||||
metadata.write_json(out_dir)
|
||||
|
||||
|
|
|
@ -104,7 +104,7 @@ class KDERepoMetadata:
|
|||
return project
|
||||
|
||||
@classmethod
|
||||
def from_repo_metadata_checkout(cls, repo_metadata: pathlib.Path):
|
||||
def from_repo_metadata_checkout(cls, repo_metadata: pathlib.Path, unstable=False):
|
||||
projects = [
|
||||
Project.from_yaml(metadata_file)
|
||||
for metadata_file in repo_metadata.glob("projects-invent/**/metadata.yaml")
|
||||
|
@ -122,29 +122,32 @@ class KDERepoMetadata:
|
|||
dep_graph={},
|
||||
)
|
||||
|
||||
dep_specs = ["dependency-data-stable-kf6-qt6"]
|
||||
dep_graph = collections.defaultdict(set)
|
||||
|
||||
for spec in dep_specs:
|
||||
spec_path = repo_metadata / "dependencies" / spec
|
||||
for line in spec_path.open():
|
||||
line = line.strip()
|
||||
if line.startswith("#"):
|
||||
continue
|
||||
if not line:
|
||||
continue
|
||||
if unstable:
|
||||
spec_name = "dependency-data-kf6-qt6"
|
||||
else:
|
||||
spec_name = "dependency-data-stable-kf6-qt6"
|
||||
|
||||
dependent, dependency = line.split(": ")
|
||||
spec_path = repo_metadata / "dependencies" / spec_name
|
||||
for line in spec_path.open():
|
||||
line = line.strip()
|
||||
if line.startswith("#"):
|
||||
continue
|
||||
if not line:
|
||||
continue
|
||||
|
||||
dependent = self.try_lookup_package(dependent)
|
||||
if dependent is None:
|
||||
continue
|
||||
dependent, dependency = line.split(": ")
|
||||
|
||||
dependency = self.try_lookup_package(dependency)
|
||||
if dependency is None:
|
||||
continue
|
||||
dependent = self.try_lookup_package(dependent)
|
||||
if dependent is None:
|
||||
continue
|
||||
|
||||
dep_graph[dependent].add(dependency)
|
||||
dependency = self.try_lookup_package(dependency)
|
||||
if dependency is None:
|
||||
continue
|
||||
|
||||
dep_graph[dependent].add(dependency)
|
||||
|
||||
self.dep_graph = dep_graph
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
name,rockspec,ref,server,version,luaversion,maintainers
|
||||
alt-getopt,,,,,,arobyn
|
||||
ansicolors,,,,,,Freed-Wu
|
||||
bit32,,,,5.3.0-1,5.1,lblasc
|
||||
argparse,,,,,,
|
||||
basexx,,,,,,
|
||||
|
@ -76,6 +77,7 @@ lualdap,,,,,,aanderse
|
|||
lualogging,,,,,,
|
||||
luaossl,,,,,5.1,
|
||||
luaposix,,,,34.1.1-1,,vyp lblasc
|
||||
luaprompt,,,,,,Freed-Wu
|
||||
luarepl,,,,,,
|
||||
luarocks,,,,,,mrcjkb teto
|
||||
luarocks-build-rust-mlua,,,,,,mrcjkb
|
||||
|
@ -98,6 +100,7 @@ luuid,,,,20120509-2,,
|
|||
luv,,,,1.44.2-1,,
|
||||
lush.nvim,,,https://luarocks.org/dev,,,teto
|
||||
lyaml,,,,,,lblasc
|
||||
lz.n,,,,,,mrcjkb
|
||||
magick,,,,,5.1,donovanglover
|
||||
markdown,,,,,,
|
||||
mediator_lua,,,,,,
|
||||
|
|
|
|
@ -788,7 +788,10 @@ def update_plugins(editor: Editor, args):
|
|||
fetch_config = FetchConfig(args.proc, args.github_token)
|
||||
update = editor.get_update(args.input_file, args.outfile, fetch_config)
|
||||
|
||||
start_time = time.time()
|
||||
redirects = update()
|
||||
duration = time.time() - start_time
|
||||
print(f"The plugin update took {duration}s.")
|
||||
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, redirects)
|
||||
|
||||
autocommit = not args.no_commit
|
||||
|
|
186
third_party/nixpkgs/maintainers/team-list.nix
vendored
186
third_party/nixpkgs/maintainers/team-list.nix
vendored
|
@ -1,4 +1,5 @@
|
|||
/* List of maintainer teams.
|
||||
/*
|
||||
List of maintainer teams.
|
||||
name = {
|
||||
# Required
|
||||
members = [ maintainer1 maintainer2 ];
|
||||
|
@ -25,10 +26,11 @@
|
|||
* keep the list alphabetically sorted
|
||||
* test the validity of the format with:
|
||||
nix-build lib/tests/teams.nix
|
||||
*/
|
||||
*/
|
||||
|
||||
{ lib }:
|
||||
with lib.maintainers; {
|
||||
with lib.maintainers;
|
||||
{
|
||||
acme = {
|
||||
members = [
|
||||
aanderse
|
||||
|
@ -67,9 +69,7 @@ with lib.maintainers; {
|
|||
minijackson
|
||||
yurrriq
|
||||
];
|
||||
githubTeams = [
|
||||
"beam"
|
||||
];
|
||||
githubTeams = [ "beam" ];
|
||||
scope = "Maintain BEAM-related packages and modules.";
|
||||
shortName = "BEAM";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -95,9 +95,7 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
budgie = {
|
||||
members = [
|
||||
bobby285271
|
||||
];
|
||||
members = [ bobby285271 ];
|
||||
scope = "Maintain Budgie desktop environment";
|
||||
shortName = "Budgie";
|
||||
};
|
||||
|
@ -144,9 +142,7 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
cloudposse = {
|
||||
members = [
|
||||
dudymas
|
||||
];
|
||||
members = [ dudymas ];
|
||||
scope = "Maintain atmos and applications made by the Cloud Posse team.";
|
||||
shortName = "CloudPosse";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -178,12 +174,8 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
darwin = {
|
||||
members = [
|
||||
toonn
|
||||
];
|
||||
githubTeams = [
|
||||
"darwin-maintainers"
|
||||
];
|
||||
members = [ toonn ];
|
||||
githubTeams = [ "darwin-maintainers" ];
|
||||
scope = "Maintain Darwin compatibility of packages and Darwin-only packages.";
|
||||
shortName = "Darwin";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -213,9 +205,7 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
deepin = {
|
||||
members = [
|
||||
rewine
|
||||
];
|
||||
members = [ rewine ];
|
||||
scope = "Maintain deepin desktop environment and related packages.";
|
||||
shortName = "DDE";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -262,29 +252,21 @@ with lib.maintainers; {
|
|||
|
||||
docs = {
|
||||
members = [ ];
|
||||
githubTeams = [
|
||||
"documentation-team"
|
||||
];
|
||||
githubTeams = [ "documentation-team" ];
|
||||
scope = "Maintain nixpkgs/NixOS documentation and tools for building it.";
|
||||
shortName = "Docs";
|
||||
enableFeatureFreezePing = true;
|
||||
};
|
||||
|
||||
emacs = {
|
||||
members = [
|
||||
adisbladis
|
||||
];
|
||||
members = [ adisbladis ];
|
||||
scope = "Maintain the Emacs editor and packages.";
|
||||
shortName = "Emacs";
|
||||
};
|
||||
|
||||
enlightenment = {
|
||||
members = [
|
||||
romildo
|
||||
];
|
||||
githubTeams = [
|
||||
"enlightenment"
|
||||
];
|
||||
members = [ romildo ];
|
||||
githubTeams = [ "enlightenment" ];
|
||||
scope = "Maintain Enlightenment desktop environment and related packages.";
|
||||
shortName = "Enlightenment";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -303,7 +285,12 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
flutter = {
|
||||
members = [ mkg20001 RossComputerGuy FlafyDev hacker1024 ];
|
||||
members = [
|
||||
mkg20001
|
||||
RossComputerGuy
|
||||
FlafyDev
|
||||
hacker1024
|
||||
];
|
||||
scope = "Maintain Flutter and Dart-related packages and build tools";
|
||||
shortName = "flutter";
|
||||
enableFeatureFreezePing = false;
|
||||
|
@ -373,9 +360,7 @@ with lib.maintainers; {
|
|||
sikmir
|
||||
willcohen
|
||||
];
|
||||
githubTeams = [
|
||||
"geospatial"
|
||||
];
|
||||
githubTeams = [ "geospatial" ];
|
||||
scope = "Maintain geospatial packages.";
|
||||
shortName = "Geospatial";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -400,9 +385,7 @@ with lib.maintainers; {
|
|||
qbit
|
||||
mfrw
|
||||
];
|
||||
githubTeams = [
|
||||
"golang"
|
||||
];
|
||||
githubTeams = [ "golang" ];
|
||||
scope = "Maintain Golang compilers.";
|
||||
shortName = "Go";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -415,9 +398,7 @@ with lib.maintainers; {
|
|||
jtojnar
|
||||
dasj19
|
||||
];
|
||||
githubTeams = [
|
||||
"gnome"
|
||||
];
|
||||
githubTeams = [ "gnome" ];
|
||||
scope = "Maintain GNOME desktop environment and platform.";
|
||||
shortName = "GNOME";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -443,9 +424,7 @@ with lib.maintainers; {
|
|||
ncfavier
|
||||
sternenseemann
|
||||
];
|
||||
githubTeams = [
|
||||
"haskell"
|
||||
];
|
||||
githubTeams = [ "haskell" ];
|
||||
scope = "Maintain Haskell packages and infrastructure.";
|
||||
shortName = "Haskell";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -472,9 +451,7 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
infisical = {
|
||||
members = [
|
||||
akhilmhdh
|
||||
];
|
||||
members = [ akhilmhdh ];
|
||||
scope = "Maintain Infisical";
|
||||
shortName = "Infisical";
|
||||
};
|
||||
|
@ -568,9 +545,7 @@ with lib.maintainers; {
|
|||
uthar
|
||||
hraban
|
||||
];
|
||||
githubTeams = [
|
||||
"lisp"
|
||||
];
|
||||
githubTeams = [ "lisp" ];
|
||||
scope = "Maintain the Lisp ecosystem.";
|
||||
shortName = "lisp";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -586,18 +561,14 @@ with lib.maintainers; {
|
|||
rrbutani
|
||||
sternenseemann
|
||||
];
|
||||
githubTeams = [
|
||||
"llvm"
|
||||
];
|
||||
githubTeams = [ "llvm" ];
|
||||
scope = "Maintain LLVM package sets and related packages";
|
||||
shortName = "LLVM";
|
||||
enableFeatureFreezePing = true;
|
||||
};
|
||||
|
||||
lomiri = {
|
||||
members = [
|
||||
OPNA2608
|
||||
];
|
||||
members = [ OPNA2608 ];
|
||||
scope = "Maintain Lomiri desktop environment and related packages.";
|
||||
shortName = "Lomiri";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -614,21 +585,15 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
lua = {
|
||||
githubTeams = [
|
||||
"lua"
|
||||
];
|
||||
githubTeams = [ "lua" ];
|
||||
scope = "Maintain the lua ecosystem.";
|
||||
shortName = "lua";
|
||||
enableFeatureFreezePing = true;
|
||||
};
|
||||
|
||||
lumina = {
|
||||
members = [
|
||||
romildo
|
||||
];
|
||||
githubTeams = [
|
||||
"lumina"
|
||||
];
|
||||
members = [ romildo ];
|
||||
githubTeams = [ "lumina" ];
|
||||
scope = "Maintain lumina desktop environment and related packages.";
|
||||
shortName = "Lumina";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -647,12 +612,8 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
lxqt = {
|
||||
members = [
|
||||
romildo
|
||||
];
|
||||
githubTeams = [
|
||||
"lxqt"
|
||||
];
|
||||
members = [ romildo ];
|
||||
githubTeams = [ "lxqt" ];
|
||||
scope = "Maintain LXQt desktop environment and related packages.";
|
||||
shortName = "LXQt";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -717,9 +678,7 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
mobile = {
|
||||
members = [
|
||||
samueldr
|
||||
];
|
||||
members = [ samueldr ];
|
||||
scope = "Maintain Mobile NixOS.";
|
||||
shortName = "Mobile";
|
||||
};
|
||||
|
@ -766,21 +725,15 @@ with lib.maintainers; {
|
|||
};
|
||||
|
||||
ocaml = {
|
||||
members = [
|
||||
alizter
|
||||
];
|
||||
githubTeams = [
|
||||
"ocaml"
|
||||
];
|
||||
members = [ alizter ];
|
||||
githubTeams = [ "ocaml" ];
|
||||
scope = "Maintain the OCaml compiler and package set.";
|
||||
shortName = "OCaml";
|
||||
enableFeatureFreezePing = true;
|
||||
};
|
||||
|
||||
openstack = {
|
||||
members = [
|
||||
SuperSandro2000
|
||||
];
|
||||
members = [ SuperSandro2000 ];
|
||||
scope = "Maintain the ecosystem around OpenStack";
|
||||
shortName = "OpenStack";
|
||||
};
|
||||
|
@ -801,18 +754,14 @@ with lib.maintainers; {
|
|||
davidak
|
||||
bobby285271
|
||||
];
|
||||
githubTeams = [
|
||||
"pantheon"
|
||||
];
|
||||
githubTeams = [ "pantheon" ];
|
||||
scope = "Maintain Pantheon desktop environment and platform.";
|
||||
shortName = "Pantheon";
|
||||
enableFeatureFreezePing = true;
|
||||
};
|
||||
|
||||
perl = {
|
||||
members = [
|
||||
sgo
|
||||
];
|
||||
members = [ sgo ];
|
||||
scope = "Maintain the Perl interpreter and Perl packages.";
|
||||
shortName = "Perl";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -826,9 +775,7 @@ with lib.maintainers; {
|
|||
patka
|
||||
talyz
|
||||
];
|
||||
githubTeams = [
|
||||
"php"
|
||||
];
|
||||
githubTeams = [ "php" ];
|
||||
scope = "Maintain PHP related packages and extensions.";
|
||||
shortName = "PHP";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -839,17 +786,13 @@ with lib.maintainers; {
|
|||
saschagrunert
|
||||
vdemeester
|
||||
];
|
||||
githubTeams = [
|
||||
"podman"
|
||||
];
|
||||
githubTeams = [ "podman" ];
|
||||
scope = "Maintain Podman and CRI-O related packages and modules.";
|
||||
shortName = "Podman";
|
||||
};
|
||||
|
||||
postgres = {
|
||||
members = [
|
||||
thoughtpolice
|
||||
];
|
||||
members = [ thoughtpolice ];
|
||||
scope = "Maintain the PostgreSQL package and plugins along with the NixOS module.";
|
||||
shortName = "PostgreSQL";
|
||||
};
|
||||
|
@ -858,7 +801,7 @@ with lib.maintainers; {
|
|||
members = [
|
||||
hexa
|
||||
jonringer
|
||||
tjni
|
||||
natsukium
|
||||
];
|
||||
scope = "Maintain the Python interpreter and related packages.";
|
||||
shortName = "Python";
|
||||
|
@ -875,9 +818,7 @@ with lib.maintainers; {
|
|||
SuperSandro2000
|
||||
ttuegel
|
||||
];
|
||||
githubTeams = [
|
||||
"qt-kde"
|
||||
];
|
||||
githubTeams = [ "qt-kde" ];
|
||||
scope = "Maintain the Qt framework, KDE application suite, Plasma desktop environment and related projects.";
|
||||
shortName = "Qt / KDE";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -907,9 +848,7 @@ with lib.maintainers; {
|
|||
|
||||
release = {
|
||||
members = [ ];
|
||||
githubTeams = [
|
||||
"nixos-release-managers"
|
||||
];
|
||||
githubTeams = [ "nixos-release-managers" ];
|
||||
scope = "Manage the current nixpkgs/NixOS release.";
|
||||
shortName = "Release";
|
||||
};
|
||||
|
@ -920,16 +859,13 @@ with lib.maintainers; {
|
|||
Flakebi
|
||||
mschwaig
|
||||
];
|
||||
githubTeams = [
|
||||
"rocm-maintainers"
|
||||
];
|
||||
githubTeams = [ "rocm-maintainers" ];
|
||||
scope = "Maintain ROCm and related packages.";
|
||||
shortName = "ROCm";
|
||||
};
|
||||
|
||||
ruby = {
|
||||
members = [
|
||||
];
|
||||
members = [ ];
|
||||
scope = "Maintain the Ruby interpreter and related packages.";
|
||||
shortName = "Ruby";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -943,9 +879,7 @@ with lib.maintainers; {
|
|||
winter
|
||||
zowoq
|
||||
];
|
||||
githubTeams = [
|
||||
"rust"
|
||||
];
|
||||
githubTeams = [ "rust" ];
|
||||
scope = "Maintain the Rust compiler toolchain and nixpkgs integration.";
|
||||
shortName = "Rust";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -962,6 +896,12 @@ with lib.maintainers; {
|
|||
shortName = "SageMath";
|
||||
};
|
||||
|
||||
sdl = {
|
||||
members = [ ];
|
||||
scope = "Maintain SDL libraries.";
|
||||
shortName = "SDL";
|
||||
};
|
||||
|
||||
sphinx = {
|
||||
members = [ ];
|
||||
scope = "Maintain Sphinx related packages.";
|
||||
|
@ -970,9 +910,7 @@ with lib.maintainers; {
|
|||
|
||||
serokell = {
|
||||
# Verify additions by approval of an already existing member of the team.
|
||||
members = [
|
||||
balsoft
|
||||
];
|
||||
members = [ balsoft ];
|
||||
scope = "Group registration for Serokell employees who collectively maintain packages.";
|
||||
shortName = "Serokell employees";
|
||||
};
|
||||
|
@ -991,27 +929,21 @@ with lib.maintainers; {
|
|||
|
||||
systemd = {
|
||||
members = [ ];
|
||||
githubTeams = [
|
||||
"systemd"
|
||||
];
|
||||
githubTeams = [ "systemd" ];
|
||||
scope = "Maintain systemd for NixOS.";
|
||||
shortName = "systemd";
|
||||
enableFeatureFreezePing = true;
|
||||
};
|
||||
|
||||
tests = {
|
||||
members = [
|
||||
tfc
|
||||
];
|
||||
members = [ tfc ];
|
||||
scope = "Maintain the NixOS VM test runner.";
|
||||
shortName = "NixOS tests";
|
||||
enableFeatureFreezePing = true;
|
||||
};
|
||||
|
||||
tts = {
|
||||
members = [
|
||||
mic92
|
||||
];
|
||||
members = [ mic92 ];
|
||||
scope = "coqui-ai TTS (formerly Mozilla TTS) and leaf packages";
|
||||
shortName = "coqui-ai TTS";
|
||||
};
|
||||
|
|
|
@ -30,7 +30,7 @@ $ export \
|
|||
```
|
||||
|
||||
The second mechanism is to add the OpenCL driver package to
|
||||
[](#opt-hardware.opengl.extraPackages).
