Project import generated by Copybara.
GitOrigin-RevId: 08e4dc3a907a6dfec8bb3bbf1540d8abbffea22b
This commit is contained in:
parent
2f7b1ef366
commit
c7e6337bd0
3061 changed files with 96698 additions and 51925 deletions
5
third_party/nixpkgs/.github/CODEOWNERS
vendored
5
third_party/nixpkgs/.github/CODEOWNERS
vendored
|
@ -90,6 +90,9 @@
|
||||||
# NixOS integration test driver
|
# NixOS integration test driver
|
||||||
/nixos/lib/test-driver @tfc
|
/nixos/lib/test-driver @tfc
|
||||||
|
|
||||||
|
# NixOS QEMU virtualisation
|
||||||
|
/nixos/virtualisation/qemu-vm.nix @raitobezarius
|
||||||
|
|
||||||
# Systemd
|
# Systemd
|
||||||
/nixos/modules/system/boot/systemd.nix @NixOS/systemd
|
/nixos/modules/system/boot/systemd.nix @NixOS/systemd
|
||||||
/nixos/modules/system/boot/systemd @NixOS/systemd
|
/nixos/modules/system/boot/systemd @NixOS/systemd
|
||||||
|
@ -139,7 +142,7 @@
|
||||||
|
|
||||||
# C compilers
|
# C compilers
|
||||||
/pkgs/development/compilers/gcc @matthewbauer
|
/pkgs/development/compilers/gcc @matthewbauer
|
||||||
/pkgs/development/compilers/llvm @matthewbauer
|
/pkgs/development/compilers/llvm @matthewbauer @RaitoBezarius
|
||||||
|
|
||||||
# Compatibility stuff
|
# Compatibility stuff
|
||||||
/pkgs/top-level/unix-tools.nix @matthewbauer
|
/pkgs/top-level/unix-tools.nix @matthewbauer
|
||||||
|
|
1
third_party/nixpkgs/CONTRIBUTING.md
vendored
1
third_party/nixpkgs/CONTRIBUTING.md
vendored
|
@ -43,6 +43,7 @@ Below is a short excerpt of some points in there:
|
||||||
* Not start with the package name.
|
* Not start with the package name.
|
||||||
* More generally, it should not refer to the package name.
|
* More generally, it should not refer to the package name.
|
||||||
* Not end with a period (or any punctuation for that matter).
|
* Not end with a period (or any punctuation for that matter).
|
||||||
|
* Aim to inform while avoiding subjective language.
|
||||||
* `meta.license` must be set and fit the upstream license.
|
* `meta.license` must be set and fit the upstream license.
|
||||||
* If there is no upstream license, `meta.license` should default to `lib.licenses.unfree`.
|
* If there is no upstream license, `meta.license` should default to `lib.licenses.unfree`.
|
||||||
* If in doubt, try to contact the upstream developers for clarification.
|
* If in doubt, try to contact the upstream developers for clarification.
|
||||||
|
|
1
third_party/nixpkgs/doc/.gitignore
vendored
1
third_party/nixpkgs/doc/.gitignore
vendored
|
@ -8,3 +8,4 @@ manual-full.xml
|
||||||
out
|
out
|
||||||
result
|
result
|
||||||
result-*
|
result-*
|
||||||
|
media
|
||||||
|
|
3
third_party/nixpkgs/doc/Makefile
vendored
3
third_party/nixpkgs/doc/Makefile
vendored
|
@ -19,6 +19,9 @@ pandoc_flags = --extract-media=$(pandoc_media_dir) \
|
||||||
.PHONY: all
|
.PHONY: all
|
||||||
all: validate format out/html/index.html out/epub/manual.epub
|
all: validate format out/html/index.html out/epub/manual.epub
|
||||||
|
|
||||||
|
.PHONY: render-md
|
||||||
|
render-md: ${MD_TARGETS}
|
||||||
|
|
||||||
.PHONY: debug
|
.PHONY: debug
|
||||||
debug:
|
debug:
|
||||||
nix-shell --run "xmloscopy --docbook5 ./manual.xml ./manual-full.xml"
|
nix-shell --run "xmloscopy --docbook5 ./manual.xml ./manual-full.xml"
|
||||||
|
|
1
third_party/nixpkgs/doc/builders/special.xml
vendored
1
third_party/nixpkgs/doc/builders/special.xml
vendored
|
@ -9,4 +9,5 @@
|
||||||
<xi:include href="special/makesetuphook.section.xml" />
|
<xi:include href="special/makesetuphook.section.xml" />
|
||||||
<xi:include href="special/mkshell.section.xml" />
|
<xi:include href="special/mkshell.section.xml" />
|
||||||
<xi:include href="special/darwin-builder.section.xml" />
|
<xi:include href="special/darwin-builder.section.xml" />
|
||||||
|
<xi:include href="special/vm-tools.section.xml" />
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# buildFHSUserEnv {#sec-fhs-environments}
|
# buildFHSEnv {#sec-fhs-environments}
|
||||||
|
|
||||||
`buildFHSUserEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are:
|
`buildFHSEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are:
|
||||||
|
|
||||||
- `name`
|
- `name`
|
||||||
Environment name.
|
Environment name.
|
||||||
|
@ -26,7 +26,7 @@ One can create a simple environment using a `shell.nix` like that:
|
||||||
```nix
|
```nix
|
||||||
{ pkgs ? import <nixpkgs> {} }:
|
{ pkgs ? import <nixpkgs> {} }:
|
||||||
|
|
||||||
(pkgs.buildFHSUserEnv {
|
(pkgs.buildFHSEnv {
|
||||||
name = "simple-x11-env";
|
name = "simple-x11-env";
|
||||||
targetPkgs = pkgs: (with pkgs;
|
targetPkgs = pkgs: (with pkgs;
|
||||||
[ udev
|
[ udev
|
||||||
|
|
148
third_party/nixpkgs/doc/builders/special/vm-tools.section.md
vendored
Normal file
148
third_party/nixpkgs/doc/builders/special/vm-tools.section.md
vendored
Normal file
|
@ -0,0 +1,148 @@
|
||||||
|
# vmTools {#sec-vm-tools}
|
||||||
|
|
||||||
|
A set of VM related utilities, that help in building some packages in more advanced scenarios.
|
||||||
|
|
||||||
|
## `vmTools.createEmptyImage` {#vm-tools-createEmptyImage}
|
||||||
|
|
||||||
|
A bash script fragment that produces a disk image at `destination`.
|
||||||
|
|
||||||
|
### Attributes
|
||||||
|
|
||||||
|
* `size`. The disk size, in MiB.
|
||||||
|
* `fullName`. Name that will be written to `${destination}/nix-support/full-name`.
|
||||||
|
* `destination` (optional, default `$out`). Where to write the image files.
|
||||||
|
|
||||||
|
## `vmTools.runInLinuxVM` {#vm-tools-runInLinuxVM}
|
||||||
|
|
||||||
|
Run a derivation in a Linux virtual machine (using Qemu/KVM).
|
||||||
|
By default, there is no disk image; the root filesystem is a `tmpfs`, and the Nix store is shared with the host (via the [9P protocol](https://wiki.qemu.org/Documentation/9p#9p_Protocol)).
|
||||||
|
Thus, any pure Nix derivation should run unmodified.
|
||||||
|
|
||||||
|
If the build fails and Nix is run with the `-K/--keep-failed` option, a script `run-vm` will be left behind in the temporary build directory that allows you to boot into the VM and debug it interactively.
|
||||||
|
|
||||||
|
### Attributes
|
||||||
|
|
||||||
|
* `preVM` (optional). Shell command to be evaluated *before* the VM is started (i.e., on the host).
|
||||||
|
* `memSize` (optional, default `512`). The memory size of the VM in MiB.
|
||||||
|
* `diskImage` (optional). A file system image to be attached to `/dev/sda`.
|
||||||
|
Note that currently we expect the image to contain a filesystem, not a full disk image with a partition table etc.
|
||||||
|
|
||||||
|
### Examples
|
||||||
|
|
||||||
|
Build the derivation hello inside a VM:
|
||||||
|
```nix
|
||||||
|
{ pkgs }: with pkgs; with vmTools;
|
||||||
|
runInLinuxVM hello
|
||||||
|
```
|
||||||
|
|
||||||
|
Build inside a VM with extra memory:
|
||||||
|
```nix
|
||||||
|
{ pkgs }: with pkgs; with vmTools;
|
||||||
|
runInLinuxVM (hello.overrideAttrs (_: { memSize = 1024; }))
|
||||||
|
```
|
||||||
|
|
||||||
|
Use VM with a disk image (implicitly sets `diskImage`, see [`vmTools.createEmptyImage`](#vm-tools-createEmptyImage)):
|
||||||
|
```nix
|
||||||
|
{ pkgs }: with pkgs; with vmTools;
|
||||||
|
runInLinuxVM (hello.overrideAttrs (_: {
|
||||||
|
preVM = createEmptyImage {
|
||||||
|
size = 1024;
|
||||||
|
fullName = "vm-image";
|
||||||
|
};
|
||||||
|
}))
|
||||||
|
```
|
||||||
|
|
||||||
|
## `vmTools.extractFs` {#vm-tools-extractFs}
|
||||||
|
|
||||||
|
Takes a file, such as an ISO, and extracts its contents into the store.
|
||||||
|
|
||||||
|
### Attributes
|
||||||
|
|
||||||
|
* `file`. Path to the file to be extracted.
|
||||||
|
Note that currently we expect the image to contain a filesystem, not a full disk image with a partition table etc.
|
||||||
|
* `fs` (optional). Filesystem of the contents of the file.
|
||||||
|
|
||||||
|
### Examples
|
||||||
|
|
||||||
|
Extract the contents of an ISO file:
|
||||||
|
```nix
|
||||||
|
{ pkgs }: with pkgs; with vmTools;
|
||||||
|
extractFs { file = ./image.iso; }
|
||||||
|
```
|
||||||
|
|
||||||
|
## `vmTools.extractMTDfs` {#vm-tools-extractMTDfs}
|
||||||
|
|
||||||
|
Like [](#vm-tools-extractFs), but it makes use of a [Memory Technology Device (MTD)](https://en.wikipedia.org/wiki/Memory_Technology_Device).
|
||||||
|
|
||||||
|
## `vmTools.runInLinuxImage` {#vm-tools-runInLinuxImage}
|
||||||
|
|
||||||
|
Like [](#vm-tools-runInLinuxVM), but instead of using `stdenv` from the Nix store, run the build using the tools provided by `/bin`, `/usr/bin`, etc. from the specified filesystem image, which typically is a filesystem containing a [FHS](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard)-based Linux distribution.
|
||||||
|
|
||||||
|
## `vmTools.makeImageTestScript` {#vm-tools-makeImageTestScript}
|
||||||
|
|
||||||
|
Generate a script that can be used to run an interactive session in the given image.
|
||||||
|
|
||||||
|
### Examples
|
||||||
|
|
||||||
|
Create a script for running a Fedora 27 VM:
|
||||||
|
```nix
|
||||||
|
{ pkgs }: with pkgs; with vmTools;
|
||||||
|
makeImageTestScript diskImages.fedora27x86_64
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a script for running an Ubuntu 20.04 VM:
|
||||||
|
```nix
|
||||||
|
{ pkgs }: with pkgs; with vmTools;
|
||||||
|
makeImageTestScript diskImages.ubuntu2004x86_64
|
||||||
|
```
|
||||||
|
|
||||||
|
## `vmTools.diskImageFuns` {#vm-tools-diskImageFuns}
|
||||||
|
|
||||||
|
A set of functions that build a predefined set of minimal Linux distributions images.
|
||||||
|
|
||||||
|
### Images
|
||||||
|
|
||||||
|
* Fedora
|
||||||
|
* `fedora26x86_64`
|
||||||
|
* `fedora27x86_64`
|
||||||
|
* CentOS
|
||||||
|
* `centos6i386`
|
||||||
|
* `centos6x86_64`
|
||||||
|
* `centos7x86_64`
|
||||||
|
* Ubuntu
|
||||||
|
* `ubuntu1404i386`
|
||||||
|
* `ubuntu1404x86_64`
|
||||||
|
* `ubuntu1604i386`
|
||||||
|
* `ubuntu1604x86_64`
|
||||||
|
* `ubuntu1804i386`
|
||||||
|
* `ubuntu1804x86_64`
|
||||||
|
* `ubuntu2004i386`
|
||||||
|
* `ubuntu2004x86_64`
|
||||||
|
* `ubuntu2204i386`
|
||||||
|
* `ubuntu2204x86_64`
|
||||||
|
* Debian
|
||||||
|
* `debian10i386`
|
||||||
|
* `debian10x86_64`
|
||||||
|
* `debian11i386`
|
||||||
|
* `debian11x86_64`
|
||||||
|
|
||||||
|
### Attributes
|
||||||
|
|
||||||
|
* `size` (optional, defaults to `4096`). The size of the image, in MiB.
|
||||||
|
* `extraPackages` (optional). A list names of additional packages from the distribution that should be included in the image.
|
||||||
|
|
||||||
|
### Examples
|
||||||
|
|
||||||
|
8GiB image containing Firefox in addition to the default packages:
|
||||||
|
```nix
|
||||||
|
{ pkgs }: with pkgs; with vmTools;
|
||||||
|
diskImageFuns.ubuntu2004x86_64 { extraPackages = [ "firefox" ]; size = 8192; }
|
||||||
|
```
|
||||||
|
|
||||||
|
## `vmTools.diskImageExtraFuns` {#vm-tools-diskImageExtraFuns}
|
||||||
|
|
||||||
|
Shorthand for `vmTools.diskImageFuns.<attr> { extraPackages = ... }`.
|
||||||
|
|
||||||
|
## `vmTools.diskImages` {#vm-tools-diskImages}
|
||||||
|
|
||||||
|
Shorthand for `vmTools.diskImageFuns.<attr> { }`.
|
4
third_party/nixpkgs/doc/default.nix
vendored
4
third_party/nixpkgs/doc/default.nix
vendored
|
@ -20,6 +20,10 @@ in pkgs.stdenv.mkDerivation {
|
||||||
ln -s ${doc-support} ./doc-support/result
|
ln -s ${doc-support} ./doc-support/result
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
preBuild = ''
|
||||||
|
make -j$NIX_BUILD_CORES render-md
|
||||||
|
'';
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
dest="$out/share/doc/nixpkgs"
|
dest="$out/share/doc/nixpkgs"
|
||||||
mkdir -p "$(dirname "$dest")"
|
mkdir -p "$(dirname "$dest")"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ pkgs, nixpkgs ? { }, libsets }:
|
{ pkgs, nixpkgs ? { }, libsets }:
|
||||||
let
|
let
|
||||||
revision = pkgs.lib.trivial.revisionWithDefault (nixpkgs.revision or "master");
|
revision = pkgs.lib.trivial.revisionWithDefault (nixpkgs.rev or "master");
|
||||||
|
|
||||||
libDefPos = prefix: set:
|
libDefPos = prefix: set:
|
||||||
builtins.concatMap
|
builtins.concatMap
|
||||||
|
|
|
@ -37,7 +37,7 @@ The recommended way of defining a derivation for a Coq library, is to use the `c
|
||||||
* `buildInputs` (optional), is a list of libraries and dependencies that are required to build and run the current derivation, in addition to the default one `[ coq ]`,
|
* `buildInputs` (optional), is a list of libraries and dependencies that are required to build and run the current derivation, in addition to the default one `[ coq ]`,
|
||||||
* `extraBuildInputs` (optional, deprecated), an additional list of derivation to add to `buildInputs`,
|
* `extraBuildInputs` (optional, deprecated), an additional list of derivation to add to `buildInputs`,
|
||||||
* `overrideBuildInputs` (optional) replaces the default list of derivation to which `buildInputs` and `extraBuildInputs` adds extras elements,
|
* `overrideBuildInputs` (optional) replaces the default list of derivation to which `buildInputs` and `extraBuildInputs` adds extras elements,
|
||||||
* `propagatedBuildInputs` (optional) is passed as is to `mkDerivation`, we recommend to use this for Coq libraries and Coq plugin dependencies, as this makes sure the paths of the compiled libraries and plugins will always be added to the build environements of subsequent derivation, which is necessary for Coq packages to work correctly,
|
* `propagatedBuildInputs` (optional) is passed as is to `mkDerivation`, we recommend to use this for Coq libraries and Coq plugin dependencies, as this makes sure the paths of the compiled libraries and plugins will always be added to the build environments of subsequent derivation, which is necessary for Coq packages to work correctly,
|
||||||
* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `nativeBuildInputs`, `buildInputs`, and `propagatedBuildInputs` to depend on the same package set Coq was built against.
|
* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `nativeBuildInputs`, `buildInputs`, and `propagatedBuildInputs` to depend on the same package set Coq was built against.
|
||||||
* `useDuneifVersion` (optional, default to `(x: false)` uses Dune to build the package if the provided predicate evaluates to true on the version, e.g. `useDuneifVersion = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`,
|
* `useDuneifVersion` (optional, default to `(x: false)` uses Dune to build the package if the provided predicate evaluates to true on the version, e.g. `useDuneifVersion = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`,
|
||||||
* `useDune` (optional, defaults to `false`) uses Dune to build the package if set to true, the presence of this attribute overrides the behavior of the previous one.
|
* `useDune` (optional, defaults to `false`) uses Dune to build the package if set to true, the presence of this attribute overrides the behavior of the previous one.
|
||||||
|
|
|
@ -20,6 +20,7 @@ In the following is an example expression using `buildGoModule`, the following a
|
||||||
|
|
||||||
To obtain the actual hash, set `vendorHash = lib.fakeSha256;` and run the build ([more details here](#sec-source-hashes)).
|
To obtain the actual hash, set `vendorHash = lib.fakeSha256;` and run the build ([more details here](#sec-source-hashes)).
|
||||||
- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorHash` checksums.
|
- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorHash` checksums.
|
||||||
|
- `modPostBuild`: Shell commands to run after the build of the go-modules executes `go mod vendor`, and before calculating fixed output derivation's `vendorHash` (or `vendorSha256`). Note that if you change this attribute, you need to update `vendorHash` (or `vendorSha256`) attribute.
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
pet = buildGoModule rec {
|
pet = buildGoModule rec {
|
||||||
|
@ -114,7 +115,16 @@ done
|
||||||
|
|
||||||
## Attributes used by the builders {#ssec-go-common-attributes}
|
## Attributes used by the builders {#ssec-go-common-attributes}
|
||||||
|
|
||||||
Both `buildGoModule` and `buildGoPackage` can be tweaked to behave slightly differently, if the following attributes are used:
|
Many attributes [controlling the build phase](#variables-controlling-the-build-phase) are respected by both `buildGoModule` and `buildGoPackage`. Note that `buildGoModule` reads the following attributes also when building the `vendor/` go-modules fixed output derivation as well:
|
||||||
|
|
||||||
|
- [`sourceRoot`](#var-stdenv-sourceRoot)
|
||||||
|
- [`prePatch`](#var-stdenv-prePatch)
|
||||||
|
- [`patches`](#var-stdenv-patches)
|
||||||
|
- [`patchFlags`](#var-stdenv-patchFlags)
|
||||||
|
- [`postPatch`](#var-stdenv-postPatch)
|
||||||
|
- [`preBuild`](#var-stdenv-preBuild)
|
||||||
|
|
||||||
|
In addition to the above attributes, and the many more variables respected also by `stdenv.mkDerivation`, both `buildGoModule` and `buildGoPackage` respect Go-specific attributes that tweak them to behave slightly differently:
|
||||||
|
|
||||||
### `ldflags` {#var-go-ldflags}
|
### `ldflags` {#var-go-ldflags}
|
||||||
|
|
||||||
|
|
|
@ -108,7 +108,7 @@ haskell.compiler.ghcjs ghcjs-8.10.7
|
||||||
Each of those compiler versions has a corresponding attribute set built using
|
Each of those compiler versions has a corresponding attribute set built using
|
||||||
it. However, the non-standard package sets are not tested regularly and, as a
|
it. However, the non-standard package sets are not tested regularly and, as a
|
||||||
result, contain fewer working packages. The corresponding package set for GHC
|
result, contain fewer working packages. The corresponding package set for GHC
|
||||||
9.4.4 is `haskell.packages.ghc944`. In fact `haskellPackages` is just an alias
|
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` is just an alias
|
||||||
for `haskell.packages.ghc927`:
|
for `haskell.packages.ghc927`:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
|
|
|
@ -229,7 +229,7 @@ See `node2nix` [docs](https://github.com/svanderburg/node2nix) for more info.
|
||||||
#### Pitfalls {#javascript-node2nix-pitfalls}
|
#### Pitfalls {#javascript-node2nix-pitfalls}
|
||||||
|
|
||||||
- If upstream package.json does not have a "version" attribute, `node2nix` will crash. You will need to add it like shown in [the package.json section](#javascript-upstream-package-json).
|
- If upstream package.json does not have a "version" attribute, `node2nix` will crash. You will need to add it like shown in [the package.json section](#javascript-upstream-package-json).
|
||||||
- `node2nix` has some [bugs](https://github.com/svanderburg/node2nix/issues/238) related to working with lock files from NPM distributed with `nodejs-16_x`.
|
- `node2nix` has some [bugs](https://github.com/svanderburg/node2nix/issues/238) related to working with lock files from NPM distributed with `nodejs_16`.
|
||||||
- `node2nix` does not like missing packages from NPM. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of NPM.
|
- `node2nix` does not like missing packages from NPM. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of NPM.
|
||||||
|
|
||||||
### yarn2nix {#javascript-yarn2nix}
|
### yarn2nix {#javascript-yarn2nix}
|
||||||
|
|
|
@ -129,16 +129,21 @@ Let's present the luarocks way first and the manual one in a second time.
|
||||||
### Packaging a library on luarocks {#packaging-a-library-on-luarocks}
|
### Packaging a library on luarocks {#packaging-a-library-on-luarocks}
|
||||||
|
|
||||||
[Luarocks.org](https://luarocks.org/) is the main repository of lua packages.
|
[Luarocks.org](https://luarocks.org/) is the main repository of lua packages.
|
||||||
The site proposes two types of packages, the rockspec and the src.rock
|
The site proposes two types of packages, the `rockspec` and the `src.rock`
|
||||||
(equivalent of a [rockspec](https://github.com/luarocks/luarocks/wiki/Rockspec-format) but with the source).
|
(equivalent of a [rockspec](https://github.com/luarocks/luarocks/wiki/Rockspec-format) but with the source).
|
||||||
These packages can have different build types such as `cmake`, `builtin` etc .
|
|
||||||
|
|
||||||
Luarocks-based packages are generated in pkgs/development/lua-modules/generated-packages.nix from
|
Luarocks-based packages are generated in [pkgs/development/lua-modules/generated-packages.nix](https://github.com/NixOS/nixpkgs/tree/master/pkgs/development/lua-modules/generated-packages.nix) from
|
||||||
the whitelist maintainers/scripts/luarocks-packages.csv and updated by running maintainers/scripts/update-luarocks-packages.
|
the whitelist maintainers/scripts/luarocks-packages.csv and updated by running
|
||||||
|
the script
|
||||||
|
[maintainers/scripts/update-luarocks-packages](https://github.com/NixOS/nixpkgs/tree/master/maintainers/scripts/update-luarocks-packages):
|
||||||
|
|
||||||
|
```sh
|
||||||
|
./maintainers/scripts/update-luarocks-packages update
|
||||||
|
```
|
||||||
|
|
||||||
[luarocks2nix](https://github.com/nix-community/luarocks) is a tool capable of generating nix derivations from both rockspec and src.rock (and favors the src.rock).
|
[luarocks2nix](https://github.com/nix-community/luarocks) is a tool capable of generating nix derivations from both rockspec and src.rock (and favors the src.rock).
|
||||||
The automation only goes so far though and some packages need to be customized.
|
The automation only goes so far though and some packages need to be customized.
|
||||||
These customizations go in `pkgs/development/lua-modules/overrides.nix`.
|
These customizations go in [pkgs/development/lua-modules/overrides.nix](https://github.com/NixOS/nixpkgs/tree/master/pkgs/development/lua-modules/overrides.nix).
|
||||||
For instance if the rockspec defines `external_dependencies`, these need to be manually added to the overrides.nix.
|
For instance if the rockspec defines `external_dependencies`, these need to be manually added to the overrides.nix.
|
||||||
|
|
||||||
You can try converting luarocks packages to nix packages with the command `nix-shell -p luarocks-nix` and then `luarocks nix PKG_NAME`.
|
You can try converting luarocks packages to nix packages with the command `nix-shell -p luarocks-nix` and then `luarocks nix PKG_NAME`.
|
||||||
|
|
|
@ -212,7 +212,7 @@ Note: this is not possible anymore for Neovim.
|
||||||
|
|
||||||
## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs}
|
## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs}
|
||||||
|
|
||||||
Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names). Plugins are listed in alphabetical order in `vim-plugin-names` using the format `[github username]/[repository]@[gitref]`. For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`.
|
Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names).
|
||||||
|
|
||||||
After running `./update.py`, if nvim-treesitter received an update, also run [`nvim-treesitter/update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py) to update the tree sitter grammars for `nvim-treesitter`.
|
After running `./update.py`, if nvim-treesitter received an update, also run [`nvim-treesitter/update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py) to update the tree sitter grammars for `nvim-treesitter`.
|
||||||
|
|
||||||
|
@ -226,7 +226,7 @@ deoplete-fish = super.deoplete-fish.overrideAttrs(old: {
|
||||||
|
|
||||||
Sometimes plugins require an override that must be changed when the plugin is updated. This can cause issues when Vim plugins are auto-updated but the associated override isn't updated. For these plugins, the override should be written so that it specifies all information required to install the plugin, and running `./update.py` doesn't change the derivation for the plugin. Manually updating the override is required to update these types of plugins. An example of such a plugin is `LanguageClient-neovim`.
|
Sometimes plugins require an override that must be changed when the plugin is updated. This can cause issues when Vim plugins are auto-updated but the associated override isn't updated. For these plugins, the override should be written so that it specifies all information required to install the plugin, and running `./update.py` doesn't change the derivation for the plugin. Manually updating the override is required to update these types of plugins. An example of such a plugin is `LanguageClient-neovim`.
|
||||||
|
|
||||||
To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running.
|
To add a new plugin, run `./update.py add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running.
|
||||||
|
|
||||||
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with Vim/Neovim.
|
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with Vim/Neovim.
|
||||||
|
|
||||||
|
|
40
third_party/nixpkgs/doc/stdenv/meta.chapter.md
vendored
40
third_party/nixpkgs/doc/stdenv/meta.chapter.md
vendored
|
@ -86,6 +86,23 @@ meta.platforms = lib.platforms.linux;
|
||||||
|
|
||||||
Attribute Set `lib.platforms` defines [various common lists](https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix) of platforms types.
|
Attribute Set `lib.platforms` defines [various common lists](https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix) of platforms types.
|
||||||
|
|
||||||
|
### `badPlatforms` {#var-meta-badPlatforms}
|
||||||
|
|
||||||
|
The list of Nix [platform types](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L75-L81) on which the package is known not to be buildable.
|
||||||
|
Hydra will never create prebuilt binaries for these platform types, even if they are in [`meta.platforms`](#var-meta-platforms).
|
||||||
|
In general it is preferable to set `meta.platforms = lib.platforms.all` and then exclude any platforms on which the package is known not to build.
|
||||||
|
For example, a package which requires dynamic linking and cannot be linked statically could use this:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
meta.platforms = lib.platforms.all;
|
||||||
|
meta.badPlatforms = [ lib.systems.inspect.patterns.isStatic ];
|
||||||
|
```
|
||||||
|
|
||||||
|
The [`lib.meta.availableOn`](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L95-L106) function can be used to test whether or not a package is available (i.e. buildable) on a given platform.
|
||||||
|
Some packages use this to automatically detect the maximum set of features with which they can be built.
|
||||||
|
For example, `systemd` [requires dynamic linking](https://github.com/systemd/systemd/issues/20600#issuecomment-912338965), and [has a `meta.badPlatforms` setting](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/pkgs/os-specific/linux/systemd/default.nix#L752) similar to the one above.
|
||||||
|
Packages which can be built with or without `systemd` support will use `lib.meta.availableOn` to detect whether or not `systemd` is available on the [`hostPlatform`](#ssec-cross-platform-parameters) for which they are being built; if it is not available (e.g. due to a statically-linked host platform like `pkgsStatic`) this support will be disabled by default.
|
||||||
|
|
||||||
### `tests` {#var-meta-tests}
|
### `tests` {#var-meta-tests}
|
||||||
|
|
||||||
::: {.warning}
|
::: {.warning}
|
||||||
|
@ -173,7 +190,7 @@ To be effective, it must be presented directly to an evaluation process that han
|
||||||
|
|
||||||
### `hydraPlatforms` {#var-meta-hydraPlatforms}
|
### `hydraPlatforms` {#var-meta-hydraPlatforms}
|
||||||
|
|
||||||
The list of Nix platform types for which the Hydra instance at `hydra.nixos.org` will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g.
|
The list of Nix platform types for which the [Hydra](https://github.com/nixos/hydra) [instance at `hydra.nixos.org`](https://nixos.org/hydra) will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g.
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
meta.platforms = lib.platforms.linux;
|
meta.platforms = lib.platforms.linux;
|
||||||
|
@ -182,7 +199,26 @@ meta.hydraPlatforms = [];
|
||||||
|
|
||||||
### `broken` {#var-meta-broken}
|
### `broken` {#var-meta-broken}
|
||||||
|
|
||||||
If set to `true`, the package is marked as "broken", meaning that it won’t show up in `nix-env -qa`, and cannot be built or installed. Such packages should be removed from Nixpkgs eventually unless they are fixed.
|
If set to `true`, the package is marked as "broken", meaning that it won’t show up in [search.nixos.org](https://search.nixos.org/packages), and cannot be built or installed unless the environment variable [`NIXPKGS_ALLOW_BROKEN`](#opt-allowBroken) is set.
|
||||||
|
Such unconditionally-broken packages should be removed from Nixpkgs eventually unless they are fixed.
|
||||||
|
|
||||||
|
The value of this attribute can depend on a package's arguments, including `stdenv`.
|
||||||
|
This means that `broken` can be used to express constraints, for example:
|
||||||
|
|
||||||
|
- Does not cross compile
|
||||||
|
|
||||||
|
```nix
|
||||||
|
meta.broken = !(stdenv.buildPlatform.canExecute stdenv.hostPlatform)
|
||||||
|
```
|
||||||
|
|
||||||
|
- Broken if all of a certain set of its dependencies are broken
|
||||||
|
|
||||||
|
```nix
|
||||||
|
meta.broken = lib.all (map (p: p.meta.broken) [ glibc musl ])
|
||||||
|
```
|
||||||
|
|
||||||
|
This makes `broken` strictly more powerful than `meta.badPlatforms`.
|
||||||
|
However `meta.availableOn` currently examines only `meta.platforms` and `meta.badPlatforms`, so `meta.broken` does not influence the default values for optional dependencies.
|
||||||
|
|
||||||
## Licenses {#sec-meta-license}
|
## Licenses {#sec-meta-license}
|
||||||
|
|
||||||
|
|
12
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
12
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -16,7 +16,8 @@ stdenv.mkDerivation {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
(`stdenv` needs to be in scope, so if you write this in a separate Nix expression from `pkgs/all-packages.nix`, you need to pass it as a function argument.) Specifying a `name` and a `src` is the absolute minimum Nix requires. For convenience, you can also use `pname` and `version` attributes and `mkDerivation` will automatically set `name` to `"${pname}-${version}"` by default. Since [RFC 0035](https://github.com/NixOS/rfcs/pull/35), this is preferred for packages in Nixpkgs, as it allows us to reuse the version easily:
|
(`stdenv` needs to be in scope, so if you write this in a separate Nix expression from `pkgs/all-packages.nix`, you need to pass it as a function argument.) Specifying a `name` and a `src` is the absolute minimum Nix requires. For convenience, you can also use `pname` and `version` attributes and `mkDerivation` will automatically set `name` to `"${pname}-${version}"` by default.
|
||||||
|
**Since [RFC 0035](https://github.com/NixOS/rfcs/pull/35), this is preferred for packages in Nixpkgs**, as it allows us to reuse the version easily:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
|
@ -33,7 +34,8 @@ Many packages have dependencies that are not provided in the standard environmen
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "libfoo-1.2.3";
|
pname = "libfoo";
|
||||||
|
version = "1.2.3";
|
||||||
...
|
...
|
||||||
buildInputs = [libbar perl ncurses];
|
buildInputs = [libbar perl ncurses];
|
||||||
}
|
}
|
||||||
|
@ -45,7 +47,8 @@ Often it is necessary to override or modify some aspect of the build. To make th
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "fnord-4.5";
|
pname = "fnord";
|
||||||
|
version = "4.5";
|
||||||
...
|
...
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
gcc foo.c -o foo
|
gcc foo.c -o foo
|
||||||
|
@ -65,7 +68,8 @@ While the standard environment provides a generic builder, you can still supply
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "libfoo-1.2.3";
|
pname = "libfoo";
|
||||||
|
version = "1.2.3";
|
||||||
...
|
...
|
||||||
builder = ./builder.sh;
|
builder = ./builder.sh;
|
||||||
}
|
}
|
||||||
|
|
2
third_party/nixpkgs/lib/attrsets.nix
vendored
2
third_party/nixpkgs/lib/attrsets.nix
vendored
|
@ -9,7 +9,7 @@ let
|
||||||
in
|
in
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr;
|
inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr removeAttrs;
|
||||||
|
|
||||||
|
|
||||||
/* Return an attribute from nested attribute sets.
|
/* Return an attribute from nested attribute sets.
|
||||||
|
|
77
third_party/nixpkgs/lib/generators.nix
vendored
77
third_party/nixpkgs/lib/generators.nix
vendored
|
@ -426,4 +426,81 @@ ${expr "" v}
|
||||||
abort "generators.toDhall: cannot convert a null to Dhall"
|
abort "generators.toDhall: cannot convert a null to Dhall"
|
||||||
else
|
else
|
||||||
builtins.toJSON v;
|
builtins.toJSON v;
|
||||||
|
|
||||||
|
/*
|
||||||
|
Translate a simple Nix expression to Lua representation with occasional
|
||||||
|
Lua-inlines that can be construted by mkLuaInline function.
|
||||||
|
|
||||||
|
Configuration:
|
||||||
|
* multiline - by default is true which results in indented block-like view.
|
||||||
|
* indent - initial indent.
|
||||||
|
|
||||||
|
Attention:
|
||||||
|
Regardless of multiline parameter there is no trailing newline.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
generators.toLua {}
|
||||||
|
{
|
||||||
|
cmd = [ "typescript-language-server" "--stdio" ];
|
||||||
|
settings.workspace.library = mkLuaInline ''vim.api.nvim_get_runtime_file("", true)'';
|
||||||
|
}
|
||||||
|
->
|
||||||
|
{
|
||||||
|
["cmd"] = {
|
||||||
|
"typescript-language-server",
|
||||||
|
"--stdio"
|
||||||
|
},
|
||||||
|
["settings"] = {
|
||||||
|
["workspace"] = {
|
||||||
|
["library"] = (vim.api.nvim_get_runtime_file("", true))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Type:
|
||||||
|
toLua :: AttrSet -> Any -> String
|
||||||
|
*/
|
||||||
|
toLua = {
|
||||||
|
/* If this option is true, the output is indented with newlines for attribute sets and lists */
|
||||||
|
multiline ? true,
|
||||||
|
/* Initial indentation level */
|
||||||
|
indent ? ""
|
||||||
|
}@args: v:
|
||||||
|
with builtins;
|
||||||
|
let
|
||||||
|
innerIndent = "${indent} ";
|
||||||
|
introSpace = if multiline then "\n${innerIndent}" else " ";
|
||||||
|
outroSpace = if multiline then "\n${indent}" else " ";
|
||||||
|
innerArgs = args // { indent = innerIndent; };
|
||||||
|
concatItems = concatStringsSep ",${introSpace}";
|
||||||
|
isLuaInline = { _type ? null, ... }: _type == "lua-inline";
|
||||||
|
in
|
||||||
|
if v == null then
|
||||||
|
"nil"
|
||||||
|
else if isInt v || isFloat v || isString v || isBool v then
|
||||||
|
builtins.toJSON v
|
||||||
|
else if isList v then
|
||||||
|
(if v == [ ] then "{}" else
|
||||||
|
"{${introSpace}${concatItems (map (value: "${toLua innerArgs value}") v)}${outroSpace}}")
|
||||||
|
else if isAttrs v then
|
||||||
|
(
|
||||||
|
if isLuaInline v then
|
||||||
|
"(${v.expr})"
|
||||||
|
else if v == { } then
|
||||||
|
"{}"
|
||||||
|
else
|
||||||
|
"{${introSpace}${concatItems (
|
||||||
|
lib.attrsets.mapAttrsToList (key: value: "[${builtins.toJSON key}] = ${toLua innerArgs value}") v
|
||||||
|
)}${outroSpace}}"
|
||||||
|
)
|
||||||
|
else
|
||||||
|
abort "generators.toLua: type ${typeOf v} is unsupported";
|
||||||
|
|
||||||
|
/*
|
||||||
|
Mark string as Lua expression to be inlined when processed by toLua.
|
||||||
|
|
||||||
|
Type:
|
||||||
|
mkLuaInline :: String -> AttrSet
|
||||||
|
*/
|
||||||
|
mkLuaInline = expr: { _type = "lua-inline"; inherit expr; };
|
||||||
}
|
}
|
||||||
|
|
2
third_party/nixpkgs/lib/systems/default.nix
vendored
2
third_party/nixpkgs/lib/systems/default.nix
vendored
|
@ -136,6 +136,7 @@ rec {
|
||||||
else if final.isPower then "powerpc"
|
else if final.isPower then "powerpc"
|
||||||
else if final.isRiscV then "riscv"
|
else if final.isRiscV then "riscv"
|
||||||
else if final.isS390 then "s390"
|
else if final.isS390 then "s390"
|
||||||
|
else if final.isLoongArch64 then "loongarch"
|
||||||
else final.parsed.cpu.name;
|
else final.parsed.cpu.name;
|
||||||
|
|
||||||
qemuArch =
|
qemuArch =
|
||||||
|
@ -185,6 +186,7 @@ rec {
|
||||||
pulseSupport = false;
|
pulseSupport = false;
|
||||||
smbdSupport = false;
|
smbdSupport = false;
|
||||||
seccompSupport = false;
|
seccompSupport = false;
|
||||||
|
enableDocs = false;
|
||||||
hostCpuTargets = [ "${final.qemuArch}-linux-user" ];
|
hostCpuTargets = [ "${final.qemuArch}-linux-user" ];
|
||||||
};
|
};
|
||||||
wine = (pkgs.winePackagesFor "wine${toString final.parsed.cpu.bits}").minimal;
|
wine = (pkgs.winePackagesFor "wine${toString final.parsed.cpu.bits}").minimal;
|
||||||
|
|
3
third_party/nixpkgs/lib/systems/doubles.nix
vendored
3
third_party/nixpkgs/lib/systems/doubles.nix
vendored
|
@ -26,7 +26,7 @@ let
|
||||||
|
|
||||||
# Linux
|
# Linux
|
||||||
"aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux"
|
"aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux"
|
||||||
"armv7l-linux" "i686-linux" "m68k-linux" "microblaze-linux"
|
"armv7l-linux" "i686-linux" "loongarch64-linux" "m68k-linux" "microblaze-linux"
|
||||||
"microblazeel-linux" "mipsel-linux" "mips64el-linux" "powerpc64-linux"
|
"microblazeel-linux" "mipsel-linux" "mips64el-linux" "powerpc64-linux"
|
||||||
"powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux"
|
"powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux"
|
||||||
"s390x-linux" "x86_64-linux"
|
"s390x-linux" "x86_64-linux"
|
||||||
|
@ -86,6 +86,7 @@ in {
|
||||||
m68k = filterDoubles predicates.isM68k;
|
m68k = filterDoubles predicates.isM68k;
|
||||||
s390 = filterDoubles predicates.isS390;
|
s390 = filterDoubles predicates.isS390;
|
||||||
s390x = filterDoubles predicates.isS390x;
|
s390x = filterDoubles predicates.isS390x;
|
||||||
|
loongarch64 = filterDoubles predicates.isLoongArch64;
|
||||||
js = filterDoubles predicates.isJavaScript;
|
js = filterDoubles predicates.isJavaScript;
|
||||||
|
|
||||||
bigEndian = filterDoubles predicates.isBigEndian;
|
bigEndian = filterDoubles predicates.isBigEndian;
|
||||||
|
|
4
third_party/nixpkgs/lib/systems/examples.nix
vendored
4
third_party/nixpkgs/lib/systems/examples.nix
vendored
|
@ -90,6 +90,10 @@ rec {
|
||||||
config = "mipsel-unknown-linux-gnu";
|
config = "mipsel-unknown-linux-gnu";
|
||||||
} // platforms.fuloong2f_n32;
|
} // platforms.fuloong2f_n32;
|
||||||
|
|
||||||
|
loongarch64-linux = {
|
||||||
|
config = "loongarch64-unknown-linux-gnu";
|
||||||
|
};
|
||||||
|
|
||||||
# can execute on 32bit chip
|
# can execute on 32bit chip
|
||||||
mips-linux-gnu = { config = "mips-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;
|
mips-linux-gnu = { config = "mips-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;
|
||||||
mipsel-linux-gnu = { config = "mipsel-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;
|
mipsel-linux-gnu = { config = "mipsel-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;
|
||||||
|
|
9
third_party/nixpkgs/lib/systems/inspect.nix
vendored
9
third_party/nixpkgs/lib/systems/inspect.nix
vendored
|
@ -9,6 +9,14 @@ let abis = lib.mapAttrs (_: abi: builtins.removeAttrs abi [ "assertions" ]) abis
|
||||||
rec {
|
rec {
|
||||||
# these patterns are to be matched against {host,build,target}Platform.parsed
|
# these patterns are to be matched against {host,build,target}Platform.parsed
|
||||||
patterns = rec {
|
patterns = rec {
|
||||||
|
# The patterns below are lists in sum-of-products form.
|
||||||
|
#
|
||||||
|
# Each attribute is list of product conditions; non-list values are treated
|
||||||
|
# as a singleton list. If *any* product condition in the list matches then
|
||||||
|
# the predicate matches. Each product condition is tested by
|
||||||
|
# `lib.attrsets.matchAttrs`, which requires a match on *all* attributes of
|
||||||
|
# the product.
|
||||||
|
|
||||||
isi686 = { cpu = cpuTypes.i686; };
|
isi686 = { cpu = cpuTypes.i686; };
|
||||||
isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
|
isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
|
||||||
isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
|
isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
|
||||||
|
@ -49,6 +57,7 @@ rec {
|
||||||
isM68k = { cpu = { family = "m68k"; }; };
|
isM68k = { cpu = { family = "m68k"; }; };
|
||||||
isS390 = { cpu = { family = "s390"; }; };
|
isS390 = { cpu = { family = "s390"; }; };
|
||||||
isS390x = { cpu = { family = "s390"; bits = 64; }; };
|
isS390x = { cpu = { family = "s390"; bits = 64; }; };
|
||||||
|
isLoongArch64 = { cpu = { family = "loongarch"; bits = 64; }; };
|
||||||
isJavaScript = { cpu = cpuTypes.javascript; };
|
isJavaScript = { cpu = cpuTypes.javascript; };
|
||||||
|
|
||||||
is32bit = { cpu = { bits = 32; }; };
|
is32bit = { cpu = { bits = 32; }; };
|
||||||
|
|
2
third_party/nixpkgs/lib/systems/parse.nix
vendored
2
third_party/nixpkgs/lib/systems/parse.nix
vendored
|
@ -131,6 +131,8 @@ rec {
|
||||||
|
|
||||||
or1k = { bits = 32; significantByte = bigEndian; family = "or1k"; };
|
or1k = { bits = 32; significantByte = bigEndian; family = "or1k"; };
|
||||||
|
|
||||||
|
loongarch64 = { bits = 64; significantByte = littleEndian; family = "loongarch"; };
|
||||||
|
|
||||||
javascript = { bits = 32; significantByte = littleEndian; family = "javascript"; };
|
javascript = { bits = 32; significantByte = littleEndian; family = "javascript"; };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
66
third_party/nixpkgs/lib/tests/misc.nix
vendored
66
third_party/nixpkgs/lib/tests/misc.nix
vendored
|
@ -915,6 +915,72 @@ runTests {
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
testToLuaEmptyAttrSet = {
|
||||||
|
expr = generators.toLua {} {};
|
||||||
|
expected = ''{}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testToLuaEmptyList = {
|
||||||
|
expr = generators.toLua {} [];
|
||||||
|
expected = ''{}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testToLuaListOfVariousTypes = {
|
||||||
|
expr = generators.toLua {} [ null 43 3.14159 true ];
|
||||||
|
expected = ''
|
||||||
|
{
|
||||||
|
nil,
|
||||||
|
43,
|
||||||
|
3.14159,
|
||||||
|
true
|
||||||
|
}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testToLuaString = {
|
||||||
|
expr = generators.toLua {} ''double-quote (") and single quotes (')'';
|
||||||
|
expected = ''"double-quote (\") and single quotes (')"'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testToLuaAttrsetWithLuaInline = {
|
||||||
|
expr = generators.toLua {} { x = generators.mkLuaInline ''"abc" .. "def"''; };
|
||||||
|
expected = ''
|
||||||
|
{
|
||||||
|
["x"] = ("abc" .. "def")
|
||||||
|
}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testToLuaAttrsetWithSpaceInKey = {
|
||||||
|
expr = generators.toLua {} { "some space and double-quote (\")" = 42; };
|
||||||
|
expected = ''
|
||||||
|
{
|
||||||
|
["some space and double-quote (\")"] = 42
|
||||||
|
}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testToLuaWithoutMultiline = {
|
||||||
|
expr = generators.toLua { multiline = false; } [ 41 43 ];
|
||||||
|
expected = ''{ 41, 43 }'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testToLuaBasicExample = {
|
||||||
|
expr = generators.toLua {} {
|
||||||
|
cmd = [ "typescript-language-server" "--stdio" ];
|
||||||
|
settings.workspace.library = generators.mkLuaInline ''vim.api.nvim_get_runtime_file("", true)'';
|
||||||
|
};
|
||||||
|
expected = ''
|
||||||
|
{
|
||||||
|
["cmd"] = {
|
||||||
|
"typescript-language-server",
|
||||||
|
"--stdio"
|
||||||
|
},
|
||||||
|
["settings"] = {
|
||||||
|
["workspace"] = {
|
||||||
|
["library"] = (vim.api.nvim_get_runtime_file("", true))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}'';
|
||||||
|
};
|
||||||
|
|
||||||
# CLI
|
# CLI
|
||||||
|
|
||||||
testToGNUCommandLine = {
|
testToGNUCommandLine = {
|
||||||
|
|
2
third_party/nixpkgs/lib/tests/systems.nix
vendored
2
third_party/nixpkgs/lib/tests/systems.nix
vendored
|
@ -34,7 +34,7 @@ with lib.systems.doubles; lib.runTests {
|
||||||
testredox = mseteq redox [ "x86_64-redox" ];
|
testredox = mseteq redox [ "x86_64-redox" ];
|
||||||
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
|
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
|
||||||
testillumos = mseteq illumos [ "x86_64-solaris" ];
|
testillumos = mseteq illumos [ "x86_64-solaris" ];
|
||||||
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mips64el-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" "m68k-linux" "s390-linux" "s390x-linux" "microblaze-linux" "microblazeel-linux" ];
|
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mips64el-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" "m68k-linux" "s390-linux" "s390x-linux" "microblaze-linux" "microblazeel-linux" "loongarch64-linux" ];
|
||||||
testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "m68k-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ];
|
testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "m68k-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ];
|
||||||
testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
|
testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
|
||||||
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];
|
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];
|
||||||
|
|
272
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
272
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -101,6 +101,13 @@
|
||||||
github = "0xd61";
|
github = "0xd61";
|
||||||
githubId = 8351869;
|
githubId = 8351869;
|
||||||
};
|
};
|
||||||
|
_0xMRTT = {
|
||||||
|
email = "0xMRTT@proton.me";
|
||||||
|
name = "0xMRTT";
|
||||||
|
github = "0xMRTT";
|
||||||
|
githubId = 105598867;
|
||||||
|
matrix = "@0xmrtt:envs.net";
|
||||||
|
};
|
||||||
_1000101 = {
|
_1000101 = {
|
||||||
email = "b1000101@pm.me";
|
email = "b1000101@pm.me";
|
||||||
github = "1000101";
|
github = "1000101";
|
||||||
|
@ -1054,6 +1061,16 @@
|
||||||
githubId = 1342360;
|
githubId = 1342360;
|
||||||
name = "Andrew Morgan";
|
name = "Andrew Morgan";
|
||||||
};
|
};
|
||||||
|
anpin = {
|
||||||
|
email = "pavel@anpin.fyi";
|
||||||
|
github = "anpin";
|
||||||
|
githubId = 6060545;
|
||||||
|
matrix = "@anpin:matrix.org";
|
||||||
|
name = "Pavel Anpin";
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "06E8 4FF6 0CCF 7AFD 5101 76C9 0FBC D3EE 6310 7407";
|
||||||
|
}];
|
||||||
|
};
|
||||||
anpryl = {
|
anpryl = {
|
||||||
email = "anpryl@gmail.com";
|
email = "anpryl@gmail.com";
|
||||||
github = "anpryl";
|
github = "anpryl";
|
||||||
|
@ -1124,6 +1141,16 @@
|
||||||
githubId = 73002165;
|
githubId = 73002165;
|
||||||
name = "apfelkuchen6";
|
name = "apfelkuchen6";
|
||||||
};
|
};
|
||||||
|
aplund = {
|
||||||
|
email = "austin.lund@gmail.com";
|
||||||
|
matrix = "@aplund:matrix.org";
|
||||||
|
github = "aplund";
|
||||||
|
githubId = 1369436;
|
||||||
|
name = "Austin Lund";
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "7083 E268 4BFD 845F 2B84 9E74 B695 8918 ED23 32CE";
|
||||||
|
}];
|
||||||
|
};
|
||||||
applePrincess = {
|
applePrincess = {
|
||||||
email = "appleprincess@appleprincess.io";
|
email = "appleprincess@appleprincess.io";
|
||||||
github = "applePrincess";
|
github = "applePrincess";
|
||||||
|
@ -3287,9 +3314,12 @@
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
cyntheticfox = {
|
cyntheticfox = {
|
||||||
email = "houstdav000@gmail.com";
|
email = "cyntheticfox@gh0st.sh";
|
||||||
github = "cyntheticfox";
|
github = "cyntheticfox";
|
||||||
githubId = 17628961;
|
githubId = 17628961;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "73C1 C5DF 51E7 BB92 85E9 A262 5960 278C E235 F821";
|
||||||
|
}];
|
||||||
matrix = "@houstdav000:gh0st.ems.host";
|
matrix = "@houstdav000:gh0st.ems.host";
|
||||||
name = "Cynthia Fox";
|
name = "Cynthia Fox";
|
||||||
};
|
};
|
||||||
|
@ -3508,10 +3538,16 @@
|
||||||
};
|
};
|
||||||
davidcromp = {
|
davidcromp = {
|
||||||
email = "davidcrompton1192@gmail.com";
|
email = "davidcrompton1192@gmail.com";
|
||||||
github = "DavidCromp";
|
github = "CyborgPotato";
|
||||||
githubId = 10701143;
|
githubId = 10701143;
|
||||||
name = "David Crompton";
|
name = "David Crompton";
|
||||||
};
|
};
|
||||||
|
david-hamelin = {
|
||||||
|
email = "david.hamelin@outlook.fr";
|
||||||
|
github = "HamelinDavid";
|
||||||
|
githubId = 118536343;
|
||||||
|
name = "David Hamelin";
|
||||||
|
};
|
||||||
davidrusu = {
|
davidrusu = {
|
||||||
email = "davidrusu.me@gmail.com";
|
email = "davidrusu.me@gmail.com";
|
||||||
github = "davidrusu";
|
github = "davidrusu";
|
||||||
|
@ -3533,6 +3569,12 @@
|
||||||
fingerprint = "5B08 313C 6853 E5BF FA91 A817 0176 0B4F 9F53 F154";
|
fingerprint = "5B08 313C 6853 E5BF FA91 A817 0176 0B4F 9F53 F154";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
davisrichard437 = {
|
||||||
|
email = "davisrichard437@gmail.com";
|
||||||
|
github = "davisrichard437";
|
||||||
|
githubId = 85075437;
|
||||||
|
name = "Richard Davis";
|
||||||
|
};
|
||||||
davorb = {
|
davorb = {
|
||||||
email = "davor@davor.se";
|
email = "davor@davor.se";
|
||||||
github = "davorb";
|
github = "davorb";
|
||||||
|
@ -4143,6 +4185,16 @@
|
||||||
githubId = 1931963;
|
githubId = 1931963;
|
||||||
name = "David Sferruzza";
|
name = "David Sferruzza";
|
||||||
};
|
};
|
||||||
|
dsuetin = {
|
||||||
|
name = "Danil Suetin";
|
||||||
|
email = "suetin085@gmail.com";
|
||||||
|
matrix = "@dani0854:matrix.org";
|
||||||
|
github = "dani0854";
|
||||||
|
githubId = 32674935;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "6CC2 D713 6703 0D86 CA29 C71F 23B5 AA6F A374 F2FE";
|
||||||
|
}];
|
||||||
|
};
|
||||||
dsymbol = {
|
dsymbol = {
|
||||||
name = "dsymbol";
|
name = "dsymbol";
|
||||||
github = "dsymbol";
|
github = "dsymbol";
|
||||||
|
@ -4482,6 +4534,7 @@
|
||||||
};
|
};
|
||||||
elvishjerricco = {
|
elvishjerricco = {
|
||||||
email = "elvishjerricco@gmail.com";
|
email = "elvishjerricco@gmail.com";
|
||||||
|
matrix = "@elvishjerricco:matrix.org";
|
||||||
github = "ElvishJerricco";
|
github = "ElvishJerricco";
|
||||||
githubId = 1365692;
|
githubId = 1365692;
|
||||||
name = "Will Fancher";
|
name = "Will Fancher";
|
||||||
|
@ -4806,7 +4859,7 @@
|
||||||
name = "Eric Evenchick";
|
name = "Eric Evenchick";
|
||||||
};
|
};
|
||||||
evenbrenden = {
|
evenbrenden = {
|
||||||
email = "evenbrenden@gmail.com";
|
email = "packages@anythingexternal.com";
|
||||||
github = "evenbrenden";
|
github = "evenbrenden";
|
||||||
githubId = 2512008;
|
githubId = 2512008;
|
||||||
name = "Even Brenden";
|
name = "Even Brenden";
|
||||||
|
@ -5096,6 +5149,12 @@
|
||||||
github = "fkautz";
|
github = "fkautz";
|
||||||
githubId = 135706;
|
githubId = 135706;
|
||||||
};
|
};
|
||||||
|
FlafyDev = {
|
||||||
|
name = "Flafy Arazi";
|
||||||
|
email = "flafyarazi@gmail.com";
|
||||||
|
github = "FlafyDev";
|
||||||
|
githubId = 44374434;
|
||||||
|
};
|
||||||
Flakebi = {
|
Flakebi = {
|
||||||
email = "flakebi@t-online.de";
|
email = "flakebi@t-online.de";
|
||||||
github = "Flakebi";
|
github = "Flakebi";
|
||||||
|
@ -5118,6 +5177,13 @@
|
||||||
githubId = 66178592;
|
githubId = 66178592;
|
||||||
name = "Pavel Zolotarevskiy";
|
name = "Pavel Zolotarevskiy";
|
||||||
};
|
};
|
||||||
|
flexiondotorg = {
|
||||||
|
name = "Martin Wimpress";
|
||||||
|
email = "martin@wimpress.org";
|
||||||
|
matrix = "@wimpress:matrix.org";
|
||||||
|
github = "flexiondotorg";
|
||||||
|
githubId = 304639;
|
||||||
|
};
|
||||||
fliegendewurst = {
|
fliegendewurst = {
|
||||||
email = "arne.keller@posteo.de";
|
email = "arne.keller@posteo.de";
|
||||||
github = "FliegendeWurst";
|
github = "FliegendeWurst";
|
||||||
|
@ -5463,6 +5529,11 @@
|
||||||
githubId = 2430469;
|
githubId = 2430469;
|
||||||
name = "Gavin Rogers";
|
name = "Gavin Rogers";
|
||||||
};
|
};
|
||||||
|
gaykitty = {
|
||||||
|
github = "gaykitty";
|
||||||
|
githubId = 126119280;
|
||||||
|
name = "Kitty Pride";
|
||||||
|
};
|
||||||
gazally = {
|
gazally = {
|
||||||
email = "gazally@runbox.com";
|
email = "gazally@runbox.com";
|
||||||
github = "gazally";
|
github = "gazally";
|
||||||
|
@ -5542,6 +5613,12 @@
|
||||||
fingerprint = "D0CF 440A A703 E0F9 73CB A078 82BB 70D5 41AE 2DB4";
|
fingerprint = "D0CF 440A A703 E0F9 73CB A078 82BB 70D5 41AE 2DB4";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
geri1701 = {
|
||||||
|
email = "geri@sdf.org";
|
||||||
|
github = "geri1701";
|
||||||
|
githubId = 67984144;
|
||||||
|
name = "Gerhard Schwanzer";
|
||||||
|
};
|
||||||
gerschtli = {
|
gerschtli = {
|
||||||
email = "tobias.happ@gmx.de";
|
email = "tobias.happ@gmx.de";
|
||||||
github = "Gerschtli";
|
github = "Gerschtli";
|
||||||
|
@ -5901,6 +5978,12 @@
|
||||||
fingerprint = "F7D3 7890 228A 9074 40E1 FD48 46B9 228E 814A 2AAC";
|
fingerprint = "F7D3 7890 228A 9074 40E1 FD48 46B9 228E 814A 2AAC";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
hacker1024 = {
|
||||||
|
name = "hacker1024";
|
||||||
|
email = "hacker1024@users.sourceforge.net";
|
||||||
|
github = "hacker1024";
|
||||||
|
githubId = 20849728;
|
||||||
|
};
|
||||||
hagl = {
|
hagl = {
|
||||||
email = "harald@glie.be";
|
email = "harald@glie.be";
|
||||||
github = "hagl";
|
github = "hagl";
|
||||||
|
@ -6062,6 +6145,12 @@
|
||||||
githubId = 2405974;
|
githubId = 2405974;
|
||||||
name = "Sébastian Méric de Bellefon";
|
name = "Sébastian Méric de Bellefon";
|
||||||
};
|
};
|
||||||
|
hellwolf = {
|
||||||
|
email = "zhicheng.miao@gmail.com";
|
||||||
|
github = "hellwolf";
|
||||||
|
githubId = 186660;
|
||||||
|
name = "Miao, ZhiCheng";
|
||||||
|
};
|
||||||
henkery = {
|
henkery = {
|
||||||
email = "jim@reupload.nl";
|
email = "jim@reupload.nl";
|
||||||
github = "henkery";
|
github = "henkery";
|
||||||
|
@ -6264,6 +6353,12 @@
|
||||||
githubId = 53281855;
|
githubId = 53281855;
|
||||||
name = "hqurve";
|
name = "hqurve";
|
||||||
};
|
};
|
||||||
|
hraban = {
|
||||||
|
email = "hraban@0brg.net";
|
||||||
|
github = "hraban";
|
||||||
|
githubId = 137852;
|
||||||
|
name = "Hraban Luyat";
|
||||||
|
};
|
||||||
hrdinka = {
|
hrdinka = {
|
||||||
email = "c.nix@hrdinka.at";
|
email = "c.nix@hrdinka.at";
|
||||||
github = "hrdinka";
|
github = "hrdinka";
|
||||||
|
@ -6634,6 +6729,12 @@
|
||||||
githubId = 54999;
|
githubId = 54999;
|
||||||
name = "Ariel Nunez";
|
name = "Ariel Nunez";
|
||||||
};
|
};
|
||||||
|
ionutnechita = {
|
||||||
|
email = "ionut_n2001@yahoo.com";
|
||||||
|
github = "ionutnechita";
|
||||||
|
githubId = 9405900;
|
||||||
|
name = "Ionut Nechita";
|
||||||
|
};
|
||||||
iopq = {
|
iopq = {
|
||||||
email = "iop_jr@yahoo.com";
|
email = "iop_jr@yahoo.com";
|
||||||
github = "iopq";
|
github = "iopq";
|
||||||
|
@ -6701,6 +6802,12 @@
|
||||||
fingerprint = "6BD3 7248 30BD 941E 9180 C1A3 3A33 FA4C 82ED 674F";
|
fingerprint = "6BD3 7248 30BD 941E 9180 C1A3 3A33 FA4C 82ED 674F";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
ivanmoreau = {
|
||||||
|
email = "Iván Molina Rebolledo";
|
||||||
|
github = "ivanmoreau";
|
||||||
|
githubId = 10843250;
|
||||||
|
name = "ivan@ivmoreau.com";
|
||||||
|
};
|
||||||
ivan-timokhin = {
|
ivan-timokhin = {
|
||||||
email = "nixpkgs@ivan.timokhin.name";
|
email = "nixpkgs@ivan.timokhin.name";
|
||||||
name = "Ivan Timokhin";
|
name = "Ivan Timokhin";
|
||||||
|
@ -6874,6 +6981,12 @@
|
||||||
githubId = 6874204;
|
githubId = 6874204;
|
||||||
name = "Jason Carr";
|
name = "Jason Carr";
|
||||||
};
|
};
|
||||||
|
jasonodoom = {
|
||||||
|
email = "jasonodoom@riseup.net";
|
||||||
|
github = "jasonodoom";
|
||||||
|
githubId = 6789916;
|
||||||
|
name = "Jason Odoom";
|
||||||
|
};
|
||||||
javaguirre = {
|
javaguirre = {
|
||||||
email = "contacto@javaguirre.net";
|
email = "contacto@javaguirre.net";
|
||||||
github = "javaguirre";
|
github = "javaguirre";
|
||||||
|
@ -8090,6 +8203,12 @@
|
||||||
githubId = 843652;
|
githubId = 843652;
|
||||||
name = "Kim Burgess";
|
name = "Kim Burgess";
|
||||||
};
|
};
|
||||||
|
kindrowboat = {
|
||||||
|
email = "hello@kindrobot.ca";
|
||||||
|
github = "kindrowboat";
|
||||||
|
githubId = 777773;
|
||||||
|
name = "Stef Dunlap";
|
||||||
|
};
|
||||||
kini = {
|
kini = {
|
||||||
email = "keshav.kini@gmail.com";
|
email = "keshav.kini@gmail.com";
|
||||||
github = "kini";
|
github = "kini";
|
||||||
|
@ -8121,6 +8240,11 @@
|
||||||
githubId = 12160;
|
githubId = 12160;
|
||||||
name = "Kirill Radzikhovskyy";
|
name = "Kirill Radzikhovskyy";
|
||||||
};
|
};
|
||||||
|
kiskae = {
|
||||||
|
github = "Kiskae";
|
||||||
|
githubId = 546681;
|
||||||
|
name = "Jeroen van Leusen";
|
||||||
|
};
|
||||||
kisonecat = {
|
kisonecat = {
|
||||||
email = "kisonecat@gmail.com";
|
email = "kisonecat@gmail.com";
|
||||||
github = "kisonecat";
|
github = "kisonecat";
|
||||||
|
@ -8339,7 +8463,7 @@
|
||||||
};
|
};
|
||||||
kristian-brucaj = {
|
kristian-brucaj = {
|
||||||
email = "kbrucaj@gmail.com";
|
email = "kbrucaj@gmail.com";
|
||||||
github = "Kristian-Brucaj";
|
github = "Flameslice";
|
||||||
githubId = 8893110;
|
githubId = 8893110;
|
||||||
name = "Kristian Brucaj";
|
name = "Kristian Brucaj";
|
||||||
};
|
};
|
||||||
|
@ -8415,6 +8539,12 @@
|
||||||
githubId = 2422454;
|
githubId = 2422454;
|
||||||
name = "Kai Wohlfahrt";
|
name = "Kai Wohlfahrt";
|
||||||
};
|
};
|
||||||
|
kylehendricks = {
|
||||||
|
name = "Kyle Hendricks";
|
||||||
|
email = "kyle-github@mail.hendricks.nu";
|
||||||
|
github = "kylehendricks";
|
||||||
|
githubId = 981958;
|
||||||
|
};
|
||||||
kyleondy = {
|
kyleondy = {
|
||||||
email = "kyle@ondy.org";
|
email = "kyle@ondy.org";
|
||||||
github = "KyleOndy";
|
github = "KyleOndy";
|
||||||
|
@ -8747,6 +8877,12 @@
|
||||||
githubId = 3696783;
|
githubId = 3696783;
|
||||||
name = "Leroy Hopson";
|
name = "Leroy Hopson";
|
||||||
};
|
};
|
||||||
|
lillycham = {
|
||||||
|
email = "lillycat332@gmail.com";
|
||||||
|
github = "lillycat332";
|
||||||
|
githubId = 54189319;
|
||||||
|
name = "Lilly Cham";
|
||||||
|
};
|
||||||
lilyball = {
|
lilyball = {
|
||||||
email = "lily@sb.org";
|
email = "lily@sb.org";
|
||||||
github = "lilyball";
|
github = "lilyball";
|
||||||
|
@ -9161,6 +9297,13 @@
|
||||||
githubId = 2057309;
|
githubId = 2057309;
|
||||||
name = "Sergey Sofeychuk";
|
name = "Sergey Sofeychuk";
|
||||||
};
|
};
|
||||||
|
lx = {
|
||||||
|
email = "alex@adnab.me";
|
||||||
|
github = "Alexis211";
|
||||||
|
githubId = 101484;
|
||||||
|
matrix = "@lx:deuxfleurs.fr";
|
||||||
|
name = "Alex Auvolat";
|
||||||
|
};
|
||||||
lxea = {
|
lxea = {
|
||||||
email = "nix@amk.ie";
|
email = "nix@amk.ie";
|
||||||
github = "lxea";
|
github = "lxea";
|
||||||
|
@ -9493,7 +9636,7 @@
|
||||||
mateodd25 = {
|
mateodd25 = {
|
||||||
email = "mateodd@icloud.com";
|
email = "mateodd@icloud.com";
|
||||||
github = "mateodd25";
|
github = "mateodd25";
|
||||||
githubId = 854770;
|
githubId = 7878181;
|
||||||
name = "Mateo Diaz";
|
name = "Mateo Diaz";
|
||||||
};
|
};
|
||||||
math-42 = {
|
math-42 = {
|
||||||
|
@ -10504,6 +10647,12 @@
|
||||||
githubId = 133448;
|
githubId = 133448;
|
||||||
name = "Mikołaj Siedlarek";
|
name = "Mikołaj Siedlarek";
|
||||||
};
|
};
|
||||||
|
mslingsby = {
|
||||||
|
email = "morten.slingsby@eviny.no";
|
||||||
|
github = "MortenSlingsby";
|
||||||
|
githubId = 111859550;
|
||||||
|
name = "Morten Slingsby";
|
||||||
|
};
|
||||||
msm = {
|
msm = {
|
||||||
email = "msm@tailcall.net";
|
email = "msm@tailcall.net";
|
||||||
github = "msm-code";
|
github = "msm-code";
|
||||||
|
@ -10794,6 +10943,12 @@
|
||||||
githubId = 137805;
|
githubId = 137805;
|
||||||
name = "Alexander Tsvyashchenko";
|
name = "Alexander Tsvyashchenko";
|
||||||
};
|
};
|
||||||
|
ne9z = {
|
||||||
|
email = "yuchen@apvc.uk";
|
||||||
|
github = "ne9z";
|
||||||
|
githubId = 77314501;
|
||||||
|
name = "Maurice Zhou";
|
||||||
|
};
|
||||||
nebulka = {
|
nebulka = {
|
||||||
email = "arapun@proton.me";
|
email = "arapun@proton.me";
|
||||||
github = "nebulka1";
|
github = "nebulka1";
|
||||||
|
@ -10889,6 +11044,16 @@
|
||||||
githubId = 34162313;
|
githubId = 34162313;
|
||||||
name = "Jason Wing";
|
name = "Jason Wing";
|
||||||
};
|
};
|
||||||
|
netfox = {
|
||||||
|
name = "netfox";
|
||||||
|
email = "say-hi@netfox.rip";
|
||||||
|
matrix = "@netfox:catgirl.cloud";
|
||||||
|
github = "0xnetfox";
|
||||||
|
githubId = 97521402;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "E8E9 43D7 EB83 DB77 E41C D87F 9C77 CB70 F2E6 3EF7";
|
||||||
|
}];
|
||||||
|
};
|
||||||
netixx = {
|
netixx = {
|
||||||
email = "dev.espinetfrancois@gmail.com";
|
email = "dev.espinetfrancois@gmail.com";
|
||||||
github = "netixx";
|
github = "netixx";
|
||||||
|
@ -11183,6 +11348,12 @@
|
||||||
githubId = 3521180;
|
githubId = 3521180;
|
||||||
name = "Tom Sydney Kerckhove";
|
name = "Tom Sydney Kerckhove";
|
||||||
};
|
};
|
||||||
|
NotAShelf = {
|
||||||
|
name = "NotAShelf";
|
||||||
|
email = "itsashelf@gmail.com";
|
||||||
|
github = "NotAShelf";
|
||||||
|
githubId = 62766066;
|
||||||
|
};
|
||||||
notbandali = {
|
notbandali = {
|
||||||
name = "Amin Bandali";
|
name = "Amin Bandali";
|
||||||
email = "bandali@gnu.org";
|
email = "bandali@gnu.org";
|
||||||
|
@ -11374,6 +11545,15 @@
|
||||||
fingerprint = "939E F8A5 CED8 7F50 5BB5 B2D0 24BC 2738 5F70 234F";
|
fingerprint = "939E F8A5 CED8 7F50 5BB5 B2D0 24BC 2738 5F70 234F";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
oddlama = {
|
||||||
|
email = "oddlama@oddlama.org";
|
||||||
|
github = "oddlama";
|
||||||
|
githubId = 31919558;
|
||||||
|
name = "oddlama";
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "680A A614 E988 DE3E 84E0 DEFA 503F 6C06 8410 4B0A";
|
||||||
|
}];
|
||||||
|
};
|
||||||
odi = {
|
odi = {
|
||||||
email = "oliver.dunkl@gmail.com";
|
email = "oliver.dunkl@gmail.com";
|
||||||
github = "odi";
|
github = "odi";
|
||||||
|
@ -11450,6 +11630,12 @@
|
||||||
githubId = 1538622;
|
githubId = 1538622;
|
||||||
name = "Michael Reilly";
|
name = "Michael Reilly";
|
||||||
};
|
};
|
||||||
|
onedragon = {
|
||||||
|
name = "YiLong Liu";
|
||||||
|
email = "18922251299@163.com";
|
||||||
|
github = "jackyliu16";
|
||||||
|
githubId = 50787361;
|
||||||
|
};
|
||||||
onixie = {
|
onixie = {
|
||||||
email = "onixie@gmail.com";
|
email = "onixie@gmail.com";
|
||||||
github = "onixie";
|
github = "onixie";
|
||||||
|
@ -11652,6 +11838,12 @@
|
||||||
githubId = 11016164;
|
githubId = 11016164;
|
||||||
name = "Fedor Pakhomov";
|
name = "Fedor Pakhomov";
|
||||||
};
|
};
|
||||||
|
pallix = {
|
||||||
|
email = "pierre.allix.work@gmail.com";
|
||||||
|
github = "pallix";
|
||||||
|
githubId = 676838;
|
||||||
|
name = "Pierre Allix";
|
||||||
|
};
|
||||||
paluh = {
|
paluh = {
|
||||||
email = "paluho@gmail.com";
|
email = "paluho@gmail.com";
|
||||||
github = "paluh";
|
github = "paluh";
|
||||||
|
@ -11788,6 +11980,16 @@
|
||||||
githubId = 26949935;
|
githubId = 26949935;
|
||||||
name = "Pierce Bartine";
|
name = "Pierce Bartine";
|
||||||
};
|
};
|
||||||
|
pbek = {
|
||||||
|
email = "patrizio@bekerle.com";
|
||||||
|
matrix = "@patrizio:bekerle.com";
|
||||||
|
github = "pbek";
|
||||||
|
githubId = 1798101;
|
||||||
|
name = "Patrizio Bekerle";
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "E005 48D5 D6AC 812C AAD2 AFFA 9C42 B05E 5913 60DC";
|
||||||
|
}];
|
||||||
|
};
|
||||||
pblkt = {
|
pblkt = {
|
||||||
email = "pebblekite@gmail.com";
|
email = "pebblekite@gmail.com";
|
||||||
github = "pblkt";
|
github = "pblkt";
|
||||||
|
@ -11830,6 +12032,12 @@
|
||||||
githubId = 920910;
|
githubId = 920910;
|
||||||
name = "peelz";
|
name = "peelz";
|
||||||
};
|
};
|
||||||
|
pelme = {
|
||||||
|
email = "andreas@pelme.se";
|
||||||
|
github = "pelme";
|
||||||
|
githubId = 20529;
|
||||||
|
name = "Andreas Pelme";
|
||||||
|
};
|
||||||
penalty1083 = {
|
penalty1083 = {
|
||||||
email = "penalty1083@outlook.com";
|
email = "penalty1083@outlook.com";
|
||||||
github = "penalty1083";
|
github = "penalty1083";
|
||||||
|
@ -12533,6 +12741,12 @@
|
||||||
githubId = 4579165;
|
githubId = 4579165;
|
||||||
name = "Danny Bautista";
|
name = "Danny Bautista";
|
||||||
};
|
};
|
||||||
|
pyxels = {
|
||||||
|
email = "pyxels.dev@gmail.com";
|
||||||
|
github = "Pyxels";
|
||||||
|
githubId = 39232833;
|
||||||
|
name = "Jonas";
|
||||||
|
};
|
||||||
q3k = {
|
q3k = {
|
||||||
email = "q3k@q3k.org";
|
email = "q3k@q3k.org";
|
||||||
github = "q3k";
|
github = "q3k";
|
||||||
|
@ -12549,6 +12763,12 @@
|
||||||
fingerprint = "3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE";
|
fingerprint = "3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
qjoly = {
|
||||||
|
email = "github@thoughtless.eu";
|
||||||
|
github = "qjoly";
|
||||||
|
githubId = 82603435;
|
||||||
|
name = "Quentin JOLY";
|
||||||
|
};
|
||||||
qknight = {
|
qknight = {
|
||||||
email = "js@lastlog.de";
|
email = "js@lastlog.de";
|
||||||
github = "qknight";
|
github = "qknight";
|
||||||
|
@ -12580,6 +12800,15 @@
|
||||||
githubId = 1024891;
|
githubId = 1024891;
|
||||||
name = "Jens Nolte";
|
name = "Jens Nolte";
|
||||||
};
|
};
|
||||||
|
quentin = {
|
||||||
|
email = "quentin@mit.edu";
|
||||||
|
github = "quentinmit";
|
||||||
|
githubId = 115761;
|
||||||
|
name = "Quentin Smith";
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "1C71 A066 5400 AACD 142E B1A0 04EE 05A8 FCEF B697";
|
||||||
|
}];
|
||||||
|
};
|
||||||
quentini = {
|
quentini = {
|
||||||
email = "quentini@airmail.cc";
|
email = "quentini@airmail.cc";
|
||||||
github = "QuentinI";
|
github = "QuentinI";
|
||||||
|
@ -12674,6 +12903,13 @@
|
||||||
githubId = 14829269;
|
githubId = 14829269;
|
||||||
name = "Ram Kromberg";
|
name = "Ram Kromberg";
|
||||||
};
|
};
|
||||||
|
rampoina = {
|
||||||
|
email = "rampoina@protonmail.com";
|
||||||
|
matrix = "@rampoina:matrix.org";
|
||||||
|
github = "Rampoina";
|
||||||
|
githubId = 5653911;
|
||||||
|
name = "Rampoina";
|
||||||
|
};
|
||||||
ranfdev = {
|
ranfdev = {
|
||||||
email = "ranfdev@gmail.com";
|
email = "ranfdev@gmail.com";
|
||||||
name = "Lorenzo Miglietta";
|
name = "Lorenzo Miglietta";
|
||||||
|
@ -12944,6 +13180,12 @@
|
||||||
github = "ribose-jeffreylau";
|
github = "ribose-jeffreylau";
|
||||||
githubId = 2649467;
|
githubId = 2649467;
|
||||||
};
|
};
|
||||||
|
ricarch97 = {
|
||||||
|
email = "ricardo.steijn97@gmail.com";
|
||||||
|
github = "RicArch97";
|
||||||
|
githubId = 61013287;
|
||||||
|
name = "Ricardo Steijn";
|
||||||
|
};
|
||||||
richardipsum = {
|
richardipsum = {
|
||||||
email = "richardipsum@fastmail.co.uk";
|
email = "richardipsum@fastmail.co.uk";
|
||||||
github = "richardipsum";
|
github = "richardipsum";
|
||||||
|
@ -14215,7 +14457,7 @@
|
||||||
name = "Smitty van Bodegom";
|
name = "Smitty van Bodegom";
|
||||||
email = "me@smitop.com";
|
email = "me@smitop.com";
|
||||||
matrix = "@smitop:kde.org";
|
matrix = "@smitop:kde.org";
|
||||||
github = "Smittyvb";
|
github = "syvb";
|
||||||
githubId = 10530973;
|
githubId = 10530973;
|
||||||
};
|
};
|
||||||
sna = {
|
sna = {
|
||||||
|
@ -14608,10 +14850,12 @@
|
||||||
name = "Stijn DW";
|
name = "Stijn DW";
|
||||||
};
|
};
|
||||||
StillerHarpo = {
|
StillerHarpo = {
|
||||||
email = "florianengel39@gmail.com";
|
email = "engelflorian@posteo.de";
|
||||||
github = "StillerHarpo";
|
github = "StillerHarpo";
|
||||||
githubId = 25526706;
|
githubId = 25526706;
|
||||||
name = "Florian Engel";
|
name = "Florian Engel";
|
||||||
|
keys = [{ fingerprint = "4E2D9B26940E0DABF376B7AF76762421D45837DE"; }];
|
||||||
|
matrix = "@qe7ftcyrpg:matrix.org";
|
||||||
};
|
};
|
||||||
stites = {
|
stites = {
|
||||||
email = "sam@stites.io";
|
email = "sam@stites.io";
|
||||||
|
@ -14698,6 +14942,12 @@
|
||||||
githubId = 187109;
|
githubId = 187109;
|
||||||
name = "Bjarki Ágúst Guðmundsson";
|
name = "Bjarki Ágúst Guðmundsson";
|
||||||
};
|
};
|
||||||
|
surfaceflinger = {
|
||||||
|
email = "nat@nekopon.pl";
|
||||||
|
github = "surfaceflinger";
|
||||||
|
githubId = 44725111;
|
||||||
|
name = "nat";
|
||||||
|
};
|
||||||
suryasr007 = {
|
suryasr007 = {
|
||||||
email = "94suryateja@gmail.com";
|
email = "94suryateja@gmail.com";
|
||||||
github = "suryasr007";
|
github = "suryasr007";
|
||||||
|
@ -15027,6 +15277,12 @@
|
||||||
githubId = 1755789;
|
githubId = 1755789;
|
||||||
name = "Robert Irelan";
|
name = "Robert Irelan";
|
||||||
};
|
};
|
||||||
|
tennox = {
|
||||||
|
email = "tennox+nix@txlab.io";
|
||||||
|
github = "tennox";
|
||||||
|
githubId = 2084639;
|
||||||
|
name = "Manu";
|
||||||
|
};
|
||||||
teozkr = {
|
teozkr = {
|
||||||
email = "teo@nullable.se";
|
email = "teo@nullable.se";
|
||||||
github = "nightkr";
|
github = "nightkr";
|
||||||
|
@ -17175,7 +17431,7 @@
|
||||||
zseri = {
|
zseri = {
|
||||||
name = "zseri";
|
name = "zseri";
|
||||||
email = "zseri.devel@ytrizja.de";
|
email = "zseri.devel@ytrizja.de";
|
||||||
github = "zseri";
|
github = "fogti";
|
||||||
githubId = 1618343;
|
githubId = 1618343;
|
||||||
keys = [{
|
keys = [{
|
||||||
fingerprint = "7AFB C595 0D3A 77BD B00F 947B 229E 63AE 5644 A96D";
|
fingerprint = "7AFB C595 0D3A 77BD B00F 947B 229E 63AE 5644 A96D";
|
||||||
|
|
|
@ -112,6 +112,8 @@ The short version is this:
|
||||||
* We only do the merge if the [\`mergeable\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/mergeable) job is succeeding on hydra.
|
* We only do the merge if the [\`mergeable\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/mergeable) job is succeeding on hydra.
|
||||||
* If a [\`maintained\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/maintained) package is still broken at the time of merge, we will only merge if the maintainer has been pinged 7 days in advance. (If you care about a Haskell package, become a maintainer!)
|
* If a [\`maintained\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/maintained) package is still broken at the time of merge, we will only merge if the maintainer has been pinged 7 days in advance. (If you care about a Haskell package, become a maintainer!)
|
||||||
|
|
||||||
|
More information about Haskell packages in nixpkgs can be found [in the nixpkgs manual](https://nixos.org/manual/nixpkgs/unstable/#haskell).
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
This is the follow-up to #${curr_haskell_updates_pr_num}. Come to [#haskell:nixos.org](https://matrix.to/#/#haskell:nixos.org) if you have any questions.
|
This is the follow-up to #${curr_haskell_updates_pr_num}. Come to [#haskell:nixos.org](https://matrix.to/#/#haskell:nixos.org) if you have any questions.
|
||||||
|
|
|
@ -58,6 +58,7 @@ sed -r \
|
||||||
-e '/ distribution-nixpkgs /d' \
|
-e '/ distribution-nixpkgs /d' \
|
||||||
-e '/ jailbreak-cabal /d' \
|
-e '/ jailbreak-cabal /d' \
|
||||||
-e '/ language-nix /d' \
|
-e '/ language-nix /d' \
|
||||||
|
-e '/ hackage-db /d' \
|
||||||
-e '/ cabal-install /d' \
|
-e '/ cabal-install /d' \
|
||||||
-e '/ lsp /d' \
|
-e '/ lsp /d' \
|
||||||
-e '/ lsp-types /d' \
|
-e '/ lsp-types /d' \
|
||||||
|
|
|
@ -15,8 +15,29 @@
|
||||||
# password-command: pass hackage.haskell.org (this can be any command, but not an arbitrary shell expression. Like cabal we only read the first output line and ignore the rest.)
|
# password-command: pass hackage.haskell.org (this can be any command, but not an arbitrary shell expression. Like cabal we only read the first output line and ignore the rest.)
|
||||||
# Those fields are specified under `upload` on the `cabal` man page.
|
# Those fields are specified under `upload` on the `cabal` man page.
|
||||||
|
|
||||||
|
if test -z "$CABAL_DIR"; then
|
||||||
|
dirs=(
|
||||||
|
"$HOME/.cabal"
|
||||||
|
"${XDG_CONFIG_HOME:-$HOME/.config}/cabal"
|
||||||
|
)
|
||||||
|
missing=true
|
||||||
|
|
||||||
|
for dir in "${dirs[@]}"; do
|
||||||
|
if test -d "$dir"; then
|
||||||
|
export CABAL_DIR="$dir"
|
||||||
|
missing=false
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if $missing; then
|
||||||
|
echo "Could not find the cabal configuration directory in any of: ${dirs[@]}" >&2
|
||||||
|
exit 101
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
package_list="$(nix-build -A haskell.package-list)/nixos-hackage-packages.csv"
|
package_list="$(nix-build -A haskell.package-list)/nixos-hackage-packages.csv"
|
||||||
username=$(grep "^username:" ~/.cabal/config | sed "s/^username: //")
|
username=$(grep "^username:" "$CABAL_DIR/config" | sed "s/^username: //")
|
||||||
password_command=$(grep "^password-command:" ~/.cabal/config | sed "s/^password-command: //")
|
password_command=$(grep "^password-command:" "$CABAL_DIR/config" | sed "s/^password-command: //")
|
||||||
curl -u "$username:$($password_command | head -n1)" --digest -H "Content-type: text/csv" -T "$package_list" http://hackage.haskell.org/distro/NixOS/packages.csv
|
curl -u "$username:$($password_command | head -n1)" --digest -H "Content-type: text/csv" -T "$package_list" http://hackage.haskell.org/distro/NixOS/packages.csv
|
||||||
echo
|
echo
|
||||||
|
|
|
@ -40,6 +40,7 @@ lrexlib-pcre,,,,,,vyp
|
||||||
lrexlib-posix,,,,,,
|
lrexlib-posix,,,,,,
|
||||||
lua-cjson,,,,,,
|
lua-cjson,,,,,,
|
||||||
lua-cmsgpack,,,,,,
|
lua-cmsgpack,,,,,,
|
||||||
|
lua-curl,,,,,,
|
||||||
lua-iconv,,,,,,
|
lua-iconv,,,,,,
|
||||||
lua-lsp,,,,,,
|
lua-lsp,,,,,,
|
||||||
lua-messagepack,,,,,,
|
lua-messagepack,,,,,,
|
||||||
|
|
|
|
@ -1,4 +1,7 @@
|
||||||
# Used by pkgs/applications/editors/vim/plugins/update.py and pkgs/applications/editors/kakoune/plugins/update.py
|
# python library used to update plugins:
|
||||||
|
# - pkgs/applications/editors/vim/plugins/update.py
|
||||||
|
# - pkgs/applications/editors/kakoune/plugins/update.py
|
||||||
|
# - maintainers/scripts/update-luarocks-packages
|
||||||
|
|
||||||
# format:
|
# format:
|
||||||
# $ nix run nixpkgs.python3Packages.black -c black update.py
|
# $ nix run nixpkgs.python3Packages.black -c black update.py
|
||||||
|
@ -315,7 +318,7 @@ def run_nix_expr(expr):
|
||||||
with CleanEnvironment():
|
with CleanEnvironment():
|
||||||
cmd = ["nix", "eval", "--extra-experimental-features",
|
cmd = ["nix", "eval", "--extra-experimental-features",
|
||||||
"nix-command", "--impure", "--json", "--expr", expr]
|
"nix-command", "--impure", "--json", "--expr", expr]
|
||||||
log.debug("Running command %s", cmd)
|
log.debug("Running command %s", " ".join(cmd))
|
||||||
out = subprocess.check_output(cmd)
|
out = subprocess.check_output(cmd)
|
||||||
data = json.loads(out)
|
data = json.loads(out)
|
||||||
return data
|
return data
|
||||||
|
@ -344,12 +347,39 @@ class Editor:
|
||||||
self.cache_file = cache_file or f"{name}-plugin-cache.json"
|
self.cache_file = cache_file or f"{name}-plugin-cache.json"
|
||||||
self.nixpkgs_repo = None
|
self.nixpkgs_repo = None
|
||||||
|
|
||||||
|
def add(self, args):
|
||||||
|
'''CSV spec'''
|
||||||
|
log.debug("called the 'add' command")
|
||||||
|
fetch_config = FetchConfig(args.proc, args.github_token)
|
||||||
|
editor = self
|
||||||
|
for plugin_line in args.add_plugins:
|
||||||
|
log.debug("using plugin_line", plugin_line)
|
||||||
|
pdesc = PluginDesc.load_from_string(fetch_config, plugin_line)
|
||||||
|
log.debug("loaded as pdesc", pdesc)
|
||||||
|
append = [ pdesc ]
|
||||||
|
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, append=append)
|
||||||
|
plugin, _ = prefetch_plugin(pdesc, )
|
||||||
|
autocommit = not args.no_commit
|
||||||
|
if autocommit:
|
||||||
|
commit(
|
||||||
|
editor.nixpkgs_repo,
|
||||||
|
"{drv_name}: init at {version}".format(
|
||||||
|
drv_name=editor.get_drv_name(plugin.normalized_name),
|
||||||
|
version=plugin.version
|
||||||
|
),
|
||||||
|
[args.outfile, args.input_file],
|
||||||
|
)
|
||||||
|
|
||||||
|
# Expects arguments generated by 'update' subparser
|
||||||
|
def update(self, args ):
|
||||||
|
'''CSV spec'''
|
||||||
|
print("the update member function should be overriden in subclasses")
|
||||||
|
|
||||||
def get_current_plugins(self) -> List[Plugin]:
|
def get_current_plugins(self) -> List[Plugin]:
|
||||||
"""To fill the cache"""
|
"""To fill the cache"""
|
||||||
data = run_nix_expr(self.get_plugins)
|
data = run_nix_expr(self.get_plugins)
|
||||||
plugins = []
|
plugins = []
|
||||||
for name, attr in data.items():
|
for name, attr in data.items():
|
||||||
print("get_current_plugins: name %s" % name)
|
|
||||||
p = Plugin(name, attr["rev"], attr["submodules"], attr["sha256"])
|
p = Plugin(name, attr["rev"], attr["submodules"], attr["sha256"])
|
||||||
plugins.append(p)
|
plugins.append(p)
|
||||||
return plugins
|
return plugins
|
||||||
|
@ -358,7 +388,7 @@ class Editor:
|
||||||
'''CSV spec'''
|
'''CSV spec'''
|
||||||
return load_plugins_from_csv(config, plugin_file)
|
return load_plugins_from_csv(config, plugin_file)
|
||||||
|
|
||||||
def generate_nix(self, plugins, outfile: str):
|
def generate_nix(self, _plugins, _outfile: str):
|
||||||
'''Returns nothing for now, writes directly to outfile'''
|
'''Returns nothing for now, writes directly to outfile'''
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@ -395,34 +425,28 @@ class Editor:
|
||||||
return rewrite_input(*args, **kwargs)
|
return rewrite_input(*args, **kwargs)
|
||||||
|
|
||||||
def create_parser(self):
|
def create_parser(self):
|
||||||
parser = argparse.ArgumentParser(
|
common = argparse.ArgumentParser(
|
||||||
|
add_help=False,
|
||||||
description=(f"""
|
description=(f"""
|
||||||
Updates nix derivations for {self.name} plugins.\n
|
Updates nix derivations for {self.name} plugins.\n
|
||||||
By default from {self.default_in} to {self.default_out}"""
|
By default from {self.default_in} to {self.default_out}"""
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
common.add_argument(
|
||||||
"--add",
|
|
||||||
dest="add_plugins",
|
|
||||||
default=[],
|
|
||||||
action="append",
|
|
||||||
help=f"Plugin to add to {self.attr_path} from Github in the form owner/repo",
|
|
||||||
)
|
|
||||||
parser.add_argument(
|
|
||||||
"--input-names",
|
"--input-names",
|
||||||
"-i",
|
"-i",
|
||||||
dest="input_file",
|
dest="input_file",
|
||||||
default=self.default_in,
|
default=self.default_in,
|
||||||
help="A list of plugins in the form owner/repo",
|
help="A list of plugins in the form owner/repo",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
common.add_argument(
|
||||||
"--out",
|
"--out",
|
||||||
"-o",
|
"-o",
|
||||||
dest="outfile",
|
dest="outfile",
|
||||||
default=self.default_out,
|
default=self.default_out,
|
||||||
help="Filename to save generated nix code",
|
help="Filename to save generated nix code",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
common.add_argument(
|
||||||
"--proc",
|
"--proc",
|
||||||
"-p",
|
"-p",
|
||||||
dest="proc",
|
dest="proc",
|
||||||
|
@ -430,7 +454,7 @@ class Editor:
|
||||||
default=30,
|
default=30,
|
||||||
help="Number of concurrent processes to spawn. Setting --github-token allows higher values.",
|
help="Number of concurrent processes to spawn. Setting --github-token allows higher values.",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
common.add_argument(
|
||||||
"--github-token",
|
"--github-token",
|
||||||
"-t",
|
"-t",
|
||||||
type=str,
|
type=str,
|
||||||
|
@ -438,16 +462,61 @@ class Editor:
|
||||||
help="""Allows to set --proc to higher values.
|
help="""Allows to set --proc to higher values.
|
||||||
Uses GITHUB_API_TOKEN environment variables as the default value.""",
|
Uses GITHUB_API_TOKEN environment variables as the default value.""",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
common.add_argument(
|
||||||
"--no-commit", "-n", action="store_true", default=False,
|
"--no-commit", "-n", action="store_true", default=False,
|
||||||
help="Whether to autocommit changes"
|
help="Whether to autocommit changes"
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
common.add_argument(
|
||||||
"--debug", "-d", choices=LOG_LEVELS.keys(),
|
"--debug", "-d", choices=LOG_LEVELS.keys(),
|
||||||
default=logging.getLevelName(logging.WARN),
|
default=logging.getLevelName(logging.WARN),
|
||||||
help="Adjust log level"
|
help="Adjust log level"
|
||||||
)
|
)
|
||||||
return parser
|
|
||||||
|
main = argparse.ArgumentParser(
|
||||||
|
parents=[common],
|
||||||
|
description=(f"""
|
||||||
|
Updates nix derivations for {self.name} plugins.\n
|
||||||
|
By default from {self.default_in} to {self.default_out}"""
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
subparsers = main.add_subparsers(dest="command", required=False)
|
||||||
|
padd = subparsers.add_parser(
|
||||||
|
"add", parents=[],
|
||||||
|
description="Add new plugin",
|
||||||
|
add_help=False,
|
||||||
|
)
|
||||||
|
padd.set_defaults(func=self.add)
|
||||||
|
padd.add_argument(
|
||||||
|
"add_plugins",
|
||||||
|
default=None,
|
||||||
|
nargs="+",
|
||||||
|
help=f"Plugin to add to {self.attr_path} from Github in the form owner/repo",
|
||||||
|
)
|
||||||
|
|
||||||
|
pupdate = subparsers.add_parser(
|
||||||
|
"update",
|
||||||
|
description="Update all or a subset of existing plugins",
|
||||||
|
add_help=False,
|
||||||
|
)
|
||||||
|
pupdate.set_defaults(func=self.update)
|
||||||
|
return main
|
||||||
|
|
||||||
|
def run(self,):
|
||||||
|
'''
|
||||||
|
Convenience function
|
||||||
|
'''
|
||||||
|
parser = self.create_parser()
|
||||||
|
args = parser.parse_args()
|
||||||
|
command = args.command or "update"
|
||||||
|
log.setLevel(LOG_LEVELS[args.debug])
|
||||||
|
log.info("Chose to run command: %s", command)
|
||||||
|
|
||||||
|
if not args.no_commit:
|
||||||
|
self.nixpkgs_repo = git.Repo(self.root, search_parent_directories=True)
|
||||||
|
|
||||||
|
getattr(self, command)(args)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -661,7 +730,6 @@ def commit(repo: git.Repo, message: str, files: List[Path]) -> None:
|
||||||
def update_plugins(editor: Editor, args):
|
def update_plugins(editor: Editor, args):
|
||||||
"""The main entry function of this module. All input arguments are grouped in the `Editor`."""
|
"""The main entry function of this module. All input arguments are grouped in the `Editor`."""
|
||||||
|
|
||||||
log.setLevel(LOG_LEVELS[args.debug])
|
|
||||||
log.info("Start updating plugins")
|
log.info("Start updating plugins")
|
||||||
fetch_config = FetchConfig(args.proc, args.github_token)
|
fetch_config = FetchConfig(args.proc, args.github_token)
|
||||||
update = editor.get_update(args.input_file, args.outfile, fetch_config)
|
update = editor.get_update(args.input_file, args.outfile, fetch_config)
|
||||||
|
@ -684,18 +752,3 @@ def update_plugins(editor: Editor, args):
|
||||||
[args.outfile, args.input_file, editor.deprecated],
|
[args.outfile, args.input_file, editor.deprecated],
|
||||||
)
|
)
|
||||||
|
|
||||||
for plugin_line in args.add_plugins:
|
|
||||||
pdesc = PluginDesc.load_from_string(fetch_config, plugin_line)
|
|
||||||
append = [ pdesc ]
|
|
||||||
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, append=append)
|
|
||||||
update()
|
|
||||||
plugin, _ = prefetch_plugin(pdesc, )
|
|
||||||
if autocommit:
|
|
||||||
commit(
|
|
||||||
editor.nixpkgs_repo,
|
|
||||||
"{drv_name}: init at {version}".format(
|
|
||||||
drv_name=editor.get_drv_name(plugin.normalized_name),
|
|
||||||
version=plugin.version
|
|
||||||
),
|
|
||||||
[args.outfile, args.input_file],
|
|
||||||
)
|
|
||||||
|
|
|
@ -26,7 +26,8 @@ log = logging.getLogger()
|
||||||
log.addHandler(logging.StreamHandler())
|
log.addHandler(logging.StreamHandler())
|
||||||
|
|
||||||
ROOT = Path(os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))).parent.parent # type: ignore
|
ROOT = Path(os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))).parent.parent # type: ignore
|
||||||
from pluginupdate import Editor, update_plugins, FetchConfig, CleanEnvironment
|
import pluginupdate
|
||||||
|
from pluginupdate import update_plugins, FetchConfig, CleanEnvironment
|
||||||
|
|
||||||
PKG_LIST="maintainers/scripts/luarocks-packages.csv"
|
PKG_LIST="maintainers/scripts/luarocks-packages.csv"
|
||||||
TMP_FILE="$(mktemp)"
|
TMP_FILE="$(mktemp)"
|
||||||
|
@ -70,7 +71,7 @@ class LuaPlugin:
|
||||||
return self.name.replace(".", "-")
|
return self.name.replace(".", "-")
|
||||||
|
|
||||||
# rename Editor to LangUpdate/ EcosystemUpdater
|
# rename Editor to LangUpdate/ EcosystemUpdater
|
||||||
class LuaEditor(Editor):
|
class LuaEditor(pluginupdate.Editor):
|
||||||
def get_current_plugins(self):
|
def get_current_plugins(self):
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
@ -87,6 +88,9 @@ class LuaEditor(Editor):
|
||||||
luaPackages.append(plugin)
|
luaPackages.append(plugin)
|
||||||
return luaPackages
|
return luaPackages
|
||||||
|
|
||||||
|
def update(self, args):
|
||||||
|
update_plugins(self, args)
|
||||||
|
|
||||||
def generate_nix(
|
def generate_nix(
|
||||||
self,
|
self,
|
||||||
results: List[Tuple[LuaPlugin, str]],
|
results: List[Tuple[LuaPlugin, str]],
|
||||||
|
@ -203,11 +207,7 @@ def main():
|
||||||
default_out = ROOT.joinpath(GENERATED_NIXFILE)
|
default_out = ROOT.joinpath(GENERATED_NIXFILE)
|
||||||
)
|
)
|
||||||
|
|
||||||
parser = editor.create_parser()
|
editor.run()
|
||||||
args = parser.parse_args()
|
|
||||||
|
|
||||||
update_plugins(editor, args)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
|
|
@ -431,6 +431,7 @@ with lib.maintainers; {
|
||||||
lukego
|
lukego
|
||||||
nagy
|
nagy
|
||||||
uthar
|
uthar
|
||||||
|
hraban
|
||||||
];
|
];
|
||||||
githubTeams = [
|
githubTeams = [
|
||||||
"lisp"
|
"lisp"
|
||||||
|
|
|
@ -94,6 +94,6 @@ environment.systemPackages = [ pkgs.appimage-run ];
|
||||||
Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`.
|
Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`.
|
||||||
|
|
||||||
To make other pre-built executables work on NixOS, you need to package them
|
To make other pre-built executables work on NixOS, you need to package them
|
||||||
with Nix and special helpers like `autoPatchelfHook` or `buildFHSUserEnv`. See
|
with Nix and special helpers like `autoPatchelfHook` or `buildFHSEnv`. See
|
||||||
the [Nixpkgs manual](https://nixos.org/nixpkgs/manual) for details. This
|
the [Nixpkgs manual](https://nixos.org/nixpkgs/manual) for details. This
|
||||||
is complex and often doing a source build is easier.
|
is complex and often doing a source build is easier.
|
||||||
|
|
|
@ -147,7 +147,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](#opt-services.rstudio-server.enable).
|
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](#opt-services.rstudio-server.enable).
|
||||||
|
|
||||||
- [rtsp-simple-server](https://github.com/aler9/rtsp-simple-server), ready-to-use RTSP / RTMP / HLS server and proxy that allows to read, publish and proxy video and audio streams. Available as [services.rtsp-simple-server](#opt-services.rtsp-simple-server.enable).
|
- [mediamtx](https://github.com/aler9/mediamtx), ready-to-use RTSP / RTMP / HLS server and proxy that allows to read, publish and proxy video and audio streams. Available as [services.mediamtx](#opt-services.mediamtx.enable).
|
||||||
|
|
||||||
- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](#opt-services.snipe-it.enable).
|
- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](#opt-services.snipe-it.enable).
|
||||||
|
|
||||||
|
|
|
@ -28,6 +28,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code).
|
- `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code).
|
||||||
|
|
||||||
|
- `boot.bootspec.enable` (internal option) is now enabled by default because [RFC-0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot usecases in NixOS such as SecureBoot.
|
||||||
|
|
||||||
## New Services {#sec-release-23.05-new-services}
|
## New Services {#sec-release-23.05-new-services}
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
@ -40,6 +42,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [cups-pdf-to-pdf](https://github.com/alexivkin/CUPS-PDF-to-PDF), a pdf-generating cups backend based on [cups-pdf](https://www.cups-pdf.de/). Available as [services.printing.cups-pdf](#opt-services.printing.cups-pdf.enable).
|
- [cups-pdf-to-pdf](https://github.com/alexivkin/CUPS-PDF-to-PDF), a pdf-generating cups backend based on [cups-pdf](https://www.cups-pdf.de/). Available as [services.printing.cups-pdf](#opt-services.printing.cups-pdf.enable).
|
||||||
|
|
||||||
|
- [clash-verge](https://github.com/zzzgydi/clash-verge), A Clash GUI based on tauri. Available as [programs.clash-verge](#opt-programs.clash-verge.enable).
|
||||||
|
|
||||||
- [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable).
|
- [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable).
|
||||||
|
|
||||||
- [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion).
|
- [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion).
|
||||||
|
@ -61,6 +65,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).
|
- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).
|
||||||
|
|
||||||
|
- [monica](https://www.monicahq.com), an open source personal CRM. Available as [services.monica](options.html#opt-services.monica.enable).
|
||||||
|
|
||||||
- [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable).
|
- [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable).
|
||||||
|
|
||||||
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
|
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
|
||||||
|
@ -71,6 +77,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
|
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
|
||||||
|
|
||||||
|
- [esphome](https://esphome.io), a dashboard to configure ESP8266/ESP32 devices for use with Home Automation systems. Available as [services.esphome](#opt-services.esphome.enable).
|
||||||
|
|
||||||
- [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable).
|
- [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable).
|
||||||
|
|
||||||
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
||||||
|
@ -85,8 +93,12 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable).
|
- [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable).
|
||||||
|
|
||||||
|
- [PufferPanel](https://pufferpanel.com), game server management panel designed to be easy to use. Available as [services.pufferpanel](#opt-services.pufferpanel.enable).
|
||||||
|
|
||||||
- [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable).
|
- [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable).
|
||||||
|
|
||||||
|
- [stargazer](https://sr.ht/~zethra/stargazer/), a fast and easy to use Gemini server. Available as [services.stargazer](#opt-services.stargazer.enable).
|
||||||
|
|
||||||
- [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable).
|
- [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable).
|
||||||
|
|
||||||
- [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable).
|
- [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable).
|
||||||
|
@ -99,6 +111,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [trurl](https://github.com/curl/trurl), a command line tool for URL parsing and manipulation.
|
- [trurl](https://github.com/curl/trurl), a command line tool for URL parsing and manipulation.
|
||||||
|
|
||||||
|
- [wgautomesh](https://git.deuxfleurs.fr/Deuxfleurs/wgautomesh), a simple utility to help connect wireguard nodes together in a full mesh topology. Available as [services.wgautomesh](options.html#opt-services.wgautomesh.enable).
|
||||||
|
|
||||||
- [woodpecker-agents](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable).
|
- [woodpecker-agents](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable).
|
||||||
|
|
||||||
- [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable).
|
- [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable).
|
||||||
|
@ -109,6 +123,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [hardware.ipu6](#opt-hardware.ipu6.enable) adds support for ipu6 based webcams on intel tiger lake and alder lake.
|
- [hardware.ipu6](#opt-hardware.ipu6.enable) adds support for ipu6 based webcams on intel tiger lake and alder lake.
|
||||||
|
|
||||||
|
- [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable).
|
||||||
|
|
||||||
## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
|
## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
@ -123,6 +139,10 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes`
|
- The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes`
|
||||||
|
|
||||||
|
- The `ssh` module does not read `/etc/ssh/ssh_known_hosts2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
|
||||||
|
|
||||||
|
- The openssh module does not read `~/.ssh/authorized_keys2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
|
||||||
|
|
||||||
- `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems.
|
- `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems.
|
||||||
|
|
||||||
- `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.
|
- `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.
|
||||||
|
@ -131,7 +151,9 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative.
|
- `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative.
|
||||||
|
|
||||||
- The `services.kubo.settings` option is now no longer stateful. If you changed any of the options in `services.kubo.settings` in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update.
|
- The [services.kubo.settings](#opt-services.kubo.settings) option is now no longer stateful. If you changed any of the options in [services.kubo.settings](#opt-services.kubo.settings) in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update.
|
||||||
|
|
||||||
|
- The Kubo HTTP API will no longer listen on localhost and will instead only listen on a Unix domain socket by default. Read the [services.kubo.settings.Addresses.API](#opt-services.kubo.settings.Addresses.API) option description for more information.
|
||||||
|
|
||||||
- The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services.
|
- The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services.
|
||||||
This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service`
|
This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service`
|
||||||
|
@ -170,8 +192,12 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- Calling `makeSetupHook` without passing a `name` argument is deprecated.
|
- Calling `makeSetupHook` without passing a `name` argument is deprecated.
|
||||||
|
|
||||||
|
- Top-level buildPlatform,hostPlatform,targetPlatform have been deprecated, use stdenv.X instead.
|
||||||
|
|
||||||
- `lib.systems.examples.ghcjs` and consequently `pkgsCross.ghcjs` now use the target triplet `javascript-unknown-ghcjs` instead of `js-unknown-ghcjs`. This has been done to match an [upstream decision](https://gitlab.haskell.org/ghc/ghc/-/commit/6636b670233522f01d002c9b97827d00289dbf5c) to follow Cabal's platform naming more closely. Nixpkgs will also reject `js` as an architecture name.
|
- `lib.systems.examples.ghcjs` and consequently `pkgsCross.ghcjs` now use the target triplet `javascript-unknown-ghcjs` instead of `js-unknown-ghcjs`. This has been done to match an [upstream decision](https://gitlab.haskell.org/ghc/ghc/-/commit/6636b670233522f01d002c9b97827d00289dbf5c) to follow Cabal's platform naming more closely. Nixpkgs will also reject `js` as an architecture name.
|
||||||
|
|
||||||
|
- `dokuwiki` has been updated from 2023-07-31a (Igor) to 2023-04-04 (Jack Jackrum), which has [completely removed](https://www.dokuwiki.org/changes#release_2023-04-04_jack_jackrum) the options to embed HTML and PHP for security reasons. The [htmlok plugin](https://www.dokuwiki.org/plugin:htmlok) can be used to regain this functionality.
|
||||||
|
|
||||||
- The old unsupported version 6.x of the ELK-stack and Elastic beats have been removed. Use OpenSearch instead.
|
- The old unsupported version 6.x of the ELK-stack and Elastic beats have been removed. Use OpenSearch instead.
|
||||||
|
|
||||||
- The `cosmoc` package has been removed. The upstream scripts in `cosmocc` should be used instead.
|
- The `cosmoc` package has been removed. The upstream scripts in `cosmocc` should be used instead.
|
||||||
|
@ -211,6 +237,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`.
|
- To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`.
|
||||||
|
|
||||||
|
- The default Asterisk package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`.
|
||||||
|
|
||||||
- conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround.
|
- conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround.
|
||||||
|
|
||||||
- The `services.pipewire.config` options have been removed, as they have basically never worked correctly. All behavior defined by the default configuration can be overridden with drop-in files as necessary - see [below](#sec-release-23.05-migration-pipewire) for details.
|
- The `services.pipewire.config` options have been removed, as they have basically never worked correctly. All behavior defined by the default configuration can be overridden with drop-in files as necessary - see [below](#sec-release-23.05-migration-pipewire) for details.
|
||||||
|
@ -230,6 +258,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
- The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required)
|
- The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required)
|
||||||
- Migration instructions: ["Before updating pnpm to v8 in your CI, regenerate your pnpm-lock.yaml. To upgrade your lockfile, run pnpm install and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated. You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format."](https://github.com/pnpm/pnpm/releases/tag/v8.0.0)
|
- Migration instructions: ["Before updating pnpm to v8 in your CI, regenerate your pnpm-lock.yaml. To upgrade your lockfile, run pnpm install and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated. You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format."](https://github.com/pnpm/pnpm/releases/tag/v8.0.0)
|
||||||
|
|
||||||
|
- The `zplug` package changes its output path from `$out` to `$out/share/zplug`. Users should update their dependency on `${pkgs.zplug}/init.zsh` to `${pkgs.zplug}/share/zplug/init.zsh`.
|
||||||
|
|
||||||
## Other Notable Changes {#sec-release-23.05-notable-changes}
|
## Other Notable Changes {#sec-release-23.05-notable-changes}
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
@ -254,7 +284,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
|
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
|
||||||
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
|
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
|
||||||
|
|
||||||
- `netbox` was updated to 3.4. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's [breaking changes](https://github.com/netbox-community/netbox/releases/tag/v3.4.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically.
|
- `netbox` was updated to 3.5. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's breaking changes [for 3.4.0](https://github.com/netbox-community/netbox/releases/tag/v3.4.0) and [for 3.5.0](https://github.com/netbox-community/netbox/releases/tag/v3.5.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically.
|
||||||
|
|
||||||
- `services.netbox` now support RFC42-style options, through `services.netbox.settings`.
|
- `services.netbox` now support RFC42-style options, through `services.netbox.settings`.
|
||||||
|
|
||||||
|
@ -274,14 +304,17 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
replacement. It stores backups as volume dump files and thus better integrates
|
replacement. It stores backups as volume dump files and thus better integrates
|
||||||
into contemporary backup solutions.
|
into contemporary backup solutions.
|
||||||
|
|
||||||
|
- `services.maddy` now allows to configure users and their credentials using `services.maddy.ensureCredentials`.
|
||||||
|
|
||||||
- The `dnsmasq` service now takes configuration via the
|
- The `dnsmasq` service now takes configuration via the
|
||||||
`services.dnsmasq.settings` attribute set. The option
|
`services.dnsmasq.settings` attribute set. The option
|
||||||
`services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
|
`services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
|
||||||
end of life.
|
end of life.
|
||||||
|
|
||||||
- The `dokuwiki` service now takes configuration via the `services.dokuwiki.sites.<name>.settings` attribute set, `extraConfig` is deprecated and will be removed.
|
- The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed.
|
||||||
The `{aclUse,superUser,disableActions}` attributes have been renamed, `pluginsConfig` now also accepts an attribute set of booleans, passing plain PHP is deprecated.
|
The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans.
|
||||||
Same applies to `acl` which now also accepts structured settings.
|
Passing plain PHP is no longer possible.
|
||||||
|
Same applies to `acl` which now also only accepts structured `settings`.
|
||||||
|
|
||||||
- The `zsh` package changes the way to set environment variables on NixOS systems where `programs.zsh.enable` equals `false`. It now sources `/etc/set-environment` when reading the system-level `zshenv` file. Before, it sourced `/etc/profile` when reading the system-level `zprofile` file.
|
- The `zsh` package changes the way to set environment variables on NixOS systems where `programs.zsh.enable` equals `false`. It now sources `/etc/set-environment` when reading the system-level `zshenv` file. Before, it sourced `/etc/profile` when reading the system-level `zprofile` file.
|
||||||
|
|
||||||
|
@ -332,6 +365,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
[headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml)
|
[headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml)
|
||||||
can be directly written as attribute-set in Nix within this option.
|
can be directly written as attribute-set in Nix within this option.
|
||||||
|
|
||||||
|
- `services.kubo` now unmounts `ipfsMountDir` and `ipnsMountDir` even if it is killed unexpectedly when `autoMount` is enabled.
|
||||||
|
|
||||||
- `nixos/lib/make-disk-image.nix` can now mutate EFI variables, run user-provided EFI firmware or variable templates. This is now extensively documented in the NixOS manual.
|
- `nixos/lib/make-disk-image.nix` can now mutate EFI variables, run user-provided EFI firmware or variable templates. This is now extensively documented in the NixOS manual.
|
||||||
|
|
||||||
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
|
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
|
||||||
|
@ -388,6 +423,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream.
|
- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream.
|
||||||
|
|
||||||
|
- The `rtsp-simple-server` package and corresponding NixOS module have been renamed to `mediamtx` to match upstream.
|
||||||
|
|
||||||
- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
|
- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
|
||||||
|
|
||||||
- `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`.
|
- `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`.
|
||||||
|
@ -405,12 +442,16 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store.
|
- `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store.
|
||||||
|
|
||||||
|
- `gitea` module options have been changed to be RFC042 conforming (i.e. some options were moved to be located under `services.gitea.settings`)
|
||||||
|
|
||||||
- `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase
|
- `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase
|
||||||
|
|
||||||
- Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release.
|
- Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release.
|
||||||
|
|
||||||
- The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility).
|
- The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility).
|
||||||
|
|
||||||
|
- `make-disk-image` handles `contents` arguments that are directories better, fixing a bug where it used to put them in a subdirectory of the intended `target`.
|
||||||
|
|
||||||
## Detailed migration information {#sec-release-23.05-migration}
|
## Detailed migration information {#sec-release-23.05-migration}
|
||||||
|
|
||||||
### Pipewire configuration overrides {#sec-release-23.05-migration-pipewire}
|
### Pipewire configuration overrides {#sec-release-23.05-migration-pipewire}
|
||||||
|
|
|
@ -402,11 +402,16 @@ let format' = format; in let
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
mkdir -p $root/$(dirname $target)
|
mkdir -p $root/$(dirname $target)
|
||||||
if ! [ -e $root/$target ]; then
|
if [ -e $root/$target ]; then
|
||||||
rsync $rsync_flags $source $root/$target
|
|
||||||
else
|
|
||||||
echo "duplicate entry $target -> $source"
|
echo "duplicate entry $target -> $source"
|
||||||
exit 1
|
exit 1
|
||||||
|
elif [ -d $source ]; then
|
||||||
|
# Append a slash to the end of source to get rsync to copy the
|
||||||
|
# directory _to_ the target instead of _inside_ the target.
|
||||||
|
# (See `man rsync`'s note on a trailing slash.)
|
||||||
|
rsync $rsync_flags $source/ $root/$target
|
||||||
|
else
|
||||||
|
rsync $rsync_flags $source $root/$target
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -428,6 +428,8 @@ let
|
||||||
|
|
||||||
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid";
|
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid";
|
||||||
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid";
|
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid";
|
||||||
|
sdInitrdUidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) config.boot.initrd.systemd.users) "uid";
|
||||||
|
sdInitrdGidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) config.boot.initrd.systemd.groups) "gid";
|
||||||
|
|
||||||
spec = pkgs.writeText "users-groups.json" (builtins.toJSON {
|
spec = pkgs.writeText "users-groups.json" (builtins.toJSON {
|
||||||
inherit (cfg) mutableUsers;
|
inherit (cfg) mutableUsers;
|
||||||
|
@ -534,6 +536,54 @@ in {
|
||||||
WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.
|
WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# systemd initrd
|
||||||
|
boot.initrd.systemd.users = mkOption {
|
||||||
|
visible = false;
|
||||||
|
description = ''
|
||||||
|
Users to include in initrd.
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf (types.submodule ({ name, ... }: {
|
||||||
|
options.uid = mkOption {
|
||||||
|
visible = false;
|
||||||
|
type = types.int;
|
||||||
|
description = ''
|
||||||
|
ID of the user in initrd.
|
||||||
|
'';
|
||||||
|
defaultText = literalExpression "config.users.users.\${name}.uid";
|
||||||
|
default = cfg.users.${name}.uid;
|
||||||
|
};
|
||||||
|
options.group = mkOption {
|
||||||
|
visible = false;
|
||||||
|
type = types.singleLineStr;
|
||||||
|
description = ''
|
||||||
|
Group the user belongs to in initrd.
|
||||||
|
'';
|
||||||
|
defaultText = literalExpression "config.users.users.\${name}.group";
|
||||||
|
default = cfg.users.${name}.group;
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.systemd.groups = mkOption {
|
||||||
|
visible = false;
|
||||||
|
description = ''
|
||||||
|
Groups to include in initrd.
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf (types.submodule ({ name, ... }: {
|
||||||
|
options.gid = mkOption {
|
||||||
|
visible = false;
|
||||||
|
type = types.int;
|
||||||
|
description = ''
|
||||||
|
ID of the group in initrd.
|
||||||
|
'';
|
||||||
|
defaultText = literalExpression "config.users.groups.\${name}.gid";
|
||||||
|
default = cfg.groups.${name}.gid;
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -639,10 +689,52 @@ in {
|
||||||
"/etc/profiles/per-user/$USER"
|
"/etc/profiles/per-user/$USER"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# systemd initrd
|
||||||
|
boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable {
|
||||||
|
contents = {
|
||||||
|
"/etc/passwd".text = ''
|
||||||
|
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let
|
||||||
|
g = config.boot.initrd.systemd.groups.${group};
|
||||||
|
in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)}
|
||||||
|
'';
|
||||||
|
"/etc/group".text = ''
|
||||||
|
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
users = {
|
||||||
|
root = {};
|
||||||
|
nobody = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
groups = {
|
||||||
|
root = {};
|
||||||
|
nogroup = {};
|
||||||
|
systemd-journal = {};
|
||||||
|
tty = {};
|
||||||
|
dialout = {};
|
||||||
|
kmem = {};
|
||||||
|
input = {};
|
||||||
|
video = {};
|
||||||
|
render = {};
|
||||||
|
sgx = {};
|
||||||
|
audio = {};
|
||||||
|
video = {};
|
||||||
|
lp = {};
|
||||||
|
disk = {};
|
||||||
|
cdrom = {};
|
||||||
|
tape = {};
|
||||||
|
kvm = {};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
assertions = [
|
assertions = [
|
||||||
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
|
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
|
||||||
message = "UIDs and GIDs must be unique!";
|
message = "UIDs and GIDs must be unique!";
|
||||||
}
|
}
|
||||||
|
{ assertion = !cfg.enforceIdUniqueness || (sdInitrdUidsAreUnique && sdInitrdGidsAreUnique);
|
||||||
|
message = "systemd initrd UIDs and GIDs must be unique!";
|
||||||
|
}
|
||||||
{ # If mutableUsers is false, to prevent users creating a
|
{ # If mutableUsers is false, to prevent users creating a
|
||||||
# configuration that locks them out of the system, ensure that
|
# configuration that locks them out of the system, ensure that
|
||||||
# there is at least one "privileged" account that has a
|
# there is at least one "privileged" account that has a
|
||||||
|
|
|
@ -10,10 +10,7 @@ let
|
||||||
check = x: (lib.types.package.check x) && (attrByPath ["meta" "isIbusEngine"] false x);
|
check = x: (lib.types.package.check x) && (attrByPath ["meta" "isIbusEngine"] false x);
|
||||||
};
|
};
|
||||||
|
|
||||||
impanel =
|
impanel = optionalString (cfg.panel != null) "--panel=${cfg.panel}";
|
||||||
if cfg.panel != null
|
|
||||||
then "--panel=${cfg.panel}"
|
|
||||||
else "";
|
|
||||||
|
|
||||||
ibusAutostart = pkgs.writeTextFile {
|
ibusAutostart = pkgs.writeTextFile {
|
||||||
name = "autostart-ibus-daemon";
|
name = "autostart-ibus-daemon";
|
||||||
|
|
|
@ -22,8 +22,8 @@ let
|
||||||
(option: ''
|
(option: ''
|
||||||
menuentry '${defaults.name} ${
|
menuentry '${defaults.name} ${
|
||||||
# Name appended to menuentry defaults to params if no specific name given.
|
# Name appended to menuentry defaults to params if no specific name given.
|
||||||
option.name or (if option ? params then "(${option.params})" else "")
|
option.name or (optionalString (option ? params) "(${option.params})")
|
||||||
}' ${if option ? class then " --class ${option.class}" else ""} {
|
}' ${optionalString (option ? class) " --class ${option.class}"} {
|
||||||
linux ${defaults.image} \''${isoboot} ${defaults.params} ${
|
linux ${defaults.image} \''${isoboot} ${defaults.params} ${
|
||||||
option.params or ""
|
option.params or ""
|
||||||
}
|
}
|
||||||
|
|
|
@ -85,12 +85,7 @@ sub debug {
|
||||||
|
|
||||||
|
|
||||||
# nixpkgs.system
|
# nixpkgs.system
|
||||||
my ($status, @systemLines) = runCommand("@nixInstantiate@ --impure --eval --expr builtins.currentSystem");
|
push @attrs, "nixpkgs.hostPlatform = lib.mkDefault \"@system@\";";
|
||||||
if ($status != 0 || join("", @systemLines) =~ /error/) {
|
|
||||||
die "Failed to retrieve current system type from nix.\n";
|
|
||||||
}
|
|
||||||
chomp(my $system = @systemLines[0]);
|
|
||||||
push @attrs, "nixpkgs.hostPlatform = lib.mkDefault $system;";
|
|
||||||
|
|
||||||
|
|
||||||
my $cpuinfo = read_file "/proc/cpuinfo";
|
my $cpuinfo = read_file "/proc/cpuinfo";
|
||||||
|
@ -200,7 +195,7 @@ sub pciCheck {
|
||||||
}
|
}
|
||||||
|
|
||||||
# In case this is a virtio scsi device, we need to explicitly make this available.
|
# In case this is a virtio scsi device, we need to explicitly make this available.
|
||||||
if ($vendor eq "0x1af4" && $device eq "0x1004") {
|
if ($vendor eq "0x1af4" && ($device eq "0x1004" || $device eq "0x1048") ) {
|
||||||
push @initrdAvailableKernelModules, "virtio_scsi";
|
push @initrdAvailableKernelModules, "virtio_scsi";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -473,7 +468,7 @@ EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
# Don't emit tmpfs entry for /tmp, because it most likely comes from the
|
# Don't emit tmpfs entry for /tmp, because it most likely comes from the
|
||||||
# boot.tmpOnTmpfs option in configuration.nix (managed declaratively).
|
# boot.tmp.useTmpfs option in configuration.nix (managed declaratively).
|
||||||
next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs");
|
next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs");
|
||||||
|
|
||||||
# Emit the filesystem.
|
# Emit the filesystem.
|
||||||
|
|
|
@ -34,7 +34,7 @@ let
|
||||||
name = "nixos-generate-config";
|
name = "nixos-generate-config";
|
||||||
src = ./nixos-generate-config.pl;
|
src = ./nixos-generate-config.pl;
|
||||||
perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl";
|
perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl";
|
||||||
nixInstantiate = "${pkgs.nix}/bin/nix-instantiate";
|
system = pkgs.stdenv.hostPlatform.system;
|
||||||
detectvirt = "${config.systemd.package}/bin/systemd-detect-virt";
|
detectvirt = "${config.systemd.package}/bin/systemd-detect-virt";
|
||||||
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
|
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
|
||||||
inherit (config.system.nixos-generate-config) configuration desktopConfiguration;
|
inherit (config.system.nixos-generate-config) configuration desktopConfiguration;
|
||||||
|
|
|
@ -149,6 +149,7 @@
|
||||||
./programs/cdemu.nix
|
./programs/cdemu.nix
|
||||||
./programs/cfs-zen-tweaks.nix
|
./programs/cfs-zen-tweaks.nix
|
||||||
./programs/chromium.nix
|
./programs/chromium.nix
|
||||||
|
./programs/clash-verge.nix
|
||||||
./programs/cnping.nix
|
./programs/cnping.nix
|
||||||
./programs/command-not-found/command-not-found.nix
|
./programs/command-not-found/command-not-found.nix
|
||||||
./programs/criu.nix
|
./programs/criu.nix
|
||||||
|
@ -170,6 +171,7 @@
|
||||||
./programs/fuse.nix
|
./programs/fuse.nix
|
||||||
./programs/fzf.nix
|
./programs/fzf.nix
|
||||||
./programs/gamemode.nix
|
./programs/gamemode.nix
|
||||||
|
./programs/gamescope.nix
|
||||||
./programs/geary.nix
|
./programs/geary.nix
|
||||||
./programs/git.nix
|
./programs/git.nix
|
||||||
./programs/gnome-disks.nix
|
./programs/gnome-disks.nix
|
||||||
|
@ -514,6 +516,7 @@
|
||||||
./services/hardware/usbrelayd.nix
|
./services/hardware/usbrelayd.nix
|
||||||
./services/hardware/vdr.nix
|
./services/hardware/vdr.nix
|
||||||
./services/hardware/keyd.nix
|
./services/hardware/keyd.nix
|
||||||
|
./services/home-automation/esphome.nix
|
||||||
./services/home-automation/evcc.nix
|
./services/home-automation/evcc.nix
|
||||||
./services/home-automation/home-assistant.nix
|
./services/home-automation/home-assistant.nix
|
||||||
./services/home-automation/zigbee2mqtt.nix
|
./services/home-automation/zigbee2mqtt.nix
|
||||||
|
@ -668,6 +671,7 @@
|
||||||
./services/misc/polaris.nix
|
./services/misc/polaris.nix
|
||||||
./services/misc/portunus.nix
|
./services/misc/portunus.nix
|
||||||
./services/misc/prowlarr.nix
|
./services/misc/prowlarr.nix
|
||||||
|
./services/misc/pufferpanel.nix
|
||||||
./services/misc/pykms.nix
|
./services/misc/pykms.nix
|
||||||
./services/misc/radarr.nix
|
./services/misc/radarr.nix
|
||||||
./services/misc/readarr.nix
|
./services/misc/readarr.nix
|
||||||
|
@ -882,6 +886,7 @@
|
||||||
./services/networking/iscsi/initiator.nix
|
./services/networking/iscsi/initiator.nix
|
||||||
./services/networking/iscsi/root-initiator.nix
|
./services/networking/iscsi/root-initiator.nix
|
||||||
./services/networking/iscsi/target.nix
|
./services/networking/iscsi/target.nix
|
||||||
|
./services/networking/ivpn.nix
|
||||||
./services/networking/iwd.nix
|
./services/networking/iwd.nix
|
||||||
./services/networking/jibri/default.nix
|
./services/networking/jibri/default.nix
|
||||||
./services/networking/jicofo.nix
|
./services/networking/jicofo.nix
|
||||||
|
@ -1040,6 +1045,7 @@
|
||||||
./services/networking/wg-netmanager.nix
|
./services/networking/wg-netmanager.nix
|
||||||
./services/networking/webhook.nix
|
./services/networking/webhook.nix
|
||||||
./services/networking/wg-quick.nix
|
./services/networking/wg-quick.nix
|
||||||
|
./services/networking/wgautomesh.nix
|
||||||
./services/networking/wireguard.nix
|
./services/networking/wireguard.nix
|
||||||
./services/networking/wpa_supplicant.nix
|
./services/networking/wpa_supplicant.nix
|
||||||
./services/networking/wstunnel.nix
|
./services/networking/wstunnel.nix
|
||||||
|
@ -1130,7 +1136,7 @@
|
||||||
./services/video/epgstation/default.nix
|
./services/video/epgstation/default.nix
|
||||||
./services/video/mirakurun.nix
|
./services/video/mirakurun.nix
|
||||||
./services/video/replay-sorcery.nix
|
./services/video/replay-sorcery.nix
|
||||||
./services/video/rtsp-simple-server.nix
|
./services/video/mediamtx.nix
|
||||||
./services/video/unifi-video.nix
|
./services/video/unifi-video.nix
|
||||||
./services/video/v4l2-relayd.nix
|
./services/video/v4l2-relayd.nix
|
||||||
./services/wayland/cage.nix
|
./services/wayland/cage.nix
|
||||||
|
@ -1165,7 +1171,6 @@
|
||||||
./services/web-apps/hledger-web.nix
|
./services/web-apps/hledger-web.nix
|
||||||
./services/web-apps/icingaweb2/icingaweb2.nix
|
./services/web-apps/icingaweb2/icingaweb2.nix
|
||||||
./services/web-apps/icingaweb2/module-monitoring.nix
|
./services/web-apps/icingaweb2/module-monitoring.nix
|
||||||
./services/web-apps/ihatemoney
|
|
||||||
./services/web-apps/invidious.nix
|
./services/web-apps/invidious.nix
|
||||||
./services/web-apps/invoiceplane.nix
|
./services/web-apps/invoiceplane.nix
|
||||||
./services/web-apps/isso.nix
|
./services/web-apps/isso.nix
|
||||||
|
@ -1181,6 +1186,7 @@
|
||||||
./services/web-apps/mattermost.nix
|
./services/web-apps/mattermost.nix
|
||||||
./services/web-apps/mediawiki.nix
|
./services/web-apps/mediawiki.nix
|
||||||
./services/web-apps/miniflux.nix
|
./services/web-apps/miniflux.nix
|
||||||
|
./services/web-apps/monica.nix
|
||||||
./services/web-apps/moodle.nix
|
./services/web-apps/moodle.nix
|
||||||
./services/web-apps/netbox.nix
|
./services/web-apps/netbox.nix
|
||||||
./services/web-apps/nextcloud.nix
|
./services/web-apps/nextcloud.nix
|
||||||
|
@ -1238,6 +1244,7 @@
|
||||||
./services/web-servers/nginx/gitweb.nix
|
./services/web-servers/nginx/gitweb.nix
|
||||||
./services/web-servers/phpfpm/default.nix
|
./services/web-servers/phpfpm/default.nix
|
||||||
./services/web-servers/pomerium.nix
|
./services/web-servers/pomerium.nix
|
||||||
|
./services/web-servers/stargazer.nix
|
||||||
./services/web-servers/tomcat.nix
|
./services/web-servers/tomcat.nix
|
||||||
./services/web-servers/traefik.nix
|
./services/web-servers/traefik.nix
|
||||||
./services/web-servers/trafficserver/default.nix
|
./services/web-servers/trafficserver/default.nix
|
||||||
|
|
41
third_party/nixpkgs/nixos/modules/programs/clash-verge.nix
vendored
Normal file
41
third_party/nixpkgs/nixos/modules/programs/clash-verge.nix
vendored
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
options.programs.clash-verge = {
|
||||||
|
enable = lib.mkEnableOption (lib.mdDoc ''
|
||||||
|
Clash Verge.
|
||||||
|
'');
|
||||||
|
|
||||||
|
autoStart = lib.mkEnableOption (lib.mdDoc ''
|
||||||
|
Clash Verge Auto Launch.
|
||||||
|
'');
|
||||||
|
|
||||||
|
tunMode = lib.mkEnableOption (lib.mdDoc ''
|
||||||
|
Clash Verge Tun Mode.
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
|
||||||
|
config =
|
||||||
|
let
|
||||||
|
cfg = config.programs.clash-verge;
|
||||||
|
in
|
||||||
|
lib.mkIf cfg.enable {
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.clash-verge
|
||||||
|
(lib.mkIf cfg.autoStart (pkgs.makeAutostartItem {
|
||||||
|
name = "clash-verge";
|
||||||
|
package = pkgs.clash-verge;
|
||||||
|
}))
|
||||||
|
];
|
||||||
|
|
||||||
|
security.wrappers.clash-verge = lib.mkIf cfg.tunMode {
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
capabilities = "cap_net_bind_service,cap_net_admin=+ep";
|
||||||
|
source = "${lib.getExe pkgs.clash-verge}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [ zendo ];
|
||||||
|
}
|
|
@ -201,6 +201,7 @@ in
|
||||||
nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) {
|
nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) {
|
||||||
browserpass = "Browserpass support";
|
browserpass = "Browserpass support";
|
||||||
bukubrow = "Bukubrow support";
|
bukubrow = "Bukubrow support";
|
||||||
|
euwebid = "Web eID support";
|
||||||
ff2mpv = "ff2mpv support";
|
ff2mpv = "ff2mpv support";
|
||||||
fxCast = "fx_cast support";
|
fxCast = "fx_cast support";
|
||||||
gsconnect = "GSConnect support";
|
gsconnect = "GSConnect support";
|
||||||
|
@ -217,6 +218,8 @@ in
|
||||||
extraPrefs = cfg.autoConfig;
|
extraPrefs = cfg.autoConfig;
|
||||||
extraNativeMessagingHosts = with pkgs; optionals nmh.ff2mpv [
|
extraNativeMessagingHosts = with pkgs; optionals nmh.ff2mpv [
|
||||||
ff2mpv
|
ff2mpv
|
||||||
|
] ++ optionals nmh.euwebid [
|
||||||
|
web-eid-app
|
||||||
] ++ optionals nmh.gsconnect [
|
] ++ optionals nmh.gsconnect [
|
||||||
gnomeExtensions.gsconnect
|
gnomeExtensions.gsconnect
|
||||||
] ++ optionals nmh.jabref [
|
] ++ optionals nmh.jabref [
|
||||||
|
@ -230,6 +233,7 @@ in
|
||||||
nixpkgs.config.firefox = {
|
nixpkgs.config.firefox = {
|
||||||
enableBrowserpass = nmh.browserpass;
|
enableBrowserpass = nmh.browserpass;
|
||||||
enableBukubrow = nmh.bukubrow;
|
enableBukubrow = nmh.bukubrow;
|
||||||
|
enableEUWebID = nmh.euwebid;
|
||||||
enableTridactylNative = nmh.tridactyl;
|
enableTridactylNative = nmh.tridactyl;
|
||||||
enableUgetIntegrator = nmh.ugetIntegrator;
|
enableUgetIntegrator = nmh.ugetIntegrator;
|
||||||
enableFXCastBridge = nmh.fxCast;
|
enableFXCastBridge = nmh.fxCast;
|
||||||
|
|
85
third_party/nixpkgs/nixos/modules/programs/gamescope.nix
vendored
Normal file
85
third_party/nixpkgs/nixos/modules/programs/gamescope.nix
vendored
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
cfg = config.programs.gamescope;
|
||||||
|
|
||||||
|
gamescope =
|
||||||
|
let
|
||||||
|
wrapperArgs =
|
||||||
|
optional (cfg.args != [ ])
|
||||||
|
''--add-flags "${toString cfg.args}"''
|
||||||
|
++ builtins.attrValues (mapAttrs (var: val: "--set-default ${var} ${val}") cfg.env);
|
||||||
|
in
|
||||||
|
pkgs.runCommand "gamescope" { nativeBuildInputs = [ pkgs.makeBinaryWrapper ]; } ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
makeWrapper ${cfg.package}/bin/gamescope $out/bin/gamescope --inherit-argv0 \
|
||||||
|
${toString wrapperArgs}
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.programs.gamescope = {
|
||||||
|
enable = mkEnableOption (mdDoc "gamescope");
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.gamescope;
|
||||||
|
defaultText = literalExpression "pkgs.gamescope";
|
||||||
|
description = mdDoc ''
|
||||||
|
The GameScope package to use.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
capSysNice = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
Add cap_sys_nice capability to the GameScope
|
||||||
|
binary so that it may renice itself.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
args = mkOption {
|
||||||
|
type = types.listOf types.string;
|
||||||
|
default = [ ];
|
||||||
|
example = [ "--rt" "--prefer-vk-device 8086:9bc4" ];
|
||||||
|
description = mdDoc ''
|
||||||
|
Arguments passed to GameScope on startup.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
env = mkOption {
|
||||||
|
type = types.attrsOf types.string;
|
||||||
|
default = { };
|
||||||
|
example = literalExpression ''
|
||||||
|
# for Prime render offload on Nvidia laptops.
|
||||||
|
# Also requires `hardware.nvidia.prime.offload.enable`.
|
||||||
|
{
|
||||||
|
__NV_PRIME_RENDER_OFFLOAD = "1";
|
||||||
|
__VK_LAYER_NV_optimus = "NVIDIA_only";
|
||||||
|
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = mdDoc ''
|
||||||
|
Default environment variables available to the GameScope process, overridable at runtime.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
security.wrappers = mkIf cfg.capSysNice {
|
||||||
|
gamescope = {
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
source = "${gamescope}/bin/gamescope";
|
||||||
|
capabilities = "cap_sys_nice+pie";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = mkIf (!cfg.capSysNice) [ gamescope ];
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with maintainers; [ nrdxp ];
|
||||||
|
}
|
|
@ -11,7 +11,7 @@ let
|
||||||
${concatStringsSep "\n"
|
${concatStringsSep "\n"
|
||||||
(mapAttrsToList (command: action: "${command} ${action}") cfg.commands)
|
(mapAttrsToList (command: action: "${command} ${action}") cfg.commands)
|
||||||
}
|
}
|
||||||
${if cfg.clearDefaultCommands then "#stop" else ""}
|
${optionalString cfg.clearDefaultCommands "#stop"}
|
||||||
|
|
||||||
#line-edit
|
#line-edit
|
||||||
${concatStringsSep "\n"
|
${concatStringsSep "\n"
|
||||||
|
|
|
@ -4,12 +4,8 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.programs.neovim;
|
cfg = config.programs.neovim;
|
||||||
|
in
|
||||||
runtime' = filter (f: f.enable) (attrValues cfg.runtime);
|
{
|
||||||
|
|
||||||
runtime = pkgs.linkFarm "neovim-runtime" (map (x: { name = "etc/${x.target}"; path = x.source; }) runtime');
|
|
||||||
|
|
||||||
in {
|
|
||||||
options.programs.neovim = {
|
options.programs.neovim = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -70,7 +66,7 @@ in {
|
||||||
|
|
||||||
configure = mkOption {
|
configure = mkOption {
|
||||||
type = types.attrs;
|
type = types.attrs;
|
||||||
default = {};
|
default = { };
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
{
|
{
|
||||||
customRC = '''
|
customRC = '''
|
||||||
|
@ -105,7 +101,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
runtime = mkOption {
|
runtime = mkOption {
|
||||||
default = {};
|
default = { };
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
{ "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; }
|
{ "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; }
|
||||||
'';
|
'';
|
||||||
|
@ -115,14 +111,15 @@ in {
|
||||||
|
|
||||||
type = with types; attrsOf (submodule (
|
type = with types; attrsOf (submodule (
|
||||||
{ name, config, ... }:
|
{ name, config, ... }:
|
||||||
{ options = {
|
{
|
||||||
|
options = {
|
||||||
|
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Whether this /etc file should be generated. This
|
Whether this runtime directory should be generated. This
|
||||||
option allows specific /etc files to be disabled.
|
option allows specific runtime files to be disabled.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -147,14 +144,9 @@ in {
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config.target = mkDefault name;
|
||||||
target = mkDefault name;
|
}
|
||||||
source = mkIf (config.text != null) (
|
));
|
||||||
let name' = "neovim-runtime" + baseNameOf name;
|
|
||||||
in mkDefault (pkgs.writeText name' config.text));
|
|
||||||
};
|
|
||||||
|
|
||||||
}));
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -165,14 +157,17 @@ in {
|
||||||
];
|
];
|
||||||
environment.variables.EDITOR = mkIf cfg.defaultEditor (mkOverride 900 "nvim");
|
environment.variables.EDITOR = mkIf cfg.defaultEditor (mkOverride 900 "nvim");
|
||||||
|
|
||||||
programs.neovim.finalPackage = pkgs.wrapNeovim cfg.package {
|
environment.etc = listToAttrs (attrValues (mapAttrs
|
||||||
inherit (cfg) viAlias vimAlias withPython3 withNodeJs withRuby;
|
(name: value: {
|
||||||
configure = cfg.configure // {
|
name = "xdg/nvim/${name}";
|
||||||
|
value = value // {
|
||||||
customRC = (cfg.configure.customRC or "") + ''
|
target = "xdg/nvim/${value.target}";
|
||||||
set runtimepath^=${runtime}/etc
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
})
|
||||||
|
cfg.runtime));
|
||||||
|
|
||||||
|
programs.neovim.finalPackage = pkgs.wrapNeovim cfg.package {
|
||||||
|
inherit (cfg) viAlias vimAlias withPython3 withNodeJs withRuby configure;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,7 +50,7 @@ in
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services.greetd = {
|
services.greetd = {
|
||||||
enable = lib.mkDefault true;
|
enable = lib.mkDefault true;
|
||||||
settings.default_session.command = lib.mkDefault "${lib.getExe pkgs.cage} -s -- ${lib.getExe cfg.package}";
|
settings.default_session.command = lib.mkDefault "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} -s -- ${lib.getExe cfg.package}";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
|
|
|
@ -26,7 +26,7 @@ let
|
||||||
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
|
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
|
||||||
)) + "\n";
|
)) + "\n";
|
||||||
|
|
||||||
knownHostsFiles = [ "/etc/ssh/ssh_known_hosts" "/etc/ssh/ssh_known_hosts2" ]
|
knownHostsFiles = [ "/etc/ssh/ssh_known_hosts" ]
|
||||||
++ map pkgs.copyPathToStore cfg.knownHostsFiles;
|
++ map pkgs.copyPathToStore cfg.knownHostsFiles;
|
||||||
|
|
||||||
in
|
in
|
||||||
|
@ -232,9 +232,8 @@ in
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Files containing SSH host keys to set as global known hosts.
|
Files containing SSH host keys to set as global known hosts.
|
||||||
`/etc/ssh/ssh_known_hosts` (which is
|
`/etc/ssh/ssh_known_hosts` (which is
|
||||||
generated by {option}`programs.ssh.knownHosts`) and
|
generated by {option}`programs.ssh.knownHosts`) is
|
||||||
`/etc/ssh/ssh_known_hosts2` are always
|
always included.
|
||||||
included.
|
|
||||||
'';
|
'';
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
[
|
[
|
||||||
|
|
|
@ -4,6 +4,24 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.programs.steam;
|
cfg = config.programs.steam;
|
||||||
|
gamescopeCfg = config.programs.gamescope;
|
||||||
|
|
||||||
|
steam-gamescope = let
|
||||||
|
exports = builtins.attrValues (builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env);
|
||||||
|
in
|
||||||
|
pkgs.writeShellScriptBin "steam-gamescope" ''
|
||||||
|
${builtins.concatStringsSep "\n" exports}
|
||||||
|
gamescope --steam ${toString cfg.gamescopeSession.args} -- steam -tenfoot -pipewire-dmabuf
|
||||||
|
'';
|
||||||
|
|
||||||
|
gamescopeSessionFile =
|
||||||
|
(pkgs.writeTextDir "share/wayland-sessions/steam.desktop" ''
|
||||||
|
[Desktop Entry]
|
||||||
|
Name=Steam
|
||||||
|
Comment=A digital distribution platform
|
||||||
|
Exec=${steam-gamescope}/bin/steam-gamescope
|
||||||
|
Type=Application
|
||||||
|
'').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; });
|
||||||
in {
|
in {
|
||||||
options.programs.steam = {
|
options.programs.steam = {
|
||||||
enable = mkEnableOption (lib.mdDoc "steam");
|
enable = mkEnableOption (lib.mdDoc "steam");
|
||||||
|
@ -32,6 +50,12 @@ in {
|
||||||
then [ package ] ++ extraPackages
|
then [ package ] ++ extraPackages
|
||||||
else [ package32 ] ++ extraPackages32;
|
else [ package32 ] ++ extraPackages32;
|
||||||
in prevLibs ++ additionalLibs;
|
in prevLibs ++ additionalLibs;
|
||||||
|
} // optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice)
|
||||||
|
{
|
||||||
|
buildFHSEnv = pkgs.buildFHSEnv.override {
|
||||||
|
# use the setuid wrapped bubblewrap
|
||||||
|
bubblewrap = "${config.security.wrapperDir}/..";
|
||||||
|
};
|
||||||
});
|
});
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
The Steam package to use. Additional libraries are added from the system
|
The Steam package to use. Additional libraries are added from the system
|
||||||
|
@ -57,6 +81,31 @@ in {
|
||||||
Open ports in the firewall for Source Dedicated Server.
|
Open ports in the firewall for Source Dedicated Server.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
gamescopeSession = mkOption {
|
||||||
|
description = mdDoc "Run a GameScope driven Steam session from your display-manager";
|
||||||
|
default = {};
|
||||||
|
type = types.submodule {
|
||||||
|
options = {
|
||||||
|
enable = mkEnableOption (mdDoc "GameScope Session");
|
||||||
|
args = mkOption {
|
||||||
|
type = types.listOf types.string;
|
||||||
|
default = [ ];
|
||||||
|
description = mdDoc ''
|
||||||
|
Arguments to be passed to GameScope for the session.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
env = mkOption {
|
||||||
|
type = types.attrsOf types.string;
|
||||||
|
default = { };
|
||||||
|
description = mdDoc ''
|
||||||
|
Environmental variables to be passed to GameScope for the session.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -66,6 +115,19 @@ in {
|
||||||
driSupport32Bit = true;
|
driSupport32Bit = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.wrappers = mkIf (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
|
||||||
|
# needed or steam fails
|
||||||
|
bwrap = {
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
source = "${pkgs.bubblewrap}/bin/bwrap";
|
||||||
|
setuid = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.gamescope.enable = mkDefault cfg.gamescopeSession.enable;
|
||||||
|
services.xserver.displayManager.sessionPackages = mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ];
|
||||||
|
|
||||||
# optionally enable 32bit pulseaudio support if pulseaudio is enabled
|
# optionally enable 32bit pulseaudio support if pulseaudio is enabled
|
||||||
hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable;
|
hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable;
|
||||||
|
|
||||||
|
@ -74,7 +136,7 @@ in {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
cfg.package
|
cfg.package
|
||||||
cfg.package.run
|
cfg.package.run
|
||||||
];
|
] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope;
|
||||||
|
|
||||||
networking.firewall = lib.mkMerge [
|
networking.firewall = lib.mkMerge [
|
||||||
(mkIf cfg.remotePlay.openFirewall {
|
(mkIf cfg.remotePlay.openFirewall {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mkOption mkIf types;
|
inherit (lib) mkOption mkIf types optionalString;
|
||||||
|
|
||||||
cfg = config.programs.tmux;
|
cfg = config.programs.tmux;
|
||||||
|
|
||||||
|
@ -17,17 +17,17 @@ let
|
||||||
set -g base-index ${toString cfg.baseIndex}
|
set -g base-index ${toString cfg.baseIndex}
|
||||||
setw -g pane-base-index ${toString cfg.baseIndex}
|
setw -g pane-base-index ${toString cfg.baseIndex}
|
||||||
|
|
||||||
${if cfg.newSession then "new-session" else ""}
|
${optionalString cfg.newSession "new-session"}
|
||||||
|
|
||||||
${if cfg.reverseSplit then ''
|
${optionalString cfg.reverseSplit ''
|
||||||
bind v split-window -h
|
bind v split-window -h
|
||||||
bind s split-window -v
|
bind s split-window -v
|
||||||
'' else ""}
|
''}
|
||||||
|
|
||||||
set -g status-keys ${cfg.keyMode}
|
set -g status-keys ${cfg.keyMode}
|
||||||
set -g mode-keys ${cfg.keyMode}
|
set -g mode-keys ${cfg.keyMode}
|
||||||
|
|
||||||
${if cfg.keyMode == "vi" && cfg.customPaneNavigationAndResize then ''
|
${optionalString (cfg.keyMode == "vi" && cfg.customPaneNavigationAndResize) ''
|
||||||
bind h select-pane -L
|
bind h select-pane -L
|
||||||
bind j select-pane -D
|
bind j select-pane -D
|
||||||
bind k select-pane -U
|
bind k select-pane -U
|
||||||
|
@ -37,15 +37,15 @@ let
|
||||||
bind -r J resize-pane -D ${toString cfg.resizeAmount}
|
bind -r J resize-pane -D ${toString cfg.resizeAmount}
|
||||||
bind -r K resize-pane -U ${toString cfg.resizeAmount}
|
bind -r K resize-pane -U ${toString cfg.resizeAmount}
|
||||||
bind -r L resize-pane -R ${toString cfg.resizeAmount}
|
bind -r L resize-pane -R ${toString cfg.resizeAmount}
|
||||||
'' else ""}
|
''}
|
||||||
|
|
||||||
${if (cfg.shortcut != defaultShortcut) then ''
|
${optionalString (cfg.shortcut != defaultShortcut) ''
|
||||||
# rebind main key: C-${cfg.shortcut}
|
# rebind main key: C-${cfg.shortcut}
|
||||||
unbind C-${defaultShortcut}
|
unbind C-${defaultShortcut}
|
||||||
set -g prefix C-${cfg.shortcut}
|
set -g prefix C-${cfg.shortcut}
|
||||||
bind ${cfg.shortcut} send-prefix
|
bind ${cfg.shortcut} send-prefix
|
||||||
bind C-${cfg.shortcut} last-window
|
bind C-${cfg.shortcut} last-window
|
||||||
'' else ""}
|
''}
|
||||||
|
|
||||||
setw -g aggressive-resize ${boolToStr cfg.aggressiveResize}
|
setw -g aggressive-resize ${boolToStr cfg.aggressiveResize}
|
||||||
setw -g clock-mode-style ${if cfg.clock24 then "24" else "12"}
|
setw -g clock-mode-style ${if cfg.clock24 then "24" else "12"}
|
||||||
|
@ -160,7 +160,10 @@ in {
|
||||||
default = defaultTerminal;
|
default = defaultTerminal;
|
||||||
example = "screen-256color";
|
example = "screen-256color";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc "Set the $TERM variable.";
|
description = lib.mdDoc ''
|
||||||
|
Set the $TERM variable. Use tmux-direct if italics or 24bit true color
|
||||||
|
support is needed.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
secureSocket = mkOption {
|
secureSocket = mkOption {
|
||||||
|
|
|
@ -236,6 +236,9 @@ in
|
||||||
setopt ${concatStringsSep " " cfg.setOptions}
|
setopt ${concatStringsSep " " cfg.setOptions}
|
||||||
''}
|
''}
|
||||||
|
|
||||||
|
# Alternative method of determining short and full hostname.
|
||||||
|
HOST=${config.networking.fqdnOrHostName}
|
||||||
|
|
||||||
# Setup command line history.
|
# Setup command line history.
|
||||||
# Don't export these, otherwise other shells (bash) will try to use same HISTFILE.
|
# Don't export these, otherwise other shells (bash) will try to use same HISTFILE.
|
||||||
SAVEHIST=${toString cfg.histSize}
|
SAVEHIST=${toString cfg.histSize}
|
||||||
|
|
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
|
@ -58,6 +58,7 @@ with lib;
|
||||||
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
||||||
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
|
||||||
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
|
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
|
||||||
|
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
|
||||||
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
|
||||||
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
|
||||||
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
|
||||||
|
@ -106,6 +107,7 @@ with lib;
|
||||||
(mkRemovedOptionModule [ "services" "openfire" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "openfire" ] "The corresponding package was removed from nixpkgs.")
|
||||||
(mkRemovedOptionModule [ "services" "riak" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "riak" ] "The corresponding package was removed from nixpkgs.")
|
||||||
(mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.")
|
||||||
|
(mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.")
|
||||||
|
|
||||||
(mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Plesae use fcitx5 instead")
|
(mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Plesae use fcitx5 instead")
|
||||||
|
|
||||||
|
|
|
@ -487,7 +487,7 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
email = mkOption {
|
email = mkOption {
|
||||||
type = types.str;
|
type = types.nullOr types.str;
|
||||||
inherit (defaultAndText "email" null) default defaultText;
|
inherit (defaultAndText "email" null) default defaultText;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Email address for account creation and correspondence from the CA.
|
Email address for account creation and correspondence from the CA.
|
||||||
|
@ -555,7 +555,7 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
credentialsFile = mkOption {
|
credentialsFile = mkOption {
|
||||||
type = types.path;
|
type = types.nullOr types.path;
|
||||||
inherit (defaultAndText "credentialsFile" null) default defaultText;
|
inherit (defaultAndText "credentialsFile" null) default defaultText;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Path to an EnvironmentFile for the cert's service containing any required and
|
Path to an EnvironmentFile for the cert's service containing any required and
|
||||||
|
@ -781,11 +781,11 @@ in {
|
||||||
|
|
||||||
# FIXME Most of these custom warnings and filters for security.acme.certs.* are required
|
# FIXME Most of these custom warnings and filters for security.acme.certs.* are required
|
||||||
# because using mkRemovedOptionModule/mkChangedOptionModule with attrsets isn't possible.
|
# because using mkRemovedOptionModule/mkChangedOptionModule with attrsets isn't possible.
|
||||||
warnings = filter (w: w != "") (mapAttrsToList (cert: data: if data.extraDomains != "_mkMergedOptionModule" then ''
|
warnings = filter (w: w != "") (mapAttrsToList (cert: data: optionalString (data.extraDomains != "_mkMergedOptionModule") ''
|
||||||
The option definition `security.acme.certs.${cert}.extraDomains` has changed
|
The option definition `security.acme.certs.${cert}.extraDomains` has changed
|
||||||
to `security.acme.certs.${cert}.extraDomainNames` and is now a list of strings.
|
to `security.acme.certs.${cert}.extraDomainNames` and is now a list of strings.
|
||||||
Setting a custom webroot for extra domains is not possible, instead use separate certs.
|
Setting a custom webroot for extra domains is not possible, instead use separate certs.
|
||||||
'' else "") cfg.certs);
|
'') cfg.certs);
|
||||||
|
|
||||||
assertions = let
|
assertions = let
|
||||||
certs = attrValues cfg.certs;
|
certs = attrValues cfg.certs;
|
||||||
|
|
|
@ -275,9 +275,9 @@ in {
|
||||||
|
|
||||||
warnings =
|
warnings =
|
||||||
# https://github.com/badaix/snapcast/blob/98ac8b2fb7305084376607b59173ce4097c620d8/server/streamreader/stream_manager.cpp#L85
|
# https://github.com/badaix/snapcast/blob/98ac8b2fb7305084376607b59173ce4097c620d8/server/streamreader/stream_manager.cpp#L85
|
||||||
filter (w: w != "") (mapAttrsToList (k: v: if v.type == "spotify" then ''
|
filter (w: w != "") (mapAttrsToList (k: v: optionalString (v.type == "spotify") ''
|
||||||
services.snapserver.streams.${k}.type = "spotify" is deprecated, use services.snapserver.streams.${k}.type = "librespot" instead.
|
services.snapserver.streams.${k}.type = "spotify" is deprecated, use services.snapserver.streams.${k}.type = "librespot" instead.
|
||||||
'' else "") cfg.streams);
|
'') cfg.streams);
|
||||||
|
|
||||||
systemd.services.snapserver = {
|
systemd.services.snapserver = {
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
|
@ -72,5 +72,8 @@ in
|
||||||
cfg.configurations;
|
cfg.configurations;
|
||||||
|
|
||||||
systemd.packages = [ pkgs.borgmatic ];
|
systemd.packages = [ pkgs.borgmatic ];
|
||||||
|
|
||||||
|
# Workaround: https://github.com/NixOS/nixpkgs/issues/81138
|
||||||
|
systemd.timers.borgmatic.wantedBy = [ "timers.target" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ let
|
||||||
'';
|
'';
|
||||||
backupDatabaseScript = db: ''
|
backupDatabaseScript = db: ''
|
||||||
dest="${cfg.location}/${db}.gz"
|
dest="${cfg.location}/${db}.gz"
|
||||||
if ${mariadb}/bin/mysqldump ${if cfg.singleTransaction then "--single-transaction" else ""} ${db} | ${gzip}/bin/gzip -c > $dest.tmp; then
|
if ${mariadb}/bin/mysqldump ${optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c > $dest.tmp; then
|
||||||
mv $dest.tmp $dest
|
mv $dest.tmp $dest
|
||||||
echo "Backed up to $dest"
|
echo "Backed up to $dest"
|
||||||
else
|
else
|
||||||
|
|
|
@ -300,7 +300,7 @@ in
|
||||||
filesFromTmpFile = "/run/restic-backups-${name}/includes";
|
filesFromTmpFile = "/run/restic-backups-${name}/includes";
|
||||||
backupPaths =
|
backupPaths =
|
||||||
if (backup.dynamicFilesFrom == null)
|
if (backup.dynamicFilesFrom == null)
|
||||||
then if (backup.paths != null) then concatStringsSep " " backup.paths else ""
|
then optionalString (backup.paths != null) (concatStringsSep " " backup.paths)
|
||||||
else "--files-from ${filesFromTmpFile}";
|
else "--files-from ${filesFromTmpFile}";
|
||||||
pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [
|
pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [
|
||||||
(resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts))
|
(resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts))
|
||||||
|
|
|
@ -196,9 +196,9 @@ in
|
||||||
--gcmode ${cfg.gcmode} \
|
--gcmode ${cfg.gcmode} \
|
||||||
--port ${toString cfg.port} \
|
--port ${toString cfg.port} \
|
||||||
--maxpeers ${toString cfg.maxpeers} \
|
--maxpeers ${toString cfg.maxpeers} \
|
||||||
${if cfg.http.enable then ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}'' else ""} \
|
${optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \
|
||||||
${optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \
|
${optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \
|
||||||
${if cfg.websocket.enable then ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}'' else ""} \
|
${optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \
|
||||||
${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \
|
${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \
|
||||||
${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \
|
${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \
|
||||||
--authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \
|
--authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \
|
||||||
|
|
|
@ -63,6 +63,7 @@ in
|
||||||
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
|
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
|
||||||
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "")
|
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "")
|
||||||
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "networkPlugin" ] "")
|
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "networkPlugin" ] "")
|
||||||
|
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "containerRuntime" ] "")
|
||||||
];
|
];
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
|
@ -134,12 +135,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
containerRuntime = mkOption {
|
|
||||||
description = lib.mdDoc "Which container runtime type to use";
|
|
||||||
type = enum ["docker" "remote"];
|
|
||||||
default = "remote";
|
|
||||||
};
|
|
||||||
|
|
||||||
containerRuntimeEndpoint = mkOption {
|
containerRuntimeEndpoint = mkOption {
|
||||||
description = lib.mdDoc "Endpoint at which to find the container runtime api interface/socket";
|
description = lib.mdDoc "Endpoint at which to find the container runtime api interface/socket";
|
||||||
type = str;
|
type = str;
|
||||||
|
@ -331,7 +326,6 @@ in
|
||||||
${optionalString (cfg.tlsKeyFile != null)
|
${optionalString (cfg.tlsKeyFile != null)
|
||||||
"--tls-private-key-file=${cfg.tlsKeyFile}"} \
|
"--tls-private-key-file=${cfg.tlsKeyFile}"} \
|
||||||
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
|
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
|
||||||
--container-runtime=${cfg.containerRuntime} \
|
|
||||||
--container-runtime-endpoint=${cfg.containerRuntimeEndpoint} \
|
--container-runtime-endpoint=${cfg.containerRuntimeEndpoint} \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
${cfg.extraOpts}
|
${cfg.extraOpts}
|
||||||
|
|
|
@ -6,7 +6,7 @@ let
|
||||||
cfg = config.services.boinc;
|
cfg = config.services.boinc;
|
||||||
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
|
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
|
||||||
|
|
||||||
fhsEnv = pkgs.buildFHSUserEnv {
|
fhsEnv = pkgs.buildFHSEnv {
|
||||||
name = "boinc-fhs-env";
|
name = "boinc-fhs-env";
|
||||||
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
|
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
|
||||||
runScript = "/bin/boinc_client";
|
runScript = "/bin/boinc_client";
|
||||||
|
|
|
@ -242,7 +242,7 @@ in {
|
||||||
jobdir="${jenkinsCfg.home}/$jenkinsjobname"
|
jobdir="${jenkinsCfg.home}/$jenkinsjobname"
|
||||||
rm -rf "$jobdir"
|
rm -rf "$jobdir"
|
||||||
done
|
done
|
||||||
'' + (if cfg.accessUser != "" then reloadScript else "");
|
'' + (optionalString (cfg.accessUser != "") reloadScript);
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
User = jenkinsCfg.user;
|
User = jenkinsCfg.user;
|
||||||
|
|
|
@ -50,6 +50,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package pkgs.direnv ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.minetest-server;
|
cfg = config.services.minetest-server;
|
||||||
flag = val: name: if val != null then "--${name} ${toString val} " else "";
|
flag = val: name: optionalString (val != null) "--${name} ${toString val} ";
|
||||||
flags = [
|
flags = [
|
||||||
(flag cfg.gameId "gameid")
|
(flag cfg.gameId "gameid")
|
||||||
(flag cfg.world "world")
|
(flag cfg.world "world")
|
||||||
|
|
|
@ -37,7 +37,7 @@ in {
|
||||||
|
|
||||||
serviceConfig.ExecStart = [
|
serviceConfig.ExecStart = [
|
||||||
""
|
""
|
||||||
"${lib.getExe pkgs.auto-cpufreq} --config ${cfgFile}"
|
"${lib.getExe pkgs.auto-cpufreq} --daemon --config ${cfgFile}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -16,16 +16,6 @@ let
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
# networkd link files are used early by udev to set up interfaces early.
|
|
||||||
# This must be done in stage 1 to avoid race conditions between udev and
|
|
||||||
# network daemons.
|
|
||||||
# TODO move this into the initrd-network module when it exists
|
|
||||||
initrdLinkUnits = pkgs.runCommand "initrd-link-units" {} ''
|
|
||||||
mkdir -p $out
|
|
||||||
ln -s ${udev}/lib/systemd/network/*.link $out/
|
|
||||||
${lib.concatMapStringsSep "\n" (file: "ln -s ${file} $out/") (lib.mapAttrsToList (n: v: "${v.unit}/${n}") (lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units))}
|
|
||||||
'';
|
|
||||||
|
|
||||||
extraUdevRules = pkgs.writeTextFile {
|
extraUdevRules = pkgs.writeTextFile {
|
||||||
name = "extra-udev-rules";
|
name = "extra-udev-rules";
|
||||||
text = cfg.extraRules;
|
text = cfg.extraRules;
|
||||||
|
@ -398,7 +388,6 @@ in
|
||||||
systemd = config.boot.initrd.systemd.package;
|
systemd = config.boot.initrd.systemd.package;
|
||||||
binPackages = config.boot.initrd.services.udev.binPackages ++ [ config.boot.initrd.systemd.contents."/bin".source ];
|
binPackages = config.boot.initrd.services.udev.binPackages ++ [ config.boot.initrd.systemd.contents."/bin".source ];
|
||||||
};
|
};
|
||||||
"/etc/systemd/network".source = initrdLinkUnits;
|
|
||||||
};
|
};
|
||||||
# Insert initrd rules
|
# Insert initrd rules
|
||||||
boot.initrd.services.udev.packages = [
|
boot.initrd.services.udev.packages = [
|
||||||
|
|
136
third_party/nixpkgs/nixos/modules/services/home-automation/esphome.nix
vendored
Normal file
136
third_party/nixpkgs/nixos/modules/services/home-automation/esphome.nix
vendored
Normal file
|
@ -0,0 +1,136 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib)
|
||||||
|
literalExpression
|
||||||
|
maintainers
|
||||||
|
mkEnableOption
|
||||||
|
mkIf
|
||||||
|
mkOption
|
||||||
|
mdDoc
|
||||||
|
types
|
||||||
|
;
|
||||||
|
|
||||||
|
cfg = config.services.esphome;
|
||||||
|
|
||||||
|
stateDir = "/var/lib/esphome";
|
||||||
|
|
||||||
|
esphomeParams =
|
||||||
|
if cfg.enableUnixSocket
|
||||||
|
then "--socket /run/esphome/esphome.sock"
|
||||||
|
else "--address ${cfg.address} --port ${toString cfg.port}";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
meta.maintainers = with maintainers; [ oddlama ];
|
||||||
|
|
||||||
|
options.services.esphome = {
|
||||||
|
enable = mkEnableOption (mdDoc "esphome");
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.esphome;
|
||||||
|
defaultText = literalExpression "pkgs.esphome";
|
||||||
|
description = mdDoc "The package to use for the esphome command.";
|
||||||
|
};
|
||||||
|
|
||||||
|
enableUnixSocket = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc "Listen on a unix socket `/run/esphome/esphome.sock` instead of the TCP port.";
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "localhost";
|
||||||
|
description = mdDoc "esphome address";
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 6052;
|
||||||
|
description = mdDoc "esphome port";
|
||||||
|
};
|
||||||
|
|
||||||
|
openFirewall = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = mdDoc "Whether to open the firewall for the specified port.";
|
||||||
|
};
|
||||||
|
|
||||||
|
allowedDevices = mkOption {
|
||||||
|
default = ["char-ttyS" "char-ttyUSB"];
|
||||||
|
example = ["/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0"];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
A list of device nodes to which {command}`esphome` has access to.
|
||||||
|
Refer to DeviceAllow in systemd.resource-control(5) for more information.
|
||||||
|
Beware that if a device is referred to by an absolute path instead of a device category,
|
||||||
|
it will only allow devices that already are plugged in when the service is started.
|
||||||
|
'';
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall && !cfg.enableUnixSocket) [cfg.port];
|
||||||
|
|
||||||
|
systemd.services.esphome = {
|
||||||
|
description = "ESPHome dashboard";
|
||||||
|
after = ["network.target"];
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
path = [cfg.package];
|
||||||
|
|
||||||
|
# platformio fails to determine the home directory when using DynamicUser
|
||||||
|
environment.PLATFORMIO_CORE_DIR = "${stateDir}/.platformio";
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${cfg.package}/bin/esphome dashboard ${esphomeParams} ${stateDir}";
|
||||||
|
DynamicUser = true;
|
||||||
|
User = "esphome";
|
||||||
|
Group = "esphome";
|
||||||
|
WorkingDirectory = stateDir;
|
||||||
|
StateDirectory = "esphome";
|
||||||
|
StateDirectoryMode = "0750";
|
||||||
|
Restart = "on-failure";
|
||||||
|
RuntimeDirectory = mkIf cfg.enableUnixSocket "esphome";
|
||||||
|
RuntimeDirectoryMode = "0750";
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
DeviceAllow = map (d: "${d} rw") cfg.allowedDevices;
|
||||||
|
SupplementaryGroups = ["dialout"];
|
||||||
|
#NoNewPrivileges = true; # Implied by DynamicUser
|
||||||
|
PrivateUsers = true;
|
||||||
|
#PrivateTmp = true; # Implied by DynamicUser
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProcSubset = "pid";
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
#RemoveIPC = true; # Implied by DynamicUser
|
||||||
|
RestrictAddressFamilies = [
|
||||||
|
"AF_INET"
|
||||||
|
"AF_INET6"
|
||||||
|
"AF_NETLINK"
|
||||||
|
"AF_UNIX"
|
||||||
|
];
|
||||||
|
RestrictNamespaces = false; # Required by platformio for chroot
|
||||||
|
RestrictRealtime = true;
|
||||||
|
#RestrictSUIDSGID = true; # Implied by DynamicUser
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"@mount" # Required by platformio for chroot
|
||||||
|
];
|
||||||
|
UMask = "0077";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -83,9 +83,8 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
mailOption =
|
mailOption =
|
||||||
if foldr (n: a: a || (n.mail or false) != false) false (attrValues cfg.settings)
|
optionalString (foldr (n: a: a || (n.mail or false) != false) false (attrValues cfg.settings))
|
||||||
then "--mail=${pkgs.mailutils}/bin/mail"
|
"--mail=${pkgs.mailutils}/bin/mail";
|
||||||
else "";
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -7,7 +7,7 @@ let
|
||||||
cfg = config.services.syslogd;
|
cfg = config.services.syslogd;
|
||||||
|
|
||||||
syslogConf = pkgs.writeText "syslog.conf" ''
|
syslogConf = pkgs.writeText "syslog.conf" ''
|
||||||
${if (cfg.tty != "") then "kern.warning;*.err;authpriv.none /dev/${cfg.tty}" else ""}
|
${optionalString (cfg.tty != "") "kern.warning;*.err;authpriv.none /dev/${cfg.tty}"}
|
||||||
${cfg.defaultConfig}
|
${cfg.defaultConfig}
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -26,13 +26,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
# for cli usage
|
||||||
|
environment.systemPackages = [ pkgs.vector ];
|
||||||
|
|
||||||
users.groups.vector = { };
|
|
||||||
users.users.vector = {
|
|
||||||
description = "Vector service user";
|
|
||||||
group = "vector";
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
|
||||||
systemd.services.vector = {
|
systemd.services.vector = {
|
||||||
description = "Vector event and log aggregator";
|
description = "Vector event and log aggregator";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -52,8 +48,7 @@ in
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}";
|
ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}";
|
||||||
User = "vector";
|
DynamicUser = true;
|
||||||
Group = "vector";
|
|
||||||
Restart = "no";
|
Restart = "no";
|
||||||
StateDirectory = "vector";
|
StateDirectory = "vector";
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
|
|
|
@ -228,8 +228,8 @@ in {
|
||||||
default = [];
|
default = [];
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
List of IMAP accounts which get automatically created. Note that for
|
List of IMAP accounts which get automatically created. Note that for
|
||||||
a complete setup, user credentials for these accounts are required too
|
a complete setup, user credentials for these accounts are required
|
||||||
and can be created using the command `maddyctl creds`.
|
and can be created using the `ensureCredentials` option.
|
||||||
This option does not delete accounts which are not (anymore) listed.
|
This option does not delete accounts which are not (anymore) listed.
|
||||||
'';
|
'';
|
||||||
example = [
|
example = [
|
||||||
|
@ -238,6 +238,33 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ensureCredentials = mkOption {
|
||||||
|
default = {};
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
List of user accounts which get automatically created if they don't
|
||||||
|
exist yet. Note that for a complete setup, corresponding mail boxes
|
||||||
|
have to get created using the `ensureAccounts` option.
|
||||||
|
This option does not delete accounts which are not (anymore) listed.
|
||||||
|
'';
|
||||||
|
example = {
|
||||||
|
"user1@localhost".passwordFile = /secrets/user1-localhost;
|
||||||
|
"user2@localhost".passwordFile = /secrets/user2-localhost;
|
||||||
|
};
|
||||||
|
type = types.attrsOf (types.submodule {
|
||||||
|
options = {
|
||||||
|
passwordFile = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
example = "/path/to/file";
|
||||||
|
default = null;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Specifies the path to a file containing the
|
||||||
|
clear text password for the user.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -265,6 +292,13 @@ in {
|
||||||
fi
|
fi
|
||||||
'') cfg.ensureAccounts}
|
'') cfg.ensureAccounts}
|
||||||
''}
|
''}
|
||||||
|
${optionalString (cfg.ensureCredentials != {}) ''
|
||||||
|
${concatStringsSep "\n" (mapAttrsToList (name: cfg: ''
|
||||||
|
if ! ${pkgs.maddy}/bin/maddyctl creds list | grep "${name}"; then
|
||||||
|
${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${escapeShellArg cfg.passwordFile}) ${name}
|
||||||
|
fi
|
||||||
|
'') cfg.ensureCredentials)}
|
||||||
|
''}
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
|
|
|
@ -234,7 +234,7 @@ let
|
||||||
|
|
||||||
headerChecks = concatStringsSep "\n" (map (x: "${x.pattern} ${x.action}") cfg.headerChecks) + cfg.extraHeaderChecks;
|
headerChecks = concatStringsSep "\n" (map (x: "${x.pattern} ${x.action}") cfg.headerChecks) + cfg.extraHeaderChecks;
|
||||||
|
|
||||||
aliases = let separator = if cfg.aliasMapType == "hash" then ":" else ""; in
|
aliases = let separator = optionalString (cfg.aliasMapType == "hash") ":"; in
|
||||||
optionalString (cfg.postmasterAlias != "") ''
|
optionalString (cfg.postmasterAlias != "") ''
|
||||||
postmaster${separator} ${cfg.postmasterAlias}
|
postmaster${separator} ${cfg.postmasterAlias}
|
||||||
''
|
''
|
||||||
|
|
|
@ -7,7 +7,7 @@ let
|
||||||
fpm = config.services.phpfpm.pools.roundcube;
|
fpm = config.services.phpfpm.pools.roundcube;
|
||||||
localDB = cfg.database.host == "localhost";
|
localDB = cfg.database.host == "localhost";
|
||||||
user = cfg.database.username;
|
user = cfg.database.username;
|
||||||
phpWithPspell = pkgs.php80.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled);
|
phpWithPspell = pkgs.php81.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services.roundcube = {
|
options.services.roundcube = {
|
||||||
|
@ -70,7 +70,12 @@ in
|
||||||
};
|
};
|
||||||
passwordFile = mkOption {
|
passwordFile = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc "Password file for the postgresql connection. Must be readable by user `nginx`. Ignored if `database.host` is set to `localhost`, as peer authentication will be used.";
|
description = lib.mdDoc ''
|
||||||
|
Password file for the postgresql connection.
|
||||||
|
Must be formated according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html)
|
||||||
|
but only one line, no comments and readable by user `nginx`.
|
||||||
|
Ignored if `database.host` is set to `localhost`, as peer authentication will be used.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
dbname = mkOption {
|
dbname = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
@ -123,7 +128,13 @@ in
|
||||||
environment.etc."roundcube/config.inc.php".text = ''
|
environment.etc."roundcube/config.inc.php".text = ''
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
${lib.optionalString (!localDB) "$password = file_get_contents('${cfg.database.passwordFile}');"}
|
${lib.optionalString (!localDB) ''
|
||||||
|
$password = file('${cfg.database.passwordFile}')[0];
|
||||||
|
$password = preg_split('~\\\\.(*SKIP)(*FAIL)|\:~s', $password);
|
||||||
|
$password = end($password);
|
||||||
|
$password = str_replace("\\:", ":", $password);
|
||||||
|
$password = str_replace("\\\\", "\\", $password);
|
||||||
|
''}
|
||||||
|
|
||||||
$config = array();
|
$config = array();
|
||||||
$config['db_dsnw'] = 'pgsql://${cfg.database.username}${lib.optionalString (!localDB) ":' . $password . '"}@${if localDB then "unix(/run/postgresql)" else cfg.database.host}/${cfg.database.dbname}';
|
$config['db_dsnw'] = 'pgsql://${cfg.database.username}${lib.optionalString (!localDB) ":' . $password . '"}@${if localDB then "unix(/run/postgresql)" else cfg.database.host}/${cfg.database.dbname}';
|
||||||
|
@ -223,6 +234,7 @@ in
|
||||||
path = [ config.services.postgresql.package ];
|
path = [ config.services.postgresql.package ];
|
||||||
})
|
})
|
||||||
{
|
{
|
||||||
|
after = [ "network-online.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
script = let
|
script = let
|
||||||
psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}";
|
psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}";
|
||||||
|
|
|
@ -10,7 +10,7 @@ let
|
||||||
Connection = ${cfg.device.connection}
|
Connection = ${cfg.device.connection}
|
||||||
SynchronizeTime = ${if cfg.device.synchronizeTime then "yes" else "no"}
|
SynchronizeTime = ${if cfg.device.synchronizeTime then "yes" else "no"}
|
||||||
LogFormat = ${cfg.log.format}
|
LogFormat = ${cfg.log.format}
|
||||||
${if (cfg.device.pin != null) then "PIN = ${cfg.device.pin}" else ""}
|
${optionalString (cfg.device.pin != null) "PIN = ${cfg.device.pin}"}
|
||||||
${cfg.extraConfig.gammu}
|
${cfg.extraConfig.gammu}
|
||||||
|
|
||||||
|
|
||||||
|
@ -33,10 +33,10 @@ let
|
||||||
${optionalString (cfg.backend.service == "sql" && cfg.backend.sql.driver == "native_pgsql") (
|
${optionalString (cfg.backend.service == "sql" && cfg.backend.sql.driver == "native_pgsql") (
|
||||||
with cfg.backend; ''
|
with cfg.backend; ''
|
||||||
Driver = ${sql.driver}
|
Driver = ${sql.driver}
|
||||||
${if (sql.database!= null) then "Database = ${sql.database}" else ""}
|
${optionalString (sql.database!= null) "Database = ${sql.database}"}
|
||||||
${if (sql.host != null) then "Host = ${sql.host}" else ""}
|
${optionalString (sql.host != null) "Host = ${sql.host}"}
|
||||||
${if (sql.user != null) then "User = ${sql.user}" else ""}
|
${optionalString (sql.user != null) "User = ${sql.user}"}
|
||||||
${if (sql.password != null) then "Password = ${sql.password}" else ""}
|
${optionalString (sql.password != null) "Password = ${sql.password}"}
|
||||||
'')}
|
'')}
|
||||||
|
|
||||||
${cfg.extraConfig.smsd}
|
${cfg.extraConfig.smsd}
|
||||||
|
|
|
@ -26,9 +26,18 @@ in
|
||||||
imports = [
|
imports = [
|
||||||
(mkRenamedOptionModule [ "services" "gitea" "cookieSecure" ] [ "services" "gitea" "settings" "session" "COOKIE_SECURE" ])
|
(mkRenamedOptionModule [ "services" "gitea" "cookieSecure" ] [ "services" "gitea" "settings" "session" "COOKIE_SECURE" ])
|
||||||
(mkRenamedOptionModule [ "services" "gitea" "disableRegistration" ] [ "services" "gitea" "settings" "service" "DISABLE_REGISTRATION" ])
|
(mkRenamedOptionModule [ "services" "gitea" "disableRegistration" ] [ "services" "gitea" "settings" "service" "DISABLE_REGISTRATION" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "gitea" "domain" ] [ "services" "gitea" "settings" "server" "DOMAIN" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "gitea" "httpAddress" ] [ "services" "gitea" "settings" "server" "HTTP_ADDR" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "gitea" "httpPort" ] [ "services" "gitea" "settings" "server" "HTTP_PORT" ])
|
||||||
(mkRenamedOptionModule [ "services" "gitea" "log" "level" ] [ "services" "gitea" "settings" "log" "LEVEL" ])
|
(mkRenamedOptionModule [ "services" "gitea" "log" "level" ] [ "services" "gitea" "settings" "log" "LEVEL" ])
|
||||||
(mkRenamedOptionModule [ "services" "gitea" "log" "rootPath" ] [ "services" "gitea" "settings" "log" "ROOT_PATH" ])
|
(mkRenamedOptionModule [ "services" "gitea" "log" "rootPath" ] [ "services" "gitea" "settings" "log" "ROOT_PATH" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "gitea" "rootUrl" ] [ "services" "gitea" "settings" "server" "ROOT_URL" ])
|
||||||
(mkRenamedOptionModule [ "services" "gitea" "ssh" "clonePort" ] [ "services" "gitea" "settings" "server" "SSH_PORT" ])
|
(mkRenamedOptionModule [ "services" "gitea" "ssh" "clonePort" ] [ "services" "gitea" "settings" "server" "SSH_PORT" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "gitea" "staticRootPath" ] [ "services" "gitea" "settings" "server" "STATIC_ROOT_PATH" ])
|
||||||
|
|
||||||
|
(mkChangedOptionModule [ "services" "gitea" "enableUnixSocket" ] [ "services" "gitea" "settings" "server" "PROTOCOL" ] (
|
||||||
|
config: if config.services.gitea.enableUnixSocket then "http+unix" else "http"
|
||||||
|
))
|
||||||
|
|
||||||
(mkRemovedOptionModule [ "services" "gitea" "ssh" "enable" ] "services.gitea.ssh.enable has been migrated into freeform setting services.gitea.settings.server.DISABLE_SSH. Keep in mind that the setting is inverted")
|
(mkRemovedOptionModule [ "services" "gitea" "ssh" "enable" ] "services.gitea.ssh.enable has been migrated into freeform setting services.gitea.settings.server.DISABLE_SSH. Keep in mind that the setting is inverted")
|
||||||
];
|
];
|
||||||
|
@ -57,7 +66,14 @@ in
|
||||||
stateDir = mkOption {
|
stateDir = mkOption {
|
||||||
default = "/var/lib/gitea";
|
default = "/var/lib/gitea";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc "gitea data directory.";
|
description = lib.mdDoc "Gitea data directory.";
|
||||||
|
};
|
||||||
|
|
||||||
|
customDir = mkOption {
|
||||||
|
default = "${cfg.stateDir}/custom";
|
||||||
|
defaultText = literalExpression ''"''${config.${opt.stateDir}}/custom"'';
|
||||||
|
type = types.str;
|
||||||
|
description = lib.mdDoc "Gitea custom directory. Used for config, custom templates and other options.";
|
||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
|
@ -66,6 +82,12 @@ in
|
||||||
description = lib.mdDoc "User account under which gitea runs.";
|
description = lib.mdDoc "User account under which gitea runs.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "gitea";
|
||||||
|
description = lib.mdDoc "Group under which gitea runs.";
|
||||||
|
};
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
type = mkOption {
|
type = mkOption {
|
||||||
type = types.enum [ "sqlite3" "mysql" "postgres" ];
|
type = types.enum [ "sqlite3" "mysql" "postgres" ];
|
||||||
|
@ -216,44 +238,6 @@ in
|
||||||
description = lib.mdDoc "Path to the git repositories.";
|
description = lib.mdDoc "Path to the git repositories.";
|
||||||
};
|
};
|
||||||
|
|
||||||
domain = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "localhost";
|
|
||||||
description = lib.mdDoc "Domain name of your server.";
|
|
||||||
};
|
|
||||||
|
|
||||||
rootUrl = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "http://localhost:3000/";
|
|
||||||
description = lib.mdDoc "Full public URL of gitea server.";
|
|
||||||
};
|
|
||||||
|
|
||||||
httpAddress = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "0.0.0.0";
|
|
||||||
description = lib.mdDoc "HTTP listen address.";
|
|
||||||
};
|
|
||||||
|
|
||||||
httpPort = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 3000;
|
|
||||||
description = lib.mdDoc "HTTP listen port.";
|
|
||||||
};
|
|
||||||
|
|
||||||
enableUnixSocket = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = lib.mdDoc "Configure Gitea to listen on a unix socket instead of the default TCP port.";
|
|
||||||
};
|
|
||||||
|
|
||||||
staticRootPath = mkOption {
|
|
||||||
type = types.either types.str types.path;
|
|
||||||
default = cfg.package.data;
|
|
||||||
defaultText = literalExpression "package.data";
|
|
||||||
example = "/var/lib/gitea/data";
|
|
||||||
description = lib.mdDoc "Upper level of template and static files path.";
|
|
||||||
};
|
|
||||||
|
|
||||||
mailerPasswordFile = mkOption {
|
mailerPasswordFile = mkOption {
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
|
@ -285,7 +269,7 @@ in
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
type = with types; submodule {
|
type = types.submodule {
|
||||||
freeformType = format.type;
|
freeformType = format.type;
|
||||||
options = {
|
options = {
|
||||||
log = {
|
log = {
|
||||||
|
@ -303,6 +287,46 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
server = {
|
server = {
|
||||||
|
PROTOCOL = mkOption {
|
||||||
|
type = types.enum [ "http" "https" "fcgi" "http+unix" "fcgi+unix" ];
|
||||||
|
default = "http";
|
||||||
|
description = lib.mdDoc ''Listen protocol. `+unix` means "over unix", not "in addition to."'';
|
||||||
|
};
|
||||||
|
|
||||||
|
HTTP_ADDR = mkOption {
|
||||||
|
type = types.either types.str types.path;
|
||||||
|
default = if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0";
|
||||||
|
defaultText = literalExpression ''if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0"'';
|
||||||
|
description = lib.mdDoc "Listen address. Must be a path when using a unix socket.";
|
||||||
|
};
|
||||||
|
|
||||||
|
HTTP_PORT = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 3000;
|
||||||
|
description = lib.mdDoc "Listen port. Ignored when using a unix socket.";
|
||||||
|
};
|
||||||
|
|
||||||
|
DOMAIN = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "localhost";
|
||||||
|
description = lib.mdDoc "Domain name of your server.";
|
||||||
|
};
|
||||||
|
|
||||||
|
ROOT_URL = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}/";
|
||||||
|
defaultText = literalExpression ''"http://''${config.services.gitea.settings.server.DOMAIN}:''${toString config.services.gitea.settings.server.HTTP_PORT}/"'';
|
||||||
|
description = lib.mdDoc "Full public URL of gitea server.";
|
||||||
|
};
|
||||||
|
|
||||||
|
STATIC_ROOT_PATH = mkOption {
|
||||||
|
type = types.either types.str types.path;
|
||||||
|
default = cfg.package.data;
|
||||||
|
defaultText = literalExpression "config.${opt.package}.data";
|
||||||
|
example = "/var/lib/gitea/data";
|
||||||
|
description = lib.mdDoc "Upper level of template and static files path.";
|
||||||
|
};
|
||||||
|
|
||||||
DISABLE_SSH = mkOption {
|
DISABLE_SSH = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -359,7 +383,7 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
assertions = [
|
assertions = [
|
||||||
{ assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user;
|
{ assertion = cfg.database.createDatabase -> useSqlite || cfg.database.user == cfg.user;
|
||||||
message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";
|
message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -389,26 +413,10 @@ in
|
||||||
ROOT = cfg.repositoryRoot;
|
ROOT = cfg.repositoryRoot;
|
||||||
};
|
};
|
||||||
|
|
||||||
server = mkMerge [
|
server = mkIf cfg.lfs.enable {
|
||||||
{
|
|
||||||
DOMAIN = cfg.domain;
|
|
||||||
STATIC_ROOT_PATH = toString cfg.staticRootPath;
|
|
||||||
LFS_JWT_SECRET = "#lfsjwtsecret#";
|
|
||||||
ROOT_URL = cfg.rootUrl;
|
|
||||||
}
|
|
||||||
(mkIf cfg.enableUnixSocket {
|
|
||||||
PROTOCOL = "http+unix";
|
|
||||||
HTTP_ADDR = "/run/gitea/gitea.sock";
|
|
||||||
})
|
|
||||||
(mkIf (!cfg.enableUnixSocket) {
|
|
||||||
HTTP_ADDR = cfg.httpAddress;
|
|
||||||
HTTP_PORT = cfg.httpPort;
|
|
||||||
})
|
|
||||||
(mkIf cfg.lfs.enable {
|
|
||||||
LFS_START_SERVER = true;
|
LFS_START_SERVER = true;
|
||||||
})
|
LFS_JWT_SECRET = "#lfsjwtsecret#";
|
||||||
|
};
|
||||||
];
|
|
||||||
|
|
||||||
session = {
|
session = {
|
||||||
COOKIE_NAME = lib.mkDefault "session";
|
COOKIE_NAME = lib.mkDefault "session";
|
||||||
|
@ -428,7 +436,7 @@ in
|
||||||
JWT_SECRET = "#oauth2jwtsecret#";
|
JWT_SECRET = "#oauth2jwtsecret#";
|
||||||
};
|
};
|
||||||
|
|
||||||
lfs = mkIf (cfg.lfs.enable) {
|
lfs = mkIf cfg.lfs.enable {
|
||||||
PATH = cfg.lfs.contentDir;
|
PATH = cfg.lfs.contentDir;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -457,33 +465,35 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -"
|
"d '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"Z '${cfg.dump.backupDir}' - ${cfg.user} gitea - -"
|
"Z '${cfg.dump.backupDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -"
|
"d '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"Z '${cfg.lfs.contentDir}' - ${cfg.user} gitea - -"
|
"Z '${cfg.repositoryRoot}' - ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -"
|
"d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -"
|
"d '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"Z '${cfg.repositoryRoot}' - ${cfg.user} gitea - -"
|
"d '${cfg.customDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.stateDir}' 0750 ${cfg.user} gitea - -"
|
"d '${cfg.customDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -"
|
"d '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -"
|
"d '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} ${cfg.group} - -"
|
||||||
"d '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.stateDir}' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.customDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} gitea - -"
|
"z '${cfg.customDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -"
|
"z '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -"
|
"Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
"z '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -"
|
|
||||||
"z '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -"
|
|
||||||
"Z '${cfg.stateDir}' - ${cfg.user} gitea - -"
|
|
||||||
|
|
||||||
# If we have a folder or symlink with gitea locales, remove it
|
# If we have a folder or symlink with gitea locales, remove it
|
||||||
# And symlink the current gitea locales in place
|
# And symlink the current gitea locales in place
|
||||||
"L+ '${cfg.stateDir}/conf/locale' - - - - ${cfg.package.out}/locale"
|
"L+ '${cfg.stateDir}/conf/locale' - - - - ${cfg.package.out}/locale"
|
||||||
|
|
||||||
|
] ++ lib.optionals cfg.lfs.enable [
|
||||||
|
"d '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
|
"z '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
|
"Z '${cfg.lfs.contentDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.gitea = {
|
systemd.services.gitea = {
|
||||||
|
@ -500,47 +510,52 @@ in
|
||||||
# lfs_jwt_secret.
|
# lfs_jwt_secret.
|
||||||
# We have to consider this to stay compatible with older installations.
|
# We have to consider this to stay compatible with older installations.
|
||||||
preStart = let
|
preStart = let
|
||||||
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
|
runConfig = "${cfg.customDir}/conf/app.ini";
|
||||||
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
|
secretKey = "${cfg.customDir}/conf/secret_key";
|
||||||
oauth2JwtSecret = "${cfg.stateDir}/custom/conf/oauth2_jwt_secret";
|
oauth2JwtSecret = "${cfg.customDir}/conf/oauth2_jwt_secret";
|
||||||
oldLfsJwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret"; # old file for LFS_JWT_SECRET
|
oldLfsJwtSecret = "${cfg.customDir}/conf/jwt_secret"; # old file for LFS_JWT_SECRET
|
||||||
lfsJwtSecret = "${cfg.stateDir}/custom/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET
|
lfsJwtSecret = "${cfg.customDir}/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET
|
||||||
internalToken = "${cfg.stateDir}/custom/conf/internal_token";
|
internalToken = "${cfg.customDir}/conf/internal_token";
|
||||||
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
|
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
|
||||||
in ''
|
in ''
|
||||||
# copy custom configuration and generate a random secret key if needed
|
# copy custom configuration and generate random secrets if needed
|
||||||
${optionalString (!cfg.useWizard) ''
|
${optionalString (!cfg.useWizard) ''
|
||||||
function gitea_setup {
|
function gitea_setup {
|
||||||
cp -f ${configFile} ${runConfig}
|
cp -f '${configFile}' '${runConfig}'
|
||||||
|
|
||||||
if [ ! -s ${secretKey} ]; then
|
if [ ! -s '${secretKey}' ]; then
|
||||||
${exe} generate secret SECRET_KEY > ${secretKey}
|
${exe} generate secret SECRET_KEY > '${secretKey}'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Migrate LFS_JWT_SECRET filename
|
# Migrate LFS_JWT_SECRET filename
|
||||||
if [[ -s ${oldLfsJwtSecret} && ! -s ${lfsJwtSecret} ]]; then
|
if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then
|
||||||
mv ${oldLfsJwtSecret} ${lfsJwtSecret}
|
mv '${oldLfsJwtSecret}' '${lfsJwtSecret}'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -s ${oauth2JwtSecret} ]; then
|
if [ ! -s '${oauth2JwtSecret}' ]; then
|
||||||
${exe} generate secret JWT_SECRET > ${oauth2JwtSecret}
|
${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -s ${lfsJwtSecret} ]; then
|
${lib.optionalString cfg.lfs.enable ''
|
||||||
${exe} generate secret LFS_JWT_SECRET > ${lfsJwtSecret}
|
if [ ! -s '${lfsJwtSecret}' ]; then
|
||||||
|
${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}'
|
||||||
fi
|
fi
|
||||||
|
''}
|
||||||
|
|
||||||
if [ ! -s ${internalToken} ]; then
|
if [ ! -s '${internalToken}' ]; then
|
||||||
${exe} generate secret INTERNAL_TOKEN > ${internalToken}
|
${exe} generate secret INTERNAL_TOKEN > '${internalToken}'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chmod u+w '${runConfig}'
|
chmod u+w '${runConfig}'
|
||||||
${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}'
|
${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}'
|
||||||
${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}'
|
${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}'
|
||||||
${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}'
|
${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}'
|
||||||
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'
|
|
||||||
${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}'
|
${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}'
|
||||||
|
|
||||||
|
${lib.optionalString cfg.lfs.enable ''
|
||||||
|
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'
|
||||||
|
''}
|
||||||
|
|
||||||
${lib.optionalString (cfg.mailerPasswordFile != null) ''
|
${lib.optionalString (cfg.mailerPasswordFile != null) ''
|
||||||
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
|
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
|
||||||
''}
|
''}
|
||||||
|
@ -565,7 +580,7 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = "gitea";
|
Group = cfg.group;
|
||||||
WorkingDirectory = cfg.stateDir;
|
WorkingDirectory = cfg.stateDir;
|
||||||
ExecStart = "${exe} web --pid /run/gitea/gitea.pid";
|
ExecStart = "${exe} web --pid /run/gitea/gitea.pid";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
|
@ -573,7 +588,7 @@ in
|
||||||
RuntimeDirectory = "gitea";
|
RuntimeDirectory = "gitea";
|
||||||
RuntimeDirectoryMode = "0755";
|
RuntimeDirectoryMode = "0755";
|
||||||
# Access write directories
|
# Access write directories
|
||||||
ReadWritePaths = [ cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir cfg.lfs.contentDir ];
|
ReadWritePaths = [ cfg.customDir cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir cfg.lfs.contentDir ];
|
||||||
UMask = "0027";
|
UMask = "0027";
|
||||||
# Capabilities
|
# Capabilities
|
||||||
CapabilityBoundingSet = "";
|
CapabilityBoundingSet = "";
|
||||||
|
@ -606,6 +621,7 @@ in
|
||||||
USER = cfg.user;
|
USER = cfg.user;
|
||||||
HOME = cfg.stateDir;
|
HOME = cfg.stateDir;
|
||||||
GITEA_WORK_DIR = cfg.stateDir;
|
GITEA_WORK_DIR = cfg.stateDir;
|
||||||
|
GITEA_CUSTOM = cfg.customDir;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -614,12 +630,14 @@ in
|
||||||
description = "Gitea Service";
|
description = "Gitea Service";
|
||||||
home = cfg.stateDir;
|
home = cfg.stateDir;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
group = "gitea";
|
group = cfg.group;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.gitea = {};
|
users.groups = mkIf (cfg.group == "gitea") {
|
||||||
|
gitea = {};
|
||||||
|
};
|
||||||
|
|
||||||
warnings =
|
warnings =
|
||||||
optional (cfg.database.password != "") "config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead." ++
|
optional (cfg.database.password != "") "config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead." ++
|
||||||
|
|
|
@ -1215,7 +1215,7 @@ in {
|
||||||
enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly
|
enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
auth.token = {
|
auth.token = {
|
||||||
realm = "http${if cfg.https == true then "s" else ""}://${cfg.host}/jwt/auth";
|
realm = "http${optionalString (cfg.https == true) "s"}://${cfg.host}/jwt/auth";
|
||||||
service = cfg.registry.serviceName;
|
service = cfg.registry.serviceName;
|
||||||
issuer = cfg.registry.issuer;
|
issuer = cfg.registry.issuer;
|
||||||
rootcertbundle = cfg.registry.certFile;
|
rootcertbundle = cfg.registry.certFile;
|
||||||
|
|
|
@ -3,7 +3,7 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.mbpfan;
|
cfg = config.services.mbpfan;
|
||||||
verbose = if cfg.verbose then "v" else "";
|
verbose = optionalString cfg.verbose "v";
|
||||||
settingsFormat = pkgs.formats.ini {};
|
settingsFormat = pkgs.formats.ini {};
|
||||||
settingsFile = settingsFormat.generate "mbpfan.ini" cfg.settings;
|
settingsFile = settingsFormat.generate "mbpfan.ini" cfg.settings;
|
||||||
|
|
||||||
|
|
176
third_party/nixpkgs/nixos/modules/services/misc/pufferpanel.nix
vendored
Normal file
176
third_party/nixpkgs/nixos/modules/services/misc/pufferpanel.nix
vendored
Normal file
|
@ -0,0 +1,176 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.pufferpanel;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.pufferpanel = {
|
||||||
|
enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Whether to enable PufferPanel game management server.
|
||||||
|
|
||||||
|
Note that [PufferPanel templates] and binaries downloaded by PufferPanel
|
||||||
|
expect [FHS environment]. It is possible to set {option}`package` option
|
||||||
|
to use PufferPanel wrapper with FHS environment. For example, to use
|
||||||
|
`Download Game from Steam` and `Download Java` template operations:
|
||||||
|
```Nix
|
||||||
|
{ lib, pkgs, ... }: {
|
||||||
|
services.pufferpanel = {
|
||||||
|
enable = true;
|
||||||
|
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
|
||||||
|
package = pkgs.buildFHSUserEnv {
|
||||||
|
name = "pufferpanel-fhs";
|
||||||
|
runScript = lib.getExe pkgs.pufferpanel;
|
||||||
|
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
[PufferPanel templates]: https://github.com/PufferPanel/templates
|
||||||
|
[FHS environment]: https://wikipedia.org/wiki/Filesystem_Hierarchy_Standard
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
package = lib.mkPackageOptionMD pkgs "pufferpanel" { };
|
||||||
|
|
||||||
|
extraGroups = lib.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.str;
|
||||||
|
default = [ ];
|
||||||
|
example = [ "podman" ];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Additional groups for the systemd service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraPackages = lib.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.package;
|
||||||
|
default = [ ];
|
||||||
|
example = lib.literalExpression "[ pkgs.jre ]";
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Packages to add to the PATH environment variable. Both the {file}`bin`
|
||||||
|
and {file}`sbin` subdirectories of each package are added.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environment = lib.mkOption {
|
||||||
|
type = lib.types.attrsOf lib.types.str;
|
||||||
|
default = { };
|
||||||
|
example = lib.literalExpression ''
|
||||||
|
{
|
||||||
|
PUFFER_WEB_HOST = ":8080";
|
||||||
|
PUFFER_DAEMON_SFTP_HOST = ":5657";
|
||||||
|
PUFFER_DAEMON_CONSOLE_BUFFER = "1000";
|
||||||
|
PUFFER_DAEMON_CONSOLE_FORWARD = "true";
|
||||||
|
PUFFER_PANEL_REGISTRATIONENABLED = "false";
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Environment variables to set for the service. Secrets should be
|
||||||
|
specified using {option}`environmentFile`.
|
||||||
|
|
||||||
|
Refer to the [PufferPanel source code][] for the list of available
|
||||||
|
configuration options. Variable name is an upper-cased configuration
|
||||||
|
entry name with underscores instead of dots, prefixed with `PUFFER_`.
|
||||||
|
For example, `panel.settings.companyName` entry can be set using
|
||||||
|
{env}`PUFFER_PANEL_SETTINGS_COMPANYNAME`.
|
||||||
|
|
||||||
|
When running with panel enabled (configured with `PUFFER_PANEL_ENABLE`
|
||||||
|
environment variable), it is recommended disable registration using
|
||||||
|
`PUFFER_PANEL_REGISTRATIONENABLED` environment variable (registration is
|
||||||
|
enabled by default). To create the initial administrator user, run
|
||||||
|
{command}`pufferpanel --workDir /var/lib/pufferpanel user add --admin`.
|
||||||
|
|
||||||
|
Some options override corresponding settings set via web interface (e.g.
|
||||||
|
`PUFFER_PANEL_REGISTRATIONENABLED`). Those options can be temporarily
|
||||||
|
toggled or set in settings but do not persist between restarts.
|
||||||
|
|
||||||
|
[PufferPanel source code]: https://github.com/PufferPanel/PufferPanel/blob/master/config/entries.go
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environmentFile = lib.mkOption {
|
||||||
|
type = lib.types.nullOr lib.types.path;
|
||||||
|
default = null;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
File to load environment variables from. Loaded variables override
|
||||||
|
values set in {option}`environment`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
systemd.services.pufferpanel = {
|
||||||
|
description = "PufferPanel game management server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
path = cfg.extraPackages;
|
||||||
|
environment = cfg.environment;
|
||||||
|
|
||||||
|
# Note that we export environment variables for service directories if the
|
||||||
|
# value is not set. An empty environment variable is considered to be set.
|
||||||
|
# E.g.
|
||||||
|
# export PUFFER_LOGS=${PUFFER_LOGS-$LOGS_DIRECTORY}
|
||||||
|
# would set PUFFER_LOGS to $LOGS_DIRECTORY if PUFFER_LOGS environment
|
||||||
|
# variable is not defined.
|
||||||
|
script = ''
|
||||||
|
${lib.concatLines (lib.mapAttrsToList (name: value: ''
|
||||||
|
export ${name}="''${${name}-${value}}"
|
||||||
|
'') {
|
||||||
|
PUFFER_LOGS = "$LOGS_DIRECTORY";
|
||||||
|
PUFFER_DAEMON_DATA_CACHE = "$CACHE_DIRECTORY";
|
||||||
|
PUFFER_DAEMON_DATA_SERVERS = "$STATE_DIRECTORY/servers";
|
||||||
|
PUFFER_DAEMON_DATA_BINARIES = "$STATE_DIRECTORY/binaries";
|
||||||
|
})}
|
||||||
|
exec ${lib.getExe cfg.package} run --workDir "$STATE_DIRECTORY"
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
|
|
||||||
|
UMask = "0077";
|
||||||
|
|
||||||
|
SupplementaryGroups = cfg.extraGroups;
|
||||||
|
|
||||||
|
StateDirectory = "pufferpanel";
|
||||||
|
StateDirectoryMode = "0700";
|
||||||
|
CacheDirectory = "pufferpanel";
|
||||||
|
CacheDirectoryMode = "0700";
|
||||||
|
LogsDirectory = "pufferpanel";
|
||||||
|
LogsDirectoryMode = "0700";
|
||||||
|
|
||||||
|
EnvironmentFile = cfg.environmentFile;
|
||||||
|
|
||||||
|
# Command "pufferpanel shutdown --pid $MAINPID" sends SIGTERM (code 15)
|
||||||
|
# to the main process and waits for termination. This is essentially
|
||||||
|
# KillMode=mixed we are using here. See
|
||||||
|
# https://freedesktop.org/software/systemd/man/systemd.kill.html#KillMode=
|
||||||
|
KillMode = "mixed";
|
||||||
|
|
||||||
|
DynamicUser = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictNamespaces = [ "user" "mnt" ]; # allow buildFHSUserEnv
|
||||||
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
|
||||||
|
LockPersonality = true;
|
||||||
|
DeviceAllow = [ "" ];
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
CapabilityBoundingSet = [ "" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = [ lib.maintainers.tie ];
|
||||||
|
}
|
|
@ -283,13 +283,13 @@ in
|
||||||
|
|
||||||
services.redmine.settings = {
|
services.redmine.settings = {
|
||||||
production = {
|
production = {
|
||||||
scm_subversion_command = if cfg.components.subversion then "${pkgs.subversion}/bin/svn" else "";
|
scm_subversion_command = optionalString cfg.components.subversion "${pkgs.subversion}/bin/svn";
|
||||||
scm_mercurial_command = if cfg.components.mercurial then "${pkgs.mercurial}/bin/hg" else "";
|
scm_mercurial_command = optionalString cfg.components.mercurial "${pkgs.mercurial}/bin/hg";
|
||||||
scm_git_command = if cfg.components.git then "${pkgs.git}/bin/git" else "";
|
scm_git_command = optionalString cfg.components.git "${pkgs.git}/bin/git";
|
||||||
scm_cvs_command = if cfg.components.cvs then "${pkgs.cvs}/bin/cvs" else "";
|
scm_cvs_command = optionalString cfg.components.cvs "${pkgs.cvs}/bin/cvs";
|
||||||
scm_bazaar_command = if cfg.components.breezy then "${pkgs.breezy}/bin/bzr" else "";
|
scm_bazaar_command = optionalString cfg.components.breezy "${pkgs.breezy}/bin/bzr";
|
||||||
imagemagick_convert_command = if cfg.components.imagemagick then "${pkgs.imagemagick}/bin/convert" else "";
|
imagemagick_convert_command = optionalString cfg.components.imagemagick "${pkgs.imagemagick}/bin/convert";
|
||||||
gs_command = if cfg.components.ghostscript then "${pkgs.ghostscript}/bin/gs" else "";
|
gs_command = optionalString cfg.components.ghostscript "${pkgs.ghostscript}/bin/gs";
|
||||||
minimagick_font_path = "${cfg.components.minimagick_font_path}";
|
minimagick_font_path = "${cfg.components.minimagick_font_path}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -20,7 +20,7 @@ let
|
||||||
${optionalString (cfg.hostsAllowReg != []) "hosts_allow_reg = ${concatStringsSep "," cfg.hostsAllowReg}"}
|
${optionalString (cfg.hostsAllowReg != []) "hosts_allow_reg = ${concatStringsSep "," cfg.hostsAllowReg}"}
|
||||||
${optionalString (cfg.hostsAllowSip != []) "hosts_allow_sip = ${concatStringsSep "," cfg.hostsAllowSip}"}
|
${optionalString (cfg.hostsAllowSip != []) "hosts_allow_sip = ${concatStringsSep "," cfg.hostsAllowSip}"}
|
||||||
${optionalString (cfg.hostsDenySip != []) "hosts_deny_sip = ${concatStringsSep "," cfg.hostsDenySip}"}
|
${optionalString (cfg.hostsDenySip != []) "hosts_deny_sip = ${concatStringsSep "," cfg.hostsDenySip}"}
|
||||||
${if (cfg.passwordFile != "") then "proxy_auth_pwfile = ${cfg.passwordFile}" else ""}
|
${optionalString (cfg.passwordFile != "") "proxy_auth_pwfile = ${cfg.passwordFile}"}
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -140,7 +140,7 @@ in
|
||||||
# We can't use Environment=HOSTNAME=%H, as it doesn't include the domain part.
|
# We can't use Environment=HOSTNAME=%H, as it doesn't include the domain part.
|
||||||
export HOSTNAME=$(< /proc/sys/kernel/hostname)
|
export HOSTNAME=$(< /proc/sys/kernel/hostname)
|
||||||
|
|
||||||
exec ${cfg.package}/bin/agent -config.expand-env -config.file ${configFile}
|
exec ${lib.getExe cfg.package} -config.expand-env -config.file ${configFile}
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
|
|
|
@ -58,10 +58,10 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
serviceOpts = let
|
serviceOpts = let
|
||||||
collectSettingsArgs = if (cfg.collectdBinary.enable) then ''
|
collectSettingsArgs = optionalString (cfg.collectdBinary.enable) ''
|
||||||
--collectd.listen-address ${cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
|
--collectd.listen-address ${cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
|
||||||
--collectd.security-level ${cfg.collectdBinary.securityLevel} \
|
--collectd.security-level ${cfg.collectdBinary.securityLevel} \
|
||||||
'' else "";
|
'';
|
||||||
in {
|
in {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
|
|
|
@ -4,12 +4,12 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.prometheus.exporters.smartctl;
|
cfg = config.services.prometheus.exporters.smartctl;
|
||||||
args = concatStrings [
|
args = lib.escapeShellArgs ([
|
||||||
"--web.listen-address=\"${cfg.listenAddress}:${toString cfg.port}\" "
|
"--web.listen-address=${cfg.listenAddress}:${toString cfg.port}"
|
||||||
"--smartctl.path=\"${pkgs.smartmontools}/bin/smartctl\" "
|
"--smartctl.path=${pkgs.smartmontools}/bin/smartctl"
|
||||||
"--smartctl.interval=\"${cfg.maxInterval}\" "
|
"--smartctl.interval=${cfg.maxInterval}"
|
||||||
"${concatMapStringsSep " " (device: "--smartctl.device=${device}") cfg.devices}"
|
] ++ map (device: "--smartctl.device=${device}") cfg.devices
|
||||||
];
|
++ cfg.extraFlags);
|
||||||
in {
|
in {
|
||||||
port = 9633;
|
port = 9633;
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,18 @@ let
|
||||||
|
|
||||||
configFile = settingsFormat.generate "kubo-config.json" customizedConfig;
|
configFile = settingsFormat.generate "kubo-config.json" customizedConfig;
|
||||||
|
|
||||||
|
# Create a fake repo containing only the file "api".
|
||||||
|
# $IPFS_PATH will point to this directory instead of the real one.
|
||||||
|
# For some reason the Kubo CLI tools insist on reading the
|
||||||
|
# config file when it exists. But the Kubo daemon sets the file
|
||||||
|
# permissions such that only the ipfs user is allowed to read
|
||||||
|
# this file. This prevents normal users from talking to the daemon.
|
||||||
|
# To work around this terrible design, create a fake repo with no
|
||||||
|
# config file, only an api file and everything should work as expected.
|
||||||
|
fakeKuboRepo = pkgs.writeTextDir "api" ''
|
||||||
|
/unix/run/ipfs.sock
|
||||||
|
'';
|
||||||
|
|
||||||
kuboFlags = utils.escapeSystemdExecArgs (
|
kuboFlags = utils.escapeSystemdExecArgs (
|
||||||
optional cfg.autoMount "--mount" ++
|
optional cfg.autoMount "--mount" ++
|
||||||
optional cfg.enableGC "--enable-gc" ++
|
optional cfg.enableGC "--enable-gc" ++
|
||||||
|
@ -38,6 +50,22 @@ let
|
||||||
|
|
||||||
splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw);
|
splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw);
|
||||||
|
|
||||||
|
multiaddrsToListenStreams = addrIn:
|
||||||
|
let
|
||||||
|
addrs = if builtins.typeOf addrIn == "list"
|
||||||
|
then addrIn else [ addrIn ];
|
||||||
|
unfilteredResult = map multiaddrToListenStream addrs;
|
||||||
|
in
|
||||||
|
builtins.filter (addr: addr != null) unfilteredResult;
|
||||||
|
|
||||||
|
multiaddrsToListenDatagrams = addrIn:
|
||||||
|
let
|
||||||
|
addrs = if builtins.typeOf addrIn == "list"
|
||||||
|
then addrIn else [ addrIn ];
|
||||||
|
unfilteredResult = map multiaddrToListenDatagram addrs;
|
||||||
|
in
|
||||||
|
builtins.filter (addr: addr != null) unfilteredResult;
|
||||||
|
|
||||||
multiaddrToListenStream = addrRaw:
|
multiaddrToListenStream = addrRaw:
|
||||||
let
|
let
|
||||||
addr = splitMulitaddr addrRaw;
|
addr = splitMulitaddr addrRaw;
|
||||||
|
@ -62,11 +90,6 @@ let
|
||||||
then "[${s 1}]:${s 3}"
|
then "[${s 1}]:${s 3}"
|
||||||
else null; # not valid for listen datagram, skip
|
else null; # not valid for listen datagram, skip
|
||||||
|
|
||||||
multiaddrsFunc = f: addrsRaw: if builtins.isString addrsRaw then let out = f addrsRaw; in lib.optional (out != null) out else lib.filter (x: x != null) (map f addrsRaw);
|
|
||||||
|
|
||||||
multiaddrsToListenStream = multiaddrsFunc multiaddrToListenStream;
|
|
||||||
multiaddrsToListenDatagram = multiaddrsFunc multiaddrToListenDatagram;
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -160,8 +183,13 @@ in
|
||||||
options = {
|
options = {
|
||||||
Addresses.API = mkOption {
|
Addresses.API = mkOption {
|
||||||
type = types.oneOf [ types.str (types.listOf types.str) ];
|
type = types.oneOf [ types.str (types.listOf types.str) ];
|
||||||
default = "/ip4/127.0.0.1/tcp/5001";
|
default = [ ];
|
||||||
description = lib.mdDoc "Where Kubo exposes its API to";
|
description = lib.mdDoc ''
|
||||||
|
Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on.
|
||||||
|
In addition to the multiaddrs listed here, the daemon will also listen on a Unix domain socket.
|
||||||
|
To allow the ipfs CLI tools to communicate with the daemon over that socket,
|
||||||
|
add your user to the correct group, e.g. `users.users.alice.extraGroups = [ config.services.kubo.group ];`
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
Addresses.Gateway = mkOption {
|
Addresses.Gateway = mkOption {
|
||||||
|
@ -171,7 +199,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
Addresses.Swarm = mkOption {
|
Addresses.Swarm = mkOption {
|
||||||
type = types.oneOf [ types.str (types.listOf types.str) ];
|
type = types.listOf types.str;
|
||||||
default = [
|
default = [
|
||||||
"/ip4/0.0.0.0/tcp/4001"
|
"/ip4/0.0.0.0/tcp/4001"
|
||||||
"/ip6/::/tcp/4001"
|
"/ip6/::/tcp/4001"
|
||||||
|
@ -253,7 +281,7 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
environment.variables.IPFS_PATH = cfg.dataDir;
|
environment.variables.IPFS_PATH = fakeKuboRepo;
|
||||||
|
|
||||||
# https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size
|
# https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size
|
||||||
boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
|
boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
|
||||||
|
@ -324,6 +352,10 @@ in
|
||||||
# change when the changes are applied. Whyyyyyy.....
|
# change when the changes are applied. Whyyyyyy.....
|
||||||
ipfs --offline config replace -
|
ipfs --offline config replace -
|
||||||
'';
|
'';
|
||||||
|
postStop = mkIf cfg.autoMount ''
|
||||||
|
# After an unclean shutdown the fuse mounts at cfg.ipnsMountDir and cfg.ipfsMountDir are locked
|
||||||
|
umount --quiet '${cfg.ipnsMountDir}' '${cfg.ipfsMountDir}' || true
|
||||||
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = [ "" "${cfg.package}/bin/ipfs daemon ${kuboFlags}" ];
|
ExecStart = [ "" "${cfg.package}/bin/ipfs daemon ${kuboFlags}" ];
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
|
@ -339,27 +371,23 @@ in
|
||||||
wantedBy = [ "sockets.target" ];
|
wantedBy = [ "sockets.target" ];
|
||||||
socketConfig = {
|
socketConfig = {
|
||||||
ListenStream =
|
ListenStream =
|
||||||
let
|
[ "" ] ++ (multiaddrsToListenStreams cfg.settings.Addresses.Gateway);
|
||||||
fromCfg = multiaddrsToListenStream cfg.settings.Addresses.Gateway;
|
|
||||||
in
|
|
||||||
[ "" ] ++ fromCfg;
|
|
||||||
ListenDatagram =
|
ListenDatagram =
|
||||||
let
|
[ "" ] ++ (multiaddrsToListenDatagrams cfg.settings.Addresses.Gateway);
|
||||||
fromCfg = multiaddrsToListenDatagram cfg.settings.Addresses.Gateway;
|
|
||||||
in
|
|
||||||
[ "" ] ++ fromCfg;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.sockets.ipfs-api = {
|
systemd.sockets.ipfs-api = {
|
||||||
wantedBy = [ "sockets.target" ];
|
wantedBy = [ "sockets.target" ];
|
||||||
|
socketConfig = {
|
||||||
# We also include "%t/ipfs.sock" because there is no way to put the "%t"
|
# We also include "%t/ipfs.sock" because there is no way to put the "%t"
|
||||||
# in the multiaddr.
|
# in the multiaddr.
|
||||||
socketConfig.ListenStream =
|
ListenStream =
|
||||||
let
|
[ "" "%t/ipfs.sock" ] ++ (multiaddrsToListenStreams cfg.settings.Addresses.API);
|
||||||
fromCfg = multiaddrsToListenStream cfg.settings.Addresses.API;
|
SocketMode = "0660";
|
||||||
in
|
SocketUser = cfg.user;
|
||||||
[ "" "%t/ipfs.sock" ] ++ fromCfg;
|
SocketGroup = cfg.group;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
{ config, lib, ...}:
|
{ config, lib, ...}:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) concatStringsSep mkOption types;
|
inherit (lib) concatStringsSep mkOption types optionalString;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
mkCellServDB = cellName: db: ''
|
mkCellServDB = cellName: db: ''
|
||||||
>${cellName}
|
>${cellName}
|
||||||
'' + (concatStringsSep "\n" (map (dbm: if (dbm.ip != "" && dbm.dnsname != "") then dbm.ip + " #" + dbm.dnsname else "")
|
'' + (concatStringsSep "\n" (map (dbm: optionalString (dbm.ip != "" && dbm.dnsname != "") "${dbm.ip} #${dbm.dnsname}")
|
||||||
db))
|
db))
|
||||||
+ "\n";
|
+ "\n";
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,49 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.bird-lg;
|
cfg = config.services.bird-lg;
|
||||||
|
|
||||||
|
stringOrConcat = sep: v: if builtins.isString v then v else concatStringsSep sep v;
|
||||||
|
|
||||||
|
frontend_args = let
|
||||||
|
fe = cfg.frontend;
|
||||||
|
in {
|
||||||
|
"--servers" = concatStringsSep "," fe.servers;
|
||||||
|
"--domain" = fe.domain;
|
||||||
|
"--listen" = fe.listenAddress;
|
||||||
|
"--proxy-port" = fe.proxyPort;
|
||||||
|
"--whois" = fe.whois;
|
||||||
|
"--dns-interface" = fe.dnsInterface;
|
||||||
|
"--bgpmap-info" = concatStringsSep "," cfg.frontend.bgpMapInfo;
|
||||||
|
"--title-brand" = fe.titleBrand;
|
||||||
|
"--navbar-brand" = fe.navbar.brand;
|
||||||
|
"--navbar-brand-url" = fe.navbar.brandURL;
|
||||||
|
"--navbar-all-servers" = fe.navbar.allServers;
|
||||||
|
"--navbar-all-url" = fe.navbar.allServersURL;
|
||||||
|
"--net-specific-mode" = fe.netSpecificMode;
|
||||||
|
"--protocol-filter" = concatStringsSep "," cfg.frontend.protocolFilter;
|
||||||
|
};
|
||||||
|
|
||||||
|
proxy_args = let
|
||||||
|
px = cfg.proxy;
|
||||||
|
in {
|
||||||
|
"--allowed" = concatStringsSep "," px.allowedIPs;
|
||||||
|
"--bird" = px.birdSocket;
|
||||||
|
"--listen" = px.listenAddress;
|
||||||
|
"--traceroute_bin" = px.traceroute.binary;
|
||||||
|
"--traceroute_flags" = concatStringsSep " " px.traceroute.flags;
|
||||||
|
"--traceroute_raw" = px.traceroute.rawOutput;
|
||||||
|
};
|
||||||
|
|
||||||
|
mkArgValue = value:
|
||||||
|
if isString value
|
||||||
|
then escapeShellArg value
|
||||||
|
else if isBool value
|
||||||
|
then boolToString value
|
||||||
|
else toString value;
|
||||||
|
|
||||||
|
filterNull = filterAttrs (_: v: v != "" && v != null && v != []);
|
||||||
|
|
||||||
|
argsAttrToList = args: mapAttrsToList (name: value: "${name} " + mkArgValue value ) (filterNull args);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
|
@ -44,14 +87,12 @@ in
|
||||||
|
|
||||||
domain = mkOption {
|
domain = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "";
|
|
||||||
example = "dn42.lantian.pub";
|
example = "dn42.lantian.pub";
|
||||||
description = lib.mdDoc "Server name domain suffixes.";
|
description = lib.mdDoc "Server name domain suffixes.";
|
||||||
};
|
};
|
||||||
|
|
||||||
servers = mkOption {
|
servers = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
|
||||||
example = [ "gigsgigscloud" "hostdare" ];
|
example = [ "gigsgigscloud" "hostdare" ];
|
||||||
description = lib.mdDoc "Server name prefixes.";
|
description = lib.mdDoc "Server name prefixes.";
|
||||||
};
|
};
|
||||||
|
@ -134,10 +175,14 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
extraArgs = mkOption {
|
extraArgs = mkOption {
|
||||||
type = types.lines;
|
type = with types; either lines (listOf str);
|
||||||
default = "";
|
default = [ ];
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend).
|
Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend).
|
||||||
|
|
||||||
|
:::{.note}
|
||||||
|
Passing lines (plain strings) is deprecated in favour of passing lists of strings.
|
||||||
|
:::
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -160,8 +205,7 @@ in
|
||||||
|
|
||||||
birdSocket = mkOption {
|
birdSocket = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "/run/bird.ctl";
|
default = "/var/run/bird/bird.ctl";
|
||||||
example = "/var/run/bird/bird.ctl";
|
|
||||||
description = lib.mdDoc "Bird control socket path.";
|
description = lib.mdDoc "Bird control socket path.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -173,6 +217,12 @@ in
|
||||||
description = lib.mdDoc "Traceroute's binary path.";
|
description = lib.mdDoc "Traceroute's binary path.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
flags = mkOption {
|
||||||
|
type = with types; listOf str;
|
||||||
|
default = [ ];
|
||||||
|
description = lib.mdDoc "Flags for traceroute process";
|
||||||
|
};
|
||||||
|
|
||||||
rawOutput = mkOption {
|
rawOutput = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -181,10 +231,14 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
extraArgs = mkOption {
|
extraArgs = mkOption {
|
||||||
type = types.lines;
|
type = with types; either lines (listOf str);
|
||||||
default = "";
|
default = [ ];
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy).
|
Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy).
|
||||||
|
|
||||||
|
:::{.note}
|
||||||
|
Passing lines (plain strings) is deprecated in favour of passing lists of strings.
|
||||||
|
:::
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -194,6 +248,16 @@ in
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
|
warnings =
|
||||||
|
lib.optional (cfg.frontend.enable && builtins.isString cfg.frontend.extraArgs) ''
|
||||||
|
Passing strings to `services.bird-lg.frontend.extraOptions' is deprecated. Please pass a list of strings instead.
|
||||||
|
''
|
||||||
|
++ lib.optional (cfg.proxy.enable && builtins.isString cfg.proxy.extraArgs) ''
|
||||||
|
Passing strings to `services.bird-lg.proxy.extraOptions' is deprecated. Please pass a list of strings instead.
|
||||||
|
''
|
||||||
|
;
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
bird-lg-frontend = mkIf cfg.frontend.enable {
|
bird-lg-frontend = mkIf cfg.frontend.enable {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -211,23 +275,8 @@ in
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
${cfg.package}/bin/frontend \
|
${cfg.package}/bin/frontend \
|
||||||
--servers ${concatStringsSep "," cfg.frontend.servers } \
|
${concatStringsSep " \\\n " (argsAttrToList frontend_args)} \
|
||||||
--domain ${cfg.frontend.domain} \
|
${stringOrConcat " " cfg.frontend.extraArgs}
|
||||||
--listen ${cfg.frontend.listenAddress} \
|
|
||||||
--proxy-port ${toString cfg.frontend.proxyPort} \
|
|
||||||
--whois ${cfg.frontend.whois} \
|
|
||||||
--dns-interface ${cfg.frontend.dnsInterface} \
|
|
||||||
--bgpmap-info ${concatStringsSep "," cfg.frontend.bgpMapInfo } \
|
|
||||||
--title-brand ${cfg.frontend.titleBrand} \
|
|
||||||
--navbar-brand ${cfg.frontend.navbar.brand} \
|
|
||||||
--navbar-brand-url ${cfg.frontend.navbar.brandURL} \
|
|
||||||
--navbar-all-servers ${cfg.frontend.navbar.allServers} \
|
|
||||||
--navbar-all-url ${cfg.frontend.navbar.allServersURL} \
|
|
||||||
--net-specific-mode ${cfg.frontend.netSpecificMode} \
|
|
||||||
--protocol-filter ${concatStringsSep "," cfg.frontend.protocolFilter } \
|
|
||||||
--name-filter ${cfg.frontend.nameFilter} \
|
|
||||||
--time-out ${toString cfg.frontend.timeout} \
|
|
||||||
${cfg.frontend.extraArgs}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -247,12 +296,8 @@ in
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
${cfg.package}/bin/proxy \
|
${cfg.package}/bin/proxy \
|
||||||
--allowed ${concatStringsSep "," cfg.proxy.allowedIPs } \
|
${concatStringsSep " \\\n " (argsAttrToList proxy_args)} \
|
||||||
--bird ${cfg.proxy.birdSocket} \
|
${stringOrConcat " " cfg.proxy.extraArgs}
|
||||||
--listen ${cfg.proxy.listenAddress} \
|
|
||||||
--traceroute_bin ${cfg.proxy.traceroute.binary}
|
|
||||||
--traceroute_raw ${boolToString cfg.proxy.traceroute.rawOutput}
|
|
||||||
${cfg.proxy.extraArgs}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -266,4 +311,9 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [
|
||||||
|
e1mo
|
||||||
|
tchekda
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -199,7 +199,7 @@ in
|
||||||
(filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
|
(filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "@${cfg.package}/bin/consul consul agent -config-dir /etc/consul.d"
|
ExecStart = "@${lib.getExe cfg.package} consul agent -config-dir /etc/consul.d"
|
||||||
+ concatMapStrings (n: " -config-file ${n}") configFiles;
|
+ concatMapStrings (n: " -config-file ${n}") configFiles;
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
|
@ -207,10 +207,10 @@ in
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
TimeoutStartSec = "infinity";
|
TimeoutStartSec = "infinity";
|
||||||
} // (optionalAttrs (cfg.leaveOnStop) {
|
} // (optionalAttrs (cfg.leaveOnStop) {
|
||||||
ExecStop = "${cfg.package}/bin/consul leave";
|
ExecStop = "${lib.getExe cfg.package} leave";
|
||||||
});
|
});
|
||||||
|
|
||||||
path = with pkgs; [ iproute2 gnugrep gawk consul ];
|
path = with pkgs; [ iproute2 gawk cfg.package ];
|
||||||
preStart = let
|
preStart = let
|
||||||
family = if cfg.forceAddrFamily == "ipv6" then
|
family = if cfg.forceAddrFamily == "ipv6" then
|
||||||
"-6"
|
"-6"
|
||||||
|
@ -269,7 +269,7 @@ in
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.alerts.package}/bin/consul-alerts start \
|
${lib.getExe cfg.alerts.package} start \
|
||||||
--alert-addr=${cfg.alerts.listenAddr} \
|
--alert-addr=${cfg.alerts.listenAddr} \
|
||||||
--consul-addr=${cfg.alerts.consulAddr} \
|
--consul-addr=${cfg.alerts.consulAddr} \
|
||||||
${optionalString cfg.alerts.watchChecks "--watch-checks"} \
|
${optionalString cfg.alerts.watchChecks "--watch-checks"} \
|
||||||
|
|
|
@ -60,13 +60,12 @@ in {
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = lib.optional (cfg.secretFile != null)
|
ExecStartPre = lib.optional (cfg.secretFile != null)
|
||||||
(pkgs.writeShellScript "pre-start" ''
|
("+" + pkgs.writeShellScript "pre-start" ''
|
||||||
umask 077
|
umask 077
|
||||||
export $(xargs < ${cfg.secretFile})
|
export $(xargs < ${cfg.secretFile})
|
||||||
${pkgs.envsubst}/bin/envsubst -i "${configFile}" > ${finalConfigFile}
|
${pkgs.envsubst}/bin/envsubst -i "${configFile}" > ${finalConfigFile}
|
||||||
chown go-neb ${finalConfigFile}
|
chown go-neb ${finalConfigFile}
|
||||||
'');
|
'');
|
||||||
PermissionsStartOnly = true;
|
|
||||||
RuntimeDirectory = "go-neb";
|
RuntimeDirectory = "go-neb";
|
||||||
ExecStart = "${pkgs.go-neb}/bin/go-neb";
|
ExecStart = "${pkgs.go-neb}/bin/go-neb";
|
||||||
User = "go-neb";
|
User = "go-neb";
|
||||||
|
|
|
@ -185,6 +185,10 @@ in
|
||||||
assertion = cfg.loginAll -> cfg.target == null;
|
assertion = cfg.loginAll -> cfg.target == null;
|
||||||
message = "iSCSI target name is set while login on all portals is enabled.";
|
message = "iSCSI target name is set while login on all portals is enabled.";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
assertion = !config.boot.initrd.systemd.enable;
|
||||||
|
message = "systemd stage 1 does not support iscsi yet.";
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
51
third_party/nixpkgs/nixos/modules/services/networking/ivpn.nix
vendored
Normal file
51
third_party/nixpkgs/nixos/modules/services/networking/ivpn.nix
vendored
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.ivpn;
|
||||||
|
in
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
options.services.ivpn = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
This option enables iVPN daemon.
|
||||||
|
This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
boot.kernelModules = [ "tun" ];
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [ ivpn ivpn-service ];
|
||||||
|
|
||||||
|
# iVPN writes to /etc/iproute2/rt_tables
|
||||||
|
networking.iproute2.enable = true;
|
||||||
|
networking.firewall.checkReversePath = "loose";
|
||||||
|
|
||||||
|
systemd.services.ivpn-service = {
|
||||||
|
description = "iVPN daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
wants = [ "network.target" ];
|
||||||
|
after = [
|
||||||
|
"network-online.target"
|
||||||
|
"NetworkManager.service"
|
||||||
|
"systemd-resolved.service"
|
||||||
|
];
|
||||||
|
path = [
|
||||||
|
# Needed for mount
|
||||||
|
"/run/wrappers"
|
||||||
|
];
|
||||||
|
startLimitBurst = 5;
|
||||||
|
startLimitIntervalSec = 20;
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.ivpn-service}/bin/ivpn-service --logging";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 1;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with maintainers; [ ataraxiasjel ];
|
||||||
|
}
|
|
@ -17,7 +17,7 @@ let
|
||||||
ttl ${toString proxy.ttl}
|
ttl ${toString proxy.ttl}
|
||||||
${render proxy.rules (ruleNetworkName: rule: ''
|
${render proxy.rules (ruleNetworkName: rule: ''
|
||||||
rule ${prefer rule.network ruleNetworkName} {
|
rule ${prefer rule.network ruleNetworkName} {
|
||||||
${rule.method}${if rule.method == "iface" then " ${rule.interface}" else ""}
|
${rule.method}${optionalString (rule.method == "iface") " ${rule.interface}"}
|
||||||
}'')}
|
}'')}
|
||||||
}'')}
|
}'')}
|
||||||
'');
|
'');
|
||||||
|
|
|
@ -41,9 +41,10 @@ in {
|
||||||
documentation = [ "https://netbird.io/docs/" ];
|
documentation = [ "https://netbird.io/docs/" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
path = with pkgs; [
|
||||||
|
openresolv
|
||||||
|
];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
|
|
||||||
DynamicUser = true;
|
|
||||||
Environment = [
|
Environment = [
|
||||||
"NB_CONFIG=/var/lib/netbird/config.json"
|
"NB_CONFIG=/var/lib/netbird/config.json"
|
||||||
"NB_LOG_FILE=console"
|
"NB_LOG_FILE=console"
|
||||||
|
|
|
@ -86,7 +86,7 @@ in
|
||||||
|
|
||||||
redis.createInstance = mkOption {
|
redis.createInstance = mkOption {
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = if versionAtLeast config.system.stateVersion "22.05" then "ntopng" else "";
|
default = optionalString (versionAtLeast config.system.stateVersion "22.05") "ntopng";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Local Redis instance name. Set to `null` to disable
|
Local Redis instance name. Set to `null` to disable
|
||||||
local Redis instance. Defaults to `""` for
|
local Redis instance. Defaults to `""` for
|
||||||
|
|
|
@ -9,7 +9,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services.peroxide = {
|
options.services.peroxide = {
|
||||||
enable = mkEnableOption (lib.mdDoc "enable");
|
enable = mkEnableOption (lib.mdDoc "peroxide");
|
||||||
|
|
||||||
package = mkPackageOptionMD pkgs "peroxide" {
|
package = mkPackageOptionMD pkgs "peroxide" {
|
||||||
default = [ "peroxide" ];
|
default = [ "peroxide" ];
|
||||||
|
|
|
@ -339,14 +339,9 @@ in
|
||||||
};
|
};
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -m 0755 -p ${smokepingHome}/cache ${smokepingHome}/data
|
mkdir -m 0755 -p ${smokepingHome}/cache ${smokepingHome}/data
|
||||||
rm -f ${smokepingHome}/cropper
|
ln -sf ${cfg.package}/htdocs/css ${smokepingHome}/css
|
||||||
ln -s ${cfg.package}/htdocs/cropper ${smokepingHome}/cropper
|
ln -sf ${cfg.package}/htdocs/js ${smokepingHome}/js
|
||||||
rm -f ${smokepingHome}/css
|
ln -sf ${cgiHome} ${smokepingHome}/smokeping.fcgi
|
||||||
ln -s ${cfg.package}/htdocs/css ${smokepingHome}/css
|
|
||||||
rm -f ${smokepingHome}/js
|
|
||||||
ln -s ${cfg.package}/htdocs/js ${smokepingHome}/js
|
|
||||||
rm -f ${smokepingHome}/smokeping.fcgi
|
|
||||||
ln -s ${cgiHome} ${smokepingHome}/smokeping.fcgi
|
|
||||||
${cfg.package}/bin/smokeping --check --config=${configPath}
|
${cfg.package}/bin/smokeping --check --config=${configPath}
|
||||||
${cfg.package}/bin/smokeping --static --config=${configPath}
|
${cfg.package}/bin/smokeping --static --config=${configPath}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -169,11 +169,11 @@ in
|
||||||
else (concatStrings (map (i: "--interface=\"${i}\"")
|
else (concatStrings (map (i: "--interface=\"${i}\"")
|
||||||
interfaces))} \
|
interfaces))} \
|
||||||
-h "${hostKey}" \
|
-h "${hostKey}" \
|
||||||
${if !syslog then "--no-syslog" else ""} \
|
${optionalString (!syslog) "--no-syslog" } \
|
||||||
${if passwordAuthentication then "--password" else "--no-password" } \
|
${if passwordAuthentication then "--password" else "--no-password" } \
|
||||||
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
|
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
|
||||||
${if rootLogin then "--root-login" else "--no-root-login" } \
|
${if rootLogin then "--root-login" else "--no-root-login" } \
|
||||||
${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \
|
${optionalString (loginShell != null) "--login-shell=\"${loginShell}\"" } \
|
||||||
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
|
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
|
||||||
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
|
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
|
||||||
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
|
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
|
||||||
|
|
|
@ -474,10 +474,10 @@ in
|
||||||
mkdir -m 0755 -p "$(dirname '${k.path}')"
|
mkdir -m 0755 -p "$(dirname '${k.path}')"
|
||||||
ssh-keygen \
|
ssh-keygen \
|
||||||
-t "${k.type}" \
|
-t "${k.type}" \
|
||||||
${if k ? bits then "-b ${toString k.bits}" else ""} \
|
${optionalString (k ? bits) "-b ${toString k.bits}"} \
|
||||||
${if k ? rounds then "-a ${toString k.rounds}" else ""} \
|
${optionalString (k ? rounds) "-a ${toString k.rounds}"} \
|
||||||
${if k ? comment then "-C '${k.comment}'" else ""} \
|
${optionalString (k ? comment) "-C '${k.comment}'"} \
|
||||||
${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \
|
${optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \
|
||||||
-f "${k.path}" \
|
-f "${k.path}" \
|
||||||
-N ""
|
-N ""
|
||||||
fi
|
fi
|
||||||
|
@ -536,7 +536,7 @@ in
|
||||||
# https://github.com/NixOS/nixpkgs/pull/10155
|
# https://github.com/NixOS/nixpkgs/pull/10155
|
||||||
# https://github.com/NixOS/nixpkgs/pull/41745
|
# https://github.com/NixOS/nixpkgs/pull/41745
|
||||||
services.openssh.authorizedKeysFiles =
|
services.openssh.authorizedKeysFiles =
|
||||||
[ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
|
[ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
|
||||||
|
|
||||||
services.openssh.extraConfig = mkOrder 0
|
services.openssh.extraConfig = mkOrder 0
|
||||||
''
|
''
|
||||||
|
@ -550,7 +550,7 @@ in
|
||||||
'') cfg.ports}
|
'') cfg.ports}
|
||||||
|
|
||||||
${concatMapStrings ({ port, addr, ... }: ''
|
${concatMapStrings ({ port, addr, ... }: ''
|
||||||
ListenAddress ${addr}${if port != null then ":" + toString port else ""}
|
ListenAddress ${addr}${optionalString (port != null) (":" + toString port)}
|
||||||
'') cfg.listenAddresses}
|
'') cfg.listenAddresses}
|
||||||
|
|
||||||
${optionalString cfgc.setXAuthLocation ''
|
${optionalString cfgc.setXAuthLocation ''
|
||||||
|
|
|
@ -4,7 +4,7 @@ let
|
||||||
|
|
||||||
inherit (builtins) toFile;
|
inherit (builtins) toFile;
|
||||||
inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList
|
inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList
|
||||||
mkIf mkEnableOption mkOption types literalExpression;
|
mkIf mkEnableOption mkOption types literalExpression optionalString;
|
||||||
|
|
||||||
cfg = config.services.strongswan;
|
cfg = config.services.strongswan;
|
||||||
|
|
||||||
|
@ -34,8 +34,8 @@ let
|
||||||
|
|
||||||
strongswanConf = {setup, connections, ca, secretsFile, managePlugins, enabledPlugins}: toFile "strongswan.conf" ''
|
strongswanConf = {setup, connections, ca, secretsFile, managePlugins, enabledPlugins}: toFile "strongswan.conf" ''
|
||||||
charon {
|
charon {
|
||||||
${if managePlugins then "load_modular = no" else ""}
|
${optionalString managePlugins "load_modular = no"}
|
||||||
${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""}
|
${optionalString managePlugins ("load = " + (concatStringsSep " " enabledPlugins))}
|
||||||
plugins {
|
plugins {
|
||||||
stroke {
|
stroke {
|
||||||
secrets_file = ${secretsFile}
|
secrets_file = ${secretsFile}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue