Project import generated by Copybara.
GitOrigin-RevId: 9480bae337095fd24f61380bce3174fdfe926a00
This commit is contained in:
parent
d32ee29a2d
commit
d7dbe45cea
1599 changed files with 22835 additions and 22668 deletions
|
@ -67,7 +67,17 @@ A derivation can then be written using `agdaPackages.mkDerivation`. This has sim
|
||||||
+ `libraryName` should be the name that appears in the `*.agda-lib` file, defaulting to `pname`.
|
+ `libraryName` should be the name that appears in the `*.agda-lib` file, defaulting to `pname`.
|
||||||
+ `libraryFile` should be the file name of the `*.agda-lib` file, defaulting to `${libraryName}.agda-lib`.
|
+ `libraryFile` should be the file name of the `*.agda-lib` file, defaulting to `${libraryName}.agda-lib`.
|
||||||
|
|
||||||
The build phase for `agdaPackages.mkDerivation` simply runs `agda` on the `Everything.agda` file. If something else is needed to build the package (e.g. `make`) then the `buildPhase` should be overridden (or a `preBuild` or `configurePhase` can be used if there are steps that need to be done prior to checking the `Everything.agda` file). `agda` and the Agda libraries contained in `buildInputs` are made available during the build phase. The install phase simply copies all `.agda`, `.agdai` and `.agda-lib` files to the output directory. Again, this can be overridden.
|
### Building Agda packages
|
||||||
|
The default build phase for `agdaPackages.mkDerivation` simply runs `agda` on the `Everything.agda` file.
|
||||||
|
If something else is needed to build the package (e.g. `make`) then the `buildPhase` should be overridden.
|
||||||
|
Additionally, a `preBuild` or `configurePhase` can be used if there are steps that need to be done prior to checking the `Everything.agda` file.
|
||||||
|
`agda` and the Agda libraries contained in `buildInputs` are made available during the build phase.
|
||||||
|
|
||||||
|
### Installing Agda packages
|
||||||
|
The default install phase copies agda source files, agda interface files (`*.agdai`) and `*.agda-lib` files to the output directory.
|
||||||
|
This can be overridden.
|
||||||
|
|
||||||
|
By default, agda sources are files ending on `.agda`, or literate agda files ending on `.lagda`, `.lagda.tex`, `.lagda.org`, `.lagda.md`, `.lagda.rst`. The list of recognised agda source extensions can be extended by setting the `extraExtensions` config variable.
|
||||||
|
|
||||||
To add an agda package to `nixpkgs`, the derivation should be written to `pkgs/development/libraries/agda/${library-name}/` and an entry should be added to `pkgs/top-level/agda-packages.nix`. Here it is called in a scope with access to all other agda libraries, so the top line of the `default.nix` can look like:
|
To add an agda package to `nixpkgs`, the derivation should be written to `pkgs/development/libraries/agda/${library-name}/` and an entry should be added to `pkgs/top-level/agda-packages.nix`. Here it is called in a scope with access to all other agda libraries, so the top line of the `default.nix` can look like:
|
||||||
```
|
```
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
<xi:include href="idris.section.xml" />
|
<xi:include href="idris.section.xml" />
|
||||||
<xi:include href="ios.section.xml" />
|
<xi:include href="ios.section.xml" />
|
||||||
<xi:include href="java.xml" />
|
<xi:include href="java.xml" />
|
||||||
<xi:include href="lua.xml" />
|
<xi:include href="lua.section.xml" />
|
||||||
<xi:include href="node.section.xml" />
|
<xi:include href="node.section.xml" />
|
||||||
<xi:include href="ocaml.xml" />
|
<xi:include href="ocaml.xml" />
|
||||||
<xi:include href="perl.xml" />
|
<xi:include href="perl.xml" />
|
||||||
|
|
252
third_party/nixpkgs/doc/languages-frameworks/lua.section.md
vendored
Normal file
252
third_party/nixpkgs/doc/languages-frameworks/lua.section.md
vendored
Normal file
|
@ -0,0 +1,252 @@
|
||||||
|
---
|
||||||
|
title: Lua
|
||||||
|
author: Matthieu Coudron
|
||||||
|
date: 2019-02-05
|
||||||
|
---
|
||||||
|
|
||||||
|
# User's Guide to Lua Infrastructure
|
||||||
|
|
||||||
|
## Using Lua
|
||||||
|
|
||||||
|
### Overview of Lua
|
||||||
|
|
||||||
|
Several versions of the Lua interpreter are available: luajit, lua 5.1, 5.2, 5.3.
|
||||||
|
The attribute `lua` refers to the default interpreter, it is also possible to refer to specific versions, e.g. `lua5_2` refers to Lua 5.2.
|
||||||
|
|
||||||
|
Lua libraries are in separate sets, with one set per interpreter version.
|
||||||
|
|
||||||
|
The interpreters have several common attributes. One of these attributes is
|
||||||
|
`pkgs`, which is a package set of Lua libraries for this specific
|
||||||
|
interpreter. E.g., the `busted` package corresponding to the default interpreter
|
||||||
|
is `lua.pkgs.busted`, and the lua 5.2 version is `lua5_2.pkgs.busted`.
|
||||||
|
The main package set contains aliases to these package sets, e.g.
|
||||||
|
`luaPackages` refers to `lua5_1.pkgs` and `lua52Packages` to
|
||||||
|
`lua5_2.pkgs`.
|
||||||
|
|
||||||
|
### Installing Lua and packages
|
||||||
|
|
||||||
|
#### Lua environment defined in separate `.nix` file
|
||||||
|
|
||||||
|
Create a file, e.g. `build.nix`, with the following expression
|
||||||
|
```nix
|
||||||
|
with import <nixpkgs> {};
|
||||||
|
|
||||||
|
lua5_2.withPackages (ps: with ps; [ busted luafilesystem ])
|
||||||
|
```
|
||||||
|
and install it in your profile with
|
||||||
|
```shell
|
||||||
|
nix-env -if build.nix
|
||||||
|
```
|
||||||
|
Now you can use the Lua interpreter, as well as the extra packages (`busted`,
|
||||||
|
`luafilesystem`) that you added to the environment.
|
||||||
|
|
||||||
|
#### Lua environment defined in `~/.config/nixpkgs/config.nix`
|
||||||
|
|
||||||
|
If you prefer to, you could also add the environment as a package override to the Nixpkgs set, e.g.
|
||||||
|
using `config.nix`,
|
||||||
|
```nix
|
||||||
|
{ # ...
|
||||||
|
|
||||||
|
packageOverrides = pkgs: with pkgs; {
|
||||||
|
myLuaEnv = lua5_2.withPackages (ps: with ps; [ busted luafilesystem ]);
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
and install it in your profile with
|
||||||
|
```shell
|
||||||
|
nix-env -iA nixpkgs.myLuaEnv
|
||||||
|
```
|
||||||
|
The environment is is installed by referring to the attribute, and considering
|
||||||
|
the `nixpkgs` channel was used.
|
||||||
|
|
||||||
|
#### Lua environment defined in `/etc/nixos/configuration.nix`
|
||||||
|
|
||||||
|
For the sake of completeness, here's another example how to install the environment system-wide.
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{ # ...
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
(lua.withPackages(ps: with ps; [ busted luafilesystem ]))
|
||||||
|
];
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### How to override a Lua package using overlays?
|
||||||
|
|
||||||
|
Use the following overlay template:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
final: prev:
|
||||||
|
{
|
||||||
|
|
||||||
|
lua = prev.lua.override {
|
||||||
|
packageOverrides = luaself: luaprev: {
|
||||||
|
|
||||||
|
luarocks-nix = luaprev.luarocks-nix.overrideAttrs(oa: {
|
||||||
|
pname = "luarocks-nix";
|
||||||
|
src = /home/my_luarocks/repository;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
luaPackages = lua.pkgs;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Temporary Lua environment with `nix-shell`
|
||||||
|
|
||||||
|
|
||||||
|
There are two methods for loading a shell with Lua packages. The first and recommended method
|
||||||
|
is to create an environment with `lua.buildEnv` or `lua.withPackages` and load that. E.g.
|
||||||
|
```sh
|
||||||
|
$ nix-shell -p 'lua.withPackages(ps: with ps; [ busted luafilesystem ])'
|
||||||
|
```
|
||||||
|
opens a shell from which you can launch the interpreter
|
||||||
|
```sh
|
||||||
|
[nix-shell:~] lua
|
||||||
|
```
|
||||||
|
The other method, which is not recommended, does not create an environment and requires you to list the packages directly,
|
||||||
|
|
||||||
|
```sh
|
||||||
|
$ nix-shell -p lua.pkgs.busted lua.pkgs.luafilesystem
|
||||||
|
```
|
||||||
|
Again, it is possible to launch the interpreter from the shell.
|
||||||
|
The Lua interpreter has the attribute `pkgs` which contains all Lua libraries for that specific interpreter.
|
||||||
|
|
||||||
|
|
||||||
|
## Developing with Lua
|
||||||
|
|
||||||
|
Now that you know how to get a working Lua environment with Nix, it is time
|
||||||
|
to go forward and start actually developing with Lua. There are two ways to
|
||||||
|
package lua software, either it is on luarocks and most of it can be taken care
|
||||||
|
of by the luarocks2nix converter or the packaging has to be done manually.
|
||||||
|
Let's present the luarocks way first and the manual one in a second time.
|
||||||
|
|
||||||
|
### Packaging a library on luarocks
|
||||||
|
|
||||||
|
[Luarocks.org](www.luarocks.org) is the main repository of lua packages.
|
||||||
|
The site proposes two types of packages, the rockspec and the src.rock
|
||||||
|
(equivalent of a [rockspec](https://github.com/luarocks/luarocks/wiki/Rockspec-format) but with the source).
|
||||||
|
These packages can have different build types such as `cmake`, `builtin` etc .
|
||||||
|
|
||||||
|
Luarocks-based packages are generated in pkgs/development/lua-modules/generated-packages.nix from
|
||||||
|
the whitelist maintainers/scripts/luarocks-packages.csv and updated by running maintainers/scripts/update-luarocks-packages.
|
||||||
|
|
||||||
|
[luarocks2nix](https://github.com/nix-community/luarocks) is a tool capable of generating nix derivations from both rockspec and src.rock (and favors the src.rock).
|
||||||
|
The automation only goes so far though and some packages need to be customized.
|
||||||
|
These customizations go in `pkgs/development/lua-modules/overrides.nix`.
|
||||||
|
For instance if the rockspec defines `external_dependencies`, these need to be manually added in in its rockspec file then it won't work.
|
||||||
|
|
||||||
|
You can try converting luarocks packages to nix packages with the command `nix-shell -p luarocks-nix` and then `luarocks nix PKG_NAME`.
|
||||||
|
Nix rely on luarocks to install lua packages, basically it runs:
|
||||||
|
`luarocks make --deps-mode=none --tree $out`
|
||||||
|
|
||||||
|
#### Packaging a library manually
|
||||||
|
|
||||||
|
You can develop your package as you usually would, just don't forget to wrap it
|
||||||
|
within a `toLuaModule` call, for instance
|
||||||
|
```nix
|
||||||
|
mynewlib = toLuaModule ( stdenv.mkDerivation { ... });
|
||||||
|
```
|
||||||
|
|
||||||
|
There is also the `buildLuaPackage` function that can be used when lua modules
|
||||||
|
are not packaged for luarocks. You can see a few examples at `pkgs/top-level/lua-packages.nix`.
|
||||||
|
|
||||||
|
## Lua Reference
|
||||||
|
|
||||||
|
### Lua interpreters
|
||||||
|
|
||||||
|
Versions 5.1, 5.2 and 5.3 of the lua interpreter are available as
|
||||||
|
respectively `lua5_1`, `lua5_2` and `lua5_3`. Luajit is available too.
|
||||||
|
The Nix expressions for the interpreters can be found in `pkgs/development/interpreters/lua-5`.
|
||||||
|
|
||||||
|
|
||||||
|
#### Attributes on lua interpreters packages
|
||||||
|
|
||||||
|
Each interpreter has the following attributes:
|
||||||
|
|
||||||
|
- `interpreter`. Alias for `${pkgs.lua}/bin/lua`.
|
||||||
|
- `buildEnv`. Function to build lua interpreter environments with extra packages bundled together. See section *lua.buildEnv function* for usage and documentation.
|
||||||
|
- `withPackages`. Simpler interface to `buildEnv`.
|
||||||
|
- `pkgs`. Set of Lua packages for that specific interpreter. The package set can be modified by overriding the interpreter and passing `packageOverrides`.
|
||||||
|
|
||||||
|
|
||||||
|
#### `buildLuarocksPackage` function
|
||||||
|
|
||||||
|
The `buildLuarocksPackage` function is implemented in `pkgs/development/interpreters/lua-5/build-lua-package.nix`
|
||||||
|
The following is an example:
|
||||||
|
```nix
|
||||||
|
luaposix = buildLuarocksPackage {
|
||||||
|
pname = "luaposix";
|
||||||
|
version = "34.0.4-1";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://raw.githubusercontent.com/rocks-moonscript-org/moonrocks-mirror/master/luaposix-34.0.4-1.src.rock";
|
||||||
|
sha256 = "0yrm5cn2iyd0zjd4liyj27srphvy0gjrjx572swar6zqr4dwjqp2";
|
||||||
|
};
|
||||||
|
disabled = (luaOlder "5.1") || (luaAtLeast "5.4");
|
||||||
|
propagatedBuildInputs = [ bit32 lua std_normalize ];
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
homepage = "https://github.com/luaposix/luaposix/";
|
||||||
|
description = "Lua bindings for POSIX";
|
||||||
|
maintainers = with maintainers; [ vyp lblasc ];
|
||||||
|
license.fullName = "MIT/X11";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
The `buildLuarocksPackage` delegates most tasks to luarocks:
|
||||||
|
|
||||||
|
* it adds `luarocks` as an unpacker for `src.rock` files (zip files really).
|
||||||
|
* configurePhase` writes a temporary luarocks configuration file which location
|
||||||
|
is exported via the environment variable `LUAROCKS_CONFIG`.
|
||||||
|
* the `buildPhase` does nothing.
|
||||||
|
* `installPhase` calls `luarocks make --deps-mode=none --tree $out` to build and
|
||||||
|
install the package
|
||||||
|
* In the `postFixup` phase, the `wrapLuaPrograms` bash function is called to
|
||||||
|
wrap all programs in the `$out/bin/*` directory to include `$PATH`
|
||||||
|
environment variable and add dependent libraries to script's `LUA_PATH` and
|
||||||
|
`LUA_CPATH`.
|
||||||
|
|
||||||
|
By default `meta.platforms` is set to the same value as the interpreter unless overridden otherwise.
|
||||||
|
|
||||||
|
#### `buildLuaApplication` function
|
||||||
|
|
||||||
|
The `buildLuaApplication` function is practically the same as `buildLuaPackage`.
|
||||||
|
The difference is that `buildLuaPackage` by default prefixes the names of the packages with the version of the interpreter.
|
||||||
|
Because with an application we're not interested in multiple version the prefix is dropped.
|
||||||
|
|
||||||
|
#### lua.withPackages function
|
||||||
|
|
||||||
|
The `lua.withPackages` takes a function as an argument that is passed the set of lua packages and returns the list of packages to be included in the environment.
|
||||||
|
Using the `withPackages` function, the previous example for the luafilesystem environment can be written like this:
|
||||||
|
```nix
|
||||||
|
with import <nixpkgs> {};
|
||||||
|
|
||||||
|
lua.withPackages (ps: [ps.luafilesystem])
|
||||||
|
```
|
||||||
|
|
||||||
|
`withPackages` passes the correct package set for the specific interpreter version as an argument to the function. In the above example, `ps` equals `luaPackages`.
|
||||||
|
But you can also easily switch to using `lua5_2`:
|
||||||
|
```nix
|
||||||
|
with import <nixpkgs> {};
|
||||||
|
|
||||||
|
lua5_2.withPackages (ps: [ps.lua])
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, `ps` is set to `lua52Packages`, matching the version of the interpreter.
|
||||||
|
|
||||||
|
|
||||||
|
### Possible Todos
|
||||||
|
|
||||||
|
* export/use version specific variables such as `LUA_PATH_5_2`/`LUAROCKS_CONFIG_5_2`
|
||||||
|
* let luarocks check for dependencies via exporting the different rocktrees in temporary config
|
||||||
|
|
||||||
|
### Lua Contributing guidelines
|
||||||
|
|
||||||
|
Following rules should be respected:
|
||||||
|
|
||||||
|
* Make sure libraries build for all Lua interpreters.
|
||||||
|
* Commit names of Lua libraries should reflect that they are Lua libraries, so write for example `luaPackages.luafilesystem: 1.11 -> 1.12`.
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
<section xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xml:id="sec-language-lua">
|
|
||||||
<title>Lua</title>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Lua packages are built by the <varname>buildLuaPackage</varname> function. This function is implemented in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/lua-modules/generic/default.nix"> <filename>pkgs/development/lua-modules/generic/default.nix</filename></link> and works similarly to <varname>buildPerlPackage</varname>. (See <xref linkend="sec-language-perl"/> for details.)
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Lua packages are defined in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/lua-packages.nix"><filename>pkgs/top-level/lua-packages.nix</filename></link>. Most of them are simple. For example:
|
|
||||||
<programlisting>
|
|
||||||
fileSystem = buildLuaPackage {
|
|
||||||
name = "filesystem-1.6.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://github.com/keplerproject/luafilesystem/archive/v1_6_2.tar.gz";
|
|
||||||
sha256 = "1n8qdwa20ypbrny99vhkmx8q04zd2jjycdb5196xdhgvqzk10abz";
|
|
||||||
};
|
|
||||||
meta = {
|
|
||||||
homepage = "https://github.com/keplerproject/luafilesystem";
|
|
||||||
hydraPlatforms = stdenv.lib.platforms.linux;
|
|
||||||
maintainers = with maintainers; [ flosse ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
</programlisting>
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Though, more complicated package should be placed in a seperate file in <link
|
|
||||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/lua-modules"><filename>pkgs/development/lua-modules</filename></link>.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Lua packages accept additional parameter <varname>disabled</varname>, which defines the condition of disabling package from luaPackages. For example, if package has <varname>disabled</varname> assigned to <literal>lua.luaversion != "5.1"</literal>, it will not be included in any luaPackages except lua51Packages, making it only be built for lua 5.1.
|
|
||||||
</para>
|
|
||||||
</section>
|
|
|
@ -643,7 +643,7 @@ and in this case the `python38` interpreter is automatically used.
|
||||||
Versions 2.7, 3.5, 3.6, 3.7 and 3.8 of the CPython interpreter are available as
|
Versions 2.7, 3.5, 3.6, 3.7 and 3.8 of the CPython interpreter are available as
|
||||||
respectively `python27`, `python35`, `python36`, `python37` and `python38`. The
|
respectively `python27`, `python35`, `python36`, `python37` and `python38`. The
|
||||||
aliases `python2` and `python3` correspond to respectively `python27` and
|
aliases `python2` and `python3` correspond to respectively `python27` and
|
||||||
`python37`. The default interpreter, `python`, maps to `python2`. The PyPy
|
`python38`. The default interpreter, `python`, maps to `python2`. The PyPy
|
||||||
interpreters compatible with Python 2.7 and 3 are available as `pypy27` and
|
interpreters compatible with Python 2.7 and 3 are available as `pypy27` and
|
||||||
`pypy3`, with aliases `pypy2` mapping to `pypy27` and `pypy` mapping to `pypy2`.
|
`pypy3`, with aliases `pypy2` mapping to `pypy27` and `pypy` mapping to `pypy2`.
|
||||||
The Nix expressions for the interpreters can be found in
|
The Nix expressions for the interpreters can be found in
|
||||||
|
@ -764,9 +764,6 @@ following are specific to `buildPythonPackage`:
|
||||||
* `dontWrapPythonPrograms ? false`: Skip wrapping of Python programs.
|
* `dontWrapPythonPrograms ? false`: Skip wrapping of Python programs.
|
||||||
* `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment
|
* `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment
|
||||||
variable in wrapped programs.
|
variable in wrapped programs.
|
||||||
* `installFlags ? []`: A list of strings. Arguments to be passed to `pip
|
|
||||||
install`. To pass options to `python setup.py install`, use
|
|
||||||
`--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"]`.
|
|
||||||
* `format ? "setuptools"`: Format of the source. Valid options are
|
* `format ? "setuptools"`: Format of the source. Valid options are
|
||||||
`"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`.
|
`"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`.
|
||||||
`"setuptools"` is for when the source has a `setup.py` and `setuptools` is
|
`"setuptools"` is for when the source has a `setup.py` and `setuptools` is
|
||||||
|
@ -782,6 +779,9 @@ following are specific to `buildPythonPackage`:
|
||||||
* `namePrefix`: Prepends text to `${name}` parameter. In case of libraries, this
|
* `namePrefix`: Prepends text to `${name}` parameter. In case of libraries, this
|
||||||
defaults to `"python3.8-"` for Python 3.8, etc., and in case of applications
|
defaults to `"python3.8-"` for Python 3.8, etc., and in case of applications
|
||||||
to `""`.
|
to `""`.
|
||||||
|
* `pipInstallFlags ? []`: A list of strings. Arguments to be passed to `pip
|
||||||
|
install`. To pass options to `python setup.py install`, use
|
||||||
|
`--install-option`. E.g., `pipInstallFlags=["--install-option='--cpp_implementation'"]`.
|
||||||
* `pythonPath ? []`: List of packages to be added into `$PYTHONPATH`. Packages
|
* `pythonPath ? []`: List of packages to be added into `$PYTHONPATH`. Packages
|
||||||
in `pythonPath` are not propagated (contrary to `propagatedBuildInputs`).
|
in `pythonPath` are not propagated (contrary to `propagatedBuildInputs`).
|
||||||
* `preShellHook`: Hook to execute commands before `shellHook`.
|
* `preShellHook`: Hook to execute commands before `shellHook`.
|
||||||
|
|
|
@ -75,6 +75,90 @@ pkgs.rustPlatform.buildRustPackage {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Running package tests
|
||||||
|
|
||||||
|
When using `buildRustPackage`, the `checkPhase` is enabled by default and runs
|
||||||
|
`cargo test` on the package to build. To make sure that we don't compile the
|
||||||
|
sources twice and to actually test the artifacts that will be used at runtime,
|
||||||
|
the tests will be ran in the `release` mode by default.
|
||||||
|
|
||||||
|
However, in some cases the test-suite of a package doesn't work properly in the
|
||||||
|
`release` mode. For these situations, the mode for `checkPhase` can be changed like
|
||||||
|
so:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
rustPlatform.buildRustPackage {
|
||||||
|
/* ... */
|
||||||
|
checkType = "debug";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Please note that the code will be compiled twice here: once in `release` mode
|
||||||
|
for the `buildPhase`, and again in `debug` mode for the `checkPhase`.
|
||||||
|
|
||||||
|
#### Tests relying on the structure of the `target/` directory
|
||||||
|
|
||||||
|
Some tests may rely on the structure of the `target/` directory. Those tests
|
||||||
|
are likely to fail because we use `cargo --target` during the build. This means that
|
||||||
|
the artifacts
|
||||||
|
[are stored in `target/<architecture>/release/`](https://doc.rust-lang.org/cargo/guide/build-cache.html),
|
||||||
|
rather than in `target/release/`.
|
||||||
|
|
||||||
|
This can only be worked around by patching the affected tests accordingly.
|
||||||
|
|
||||||
|
#### Disabling package-tests
|
||||||
|
|
||||||
|
In some instances, it may be necessary to disable testing altogether (with `doCheck = false;`):
|
||||||
|
|
||||||
|
* If no tests exist -- the `checkPhase` should be explicitly disabled to skip
|
||||||
|
unnecessary build steps to speed up the build.
|
||||||
|
* If tests are highly impure (e.g. due to network usage).
|
||||||
|
|
||||||
|
There will obviously be some corner-cases not listed above where it's sensible to disable tests.
|
||||||
|
The above are just guidelines, and exceptions may be granted on a case-by-case basis.
|
||||||
|
|
||||||
|
However, please check if it's possible to disable a problematic subset of the
|
||||||
|
test suite and leave a comment explaining your reasoning.
|
||||||
|
|
||||||
|
### Building a package in `debug` mode
|
||||||
|
|
||||||
|
By default, `buildRustPackage` will use `release` mode for builds. If a package
|
||||||
|
should be built in `debug` mode, it can be configured like so:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
rustPlatform.buildRustPackage {
|
||||||
|
/* ... */
|
||||||
|
buildType = "debug";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
In this scenario, the `checkPhase` will be ran in `debug` mode as well.
|
||||||
|
|
||||||
|
### Custom `build`/`install`-procedures
|
||||||
|
|
||||||
|
Some packages may use custom scripts for building/installing, e.g. with a `Makefile`.
|
||||||
|
In these cases, it's recommended to override the `buildPhase`/`installPhase`/`checkPhase`.
|
||||||
|
|
||||||
|
Otherwise, some steps may fail because of the modified directory structure of `target/`.
|
||||||
|
|
||||||
|
### Building a crate with an absent or out-of-date Cargo.lock file
|
||||||
|
|
||||||
|
`buildRustPackage` needs a `Cargo.lock` file to get all dependencies in the
|
||||||
|
source code in a reproducible way. If it is missing or out-of-date one can use
|
||||||
|
the `cargoPatches` attribute to update or add it.
|
||||||
|
|
||||||
|
```
|
||||||
|
{ lib, rustPlatform, fetchFromGitHub }:
|
||||||
|
|
||||||
|
rustPlatform.buildRustPackage rec {
|
||||||
|
(...)
|
||||||
|
cargoPatches = [
|
||||||
|
# a patch file to add/update Cargo.lock in the source code
|
||||||
|
./add-Cargo.lock.patch
|
||||||
|
];
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Compiling Rust crates using Nix instead of Cargo
|
## Compiling Rust crates using Nix instead of Cargo
|
||||||
|
|
||||||
### Simple operation
|
### Simple operation
|
||||||
|
|
10
third_party/nixpkgs/doc/stdenv/stdenv.xml
vendored
10
third_party/nixpkgs/doc/stdenv/stdenv.xml
vendored
|
@ -2081,6 +2081,16 @@ postInstall = ''
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
validatePkgConfig
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>validatePkgConfig</literal> hook validates all pkg-config (<filename>.pc</filename>) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
cmake
|
cmake
|
||||||
|
|
|
@ -387,7 +387,7 @@ fi
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Now just run <literal>source $HOME/.profile</literal> and you can starting loading man pages from your environent.
|
Now just run <literal>source $HOME/.profile</literal> and you can starting loading man pages from your environment.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
2
third_party/nixpkgs/flake.nix
vendored
2
third_party/nixpkgs/flake.nix
vendored
|
@ -1,8 +1,6 @@
|
||||||
# Experimental flake interface to Nixpkgs.
|
# Experimental flake interface to Nixpkgs.
|
||||||
# See https://github.com/NixOS/rfcs/pull/49 for details.
|
# See https://github.com/NixOS/rfcs/pull/49 for details.
|
||||||
{
|
{
|
||||||
edition = 201909;
|
|
||||||
|
|
||||||
description = "A collection of packages for the Nix package manager";
|
description = "A collection of packages for the Nix package manager";
|
||||||
|
|
||||||
outputs = { self }:
|
outputs = { self }:
|
||||||
|
|
2
third_party/nixpkgs/lib/attrsets.nix
vendored
2
third_party/nixpkgs/lib/attrsets.nix
vendored
|
@ -253,7 +253,7 @@ rec {
|
||||||
/* Like `mapAttrsRecursive', but it takes an additional predicate
|
/* Like `mapAttrsRecursive', but it takes an additional predicate
|
||||||
function that tells it whether to recursive into an attribute
|
function that tells it whether to recursive into an attribute
|
||||||
set. If it returns false, `mapAttrsRecursiveCond' does not
|
set. If it returns false, `mapAttrsRecursiveCond' does not
|
||||||
recurse, but does apply the map function. It is returns true, it
|
recurse, but does apply the map function. If it returns true, it
|
||||||
does recurse, and does not apply the map function.
|
does recurse, and does not apply the map function.
|
||||||
|
|
||||||
Type:
|
Type:
|
||||||
|
|
8
third_party/nixpkgs/lib/kernel.nix
vendored
8
third_party/nixpkgs/lib/kernel.nix
vendored
|
@ -8,10 +8,10 @@ with lib;
|
||||||
option = x:
|
option = x:
|
||||||
x // { optional = true; };
|
x // { optional = true; };
|
||||||
|
|
||||||
yes = { tristate = "y"; };
|
yes = { tristate = "y"; optional = false; };
|
||||||
no = { tristate = "n"; };
|
no = { tristate = "n"; optional = false; };
|
||||||
module = { tristate = "m"; };
|
module = { tristate = "m"; optional = false; };
|
||||||
freeform = x: { freeform = x; };
|
freeform = x: { freeform = x; optional = false; };
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Common patterns/legacy used in common-config/hardened/config.nix
|
Common patterns/legacy used in common-config/hardened/config.nix
|
||||||
|
|
5
third_party/nixpkgs/lib/licenses.nix
vendored
5
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -276,6 +276,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
|
||||||
fullName = "European Union Public License 1.2";
|
fullName = "European Union Public License 1.2";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fdl11 = spdx {
|
||||||
|
spdxId = "GFDL-1.1-only";
|
||||||
|
fullName = "GNU Free Documentation License v1.1 only";
|
||||||
|
};
|
||||||
|
|
||||||
fdl12 = spdx {
|
fdl12 = spdx {
|
||||||
spdxId = "GFDL-1.2-only";
|
spdxId = "GFDL-1.2-only";
|
||||||
fullName = "GNU Free Documentation License v1.2 only";
|
fullName = "GNU Free Documentation License v1.2 only";
|
||||||
|
|
2
third_party/nixpkgs/lib/minver.nix
vendored
2
third_party/nixpkgs/lib/minver.nix
vendored
|
@ -1,2 +1,2 @@
|
||||||
# Expose the minimum required version for evaluating Nixpkgs
|
# Expose the minimum required version for evaluating Nixpkgs
|
||||||
"2.0"
|
"2.2"
|
||||||
|
|
|
@ -193,12 +193,6 @@
|
||||||
githubId = 315003;
|
githubId = 315003;
|
||||||
name = "Adam Saponara";
|
name = "Adam Saponara";
|
||||||
};
|
};
|
||||||
aepsil0n = {
|
|
||||||
email = "eduard.bopp@aepsil0n.de";
|
|
||||||
github = "aepsil0n";
|
|
||||||
githubId = 3098430;
|
|
||||||
name = "Eduard Bopp";
|
|
||||||
};
|
|
||||||
aerialx = {
|
aerialx = {
|
||||||
email = "aaron+nixos@aaronlindsay.com";
|
email = "aaron+nixos@aaronlindsay.com";
|
||||||
github = "AerialX";
|
github = "AerialX";
|
||||||
|
@ -1163,6 +1157,12 @@
|
||||||
githubId = 24417923;
|
githubId = 24417923;
|
||||||
name = "Renaud";
|
name = "Renaud";
|
||||||
};
|
};
|
||||||
|
c00w = {
|
||||||
|
email = "nix@daedrum.net";
|
||||||
|
github = "c00w";
|
||||||
|
githubId = 486199;
|
||||||
|
name = "Colin";
|
||||||
|
};
|
||||||
c0deaddict = {
|
c0deaddict = {
|
||||||
email = "josvanbakel@protonmail.com";
|
email = "josvanbakel@protonmail.com";
|
||||||
github = "c0deaddict";
|
github = "c0deaddict";
|
||||||
|
@ -1616,6 +1616,12 @@
|
||||||
githubId = 12202789;
|
githubId = 12202789;
|
||||||
name = "CrazedProgrammer";
|
name = "CrazedProgrammer";
|
||||||
};
|
};
|
||||||
|
cript0nauta = {
|
||||||
|
email = "shareman1204@gmail.com";
|
||||||
|
github = "cript0nauta";
|
||||||
|
githubId = 1222362;
|
||||||
|
name = "Matías Lang";
|
||||||
|
};
|
||||||
cryptix = {
|
cryptix = {
|
||||||
email = "cryptix@riseup.net";
|
email = "cryptix@riseup.net";
|
||||||
github = "cryptix";
|
github = "cryptix";
|
||||||
|
@ -2182,6 +2188,12 @@
|
||||||
githubId = 50854;
|
githubId = 50854;
|
||||||
name = "edef";
|
name = "edef";
|
||||||
};
|
};
|
||||||
|
edibopp = {
|
||||||
|
email = "eduard.bopp@aepsil0n.de";
|
||||||
|
github = "edibopp";
|
||||||
|
githubId = 3098430;
|
||||||
|
name = "Eduard Bopp";
|
||||||
|
};
|
||||||
emantor = {
|
emantor = {
|
||||||
email = "rouven+nixos@czerwinskis.de";
|
email = "rouven+nixos@czerwinskis.de";
|
||||||
github = "emantor";
|
github = "emantor";
|
||||||
|
@ -2540,6 +2552,16 @@
|
||||||
githubId = 11909469;
|
githubId = 11909469;
|
||||||
name = "Fabian Geiselhart";
|
name = "Fabian Geiselhart";
|
||||||
};
|
};
|
||||||
|
fabianhauser = {
|
||||||
|
email = "fabian.nixos@fh2.ch";
|
||||||
|
github = "fabianhauser";
|
||||||
|
githubId = 368799;
|
||||||
|
name = "Fabian Hauser";
|
||||||
|
keys = [{
|
||||||
|
longkeyid = "rsa4096/0x8A52A140BEBF7D2C";
|
||||||
|
fingerprint = "50B7 11F4 3DFD 2018 DCE6 E8D0 8A52 A140 BEBF 7D2C";
|
||||||
|
}];
|
||||||
|
};
|
||||||
fadenb = {
|
fadenb = {
|
||||||
email = "tristan.helmich+nixos@gmail.com";
|
email = "tristan.helmich+nixos@gmail.com";
|
||||||
github = "fadenb";
|
github = "fadenb";
|
||||||
|
@ -3514,6 +3536,12 @@
|
||||||
githubId = 1608697;
|
githubId = 1608697;
|
||||||
name = "Jens Binkert";
|
name = "Jens Binkert";
|
||||||
};
|
};
|
||||||
|
jeremyschlatter = {
|
||||||
|
email = "github@jeremyschlatter.com";
|
||||||
|
github = "jeremyschlatter";
|
||||||
|
githubId = 5741620;
|
||||||
|
name = "Jeremy Schlatter";
|
||||||
|
};
|
||||||
jerith666 = {
|
jerith666 = {
|
||||||
email = "github@matt.mchenryfamily.org";
|
email = "github@matt.mchenryfamily.org";
|
||||||
github = "jerith666";
|
github = "jerith666";
|
||||||
|
@ -3855,6 +3883,12 @@
|
||||||
githubId = 11947756;
|
githubId = 11947756;
|
||||||
name = "Julien Dehos";
|
name = "Julien Dehos";
|
||||||
};
|
};
|
||||||
|
julm = {
|
||||||
|
email = "julm+nix@sourcephile.fr";
|
||||||
|
github = "ju1m";
|
||||||
|
githubId = 21160136;
|
||||||
|
name = "Julien Moutinho";
|
||||||
|
};
|
||||||
jumper149 = {
|
jumper149 = {
|
||||||
email = "felixspringer149@gmail.com";
|
email = "felixspringer149@gmail.com";
|
||||||
github = "jumper149";
|
github = "jumper149";
|
||||||
|
@ -3867,6 +3901,12 @@
|
||||||
githubId = 2396926;
|
githubId = 2396926;
|
||||||
name = "Justin Woo";
|
name = "Justin Woo";
|
||||||
};
|
};
|
||||||
|
jwatt = {
|
||||||
|
email = "jwatt@broken.watch";
|
||||||
|
github = "jjwatt";
|
||||||
|
githubId = 2397327;
|
||||||
|
name = "Jesse Wattenbarger";
|
||||||
|
};
|
||||||
jwiegley = {
|
jwiegley = {
|
||||||
email = "johnw@newartisans.com";
|
email = "johnw@newartisans.com";
|
||||||
github = "jwiegley";
|
github = "jwiegley";
|
||||||
|
@ -4649,6 +4689,16 @@
|
||||||
githubId = 26020062;
|
githubId = 26020062;
|
||||||
name = "lumi";
|
name = "lumi";
|
||||||
};
|
};
|
||||||
|
lunik1 = {
|
||||||
|
email = "ch.nixpkgs@themaw.xyz";
|
||||||
|
github = "lunik1";
|
||||||
|
githubId = 13547699;
|
||||||
|
name = "Corin Hoad";
|
||||||
|
keys = [{
|
||||||
|
longkeyid = "rsa2048/0x6A37DF9483188492";
|
||||||
|
fingerprint = "BA3A 5886 AE6D 526E 20B4 57D6 6A37 DF94 8318 8492";
|
||||||
|
}];
|
||||||
|
};
|
||||||
luz = {
|
luz = {
|
||||||
email = "luz666@daum.net";
|
email = "luz666@daum.net";
|
||||||
github = "Luz";
|
github = "Luz";
|
||||||
|
@ -5017,6 +5067,12 @@
|
||||||
githubId = 223323;
|
githubId = 223323;
|
||||||
name = "Miguel de la Cruz";
|
name = "Miguel de la Cruz";
|
||||||
};
|
};
|
||||||
|
mgdm = {
|
||||||
|
email = "michael@mgdm.net";
|
||||||
|
github = "mgdm";
|
||||||
|
githubId = 71893;
|
||||||
|
name = "Michael Maclean";
|
||||||
|
};
|
||||||
mgregoire = {
|
mgregoire = {
|
||||||
email = "gregoire@martinache.net";
|
email = "gregoire@martinache.net";
|
||||||
github = "M-Gregoire";
|
github = "M-Gregoire";
|
||||||
|
@ -5144,6 +5200,12 @@
|
||||||
fingerprint = "3196 83D3 9A1B 4DE1 3DC2 51FD FEA8 88C9 F5D6 4F62";
|
fingerprint = "3196 83D3 9A1B 4DE1 3DC2 51FD FEA8 88C9 F5D6 4F62";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
mir06 = {
|
||||||
|
email = "armin.leuprecht@uni-graz.at";
|
||||||
|
github = "mir06";
|
||||||
|
githubId = 8479244;
|
||||||
|
name = "Armin Leuprecht";
|
||||||
|
};
|
||||||
mirdhyn = {
|
mirdhyn = {
|
||||||
email = "mirdhyn@gmail.com";
|
email = "mirdhyn@gmail.com";
|
||||||
github = "mirdhyn";
|
github = "mirdhyn";
|
||||||
|
@ -6308,10 +6370,6 @@
|
||||||
githubId = 23097564;
|
githubId = 23097564;
|
||||||
name = "Nora Widdecke";
|
name = "Nora Widdecke";
|
||||||
};
|
};
|
||||||
pxc = {
|
|
||||||
email = "patrick.callahan@latitudeengineering.com";
|
|
||||||
name = "Patrick Callahan";
|
|
||||||
};
|
|
||||||
pyrolagus = {
|
pyrolagus = {
|
||||||
email = "pyrolagus@gmail.com";
|
email = "pyrolagus@gmail.com";
|
||||||
github = "PyroLagus";
|
github = "PyroLagus";
|
||||||
|
@ -6980,6 +7038,12 @@
|
||||||
githubId = 2343853;
|
githubId = 2343853;
|
||||||
name = "Sean Zicari";
|
name = "Sean Zicari";
|
||||||
};
|
};
|
||||||
|
seb314 = {
|
||||||
|
email = "sebastian@seb314.com";
|
||||||
|
github = "seb314";
|
||||||
|
githubId = 19472270;
|
||||||
|
name = "Sebastian";
|
||||||
|
};
|
||||||
sellout = {
|
sellout = {
|
||||||
email = "greg@technomadic.org";
|
email = "greg@technomadic.org";
|
||||||
github = "sellout";
|
github = "sellout";
|
||||||
|
@ -7050,6 +7114,12 @@
|
||||||
githubId = 1588288;
|
githubId = 1588288;
|
||||||
name = "Shahrukh Khan";
|
name = "Shahrukh Khan";
|
||||||
};
|
};
|
||||||
|
shamilton = {
|
||||||
|
email = "sgn.hamilton@protonmail.com";
|
||||||
|
github = "SCOTT-HAMILTON";
|
||||||
|
githubId = 24496705;
|
||||||
|
name = "Scott Hamilton";
|
||||||
|
};
|
||||||
shanemikel = {
|
shanemikel = {
|
||||||
email = "shanepearlman@pm.me";
|
email = "shanepearlman@pm.me";
|
||||||
github = "shanemikel";
|
github = "shanemikel";
|
||||||
|
|
|
@ -12,12 +12,13 @@ compat53,,,,,vcunat
|
||||||
cosmo,,,,,marsam
|
cosmo,,,,,marsam
|
||||||
coxpcall,,,1.17.0-1,,
|
coxpcall,,,1.17.0-1,,
|
||||||
cqueues,,,,,vcunat
|
cqueues,,,,,vcunat
|
||||||
cyrussasl,,,,,vcunat
|
cyrussasl,,,,,
|
||||||
digestif,,,,lua5_3,
|
digestif,,,,lua5_3,
|
||||||
dkjson,,,,,
|
dkjson,,,,,
|
||||||
fifo,,,,,
|
fifo,,,,,
|
||||||
http,,,,,vcunat
|
http,,,,,vcunat
|
||||||
inspect,,,,,
|
inspect,,,,,
|
||||||
|
ldbus,,http://luarocks.org/dev,,,
|
||||||
ldoc,,,,,
|
ldoc,,,,,
|
||||||
lgi,,,,,
|
lgi,,,,,
|
||||||
linenoise,,,,,
|
linenoise,,,,,
|
||||||
|
@ -50,9 +51,9 @@ luaepnf,,,,,
|
||||||
luaevent,,,,,
|
luaevent,,,,,
|
||||||
luaexpat,,,1.3.0-1,,arobyn flosse
|
luaexpat,,,1.3.0-1,,arobyn flosse
|
||||||
luaffi,,http://luarocks.org/dev,,,
|
luaffi,,http://luarocks.org/dev,,,
|
||||||
luafilesystem,,,1.7.0-2,,flosse vcunat
|
luafilesystem,,,1.7.0-2,,flosse
|
||||||
lualogging,,,,,
|
lualogging,,,,,
|
||||||
luaossl,,,,lua5_1,vcunat
|
luaossl,,,,lua5_1,
|
||||||
luaposix,,,,,vyp lblasc
|
luaposix,,,,,vyp lblasc
|
||||||
luarepl,,,,,
|
luarepl,,,,,
|
||||||
luasec,,,,,flosse
|
luasec,,,,,flosse
|
||||||
|
@ -65,6 +66,7 @@ luazip,,,,,
|
||||||
lua-yajl,,,,,pstn
|
lua-yajl,,,,,pstn
|
||||||
luuid,,,,,
|
luuid,,,,,
|
||||||
luv,,,,,
|
luv,,,,,
|
||||||
|
lyaml,,,,,lblasc
|
||||||
markdown,,,,,
|
markdown,,,,,
|
||||||
mediator_lua,,,,,
|
mediator_lua,,,,,
|
||||||
mpack,,,,,
|
mpack,,,,,
|
||||||
|
|
|
26
third_party/nixpkgs/maintainers/team-list.nix
vendored
26
third_party/nixpkgs/maintainers/team-list.nix
vendored
|
@ -34,6 +34,20 @@ with lib.maintainers; {
|
||||||
scope = "Maintain Freedesktop.org packages for graphical desktop.";
|
scope = "Maintain Freedesktop.org packages for graphical desktop.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
golang = {
|
||||||
|
members = [
|
||||||
|
c00w
|
||||||
|
cstrahan
|
||||||
|
Frostman
|
||||||
|
kalbasit
|
||||||
|
mic92
|
||||||
|
orivej
|
||||||
|
rvolosatovs
|
||||||
|
zowoq
|
||||||
|
];
|
||||||
|
scope = "Maintain Golang compilers.";
|
||||||
|
};
|
||||||
|
|
||||||
gnome = {
|
gnome = {
|
||||||
members = [
|
members = [
|
||||||
hedning
|
hedning
|
||||||
|
@ -43,6 +57,18 @@ with lib.maintainers; {
|
||||||
scope = "Maintain GNOME desktop environment and platform.";
|
scope = "Maintain GNOME desktop environment and platform.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
matrix = {
|
||||||
|
members = [
|
||||||
|
ma27
|
||||||
|
pacien
|
||||||
|
fadenb
|
||||||
|
mguentner
|
||||||
|
ekleog
|
||||||
|
ralith
|
||||||
|
];
|
||||||
|
scope = "Maintain the ecosystem around Matrix, a decentralized messenger.";
|
||||||
|
};
|
||||||
|
|
||||||
php = {
|
php = {
|
||||||
members = [
|
members = [
|
||||||
aanderse
|
aanderse
|
||||||
|
|
|
@ -19,9 +19,9 @@
|
||||||
</term>
|
</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Start a root shell if something goes wrong in stage 1 of the boot process
|
Allows the user to start a root shell if something goes wrong in stage 1
|
||||||
(the initial ramdisk). This is disabled by default because there is no
|
of the boot process (the initial ramdisk). This is disabled by default
|
||||||
authentication for the root shell.
|
because there is no authentication for the root shell.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -49,6 +49,22 @@
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<literal>boot.debug1mounts</literal>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Like <literal>boot.debug1</literal> or
|
||||||
|
<literal>boot.debug1devices</literal>, but runs stage1 until all
|
||||||
|
filesystems that are mounted during initrd are mounted (see
|
||||||
|
<option><link linkend="opt-fileSystems._name__.neededForBoot">neededForBoot</link></option>
|
||||||
|
). As a motivating example, this could be useful if you've forgotten to set
|
||||||
|
<option><link linkend="opt-fileSystems._name__.neededForBoot">neededForBoot</link></option>
|
||||||
|
on a file system.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<literal>boot.trace</literal>
|
<literal>boot.trace</literal>
|
||||||
|
@ -90,6 +106,15 @@
|
||||||
<manvolnum>1</manvolnum></citerefentry>.
|
<manvolnum>1</manvolnum></citerefentry>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Notice that for <literal>boot.shell_on_fail</literal>,
|
||||||
|
<literal>boot.debug1</literal>, <literal>boot.debug1devices</literal>, and
|
||||||
|
<literal>boot.debug1mounts</literal>, if you did <emphasis>not</emphasis>
|
||||||
|
select "start the new shell as pid 1", and you <literal>exit</literal> from
|
||||||
|
the new shell, boot will proceed normally from the point where it failed, as
|
||||||
|
if you'd chosen "ignore the error and continue".
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
If no login prompts or X11 login screens appear (e.g. due to hanging
|
If no login prompts or X11 login screens appear (e.g. due to hanging
|
||||||
dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start
|
dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start
|
||||||
|
|
|
@ -89,7 +89,7 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen>
|
||||||
NixOS partition. They are installed by default on NixOS, but you don't have
|
NixOS partition. They are installed by default on NixOS, but you don't have
|
||||||
NixOS yet..
|
NixOS yet..
|
||||||
</para>
|
</para>
|
||||||
<screen><prompt>$ </prompt>nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen>
|
<screen><prompt>$ </prompt>nix-env -f '<nixpkgs/nixos>' --arg configuration {} -iA config.system.build.{nixos-generate-config,nixos-install,nixos-enter,manual.manpages}</screen>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<note>
|
<note>
|
||||||
|
|
|
@ -42,6 +42,11 @@
|
||||||
PHP now defaults to PHP 7.4, updated from 7.3.
|
PHP now defaults to PHP 7.4, updated from 7.3.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Python 3 now defaults to Python 3.8 instead of 3.7.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
|
Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
|
||||||
|
@ -89,6 +94,22 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
|
||||||
When MariaDB data directory is just upgraded (not initialized), the users are not created or modified.
|
When MariaDB data directory is just upgraded (not initialized), the users are not created or modified.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
MySQL server is now started with additional systemd sandbox/hardening options for better security. The PrivateTmp, ProtectHome, and ProtectSystem options
|
||||||
|
may be problematic when MySQL is attempting to read from or write to your filesystem anywhere outside of its own state directory, for example when
|
||||||
|
calling <literal>LOAD DATA INFILE or SELECT * INTO OUTFILE</literal>. In this scenario a variant of the following may be required:
|
||||||
|
- allow MySQL to read from /home and /tmp directories when using <literal>LOAD DATA INFILE</literal>
|
||||||
|
<programlisting>
|
||||||
|
systemd.services.mysql.serviceConfig.ProtectHome = lib.mkForce "read-only";
|
||||||
|
</programlisting>
|
||||||
|
- allow MySQL to write to custom folder <literal>/var/data</literal> when using <literal>SELECT * INTO OUTFILE</literal>, assuming the mysql user has write
|
||||||
|
access to <literal>/var/data</literal>
|
||||||
|
<programlisting>
|
||||||
|
systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ];
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
@ -176,6 +197,12 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
|
||||||
<link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>.
|
<link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>vmware</literal> has been removed from the <literal>services.x11.videoDrivers</literal> defaults.
|
||||||
|
For VMWare guests set <literal>virtualisation.vmware.guest.enable</literal> to <literal>true</literal> which will include the appropriate drivers.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The initrd SSH support now uses OpenSSH rather than Dropbear to
|
The initrd SSH support now uses OpenSSH rather than Dropbear to
|
||||||
|
@ -441,6 +468,28 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
||||||
recommended to only use lower-case characters.
|
recommended to only use lower-case characters.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The GRUB specific option <option>boot.loader.grub.extraInitrd</option>
|
||||||
|
has been replaced with the generic option
|
||||||
|
<option>boot.initrd.secrets</option>. This option creates a secondary
|
||||||
|
initrd from the specified files, rather than using a manually created
|
||||||
|
initrd file.
|
||||||
|
|
||||||
|
Due to an existing bug with <option>boot.loader.grub.extraInitrd</option>,
|
||||||
|
it is not possible to directly boot an older generation that used that
|
||||||
|
option. It is still possible to rollback to that generation if the required
|
||||||
|
initrd file has not been deleted.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link>
|
||||||
|
package and NixOS module have been removed from Nixpkgs as the software is
|
||||||
|
unmaintained and can't be built. For more information see issue
|
||||||
|
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
@ -452,6 +501,9 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
||||||
<title>Other Notable Changes</title>
|
<title>Other Notable Changes</title>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>SD images are now compressed by default using <literal>zstd</literal>. The compression for ISO images has also been changed to <literal>zstd</literal>, but ISO images are still not compressed by default.</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<option>services.journald.rateLimitBurst</option> was updated from
|
<option>services.journald.rateLimitBurst</option> was updated from
|
||||||
|
@ -468,9 +520,32 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
||||||
the <literal>notmuch.emacs</literal> output.
|
the <literal>notmuch.emacs</literal> output.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Packages built using <literal>buildRustPackage</literal> now use <literal>release</literal>
|
||||||
|
mode for the <literal>checkPhase</literal> by default.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Please note that Rust packages utilizing a custom build/install procedure
|
||||||
|
(e.g. by using a <filename>Makefile</filename>) or test suites that rely on the
|
||||||
|
structure of the <filename>target/</filename> directory may break due to those assumptions.
|
||||||
|
For further information, please read the Rust section in the Nixpkgs manual.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>.
|
The cc- and binutils-wrapper's "infix salt" and <literal>_BUILD_</literal> and <literal>_TARGET_</literal> user infixes have been replaced with with a "suffix salt" and suffixes and <literal>_FOR_BUILD</literal> and <literal>_FOR_TARGET</literal>.
|
||||||
|
This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Additional Git documentation (HTML and text files) is now available via the <literal>git-doc</literal> package.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -501,6 +576,72 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
||||||
<link xlink:href="https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0">in the Grafana documentation</link>.
|
<link xlink:href="https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0">in the Grafana documentation</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>hardware.u2f</literal> module, which was installing udev rules
|
||||||
|
was removed, as udev gained native support to handle FIDO security tokens.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>)
|
||||||
|
has it's netlink socket created through a <literal>systemd.socket</literal> unit. This gives us control over
|
||||||
|
socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual)
|
||||||
|
devices the default buffer size (currently 128MB) is not enough.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
On a machine with >100 virtual interfaces (e.g., wireguard tunnels, VLANs, …), that all have to
|
||||||
|
be brought up during system startup, the receive buffer size will spike for a brief period.
|
||||||
|
Eventually some of the message will be dropped since there is not enough (permitted) buffer
|
||||||
|
space available.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
By having <literal>systemd-networkd</literal> start with a netlink socket created by
|
||||||
|
<literal>systemd</literal> we can configure the <literal>ReceiveBufferSize=</literal> parameter
|
||||||
|
in the socket options (i.e. <literal>systemd.sockets.systemd-networkd.socketOptions.ReceiveBufferSize</literal>)
|
||||||
|
without recompiling <literal>systemd-networkd</literal>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Since the actual memory requirements depend on hardware, timing, exact
|
||||||
|
configurations etc. it isn't currently possible to infer a good default
|
||||||
|
from within the NixOS module system. Administrators are advised to
|
||||||
|
monitor the logs of <literal>systemd-networkd</literal> for <literal>rtnl: kernel receive buffer
|
||||||
|
overrun</literal> spam and increase the memory limit as they see fit.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Note: Increasing the <literal>ReceiveBufferSize=</literal> doesn't allocate any memory. It just increases
|
||||||
|
the upper bound on the kernel side. The memory allocation depends on the amount of messages that are
|
||||||
|
queued on the kernel side of the netlink socket.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specifying <link linkend="opt-services.dovecot2.mailboxes">mailboxes</link> in the <package>dovecot2</package> module
|
||||||
|
as a list is deprecated and will break eval in 21.03. Instead, an attribute-set should be specified where the <literal>name</literal>
|
||||||
|
should be the key of the attribute.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
This means that a configuration like this
|
||||||
|
<programlisting>{
|
||||||
|
<link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = [
|
||||||
|
{ name = "Junk";
|
||||||
|
auto = "create";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}</programlisting>
|
||||||
|
should now look like this:
|
||||||
|
<programlisting>{
|
||||||
|
<link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = {
|
||||||
|
Junk.auto = "create";
|
||||||
|
};
|
||||||
|
}</programlisting>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<package>netbeans</package> was upgraded to 12.0 and now defaults to OpenJDK 11. This might cause problems if your projects depend on packages that were removed in Java 11.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
|
|
||||||
, name ? "nixos-disk-image"
|
, name ? "nixos-disk-image"
|
||||||
|
|
||||||
, # Disk image format, one of qcow2, qcow2-compressed, vpc, raw.
|
, # Disk image format, one of qcow2, qcow2-compressed, vdi, vpc, raw.
|
||||||
format ? "raw"
|
format ? "raw"
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -57,6 +57,7 @@ let format' = format; in let
|
||||||
|
|
||||||
filename = "nixos." + {
|
filename = "nixos." + {
|
||||||
qcow2 = "qcow2";
|
qcow2 = "qcow2";
|
||||||
|
vdi = "vdi";
|
||||||
vpc = "vhd";
|
vpc = "vhd";
|
||||||
raw = "img";
|
raw = "img";
|
||||||
}.${format};
|
}.${format};
|
||||||
|
|
|
@ -34,8 +34,8 @@
|
||||||
, # The path (outside the ISO file system) of the isohybrid-mbr image.
|
, # The path (outside the ISO file system) of the isohybrid-mbr image.
|
||||||
isohybridMbrImage ? ""
|
isohybridMbrImage ? ""
|
||||||
|
|
||||||
, # Whether to compress the resulting ISO image with bzip2.
|
, # Whether to compress the resulting ISO image with zstd.
|
||||||
compressImage ? false
|
compressImage ? false, zstd
|
||||||
|
|
||||||
, # The volume ID.
|
, # The volume ID.
|
||||||
volumeID ? ""
|
volumeID ? ""
|
||||||
|
@ -48,7 +48,7 @@ assert usbBootable -> isohybridMbrImage != "";
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = isoName;
|
name = isoName;
|
||||||
builder = ./make-iso9660-image.sh;
|
builder = ./make-iso9660-image.sh;
|
||||||
buildInputs = [ xorriso syslinux ];
|
buildInputs = [ xorriso syslinux zstd ];
|
||||||
|
|
||||||
inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable;
|
inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable;
|
||||||
|
|
||||||
|
|
|
@ -129,9 +129,14 @@ fi
|
||||||
|
|
||||||
if test -n "$compressImage"; then
|
if test -n "$compressImage"; then
|
||||||
echo "Compressing image..."
|
echo "Compressing image..."
|
||||||
bzip2 $out/iso/$isoName
|
zstd -T$NIX_BUILD_CORES --rm $out/iso/$isoName
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir -p $out/nix-support
|
mkdir -p $out/nix-support
|
||||||
echo $system > $out/nix-support/system
|
echo $system > $out/nix-support/system
|
||||||
echo "file iso $out/iso/$isoName" >> $out/nix-support/hydra-build-products
|
|
||||||
|
if test -n "$compressImage"; then
|
||||||
|
echo "file iso $out/iso/$isoName.zst" >> $out/nix-support/hydra-build-products
|
||||||
|
else
|
||||||
|
echo "file iso $out/iso/$isoName" >> $out/nix-support/hydra-build-products
|
||||||
|
fi
|
||||||
|
|
|
@ -68,7 +68,8 @@ with lib;
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales;
|
# We increase the priority a little, so that plain glibc in systemPackages can't win.
|
||||||
|
optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales);
|
||||||
|
|
||||||
environment.sessionVariables =
|
environment.sessionVariables =
|
||||||
{ LANG = config.i18n.defaultLocale;
|
{ LANG = config.i18n.defaultLocale;
|
||||||
|
|
|
@ -8,8 +8,7 @@ with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
requiredPackages = map (pkg: setPrio ((pkg.meta.priority or 5) + 3) pkg)
|
requiredPackages = map (pkg: setPrio ((pkg.meta.priority or 5) + 3) pkg)
|
||||||
[ config.nix.package
|
[ pkgs.acl
|
||||||
pkgs.acl
|
|
||||||
pkgs.attr
|
pkgs.attr
|
||||||
pkgs.bashInteractive # bash with ncurses support
|
pkgs.bashInteractive # bash with ncurses support
|
||||||
pkgs.bzip2
|
pkgs.bzip2
|
||||||
|
@ -33,7 +32,6 @@ let
|
||||||
pkgs.nano
|
pkgs.nano
|
||||||
pkgs.ncurses
|
pkgs.ncurses
|
||||||
pkgs.netcat
|
pkgs.netcat
|
||||||
pkgs.nix-info
|
|
||||||
config.programs.ssh.package
|
config.programs.ssh.package
|
||||||
pkgs.perl
|
pkgs.perl
|
||||||
pkgs.procps
|
pkgs.procps
|
||||||
|
@ -43,6 +41,7 @@ let
|
||||||
pkgs.time
|
pkgs.time
|
||||||
pkgs.utillinux
|
pkgs.utillinux
|
||||||
pkgs.which # 88K size
|
pkgs.which # 88K size
|
||||||
|
pkgs.zstd
|
||||||
];
|
];
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
|
@ -600,6 +600,38 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
warnings =
|
||||||
|
builtins.filter (x: x != null) (
|
||||||
|
flip mapAttrsToList cfg.users (name: user:
|
||||||
|
# This regex matches a subset of the Modular Crypto Format (MCF)[1]
|
||||||
|
# informal standard. Since this depends largely on the OS or the
|
||||||
|
# specific implementation of crypt(3) we only support the (sane)
|
||||||
|
# schemes implemented by glibc and BSDs. In particular the original
|
||||||
|
# DES hash is excluded since, having no structure, it would validate
|
||||||
|
# common mistakes like typing the plaintext password.
|
||||||
|
#
|
||||||
|
# [1]: https://en.wikipedia.org/wiki/Crypt_(C)
|
||||||
|
let
|
||||||
|
sep = "\\$";
|
||||||
|
base64 = "[a-zA-Z0-9./]+";
|
||||||
|
id = "[a-z0-9-]+";
|
||||||
|
value = "[a-zA-Z0-9/+.-]+";
|
||||||
|
options = "${id}(=${value})?(,${id}=${value})*";
|
||||||
|
scheme = "${id}(${sep}${options})?";
|
||||||
|
content = "${base64}${sep}${base64}";
|
||||||
|
mcf = "^${sep}${scheme}${sep}${content}$";
|
||||||
|
in
|
||||||
|
if (user.hashedPassword != null
|
||||||
|
&& builtins.match mcf user.hashedPassword == null)
|
||||||
|
then
|
||||||
|
''
|
||||||
|
The password hash of user "${name}" may be invalid. You must set a
|
||||||
|
valid hash or the user will be locked out of his account. Please
|
||||||
|
check the value of option `users.users."${name}".hashedPassword`.
|
||||||
|
''
|
||||||
|
else null
|
||||||
|
));
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -413,7 +413,7 @@ in
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Whether the ISO image should be compressed using
|
Whether the ISO image should be compressed using
|
||||||
<command>bzip2</command>.
|
<command>zstd</command>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -105,7 +105,7 @@ in
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = ''
|
||||||
Whether the SD image should be compressed using
|
Whether the SD image should be compressed using
|
||||||
<command>bzip2</command>.
|
<command>zstd</command>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -130,10 +130,10 @@ in
|
||||||
sdImage.storePaths = [ config.system.build.toplevel ];
|
sdImage.storePaths = [ config.system.build.toplevel ];
|
||||||
|
|
||||||
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
|
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
|
||||||
mtools, libfaketime, utillinux, bzip2, zstd }: stdenv.mkDerivation {
|
mtools, libfaketime, utillinux, zstd }: stdenv.mkDerivation {
|
||||||
name = config.sdImage.imageName;
|
name = config.sdImage.imageName;
|
||||||
|
|
||||||
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux bzip2 zstd ];
|
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux zstd ];
|
||||||
|
|
||||||
inherit (config.sdImage) compressImage;
|
inherit (config.sdImage) compressImage;
|
||||||
|
|
||||||
|
@ -143,7 +143,7 @@ in
|
||||||
|
|
||||||
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
|
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
|
||||||
if test -n "$compressImage"; then
|
if test -n "$compressImage"; then
|
||||||
echo "file sd-image $img.bz2" >> $out/nix-support/hydra-build-products
|
echo "file sd-image $img.zst" >> $out/nix-support/hydra-build-products
|
||||||
else
|
else
|
||||||
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
|
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
|
||||||
fi
|
fi
|
||||||
|
@ -190,7 +190,7 @@ in
|
||||||
fsck.vfat -vn firmware_part.img
|
fsck.vfat -vn firmware_part.img
|
||||||
dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS
|
dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS
|
||||||
if test -n "$compressImage"; then
|
if test -n "$compressImage"; then
|
||||||
bzip2 $img
|
zstd -T$NIX_BUILD_CORES --rm $img
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
}) {};
|
}) {};
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
x86_64-linux = "/nix/store/xb0nl3z356n0sfrhswfli2g19a19slys-nix-2.3.5";
|
x86_64-linux = "/nix/store/j8dbv5w6jl34caywh2ygdy88knx1mdf7-nix-2.3.6";
|
||||||
i686-linux = "/nix/store/k8kdd4yy1yap6lai5idyhmzcwsjh1fik-nix-2.3.5";
|
i686-linux = "/nix/store/9fqvbdisahqp0238vrs7wn5anpri0a65-nix-2.3.6";
|
||||||
aarch64-linux = "/nix/store/dr86cbipxqjcb8pf2k0v8wvw0h0adfpz-nix-2.3.5";
|
aarch64-linux = "/nix/store/72pwn0nm9bjqx9vpi8sgh4bl6g5wh814-nix-2.3.6";
|
||||||
x86_64-darwin = "/nix/store/n6dqdndkv9kac66kdr988kaiyavl44x8-nix-2.3.5";
|
x86_64-darwin = "/nix/store/g37vk77m90p5zcl5nixjlzp3vqpisfn5-nix-2.3.6";
|
||||||
}
|
}
|
||||||
|
|
|
@ -239,7 +239,6 @@ in
|
||||||
shout = 206;
|
shout = 206;
|
||||||
gateone = 207;
|
gateone = 207;
|
||||||
namecoin = 208;
|
namecoin = 208;
|
||||||
dnschain = 209;
|
|
||||||
#lxd = 210; # unused
|
#lxd = 210; # unused
|
||||||
kibana = 211;
|
kibana = 211;
|
||||||
xtreemfs = 212;
|
xtreemfs = 212;
|
||||||
|
@ -549,7 +548,6 @@ in
|
||||||
#shout = 206; #unused
|
#shout = 206; #unused
|
||||||
gateone = 207;
|
gateone = 207;
|
||||||
namecoin = 208;
|
namecoin = 208;
|
||||||
#dnschain = 209; #unused
|
|
||||||
lxd = 210; # unused
|
lxd = 210; # unused
|
||||||
#kibana = 211;
|
#kibana = 211;
|
||||||
xtreemfs = 212;
|
xtreemfs = 212;
|
||||||
|
|
|
@ -126,6 +126,7 @@
|
||||||
./programs/gpaste.nix
|
./programs/gpaste.nix
|
||||||
./programs/gnupg.nix
|
./programs/gnupg.nix
|
||||||
./programs/gphoto2.nix
|
./programs/gphoto2.nix
|
||||||
|
./programs/hamster.nix
|
||||||
./programs/iftop.nix
|
./programs/iftop.nix
|
||||||
./programs/iotop.nix
|
./programs/iotop.nix
|
||||||
./programs/java.nix
|
./programs/java.nix
|
||||||
|
@ -334,6 +335,7 @@
|
||||||
./services/games/minecraft-server.nix
|
./services/games/minecraft-server.nix
|
||||||
./services/games/minetest-server.nix
|
./services/games/minetest-server.nix
|
||||||
./services/games/openarena.nix
|
./services/games/openarena.nix
|
||||||
|
./services/games/teeworlds.nix
|
||||||
./services/games/terraria.nix
|
./services/games/terraria.nix
|
||||||
./services/hardware/acpid.nix
|
./services/hardware/acpid.nix
|
||||||
./services/hardware/actkbd.nix
|
./services/hardware/actkbd.nix
|
||||||
|
@ -361,7 +363,6 @@
|
||||||
./services/hardware/throttled.nix
|
./services/hardware/throttled.nix
|
||||||
./services/hardware/trezord.nix
|
./services/hardware/trezord.nix
|
||||||
./services/hardware/triggerhappy.nix
|
./services/hardware/triggerhappy.nix
|
||||||
./services/hardware/u2f.nix
|
|
||||||
./services/hardware/udev.nix
|
./services/hardware/udev.nix
|
||||||
./services/hardware/udisks2.nix
|
./services/hardware/udisks2.nix
|
||||||
./services/hardware/upower.nix
|
./services/hardware/upower.nix
|
||||||
|
@ -601,7 +602,6 @@
|
||||||
./services/networking/dhcpcd.nix
|
./services/networking/dhcpcd.nix
|
||||||
./services/networking/dhcpd.nix
|
./services/networking/dhcpd.nix
|
||||||
./services/networking/dnscache.nix
|
./services/networking/dnscache.nix
|
||||||
./services/networking/dnschain.nix
|
|
||||||
./services/networking/dnscrypt-proxy2.nix
|
./services/networking/dnscrypt-proxy2.nix
|
||||||
./services/networking/dnscrypt-wrapper.nix
|
./services/networking/dnscrypt-wrapper.nix
|
||||||
./services/networking/dnsdist.nix
|
./services/networking/dnsdist.nix
|
||||||
|
@ -624,6 +624,7 @@
|
||||||
./services/networking/gdomap.nix
|
./services/networking/gdomap.nix
|
||||||
./services/networking/git-daemon.nix
|
./services/networking/git-daemon.nix
|
||||||
./services/networking/gnunet.nix
|
./services/networking/gnunet.nix
|
||||||
|
./services/networking/go-neb.nix
|
||||||
./services/networking/go-shadowsocks2.nix
|
./services/networking/go-shadowsocks2.nix
|
||||||
./services/networking/gogoclient.nix
|
./services/networking/gogoclient.nix
|
||||||
./services/networking/gvpe.nix
|
./services/networking/gvpe.nix
|
||||||
|
@ -806,7 +807,6 @@
|
||||||
./services/security/torsocks.nix
|
./services/security/torsocks.nix
|
||||||
./services/security/usbguard.nix
|
./services/security/usbguard.nix
|
||||||
./services/security/vault.nix
|
./services/security/vault.nix
|
||||||
./services/system/cgmanager.nix
|
|
||||||
./services/system/cloud-init.nix
|
./services/system/cloud-init.nix
|
||||||
./services/system/dbus.nix
|
./services/system/dbus.nix
|
||||||
./services/system/earlyoom.nix
|
./services/system/earlyoom.nix
|
||||||
|
|
|
@ -238,9 +238,6 @@ in
|
||||||
"/share/bash-completion"
|
"/share/bash-completion"
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = optional cfg.enableCompletion
|
|
||||||
pkgs.nix-bash-completions;
|
|
||||||
|
|
||||||
environment.shells =
|
environment.shells =
|
||||||
[ "/run/current-system/sw/bin/bash"
|
[ "/run/current-system/sw/bin/bash"
|
||||||
"/run/current-system/sw/bin/sh"
|
"/run/current-system/sw/bin/sh"
|
||||||
|
|
15
third_party/nixpkgs/nixos/modules/programs/hamster.nix
vendored
Normal file
15
third_party/nixpkgs/nixos/modules/programs/hamster.nix
vendored
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
meta.maintainers = maintainers.fabianhauser;
|
||||||
|
|
||||||
|
options.programs.hamster.enable =
|
||||||
|
mkEnableOption "Whether to enable hamster time tracking.";
|
||||||
|
|
||||||
|
config = lib.mkIf config.programs.hamster.enable {
|
||||||
|
environment.systemPackages = [ pkgs.hamster ];
|
||||||
|
services.dbus.packages = [ pkgs.hamster ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -194,6 +194,33 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
kexAlgorithms = mkOption {
|
||||||
|
type = types.nullOr (types.listOf types.str);
|
||||||
|
default = null;
|
||||||
|
example = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ];
|
||||||
|
description = ''
|
||||||
|
Specifies the available KEX (Key Exchange) algorithms.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
ciphers = mkOption {
|
||||||
|
type = types.nullOr (types.listOf types.str);
|
||||||
|
default = null;
|
||||||
|
example = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" ];
|
||||||
|
description = ''
|
||||||
|
Specifies the ciphers allowed and their order of preference.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
macs = mkOption {
|
||||||
|
type = types.nullOr (types.listOf types.str);
|
||||||
|
default = null;
|
||||||
|
example = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha1" ];
|
||||||
|
description = ''
|
||||||
|
Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used
|
||||||
|
for data integrity protection.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -232,6 +259,9 @@ in
|
||||||
|
|
||||||
${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"}
|
${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"}
|
||||||
${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"}
|
${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"}
|
||||||
|
${optionalString (cfg.kexAlgorithms != null) "KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}"}
|
||||||
|
${optionalString (cfg.ciphers != null) "Ciphers ${concatStringsSep "," cfg.ciphers}"}
|
||||||
|
${optionalString (cfg.macs != null) "MACs ${concatStringsSep "," cfg.macs}"}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.etc."ssh/ssh_known_hosts".text = knownHostsText;
|
environment.etc."ssh/ssh_known_hosts".text = knownHostsText;
|
||||||
|
|
|
@ -21,9 +21,11 @@ in
|
||||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
|
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
|
||||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
|
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
|
||||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
|
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
|
||||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPass" ] [ "services" "ssmtp" "authPass" ])
|
|
||||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
|
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
|
||||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
|
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
|
||||||
|
|
||||||
|
(mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
|
||||||
|
(mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
|
||||||
];
|
];
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
@ -45,6 +47,21 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
settings = mkOption {
|
||||||
|
type = with types; attrsOf (oneOf [ bool str ]);
|
||||||
|
default = {};
|
||||||
|
description = ''
|
||||||
|
<citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
|
||||||
|
to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
|
||||||
|
'';
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
Debug = true;
|
||||||
|
FromLineOverride = false;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
hostName = mkOption {
|
hostName = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "mail.example.org";
|
example = "mail.example.org";
|
||||||
|
@ -101,18 +118,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
authPass = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "";
|
|
||||||
example = "correctHorseBatteryStaple";
|
|
||||||
description = ''
|
|
||||||
Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
|
||||||
|
|
||||||
It's recommended to use <option>authPassFile</option>
|
|
||||||
which takes precedence over <option>authPass</option>.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
authPassFile = mkOption {
|
authPassFile = mkOption {
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
|
@ -121,11 +126,6 @@ in
|
||||||
Path to a file that contains the password used for SMTP auth. The file
|
Path to a file that contains the password used for SMTP auth. The file
|
||||||
should not contain a trailing newline, if the password does not contain one.
|
should not contain a trailing newline, if the password does not contain one.
|
||||||
This file should be readable by the users that need to execute ssmtp.
|
This file should be readable by the users that need to execute ssmtp.
|
||||||
|
|
||||||
<option>authPassFile</option> takes precedence over <option>authPass</option>.
|
|
||||||
|
|
||||||
Warning: when <option>authPass</option> is non-empty <option>authPassFile</option>
|
|
||||||
defaults to a file in the WORLD-READABLE Nix store containing that password.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -142,25 +142,28 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
services.ssmtp.authPassFile = mkIf (cfg.authPass != "")
|
services.ssmtp.settings = mkMerge [
|
||||||
(mkDefault (toString (pkgs.writeTextFile {
|
({
|
||||||
name = "ssmtp-authpass";
|
MailHub = cfg.hostName;
|
||||||
text = cfg.authPass;
|
FromLineOverride = mkDefault true;
|
||||||
})));
|
UseTLS = cfg.useTLS;
|
||||||
|
UseSTARTTLS = cfg.useSTARTTLS;
|
||||||
|
})
|
||||||
|
(mkIf (cfg.root != "") { root = cfg.root; })
|
||||||
|
(mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
|
||||||
|
(mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
|
||||||
|
(mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
|
||||||
|
];
|
||||||
|
|
||||||
environment.etc."ssmtp/ssmtp.conf".text =
|
environment.etc."ssmtp/ssmtp.conf".source =
|
||||||
let yesNo = yes : if yes then "YES" else "NO"; in
|
let
|
||||||
''
|
toStr = value:
|
||||||
MailHub=${cfg.hostName}
|
if value == true then "YES"
|
||||||
FromLineOverride=YES
|
else if value == false then "NO"
|
||||||
${optionalString (cfg.root != "") "root=${cfg.root}"}
|
else builtins.toString value
|
||||||
${optionalString (cfg.domain != "") "rewriteDomain=${cfg.domain}"}
|
;
|
||||||
UseTLS=${yesNo cfg.useTLS}
|
in
|
||||||
UseSTARTTLS=${yesNo cfg.useSTARTTLS}
|
pkgs.writeText "ssmtp.conf" (concatStringsSep "\n" (mapAttrsToList (key: value: "${key}=${toStr value}") cfg.settings));
|
||||||
#Debug=YES
|
|
||||||
${optionalString (cfg.authUser != "") "AuthUser=${cfg.authUser}"}
|
|
||||||
${optionalString (cfg.authPassFile != null) "AuthPassFile=${cfg.authPassFile}"}
|
|
||||||
'';
|
|
||||||
|
|
||||||
environment.systemPackages = [pkgs.ssmtp];
|
environment.systemPackages = [pkgs.ssmtp];
|
||||||
|
|
||||||
|
|
7
third_party/nixpkgs/nixos/modules/rename.nix
vendored
7
third_party/nixpkgs/nixos/modules/rename.nix
vendored
|
@ -24,6 +24,7 @@ with lib;
|
||||||
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
||||||
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
|
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
|
||||||
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
|
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
|
||||||
|
(mkRemovedOptionModule ["services" "cgmanager" "enable"] "cgmanager was deprecated by lxc and therefore removed from nixpkgs.")
|
||||||
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
|
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
|
||||||
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
|
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
|
||||||
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
||||||
|
@ -54,6 +55,12 @@ with lib;
|
||||||
prey-bash-client is deprecated upstream
|
prey-bash-client is deprecated upstream
|
||||||
'')
|
'')
|
||||||
|
|
||||||
|
(mkRemovedOptionModule ["hardware" "u2f" ] ''
|
||||||
|
The U2F modules module was removed, as all it did was adding the
|
||||||
|
udev rules from libu2f-host to the system. Udev gained native support
|
||||||
|
to handle FIDO security tokens, so this isn't necessary anymore.
|
||||||
|
'')
|
||||||
|
|
||||||
# Do NOT add any option renames here, see top of the file
|
# Do NOT add any option renames here, see top of the file
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -436,6 +436,8 @@ let
|
||||||
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
|
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
|
||||||
${optionalString config.security.pam.enableEcryptfs
|
${optionalString config.security.pam.enableEcryptfs
|
||||||
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
|
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
|
||||||
|
${optionalString cfg.pamMount
|
||||||
|
"session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
|
||||||
${optionalString use_ldap
|
${optionalString use_ldap
|
||||||
"session optional ${pam_ldap}/lib/security/pam_ldap.so"}
|
"session optional ${pam_ldap}/lib/security/pam_ldap.so"}
|
||||||
${optionalString config.services.sssd.enable
|
${optionalString config.services.sssd.enable
|
||||||
|
@ -452,8 +454,6 @@ let
|
||||||
"session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits}"}
|
"session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits}"}
|
||||||
${optionalString (cfg.showMotd && config.users.motd != null)
|
${optionalString (cfg.showMotd && config.users.motd != null)
|
||||||
"session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
|
"session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
|
||||||
${optionalString cfg.pamMount
|
|
||||||
"session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
|
|
||||||
${optionalString (cfg.enableAppArmor && config.security.apparmor.enable)
|
${optionalString (cfg.enableAppArmor && config.security.apparmor.enable)
|
||||||
"session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"}
|
"session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"}
|
||||||
${optionalString (cfg.enableKwallet)
|
${optionalString (cfg.enableKwallet)
|
||||||
|
|
|
@ -173,7 +173,9 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
security.sudo.extraRules = [
|
# We `mkOrder 600` so that the default rule shows up first, but there is
|
||||||
|
# still enough room for a user to `mkBefore` it.
|
||||||
|
security.sudo.extraRules = mkOrder 600 [
|
||||||
{ groups = [ "wheel" ];
|
{ groups = [ "wheel" ];
|
||||||
commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ];
|
commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@ let
|
||||||
factory = util.BuildFactory()
|
factory = util.BuildFactory()
|
||||||
c = BuildmasterConfig = dict(
|
c = BuildmasterConfig = dict(
|
||||||
workers = [${concatStringsSep "," cfg.workers}],
|
workers = [${concatStringsSep "," cfg.workers}],
|
||||||
protocols = { 'pb': {'port': ${toString cfg.bpPort} } },
|
protocols = { 'pb': {'port': ${toString cfg.pbPort} } },
|
||||||
title = '${escapeStr cfg.title}',
|
title = '${escapeStr cfg.title}',
|
||||||
titleURL = '${escapeStr cfg.titleUrl}',
|
titleURL = '${escapeStr cfg.titleUrl}',
|
||||||
buildbotURL = '${escapeStr cfg.buildbotUrl}',
|
buildbotURL = '${escapeStr cfg.buildbotUrl}',
|
||||||
|
@ -155,10 +155,20 @@ in {
|
||||||
description = "Specifies the Buildbot directory.";
|
description = "Specifies the Buildbot directory.";
|
||||||
};
|
};
|
||||||
|
|
||||||
bpPort = mkOption {
|
pbPort = mkOption {
|
||||||
default = 9989;
|
default = 9989;
|
||||||
type = types.int;
|
type = types.either types.str types.int;
|
||||||
description = "Port where the master will listen to Buildbot Worker.";
|
example = "'tcp:9990:interface=127.0.0.1'";
|
||||||
|
description = ''
|
||||||
|
The buildmaster will listen on a TCP port of your choosing
|
||||||
|
for connections from workers.
|
||||||
|
It can also use this port for connections from remote Change Sources,
|
||||||
|
status clients, and debug tools.
|
||||||
|
This port should be visible to the outside world, and you’ll need to tell
|
||||||
|
your worker admins about your choice.
|
||||||
|
If put in (single) quotes, this can also be used as a connection string,
|
||||||
|
as defined in the <link xlink:href="https://twistedmatrix.com/documents/current/core/howto/endpoints.html">ConnectionStrings guide</link>.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
listenAddress = mkOption {
|
listenAddress = mkOption {
|
||||||
|
@ -264,5 +274,9 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ])
|
||||||
|
];
|
||||||
|
|
||||||
meta.maintainers = with lib.maintainers; [ nand0p mic92 ];
|
meta.maintainers = with lib.maintainers; [ nand0p mic92 ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -334,7 +334,8 @@ in
|
||||||
environment.etc."my.cnf".source = cfg.configFile;
|
environment.etc."my.cnf".source = cfg.configFile;
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d '${cfg.dataDir}' 0700 ${cfg.user} mysql -"
|
"d '${cfg.dataDir}' 0700 ${cfg.user} mysql - -"
|
||||||
|
"z '${cfg.dataDir}' 0700 ${cfg.user} mysql - -"
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.mysql = let
|
systemd.services.mysql = let
|
||||||
|
@ -357,21 +358,17 @@ in
|
||||||
preStart = if isMariaDB then ''
|
preStart = if isMariaDB then ''
|
||||||
if ! test -e ${cfg.dataDir}/mysql; then
|
if ! test -e ${cfg.dataDir}/mysql; then
|
||||||
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${mysqldOptions}
|
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${mysqldOptions}
|
||||||
touch /tmp/mysql_init
|
touch ${cfg.dataDir}/mysql_init
|
||||||
fi
|
fi
|
||||||
'' else ''
|
'' else ''
|
||||||
if ! test -e ${cfg.dataDir}/mysql; then
|
if ! test -e ${cfg.dataDir}/mysql; then
|
||||||
${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} --initialize-insecure
|
${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} --initialize-insecure
|
||||||
touch /tmp/mysql_init
|
touch ${cfg.dataDir}/mysql_init
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
|
||||||
Group = "mysql";
|
|
||||||
Type = if hasNotify then "notify" else "simple";
|
Type = if hasNotify then "notify" else "simple";
|
||||||
RuntimeDirectory = "mysqld";
|
|
||||||
RuntimeDirectoryMode = "0755";
|
|
||||||
Restart = "on-abort";
|
Restart = "on-abort";
|
||||||
RestartSec = "5s";
|
RestartSec = "5s";
|
||||||
# The last two environment variables are used for starting Galera clusters
|
# The last two environment variables are used for starting Galera clusters
|
||||||
|
@ -398,7 +395,7 @@ in
|
||||||
done
|
done
|
||||||
''}
|
''}
|
||||||
|
|
||||||
if [ -f /tmp/mysql_init ]
|
if [ -f ${cfg.dataDir}/mysql_init ]
|
||||||
then
|
then
|
||||||
${concatMapStrings (database: ''
|
${concatMapStrings (database: ''
|
||||||
# Create initial databases
|
# Create initial databases
|
||||||
|
@ -452,7 +449,7 @@ in
|
||||||
cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N
|
cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N
|
||||||
''}
|
''}
|
||||||
|
|
||||||
rm /tmp/mysql_init
|
rm ${cfg.dataDir}/mysql_init
|
||||||
fi
|
fi
|
||||||
|
|
||||||
${optionalString (cfg.ensureDatabases != []) ''
|
${optionalString (cfg.ensureDatabases != []) ''
|
||||||
|
@ -476,6 +473,35 @@ in
|
||||||
# ensureDatbases & ensureUsers depends on this script being run as root
|
# ensureDatbases & ensureUsers depends on this script being run as root
|
||||||
# when the user has secured their mysql install
|
# when the user has secured their mysql install
|
||||||
"+${setupScript}";
|
"+${setupScript}";
|
||||||
|
# User and group
|
||||||
|
User = cfg.user;
|
||||||
|
Group = "mysql";
|
||||||
|
# Runtime directory and mode
|
||||||
|
RuntimeDirectory = "mysqld";
|
||||||
|
RuntimeDirectoryMode = "0755";
|
||||||
|
# Access write directories
|
||||||
|
ReadWritePaths = [ cfg.dataDir ];
|
||||||
|
# Capabilities
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
# Security
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
# Sandboxing
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
# System Call Filtering
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -218,6 +218,7 @@ in
|
||||||
description = "Redis database user";
|
description = "Redis database user";
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
|
users.groups.redis = {};
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
@ -240,6 +241,7 @@ in
|
||||||
StateDirectory = "redis";
|
StateDirectory = "redis";
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
User = "redis";
|
User = "redis";
|
||||||
|
Group = "redis";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
119
third_party/nixpkgs/nixos/modules/services/games/teeworlds.nix
vendored
Normal file
119
third_party/nixpkgs/nixos/modules/services/games/teeworlds.nix
vendored
Normal file
|
@ -0,0 +1,119 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.teeworlds;
|
||||||
|
register = cfg.register;
|
||||||
|
|
||||||
|
teeworldsConf = pkgs.writeText "teeworlds.cfg" ''
|
||||||
|
sv_port ${toString cfg.port}
|
||||||
|
sv_register ${if cfg.register then "1" else "0"}
|
||||||
|
${optionalString (cfg.name != null) "sv_name ${cfg.name}"}
|
||||||
|
${optionalString (cfg.motd != null) "sv_motd ${cfg.motd}"}
|
||||||
|
${optionalString (cfg.password != null) "password ${cfg.password}"}
|
||||||
|
${optionalString (cfg.rconPassword != null) "sv_rcon_password ${cfg.rconPassword}"}
|
||||||
|
${concatStringsSep "\n" cfg.extraOptions}
|
||||||
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.teeworlds = {
|
||||||
|
enable = mkEnableOption "Teeworlds Server";
|
||||||
|
|
||||||
|
openPorts = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Whether to open firewall ports for Teeworlds";
|
||||||
|
};
|
||||||
|
|
||||||
|
name = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Name of the server. Defaults to 'unnamed server'.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
register = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
example = true;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether the server registers as public server in the global server list. This is disabled by default because of privacy.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
motd = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Set the server message of the day text.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
password = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Password to connect to the server.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
rconPassword = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Password to access the remote console. If not set, a randomly generated one is displayed in the server log.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 8303;
|
||||||
|
description = ''
|
||||||
|
Port the server will listen on.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOptions = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = ''
|
||||||
|
Extra configuration lines for the <filename>teeworlds.cfg</filename>. See <link xlink:href="https://www.teeworlds.com/?page=docs&wiki=server_settings">Teeworlds Documentation</link>.
|
||||||
|
'';
|
||||||
|
example = [ "sv_map dm1" "sv_gametype dm" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking.firewall = mkIf cfg.openPorts {
|
||||||
|
allowedUDPPorts = [ cfg.port ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.teeworlds = {
|
||||||
|
description = "Teeworlds Server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
DynamicUser = true;
|
||||||
|
ExecStart = "${pkgs.teeworlds}/bin/teeworlds_srv -f ${teeworldsConf}";
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
CapabilityBoundingSet = false;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -6,6 +6,23 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.fwupd;
|
cfg = config.services.fwupd;
|
||||||
|
|
||||||
|
customEtc = {
|
||||||
|
"fwupd/daemon.conf" = {
|
||||||
|
source = pkgs.writeText "daemon.conf" ''
|
||||||
|
[fwupd]
|
||||||
|
BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
|
||||||
|
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"fwupd/uefi.conf" = {
|
||||||
|
source = pkgs.writeText "uefi.conf" ''
|
||||||
|
[uefi]
|
||||||
|
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
originalEtc =
|
originalEtc =
|
||||||
let
|
let
|
||||||
mkEtcFile = n: nameValuePair n { source = "${cfg.package}/etc/${n}"; };
|
mkEtcFile = n: nameValuePair n { source = "${cfg.package}/etc/${n}"; };
|
||||||
|
@ -96,22 +113,8 @@ in {
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
environment.etc = {
|
# customEtc overrides some files from the package
|
||||||
"fwupd/daemon.conf" = {
|
environment.etc = originalEtc // customEtc // extraTrustedKeys // testRemote;
|
||||||
source = pkgs.writeText "daemon.conf" ''
|
|
||||||
[fwupd]
|
|
||||||
BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
|
|
||||||
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"fwupd/uefi.conf" = {
|
|
||||||
source = pkgs.writeText "uefi.conf" ''
|
|
||||||
[uefi]
|
|
||||||
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
} // originalEtc // extraTrustedKeys // testRemote;
|
|
||||||
|
|
||||||
services.dbus.packages = [ cfg.package ];
|
services.dbus.packages = [ cfg.package ];
|
||||||
|
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
cfg = config.hardware.u2f;
|
|
||||||
in {
|
|
||||||
options = {
|
|
||||||
hardware.u2f = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Enable U2F hardware support.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.udev.packages = [ pkgs.libu2f-host ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -125,6 +125,8 @@ let
|
||||||
mailboxConfig = mailbox: ''
|
mailboxConfig = mailbox: ''
|
||||||
mailbox "${mailbox.name}" {
|
mailbox "${mailbox.name}" {
|
||||||
auto = ${toString mailbox.auto}
|
auto = ${toString mailbox.auto}
|
||||||
|
'' + optionalString (mailbox.autoexpunge != null) ''
|
||||||
|
autoexpunge = ${mailbox.autoexpunge}
|
||||||
'' + optionalString (mailbox.specialUse != null) ''
|
'' + optionalString (mailbox.specialUse != null) ''
|
||||||
special_use = \${toString mailbox.specialUse}
|
special_use = \${toString mailbox.specialUse}
|
||||||
'' + "}";
|
'' + "}";
|
||||||
|
@ -132,8 +134,9 @@ let
|
||||||
mailboxes = { ... }: {
|
mailboxes = { ... }: {
|
||||||
options = {
|
options = {
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = types.strMatching ''[^"]+'';
|
type = types.nullOr (types.strMatching ''[^"]+'');
|
||||||
example = "Spam";
|
example = "Spam";
|
||||||
|
default = null;
|
||||||
description = "The name of the mailbox.";
|
description = "The name of the mailbox.";
|
||||||
};
|
};
|
||||||
auto = mkOption {
|
auto = mkOption {
|
||||||
|
@ -148,6 +151,15 @@ let
|
||||||
example = "Junk";
|
example = "Junk";
|
||||||
description = "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.";
|
description = "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.";
|
||||||
};
|
};
|
||||||
|
autoexpunge = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "60d";
|
||||||
|
description = ''
|
||||||
|
To automatically remove all email from the mailbox which is older than the
|
||||||
|
specified time.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
@ -323,9 +335,24 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
mailboxes = mkOption {
|
mailboxes = mkOption {
|
||||||
type = types.listOf (types.submodule mailboxes);
|
type = with types; let m = submodule mailboxes; in either (listOf m) (attrsOf m);
|
||||||
default = [];
|
default = {};
|
||||||
example = [ { name = "Spam"; specialUse = "Junk"; auto = "create"; } ];
|
apply = x:
|
||||||
|
if isList x then warn "Declaring `services.dovecot2.mailboxes' as a list is deprecated and will break eval in 21.03!" x
|
||||||
|
else mapAttrsToList (name: value:
|
||||||
|
if value.name != null
|
||||||
|
then throw ''
|
||||||
|
When specifying dovecot2 mailboxes as attributes, declaring
|
||||||
|
a `name'-attribute is prohibited! The name ${value.name} should
|
||||||
|
be the attribute key!
|
||||||
|
''
|
||||||
|
else value // { inherit name; }
|
||||||
|
) x;
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
Spam = { specialUse = "Junk"; auto = "create"; };
|
||||||
|
}
|
||||||
|
'';
|
||||||
description = "Configure mailboxes and auto create or subscribe them.";
|
description = "Configure mailboxes and auto create or subscribe them.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,10 @@ in {
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkRenamedOptionModule [ "services" "opensmtpd" "addSendmailToSystemPath" ] [ "services" "opensmtpd" "setSendmail" ])
|
||||||
|
];
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.opensmtpd = {
|
services.opensmtpd = {
|
||||||
|
@ -34,13 +38,10 @@ in {
|
||||||
description = "The OpenSMTPD package to use.";
|
description = "The OpenSMTPD package to use.";
|
||||||
};
|
};
|
||||||
|
|
||||||
addSendmailToSystemPath = mkOption {
|
setSendmail = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = "Whether to set the system sendmail to OpenSMTPD's.";
|
||||||
Whether to add OpenSMTPD's sendmail binary to the
|
|
||||||
system path or not.
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
extraServerArgs = mkOption {
|
extraServerArgs = mkOption {
|
||||||
|
@ -82,7 +83,7 @@ in {
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable rec {
|
||||||
users.groups = {
|
users.groups = {
|
||||||
smtpd.gid = config.ids.gids.smtpd;
|
smtpd.gid = config.ids.gids.smtpd;
|
||||||
smtpq.gid = config.ids.gids.smtpq;
|
smtpq.gid = config.ids.gids.smtpq;
|
||||||
|
@ -101,6 +102,14 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.wrappers.smtpctl = {
|
||||||
|
group = "smtpq";
|
||||||
|
setgid = true;
|
||||||
|
source = "${cfg.package}/bin/smtpctl";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail security.wrappers.smtpctl;
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /var/spool/smtpd 711 root - - -"
|
"d /var/spool/smtpd 711 root - - -"
|
||||||
"d /var/spool/smtpd/offline 770 root smtpq - -"
|
"d /var/spool/smtpd/offline 770 root smtpq - -"
|
||||||
|
@ -119,7 +128,5 @@ in {
|
||||||
serviceConfig.ExecStart = "${cfg.package}/sbin/smtpd -d -f ${conf} ${args}";
|
serviceConfig.ExecStart = "${cfg.package}/sbin/smtpd -d -f ${conf} ${args}";
|
||||||
environment.OPENSMTPD_PROC_PATH = "${procEnv}/libexec/opensmtpd";
|
environment.OPENSMTPD_PROC_PATH = "${procEnv}/libexec/opensmtpd";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = mkIf cfg.addSendmailToSystemPath [ sendmail ];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,9 +95,11 @@ in {
|
||||||
-conf ${configPath} \\
|
-conf ${configPath} \\
|
||||||
-base /var/lib/freeswitch";
|
-base /var/lib/freeswitch";
|
||||||
ExecReload = "${pkg}/bin/fs_cli -x reloadxml";
|
ExecReload = "${pkg}/bin/fs_cli -x reloadxml";
|
||||||
Restart = "always";
|
Restart = "on-failure";
|
||||||
RestartSec = "5s";
|
RestartSec = "5s";
|
||||||
|
CPUSchedulingPolicy = "fifo";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
environment.systemPackages = [ pkg ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,6 +43,9 @@ let
|
||||||
|
|
||||||
[gitlab-shell]
|
[gitlab-shell]
|
||||||
dir = "${cfg.packages.gitlab-shell}"
|
dir = "${cfg.packages.gitlab-shell}"
|
||||||
|
secret_file = "${cfg.statePath}/gitlab_shell_secret"
|
||||||
|
gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}"
|
||||||
|
http_settings = { self_signed_cert = false }
|
||||||
|
|
||||||
${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
|
${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
|
||||||
[[storage]]
|
[[storage]]
|
||||||
|
|
|
@ -11,9 +11,9 @@ let
|
||||||
(recursiveUpdate defaultConfig cfg.config) else cfg.config));
|
(recursiveUpdate defaultConfig cfg.config) else cfg.config));
|
||||||
configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } ''
|
configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } ''
|
||||||
${pkgs.remarshal}/bin/json2yaml -i ${configJSON} -o $out
|
${pkgs.remarshal}/bin/json2yaml -i ${configJSON} -o $out
|
||||||
# Hack to support secrets, that are encoded as custom yaml objects,
|
# Hack to support custom yaml objects,
|
||||||
# https://www.home-assistant.io/docs/configuration/secrets/
|
# i.e. secrets: https://www.home-assistant.io/docs/configuration/secrets/
|
||||||
sed -i -e "s/'\!secret \(.*\)'/\!secret \1/" $out
|
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
lovelaceConfigJSON = pkgs.writeText "ui-lovelace.json"
|
lovelaceConfigJSON = pkgs.writeText "ui-lovelace.json"
|
||||||
|
@ -120,7 +120,9 @@ in {
|
||||||
unit_system = "metric";
|
unit_system = "metric";
|
||||||
time_zone = "UTC";
|
time_zone = "UTC";
|
||||||
};
|
};
|
||||||
frontend = { };
|
frontend = {
|
||||||
|
themes = "!include_dir_merge_named themes";
|
||||||
|
};
|
||||||
http = { };
|
http = { };
|
||||||
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,9 @@ let
|
||||||
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
|
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
|
||||||
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
|
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
|
||||||
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
|
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
|
||||||
|
pluginsEnv = cfg.package.python.buildEnv.override {
|
||||||
|
extraLibs = cfg.plugins;
|
||||||
|
};
|
||||||
configFile = pkgs.writeText "homeserver.yaml" ''
|
configFile = pkgs.writeText "homeserver.yaml" ''
|
||||||
${optionalString (cfg.tls_certificate_path != null) ''
|
${optionalString (cfg.tls_certificate_path != null) ''
|
||||||
tls_certificate_path: "${cfg.tls_certificate_path}"
|
tls_certificate_path: "${cfg.tls_certificate_path}"
|
||||||
|
@ -125,6 +128,14 @@ in {
|
||||||
Overridable attribute of the matrix synapse server package to use.
|
Overridable attribute of the matrix synapse server package to use.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
plugins = mkOption {
|
||||||
|
type = types.listOf types.package;
|
||||||
|
default = [ ];
|
||||||
|
defaultText = "with config.services.matrix-synapse.package.plugins [ matrix-synapse-ldap3 matrix-synapse-pam ]";
|
||||||
|
description = ''
|
||||||
|
List of additional Matrix plugins to make available.
|
||||||
|
'';
|
||||||
|
};
|
||||||
no_tls = mkOption {
|
no_tls = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -686,6 +697,7 @@ in {
|
||||||
--keys-directory ${cfg.dataDir} \
|
--keys-directory ${cfg.dataDir} \
|
||||||
--generate-keys
|
--generate-keys
|
||||||
'';
|
'';
|
||||||
|
environment.PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
User = "matrix-synapse";
|
User = "matrix-synapse";
|
||||||
|
@ -715,5 +727,6 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
meta.doc = ./matrix-synapse.xml;
|
meta.doc = ./matrix-synapse.xml;
|
||||||
|
meta.maintainers = teams.matrix.members;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -442,6 +442,12 @@ in
|
||||||
nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
|
nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
|
||||||
nix.binaryCaches = [ "https://cache.nixos.org/" ];
|
nix.binaryCaches = [ "https://cache.nixos.org/" ];
|
||||||
|
|
||||||
|
environment.systemPackages =
|
||||||
|
[ nix
|
||||||
|
pkgs.nix-info
|
||||||
|
]
|
||||||
|
++ optional (config.programs.bash.enableCompletion && !versionAtLeast nixVersion "2.4pre") pkgs.nix-bash-completions;
|
||||||
|
|
||||||
environment.etc."nix/nix.conf".source = nixConf;
|
environment.etc."nix/nix.conf".source = nixConf;
|
||||||
|
|
||||||
environment.etc."nix/registry.json".text = builtins.toJSON {
|
environment.etc."nix/registry.json".text = builtins.toJSON {
|
||||||
|
|
|
@ -21,6 +21,7 @@ let
|
||||||
# `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart`
|
# `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart`
|
||||||
|
|
||||||
exporterOpts = genAttrs [
|
exporterOpts = genAttrs [
|
||||||
|
"apcupsd"
|
||||||
"bind"
|
"bind"
|
||||||
"blackbox"
|
"blackbox"
|
||||||
"collectd"
|
"collectd"
|
||||||
|
@ -28,6 +29,8 @@ let
|
||||||
"dovecot"
|
"dovecot"
|
||||||
"fritzbox"
|
"fritzbox"
|
||||||
"json"
|
"json"
|
||||||
|
"keylight"
|
||||||
|
"lnd"
|
||||||
"mail"
|
"mail"
|
||||||
"mikrotik"
|
"mikrotik"
|
||||||
"minio"
|
"minio"
|
||||||
|
|
38
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix
vendored
Normal file
38
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix
vendored
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{ config, lib, pkgs, options }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.prometheus.exporters.apcupsd;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
port = 9162;
|
||||||
|
extraOpts = {
|
||||||
|
apcupsdAddress = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = ":3551";
|
||||||
|
description = ''
|
||||||
|
Address of the apcupsd Network Information Server (NIS).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
apcupsdNetwork = mkOption {
|
||||||
|
type = types.enum ["tcp" "tcp4" "tcp6"];
|
||||||
|
default = "tcp";
|
||||||
|
description = ''
|
||||||
|
Network of the apcupsd Network Information Server (NIS): one of "tcp", "tcp4", or "tcp6".
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
serviceOpts = {
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''
|
||||||
|
${pkgs.prometheus-apcupsd-exporter}/bin/apcupsd_exporter \
|
||||||
|
-telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \
|
||||||
|
-apcupsd.addr ${cfg.apcupsdAddress} \
|
||||||
|
-apcupsd.network ${cfg.apcupsdNetwork} \
|
||||||
|
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
19
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix
vendored
Normal file
19
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix
vendored
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ config, lib, pkgs, options }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.prometheus.exporters.keylight;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
port = 9288;
|
||||||
|
serviceOpts = {
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''
|
||||||
|
${pkgs.prometheus-keylight-exporter}/bin/keylight_exporter \
|
||||||
|
-metrics.addr ${cfg.listenAddress}:${toString cfg.port} \
|
||||||
|
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
46
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix
vendored
Normal file
46
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix
vendored
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
{ config, lib, pkgs, options }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.prometheus.exporters.lnd;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
port = 9092;
|
||||||
|
extraOpts = {
|
||||||
|
lndHost = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "localhost:10009";
|
||||||
|
description = ''
|
||||||
|
lnd instance gRPC address:port.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
lndTlsPath = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = ''
|
||||||
|
Path to lnd TLS certificate.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
lndMacaroonDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = ''
|
||||||
|
Path to lnd macaroons.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
serviceOpts.serviceConfig = {
|
||||||
|
ExecStart = ''
|
||||||
|
${pkgs.prometheus-lnd-exporter}/bin/lndmon \
|
||||||
|
--prometheus.listenaddr=${cfg.listenAddress}:${toString cfg.port} \
|
||||||
|
--prometheus.logdir=/var/log/prometheus-lnd-exporter \
|
||||||
|
--lnd.host=${cfg.lndHost} \
|
||||||
|
--lnd.tlspath=${cfg.lndTlsPath} \
|
||||||
|
--lnd.macaroondir=${cfg.lndMacaroonDir} \
|
||||||
|
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||||
|
'';
|
||||||
|
LogsDirectory = "prometheus-lnd-exporter";
|
||||||
|
ReadOnlyPaths = [ cfg.lndTlsPath cfg.lndMacaroonDir ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,69 +1,17 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, options, ... }:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
inherit (pkgs) ipfs runCommand makeWrapper;
|
|
||||||
|
|
||||||
cfg = config.services.ipfs;
|
cfg = config.services.ipfs;
|
||||||
|
opt = options.services.ipfs;
|
||||||
|
|
||||||
ipfsFlags = toString ([
|
ipfsFlags = toString ([
|
||||||
(optionalString cfg.autoMount "--mount")
|
(optionalString cfg.autoMount "--mount")
|
||||||
#(optionalString cfg.autoMigrate "--migrate")
|
|
||||||
(optionalString cfg.enableGC "--enable-gc")
|
(optionalString cfg.enableGC "--enable-gc")
|
||||||
(optionalString (cfg.serviceFdlimit != null) "--manage-fdlimit=false")
|
(optionalString (cfg.serviceFdlimit != null) "--manage-fdlimit=false")
|
||||||
(optionalString (cfg.defaultMode == "offline") "--offline")
|
(optionalString (cfg.defaultMode == "offline") "--offline")
|
||||||
(optionalString (cfg.defaultMode == "norouting") "--routing=none")
|
(optionalString (cfg.defaultMode == "norouting") "--routing=none")
|
||||||
] ++ cfg.extraFlags);
|
] ++ cfg.extraFlags);
|
||||||
|
|
||||||
defaultDataDir = if versionAtLeast config.system.stateVersion "17.09" then
|
|
||||||
"/var/lib/ipfs" else
|
|
||||||
"/var/lib/ipfs/.ipfs";
|
|
||||||
|
|
||||||
# Wrapping the ipfs binary with the environment variable IPFS_PATH set to dataDir because we can't set it in the user environment
|
|
||||||
wrapped = runCommand "ipfs" { buildInputs = [ makeWrapper ]; preferLocalBuild = true; } ''
|
|
||||||
mkdir -p "$out/bin"
|
|
||||||
makeWrapper "${ipfs}/bin/ipfs" "$out/bin/ipfs" \
|
|
||||||
--set IPFS_PATH ${cfg.dataDir} \
|
|
||||||
--prefix PATH : /run/wrappers/bin
|
|
||||||
'';
|
|
||||||
|
|
||||||
|
|
||||||
commonEnv = {
|
|
||||||
environment.IPFS_PATH = cfg.dataDir;
|
|
||||||
path = [ wrapped ];
|
|
||||||
serviceConfig.User = cfg.user;
|
|
||||||
serviceConfig.Group = cfg.group;
|
|
||||||
};
|
|
||||||
|
|
||||||
baseService = recursiveUpdate commonEnv {
|
|
||||||
wants = [ "ipfs-init.service" ];
|
|
||||||
# NB: migration must be performed prior to pre-start, else we get the failure message!
|
|
||||||
preStart = optionalString cfg.autoMount ''
|
|
||||||
ipfs --local config Mounts.FuseAllowOther --json true
|
|
||||||
ipfs --local config Mounts.IPFS ${cfg.ipfsMountDir}
|
|
||||||
ipfs --local config Mounts.IPNS ${cfg.ipnsMountDir}
|
|
||||||
'' + concatStringsSep "\n" (collect
|
|
||||||
isString
|
|
||||||
(mapAttrsRecursive
|
|
||||||
(path: value:
|
|
||||||
# Using heredoc below so that the value is never improperly quoted
|
|
||||||
''
|
|
||||||
read value <<EOF
|
|
||||||
${builtins.toJSON value}
|
|
||||||
EOF
|
|
||||||
ipfs --local config --json "${concatStringsSep "." path}" "$value"
|
|
||||||
'')
|
|
||||||
({ Addresses.API = cfg.apiAddress;
|
|
||||||
Addresses.Gateway = cfg.gatewayAddress;
|
|
||||||
Addresses.Swarm = cfg.swarmAddress;
|
|
||||||
} //
|
|
||||||
cfg.extraConfig))
|
|
||||||
);
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${wrapped}/bin/ipfs daemon ${ipfsFlags}";
|
|
||||||
Restart = "on-failure";
|
|
||||||
RestartSec = 1;
|
|
||||||
} // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; };
|
|
||||||
};
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
|
@ -88,7 +36,9 @@ in {
|
||||||
|
|
||||||
dataDir = mkOption {
|
dataDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = defaultDataDir;
|
default = if versionAtLeast config.system.stateVersion "17.09"
|
||||||
|
then "/var/lib/ipfs"
|
||||||
|
else "/var/lib/ipfs/.ipfs";
|
||||||
description = "The data dir for IPFS";
|
description = "The data dir for IPFS";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -98,18 +48,6 @@ in {
|
||||||
description = "systemd service that is enabled by default";
|
description = "systemd service that is enabled by default";
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
|
||||||
autoMigrate = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Whether IPFS should try to migrate the file system automatically.
|
|
||||||
|
|
||||||
The daemon will need to be able to download a binary from https://ipfs.io to perform the migration.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
|
|
||||||
autoMount = mkOption {
|
autoMount = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -199,13 +137,21 @@ in {
|
||||||
example = 64*1024;
|
example = 64*1024;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
startWhenNeeded = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Whether to use socket activation to start IPFS when needed.";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ wrapped ];
|
environment.systemPackages = [ pkgs.ipfs ];
|
||||||
|
environment.variables.IPFS_PATH = cfg.dataDir;
|
||||||
|
|
||||||
programs.fuse = mkIf cfg.autoMount {
|
programs.fuse = mkIf cfg.autoMount {
|
||||||
userAllowOther = true;
|
userAllowOther = true;
|
||||||
};
|
};
|
||||||
|
@ -234,10 +180,14 @@ in {
|
||||||
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.ipfs-init = recursiveUpdate commonEnv {
|
systemd.packages = [ pkgs.ipfs ];
|
||||||
|
|
||||||
|
systemd.services.ipfs-init = {
|
||||||
description = "IPFS Initializer";
|
description = "IPFS Initializer";
|
||||||
|
|
||||||
before = [ "ipfs.service" "ipfs-offline.service" "ipfs-norouting.service" ];
|
environment.IPFS_PATH = cfg.dataDir;
|
||||||
|
|
||||||
|
path = [ pkgs.ipfs ];
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
if [[ ! -f ${cfg.dataDir}/config ]]; then
|
if [[ ! -f ${cfg.dataDir}/config ]]; then
|
||||||
|
@ -251,34 +201,63 @@ in {
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
wantedBy = [ "default.target" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO These 3 definitions possibly be further abstracted through use of a function
|
systemd.services.ipfs = {
|
||||||
# like: mutexServices "ipfs" [ "", "offline", "norouting" ] { ... shared conf here ... }
|
path = [ "/run/wrappers" pkgs.ipfs ];
|
||||||
|
environment.IPFS_PATH = cfg.dataDir;
|
||||||
|
|
||||||
systemd.services.ipfs = recursiveUpdate baseService {
|
wants = [ "ipfs-init.service" ];
|
||||||
description = "IPFS Daemon";
|
after = [ "ipfs-init.service" ];
|
||||||
wantedBy = mkIf (cfg.defaultMode == "online") [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" "ipfs-init.service" ];
|
preStart = optionalString cfg.autoMount ''
|
||||||
conflicts = [ "ipfs-offline.service" "ipfs-norouting.service"];
|
ipfs --local config Mounts.FuseAllowOther --json true
|
||||||
|
ipfs --local config Mounts.IPFS ${cfg.ipfsMountDir}
|
||||||
|
ipfs --local config Mounts.IPNS ${cfg.ipnsMountDir}
|
||||||
|
'' + concatStringsSep "\n" (collect
|
||||||
|
isString
|
||||||
|
(mapAttrsRecursive
|
||||||
|
(path: value:
|
||||||
|
# Using heredoc below so that the value is never improperly quoted
|
||||||
|
''
|
||||||
|
read value <<EOF
|
||||||
|
${builtins.toJSON value}
|
||||||
|
EOF
|
||||||
|
ipfs --local config --json "${concatStringsSep "." path}" "$value"
|
||||||
|
'')
|
||||||
|
({ Addresses.API = cfg.apiAddress;
|
||||||
|
Addresses.Gateway = cfg.gatewayAddress;
|
||||||
|
Addresses.Swarm = cfg.swarmAddress;
|
||||||
|
} //
|
||||||
|
cfg.extraConfig))
|
||||||
|
);
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ["" "${pkgs.ipfs}/bin/ipfs daemon ${ipfsFlags}"];
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
|
} // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; };
|
||||||
|
} // optionalAttrs (!cfg.startWhenNeeded) {
|
||||||
|
wantedBy = [ "default.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.ipfs-offline = recursiveUpdate baseService {
|
systemd.sockets.ipfs-gateway = {
|
||||||
description = "IPFS Daemon (offline mode)";
|
wantedBy = [ "sockets.target" ];
|
||||||
wantedBy = mkIf (cfg.defaultMode == "offline") [ "multi-user.target" ];
|
socketConfig.ListenStream = [ "" ]
|
||||||
after = [ "ipfs-init.service" ];
|
++ lib.optional (cfg.gatewayAddress == opt.gatewayAddress.default) [ "127.0.0.1:8080" "[::1]:8080" ];
|
||||||
conflicts = [ "ipfs.service" "ipfs-norouting.service"];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.ipfs-norouting = recursiveUpdate baseService {
|
systemd.sockets.ipfs-api = {
|
||||||
description = "IPFS Daemon (no routing mode)";
|
wantedBy = [ "sockets.target" ];
|
||||||
wantedBy = mkIf (cfg.defaultMode == "norouting") [ "multi-user.target" ];
|
socketConfig.ListenStream = [ "" "%t/ipfs.sock" ]
|
||||||
after = [ "ipfs-init.service" ];
|
++ lib.optional (cfg.apiAddress == opt.apiAddress.default) [ "127.0.0.1:5001" "[::1]:5001" ];
|
||||||
conflicts = [ "ipfs.service" "ipfs-offline.service"];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,14 +4,50 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.corerad;
|
cfg = config.services.corerad;
|
||||||
|
|
||||||
|
writeTOML = name: x:
|
||||||
|
pkgs.runCommandNoCCLocal name {
|
||||||
|
passAsFile = ["config"];
|
||||||
|
config = builtins.toJSON x;
|
||||||
|
buildInputs = [ pkgs.go-toml ];
|
||||||
|
} "jsontoml < $configPath > $out";
|
||||||
|
|
||||||
in {
|
in {
|
||||||
meta = {
|
meta.maintainers = with maintainers; [ mdlayher ];
|
||||||
maintainers = with maintainers; [ mdlayher ];
|
|
||||||
};
|
|
||||||
|
|
||||||
options.services.corerad = {
|
options.services.corerad = {
|
||||||
enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon";
|
enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon";
|
||||||
|
|
||||||
|
settings = mkOption {
|
||||||
|
type = types.uniq types.attrs;
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
interfaces = [
|
||||||
|
# eth0 is an upstream interface monitoring for IPv6 router advertisements.
|
||||||
|
{
|
||||||
|
name = "eth0";
|
||||||
|
monitor = true;
|
||||||
|
}
|
||||||
|
# eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.
|
||||||
|
{
|
||||||
|
name = "eth1";
|
||||||
|
advertise = true;
|
||||||
|
prefix = [{ prefix = "::/64"; }];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
# Optionally enable Prometheus metrics.
|
||||||
|
debug = {
|
||||||
|
address = "localhost:9430";
|
||||||
|
prometheus = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
Configuration for CoreRAD, see <link xlink:href="https://github.com/mdlayher/corerad/blob/master/internal/config/default.toml"/>
|
||||||
|
for supported values. Ignored if configFile is set.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
configFile = mkOption {
|
configFile = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\"";
|
example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\"";
|
||||||
|
@ -27,6 +63,9 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
# Prefer the config file over settings if both are set.
|
||||||
|
services.corerad.configFile = mkDefault (writeTOML "corerad.toml" cfg.settings);
|
||||||
|
|
||||||
systemd.services.corerad = {
|
systemd.services.corerad = {
|
||||||
description = "CoreRAD IPv6 NDP RA daemon";
|
description = "CoreRAD IPv6 NDP RA daemon";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
|
@ -1,184 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
cfgs = config.services;
|
|
||||||
cfg = cfgs.dnschain;
|
|
||||||
|
|
||||||
dataDir = "/var/lib/dnschain";
|
|
||||||
username = "dnschain";
|
|
||||||
|
|
||||||
configFile = pkgs.writeText "dnschain.conf" ''
|
|
||||||
[log]
|
|
||||||
level = info
|
|
||||||
|
|
||||||
[dns]
|
|
||||||
host = ${cfg.dns.address}
|
|
||||||
port = ${toString cfg.dns.port}
|
|
||||||
oldDNSMethod = NO_OLD_DNS
|
|
||||||
externalIP = ${cfg.dns.externalAddress}
|
|
||||||
|
|
||||||
[http]
|
|
||||||
host = ${cfg.api.hostname}
|
|
||||||
port = ${toString cfg.api.port}
|
|
||||||
tlsPort = ${toString cfg.api.tlsPort}
|
|
||||||
|
|
||||||
${cfg.extraConfig}
|
|
||||||
'';
|
|
||||||
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
|
|
||||||
###### interface
|
|
||||||
|
|
||||||
options = {
|
|
||||||
|
|
||||||
services.dnschain = {
|
|
||||||
|
|
||||||
enable = mkEnableOption ''
|
|
||||||
DNSChain, a blockchain based DNS + HTTP server.
|
|
||||||
To resolve .bit domains set <literal>services.namecoind.enable = true;</literal>
|
|
||||||
and an RPC username/password.
|
|
||||||
'';
|
|
||||||
|
|
||||||
dns.address = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "127.0.0.1";
|
|
||||||
description = ''
|
|
||||||
The IP address the DNSChain resolver will bind to.
|
|
||||||
Leave this unchanged if you do not wish to directly expose the resolver.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
dns.externalAddress = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = cfg.dns.address;
|
|
||||||
description = ''
|
|
||||||
The IP address used by clients to reach the resolver and the value of
|
|
||||||
the <literal>namecoin.dns</literal> record. Set this in case the bind address
|
|
||||||
is not the actual IP address (e.g. the machine is behind a NAT).
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
dns.port = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 5333;
|
|
||||||
description = ''
|
|
||||||
The port the DNSChain resolver will bind to.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
api.hostname = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "0.0.0.0";
|
|
||||||
description = ''
|
|
||||||
The hostname (or IP address) the DNSChain API server will bind to.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
api.port = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 8080;
|
|
||||||
description = ''
|
|
||||||
The port the DNSChain API server (HTTP) will bind to.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
api.tlsPort = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 4433;
|
|
||||||
description = ''
|
|
||||||
The port the DNSChain API server (HTTPS) will bind to.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
extraConfig = mkOption {
|
|
||||||
type = types.lines;
|
|
||||||
default = "";
|
|
||||||
example = ''
|
|
||||||
[log]
|
|
||||||
level = debug
|
|
||||||
'';
|
|
||||||
description = ''
|
|
||||||
Additional options that will be appended to the configuration file.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
services.dnsmasq.resolveDNSChainQueries = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.pdns-recursor.resolveDNSChainQueries = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
###### implementation
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
|
|
||||||
services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries
|
|
||||||
[ "/.bit/127.0.0.1#${toString cfg.dns.port}"
|
|
||||||
"/.dns/127.0.0.1#${toString cfg.dns.port}"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveDNSChainQueries {
|
|
||||||
forwardZonesRecurse =
|
|
||||||
{ bit = "127.0.0.1:${toString cfg.dns.port}";
|
|
||||||
dns = "127.0.0.1:${toString cfg.dns.port}";
|
|
||||||
};
|
|
||||||
luaConfig =''
|
|
||||||
addNTA("bit", "namecoin doesn't support DNSSEC")
|
|
||||||
addNTA("dns", "namecoin doesn't support DNSSEC")
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.${username} = {
|
|
||||||
description = "DNSChain daemon user";
|
|
||||||
home = dataDir;
|
|
||||||
createHome = true;
|
|
||||||
uid = config.ids.uids.dnschain;
|
|
||||||
extraGroups = optional cfgs.namecoind.enable "namecoin";
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.dnschain = {
|
|
||||||
description = "DNSChain daemon";
|
|
||||||
after = optional cfgs.namecoind.enable "namecoind.target";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
User = "dnschain";
|
|
||||||
Restart = "on-failure";
|
|
||||||
ExecStart = "${pkgs.nodePackages.dnschain}/bin/dnschain";
|
|
||||||
};
|
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
# Link configuration file into dnschain home directory
|
|
||||||
configPath=${dataDir}/.dnschain/dnschain.conf
|
|
||||||
mkdir -p ${dataDir}/.dnschain
|
|
||||||
if [ "$(realpath $configPath)" != "${configFile}" ]; then
|
|
||||||
rm -f $configPath
|
|
||||||
ln -s ${configFile} $configPath
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
|
|
||||||
|
|
||||||
}
|
|
53
third_party/nixpkgs/nixos/modules/services/networking/go-neb.nix
vendored
Normal file
53
third_party/nixpkgs/nixos/modules/services/networking/go-neb.nix
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.go-neb;
|
||||||
|
|
||||||
|
configFile = pkgs.writeText "config.yml" (builtins.toJSON cfg.config);
|
||||||
|
in {
|
||||||
|
options.services.go-neb = {
|
||||||
|
enable = mkEnableOption "Extensible matrix bot written in Go";
|
||||||
|
|
||||||
|
bindAddress = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Port (and optionally address) to listen on.";
|
||||||
|
default = ":4050";
|
||||||
|
};
|
||||||
|
|
||||||
|
baseUrl = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Public-facing endpoint that can receive webhooks.";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkOption {
|
||||||
|
type = types.uniq types.attrs;
|
||||||
|
description = ''
|
||||||
|
Your <filename>config.yaml</filename> as a Nix attribute set.
|
||||||
|
See <link xlink:href="https://github.com/matrix-org/go-neb/blob/master/config.sample.yaml">config.sample.yaml</link>
|
||||||
|
for possible options.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.go-neb = {
|
||||||
|
description = "Extensible matrix bot written in Go";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment = {
|
||||||
|
BASE_URL = cfg.baseUrl;
|
||||||
|
BIND_ADDRESS = cfg.bindAddress;
|
||||||
|
CONFIG_FILE = configFile;
|
||||||
|
};
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.go-neb}/bin/go-neb";
|
||||||
|
DynamicUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with maintainers; [ hexa maralorn ];
|
||||||
|
}
|
|
@ -149,11 +149,6 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
services.dnschain.extraConfig = ''
|
|
||||||
[namecoin]
|
|
||||||
config = ${configFile}
|
|
||||||
'';
|
|
||||||
|
|
||||||
users.users.namecoin = {
|
users.users.namecoin = {
|
||||||
uid = config.ids.uids.namecoin;
|
uid = config.ids.uids.namecoin;
|
||||||
description = "Namecoin daemon user";
|
description = "Namecoin daemon user";
|
||||||
|
|
|
@ -107,6 +107,7 @@ in
|
||||||
++ cfg.lockOn.extraTargets;
|
++ cfg.lockOn.extraTargets;
|
||||||
before = optional cfg.lockOn.suspend "systemd-suspend.service"
|
before = optional cfg.lockOn.suspend "systemd-suspend.service"
|
||||||
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
|
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
|
||||||
|
++ optional (cfg.lockOn.hibernate || cfg.lockOn.suspend) "systemd-suspend-then-hibernate.service"
|
||||||
++ cfg.lockOn.extraTargets;
|
++ cfg.lockOn.extraTargets;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "forking";
|
Type = "forking";
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.cgmanager;
|
|
||||||
in {
|
|
||||||
meta.maintainers = [ maintainers.mic92 ];
|
|
||||||
|
|
||||||
###### interface
|
|
||||||
options.services.cgmanager.enable = mkEnableOption "cgmanager";
|
|
||||||
|
|
||||||
###### implementation
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
systemd.services.cgmanager = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
description = "Cgroup management daemon";
|
|
||||||
restartIfChanged = false;
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.cgmanager}/bin/cgmanager -m name=systemd";
|
|
||||||
KillMode = "process";
|
|
||||||
Restart = "on-failure";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -179,6 +179,8 @@ in
|
||||||
${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so.* mr,
|
${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so.* mr,
|
||||||
${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so.* mr,
|
${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so.* mr,
|
||||||
${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so.* mr,
|
${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so.* mr,
|
||||||
|
${getLib pkgs.gcc.cc.lib}/lib/libstdc++.so.* mr,
|
||||||
|
${getLib pkgs.gcc.cc.lib}/lib/libgcc_s.so.* mr,
|
||||||
|
|
||||||
@{PROC}/sys/kernel/random/uuid r,
|
@{PROC}/sys/kernel/random/uuid r,
|
||||||
@{PROC}/sys/vm/overcommit_memory r,
|
@{PROC}/sys/vm/overcommit_memory r,
|
||||||
|
|
|
@ -34,7 +34,7 @@ let
|
||||||
cd ${cfg.package}
|
cd ${cfg.package}
|
||||||
sudo=exec
|
sudo=exec
|
||||||
if [[ "$USER" != nextcloud ]]; then
|
if [[ "$USER" != nextcloud ]]; then
|
||||||
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR'
|
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS'
|
||||||
fi
|
fi
|
||||||
export NEXTCLOUD_CONFIG_DIR="${cfg.home}/config"
|
export NEXTCLOUD_CONFIG_DIR="${cfg.home}/config"
|
||||||
$sudo \
|
$sudo \
|
||||||
|
|
|
@ -37,10 +37,10 @@ let
|
||||||
chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides
|
chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides
|
||||||
cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF
|
cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF
|
||||||
[org.gnome.desktop.background]
|
[org.gnome.desktop.background]
|
||||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray}/share/artwork/gnome/nix-wallpaper-simple-dark-gray.png'
|
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}'
|
||||||
|
|
||||||
[org.gnome.desktop.screensaver]
|
[org.gnome.desktop.screensaver]
|
||||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png'
|
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath}'
|
||||||
|
|
||||||
[org.gnome.shell]
|
[org.gnome.shell]
|
||||||
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ]
|
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ]
|
||||||
|
@ -320,6 +320,8 @@ in
|
||||||
gnome-shell
|
gnome-shell
|
||||||
gnome-shell-extensions
|
gnome-shell-extensions
|
||||||
gnome-themes-extra
|
gnome-themes-extra
|
||||||
|
pkgs.nixos-artwork.wallpapers.simple-dark-gray
|
||||||
|
pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom
|
||||||
pkgs.gnome-user-docs
|
pkgs.gnome-user-docs
|
||||||
pkgs.orca
|
pkgs.orca
|
||||||
pkgs.glib # for gsettings
|
pkgs.glib # for gsettings
|
||||||
|
|
|
@ -180,6 +180,7 @@ in
|
||||||
gtk3.out
|
gtk3.out
|
||||||
hicolor-icon-theme
|
hicolor-icon-theme
|
||||||
lightlocker
|
lightlocker
|
||||||
|
nixos-artwork.wallpapers.simple-dark-gray
|
||||||
onboard
|
onboard
|
||||||
qgnomeplatform
|
qgnomeplatform
|
||||||
shared-mime-info
|
shared-mime-info
|
||||||
|
|
|
@ -132,8 +132,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
background = mkOption {
|
background = mkOption {
|
||||||
type = types.str;
|
type = types.path;
|
||||||
default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png";
|
# Manual cannot depend on packages, we are actually setting the default in config below.
|
||||||
|
defaultText = "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath";
|
||||||
description = ''
|
description = ''
|
||||||
The background image or color to use.
|
The background image or color to use.
|
||||||
'';
|
'';
|
||||||
|
@ -212,6 +213,9 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Keep in sync with the defaultText value from the option definition.
|
||||||
|
services.xserver.displayManager.lightdm.background = mkDefault pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath;
|
||||||
|
|
||||||
# Set default session in session chooser to a specified values – basically ignore session history.
|
# Set default session in session chooser to a specified values – basically ignore session history.
|
||||||
# Auto-login is already covered by a config value.
|
# Auto-login is already covered by a config value.
|
||||||
services.xserver.displayManager.job.preStart = optionalString (!cfg.autoLogin.enable && dmcfg.defaultSession != null) ''
|
services.xserver.displayManager.job.preStart = optionalString (!cfg.autoLogin.enable && dmcfg.defaultSession != null) ''
|
||||||
|
|
|
@ -246,7 +246,7 @@ in
|
||||||
videoDrivers = mkOption {
|
videoDrivers = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
# !!! We'd like "nv" here, but it segfaults the X server.
|
# !!! We'd like "nv" here, but it segfaults the X server.
|
||||||
default = [ "radeon" "cirrus" "vesa" "vmware" "modesetting" ];
|
default = [ "radeon" "cirrus" "vesa" "modesetting" ];
|
||||||
example = [
|
example = [
|
||||||
"ati_unfree" "amdgpu" "amdgpu-pro"
|
"ati_unfree" "amdgpu" "amdgpu-pro"
|
||||||
"nv" "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304"
|
"nv" "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304"
|
||||||
|
|
|
@ -22,7 +22,7 @@ let
|
||||||
|
|
||||||
mergeFalseByDefault = locs: defs:
|
mergeFalseByDefault = locs: defs:
|
||||||
if defs == [] then abort "This case should never happen."
|
if defs == [] then abort "This case should never happen."
|
||||||
else if any (x: x == false) defs then false
|
else if any (x: x == false) (getValues defs) then false
|
||||||
else true;
|
else true;
|
||||||
|
|
||||||
kernelItem = types.submodule {
|
kernelItem = types.submodule {
|
||||||
|
@ -55,6 +55,7 @@ let
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Wether option should generate a failure when unused.
|
Wether option should generate a failure when unused.
|
||||||
|
Upon merging values, mandatory wins over optional.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -121,7 +122,7 @@ in
|
||||||
type = types.attrsOf kernelItem;
|
type = types.attrsOf kernelItem;
|
||||||
example = literalExample '' with lib.kernel; {
|
example = literalExample '' with lib.kernel; {
|
||||||
"9P_NET" = yes;
|
"9P_NET" = yes;
|
||||||
USB = optional yes;
|
USB = option yes;
|
||||||
MMC_BLOCK_MINORS = freeform "32";
|
MMC_BLOCK_MINORS = freeform "32";
|
||||||
}'';
|
}'';
|
||||||
description = ''
|
description = ''
|
||||||
|
|
|
@ -60,7 +60,7 @@ let
|
||||||
inherit (efi) canTouchEfiVariables;
|
inherit (efi) canTouchEfiVariables;
|
||||||
inherit (cfg)
|
inherit (cfg)
|
||||||
version extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber
|
version extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber
|
||||||
extraEntriesBeforeNixOS extraPrepareConfig extraInitrd configurationLimit copyKernels
|
extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels
|
||||||
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
|
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
|
||||||
path = with pkgs; makeBinPath (
|
path = with pkgs; makeBinPath (
|
||||||
[ coreutils gnused gnugrep findutils diffutils btrfs-progs utillinux mdadm ]
|
[ coreutils gnused gnugrep findutils diffutils btrfs-progs utillinux mdadm ]
|
||||||
|
@ -83,7 +83,7 @@ let
|
||||||
] ++ (optional (cfg.fontSize!=null) "--size ${toString cfg.fontSize}")))
|
] ++ (optional (cfg.fontSize!=null) "--size ${toString cfg.fontSize}")))
|
||||||
);
|
);
|
||||||
|
|
||||||
defaultSplash = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bootloader.png";
|
defaultSplash = pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader.gnomeFilePath;
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -292,19 +292,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraInitrd = mkOption {
|
|
||||||
type = types.nullOr types.path;
|
|
||||||
default = null;
|
|
||||||
example = "/boot/extra_initramfs.gz";
|
|
||||||
description = ''
|
|
||||||
The path to a second initramfs to be supplied to the kernel.
|
|
||||||
This ramfs will not be copied to the store, so that it can
|
|
||||||
contain secrets such as LUKS keyfiles or ssh keys.
|
|
||||||
This implies that rolling back to a previous configuration
|
|
||||||
won't rollback the state of this file.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
useOSProber = mkOption {
|
useOSProber = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -608,6 +595,8 @@ in
|
||||||
{ path = "/boot"; inherit (cfg) devices; inherit (efi) efiSysMountPoint; }
|
{ path = "/boot"; inherit (cfg) devices; inherit (efi) efiSysMountPoint; }
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.loader.supportsInitrdSecrets = true;
|
||||||
|
|
||||||
system.build.installBootLoader =
|
system.build.installBootLoader =
|
||||||
let
|
let
|
||||||
install-grub-pl = pkgs.substituteAll {
|
install-grub-pl = pkgs.substituteAll {
|
||||||
|
@ -705,6 +694,24 @@ in
|
||||||
(mkRenamedOptionModule [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ])
|
(mkRenamedOptionModule [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ])
|
||||||
(mkRenamedOptionModule [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ])
|
(mkRenamedOptionModule [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ])
|
||||||
(mkRenamedOptionModule [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ])
|
(mkRenamedOptionModule [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ])
|
||||||
|
(mkRemovedOptionModule [ "boot" "loader" "grub" "extraInitrd" ] ''
|
||||||
|
This option has been replaced with the bootloader agnostic
|
||||||
|
boot.initrd.secrets option. To migrate to the initrd secrets system,
|
||||||
|
extract the extraInitrd archive into your main filesystem:
|
||||||
|
|
||||||
|
# zcat /boot/extra_initramfs.gz | cpio -idvmD /etc/secrets/initrd
|
||||||
|
/path/to/secret1
|
||||||
|
/path/to/secret2
|
||||||
|
|
||||||
|
then replace boot.loader.grub.extraInitrd with boot.initrd.secrets:
|
||||||
|
|
||||||
|
boot.initrd.secrets = {
|
||||||
|
"/path/to/secret1" = "/etc/secrets/initrd/path/to/secret1";
|
||||||
|
"/path/to/secret2" = "/etc/secrets/initrd/path/to/secret2";
|
||||||
|
};
|
||||||
|
|
||||||
|
See the boot.initrd.secrets option documentation for more information.
|
||||||
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,7 +49,6 @@ my $extraPrepareConfig = get("extraPrepareConfig");
|
||||||
my $extraPerEntryConfig = get("extraPerEntryConfig");
|
my $extraPerEntryConfig = get("extraPerEntryConfig");
|
||||||
my $extraEntries = get("extraEntries");
|
my $extraEntries = get("extraEntries");
|
||||||
my $extraEntriesBeforeNixOS = get("extraEntriesBeforeNixOS") eq "true";
|
my $extraEntriesBeforeNixOS = get("extraEntriesBeforeNixOS") eq "true";
|
||||||
my $extraInitrd = get("extraInitrd");
|
|
||||||
my $splashImage = get("splashImage");
|
my $splashImage = get("splashImage");
|
||||||
my $splashMode = get("splashMode");
|
my $splashMode = get("splashMode");
|
||||||
my $backgroundColor = get("backgroundColor");
|
my $backgroundColor = get("backgroundColor");
|
||||||
|
@ -232,13 +231,6 @@ my $grubStore;
|
||||||
if ($copyKernels == 0) {
|
if ($copyKernels == 0) {
|
||||||
$grubStore = GrubFs($storePath);
|
$grubStore = GrubFs($storePath);
|
||||||
}
|
}
|
||||||
my $extraInitrdPath;
|
|
||||||
if ($extraInitrd) {
|
|
||||||
if (! -f $extraInitrd) {
|
|
||||||
print STDERR "Warning: the specified extraInitrd " . $extraInitrd . " doesn't exist. Your system won't boot without it.\n";
|
|
||||||
}
|
|
||||||
$extraInitrdPath = GrubFs($extraInitrd);
|
|
||||||
}
|
|
||||||
|
|
||||||
# Generate the header.
|
# Generate the header.
|
||||||
my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n";
|
my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n";
|
||||||
|
@ -363,9 +355,30 @@ sub addEntry {
|
||||||
|
|
||||||
my $kernel = copyToKernelsDir(Cwd::abs_path("$path/kernel"));
|
my $kernel = copyToKernelsDir(Cwd::abs_path("$path/kernel"));
|
||||||
my $initrd = copyToKernelsDir(Cwd::abs_path("$path/initrd"));
|
my $initrd = copyToKernelsDir(Cwd::abs_path("$path/initrd"));
|
||||||
if ($extraInitrd) {
|
|
||||||
$initrd .= " " .$extraInitrdPath->path;
|
# Include second initrd with secrets
|
||||||
|
if (-e -x "$path/append-initrd-secrets") {
|
||||||
|
my $initrdName = basename($initrd);
|
||||||
|
my $initrdSecretsPath = "$bootPath/kernels/$initrdName-secrets";
|
||||||
|
|
||||||
|
mkpath(dirname($initrdSecretsPath), 0, 0755);
|
||||||
|
my $oldUmask = umask;
|
||||||
|
# Make sure initrd is not world readable (won't work if /boot is FAT)
|
||||||
|
umask 0137;
|
||||||
|
my $initrdSecretsPathTemp = File::Temp::mktemp("$initrdSecretsPath.XXXXXXXX");
|
||||||
|
system("$path/append-initrd-secrets", $initrdSecretsPathTemp) == 0 or die "failed to create initrd secrets\n";
|
||||||
|
# Check whether any secrets were actually added
|
||||||
|
if (-e $initrdSecretsPathTemp && ! -z _) {
|
||||||
|
rename $initrdSecretsPathTemp, $initrdSecretsPath or die "failed to move initrd secrets into place\n";
|
||||||
|
$copied{$initrdSecretsPath} = 1;
|
||||||
|
$initrd .= " " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$initrdName-secrets";
|
||||||
|
} else {
|
||||||
|
unlink $initrdSecretsPathTemp;
|
||||||
|
rmdir dirname($initrdSecretsPathTemp);
|
||||||
|
}
|
||||||
|
umask $oldUmask;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $xen = -e "$path/xen.gz" ? copyToKernelsDir(Cwd::abs_path("$path/xen.gz")) : undef;
|
my $xen = -e "$path/xen.gz" ? copyToKernelsDir(Cwd::abs_path("$path/xen.gz")) : undef;
|
||||||
|
|
||||||
# FIXME: $confName
|
# FIXME: $confName
|
||||||
|
@ -388,9 +401,6 @@ sub addEntry {
|
||||||
if ($copyKernels == 0) {
|
if ($copyKernels == 0) {
|
||||||
$conf .= $grubStore->search . "\n";
|
$conf .= $grubStore->search . "\n";
|
||||||
}
|
}
|
||||||
if ($extraInitrd) {
|
|
||||||
$conf .= $extraInitrdPath->search . "\n";
|
|
||||||
}
|
|
||||||
$conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig;
|
$conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig;
|
||||||
$conf .= " multiboot $xen $xenParams\n" if $xen;
|
$conf .= " multiboot $xen $xenParams\n" if $xen;
|
||||||
$conf .= " " . ($xen ? "module" : "linux") . " $kernel $kernelParams\n";
|
$conf .= " " . ($xen ? "module" : "linux") . " $kernel $kernelParams\n";
|
||||||
|
|
|
@ -47,9 +47,9 @@ def write_loader_conf(profile, generation):
|
||||||
if "@timeout@" != "":
|
if "@timeout@" != "":
|
||||||
f.write("timeout @timeout@\n")
|
f.write("timeout @timeout@\n")
|
||||||
if profile:
|
if profile:
|
||||||
f.write("default nixos-%s-generation-%d\n" % (profile, generation))
|
f.write("default nixos-%s-generation-%d.conf\n".format(profile, generation))
|
||||||
else:
|
else:
|
||||||
f.write("default nixos-generation-%d\n" % (generation))
|
f.write("default nixos-generation-%d.conf\n".format(generation))
|
||||||
if not @editor@:
|
if not @editor@:
|
||||||
f.write("editor 0\n");
|
f.write("editor 0\n");
|
||||||
f.write("console-mode @consoleMode@\n");
|
f.write("console-mode @consoleMode@\n");
|
||||||
|
@ -197,6 +197,22 @@ def main():
|
||||||
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"])
|
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"])
|
||||||
else:
|
else:
|
||||||
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"])
|
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"])
|
||||||
|
else:
|
||||||
|
# Update bootloader to latest if needed
|
||||||
|
systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[1]
|
||||||
|
sdboot_status = subprocess.check_output(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "status"], universal_newlines=True)
|
||||||
|
|
||||||
|
# See status_binaries() in systemd bootctl.c for code which generates this
|
||||||
|
m = re.search("^\W+File:.*/EFI/(BOOT|systemd)/.*\.efi \(systemd-boot (\d+)\)$",
|
||||||
|
sdboot_status, re.IGNORECASE | re.MULTILINE)
|
||||||
|
if m is None:
|
||||||
|
print("could not find any previously installed systemd-boot")
|
||||||
|
else:
|
||||||
|
sdboot_version = m.group(2)
|
||||||
|
if systemd_version > sdboot_version:
|
||||||
|
print("updating systemd-boot from %s to %s" % (sdboot_version, systemd_version))
|
||||||
|
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "update"])
|
||||||
|
|
||||||
|
|
||||||
mkdir_p("@efiSysMountPoint@/efi/nixos")
|
mkdir_p("@efiSysMountPoint@/efi/nixos")
|
||||||
mkdir_p("@efiSysMountPoint@/loader/entries")
|
mkdir_p("@efiSysMountPoint@/loader/entries")
|
||||||
|
|
|
@ -1178,14 +1178,22 @@ in
|
||||||
users.users.systemd-network.group = "systemd-network";
|
users.users.systemd-network.group = "systemd-network";
|
||||||
|
|
||||||
systemd.additionalUpstreamSystemUnits = [
|
systemd.additionalUpstreamSystemUnits = [
|
||||||
"systemd-networkd.service" "systemd-networkd-wait-online.service"
|
"systemd-networkd-wait-online.service"
|
||||||
|
"systemd-networkd.service"
|
||||||
|
"systemd-networkd.socket"
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
|
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
|
||||||
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
|
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
|
||||||
|
|
||||||
|
# systemd-networkd is socket-activated by kernel netlink route change
|
||||||
|
# messages. It is important to have systemd buffer those on behalf of
|
||||||
|
# networkd.
|
||||||
|
systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ];
|
||||||
|
|
||||||
systemd.services.systemd-networkd = {
|
systemd.services.systemd-networkd = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
aliases = [ "dbus-org.freedesktop.network1.service" ];
|
||||||
restartTriggers = map (x: x.source) (attrValues unitFiles);
|
restartTriggers = map (x: x.source) (attrValues unitFiles);
|
||||||
# prevent race condition with interface renaming (#39069)
|
# prevent race condition with interface renaming (#39069)
|
||||||
requires = [ "systemd-udev-settle.service" ];
|
requires = [ "systemd-udev-settle.service" ];
|
||||||
|
|
|
@ -148,6 +148,7 @@ in
|
||||||
|
|
||||||
systemd.services.systemd-resolved = {
|
systemd.services.systemd-resolved = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
aliases = [ "dbus-org.freedesktop.resolve1.service" ];
|
||||||
restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ];
|
restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -517,8 +517,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.secrets = mkOption
|
boot.initrd.secrets = mkOption
|
||||||
{ internal = true;
|
{ default = {};
|
||||||
default = {};
|
|
||||||
type = types.attrsOf (types.nullOr types.path);
|
type = types.attrsOf (types.nullOr types.path);
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
|
@ -585,7 +584,7 @@ in
|
||||||
{ assertion = !config.boot.loader.supportsInitrdSecrets ->
|
{ assertion = !config.boot.loader.supportsInitrdSecrets ->
|
||||||
all (source:
|
all (source:
|
||||||
builtins.isPath source ||
|
builtins.isPath source ||
|
||||||
(builtins.isString source && hasPrefix source builtins.storeDir))
|
(builtins.isString source && hasPrefix builtins.storeDir source))
|
||||||
(attrValues config.boot.initrd.secrets);
|
(attrValues config.boot.initrd.secrets);
|
||||||
message = ''
|
message = ''
|
||||||
boot.loader.initrd.secrets values must be unquoted paths when
|
boot.loader.initrd.secrets values must be unquoted paths when
|
||||||
|
|
|
@ -826,8 +826,13 @@ in
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
warnings = concatLists (mapAttrsToList (name: service:
|
warnings = concatLists (mapAttrsToList (name: service:
|
||||||
optional (service.serviceConfig.Type or "" == "oneshot" && service.serviceConfig.Restart or "no" != "no")
|
let
|
||||||
"Service ‘${name}.service’ with ‘Type=oneshot’ must have ‘Restart=no’") cfg.services);
|
type = service.serviceConfig.Type or "";
|
||||||
|
restart = service.serviceConfig.Restart or "no";
|
||||||
|
in optional
|
||||||
|
(type == "oneshot" && (restart == "always" || restart == "on-success"))
|
||||||
|
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'")
|
||||||
|
cfg.services);
|
||||||
|
|
||||||
system.build.units = cfg.units;
|
system.build.units = cfg.units;
|
||||||
|
|
||||||
|
|
|
@ -41,6 +41,7 @@ with lib;
|
||||||
|
|
||||||
systemd.services.systemd-timesyncd = {
|
systemd.services.systemd-timesyncd = {
|
||||||
wantedBy = [ "sysinit.target" ];
|
wantedBy = [ "sysinit.target" ];
|
||||||
|
aliases = [ "dbus-org.freedesktop.timesync1.service" ];
|
||||||
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
|
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -232,18 +232,22 @@ let
|
||||||
'';
|
'';
|
||||||
preStop = ''
|
preStop = ''
|
||||||
state="/run/nixos/network/routes/${i.name}"
|
state="/run/nixos/network/routes/${i.name}"
|
||||||
while read cidr; do
|
if [ -e "$state" ]; then
|
||||||
echo -n "deleting route $cidr... "
|
while read cidr; do
|
||||||
ip route del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
echo -n "deleting route $cidr... "
|
||||||
done < "$state"
|
ip route del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
||||||
rm -f "$state"
|
done < "$state"
|
||||||
|
rm -f "$state"
|
||||||
|
fi
|
||||||
|
|
||||||
state="/run/nixos/network/addresses/${i.name}"
|
state="/run/nixos/network/addresses/${i.name}"
|
||||||
while read cidr; do
|
if [ -e "$state" ]; then
|
||||||
echo -n "deleting address $cidr... "
|
while read cidr; do
|
||||||
ip addr del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
echo -n "deleting address $cidr... "
|
||||||
done < "$state"
|
ip addr del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
||||||
rm -f "$state"
|
done < "$state"
|
||||||
|
rm -f "$state"
|
||||||
|
fi
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -381,7 +381,7 @@ in
|
||||||
# syntax). Note: We also allow underscores for compatibility/legacy
|
# syntax). Note: We also allow underscores for compatibility/legacy
|
||||||
# reasons (as undocumented feature):
|
# reasons (as undocumented feature):
|
||||||
type = types.strMatching
|
type = types.strMatching
|
||||||
"^[[:alpha:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
|
"^$|^[[:alpha:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
|
||||||
description = ''
|
description = ''
|
||||||
The name of the machine. Leave it empty if you want to obtain it from a
|
The name of the machine. Leave it empty if you want to obtain it from a
|
||||||
DHCP server (if using DHCP). The hostname must be a valid DNS label (see
|
DHCP server (if using DHCP). The hostname must be a valid DNS label (see
|
||||||
|
|
|
@ -15,7 +15,6 @@ in
|
||||||
###### interface
|
###### interface
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
virtualisation.lxd = {
|
virtualisation.lxd = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -25,12 +24,18 @@ in
|
||||||
containers. Users in the "lxd" group can interact with
|
containers. Users in the "lxd" group can interact with
|
||||||
the daemon (e.g. to start or stop containers) using the
|
the daemon (e.g. to start or stop containers) using the
|
||||||
<command>lxc</command> command line tool, among others.
|
<command>lxc</command> command line tool, among others.
|
||||||
|
|
||||||
|
Most of the time, you'll also want to start lxcfs, so
|
||||||
|
that containers can "see" the limits:
|
||||||
|
<code>
|
||||||
|
virtualisation.lxc.lxcfs.enable = true;
|
||||||
|
</code>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.lxd;
|
default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; };
|
||||||
defaultText = "pkgs.lxd";
|
defaultText = "pkgs.lxd";
|
||||||
description = ''
|
description = ''
|
||||||
The LXD package to use.
|
The LXD package to use.
|
||||||
|
@ -65,6 +70,7 @@ in
|
||||||
with nixos.
|
with nixos.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
recommendedSysctlSettings = mkOption {
|
recommendedSysctlSettings = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -83,7 +89,6 @@ in
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
security.apparmor = {
|
security.apparmor = {
|
||||||
|
@ -115,6 +120,12 @@ in
|
||||||
LimitNOFILE = "1048576";
|
LimitNOFILE = "1048576";
|
||||||
LimitNPROC = "infinity";
|
LimitNPROC = "infinity";
|
||||||
TasksMax = "infinity";
|
TasksMax = "infinity";
|
||||||
|
|
||||||
|
# By default, `lxd` loads configuration files from hard-coded
|
||||||
|
# `/usr/share/lxc/config` - since this is a no-go for us, we have to
|
||||||
|
# explicitly tell it where the actual configuration files are
|
||||||
|
Environment = mkIf (config.virtualisation.lxc.lxcfs.enable)
|
||||||
|
"LXD_LXC_TEMPLATE_CONFIG=${pkgs.lxcfs}/share/lxc/config";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -441,6 +441,18 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation.bios =
|
||||||
|
mkOption {
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.package;
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
An alternate BIOS (such as <package>qboot</package>) with which to start the VM.
|
||||||
|
Should contain a file named <literal>bios.bin</literal>.
|
||||||
|
If <literal>null</literal>, QEMU's builtin SeaBIOS will be used.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
@ -521,6 +533,9 @@ in
|
||||||
(mkIf cfg.useEFIBoot [
|
(mkIf cfg.useEFIBoot [
|
||||||
"-pflash $TMPDIR/bios.bin"
|
"-pflash $TMPDIR/bios.bin"
|
||||||
])
|
])
|
||||||
|
(mkIf (cfg.bios != null) [
|
||||||
|
"-bios ${cfg.bios}/bios.bin"
|
||||||
|
])
|
||||||
(mkIf (!cfg.graphics) [
|
(mkIf (!cfg.graphics) [
|
||||||
"-nographic"
|
"-nographic"
|
||||||
])
|
])
|
||||||
|
|
|
@ -119,6 +119,7 @@ in
|
||||||
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
|
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
|
||||||
gocd-agent = handleTest ./gocd-agent.nix {};
|
gocd-agent = handleTest ./gocd-agent.nix {};
|
||||||
gocd-server = handleTest ./gocd-server.nix {};
|
gocd-server = handleTest ./gocd-server.nix {};
|
||||||
|
go-neb = handleTest ./go-neb.nix {};
|
||||||
google-oslogin = handleTest ./google-oslogin {};
|
google-oslogin = handleTest ./google-oslogin {};
|
||||||
grafana = handleTest ./grafana.nix {};
|
grafana = handleTest ./grafana.nix {};
|
||||||
graphite = handleTest ./graphite.nix {};
|
graphite = handleTest ./graphite.nix {};
|
||||||
|
@ -178,6 +179,8 @@ in
|
||||||
limesurvey = handleTest ./limesurvey.nix {};
|
limesurvey = handleTest ./limesurvey.nix {};
|
||||||
login = handleTest ./login.nix {};
|
login = handleTest ./login.nix {};
|
||||||
loki = handleTest ./loki.nix {};
|
loki = handleTest ./loki.nix {};
|
||||||
|
lxd = handleTest ./lxd.nix {};
|
||||||
|
lxd-nftables = handleTest ./lxd-nftables.nix {};
|
||||||
#logstash = handleTest ./logstash.nix {};
|
#logstash = handleTest ./logstash.nix {};
|
||||||
lorri = handleTest ./lorri/default.nix {};
|
lorri = handleTest ./lorri/default.nix {};
|
||||||
magnetico = handleTest ./magnetico.nix {};
|
magnetico = handleTest ./magnetico.nix {};
|
||||||
|
@ -273,6 +276,7 @@ in
|
||||||
prosody = handleTest ./xmpp/prosody.nix {};
|
prosody = handleTest ./xmpp/prosody.nix {};
|
||||||
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
|
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
|
||||||
proxy = handleTest ./proxy.nix {};
|
proxy = handleTest ./proxy.nix {};
|
||||||
|
qboot = handleTestOn ["x86_64-linux" "i686-linux"] ./qboot.nix {};
|
||||||
quagga = handleTest ./quagga.nix {};
|
quagga = handleTest ./quagga.nix {};
|
||||||
quorum = handleTest ./quorum.nix {};
|
quorum = handleTest ./quorum.nix {};
|
||||||
rabbitmq = handleTest ./rabbitmq.nix {};
|
rabbitmq = handleTest ./rabbitmq.nix {};
|
||||||
|
|
35
third_party/nixpkgs/nixos/tests/corerad.nix
vendored
35
third_party/nixpkgs/nixos/tests/corerad.nix
vendored
|
@ -3,7 +3,7 @@ import ./make-test-python.nix (
|
||||||
nodes = {
|
nodes = {
|
||||||
router = {config, pkgs, ...}: {
|
router = {config, pkgs, ...}: {
|
||||||
config = {
|
config = {
|
||||||
# This machines simulates a router with IPv6 forwarding and a static IPv6 address.
|
# This machine simulates a router with IPv6 forwarding and a static IPv6 address.
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
"net.ipv6.conf.all.forwarding" = true;
|
"net.ipv6.conf.all.forwarding" = true;
|
||||||
};
|
};
|
||||||
|
@ -14,13 +14,25 @@ import ./make-test-python.nix (
|
||||||
enable = true;
|
enable = true;
|
||||||
# Serve router advertisements to the client machine with prefix information matching
|
# Serve router advertisements to the client machine with prefix information matching
|
||||||
# any IPv6 /64 prefixes configured on this interface.
|
# any IPv6 /64 prefixes configured on this interface.
|
||||||
configFile = pkgs.writeText "corerad.toml" ''
|
#
|
||||||
[[interfaces]]
|
# This configuration is identical to the example in the CoreRAD NixOS module.
|
||||||
name = "eth1"
|
settings = {
|
||||||
advertise = true
|
interfaces = [
|
||||||
[[interfaces.prefix]]
|
{
|
||||||
prefix = "::/64"
|
name = "eth0";
|
||||||
'';
|
monitor = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "eth1";
|
||||||
|
advertise = true;
|
||||||
|
prefix = [{ prefix = "::/64"; }];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
debug = {
|
||||||
|
address = "localhost:9430";
|
||||||
|
prometheus = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -66,5 +78,12 @@ import ./make-test-python.nix (
|
||||||
assert (
|
assert (
|
||||||
"/64 scope global temporary" in addrs
|
"/64 scope global temporary" in addrs
|
||||||
), "SLAAC temporary address was not configured on client after router advertisement"
|
), "SLAAC temporary address was not configured on client after router advertisement"
|
||||||
|
|
||||||
|
with subtest("Verify HTTP debug server is configured"):
|
||||||
|
out = router.succeed("curl localhost:9430/metrics")
|
||||||
|
|
||||||
|
assert (
|
||||||
|
"corerad_build_info" in out
|
||||||
|
), "Build info metric was not found in Prometheus output"
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
44
third_party/nixpkgs/nixos/tests/go-neb.nix
vendored
Normal file
44
third_party/nixpkgs/nixos/tests/go-neb.nix
vendored
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
|
{
|
||||||
|
name = "go-neb";
|
||||||
|
meta = with pkgs.stdenv.lib.maintainers; {
|
||||||
|
maintainers = [ hexa maralorn ];
|
||||||
|
};
|
||||||
|
|
||||||
|
nodes = {
|
||||||
|
server = {
|
||||||
|
services.go-neb = {
|
||||||
|
enable = true;
|
||||||
|
baseUrl = "http://localhost";
|
||||||
|
config = {
|
||||||
|
clients = [ {
|
||||||
|
UserId = "@test:localhost";
|
||||||
|
AccessToken = "changeme";
|
||||||
|
HomeServerUrl = "http://localhost";
|
||||||
|
Sync = false;
|
||||||
|
AutoJoinRooms = false;
|
||||||
|
DisplayName = "neverbeseen";
|
||||||
|
} ];
|
||||||
|
services = [ {
|
||||||
|
ID = "wikipedia_service";
|
||||||
|
Type = "wikipedia";
|
||||||
|
UserID = "@test:localhost";
|
||||||
|
Config = { };
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
start_all()
|
||||||
|
server.wait_for_unit("go-neb.service")
|
||||||
|
server.wait_until_succeeds(
|
||||||
|
"curl -L http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U"
|
||||||
|
)
|
||||||
|
server.wait_until_succeeds(
|
||||||
|
"journalctl -eu go-neb -o cat | grep -q service_id=wikipedia_service"
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
|
||||||
|
})
|
|
@ -61,7 +61,7 @@ with pkgs.lib;
|
||||||
'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'
|
'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'
|
||||||
)
|
)
|
||||||
|
|
||||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'")
|
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
|
||||||
assert "jobset_id" not in out
|
assert "jobset_id" not in out
|
||||||
|
|
||||||
original.succeed(
|
original.succeed(
|
||||||
|
@ -69,7 +69,7 @@ with pkgs.lib;
|
||||||
)
|
)
|
||||||
original.wait_for_unit("hydra-init.service")
|
original.wait_for_unit("hydra-init.service")
|
||||||
|
|
||||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'")
|
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
|
||||||
assert "jobset_id|integer|||" in out
|
assert "jobset_id|integer|||" in out
|
||||||
|
|
||||||
original.succeed("hydra-backfill-ids")
|
original.succeed("hydra-backfill-ids")
|
||||||
|
@ -79,7 +79,7 @@ with pkgs.lib;
|
||||||
)
|
)
|
||||||
original.wait_for_unit("hydra-init.service")
|
original.wait_for_unit("hydra-init.service")
|
||||||
|
|
||||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'")
|
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
|
||||||
assert "jobset_id|integer||not null|" in out
|
assert "jobset_id|integer||not null|" in out
|
||||||
|
|
||||||
original.wait_until_succeeds(
|
original.wait_until_succeeds(
|
||||||
|
|
7
third_party/nixpkgs/nixos/tests/ipfs.nix
vendored
7
third_party/nixpkgs/nixos/tests/ipfs.nix
vendored
|
@ -21,5 +21,12 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
)
|
)
|
||||||
|
|
||||||
machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord")
|
machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord")
|
||||||
|
|
||||||
|
ipfs_hash = machine.succeed(
|
||||||
|
"echo fnord2 | ipfs --api /unix/run/ipfs.sock add | awk '{ print $2 }'"
|
||||||
|
)
|
||||||
|
machine.succeed(
|
||||||
|
f"ipfs --api /unix/run/ipfs.sock cat /ipfs/{ipfs_hash.strip()} | grep fnord2"
|
||||||
|
)
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
50
third_party/nixpkgs/nixos/tests/lxd-nftables.nix
vendored
Normal file
50
third_party/nixpkgs/nixos/tests/lxd-nftables.nix
vendored
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
# This test makes sure that lxd stops implicitly depending on iptables when
|
||||||
|
# user enabled nftables.
|
||||||
|
#
|
||||||
|
# It has been extracted from `lxd.nix` for clarity, and because switching from
|
||||||
|
# iptables to nftables requires a full reboot, which is a bit hard inside NixOS
|
||||||
|
# tests.
|
||||||
|
|
||||||
|
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
|
name = "lxd-nftables";
|
||||||
|
meta = with pkgs.stdenv.lib.maintainers; {
|
||||||
|
maintainers = [ patryk27 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
machine = { lib, ... }: {
|
||||||
|
virtualisation = {
|
||||||
|
lxd.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall.enable = false;
|
||||||
|
nftables.enable = true;
|
||||||
|
nftables.ruleset = ''
|
||||||
|
table inet filter {
|
||||||
|
chain incoming {
|
||||||
|
type filter hook input priority 0;
|
||||||
|
policy accept;
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward {
|
||||||
|
type filter hook forward priority 0;
|
||||||
|
policy accept;
|
||||||
|
}
|
||||||
|
|
||||||
|
chain output {
|
||||||
|
type filter hook output priority 0;
|
||||||
|
policy accept;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
machine.wait_for_unit("network.target")
|
||||||
|
|
||||||
|
with subtest("When nftables are enabled, lxd doesn't depend on iptables anymore"):
|
||||||
|
machine.succeed("lsmod | grep nf_tables")
|
||||||
|
machine.fail("lsmod | grep ip_tables")
|
||||||
|
'';
|
||||||
|
})
|
135
third_party/nixpkgs/nixos/tests/lxd.nix
vendored
Normal file
135
third_party/nixpkgs/nixos/tests/lxd.nix
vendored
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
import ./make-test-python.nix ({ pkgs, ...} :
|
||||||
|
|
||||||
|
let
|
||||||
|
# Since we don't have access to the internet during the tests, we have to
|
||||||
|
# pre-fetch lxd containers beforehand.
|
||||||
|
#
|
||||||
|
# I've chosen to import Alpine Linux, because its image is turbo-tiny and,
|
||||||
|
# generally, sufficient for our tests.
|
||||||
|
|
||||||
|
alpine-meta = pkgs.fetchurl {
|
||||||
|
url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/lxd.tar.xz";
|
||||||
|
sha256 = "1hkvaj3rr333zmx1759njy435lps33gl4ks8zfm7m4nqvipm26a0";
|
||||||
|
};
|
||||||
|
|
||||||
|
alpine-rootfs = pkgs.fetchurl {
|
||||||
|
url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/rootfs.tar.xz";
|
||||||
|
sha256 = "1v82zdra4j5xwsff09qlp7h5vbsg54s0j7rdg4rynichfid3r347";
|
||||||
|
};
|
||||||
|
|
||||||
|
lxd-config = pkgs.writeText "config.yaml" ''
|
||||||
|
storage_pools:
|
||||||
|
- name: default
|
||||||
|
driver: dir
|
||||||
|
config:
|
||||||
|
source: /var/lxd-pool
|
||||||
|
|
||||||
|
networks:
|
||||||
|
- name: lxdbr0
|
||||||
|
type: bridge
|
||||||
|
config:
|
||||||
|
ipv4.address: auto
|
||||||
|
ipv6.address: none
|
||||||
|
|
||||||
|
profiles:
|
||||||
|
- name: default
|
||||||
|
devices:
|
||||||
|
eth0:
|
||||||
|
name: eth0
|
||||||
|
network: lxdbr0
|
||||||
|
type: nic
|
||||||
|
root:
|
||||||
|
path: /
|
||||||
|
pool: default
|
||||||
|
type: disk
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
name = "lxd";
|
||||||
|
meta = with pkgs.stdenv.lib.maintainers; {
|
||||||
|
maintainers = [ patryk27 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
machine = { lib, ... }: {
|
||||||
|
virtualisation = {
|
||||||
|
# Since we're testing `limits.cpu`, we've gotta have a known number of
|
||||||
|
# cores to lay on
|
||||||
|
cores = 2;
|
||||||
|
|
||||||
|
# Ditto, for `limits.memory`
|
||||||
|
memorySize = 512;
|
||||||
|
|
||||||
|
lxc.lxcfs.enable = true;
|
||||||
|
lxd.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
machine.wait_for_unit("sockets.target")
|
||||||
|
machine.wait_for_unit("lxd.service")
|
||||||
|
|
||||||
|
# It takes additional second for lxd to settle
|
||||||
|
machine.sleep(1)
|
||||||
|
|
||||||
|
# lxd expects the pool's directory to already exist
|
||||||
|
machine.succeed("mkdir /var/lxd-pool")
|
||||||
|
|
||||||
|
machine.succeed(
|
||||||
|
"cat ${lxd-config} | lxd init --preseed"
|
||||||
|
)
|
||||||
|
|
||||||
|
machine.succeed(
|
||||||
|
"lxc image import ${alpine-meta} ${alpine-rootfs} --alias alpine"
|
||||||
|
)
|
||||||
|
|
||||||
|
with subtest("Containers can be launched and destroyed"):
|
||||||
|
machine.succeed("lxc launch alpine test")
|
||||||
|
machine.succeed("lxc exec test true")
|
||||||
|
machine.succeed("lxc delete -f test")
|
||||||
|
|
||||||
|
with subtest("Containers are being mounted with lxcfs inside"):
|
||||||
|
machine.succeed("lxc launch alpine test")
|
||||||
|
|
||||||
|
## ---------- ##
|
||||||
|
## limits.cpu ##
|
||||||
|
|
||||||
|
machine.succeed("lxc config set test limits.cpu 1")
|
||||||
|
|
||||||
|
# Since Alpine doesn't have `nproc` pre-installed, we've gotta resort
|
||||||
|
# to the primal methods
|
||||||
|
assert (
|
||||||
|
"1"
|
||||||
|
== machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()
|
||||||
|
)
|
||||||
|
|
||||||
|
machine.succeed("lxc config set test limits.cpu 2")
|
||||||
|
|
||||||
|
assert (
|
||||||
|
"2"
|
||||||
|
== machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()
|
||||||
|
)
|
||||||
|
|
||||||
|
## ------------- ##
|
||||||
|
## limits.memory ##
|
||||||
|
|
||||||
|
machine.succeed("lxc config set test limits.memory 64MB")
|
||||||
|
|
||||||
|
assert (
|
||||||
|
"MemTotal: 62500 kB"
|
||||||
|
== machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()
|
||||||
|
)
|
||||||
|
|
||||||
|
machine.succeed("lxc config set test limits.memory 128MB")
|
||||||
|
|
||||||
|
assert (
|
||||||
|
"MemTotal: 125000 kB"
|
||||||
|
== machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()
|
||||||
|
)
|
||||||
|
|
||||||
|
machine.succeed("lxc delete -f test")
|
||||||
|
|
||||||
|
with subtest("Unless explicitly changed, lxd leans on iptables"):
|
||||||
|
machine.succeed("lsmod | grep ip_tables")
|
||||||
|
machine.fail("lsmod | grep nf_tables")
|
||||||
|
'';
|
||||||
|
})
|
|
@ -29,8 +29,8 @@ import ./make-test-python.nix ({ pkgs, ... } : let
|
||||||
in {
|
in {
|
||||||
|
|
||||||
name = "matrix-synapse";
|
name = "matrix-synapse";
|
||||||
meta = with pkgs.stdenv.lib.maintainers; {
|
meta = with pkgs.stdenv.lib; {
|
||||||
maintainers = [ corngood ];
|
maintainers = teams.matrix.members;
|
||||||
};
|
};
|
||||||
|
|
||||||
nodes = {
|
nodes = {
|
||||||
|
|
92
third_party/nixpkgs/nixos/tests/mysql/mysql.nix
vendored
92
third_party/nixpkgs/nixos/tests/mysql/mysql.nix
vendored
|
@ -5,20 +5,34 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
||||||
};
|
};
|
||||||
|
|
||||||
nodes = {
|
nodes = {
|
||||||
mysql =
|
mysql57 =
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
users.users.testuser = { };
|
||||||
|
users.users.testuser2 = { };
|
||||||
services.mysql.enable = true;
|
services.mysql.enable = true;
|
||||||
services.mysql.initialDatabases = [
|
services.mysql.initialDatabases = [
|
||||||
{ name = "testdb"; schema = ./testdb.sql; }
|
{ name = "testdb3"; schema = ./testdb.sql; }
|
||||||
{ name = "empty_testdb"; }
|
|
||||||
];
|
];
|
||||||
# note that using pkgs.writeText here is generally not a good idea,
|
# note that using pkgs.writeText here is generally not a good idea,
|
||||||
# as it will store the password in world-readable /nix/store ;)
|
# as it will store the password in world-readable /nix/store ;)
|
||||||
services.mysql.initialScript = pkgs.writeText "mysql-init.sql" ''
|
services.mysql.initialScript = pkgs.writeText "mysql-init.sql" ''
|
||||||
CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123';
|
CREATE USER 'testuser3'@'localhost' IDENTIFIED BY 'secure';
|
||||||
|
GRANT ALL PRIVILEGES ON testdb3.* TO 'testuser3'@'localhost';
|
||||||
'';
|
'';
|
||||||
|
services.mysql.ensureDatabases = [ "testdb" "testdb2" ];
|
||||||
|
services.mysql.ensureUsers = [{
|
||||||
|
name = "testuser";
|
||||||
|
ensurePermissions = {
|
||||||
|
"testdb.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
} {
|
||||||
|
name = "testuser2";
|
||||||
|
ensurePermissions = {
|
||||||
|
"testdb2.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
services.mysql.package = pkgs.mysql57;
|
services.mysql.package = pkgs.mysql57;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -30,16 +44,30 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
||||||
# Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled
|
# Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled
|
||||||
virtualisation.memorySize = 1024;
|
virtualisation.memorySize = 1024;
|
||||||
|
|
||||||
|
users.users.testuser = { };
|
||||||
|
users.users.testuser2 = { };
|
||||||
services.mysql.enable = true;
|
services.mysql.enable = true;
|
||||||
services.mysql.initialDatabases = [
|
services.mysql.initialDatabases = [
|
||||||
{ name = "testdb"; schema = ./testdb.sql; }
|
{ name = "testdb3"; schema = ./testdb.sql; }
|
||||||
{ name = "empty_testdb"; }
|
|
||||||
];
|
];
|
||||||
# note that using pkgs.writeText here is generally not a good idea,
|
# note that using pkgs.writeText here is generally not a good idea,
|
||||||
# as it will store the password in world-readable /nix/store ;)
|
# as it will store the password in world-readable /nix/store ;)
|
||||||
services.mysql.initialScript = pkgs.writeText "mysql-init.sql" ''
|
services.mysql.initialScript = pkgs.writeText "mysql-init.sql" ''
|
||||||
CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123';
|
CREATE USER 'testuser3'@'localhost' IDENTIFIED BY 'secure';
|
||||||
|
GRANT ALL PRIVILEGES ON testdb3.* TO 'testuser3'@'localhost';
|
||||||
'';
|
'';
|
||||||
|
services.mysql.ensureDatabases = [ "testdb" "testdb2" ];
|
||||||
|
services.mysql.ensureUsers = [{
|
||||||
|
name = "testuser";
|
||||||
|
ensurePermissions = {
|
||||||
|
"testdb.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
} {
|
||||||
|
name = "testuser2";
|
||||||
|
ensurePermissions = {
|
||||||
|
"testdb2.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
services.mysql.package = pkgs.mysql80;
|
services.mysql.package = pkgs.mysql80;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -81,17 +109,49 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
||||||
testScript = ''
|
testScript = ''
|
||||||
start_all()
|
start_all()
|
||||||
|
|
||||||
mysql.wait_for_unit("mysql")
|
mysql57.wait_for_unit("mysql")
|
||||||
mysql.succeed("echo 'use empty_testdb;' | mysql -u root")
|
mysql57.succeed(
|
||||||
mysql.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4")
|
"echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser"
|
||||||
# ';' acts as no-op, just check whether login succeeds with the user created from the initialScript
|
)
|
||||||
mysql.succeed("echo ';' | mysql -u passworduser --password=password123")
|
mysql57.succeed(
|
||||||
|
"echo 'use testdb; insert into tests values (41);' | sudo -u testuser mysql -u testuser"
|
||||||
|
)
|
||||||
|
# Ensure testuser2 is not able to insert into testdb as mysql testuser2
|
||||||
|
mysql57.fail(
|
||||||
|
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser2"
|
||||||
|
)
|
||||||
|
# Ensure testuser2 is not able to authenticate as mysql testuser
|
||||||
|
mysql57.fail(
|
||||||
|
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser"
|
||||||
|
)
|
||||||
|
mysql57.succeed(
|
||||||
|
"echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 41"
|
||||||
|
)
|
||||||
|
mysql57.succeed(
|
||||||
|
"echo 'use testdb3; select * from tests;' | mysql -u testuser3 --password=secure -N | grep 4"
|
||||||
|
)
|
||||||
|
|
||||||
mysql80.wait_for_unit("mysql")
|
mysql80.wait_for_unit("mysql")
|
||||||
mysql80.succeed("echo 'use empty_testdb;' | mysql -u root")
|
mysql80.succeed(
|
||||||
mysql80.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4")
|
"echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser"
|
||||||
# ';' acts as no-op, just check whether login succeeds with the user created from the initialScript
|
)
|
||||||
mysql80.succeed("echo ';' | mysql -u passworduser --password=password123")
|
mysql80.succeed(
|
||||||
|
"echo 'use testdb; insert into tests values (41);' | sudo -u testuser mysql -u testuser"
|
||||||
|
)
|
||||||
|
# Ensure testuser2 is not able to insert into testdb as mysql testuser2
|
||||||
|
mysql80.fail(
|
||||||
|
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser2"
|
||||||
|
)
|
||||||
|
# Ensure testuser2 is not able to authenticate as mysql testuser
|
||||||
|
mysql80.fail(
|
||||||
|
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser"
|
||||||
|
)
|
||||||
|
mysql80.succeed(
|
||||||
|
"echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 41"
|
||||||
|
)
|
||||||
|
mysql80.succeed(
|
||||||
|
"echo 'use testdb3; select * from tests;' | mysql -u testuser3 --password=secure -N | grep 4"
|
||||||
|
)
|
||||||
|
|
||||||
mariadb.wait_for_unit("mysql")
|
mariadb.wait_for_unit("mysql")
|
||||||
mariadb.succeed(
|
mariadb.succeed(
|
||||||
|
|
|
@ -56,6 +56,21 @@ let
|
||||||
*/
|
*/
|
||||||
|
|
||||||
exporterTests = {
|
exporterTests = {
|
||||||
|
apcupsd = {
|
||||||
|
exporterConfig = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
metricProvider = {
|
||||||
|
services.apcupsd.enable = true;
|
||||||
|
};
|
||||||
|
exporterTest = ''
|
||||||
|
wait_for_unit("apcupsd.service")
|
||||||
|
wait_for_open_port(3551)
|
||||||
|
wait_for_unit("prometheus-apcupsd-exporter.service")
|
||||||
|
wait_for_open_port(9162)
|
||||||
|
succeed("curl -sSf http://localhost:9162/metrics | grep -q 'apcupsd_info'")
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
bind = {
|
bind = {
|
||||||
exporterConfig = {
|
exporterConfig = {
|
||||||
|
@ -202,6 +217,69 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
keylight = {
|
||||||
|
# A hardware device is required to properly test this exporter, so just
|
||||||
|
# perform a couple of basic sanity checks that the exporter is running
|
||||||
|
# and requires a target, but cannot reach a specified target.
|
||||||
|
exporterConfig = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
exporterTest = ''
|
||||||
|
wait_for_unit("prometheus-keylight-exporter.service")
|
||||||
|
wait_for_open_port(9288)
|
||||||
|
succeed(
|
||||||
|
"curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics | grep -q '400'"
|
||||||
|
)
|
||||||
|
succeed(
|
||||||
|
"curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics?target=nosuchdevice | grep -q '500'"
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
lnd = {
|
||||||
|
exporterConfig = {
|
||||||
|
enable = true;
|
||||||
|
lndTlsPath = "/var/lib/lnd/tls.cert";
|
||||||
|
lndMacaroonDir = "/var/lib/lnd";
|
||||||
|
};
|
||||||
|
metricProvider = {
|
||||||
|
systemd.services.prometheus-lnd-exporter.serviceConfig.DynamicUser = false;
|
||||||
|
services.bitcoind.enable = true;
|
||||||
|
services.bitcoind.extraConfig = ''
|
||||||
|
rpcauth=bitcoinrpc:e8fe33f797e698ac258c16c8d7aadfbe$872bdb8f4d787367c26bcfd75e6c23c4f19d44a69f5d1ad329e5adf3f82710f7
|
||||||
|
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
|
||||||
|
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
|
||||||
|
'';
|
||||||
|
systemd.services.lnd = {
|
||||||
|
serviceConfig.ExecStart = ''
|
||||||
|
${pkgs.lnd}/bin/lnd \
|
||||||
|
--datadir=/var/lib/lnd \
|
||||||
|
--tlscertpath=/var/lib/lnd/tls.cert \
|
||||||
|
--tlskeypath=/var/lib/lnd/tls.key \
|
||||||
|
--logdir=/var/log/lnd \
|
||||||
|
--bitcoin.active \
|
||||||
|
--bitcoin.mainnet \
|
||||||
|
--bitcoin.node=bitcoind \
|
||||||
|
--bitcoind.rpcuser=bitcoinrpc \
|
||||||
|
--bitcoind.rpcpass=hunter2 \
|
||||||
|
--bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 \
|
||||||
|
--bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 \
|
||||||
|
--readonlymacaroonpath=/var/lib/lnd/readonly.macaroon
|
||||||
|
'';
|
||||||
|
serviceConfig.StateDirectory = "lnd";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
exporterTest = ''
|
||||||
|
wait_for_unit("lnd.service")
|
||||||
|
wait_for_open_port(10009)
|
||||||
|
wait_for_unit("prometheus-lnd-exporter.service")
|
||||||
|
wait_for_open_port(9092)
|
||||||
|
succeed("curl -sSf localhost:9092/metrics | grep -q '^promhttp_metric_handler'")
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
mail = {
|
mail = {
|
||||||
exporterConfig = {
|
exporterConfig = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
13
third_party/nixpkgs/nixos/tests/qboot.nix
vendored
Normal file
13
third_party/nixpkgs/nixos/tests/qboot.nix
vendored
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||||
|
name = "qboot";
|
||||||
|
|
||||||
|
machine = { ... }: {
|
||||||
|
virtualisation.bios = pkgs.qboot;
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript =
|
||||||
|
''
|
||||||
|
start_all()
|
||||||
|
machine.wait_for_unit("multi-user.target")
|
||||||
|
'';
|
||||||
|
})
|
57
third_party/nixpkgs/nixos/tests/systemd-boot.nix
vendored
57
third_party/nixpkgs/nixos/tests/systemd-boot.nix
vendored
|
@ -6,26 +6,53 @@
|
||||||
with import ../lib/testing-python.nix { inherit system pkgs; };
|
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||||
with pkgs.lib;
|
with pkgs.lib;
|
||||||
|
|
||||||
makeTest {
|
let
|
||||||
name = "systemd-boot";
|
common = {
|
||||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ danielfullmer ];
|
|
||||||
|
|
||||||
machine = { pkgs, lib, ... }: {
|
|
||||||
virtualisation.useBootLoader = true;
|
virtualisation.useBootLoader = true;
|
||||||
virtualisation.useEFIBoot = true;
|
virtualisation.useEFIBoot = true;
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
};
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
basic = makeTest {
|
||||||
|
name = "systemd-boot";
|
||||||
|
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ danielfullmer ];
|
||||||
|
|
||||||
testScript = ''
|
machine = common;
|
||||||
machine.start()
|
|
||||||
machine.wait_for_unit("multi-user.target")
|
|
||||||
|
|
||||||
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
|
testScript = ''
|
||||||
|
machine.start()
|
||||||
|
machine.wait_for_unit("multi-user.target")
|
||||||
|
|
||||||
# Ensure we actually booted using systemd-boot.
|
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
|
||||||
# Magic number is the vendor UUID used by systemd-boot.
|
|
||||||
machine.succeed(
|
# Ensure we actually booted using systemd-boot
|
||||||
"test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
|
# Magic number is the vendor UUID used by systemd-boot.
|
||||||
)
|
machine.succeed(
|
||||||
'';
|
"test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
update = makeTest {
|
||||||
|
name = "systemd-boot-update";
|
||||||
|
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ danielfullmer ];
|
||||||
|
|
||||||
|
machine = common;
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
machine.succeed("mount -o remount,rw /boot")
|
||||||
|
|
||||||
|
# Replace version inside sd-boot with something older. See magic[] string in systemd src/boot/efi/boot.c
|
||||||
|
machine.succeed(
|
||||||
|
"""
|
||||||
|
find /boot -iname '*.efi' -print0 | \
|
||||||
|
xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 001 ####/' '{}'
|
||||||
|
"""
|
||||||
|
)
|
||||||
|
|
||||||
|
output = machine.succeed("/run/current-system/bin/switch-to-configuration boot")
|
||||||
|
assert "updating systemd-boot from 001 to " in output
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
55
third_party/nixpkgs/nixos/tests/teeworlds.nix
vendored
Normal file
55
third_party/nixpkgs/nixos/tests/teeworlds.nix
vendored
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
client =
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{ imports = [ ./common/x11.nix ];
|
||||||
|
environment.systemPackages = [ pkgs.teeworlds ];
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
name = "teeworlds";
|
||||||
|
meta = with pkgs.stdenv.lib.maintainers; {
|
||||||
|
maintainers = [ hax404 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
nodes =
|
||||||
|
{ server =
|
||||||
|
{ services.teeworlds = {
|
||||||
|
enable = true;
|
||||||
|
openPorts = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
client1 = client;
|
||||||
|
client2 = client;
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript =
|
||||||
|
''
|
||||||
|
start_all()
|
||||||
|
|
||||||
|
server.wait_for_unit("teeworlds.service")
|
||||||
|
server.wait_until_succeeds("ss --numeric --udp --listening | grep -q 8303")
|
||||||
|
|
||||||
|
client1.wait_for_x()
|
||||||
|
client2.wait_for_x()
|
||||||
|
|
||||||
|
client1.execute("teeworlds 'player_name Alice;connect server'&")
|
||||||
|
server.wait_until_succeeds(
|
||||||
|
'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Alice"'
|
||||||
|
)
|
||||||
|
|
||||||
|
client2.execute("teeworlds 'player_name Bob;connect server'&")
|
||||||
|
server.wait_until_succeeds(
|
||||||
|
'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Bob"'
|
||||||
|
)
|
||||||
|
|
||||||
|
server.sleep(10) # wait for a while to get a nice screenshot
|
||||||
|
|
||||||
|
client1.screenshot("screen_client1")
|
||||||
|
client2.screenshot("screen_client2")
|
||||||
|
'';
|
||||||
|
|
||||||
|
})
|
|
@ -3,21 +3,21 @@
|
||||||
, qca-qt5, qjson, qtquickcontrols2, qtscript, qtwebengine
|
, qca-qt5, qjson, qtquickcontrols2, qtscript, qtwebengine
|
||||||
, karchive, kcmutils, kconfig, kdnssd, kguiaddons, kinit, kirigami2, knewstuff, knotifyconfig, ktexteditor, kwindowsystem
|
, karchive, kcmutils, kconfig, kdnssd, kguiaddons, kinit, kirigami2, knewstuff, knotifyconfig, ktexteditor, kwindowsystem
|
||||||
, fftw, phonon, plasma-framework, threadweaver
|
, fftw, phonon, plasma-framework, threadweaver
|
||||||
, curl, ffmpeg, gdk-pixbuf, libaio, libmtp, loudmouth, lzo, lz4, mysql57, pcre, snappy, taglib, taglib_extras
|
, curl, ffmpeg_3, gdk-pixbuf, libaio, liblastfm, libmtp, loudmouth, lzo, lz4, mysql57, pcre, snappy, taglib, taglib_extras
|
||||||
}:
|
}:
|
||||||
|
|
||||||
mkDerivation rec {
|
mkDerivation rec {
|
||||||
pname = "amarok";
|
pname = "amarok-unstable";
|
||||||
version = "2.9.0-20190824";
|
version = "2020-06-12";
|
||||||
|
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
# master has the Qt5 version as of April 2018 but a formal release has not
|
# master has the Qt5 version as of April 2018 but a formal release has not
|
||||||
# yet been made so change this back to the proper upstream when such a
|
# yet been made so change this back to the proper upstream when such a
|
||||||
# release is out
|
# release is out
|
||||||
url = "git://anongit.kde.org/amarok.git";
|
url = "https://invent.kde.org/multimedia/amarok.git";
|
||||||
# url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz";
|
# url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz";
|
||||||
rev = "457fbda25a85a102bfda92aa7137e7ef5e4c8b00";
|
rev = "fece39b0e81db310b6a6e08f93d83b0d498cd02b";
|
||||||
sha256 = "1ig2mg8pqany6m2zplkrvldcv4ibxwsypnyv5igm7nz7ax82cd5j";
|
sha256 = "12casnq6w5yp2jlvnr466pjpkn0vriry8jzfq2qkjl564y0vhy9x";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ extra-cmake-modules kdoctools ];
|
nativeBuildInputs = [ extra-cmake-modules kdoctools ];
|
||||||
|
@ -26,7 +26,7 @@ mkDerivation rec {
|
||||||
qca-qt5 qjson qtquickcontrols2 qtscript qtwebengine
|
qca-qt5 qjson qtquickcontrols2 qtscript qtwebengine
|
||||||
karchive kcmutils kconfig kdnssd kguiaddons kinit kirigami2 knewstuff knotifyconfig ktexteditor kwindowsystem
|
karchive kcmutils kconfig kdnssd kguiaddons kinit kirigami2 knewstuff knotifyconfig ktexteditor kwindowsystem
|
||||||
phonon plasma-framework threadweaver
|
phonon plasma-framework threadweaver
|
||||||
curl fftw ffmpeg gdk-pixbuf libaio libmtp loudmouth lz4 lzo mysql57.server mysql57.server.static
|
curl fftw ffmpeg_3 gdk-pixbuf libaio liblastfm libmtp loudmouth lz4 lzo mysql57.server mysql57.server.static
|
||||||
pcre snappy taglib taglib_extras
|
pcre snappy taglib taglib_extras
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
, curl
|
, curl
|
||||||
, dbus
|
, dbus
|
||||||
, doxygen
|
, doxygen
|
||||||
, ffmpeg
|
, ffmpeg_3
|
||||||
, fftw
|
, fftw
|
||||||
, fftwSinglePrec
|
, fftwSinglePrec
|
||||||
, flac
|
, flac
|
||||||
|
@ -87,7 +87,7 @@ stdenv.mkDerivation rec {
|
||||||
cppunit
|
cppunit
|
||||||
curl
|
curl
|
||||||
dbus
|
dbus
|
||||||
ffmpeg
|
ffmpeg_3
|
||||||
fftw
|
fftw
|
||||||
fftwSinglePrec
|
fftwSinglePrec
|
||||||
flac
|
flac
|
||||||
|
@ -149,8 +149,8 @@ stdenv.mkDerivation rec {
|
||||||
sed 's|/usr/include/libintl.h|${glibc.dev}/include/libintl.h|' -i wscript
|
sed 's|/usr/include/libintl.h|${glibc.dev}/include/libintl.h|' -i wscript
|
||||||
patchShebangs ./tools/
|
patchShebangs ./tools/
|
||||||
substituteInPlace libs/ardour/video_tools_paths.cc \
|
substituteInPlace libs/ardour/video_tools_paths.cc \
|
||||||
--replace 'ffmpeg_exe = X_("");' 'ffmpeg_exe = X_("${ffmpeg}/bin/ffmpeg");' \
|
--replace 'ffmpeg_exe = X_("");' 'ffmpeg_exe = X_("${ffmpeg_3}/bin/ffmpeg");' \
|
||||||
--replace 'ffprobe_exe = X_("");' 'ffprobe_exe = X_("${ffmpeg}/bin/ffprobe");'
|
--replace 'ffprobe_exe = X_("");' 'ffprobe_exe = X_("${ffmpeg_3}/bin/ffprobe");'
|
||||||
'';
|
'';
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
|
|
|
@ -2,13 +2,14 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "artyFX";
|
pname = "artyFX";
|
||||||
version = "1.3";
|
# Fix build with lv2 1.18: https://github.com/openAVproductions/openAV-ArtyFX/pull/41/commits/492587461b50d140455aa3c98d915eb8673bebf0
|
||||||
|
version = "unstable-2020-04-28";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "openAVproductions";
|
owner = "openAVproductions";
|
||||||
repo = "openAV-ArtyFX";
|
repo = "openAV-ArtyFX";
|
||||||
rev = "release-${version}";
|
rev = "492587461b50d140455aa3c98d915eb8673bebf0";
|
||||||
sha256 = "012hcy1mxl7gs2lipfcqp5x0xv1azb9hjrwf0h59yyxnzx96h7c9";
|
sha256 = "0wwg8ivnpyy0235bapjy4g0ij85zq355jwi6c1nkrac79p4z9ail";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ pkgconfig ];
|
nativeBuildInputs = [ pkgconfig ];
|
||||||
|
|
|
@ -12,11 +12,11 @@
|
||||||
with stdenv.lib;
|
with stdenv.lib;
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
version = "2.9.5";
|
version = "2.9.6";
|
||||||
pname = "asunder";
|
pname = "asunder";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://littlesvr.ca/asunder/releases/${pname}-${version}.tar.bz2";
|
url = "http://littlesvr.ca/asunder/releases/${pname}-${version}.tar.bz2";
|
||||||
sha256 = "069x6az2r3wlb2hd07iz0hxpxwknw7s9h7pyhnkmzv1pw9ci3kk4";
|
sha256 = "1ycnd82lh7qy1pcbngd4b41s16j9hnm2kyfrncg4cwr3bfk7yg7a";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ intltool makeWrapper pkgconfig ];
|
nativeBuildInputs = [ intltool makeWrapper pkgconfig ];
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ stdenv, fetchurl, pkgconfig, wrapGAppsHook, gettext, glib, gtk3
|
{ stdenv, fetchurl, pkgconfig, wrapGAppsHook, gettext, glib, gtk3
|
||||||
, libmowgli, dbus-glib, libxml2, xorg, gnome3, alsaLib
|
, libmowgli, dbus-glib, libxml2, xorg, gnome3, alsaLib
|
||||||
, libpulseaudio, libjack2, fluidsynth, libmad, libogg, libvorbis
|
, libpulseaudio, libjack2, fluidsynth, libmad, libogg, libvorbis
|
||||||
, libcdio, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b
|
, libcdio, libcddb, flac, ffmpeg_3, mpg123, libcue, libmms, libbs2b
|
||||||
, libsndfile, libmodplug, libsamplerate, soxr, lirc, curl, wavpack
|
, libsndfile, libmodplug, libsamplerate, soxr, lirc, curl, wavpack
|
||||||
, neon, faad2, lame, libnotify, libsidplayfp
|
, neon, faad2, lame, libnotify, libsidplayfp
|
||||||
}:
|
}:
|
||||||
|
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
|
||||||
gettext glib gtk3 libmowgli dbus-glib libxml2
|
gettext glib gtk3 libmowgli dbus-glib libxml2
|
||||||
xorg.libXcomposite gnome3.adwaita-icon-theme alsaLib libjack2
|
xorg.libXcomposite gnome3.adwaita-icon-theme alsaLib libjack2
|
||||||
libpulseaudio fluidsynth libmad libogg libvorbis libcdio
|
libpulseaudio fluidsynth libmad libogg libvorbis libcdio
|
||||||
libcddb flac ffmpeg mpg123 libcue libmms libbs2b libsndfile
|
libcddb flac ffmpeg_3 mpg123 libcue libmms libbs2b libsndfile
|
||||||
libmodplug libsamplerate soxr lirc curl wavpack neon faad2
|
libmodplug libsamplerate soxr lirc curl wavpack neon faad2
|
||||||
lame libnotify libsidplayfp
|
lame libnotify libsidplayfp
|
||||||
];
|
];
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
mkDerivation, lib, fetchurl, fetchpatch,
|
mkDerivation, lib, fetchurl, fetchpatch,
|
||||||
gettext, pkgconfig,
|
gettext, pkgconfig,
|
||||||
qtbase,
|
qtbase,
|
||||||
alsaLib, curl, faad2, ffmpeg, flac, fluidsynth, gdk-pixbuf, lame, libbs2b,
|
alsaLib, curl, faad2, ffmpeg_3, flac, fluidsynth, gdk-pixbuf, lame, libbs2b,
|
||||||
libcddb, libcdio, libcue, libjack2, libmad, libmms, libmodplug,
|
libcddb, libcdio, libcue, libjack2, libmad, libmms, libmodplug,
|
||||||
libmowgli, libnotify, libogg, libpulseaudio, libsamplerate, libsidplayfp,
|
libmowgli, libnotify, libogg, libpulseaudio, libsamplerate, libsidplayfp,
|
||||||
libsndfile, libvorbis, libxml2, lirc, mpg123, neon, qtmultimedia, soxr,
|
libsndfile, libvorbis, libxml2, lirc, mpg123, neon, qtmultimedia, soxr,
|
||||||
|
@ -45,7 +45,7 @@ mkDerivation {
|
||||||
qtbase
|
qtbase
|
||||||
|
|
||||||
# Plugin dependencies
|
# Plugin dependencies
|
||||||
alsaLib curl faad2 ffmpeg flac fluidsynth gdk-pixbuf lame libbs2b libcddb
|
alsaLib curl faad2 ffmpeg_3 flac fluidsynth gdk-pixbuf lame libbs2b libcddb
|
||||||
libcdio libcue libjack2 libmad libmms libmodplug libmowgli
|
libcdio libcue libjack2 libmad libmms libmodplug libmowgli
|
||||||
libnotify libogg libpulseaudio libsamplerate libsidplayfp libsndfile
|
libnotify libogg libpulseaudio libsamplerate libsidplayfp libsndfile
|
||||||
libvorbis libxml2 lirc mpg123 neon qtmultimedia soxr wavpack
|
libvorbis libxml2 lirc mpg123 neon qtmultimedia soxr wavpack
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ stdenv, fetchzip, wxGTK30, pkgconfig, file, gettext,
|
{ stdenv, fetchzip, wxGTK30, pkgconfig, file, gettext,
|
||||||
libvorbis, libmad, libjack2, lv2, lilv, serd, sord, sratom, suil, alsaLib, libsndfile, soxr, flac, lame,
|
libvorbis, libmad, libjack2, lv2, lilv, serd, sord, sratom, suil, alsaLib, libsndfile, soxr, flac, lame,
|
||||||
expat, libid3tag, ffmpeg, soundtouch, /*, portaudio - given up fighting their portaudio.patch */
|
expat, libid3tag, ffmpeg_3, soundtouch, /*, portaudio - given up fighting their portaudio.patch */
|
||||||
autoconf, automake, libtool
|
autoconf, automake, libtool
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
file gettext wxGTK30 expat alsaLib
|
file gettext wxGTK30 expat alsaLib
|
||||||
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK30.gtk
|
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK30.gtk
|
||||||
ffmpeg libmad lame libvorbis flac soundtouch
|
ffmpeg_3 libmad lame libvorbis flac soundtouch
|
||||||
]; #ToDo: detach sbsms
|
]; #ToDo: detach sbsms
|
||||||
|
|
||||||
enableParallelBuilding = true;
|
enableParallelBuilding = true;
|
||||||
|
@ -59,6 +59,7 @@ stdenv.mkDerivation rec {
|
||||||
description = "Sound editor with graphical UI";
|
description = "Sound editor with graphical UI";
|
||||||
homepage = "http://audacityteam.org/";
|
homepage = "http://audacityteam.org/";
|
||||||
license = licenses.gpl2Plus;
|
license = licenses.gpl2Plus;
|
||||||
|
maintainers = with maintainers; [ lheckemann ];
|
||||||
platforms = intersectLists platforms.linux platforms.x86; # fails on ARM
|
platforms = intersectLists platforms.linux platforms.x86; # fails on ARM
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue