Project import generated by Copybara.

GitOrigin-RevId: 08e4dc3a907a6dfec8bb3bbf1540d8abbffea22b
This commit is contained in:
Default email 2023-04-29 12:46:19 -04:00
parent 2f7b1ef366
commit c7e6337bd0
3061 changed files with 96698 additions and 51925 deletions

View file

@ -90,6 +90,9 @@
# NixOS integration test driver # NixOS integration test driver
/nixos/lib/test-driver @tfc /nixos/lib/test-driver @tfc
# NixOS QEMU virtualisation
/nixos/virtualisation/qemu-vm.nix @raitobezarius
# Systemd # Systemd
/nixos/modules/system/boot/systemd.nix @NixOS/systemd /nixos/modules/system/boot/systemd.nix @NixOS/systemd
/nixos/modules/system/boot/systemd @NixOS/systemd /nixos/modules/system/boot/systemd @NixOS/systemd
@ -139,7 +142,7 @@
# C compilers # C compilers
/pkgs/development/compilers/gcc @matthewbauer /pkgs/development/compilers/gcc @matthewbauer
/pkgs/development/compilers/llvm @matthewbauer /pkgs/development/compilers/llvm @matthewbauer @RaitoBezarius
# Compatibility stuff # Compatibility stuff
/pkgs/top-level/unix-tools.nix @matthewbauer /pkgs/top-level/unix-tools.nix @matthewbauer

View file

@ -43,6 +43,7 @@ Below is a short excerpt of some points in there:
* Not start with the package name. * Not start with the package name.
* More generally, it should not refer to the package name. * More generally, it should not refer to the package name.
* Not end with a period (or any punctuation for that matter). * Not end with a period (or any punctuation for that matter).
* Aim to inform while avoiding subjective language.
* `meta.license` must be set and fit the upstream license. * `meta.license` must be set and fit the upstream license.
* If there is no upstream license, `meta.license` should default to `lib.licenses.unfree`. * If there is no upstream license, `meta.license` should default to `lib.licenses.unfree`.
* If in doubt, try to contact the upstream developers for clarification. * If in doubt, try to contact the upstream developers for clarification.

View file

@ -8,3 +8,4 @@ manual-full.xml
out out
result result
result-* result-*
media

View file

@ -19,6 +19,9 @@ pandoc_flags = --extract-media=$(pandoc_media_dir) \
.PHONY: all .PHONY: all
all: validate format out/html/index.html out/epub/manual.epub all: validate format out/html/index.html out/epub/manual.epub
.PHONY: render-md
render-md: ${MD_TARGETS}
.PHONY: debug .PHONY: debug
debug: debug:
nix-shell --run "xmloscopy --docbook5 ./manual.xml ./manual-full.xml" nix-shell --run "xmloscopy --docbook5 ./manual.xml ./manual-full.xml"

View file

@ -9,4 +9,5 @@
<xi:include href="special/makesetuphook.section.xml" /> <xi:include href="special/makesetuphook.section.xml" />
<xi:include href="special/mkshell.section.xml" /> <xi:include href="special/mkshell.section.xml" />
<xi:include href="special/darwin-builder.section.xml" /> <xi:include href="special/darwin-builder.section.xml" />
<xi:include href="special/vm-tools.section.xml" />
</chapter> </chapter>

View file

@ -1,6 +1,6 @@
# buildFHSUserEnv {#sec-fhs-environments} # buildFHSEnv {#sec-fhs-environments}
`buildFHSUserEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are: `buildFHSEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are:
- `name` - `name`
Environment name. Environment name.
@ -26,7 +26,7 @@ One can create a simple environment using a `shell.nix` like that:
```nix ```nix
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSUserEnv { (pkgs.buildFHSEnv {
name = "simple-x11-env"; name = "simple-x11-env";
targetPkgs = pkgs: (with pkgs; targetPkgs = pkgs: (with pkgs;
[ udev [ udev

View file

@ -0,0 +1,148 @@
# vmTools {#sec-vm-tools}
A set of VM related utilities, that help in building some packages in more advanced scenarios.
## `vmTools.createEmptyImage` {#vm-tools-createEmptyImage}
A bash script fragment that produces a disk image at `destination`.
### Attributes
* `size`. The disk size, in MiB.
* `fullName`. Name that will be written to `${destination}/nix-support/full-name`.
* `destination` (optional, default `$out`). Where to write the image files.
## `vmTools.runInLinuxVM` {#vm-tools-runInLinuxVM}
Run a derivation in a Linux virtual machine (using Qemu/KVM).
By default, there is no disk image; the root filesystem is a `tmpfs`, and the Nix store is shared with the host (via the [9P protocol](https://wiki.qemu.org/Documentation/9p#9p_Protocol)).
Thus, any pure Nix derivation should run unmodified.
If the build fails and Nix is run with the `-K/--keep-failed` option, a script `run-vm` will be left behind in the temporary build directory that allows you to boot into the VM and debug it interactively.
### Attributes
* `preVM` (optional). Shell command to be evaluated *before* the VM is started (i.e., on the host).
* `memSize` (optional, default `512`). The memory size of the VM in MiB.
* `diskImage` (optional). A file system image to be attached to `/dev/sda`.
Note that currently we expect the image to contain a filesystem, not a full disk image with a partition table etc.
### Examples
Build the derivation hello inside a VM:
```nix
{ pkgs }: with pkgs; with vmTools;
runInLinuxVM hello
```
Build inside a VM with extra memory:
```nix
{ pkgs }: with pkgs; with vmTools;
runInLinuxVM (hello.overrideAttrs (_: { memSize = 1024; }))
```
Use VM with a disk image (implicitly sets `diskImage`, see [`vmTools.createEmptyImage`](#vm-tools-createEmptyImage)):
```nix
{ pkgs }: with pkgs; with vmTools;
runInLinuxVM (hello.overrideAttrs (_: {
preVM = createEmptyImage {
size = 1024;
fullName = "vm-image";
};
}))
```
## `vmTools.extractFs` {#vm-tools-extractFs}
Takes a file, such as an ISO, and extracts its contents into the store.
### Attributes
* `file`. Path to the file to be extracted.
Note that currently we expect the image to contain a filesystem, not a full disk image with a partition table etc.
* `fs` (optional). Filesystem of the contents of the file.
### Examples
Extract the contents of an ISO file:
```nix
{ pkgs }: with pkgs; with vmTools;
extractFs { file = ./image.iso; }
```
## `vmTools.extractMTDfs` {#vm-tools-extractMTDfs}
Like [](#vm-tools-extractFs), but it makes use of a [Memory Technology Device (MTD)](https://en.wikipedia.org/wiki/Memory_Technology_Device).
## `vmTools.runInLinuxImage` {#vm-tools-runInLinuxImage}
Like [](#vm-tools-runInLinuxVM), but instead of using `stdenv` from the Nix store, run the build using the tools provided by `/bin`, `/usr/bin`, etc. from the specified filesystem image, which typically is a filesystem containing a [FHS](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard)-based Linux distribution.
## `vmTools.makeImageTestScript` {#vm-tools-makeImageTestScript}
Generate a script that can be used to run an interactive session in the given image.
### Examples
Create a script for running a Fedora 27 VM:
```nix
{ pkgs }: with pkgs; with vmTools;
makeImageTestScript diskImages.fedora27x86_64
```
Create a script for running an Ubuntu 20.04 VM:
```nix
{ pkgs }: with pkgs; with vmTools;
makeImageTestScript diskImages.ubuntu2004x86_64
```
## `vmTools.diskImageFuns` {#vm-tools-diskImageFuns}
A set of functions that build a predefined set of minimal Linux distributions images.
### Images
* Fedora
* `fedora26x86_64`
* `fedora27x86_64`
* CentOS
* `centos6i386`
* `centos6x86_64`
* `centos7x86_64`
* Ubuntu
* `ubuntu1404i386`
* `ubuntu1404x86_64`
* `ubuntu1604i386`
* `ubuntu1604x86_64`
* `ubuntu1804i386`
* `ubuntu1804x86_64`
* `ubuntu2004i386`
* `ubuntu2004x86_64`
* `ubuntu2204i386`
* `ubuntu2204x86_64`
* Debian
* `debian10i386`
* `debian10x86_64`
* `debian11i386`
* `debian11x86_64`
### Attributes
* `size` (optional, defaults to `4096`). The size of the image, in MiB.
* `extraPackages` (optional). A list names of additional packages from the distribution that should be included in the image.
### Examples
8GiB image containing Firefox in addition to the default packages:
```nix
{ pkgs }: with pkgs; with vmTools;
diskImageFuns.ubuntu2004x86_64 { extraPackages = [ "firefox" ]; size = 8192; }
```
## `vmTools.diskImageExtraFuns` {#vm-tools-diskImageExtraFuns}
Shorthand for `vmTools.diskImageFuns.<attr> { extraPackages = ... }`.
## `vmTools.diskImages` {#vm-tools-diskImages}
Shorthand for `vmTools.diskImageFuns.<attr> { }`.

View file

@ -20,6 +20,10 @@ in pkgs.stdenv.mkDerivation {
ln -s ${doc-support} ./doc-support/result ln -s ${doc-support} ./doc-support/result
''; '';
preBuild = ''
make -j$NIX_BUILD_CORES render-md
'';
installPhase = '' installPhase = ''
dest="$out/share/doc/nixpkgs" dest="$out/share/doc/nixpkgs"
mkdir -p "$(dirname "$dest")" mkdir -p "$(dirname "$dest")"

View file

@ -1,6 +1,6 @@
{ pkgs, nixpkgs ? { }, libsets }: { pkgs, nixpkgs ? { }, libsets }:
let let
revision = pkgs.lib.trivial.revisionWithDefault (nixpkgs.revision or "master"); revision = pkgs.lib.trivial.revisionWithDefault (nixpkgs.rev or "master");
libDefPos = prefix: set: libDefPos = prefix: set:
builtins.concatMap builtins.concatMap

View file

@ -37,7 +37,7 @@ The recommended way of defining a derivation for a Coq library, is to use the `c
* `buildInputs` (optional), is a list of libraries and dependencies that are required to build and run the current derivation, in addition to the default one `[ coq ]`, * `buildInputs` (optional), is a list of libraries and dependencies that are required to build and run the current derivation, in addition to the default one `[ coq ]`,
* `extraBuildInputs` (optional, deprecated), an additional list of derivation to add to `buildInputs`, * `extraBuildInputs` (optional, deprecated), an additional list of derivation to add to `buildInputs`,
* `overrideBuildInputs` (optional) replaces the default list of derivation to which `buildInputs` and `extraBuildInputs` adds extras elements, * `overrideBuildInputs` (optional) replaces the default list of derivation to which `buildInputs` and `extraBuildInputs` adds extras elements,
* `propagatedBuildInputs` (optional) is passed as is to `mkDerivation`, we recommend to use this for Coq libraries and Coq plugin dependencies, as this makes sure the paths of the compiled libraries and plugins will always be added to the build environements of subsequent derivation, which is necessary for Coq packages to work correctly, * `propagatedBuildInputs` (optional) is passed as is to `mkDerivation`, we recommend to use this for Coq libraries and Coq plugin dependencies, as this makes sure the paths of the compiled libraries and plugins will always be added to the build environments of subsequent derivation, which is necessary for Coq packages to work correctly,
* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `nativeBuildInputs`, `buildInputs`, and `propagatedBuildInputs` to depend on the same package set Coq was built against. * `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `nativeBuildInputs`, `buildInputs`, and `propagatedBuildInputs` to depend on the same package set Coq was built against.
* `useDuneifVersion` (optional, default to `(x: false)` uses Dune to build the package if the provided predicate evaluates to true on the version, e.g. `useDuneifVersion = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`, * `useDuneifVersion` (optional, default to `(x: false)` uses Dune to build the package if the provided predicate evaluates to true on the version, e.g. `useDuneifVersion = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`,
* `useDune` (optional, defaults to `false`) uses Dune to build the package if set to true, the presence of this attribute overrides the behavior of the previous one. * `useDune` (optional, defaults to `false`) uses Dune to build the package if set to true, the presence of this attribute overrides the behavior of the previous one.

View file

@ -20,6 +20,7 @@ In the following is an example expression using `buildGoModule`, the following a
To obtain the actual hash, set `vendorHash = lib.fakeSha256;` and run the build ([more details here](#sec-source-hashes)). To obtain the actual hash, set `vendorHash = lib.fakeSha256;` and run the build ([more details here](#sec-source-hashes)).
- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorHash` checksums. - `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorHash` checksums.
- `modPostBuild`: Shell commands to run after the build of the go-modules executes `go mod vendor`, and before calculating fixed output derivation's `vendorHash` (or `vendorSha256`). Note that if you change this attribute, you need to update `vendorHash` (or `vendorSha256`) attribute.
```nix ```nix
pet = buildGoModule rec { pet = buildGoModule rec {
@ -114,7 +115,16 @@ done
## Attributes used by the builders {#ssec-go-common-attributes} ## Attributes used by the builders {#ssec-go-common-attributes}
Both `buildGoModule` and `buildGoPackage` can be tweaked to behave slightly differently, if the following attributes are used: Many attributes [controlling the build phase](#variables-controlling-the-build-phase) are respected by both `buildGoModule` and `buildGoPackage`. Note that `buildGoModule` reads the following attributes also when building the `vendor/` go-modules fixed output derivation as well:
- [`sourceRoot`](#var-stdenv-sourceRoot)
- [`prePatch`](#var-stdenv-prePatch)
- [`patches`](#var-stdenv-patches)
- [`patchFlags`](#var-stdenv-patchFlags)
- [`postPatch`](#var-stdenv-postPatch)
- [`preBuild`](#var-stdenv-preBuild)
In addition to the above attributes, and the many more variables respected also by `stdenv.mkDerivation`, both `buildGoModule` and `buildGoPackage` respect Go-specific attributes that tweak them to behave slightly differently:
### `ldflags` {#var-go-ldflags} ### `ldflags` {#var-go-ldflags}

View file

@ -108,7 +108,7 @@ haskell.compiler.ghcjs ghcjs-8.10.7
Each of those compiler versions has a corresponding attribute set built using Each of those compiler versions has a corresponding attribute set built using
it. However, the non-standard package sets are not tested regularly and, as a it. However, the non-standard package sets are not tested regularly and, as a
result, contain fewer working packages. The corresponding package set for GHC result, contain fewer working packages. The corresponding package set for GHC
9.4.4 is `haskell.packages.ghc944`. In fact `haskellPackages` is just an alias 9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` is just an alias
for `haskell.packages.ghc927`: for `haskell.packages.ghc927`:
```console ```console

View file

@ -229,7 +229,7 @@ See `node2nix` [docs](https://github.com/svanderburg/node2nix) for more info.
#### Pitfalls {#javascript-node2nix-pitfalls} #### Pitfalls {#javascript-node2nix-pitfalls}
- If upstream package.json does not have a "version" attribute, `node2nix` will crash. You will need to add it like shown in [the package.json section](#javascript-upstream-package-json). - If upstream package.json does not have a "version" attribute, `node2nix` will crash. You will need to add it like shown in [the package.json section](#javascript-upstream-package-json).
- `node2nix` has some [bugs](https://github.com/svanderburg/node2nix/issues/238) related to working with lock files from NPM distributed with `nodejs-16_x`. - `node2nix` has some [bugs](https://github.com/svanderburg/node2nix/issues/238) related to working with lock files from NPM distributed with `nodejs_16`.
- `node2nix` does not like missing packages from NPM. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of NPM. - `node2nix` does not like missing packages from NPM. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of NPM.
### yarn2nix {#javascript-yarn2nix} ### yarn2nix {#javascript-yarn2nix}

View file

@ -129,16 +129,21 @@ Let's present the luarocks way first and the manual one in a second time.
### Packaging a library on luarocks {#packaging-a-library-on-luarocks} ### Packaging a library on luarocks {#packaging-a-library-on-luarocks}
[Luarocks.org](https://luarocks.org/) is the main repository of lua packages. [Luarocks.org](https://luarocks.org/) is the main repository of lua packages.
The site proposes two types of packages, the rockspec and the src.rock The site proposes two types of packages, the `rockspec` and the `src.rock`
(equivalent of a [rockspec](https://github.com/luarocks/luarocks/wiki/Rockspec-format) but with the source). (equivalent of a [rockspec](https://github.com/luarocks/luarocks/wiki/Rockspec-format) but with the source).
These packages can have different build types such as `cmake`, `builtin` etc .
Luarocks-based packages are generated in pkgs/development/lua-modules/generated-packages.nix from Luarocks-based packages are generated in [pkgs/development/lua-modules/generated-packages.nix](https://github.com/NixOS/nixpkgs/tree/master/pkgs/development/lua-modules/generated-packages.nix) from
the whitelist maintainers/scripts/luarocks-packages.csv and updated by running maintainers/scripts/update-luarocks-packages. the whitelist maintainers/scripts/luarocks-packages.csv and updated by running
the script
[maintainers/scripts/update-luarocks-packages](https://github.com/NixOS/nixpkgs/tree/master/maintainers/scripts/update-luarocks-packages):
```sh
./maintainers/scripts/update-luarocks-packages update
```
[luarocks2nix](https://github.com/nix-community/luarocks) is a tool capable of generating nix derivations from both rockspec and src.rock (and favors the src.rock). [luarocks2nix](https://github.com/nix-community/luarocks) is a tool capable of generating nix derivations from both rockspec and src.rock (and favors the src.rock).
The automation only goes so far though and some packages need to be customized. The automation only goes so far though and some packages need to be customized.
These customizations go in `pkgs/development/lua-modules/overrides.nix`. These customizations go in [pkgs/development/lua-modules/overrides.nix](https://github.com/NixOS/nixpkgs/tree/master/pkgs/development/lua-modules/overrides.nix).
For instance if the rockspec defines `external_dependencies`, these need to be manually added to the overrides.nix. For instance if the rockspec defines `external_dependencies`, these need to be manually added to the overrides.nix.
You can try converting luarocks packages to nix packages with the command `nix-shell -p luarocks-nix` and then `luarocks nix PKG_NAME`. You can try converting luarocks packages to nix packages with the command `nix-shell -p luarocks-nix` and then `luarocks nix PKG_NAME`.

View file

@ -212,7 +212,7 @@ Note: this is not possible anymore for Neovim.
## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs} ## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs}
Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names). Plugins are listed in alphabetical order in `vim-plugin-names` using the format `[github username]/[repository]@[gitref]`. For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`. Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names).
After running `./update.py`, if nvim-treesitter received an update, also run [`nvim-treesitter/update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py) to update the tree sitter grammars for `nvim-treesitter`. After running `./update.py`, if nvim-treesitter received an update, also run [`nvim-treesitter/update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py) to update the tree sitter grammars for `nvim-treesitter`.
@ -226,7 +226,7 @@ deoplete-fish = super.deoplete-fish.overrideAttrs(old: {
Sometimes plugins require an override that must be changed when the plugin is updated. This can cause issues when Vim plugins are auto-updated but the associated override isn't updated. For these plugins, the override should be written so that it specifies all information required to install the plugin, and running `./update.py` doesn't change the derivation for the plugin. Manually updating the override is required to update these types of plugins. An example of such a plugin is `LanguageClient-neovim`. Sometimes plugins require an override that must be changed when the plugin is updated. This can cause issues when Vim plugins are auto-updated but the associated override isn't updated. For these plugins, the override should be written so that it specifies all information required to install the plugin, and running `./update.py` doesn't change the derivation for the plugin. Manually updating the override is required to update these types of plugins. An example of such a plugin is `LanguageClient-neovim`.
To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running. To add a new plugin, run `./update.py add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running.
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with Vim/Neovim. Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with Vim/Neovim.

View file

@ -86,6 +86,23 @@ meta.platforms = lib.platforms.linux;
Attribute Set `lib.platforms` defines [various common lists](https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix) of platforms types. Attribute Set `lib.platforms` defines [various common lists](https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix) of platforms types.
### `badPlatforms` {#var-meta-badPlatforms}
The list of Nix [platform types](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L75-L81) on which the package is known not to be buildable.
Hydra will never create prebuilt binaries for these platform types, even if they are in [`meta.platforms`](#var-meta-platforms).
In general it is preferable to set `meta.platforms = lib.platforms.all` and then exclude any platforms on which the package is known not to build.
For example, a package which requires dynamic linking and cannot be linked statically could use this:
```nix
meta.platforms = lib.platforms.all;
meta.badPlatforms = [ lib.systems.inspect.patterns.isStatic ];
```
The [`lib.meta.availableOn`](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L95-L106) function can be used to test whether or not a package is available (i.e. buildable) on a given platform.
Some packages use this to automatically detect the maximum set of features with which they can be built.
For example, `systemd` [requires dynamic linking](https://github.com/systemd/systemd/issues/20600#issuecomment-912338965), and [has a `meta.badPlatforms` setting](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/pkgs/os-specific/linux/systemd/default.nix#L752) similar to the one above.
Packages which can be built with or without `systemd` support will use `lib.meta.availableOn` to detect whether or not `systemd` is available on the [`hostPlatform`](#ssec-cross-platform-parameters) for which they are being built; if it is not available (e.g. due to a statically-linked host platform like `pkgsStatic`) this support will be disabled by default.
### `tests` {#var-meta-tests} ### `tests` {#var-meta-tests}
::: {.warning} ::: {.warning}
@ -173,7 +190,7 @@ To be effective, it must be presented directly to an evaluation process that han
### `hydraPlatforms` {#var-meta-hydraPlatforms} ### `hydraPlatforms` {#var-meta-hydraPlatforms}
The list of Nix platform types for which the Hydra instance at `hydra.nixos.org` will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g. The list of Nix platform types for which the [Hydra](https://github.com/nixos/hydra) [instance at `hydra.nixos.org`](https://nixos.org/hydra) will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g.
```nix ```nix
meta.platforms = lib.platforms.linux; meta.platforms = lib.platforms.linux;
@ -182,7 +199,26 @@ meta.hydraPlatforms = [];
### `broken` {#var-meta-broken} ### `broken` {#var-meta-broken}
If set to `true`, the package is marked as "broken", meaning that it wont show up in `nix-env -qa`, and cannot be built or installed. Such packages should be removed from Nixpkgs eventually unless they are fixed. If set to `true`, the package is marked as "broken", meaning that it wont show up in [search.nixos.org](https://search.nixos.org/packages), and cannot be built or installed unless the environment variable [`NIXPKGS_ALLOW_BROKEN`](#opt-allowBroken) is set.
Such unconditionally-broken packages should be removed from Nixpkgs eventually unless they are fixed.
The value of this attribute can depend on a package's arguments, including `stdenv`.
This means that `broken` can be used to express constraints, for example:
- Does not cross compile
```nix
meta.broken = !(stdenv.buildPlatform.canExecute stdenv.hostPlatform)
```
- Broken if all of a certain set of its dependencies are broken
```nix
meta.broken = lib.all (map (p: p.meta.broken) [ glibc musl ])
```
This makes `broken` strictly more powerful than `meta.badPlatforms`.
However `meta.availableOn` currently examines only `meta.platforms` and `meta.badPlatforms`, so `meta.broken` does not influence the default values for optional dependencies.
## Licenses {#sec-meta-license} ## Licenses {#sec-meta-license}

View file

@ -16,7 +16,8 @@ stdenv.mkDerivation {
} }
``` ```
(`stdenv` needs to be in scope, so if you write this in a separate Nix expression from `pkgs/all-packages.nix`, you need to pass it as a function argument.) Specifying a `name` and a `src` is the absolute minimum Nix requires. For convenience, you can also use `pname` and `version` attributes and `mkDerivation` will automatically set `name` to `"${pname}-${version}"` by default. Since [RFC 0035](https://github.com/NixOS/rfcs/pull/35), this is preferred for packages in Nixpkgs, as it allows us to reuse the version easily: (`stdenv` needs to be in scope, so if you write this in a separate Nix expression from `pkgs/all-packages.nix`, you need to pass it as a function argument.) Specifying a `name` and a `src` is the absolute minimum Nix requires. For convenience, you can also use `pname` and `version` attributes and `mkDerivation` will automatically set `name` to `"${pname}-${version}"` by default.
**Since [RFC 0035](https://github.com/NixOS/rfcs/pull/35), this is preferred for packages in Nixpkgs**, as it allows us to reuse the version easily:
```nix ```nix
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -33,7 +34,8 @@ Many packages have dependencies that are not provided in the standard environmen
```nix ```nix
stdenv.mkDerivation { stdenv.mkDerivation {
name = "libfoo-1.2.3"; pname = "libfoo";
version = "1.2.3";
... ...
buildInputs = [libbar perl ncurses]; buildInputs = [libbar perl ncurses];
} }
@ -45,7 +47,8 @@ Often it is necessary to override or modify some aspect of the build. To make th
```nix ```nix
stdenv.mkDerivation { stdenv.mkDerivation {
name = "fnord-4.5"; pname = "fnord";
version = "4.5";
... ...
buildPhase = '' buildPhase = ''
gcc foo.c -o foo gcc foo.c -o foo
@ -65,7 +68,8 @@ While the standard environment provides a generic builder, you can still supply
```nix ```nix
stdenv.mkDerivation { stdenv.mkDerivation {
name = "libfoo-1.2.3"; pname = "libfoo";
version = "1.2.3";
... ...
builder = ./builder.sh; builder = ./builder.sh;
} }

View file

@ -9,7 +9,7 @@ let
in in
rec { rec {
inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr; inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr removeAttrs;
/* Return an attribute from nested attribute sets. /* Return an attribute from nested attribute sets.

View file

@ -426,4 +426,81 @@ ${expr "" v}
abort "generators.toDhall: cannot convert a null to Dhall" abort "generators.toDhall: cannot convert a null to Dhall"
else else
builtins.toJSON v; builtins.toJSON v;
/*
Translate a simple Nix expression to Lua representation with occasional
Lua-inlines that can be construted by mkLuaInline function.
Configuration:
* multiline - by default is true which results in indented block-like view.
* indent - initial indent.
Attention:
Regardless of multiline parameter there is no trailing newline.
Example:
generators.toLua {}
{
cmd = [ "typescript-language-server" "--stdio" ];
settings.workspace.library = mkLuaInline ''vim.api.nvim_get_runtime_file("", true)'';
}
->
{
["cmd"] = {
"typescript-language-server",
"--stdio"
},
["settings"] = {
["workspace"] = {
["library"] = (vim.api.nvim_get_runtime_file("", true))
}
}
}
Type:
toLua :: AttrSet -> Any -> String
*/
toLua = {
/* If this option is true, the output is indented with newlines for attribute sets and lists */
multiline ? true,
/* Initial indentation level */
indent ? ""
}@args: v:
with builtins;
let
innerIndent = "${indent} ";
introSpace = if multiline then "\n${innerIndent}" else " ";
outroSpace = if multiline then "\n${indent}" else " ";
innerArgs = args // { indent = innerIndent; };
concatItems = concatStringsSep ",${introSpace}";
isLuaInline = { _type ? null, ... }: _type == "lua-inline";
in
if v == null then
"nil"
else if isInt v || isFloat v || isString v || isBool v then
builtins.toJSON v
else if isList v then
(if v == [ ] then "{}" else
"{${introSpace}${concatItems (map (value: "${toLua innerArgs value}") v)}${outroSpace}}")
else if isAttrs v then
(
if isLuaInline v then
"(${v.expr})"
else if v == { } then
"{}"
else
"{${introSpace}${concatItems (
lib.attrsets.mapAttrsToList (key: value: "[${builtins.toJSON key}] = ${toLua innerArgs value}") v
)}${outroSpace}}"
)
else
abort "generators.toLua: type ${typeOf v} is unsupported";
/*
Mark string as Lua expression to be inlined when processed by toLua.
Type:
mkLuaInline :: String -> AttrSet
*/
mkLuaInline = expr: { _type = "lua-inline"; inherit expr; };
} }

View file

@ -136,6 +136,7 @@ rec {
else if final.isPower then "powerpc" else if final.isPower then "powerpc"
else if final.isRiscV then "riscv" else if final.isRiscV then "riscv"
else if final.isS390 then "s390" else if final.isS390 then "s390"
else if final.isLoongArch64 then "loongarch"
else final.parsed.cpu.name; else final.parsed.cpu.name;
qemuArch = qemuArch =
@ -185,6 +186,7 @@ rec {
pulseSupport = false; pulseSupport = false;
smbdSupport = false; smbdSupport = false;
seccompSupport = false; seccompSupport = false;
enableDocs = false;
hostCpuTargets = [ "${final.qemuArch}-linux-user" ]; hostCpuTargets = [ "${final.qemuArch}-linux-user" ];
}; };
wine = (pkgs.winePackagesFor "wine${toString final.parsed.cpu.bits}").minimal; wine = (pkgs.winePackagesFor "wine${toString final.parsed.cpu.bits}").minimal;

View file

@ -26,7 +26,7 @@ let
# Linux # Linux
"aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux"
"armv7l-linux" "i686-linux" "m68k-linux" "microblaze-linux" "armv7l-linux" "i686-linux" "loongarch64-linux" "m68k-linux" "microblaze-linux"
"microblazeel-linux" "mipsel-linux" "mips64el-linux" "powerpc64-linux" "microblazeel-linux" "mipsel-linux" "mips64el-linux" "powerpc64-linux"
"powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux" "powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux"
"s390x-linux" "x86_64-linux" "s390x-linux" "x86_64-linux"
@ -86,6 +86,7 @@ in {
m68k = filterDoubles predicates.isM68k; m68k = filterDoubles predicates.isM68k;
s390 = filterDoubles predicates.isS390; s390 = filterDoubles predicates.isS390;
s390x = filterDoubles predicates.isS390x; s390x = filterDoubles predicates.isS390x;
loongarch64 = filterDoubles predicates.isLoongArch64;
js = filterDoubles predicates.isJavaScript; js = filterDoubles predicates.isJavaScript;
bigEndian = filterDoubles predicates.isBigEndian; bigEndian = filterDoubles predicates.isBigEndian;

View file

@ -90,6 +90,10 @@ rec {
config = "mipsel-unknown-linux-gnu"; config = "mipsel-unknown-linux-gnu";
} // platforms.fuloong2f_n32; } // platforms.fuloong2f_n32;
loongarch64-linux = {
config = "loongarch64-unknown-linux-gnu";
};
# can execute on 32bit chip # can execute on 32bit chip
mips-linux-gnu = { config = "mips-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32; mips-linux-gnu = { config = "mips-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;
mipsel-linux-gnu = { config = "mipsel-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32; mipsel-linux-gnu = { config = "mipsel-unknown-linux-gnu"; } // platforms.gcc_mips32r2_o32;

View file

@ -9,6 +9,14 @@ let abis = lib.mapAttrs (_: abi: builtins.removeAttrs abi [ "assertions" ]) abis
rec { rec {
# these patterns are to be matched against {host,build,target}Platform.parsed # these patterns are to be matched against {host,build,target}Platform.parsed
patterns = rec { patterns = rec {
# The patterns below are lists in sum-of-products form.
#
# Each attribute is list of product conditions; non-list values are treated
# as a singleton list. If *any* product condition in the list matches then
# the predicate matches. Each product condition is tested by
# `lib.attrsets.matchAttrs`, which requires a match on *all* attributes of
# the product.
isi686 = { cpu = cpuTypes.i686; }; isi686 = { cpu = cpuTypes.i686; };
isx86_32 = { cpu = { family = "x86"; bits = 32; }; }; isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
isx86_64 = { cpu = { family = "x86"; bits = 64; }; }; isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
@ -49,6 +57,7 @@ rec {
isM68k = { cpu = { family = "m68k"; }; }; isM68k = { cpu = { family = "m68k"; }; };
isS390 = { cpu = { family = "s390"; }; }; isS390 = { cpu = { family = "s390"; }; };
isS390x = { cpu = { family = "s390"; bits = 64; }; }; isS390x = { cpu = { family = "s390"; bits = 64; }; };
isLoongArch64 = { cpu = { family = "loongarch"; bits = 64; }; };
isJavaScript = { cpu = cpuTypes.javascript; }; isJavaScript = { cpu = cpuTypes.javascript; };
is32bit = { cpu = { bits = 32; }; }; is32bit = { cpu = { bits = 32; }; };

View file

@ -131,6 +131,8 @@ rec {
or1k = { bits = 32; significantByte = bigEndian; family = "or1k"; }; or1k = { bits = 32; significantByte = bigEndian; family = "or1k"; };
loongarch64 = { bits = 64; significantByte = littleEndian; family = "loongarch"; };
javascript = { bits = 32; significantByte = littleEndian; family = "javascript"; }; javascript = { bits = 32; significantByte = littleEndian; family = "javascript"; };
}; };

View file

@ -915,6 +915,72 @@ runTests {
}; };
testToLuaEmptyAttrSet = {
expr = generators.toLua {} {};
expected = ''{}'';
};
testToLuaEmptyList = {
expr = generators.toLua {} [];
expected = ''{}'';
};
testToLuaListOfVariousTypes = {
expr = generators.toLua {} [ null 43 3.14159 true ];
expected = ''
{
nil,
43,
3.14159,
true
}'';
};
testToLuaString = {
expr = generators.toLua {} ''double-quote (") and single quotes (')'';
expected = ''"double-quote (\") and single quotes (')"'';
};
testToLuaAttrsetWithLuaInline = {
expr = generators.toLua {} { x = generators.mkLuaInline ''"abc" .. "def"''; };
expected = ''
{
["x"] = ("abc" .. "def")
}'';
};
testToLuaAttrsetWithSpaceInKey = {
expr = generators.toLua {} { "some space and double-quote (\")" = 42; };
expected = ''
{
["some space and double-quote (\")"] = 42
}'';
};
testToLuaWithoutMultiline = {
expr = generators.toLua { multiline = false; } [ 41 43 ];
expected = ''{ 41, 43 }'';
};
testToLuaBasicExample = {
expr = generators.toLua {} {
cmd = [ "typescript-language-server" "--stdio" ];
settings.workspace.library = generators.mkLuaInline ''vim.api.nvim_get_runtime_file("", true)'';
};
expected = ''
{
["cmd"] = {
"typescript-language-server",
"--stdio"
},
["settings"] = {
["workspace"] = {
["library"] = (vim.api.nvim_get_runtime_file("", true))
}
}
}'';
};
# CLI # CLI
testToGNUCommandLine = { testToGNUCommandLine = {

View file

@ -34,7 +34,7 @@ with lib.systems.doubles; lib.runTests {
testredox = mseteq redox [ "x86_64-redox" ]; testredox = mseteq redox [ "x86_64-redox" ];
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */); testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
testillumos = mseteq illumos [ "x86_64-solaris" ]; testillumos = mseteq illumos [ "x86_64-solaris" ];
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mips64el-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" "m68k-linux" "s390-linux" "s390x-linux" "microblaze-linux" "microblazeel-linux" ]; testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mips64el-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" "m68k-linux" "s390-linux" "s390x-linux" "microblaze-linux" "microblazeel-linux" "loongarch64-linux" ];
testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "m68k-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ]; testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "m68k-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ];
testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ]; testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ]; testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];

View file

@ -101,6 +101,13 @@
github = "0xd61"; github = "0xd61";
githubId = 8351869; githubId = 8351869;
}; };
_0xMRTT = {
email = "0xMRTT@proton.me";
name = "0xMRTT";
github = "0xMRTT";
githubId = 105598867;
matrix = "@0xmrtt:envs.net";
};
_1000101 = { _1000101 = {
email = "b1000101@pm.me"; email = "b1000101@pm.me";
github = "1000101"; github = "1000101";
@ -1054,6 +1061,16 @@
githubId = 1342360; githubId = 1342360;
name = "Andrew Morgan"; name = "Andrew Morgan";
}; };
anpin = {
email = "pavel@anpin.fyi";
github = "anpin";
githubId = 6060545;
matrix = "@anpin:matrix.org";
name = "Pavel Anpin";
keys = [{
fingerprint = "06E8 4FF6 0CCF 7AFD 5101 76C9 0FBC D3EE 6310 7407";
}];
};
anpryl = { anpryl = {
email = "anpryl@gmail.com"; email = "anpryl@gmail.com";
github = "anpryl"; github = "anpryl";
@ -1124,6 +1141,16 @@
githubId = 73002165; githubId = 73002165;
name = "apfelkuchen6"; name = "apfelkuchen6";
}; };
aplund = {
email = "austin.lund@gmail.com";
matrix = "@aplund:matrix.org";
github = "aplund";
githubId = 1369436;
name = "Austin Lund";
keys = [{
fingerprint = "7083 E268 4BFD 845F 2B84 9E74 B695 8918 ED23 32CE";
}];
};
applePrincess = { applePrincess = {
email = "appleprincess@appleprincess.io"; email = "appleprincess@appleprincess.io";
github = "applePrincess"; github = "applePrincess";
@ -3287,9 +3314,12 @@
}]; }];
}; };
cyntheticfox = { cyntheticfox = {
email = "houstdav000@gmail.com"; email = "cyntheticfox@gh0st.sh";
github = "cyntheticfox"; github = "cyntheticfox";
githubId = 17628961; githubId = 17628961;
keys = [{
fingerprint = "73C1 C5DF 51E7 BB92 85E9 A262 5960 278C E235 F821";
}];
matrix = "@houstdav000:gh0st.ems.host"; matrix = "@houstdav000:gh0st.ems.host";
name = "Cynthia Fox"; name = "Cynthia Fox";
}; };
@ -3508,10 +3538,16 @@
}; };
davidcromp = { davidcromp = {
email = "davidcrompton1192@gmail.com"; email = "davidcrompton1192@gmail.com";
github = "DavidCromp"; github = "CyborgPotato";
githubId = 10701143; githubId = 10701143;
name = "David Crompton"; name = "David Crompton";
}; };
david-hamelin = {
email = "david.hamelin@outlook.fr";
github = "HamelinDavid";
githubId = 118536343;
name = "David Hamelin";
};
davidrusu = { davidrusu = {
email = "davidrusu.me@gmail.com"; email = "davidrusu.me@gmail.com";
github = "davidrusu"; github = "davidrusu";
@ -3533,6 +3569,12 @@
fingerprint = "5B08 313C 6853 E5BF FA91 A817 0176 0B4F 9F53 F154"; fingerprint = "5B08 313C 6853 E5BF FA91 A817 0176 0B4F 9F53 F154";
}]; }];
}; };
davisrichard437 = {
email = "davisrichard437@gmail.com";
github = "davisrichard437";
githubId = 85075437;
name = "Richard Davis";
};
davorb = { davorb = {
email = "davor@davor.se"; email = "davor@davor.se";
github = "davorb"; github = "davorb";
@ -4143,6 +4185,16 @@
githubId = 1931963; githubId = 1931963;
name = "David Sferruzza"; name = "David Sferruzza";
}; };
dsuetin = {
name = "Danil Suetin";
email = "suetin085@gmail.com";
matrix = "@dani0854:matrix.org";
github = "dani0854";
githubId = 32674935;
keys = [{
fingerprint = "6CC2 D713 6703 0D86 CA29 C71F 23B5 AA6F A374 F2FE";
}];
};
dsymbol = { dsymbol = {
name = "dsymbol"; name = "dsymbol";
github = "dsymbol"; github = "dsymbol";
@ -4482,6 +4534,7 @@
}; };
elvishjerricco = { elvishjerricco = {
email = "elvishjerricco@gmail.com"; email = "elvishjerricco@gmail.com";
matrix = "@elvishjerricco:matrix.org";
github = "ElvishJerricco"; github = "ElvishJerricco";
githubId = 1365692; githubId = 1365692;
name = "Will Fancher"; name = "Will Fancher";
@ -4806,7 +4859,7 @@
name = "Eric Evenchick"; name = "Eric Evenchick";
}; };
evenbrenden = { evenbrenden = {
email = "evenbrenden@gmail.com"; email = "packages@anythingexternal.com";
github = "evenbrenden"; github = "evenbrenden";
githubId = 2512008; githubId = 2512008;
name = "Even Brenden"; name = "Even Brenden";
@ -5096,6 +5149,12 @@
github = "fkautz"; github = "fkautz";
githubId = 135706; githubId = 135706;
}; };
FlafyDev = {
name = "Flafy Arazi";
email = "flafyarazi@gmail.com";
github = "FlafyDev";
githubId = 44374434;
};
Flakebi = { Flakebi = {
email = "flakebi@t-online.de"; email = "flakebi@t-online.de";
github = "Flakebi"; github = "Flakebi";
@ -5118,6 +5177,13 @@
githubId = 66178592; githubId = 66178592;
name = "Pavel Zolotarevskiy"; name = "Pavel Zolotarevskiy";
}; };
flexiondotorg = {
name = "Martin Wimpress";
email = "martin@wimpress.org";
matrix = "@wimpress:matrix.org";
github = "flexiondotorg";
githubId = 304639;
};
fliegendewurst = { fliegendewurst = {
email = "arne.keller@posteo.de"; email = "arne.keller@posteo.de";
github = "FliegendeWurst"; github = "FliegendeWurst";
@ -5463,6 +5529,11 @@
githubId = 2430469; githubId = 2430469;
name = "Gavin Rogers"; name = "Gavin Rogers";
}; };
gaykitty = {
github = "gaykitty";
githubId = 126119280;
name = "Kitty Pride";
};
gazally = { gazally = {
email = "gazally@runbox.com"; email = "gazally@runbox.com";
github = "gazally"; github = "gazally";
@ -5542,6 +5613,12 @@
fingerprint = "D0CF 440A A703 E0F9 73CB A078 82BB 70D5 41AE 2DB4"; fingerprint = "D0CF 440A A703 E0F9 73CB A078 82BB 70D5 41AE 2DB4";
}]; }];
}; };
geri1701 = {
email = "geri@sdf.org";
github = "geri1701";
githubId = 67984144;
name = "Gerhard Schwanzer";
};
gerschtli = { gerschtli = {
email = "tobias.happ@gmx.de"; email = "tobias.happ@gmx.de";
github = "Gerschtli"; github = "Gerschtli";
@ -5901,6 +5978,12 @@
fingerprint = "F7D3 7890 228A 9074 40E1 FD48 46B9 228E 814A 2AAC"; fingerprint = "F7D3 7890 228A 9074 40E1 FD48 46B9 228E 814A 2AAC";
}]; }];
}; };
hacker1024 = {
name = "hacker1024";
email = "hacker1024@users.sourceforge.net";
github = "hacker1024";
githubId = 20849728;
};
hagl = { hagl = {
email = "harald@glie.be"; email = "harald@glie.be";
github = "hagl"; github = "hagl";
@ -6062,6 +6145,12 @@
githubId = 2405974; githubId = 2405974;
name = "Sébastian Méric de Bellefon"; name = "Sébastian Méric de Bellefon";
}; };
hellwolf = {
email = "zhicheng.miao@gmail.com";
github = "hellwolf";
githubId = 186660;
name = "Miao, ZhiCheng";
};
henkery = { henkery = {
email = "jim@reupload.nl"; email = "jim@reupload.nl";
github = "henkery"; github = "henkery";
@ -6264,6 +6353,12 @@
githubId = 53281855; githubId = 53281855;
name = "hqurve"; name = "hqurve";
}; };
hraban = {
email = "hraban@0brg.net";
github = "hraban";
githubId = 137852;
name = "Hraban Luyat";
};
hrdinka = { hrdinka = {
email = "c.nix@hrdinka.at"; email = "c.nix@hrdinka.at";
github = "hrdinka"; github = "hrdinka";
@ -6634,6 +6729,12 @@
githubId = 54999; githubId = 54999;
name = "Ariel Nunez"; name = "Ariel Nunez";
}; };
ionutnechita = {
email = "ionut_n2001@yahoo.com";
github = "ionutnechita";
githubId = 9405900;
name = "Ionut Nechita";
};
iopq = { iopq = {
email = "iop_jr@yahoo.com"; email = "iop_jr@yahoo.com";
github = "iopq"; github = "iopq";
@ -6701,6 +6802,12 @@
fingerprint = "6BD3 7248 30BD 941E 9180 C1A3 3A33 FA4C 82ED 674F"; fingerprint = "6BD3 7248 30BD 941E 9180 C1A3 3A33 FA4C 82ED 674F";
}]; }];
}; };
ivanmoreau = {
email = "Iván Molina Rebolledo";
github = "ivanmoreau";
githubId = 10843250;
name = "ivan@ivmoreau.com";
};
ivan-timokhin = { ivan-timokhin = {
email = "nixpkgs@ivan.timokhin.name"; email = "nixpkgs@ivan.timokhin.name";
name = "Ivan Timokhin"; name = "Ivan Timokhin";
@ -6874,6 +6981,12 @@
githubId = 6874204; githubId = 6874204;
name = "Jason Carr"; name = "Jason Carr";
}; };
jasonodoom = {
email = "jasonodoom@riseup.net";
github = "jasonodoom";
githubId = 6789916;
name = "Jason Odoom";
};
javaguirre = { javaguirre = {
email = "contacto@javaguirre.net"; email = "contacto@javaguirre.net";
github = "javaguirre"; github = "javaguirre";
@ -8090,6 +8203,12 @@
githubId = 843652; githubId = 843652;
name = "Kim Burgess"; name = "Kim Burgess";
}; };
kindrowboat = {
email = "hello@kindrobot.ca";
github = "kindrowboat";
githubId = 777773;
name = "Stef Dunlap";
};
kini = { kini = {
email = "keshav.kini@gmail.com"; email = "keshav.kini@gmail.com";
github = "kini"; github = "kini";
@ -8121,6 +8240,11 @@
githubId = 12160; githubId = 12160;
name = "Kirill Radzikhovskyy"; name = "Kirill Radzikhovskyy";
}; };
kiskae = {
github = "Kiskae";
githubId = 546681;
name = "Jeroen van Leusen";
};
kisonecat = { kisonecat = {
email = "kisonecat@gmail.com"; email = "kisonecat@gmail.com";
github = "kisonecat"; github = "kisonecat";
@ -8339,7 +8463,7 @@
}; };
kristian-brucaj = { kristian-brucaj = {
email = "kbrucaj@gmail.com"; email = "kbrucaj@gmail.com";
github = "Kristian-Brucaj"; github = "Flameslice";
githubId = 8893110; githubId = 8893110;
name = "Kristian Brucaj"; name = "Kristian Brucaj";
}; };
@ -8415,6 +8539,12 @@
githubId = 2422454; githubId = 2422454;
name = "Kai Wohlfahrt"; name = "Kai Wohlfahrt";
}; };
kylehendricks = {
name = "Kyle Hendricks";
email = "kyle-github@mail.hendricks.nu";
github = "kylehendricks";
githubId = 981958;
};
kyleondy = { kyleondy = {
email = "kyle@ondy.org"; email = "kyle@ondy.org";
github = "KyleOndy"; github = "KyleOndy";
@ -8747,6 +8877,12 @@
githubId = 3696783; githubId = 3696783;
name = "Leroy Hopson"; name = "Leroy Hopson";
}; };
lillycham = {
email = "lillycat332@gmail.com";
github = "lillycat332";
githubId = 54189319;
name = "Lilly Cham";
};
lilyball = { lilyball = {
email = "lily@sb.org"; email = "lily@sb.org";
github = "lilyball"; github = "lilyball";
@ -9161,6 +9297,13 @@
githubId = 2057309; githubId = 2057309;
name = "Sergey Sofeychuk"; name = "Sergey Sofeychuk";
}; };
lx = {
email = "alex@adnab.me";
github = "Alexis211";
githubId = 101484;
matrix = "@lx:deuxfleurs.fr";
name = "Alex Auvolat";
};
lxea = { lxea = {
email = "nix@amk.ie"; email = "nix@amk.ie";
github = "lxea"; github = "lxea";
@ -9493,7 +9636,7 @@
mateodd25 = { mateodd25 = {
email = "mateodd@icloud.com"; email = "mateodd@icloud.com";
github = "mateodd25"; github = "mateodd25";
githubId = 854770; githubId = 7878181;
name = "Mateo Diaz"; name = "Mateo Diaz";
}; };
math-42 = { math-42 = {
@ -10504,6 +10647,12 @@
githubId = 133448; githubId = 133448;
name = "Mikołaj Siedlarek"; name = "Mikołaj Siedlarek";
}; };
mslingsby = {
email = "morten.slingsby@eviny.no";
github = "MortenSlingsby";
githubId = 111859550;
name = "Morten Slingsby";
};
msm = { msm = {
email = "msm@tailcall.net"; email = "msm@tailcall.net";
github = "msm-code"; github = "msm-code";
@ -10794,6 +10943,12 @@
githubId = 137805; githubId = 137805;
name = "Alexander Tsvyashchenko"; name = "Alexander Tsvyashchenko";
}; };
ne9z = {
email = "yuchen@apvc.uk";
github = "ne9z";
githubId = 77314501;
name = "Maurice Zhou";
};
nebulka = { nebulka = {
email = "arapun@proton.me"; email = "arapun@proton.me";
github = "nebulka1"; github = "nebulka1";
@ -10889,6 +11044,16 @@
githubId = 34162313; githubId = 34162313;
name = "Jason Wing"; name = "Jason Wing";
}; };
netfox = {
name = "netfox";
email = "say-hi@netfox.rip";
matrix = "@netfox:catgirl.cloud";
github = "0xnetfox";
githubId = 97521402;
keys = [{
fingerprint = "E8E9 43D7 EB83 DB77 E41C D87F 9C77 CB70 F2E6 3EF7";
}];
};
netixx = { netixx = {
email = "dev.espinetfrancois@gmail.com"; email = "dev.espinetfrancois@gmail.com";
github = "netixx"; github = "netixx";
@ -11183,6 +11348,12 @@
githubId = 3521180; githubId = 3521180;
name = "Tom Sydney Kerckhove"; name = "Tom Sydney Kerckhove";
}; };
NotAShelf = {
name = "NotAShelf";
email = "itsashelf@gmail.com";
github = "NotAShelf";
githubId = 62766066;
};
notbandali = { notbandali = {
name = "Amin Bandali"; name = "Amin Bandali";
email = "bandali@gnu.org"; email = "bandali@gnu.org";
@ -11374,6 +11545,15 @@
fingerprint = "939E F8A5 CED8 7F50 5BB5 B2D0 24BC 2738 5F70 234F"; fingerprint = "939E F8A5 CED8 7F50 5BB5 B2D0 24BC 2738 5F70 234F";
}]; }];
}; };
oddlama = {
email = "oddlama@oddlama.org";
github = "oddlama";
githubId = 31919558;
name = "oddlama";
keys = [{
fingerprint = "680A A614 E988 DE3E 84E0 DEFA 503F 6C06 8410 4B0A";
}];
};
odi = { odi = {
email = "oliver.dunkl@gmail.com"; email = "oliver.dunkl@gmail.com";
github = "odi"; github = "odi";
@ -11450,6 +11630,12 @@
githubId = 1538622; githubId = 1538622;
name = "Michael Reilly"; name = "Michael Reilly";
}; };
onedragon = {
name = "YiLong Liu";
email = "18922251299@163.com";
github = "jackyliu16";
githubId = 50787361;
};
onixie = { onixie = {
email = "onixie@gmail.com"; email = "onixie@gmail.com";
github = "onixie"; github = "onixie";
@ -11652,6 +11838,12 @@
githubId = 11016164; githubId = 11016164;
name = "Fedor Pakhomov"; name = "Fedor Pakhomov";
}; };
pallix = {
email = "pierre.allix.work@gmail.com";
github = "pallix";
githubId = 676838;
name = "Pierre Allix";
};
paluh = { paluh = {
email = "paluho@gmail.com"; email = "paluho@gmail.com";
github = "paluh"; github = "paluh";
@ -11788,6 +11980,16 @@
githubId = 26949935; githubId = 26949935;
name = "Pierce Bartine"; name = "Pierce Bartine";
}; };
pbek = {
email = "patrizio@bekerle.com";
matrix = "@patrizio:bekerle.com";
github = "pbek";
githubId = 1798101;
name = "Patrizio Bekerle";
keys = [{
fingerprint = "E005 48D5 D6AC 812C AAD2 AFFA 9C42 B05E 5913 60DC";
}];
};
pblkt = { pblkt = {
email = "pebblekite@gmail.com"; email = "pebblekite@gmail.com";
github = "pblkt"; github = "pblkt";
@ -11830,6 +12032,12 @@
githubId = 920910; githubId = 920910;
name = "peelz"; name = "peelz";
}; };
pelme = {
email = "andreas@pelme.se";
github = "pelme";
githubId = 20529;
name = "Andreas Pelme";
};
penalty1083 = { penalty1083 = {
email = "penalty1083@outlook.com"; email = "penalty1083@outlook.com";
github = "penalty1083"; github = "penalty1083";
@ -12533,6 +12741,12 @@
githubId = 4579165; githubId = 4579165;
name = "Danny Bautista"; name = "Danny Bautista";
}; };
pyxels = {
email = "pyxels.dev@gmail.com";
github = "Pyxels";
githubId = 39232833;
name = "Jonas";
};
q3k = { q3k = {
email = "q3k@q3k.org"; email = "q3k@q3k.org";
github = "q3k"; github = "q3k";
@ -12549,6 +12763,12 @@
fingerprint = "3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE"; fingerprint = "3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE";
}]; }];
}; };
qjoly = {
email = "github@thoughtless.eu";
github = "qjoly";
githubId = 82603435;
name = "Quentin JOLY";
};
qknight = { qknight = {
email = "js@lastlog.de"; email = "js@lastlog.de";
github = "qknight"; github = "qknight";
@ -12580,6 +12800,15 @@
githubId = 1024891; githubId = 1024891;
name = "Jens Nolte"; name = "Jens Nolte";
}; };
quentin = {
email = "quentin@mit.edu";
github = "quentinmit";
githubId = 115761;
name = "Quentin Smith";
keys = [{
fingerprint = "1C71 A066 5400 AACD 142E B1A0 04EE 05A8 FCEF B697";
}];
};
quentini = { quentini = {
email = "quentini@airmail.cc"; email = "quentini@airmail.cc";
github = "QuentinI"; github = "QuentinI";
@ -12674,6 +12903,13 @@
githubId = 14829269; githubId = 14829269;
name = "Ram Kromberg"; name = "Ram Kromberg";
}; };
rampoina = {
email = "rampoina@protonmail.com";
matrix = "@rampoina:matrix.org";
github = "Rampoina";
githubId = 5653911;
name = "Rampoina";
};
ranfdev = { ranfdev = {
email = "ranfdev@gmail.com"; email = "ranfdev@gmail.com";
name = "Lorenzo Miglietta"; name = "Lorenzo Miglietta";
@ -12944,6 +13180,12 @@
github = "ribose-jeffreylau"; github = "ribose-jeffreylau";
githubId = 2649467; githubId = 2649467;
}; };
ricarch97 = {
email = "ricardo.steijn97@gmail.com";
github = "RicArch97";
githubId = 61013287;
name = "Ricardo Steijn";
};
richardipsum = { richardipsum = {
email = "richardipsum@fastmail.co.uk"; email = "richardipsum@fastmail.co.uk";
github = "richardipsum"; github = "richardipsum";
@ -14215,7 +14457,7 @@
name = "Smitty van Bodegom"; name = "Smitty van Bodegom";
email = "me@smitop.com"; email = "me@smitop.com";
matrix = "@smitop:kde.org"; matrix = "@smitop:kde.org";
github = "Smittyvb"; github = "syvb";
githubId = 10530973; githubId = 10530973;
}; };
sna = { sna = {
@ -14608,10 +14850,12 @@
name = "Stijn DW"; name = "Stijn DW";
}; };
StillerHarpo = { StillerHarpo = {
email = "florianengel39@gmail.com"; email = "engelflorian@posteo.de";
github = "StillerHarpo"; github = "StillerHarpo";
githubId = 25526706; githubId = 25526706;
name = "Florian Engel"; name = "Florian Engel";
keys = [{ fingerprint = "4E2D9B26940E0DABF376B7AF76762421D45837DE"; }];
matrix = "@qe7ftcyrpg:matrix.org";
}; };
stites = { stites = {
email = "sam@stites.io"; email = "sam@stites.io";
@ -14698,6 +14942,12 @@
githubId = 187109; githubId = 187109;
name = "Bjarki Ágúst Guðmundsson"; name = "Bjarki Ágúst Guðmundsson";
}; };
surfaceflinger = {
email = "nat@nekopon.pl";
github = "surfaceflinger";
githubId = 44725111;
name = "nat";
};
suryasr007 = { suryasr007 = {
email = "94suryateja@gmail.com"; email = "94suryateja@gmail.com";
github = "suryasr007"; github = "suryasr007";
@ -15027,6 +15277,12 @@
githubId = 1755789; githubId = 1755789;
name = "Robert Irelan"; name = "Robert Irelan";
}; };
tennox = {
email = "tennox+nix@txlab.io";
github = "tennox";
githubId = 2084639;
name = "Manu";
};
teozkr = { teozkr = {
email = "teo@nullable.se"; email = "teo@nullable.se";
github = "nightkr"; github = "nightkr";
@ -17175,7 +17431,7 @@
zseri = { zseri = {
name = "zseri"; name = "zseri";
email = "zseri.devel@ytrizja.de"; email = "zseri.devel@ytrizja.de";
github = "zseri"; github = "fogti";
githubId = 1618343; githubId = 1618343;
keys = [{ keys = [{
fingerprint = "7AFB C595 0D3A 77BD B00F 947B 229E 63AE 5644 A96D"; fingerprint = "7AFB C595 0D3A 77BD B00F 947B 229E 63AE 5644 A96D";

View file

@ -112,6 +112,8 @@ The short version is this:
* We only do the merge if the [\`mergeable\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/mergeable) job is succeeding on hydra. * We only do the merge if the [\`mergeable\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/mergeable) job is succeeding on hydra.
* If a [\`maintained\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/maintained) package is still broken at the time of merge, we will only merge if the maintainer has been pinged 7 days in advance. (If you care about a Haskell package, become a maintainer!) * If a [\`maintained\`](https://hydra.nixos.org/job/nixpkgs/haskell-updates/maintained) package is still broken at the time of merge, we will only merge if the maintainer has been pinged 7 days in advance. (If you care about a Haskell package, become a maintainer!)
More information about Haskell packages in nixpkgs can be found [in the nixpkgs manual](https://nixos.org/manual/nixpkgs/unstable/#haskell).
--- ---
This is the follow-up to #${curr_haskell_updates_pr_num}. Come to [#haskell:nixos.org](https://matrix.to/#/#haskell:nixos.org) if you have any questions. This is the follow-up to #${curr_haskell_updates_pr_num}. Come to [#haskell:nixos.org](https://matrix.to/#/#haskell:nixos.org) if you have any questions.

View file

@ -58,6 +58,7 @@ sed -r \
-e '/ distribution-nixpkgs /d' \ -e '/ distribution-nixpkgs /d' \
-e '/ jailbreak-cabal /d' \ -e '/ jailbreak-cabal /d' \
-e '/ language-nix /d' \ -e '/ language-nix /d' \
-e '/ hackage-db /d' \
-e '/ cabal-install /d' \ -e '/ cabal-install /d' \
-e '/ lsp /d' \ -e '/ lsp /d' \
-e '/ lsp-types /d' \ -e '/ lsp-types /d' \

View file

@ -15,8 +15,29 @@
# password-command: pass hackage.haskell.org (this can be any command, but not an arbitrary shell expression. Like cabal we only read the first output line and ignore the rest.) # password-command: pass hackage.haskell.org (this can be any command, but not an arbitrary shell expression. Like cabal we only read the first output line and ignore the rest.)
# Those fields are specified under `upload` on the `cabal` man page. # Those fields are specified under `upload` on the `cabal` man page.
if test -z "$CABAL_DIR"; then
dirs=(
"$HOME/.cabal"
"${XDG_CONFIG_HOME:-$HOME/.config}/cabal"
)
missing=true
for dir in "${dirs[@]}"; do
if test -d "$dir"; then
export CABAL_DIR="$dir"
missing=false
break
fi
done
if $missing; then
echo "Could not find the cabal configuration directory in any of: ${dirs[@]}" >&2
exit 101
fi
fi
package_list="$(nix-build -A haskell.package-list)/nixos-hackage-packages.csv" package_list="$(nix-build -A haskell.package-list)/nixos-hackage-packages.csv"
username=$(grep "^username:" ~/.cabal/config | sed "s/^username: //") username=$(grep "^username:" "$CABAL_DIR/config" | sed "s/^username: //")
password_command=$(grep "^password-command:" ~/.cabal/config | sed "s/^password-command: //") password_command=$(grep "^password-command:" "$CABAL_DIR/config" | sed "s/^password-command: //")
curl -u "$username:$($password_command | head -n1)" --digest -H "Content-type: text/csv" -T "$package_list" http://hackage.haskell.org/distro/NixOS/packages.csv curl -u "$username:$($password_command | head -n1)" --digest -H "Content-type: text/csv" -T "$package_list" http://hackage.haskell.org/distro/NixOS/packages.csv
echo echo

View file

@ -40,6 +40,7 @@ lrexlib-pcre,,,,,,vyp
lrexlib-posix,,,,,, lrexlib-posix,,,,,,
lua-cjson,,,,,, lua-cjson,,,,,,
lua-cmsgpack,,,,,, lua-cmsgpack,,,,,,
lua-curl,,,,,,
lua-iconv,,,,,, lua-iconv,,,,,,
lua-lsp,,,,,, lua-lsp,,,,,,
lua-messagepack,,,,,, lua-messagepack,,,,,,

1 name src ref server version luaversion maintainers
40 lrexlib-posix
41 lua-cjson
42 lua-cmsgpack
43 lua-curl
44 lua-iconv
45 lua-lsp
46 lua-messagepack

View file

@ -1,4 +1,7 @@
# Used by pkgs/applications/editors/vim/plugins/update.py and pkgs/applications/editors/kakoune/plugins/update.py # python library used to update plugins:
# - pkgs/applications/editors/vim/plugins/update.py
# - pkgs/applications/editors/kakoune/plugins/update.py
# - maintainers/scripts/update-luarocks-packages
# format: # format:
# $ nix run nixpkgs.python3Packages.black -c black update.py # $ nix run nixpkgs.python3Packages.black -c black update.py
@ -315,7 +318,7 @@ def run_nix_expr(expr):
with CleanEnvironment(): with CleanEnvironment():
cmd = ["nix", "eval", "--extra-experimental-features", cmd = ["nix", "eval", "--extra-experimental-features",
"nix-command", "--impure", "--json", "--expr", expr] "nix-command", "--impure", "--json", "--expr", expr]
log.debug("Running command %s", cmd) log.debug("Running command %s", " ".join(cmd))
out = subprocess.check_output(cmd) out = subprocess.check_output(cmd)
data = json.loads(out) data = json.loads(out)
return data return data
@ -344,12 +347,39 @@ class Editor:
self.cache_file = cache_file or f"{name}-plugin-cache.json" self.cache_file = cache_file or f"{name}-plugin-cache.json"
self.nixpkgs_repo = None self.nixpkgs_repo = None
def add(self, args):
'''CSV spec'''
log.debug("called the 'add' command")
fetch_config = FetchConfig(args.proc, args.github_token)
editor = self
for plugin_line in args.add_plugins:
log.debug("using plugin_line", plugin_line)
pdesc = PluginDesc.load_from_string(fetch_config, plugin_line)
log.debug("loaded as pdesc", pdesc)
append = [ pdesc ]
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, append=append)
plugin, _ = prefetch_plugin(pdesc, )
autocommit = not args.no_commit
if autocommit:
commit(
editor.nixpkgs_repo,
"{drv_name}: init at {version}".format(
drv_name=editor.get_drv_name(plugin.normalized_name),
version=plugin.version
),
[args.outfile, args.input_file],
)
# Expects arguments generated by 'update' subparser
def update(self, args ):
'''CSV spec'''
print("the update member function should be overriden in subclasses")
def get_current_plugins(self) -> List[Plugin]: def get_current_plugins(self) -> List[Plugin]:
"""To fill the cache""" """To fill the cache"""
data = run_nix_expr(self.get_plugins) data = run_nix_expr(self.get_plugins)
plugins = [] plugins = []
for name, attr in data.items(): for name, attr in data.items():
print("get_current_plugins: name %s" % name)
p = Plugin(name, attr["rev"], attr["submodules"], attr["sha256"]) p = Plugin(name, attr["rev"], attr["submodules"], attr["sha256"])
plugins.append(p) plugins.append(p)
return plugins return plugins
@ -358,7 +388,7 @@ class Editor:
'''CSV spec''' '''CSV spec'''
return load_plugins_from_csv(config, plugin_file) return load_plugins_from_csv(config, plugin_file)
def generate_nix(self, plugins, outfile: str): def generate_nix(self, _plugins, _outfile: str):
'''Returns nothing for now, writes directly to outfile''' '''Returns nothing for now, writes directly to outfile'''
raise NotImplementedError() raise NotImplementedError()
@ -395,34 +425,28 @@ class Editor:
return rewrite_input(*args, **kwargs) return rewrite_input(*args, **kwargs)
def create_parser(self): def create_parser(self):
parser = argparse.ArgumentParser( common = argparse.ArgumentParser(
add_help=False,
description=(f""" description=(f"""
Updates nix derivations for {self.name} plugins.\n Updates nix derivations for {self.name} plugins.\n
By default from {self.default_in} to {self.default_out}""" By default from {self.default_in} to {self.default_out}"""
) )
) )
parser.add_argument( common.add_argument(
"--add",
dest="add_plugins",
default=[],
action="append",
help=f"Plugin to add to {self.attr_path} from Github in the form owner/repo",
)
parser.add_argument(
"--input-names", "--input-names",
"-i", "-i",
dest="input_file", dest="input_file",
default=self.default_in, default=self.default_in,
help="A list of plugins in the form owner/repo", help="A list of plugins in the form owner/repo",
) )
parser.add_argument( common.add_argument(
"--out", "--out",
"-o", "-o",
dest="outfile", dest="outfile",
default=self.default_out, default=self.default_out,
help="Filename to save generated nix code", help="Filename to save generated nix code",
) )
parser.add_argument( common.add_argument(
"--proc", "--proc",
"-p", "-p",
dest="proc", dest="proc",
@ -430,7 +454,7 @@ class Editor:
default=30, default=30,
help="Number of concurrent processes to spawn. Setting --github-token allows higher values.", help="Number of concurrent processes to spawn. Setting --github-token allows higher values.",
) )
parser.add_argument( common.add_argument(
"--github-token", "--github-token",
"-t", "-t",
type=str, type=str,
@ -438,16 +462,61 @@ class Editor:
help="""Allows to set --proc to higher values. help="""Allows to set --proc to higher values.
Uses GITHUB_API_TOKEN environment variables as the default value.""", Uses GITHUB_API_TOKEN environment variables as the default value.""",
) )
parser.add_argument( common.add_argument(
"--no-commit", "-n", action="store_true", default=False, "--no-commit", "-n", action="store_true", default=False,
help="Whether to autocommit changes" help="Whether to autocommit changes"
) )
parser.add_argument( common.add_argument(
"--debug", "-d", choices=LOG_LEVELS.keys(), "--debug", "-d", choices=LOG_LEVELS.keys(),
default=logging.getLevelName(logging.WARN), default=logging.getLevelName(logging.WARN),
help="Adjust log level" help="Adjust log level"
) )
return parser
main = argparse.ArgumentParser(
parents=[common],
description=(f"""
Updates nix derivations for {self.name} plugins.\n
By default from {self.default_in} to {self.default_out}"""
)
)
subparsers = main.add_subparsers(dest="command", required=False)
padd = subparsers.add_parser(
"add", parents=[],
description="Add new plugin",
add_help=False,
)
padd.set_defaults(func=self.add)
padd.add_argument(
"add_plugins",
default=None,
nargs="+",
help=f"Plugin to add to {self.attr_path} from Github in the form owner/repo",
)
pupdate = subparsers.add_parser(
"update",
description="Update all or a subset of existing plugins",
add_help=False,
)
pupdate.set_defaults(func=self.update)
return main
def run(self,):
'''
Convenience function
'''
parser = self.create_parser()
args = parser.parse_args()
command = args.command or "update"
log.setLevel(LOG_LEVELS[args.debug])
log.info("Chose to run command: %s", command)
if not args.no_commit:
self.nixpkgs_repo = git.Repo(self.root, search_parent_directories=True)
getattr(self, command)(args)
@ -661,7 +730,6 @@ def commit(repo: git.Repo, message: str, files: List[Path]) -> None:
def update_plugins(editor: Editor, args): def update_plugins(editor: Editor, args):
"""The main entry function of this module. All input arguments are grouped in the `Editor`.""" """The main entry function of this module. All input arguments are grouped in the `Editor`."""
log.setLevel(LOG_LEVELS[args.debug])
log.info("Start updating plugins") log.info("Start updating plugins")
fetch_config = FetchConfig(args.proc, args.github_token) fetch_config = FetchConfig(args.proc, args.github_token)
update = editor.get_update(args.input_file, args.outfile, fetch_config) update = editor.get_update(args.input_file, args.outfile, fetch_config)
@ -684,18 +752,3 @@ def update_plugins(editor: Editor, args):
[args.outfile, args.input_file, editor.deprecated], [args.outfile, args.input_file, editor.deprecated],
) )
for plugin_line in args.add_plugins:
pdesc = PluginDesc.load_from_string(fetch_config, plugin_line)
append = [ pdesc ]
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, append=append)
update()
plugin, _ = prefetch_plugin(pdesc, )
if autocommit:
commit(
editor.nixpkgs_repo,
"{drv_name}: init at {version}".format(
drv_name=editor.get_drv_name(plugin.normalized_name),
version=plugin.version
),
[args.outfile, args.input_file],
)

View file

@ -26,7 +26,8 @@ log = logging.getLogger()
log.addHandler(logging.StreamHandler()) log.addHandler(logging.StreamHandler())
ROOT = Path(os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))).parent.parent # type: ignore ROOT = Path(os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))).parent.parent # type: ignore
from pluginupdate import Editor, update_plugins, FetchConfig, CleanEnvironment import pluginupdate
from pluginupdate import update_plugins, FetchConfig, CleanEnvironment
PKG_LIST="maintainers/scripts/luarocks-packages.csv" PKG_LIST="maintainers/scripts/luarocks-packages.csv"
TMP_FILE="$(mktemp)" TMP_FILE="$(mktemp)"
@ -70,7 +71,7 @@ class LuaPlugin:
return self.name.replace(".", "-") return self.name.replace(".", "-")
# rename Editor to LangUpdate/ EcosystemUpdater # rename Editor to LangUpdate/ EcosystemUpdater
class LuaEditor(Editor): class LuaEditor(pluginupdate.Editor):
def get_current_plugins(self): def get_current_plugins(self):
return [] return []
@ -87,6 +88,9 @@ class LuaEditor(Editor):
luaPackages.append(plugin) luaPackages.append(plugin)
return luaPackages return luaPackages
def update(self, args):
update_plugins(self, args)
def generate_nix( def generate_nix(
self, self,
results: List[Tuple[LuaPlugin, str]], results: List[Tuple[LuaPlugin, str]],
@ -203,11 +207,7 @@ def main():
default_out = ROOT.joinpath(GENERATED_NIXFILE) default_out = ROOT.joinpath(GENERATED_NIXFILE)
) )
parser = editor.create_parser() editor.run()
args = parser.parse_args()
update_plugins(editor, args)
if __name__ == "__main__": if __name__ == "__main__":

View file

@ -431,6 +431,7 @@ with lib.maintainers; {
lukego lukego
nagy nagy
uthar uthar
hraban
]; ];
githubTeams = [ githubTeams = [
"lisp" "lisp"

View file

@ -94,6 +94,6 @@ environment.systemPackages = [ pkgs.appimage-run ];
Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`. Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`.
To make other pre-built executables work on NixOS, you need to package them To make other pre-built executables work on NixOS, you need to package them
with Nix and special helpers like `autoPatchelfHook` or `buildFHSUserEnv`. See with Nix and special helpers like `autoPatchelfHook` or `buildFHSEnv`. See
the [Nixpkgs manual](https://nixos.org/nixpkgs/manual) for details. This the [Nixpkgs manual](https://nixos.org/nixpkgs/manual) for details. This
is complex and often doing a source build is easier. is complex and often doing a source build is easier.

View file

@ -147,7 +147,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](#opt-services.rstudio-server.enable). - [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](#opt-services.rstudio-server.enable).
- [rtsp-simple-server](https://github.com/aler9/rtsp-simple-server), ready-to-use RTSP / RTMP / HLS server and proxy that allows to read, publish and proxy video and audio streams. Available as [services.rtsp-simple-server](#opt-services.rtsp-simple-server.enable). - [mediamtx](https://github.com/aler9/mediamtx), ready-to-use RTSP / RTMP / HLS server and proxy that allows to read, publish and proxy video and audio streams. Available as [services.mediamtx](#opt-services.mediamtx.enable).
- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](#opt-services.snipe-it.enable). - [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](#opt-services.snipe-it.enable).

View file

@ -28,6 +28,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code). - `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code).
- `boot.bootspec.enable` (internal option) is now enabled by default because [RFC-0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot usecases in NixOS such as SecureBoot.
## New Services {#sec-release-23.05-new-services} ## New Services {#sec-release-23.05-new-services}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -40,6 +42,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [cups-pdf-to-pdf](https://github.com/alexivkin/CUPS-PDF-to-PDF), a pdf-generating cups backend based on [cups-pdf](https://www.cups-pdf.de/). Available as [services.printing.cups-pdf](#opt-services.printing.cups-pdf.enable). - [cups-pdf-to-pdf](https://github.com/alexivkin/CUPS-PDF-to-PDF), a pdf-generating cups backend based on [cups-pdf](https://www.cups-pdf.de/). Available as [services.printing.cups-pdf](#opt-services.printing.cups-pdf.enable).
- [clash-verge](https://github.com/zzzgydi/clash-verge), A Clash GUI based on tauri. Available as [programs.clash-verge](#opt-programs.clash-verge.enable).
- [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable). - [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable).
- [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion). - [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion).
@ -61,6 +65,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable). - [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).
- [monica](https://www.monicahq.com), an open source personal CRM. Available as [services.monica](options.html#opt-services.monica.enable).
- [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable). - [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable).
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable). - [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
@ -71,6 +77,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
- [esphome](https://esphome.io), a dashboard to configure ESP8266/ESP32 devices for use with Home Automation systems. Available as [services.esphome](#opt-services.esphome.enable).
- [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable). - [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable).
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
@ -85,8 +93,12 @@ In addition to numerous new and upgraded packages, this release has the followin
- [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable).
- [PufferPanel](https://pufferpanel.com), game server management panel designed to be easy to use. Available as [services.pufferpanel](#opt-services.pufferpanel.enable).
- [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable). - [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable).
- [stargazer](https://sr.ht/~zethra/stargazer/), a fast and easy to use Gemini server. Available as [services.stargazer](#opt-services.stargazer.enable).
- [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable).
- [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable).
@ -99,6 +111,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [trurl](https://github.com/curl/trurl), a command line tool for URL parsing and manipulation. - [trurl](https://github.com/curl/trurl), a command line tool for URL parsing and manipulation.
- [wgautomesh](https://git.deuxfleurs.fr/Deuxfleurs/wgautomesh), a simple utility to help connect wireguard nodes together in a full mesh topology. Available as [services.wgautomesh](options.html#opt-services.wgautomesh.enable).
- [woodpecker-agents](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable). - [woodpecker-agents](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable).
- [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable). - [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable).
@ -109,6 +123,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [hardware.ipu6](#opt-hardware.ipu6.enable) adds support for ipu6 based webcams on intel tiger lake and alder lake. - [hardware.ipu6](#opt-hardware.ipu6.enable) adds support for ipu6 based webcams on intel tiger lake and alder lake.
- [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable).
## Backward Incompatibilities {#sec-release-23.05-incompatibilities} ## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -123,6 +139,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes` - The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes`
- The `ssh` module does not read `/etc/ssh/ssh_known_hosts2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
- The openssh module does not read `~/.ssh/authorized_keys2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
- `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems. - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems.
- `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories. - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.
@ -131,7 +151,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative. - `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative.
- The `services.kubo.settings` option is now no longer stateful. If you changed any of the options in `services.kubo.settings` in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update. - The [services.kubo.settings](#opt-services.kubo.settings) option is now no longer stateful. If you changed any of the options in [services.kubo.settings](#opt-services.kubo.settings) in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update.
- The Kubo HTTP API will no longer listen on localhost and will instead only listen on a Unix domain socket by default. Read the [services.kubo.settings.Addresses.API](#opt-services.kubo.settings.Addresses.API) option description for more information.
- The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services.
This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service`
@ -170,8 +192,12 @@ In addition to numerous new and upgraded packages, this release has the followin
- Calling `makeSetupHook` without passing a `name` argument is deprecated. - Calling `makeSetupHook` without passing a `name` argument is deprecated.
- Top-level buildPlatform,hostPlatform,targetPlatform have been deprecated, use stdenv.X instead.
- `lib.systems.examples.ghcjs` and consequently `pkgsCross.ghcjs` now use the target triplet `javascript-unknown-ghcjs` instead of `js-unknown-ghcjs`. This has been done to match an [upstream decision](https://gitlab.haskell.org/ghc/ghc/-/commit/6636b670233522f01d002c9b97827d00289dbf5c) to follow Cabal's platform naming more closely. Nixpkgs will also reject `js` as an architecture name. - `lib.systems.examples.ghcjs` and consequently `pkgsCross.ghcjs` now use the target triplet `javascript-unknown-ghcjs` instead of `js-unknown-ghcjs`. This has been done to match an [upstream decision](https://gitlab.haskell.org/ghc/ghc/-/commit/6636b670233522f01d002c9b97827d00289dbf5c) to follow Cabal's platform naming more closely. Nixpkgs will also reject `js` as an architecture name.
- `dokuwiki` has been updated from 2023-07-31a (Igor) to 2023-04-04 (Jack Jackrum), which has [completely removed](https://www.dokuwiki.org/changes#release_2023-04-04_jack_jackrum) the options to embed HTML and PHP for security reasons. The [htmlok plugin](https://www.dokuwiki.org/plugin:htmlok) can be used to regain this functionality.
- The old unsupported version 6.x of the ELK-stack and Elastic beats have been removed. Use OpenSearch instead. - The old unsupported version 6.x of the ELK-stack and Elastic beats have been removed. Use OpenSearch instead.
- The `cosmoc` package has been removed. The upstream scripts in `cosmocc` should be used instead. - The `cosmoc` package has been removed. The upstream scripts in `cosmocc` should be used instead.
@ -211,6 +237,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`. - To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`.
- The default Asterisk package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`.
- conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround. - conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround.
- The `services.pipewire.config` options have been removed, as they have basically never worked correctly. All behavior defined by the default configuration can be overridden with drop-in files as necessary - see [below](#sec-release-23.05-migration-pipewire) for details. - The `services.pipewire.config` options have been removed, as they have basically never worked correctly. All behavior defined by the default configuration can be overridden with drop-in files as necessary - see [below](#sec-release-23.05-migration-pipewire) for details.
@ -230,6 +258,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required) - The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required)
- Migration instructions: ["Before updating pnpm to v8 in your CI, regenerate your pnpm-lock.yaml. To upgrade your lockfile, run pnpm install and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated. You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format."](https://github.com/pnpm/pnpm/releases/tag/v8.0.0) - Migration instructions: ["Before updating pnpm to v8 in your CI, regenerate your pnpm-lock.yaml. To upgrade your lockfile, run pnpm install and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated. You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format."](https://github.com/pnpm/pnpm/releases/tag/v8.0.0)
- The `zplug` package changes its output path from `$out` to `$out/share/zplug`. Users should update their dependency on `${pkgs.zplug}/init.zsh` to `${pkgs.zplug}/share/zplug/init.zsh`.
## Other Notable Changes {#sec-release-23.05-notable-changes} ## Other Notable Changes {#sec-release-23.05-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -254,7 +284,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers` - `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts` - `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
- `netbox` was updated to 3.4. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's [breaking changes](https://github.com/netbox-community/netbox/releases/tag/v3.4.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically. - `netbox` was updated to 3.5. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's breaking changes [for 3.4.0](https://github.com/netbox-community/netbox/releases/tag/v3.4.0) and [for 3.5.0](https://github.com/netbox-community/netbox/releases/tag/v3.5.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically.
- `services.netbox` now support RFC42-style options, through `services.netbox.settings`. - `services.netbox` now support RFC42-style options, through `services.netbox.settings`.
@ -274,14 +304,17 @@ In addition to numerous new and upgraded packages, this release has the followin
replacement. It stores backups as volume dump files and thus better integrates replacement. It stores backups as volume dump files and thus better integrates
into contemporary backup solutions. into contemporary backup solutions.
- `services.maddy` now allows to configure users and their credentials using `services.maddy.ensureCredentials`.
- The `dnsmasq` service now takes configuration via the - The `dnsmasq` service now takes configuration via the
`services.dnsmasq.settings` attribute set. The option `services.dnsmasq.settings` attribute set. The option
`services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches `services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
end of life. end of life.
- The `dokuwiki` service now takes configuration via the `services.dokuwiki.sites.<name>.settings` attribute set, `extraConfig` is deprecated and will be removed. - The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed.
The `{aclUse,superUser,disableActions}` attributes have been renamed, `pluginsConfig` now also accepts an attribute set of booleans, passing plain PHP is deprecated. The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans.
Same applies to `acl` which now also accepts structured settings. Passing plain PHP is no longer possible.
Same applies to `acl` which now also only accepts structured `settings`.
- The `zsh` package changes the way to set environment variables on NixOS systems where `programs.zsh.enable` equals `false`. It now sources `/etc/set-environment` when reading the system-level `zshenv` file. Before, it sourced `/etc/profile` when reading the system-level `zprofile` file. - The `zsh` package changes the way to set environment variables on NixOS systems where `programs.zsh.enable` equals `false`. It now sources `/etc/set-environment` when reading the system-level `zshenv` file. Before, it sourced `/etc/profile` when reading the system-level `zprofile` file.
@ -332,6 +365,8 @@ In addition to numerous new and upgraded packages, this release has the followin
[headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) [headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml)
can be directly written as attribute-set in Nix within this option. can be directly written as attribute-set in Nix within this option.
- `services.kubo` now unmounts `ipfsMountDir` and `ipnsMountDir` even if it is killed unexpectedly when `autoMount` is enabled.
- `nixos/lib/make-disk-image.nix` can now mutate EFI variables, run user-provided EFI firmware or variable templates. This is now extensively documented in the NixOS manual. - `nixos/lib/make-disk-image.nix` can now mutate EFI variables, run user-provided EFI firmware or variable templates. This is now extensively documented in the NixOS manual.
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion. - `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
@ -388,6 +423,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream. - The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream.
- The `rtsp-simple-server` package and corresponding NixOS module have been renamed to `mediamtx` to match upstream.
- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting. - The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
- `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`. - `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`.
@ -405,12 +442,16 @@ In addition to numerous new and upgraded packages, this release has the followin
- `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store. - `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store.
- `gitea` module options have been changed to be RFC042 conforming (i.e. some options were moved to be located under `services.gitea.settings`)
- `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase - `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase
- Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release. - Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release.
- The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility). - The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility).
- `make-disk-image` handles `contents` arguments that are directories better, fixing a bug where it used to put them in a subdirectory of the intended `target`.
## Detailed migration information {#sec-release-23.05-migration} ## Detailed migration information {#sec-release-23.05-migration}
### Pipewire configuration overrides {#sec-release-23.05-migration-pipewire} ### Pipewire configuration overrides {#sec-release-23.05-migration-pipewire}

View file

@ -402,11 +402,16 @@ let format' = format; in let
done done
else else
mkdir -p $root/$(dirname $target) mkdir -p $root/$(dirname $target)
if ! [ -e $root/$target ]; then if [ -e $root/$target ]; then
rsync $rsync_flags $source $root/$target
else
echo "duplicate entry $target -> $source" echo "duplicate entry $target -> $source"
exit 1 exit 1
elif [ -d $source ]; then
# Append a slash to the end of source to get rsync to copy the
# directory _to_ the target instead of _inside_ the target.
# (See `man rsync`'s note on a trailing slash.)
rsync $rsync_flags $source/ $root/$target
else
rsync $rsync_flags $source $root/$target
fi fi
fi fi
done done

View file

@ -428,6 +428,8 @@ let
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid"; uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid";
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid"; gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid";
sdInitrdUidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) config.boot.initrd.systemd.users) "uid";
sdInitrdGidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) config.boot.initrd.systemd.groups) "gid";
spec = pkgs.writeText "users-groups.json" (builtins.toJSON { spec = pkgs.writeText "users-groups.json" (builtins.toJSON {
inherit (cfg) mutableUsers; inherit (cfg) mutableUsers;
@ -534,6 +536,54 @@ in {
WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing. WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.
''; '';
}; };
# systemd initrd
boot.initrd.systemd.users = mkOption {
visible = false;
description = ''
Users to include in initrd.
'';
default = {};
type = types.attrsOf (types.submodule ({ name, ... }: {
options.uid = mkOption {
visible = false;
type = types.int;
description = ''
ID of the user in initrd.
'';
defaultText = literalExpression "config.users.users.\${name}.uid";
default = cfg.users.${name}.uid;
};
options.group = mkOption {
visible = false;
type = types.singleLineStr;
description = ''
Group the user belongs to in initrd.
'';
defaultText = literalExpression "config.users.users.\${name}.group";
default = cfg.users.${name}.group;
};
}));
};
boot.initrd.systemd.groups = mkOption {
visible = false;
description = ''
Groups to include in initrd.
'';
default = {};
type = types.attrsOf (types.submodule ({ name, ... }: {
options.gid = mkOption {
visible = false;
type = types.int;
description = ''
ID of the group in initrd.
'';
defaultText = literalExpression "config.users.groups.\${name}.gid";
default = cfg.groups.${name}.gid;
};
}));
};
}; };
@ -639,10 +689,52 @@ in {
"/etc/profiles/per-user/$USER" "/etc/profiles/per-user/$USER"
]; ];
# systemd initrd
boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable {
contents = {
"/etc/passwd".text = ''
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let
g = config.boot.initrd.systemd.groups.${group};
in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)}
'';
"/etc/group".text = ''
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)}
'';
};
users = {
root = {};
nobody = {};
};
groups = {
root = {};
nogroup = {};
systemd-journal = {};
tty = {};
dialout = {};
kmem = {};
input = {};
video = {};
render = {};
sgx = {};
audio = {};
video = {};
lp = {};
disk = {};
cdrom = {};
tape = {};
kvm = {};
};
};
assertions = [ assertions = [
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
message = "UIDs and GIDs must be unique!"; message = "UIDs and GIDs must be unique!";
} }
{ assertion = !cfg.enforceIdUniqueness || (sdInitrdUidsAreUnique && sdInitrdGidsAreUnique);
message = "systemd initrd UIDs and GIDs must be unique!";
}
{ # If mutableUsers is false, to prevent users creating a { # If mutableUsers is false, to prevent users creating a
# configuration that locks them out of the system, ensure that # configuration that locks them out of the system, ensure that
# there is at least one "privileged" account that has a # there is at least one "privileged" account that has a

View file

@ -10,10 +10,7 @@ let
check = x: (lib.types.package.check x) && (attrByPath ["meta" "isIbusEngine"] false x); check = x: (lib.types.package.check x) && (attrByPath ["meta" "isIbusEngine"] false x);
}; };
impanel = impanel = optionalString (cfg.panel != null) "--panel=${cfg.panel}";
if cfg.panel != null
then "--panel=${cfg.panel}"
else "";
ibusAutostart = pkgs.writeTextFile { ibusAutostart = pkgs.writeTextFile {
name = "autostart-ibus-daemon"; name = "autostart-ibus-daemon";

View file

@ -22,8 +22,8 @@ let
(option: '' (option: ''
menuentry '${defaults.name} ${ menuentry '${defaults.name} ${
# Name appended to menuentry defaults to params if no specific name given. # Name appended to menuentry defaults to params if no specific name given.
option.name or (if option ? params then "(${option.params})" else "") option.name or (optionalString (option ? params) "(${option.params})")
}' ${if option ? class then " --class ${option.class}" else ""} { }' ${optionalString (option ? class) " --class ${option.class}"} {
linux ${defaults.image} \''${isoboot} ${defaults.params} ${ linux ${defaults.image} \''${isoboot} ${defaults.params} ${
option.params or "" option.params or ""
} }

View file

@ -85,12 +85,7 @@ sub debug {
# nixpkgs.system # nixpkgs.system
my ($status, @systemLines) = runCommand("@nixInstantiate@ --impure --eval --expr builtins.currentSystem"); push @attrs, "nixpkgs.hostPlatform = lib.mkDefault \"@system@\";";
if ($status != 0 || join("", @systemLines) =~ /error/) {
die "Failed to retrieve current system type from nix.\n";
}
chomp(my $system = @systemLines[0]);
push @attrs, "nixpkgs.hostPlatform = lib.mkDefault $system;";
my $cpuinfo = read_file "/proc/cpuinfo"; my $cpuinfo = read_file "/proc/cpuinfo";
@ -200,7 +195,7 @@ sub pciCheck {
} }
# In case this is a virtio scsi device, we need to explicitly make this available. # In case this is a virtio scsi device, we need to explicitly make this available.
if ($vendor eq "0x1af4" && $device eq "0x1004") { if ($vendor eq "0x1af4" && ($device eq "0x1004" || $device eq "0x1048") ) {
push @initrdAvailableKernelModules, "virtio_scsi"; push @initrdAvailableKernelModules, "virtio_scsi";
} }
@ -473,7 +468,7 @@ EOF
} }
# Don't emit tmpfs entry for /tmp, because it most likely comes from the # Don't emit tmpfs entry for /tmp, because it most likely comes from the
# boot.tmpOnTmpfs option in configuration.nix (managed declaratively). # boot.tmp.useTmpfs option in configuration.nix (managed declaratively).
next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs"); next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs");
# Emit the filesystem. # Emit the filesystem.

View file

@ -34,7 +34,7 @@ let
name = "nixos-generate-config"; name = "nixos-generate-config";
src = ./nixos-generate-config.pl; src = ./nixos-generate-config.pl;
perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl"; perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl";
nixInstantiate = "${pkgs.nix}/bin/nix-instantiate"; system = pkgs.stdenv.hostPlatform.system;
detectvirt = "${config.systemd.package}/bin/systemd-detect-virt"; detectvirt = "${config.systemd.package}/bin/systemd-detect-virt";
btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
inherit (config.system.nixos-generate-config) configuration desktopConfiguration; inherit (config.system.nixos-generate-config) configuration desktopConfiguration;

View file

@ -149,6 +149,7 @@
./programs/cdemu.nix ./programs/cdemu.nix
./programs/cfs-zen-tweaks.nix ./programs/cfs-zen-tweaks.nix
./programs/chromium.nix ./programs/chromium.nix
./programs/clash-verge.nix
./programs/cnping.nix ./programs/cnping.nix
./programs/command-not-found/command-not-found.nix ./programs/command-not-found/command-not-found.nix
./programs/criu.nix ./programs/criu.nix
@ -170,6 +171,7 @@
./programs/fuse.nix ./programs/fuse.nix
./programs/fzf.nix ./programs/fzf.nix
./programs/gamemode.nix ./programs/gamemode.nix
./programs/gamescope.nix
./programs/geary.nix ./programs/geary.nix
./programs/git.nix ./programs/git.nix
./programs/gnome-disks.nix ./programs/gnome-disks.nix
@ -514,6 +516,7 @@
./services/hardware/usbrelayd.nix ./services/hardware/usbrelayd.nix
./services/hardware/vdr.nix ./services/hardware/vdr.nix
./services/hardware/keyd.nix ./services/hardware/keyd.nix
./services/home-automation/esphome.nix
./services/home-automation/evcc.nix ./services/home-automation/evcc.nix
./services/home-automation/home-assistant.nix ./services/home-automation/home-assistant.nix
./services/home-automation/zigbee2mqtt.nix ./services/home-automation/zigbee2mqtt.nix
@ -668,6 +671,7 @@
./services/misc/polaris.nix ./services/misc/polaris.nix
./services/misc/portunus.nix ./services/misc/portunus.nix
./services/misc/prowlarr.nix ./services/misc/prowlarr.nix
./services/misc/pufferpanel.nix
./services/misc/pykms.nix ./services/misc/pykms.nix
./services/misc/radarr.nix ./services/misc/radarr.nix
./services/misc/readarr.nix ./services/misc/readarr.nix
@ -882,6 +886,7 @@
./services/networking/iscsi/initiator.nix ./services/networking/iscsi/initiator.nix
./services/networking/iscsi/root-initiator.nix ./services/networking/iscsi/root-initiator.nix
./services/networking/iscsi/target.nix ./services/networking/iscsi/target.nix
./services/networking/ivpn.nix
./services/networking/iwd.nix ./services/networking/iwd.nix
./services/networking/jibri/default.nix ./services/networking/jibri/default.nix
./services/networking/jicofo.nix ./services/networking/jicofo.nix
@ -1040,6 +1045,7 @@
./services/networking/wg-netmanager.nix ./services/networking/wg-netmanager.nix
./services/networking/webhook.nix ./services/networking/webhook.nix
./services/networking/wg-quick.nix ./services/networking/wg-quick.nix
./services/networking/wgautomesh.nix
./services/networking/wireguard.nix ./services/networking/wireguard.nix
./services/networking/wpa_supplicant.nix ./services/networking/wpa_supplicant.nix
./services/networking/wstunnel.nix ./services/networking/wstunnel.nix
@ -1130,7 +1136,7 @@
./services/video/epgstation/default.nix ./services/video/epgstation/default.nix
./services/video/mirakurun.nix ./services/video/mirakurun.nix
./services/video/replay-sorcery.nix ./services/video/replay-sorcery.nix
./services/video/rtsp-simple-server.nix ./services/video/mediamtx.nix
./services/video/unifi-video.nix ./services/video/unifi-video.nix
./services/video/v4l2-relayd.nix ./services/video/v4l2-relayd.nix
./services/wayland/cage.nix ./services/wayland/cage.nix
@ -1165,7 +1171,6 @@
./services/web-apps/hledger-web.nix ./services/web-apps/hledger-web.nix
./services/web-apps/icingaweb2/icingaweb2.nix ./services/web-apps/icingaweb2/icingaweb2.nix
./services/web-apps/icingaweb2/module-monitoring.nix ./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/ihatemoney
./services/web-apps/invidious.nix ./services/web-apps/invidious.nix
./services/web-apps/invoiceplane.nix ./services/web-apps/invoiceplane.nix
./services/web-apps/isso.nix ./services/web-apps/isso.nix
@ -1181,6 +1186,7 @@
./services/web-apps/mattermost.nix ./services/web-apps/mattermost.nix
./services/web-apps/mediawiki.nix ./services/web-apps/mediawiki.nix
./services/web-apps/miniflux.nix ./services/web-apps/miniflux.nix
./services/web-apps/monica.nix
./services/web-apps/moodle.nix ./services/web-apps/moodle.nix
./services/web-apps/netbox.nix ./services/web-apps/netbox.nix
./services/web-apps/nextcloud.nix ./services/web-apps/nextcloud.nix
@ -1238,6 +1244,7 @@
./services/web-servers/nginx/gitweb.nix ./services/web-servers/nginx/gitweb.nix
./services/web-servers/phpfpm/default.nix ./services/web-servers/phpfpm/default.nix
./services/web-servers/pomerium.nix ./services/web-servers/pomerium.nix
./services/web-servers/stargazer.nix
./services/web-servers/tomcat.nix ./services/web-servers/tomcat.nix
./services/web-servers/traefik.nix ./services/web-servers/traefik.nix
./services/web-servers/trafficserver/default.nix ./services/web-servers/trafficserver/default.nix

View file

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
{
options.programs.clash-verge = {
enable = lib.mkEnableOption (lib.mdDoc ''
Clash Verge.
'');
autoStart = lib.mkEnableOption (lib.mdDoc ''
Clash Verge Auto Launch.
'');
tunMode = lib.mkEnableOption (lib.mdDoc ''
Clash Verge Tun Mode.
'');
};
config =
let
cfg = config.programs.clash-verge;
in
lib.mkIf cfg.enable {
environment.systemPackages = [
pkgs.clash-verge
(lib.mkIf cfg.autoStart (pkgs.makeAutostartItem {
name = "clash-verge";
package = pkgs.clash-verge;
}))
];
security.wrappers.clash-verge = lib.mkIf cfg.tunMode {
owner = "root";
group = "root";
capabilities = "cap_net_bind_service,cap_net_admin=+ep";
source = "${lib.getExe pkgs.clash-verge}";
};
};
meta.maintainers = with lib.maintainers; [ zendo ];
}

View file

@ -201,6 +201,7 @@ in
nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) { nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) {
browserpass = "Browserpass support"; browserpass = "Browserpass support";
bukubrow = "Bukubrow support"; bukubrow = "Bukubrow support";
euwebid = "Web eID support";
ff2mpv = "ff2mpv support"; ff2mpv = "ff2mpv support";
fxCast = "fx_cast support"; fxCast = "fx_cast support";
gsconnect = "GSConnect support"; gsconnect = "GSConnect support";
@ -217,6 +218,8 @@ in
extraPrefs = cfg.autoConfig; extraPrefs = cfg.autoConfig;
extraNativeMessagingHosts = with pkgs; optionals nmh.ff2mpv [ extraNativeMessagingHosts = with pkgs; optionals nmh.ff2mpv [
ff2mpv ff2mpv
] ++ optionals nmh.euwebid [
web-eid-app
] ++ optionals nmh.gsconnect [ ] ++ optionals nmh.gsconnect [
gnomeExtensions.gsconnect gnomeExtensions.gsconnect
] ++ optionals nmh.jabref [ ] ++ optionals nmh.jabref [
@ -230,6 +233,7 @@ in
nixpkgs.config.firefox = { nixpkgs.config.firefox = {
enableBrowserpass = nmh.browserpass; enableBrowserpass = nmh.browserpass;
enableBukubrow = nmh.bukubrow; enableBukubrow = nmh.bukubrow;
enableEUWebID = nmh.euwebid;
enableTridactylNative = nmh.tridactyl; enableTridactylNative = nmh.tridactyl;
enableUgetIntegrator = nmh.ugetIntegrator; enableUgetIntegrator = nmh.ugetIntegrator;
enableFXCastBridge = nmh.fxCast; enableFXCastBridge = nmh.fxCast;

View file

@ -0,0 +1,85 @@
{ config
, lib
, pkgs
, ...
}:
with lib; let
cfg = config.programs.gamescope;
gamescope =
let
wrapperArgs =
optional (cfg.args != [ ])
''--add-flags "${toString cfg.args}"''
++ builtins.attrValues (mapAttrs (var: val: "--set-default ${var} ${val}") cfg.env);
in
pkgs.runCommand "gamescope" { nativeBuildInputs = [ pkgs.makeBinaryWrapper ]; } ''
mkdir -p $out/bin
makeWrapper ${cfg.package}/bin/gamescope $out/bin/gamescope --inherit-argv0 \
${toString wrapperArgs}
'';
in
{
options.programs.gamescope = {
enable = mkEnableOption (mdDoc "gamescope");
package = mkOption {
type = types.package;
default = pkgs.gamescope;
defaultText = literalExpression "pkgs.gamescope";
description = mdDoc ''
The GameScope package to use.
'';
};
capSysNice = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Add cap_sys_nice capability to the GameScope
binary so that it may renice itself.
'';
};
args = mkOption {
type = types.listOf types.string;
default = [ ];
example = [ "--rt" "--prefer-vk-device 8086:9bc4" ];
description = mdDoc ''
Arguments passed to GameScope on startup.
'';
};
env = mkOption {
type = types.attrsOf types.string;
default = { };
example = literalExpression ''
# for Prime render offload on Nvidia laptops.
# Also requires `hardware.nvidia.prime.offload.enable`.
{
__NV_PRIME_RENDER_OFFLOAD = "1";
__VK_LAYER_NV_optimus = "NVIDIA_only";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
}
'';
description = mdDoc ''
Default environment variables available to the GameScope process, overridable at runtime.
'';
};
};
config = mkIf cfg.enable {
security.wrappers = mkIf cfg.capSysNice {
gamescope = {
owner = "root";
group = "root";
source = "${gamescope}/bin/gamescope";
capabilities = "cap_sys_nice+pie";
};
};
environment.systemPackages = mkIf (!cfg.capSysNice) [ gamescope ];
};
meta.maintainers = with maintainers; [ nrdxp ];
}

View file

@ -11,7 +11,7 @@ let
${concatStringsSep "\n" ${concatStringsSep "\n"
(mapAttrsToList (command: action: "${command} ${action}") cfg.commands) (mapAttrsToList (command: action: "${command} ${action}") cfg.commands)
} }
${if cfg.clearDefaultCommands then "#stop" else ""} ${optionalString cfg.clearDefaultCommands "#stop"}
#line-edit #line-edit
${concatStringsSep "\n" ${concatStringsSep "\n"

View file

@ -4,12 +4,8 @@ with lib;
let let
cfg = config.programs.neovim; cfg = config.programs.neovim;
in
runtime' = filter (f: f.enable) (attrValues cfg.runtime); {
runtime = pkgs.linkFarm "neovim-runtime" (map (x: { name = "etc/${x.target}"; path = x.source; }) runtime');
in {
options.programs.neovim = { options.programs.neovim = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
@ -70,7 +66,7 @@ in {
configure = mkOption { configure = mkOption {
type = types.attrs; type = types.attrs;
default = {}; default = { };
example = literalExpression '' example = literalExpression ''
{ {
customRC = ''' customRC = '''
@ -105,7 +101,7 @@ in {
}; };
runtime = mkOption { runtime = mkOption {
default = {}; default = { };
example = literalExpression '' example = literalExpression ''
{ "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; } { "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; }
''; '';
@ -115,14 +111,15 @@ in {
type = with types; attrsOf (submodule ( type = with types; attrsOf (submodule (
{ name, config, ... }: { name, config, ... }:
{ options = { {
options = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = lib.mdDoc '' description = lib.mdDoc ''
Whether this /etc file should be generated. This Whether this runtime directory should be generated. This
option allows specific /etc files to be disabled. option allows specific runtime files to be disabled.
''; '';
}; };
@ -147,14 +144,9 @@ in {
}; };
config = { config.target = mkDefault name;
target = mkDefault name; }
source = mkIf (config.text != null) ( ));
let name' = "neovim-runtime" + baseNameOf name;
in mkDefault (pkgs.writeText name' config.text));
};
}));
}; };
}; };
@ -165,14 +157,17 @@ in {
]; ];
environment.variables.EDITOR = mkIf cfg.defaultEditor (mkOverride 900 "nvim"); environment.variables.EDITOR = mkIf cfg.defaultEditor (mkOverride 900 "nvim");
programs.neovim.finalPackage = pkgs.wrapNeovim cfg.package { environment.etc = listToAttrs (attrValues (mapAttrs
inherit (cfg) viAlias vimAlias withPython3 withNodeJs withRuby; (name: value: {
configure = cfg.configure // { name = "xdg/nvim/${name}";
value = value // {
customRC = (cfg.configure.customRC or "") + '' target = "xdg/nvim/${value.target}";
set runtimepath^=${runtime}/etc
'';
}; };
})
cfg.runtime));
programs.neovim.finalPackage = pkgs.wrapNeovim cfg.package {
inherit (cfg) viAlias vimAlias withPython3 withNodeJs withRuby configure;
}; };
}; };
} }

View file

@ -50,7 +50,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.greetd = { services.greetd = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
settings.default_session.command = lib.mkDefault "${lib.getExe pkgs.cage} -s -- ${lib.getExe cfg.package}"; settings.default_session.command = lib.mkDefault "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} -s -- ${lib.getExe cfg.package}";
}; };
environment.etc = { environment.etc = {

View file

@ -26,7 +26,7 @@ let
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n"; )) + "\n";
knownHostsFiles = [ "/etc/ssh/ssh_known_hosts" "/etc/ssh/ssh_known_hosts2" ] knownHostsFiles = [ "/etc/ssh/ssh_known_hosts" ]
++ map pkgs.copyPathToStore cfg.knownHostsFiles; ++ map pkgs.copyPathToStore cfg.knownHostsFiles;
in in
@ -232,9 +232,8 @@ in
description = lib.mdDoc '' description = lib.mdDoc ''
Files containing SSH host keys to set as global known hosts. Files containing SSH host keys to set as global known hosts.
`/etc/ssh/ssh_known_hosts` (which is `/etc/ssh/ssh_known_hosts` (which is
generated by {option}`programs.ssh.knownHosts`) and generated by {option}`programs.ssh.knownHosts`) is
`/etc/ssh/ssh_known_hosts2` are always always included.
included.
''; '';
example = literalExpression '' example = literalExpression ''
[ [

View file

@ -4,6 +4,24 @@ with lib;
let let
cfg = config.programs.steam; cfg = config.programs.steam;
gamescopeCfg = config.programs.gamescope;
steam-gamescope = let
exports = builtins.attrValues (builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env);
in
pkgs.writeShellScriptBin "steam-gamescope" ''
${builtins.concatStringsSep "\n" exports}
gamescope --steam ${toString cfg.gamescopeSession.args} -- steam -tenfoot -pipewire-dmabuf
'';
gamescopeSessionFile =
(pkgs.writeTextDir "share/wayland-sessions/steam.desktop" ''
[Desktop Entry]
Name=Steam
Comment=A digital distribution platform
Exec=${steam-gamescope}/bin/steam-gamescope
Type=Application
'').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; });
in { in {
options.programs.steam = { options.programs.steam = {
enable = mkEnableOption (lib.mdDoc "steam"); enable = mkEnableOption (lib.mdDoc "steam");
@ -32,6 +50,12 @@ in {
then [ package ] ++ extraPackages then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32; else [ package32 ] ++ extraPackages32;
in prevLibs ++ additionalLibs; in prevLibs ++ additionalLibs;
} // optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice)
{
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
}); });
description = lib.mdDoc '' description = lib.mdDoc ''
The Steam package to use. Additional libraries are added from the system The Steam package to use. Additional libraries are added from the system
@ -57,6 +81,31 @@ in {
Open ports in the firewall for Source Dedicated Server. Open ports in the firewall for Source Dedicated Server.
''; '';
}; };
gamescopeSession = mkOption {
description = mdDoc "Run a GameScope driven Steam session from your display-manager";
default = {};
type = types.submodule {
options = {
enable = mkEnableOption (mdDoc "GameScope Session");
args = mkOption {
type = types.listOf types.string;
default = [ ];
description = mdDoc ''
Arguments to be passed to GameScope for the session.
'';
};
env = mkOption {
type = types.attrsOf types.string;
default = { };
description = mdDoc ''
Environmental variables to be passed to GameScope for the session.
'';
};
};
};
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -66,6 +115,19 @@ in {
driSupport32Bit = true; driSupport32Bit = true;
}; };
security.wrappers = mkIf (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
# needed or steam fails
bwrap = {
owner = "root";
group = "root";
source = "${pkgs.bubblewrap}/bin/bwrap";
setuid = true;
};
};
programs.gamescope.enable = mkDefault cfg.gamescopeSession.enable;
services.xserver.displayManager.sessionPackages = mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ];
# optionally enable 32bit pulseaudio support if pulseaudio is enabled # optionally enable 32bit pulseaudio support if pulseaudio is enabled
hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable; hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable;
@ -74,7 +136,7 @@ in {
environment.systemPackages = [ environment.systemPackages = [
cfg.package cfg.package
cfg.package.run cfg.package.run
]; ] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope;
networking.firewall = lib.mkMerge [ networking.firewall = lib.mkMerge [
(mkIf cfg.remotePlay.openFirewall { (mkIf cfg.remotePlay.openFirewall {

View file

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
inherit (lib) mkOption mkIf types; inherit (lib) mkOption mkIf types optionalString;
cfg = config.programs.tmux; cfg = config.programs.tmux;
@ -17,17 +17,17 @@ let
set -g base-index ${toString cfg.baseIndex} set -g base-index ${toString cfg.baseIndex}
setw -g pane-base-index ${toString cfg.baseIndex} setw -g pane-base-index ${toString cfg.baseIndex}
${if cfg.newSession then "new-session" else ""} ${optionalString cfg.newSession "new-session"}
${if cfg.reverseSplit then '' ${optionalString cfg.reverseSplit ''
bind v split-window -h bind v split-window -h
bind s split-window -v bind s split-window -v
'' else ""} ''}
set -g status-keys ${cfg.keyMode} set -g status-keys ${cfg.keyMode}
set -g mode-keys ${cfg.keyMode} set -g mode-keys ${cfg.keyMode}
${if cfg.keyMode == "vi" && cfg.customPaneNavigationAndResize then '' ${optionalString (cfg.keyMode == "vi" && cfg.customPaneNavigationAndResize) ''
bind h select-pane -L bind h select-pane -L
bind j select-pane -D bind j select-pane -D
bind k select-pane -U bind k select-pane -U
@ -37,15 +37,15 @@ let
bind -r J resize-pane -D ${toString cfg.resizeAmount} bind -r J resize-pane -D ${toString cfg.resizeAmount}
bind -r K resize-pane -U ${toString cfg.resizeAmount} bind -r K resize-pane -U ${toString cfg.resizeAmount}
bind -r L resize-pane -R ${toString cfg.resizeAmount} bind -r L resize-pane -R ${toString cfg.resizeAmount}
'' else ""} ''}
${if (cfg.shortcut != defaultShortcut) then '' ${optionalString (cfg.shortcut != defaultShortcut) ''
# rebind main key: C-${cfg.shortcut} # rebind main key: C-${cfg.shortcut}
unbind C-${defaultShortcut} unbind C-${defaultShortcut}
set -g prefix C-${cfg.shortcut} set -g prefix C-${cfg.shortcut}
bind ${cfg.shortcut} send-prefix bind ${cfg.shortcut} send-prefix
bind C-${cfg.shortcut} last-window bind C-${cfg.shortcut} last-window
'' else ""} ''}
setw -g aggressive-resize ${boolToStr cfg.aggressiveResize} setw -g aggressive-resize ${boolToStr cfg.aggressiveResize}
setw -g clock-mode-style ${if cfg.clock24 then "24" else "12"} setw -g clock-mode-style ${if cfg.clock24 then "24" else "12"}
@ -160,7 +160,10 @@ in {
default = defaultTerminal; default = defaultTerminal;
example = "screen-256color"; example = "screen-256color";
type = types.str; type = types.str;
description = lib.mdDoc "Set the $TERM variable."; description = lib.mdDoc ''
Set the $TERM variable. Use tmux-direct if italics or 24bit true color
support is needed.
'';
}; };
secureSocket = mkOption { secureSocket = mkOption {

View file

@ -236,6 +236,9 @@ in
setopt ${concatStringsSep " " cfg.setOptions} setopt ${concatStringsSep " " cfg.setOptions}
''} ''}
# Alternative method of determining short and full hostname.
HOST=${config.networking.fqdnOrHostName}
# Setup command line history. # Setup command line history.
# Don't export these, otherwise other shells (bash) will try to use same HISTFILE. # Don't export these, otherwise other shells (bash) will try to use same HISTFILE.
SAVEHIST=${toString cfg.histSize} SAVEHIST=${toString cfg.histSize}

View file

@ -58,6 +58,7 @@ with lib;
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed") (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed") (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
@ -106,6 +107,7 @@ with lib;
(mkRemovedOptionModule [ "services" "openfire" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "openfire" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "riak" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "riak" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.")
(mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Plesae use fcitx5 instead") (mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Plesae use fcitx5 instead")

View file

@ -487,7 +487,7 @@ let
}; };
email = mkOption { email = mkOption {
type = types.str; type = types.nullOr types.str;
inherit (defaultAndText "email" null) default defaultText; inherit (defaultAndText "email" null) default defaultText;
description = lib.mdDoc '' description = lib.mdDoc ''
Email address for account creation and correspondence from the CA. Email address for account creation and correspondence from the CA.
@ -555,7 +555,7 @@ let
}; };
credentialsFile = mkOption { credentialsFile = mkOption {
type = types.path; type = types.nullOr types.path;
inherit (defaultAndText "credentialsFile" null) default defaultText; inherit (defaultAndText "credentialsFile" null) default defaultText;
description = lib.mdDoc '' description = lib.mdDoc ''
Path to an EnvironmentFile for the cert's service containing any required and Path to an EnvironmentFile for the cert's service containing any required and
@ -781,11 +781,11 @@ in {
# FIXME Most of these custom warnings and filters for security.acme.certs.* are required # FIXME Most of these custom warnings and filters for security.acme.certs.* are required
# because using mkRemovedOptionModule/mkChangedOptionModule with attrsets isn't possible. # because using mkRemovedOptionModule/mkChangedOptionModule with attrsets isn't possible.
warnings = filter (w: w != "") (mapAttrsToList (cert: data: if data.extraDomains != "_mkMergedOptionModule" then '' warnings = filter (w: w != "") (mapAttrsToList (cert: data: optionalString (data.extraDomains != "_mkMergedOptionModule") ''
The option definition `security.acme.certs.${cert}.extraDomains` has changed The option definition `security.acme.certs.${cert}.extraDomains` has changed
to `security.acme.certs.${cert}.extraDomainNames` and is now a list of strings. to `security.acme.certs.${cert}.extraDomainNames` and is now a list of strings.
Setting a custom webroot for extra domains is not possible, instead use separate certs. Setting a custom webroot for extra domains is not possible, instead use separate certs.
'' else "") cfg.certs); '') cfg.certs);
assertions = let assertions = let
certs = attrValues cfg.certs; certs = attrValues cfg.certs;

View file

@ -275,9 +275,9 @@ in {
warnings = warnings =
# https://github.com/badaix/snapcast/blob/98ac8b2fb7305084376607b59173ce4097c620d8/server/streamreader/stream_manager.cpp#L85 # https://github.com/badaix/snapcast/blob/98ac8b2fb7305084376607b59173ce4097c620d8/server/streamreader/stream_manager.cpp#L85
filter (w: w != "") (mapAttrsToList (k: v: if v.type == "spotify" then '' filter (w: w != "") (mapAttrsToList (k: v: optionalString (v.type == "spotify") ''
services.snapserver.streams.${k}.type = "spotify" is deprecated, use services.snapserver.streams.${k}.type = "librespot" instead. services.snapserver.streams.${k}.type = "spotify" is deprecated, use services.snapserver.streams.${k}.type = "librespot" instead.
'' else "") cfg.streams); '') cfg.streams);
systemd.services.snapserver = { systemd.services.snapserver = {
after = [ "network.target" ]; after = [ "network.target" ];

View file

@ -72,5 +72,8 @@ in
cfg.configurations; cfg.configurations;
systemd.packages = [ pkgs.borgmatic ]; systemd.packages = [ pkgs.borgmatic ];
# Workaround: https://github.com/NixOS/nixpkgs/issues/81138
systemd.timers.borgmatic.wantedBy = [ "timers.target" ];
}; };
} }

View file

@ -20,7 +20,7 @@ let
''; '';
backupDatabaseScript = db: '' backupDatabaseScript = db: ''
dest="${cfg.location}/${db}.gz" dest="${cfg.location}/${db}.gz"
if ${mariadb}/bin/mysqldump ${if cfg.singleTransaction then "--single-transaction" else ""} ${db} | ${gzip}/bin/gzip -c > $dest.tmp; then if ${mariadb}/bin/mysqldump ${optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c > $dest.tmp; then
mv $dest.tmp $dest mv $dest.tmp $dest
echo "Backed up to $dest" echo "Backed up to $dest"
else else

View file

@ -300,7 +300,7 @@ in
filesFromTmpFile = "/run/restic-backups-${name}/includes"; filesFromTmpFile = "/run/restic-backups-${name}/includes";
backupPaths = backupPaths =
if (backup.dynamicFilesFrom == null) if (backup.dynamicFilesFrom == null)
then if (backup.paths != null) then concatStringsSep " " backup.paths else "" then optionalString (backup.paths != null) (concatStringsSep " " backup.paths)
else "--files-from ${filesFromTmpFile}"; else "--files-from ${filesFromTmpFile}";
pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [ pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [
(resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts)) (resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts))

View file

@ -196,9 +196,9 @@ in
--gcmode ${cfg.gcmode} \ --gcmode ${cfg.gcmode} \
--port ${toString cfg.port} \ --port ${toString cfg.port} \
--maxpeers ${toString cfg.maxpeers} \ --maxpeers ${toString cfg.maxpeers} \
${if cfg.http.enable then ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}'' else ""} \ ${optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \
${optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \ ${optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \
${if cfg.websocket.enable then ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}'' else ""} \ ${optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \
${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ ${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \
${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ ${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \
--authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \ --authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \

View file

@ -63,6 +63,7 @@ in
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "") (mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "") (mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "networkPlugin" ] "") (mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "networkPlugin" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "containerRuntime" ] "")
]; ];
###### interface ###### interface
@ -134,12 +135,6 @@ in
}; };
}; };
containerRuntime = mkOption {
description = lib.mdDoc "Which container runtime type to use";
type = enum ["docker" "remote"];
default = "remote";
};
containerRuntimeEndpoint = mkOption { containerRuntimeEndpoint = mkOption {
description = lib.mdDoc "Endpoint at which to find the container runtime api interface/socket"; description = lib.mdDoc "Endpoint at which to find the container runtime api interface/socket";
type = str; type = str;
@ -331,7 +326,6 @@ in
${optionalString (cfg.tlsKeyFile != null) ${optionalString (cfg.tlsKeyFile != null)
"--tls-private-key-file=${cfg.tlsKeyFile}"} \ "--tls-private-key-file=${cfg.tlsKeyFile}"} \
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \ ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
--container-runtime=${cfg.containerRuntime} \
--container-runtime-endpoint=${cfg.containerRuntimeEndpoint} \ --container-runtime-endpoint=${cfg.containerRuntimeEndpoint} \
--cgroup-driver=systemd \ --cgroup-driver=systemd \
${cfg.extraOpts} ${cfg.extraOpts}

View file

@ -6,7 +6,7 @@ let
cfg = config.services.boinc; cfg = config.services.boinc;
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
fhsEnv = pkgs.buildFHSUserEnv { fhsEnv = pkgs.buildFHSEnv {
name = "boinc-fhs-env"; name = "boinc-fhs-env";
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages; targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
runScript = "/bin/boinc_client"; runScript = "/bin/boinc_client";

View file

@ -242,7 +242,7 @@ in {
jobdir="${jenkinsCfg.home}/$jenkinsjobname" jobdir="${jenkinsCfg.home}/$jenkinsjobname"
rm -rf "$jobdir" rm -rf "$jobdir"
done done
'' + (if cfg.accessUser != "" then reloadScript else ""); '' + (optionalString (cfg.accessUser != "") reloadScript);
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = jenkinsCfg.user; User = jenkinsCfg.user;

View file

@ -50,6 +50,6 @@ in {
}; };
}; };
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package pkgs.direnv ];
}; };
} }

View file

@ -4,7 +4,7 @@ with lib;
let let
cfg = config.services.minetest-server; cfg = config.services.minetest-server;
flag = val: name: if val != null then "--${name} ${toString val} " else ""; flag = val: name: optionalString (val != null) "--${name} ${toString val} ";
flags = [ flags = [
(flag cfg.gameId "gameid") (flag cfg.gameId "gameid")
(flag cfg.world "world") (flag cfg.world "world")

View file

@ -37,7 +37,7 @@ in {
serviceConfig.ExecStart = [ serviceConfig.ExecStart = [
"" ""
"${lib.getExe pkgs.auto-cpufreq} --config ${cfgFile}" "${lib.getExe pkgs.auto-cpufreq} --daemon --config ${cfgFile}"
]; ];
}; };
}; };

View file

@ -16,16 +16,6 @@ let
''; '';
# networkd link files are used early by udev to set up interfaces early.
# This must be done in stage 1 to avoid race conditions between udev and
# network daemons.
# TODO move this into the initrd-network module when it exists
initrdLinkUnits = pkgs.runCommand "initrd-link-units" {} ''
mkdir -p $out
ln -s ${udev}/lib/systemd/network/*.link $out/
${lib.concatMapStringsSep "\n" (file: "ln -s ${file} $out/") (lib.mapAttrsToList (n: v: "${v.unit}/${n}") (lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units))}
'';
extraUdevRules = pkgs.writeTextFile { extraUdevRules = pkgs.writeTextFile {
name = "extra-udev-rules"; name = "extra-udev-rules";
text = cfg.extraRules; text = cfg.extraRules;
@ -398,7 +388,6 @@ in
systemd = config.boot.initrd.systemd.package; systemd = config.boot.initrd.systemd.package;
binPackages = config.boot.initrd.services.udev.binPackages ++ [ config.boot.initrd.systemd.contents."/bin".source ]; binPackages = config.boot.initrd.services.udev.binPackages ++ [ config.boot.initrd.systemd.contents."/bin".source ];
}; };
"/etc/systemd/network".source = initrdLinkUnits;
}; };
# Insert initrd rules # Insert initrd rules
boot.initrd.services.udev.packages = [ boot.initrd.services.udev.packages = [

View file

@ -0,0 +1,136 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
literalExpression
maintainers
mkEnableOption
mkIf
mkOption
mdDoc
types
;
cfg = config.services.esphome;
stateDir = "/var/lib/esphome";
esphomeParams =
if cfg.enableUnixSocket
then "--socket /run/esphome/esphome.sock"
else "--address ${cfg.address} --port ${toString cfg.port}";
in
{
meta.maintainers = with maintainers; [ oddlama ];
options.services.esphome = {
enable = mkEnableOption (mdDoc "esphome");
package = mkOption {
type = types.package;
default = pkgs.esphome;
defaultText = literalExpression "pkgs.esphome";
description = mdDoc "The package to use for the esphome command.";
};
enableUnixSocket = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Listen on a unix socket `/run/esphome/esphome.sock` instead of the TCP port.";
};
address = mkOption {
type = types.str;
default = "localhost";
description = mdDoc "esphome address";
};
port = mkOption {
type = types.port;
default = 6052;
description = mdDoc "esphome port";
};
openFirewall = mkOption {
default = false;
type = types.bool;
description = mdDoc "Whether to open the firewall for the specified port.";
};
allowedDevices = mkOption {
default = ["char-ttyS" "char-ttyUSB"];
example = ["/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0"];
description = lib.mdDoc ''
A list of device nodes to which {command}`esphome` has access to.
Refer to DeviceAllow in systemd.resource-control(5) for more information.
Beware that if a device is referred to by an absolute path instead of a device category,
it will only allow devices that already are plugged in when the service is started.
'';
type = types.listOf types.str;
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall && !cfg.enableUnixSocket) [cfg.port];
systemd.services.esphome = {
description = "ESPHome dashboard";
after = ["network.target"];
wantedBy = ["multi-user.target"];
path = [cfg.package];
# platformio fails to determine the home directory when using DynamicUser
environment.PLATFORMIO_CORE_DIR = "${stateDir}/.platformio";
serviceConfig = {
ExecStart = "${cfg.package}/bin/esphome dashboard ${esphomeParams} ${stateDir}";
DynamicUser = true;
User = "esphome";
Group = "esphome";
WorkingDirectory = stateDir;
StateDirectory = "esphome";
StateDirectoryMode = "0750";
Restart = "on-failure";
RuntimeDirectory = mkIf cfg.enableUnixSocket "esphome";
RuntimeDirectoryMode = "0750";
# Hardening
CapabilityBoundingSet = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
DevicePolicy = "closed";
DeviceAllow = map (d: "${d} rw") cfg.allowedDevices;
SupplementaryGroups = ["dialout"];
#NoNewPrivileges = true; # Implied by DynamicUser
PrivateUsers = true;
#PrivateTmp = true; # Implied by DynamicUser
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "pid";
ProtectSystem = "strict";
#RemoveIPC = true; # Implied by DynamicUser
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
"AF_UNIX"
];
RestrictNamespaces = false; # Required by platformio for chroot
RestrictRealtime = true;
#RestrictSUIDSGID = true; # Implied by DynamicUser
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"@mount" # Required by platformio for chroot
];
UMask = "0077";
};
};
};
}

View file

@ -83,9 +83,8 @@ let
}; };
mailOption = mailOption =
if foldr (n: a: a || (n.mail or false) != false) false (attrValues cfg.settings) optionalString (foldr (n: a: a || (n.mail or false) != false) false (attrValues cfg.settings))
then "--mail=${pkgs.mailutils}/bin/mail" "--mail=${pkgs.mailutils}/bin/mail";
else "";
in in
{ {
imports = [ imports = [

View file

@ -7,7 +7,7 @@ let
cfg = config.services.syslogd; cfg = config.services.syslogd;
syslogConf = pkgs.writeText "syslog.conf" '' syslogConf = pkgs.writeText "syslog.conf" ''
${if (cfg.tty != "") then "kern.warning;*.err;authpriv.none /dev/${cfg.tty}" else ""} ${optionalString (cfg.tty != "") "kern.warning;*.err;authpriv.none /dev/${cfg.tty}"}
${cfg.defaultConfig} ${cfg.defaultConfig}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';

View file

@ -26,13 +26,9 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# for cli usage
environment.systemPackages = [ pkgs.vector ];
users.groups.vector = { };
users.users.vector = {
description = "Vector service user";
group = "vector";
isSystemUser = true;
};
systemd.services.vector = { systemd.services.vector = {
description = "Vector event and log aggregator"; description = "Vector event and log aggregator";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -52,8 +48,7 @@ in
in in
{ {
ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}"; ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}";
User = "vector"; DynamicUser = true;
Group = "vector";
Restart = "no"; Restart = "no";
StateDirectory = "vector"; StateDirectory = "vector";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

View file

@ -228,8 +228,8 @@ in {
default = []; default = [];
description = lib.mdDoc '' description = lib.mdDoc ''
List of IMAP accounts which get automatically created. Note that for List of IMAP accounts which get automatically created. Note that for
a complete setup, user credentials for these accounts are required too a complete setup, user credentials for these accounts are required
and can be created using the command `maddyctl creds`. and can be created using the `ensureCredentials` option.
This option does not delete accounts which are not (anymore) listed. This option does not delete accounts which are not (anymore) listed.
''; '';
example = [ example = [
@ -238,6 +238,33 @@ in {
]; ];
}; };
ensureCredentials = mkOption {
default = {};
description = lib.mdDoc ''
List of user accounts which get automatically created if they don't
exist yet. Note that for a complete setup, corresponding mail boxes
have to get created using the `ensureAccounts` option.
This option does not delete accounts which are not (anymore) listed.
'';
example = {
"user1@localhost".passwordFile = /secrets/user1-localhost;
"user2@localhost".passwordFile = /secrets/user2-localhost;
};
type = types.attrsOf (types.submodule {
options = {
passwordFile = mkOption {
type = types.path;
example = "/path/to/file";
default = null;
description = lib.mdDoc ''
Specifies the path to a file containing the
clear text password for the user.
'';
};
};
});
};
}; };
}; };
@ -265,6 +292,13 @@ in {
fi fi
'') cfg.ensureAccounts} '') cfg.ensureAccounts}
''} ''}
${optionalString (cfg.ensureCredentials != {}) ''
${concatStringsSep "\n" (mapAttrsToList (name: cfg: ''
if ! ${pkgs.maddy}/bin/maddyctl creds list | grep "${name}"; then
${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${escapeShellArg cfg.passwordFile}) ${name}
fi
'') cfg.ensureCredentials)}
''}
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";

View file

@ -234,7 +234,7 @@ let
headerChecks = concatStringsSep "\n" (map (x: "${x.pattern} ${x.action}") cfg.headerChecks) + cfg.extraHeaderChecks; headerChecks = concatStringsSep "\n" (map (x: "${x.pattern} ${x.action}") cfg.headerChecks) + cfg.extraHeaderChecks;
aliases = let separator = if cfg.aliasMapType == "hash" then ":" else ""; in aliases = let separator = optionalString (cfg.aliasMapType == "hash") ":"; in
optionalString (cfg.postmasterAlias != "") '' optionalString (cfg.postmasterAlias != "") ''
postmaster${separator} ${cfg.postmasterAlias} postmaster${separator} ${cfg.postmasterAlias}
'' ''

View file

@ -7,7 +7,7 @@ let
fpm = config.services.phpfpm.pools.roundcube; fpm = config.services.phpfpm.pools.roundcube;
localDB = cfg.database.host == "localhost"; localDB = cfg.database.host == "localhost";
user = cfg.database.username; user = cfg.database.username;
phpWithPspell = pkgs.php80.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled); phpWithPspell = pkgs.php81.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled);
in in
{ {
options.services.roundcube = { options.services.roundcube = {
@ -70,7 +70,12 @@ in
}; };
passwordFile = mkOption { passwordFile = mkOption {
type = types.str; type = types.str;
description = lib.mdDoc "Password file for the postgresql connection. Must be readable by user `nginx`. Ignored if `database.host` is set to `localhost`, as peer authentication will be used."; description = lib.mdDoc ''
Password file for the postgresql connection.
Must be formated according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html)
but only one line, no comments and readable by user `nginx`.
Ignored if `database.host` is set to `localhost`, as peer authentication will be used.
'';
}; };
dbname = mkOption { dbname = mkOption {
type = types.str; type = types.str;
@ -123,7 +128,13 @@ in
environment.etc."roundcube/config.inc.php".text = '' environment.etc."roundcube/config.inc.php".text = ''
<?php <?php
${lib.optionalString (!localDB) "$password = file_get_contents('${cfg.database.passwordFile}');"} ${lib.optionalString (!localDB) ''
$password = file('${cfg.database.passwordFile}')[0];
$password = preg_split('~\\\\.(*SKIP)(*FAIL)|\:~s', $password);
$password = end($password);
$password = str_replace("\\:", ":", $password);
$password = str_replace("\\\\", "\\", $password);
''}
$config = array(); $config = array();
$config['db_dsnw'] = 'pgsql://${cfg.database.username}${lib.optionalString (!localDB) ":' . $password . '"}@${if localDB then "unix(/run/postgresql)" else cfg.database.host}/${cfg.database.dbname}'; $config['db_dsnw'] = 'pgsql://${cfg.database.username}${lib.optionalString (!localDB) ":' . $password . '"}@${if localDB then "unix(/run/postgresql)" else cfg.database.host}/${cfg.database.dbname}';
@ -223,6 +234,7 @@ in
path = [ config.services.postgresql.package ]; path = [ config.services.postgresql.package ];
}) })
{ {
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = let script = let
psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}"; psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}";

View file

@ -10,7 +10,7 @@ let
Connection = ${cfg.device.connection} Connection = ${cfg.device.connection}
SynchronizeTime = ${if cfg.device.synchronizeTime then "yes" else "no"} SynchronizeTime = ${if cfg.device.synchronizeTime then "yes" else "no"}
LogFormat = ${cfg.log.format} LogFormat = ${cfg.log.format}
${if (cfg.device.pin != null) then "PIN = ${cfg.device.pin}" else ""} ${optionalString (cfg.device.pin != null) "PIN = ${cfg.device.pin}"}
${cfg.extraConfig.gammu} ${cfg.extraConfig.gammu}
@ -33,10 +33,10 @@ let
${optionalString (cfg.backend.service == "sql" && cfg.backend.sql.driver == "native_pgsql") ( ${optionalString (cfg.backend.service == "sql" && cfg.backend.sql.driver == "native_pgsql") (
with cfg.backend; '' with cfg.backend; ''
Driver = ${sql.driver} Driver = ${sql.driver}
${if (sql.database!= null) then "Database = ${sql.database}" else ""} ${optionalString (sql.database!= null) "Database = ${sql.database}"}
${if (sql.host != null) then "Host = ${sql.host}" else ""} ${optionalString (sql.host != null) "Host = ${sql.host}"}
${if (sql.user != null) then "User = ${sql.user}" else ""} ${optionalString (sql.user != null) "User = ${sql.user}"}
${if (sql.password != null) then "Password = ${sql.password}" else ""} ${optionalString (sql.password != null) "Password = ${sql.password}"}
'')} '')}
${cfg.extraConfig.smsd} ${cfg.extraConfig.smsd}

View file

@ -26,9 +26,18 @@ in
imports = [ imports = [
(mkRenamedOptionModule [ "services" "gitea" "cookieSecure" ] [ "services" "gitea" "settings" "session" "COOKIE_SECURE" ]) (mkRenamedOptionModule [ "services" "gitea" "cookieSecure" ] [ "services" "gitea" "settings" "session" "COOKIE_SECURE" ])
(mkRenamedOptionModule [ "services" "gitea" "disableRegistration" ] [ "services" "gitea" "settings" "service" "DISABLE_REGISTRATION" ]) (mkRenamedOptionModule [ "services" "gitea" "disableRegistration" ] [ "services" "gitea" "settings" "service" "DISABLE_REGISTRATION" ])
(mkRenamedOptionModule [ "services" "gitea" "domain" ] [ "services" "gitea" "settings" "server" "DOMAIN" ])
(mkRenamedOptionModule [ "services" "gitea" "httpAddress" ] [ "services" "gitea" "settings" "server" "HTTP_ADDR" ])
(mkRenamedOptionModule [ "services" "gitea" "httpPort" ] [ "services" "gitea" "settings" "server" "HTTP_PORT" ])
(mkRenamedOptionModule [ "services" "gitea" "log" "level" ] [ "services" "gitea" "settings" "log" "LEVEL" ]) (mkRenamedOptionModule [ "services" "gitea" "log" "level" ] [ "services" "gitea" "settings" "log" "LEVEL" ])
(mkRenamedOptionModule [ "services" "gitea" "log" "rootPath" ] [ "services" "gitea" "settings" "log" "ROOT_PATH" ]) (mkRenamedOptionModule [ "services" "gitea" "log" "rootPath" ] [ "services" "gitea" "settings" "log" "ROOT_PATH" ])
(mkRenamedOptionModule [ "services" "gitea" "rootUrl" ] [ "services" "gitea" "settings" "server" "ROOT_URL" ])
(mkRenamedOptionModule [ "services" "gitea" "ssh" "clonePort" ] [ "services" "gitea" "settings" "server" "SSH_PORT" ]) (mkRenamedOptionModule [ "services" "gitea" "ssh" "clonePort" ] [ "services" "gitea" "settings" "server" "SSH_PORT" ])
(mkRenamedOptionModule [ "services" "gitea" "staticRootPath" ] [ "services" "gitea" "settings" "server" "STATIC_ROOT_PATH" ])
(mkChangedOptionModule [ "services" "gitea" "enableUnixSocket" ] [ "services" "gitea" "settings" "server" "PROTOCOL" ] (
config: if config.services.gitea.enableUnixSocket then "http+unix" else "http"
))
(mkRemovedOptionModule [ "services" "gitea" "ssh" "enable" ] "services.gitea.ssh.enable has been migrated into freeform setting services.gitea.settings.server.DISABLE_SSH. Keep in mind that the setting is inverted") (mkRemovedOptionModule [ "services" "gitea" "ssh" "enable" ] "services.gitea.ssh.enable has been migrated into freeform setting services.gitea.settings.server.DISABLE_SSH. Keep in mind that the setting is inverted")
]; ];
@ -57,7 +66,14 @@ in
stateDir = mkOption { stateDir = mkOption {
default = "/var/lib/gitea"; default = "/var/lib/gitea";
type = types.str; type = types.str;
description = lib.mdDoc "gitea data directory."; description = lib.mdDoc "Gitea data directory.";
};
customDir = mkOption {
default = "${cfg.stateDir}/custom";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/custom"'';
type = types.str;
description = lib.mdDoc "Gitea custom directory. Used for config, custom templates and other options.";
}; };
user = mkOption { user = mkOption {
@ -66,6 +82,12 @@ in
description = lib.mdDoc "User account under which gitea runs."; description = lib.mdDoc "User account under which gitea runs.";
}; };
group = mkOption {
type = types.str;
default = "gitea";
description = lib.mdDoc "Group under which gitea runs.";
};
database = { database = {
type = mkOption { type = mkOption {
type = types.enum [ "sqlite3" "mysql" "postgres" ]; type = types.enum [ "sqlite3" "mysql" "postgres" ];
@ -216,44 +238,6 @@ in
description = lib.mdDoc "Path to the git repositories."; description = lib.mdDoc "Path to the git repositories.";
}; };
domain = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc "Domain name of your server.";
};
rootUrl = mkOption {
type = types.str;
default = "http://localhost:3000/";
description = lib.mdDoc "Full public URL of gitea server.";
};
httpAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = lib.mdDoc "HTTP listen address.";
};
httpPort = mkOption {
type = types.port;
default = 3000;
description = lib.mdDoc "HTTP listen port.";
};
enableUnixSocket = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Configure Gitea to listen on a unix socket instead of the default TCP port.";
};
staticRootPath = mkOption {
type = types.either types.str types.path;
default = cfg.package.data;
defaultText = literalExpression "package.data";
example = "/var/lib/gitea/data";
description = lib.mdDoc "Upper level of template and static files path.";
};
mailerPasswordFile = mkOption { mailerPasswordFile = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
@ -285,7 +269,7 @@ in
}; };
} }
''; '';
type = with types; submodule { type = types.submodule {
freeformType = format.type; freeformType = format.type;
options = { options = {
log = { log = {
@ -303,6 +287,46 @@ in
}; };
server = { server = {
PROTOCOL = mkOption {
type = types.enum [ "http" "https" "fcgi" "http+unix" "fcgi+unix" ];
default = "http";
description = lib.mdDoc ''Listen protocol. `+unix` means "over unix", not "in addition to."'';
};
HTTP_ADDR = mkOption {
type = types.either types.str types.path;
default = if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0";
defaultText = literalExpression ''if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0"'';
description = lib.mdDoc "Listen address. Must be a path when using a unix socket.";
};
HTTP_PORT = mkOption {
type = types.port;
default = 3000;
description = lib.mdDoc "Listen port. Ignored when using a unix socket.";
};
DOMAIN = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc "Domain name of your server.";
};
ROOT_URL = mkOption {
type = types.str;
default = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}/";
defaultText = literalExpression ''"http://''${config.services.gitea.settings.server.DOMAIN}:''${toString config.services.gitea.settings.server.HTTP_PORT}/"'';
description = lib.mdDoc "Full public URL of gitea server.";
};
STATIC_ROOT_PATH = mkOption {
type = types.either types.str types.path;
default = cfg.package.data;
defaultText = literalExpression "config.${opt.package}.data";
example = "/var/lib/gitea/data";
description = lib.mdDoc "Upper level of template and static files path.";
};
DISABLE_SSH = mkOption { DISABLE_SSH = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -359,7 +383,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user; { assertion = cfg.database.createDatabase -> useSqlite || cfg.database.user == cfg.user;
message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned"; message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";
} }
]; ];
@ -389,26 +413,10 @@ in
ROOT = cfg.repositoryRoot; ROOT = cfg.repositoryRoot;
}; };
server = mkMerge [ server = mkIf cfg.lfs.enable {
{
DOMAIN = cfg.domain;
STATIC_ROOT_PATH = toString cfg.staticRootPath;
LFS_JWT_SECRET = "#lfsjwtsecret#";
ROOT_URL = cfg.rootUrl;
}
(mkIf cfg.enableUnixSocket {
PROTOCOL = "http+unix";
HTTP_ADDR = "/run/gitea/gitea.sock";
})
(mkIf (!cfg.enableUnixSocket) {
HTTP_ADDR = cfg.httpAddress;
HTTP_PORT = cfg.httpPort;
})
(mkIf cfg.lfs.enable {
LFS_START_SERVER = true; LFS_START_SERVER = true;
}) LFS_JWT_SECRET = "#lfsjwtsecret#";
};
];
session = { session = {
COOKIE_NAME = lib.mkDefault "session"; COOKIE_NAME = lib.mkDefault "session";
@ -428,7 +436,7 @@ in
JWT_SECRET = "#oauth2jwtsecret#"; JWT_SECRET = "#oauth2jwtsecret#";
}; };
lfs = mkIf (cfg.lfs.enable) { lfs = mkIf cfg.lfs.enable {
PATH = cfg.lfs.contentDir; PATH = cfg.lfs.contentDir;
}; };
}; };
@ -457,33 +465,35 @@ in
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -" "d '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -" "z '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -"
"Z '${cfg.dump.backupDir}' - ${cfg.user} gitea - -" "Z '${cfg.dump.backupDir}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -" "d '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -" "z '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -"
"Z '${cfg.lfs.contentDir}' - ${cfg.user} gitea - -" "Z '${cfg.repositoryRoot}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -" "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -" "d '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
"Z '${cfg.repositoryRoot}' - ${cfg.user} gitea - -" "d '${cfg.customDir}' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}' 0750 ${cfg.user} gitea - -" "d '${cfg.customDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -" "d '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -" "d '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -" "z '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -" "z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -" "z '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.stateDir}' 0750 ${cfg.user} gitea - -" "z '${cfg.customDir}' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} gitea - -" "z '${cfg.customDir}/conf' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -" "z '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -" "z '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -" "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
"z '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -"
"Z '${cfg.stateDir}' - ${cfg.user} gitea - -"
# If we have a folder or symlink with gitea locales, remove it # If we have a folder or symlink with gitea locales, remove it
# And symlink the current gitea locales in place # And symlink the current gitea locales in place
"L+ '${cfg.stateDir}/conf/locale' - - - - ${cfg.package.out}/locale" "L+ '${cfg.stateDir}/conf/locale' - - - - ${cfg.package.out}/locale"
] ++ lib.optionals cfg.lfs.enable [
"d '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -"
"z '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -"
"Z '${cfg.lfs.contentDir}' - ${cfg.user} ${cfg.group} - -"
]; ];
systemd.services.gitea = { systemd.services.gitea = {
@ -500,47 +510,52 @@ in
# lfs_jwt_secret. # lfs_jwt_secret.
# We have to consider this to stay compatible with older installations. # We have to consider this to stay compatible with older installations.
preStart = let preStart = let
runConfig = "${cfg.stateDir}/custom/conf/app.ini"; runConfig = "${cfg.customDir}/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key"; secretKey = "${cfg.customDir}/conf/secret_key";
oauth2JwtSecret = "${cfg.stateDir}/custom/conf/oauth2_jwt_secret"; oauth2JwtSecret = "${cfg.customDir}/conf/oauth2_jwt_secret";
oldLfsJwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret"; # old file for LFS_JWT_SECRET oldLfsJwtSecret = "${cfg.customDir}/conf/jwt_secret"; # old file for LFS_JWT_SECRET
lfsJwtSecret = "${cfg.stateDir}/custom/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET lfsJwtSecret = "${cfg.customDir}/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET
internalToken = "${cfg.stateDir}/custom/conf/internal_token"; internalToken = "${cfg.customDir}/conf/internal_token";
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in '' in ''
# copy custom configuration and generate a random secret key if needed # copy custom configuration and generate random secrets if needed
${optionalString (!cfg.useWizard) '' ${optionalString (!cfg.useWizard) ''
function gitea_setup { function gitea_setup {
cp -f ${configFile} ${runConfig} cp -f '${configFile}' '${runConfig}'
if [ ! -s ${secretKey} ]; then if [ ! -s '${secretKey}' ]; then
${exe} generate secret SECRET_KEY > ${secretKey} ${exe} generate secret SECRET_KEY > '${secretKey}'
fi fi
# Migrate LFS_JWT_SECRET filename # Migrate LFS_JWT_SECRET filename
if [[ -s ${oldLfsJwtSecret} && ! -s ${lfsJwtSecret} ]]; then if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then
mv ${oldLfsJwtSecret} ${lfsJwtSecret} mv '${oldLfsJwtSecret}' '${lfsJwtSecret}'
fi fi
if [ ! -s ${oauth2JwtSecret} ]; then if [ ! -s '${oauth2JwtSecret}' ]; then
${exe} generate secret JWT_SECRET > ${oauth2JwtSecret} ${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}'
fi fi
if [ ! -s ${lfsJwtSecret} ]; then ${lib.optionalString cfg.lfs.enable ''
${exe} generate secret LFS_JWT_SECRET > ${lfsJwtSecret} if [ ! -s '${lfsJwtSecret}' ]; then
${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}'
fi fi
''}
if [ ! -s ${internalToken} ]; then if [ ! -s '${internalToken}' ]; then
${exe} generate secret INTERNAL_TOKEN > ${internalToken} ${exe} generate secret INTERNAL_TOKEN > '${internalToken}'
fi fi
chmod u+w '${runConfig}' chmod u+w '${runConfig}'
${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}' ${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}'
${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}' ${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}'
${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}' ${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}'
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'
${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}' ${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}'
${lib.optionalString cfg.lfs.enable ''
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'
''}
${lib.optionalString (cfg.mailerPasswordFile != null) '' ${lib.optionalString (cfg.mailerPasswordFile != null) ''
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}' ${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
''} ''}
@ -565,7 +580,7 @@ in
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = cfg.user; User = cfg.user;
Group = "gitea"; Group = cfg.group;
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
ExecStart = "${exe} web --pid /run/gitea/gitea.pid"; ExecStart = "${exe} web --pid /run/gitea/gitea.pid";
Restart = "always"; Restart = "always";
@ -573,7 +588,7 @@ in
RuntimeDirectory = "gitea"; RuntimeDirectory = "gitea";
RuntimeDirectoryMode = "0755"; RuntimeDirectoryMode = "0755";
# Access write directories # Access write directories
ReadWritePaths = [ cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir cfg.lfs.contentDir ]; ReadWritePaths = [ cfg.customDir cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir cfg.lfs.contentDir ];
UMask = "0027"; UMask = "0027";
# Capabilities # Capabilities
CapabilityBoundingSet = ""; CapabilityBoundingSet = "";
@ -606,6 +621,7 @@ in
USER = cfg.user; USER = cfg.user;
HOME = cfg.stateDir; HOME = cfg.stateDir;
GITEA_WORK_DIR = cfg.stateDir; GITEA_WORK_DIR = cfg.stateDir;
GITEA_CUSTOM = cfg.customDir;
}; };
}; };
@ -614,12 +630,14 @@ in
description = "Gitea Service"; description = "Gitea Service";
home = cfg.stateDir; home = cfg.stateDir;
useDefaultShell = true; useDefaultShell = true;
group = "gitea"; group = cfg.group;
isSystemUser = true; isSystemUser = true;
}; };
}; };
users.groups.gitea = {}; users.groups = mkIf (cfg.group == "gitea") {
gitea = {};
};
warnings = warnings =
optional (cfg.database.password != "") "config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead." ++ optional (cfg.database.password != "") "config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead." ++

View file

@ -1215,7 +1215,7 @@ in {
enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly
extraConfig = { extraConfig = {
auth.token = { auth.token = {
realm = "http${if cfg.https == true then "s" else ""}://${cfg.host}/jwt/auth"; realm = "http${optionalString (cfg.https == true) "s"}://${cfg.host}/jwt/auth";
service = cfg.registry.serviceName; service = cfg.registry.serviceName;
issuer = cfg.registry.issuer; issuer = cfg.registry.issuer;
rootcertbundle = cfg.registry.certFile; rootcertbundle = cfg.registry.certFile;

View file

@ -3,7 +3,7 @@ with lib;
let let
cfg = config.services.mbpfan; cfg = config.services.mbpfan;
verbose = if cfg.verbose then "v" else ""; verbose = optionalString cfg.verbose "v";
settingsFormat = pkgs.formats.ini {}; settingsFormat = pkgs.formats.ini {};
settingsFile = settingsFormat.generate "mbpfan.ini" cfg.settings; settingsFile = settingsFormat.generate "mbpfan.ini" cfg.settings;

View file

@ -0,0 +1,176 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.pufferpanel;
in
{
options.services.pufferpanel = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = lib.mdDoc ''
Whether to enable PufferPanel game management server.
Note that [PufferPanel templates] and binaries downloaded by PufferPanel
expect [FHS environment]. It is possible to set {option}`package` option
to use PufferPanel wrapper with FHS environment. For example, to use
`Download Game from Steam` and `Download Java` template operations:
```Nix
{ lib, pkgs, ... }: {
services.pufferpanel = {
enable = true;
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
package = pkgs.buildFHSUserEnv {
name = "pufferpanel-fhs";
runScript = lib.getExe pkgs.pufferpanel;
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
};
};
}
```
[PufferPanel templates]: https://github.com/PufferPanel/templates
[FHS environment]: https://wikipedia.org/wiki/Filesystem_Hierarchy_Standard
'';
};
package = lib.mkPackageOptionMD pkgs "pufferpanel" { };
extraGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "podman" ];
description = lib.mdDoc ''
Additional groups for the systemd service.
'';
};
extraPackages = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [ ];
example = lib.literalExpression "[ pkgs.jre ]";
description = lib.mdDoc ''
Packages to add to the PATH environment variable. Both the {file}`bin`
and {file}`sbin` subdirectories of each package are added.
'';
};
environment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
example = lib.literalExpression ''
{
PUFFER_WEB_HOST = ":8080";
PUFFER_DAEMON_SFTP_HOST = ":5657";
PUFFER_DAEMON_CONSOLE_BUFFER = "1000";
PUFFER_DAEMON_CONSOLE_FORWARD = "true";
PUFFER_PANEL_REGISTRATIONENABLED = "false";
}
'';
description = lib.mdDoc ''
Environment variables to set for the service. Secrets should be
specified using {option}`environmentFile`.
Refer to the [PufferPanel source code][] for the list of available
configuration options. Variable name is an upper-cased configuration
entry name with underscores instead of dots, prefixed with `PUFFER_`.
For example, `panel.settings.companyName` entry can be set using
{env}`PUFFER_PANEL_SETTINGS_COMPANYNAME`.
When running with panel enabled (configured with `PUFFER_PANEL_ENABLE`
environment variable), it is recommended disable registration using
`PUFFER_PANEL_REGISTRATIONENABLED` environment variable (registration is
enabled by default). To create the initial administrator user, run
{command}`pufferpanel --workDir /var/lib/pufferpanel user add --admin`.
Some options override corresponding settings set via web interface (e.g.
`PUFFER_PANEL_REGISTRATIONENABLED`). Those options can be temporarily
toggled or set in settings but do not persist between restarts.
[PufferPanel source code]: https://github.com/PufferPanel/PufferPanel/blob/master/config/entries.go
'';
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = lib.mdDoc ''
File to load environment variables from. Loaded variables override
values set in {option}`environment`.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.pufferpanel = {
description = "PufferPanel game management server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = cfg.extraPackages;
environment = cfg.environment;
# Note that we export environment variables for service directories if the
# value is not set. An empty environment variable is considered to be set.
# E.g.
# export PUFFER_LOGS=${PUFFER_LOGS-$LOGS_DIRECTORY}
# would set PUFFER_LOGS to $LOGS_DIRECTORY if PUFFER_LOGS environment
# variable is not defined.
script = ''
${lib.concatLines (lib.mapAttrsToList (name: value: ''
export ${name}="''${${name}-${value}}"
'') {
PUFFER_LOGS = "$LOGS_DIRECTORY";
PUFFER_DAEMON_DATA_CACHE = "$CACHE_DIRECTORY";
PUFFER_DAEMON_DATA_SERVERS = "$STATE_DIRECTORY/servers";
PUFFER_DAEMON_DATA_BINARIES = "$STATE_DIRECTORY/binaries";
})}
exec ${lib.getExe cfg.package} run --workDir "$STATE_DIRECTORY"
'';
serviceConfig = {
Type = "simple";
Restart = "always";
UMask = "0077";
SupplementaryGroups = cfg.extraGroups;
StateDirectory = "pufferpanel";
StateDirectoryMode = "0700";
CacheDirectory = "pufferpanel";
CacheDirectoryMode = "0700";
LogsDirectory = "pufferpanel";
LogsDirectoryMode = "0700";
EnvironmentFile = cfg.environmentFile;
# Command "pufferpanel shutdown --pid $MAINPID" sends SIGTERM (code 15)
# to the main process and waits for termination. This is essentially
# KillMode=mixed we are using here. See
# https://freedesktop.org/software/systemd/man/systemd.kill.html#KillMode=
KillMode = "mixed";
DynamicUser = true;
ProtectHome = true;
ProtectProc = "invisible";
ProtectClock = true;
ProtectHostname = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateUsers = true;
PrivateDevices = true;
RestrictRealtime = true;
RestrictNamespaces = [ "user" "mnt" ]; # allow buildFHSUserEnv
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
LockPersonality = true;
DeviceAllow = [ "" ];
DevicePolicy = "closed";
CapabilityBoundingSet = [ "" ];
};
};
};
meta.maintainers = [ lib.maintainers.tie ];
}

View file

@ -283,13 +283,13 @@ in
services.redmine.settings = { services.redmine.settings = {
production = { production = {
scm_subversion_command = if cfg.components.subversion then "${pkgs.subversion}/bin/svn" else ""; scm_subversion_command = optionalString cfg.components.subversion "${pkgs.subversion}/bin/svn";
scm_mercurial_command = if cfg.components.mercurial then "${pkgs.mercurial}/bin/hg" else ""; scm_mercurial_command = optionalString cfg.components.mercurial "${pkgs.mercurial}/bin/hg";
scm_git_command = if cfg.components.git then "${pkgs.git}/bin/git" else ""; scm_git_command = optionalString cfg.components.git "${pkgs.git}/bin/git";
scm_cvs_command = if cfg.components.cvs then "${pkgs.cvs}/bin/cvs" else ""; scm_cvs_command = optionalString cfg.components.cvs "${pkgs.cvs}/bin/cvs";
scm_bazaar_command = if cfg.components.breezy then "${pkgs.breezy}/bin/bzr" else ""; scm_bazaar_command = optionalString cfg.components.breezy "${pkgs.breezy}/bin/bzr";
imagemagick_convert_command = if cfg.components.imagemagick then "${pkgs.imagemagick}/bin/convert" else ""; imagemagick_convert_command = optionalString cfg.components.imagemagick "${pkgs.imagemagick}/bin/convert";
gs_command = if cfg.components.ghostscript then "${pkgs.ghostscript}/bin/gs" else ""; gs_command = optionalString cfg.components.ghostscript "${pkgs.ghostscript}/bin/gs";
minimagick_font_path = "${cfg.components.minimagick_font_path}"; minimagick_font_path = "${cfg.components.minimagick_font_path}";
}; };
}; };

View file

@ -20,7 +20,7 @@ let
${optionalString (cfg.hostsAllowReg != []) "hosts_allow_reg = ${concatStringsSep "," cfg.hostsAllowReg}"} ${optionalString (cfg.hostsAllowReg != []) "hosts_allow_reg = ${concatStringsSep "," cfg.hostsAllowReg}"}
${optionalString (cfg.hostsAllowSip != []) "hosts_allow_sip = ${concatStringsSep "," cfg.hostsAllowSip}"} ${optionalString (cfg.hostsAllowSip != []) "hosts_allow_sip = ${concatStringsSep "," cfg.hostsAllowSip}"}
${optionalString (cfg.hostsDenySip != []) "hosts_deny_sip = ${concatStringsSep "," cfg.hostsDenySip}"} ${optionalString (cfg.hostsDenySip != []) "hosts_deny_sip = ${concatStringsSep "," cfg.hostsDenySip}"}
${if (cfg.passwordFile != "") then "proxy_auth_pwfile = ${cfg.passwordFile}" else ""} ${optionalString (cfg.passwordFile != "") "proxy_auth_pwfile = ${cfg.passwordFile}"}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';

View file

@ -140,7 +140,7 @@ in
# We can't use Environment=HOSTNAME=%H, as it doesn't include the domain part. # We can't use Environment=HOSTNAME=%H, as it doesn't include the domain part.
export HOSTNAME=$(< /proc/sys/kernel/hostname) export HOSTNAME=$(< /proc/sys/kernel/hostname)
exec ${cfg.package}/bin/agent -config.expand-env -config.file ${configFile} exec ${lib.getExe cfg.package} -config.expand-env -config.file ${configFile}
''; '';
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";

View file

@ -58,10 +58,10 @@ in
}; };
}; };
serviceOpts = let serviceOpts = let
collectSettingsArgs = if (cfg.collectdBinary.enable) then '' collectSettingsArgs = optionalString (cfg.collectdBinary.enable) ''
--collectd.listen-address ${cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \ --collectd.listen-address ${cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
--collectd.security-level ${cfg.collectdBinary.securityLevel} \ --collectd.security-level ${cfg.collectdBinary.securityLevel} \
'' else ""; '';
in { in {
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''

View file

@ -4,12 +4,12 @@ with lib;
let let
cfg = config.services.prometheus.exporters.smartctl; cfg = config.services.prometheus.exporters.smartctl;
args = concatStrings [ args = lib.escapeShellArgs ([
"--web.listen-address=\"${cfg.listenAddress}:${toString cfg.port}\" " "--web.listen-address=${cfg.listenAddress}:${toString cfg.port}"
"--smartctl.path=\"${pkgs.smartmontools}/bin/smartctl\" " "--smartctl.path=${pkgs.smartmontools}/bin/smartctl"
"--smartctl.interval=\"${cfg.maxInterval}\" " "--smartctl.interval=${cfg.maxInterval}"
"${concatMapStringsSep " " (device: "--smartctl.device=${device}") cfg.devices}" ] ++ map (device: "--smartctl.device=${device}") cfg.devices
]; ++ cfg.extraFlags);
in { in {
port = 9633; port = 9633;

View file

@ -22,6 +22,18 @@ let
configFile = settingsFormat.generate "kubo-config.json" customizedConfig; configFile = settingsFormat.generate "kubo-config.json" customizedConfig;
# Create a fake repo containing only the file "api".
# $IPFS_PATH will point to this directory instead of the real one.
# For some reason the Kubo CLI tools insist on reading the
# config file when it exists. But the Kubo daemon sets the file
# permissions such that only the ipfs user is allowed to read
# this file. This prevents normal users from talking to the daemon.
# To work around this terrible design, create a fake repo with no
# config file, only an api file and everything should work as expected.
fakeKuboRepo = pkgs.writeTextDir "api" ''
/unix/run/ipfs.sock
'';
kuboFlags = utils.escapeSystemdExecArgs ( kuboFlags = utils.escapeSystemdExecArgs (
optional cfg.autoMount "--mount" ++ optional cfg.autoMount "--mount" ++
optional cfg.enableGC "--enable-gc" ++ optional cfg.enableGC "--enable-gc" ++
@ -38,6 +50,22 @@ let
splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw); splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw);
multiaddrsToListenStreams = addrIn:
let
addrs = if builtins.typeOf addrIn == "list"
then addrIn else [ addrIn ];
unfilteredResult = map multiaddrToListenStream addrs;
in
builtins.filter (addr: addr != null) unfilteredResult;
multiaddrsToListenDatagrams = addrIn:
let
addrs = if builtins.typeOf addrIn == "list"
then addrIn else [ addrIn ];
unfilteredResult = map multiaddrToListenDatagram addrs;
in
builtins.filter (addr: addr != null) unfilteredResult;
multiaddrToListenStream = addrRaw: multiaddrToListenStream = addrRaw:
let let
addr = splitMulitaddr addrRaw; addr = splitMulitaddr addrRaw;
@ -62,11 +90,6 @@ let
then "[${s 1}]:${s 3}" then "[${s 1}]:${s 3}"
else null; # not valid for listen datagram, skip else null; # not valid for listen datagram, skip
multiaddrsFunc = f: addrsRaw: if builtins.isString addrsRaw then let out = f addrsRaw; in lib.optional (out != null) out else lib.filter (x: x != null) (map f addrsRaw);
multiaddrsToListenStream = multiaddrsFunc multiaddrToListenStream;
multiaddrsToListenDatagram = multiaddrsFunc multiaddrToListenDatagram;
in in
{ {
@ -160,8 +183,13 @@ in
options = { options = {
Addresses.API = mkOption { Addresses.API = mkOption {
type = types.oneOf [ types.str (types.listOf types.str) ]; type = types.oneOf [ types.str (types.listOf types.str) ];
default = "/ip4/127.0.0.1/tcp/5001"; default = [ ];
description = lib.mdDoc "Where Kubo exposes its API to"; description = lib.mdDoc ''
Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on.
In addition to the multiaddrs listed here, the daemon will also listen on a Unix domain socket.
To allow the ipfs CLI tools to communicate with the daemon over that socket,
add your user to the correct group, e.g. `users.users.alice.extraGroups = [ config.services.kubo.group ];`
'';
}; };
Addresses.Gateway = mkOption { Addresses.Gateway = mkOption {
@ -171,7 +199,7 @@ in
}; };
Addresses.Swarm = mkOption { Addresses.Swarm = mkOption {
type = types.oneOf [ types.str (types.listOf types.str) ]; type = types.listOf types.str;
default = [ default = [
"/ip4/0.0.0.0/tcp/4001" "/ip4/0.0.0.0/tcp/4001"
"/ip6/::/tcp/4001" "/ip6/::/tcp/4001"
@ -253,7 +281,7 @@ in
]; ];
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
environment.variables.IPFS_PATH = cfg.dataDir; environment.variables.IPFS_PATH = fakeKuboRepo;
# https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size # https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size
boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000; boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
@ -324,6 +352,10 @@ in
# change when the changes are applied. Whyyyyyy..... # change when the changes are applied. Whyyyyyy.....
ipfs --offline config replace - ipfs --offline config replace -
''; '';
postStop = mkIf cfg.autoMount ''
# After an unclean shutdown the fuse mounts at cfg.ipnsMountDir and cfg.ipfsMountDir are locked
umount --quiet '${cfg.ipnsMountDir}' '${cfg.ipfsMountDir}' || true
'';
serviceConfig = { serviceConfig = {
ExecStart = [ "" "${cfg.package}/bin/ipfs daemon ${kuboFlags}" ]; ExecStart = [ "" "${cfg.package}/bin/ipfs daemon ${kuboFlags}" ];
User = cfg.user; User = cfg.user;
@ -339,27 +371,23 @@ in
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
socketConfig = { socketConfig = {
ListenStream = ListenStream =
let [ "" ] ++ (multiaddrsToListenStreams cfg.settings.Addresses.Gateway);
fromCfg = multiaddrsToListenStream cfg.settings.Addresses.Gateway;
in
[ "" ] ++ fromCfg;
ListenDatagram = ListenDatagram =
let [ "" ] ++ (multiaddrsToListenDatagrams cfg.settings.Addresses.Gateway);
fromCfg = multiaddrsToListenDatagram cfg.settings.Addresses.Gateway;
in
[ "" ] ++ fromCfg;
}; };
}; };
systemd.sockets.ipfs-api = { systemd.sockets.ipfs-api = {
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
socketConfig = {
# We also include "%t/ipfs.sock" because there is no way to put the "%t" # We also include "%t/ipfs.sock" because there is no way to put the "%t"
# in the multiaddr. # in the multiaddr.
socketConfig.ListenStream = ListenStream =
let [ "" "%t/ipfs.sock" ] ++ (multiaddrsToListenStreams cfg.settings.Addresses.API);
fromCfg = multiaddrsToListenStream cfg.settings.Addresses.API; SocketMode = "0660";
in SocketUser = cfg.user;
[ "" "%t/ipfs.sock" ] ++ fromCfg; SocketGroup = cfg.group;
};
}; };
}; };

View file

@ -1,13 +1,13 @@
{ config, lib, ...}: { config, lib, ...}:
let let
inherit (lib) concatStringsSep mkOption types; inherit (lib) concatStringsSep mkOption types optionalString;
in { in {
mkCellServDB = cellName: db: '' mkCellServDB = cellName: db: ''
>${cellName} >${cellName}
'' + (concatStringsSep "\n" (map (dbm: if (dbm.ip != "" && dbm.dnsname != "") then dbm.ip + " #" + dbm.dnsname else "") '' + (concatStringsSep "\n" (map (dbm: optionalString (dbm.ip != "" && dbm.dnsname != "") "${dbm.ip} #${dbm.dnsname}")
db)) db))
+ "\n"; + "\n";

View file

@ -4,6 +4,49 @@ with lib;
let let
cfg = config.services.bird-lg; cfg = config.services.bird-lg;
stringOrConcat = sep: v: if builtins.isString v then v else concatStringsSep sep v;
frontend_args = let
fe = cfg.frontend;
in {
"--servers" = concatStringsSep "," fe.servers;
"--domain" = fe.domain;
"--listen" = fe.listenAddress;
"--proxy-port" = fe.proxyPort;
"--whois" = fe.whois;
"--dns-interface" = fe.dnsInterface;
"--bgpmap-info" = concatStringsSep "," cfg.frontend.bgpMapInfo;
"--title-brand" = fe.titleBrand;
"--navbar-brand" = fe.navbar.brand;
"--navbar-brand-url" = fe.navbar.brandURL;
"--navbar-all-servers" = fe.navbar.allServers;
"--navbar-all-url" = fe.navbar.allServersURL;
"--net-specific-mode" = fe.netSpecificMode;
"--protocol-filter" = concatStringsSep "," cfg.frontend.protocolFilter;
};
proxy_args = let
px = cfg.proxy;
in {
"--allowed" = concatStringsSep "," px.allowedIPs;
"--bird" = px.birdSocket;
"--listen" = px.listenAddress;
"--traceroute_bin" = px.traceroute.binary;
"--traceroute_flags" = concatStringsSep " " px.traceroute.flags;
"--traceroute_raw" = px.traceroute.rawOutput;
};
mkArgValue = value:
if isString value
then escapeShellArg value
else if isBool value
then boolToString value
else toString value;
filterNull = filterAttrs (_: v: v != "" && v != null && v != []);
argsAttrToList = args: mapAttrsToList (name: value: "${name} " + mkArgValue value ) (filterNull args);
in in
{ {
options = { options = {
@ -44,14 +87,12 @@ in
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
default = "";
example = "dn42.lantian.pub"; example = "dn42.lantian.pub";
description = lib.mdDoc "Server name domain suffixes."; description = lib.mdDoc "Server name domain suffixes.";
}; };
servers = mkOption { servers = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ];
example = [ "gigsgigscloud" "hostdare" ]; example = [ "gigsgigscloud" "hostdare" ];
description = lib.mdDoc "Server name prefixes."; description = lib.mdDoc "Server name prefixes.";
}; };
@ -134,10 +175,14 @@ in
}; };
extraArgs = mkOption { extraArgs = mkOption {
type = types.lines; type = with types; either lines (listOf str);
default = ""; default = [ ];
description = lib.mdDoc '' description = lib.mdDoc ''
Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend). Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend).
:::{.note}
Passing lines (plain strings) is deprecated in favour of passing lists of strings.
:::
''; '';
}; };
}; };
@ -160,8 +205,7 @@ in
birdSocket = mkOption { birdSocket = mkOption {
type = types.str; type = types.str;
default = "/run/bird.ctl"; default = "/var/run/bird/bird.ctl";
example = "/var/run/bird/bird.ctl";
description = lib.mdDoc "Bird control socket path."; description = lib.mdDoc "Bird control socket path.";
}; };
@ -173,6 +217,12 @@ in
description = lib.mdDoc "Traceroute's binary path."; description = lib.mdDoc "Traceroute's binary path.";
}; };
flags = mkOption {
type = with types; listOf str;
default = [ ];
description = lib.mdDoc "Flags for traceroute process";
};
rawOutput = mkOption { rawOutput = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -181,10 +231,14 @@ in
}; };
extraArgs = mkOption { extraArgs = mkOption {
type = types.lines; type = with types; either lines (listOf str);
default = ""; default = [ ];
description = lib.mdDoc '' description = lib.mdDoc ''
Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy). Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy).
:::{.note}
Passing lines (plain strings) is deprecated in favour of passing lists of strings.
:::
''; '';
}; };
}; };
@ -194,6 +248,16 @@ in
###### implementation ###### implementation
config = { config = {
warnings =
lib.optional (cfg.frontend.enable && builtins.isString cfg.frontend.extraArgs) ''
Passing strings to `services.bird-lg.frontend.extraOptions' is deprecated. Please pass a list of strings instead.
''
++ lib.optional (cfg.proxy.enable && builtins.isString cfg.proxy.extraArgs) ''
Passing strings to `services.bird-lg.proxy.extraOptions' is deprecated. Please pass a list of strings instead.
''
;
systemd.services = { systemd.services = {
bird-lg-frontend = mkIf cfg.frontend.enable { bird-lg-frontend = mkIf cfg.frontend.enable {
enable = true; enable = true;
@ -211,23 +275,8 @@ in
}; };
script = '' script = ''
${cfg.package}/bin/frontend \ ${cfg.package}/bin/frontend \
--servers ${concatStringsSep "," cfg.frontend.servers } \ ${concatStringsSep " \\\n " (argsAttrToList frontend_args)} \
--domain ${cfg.frontend.domain} \ ${stringOrConcat " " cfg.frontend.extraArgs}
--listen ${cfg.frontend.listenAddress} \
--proxy-port ${toString cfg.frontend.proxyPort} \
--whois ${cfg.frontend.whois} \
--dns-interface ${cfg.frontend.dnsInterface} \
--bgpmap-info ${concatStringsSep "," cfg.frontend.bgpMapInfo } \
--title-brand ${cfg.frontend.titleBrand} \
--navbar-brand ${cfg.frontend.navbar.brand} \
--navbar-brand-url ${cfg.frontend.navbar.brandURL} \
--navbar-all-servers ${cfg.frontend.navbar.allServers} \
--navbar-all-url ${cfg.frontend.navbar.allServersURL} \
--net-specific-mode ${cfg.frontend.netSpecificMode} \
--protocol-filter ${concatStringsSep "," cfg.frontend.protocolFilter } \
--name-filter ${cfg.frontend.nameFilter} \
--time-out ${toString cfg.frontend.timeout} \
${cfg.frontend.extraArgs}
''; '';
}; };
@ -247,12 +296,8 @@ in
}; };
script = '' script = ''
${cfg.package}/bin/proxy \ ${cfg.package}/bin/proxy \
--allowed ${concatStringsSep "," cfg.proxy.allowedIPs } \ ${concatStringsSep " \\\n " (argsAttrToList proxy_args)} \
--bird ${cfg.proxy.birdSocket} \ ${stringOrConcat " " cfg.proxy.extraArgs}
--listen ${cfg.proxy.listenAddress} \
--traceroute_bin ${cfg.proxy.traceroute.binary}
--traceroute_raw ${boolToString cfg.proxy.traceroute.rawOutput}
${cfg.proxy.extraArgs}
''; '';
}; };
}; };
@ -266,4 +311,9 @@ in
}; };
}; };
}; };
meta.maintainers = with lib.maintainers; [
e1mo
tchekda
];
} }

View file

@ -199,7 +199,7 @@ in
(filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc); (filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
serviceConfig = { serviceConfig = {
ExecStart = "@${cfg.package}/bin/consul consul agent -config-dir /etc/consul.d" ExecStart = "@${lib.getExe cfg.package} consul agent -config-dir /etc/consul.d"
+ concatMapStrings (n: " -config-file ${n}") configFiles; + concatMapStrings (n: " -config-file ${n}") configFiles;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
PermissionsStartOnly = true; PermissionsStartOnly = true;
@ -207,10 +207,10 @@ in
Restart = "on-failure"; Restart = "on-failure";
TimeoutStartSec = "infinity"; TimeoutStartSec = "infinity";
} // (optionalAttrs (cfg.leaveOnStop) { } // (optionalAttrs (cfg.leaveOnStop) {
ExecStop = "${cfg.package}/bin/consul leave"; ExecStop = "${lib.getExe cfg.package} leave";
}); });
path = with pkgs; [ iproute2 gnugrep gawk consul ]; path = with pkgs; [ iproute2 gawk cfg.package ];
preStart = let preStart = let
family = if cfg.forceAddrFamily == "ipv6" then family = if cfg.forceAddrFamily == "ipv6" then
"-6" "-6"
@ -269,7 +269,7 @@ in
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${cfg.alerts.package}/bin/consul-alerts start \ ${lib.getExe cfg.alerts.package} start \
--alert-addr=${cfg.alerts.listenAddr} \ --alert-addr=${cfg.alerts.listenAddr} \
--consul-addr=${cfg.alerts.consulAddr} \ --consul-addr=${cfg.alerts.consulAddr} \
${optionalString cfg.alerts.watchChecks "--watch-checks"} \ ${optionalString cfg.alerts.watchChecks "--watch-checks"} \

View file

@ -60,13 +60,12 @@ in {
serviceConfig = { serviceConfig = {
ExecStartPre = lib.optional (cfg.secretFile != null) ExecStartPre = lib.optional (cfg.secretFile != null)
(pkgs.writeShellScript "pre-start" '' ("+" + pkgs.writeShellScript "pre-start" ''
umask 077 umask 077
export $(xargs < ${cfg.secretFile}) export $(xargs < ${cfg.secretFile})
${pkgs.envsubst}/bin/envsubst -i "${configFile}" > ${finalConfigFile} ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > ${finalConfigFile}
chown go-neb ${finalConfigFile} chown go-neb ${finalConfigFile}
''); '');
PermissionsStartOnly = true;
RuntimeDirectory = "go-neb"; RuntimeDirectory = "go-neb";
ExecStart = "${pkgs.go-neb}/bin/go-neb"; ExecStart = "${pkgs.go-neb}/bin/go-neb";
User = "go-neb"; User = "go-neb";

View file

@ -185,6 +185,10 @@ in
assertion = cfg.loginAll -> cfg.target == null; assertion = cfg.loginAll -> cfg.target == null;
message = "iSCSI target name is set while login on all portals is enabled."; message = "iSCSI target name is set while login on all portals is enabled.";
} }
{
assertion = !config.boot.initrd.systemd.enable;
message = "systemd stage 1 does not support iscsi yet.";
}
]; ];
}; };
} }

View file

@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.ivpn;
in
with lib;
{
options.services.ivpn = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
This option enables iVPN daemon.
This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security.
'';
};
};
config = mkIf cfg.enable {
boot.kernelModules = [ "tun" ];
environment.systemPackages = with pkgs; [ ivpn ivpn-service ];
# iVPN writes to /etc/iproute2/rt_tables
networking.iproute2.enable = true;
networking.firewall.checkReversePath = "loose";
systemd.services.ivpn-service = {
description = "iVPN daemon";
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
after = [
"network-online.target"
"NetworkManager.service"
"systemd-resolved.service"
];
path = [
# Needed for mount
"/run/wrappers"
];
startLimitBurst = 5;
startLimitIntervalSec = 20;
serviceConfig = {
ExecStart = "${pkgs.ivpn-service}/bin/ivpn-service --logging";
Restart = "always";
RestartSec = 1;
};
};
};
meta.maintainers = with maintainers; [ ataraxiasjel ];
}

View file

@ -17,7 +17,7 @@ let
ttl ${toString proxy.ttl} ttl ${toString proxy.ttl}
${render proxy.rules (ruleNetworkName: rule: '' ${render proxy.rules (ruleNetworkName: rule: ''
rule ${prefer rule.network ruleNetworkName} { rule ${prefer rule.network ruleNetworkName} {
${rule.method}${if rule.method == "iface" then " ${rule.interface}" else ""} ${rule.method}${optionalString (rule.method == "iface") " ${rule.interface}"}
}'')} }'')}
}'')} }'')}
''); '');

View file

@ -41,9 +41,10 @@ in {
documentation = [ "https://netbird.io/docs/" ]; documentation = [ "https://netbird.io/docs/" ];
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [
openresolv
];
serviceConfig = { serviceConfig = {
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
DynamicUser = true;
Environment = [ Environment = [
"NB_CONFIG=/var/lib/netbird/config.json" "NB_CONFIG=/var/lib/netbird/config.json"
"NB_LOG_FILE=console" "NB_LOG_FILE=console"

View file

@ -86,7 +86,7 @@ in
redis.createInstance = mkOption { redis.createInstance = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = if versionAtLeast config.system.stateVersion "22.05" then "ntopng" else ""; default = optionalString (versionAtLeast config.system.stateVersion "22.05") "ntopng";
description = lib.mdDoc '' description = lib.mdDoc ''
Local Redis instance name. Set to `null` to disable Local Redis instance name. Set to `null` to disable
local Redis instance. Defaults to `""` for local Redis instance. Defaults to `""` for

View file

@ -9,7 +9,7 @@ let
in in
{ {
options.services.peroxide = { options.services.peroxide = {
enable = mkEnableOption (lib.mdDoc "enable"); enable = mkEnableOption (lib.mdDoc "peroxide");
package = mkPackageOptionMD pkgs "peroxide" { package = mkPackageOptionMD pkgs "peroxide" {
default = [ "peroxide" ]; default = [ "peroxide" ];

View file

@ -339,14 +339,9 @@ in
}; };
preStart = '' preStart = ''
mkdir -m 0755 -p ${smokepingHome}/cache ${smokepingHome}/data mkdir -m 0755 -p ${smokepingHome}/cache ${smokepingHome}/data
rm -f ${smokepingHome}/cropper ln -sf ${cfg.package}/htdocs/css ${smokepingHome}/css
ln -s ${cfg.package}/htdocs/cropper ${smokepingHome}/cropper ln -sf ${cfg.package}/htdocs/js ${smokepingHome}/js
rm -f ${smokepingHome}/css ln -sf ${cgiHome} ${smokepingHome}/smokeping.fcgi
ln -s ${cfg.package}/htdocs/css ${smokepingHome}/css
rm -f ${smokepingHome}/js
ln -s ${cfg.package}/htdocs/js ${smokepingHome}/js
rm -f ${smokepingHome}/smokeping.fcgi
ln -s ${cgiHome} ${smokepingHome}/smokeping.fcgi
${cfg.package}/bin/smokeping --check --config=${configPath} ${cfg.package}/bin/smokeping --check --config=${configPath}
${cfg.package}/bin/smokeping --static --config=${configPath} ${cfg.package}/bin/smokeping --static --config=${configPath}
''; '';

View file

@ -169,11 +169,11 @@ in
else (concatStrings (map (i: "--interface=\"${i}\"") else (concatStrings (map (i: "--interface=\"${i}\"")
interfaces))} \ interfaces))} \
-h "${hostKey}" \ -h "${hostKey}" \
${if !syslog then "--no-syslog" else ""} \ ${optionalString (!syslog) "--no-syslog" } \
${if passwordAuthentication then "--password" else "--no-password" } \ ${if passwordAuthentication then "--password" else "--no-password" } \
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \ ${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
${if rootLogin then "--root-login" else "--no-root-login" } \ ${if rootLogin then "--root-login" else "--no-root-login" } \
${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \ ${optionalString (loginShell != null) "--login-shell=\"${loginShell}\"" } \
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \ ${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \ ${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \ ${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \

View file

@ -474,10 +474,10 @@ in
mkdir -m 0755 -p "$(dirname '${k.path}')" mkdir -m 0755 -p "$(dirname '${k.path}')"
ssh-keygen \ ssh-keygen \
-t "${k.type}" \ -t "${k.type}" \
${if k ? bits then "-b ${toString k.bits}" else ""} \ ${optionalString (k ? bits) "-b ${toString k.bits}"} \
${if k ? rounds then "-a ${toString k.rounds}" else ""} \ ${optionalString (k ? rounds) "-a ${toString k.rounds}"} \
${if k ? comment then "-C '${k.comment}'" else ""} \ ${optionalString (k ? comment) "-C '${k.comment}'"} \
${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \ ${optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \
-f "${k.path}" \ -f "${k.path}" \
-N "" -N ""
fi fi
@ -536,7 +536,7 @@ in
# https://github.com/NixOS/nixpkgs/pull/10155 # https://github.com/NixOS/nixpkgs/pull/10155
# https://github.com/NixOS/nixpkgs/pull/41745 # https://github.com/NixOS/nixpkgs/pull/41745
services.openssh.authorizedKeysFiles = services.openssh.authorizedKeysFiles =
[ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
services.openssh.extraConfig = mkOrder 0 services.openssh.extraConfig = mkOrder 0
'' ''
@ -550,7 +550,7 @@ in
'') cfg.ports} '') cfg.ports}
${concatMapStrings ({ port, addr, ... }: '' ${concatMapStrings ({ port, addr, ... }: ''
ListenAddress ${addr}${if port != null then ":" + toString port else ""} ListenAddress ${addr}${optionalString (port != null) (":" + toString port)}
'') cfg.listenAddresses} '') cfg.listenAddresses}
${optionalString cfgc.setXAuthLocation '' ${optionalString cfgc.setXAuthLocation ''

View file

@ -4,7 +4,7 @@ let
inherit (builtins) toFile; inherit (builtins) toFile;
inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList
mkIf mkEnableOption mkOption types literalExpression; mkIf mkEnableOption mkOption types literalExpression optionalString;
cfg = config.services.strongswan; cfg = config.services.strongswan;
@ -34,8 +34,8 @@ let
strongswanConf = {setup, connections, ca, secretsFile, managePlugins, enabledPlugins}: toFile "strongswan.conf" '' strongswanConf = {setup, connections, ca, secretsFile, managePlugins, enabledPlugins}: toFile "strongswan.conf" ''
charon { charon {
${if managePlugins then "load_modular = no" else ""} ${optionalString managePlugins "load_modular = no"}
${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""} ${optionalString managePlugins ("load = " + (concatStringsSep " " enabledPlugins))}
plugins { plugins {
stroke { stroke {
secrets_file = ${secretsFile} secrets_file = ${secretsFile}

Some files were not shown because too many files have changed in this diff Show more