|
||||
[](#opt-hardware.graphics.extraPackages).
|
||||
This links the ICD file under `/run/opengl-driver`, where it will be visible
|
||||
to the ICD loader.
|
||||
|
||||
|
@ -51,12 +51,12 @@ Platform Vendor Advanced Micro Devices, Inc.
|
|||
Modern AMD [Graphics Core
|
||||
Next](https://en.wikipedia.org/wiki/Graphics_Core_Next) (GCN) GPUs are
|
||||
supported through the rocmPackages.clr.icd package. Adding this package to
|
||||
[](#opt-hardware.opengl.extraPackages)
|
||||
[](#opt-hardware.graphics.extraPackages)
|
||||
enables OpenCL support:
|
||||
|
||||
```nix
|
||||
{
|
||||
hardware.opengl.extraPackages = [
|
||||
hardware.graphics.extraPackages = [
|
||||
rocmPackages.clr.icd
|
||||
];
|
||||
}
|
||||
|
@ -71,13 +71,13 @@ intel-compute-runtime package. The proprietary Intel OpenCL runtime, in
|
|||
the intel-ocl package, is an alternative for Gen7 GPUs.
|
||||
|
||||
The intel-compute-runtime or intel-ocl package can be added to
|
||||
[](#opt-hardware.opengl.extraPackages)
|
||||
[](#opt-hardware.graphics.extraPackages)
|
||||
to enable OpenCL support. For example, for Gen8 and later GPUs, the following
|
||||
configuration can be used:
|
||||
|
||||
```nix
|
||||
{
|
||||
hardware.opengl.extraPackages = [
|
||||
hardware.graphics.extraPackages = [
|
||||
intel-compute-runtime
|
||||
];
|
||||
}
|
||||
|
@ -90,8 +90,8 @@ compute API for GPUs. It is used directly by games or indirectly though
|
|||
compatibility layers like
|
||||
[DXVK](https://github.com/doitsujin/dxvk/wiki).
|
||||
|
||||
By default, if [](#opt-hardware.opengl.driSupport)
|
||||
is enabled, mesa is installed and provides Vulkan for supported hardware.
|
||||
By default, if [](#opt-hardware.graphics.enable)
|
||||
is enabled, Mesa is installed and provides Vulkan for supported hardware.
|
||||
|
||||
Similar to OpenCL, Vulkan drivers are loaded through the *Installable
|
||||
Client Driver* (ICD) mechanism. ICD files for Vulkan are JSON files that
|
||||
|
@ -110,7 +110,7 @@ $ export \
|
|||
```
|
||||
|
||||
The second mechanism is to add the Vulkan driver package to
|
||||
[](#opt-hardware.opengl.extraPackages).
|
||||
[](#opt-hardware.graphics.extraPackages).
|
||||
This links the ICD file under `/run/opengl-driver`, where it will be
|
||||
visible to the ICD loader.
|
||||
|
||||
|
@ -140,18 +140,18 @@ Modern AMD [Graphics Core
|
|||
Next](https://en.wikipedia.org/wiki/Graphics_Core_Next) (GCN) GPUs are
|
||||
supported through either radv, which is part of mesa, or the amdvlk
|
||||
package. Adding the amdvlk package to
|
||||
[](#opt-hardware.opengl.extraPackages)
|
||||
[](#opt-hardware.graphics.extraPackages)
|
||||
makes amdvlk the default driver and hides radv and lavapipe from the device list.
|
||||
A specific driver can be forced as follows:
|
||||
|
||||
```nix
|
||||
{
|
||||
hardware.opengl.extraPackages = [
|
||||
hardware.graphics.extraPackages = [
|
||||
pkgs.amdvlk
|
||||
];
|
||||
|
||||
# To enable Vulkan support for 32-bit applications, also add:
|
||||
hardware.opengl.extraPackages32 = [
|
||||
hardware.graphics.extraPackages32 = [
|
||||
pkgs.driversi686Linux.amdvlk
|
||||
];
|
||||
|
||||
|
@ -171,7 +171,7 @@ graphics hardware acceleration capabilities for video processing.
|
|||
|
||||
VA-API drivers are loaded by `libva`. The version in nixpkgs is built to search
|
||||
the opengl driver path, so drivers can be installed in
|
||||
[](#opt-hardware.opengl.extraPackages).
|
||||
[](#opt-hardware.graphics.extraPackages).
|
||||
|
||||
VA-API can be tested using:
|
||||
|
||||
|
@ -185,7 +185,7 @@ Modern Intel GPUs use the iHD driver, which can be installed with:
|
|||
|
||||
```nix
|
||||
{
|
||||
hardware.opengl.extraPackages = [
|
||||
hardware.graphics.extraPackages = [
|
||||
intel-media-driver
|
||||
];
|
||||
}
|
||||
|
@ -195,7 +195,7 @@ Older Intel GPUs use the i965 driver, which can be installed with:
|
|||
|
||||
```nix
|
||||
{
|
||||
hardware.opengl.extraPackages = [
|
||||
hardware.graphics.extraPackages = [
|
||||
intel-vaapi-driver
|
||||
];
|
||||
}
|
||||
|
|
|
@ -79,7 +79,7 @@ Wine, you should also set the following:
|
|||
|
||||
```nix
|
||||
{
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
hardware.graphics.enable32Bit = true;
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -183,23 +183,6 @@ If you have an older card, you may have to use one of the legacy drivers:
|
|||
You may need to reboot after enabling this driver to prevent a clash
|
||||
with other kernel modules.
|
||||
|
||||
## Proprietary AMD drivers {#sec-x11--graphics-cards-amd}
|
||||
|
||||
AMD provides a proprietary driver for its graphics cards that is not
|
||||
enabled by default because it's not Free Software, is often broken in
|
||||
nixpkgs and as of this writing doesn't offer more features or
|
||||
performance. If you still want to use it anyway, you need to explicitly
|
||||
set:
|
||||
|
||||
```nix
|
||||
{
|
||||
services.xserver.videoDrivers = [ "amdgpu-pro" ];
|
||||
}
|
||||
```
|
||||
|
||||
You will need to reboot after enabling this driver to prevent a clash
|
||||
with other kernel modules.
|
||||
|
||||
## Touchpads {#sec-x11-touchpads}
|
||||
|
||||
Support for Synaptics touchpads (found in many laptops such as the Dell
|
||||
|
|
|
@ -44,7 +44,7 @@ As an alternative, you can proxy the guest shell to a local TCP server by first
|
|||
starting a TCP server in a terminal using the command:
|
||||
|
||||
```ShellSession
|
||||
$ socat 'READLINE,PROMPT=$ ' tcp-listen:4444,reuseaddr`
|
||||
$ socat 'READLINE,PROMPT=$ ' tcp-listen:4444,reuseaddr
|
||||
```
|
||||
|
||||
In the terminal where the test driver is running, connect to this server by
|
||||
|
|
|
@ -207,6 +207,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
|
||||
- [xdg-terminal-exec](https://github.com/Vladimir-csp/xdg-terminal-exec), the proposed Default Terminal Execution Specification.
|
||||
|
||||
- Convenience options for `amdgpu`, open source driver for Radeon cards, is now available under `hardware.amdgpu`.
|
||||
|
||||
- [ydotool](https://github.com/ReimuNotMoe/ydotool), a generic command-line automation tool now has a module. Available as [programs.ydotool](#opt-programs.ydotool.enable).
|
||||
|
||||
- [your_spotify](https://github.com/Yooooomi/your_spotify), a self hosted Spotify tracking dashboard. Available as [services.your_spotify](#opt-services.your_spotify.enable)
|
||||
|
@ -822,3 +824,4 @@ Module System:
|
|||
### Internal {#sec-release-24.05-lib-internal}
|
||||
- `lib` now has [Readme for contributing](https://github.com/NixOS/nixpkgs/tree/master/lib#readme).
|
||||
- Some function's documentation is now written using the [accepted doc comment syntax](https://github.com/NixOS/rfcs/pull/145).
|
||||
- `odoo` has been updated from `16.0.20231024` to `17.0.20240507`.
|
||||
|
|
|
@ -4,7 +4,10 @@
|
|||
|
||||
## Highlights {#sec-release-24.11-highlights}
|
||||
|
||||
- Create the first release note entry in this section!
|
||||
- Convenience options for `amdgpu`, open source driver for Radeon cards, is now available under `hardware.amdgpu`.
|
||||
|
||||
- [AMDVLK](https://github.com/GPUOpen-Drivers/AMDVLK), AMD's open source Vulkan driver, is now available to be configured as `hardware.amdgpu.amdvlk` option.
|
||||
This also allows configuring runtime settings of AMDVLK and enabling experimental features.
|
||||
|
||||
## New Services {#sec-release-24.11-new-services}
|
||||
|
||||
|
@ -12,8 +15,16 @@
|
|||
for LLMs. Available as [services.open-webui](#opt-services.open-webui.enable)
|
||||
service.
|
||||
|
||||
- [Quickwit](https://quickwit.io), sub-second search & analytics engine on cloud storage. Available as [services.quickwit](options.html#opt-services.quickwit).
|
||||
|
||||
- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood).
|
||||
|
||||
- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
|
||||
|
||||
- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later.
|
||||
|
||||
- `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`.
|
||||
|
||||
- `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can
|
||||
|
@ -28,6 +39,12 @@
|
|||
`services.forgejo.secrets` is a small wrapper over systemd's `LoadCredential=`. It has the same structure (sections/keys) as
|
||||
`services.forgejo.settings` but takes file paths that will be read before service startup instead of some plaintext value.
|
||||
|
||||
- `services.ddclient.use` has been deprecated: `ddclient` now supports separate IPv4 and IPv6 configuration. Use `services.ddclient.usev4` and `services.ddclient.usev6` instead.
|
||||
|
||||
- `vaultwarden` lost the capability to bind to privileged ports. If you rely on
|
||||
this behavior, override the systemd unit to allow `CAP_NET_BIND_SERVICE` in
|
||||
your local configuration.
|
||||
|
||||
- The Invoiceplane module now only accepts the structured `settings` option.
|
||||
`extraConfig` is now removed.
|
||||
|
||||
|
@ -36,6 +53,14 @@
|
|||
before changing the package to `pkgs.stalwart-mail` in
|
||||
[`services.stalwart-mail.package`](#opt-services.stalwart-mail.package).
|
||||
|
||||
- `haskell.lib.compose.justStaticExecutables` now disallows references to GHC in the
|
||||
output by default, to alert users to closure size issues caused by
|
||||
[#164630](https://github.com/NixOS/nixpkgs/issues/164630). See ["Packaging
|
||||
Helpers" in the Haskell section of the Nixpkgs
|
||||
manual](https://nixos.org/manual/nixpkgs/unstable/#haskell-packaging-helpers)
|
||||
for information on working around `output '...' is not allowed to refer to
|
||||
the following paths` errors caused by this change.
|
||||
|
||||
- The `stalwart-mail` module now uses RocksDB as the default storage backend
|
||||
for `stateVersion` ≥ 24.11. (It was previously using SQLite for structured
|
||||
data and the filesystem for blobs).
|
||||
|
@ -52,10 +77,18 @@
|
|||
services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
|
||||
```
|
||||
|
||||
- The `tracy` package no longer works on X11, since it's moved to Wayland
|
||||
support, which is the intended default behavior by Tracy maintainers.
|
||||
X11 users have to switch to the new package `tracy-x11`.
|
||||
|
||||
## Other Notable Changes {#sec-release-24.11-notable-changes}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- `hareHook` has been added as the language framework for Hare. From now on, it,
|
||||
not the `hare` package, should be added to `nativeBuildInputs` when building
|
||||
Hare programs.
|
||||
|
||||
- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
|
||||
The derivation now installs "impl" headers selectively instead of by a wildcard.
|
||||
Use `imgui.src` if you just want to access the unpacked sources.
|
||||
|
|
|
@ -147,7 +147,10 @@ in {
|
|||
'' + optionalString (def.ipv6SendRAConfig != { }) ''
|
||||
[IPv6SendRA]
|
||||
${attrsToSection def.ipv6SendRAConfig}
|
||||
'' + flip concatMapStrings def.ipv6Prefixes (x: ''
|
||||
'' + flip concatMapStrings def.ipv6PREF64Prefixes (x: ''
|
||||
[IPv6PREF64Prefix]
|
||||
${attrsToSection x}
|
||||
'') + flip concatMapStrings def.ipv6Prefixes (x: ''
|
||||
[IPv6Prefix]
|
||||
${attrsToSection x}
|
||||
'') + flip concatMapStrings def.ipv6RoutePrefixes (x: ''
|
||||
|
|
|
@ -13,11 +13,20 @@
|
|||
, extraPythonPackages ? (_ : [])
|
||||
, nixosTests
|
||||
}:
|
||||
|
||||
let
|
||||
fs = lib.fileset;
|
||||
in
|
||||
python3Packages.buildPythonApplication {
|
||||
pname = "nixos-test-driver";
|
||||
version = "1.1";
|
||||
src = ./.;
|
||||
src = fs.toSource {
|
||||
root = ./.;
|
||||
fileset = fs.unions [
|
||||
./pyproject.toml
|
||||
./test_driver
|
||||
./extract-docstrings.py
|
||||
];
|
||||
};
|
||||
pyproject = true;
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -106,7 +106,6 @@ class Driver:
|
|||
with self.logger.subtest(name):
|
||||
try:
|
||||
yield
|
||||
return True
|
||||
except Exception as e:
|
||||
self.logger.error(f'Test "{name}" failed with error: "{e}"')
|
||||
raise e
|
||||
|
|
|
@ -39,7 +39,7 @@ with lib;
|
|||
# dep of graphviz, libXpm is optional for Xpm support
|
||||
gd = super.gd.override { withXorg = false; };
|
||||
ghostscript = super.ghostscript.override { cupsSupport = false; x11Support = false; };
|
||||
gjs = super.gjs.overrideAttrs { doCheck = false; installTests = false; }; # avoid test dependency on gtk3
|
||||
gjs = (super.gjs.override { installTests = false; }).overrideAttrs { doCheck = false; }; # avoid test dependency on gtk3
|
||||
gobject-introspection = super.gobject-introspection.override { x11Support = false; };
|
||||
gpg-tui = super.gpg-tui.override { x11Support = false; };
|
||||
gpsd = super.gpsd.override { guiSupport = false; };
|
||||
|
|
126
third_party/nixpkgs/nixos/modules/hardware/graphics.nix
vendored
Normal file
126
third_party/nixpkgs/nixos/modules/hardware/graphics.nix
vendored
Normal file
|
@ -0,0 +1,126 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.hardware.graphics;
|
||||
|
||||
driversEnv = pkgs.buildEnv {
|
||||
name = "graphics-drivers";
|
||||
paths = [ cfg.package ] ++ cfg.extraPackages;
|
||||
};
|
||||
|
||||
driversEnv32 = pkgs.buildEnv {
|
||||
name = "graphics-drivers-32bit";
|
||||
paths = [ cfg.package32 ] ++ cfg.extraPackages32;
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(lib.mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
|
||||
(lib.mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] "S3TC support is now always enabled in Mesa.")
|
||||
(lib.mkRemovedOptionModule [ "hardware" "opengl" "driSupport"] "The setting can be removed.")
|
||||
|
||||
(lib.mkRenamedOptionModule [ "hardware" "opengl" "enable"] [ "hardware" "graphics" "enable" ])
|
||||
(lib.mkRenamedOptionModule [ "hardware" "opengl" "driSupport32Bit"] [ "hardware" "graphics" "enable32Bit" ])
|
||||
(lib.mkRenamedOptionModule [ "hardware" "opengl" "package"] [ "hardware" "graphics" "package" ])
|
||||
(lib.mkRenamedOptionModule [ "hardware" "opengl" "package32"] [ "hardware" "graphics" "package32" ])
|
||||
(lib.mkRenamedOptionModule [ "hardware" "opengl" "extraPackages"] [ "hardware" "graphics" "extraPackages" ])
|
||||
(lib.mkRenamedOptionModule [ "hardware" "opengl" "extraPackages32"] [ "hardware" "graphics" "extraPackages32" ])
|
||||
];
|
||||
|
||||
options.hardware.graphics = {
|
||||
enable = lib.mkOption {
|
||||
description = ''
|
||||
Whether to enable hardware accelerated graphics drivers.
|
||||
|
||||
This is required to allow most graphical applications and
|
||||
environments to use hardware rendering, video encode/decode
|
||||
acceleration, etc.
|
||||
|
||||
This option should be enabled by default by the corresponding modules,
|
||||
so you do not usually have to set it yourself.
|
||||
'';
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
enable32Bit = lib.mkOption {
|
||||
description = ''
|
||||
On 64-bit systems, whether to also install 32-bit drivers for
|
||||
32-bit applications (such as Wine).
|
||||
'';
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
package = lib.mkOption {
|
||||
description = ''
|
||||
The package that provides the default driver set.
|
||||
'';
|
||||
type = lib.types.package;
|
||||
internal = true;
|
||||
};
|
||||
|
||||
package32 = lib.mkOption {
|
||||
description = ''
|
||||
The package that provides the 32-bit driver set. Used when {option}`enable32Bit` is enabled.
|
||||
set.
|
||||
'';
|
||||
type = lib.types.package;
|
||||
internal = true;
|
||||
};
|
||||
|
||||
extraPackages = lib.mkOption {
|
||||
description = ''
|
||||
Additional packages to add to the default graphics driver lookup path.
|
||||
This can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.
|
||||
|
||||
::: {.note}
|
||||
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
|
||||
:::
|
||||
'';
|
||||
type = lib.types.listOf lib.types.package;
|
||||
default = [];
|
||||
example = lib.literalExpression "with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]";
|
||||
};
|
||||
|
||||
extraPackages32 = lib.mkOption {
|
||||
description = ''
|
||||
Additional packages to add to 32-bit graphics driver lookup path on 64-bit systems.
|
||||
Used when {option}`enable32Bit` is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.
|
||||
|
||||
::: {.note}
|
||||
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
|
||||
:::
|
||||
'';
|
||||
type = lib.types.listOf lib.types.package;
|
||||
default = [];
|
||||
example = lib.literalExpression "with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.enable32Bit -> pkgs.stdenv.isx86_64;
|
||||
message = "`hardware.graphics.enable32Bit` only makes sense on a 64-bit system.";
|
||||
}
|
||||
{
|
||||
assertion = cfg.enable32Bit -> (config.boot.kernelPackages.kernel.features.ia32Emulation or false);
|
||||
message = "`hardware.graphics.enable32Bit` requires a kernel that supports 32-bit emulation";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.tmpfiles.settings.graphics-driver = {
|
||||
"/run/opengl-driver"."L+".argument = toString driversEnv;
|
||||
"/run/opengl-driver-32" =
|
||||
if pkgs.stdenv.isi686 then
|
||||
{ "L+".argument = "opengl-driver"; }
|
||||
else if cfg.enable32Bit then
|
||||
{ "L+".argument = toString driversEnv32; }
|
||||
else
|
||||
{ "r" = {}; };
|
||||
};
|
||||
|
||||
hardware.graphics.package = lib.mkDefault pkgs.mesa.drivers;
|
||||
hardware.graphics.package32 = lib.mkDefault pkgs.pkgsi686Linux.mesa.drivers;
|
||||
};
|
||||
}
|
|
@ -1,161 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.hardware.opengl;
|
||||
|
||||
kernelPackages = config.boot.kernelPackages;
|
||||
|
||||
videoDrivers = config.services.xserver.videoDrivers;
|
||||
|
||||
package = pkgs.buildEnv {
|
||||
name = "opengl-drivers";
|
||||
paths = [ cfg.package ] ++ cfg.extraPackages;
|
||||
};
|
||||
|
||||
package32 = pkgs.buildEnv {
|
||||
name = "opengl-drivers-32bit";
|
||||
paths = [ cfg.package32 ] ++ cfg.extraPackages32;
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
|
||||
(mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] "S3TC support is now always enabled in Mesa.")
|
||||
];
|
||||
|
||||
options = {
|
||||
|
||||
hardware.opengl = {
|
||||
enable = mkOption {
|
||||
description = ''
|
||||
Whether to enable OpenGL drivers. This is needed to enable
|
||||
OpenGL support in X11 systems, as well as for Wayland compositors
|
||||
like sway and Weston. It is enabled by default
|
||||
by the corresponding modules, so you do not usually have to
|
||||
set it yourself, only if there is no module for your wayland
|
||||
compositor of choice. See services.xserver.enable and
|
||||
programs.sway.enable.
|
||||
'';
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
driSupport = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to enable accelerated OpenGL rendering through the
|
||||
Direct Rendering Interface (DRI).
|
||||
'';
|
||||
};
|
||||
|
||||
driSupport32Bit = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
On 64-bit systems, whether to support Direct Rendering for
|
||||
32-bit applications (such as Wine). This is currently only
|
||||
supported for the `nvidia` as well as
|
||||
`Mesa`.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
The package that provides the OpenGL implementation.
|
||||
'';
|
||||
};
|
||||
|
||||
package32 = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
The package that provides the 32-bit OpenGL implementation on
|
||||
64-bit systems. Used when {option}`driSupport32Bit` is
|
||||
set.
|
||||
'';
|
||||
};
|
||||
|
||||
extraPackages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
example = literalExpression "with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]";
|
||||
description = ''
|
||||
Additional packages to add to OpenGL drivers.
|
||||
This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
|
||||
|
||||
::: {.note}
|
||||
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
extraPackages32 = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
example = literalExpression "with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]";
|
||||
description = ''
|
||||
Additional packages to add to 32-bit OpenGL drivers on 64-bit systems.
|
||||
Used when {option}`driSupport32Bit` is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
|
||||
|
||||
::: {.note}
|
||||
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
setLdLibraryPath = mkOption {
|
||||
type = types.bool;
|
||||
internal = true;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether the `LD_LIBRARY_PATH` environment variable
|
||||
should be set to the locations of driver libraries. Drivers which
|
||||
rely on overriding libraries should set this to true. Drivers which
|
||||
support `libglvnd` and other dispatch libraries
|
||||
instead of overriding libraries should not set this.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64;
|
||||
message = "Option driSupport32Bit only makes sense on a 64-bit system.";
|
||||
}
|
||||
{ assertion = cfg.driSupport32Bit -> (config.boot.kernelPackages.kernel.features.ia32Emulation or false);
|
||||
message = "Option driSupport32Bit requires a kernel that supports 32bit emulation";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ /run/opengl-driver - - - - ${package}"
|
||||
(
|
||||
if pkgs.stdenv.isi686 then
|
||||
"L+ /run/opengl-driver-32 - - - - opengl-driver"
|
||||
else if cfg.driSupport32Bit then
|
||||
"L+ /run/opengl-driver-32 - - - - ${package32}"
|
||||
else
|
||||
"r /run/opengl-driver-32"
|
||||
)
|
||||
];
|
||||
|
||||
environment.sessionVariables.LD_LIBRARY_PATH = mkIf cfg.setLdLibraryPath
|
||||
([ "/run/opengl-driver/lib" ] ++ optional cfg.driSupport32Bit "/run/opengl-driver-32/lib");
|
||||
|
||||
hardware.opengl.package = mkDefault pkgs.mesa.drivers;
|
||||
hardware.opengl.package32 = mkDefault pkgs.pkgsi686Linux.mesa.drivers;
|
||||
|
||||
boot.extraModulePackages = optional (elem "virtualbox" videoDrivers) kernelPackages.virtualboxGuestAdditions;
|
||||
};
|
||||
}
|
|
@ -1,69 +0,0 @@
|
|||
# This module provides the proprietary AMDGPU-PRO drivers.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
drivers = config.services.xserver.videoDrivers;
|
||||
|
||||
enabled = elem "amdgpu-pro" drivers;
|
||||
|
||||
package = config.boot.kernelPackages.amdgpu-pro;
|
||||
package32 = pkgs.pkgsi686Linux.linuxPackages.amdgpu-pro.override { kernel = null; };
|
||||
|
||||
opengl = config.hardware.opengl;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
config = mkIf enabled {
|
||||
services.xserver.drivers = singleton
|
||||
{ name = "amdgpu"; modules = [ package ]; display = true; };
|
||||
|
||||
hardware.opengl.package = package;
|
||||
hardware.opengl.package32 = package32;
|
||||
hardware.opengl.setLdLibraryPath = true;
|
||||
|
||||
boot.extraModulePackages = [ package.kmod ];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxKernel.packagesFor
|
||||
(pkgs.linuxKernel.kernels.linux_5_10.override {
|
||||
structuredExtraConfig = {
|
||||
DEVICE_PRIVATE = kernel.yes;
|
||||
KALLSYMS_ALL = kernel.yes;
|
||||
};
|
||||
});
|
||||
|
||||
hardware.firmware = [ package.fw ];
|
||||
|
||||
systemd.tmpfiles.settings.amdgpu-pro = {
|
||||
"/run/amdgpu"."L+".argument = "${package}/opt/amdgpu";
|
||||
"/run/amdgpu-pro"."L+".argument = "${package}/opt/amdgpu-pro";
|
||||
};
|
||||
|
||||
system.requiredKernelConfig = with config.lib.kernelConfig; [
|
||||
(isYes "DEVICE_PRIVATE")
|
||||
(isYes "KALLSYMS_ALL")
|
||||
];
|
||||
|
||||
boot.initrd.extraUdevRulesCommands = mkIf (!config.boot.initrd.systemd.enable) ''
|
||||
cp -v ${package}/etc/udev/rules.d/*.rules $out/
|
||||
'';
|
||||
boot.initrd.services.udev.packages = [ package ];
|
||||
|
||||
environment.systemPackages =
|
||||
[ package.vulkan ] ++
|
||||
# this isn't really DRI, but we'll reuse this option for now
|
||||
optional config.hardware.opengl.driSupport32Bit package32.vulkan;
|
||||
|
||||
environment.etc = {
|
||||
"modprobe.d/blacklist-radeon.conf".source = package + "/etc/modprobe.d/blacklist-radeon.conf";
|
||||
amd.source = package + "/etc/amd";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -206,6 +206,19 @@ in
|
|||
option is supported is used
|
||||
'';
|
||||
|
||||
prime.reverseSync.setupCommands.enable =
|
||||
(lib.mkEnableOption ''
|
||||
configure the display manager to be able to use the outputs
|
||||
attached to the NVIDIA GPU.
|
||||
Disable in order to configure the NVIDIA GPU outputs manually using xrandr.
|
||||
Note that this configuration will only be successful when a display manager
|
||||
for which the {option}`services.xserver.displayManager.setupCommands`
|
||||
option is supported is used
|
||||
'')
|
||||
// {
|
||||
default = true;
|
||||
};
|
||||
|
||||
nvidiaSettings =
|
||||
(lib.mkEnableOption ''
|
||||
nvidia-settings, NVIDIA's GUI configuration tool
|
||||
|
@ -275,7 +288,7 @@ in
|
|||
softdep nvidia post: nvidia-uvm
|
||||
'';
|
||||
};
|
||||
systemd.tmpfiles.rules = lib.optional config.virtualisation.docker.enableNvidia "L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin";
|
||||
systemd.tmpfiles.rules = lib.mkIf config.virtualisation.docker.enableNvidia [ "L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin" ];
|
||||
services.udev.extraRules = ''
|
||||
# Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
|
||||
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c 195 255'"
|
||||
|
@ -284,12 +297,13 @@ in
|
|||
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
|
||||
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm-tools c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 1'"
|
||||
'';
|
||||
hardware.opengl = {
|
||||
extraPackages = [ nvidia_x11.out ] ++ (lib.optional (builtins.hasAttr "libXNVCtrl" nvidia_x11.settings) nvidia_x11.settings.libXNVCtrl);
|
||||
hardware.graphics = {
|
||||
extraPackages = [ nvidia_x11.out ];
|
||||
extraPackages32 = [ nvidia_x11.lib32 ];
|
||||
};
|
||||
environment.systemPackages = [ nvidia_x11.bin ];
|
||||
})
|
||||
|
||||
# X11
|
||||
(lib.mkIf nvidiaEnabled {
|
||||
assertions = [
|
||||
|
@ -436,11 +450,13 @@ in
|
|||
providerCmdParams =
|
||||
if syncCfg.enable then "\"${gpuProviderName}\" NVIDIA-0" else "NVIDIA-G0 \"${gpuProviderName}\"";
|
||||
in
|
||||
lib.optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
|
||||
# Added by nvidia configuration module for Optimus/PRIME.
|
||||
${lib.getExe pkgs.xorg.xrandr} --setprovideroutputsource ${providerCmdParams}
|
||||
${lib.getExe pkgs.xorg.xrandr} --auto
|
||||
'';
|
||||
lib.optionalString
|
||||
(syncCfg.enable || (reverseSyncCfg.enable && reverseSyncCfg.setupCommands.enable))
|
||||
''
|
||||
# Added by nvidia configuration module for Optimus/PRIME.
|
||||
${lib.getExe pkgs.xorg.xrandr} --setprovideroutputsource ${providerCmdParams}
|
||||
${lib.getExe pkgs.xorg.xrandr} --auto
|
||||
'';
|
||||
|
||||
environment.etc = {
|
||||
"nvidia/nvidia-application-profiles-rc" = lib.mkIf nvidia_x11.useProfiles {
|
||||
|
@ -451,10 +467,11 @@ in
|
|||
"egl/egl_external_platform.d".source = "/run/opengl-driver/share/egl/egl_external_platform.d/";
|
||||
};
|
||||
|
||||
hardware.opengl = {
|
||||
hardware.graphics = {
|
||||
extraPackages = [ pkgs.nvidia-vaapi-driver ];
|
||||
extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ];
|
||||
};
|
||||
|
||||
environment.systemPackages =
|
||||
lib.optional cfg.nvidiaSettings nvidia_x11.settings
|
||||
++ lib.optional cfg.nvidiaPersistenced nvidia_x11.persistenced
|
||||
|
@ -527,16 +544,12 @@ in
|
|||
};
|
||||
})
|
||||
];
|
||||
|
||||
services.acpid.enable = true;
|
||||
|
||||
services.dbus.packages = lib.optional cfg.dynamicBoost.enable nvidia_x11.bin;
|
||||
|
||||
hardware.firmware =
|
||||
let
|
||||
isOpen = cfg.open;
|
||||
isNewUnfree = lib.versionAtLeast nvidia_x11.version "555";
|
||||
in
|
||||
lib.optional (isOpen || isNewUnfree) nvidia_x11.firmware;
|
||||
hardware.firmware = lib.optional (cfg.open || lib.versionAtLeast nvidia_x11.version "555") nvidia_x11.firmware;
|
||||
|
||||
systemd.tmpfiles.rules =
|
||||
[
|
||||
|
|
7
third_party/nixpkgs/nixos/modules/hardware/video/virtualbox.nix
vendored
Normal file
7
third_party/nixpkgs/nixos/modules/hardware/video/virtualbox.nix
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ lib, config, ... }:
|
||||
let
|
||||
inherit (config.boot) kernelPackages;
|
||||
inherit (config.services.xserver) videoDrivers;
|
||||
in {
|
||||
boot.extraModulePackages = lib.mkIf (lib.elem "virtualbox" videoDrivers) [ kernelPackages.virtualboxGuestAdditions ];
|
||||
}
|
|
@ -37,11 +37,6 @@ with lib;
|
|||
# here and it causes a cyclic dependency.
|
||||
boot.loader.grub.enable = false;
|
||||
|
||||
# !!! Hack - attributes expected by other modules.
|
||||
environment.systemPackages = [ pkgs.grub2_efi ]
|
||||
++ (lib.optionals (lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.syslinux)
|
||||
[pkgs.grub2 pkgs.syslinux]);
|
||||
|
||||
fileSystems."/" = mkImageMediaOverride
|
||||
{ fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
|
|
156
third_party/nixpkgs/nixos/modules/misc/locate.nix
vendored
156
third_party/nixpkgs/nixos/modules/misc/locate.nix
vendored
|
@ -1,24 +1,22 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.locate;
|
||||
isMLocate = hasPrefix "mlocate" cfg.package.name;
|
||||
isPLocate = hasPrefix "plocate" cfg.package.name;
|
||||
isMLocate = lib.hasPrefix "mlocate" cfg.package.name;
|
||||
isPLocate = lib.hasPrefix "plocate" cfg.package.name;
|
||||
isMorPLocate = isMLocate || isPLocate;
|
||||
isFindutils = hasPrefix "findutils" cfg.package.name;
|
||||
isFindutils = lib.hasPrefix "findutils" cfg.package.name;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ])
|
||||
(mkRenamedOptionModule [ "services" "locate" "locate" ] [ "services" "locate" "package" ])
|
||||
(mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths")
|
||||
(lib.mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ])
|
||||
(lib.mkRenamedOptionModule [ "services" "locate" "locate" ] [ "services" "locate" "package" ])
|
||||
(lib.mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths")
|
||||
];
|
||||
|
||||
options.services.locate = with types; {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
options.services.locate = {
|
||||
enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If enabled, NixOS will periodically update the database of
|
||||
|
@ -26,12 +24,12 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
package = mkPackageOption pkgs [ "findutils" "locate" ] {
|
||||
package = lib.mkPackageOption pkgs [ "findutils" "locate" ] {
|
||||
example = "mlocate";
|
||||
};
|
||||
|
||||
interval = mkOption {
|
||||
type = str;
|
||||
interval = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "02:15";
|
||||
example = "hourly";
|
||||
description = ''
|
||||
|
@ -46,24 +44,24 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraFlags = mkOption {
|
||||
type = listOf str;
|
||||
extraFlags = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Extra flags to pass to {command}`updatedb`.
|
||||
'';
|
||||
};
|
||||
|
||||
output = mkOption {
|
||||
type = path;
|
||||
output = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/var/cache/locatedb";
|
||||
description = ''
|
||||
The database file to build.
|
||||
'';
|
||||
};
|
||||
|
||||
localuser = mkOption {
|
||||
type = nullOr str;
|
||||
localuser = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = "nobody";
|
||||
description = ''
|
||||
The user to search non-network directories as, using
|
||||
|
@ -71,8 +69,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
pruneFS = mkOption {
|
||||
type = listOf str;
|
||||
pruneFS = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [
|
||||
"afs"
|
||||
"anon_inodefs"
|
||||
|
@ -158,8 +156,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
prunePaths = mkOption {
|
||||
type = listOf path;
|
||||
prunePaths = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.path;
|
||||
default = [
|
||||
"/tmp"
|
||||
"/var/tmp"
|
||||
|
@ -175,10 +173,10 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
pruneNames = mkOption {
|
||||
type = listOf str;
|
||||
pruneNames = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = lib.optionals (!isFindutils) [ ".bzr" ".cache" ".git" ".hg" ".svn" ];
|
||||
defaultText = literalMD ''
|
||||
defaultText = lib.literalMD ''
|
||||
`[ ".bzr" ".cache" ".git" ".hg" ".svn" ]`, if
|
||||
supported by the locate implementation (i.e. mlocate or plocate).
|
||||
'';
|
||||
|
@ -187,8 +185,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
pruneBindMounts = mkOption {
|
||||
type = bool;
|
||||
pruneBindMounts = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether not to index bind mounts
|
||||
|
@ -197,10 +195,10 @@ in
|
|||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.groups = mkMerge [
|
||||
(mkIf isMLocate { mlocate = { }; })
|
||||
(mkIf isPLocate { plocate = { }; })
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.groups = lib.mkMerge [
|
||||
(lib.mkIf isMLocate { mlocate = { }; })
|
||||
(lib.mkIf isPLocate { plocate = { }; })
|
||||
];
|
||||
|
||||
security.wrappers =
|
||||
|
@ -211,46 +209,46 @@ in
|
|||
setgid = true;
|
||||
setuid = false;
|
||||
};
|
||||
mlocate = mkIf isMLocate {
|
||||
mlocate = lib.mkIf isMLocate {
|
||||
group = "mlocate";
|
||||
source = "${cfg.package}/bin/locate";
|
||||
};
|
||||
plocate = mkIf isPLocate {
|
||||
plocate = lib.mkIf isPLocate {
|
||||
group = "plocate";
|
||||
source = "${cfg.package}/bin/plocate";
|
||||
};
|
||||
in
|
||||
mkIf isMorPLocate {
|
||||
locate = mkMerge [ common mlocate plocate ];
|
||||
plocate = mkIf isPLocate (mkMerge [ common plocate ]);
|
||||
lib.mkIf isMorPLocate {
|
||||
locate = lib.mkMerge [ common mlocate plocate ];
|
||||
plocate = lib.mkIf isPLocate (lib.mkMerge [ common plocate ]);
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
environment.variables.LOCATE_PATH = cfg.output;
|
||||
|
||||
environment.etc = {
|
||||
environment = {
|
||||
# write /etc/updatedb.conf for manual calls to `updatedb`
|
||||
"updatedb.conf" = {
|
||||
text = ''
|
||||
PRUNEFS="${lib.concatStringsSep " " cfg.pruneFS}"
|
||||
PRUNENAMES="${lib.concatStringsSep " " cfg.pruneNames}"
|
||||
PRUNEPATHS="${lib.concatStringsSep " " cfg.prunePaths}"
|
||||
PRUNE_BIND_MOUNTS="${if cfg.pruneBindMounts then "yes" else "no"}"
|
||||
'';
|
||||
etc."updatedb.conf".text = ''
|
||||
PRUNEFS="${lib.concatStringsSep " " cfg.pruneFS}"
|
||||
PRUNENAMES="${lib.concatStringsSep " " cfg.pruneNames}"
|
||||
PRUNEPATHS="${lib.concatStringsSep " " cfg.prunePaths}"
|
||||
PRUNE_BIND_MOUNTS="${if cfg.pruneBindMounts then "yes" else "no"}"
|
||||
'';
|
||||
|
||||
systemPackages = [ cfg.package ];
|
||||
|
||||
variables = lib.mkIf isFindutils {
|
||||
LOCATE_PATH = cfg.output;
|
||||
};
|
||||
};
|
||||
|
||||
warnings = optional (isMorPLocate && cfg.localuser != null)
|
||||
warnings = lib.optional (isMorPLocate && cfg.localuser != null)
|
||||
"mlocate and plocate do not support the services.locate.localuser option. updatedb will run as root. Silence this warning by setting services.locate.localuser = null."
|
||||
++ optional (isFindutils && cfg.pruneNames != [ ])
|
||||
++ lib.optional (isFindutils && cfg.pruneNames != [ ])
|
||||
"findutils locate does not support pruning by directory component"
|
||||
++ optional (isFindutils && cfg.pruneBindMounts)
|
||||
++ lib.optional (isFindutils && cfg.pruneBindMounts)
|
||||
"findutils locate does not support skipping bind mounts";
|
||||
|
||||
systemd.services.update-locatedb = {
|
||||
description = "Update Locate Database";
|
||||
path = mkIf (!isMorPLocate) [ pkgs.su ];
|
||||
path = lib.mkIf (!isMorPLocate) [ pkgs.su ];
|
||||
|
||||
# mlocate's updatedb takes flags via a configuration file or
|
||||
# on the command line, but not by environment variable.
|
||||
|
@ -258,42 +256,44 @@ in
|
|||
if isMorPLocate then
|
||||
let
|
||||
toFlags = x:
|
||||
optional (cfg.${x} != [ ])
|
||||
"--${lib.toLower x} '${concatStringsSep " " cfg.${x}}'";
|
||||
args = concatLists (map toFlags [ "pruneFS" "pruneNames" "prunePaths" ]);
|
||||
lib.optional (cfg.${x} != [ ])
|
||||
"--${lib.toLower x} '${lib.concatStringsSep " " cfg.${x}}'";
|
||||
args = lib.concatLists (map toFlags [ "pruneFS" "pruneNames" "prunePaths" ]);
|
||||
in
|
||||
''
|
||||
exec ${cfg.package}/bin/updatedb \
|
||||
--output ${toString cfg.output} ${concatStringsSep " " args} \
|
||||
--output ${toString cfg.output} ${lib.concatStringsSep " " args} \
|
||||
--prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \
|
||||
${concatStringsSep " " cfg.extraFlags}
|
||||
${lib.concatStringsSep " " cfg.extraFlags}
|
||||
''
|
||||
else ''
|
||||
exec ${cfg.package}/bin/updatedb \
|
||||
${optionalString (cfg.localuser != null && !isMorPLocate) "--localuser=${cfg.localuser}"} \
|
||||
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
|
||||
${lib.optionalString (cfg.localuser != null && !isMorPLocate) "--localuser=${cfg.localuser}"} \
|
||||
--output=${toString cfg.output} ${lib.concatStringsSep " " cfg.extraFlags}
|
||||
'';
|
||||
environment = optionalAttrs (!isMorPLocate) {
|
||||
PRUNEFS = concatStringsSep " " cfg.pruneFS;
|
||||
PRUNEPATHS = concatStringsSep " " cfg.prunePaths;
|
||||
PRUNENAMES = concatStringsSep " " cfg.pruneNames;
|
||||
environment = lib.optionalAttrs (!isMorPLocate) {
|
||||
PRUNEFS = lib.concatStringsSep " " cfg.pruneFS;
|
||||
PRUNEPATHS = lib.concatStringsSep " " cfg.prunePaths;
|
||||
PRUNENAMES = lib.concatStringsSep " " cfg.pruneNames;
|
||||
PRUNE_BIND_MOUNTS = if cfg.pruneBindMounts then "yes" else "no";
|
||||
};
|
||||
serviceConfig.Nice = 19;
|
||||
serviceConfig.IOSchedulingClass = "idle";
|
||||
serviceConfig.PrivateTmp = "yes";
|
||||
serviceConfig.PrivateNetwork = "yes";
|
||||
serviceConfig.NoNewPrivileges = "yes";
|
||||
serviceConfig.ReadOnlyPaths = "/";
|
||||
# Use dirOf cfg.output because mlocate creates temporary files next to
|
||||
# the actual database. We could specify and create them as well,
|
||||
# but that would make this quite brittle when they change something.
|
||||
# NOTE: If /var/cache does not exist, this leads to the misleading error message:
|
||||
# update-locatedb.service: Failed at step NAMESPACE spawning …/update-locatedb-start: No such file or directory
|
||||
serviceConfig.ReadWritePaths = dirOf cfg.output;
|
||||
serviceConfig = {
|
||||
Nice = 19;
|
||||
IOSchedulingClass = "idle";
|
||||
PrivateTmp = "yes";
|
||||
PrivateNetwork = "yes";
|
||||
NoNewPrivileges = "yes";
|
||||
ReadOnlyPaths = "/";
|
||||
# Use dirOf cfg.output because mlocate creates temporary files next to
|
||||
# the actual database. We could specify and create them as well,
|
||||
# but that would make this quite brittle when they change something.
|
||||
# NOTE: If /var/cache does not exist, this leads to the misleading error message:
|
||||
# update-locatedb.service: Failed at step NAMESPACE spawning …/update-locatedb-start: No such file or directory
|
||||
ReadWritePaths = dirOf cfg.output;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.update-locatedb = mkIf (cfg.interval != "never") {
|
||||
systemd.timers.update-locatedb = lib.mkIf (cfg.interval != "never") {
|
||||
description = "Update timer for locate database";
|
||||
partOf = [ "update-locatedb.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
|
|
@ -67,6 +67,7 @@
|
|||
./hardware/gkraken.nix
|
||||
./hardware/glasgow.nix
|
||||
./hardware/gpgsmartcards.nix
|
||||
./hardware/graphics.nix
|
||||
./hardware/hackrf.nix
|
||||
./hardware/i2c.nix
|
||||
./hardware/infiniband.nix
|
||||
|
@ -84,7 +85,6 @@
|
|||
./hardware/new-lg4ff.nix
|
||||
./hardware/nitrokey.nix
|
||||
./hardware/onlykey/default.nix
|
||||
./hardware/opengl.nix
|
||||
./hardware/openrazer.nix
|
||||
./hardware/opentabletdriver.nix
|
||||
./hardware/pcmcia.nix
|
||||
|
@ -103,7 +103,6 @@
|
|||
./hardware/uni-sync.nix
|
||||
./hardware/usb-modeswitch.nix
|
||||
./hardware/usb-storage.nix
|
||||
./hardware/video/amdgpu-pro.nix
|
||||
./hardware/video/bumblebee.nix
|
||||
./hardware/video/capture/mwprocapture.nix
|
||||
./hardware/video/displaylink.nix
|
||||
|
@ -111,6 +110,7 @@
|
|||
./hardware/video/nvidia.nix
|
||||
./hardware/video/switcheroo-control.nix
|
||||
./hardware/video/uvcvideo/default.nix
|
||||
./hardware/video/virtualbox.nix
|
||||
./hardware/video/webcam/facetimehd.nix
|
||||
./hardware/video/webcam/ipu6.nix
|
||||
./hardware/wooting.nix
|
||||
|
@ -196,6 +196,7 @@
|
|||
./programs/fzf.nix
|
||||
./programs/gamemode.nix
|
||||
./programs/gamescope.nix
|
||||
./programs/gdk-pixbuf.nix
|
||||
./programs/geary.nix
|
||||
./programs/git.nix
|
||||
./programs/gnome-disks.nix
|
||||
|
@ -548,6 +549,8 @@
|
|||
./services/games/xonotic.nix
|
||||
./services/hardware/acpid.nix
|
||||
./services/hardware/actkbd.nix
|
||||
./services/hardware/amdgpu.nix
|
||||
./services/hardware/amdvlk.nix
|
||||
./services/hardware/argonone.nix
|
||||
./services/hardware/asusd.nix
|
||||
./services/hardware/auto-cpufreq.nix
|
||||
|
@ -778,6 +781,7 @@
|
|||
./services/misc/paperless.nix
|
||||
./services/misc/parsoid.nix
|
||||
./services/misc/persistent-evdev.nix
|
||||
./services/misc/pghero.nix
|
||||
./services/misc/pinnwand.nix
|
||||
./services/misc/plex.nix
|
||||
./services/misc/plikd.nix
|
||||
|
@ -792,6 +796,7 @@
|
|||
./services/misc/radarr.nix
|
||||
./services/misc/readarr.nix
|
||||
./services/misc/redmine.nix
|
||||
./services/misc/renovate.nix
|
||||
./services/misc/ripple-data-api.nix
|
||||
./services/misc/rippled.nix
|
||||
./services/misc/rmfakecloud.nix
|
||||
|
@ -834,6 +839,7 @@
|
|||
./services/misc/zoneminder.nix
|
||||
./services/misc/zookeeper.nix
|
||||
./services/monitoring/alerta.nix
|
||||
./services/monitoring/alloy.nix
|
||||
./services/monitoring/apcupsd.nix
|
||||
./services/monitoring/arbtt.nix
|
||||
./services/monitoring/below.nix
|
||||
|
@ -1248,6 +1254,7 @@
|
|||
./services/search/meilisearch.nix
|
||||
./services/search/opensearch.nix
|
||||
./services/search/qdrant.nix
|
||||
./services/search/quickwit.nix
|
||||
./services/search/sonic-server.nix
|
||||
./services/search/typesense.nix
|
||||
./services/security/aesmd.nix
|
||||
|
@ -1310,6 +1317,7 @@
|
|||
./services/system/zram-generator.nix
|
||||
./services/torrent/deluge.nix
|
||||
./services/torrent/flexget.nix
|
||||
./services/torrent/flood.nix
|
||||
./services/torrent/magnetico.nix
|
||||
./services/torrent/opentracker.nix
|
||||
./services/torrent/peerflix.nix
|
||||
|
@ -1496,7 +1504,6 @@
|
|||
./services/x11/display-managers/xpra.nix
|
||||
./services/x11/extra-layouts.nix
|
||||
./services/x11/fractalart.nix
|
||||
./services/x11/gdk-pixbuf.nix
|
||||
./services/x11/hardware/cmt.nix
|
||||
./services/x11/hardware/digimend.nix
|
||||
./services/x11/hardware/synaptics.nix
|
||||
|
|
|
@ -1,16 +1,22 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
enable = config.programs.bash.enableCompletion;
|
||||
cfg = config.programs.bash;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.bash.enableCompletion = lib.mkEnableOption "Bash completion for all interactive bash shells" // {
|
||||
options.programs.bash.completion = {
|
||||
enable = lib.mkEnableOption "Bash completion for all interactive bash shells" // {
|
||||
default = true;
|
||||
};
|
||||
|
||||
package = lib.mkPackageOption pkgs "bash-completion" { };
|
||||
};
|
||||
|
||||
config = lib.mkIf enable {
|
||||
imports = [
|
||||
(lib.mkRenamedOptionModule [ "programs" "bash" "enableCompletion" ] [ "programs" "bash" "completion" "enable" ])
|
||||
];
|
||||
|
||||
config = lib.mkIf cfg.completion.enable {
|
||||
programs.bash.promptPluginInit = ''
|
||||
# Check whether we're running a version of Bash that has support for
|
||||
# programmable completion. If we do, enable all modules installed in
|
||||
|
@ -19,7 +25,7 @@ in
|
|||
# $XDG_DATA_DIRS/bash-completion/completions/
|
||||
# on demand, so they do not need to be sourced here.
|
||||
if shopt -q progcomp &>/dev/null; then
|
||||
. "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh"
|
||||
. "${cfg.completion.package}/etc/profile.d/bash_completion.sh"
|
||||
nullglobStatus=$(shopt -p nullglob)
|
||||
shopt -s nullglob
|
||||
for p in $NIX_PROFILES; do
|
||||
|
|
|
@ -198,7 +198,7 @@ in
|
|||
|
||||
users.defaultUserShell = lib.mkDefault pkgs.bashInteractive;
|
||||
|
||||
environment.pathsToLink = lib.optionals cfg.enableCompletion [
|
||||
environment.pathsToLink = lib.optionals cfg.completion.enable [
|
||||
"/etc/bash_completion.d"
|
||||
"/share/bash-completion"
|
||||
];
|
||||
|
|
|
@ -15,7 +15,7 @@ in
|
|||
environment.systemPackages = lib.mkIf (cfg.keybindings || cfg.fuzzyCompletion) [ pkgs.fzf ];
|
||||
|
||||
programs = {
|
||||
# load after programs.bash.enableCompletion
|
||||
# load after programs.bash.completion.enable
|
||||
bash.promptPluginInit = lib.mkAfter (lib.optionalString cfg.fuzzyCompletion ''
|
||||
source ${pkgs.fzf}/share/fzf/completion.bash
|
||||
'' + lib.optionalString cfg.keybindings ''
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.xserver.gdk-pixbuf;
|
||||
cfg = config.programs.gdk-pixbuf;
|
||||
|
||||
loadersCache = pkgs.gnome._gdkPixbufCacheBuilder_DO_NOT_USE {
|
||||
extraLoaders = lib.unique (cfg.modulePackages);
|
||||
extraLoaders = lib.unique cfg.modulePackages;
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
(lib.mkRenamedOptionModule [ "services" "xserver" "gdk-pixbuf" ] [ "programs" "gdk-pixbuf" ])
|
||||
];
|
||||
|
||||
options = {
|
||||
services.xserver.gdk-pixbuf.modulePackages = lib.mkOption {
|
||||
programs.gdk-pixbuf.modulePackages = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.package;
|
||||
default = [ ];
|
||||
description = "Packages providing GDK-Pixbuf modules, for cache generation.";
|
||||
|
@ -22,7 +26,7 @@ in
|
|||
# GDK_PIXBUF_MODULE_FILE to point to it.
|
||||
config = lib.mkIf (cfg.modulePackages != []) {
|
||||
environment.sessionVariables = {
|
||||
GDK_PIXBUF_MODULE_FILE = "${loadersCache}";
|
||||
GDK_PIXBUF_MODULE_FILE = loadersCache;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -29,17 +29,13 @@ in
|
|||
|
||||
config =
|
||||
let
|
||||
shell_files = pkgs.stdenv.mkDerivation rec {
|
||||
name = "kubeswitch-shell-files";
|
||||
phases = [ "installPhase" ];
|
||||
installPhase = ''
|
||||
mkdir -p $out/share
|
||||
for shell in bash zsh; do
|
||||
${cfg.package}/bin/switcher init $shell | sed 's/switch(/${cfg.commandName}(/' > $out/share/${cfg.commandName}_init.$shell
|
||||
${cfg.package}/bin/switcher --cmd ${cfg.commandName} completion $shell > $out/share/${cfg.commandName}_completion.$shell
|
||||
done
|
||||
'';
|
||||
};
|
||||
shell_files = pkgs.runCommand "kubeswitch-shell-files" {} ''
|
||||
mkdir -p $out/share
|
||||
for shell in bash zsh; do
|
||||
${cfg.package}/bin/switcher init $shell | sed 's/switch(/${cfg.commandName}(/' > $out/share/${cfg.commandName}_init.$shell
|
||||
${cfg.package}/bin/switcher --cmd ${cfg.commandName} completion $shell > $out/share/${cfg.commandName}_completion.$shell
|
||||
done
|
||||
'';
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
|
|
@ -65,7 +65,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
hardware.opengl.enable = lib.mkDefault true;
|
||||
hardware.graphics.enable = lib.mkDefault true;
|
||||
fonts.enableDefaultPackages = lib.mkDefault true;
|
||||
programs.dconf.enable = lib.mkDefault true;
|
||||
programs.xwayland.enable = lib.mkDefault true;
|
||||
|
|
|
@ -4,7 +4,18 @@ let
|
|||
cfg = config.security.loginDefs;
|
||||
in
|
||||
{
|
||||
options = with lib.types; {
|
||||
options = {
|
||||
|
||||
security.shadow.enable = lib.mkEnableOption "" // {
|
||||
default = true;
|
||||
description = ''
|
||||
Enable the shadow authentication suite, which provides critical programs such as su, login, passwd.
|
||||
|
||||
Note: This is currently experimental. Only disable this if you're
|
||||
confident that you can recover your system if it breaks.
|
||||
'';
|
||||
};
|
||||
|
||||
security.loginDefs = {
|
||||
package = lib.mkPackageOption pkgs "shadow" { };
|
||||
|
||||
|
@ -12,7 +23,7 @@ in
|
|||
description = ''
|
||||
Use chfn SUID to allow non-root users to change their account GECOS information.
|
||||
'';
|
||||
type = nullOr str;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
@ -22,7 +33,7 @@ in
|
|||
the site-specific configuration for the shadow password suite.
|
||||
See login.defs(5) man page for available options.
|
||||
'';
|
||||
type = submodule {
|
||||
type = lib.types.submodule {
|
||||
freeformType = (pkgs.formats.keyValue { }).type;
|
||||
/* There are three different sources for user/group id ranges, each of which gets
|
||||
used by different programs:
|
||||
|
@ -37,62 +48,62 @@ in
|
|||
DEFAULT_HOME = lib.mkOption {
|
||||
description = "Indicate if login is allowed if we can't cd to the home directory.";
|
||||
default = "yes";
|
||||
type = enum [ "yes" "no" ];
|
||||
type = lib.types.enum [ "yes" "no" ];
|
||||
};
|
||||
|
||||
ENCRYPT_METHOD = lib.mkOption {
|
||||
description = "This defines the system default encryption algorithm for encrypting passwords.";
|
||||
# The default crypt() method, keep in sync with the PAM default
|
||||
default = "YESCRYPT";
|
||||
type = enum [ "YESCRYPT" "SHA512" "SHA256" "MD5" "DES"];
|
||||
type = lib.types.enum [ "YESCRYPT" "SHA512" "SHA256" "MD5" "DES"];
|
||||
};
|
||||
|
||||
SYS_UID_MIN = lib.mkOption {
|
||||
description = "Range of user IDs used for the creation of system users by useradd or newusers.";
|
||||
default = 400;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
SYS_UID_MAX = lib.mkOption {
|
||||
description = "Range of user IDs used for the creation of system users by useradd or newusers.";
|
||||
default = 999;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
UID_MIN = lib.mkOption {
|
||||
description = "Range of user IDs used for the creation of regular users by useradd or newusers.";
|
||||
default = 1000;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
UID_MAX = lib.mkOption {
|
||||
description = "Range of user IDs used for the creation of regular users by useradd or newusers.";
|
||||
default = 29999;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
SYS_GID_MIN = lib.mkOption {
|
||||
description = "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers";
|
||||
default = 400;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
SYS_GID_MAX = lib.mkOption {
|
||||
description = "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers";
|
||||
default = 999;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
GID_MIN = lib.mkOption {
|
||||
description = "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.";
|
||||
default = 1000;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
GID_MAX = lib.mkOption {
|
||||
description = "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.";
|
||||
default = 29999;
|
||||
type = int;
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
TTYGROUP = lib.mkOption {
|
||||
|
@ -100,7 +111,7 @@ in
|
|||
The terminal permissions: the login tty will be owned by the TTYGROUP group,
|
||||
and the permissions will be set to TTYPERM'';
|
||||
default = "tty";
|
||||
type = str;
|
||||
type = lib.types.str;
|
||||
};
|
||||
|
||||
TTYPERM = lib.mkOption {
|
||||
|
@ -108,14 +119,14 @@ in
|
|||
The terminal permissions: the login tty will be owned by the TTYGROUP group,
|
||||
and the permissions will be set to TTYPERM'';
|
||||
default = "0620";
|
||||
type = str;
|
||||
type = lib.types.str;
|
||||
};
|
||||
|
||||
# Ensure privacy for newly created home directories.
|
||||
UMASK = lib.mkOption {
|
||||
description = "The file mode creation mask is initialized to this value.";
|
||||
default = "077";
|
||||
type = str;
|
||||
type = lib.types.str;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -132,107 +143,115 @@ in
|
|||
used outside the store (in particular in /etc/passwd).
|
||||
'';
|
||||
example = lib.literalExpression "pkgs.zsh";
|
||||
type = either path shellPackage;
|
||||
type = lib.types.either lib.types.path lib.types.shellPackage;
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.settings.SYS_UID_MIN <= cfg.settings.SYS_UID_MAX;
|
||||
message = "SYS_UID_MIN must be less than or equal to SYS_UID_MAX";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.UID_MIN <= cfg.settings.UID_MAX;
|
||||
message = "UID_MIN must be less than or equal to UID_MAX";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.SYS_GID_MIN <= cfg.settings.SYS_GID_MAX;
|
||||
message = "SYS_GID_MIN must be less than or equal to SYS_GID_MAX";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.GID_MIN <= cfg.settings.GID_MAX;
|
||||
message = "GID_MIN must be less than or equal to GID_MAX";
|
||||
}
|
||||
];
|
||||
config = lib.mkMerge [
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.security.shadow.enable || config.services.greetd.enable;
|
||||
message = "You must enable at least one VT login method, either security.shadow.enable or services.greetd.enable";
|
||||
}
|
||||
];
|
||||
}
|
||||
(lib.mkIf config.security.shadow.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.settings.SYS_UID_MIN <= cfg.settings.SYS_UID_MAX;
|
||||
message = "SYS_UID_MIN must be less than or equal to SYS_UID_MAX";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.UID_MIN <= cfg.settings.UID_MAX;
|
||||
message = "UID_MIN must be less than or equal to UID_MAX";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.SYS_GID_MIN <= cfg.settings.SYS_GID_MAX;
|
||||
message = "SYS_GID_MIN must be less than or equal to SYS_GID_MAX";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.GID_MIN <= cfg.settings.GID_MAX;
|
||||
message = "GID_MIN must be less than or equal to GID_MAX";
|
||||
}
|
||||
];
|
||||
|
||||
security.loginDefs.settings.CHFN_RESTRICT =
|
||||
lib.mkIf (cfg.chfnRestrict != null) cfg.chfnRestrict;
|
||||
security.loginDefs.settings.CHFN_RESTRICT = lib.mkIf (cfg.chfnRestrict != null) cfg.chfnRestrict;
|
||||
|
||||
environment.systemPackages = lib.optional config.users.mutableUsers cfg.package
|
||||
++ lib.optional (lib.types.shellPackage.check config.users.defaultUserShell) config.users.defaultUserShell
|
||||
++ lib.optional (cfg.chfnRestrict != null) pkgs.util-linux;
|
||||
environment.systemPackages = lib.optional config.users.mutableUsers cfg.package
|
||||
++ lib.optional (lib.types.shellPackage.check config.users.defaultUserShell) config.users.defaultUserShell
|
||||
++ lib.optional (cfg.chfnRestrict != null) pkgs.util-linux;
|
||||
|
||||
environment.etc =
|
||||
# Create custom toKeyValue generator
|
||||
# see https://man7.org/linux/man-pages/man5/login.defs.5.html for config specification
|
||||
let
|
||||
toKeyValue = lib.generators.toKeyValue {
|
||||
mkKeyValue = lib.generators.mkKeyValueDefault { } " ";
|
||||
environment.etc =
|
||||
# Create custom toKeyValue generator
|
||||
# see https://man7.org/linux/man-pages/man5/login.defs.5.html for config specification
|
||||
let
|
||||
toKeyValue = lib.generators.toKeyValue {
|
||||
mkKeyValue = lib.generators.mkKeyValueDefault { } " ";
|
||||
};
|
||||
in {
|
||||
# /etc/login.defs: global configuration for pwdutils.
|
||||
# You cannot login without it!
|
||||
"login.defs".source = pkgs.writeText "login.defs" (toKeyValue cfg.settings);
|
||||
|
||||
# /etc/default/useradd: configuration for useradd.
|
||||
"default/useradd".source = pkgs.writeText "useradd" ''
|
||||
GROUP=100
|
||||
HOME=/home
|
||||
SHELL=${utils.toShellPath config.users.defaultUserShell}
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
# /etc/login.defs: global configuration for pwdutils.
|
||||
# You cannot login without it!
|
||||
"login.defs".source = pkgs.writeText "login.defs" (toKeyValue cfg.settings);
|
||||
|
||||
# /etc/default/useradd: configuration for useradd.
|
||||
"default/useradd".source = pkgs.writeText "useradd" ''
|
||||
GROUP=100
|
||||
HOME=/home
|
||||
SHELL=${utils.toShellPath config.users.defaultUserShell}
|
||||
'';
|
||||
};
|
||||
|
||||
security.pam.services = {
|
||||
chsh = { rootOK = true; };
|
||||
chfn = { rootOK = true; };
|
||||
su = {
|
||||
rootOK = true;
|
||||
forwardXAuth = true;
|
||||
logFailures = true;
|
||||
};
|
||||
passwd = { };
|
||||
# Note: useradd, groupadd etc. aren't setuid root, so it
|
||||
# doesn't really matter what the PAM config says as long as it
|
||||
# lets root in.
|
||||
useradd.rootOK = true;
|
||||
usermod.rootOK = true;
|
||||
userdel.rootOK = true;
|
||||
groupadd.rootOK = true;
|
||||
groupmod.rootOK = true;
|
||||
groupmems.rootOK = true;
|
||||
groupdel.rootOK = true;
|
||||
login = {
|
||||
startSession = true;
|
||||
allowNullPassword = true;
|
||||
showMotd = true;
|
||||
updateWtmp = true;
|
||||
};
|
||||
chpasswd = { rootOK = true; };
|
||||
};
|
||||
|
||||
security.wrappers =
|
||||
let
|
||||
mkSetuidRoot = source: {
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
inherit source;
|
||||
security.pam.services = {
|
||||
chsh.rootOK = true;
|
||||
chfn.rootOK = true;
|
||||
su = {
|
||||
rootOK = true;
|
||||
forwardXAuth = true;
|
||||
logFailures = true;
|
||||
};
|
||||
in
|
||||
{
|
||||
su = mkSetuidRoot "${cfg.package.su}/bin/su";
|
||||
sg = mkSetuidRoot "${cfg.package.out}/bin/sg";
|
||||
newgrp = mkSetuidRoot "${cfg.package.out}/bin/newgrp";
|
||||
newuidmap = mkSetuidRoot "${cfg.package.out}/bin/newuidmap";
|
||||
newgidmap = mkSetuidRoot "${cfg.package.out}/bin/newgidmap";
|
||||
}
|
||||
// lib.optionalAttrs config.users.mutableUsers {
|
||||
chsh = mkSetuidRoot "${cfg.package.out}/bin/chsh";
|
||||
passwd = mkSetuidRoot "${cfg.package.out}/bin/passwd";
|
||||
passwd = { };
|
||||
# Note: useradd, groupadd etc. aren't setuid root, so it
|
||||
# doesn't really matter what the PAM config says as long as it
|
||||
# lets root in.
|
||||
useradd.rootOK = true;
|
||||
usermod.rootOK = true;
|
||||
userdel.rootOK = true;
|
||||
groupadd.rootOK = true;
|
||||
groupmod.rootOK = true;
|
||||
groupmems.rootOK = true;
|
||||
groupdel.rootOK = true;
|
||||
login = {
|
||||
startSession = true;
|
||||
allowNullPassword = true;
|
||||
showMotd = true;
|
||||
updateWtmp = true;
|
||||
};
|
||||
chpasswd.rootOK = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.wrappers =
|
||||
let
|
||||
mkSetuidRoot = source: {
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
inherit source;
|
||||
};
|
||||
in
|
||||
{
|
||||
su = mkSetuidRoot "${cfg.package.su}/bin/su";
|
||||
sg = mkSetuidRoot "${cfg.package.out}/bin/sg";
|
||||
newgrp = mkSetuidRoot "${cfg.package.out}/bin/newgrp";
|
||||
newuidmap = mkSetuidRoot "${cfg.package.out}/bin/newuidmap";
|
||||
newgidmap = mkSetuidRoot "${cfg.package.out}/bin/newgidmap";
|
||||
}
|
||||
// lib.optionalAttrs config.users.mutableUsers {
|
||||
chsh = mkSetuidRoot "${cfg.package.out}/bin/chsh";
|
||||
passwd = mkSetuidRoot "${cfg.package.out}/bin/passwd";
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -50,7 +50,7 @@ in {
|
|||
}) // (prev.extraEnv or {});
|
||||
extraLibraries = pkgs: let
|
||||
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
|
||||
additionalLibs = with config.hardware.opengl;
|
||||
additionalLibs = with config.hardware.graphics;
|
||||
if pkgs.stdenv.hostPlatform.is64bit
|
||||
then [ package ] ++ extraPackages
|
||||
else [ package32 ] ++ extraPackages32;
|
||||
|
@ -176,10 +176,9 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
hardware.opengl = { # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932
|
||||
hardware.graphics = { # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
enable32Bit = true;
|
||||
};
|
||||
|
||||
security.wrappers = lib.mkIf (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
|
||||
|
|
|
@ -17,7 +17,7 @@ in
|
|||
Whether to set up NixOS such that TurboVNC's built-in software OpenGL
|
||||
implementation works.
|
||||
|
||||
This will enable {option}`hardware.opengl.enable` so that OpenGL
|
||||
This will enable {option}`hardware.graphics.enable` so that OpenGL
|
||||
programs can find Mesa's llvmpipe drivers.
|
||||
|
||||
Setting this option to `false` does not mean that software
|
||||
|
@ -46,7 +46,7 @@ in
|
|||
# can find the llvmpipe `swrast.so` software rendering DRI lib via `libglvnd`.
|
||||
# This comment exists to explain why `hardware.` is involved,
|
||||
# even though 100% software rendering is used.
|
||||
hardware.opengl.enable = true;
|
||||
hardware.graphics.enable = true;
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -56,6 +56,7 @@ in
|
|||
services.displayManager.sessionPackages = [ cfg.package ];
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = [ cfg.portalPackage ];
|
||||
configPackages = lib.mkDefault [ cfg.package ];
|
||||
};
|
||||
|
@ -70,7 +71,7 @@ in
|
|||
(import ./wayland-session.nix {
|
||||
inherit lib pkgs;
|
||||
enableXWayland = cfg.xwayland.enable;
|
||||
enableWlrPortal = false; # Hyprland has its own portal, wlr is not needed
|
||||
enableWlrPortal = lib.mkDefault false; # Hyprland has its own portal, wlr is not needed
|
||||
})
|
||||
]);
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
pam.services.swaylock = {};
|
||||
};
|
||||
|
||||
hardware.opengl.enable = lib.mkDefault true;
|
||||
hardware.graphics.enable = lib.mkDefault true;
|
||||
fonts.enableDefaultPackages = lib.mkDefault true;
|
||||
|
||||
programs = {
|
||||
|
|
|
@ -14,23 +14,32 @@ in
|
|||
|
||||
options.programs.ydotool = {
|
||||
enable = lib.mkEnableOption ''
|
||||
ydotoold system service and install ydotool.
|
||||
Add yourself to the 'ydotool' group to be able to use it.
|
||||
ydotoold system service and {command}`ydotool` for members of
|
||||
{option}`programs.ydotool.group`.
|
||||
'';
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "ydotool";
|
||||
description = ''
|
||||
Group which users must be in to use {command}`ydotool`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.groups.ydotool = { };
|
||||
config = let
|
||||
runtimeDirectory = "ydotoold";
|
||||
in lib.mkIf cfg.enable {
|
||||
users.groups."${config.programs.ydotool.group}" = { };
|
||||
|
||||
systemd.services.ydotoold = {
|
||||
description = "ydotoold - backend for ydotool";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
partOf = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Group = "ydotool";
|
||||
RuntimeDirectory = "ydotoold";
|
||||
Group = config.programs.ydotool.group;
|
||||
RuntimeDirectory = runtimeDirectory;
|
||||
RuntimeDirectoryMode = "0750";
|
||||
ExecStart = "${lib.getExe' pkgs.ydotool "ydotoold"} --socket-path=/run/ydotoold/socket --socket-perm=0660";
|
||||
ExecStart = "${lib.getExe' pkgs.ydotool "ydotoold"} --socket-path=${config.environment.variables.YDOTOOL_SOCKET} --socket-perm=0660";
|
||||
|
||||
# hardening
|
||||
|
||||
|
@ -76,7 +85,7 @@ in
|
|||
};
|
||||
|
||||
environment.variables = {
|
||||
YDOTOOL_SOCKET = "/run/ydotoold/socket";
|
||||
YDOTOOL_SOCKET = "/run/${runtimeDirectory}/socket";
|
||||
};
|
||||
environment.systemPackages = with pkgs; [ ydotool ];
|
||||
};
|
||||
|
|
|
@ -77,8 +77,22 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
config = {
|
||||
assertions = mkIf (cfg.enable || config.services.kerberos_server.enable) [(let
|
||||
implementation = cfg.package.passthru.implementation or "<NOT SET>";
|
||||
in {
|
||||
assertion = lib.elem implementation [ "krb5" "heimdal" ];
|
||||
message = ''
|
||||
`security.krb5.package` must be one of:
|
||||
|
||||
- krb5
|
||||
- heimdal
|
||||
|
||||
Currently chosen implementation: ${implementation}
|
||||
'';
|
||||
})];
|
||||
|
||||
environment = mkIf cfg.enable {
|
||||
systemPackages = [ cfg.package ];
|
||||
etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
|
||||
};
|
||||
|
|
|
@ -7,17 +7,61 @@
|
|||
let
|
||||
inherit (lib) boolToString concatMapStringsSep concatStringsSep filter
|
||||
isAttrs isBool isList mapAttrsToList mkOption singleton splitString;
|
||||
inherit (lib.types) attrsOf bool coercedTo either int listOf oneOf path
|
||||
str submodule;
|
||||
inherit (lib.types) attrsOf bool coercedTo either enum int listOf oneOf
|
||||
path str submodule;
|
||||
in
|
||||
{ }: {
|
||||
type = let
|
||||
section = attrsOf relation;
|
||||
relation = either (attrsOf value) value;
|
||||
{
|
||||
enableKdcACLEntries ? false
|
||||
}: rec {
|
||||
sectionType = let
|
||||
relation = oneOf [
|
||||
(listOf (attrsOf value))
|
||||
(attrsOf value)
|
||||
value
|
||||
];
|
||||
value = either (listOf atom) atom;
|
||||
atom = oneOf [int str bool];
|
||||
in attrsOf relation;
|
||||
|
||||
type = let
|
||||
aclEntry = submodule {
|
||||
options = {
|
||||
principal = mkOption {
|
||||
type = str;
|
||||
description = "Which principal the rule applies to";
|
||||
};
|
||||
access = mkOption {
|
||||
type = either
|
||||
(listOf (enum ["add" "cpw" "delete" "get" "list" "modify"]))
|
||||
(enum ["all"]);
|
||||
default = "all";
|
||||
description = "The changes the principal is allowed to make.";
|
||||
};
|
||||
target = mkOption {
|
||||
type = str;
|
||||
default = "*";
|
||||
description = "The principals that 'access' applies to.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
realm = submodule ({ name, ... }: {
|
||||
freeformType = sectionType;
|
||||
options = {
|
||||
acl = mkOption {
|
||||
type = listOf aclEntry;
|
||||
default = [
|
||||
{ principal = "*/admin"; access = "all"; }
|
||||
{ principal = "admin"; access = "all"; }
|
||||
];
|
||||
description = ''
|
||||
The privileges granted to a user.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
in submodule {
|
||||
freeformType = attrsOf section;
|
||||
freeformType = attrsOf sectionType;
|
||||
options = {
|
||||
include = mkOption {
|
||||
default = [ ];
|
||||
|
@ -40,7 +84,17 @@ in
|
|||
'';
|
||||
type = coercedTo path singleton (listOf path);
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
//
|
||||
(lib.optionalAttrs enableKdcACLEntries {
|
||||
realms = mkOption {
|
||||
type = attrsOf realm;
|
||||
description = ''
|
||||
The realm(s) to serve keys for.
|
||||
'';
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
generate = let
|
||||
|
@ -71,6 +125,9 @@ in
|
|||
${name} = {
|
||||
${indent (concatStringsSep "\n" (mapAttrsToList formatValue relation))}
|
||||
}''
|
||||
else if isList relation
|
||||
then
|
||||
concatMapStringsSep "\n" (formatRelation name) relation
|
||||
else formatValue name relation;
|
||||
|
||||
formatValue = name: value:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
let
|
||||
cfg = config.services.docuum;
|
||||
inherit (lib) mkIf mkEnableOption mkOption getExe types;
|
||||
inherit (lib) mkIf mkEnableOption mkOption getExe types optionals concatMap;
|
||||
in
|
||||
{
|
||||
options.services.docuum = {
|
||||
|
@ -14,6 +14,27 @@ in
|
|||
default = "10 GB";
|
||||
example = "50%";
|
||||
};
|
||||
|
||||
minAge = mkOption {
|
||||
description = "Sets the minimum age of images to be considered for deletion.";
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "1d";
|
||||
};
|
||||
|
||||
keep = mkOption {
|
||||
description = "Prevents deletion of images for which repository:tag matches the specified regex.";
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "^my-image" ];
|
||||
};
|
||||
|
||||
deletionChunkSize = mkOption {
|
||||
description = "Removes specified quantity of images at a time.";
|
||||
type = types.int;
|
||||
default = 1;
|
||||
example = 10;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -35,10 +56,13 @@ in
|
|||
DynamicUser = true;
|
||||
StateDirectory = "docuum";
|
||||
SupplementaryGroups = [ "docker" ];
|
||||
ExecStart = utils.escapeSystemdExecArgs [
|
||||
ExecStart = utils.escapeSystemdExecArgs ([
|
||||
(getExe pkgs.docuum)
|
||||
"--threshold" cfg.threshold
|
||||
];
|
||||
"--deletion-chunk-size" cfg.deletionChunkSize
|
||||
] ++ (concatMap (keep: [ "--keep" keep ]) cfg.keep)
|
||||
++ (optionals (cfg.minAge != null) [ "--min-age" cfg.minAge ])
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -106,7 +106,8 @@ in
|
|||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = "${pkgs.coreutils}/bin/mkdir -p /var/lib/alsa";
|
||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/alsa";
|
||||
ExecStart = "${alsa-utils}/sbin/alsactl restore --ignore";
|
||||
ExecStop = "${alsa-utils}/sbin/alsactl store --ignore";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -157,5 +157,5 @@ in
|
|||
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.Port ];
|
||||
};
|
||||
meta.maintainers = with maintainers; [ nu-nu-ko ];
|
||||
meta.maintainers = with maintainers; [ fsnkty ];
|
||||
}
|
||||
|
|
|
@ -244,6 +244,27 @@ The upgrade process is:
|
|||
$ ./delete_old_cluster.sh
|
||||
```
|
||||
|
||||
## Versioning and End-of-Life {#module-services-postgres-versioning}
|
||||
|
||||
PostgreSQL's versioning policy is described [here](https://www.postgresql.org/support/versioning/). TLDR:
|
||||
|
||||
- Each major version is supported for 5 years.
|
||||
- Every three months there will be a new minor release, containing bug and security fixes.
|
||||
- For criticial/security fixes there could be more minor releases inbetween. This happens *very* infrequently.
|
||||
- After five years, a final minor version is released. This usually happens in early November.
|
||||
- After that a version is considered end-of-life (EOL).
|
||||
- Around February each year is the first time an EOL-release will not have received regular updates anymore.
|
||||
|
||||
Technically, we'd not want to have EOL'ed packages in a stable NixOS release, which is to be supported until one month after the previous release. Thus, with NixOS' release schedule in May and November, the oldest PostgreSQL version in nixpkgs would have to be supported until December. It could be argued that a soon-to-be-EOL-ed version should thus be removed in May for the .05 release already. But since new security vulnerabilities are first disclosed in Februrary of the following year, we agreed on keeping the oldest PostgreSQL major version around one more cycle in [#310580](https://github.com/NixOS/nixpkgs/pull/310580#discussion_r1597284693).
|
||||
|
||||
Thus:
|
||||
- In September/October the new major version will be released and added to nixos-unstable.
|
||||
- In November the last minor version for the oldest major will be released.
|
||||
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor.
|
||||
- In November, before branch-off for the .11 release, the EOL-ed major will be removed from nixos-unstable.
|
||||
|
||||
This leaves a small gap of a couple of weeks after the latest minor release and the end of our support window for the .05 release, in which there could be an emergency release to other major versions of PostgreSQL - but not the oldest major we have in that branch. In that case: If we can't trivially patch the issue, we will mark the package/version as insecure **immediately**.
|
||||
|
||||
## Options {#module-services-postgres-options}
|
||||
|
||||
A complete list of options for the PostgreSQL module may be found [here](#opt-services.postgresql.enable).
|
||||
|
|
|
@ -22,6 +22,7 @@ in {
|
|||
libusermetrics
|
||||
lomiri
|
||||
lomiri-download-manager
|
||||
lomiri-filemanager-app
|
||||
lomiri-schemas # exposes some required dbus interfaces
|
||||
lomiri-session # wrappers to properly launch the session
|
||||
lomiri-sounds
|
||||
|
@ -36,6 +37,10 @@ in {
|
|||
suru-icon-theme
|
||||
# telephony-service # currently broken: https://github.com/NixOS/nixpkgs/pull/314043
|
||||
]);
|
||||
variables = {
|
||||
# To override the keyboard layouts in Lomiri
|
||||
NIXOS_XKB_LAYOUTS = config.services.xserver.xkb.layout;
|
||||
};
|
||||
};
|
||||
|
||||
hardware.pulseaudio.enable = lib.mkDefault true;
|
||||
|
@ -58,7 +63,7 @@ in {
|
|||
];
|
||||
|
||||
# Copy-pasted basic stuff
|
||||
hardware.opengl.enable = lib.mkDefault true;
|
||||
hardware.graphics.enable = lib.mkDefault true;
|
||||
fonts.enableDefaultPackages = lib.mkDefault true;
|
||||
programs.dconf.enable = lib.mkDefault true;
|
||||
|
||||
|
|
|
@ -146,6 +146,7 @@ in {
|
|||
dolphin-plugins
|
||||
spectacle
|
||||
ffmpegthumbs
|
||||
krdp
|
||||
];
|
||||
in
|
||||
requiredPackages
|
||||
|
@ -202,7 +203,7 @@ in {
|
|||
environment.sessionVariables.KPACKAGE_DEP_RESOLVERS_PATH = "${kdePackages.frameworkintegration.out}/libexec/kf6/kpackagehandlers";
|
||||
|
||||
# Enable GTK applications to load SVG icons
|
||||
services.xserver.gdk-pixbuf.modulePackages = [pkgs.librsvg];
|
||||
programs.gdk-pixbuf.modulePackages = [pkgs.librsvg];
|
||||
|
||||
fonts.packages = [cfg.notoPackage pkgs.hack-font];
|
||||
fonts.fontconfig.defaultFonts = {
|
||||
|
|
|
@ -15,7 +15,6 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.espanso.package = mkIf cfg.wayland pkgs.espanso-wayland;
|
||||
systemd.user.services.espanso = {
|
||||
description = "Espanso daemon";
|
||||
serviceConfig = {
|
||||
|
|
|
@ -212,9 +212,7 @@ in
|
|||
after = [ "acpid.service" "systemd-logind.service" "systemd-user-sessions.service" ];
|
||||
restartIfChanged = false;
|
||||
|
||||
environment = lib.optionalAttrs config.hardware.opengl.setLdLibraryPath {
|
||||
LD_LIBRARY_PATH = lib.makeLibraryPath [ pkgs.addOpenGLRunpath.driverLink ];
|
||||
} // cfg.environment;
|
||||
environment = cfg.environment;
|
||||
|
||||
preStart = cfg.preStart;
|
||||
script = lib.mkIf (config.systemd.services.display-manager.enable == true) cfg.execCmd;
|
||||
|
|
|
@ -196,7 +196,7 @@ in
|
|||
Group = "archisteamfarm";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
Type = "simple";
|
||||
ExecStart = "${lib.getExe cfg.package} --no-restart --process-required --service --system-required --path ${cfg.dataDir}";
|
||||
ExecStart = "${lib.getExe cfg.package} --no-restart --service --system-required --path ${cfg.dataDir}";
|
||||
Restart = "always";
|
||||
|
||||
# copied from the default systemd service at
|
||||
|
|
43
third_party/nixpkgs/nixos/modules/services/hardware/amdgpu.nix
vendored
Normal file
43
third_party/nixpkgs/nixos/modules/services/hardware/amdgpu.nix
vendored
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.hardware.amdgpu;
|
||||
in {
|
||||
options.hardware.amdgpu = {
|
||||
legacySupport.enable = lib.mkEnableOption ''
|
||||
using `amdgpu` kernel driver instead of `radeon` for Southern Islands
|
||||
(Radeon HD 7000) series and Sea Islands (Radeon HD 8000)
|
||||
series cards. Note: this removes support for analog video outputs,
|
||||
which is only available in the `radeon` driver
|
||||
'';
|
||||
initrd.enable = lib.mkEnableOption ''
|
||||
loading `amdgpu` kernelModule in stage 1.
|
||||
Can fix lower resolution in boot screen during initramfs phase
|
||||
'';
|
||||
opencl.enable = lib.mkEnableOption ''OpenCL support using ROCM runtime library'';
|
||||
# cfg.amdvlk option is defined in ./amdvlk.nix module
|
||||
};
|
||||
|
||||
config = {
|
||||
boot.kernelParams = lib.optionals cfg.legacySupport.enable [
|
||||
"amdgpu.si_support=1"
|
||||
"amdgpu.cik_support=1"
|
||||
"radeon.si_support=0"
|
||||
"radeon.cik_support=0"
|
||||
];
|
||||
|
||||
boot.initrd.kernelModules = lib.optionals cfg.initrd.enable [ "amdgpu" ];
|
||||
|
||||
hardware.opengl = lib.mkIf cfg.opencl.enable {
|
||||
enable = lib.mkDefault true;
|
||||
extraPackages = [
|
||||
pkgs.rocmPackages.clr
|
||||
pkgs.rocmPackages.clr.icd
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ johnrtitor ];
|
||||
};
|
||||
}
|
59
third_party/nixpkgs/nixos/modules/services/hardware/amdvlk.nix
vendored
Normal file
59
third_party/nixpkgs/nixos/modules/services/hardware/amdvlk.nix
vendored
Normal file
|
@ -0,0 +1,59 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.hardware.amdgpu.amdvlk;
|
||||
in {
|
||||
options.hardware.amdgpu.amdvlk = {
|
||||
enable = lib.mkEnableOption "AMDVLK Vulkan driver";
|
||||
|
||||
package = lib.mkPackageOption pkgs "amdvlk" { };
|
||||
|
||||
supportExperimental.enable = lib.mkEnableOption "Experimental features support";
|
||||
|
||||
support32Bit.enable = lib.mkEnableOption "32-bit driver support";
|
||||
support32Bit.package = lib.mkPackageOption pkgs [ "driversi686Linux" "amdvlk" ] { };
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = with lib.types; attrsOf (either str int);
|
||||
default = { };
|
||||
example = {
|
||||
AllowVkPipelineCachingToDisk = 1;
|
||||
ShaderCacheMode = 1;
|
||||
IFH = 0;
|
||||
EnableVmAlwaysValid = 1;
|
||||
IdleAfterSubmitGpuMask = 1;
|
||||
};
|
||||
description = ''
|
||||
Runtime settings for AMDVLK to be configured {file}`/etc/amd/amdVulkanSettings.cfg`.
|
||||
See [AMDVLK GitHub page](https://github.com/GPUOpen-Drivers/AMDVLK?tab=readme-ov-file#runtime-settings).
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
extraPackages = [ cfg.package ];
|
||||
extraPackages32 = [ cfg.support32Bit.package ];
|
||||
};
|
||||
|
||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
|
||||
environment.sessionVariables = lib.mkIf cfg.supportExperimental.enable {
|
||||
AMDVLK_ENABLE_DEVELOPING_EXT = "all";
|
||||
};
|
||||
|
||||
environment.etc = lib.mkIf (cfg.settings != { }) {
|
||||
"amd/amdVulkanSettings.cfg".text = lib.concatStrings
|
||||
(lib.mapAttrsToList
|
||||
(n: v: ''
|
||||
${n},${builtins.toString v}
|
||||
'')
|
||||
cfg.settings);
|
||||
};
|
||||
};
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ johnrtitor ];
|
||||
};
|
||||
}
|
|
@ -39,6 +39,12 @@ in
|
|||
which conflicts with services.tlp.enable = true;
|
||||
'';
|
||||
}
|
||||
{ assertion = !config.services.auto-cpufreq.enable;
|
||||
message = ''
|
||||
You have set services.power-profiles-daemon.enable = true;
|
||||
which conflicts with services.auto-cpufreq.enable = true;
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
|
|
@ -56,6 +56,8 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
package = mkPackageOption pkgs "journalwatch" { };
|
||||
|
||||
priority = mkOption {
|
||||
type = types.int;
|
||||
default = 6;
|
||||
|
@ -240,7 +242,7 @@ in {
|
|||
# requires a relative directory name to create beneath /var/lib
|
||||
StateDirectory = user;
|
||||
StateDirectoryMode = "0750";
|
||||
ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail";
|
||||
ExecStart = "${getExe cfg.package} mail";
|
||||
# lowest CPU and IO priority, but both still in best-effort class to prevent starvation
|
||||
Nice=19;
|
||||
IOSchedulingPriority=7;
|
||||
|
|
|
@ -120,14 +120,9 @@ in {
|
|||
if [ ! -e "${cfg.secretsFile}" ]; then
|
||||
echo "WARNING: secrets file not found, autogenerating!"
|
||||
DIR="$(dirname "${cfg.secretsFile}")"
|
||||
if [ ! -d "$DIR" ]; then
|
||||
mkdir -p -m750 "$DIR"
|
||||
chown "${cfg.user}:${cfg.group}" "$DIR"
|
||||
fi
|
||||
dd if=/dev/random bs=18 count=1 | base64 > "${cfg.secretsFile}"
|
||||
chmod 600 "${cfg.secretsFile}"
|
||||
install -m 750 -o ${cfg.user} -g ${cfg.group} -d "$DIR"
|
||||
install -m 600 -o ${cfg.user} -g ${cfg.group} <(dd if=/dev/random bs=18 count=1 | base64) "${cfg.secretsFile}"
|
||||
fi
|
||||
chown "${cfg.user}:${cfg.group}" "${cfg.secretsFile}"
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -455,7 +455,7 @@ in
|
|||
after = [ "public-inbox-init.service" "public-inbox-watch.service" ];
|
||||
requires = [ "public-inbox-init.service" ];
|
||||
serviceConfig = {
|
||||
BindPathsReadOnly =
|
||||
BindReadOnlyPaths =
|
||||
map (c: c.dir) (lib.attrValues cfg.settings.coderepo);
|
||||
ExecStart = escapeShellArgs (
|
||||
[ "${cfg.package}/bin/public-inbox-httpd" ] ++
|
||||
|
|
|
@ -1121,7 +1121,7 @@ in {
|
|||
The client listener on matrix-synapse is configured to use UNIX domain sockets.
|
||||
This configuration is incompatible with the `register_new_matrix_user` script.
|
||||
|
||||
Disable `services.mastrix-synapse.enableRegistrationScript` to continue.
|
||||
Disable `services.matrix-synapse.enableRegistrationScript` to continue.
|
||||
'';
|
||||
}
|
||||
]
|
||||
|
|
|
@ -28,13 +28,7 @@ in {
|
|||
|
||||
options.services.amazon-ssm-agent = {
|
||||
enable = mkEnableOption "Amazon SSM agent";
|
||||
|
||||
package = mkOption {
|
||||
type = types.path;
|
||||
description = "The Amazon SSM agent package to use";
|
||||
default = pkgs.amazon-ssm-agent.override { overrideEtc = false; };
|
||||
defaultText = literalExpression "pkgs.amazon-ssm-agent.override { overrideEtc = false; }";
|
||||
};
|
||||
package = mkPackageOption pkgs "amazon-ssm-agent" {};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
|
|
@ -52,7 +52,7 @@ following options:
|
|||
|
||||
```nix
|
||||
{
|
||||
services.anki-sync-server.host = "0.0.0.0";
|
||||
services.anki-sync-server.address = "0.0.0.0";
|
||||
services.anki-sync-server.openFirewall = true;
|
||||
}
|
||||
```
|
||||
|
|
|
@ -38,7 +38,7 @@ in
|
|||
|
||||
fonts.enableDefaultPackages = lib.mkDefault true;
|
||||
|
||||
hardware.opengl.enable = lib.mkDefault true;
|
||||
hardware.graphics.enable = lib.mkDefault true;
|
||||
|
||||
programs.gnupg.agent.pinentryPackage = lib.mkOverride 1100 pkgs.pinentry-gnome3;
|
||||
|
||||
|
|
|
@ -160,5 +160,5 @@ in
|
|||
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ minijackson nu-nu-ko ];
|
||||
meta.maintainers = with maintainers; [ minijackson fsnkty ];
|
||||
}
|
||||
|
|
|
@ -125,6 +125,7 @@ in {
|
|||
options = {
|
||||
services.mqtt2influxdb = {
|
||||
enable = mkEnableOption "BigClown MQTT to InfluxDB bridge.";
|
||||
package = mkPackageOption pkgs ["python3Packages" "mqtt2influxdb"] {};
|
||||
environmentFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
|
@ -245,7 +246,7 @@ in {
|
|||
'';
|
||||
serviceConfig = {
|
||||
EnvironmentFile = cfg.environmentFiles;
|
||||
ExecStart = "${cfg.package}/bin/mqtt2influxdb -dc ${finalConfig}";
|
||||
ExecStart = "${lib.getExe cfg.package} -dc ${finalConfig}";
|
||||
RuntimeDirectory = "mqtt2influxdb";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -77,6 +77,8 @@ in
|
|||
environment = {
|
||||
STATIC_DIR = ".";
|
||||
DATA_DIR = ".";
|
||||
HF_HOME = ".";
|
||||
SENTENCE_TRANSFORMERS_HOME = ".";
|
||||
} // cfg.environment;
|
||||
|
||||
serviceConfig = {
|
||||
|
|
142
third_party/nixpkgs/nixos/modules/services/misc/pghero.nix
vendored
Normal file
142
third_party/nixpkgs/nixos/modules/services/misc/pghero.nix
vendored
Normal file
|
@ -0,0 +1,142 @@
|
|||
{ config, pkgs, lib, utils, ... }:
|
||||
let
|
||||
cfg = config.services.pghero;
|
||||
settingsFormat = pkgs.formats.yaml { };
|
||||
settingsFile = settingsFormat.generate "pghero.yaml" cfg.settings;
|
||||
in
|
||||
{
|
||||
options.services.pghero = {
|
||||
enable = lib.mkEnableOption "PgHero service";
|
||||
package = lib.mkPackageOption pkgs "pghero" { };
|
||||
|
||||
listenAddress = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "[::1]:3000";
|
||||
description = ''
|
||||
`hostname:port` to listen for HTTP traffic.
|
||||
|
||||
This is bound using the systemd socket activation.
|
||||
'';
|
||||
};
|
||||
|
||||
extraArgs = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Additional command-line arguments for the systemd service.
|
||||
|
||||
Refer to the [Puma web server documentation] for available arguments.
|
||||
|
||||
[Puma web server documentation]: https://puma.io/puma#configuration
|
||||
'';
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = settingsFormat.type;
|
||||
default = { };
|
||||
example = {
|
||||
databases = {
|
||||
primary = {
|
||||
url = "<%= ENV['PRIMARY_DATABASE_URL'] %>";
|
||||
};
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
PgHero configuration. Refer to the [PgHero documentation] for more
|
||||
details.
|
||||
|
||||
[PgHero documentation]: https://github.com/ankane/pghero/blob/master/guides/Linux.md#multiple-databases
|
||||
'';
|
||||
};
|
||||
|
||||
environment = lib.mkOption {
|
||||
type = lib.types.attrsOf lib.types.str;
|
||||
default = { };
|
||||
description = ''
|
||||
Environment variables to set for the service. Secrets should be
|
||||
specified using {option}`environmentFile`.
|
||||
'';
|
||||
};
|
||||
|
||||
environmentFiles = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
File to load environment variables from. Loaded variables override
|
||||
values set in {option}`environment`.
|
||||
'';
|
||||
};
|
||||
|
||||
extraGroups = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
example = [ "tlskeys" ];
|
||||
description = ''
|
||||
Additional groups for the systemd service.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.sockets.pghero = {
|
||||
unitConfig.Description = "PgHero HTTP socket";
|
||||
wantedBy = [ "sockets.target" ];
|
||||
listenStreams = [ cfg.listenAddress ];
|
||||
};
|
||||
|
||||
systemd.services.pghero = {
|
||||
description = "PgHero performance dashboard for PostgreSQL";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "pghero.socket" ];
|
||||
after = [ "pghero.socket" "network.target" ];
|
||||
|
||||
environment = {
|
||||
RAILS_ENV = "production";
|
||||
PGHERO_CONFIG_PATH = settingsFile;
|
||||
} // cfg.environment;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
WatchdogSec = "10";
|
||||
|
||||
ExecStart = utils.escapeSystemdExecArgs ([
|
||||
(lib.getExe cfg.package)
|
||||
"--bind-to-activated-sockets"
|
||||
"only"
|
||||
] ++ cfg.extraArgs);
|
||||
Restart = "always";
|
||||
|
||||
WorkingDirectory = "${cfg.package}/share/pghero";
|
||||
|
||||
EnvironmentFile = cfg.environmentFiles;
|
||||
SupplementaryGroups = cfg.extraGroups;
|
||||
|
||||
DynamicUser = true;
|
||||
UMask = "0077";
|
||||
|
||||
ProtectHome = true;
|
||||
ProtectProc = "invisible";
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectHostname = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
PrivateUsers = true;
|
||||
PrivateDevices = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
|
||||
DeviceAllow = [ "" ];
|
||||
DevicePolicy = "closed";
|
||||
CapabilityBoundingSet = [ "" ];
|
||||
MemoryDenyWriteExecute = true;
|
||||
LockPersonality = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
SystemCallFilter = [ "@system-service" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
153
third_party/nixpkgs/nixos/modules/services/misc/renovate.nix
vendored
Normal file
153
third_party/nixpkgs/nixos/modules/services/misc/renovate.nix
vendored
Normal file
|
@ -0,0 +1,153 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib)
|
||||
mkEnableOption
|
||||
mkPackageOption
|
||||
mkOption
|
||||
types
|
||||
mkIf
|
||||
;
|
||||
json = pkgs.formats.json { };
|
||||
cfg = config.services.renovate;
|
||||
generateValidatedConfig =
|
||||
name: value:
|
||||
pkgs.callPackage (
|
||||
{ runCommand, jq }:
|
||||
runCommand name
|
||||
{
|
||||
nativeBuildInputs = [
|
||||
jq
|
||||
cfg.package
|
||||
];
|
||||
value = builtins.toJSON value;
|
||||
passAsFile = [ "value" ];
|
||||
preferLocalBuild = true;
|
||||
}
|
||||
''
|
||||
jq . "$valuePath"> $out
|
||||
renovate-config-validator $out
|
||||
''
|
||||
) { };
|
||||
generateConfig = if cfg.validateSettings then generateValidatedConfig else json.generate;
|
||||
in
|
||||
{
|
||||
meta.maintainers = with lib.maintainers; [ marie natsukium ];
|
||||
|
||||
options.services.renovate = {
|
||||
enable = mkEnableOption "renovate";
|
||||
package = mkPackageOption pkgs "renovate" { };
|
||||
schedule = mkOption {
|
||||
type = with types; nullOr str;
|
||||
description = "How often to run renovate. See {manpage}`systemd.time(7)` for the format.";
|
||||
example = "*:0/10";
|
||||
default = null;
|
||||
};
|
||||
credentials = mkOption {
|
||||
type = with types; attrsOf path;
|
||||
description = ''
|
||||
Allows configuring environment variable credentials for renovate, read from files.
|
||||
This should always be used for passing confidential data to renovate.
|
||||
'';
|
||||
example = {
|
||||
RENOVATE_TOKEN = "/etc/renovate/token";
|
||||
};
|
||||
default = { };
|
||||
};
|
||||
runtimePackages = mkOption {
|
||||
type = with types; listOf package;
|
||||
description = "Packages available to renovate.";
|
||||
default = [ ];
|
||||
};
|
||||
validateSettings = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Weither to run renovate's config validator on the built configuration.";
|
||||
};
|
||||
settings = mkOption {
|
||||
type = json.type;
|
||||
default = { };
|
||||
example = {
|
||||
platform = "gitea";
|
||||
endpoint = "https://git.example.com";
|
||||
gitAuthor = "Renovate <renovate@example.com>";
|
||||
};
|
||||
description = ''
|
||||
Renovate's global configuration.
|
||||
If you want to pass secrets to renovate, please use {option}`services.renovate.credentials` for that.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.renovate.settings = {
|
||||
cacheDir = "/var/cache/renovate";
|
||||
baseDir = "/var/lib/renovate";
|
||||
};
|
||||
|
||||
systemd.services.renovate = {
|
||||
description = "Renovate dependency updater";
|
||||
documentation = [ "https://docs.renovatebot.com/" ];
|
||||
after = [ "network.target" ];
|
||||
startAt = lib.optional (cfg.schedule != null) cfg.schedule;
|
||||
path = [
|
||||
config.systemd.package
|
||||
pkgs.git
|
||||
] ++ cfg.runtimePackages;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "renovate";
|
||||
Group = "renovate";
|
||||
DynamicUser = true;
|
||||
LoadCredential = lib.mapAttrsToList (name: value: "SECRET-${name}:${value}") cfg.credentials;
|
||||
RemainAfterExit = false;
|
||||
Restart = "on-failure";
|
||||
CacheDirectory = "renovate";
|
||||
StateDirectory = "renovate";
|
||||
|
||||
# Hardening
|
||||
CapabilityBoundingSet = [ "" ];
|
||||
DeviceAllow = [ "" ];
|
||||
LockPersonality = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
SystemCallArchitectures = "native";
|
||||
UMask = "0077";
|
||||
};
|
||||
|
||||
script = ''
|
||||
${lib.concatStringsSep "\n" (
|
||||
builtins.map (name: "export ${name}=$(systemd-creds cat 'SECRET-${name}')") (
|
||||
lib.attrNames cfg.credentials
|
||||
)
|
||||
)}
|
||||
exec ${lib.escapeShellArg (lib.getExe cfg.package)}
|
||||
'';
|
||||
|
||||
environment = {
|
||||
RENOVATE_CONFIG_FILE = generateConfig "renovate-config.json" cfg.settings;
|
||||
HOME = "/var/lib/renovate";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -235,7 +235,7 @@ in
|
|||
timerConfig.OnUnitActiveSec = cfg.cleanupInterval;
|
||||
};
|
||||
|
||||
systemd.services.snapper-boot = lib.optionalAttrs cfg.snapshotRootOnBoot {
|
||||
systemd.services.snapper-boot = lib.mkIf cfg.snapshotRootOnBoot {
|
||||
description = "Take snapper snapshot of root on boot";
|
||||
inherit documentation;
|
||||
serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot";
|
||||
|
|
80
third_party/nixpkgs/nixos/modules/services/monitoring/alloy.nix
vendored
Normal file
80
third_party/nixpkgs/nixos/modules/services/monitoring/alloy.nix
vendored
Normal file
|
@ -0,0 +1,80 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.alloy;
|
||||
in
|
||||
{
|
||||
meta = {
|
||||
maintainers = with maintainers; [ flokli hbjydev ];
|
||||
};
|
||||
|
||||
options.services.alloy = {
|
||||
enable = mkEnableOption "Grafana Alloy";
|
||||
|
||||
package = mkPackageOption pkgs "grafana-alloy" { };
|
||||
|
||||
configPath = mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/etc/alloy";
|
||||
description = ''
|
||||
Alloy configuration file/directory path.
|
||||
|
||||
We default to `/etc/alloy` here, and expect the user to configure a
|
||||
configuration file via `environment.etc."alloy/config.alloy"`.
|
||||
|
||||
This allows config reload, contrary to specifying a store path.
|
||||
A `reloadTrigger` for `config.alloy` is configured.
|
||||
|
||||
Other `*.alloy` files in the same directory (ignoring subdirs) are also
|
||||
honored, but it's necessary to manually extend
|
||||
`systemd.services.alloy.reloadTriggers` to enable config reload
|
||||
during nixos-rebuild switch.
|
||||
|
||||
This can also point to another directory containing `*.alloy` files, or
|
||||
a single Alloy file in the Nix store (at the cost of reload).
|
||||
|
||||
Component names must be unique across all Alloy configuration files, and
|
||||
configuration blocks must not be repeated.
|
||||
|
||||
Alloy will continue to run if subsequent reloads of the configuration
|
||||
file fail, potentially marking components as unhealthy depending on
|
||||
the nature of the failure. When this happens, Alloy will continue
|
||||
functioning in the last valid state.
|
||||
'';
|
||||
};
|
||||
|
||||
extraFlags = mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
default = [ ];
|
||||
example = [ "--server.http.listen-addr=127.0.0.1:12346" "--disable-reporting" ];
|
||||
description = ''
|
||||
Extra command-line flags passed to {command}`alloy run`.
|
||||
|
||||
See <https://grafana.com/docs/alloy/latest/reference/cli/run/>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.alloy = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
reloadTriggers = [ config.environment.etc."alloy/config.alloy".source or null ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
DynamicUser = true;
|
||||
RestartSec = 2;
|
||||
SupplementaryGroups = [
|
||||
# allow to read the systemd journal for loki log forwarding
|
||||
"systemd-journal"
|
||||
];
|
||||
ExecStart = "${lib.getExe cfg.package} run ${cfg.configPath} ${escapeShellArgs cfg.extraFlags}";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
|
||||
ConfigurationDirectory = "alloy";
|
||||
StateDirectory = "alloy";
|
||||
WorkingDirectory = "%S/alloy";
|
||||
Type = "simple";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -94,6 +94,7 @@ in {
|
|||
systemd.services.loki = {
|
||||
description = "Loki Service Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = let
|
||||
conf = if cfg.configFile == null
|
||||
|
|
|
@ -140,8 +140,8 @@ in
|
|||
|
||||
options.api.endpoint = mkOption {
|
||||
type = str;
|
||||
default = "http://localhost:${toString cfg.settings.web.listen.port}";
|
||||
defaultText = literalExpression ''"http://localhost:''${config.services.scrutiny.settings.web.listen.port}"'';
|
||||
default = "http://${cfg.settings.web.listen.host}:${toString cfg.settings.web.listen.port}";
|
||||
defaultText = literalExpression ''"http://''${config.services.scrutiny.settings.web.listen.host}:''${config.services.scrutiny.settings.web.listen.port}"'';
|
||||
description = "Scrutiny app API endpoint for sending metrics to.";
|
||||
};
|
||||
|
||||
|
|
|
@ -103,7 +103,7 @@ in
|
|||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = if cfg.database.type == "mysql" then mysql.port else pgsql.services.port;
|
||||
default = if cfg.database.type == "mysql" then mysql.port else pgsql.settings.port;
|
||||
defaultText = literalExpression ''
|
||||
if config.${opt.database.type} == "mysql"
|
||||
then config.${options.services.mysql.port}
|
||||
|
|
|
@ -20,14 +20,10 @@ let
|
|||
else toString value;
|
||||
|
||||
configFile = pkgs.writeText "davfs2.conf" (
|
||||
if (cfg.settings != { }) then
|
||||
(toINIWithGlobalSection {
|
||||
mkSectionName = escapeString;
|
||||
mkKeyValue = k: v: "${k} ${formatValue v}";
|
||||
} cfg.settings)
|
||||
else
|
||||
cfg.extraConfig
|
||||
);
|
||||
toINIWithGlobalSection {
|
||||
mkSectionName = escapeString;
|
||||
mkKeyValue = k: v: "${k} ${formatValue v}";
|
||||
} cfg.settings);
|
||||
in
|
||||
{
|
||||
|
||||
|
@ -53,29 +49,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = lines;
|
||||
default = "";
|
||||
example = ''
|
||||
proxy foo.bar:8080
|
||||
use_locks 0
|
||||
|
||||
[/media/dav]
|
||||
use_locks 1
|
||||
|
||||
[/home/otto/mywebspace]
|
||||
gui_optimize 1
|
||||
'';
|
||||
description = ''
|
||||
Extra lines appended to the configuration of davfs2.
|
||||
See {manpage}`davfs2.conf(5)` for available settings.
|
||||
|
||||
**Note**: Please pass structured settings via
|
||||
{option}`settings` instead, this option
|
||||
will get deprecated in the future.
|
||||
'' ;
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = submodule {
|
||||
freeformType = let
|
||||
|
@ -109,21 +82,6 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.extraConfig != "" -> cfg.settings == { };
|
||||
message = ''
|
||||
services.davfs2.extraConfig and services.davfs2.settings cannot be used together.
|
||||
Please prefer using services.davfs2.settings.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
warnings = optional (cfg.extraConfig != "") ''
|
||||
services.davfs2.extraConfig will be deprecated in future releases;
|
||||
please use services.davfs2.settings instead.
|
||||
'';
|
||||
|
||||
environment.systemPackages = [ pkgs.davfs2 ];
|
||||
environment.etc."davfs2/davfs2.conf".source = configFile;
|
||||
|
||||
|
|
|
@ -201,14 +201,10 @@ in
|
|||
message = "If samba.nsswins is enabled, then samba.enableWinbindd must also be enabled";
|
||||
}
|
||||
];
|
||||
# Always provide a smb.conf to shut up programs like smbclient and smbspool.
|
||||
environment.etc."samba/smb.conf".source = mkOptionDefault (
|
||||
if cfg.enable then configFile
|
||||
else pkgs.writeText "smb-dummy.conf" "# Samba is disabled."
|
||||
);
|
||||
}
|
||||
|
||||
(mkIf cfg.enable {
|
||||
environment.etc."samba/smb.conf".source = configFile;
|
||||
|
||||
system.nssModules = optional cfg.nsswins samba;
|
||||
system.nssDatabases.hosts = optional cfg.nsswins "wins";
|
||||
|
|
|
@ -167,8 +167,13 @@ in {
|
|||
preStart = optionalString (settings != null) ''
|
||||
if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \
|
||||
&& [ "${toString cfg.mutableSettings}" = "1" ]; then
|
||||
# First run a schema_version update on the existing configuration
|
||||
# This ensures that both the new config and the existing one have the same schema_version
|
||||
# Note: --check-config has the side effect of modifying the file at rest!
|
||||
${lib.getExe cfg.package} -c "$STATE_DIRECTORY/AdGuardHome.yaml" --check-config
|
||||
|
||||
# Writing directly to AdGuardHome.yaml results in empty file
|
||||
${pkgs.yaml-merge}/bin/yaml-merge "$STATE_DIRECTORY/AdGuardHome.yaml" "${configFile}" > "$STATE_DIRECTORY/AdGuardHome.yaml.tmp"
|
||||
${lib.getExe pkgs.yaml-merge} "$STATE_DIRECTORY/AdGuardHome.yaml" "${configFile}" > "$STATE_DIRECTORY/AdGuardHome.yaml.tmp"
|
||||
mv "$STATE_DIRECTORY/AdGuardHome.yaml.tmp" "$STATE_DIRECTORY/AdGuardHome.yaml"
|
||||
else
|
||||
cp --force "${configFile}" "$STATE_DIRECTORY/AdGuardHome.yaml"
|
||||
|
@ -178,7 +183,7 @@ in {
|
|||
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = "${cfg.package}/bin/adguardhome ${args}";
|
||||
ExecStart = "${lib.getExe cfg.package} ${args}";
|
||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]
|
||||
++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ];
|
||||
Restart = "always";
|
||||
|
|
|
@ -1,98 +1,132 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.aria2;
|
||||
|
||||
homeDir = "/var/lib/aria2";
|
||||
defaultRpcListenPort = 6800;
|
||||
defaultDir = "${homeDir}/Downloads";
|
||||
|
||||
settingsDir = "${homeDir}";
|
||||
sessionFile = "${homeDir}/aria2.session";
|
||||
downloadDir = "${homeDir}/Downloads";
|
||||
|
||||
rangesToStringList = map (x: builtins.toString x.from +"-"+ builtins.toString x.to);
|
||||
|
||||
settingsFile = pkgs.writeText "aria2.conf"
|
||||
''
|
||||
dir=${cfg.downloadDir}
|
||||
listen-port=${concatStringsSep "," (rangesToStringList cfg.listenPortRange)}
|
||||
rpc-listen-port=${toString cfg.rpcListenPort}
|
||||
'';
|
||||
portRangesToString = ranges: lib.concatStringsSep "," (map
|
||||
(x:
|
||||
if x.from == x.to
|
||||
then builtins.toString x.from
|
||||
else builtins.toString x.from + "-" + builtins.toString x.to
|
||||
)
|
||||
ranges);
|
||||
|
||||
customToKeyValue = lib.generators.toKeyValue {
|
||||
mkKeyValue = lib.generators.mkKeyValueDefault
|
||||
{
|
||||
mkValueString = v:
|
||||
if builtins.isList v then portRangesToString v
|
||||
else lib.generators.mkValueStringDefault { } v;
|
||||
} "=";
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "aria2" "rpcSecret" ] "Use services.aria2.rpcSecretFile instead")
|
||||
(lib.mkRemovedOptionModule [ "services" "aria2" "rpcSecret" ] "Use services.aria2.rpcSecretFile instead")
|
||||
(lib.mkRemovedOptionModule [ "services" "aria2" "extraArguments" ] "Use services.aria2.settings instead")
|
||||
(lib.mkRenamedOptionModule [ "services" "aria2" "downloadDir" ] [ "services" "aria2" "settings" "dir" ])
|
||||
(lib.mkRenamedOptionModule [ "services" "aria2" "listenPortRange" ] [ "services" "aria2" "settings" "listen-port" ])
|
||||
(lib.mkRenamedOptionModule [ "services" "aria2" "rpcListenPort" ] [ "services" "aria2" "settings" "rpc-listen-port" ])
|
||||
];
|
||||
|
||||
options = {
|
||||
services.aria2 = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether or not to enable the headless Aria2 daemon service.
|
||||
|
||||
Aria2 daemon can be controlled via the RPC interface using
|
||||
one of many WebUI (http://localhost:6800/ by default).
|
||||
Aria2 daemon can be controlled via the RPC interface using one of many
|
||||
WebUIs (http://localhost:${toString defaultRpcListenPort}/ by default).
|
||||
|
||||
Targets are downloaded to ${downloadDir} by default and are
|
||||
accessible to users in the "aria2" group.
|
||||
Targets are downloaded to `${defaultDir}` by default and are
|
||||
accessible to users in the `aria2` group.
|
||||
'';
|
||||
};
|
||||
openPorts = mkOption {
|
||||
type = types.bool;
|
||||
openPorts = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Open listen and RPC ports found in listenPortRange and rpcListenPort
|
||||
options in the firewall.
|
||||
Open listen and RPC ports found in `settings.listen-port` and
|
||||
`settings.rpc-listen-port` options in the firewall.
|
||||
'';
|
||||
};
|
||||
downloadDir = mkOption {
|
||||
type = types.path;
|
||||
default = downloadDir;
|
||||
description = ''
|
||||
Directory to store downloaded files.
|
||||
'';
|
||||
};
|
||||
listenPortRange = mkOption {
|
||||
type = types.listOf types.attrs;
|
||||
default = [ { from = 6881; to = 6999; } ];
|
||||
description = ''
|
||||
Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.
|
||||
'';
|
||||
};
|
||||
rpcListenPort = mkOption {
|
||||
type = types.int;
|
||||
default = 6800;
|
||||
description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535";
|
||||
};
|
||||
rpcSecretFile = mkOption {
|
||||
type = types.path;
|
||||
rpcSecretFile = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
example = "/run/secrets/aria2-rpc-token.txt";
|
||||
description = ''
|
||||
A file containing the RPC secret authorization token.
|
||||
Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
|
||||
'';
|
||||
};
|
||||
extraArguments = mkOption {
|
||||
type = types.separatedString " ";
|
||||
example = "--rpc-listen-all --remote-time=true";
|
||||
default = "";
|
||||
settings = lib.mkOption {
|
||||
description = ''
|
||||
Additional arguments to be passed to Aria2.
|
||||
Generates the `aria2.conf` file. Refer to [the documentation][0] for
|
||||
all possible settings.
|
||||
|
||||
[0]: https://aria2.github.io/manual/en/html/aria2c.html#synopsis
|
||||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
freeformType = with lib.types; attrsOf (oneOf [ bool int float singleLineStr ]);
|
||||
options = {
|
||||
save-session = lib.mkOption {
|
||||
type = lib.types.singleLineStr;
|
||||
default = "${homeDir}/aria2.session";
|
||||
description = "Save error/unfinished downloads to FILE on exit.";
|
||||
};
|
||||
dir = lib.mkOption {
|
||||
type = lib.types.singleLineStr;
|
||||
default = defaultDir;
|
||||
description = "Directory to store downloaded files.";
|
||||
};
|
||||
conf-path = lib.mkOption {
|
||||
type = lib.types.singleLineStr;
|
||||
default = "${homeDir}/aria2.conf";
|
||||
description = "Configuration file path.";
|
||||
};
|
||||
enable-rpc = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "Enable JSON-RPC/XML-RPC server.";
|
||||
};
|
||||
listen-port = lib.mkOption {
|
||||
type = with lib.types; listOf (attrsOf port);
|
||||
default = [{ from = 6881; to = 6999; }];
|
||||
description = "Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.";
|
||||
};
|
||||
rpc-listen-port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = defaultRpcListenPort;
|
||||
description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.settings.enable-rpc;
|
||||
message = "RPC has to be enabled, the default module option takes care of that.";
|
||||
}
|
||||
{
|
||||
assertion = !(cfg.settings ? rpc-secret);
|
||||
message = "Set the RPC secret through services.aria2.rpcSecretFile so it will not end up in the world-readable nix store.";
|
||||
}
|
||||
];
|
||||
|
||||
# Need to open ports for proper functioning
|
||||
networking.firewall = mkIf cfg.openPorts {
|
||||
allowedUDPPortRanges = config.services.aria2.listenPortRange;
|
||||
allowedTCPPorts = [ config.services.aria2.rpcListenPort ];
|
||||
networking.firewall = lib.mkIf cfg.openPorts {
|
||||
allowedUDPPortRanges = config.services.aria2.settings.listen-port;
|
||||
allowedTCPPorts = [ config.services.aria2.settings.rpc-listen-port ];
|
||||
};
|
||||
|
||||
users.users.aria2 = {
|
||||
|
@ -107,7 +141,7 @@ in
|
|||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${homeDir}' 0770 aria2 aria2 - -"
|
||||
"d '${config.services.aria2.downloadDir}' 0770 aria2 aria2 - -"
|
||||
"d '${config.services.aria2.settings.dir}' 0770 aria2 aria2 - -"
|
||||
];
|
||||
|
||||
systemd.services.aria2 = {
|
||||
|
@ -115,22 +149,25 @@ in
|
|||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
if [[ ! -e "${sessionFile}" ]]
|
||||
if [[ ! -e "${cfg.settings.save-session}" ]]
|
||||
then
|
||||
touch "${sessionFile}"
|
||||
touch "${cfg.settings.save-session}"
|
||||
fi
|
||||
cp -f "${settingsFile}" "${settingsDir}/aria2.conf"
|
||||
echo "rpc-secret=$(cat "$CREDENTIALS_DIRECTORY/rpcSecretFile")" >> "${settingsDir}/aria2.conf"
|
||||
cp -f "${pkgs.writeText "aria2.conf" (customToKeyValue cfg.settings)}" "${cfg.settings.conf-path}"
|
||||
chmod +w "${cfg.settings.conf-path}"
|
||||
echo "rpc-secret=$(cat "$CREDENTIALS_DIRECTORY/rpcSecretFile")" >> "${cfg.settings.conf-path}"
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "on-abort";
|
||||
ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf ${config.services.aria2.extraArguments} --save-session=${sessionFile}";
|
||||
ExecStart = "${pkgs.aria2}/bin/aria2c --conf-path=${cfg.settings.conf-path}";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
User = "aria2";
|
||||
Group = "aria2";
|
||||
LoadCredential="rpcSecretFile:${cfg.rpcSecretFile}";
|
||||
LoadCredential = "rpcSecretFile:${cfg.rpcSecretFile}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = [ lib.maintainers.timhae ];
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue