Project import generated by Copybara.
GitOrigin-RevId: 9480bae337095fd24f61380bce3174fdfe926a00
This commit is contained in:
parent
d32ee29a2d
commit
d7dbe45cea
1599 changed files with 22835 additions and 22668 deletions
|
@ -67,7 +67,17 @@ A derivation can then be written using `agdaPackages.mkDerivation`. This has sim
|
|||
+ `libraryName` should be the name that appears in the `*.agda-lib` file, defaulting to `pname`.
|
||||
+ `libraryFile` should be the file name of the `*.agda-lib` file, defaulting to `${libraryName}.agda-lib`.
|
||||
|
||||
The build phase for `agdaPackages.mkDerivation` simply runs `agda` on the `Everything.agda` file. If something else is needed to build the package (e.g. `make`) then the `buildPhase` should be overridden (or a `preBuild` or `configurePhase` can be used if there are steps that need to be done prior to checking the `Everything.agda` file). `agda` and the Agda libraries contained in `buildInputs` are made available during the build phase. The install phase simply copies all `.agda`, `.agdai` and `.agda-lib` files to the output directory. Again, this can be overridden.
|
||||
### Building Agda packages
|
||||
The default build phase for `agdaPackages.mkDerivation` simply runs `agda` on the `Everything.agda` file.
|
||||
If something else is needed to build the package (e.g. `make`) then the `buildPhase` should be overridden.
|
||||
Additionally, a `preBuild` or `configurePhase` can be used if there are steps that need to be done prior to checking the `Everything.agda` file.
|
||||
`agda` and the Agda libraries contained in `buildInputs` are made available during the build phase.
|
||||
|
||||
### Installing Agda packages
|
||||
The default install phase copies agda source files, agda interface files (`*.agdai`) and `*.agda-lib` files to the output directory.
|
||||
This can be overridden.
|
||||
|
||||
By default, agda sources are files ending on `.agda`, or literate agda files ending on `.lagda`, `.lagda.tex`, `.lagda.org`, `.lagda.md`, `.lagda.rst`. The list of recognised agda source extensions can be extended by setting the `extraExtensions` config variable.
|
||||
|
||||
To add an agda package to `nixpkgs`, the derivation should be written to `pkgs/development/libraries/agda/${library-name}/` and an entry should be added to `pkgs/top-level/agda-packages.nix`. Here it is called in a scope with access to all other agda libraries, so the top line of the `default.nix` can look like:
|
||||
```
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<xi:include href="idris.section.xml" />
|
||||
<xi:include href="ios.section.xml" />
|
||||
<xi:include href="java.xml" />
|
||||
<xi:include href="lua.xml" />
|
||||
<xi:include href="lua.section.xml" />
|
||||
<xi:include href="node.section.xml" />
|
||||
<xi:include href="ocaml.xml" />
|
||||
<xi:include href="perl.xml" />
|
||||
|
|
252
third_party/nixpkgs/doc/languages-frameworks/lua.section.md
vendored
Normal file
252
third_party/nixpkgs/doc/languages-frameworks/lua.section.md
vendored
Normal file
|
@ -0,0 +1,252 @@
|
|||
---
|
||||
title: Lua
|
||||
author: Matthieu Coudron
|
||||
date: 2019-02-05
|
||||
---
|
||||
|
||||
# User's Guide to Lua Infrastructure
|
||||
|
||||
## Using Lua
|
||||
|
||||
### Overview of Lua
|
||||
|
||||
Several versions of the Lua interpreter are available: luajit, lua 5.1, 5.2, 5.3.
|
||||
The attribute `lua` refers to the default interpreter, it is also possible to refer to specific versions, e.g. `lua5_2` refers to Lua 5.2.
|
||||
|
||||
Lua libraries are in separate sets, with one set per interpreter version.
|
||||
|
||||
The interpreters have several common attributes. One of these attributes is
|
||||
`pkgs`, which is a package set of Lua libraries for this specific
|
||||
interpreter. E.g., the `busted` package corresponding to the default interpreter
|
||||
is `lua.pkgs.busted`, and the lua 5.2 version is `lua5_2.pkgs.busted`.
|
||||
The main package set contains aliases to these package sets, e.g.
|
||||
`luaPackages` refers to `lua5_1.pkgs` and `lua52Packages` to
|
||||
`lua5_2.pkgs`.
|
||||
|
||||
### Installing Lua and packages
|
||||
|
||||
#### Lua environment defined in separate `.nix` file
|
||||
|
||||
Create a file, e.g. `build.nix`, with the following expression
|
||||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
||||
lua5_2.withPackages (ps: with ps; [ busted luafilesystem ])
|
||||
```
|
||||
and install it in your profile with
|
||||
```shell
|
||||
nix-env -if build.nix
|
||||
```
|
||||
Now you can use the Lua interpreter, as well as the extra packages (`busted`,
|
||||
`luafilesystem`) that you added to the environment.
|
||||
|
||||
#### Lua environment defined in `~/.config/nixpkgs/config.nix`
|
||||
|
||||
If you prefer to, you could also add the environment as a package override to the Nixpkgs set, e.g.
|
||||
using `config.nix`,
|
||||
```nix
|
||||
{ # ...
|
||||
|
||||
packageOverrides = pkgs: with pkgs; {
|
||||
myLuaEnv = lua5_2.withPackages (ps: with ps; [ busted luafilesystem ]);
|
||||
};
|
||||
}
|
||||
```
|
||||
and install it in your profile with
|
||||
```shell
|
||||
nix-env -iA nixpkgs.myLuaEnv
|
||||
```
|
||||
The environment is is installed by referring to the attribute, and considering
|
||||
the `nixpkgs` channel was used.
|
||||
|
||||
#### Lua environment defined in `/etc/nixos/configuration.nix`
|
||||
|
||||
For the sake of completeness, here's another example how to install the environment system-wide.
|
||||
|
||||
```nix
|
||||
{ # ...
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
(lua.withPackages(ps: with ps; [ busted luafilesystem ]))
|
||||
];
|
||||
}
|
||||
```
|
||||
|
||||
### How to override a Lua package using overlays?
|
||||
|
||||
Use the following overlay template:
|
||||
|
||||
```nix
|
||||
final: prev:
|
||||
{
|
||||
|
||||
lua = prev.lua.override {
|
||||
packageOverrides = luaself: luaprev: {
|
||||
|
||||
luarocks-nix = luaprev.luarocks-nix.overrideAttrs(oa: {
|
||||
pname = "luarocks-nix";
|
||||
src = /home/my_luarocks/repository;
|
||||
});
|
||||
};
|
||||
|
||||
luaPackages = lua.pkgs;
|
||||
}
|
||||
```
|
||||
|
||||
### Temporary Lua environment with `nix-shell`
|
||||
|
||||
|
||||
There are two methods for loading a shell with Lua packages. The first and recommended method
|
||||
is to create an environment with `lua.buildEnv` or `lua.withPackages` and load that. E.g.
|
||||
```sh
|
||||
$ nix-shell -p 'lua.withPackages(ps: with ps; [ busted luafilesystem ])'
|
||||
```
|
||||
opens a shell from which you can launch the interpreter
|
||||
```sh
|
||||
[nix-shell:~] lua
|
||||
```
|
||||
The other method, which is not recommended, does not create an environment and requires you to list the packages directly,
|
||||
|
||||
```sh
|
||||
$ nix-shell -p lua.pkgs.busted lua.pkgs.luafilesystem
|
||||
```
|
||||
Again, it is possible to launch the interpreter from the shell.
|
||||
The Lua interpreter has the attribute `pkgs` which contains all Lua libraries for that specific interpreter.
|
||||
|
||||
|
||||
## Developing with Lua
|
||||
|
||||
Now that you know how to get a working Lua environment with Nix, it is time
|
||||
to go forward and start actually developing with Lua. There are two ways to
|
||||
package lua software, either it is on luarocks and most of it can be taken care
|
||||
of by the luarocks2nix converter or the packaging has to be done manually.
|
||||
Let's present the luarocks way first and the manual one in a second time.
|
||||
|
||||
### Packaging a library on luarocks
|
||||
|
||||
[Luarocks.org](www.luarocks.org) is the main repository of lua packages.
|
||||
The site proposes two types of packages, the rockspec and the src.rock
|
||||
(equivalent of a [rockspec](https://github.com/luarocks/luarocks/wiki/Rockspec-format) but with the source).
|
||||
These packages can have different build types such as `cmake`, `builtin` etc .
|
||||
|
||||
Luarocks-based packages are generated in pkgs/development/lua-modules/generated-packages.nix from
|
||||
the whitelist maintainers/scripts/luarocks-packages.csv and updated by running maintainers/scripts/update-luarocks-packages.
|
||||
|
||||
[luarocks2nix](https://github.com/nix-community/luarocks) is a tool capable of generating nix derivations from both rockspec and src.rock (and favors the src.rock).
|
||||
The automation only goes so far though and some packages need to be customized.
|
||||
These customizations go in `pkgs/development/lua-modules/overrides.nix`.
|
||||
For instance if the rockspec defines `external_dependencies`, these need to be manually added in in its rockspec file then it won't work.
|
||||
|
||||
You can try converting luarocks packages to nix packages with the command `nix-shell -p luarocks-nix` and then `luarocks nix PKG_NAME`.
|
||||
Nix rely on luarocks to install lua packages, basically it runs:
|
||||
`luarocks make --deps-mode=none --tree $out`
|
||||
|
||||
#### Packaging a library manually
|
||||
|
||||
You can develop your package as you usually would, just don't forget to wrap it
|
||||
within a `toLuaModule` call, for instance
|
||||
```nix
|
||||
mynewlib = toLuaModule ( stdenv.mkDerivation { ... });
|
||||
```
|
||||
|
||||
There is also the `buildLuaPackage` function that can be used when lua modules
|
||||
are not packaged for luarocks. You can see a few examples at `pkgs/top-level/lua-packages.nix`.
|
||||
|
||||
## Lua Reference
|
||||
|
||||
### Lua interpreters
|
||||
|
||||
Versions 5.1, 5.2 and 5.3 of the lua interpreter are available as
|
||||
respectively `lua5_1`, `lua5_2` and `lua5_3`. Luajit is available too.
|
||||
The Nix expressions for the interpreters can be found in `pkgs/development/interpreters/lua-5`.
|
||||
|
||||
|
||||
#### Attributes on lua interpreters packages
|
||||
|
||||
Each interpreter has the following attributes:
|
||||
|
||||
- `interpreter`. Alias for `${pkgs.lua}/bin/lua`.
|
||||
- `buildEnv`. Function to build lua interpreter environments with extra packages bundled together. See section *lua.buildEnv function* for usage and documentation.
|
||||
- `withPackages`. Simpler interface to `buildEnv`.
|
||||
- `pkgs`. Set of Lua packages for that specific interpreter. The package set can be modified by overriding the interpreter and passing `packageOverrides`.
|
||||
|
||||
|
||||
#### `buildLuarocksPackage` function
|
||||
|
||||
The `buildLuarocksPackage` function is implemented in `pkgs/development/interpreters/lua-5/build-lua-package.nix`
|
||||
The following is an example:
|
||||
```nix
|
||||
luaposix = buildLuarocksPackage {
|
||||
pname = "luaposix";
|
||||
version = "34.0.4-1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/rocks-moonscript-org/moonrocks-mirror/master/luaposix-34.0.4-1.src.rock";
|
||||
sha256 = "0yrm5cn2iyd0zjd4liyj27srphvy0gjrjx572swar6zqr4dwjqp2";
|
||||
};
|
||||
disabled = (luaOlder "5.1") || (luaAtLeast "5.4");
|
||||
propagatedBuildInputs = [ bit32 lua std_normalize ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/luaposix/luaposix/";
|
||||
description = "Lua bindings for POSIX";
|
||||
maintainers = with maintainers; [ vyp lblasc ];
|
||||
license.fullName = "MIT/X11";
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
The `buildLuarocksPackage` delegates most tasks to luarocks:
|
||||
|
||||
* it adds `luarocks` as an unpacker for `src.rock` files (zip files really).
|
||||
* configurePhase` writes a temporary luarocks configuration file which location
|
||||
is exported via the environment variable `LUAROCKS_CONFIG`.
|
||||
* the `buildPhase` does nothing.
|
||||
* `installPhase` calls `luarocks make --deps-mode=none --tree $out` to build and
|
||||
install the package
|
||||
* In the `postFixup` phase, the `wrapLuaPrograms` bash function is called to
|
||||
wrap all programs in the `$out/bin/*` directory to include `$PATH`
|
||||
environment variable and add dependent libraries to script's `LUA_PATH` and
|
||||
`LUA_CPATH`.
|
||||
|
||||
By default `meta.platforms` is set to the same value as the interpreter unless overridden otherwise.
|
||||
|
||||
#### `buildLuaApplication` function
|
||||
|
||||
The `buildLuaApplication` function is practically the same as `buildLuaPackage`.
|
||||
The difference is that `buildLuaPackage` by default prefixes the names of the packages with the version of the interpreter.
|
||||
Because with an application we're not interested in multiple version the prefix is dropped.
|
||||
|
||||
#### lua.withPackages function
|
||||
|
||||
The `lua.withPackages` takes a function as an argument that is passed the set of lua packages and returns the list of packages to be included in the environment.
|
||||
Using the `withPackages` function, the previous example for the luafilesystem environment can be written like this:
|
||||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
||||
lua.withPackages (ps: [ps.luafilesystem])
|
||||
```
|
||||
|
||||
`withPackages` passes the correct package set for the specific interpreter version as an argument to the function. In the above example, `ps` equals `luaPackages`.
|
||||
But you can also easily switch to using `lua5_2`:
|
||||
```nix
|
||||
with import <nixpkgs> {};
|
||||
|
||||
lua5_2.withPackages (ps: [ps.lua])
|
||||
```
|
||||
|
||||
Now, `ps` is set to `lua52Packages`, matching the version of the interpreter.
|
||||
|
||||
|
||||
### Possible Todos
|
||||
|
||||
* export/use version specific variables such as `LUA_PATH_5_2`/`LUAROCKS_CONFIG_5_2`
|
||||
* let luarocks check for dependencies via exporting the different rocktrees in temporary config
|
||||
|
||||
### Lua Contributing guidelines
|
||||
|
||||
Following rules should be respected:
|
||||
|
||||
* Make sure libraries build for all Lua interpreters.
|
||||
* Commit names of Lua libraries should reflect that they are Lua libraries, so write for example `luaPackages.luafilesystem: 1.11 -> 1.12`.
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="sec-language-lua">
|
||||
<title>Lua</title>
|
||||
|
||||
<para>
|
||||
Lua packages are built by the <varname>buildLuaPackage</varname> function. This function is implemented in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/lua-modules/generic/default.nix"> <filename>pkgs/development/lua-modules/generic/default.nix</filename></link> and works similarly to <varname>buildPerlPackage</varname>. (See <xref linkend="sec-language-perl"/> for details.)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Lua packages are defined in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/lua-packages.nix"><filename>pkgs/top-level/lua-packages.nix</filename></link>. Most of them are simple. For example:
|
||||
<programlisting>
|
||||
fileSystem = buildLuaPackage {
|
||||
name = "filesystem-1.6.2";
|
||||
src = fetchurl {
|
||||
url = "https://github.com/keplerproject/luafilesystem/archive/v1_6_2.tar.gz";
|
||||
sha256 = "1n8qdwa20ypbrny99vhkmx8q04zd2jjycdb5196xdhgvqzk10abz";
|
||||
};
|
||||
meta = {
|
||||
homepage = "https://github.com/keplerproject/luafilesystem";
|
||||
hydraPlatforms = stdenv.lib.platforms.linux;
|
||||
maintainers = with maintainers; [ flosse ];
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Though, more complicated package should be placed in a seperate file in <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/lua-modules"><filename>pkgs/development/lua-modules</filename></link>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Lua packages accept additional parameter <varname>disabled</varname>, which defines the condition of disabling package from luaPackages. For example, if package has <varname>disabled</varname> assigned to <literal>lua.luaversion != "5.1"</literal>, it will not be included in any luaPackages except lua51Packages, making it only be built for lua 5.1.
|
||||
</para>
|
||||
</section>
|
|
@ -643,7 +643,7 @@ and in this case the `python38` interpreter is automatically used.
|
|||
Versions 2.7, 3.5, 3.6, 3.7 and 3.8 of the CPython interpreter are available as
|
||||
respectively `python27`, `python35`, `python36`, `python37` and `python38`. The
|
||||
aliases `python2` and `python3` correspond to respectively `python27` and
|
||||
`python37`. The default interpreter, `python`, maps to `python2`. The PyPy
|
||||
`python38`. The default interpreter, `python`, maps to `python2`. The PyPy
|
||||
interpreters compatible with Python 2.7 and 3 are available as `pypy27` and
|
||||
`pypy3`, with aliases `pypy2` mapping to `pypy27` and `pypy` mapping to `pypy2`.
|
||||
The Nix expressions for the interpreters can be found in
|
||||
|
@ -764,9 +764,6 @@ following are specific to `buildPythonPackage`:
|
|||
* `dontWrapPythonPrograms ? false`: Skip wrapping of Python programs.
|
||||
* `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment
|
||||
variable in wrapped programs.
|
||||
* `installFlags ? []`: A list of strings. Arguments to be passed to `pip
|
||||
install`. To pass options to `python setup.py install`, use
|
||||
`--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"]`.
|
||||
* `format ? "setuptools"`: Format of the source. Valid options are
|
||||
`"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`.
|
||||
`"setuptools"` is for when the source has a `setup.py` and `setuptools` is
|
||||
|
@ -782,6 +779,9 @@ following are specific to `buildPythonPackage`:
|
|||
* `namePrefix`: Prepends text to `${name}` parameter. In case of libraries, this
|
||||
defaults to `"python3.8-"` for Python 3.8, etc., and in case of applications
|
||||
to `""`.
|
||||
* `pipInstallFlags ? []`: A list of strings. Arguments to be passed to `pip
|
||||
install`. To pass options to `python setup.py install`, use
|
||||
`--install-option`. E.g., `pipInstallFlags=["--install-option='--cpp_implementation'"]`.
|
||||
* `pythonPath ? []`: List of packages to be added into `$PYTHONPATH`. Packages
|
||||
in `pythonPath` are not propagated (contrary to `propagatedBuildInputs`).
|
||||
* `preShellHook`: Hook to execute commands before `shellHook`.
|
||||
|
|
|
@ -75,6 +75,90 @@ pkgs.rustPlatform.buildRustPackage {
|
|||
}
|
||||
```
|
||||
|
||||
### Running package tests
|
||||
|
||||
When using `buildRustPackage`, the `checkPhase` is enabled by default and runs
|
||||
`cargo test` on the package to build. To make sure that we don't compile the
|
||||
sources twice and to actually test the artifacts that will be used at runtime,
|
||||
the tests will be ran in the `release` mode by default.
|
||||
|
||||
However, in some cases the test-suite of a package doesn't work properly in the
|
||||
`release` mode. For these situations, the mode for `checkPhase` can be changed like
|
||||
so:
|
||||
|
||||
```nix
|
||||
rustPlatform.buildRustPackage {
|
||||
/* ... */
|
||||
checkType = "debug";
|
||||
}
|
||||
```
|
||||
|
||||
Please note that the code will be compiled twice here: once in `release` mode
|
||||
for the `buildPhase`, and again in `debug` mode for the `checkPhase`.
|
||||
|
||||
#### Tests relying on the structure of the `target/` directory
|
||||
|
||||
Some tests may rely on the structure of the `target/` directory. Those tests
|
||||
are likely to fail because we use `cargo --target` during the build. This means that
|
||||
the artifacts
|
||||
[are stored in `target/<architecture>/release/`](https://doc.rust-lang.org/cargo/guide/build-cache.html),
|
||||
rather than in `target/release/`.
|
||||
|
||||
This can only be worked around by patching the affected tests accordingly.
|
||||
|
||||
#### Disabling package-tests
|
||||
|
||||
In some instances, it may be necessary to disable testing altogether (with `doCheck = false;`):
|
||||
|
||||
* If no tests exist -- the `checkPhase` should be explicitly disabled to skip
|
||||
unnecessary build steps to speed up the build.
|
||||
* If tests are highly impure (e.g. due to network usage).
|
||||
|
||||
There will obviously be some corner-cases not listed above where it's sensible to disable tests.
|
||||
The above are just guidelines, and exceptions may be granted on a case-by-case basis.
|
||||
|
||||
However, please check if it's possible to disable a problematic subset of the
|
||||
test suite and leave a comment explaining your reasoning.
|
||||
|
||||
### Building a package in `debug` mode
|
||||
|
||||
By default, `buildRustPackage` will use `release` mode for builds. If a package
|
||||
should be built in `debug` mode, it can be configured like so:
|
||||
|
||||
```nix
|
||||
rustPlatform.buildRustPackage {
|
||||
/* ... */
|
||||
buildType = "debug";
|
||||
}
|
||||
```
|
||||
|
||||
In this scenario, the `checkPhase` will be ran in `debug` mode as well.
|
||||
|
||||
### Custom `build`/`install`-procedures
|
||||
|
||||
Some packages may use custom scripts for building/installing, e.g. with a `Makefile`.
|
||||
In these cases, it's recommended to override the `buildPhase`/`installPhase`/`checkPhase`.
|
||||
|
||||
Otherwise, some steps may fail because of the modified directory structure of `target/`.
|
||||
|
||||
### Building a crate with an absent or out-of-date Cargo.lock file
|
||||
|
||||
`buildRustPackage` needs a `Cargo.lock` file to get all dependencies in the
|
||||
source code in a reproducible way. If it is missing or out-of-date one can use
|
||||
the `cargoPatches` attribute to update or add it.
|
||||
|
||||
```
|
||||
{ lib, rustPlatform, fetchFromGitHub }:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
(...)
|
||||
cargoPatches = [
|
||||
# a patch file to add/update Cargo.lock in the source code
|
||||
./add-Cargo.lock.patch
|
||||
];
|
||||
}
|
||||
```
|
||||
|
||||
## Compiling Rust crates using Nix instead of Cargo
|
||||
|
||||
### Simple operation
|
||||
|
|
10
third_party/nixpkgs/doc/stdenv/stdenv.xml
vendored
10
third_party/nixpkgs/doc/stdenv/stdenv.xml
vendored
|
@ -2081,6 +2081,16 @@ postInstall = ''
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
validatePkgConfig
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>validatePkgConfig</literal> hook validates all pkg-config (<filename>.pc</filename>) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
cmake
|
||||
|
|
|
@ -387,7 +387,7 @@ fi
|
|||
</screen>
|
||||
|
||||
<para>
|
||||
Now just run <literal>source $HOME/.profile</literal> and you can starting loading man pages from your environent.
|
||||
Now just run <literal>source $HOME/.profile</literal> and you can starting loading man pages from your environment.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
|
|
2
third_party/nixpkgs/flake.nix
vendored
2
third_party/nixpkgs/flake.nix
vendored
|
@ -1,8 +1,6 @@
|
|||
# Experimental flake interface to Nixpkgs.
|
||||
# See https://github.com/NixOS/rfcs/pull/49 for details.
|
||||
{
|
||||
edition = 201909;
|
||||
|
||||
description = "A collection of packages for the Nix package manager";
|
||||
|
||||
outputs = { self }:
|
||||
|
|
2
third_party/nixpkgs/lib/attrsets.nix
vendored
2
third_party/nixpkgs/lib/attrsets.nix
vendored
|
@ -253,7 +253,7 @@ rec {
|
|||
/* Like `mapAttrsRecursive', but it takes an additional predicate
|
||||
function that tells it whether to recursive into an attribute
|
||||
set. If it returns false, `mapAttrsRecursiveCond' does not
|
||||
recurse, but does apply the map function. It is returns true, it
|
||||
recurse, but does apply the map function. If it returns true, it
|
||||
does recurse, and does not apply the map function.
|
||||
|
||||
Type:
|
||||
|
|
8
third_party/nixpkgs/lib/kernel.nix
vendored
8
third_party/nixpkgs/lib/kernel.nix
vendored
|
@ -8,10 +8,10 @@ with lib;
|
|||
option = x:
|
||||
x // { optional = true; };
|
||||
|
||||
yes = { tristate = "y"; };
|
||||
no = { tristate = "n"; };
|
||||
module = { tristate = "m"; };
|
||||
freeform = x: { freeform = x; };
|
||||
yes = { tristate = "y"; optional = false; };
|
||||
no = { tristate = "n"; optional = false; };
|
||||
module = { tristate = "m"; optional = false; };
|
||||
freeform = x: { freeform = x; optional = false; };
|
||||
|
||||
/*
|
||||
Common patterns/legacy used in common-config/hardened/config.nix
|
||||
|
|
5
third_party/nixpkgs/lib/licenses.nix
vendored
5
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -276,6 +276,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
|
|||
fullName = "European Union Public License 1.2";
|
||||
};
|
||||
|
||||
fdl11 = spdx {
|
||||
spdxId = "GFDL-1.1-only";
|
||||
fullName = "GNU Free Documentation License v1.1 only";
|
||||
};
|
||||
|
||||
fdl12 = spdx {
|
||||
spdxId = "GFDL-1.2-only";
|
||||
fullName = "GNU Free Documentation License v1.2 only";
|
||||
|
|
2
third_party/nixpkgs/lib/minver.nix
vendored
2
third_party/nixpkgs/lib/minver.nix
vendored
|
@ -1,2 +1,2 @@
|
|||
# Expose the minimum required version for evaluating Nixpkgs
|
||||
"2.0"
|
||||
"2.2"
|
||||
|
|
|
@ -193,12 +193,6 @@
|
|||
githubId = 315003;
|
||||
name = "Adam Saponara";
|
||||
};
|
||||
aepsil0n = {
|
||||
email = "eduard.bopp@aepsil0n.de";
|
||||
github = "aepsil0n";
|
||||
githubId = 3098430;
|
||||
name = "Eduard Bopp";
|
||||
};
|
||||
aerialx = {
|
||||
email = "aaron+nixos@aaronlindsay.com";
|
||||
github = "AerialX";
|
||||
|
@ -1163,6 +1157,12 @@
|
|||
githubId = 24417923;
|
||||
name = "Renaud";
|
||||
};
|
||||
c00w = {
|
||||
email = "nix@daedrum.net";
|
||||
github = "c00w";
|
||||
githubId = 486199;
|
||||
name = "Colin";
|
||||
};
|
||||
c0deaddict = {
|
||||
email = "josvanbakel@protonmail.com";
|
||||
github = "c0deaddict";
|
||||
|
@ -1616,6 +1616,12 @@
|
|||
githubId = 12202789;
|
||||
name = "CrazedProgrammer";
|
||||
};
|
||||
cript0nauta = {
|
||||
email = "shareman1204@gmail.com";
|
||||
github = "cript0nauta";
|
||||
githubId = 1222362;
|
||||
name = "Matías Lang";
|
||||
};
|
||||
cryptix = {
|
||||
email = "cryptix@riseup.net";
|
||||
github = "cryptix";
|
||||
|
@ -2182,6 +2188,12 @@
|
|||
githubId = 50854;
|
||||
name = "edef";
|
||||
};
|
||||
edibopp = {
|
||||
email = "eduard.bopp@aepsil0n.de";
|
||||
github = "edibopp";
|
||||
githubId = 3098430;
|
||||
name = "Eduard Bopp";
|
||||
};
|
||||
emantor = {
|
||||
email = "rouven+nixos@czerwinskis.de";
|
||||
github = "emantor";
|
||||
|
@ -2540,6 +2552,16 @@
|
|||
githubId = 11909469;
|
||||
name = "Fabian Geiselhart";
|
||||
};
|
||||
fabianhauser = {
|
||||
email = "fabian.nixos@fh2.ch";
|
||||
github = "fabianhauser";
|
||||
githubId = 368799;
|
||||
name = "Fabian Hauser";
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0x8A52A140BEBF7D2C";
|
||||
fingerprint = "50B7 11F4 3DFD 2018 DCE6 E8D0 8A52 A140 BEBF 7D2C";
|
||||
}];
|
||||
};
|
||||
fadenb = {
|
||||
email = "tristan.helmich+nixos@gmail.com";
|
||||
github = "fadenb";
|
||||
|
@ -3514,6 +3536,12 @@
|
|||
githubId = 1608697;
|
||||
name = "Jens Binkert";
|
||||
};
|
||||
jeremyschlatter = {
|
||||
email = "github@jeremyschlatter.com";
|
||||
github = "jeremyschlatter";
|
||||
githubId = 5741620;
|
||||
name = "Jeremy Schlatter";
|
||||
};
|
||||
jerith666 = {
|
||||
email = "github@matt.mchenryfamily.org";
|
||||
github = "jerith666";
|
||||
|
@ -3855,6 +3883,12 @@
|
|||
githubId = 11947756;
|
||||
name = "Julien Dehos";
|
||||
};
|
||||
julm = {
|
||||
email = "julm+nix@sourcephile.fr";
|
||||
github = "ju1m";
|
||||
githubId = 21160136;
|
||||
name = "Julien Moutinho";
|
||||
};
|
||||
jumper149 = {
|
||||
email = "felixspringer149@gmail.com";
|
||||
github = "jumper149";
|
||||
|
@ -3867,6 +3901,12 @@
|
|||
githubId = 2396926;
|
||||
name = "Justin Woo";
|
||||
};
|
||||
jwatt = {
|
||||
email = "jwatt@broken.watch";
|
||||
github = "jjwatt";
|
||||
githubId = 2397327;
|
||||
name = "Jesse Wattenbarger";
|
||||
};
|
||||
jwiegley = {
|
||||
email = "johnw@newartisans.com";
|
||||
github = "jwiegley";
|
||||
|
@ -4649,6 +4689,16 @@
|
|||
githubId = 26020062;
|
||||
name = "lumi";
|
||||
};
|
||||
lunik1 = {
|
||||
email = "ch.nixpkgs@themaw.xyz";
|
||||
github = "lunik1";
|
||||
githubId = 13547699;
|
||||
name = "Corin Hoad";
|
||||
keys = [{
|
||||
longkeyid = "rsa2048/0x6A37DF9483188492";
|
||||
fingerprint = "BA3A 5886 AE6D 526E 20B4 57D6 6A37 DF94 8318 8492";
|
||||
}];
|
||||
};
|
||||
luz = {
|
||||
email = "luz666@daum.net";
|
||||
github = "Luz";
|
||||
|
@ -5017,6 +5067,12 @@
|
|||
githubId = 223323;
|
||||
name = "Miguel de la Cruz";
|
||||
};
|
||||
mgdm = {
|
||||
email = "michael@mgdm.net";
|
||||
github = "mgdm";
|
||||
githubId = 71893;
|
||||
name = "Michael Maclean";
|
||||
};
|
||||
mgregoire = {
|
||||
email = "gregoire@martinache.net";
|
||||
github = "M-Gregoire";
|
||||
|
@ -5144,6 +5200,12 @@
|
|||
fingerprint = "3196 83D3 9A1B 4DE1 3DC2 51FD FEA8 88C9 F5D6 4F62";
|
||||
}];
|
||||
};
|
||||
mir06 = {
|
||||
email = "armin.leuprecht@uni-graz.at";
|
||||
github = "mir06";
|
||||
githubId = 8479244;
|
||||
name = "Armin Leuprecht";
|
||||
};
|
||||
mirdhyn = {
|
||||
email = "mirdhyn@gmail.com";
|
||||
github = "mirdhyn";
|
||||
|
@ -6308,10 +6370,6 @@
|
|||
githubId = 23097564;
|
||||
name = "Nora Widdecke";
|
||||
};
|
||||
pxc = {
|
||||
email = "patrick.callahan@latitudeengineering.com";
|
||||
name = "Patrick Callahan";
|
||||
};
|
||||
pyrolagus = {
|
||||
email = "pyrolagus@gmail.com";
|
||||
github = "PyroLagus";
|
||||
|
@ -6980,6 +7038,12 @@
|
|||
githubId = 2343853;
|
||||
name = "Sean Zicari";
|
||||
};
|
||||
seb314 = {
|
||||
email = "sebastian@seb314.com";
|
||||
github = "seb314";
|
||||
githubId = 19472270;
|
||||
name = "Sebastian";
|
||||
};
|
||||
sellout = {
|
||||
email = "greg@technomadic.org";
|
||||
github = "sellout";
|
||||
|
@ -7050,6 +7114,12 @@
|
|||
githubId = 1588288;
|
||||
name = "Shahrukh Khan";
|
||||
};
|
||||
shamilton = {
|
||||
email = "sgn.hamilton@protonmail.com";
|
||||
github = "SCOTT-HAMILTON";
|
||||
githubId = 24496705;
|
||||
name = "Scott Hamilton";
|
||||
};
|
||||
shanemikel = {
|
||||
email = "shanepearlman@pm.me";
|
||||
github = "shanemikel";
|
||||
|
|
|
@ -12,12 +12,13 @@ compat53,,,,,vcunat
|
|||
cosmo,,,,,marsam
|
||||
coxpcall,,,1.17.0-1,,
|
||||
cqueues,,,,,vcunat
|
||||
cyrussasl,,,,,vcunat
|
||||
cyrussasl,,,,,
|
||||
digestif,,,,lua5_3,
|
||||
dkjson,,,,,
|
||||
fifo,,,,,
|
||||
http,,,,,vcunat
|
||||
inspect,,,,,
|
||||
ldbus,,http://luarocks.org/dev,,,
|
||||
ldoc,,,,,
|
||||
lgi,,,,,
|
||||
linenoise,,,,,
|
||||
|
@ -50,9 +51,9 @@ luaepnf,,,,,
|
|||
luaevent,,,,,
|
||||
luaexpat,,,1.3.0-1,,arobyn flosse
|
||||
luaffi,,http://luarocks.org/dev,,,
|
||||
luafilesystem,,,1.7.0-2,,flosse vcunat
|
||||
luafilesystem,,,1.7.0-2,,flosse
|
||||
lualogging,,,,,
|
||||
luaossl,,,,lua5_1,vcunat
|
||||
luaossl,,,,lua5_1,
|
||||
luaposix,,,,,vyp lblasc
|
||||
luarepl,,,,,
|
||||
luasec,,,,,flosse
|
||||
|
@ -65,6 +66,7 @@ luazip,,,,,
|
|||
lua-yajl,,,,,pstn
|
||||
luuid,,,,,
|
||||
luv,,,,,
|
||||
lyaml,,,,,lblasc
|
||||
markdown,,,,,
|
||||
mediator_lua,,,,,
|
||||
mpack,,,,,
|
||||
|
|
|
26
third_party/nixpkgs/maintainers/team-list.nix
vendored
26
third_party/nixpkgs/maintainers/team-list.nix
vendored
|
@ -34,6 +34,20 @@ with lib.maintainers; {
|
|||
scope = "Maintain Freedesktop.org packages for graphical desktop.";
|
||||
};
|
||||
|
||||
golang = {
|
||||
members = [
|
||||
c00w
|
||||
cstrahan
|
||||
Frostman
|
||||
kalbasit
|
||||
mic92
|
||||
orivej
|
||||
rvolosatovs
|
||||
zowoq
|
||||
];
|
||||
scope = "Maintain Golang compilers.";
|
||||
};
|
||||
|
||||
gnome = {
|
||||
members = [
|
||||
hedning
|
||||
|
@ -43,6 +57,18 @@ with lib.maintainers; {
|
|||
scope = "Maintain GNOME desktop environment and platform.";
|
||||
};
|
||||
|
||||
matrix = {
|
||||
members = [
|
||||
ma27
|
||||
pacien
|
||||
fadenb
|
||||
mguentner
|
||||
ekleog
|
||||
ralith
|
||||
];
|
||||
scope = "Maintain the ecosystem around Matrix, a decentralized messenger.";
|
||||
};
|
||||
|
||||
php = {
|
||||
members = [
|
||||
aanderse
|
||||
|
|
|
@ -19,9 +19,9 @@
|
|||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Start a root shell if something goes wrong in stage 1 of the boot process
|
||||
(the initial ramdisk). This is disabled by default because there is no
|
||||
authentication for the root shell.
|
||||
Allows the user to start a root shell if something goes wrong in stage 1
|
||||
of the boot process (the initial ramdisk). This is disabled by default
|
||||
because there is no authentication for the root shell.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -49,6 +49,22 @@
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<literal>boot.debug1mounts</literal>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Like <literal>boot.debug1</literal> or
|
||||
<literal>boot.debug1devices</literal>, but runs stage1 until all
|
||||
filesystems that are mounted during initrd are mounted (see
|
||||
<option><link linkend="opt-fileSystems._name__.neededForBoot">neededForBoot</link></option>
|
||||
). As a motivating example, this could be useful if you've forgotten to set
|
||||
<option><link linkend="opt-fileSystems._name__.neededForBoot">neededForBoot</link></option>
|
||||
on a file system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<literal>boot.trace</literal>
|
||||
|
@ -90,6 +106,15 @@
|
|||
<manvolnum>1</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Notice that for <literal>boot.shell_on_fail</literal>,
|
||||
<literal>boot.debug1</literal>, <literal>boot.debug1devices</literal>, and
|
||||
<literal>boot.debug1mounts</literal>, if you did <emphasis>not</emphasis>
|
||||
select "start the new shell as pid 1", and you <literal>exit</literal> from
|
||||
the new shell, boot will proceed normally from the point where it failed, as
|
||||
if you'd chosen "ignore the error and continue".
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If no login prompts or X11 login screens appear (e.g. due to hanging
|
||||
dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start
|
||||
|
|
|
@ -89,7 +89,7 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen>
|
|||
NixOS partition. They are installed by default on NixOS, but you don't have
|
||||
NixOS yet..
|
||||
</para>
|
||||
<screen><prompt>$ </prompt>nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen>
|
||||
<screen><prompt>$ </prompt>nix-env -f '<nixpkgs/nixos>' --arg configuration {} -iA config.system.build.{nixos-generate-config,nixos-install,nixos-enter,manual.manpages}</screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<note>
|
||||
|
|
|
@ -42,6 +42,11 @@
|
|||
PHP now defaults to PHP 7.4, updated from 7.3.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Python 3 now defaults to Python 3.8 instead of 3.7.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
|
||||
|
@ -89,6 +94,22 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
|
|||
When MariaDB data directory is just upgraded (not initialized), the users are not created or modified.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
MySQL server is now started with additional systemd sandbox/hardening options for better security. The PrivateTmp, ProtectHome, and ProtectSystem options
|
||||
may be problematic when MySQL is attempting to read from or write to your filesystem anywhere outside of its own state directory, for example when
|
||||
calling <literal>LOAD DATA INFILE or SELECT * INTO OUTFILE</literal>. In this scenario a variant of the following may be required:
|
||||
- allow MySQL to read from /home and /tmp directories when using <literal>LOAD DATA INFILE</literal>
|
||||
<programlisting>
|
||||
systemd.services.mysql.serviceConfig.ProtectHome = lib.mkForce "read-only";
|
||||
</programlisting>
|
||||
- allow MySQL to write to custom folder <literal>/var/data</literal> when using <literal>SELECT * INTO OUTFILE</literal>, assuming the mysql user has write
|
||||
access to <literal>/var/data</literal>
|
||||
<programlisting>
|
||||
systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ];
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -176,6 +197,12 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
|
|||
<link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>vmware</literal> has been removed from the <literal>services.x11.videoDrivers</literal> defaults.
|
||||
For VMWare guests set <literal>virtualisation.vmware.guest.enable</literal> to <literal>true</literal> which will include the appropriate drivers.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The initrd SSH support now uses OpenSSH rather than Dropbear to
|
||||
|
@ -441,6 +468,28 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
|||
recommended to only use lower-case characters.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The GRUB specific option <option>boot.loader.grub.extraInitrd</option>
|
||||
has been replaced with the generic option
|
||||
<option>boot.initrd.secrets</option>. This option creates a secondary
|
||||
initrd from the specified files, rather than using a manually created
|
||||
initrd file.
|
||||
|
||||
Due to an existing bug with <option>boot.loader.grub.extraInitrd</option>,
|
||||
it is not possible to directly boot an older generation that used that
|
||||
option. It is still possible to rollback to that generation if the required
|
||||
initrd file has not been deleted.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link>
|
||||
package and NixOS module have been removed from Nixpkgs as the software is
|
||||
unmaintained and can't be built. For more information see issue
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -452,6 +501,9 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
|||
<title>Other Notable Changes</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>SD images are now compressed by default using <literal>zstd</literal>. The compression for ISO images has also been changed to <literal>zstd</literal>, but ISO images are still not compressed by default.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<option>services.journald.rateLimitBurst</option> was updated from
|
||||
|
@ -468,9 +520,32 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
|||
the <literal>notmuch.emacs</literal> output.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Packages built using <literal>buildRustPackage</literal> now use <literal>release</literal>
|
||||
mode for the <literal>checkPhase</literal> by default.
|
||||
</para>
|
||||
<para>
|
||||
Please note that Rust packages utilizing a custom build/install procedure
|
||||
(e.g. by using a <filename>Makefile</filename>) or test suites that rely on the
|
||||
structure of the <filename>target/</filename> directory may break due to those assumptions.
|
||||
For further information, please read the Rust section in the Nixpkgs manual.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>.
|
||||
The cc- and binutils-wrapper's "infix salt" and <literal>_BUILD_</literal> and <literal>_TARGET_</literal> user infixes have been replaced with with a "suffix salt" and suffixes and <literal>_FOR_BUILD</literal> and <literal>_FOR_TARGET</literal>.
|
||||
This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Additional Git documentation (HTML and text files) is now available via the <literal>git-doc</literal> package.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -501,6 +576,72 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
|||
<link xlink:href="https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0">in the Grafana documentation</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>hardware.u2f</literal> module, which was installing udev rules
|
||||
was removed, as udev gained native support to handle FIDO security tokens.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>)
|
||||
has it's netlink socket created through a <literal>systemd.socket</literal> unit. This gives us control over
|
||||
socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual)
|
||||
devices the default buffer size (currently 128MB) is not enough.
|
||||
</para>
|
||||
<para>
|
||||
On a machine with >100 virtual interfaces (e.g., wireguard tunnels, VLANs, …), that all have to
|
||||
be brought up during system startup, the receive buffer size will spike for a brief period.
|
||||
Eventually some of the message will be dropped since there is not enough (permitted) buffer
|
||||
space available.
|
||||
</para>
|
||||
<para>
|
||||
By having <literal>systemd-networkd</literal> start with a netlink socket created by
|
||||
<literal>systemd</literal> we can configure the <literal>ReceiveBufferSize=</literal> parameter
|
||||
in the socket options (i.e. <literal>systemd.sockets.systemd-networkd.socketOptions.ReceiveBufferSize</literal>)
|
||||
without recompiling <literal>systemd-networkd</literal>.
|
||||
</para>
|
||||
<para>
|
||||
Since the actual memory requirements depend on hardware, timing, exact
|
||||
configurations etc. it isn't currently possible to infer a good default
|
||||
from within the NixOS module system. Administrators are advised to
|
||||
monitor the logs of <literal>systemd-networkd</literal> for <literal>rtnl: kernel receive buffer
|
||||
overrun</literal> spam and increase the memory limit as they see fit.
|
||||
</para>
|
||||
<para>
|
||||
Note: Increasing the <literal>ReceiveBufferSize=</literal> doesn't allocate any memory. It just increases
|
||||
the upper bound on the kernel side. The memory allocation depends on the amount of messages that are
|
||||
queued on the kernel side of the netlink socket.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifying <link linkend="opt-services.dovecot2.mailboxes">mailboxes</link> in the <package>dovecot2</package> module
|
||||
as a list is deprecated and will break eval in 21.03. Instead, an attribute-set should be specified where the <literal>name</literal>
|
||||
should be the key of the attribute.
|
||||
</para>
|
||||
<para>
|
||||
This means that a configuration like this
|
||||
<programlisting>{
|
||||
<link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = [
|
||||
{ name = "Junk";
|
||||
auto = "create";
|
||||
}
|
||||
];
|
||||
}</programlisting>
|
||||
should now look like this:
|
||||
<programlisting>{
|
||||
<link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = {
|
||||
Junk.auto = "create";
|
||||
};
|
||||
}</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<package>netbeans</package> was upgraded to 12.0 and now defaults to OpenJDK 11. This might cause problems if your projects depend on packages that were removed in Java 11.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
|
||||
, name ? "nixos-disk-image"
|
||||
|
||||
, # Disk image format, one of qcow2, qcow2-compressed, vpc, raw.
|
||||
, # Disk image format, one of qcow2, qcow2-compressed, vdi, vpc, raw.
|
||||
format ? "raw"
|
||||
}:
|
||||
|
||||
|
@ -57,6 +57,7 @@ let format' = format; in let
|
|||
|
||||
filename = "nixos." + {
|
||||
qcow2 = "qcow2";
|
||||
vdi = "vdi";
|
||||
vpc = "vhd";
|
||||
raw = "img";
|
||||
}.${format};
|
||||
|
|
|
@ -34,8 +34,8 @@
|
|||
, # The path (outside the ISO file system) of the isohybrid-mbr image.
|
||||
isohybridMbrImage ? ""
|
||||
|
||||
, # Whether to compress the resulting ISO image with bzip2.
|
||||
compressImage ? false
|
||||
, # Whether to compress the resulting ISO image with zstd.
|
||||
compressImage ? false, zstd
|
||||
|
||||
, # The volume ID.
|
||||
volumeID ? ""
|
||||
|
@ -48,7 +48,7 @@ assert usbBootable -> isohybridMbrImage != "";
|
|||
stdenv.mkDerivation {
|
||||
name = isoName;
|
||||
builder = ./make-iso9660-image.sh;
|
||||
buildInputs = [ xorriso syslinux ];
|
||||
buildInputs = [ xorriso syslinux zstd ];
|
||||
|
||||
inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable;
|
||||
|
||||
|
|
|
@ -129,9 +129,14 @@ fi
|
|||
|
||||
if test -n "$compressImage"; then
|
||||
echo "Compressing image..."
|
||||
bzip2 $out/iso/$isoName
|
||||
zstd -T$NIX_BUILD_CORES --rm $out/iso/$isoName
|
||||
fi
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
echo $system > $out/nix-support/system
|
||||
echo "file iso $out/iso/$isoName" >> $out/nix-support/hydra-build-products
|
||||
|
||||
if test -n "$compressImage"; then
|
||||
echo "file iso $out/iso/$isoName.zst" >> $out/nix-support/hydra-build-products
|
||||
else
|
||||
echo "file iso $out/iso/$isoName" >> $out/nix-support/hydra-build-products
|
||||
fi
|
||||
|
|
|
@ -68,7 +68,8 @@ with lib;
|
|||
config = {
|
||||
|
||||
environment.systemPackages =
|
||||
optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales;
|
||||
# We increase the priority a little, so that plain glibc in systemPackages can't win.
|
||||
optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales);
|
||||
|
||||
environment.sessionVariables =
|
||||
{ LANG = config.i18n.defaultLocale;
|
||||
|
|
|
@ -8,8 +8,7 @@ with lib;
|
|||
let
|
||||
|
||||
requiredPackages = map (pkg: setPrio ((pkg.meta.priority or 5) + 3) pkg)
|
||||
[ config.nix.package
|
||||
pkgs.acl
|
||||
[ pkgs.acl
|
||||
pkgs.attr
|
||||
pkgs.bashInteractive # bash with ncurses support
|
||||
pkgs.bzip2
|
||||
|
@ -33,7 +32,6 @@ let
|
|||
pkgs.nano
|
||||
pkgs.ncurses
|
||||
pkgs.netcat
|
||||
pkgs.nix-info
|
||||
config.programs.ssh.package
|
||||
pkgs.perl
|
||||
pkgs.procps
|
||||
|
@ -43,6 +41,7 @@ let
|
|||
pkgs.time
|
||||
pkgs.utillinux
|
||||
pkgs.which # 88K size
|
||||
pkgs.zstd
|
||||
];
|
||||
|
||||
in
|
||||
|
|
|
@ -600,6 +600,38 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
warnings =
|
||||
builtins.filter (x: x != null) (
|
||||
flip mapAttrsToList cfg.users (name: user:
|
||||
# This regex matches a subset of the Modular Crypto Format (MCF)[1]
|
||||
# informal standard. Since this depends largely on the OS or the
|
||||
# specific implementation of crypt(3) we only support the (sane)
|
||||
# schemes implemented by glibc and BSDs. In particular the original
|
||||
# DES hash is excluded since, having no structure, it would validate
|
||||
# common mistakes like typing the plaintext password.
|
||||
#
|
||||
# [1]: https://en.wikipedia.org/wiki/Crypt_(C)
|
||||
let
|
||||
sep = "\\$";
|
||||
base64 = "[a-zA-Z0-9./]+";
|
||||
id = "[a-z0-9-]+";
|
||||
value = "[a-zA-Z0-9/+.-]+";
|
||||
options = "${id}(=${value})?(,${id}=${value})*";
|
||||
scheme = "${id}(${sep}${options})?";
|
||||
content = "${base64}${sep}${base64}";
|
||||
mcf = "^${sep}${scheme}${sep}${content}$";
|
||||
in
|
||||
if (user.hashedPassword != null
|
||||
&& builtins.match mcf user.hashedPassword == null)
|
||||
then
|
||||
''
|
||||
The password hash of user "${name}" may be invalid. You must set a
|
||||
valid hash or the user will be locked out of his account. Please
|
||||
check the value of option `users.users."${name}".hashedPassword`.
|
||||
''
|
||||
else null
|
||||
));
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -413,7 +413,7 @@ in
|
|||
default = false;
|
||||
description = ''
|
||||
Whether the ISO image should be compressed using
|
||||
<command>bzip2</command>.
|
||||
<command>zstd</command>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ in
|
|||
default = true;
|
||||
description = ''
|
||||
Whether the SD image should be compressed using
|
||||
<command>bzip2</command>.
|
||||
<command>zstd</command>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -130,10 +130,10 @@ in
|
|||
sdImage.storePaths = [ config.system.build.toplevel ];
|
||||
|
||||
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
|
||||
mtools, libfaketime, utillinux, bzip2, zstd }: stdenv.mkDerivation {
|
||||
mtools, libfaketime, utillinux, zstd }: stdenv.mkDerivation {
|
||||
name = config.sdImage.imageName;
|
||||
|
||||
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux bzip2 zstd ];
|
||||
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux zstd ];
|
||||
|
||||
inherit (config.sdImage) compressImage;
|
||||
|
||||
|
@ -143,7 +143,7 @@ in
|
|||
|
||||
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
|
||||
if test -n "$compressImage"; then
|
||||
echo "file sd-image $img.bz2" >> $out/nix-support/hydra-build-products
|
||||
echo "file sd-image $img.zst" >> $out/nix-support/hydra-build-products
|
||||
else
|
||||
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
|
||||
fi
|
||||
|
@ -190,7 +190,7 @@ in
|
|||
fsck.vfat -vn firmware_part.img
|
||||
dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS
|
||||
if test -n "$compressImage"; then
|
||||
bzip2 $img
|
||||
zstd -T$NIX_BUILD_CORES --rm $img
|
||||
fi
|
||||
'';
|
||||
}) {};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
x86_64-linux = "/nix/store/xb0nl3z356n0sfrhswfli2g19a19slys-nix-2.3.5";
|
||||
i686-linux = "/nix/store/k8kdd4yy1yap6lai5idyhmzcwsjh1fik-nix-2.3.5";
|
||||
aarch64-linux = "/nix/store/dr86cbipxqjcb8pf2k0v8wvw0h0adfpz-nix-2.3.5";
|
||||
x86_64-darwin = "/nix/store/n6dqdndkv9kac66kdr988kaiyavl44x8-nix-2.3.5";
|
||||
x86_64-linux = "/nix/store/j8dbv5w6jl34caywh2ygdy88knx1mdf7-nix-2.3.6";
|
||||
i686-linux = "/nix/store/9fqvbdisahqp0238vrs7wn5anpri0a65-nix-2.3.6";
|
||||
aarch64-linux = "/nix/store/72pwn0nm9bjqx9vpi8sgh4bl6g5wh814-nix-2.3.6";
|
||||
x86_64-darwin = "/nix/store/g37vk77m90p5zcl5nixjlzp3vqpisfn5-nix-2.3.6";
|
||||
}
|
||||
|
|
|
@ -239,7 +239,6 @@ in
|
|||
shout = 206;
|
||||
gateone = 207;
|
||||
namecoin = 208;
|
||||
dnschain = 209;
|
||||
#lxd = 210; # unused
|
||||
kibana = 211;
|
||||
xtreemfs = 212;
|
||||
|
@ -549,7 +548,6 @@ in
|
|||
#shout = 206; #unused
|
||||
gateone = 207;
|
||||
namecoin = 208;
|
||||
#dnschain = 209; #unused
|
||||
lxd = 210; # unused
|
||||
#kibana = 211;
|
||||
xtreemfs = 212;
|
||||
|
|
|
@ -126,6 +126,7 @@
|
|||
./programs/gpaste.nix
|
||||
./programs/gnupg.nix
|
||||
./programs/gphoto2.nix
|
||||
./programs/hamster.nix
|
||||
./programs/iftop.nix
|
||||
./programs/iotop.nix
|
||||
./programs/java.nix
|
||||
|
@ -334,6 +335,7 @@
|
|||
./services/games/minecraft-server.nix
|
||||
./services/games/minetest-server.nix
|
||||
./services/games/openarena.nix
|
||||
./services/games/teeworlds.nix
|
||||
./services/games/terraria.nix
|
||||
./services/hardware/acpid.nix
|
||||
./services/hardware/actkbd.nix
|
||||
|
@ -361,7 +363,6 @@
|
|||
./services/hardware/throttled.nix
|
||||
./services/hardware/trezord.nix
|
||||
./services/hardware/triggerhappy.nix
|
||||
./services/hardware/u2f.nix
|
||||
./services/hardware/udev.nix
|
||||
./services/hardware/udisks2.nix
|
||||
./services/hardware/upower.nix
|
||||
|
@ -601,7 +602,6 @@
|
|||
./services/networking/dhcpcd.nix
|
||||
./services/networking/dhcpd.nix
|
||||
./services/networking/dnscache.nix
|
||||
./services/networking/dnschain.nix
|
||||
./services/networking/dnscrypt-proxy2.nix
|
||||
./services/networking/dnscrypt-wrapper.nix
|
||||
./services/networking/dnsdist.nix
|
||||
|
@ -624,6 +624,7 @@
|
|||
./services/networking/gdomap.nix
|
||||
./services/networking/git-daemon.nix
|
||||
./services/networking/gnunet.nix
|
||||
./services/networking/go-neb.nix
|
||||
./services/networking/go-shadowsocks2.nix
|
||||
./services/networking/gogoclient.nix
|
||||
./services/networking/gvpe.nix
|
||||
|
@ -806,7 +807,6 @@
|
|||
./services/security/torsocks.nix
|
||||
./services/security/usbguard.nix
|
||||
./services/security/vault.nix
|
||||
./services/system/cgmanager.nix
|
||||
./services/system/cloud-init.nix
|
||||
./services/system/dbus.nix
|
||||
./services/system/earlyoom.nix
|
||||
|
|
|
@ -238,9 +238,6 @@ in
|
|||
"/share/bash-completion"
|
||||
];
|
||||
|
||||
environment.systemPackages = optional cfg.enableCompletion
|
||||
pkgs.nix-bash-completions;
|
||||
|
||||
environment.shells =
|
||||
[ "/run/current-system/sw/bin/bash"
|
||||
"/run/current-system/sw/bin/sh"
|
||||
|
|
15
third_party/nixpkgs/nixos/modules/programs/hamster.nix
vendored
Normal file
15
third_party/nixpkgs/nixos/modules/programs/hamster.nix
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
meta.maintainers = maintainers.fabianhauser;
|
||||
|
||||
options.programs.hamster.enable =
|
||||
mkEnableOption "Whether to enable hamster time tracking.";
|
||||
|
||||
config = lib.mkIf config.programs.hamster.enable {
|
||||
environment.systemPackages = [ pkgs.hamster ];
|
||||
services.dbus.packages = [ pkgs.hamster ];
|
||||
};
|
||||
}
|
|
@ -194,6 +194,33 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
kexAlgorithms = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
example = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ];
|
||||
description = ''
|
||||
Specifies the available KEX (Key Exchange) algorithms.
|
||||
'';
|
||||
};
|
||||
|
||||
ciphers = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
example = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" ];
|
||||
description = ''
|
||||
Specifies the ciphers allowed and their order of preference.
|
||||
'';
|
||||
};
|
||||
|
||||
macs = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
example = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha1" ];
|
||||
description = ''
|
||||
Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used
|
||||
for data integrity protection.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -232,6 +259,9 @@ in
|
|||
|
||||
${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"}
|
||||
${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"}
|
||||
${optionalString (cfg.kexAlgorithms != null) "KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}"}
|
||||
${optionalString (cfg.ciphers != null) "Ciphers ${concatStringsSep "," cfg.ciphers}"}
|
||||
${optionalString (cfg.macs != null) "MACs ${concatStringsSep "," cfg.macs}"}
|
||||
'';
|
||||
|
||||
environment.etc."ssh/ssh_known_hosts".text = knownHostsText;
|
||||
|
|
|
@ -21,9 +21,11 @@ in
|
|||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPass" ] [ "services" "ssmtp" "authPass" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
|
||||
|
||||
(mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
|
||||
(mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
|
||||
];
|
||||
|
||||
options = {
|
||||
|
@ -45,6 +47,21 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = with types; attrsOf (oneOf [ bool str ]);
|
||||
default = {};
|
||||
description = ''
|
||||
<citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
|
||||
to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
|
||||
'';
|
||||
example = literalExample ''
|
||||
{
|
||||
Debug = true;
|
||||
FromLineOverride = false;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
example = "mail.example.org";
|
||||
|
@ -101,18 +118,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
authPass = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "correctHorseBatteryStaple";
|
||||
description = ''
|
||||
Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
||||
|
||||
It's recommended to use <option>authPassFile</option>
|
||||
which takes precedence over <option>authPass</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
authPassFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
@ -121,11 +126,6 @@ in
|
|||
Path to a file that contains the password used for SMTP auth. The file
|
||||
should not contain a trailing newline, if the password does not contain one.
|
||||
This file should be readable by the users that need to execute ssmtp.
|
||||
|
||||
<option>authPassFile</option> takes precedence over <option>authPass</option>.
|
||||
|
||||
Warning: when <option>authPass</option> is non-empty <option>authPassFile</option>
|
||||
defaults to a file in the WORLD-READABLE Nix store containing that password.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -142,25 +142,28 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.ssmtp.authPassFile = mkIf (cfg.authPass != "")
|
||||
(mkDefault (toString (pkgs.writeTextFile {
|
||||
name = "ssmtp-authpass";
|
||||
text = cfg.authPass;
|
||||
})));
|
||||
services.ssmtp.settings = mkMerge [
|
||||
({
|
||||
MailHub = cfg.hostName;
|
||||
FromLineOverride = mkDefault true;
|
||||
UseTLS = cfg.useTLS;
|
||||
UseSTARTTLS = cfg.useSTARTTLS;
|
||||
})
|
||||
(mkIf (cfg.root != "") { root = cfg.root; })
|
||||
(mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
|
||||
(mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
|
||||
(mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
|
||||
];
|
||||
|
||||
environment.etc."ssmtp/ssmtp.conf".text =
|
||||
let yesNo = yes : if yes then "YES" else "NO"; in
|
||||
''
|
||||
MailHub=${cfg.hostName}
|
||||
FromLineOverride=YES
|
||||
${optionalString (cfg.root != "") "root=${cfg.root}"}
|
||||
${optionalString (cfg.domain != "") "rewriteDomain=${cfg.domain}"}
|
||||
UseTLS=${yesNo cfg.useTLS}
|
||||
UseSTARTTLS=${yesNo cfg.useSTARTTLS}
|
||||
#Debug=YES
|
||||
${optionalString (cfg.authUser != "") "AuthUser=${cfg.authUser}"}
|
||||
${optionalString (cfg.authPassFile != null) "AuthPassFile=${cfg.authPassFile}"}
|
||||
'';
|
||||
environment.etc."ssmtp/ssmtp.conf".source =
|
||||
let
|
||||
toStr = value:
|
||||
if value == true then "YES"
|
||||
else if value == false then "NO"
|
||||
else builtins.toString value
|
||||
;
|
||||
in
|
||||
pkgs.writeText "ssmtp.conf" (concatStringsSep "\n" (mapAttrsToList (key: value: "${key}=${toStr value}") cfg.settings));
|
||||
|
||||
environment.systemPackages = [pkgs.ssmtp];
|
||||
|
||||
|
|
7
third_party/nixpkgs/nixos/modules/rename.nix
vendored
7
third_party/nixpkgs/nixos/modules/rename.nix
vendored
|
@ -24,6 +24,7 @@ with lib;
|
|||
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
|
||||
(mkRemovedOptionModule ["services" "cgmanager" "enable"] "cgmanager was deprecated by lxc and therefore removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
||||
|
@ -54,6 +55,12 @@ with lib;
|
|||
prey-bash-client is deprecated upstream
|
||||
'')
|
||||
|
||||
(mkRemovedOptionModule ["hardware" "u2f" ] ''
|
||||
The U2F modules module was removed, as all it did was adding the
|
||||
udev rules from libu2f-host to the system. Udev gained native support
|
||||
to handle FIDO security tokens, so this isn't necessary anymore.
|
||||
'')
|
||||
|
||||
# Do NOT add any option renames here, see top of the file
|
||||
];
|
||||
}
|
||||
|
|
|
@ -436,6 +436,8 @@ let
|
|||
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
|
||||
${optionalString config.security.pam.enableEcryptfs
|
||||
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
|
||||
${optionalString cfg.pamMount
|
||||
"session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
|
||||
${optionalString use_ldap
|
||||
"session optional ${pam_ldap}/lib/security/pam_ldap.so"}
|
||||
${optionalString config.services.sssd.enable
|
||||
|
@ -452,8 +454,6 @@ let
|
|||
"session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits}"}
|
||||
${optionalString (cfg.showMotd && config.users.motd != null)
|
||||
"session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
|
||||
${optionalString cfg.pamMount
|
||||
"session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
|
||||
${optionalString (cfg.enableAppArmor && config.security.apparmor.enable)
|
||||
"session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"}
|
||||
${optionalString (cfg.enableKwallet)
|
||||
|
|
|
@ -173,7 +173,9 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
security.sudo.extraRules = [
|
||||
# We `mkOrder 600` so that the default rule shows up first, but there is
|
||||
# still enough room for a user to `mkBefore` it.
|
||||
security.sudo.extraRules = mkOrder 600 [
|
||||
{ groups = [ "wheel" ];
|
||||
commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ];
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ let
|
|||
factory = util.BuildFactory()
|
||||
c = BuildmasterConfig = dict(
|
||||
workers = [${concatStringsSep "," cfg.workers}],
|
||||
protocols = { 'pb': {'port': ${toString cfg.bpPort} } },
|
||||
protocols = { 'pb': {'port': ${toString cfg.pbPort} } },
|
||||
title = '${escapeStr cfg.title}',
|
||||
titleURL = '${escapeStr cfg.titleUrl}',
|
||||
buildbotURL = '${escapeStr cfg.buildbotUrl}',
|
||||
|
@ -155,10 +155,20 @@ in {
|
|||
description = "Specifies the Buildbot directory.";
|
||||
};
|
||||
|
||||
bpPort = mkOption {
|
||||
pbPort = mkOption {
|
||||
default = 9989;
|
||||
type = types.int;
|
||||
description = "Port where the master will listen to Buildbot Worker.";
|
||||
type = types.either types.str types.int;
|
||||
example = "'tcp:9990:interface=127.0.0.1'";
|
||||
description = ''
|
||||
The buildmaster will listen on a TCP port of your choosing
|
||||
for connections from workers.
|
||||
It can also use this port for connections from remote Change Sources,
|
||||
status clients, and debug tools.
|
||||
This port should be visible to the outside world, and you’ll need to tell
|
||||
your worker admins about your choice.
|
||||
If put in (single) quotes, this can also be used as a connection string,
|
||||
as defined in the <link xlink:href="https://twistedmatrix.com/documents/current/core/howto/endpoints.html">ConnectionStrings guide</link>.
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
|
@ -264,5 +274,9 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ])
|
||||
];
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ nand0p mic92 ];
|
||||
}
|
||||
|
|
|
@ -334,7 +334,8 @@ in
|
|||
environment.etc."my.cnf".source = cfg.configFile;
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0700 ${cfg.user} mysql -"
|
||||
"d '${cfg.dataDir}' 0700 ${cfg.user} mysql - -"
|
||||
"z '${cfg.dataDir}' 0700 ${cfg.user} mysql - -"
|
||||
];
|
||||
|
||||
systemd.services.mysql = let
|
||||
|
@ -357,21 +358,17 @@ in
|
|||
preStart = if isMariaDB then ''
|
||||
if ! test -e ${cfg.dataDir}/mysql; then
|
||||
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${mysqldOptions}
|
||||
touch /tmp/mysql_init
|
||||
touch ${cfg.dataDir}/mysql_init
|
||||
fi
|
||||
'' else ''
|
||||
if ! test -e ${cfg.dataDir}/mysql; then
|
||||
${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} --initialize-insecure
|
||||
touch /tmp/mysql_init
|
||||
touch ${cfg.dataDir}/mysql_init
|
||||
fi
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = "mysql";
|
||||
Type = if hasNotify then "notify" else "simple";
|
||||
RuntimeDirectory = "mysqld";
|
||||
RuntimeDirectoryMode = "0755";
|
||||
Restart = "on-abort";
|
||||
RestartSec = "5s";
|
||||
# The last two environment variables are used for starting Galera clusters
|
||||
|
@ -398,7 +395,7 @@ in
|
|||
done
|
||||
''}
|
||||
|
||||
if [ -f /tmp/mysql_init ]
|
||||
if [ -f ${cfg.dataDir}/mysql_init ]
|
||||
then
|
||||
${concatMapStrings (database: ''
|
||||
# Create initial databases
|
||||
|
@ -452,7 +449,7 @@ in
|
|||
cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N
|
||||
''}
|
||||
|
||||
rm /tmp/mysql_init
|
||||
rm ${cfg.dataDir}/mysql_init
|
||||
fi
|
||||
|
||||
${optionalString (cfg.ensureDatabases != []) ''
|
||||
|
@ -476,6 +473,35 @@ in
|
|||
# ensureDatbases & ensureUsers depends on this script being run as root
|
||||
# when the user has secured their mysql install
|
||||
"+${setupScript}";
|
||||
# User and group
|
||||
User = cfg.user;
|
||||
Group = "mysql";
|
||||
# Runtime directory and mode
|
||||
RuntimeDirectory = "mysqld";
|
||||
RuntimeDirectoryMode = "0755";
|
||||
# Access write directories
|
||||
ReadWritePaths = [ cfg.dataDir ];
|
||||
# Capabilities
|
||||
CapabilityBoundingSet = "";
|
||||
# Security
|
||||
NoNewPrivileges = true;
|
||||
# Sandboxing
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
PrivateMounts = true;
|
||||
# System Call Filtering
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -218,6 +218,7 @@ in
|
|||
description = "Redis database user";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.redis = {};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
|
@ -240,6 +241,7 @@ in
|
|||
StateDirectory = "redis";
|
||||
Type = "notify";
|
||||
User = "redis";
|
||||
Group = "redis";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
119
third_party/nixpkgs/nixos/modules/services/games/teeworlds.nix
vendored
Normal file
119
third_party/nixpkgs/nixos/modules/services/games/teeworlds.nix
vendored
Normal file
|
@ -0,0 +1,119 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.teeworlds;
|
||||
register = cfg.register;
|
||||
|
||||
teeworldsConf = pkgs.writeText "teeworlds.cfg" ''
|
||||
sv_port ${toString cfg.port}
|
||||
sv_register ${if cfg.register then "1" else "0"}
|
||||
${optionalString (cfg.name != null) "sv_name ${cfg.name}"}
|
||||
${optionalString (cfg.motd != null) "sv_motd ${cfg.motd}"}
|
||||
${optionalString (cfg.password != null) "password ${cfg.password}"}
|
||||
${optionalString (cfg.rconPassword != null) "sv_rcon_password ${cfg.rconPassword}"}
|
||||
${concatStringsSep "\n" cfg.extraOptions}
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.teeworlds = {
|
||||
enable = mkEnableOption "Teeworlds Server";
|
||||
|
||||
openPorts = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to open firewall ports for Teeworlds";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Name of the server. Defaults to 'unnamed server'.
|
||||
'';
|
||||
};
|
||||
|
||||
register = mkOption {
|
||||
type = types.bool;
|
||||
example = true;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether the server registers as public server in the global server list. This is disabled by default because of privacy.
|
||||
'';
|
||||
};
|
||||
|
||||
motd = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Set the server message of the day text.
|
||||
'';
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Password to connect to the server.
|
||||
'';
|
||||
};
|
||||
|
||||
rconPassword = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Password to access the remote console. If not set, a randomly generated one is displayed in the server log.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 8303;
|
||||
description = ''
|
||||
Port the server will listen on.
|
||||
'';
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra configuration lines for the <filename>teeworlds.cfg</filename>. See <link xlink:href="https://www.teeworlds.com/?page=docs&wiki=server_settings">Teeworlds Documentation</link>.
|
||||
'';
|
||||
example = [ "sv_map dm1" "sv_gametype dm" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall = mkIf cfg.openPorts {
|
||||
allowedUDPPorts = [ cfg.port ];
|
||||
};
|
||||
|
||||
systemd.services.teeworlds = {
|
||||
description = "Teeworlds Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = "${pkgs.teeworlds}/bin/teeworlds_srv -f ${teeworldsConf}";
|
||||
|
||||
# Hardening
|
||||
CapabilityBoundingSet = false;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHome = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||
RestrictNamespaces = true;
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,6 +6,23 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.fwupd;
|
||||
|
||||
customEtc = {
|
||||
"fwupd/daemon.conf" = {
|
||||
source = pkgs.writeText "daemon.conf" ''
|
||||
[fwupd]
|
||||
BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
|
||||
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
|
||||
'';
|
||||
};
|
||||
"fwupd/uefi.conf" = {
|
||||
source = pkgs.writeText "uefi.conf" ''
|
||||
[uefi]
|
||||
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
originalEtc =
|
||||
let
|
||||
mkEtcFile = n: nameValuePair n { source = "${cfg.package}/etc/${n}"; };
|
||||
|
@ -96,22 +113,8 @@ in {
|
|||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
environment.etc = {
|
||||
"fwupd/daemon.conf" = {
|
||||
source = pkgs.writeText "daemon.conf" ''
|
||||
[fwupd]
|
||||
BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
|
||||
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
|
||||
'';
|
||||
};
|
||||
"fwupd/uefi.conf" = {
|
||||
source = pkgs.writeText "uefi.conf" ''
|
||||
[uefi]
|
||||
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
||||
'';
|
||||
};
|
||||
|
||||
} // originalEtc // extraTrustedKeys // testRemote;
|
||||
# customEtc overrides some files from the package
|
||||
environment.etc = originalEtc // customEtc // extraTrustedKeys // testRemote;
|
||||
|
||||
services.dbus.packages = [ cfg.package ];
|
||||
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.hardware.u2f;
|
||||
in {
|
||||
options = {
|
||||
hardware.u2f = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable U2F hardware support.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.udev.packages = [ pkgs.libu2f-host ];
|
||||
};
|
||||
}
|
||||
|
|
@ -125,6 +125,8 @@ let
|
|||
mailboxConfig = mailbox: ''
|
||||
mailbox "${mailbox.name}" {
|
||||
auto = ${toString mailbox.auto}
|
||||
'' + optionalString (mailbox.autoexpunge != null) ''
|
||||
autoexpunge = ${mailbox.autoexpunge}
|
||||
'' + optionalString (mailbox.specialUse != null) ''
|
||||
special_use = \${toString mailbox.specialUse}
|
||||
'' + "}";
|
||||
|
@ -132,8 +134,9 @@ let
|
|||
mailboxes = { ... }: {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.strMatching ''[^"]+'';
|
||||
type = types.nullOr (types.strMatching ''[^"]+'');
|
||||
example = "Spam";
|
||||
default = null;
|
||||
description = "The name of the mailbox.";
|
||||
};
|
||||
auto = mkOption {
|
||||
|
@ -148,6 +151,15 @@ let
|
|||
example = "Junk";
|
||||
description = "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.";
|
||||
};
|
||||
autoexpunge = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "60d";
|
||||
description = ''
|
||||
To automatically remove all email from the mailbox which is older than the
|
||||
specified time.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
|
@ -323,9 +335,24 @@ in
|
|||
};
|
||||
|
||||
mailboxes = mkOption {
|
||||
type = types.listOf (types.submodule mailboxes);
|
||||
default = [];
|
||||
example = [ { name = "Spam"; specialUse = "Junk"; auto = "create"; } ];
|
||||
type = with types; let m = submodule mailboxes; in either (listOf m) (attrsOf m);
|
||||
default = {};
|
||||
apply = x:
|
||||
if isList x then warn "Declaring `services.dovecot2.mailboxes' as a list is deprecated and will break eval in 21.03!" x
|
||||
else mapAttrsToList (name: value:
|
||||
if value.name != null
|
||||
then throw ''
|
||||
When specifying dovecot2 mailboxes as attributes, declaring
|
||||
a `name'-attribute is prohibited! The name ${value.name} should
|
||||
be the attribute key!
|
||||
''
|
||||
else value // { inherit name; }
|
||||
) x;
|
||||
example = literalExample ''
|
||||
{
|
||||
Spam = { specialUse = "Junk"; auto = "create"; };
|
||||
}
|
||||
'';
|
||||
description = "Configure mailboxes and auto create or subscribe them.";
|
||||
};
|
||||
|
||||
|
|
|
@ -17,6 +17,10 @@ in {
|
|||
|
||||
###### interface
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "opensmtpd" "addSendmailToSystemPath" ] [ "services" "opensmtpd" "setSendmail" ])
|
||||
];
|
||||
|
||||
options = {
|
||||
|
||||
services.opensmtpd = {
|
||||
|
@ -34,13 +38,10 @@ in {
|
|||
description = "The OpenSMTPD package to use.";
|
||||
};
|
||||
|
||||
addSendmailToSystemPath = mkOption {
|
||||
setSendmail = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to add OpenSMTPD's sendmail binary to the
|
||||
system path or not.
|
||||
'';
|
||||
description = "Whether to set the system sendmail to OpenSMTPD's.";
|
||||
};
|
||||
|
||||
extraServerArgs = mkOption {
|
||||
|
@ -82,7 +83,7 @@ in {
|
|||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = mkIf cfg.enable rec {
|
||||
users.groups = {
|
||||
smtpd.gid = config.ids.gids.smtpd;
|
||||
smtpq.gid = config.ids.gids.smtpq;
|
||||
|
@ -101,6 +102,14 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
security.wrappers.smtpctl = {
|
||||
group = "smtpq";
|
||||
setgid = true;
|
||||
source = "${cfg.package}/bin/smtpctl";
|
||||
};
|
||||
|
||||
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail security.wrappers.smtpctl;
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/spool/smtpd 711 root - - -"
|
||||
"d /var/spool/smtpd/offline 770 root smtpq - -"
|
||||
|
@ -119,7 +128,5 @@ in {
|
|||
serviceConfig.ExecStart = "${cfg.package}/sbin/smtpd -d -f ${conf} ${args}";
|
||||
environment.OPENSMTPD_PROC_PATH = "${procEnv}/libexec/opensmtpd";
|
||||
};
|
||||
|
||||
environment.systemPackages = mkIf cfg.addSendmailToSystemPath [ sendmail ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -95,9 +95,11 @@ in {
|
|||
-conf ${configPath} \\
|
||||
-base /var/lib/freeswitch";
|
||||
ExecReload = "${pkg}/bin/fs_cli -x reloadxml";
|
||||
Restart = "always";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
CPUSchedulingPolicy = "fifo";
|
||||
};
|
||||
};
|
||||
environment.systemPackages = [ pkg ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -43,6 +43,9 @@ let
|
|||
|
||||
[gitlab-shell]
|
||||
dir = "${cfg.packages.gitlab-shell}"
|
||||
secret_file = "${cfg.statePath}/gitlab_shell_secret"
|
||||
gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}"
|
||||
http_settings = { self_signed_cert = false }
|
||||
|
||||
${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
|
||||
[[storage]]
|
||||
|
|
|
@ -11,9 +11,9 @@ let
|
|||
(recursiveUpdate defaultConfig cfg.config) else cfg.config));
|
||||
configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } ''
|
||||
${pkgs.remarshal}/bin/json2yaml -i ${configJSON} -o $out
|
||||
# Hack to support secrets, that are encoded as custom yaml objects,
|
||||
# https://www.home-assistant.io/docs/configuration/secrets/
|
||||
sed -i -e "s/'\!secret \(.*\)'/\!secret \1/" $out
|
||||
# Hack to support custom yaml objects,
|
||||
# i.e. secrets: https://www.home-assistant.io/docs/configuration/secrets/
|
||||
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
|
||||
'';
|
||||
|
||||
lovelaceConfigJSON = pkgs.writeText "ui-lovelace.json"
|
||||
|
@ -120,7 +120,9 @@ in {
|
|||
unit_system = "metric";
|
||||
time_zone = "UTC";
|
||||
};
|
||||
frontend = { };
|
||||
frontend = {
|
||||
themes = "!include_dir_merge_named themes";
|
||||
};
|
||||
http = { };
|
||||
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
||||
}
|
||||
|
|
|
@ -9,6 +9,9 @@ let
|
|||
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
|
||||
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
|
||||
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
|
||||
pluginsEnv = cfg.package.python.buildEnv.override {
|
||||
extraLibs = cfg.plugins;
|
||||
};
|
||||
configFile = pkgs.writeText "homeserver.yaml" ''
|
||||
${optionalString (cfg.tls_certificate_path != null) ''
|
||||
tls_certificate_path: "${cfg.tls_certificate_path}"
|
||||
|
@ -125,6 +128,14 @@ in {
|
|||
Overridable attribute of the matrix synapse server package to use.
|
||||
'';
|
||||
};
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
defaultText = "with config.services.matrix-synapse.package.plugins [ matrix-synapse-ldap3 matrix-synapse-pam ]";
|
||||
description = ''
|
||||
List of additional Matrix plugins to make available.
|
||||
'';
|
||||
};
|
||||
no_tls = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -686,6 +697,7 @@ in {
|
|||
--keys-directory ${cfg.dataDir} \
|
||||
--generate-keys
|
||||
'';
|
||||
environment.PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
User = "matrix-synapse";
|
||||
|
@ -715,5 +727,6 @@ in {
|
|||
];
|
||||
|
||||
meta.doc = ./matrix-synapse.xml;
|
||||
meta.maintainers = teams.matrix.members;
|
||||
|
||||
}
|
||||
|
|
|
@ -442,6 +442,12 @@ in
|
|||
nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
|
||||
nix.binaryCaches = [ "https://cache.nixos.org/" ];
|
||||
|
||||
environment.systemPackages =
|
||||
[ nix
|
||||
pkgs.nix-info
|
||||
]
|
||||
++ optional (config.programs.bash.enableCompletion && !versionAtLeast nixVersion "2.4pre") pkgs.nix-bash-completions;
|
||||
|
||||
environment.etc."nix/nix.conf".source = nixConf;
|
||||
|
||||
environment.etc."nix/registry.json".text = builtins.toJSON {
|
||||
|
|
|
@ -21,6 +21,7 @@ let
|
|||
# `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart`
|
||||
|
||||
exporterOpts = genAttrs [
|
||||
"apcupsd"
|
||||
"bind"
|
||||
"blackbox"
|
||||
"collectd"
|
||||
|
@ -28,6 +29,8 @@ let
|
|||
"dovecot"
|
||||
"fritzbox"
|
||||
"json"
|
||||
"keylight"
|
||||
"lnd"
|
||||
"mail"
|
||||
"mikrotik"
|
||||
"minio"
|
||||
|
|
38
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix
vendored
Normal file
38
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix
vendored
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ config, lib, pkgs, options }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.apcupsd;
|
||||
in
|
||||
{
|
||||
port = 9162;
|
||||
extraOpts = {
|
||||
apcupsdAddress = mkOption {
|
||||
type = types.str;
|
||||
default = ":3551";
|
||||
description = ''
|
||||
Address of the apcupsd Network Information Server (NIS).
|
||||
'';
|
||||
};
|
||||
|
||||
apcupsdNetwork = mkOption {
|
||||
type = types.enum ["tcp" "tcp4" "tcp6"];
|
||||
default = "tcp";
|
||||
description = ''
|
||||
Network of the apcupsd Network Information Server (NIS): one of "tcp", "tcp4", or "tcp6".
|
||||
'';
|
||||
};
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-apcupsd-exporter}/bin/apcupsd_exporter \
|
||||
-telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \
|
||||
-apcupsd.addr ${cfg.apcupsdAddress} \
|
||||
-apcupsd.network ${cfg.apcupsdNetwork} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
19
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix
vendored
Normal file
19
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, lib, pkgs, options }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.keylight;
|
||||
in
|
||||
{
|
||||
port = 9288;
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-keylight-exporter}/bin/keylight_exporter \
|
||||
-metrics.addr ${cfg.listenAddress}:${toString cfg.port} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
46
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix
vendored
Normal file
46
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix
vendored
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ config, lib, pkgs, options }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.lnd;
|
||||
in
|
||||
{
|
||||
port = 9092;
|
||||
extraOpts = {
|
||||
lndHost = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost:10009";
|
||||
description = ''
|
||||
lnd instance gRPC address:port.
|
||||
'';
|
||||
};
|
||||
|
||||
lndTlsPath = mkOption {
|
||||
type = types.path;
|
||||
description = ''
|
||||
Path to lnd TLS certificate.
|
||||
'';
|
||||
};
|
||||
|
||||
lndMacaroonDir = mkOption {
|
||||
type = types.path;
|
||||
description = ''
|
||||
Path to lnd macaroons.
|
||||
'';
|
||||
};
|
||||
};
|
||||
serviceOpts.serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-lnd-exporter}/bin/lndmon \
|
||||
--prometheus.listenaddr=${cfg.listenAddress}:${toString cfg.port} \
|
||||
--prometheus.logdir=/var/log/prometheus-lnd-exporter \
|
||||
--lnd.host=${cfg.lndHost} \
|
||||
--lnd.tlspath=${cfg.lndTlsPath} \
|
||||
--lnd.macaroondir=${cfg.lndMacaroonDir} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
LogsDirectory = "prometheus-lnd-exporter";
|
||||
ReadOnlyPaths = [ cfg.lndTlsPath cfg.lndMacaroonDir ];
|
||||
};
|
||||
}
|
|
@ -1,69 +1,17 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, options, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (pkgs) ipfs runCommand makeWrapper;
|
||||
|
||||
cfg = config.services.ipfs;
|
||||
opt = options.services.ipfs;
|
||||
|
||||
ipfsFlags = toString ([
|
||||
(optionalString cfg.autoMount "--mount")
|
||||
#(optionalString cfg.autoMigrate "--migrate")
|
||||
(optionalString cfg.enableGC "--enable-gc")
|
||||
(optionalString (cfg.serviceFdlimit != null) "--manage-fdlimit=false")
|
||||
(optionalString (cfg.defaultMode == "offline") "--offline")
|
||||
(optionalString (cfg.defaultMode == "norouting") "--routing=none")
|
||||
] ++ cfg.extraFlags);
|
||||
|
||||
defaultDataDir = if versionAtLeast config.system.stateVersion "17.09" then
|
||||
"/var/lib/ipfs" else
|
||||
"/var/lib/ipfs/.ipfs";
|
||||
|
||||
# Wrapping the ipfs binary with the environment variable IPFS_PATH set to dataDir because we can't set it in the user environment
|
||||
wrapped = runCommand "ipfs" { buildInputs = [ makeWrapper ]; preferLocalBuild = true; } ''
|
||||
mkdir -p "$out/bin"
|
||||
makeWrapper "${ipfs}/bin/ipfs" "$out/bin/ipfs" \
|
||||
--set IPFS_PATH ${cfg.dataDir} \
|
||||
--prefix PATH : /run/wrappers/bin
|
||||
'';
|
||||
|
||||
|
||||
commonEnv = {
|
||||
environment.IPFS_PATH = cfg.dataDir;
|
||||
path = [ wrapped ];
|
||||
serviceConfig.User = cfg.user;
|
||||
serviceConfig.Group = cfg.group;
|
||||
};
|
||||
|
||||
baseService = recursiveUpdate commonEnv {
|
||||
wants = [ "ipfs-init.service" ];
|
||||
# NB: migration must be performed prior to pre-start, else we get the failure message!
|
||||
preStart = optionalString cfg.autoMount ''
|
||||
ipfs --local config Mounts.FuseAllowOther --json true
|
||||
ipfs --local config Mounts.IPFS ${cfg.ipfsMountDir}
|
||||
ipfs --local config Mounts.IPNS ${cfg.ipnsMountDir}
|
||||
'' + concatStringsSep "\n" (collect
|
||||
isString
|
||||
(mapAttrsRecursive
|
||||
(path: value:
|
||||
# Using heredoc below so that the value is never improperly quoted
|
||||
''
|
||||
read value <<EOF
|
||||
${builtins.toJSON value}
|
||||
EOF
|
||||
ipfs --local config --json "${concatStringsSep "." path}" "$value"
|
||||
'')
|
||||
({ Addresses.API = cfg.apiAddress;
|
||||
Addresses.Gateway = cfg.gatewayAddress;
|
||||
Addresses.Swarm = cfg.swarmAddress;
|
||||
} //
|
||||
cfg.extraConfig))
|
||||
);
|
||||
serviceConfig = {
|
||||
ExecStart = "${wrapped}/bin/ipfs daemon ${ipfsFlags}";
|
||||
Restart = "on-failure";
|
||||
RestartSec = 1;
|
||||
} // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; };
|
||||
};
|
||||
in {
|
||||
|
||||
###### interface
|
||||
|
@ -88,7 +36,9 @@ in {
|
|||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = defaultDataDir;
|
||||
default = if versionAtLeast config.system.stateVersion "17.09"
|
||||
then "/var/lib/ipfs"
|
||||
else "/var/lib/ipfs/.ipfs";
|
||||
description = "The data dir for IPFS";
|
||||
};
|
||||
|
||||
|
@ -98,18 +48,6 @@ in {
|
|||
description = "systemd service that is enabled by default";
|
||||
};
|
||||
|
||||
/*
|
||||
autoMigrate = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether IPFS should try to migrate the file system automatically.
|
||||
|
||||
The daemon will need to be able to download a binary from https://ipfs.io to perform the migration.
|
||||
'';
|
||||
};
|
||||
*/
|
||||
|
||||
autoMount = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -199,13 +137,21 @@ in {
|
|||
example = 64*1024;
|
||||
};
|
||||
|
||||
startWhenNeeded = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to use socket activation to start IPFS when needed.";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ wrapped ];
|
||||
environment.systemPackages = [ pkgs.ipfs ];
|
||||
environment.variables.IPFS_PATH = cfg.dataDir;
|
||||
|
||||
programs.fuse = mkIf cfg.autoMount {
|
||||
userAllowOther = true;
|
||||
};
|
||||
|
@ -234,10 +180,14 @@ in {
|
|||
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
systemd.services.ipfs-init = recursiveUpdate commonEnv {
|
||||
systemd.packages = [ pkgs.ipfs ];
|
||||
|
||||
systemd.services.ipfs-init = {
|
||||
description = "IPFS Initializer";
|
||||
|
||||
before = [ "ipfs.service" "ipfs-offline.service" "ipfs-norouting.service" ];
|
||||
environment.IPFS_PATH = cfg.dataDir;
|
||||
|
||||
path = [ pkgs.ipfs ];
|
||||
|
||||
script = ''
|
||||
if [[ ! -f ${cfg.dataDir}/config ]]; then
|
||||
|
@ -251,34 +201,63 @@ in {
|
|||
fi
|
||||
'';
|
||||
|
||||
wantedBy = [ "default.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
};
|
||||
};
|
||||
|
||||
# TODO These 3 definitions possibly be further abstracted through use of a function
|
||||
# like: mutexServices "ipfs" [ "", "offline", "norouting" ] { ... shared conf here ... }
|
||||
systemd.services.ipfs = {
|
||||
path = [ "/run/wrappers" pkgs.ipfs ];
|
||||
environment.IPFS_PATH = cfg.dataDir;
|
||||
|
||||
systemd.services.ipfs = recursiveUpdate baseService {
|
||||
description = "IPFS Daemon";
|
||||
wantedBy = mkIf (cfg.defaultMode == "online") [ "multi-user.target" ];
|
||||
after = [ "network.target" "ipfs-init.service" ];
|
||||
conflicts = [ "ipfs-offline.service" "ipfs-norouting.service"];
|
||||
wants = [ "ipfs-init.service" ];
|
||||
after = [ "ipfs-init.service" ];
|
||||
|
||||
preStart = optionalString cfg.autoMount ''
|
||||
ipfs --local config Mounts.FuseAllowOther --json true
|
||||
ipfs --local config Mounts.IPFS ${cfg.ipfsMountDir}
|
||||
ipfs --local config Mounts.IPNS ${cfg.ipnsMountDir}
|
||||
'' + concatStringsSep "\n" (collect
|
||||
isString
|
||||
(mapAttrsRecursive
|
||||
(path: value:
|
||||
# Using heredoc below so that the value is never improperly quoted
|
||||
''
|
||||
read value <<EOF
|
||||
${builtins.toJSON value}
|
||||
EOF
|
||||
ipfs --local config --json "${concatStringsSep "." path}" "$value"
|
||||
'')
|
||||
({ Addresses.API = cfg.apiAddress;
|
||||
Addresses.Gateway = cfg.gatewayAddress;
|
||||
Addresses.Swarm = cfg.swarmAddress;
|
||||
} //
|
||||
cfg.extraConfig))
|
||||
);
|
||||
serviceConfig = {
|
||||
ExecStart = ["" "${pkgs.ipfs}/bin/ipfs daemon ${ipfsFlags}"];
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
} // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; };
|
||||
} // optionalAttrs (!cfg.startWhenNeeded) {
|
||||
wantedBy = [ "default.target" ];
|
||||
};
|
||||
|
||||
systemd.services.ipfs-offline = recursiveUpdate baseService {
|
||||
description = "IPFS Daemon (offline mode)";
|
||||
wantedBy = mkIf (cfg.defaultMode == "offline") [ "multi-user.target" ];
|
||||
after = [ "ipfs-init.service" ];
|
||||
conflicts = [ "ipfs.service" "ipfs-norouting.service"];
|
||||
systemd.sockets.ipfs-gateway = {
|
||||
wantedBy = [ "sockets.target" ];
|
||||
socketConfig.ListenStream = [ "" ]
|
||||
++ lib.optional (cfg.gatewayAddress == opt.gatewayAddress.default) [ "127.0.0.1:8080" "[::1]:8080" ];
|
||||
};
|
||||
|
||||
systemd.services.ipfs-norouting = recursiveUpdate baseService {
|
||||
description = "IPFS Daemon (no routing mode)";
|
||||
wantedBy = mkIf (cfg.defaultMode == "norouting") [ "multi-user.target" ];
|
||||
after = [ "ipfs-init.service" ];
|
||||
conflicts = [ "ipfs.service" "ipfs-offline.service"];
|
||||
systemd.sockets.ipfs-api = {
|
||||
wantedBy = [ "sockets.target" ];
|
||||
socketConfig.ListenStream = [ "" "%t/ipfs.sock" ]
|
||||
++ lib.optional (cfg.apiAddress == opt.apiAddress.default) [ "127.0.0.1:5001" "[::1]:5001" ];
|
||||
};
|
||||
|
||||
};
|
||||
|
|
|
@ -4,14 +4,50 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.corerad;
|
||||
|
||||
writeTOML = name: x:
|
||||
pkgs.runCommandNoCCLocal name {
|
||||
passAsFile = ["config"];
|
||||
config = builtins.toJSON x;
|
||||
buildInputs = [ pkgs.go-toml ];
|
||||
} "jsontoml < $configPath > $out";
|
||||
|
||||
in {
|
||||
meta = {
|
||||
maintainers = with maintainers; [ mdlayher ];
|
||||
};
|
||||
meta.maintainers = with maintainers; [ mdlayher ];
|
||||
|
||||
options.services.corerad = {
|
||||
enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon";
|
||||
|
||||
settings = mkOption {
|
||||
type = types.uniq types.attrs;
|
||||
example = literalExample ''
|
||||
{
|
||||
interfaces = [
|
||||
# eth0 is an upstream interface monitoring for IPv6 router advertisements.
|
||||
{
|
||||
name = "eth0";
|
||||
monitor = true;
|
||||
}
|
||||
# eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.
|
||||
{
|
||||
name = "eth1";
|
||||
advertise = true;
|
||||
prefix = [{ prefix = "::/64"; }];
|
||||
}
|
||||
];
|
||||
# Optionally enable Prometheus metrics.
|
||||
debug = {
|
||||
address = "localhost:9430";
|
||||
prometheus = true;
|
||||
};
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Configuration for CoreRAD, see <link xlink:href="https://github.com/mdlayher/corerad/blob/master/internal/config/default.toml"/>
|
||||
for supported values. Ignored if configFile is set.
|
||||
'';
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.path;
|
||||
example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\"";
|
||||
|
@ -27,6 +63,9 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Prefer the config file over settings if both are set.
|
||||
services.corerad.configFile = mkDefault (writeTOML "corerad.toml" cfg.settings);
|
||||
|
||||
systemd.services.corerad = {
|
||||
description = "CoreRAD IPv6 NDP RA daemon";
|
||||
after = [ "network.target" ];
|
||||
|
|
|
@ -1,184 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfgs = config.services;
|
||||
cfg = cfgs.dnschain;
|
||||
|
||||
dataDir = "/var/lib/dnschain";
|
||||
username = "dnschain";
|
||||
|
||||
configFile = pkgs.writeText "dnschain.conf" ''
|
||||
[log]
|
||||
level = info
|
||||
|
||||
[dns]
|
||||
host = ${cfg.dns.address}
|
||||
port = ${toString cfg.dns.port}
|
||||
oldDNSMethod = NO_OLD_DNS
|
||||
externalIP = ${cfg.dns.externalAddress}
|
||||
|
||||
[http]
|
||||
host = ${cfg.api.hostname}
|
||||
port = ${toString cfg.api.port}
|
||||
tlsPort = ${toString cfg.api.tlsPort}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.dnschain = {
|
||||
|
||||
enable = mkEnableOption ''
|
||||
DNSChain, a blockchain based DNS + HTTP server.
|
||||
To resolve .bit domains set <literal>services.namecoind.enable = true;</literal>
|
||||
and an RPC username/password.
|
||||
'';
|
||||
|
||||
dns.address = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
The IP address the DNSChain resolver will bind to.
|
||||
Leave this unchanged if you do not wish to directly expose the resolver.
|
||||
'';
|
||||
};
|
||||
|
||||
dns.externalAddress = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.dns.address;
|
||||
description = ''
|
||||
The IP address used by clients to reach the resolver and the value of
|
||||
the <literal>namecoin.dns</literal> record. Set this in case the bind address
|
||||
is not the actual IP address (e.g. the machine is behind a NAT).
|
||||
'';
|
||||
};
|
||||
|
||||
dns.port = mkOption {
|
||||
type = types.int;
|
||||
default = 5333;
|
||||
description = ''
|
||||
The port the DNSChain resolver will bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
api.hostname = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = ''
|
||||
The hostname (or IP address) the DNSChain API server will bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
api.port = mkOption {
|
||||
type = types.int;
|
||||
default = 8080;
|
||||
description = ''
|
||||
The port the DNSChain API server (HTTP) will bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
api.tlsPort = mkOption {
|
||||
type = types.int;
|
||||
default = 4433;
|
||||
description = ''
|
||||
The port the DNSChain API server (HTTPS) will bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = ''
|
||||
[log]
|
||||
level = debug
|
||||
'';
|
||||
description = ''
|
||||
Additional options that will be appended to the configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
services.dnsmasq.resolveDNSChainQueries = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
|
||||
'';
|
||||
};
|
||||
|
||||
services.pdns-recursor.resolveDNSChainQueries = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries
|
||||
[ "/.bit/127.0.0.1#${toString cfg.dns.port}"
|
||||
"/.dns/127.0.0.1#${toString cfg.dns.port}"
|
||||
];
|
||||
|
||||
services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveDNSChainQueries {
|
||||
forwardZonesRecurse =
|
||||
{ bit = "127.0.0.1:${toString cfg.dns.port}";
|
||||
dns = "127.0.0.1:${toString cfg.dns.port}";
|
||||
};
|
||||
luaConfig =''
|
||||
addNTA("bit", "namecoin doesn't support DNSSEC")
|
||||
addNTA("dns", "namecoin doesn't support DNSSEC")
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.${username} = {
|
||||
description = "DNSChain daemon user";
|
||||
home = dataDir;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.dnschain;
|
||||
extraGroups = optional cfgs.namecoind.enable "namecoin";
|
||||
};
|
||||
|
||||
systemd.services.dnschain = {
|
||||
description = "DNSChain daemon";
|
||||
after = optional cfgs.namecoind.enable "namecoind.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "dnschain";
|
||||
Restart = "on-failure";
|
||||
ExecStart = "${pkgs.nodePackages.dnschain}/bin/dnschain";
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
# Link configuration file into dnschain home directory
|
||||
configPath=${dataDir}/.dnschain/dnschain.conf
|
||||
mkdir -p ${dataDir}/.dnschain
|
||||
if [ "$(realpath $configPath)" != "${configFile}" ]; then
|
||||
rm -f $configPath
|
||||
ln -s ${configFile} $configPath
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
|
||||
|
||||
}
|
53
third_party/nixpkgs/nixos/modules/services/networking/go-neb.nix
vendored
Normal file
53
third_party/nixpkgs/nixos/modules/services/networking/go-neb.nix
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.go-neb;
|
||||
|
||||
configFile = pkgs.writeText "config.yml" (builtins.toJSON cfg.config);
|
||||
in {
|
||||
options.services.go-neb = {
|
||||
enable = mkEnableOption "Extensible matrix bot written in Go";
|
||||
|
||||
bindAddress = mkOption {
|
||||
type = types.str;
|
||||
description = "Port (and optionally address) to listen on.";
|
||||
default = ":4050";
|
||||
};
|
||||
|
||||
baseUrl = mkOption {
|
||||
type = types.str;
|
||||
description = "Public-facing endpoint that can receive webhooks.";
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = types.uniq types.attrs;
|
||||
description = ''
|
||||
Your <filename>config.yaml</filename> as a Nix attribute set.
|
||||
See <link xlink:href="https://github.com/matrix-org/go-neb/blob/master/config.sample.yaml">config.sample.yaml</link>
|
||||
for possible options.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.go-neb = {
|
||||
description = "Extensible matrix bot written in Go";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
BASE_URL = cfg.baseUrl;
|
||||
BIND_ADDRESS = cfg.bindAddress;
|
||||
CONFIG_FILE = configFile;
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.go-neb}/bin/go-neb";
|
||||
DynamicUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ hexa maralorn ];
|
||||
}
|
|
@ -149,11 +149,6 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.dnschain.extraConfig = ''
|
||||
[namecoin]
|
||||
config = ${configFile}
|
||||
'';
|
||||
|
||||
users.users.namecoin = {
|
||||
uid = config.ids.uids.namecoin;
|
||||
description = "Namecoin daemon user";
|
||||
|
|
|
@ -107,6 +107,7 @@ in
|
|||
++ cfg.lockOn.extraTargets;
|
||||
before = optional cfg.lockOn.suspend "systemd-suspend.service"
|
||||
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
|
||||
++ optional (cfg.lockOn.hibernate || cfg.lockOn.suspend) "systemd-suspend-then-hibernate.service"
|
||||
++ cfg.lockOn.extraTargets;
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.cgmanager;
|
||||
in {
|
||||
meta.maintainers = [ maintainers.mic92 ];
|
||||
|
||||
###### interface
|
||||
options.services.cgmanager.enable = mkEnableOption "cgmanager";
|
||||
|
||||
###### implementation
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.cgmanager = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
description = "Cgroup management daemon";
|
||||
restartIfChanged = false;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.cgmanager}/bin/cgmanager -m name=systemd";
|
||||
KillMode = "process";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -179,6 +179,8 @@ in
|
|||
${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so.* mr,
|
||||
${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so.* mr,
|
||||
${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so.* mr,
|
||||
${getLib pkgs.gcc.cc.lib}/lib/libstdc++.so.* mr,
|
||||
${getLib pkgs.gcc.cc.lib}/lib/libgcc_s.so.* mr,
|
||||
|
||||
@{PROC}/sys/kernel/random/uuid r,
|
||||
@{PROC}/sys/vm/overcommit_memory r,
|
||||
|
|
|
@ -34,7 +34,7 @@ let
|
|||
cd ${cfg.package}
|
||||
sudo=exec
|
||||
if [[ "$USER" != nextcloud ]]; then
|
||||
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR'
|
||||
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS'
|
||||
fi
|
||||
export NEXTCLOUD_CONFIG_DIR="${cfg.home}/config"
|
||||
$sudo \
|
||||
|
|
|
@ -37,10 +37,10 @@ let
|
|||
chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides
|
||||
cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF
|
||||
[org.gnome.desktop.background]
|
||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray}/share/artwork/gnome/nix-wallpaper-simple-dark-gray.png'
|
||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}'
|
||||
|
||||
[org.gnome.desktop.screensaver]
|
||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png'
|
||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath}'
|
||||
|
||||
[org.gnome.shell]
|
||||
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ]
|
||||
|
@ -320,6 +320,8 @@ in
|
|||
gnome-shell
|
||||
gnome-shell-extensions
|
||||
gnome-themes-extra
|
||||
pkgs.nixos-artwork.wallpapers.simple-dark-gray
|
||||
pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom
|
||||
pkgs.gnome-user-docs
|
||||
pkgs.orca
|
||||
pkgs.glib # for gsettings
|
||||
|
|
|
@ -180,6 +180,7 @@ in
|
|||
gtk3.out
|
||||
hicolor-icon-theme
|
||||
lightlocker
|
||||
nixos-artwork.wallpapers.simple-dark-gray
|
||||
onboard
|
||||
qgnomeplatform
|
||||
shared-mime-info
|
||||
|
|
|
@ -132,8 +132,9 @@ in
|
|||
};
|
||||
|
||||
background = mkOption {
|
||||
type = types.str;
|
||||
default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png";
|
||||
type = types.path;
|
||||
# Manual cannot depend on packages, we are actually setting the default in config below.
|
||||
defaultText = "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath";
|
||||
description = ''
|
||||
The background image or color to use.
|
||||
'';
|
||||
|
@ -212,6 +213,9 @@ in
|
|||
}
|
||||
];
|
||||
|
||||
# Keep in sync with the defaultText value from the option definition.
|
||||
services.xserver.displayManager.lightdm.background = mkDefault pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath;
|
||||
|
||||
# Set default session in session chooser to a specified values – basically ignore session history.
|
||||
# Auto-login is already covered by a config value.
|
||||
services.xserver.displayManager.job.preStart = optionalString (!cfg.autoLogin.enable && dmcfg.defaultSession != null) ''
|
||||
|
|
|
@ -246,7 +246,7 @@ in
|
|||
videoDrivers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
# !!! We'd like "nv" here, but it segfaults the X server.
|
||||
default = [ "radeon" "cirrus" "vesa" "vmware" "modesetting" ];
|
||||
default = [ "radeon" "cirrus" "vesa" "modesetting" ];
|
||||
example = [
|
||||
"ati_unfree" "amdgpu" "amdgpu-pro"
|
||||
"nv" "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304"
|
||||
|
|
|
@ -22,7 +22,7 @@ let
|
|||
|
||||
mergeFalseByDefault = locs: defs:
|
||||
if defs == [] then abort "This case should never happen."
|
||||
else if any (x: x == false) defs then false
|
||||
else if any (x: x == false) (getValues defs) then false
|
||||
else true;
|
||||
|
||||
kernelItem = types.submodule {
|
||||
|
@ -55,6 +55,7 @@ let
|
|||
default = false;
|
||||
description = ''
|
||||
Wether option should generate a failure when unused.
|
||||
Upon merging values, mandatory wins over optional.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -121,7 +122,7 @@ in
|
|||
type = types.attrsOf kernelItem;
|
||||
example = literalExample '' with lib.kernel; {
|
||||
"9P_NET" = yes;
|
||||
USB = optional yes;
|
||||
USB = option yes;
|
||||
MMC_BLOCK_MINORS = freeform "32";
|
||||
}'';
|
||||
description = ''
|
||||
|
|
|
@ -60,7 +60,7 @@ let
|
|||
inherit (efi) canTouchEfiVariables;
|
||||
inherit (cfg)
|
||||
version extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber
|
||||
extraEntriesBeforeNixOS extraPrepareConfig extraInitrd configurationLimit copyKernels
|
||||
extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels
|
||||
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
|
||||
path = with pkgs; makeBinPath (
|
||||
[ coreutils gnused gnugrep findutils diffutils btrfs-progs utillinux mdadm ]
|
||||
|
@ -83,7 +83,7 @@ let
|
|||
] ++ (optional (cfg.fontSize!=null) "--size ${toString cfg.fontSize}")))
|
||||
);
|
||||
|
||||
defaultSplash = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bootloader.png";
|
||||
defaultSplash = pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader.gnomeFilePath;
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -292,19 +292,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraInitrd = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/boot/extra_initramfs.gz";
|
||||
description = ''
|
||||
The path to a second initramfs to be supplied to the kernel.
|
||||
This ramfs will not be copied to the store, so that it can
|
||||
contain secrets such as LUKS keyfiles or ssh keys.
|
||||
This implies that rolling back to a previous configuration
|
||||
won't rollback the state of this file.
|
||||
'';
|
||||
};
|
||||
|
||||
useOSProber = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
|
@ -608,6 +595,8 @@ in
|
|||
{ path = "/boot"; inherit (cfg) devices; inherit (efi) efiSysMountPoint; }
|
||||
];
|
||||
|
||||
boot.loader.supportsInitrdSecrets = true;
|
||||
|
||||
system.build.installBootLoader =
|
||||
let
|
||||
install-grub-pl = pkgs.substituteAll {
|
||||
|
@ -705,6 +694,24 @@ in
|
|||
(mkRenamedOptionModule [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ])
|
||||
(mkRenamedOptionModule [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ])
|
||||
(mkRenamedOptionModule [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ])
|
||||
(mkRemovedOptionModule [ "boot" "loader" "grub" "extraInitrd" ] ''
|
||||
This option has been replaced with the bootloader agnostic
|
||||
boot.initrd.secrets option. To migrate to the initrd secrets system,
|
||||
extract the extraInitrd archive into your main filesystem:
|
||||
|
||||
# zcat /boot/extra_initramfs.gz | cpio -idvmD /etc/secrets/initrd
|
||||
/path/to/secret1
|
||||
/path/to/secret2
|
||||
|
||||
then replace boot.loader.grub.extraInitrd with boot.initrd.secrets:
|
||||
|
||||
boot.initrd.secrets = {
|
||||
"/path/to/secret1" = "/etc/secrets/initrd/path/to/secret1";
|
||||
"/path/to/secret2" = "/etc/secrets/initrd/path/to/secret2";
|
||||
};
|
||||
|
||||
See the boot.initrd.secrets option documentation for more information.
|
||||
'')
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
@ -49,7 +49,6 @@ my $extraPrepareConfig = get("extraPrepareConfig");
|
|||
my $extraPerEntryConfig = get("extraPerEntryConfig");
|
||||
my $extraEntries = get("extraEntries");
|
||||
my $extraEntriesBeforeNixOS = get("extraEntriesBeforeNixOS") eq "true";
|
||||
my $extraInitrd = get("extraInitrd");
|
||||
my $splashImage = get("splashImage");
|
||||
my $splashMode = get("splashMode");
|
||||
my $backgroundColor = get("backgroundColor");
|
||||
|
@ -232,13 +231,6 @@ my $grubStore;
|
|||
if ($copyKernels == 0) {
|
||||
$grubStore = GrubFs($storePath);
|
||||
}
|
||||
my $extraInitrdPath;
|
||||
if ($extraInitrd) {
|
||||
if (! -f $extraInitrd) {
|
||||
print STDERR "Warning: the specified extraInitrd " . $extraInitrd . " doesn't exist. Your system won't boot without it.\n";
|
||||
}
|
||||
$extraInitrdPath = GrubFs($extraInitrd);
|
||||
}
|
||||
|
||||
# Generate the header.
|
||||
my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n";
|
||||
|
@ -363,9 +355,30 @@ sub addEntry {
|
|||
|
||||
my $kernel = copyToKernelsDir(Cwd::abs_path("$path/kernel"));
|
||||
my $initrd = copyToKernelsDir(Cwd::abs_path("$path/initrd"));
|
||||
if ($extraInitrd) {
|
||||
$initrd .= " " .$extraInitrdPath->path;
|
||||
|
||||
# Include second initrd with secrets
|
||||
if (-e -x "$path/append-initrd-secrets") {
|
||||
my $initrdName = basename($initrd);
|
||||
my $initrdSecretsPath = "$bootPath/kernels/$initrdName-secrets";
|
||||
|
||||
mkpath(dirname($initrdSecretsPath), 0, 0755);
|
||||
my $oldUmask = umask;
|
||||
# Make sure initrd is not world readable (won't work if /boot is FAT)
|
||||
umask 0137;
|
||||
my $initrdSecretsPathTemp = File::Temp::mktemp("$initrdSecretsPath.XXXXXXXX");
|
||||
system("$path/append-initrd-secrets", $initrdSecretsPathTemp) == 0 or die "failed to create initrd secrets\n";
|
||||
# Check whether any secrets were actually added
|
||||
if (-e $initrdSecretsPathTemp && ! -z _) {
|
||||
rename $initrdSecretsPathTemp, $initrdSecretsPath or die "failed to move initrd secrets into place\n";
|
||||
$copied{$initrdSecretsPath} = 1;
|
||||
$initrd .= " " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$initrdName-secrets";
|
||||
} else {
|
||||
unlink $initrdSecretsPathTemp;
|
||||
rmdir dirname($initrdSecretsPathTemp);
|
||||
}
|
||||
umask $oldUmask;
|
||||
}
|
||||
|
||||
my $xen = -e "$path/xen.gz" ? copyToKernelsDir(Cwd::abs_path("$path/xen.gz")) : undef;
|
||||
|
||||
# FIXME: $confName
|
||||
|
@ -388,9 +401,6 @@ sub addEntry {
|
|||
if ($copyKernels == 0) {
|
||||
$conf .= $grubStore->search . "\n";
|
||||
}
|
||||
if ($extraInitrd) {
|
||||
$conf .= $extraInitrdPath->search . "\n";
|
||||
}
|
||||
$conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig;
|
||||
$conf .= " multiboot $xen $xenParams\n" if $xen;
|
||||
$conf .= " " . ($xen ? "module" : "linux") . " $kernel $kernelParams\n";
|
||||
|
|
|
@ -47,9 +47,9 @@ def write_loader_conf(profile, generation):
|
|||
if "@timeout@" != "":
|
||||
f.write("timeout @timeout@\n")
|
||||
if profile:
|
||||
f.write("default nixos-%s-generation-%d\n" % (profile, generation))
|
||||
f.write("default nixos-%s-generation-%d.conf\n".format(profile, generation))
|
||||
else:
|
||||
f.write("default nixos-generation-%d\n" % (generation))
|
||||
f.write("default nixos-generation-%d.conf\n".format(generation))
|
||||
if not @editor@:
|
||||
f.write("editor 0\n");
|
||||
f.write("console-mode @consoleMode@\n");
|
||||
|
@ -197,6 +197,22 @@ def main():
|
|||
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"])
|
||||
else:
|
||||
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"])
|
||||
else:
|
||||
# Update bootloader to latest if needed
|
||||
systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[1]
|
||||
sdboot_status = subprocess.check_output(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "status"], universal_newlines=True)
|
||||
|
||||
# See status_binaries() in systemd bootctl.c for code which generates this
|
||||
m = re.search("^\W+File:.*/EFI/(BOOT|systemd)/.*\.efi \(systemd-boot (\d+)\)$",
|
||||
sdboot_status, re.IGNORECASE | re.MULTILINE)
|
||||
if m is None:
|
||||
print("could not find any previously installed systemd-boot")
|
||||
else:
|
||||
sdboot_version = m.group(2)
|
||||
if systemd_version > sdboot_version:
|
||||
print("updating systemd-boot from %s to %s" % (sdboot_version, systemd_version))
|
||||
subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "update"])
|
||||
|
||||
|
||||
mkdir_p("@efiSysMountPoint@/efi/nixos")
|
||||
mkdir_p("@efiSysMountPoint@/loader/entries")
|
||||
|
|
|
@ -1178,14 +1178,22 @@ in
|
|||
users.users.systemd-network.group = "systemd-network";
|
||||
|
||||
systemd.additionalUpstreamSystemUnits = [
|
||||
"systemd-networkd.service" "systemd-networkd-wait-online.service"
|
||||
"systemd-networkd-wait-online.service"
|
||||
"systemd-networkd.service"
|
||||
"systemd-networkd.socket"
|
||||
];
|
||||
|
||||
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
|
||||
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
|
||||
|
||||
# systemd-networkd is socket-activated by kernel netlink route change
|
||||
# messages. It is important to have systemd buffer those on behalf of
|
||||
# networkd.
|
||||
systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ];
|
||||
|
||||
systemd.services.systemd-networkd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
aliases = [ "dbus-org.freedesktop.network1.service" ];
|
||||
restartTriggers = map (x: x.source) (attrValues unitFiles);
|
||||
# prevent race condition with interface renaming (#39069)
|
||||
requires = [ "systemd-udev-settle.service" ];
|
||||
|
|
|
@ -148,6 +148,7 @@ in
|
|||
|
||||
systemd.services.systemd-resolved = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
aliases = [ "dbus-org.freedesktop.resolve1.service" ];
|
||||
restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ];
|
||||
};
|
||||
|
||||
|
|
|
@ -517,8 +517,7 @@ in
|
|||
};
|
||||
|
||||
boot.initrd.secrets = mkOption
|
||||
{ internal = true;
|
||||
default = {};
|
||||
{ default = {};
|
||||
type = types.attrsOf (types.nullOr types.path);
|
||||
description =
|
||||
''
|
||||
|
@ -585,7 +584,7 @@ in
|
|||
{ assertion = !config.boot.loader.supportsInitrdSecrets ->
|
||||
all (source:
|
||||
builtins.isPath source ||
|
||||
(builtins.isString source && hasPrefix source builtins.storeDir))
|
||||
(builtins.isString source && hasPrefix builtins.storeDir source))
|
||||
(attrValues config.boot.initrd.secrets);
|
||||
message = ''
|
||||
boot.loader.initrd.secrets values must be unquoted paths when
|
||||
|
|
|
@ -826,8 +826,13 @@ in
|
|||
config = {
|
||||
|
||||
warnings = concatLists (mapAttrsToList (name: service:
|
||||
optional (service.serviceConfig.Type or "" == "oneshot" && service.serviceConfig.Restart or "no" != "no")
|
||||
"Service ‘${name}.service’ with ‘Type=oneshot’ must have ‘Restart=no’") cfg.services);
|
||||
let
|
||||
type = service.serviceConfig.Type or "";
|
||||
restart = service.serviceConfig.Restart or "no";
|
||||
in optional
|
||||
(type == "oneshot" && (restart == "always" || restart == "on-success"))
|
||||
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'")
|
||||
cfg.services);
|
||||
|
||||
system.build.units = cfg.units;
|
||||
|
||||
|
|
|
@ -41,6 +41,7 @@ with lib;
|
|||
|
||||
systemd.services.systemd-timesyncd = {
|
||||
wantedBy = [ "sysinit.target" ];
|
||||
aliases = [ "dbus-org.freedesktop.timesync1.service" ];
|
||||
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
|
||||
};
|
||||
|
||||
|
|
|
@ -232,18 +232,22 @@ let
|
|||
'';
|
||||
preStop = ''
|
||||
state="/run/nixos/network/routes/${i.name}"
|
||||
while read cidr; do
|
||||
echo -n "deleting route $cidr... "
|
||||
ip route del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
||||
done < "$state"
|
||||
rm -f "$state"
|
||||
if [ -e "$state" ]; then
|
||||
while read cidr; do
|
||||
echo -n "deleting route $cidr... "
|
||||
ip route del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
||||
done < "$state"
|
||||
rm -f "$state"
|
||||
fi
|
||||
|
||||
state="/run/nixos/network/addresses/${i.name}"
|
||||
while read cidr; do
|
||||
echo -n "deleting address $cidr... "
|
||||
ip addr del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
||||
done < "$state"
|
||||
rm -f "$state"
|
||||
if [ -e "$state" ]; then
|
||||
while read cidr; do
|
||||
echo -n "deleting address $cidr... "
|
||||
ip addr del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
|
||||
done < "$state"
|
||||
rm -f "$state"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -381,7 +381,7 @@ in
|
|||
# syntax). Note: We also allow underscores for compatibility/legacy
|
||||
# reasons (as undocumented feature):
|
||||
type = types.strMatching
|
||||
"^[[:alpha:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
|
||||
"^$|^[[:alpha:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
|
||||
description = ''
|
||||
The name of the machine. Leave it empty if you want to obtain it from a
|
||||
DHCP server (if using DHCP). The hostname must be a valid DNS label (see
|
||||
|
|
|
@ -15,7 +15,6 @@ in
|
|||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
virtualisation.lxd = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -25,12 +24,18 @@ in
|
|||
containers. Users in the "lxd" group can interact with
|
||||
the daemon (e.g. to start or stop containers) using the
|
||||
<command>lxc</command> command line tool, among others.
|
||||
|
||||
Most of the time, you'll also want to start lxcfs, so
|
||||
that containers can "see" the limits:
|
||||
<code>
|
||||
virtualisation.lxc.lxcfs.enable = true;
|
||||
</code>
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.lxd;
|
||||
default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; };
|
||||
defaultText = "pkgs.lxd";
|
||||
description = ''
|
||||
The LXD package to use.
|
||||
|
@ -65,6 +70,7 @@ in
|
|||
with nixos.
|
||||
'';
|
||||
};
|
||||
|
||||
recommendedSysctlSettings = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -83,7 +89,6 @@ in
|
|||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
security.apparmor = {
|
||||
|
@ -115,6 +120,12 @@ in
|
|||
LimitNOFILE = "1048576";
|
||||
LimitNPROC = "infinity";
|
||||
TasksMax = "infinity";
|
||||
|
||||
# By default, `lxd` loads configuration files from hard-coded
|
||||
# `/usr/share/lxc/config` - since this is a no-go for us, we have to
|
||||
# explicitly tell it where the actual configuration files are
|
||||
Environment = mkIf (config.virtualisation.lxc.lxcfs.enable)
|
||||
"LXD_LXC_TEMPLATE_CONFIG=${pkgs.lxcfs}/share/lxc/config";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -441,6 +441,18 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
virtualisation.bios =
|
||||
mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.package;
|
||||
description =
|
||||
''
|
||||
An alternate BIOS (such as <package>qboot</package>) with which to start the VM.
|
||||
Should contain a file named <literal>bios.bin</literal>.
|
||||
If <literal>null</literal>, QEMU's builtin SeaBIOS will be used.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
|
@ -521,6 +533,9 @@ in
|
|||
(mkIf cfg.useEFIBoot [
|
||||
"-pflash $TMPDIR/bios.bin"
|
||||
])
|
||||
(mkIf (cfg.bios != null) [
|
||||
"-bios ${cfg.bios}/bios.bin"
|
||||
])
|
||||
(mkIf (!cfg.graphics) [
|
||||
"-nographic"
|
||||
])
|
||||
|
|
|
@ -119,6 +119,7 @@ in
|
|||
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
|
||||
gocd-agent = handleTest ./gocd-agent.nix {};
|
||||
gocd-server = handleTest ./gocd-server.nix {};
|
||||
go-neb = handleTest ./go-neb.nix {};
|
||||
google-oslogin = handleTest ./google-oslogin {};
|
||||
grafana = handleTest ./grafana.nix {};
|
||||
graphite = handleTest ./graphite.nix {};
|
||||
|
@ -178,6 +179,8 @@ in
|
|||
limesurvey = handleTest ./limesurvey.nix {};
|
||||
login = handleTest ./login.nix {};
|
||||
loki = handleTest ./loki.nix {};
|
||||
lxd = handleTest ./lxd.nix {};
|
||||
lxd-nftables = handleTest ./lxd-nftables.nix {};
|
||||
#logstash = handleTest ./logstash.nix {};
|
||||
lorri = handleTest ./lorri/default.nix {};
|
||||
magnetico = handleTest ./magnetico.nix {};
|
||||
|
@ -273,6 +276,7 @@ in
|
|||
prosody = handleTest ./xmpp/prosody.nix {};
|
||||
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
|
||||
proxy = handleTest ./proxy.nix {};
|
||||
qboot = handleTestOn ["x86_64-linux" "i686-linux"] ./qboot.nix {};
|
||||
quagga = handleTest ./quagga.nix {};
|
||||
quorum = handleTest ./quorum.nix {};
|
||||
rabbitmq = handleTest ./rabbitmq.nix {};
|
||||
|
|
35
third_party/nixpkgs/nixos/tests/corerad.nix
vendored
35
third_party/nixpkgs/nixos/tests/corerad.nix
vendored
|
@ -3,7 +3,7 @@ import ./make-test-python.nix (
|
|||
nodes = {
|
||||
router = {config, pkgs, ...}: {
|
||||
config = {
|
||||
# This machines simulates a router with IPv6 forwarding and a static IPv6 address.
|
||||
# This machine simulates a router with IPv6 forwarding and a static IPv6 address.
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
};
|
||||
|
@ -14,13 +14,25 @@ import ./make-test-python.nix (
|
|||
enable = true;
|
||||
# Serve router advertisements to the client machine with prefix information matching
|
||||
# any IPv6 /64 prefixes configured on this interface.
|
||||
configFile = pkgs.writeText "corerad.toml" ''
|
||||
[[interfaces]]
|
||||
name = "eth1"
|
||||
advertise = true
|
||||
[[interfaces.prefix]]
|
||||
prefix = "::/64"
|
||||
'';
|
||||
#
|
||||
# This configuration is identical to the example in the CoreRAD NixOS module.
|
||||
settings = {
|
||||
interfaces = [
|
||||
{
|
||||
name = "eth0";
|
||||
monitor = true;
|
||||
}
|
||||
{
|
||||
name = "eth1";
|
||||
advertise = true;
|
||||
prefix = [{ prefix = "::/64"; }];
|
||||
}
|
||||
];
|
||||
debug = {
|
||||
address = "localhost:9430";
|
||||
prometheus = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -66,5 +78,12 @@ import ./make-test-python.nix (
|
|||
assert (
|
||||
"/64 scope global temporary" in addrs
|
||||
), "SLAAC temporary address was not configured on client after router advertisement"
|
||||
|
||||
with subtest("Verify HTTP debug server is configured"):
|
||||
out = router.succeed("curl localhost:9430/metrics")
|
||||
|
||||
assert (
|
||||
"corerad_build_info" in out
|
||||
), "Build info metric was not found in Prometheus output"
|
||||
'';
|
||||
})
|
||||
|
|
44
third_party/nixpkgs/nixos/tests/go-neb.nix
vendored
Normal file
44
third_party/nixpkgs/nixos/tests/go-neb.nix
vendored
Normal file
|
@ -0,0 +1,44 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
{
|
||||
name = "go-neb";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ hexa maralorn ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
server = {
|
||||
services.go-neb = {
|
||||
enable = true;
|
||||
baseUrl = "http://localhost";
|
||||
config = {
|
||||
clients = [ {
|
||||
UserId = "@test:localhost";
|
||||
AccessToken = "changeme";
|
||||
HomeServerUrl = "http://localhost";
|
||||
Sync = false;
|
||||
AutoJoinRooms = false;
|
||||
DisplayName = "neverbeseen";
|
||||
} ];
|
||||
services = [ {
|
||||
ID = "wikipedia_service";
|
||||
Type = "wikipedia";
|
||||
UserID = "@test:localhost";
|
||||
Config = { };
|
||||
} ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
server.wait_for_unit("go-neb.service")
|
||||
server.wait_until_succeeds(
|
||||
"curl -L http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U"
|
||||
)
|
||||
server.wait_until_succeeds(
|
||||
"journalctl -eu go-neb -o cat | grep -q service_id=wikipedia_service"
|
||||
)
|
||||
'';
|
||||
|
||||
})
|
|
@ -61,7 +61,7 @@ with pkgs.lib;
|
|||
'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'
|
||||
)
|
||||
|
||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'")
|
||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
|
||||
assert "jobset_id" not in out
|
||||
|
||||
original.succeed(
|
||||
|
@ -69,7 +69,7 @@ with pkgs.lib;
|
|||
)
|
||||
original.wait_for_unit("hydra-init.service")
|
||||
|
||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'")
|
||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
|
||||
assert "jobset_id|integer|||" in out
|
||||
|
||||
original.succeed("hydra-backfill-ids")
|
||||
|
@ -79,7 +79,7 @@ with pkgs.lib;
|
|||
)
|
||||
original.wait_for_unit("hydra-init.service")
|
||||
|
||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'")
|
||||
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
|
||||
assert "jobset_id|integer||not null|" in out
|
||||
|
||||
original.wait_until_succeeds(
|
||||
|
|
7
third_party/nixpkgs/nixos/tests/ipfs.nix
vendored
7
third_party/nixpkgs/nixos/tests/ipfs.nix
vendored
|
@ -21,5 +21,12 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
|||
)
|
||||
|
||||
machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord")
|
||||
|
||||
ipfs_hash = machine.succeed(
|
||||
"echo fnord2 | ipfs --api /unix/run/ipfs.sock add | awk '{ print $2 }'"
|
||||
)
|
||||
machine.succeed(
|
||||
f"ipfs --api /unix/run/ipfs.sock cat /ipfs/{ipfs_hash.strip()} | grep fnord2"
|
||||
)
|
||||
'';
|
||||
})
|
||||
|
|
50
third_party/nixpkgs/nixos/tests/lxd-nftables.nix
vendored
Normal file
50
third_party/nixpkgs/nixos/tests/lxd-nftables.nix
vendored
Normal file
|
@ -0,0 +1,50 @@
|
|||
# This test makes sure that lxd stops implicitly depending on iptables when
|
||||
# user enabled nftables.
|
||||
#
|
||||
# It has been extracted from `lxd.nix` for clarity, and because switching from
|
||||
# iptables to nftables requires a full reboot, which is a bit hard inside NixOS
|
||||
# tests.
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
name = "lxd-nftables";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ patryk27 ];
|
||||
};
|
||||
|
||||
machine = { lib, ... }: {
|
||||
virtualisation = {
|
||||
lxd.enable = true;
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.enable = false;
|
||||
nftables.enable = true;
|
||||
nftables.ruleset = ''
|
||||
table inet filter {
|
||||
chain incoming {
|
||||
type filter hook input priority 0;
|
||||
policy accept;
|
||||
}
|
||||
|
||||
chain forward {
|
||||
type filter hook forward priority 0;
|
||||
policy accept;
|
||||
}
|
||||
|
||||
chain output {
|
||||
type filter hook output priority 0;
|
||||
policy accept;
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("network.target")
|
||||
|
||||
with subtest("When nftables are enabled, lxd doesn't depend on iptables anymore"):
|
||||
machine.succeed("lsmod | grep nf_tables")
|
||||
machine.fail("lsmod | grep ip_tables")
|
||||
'';
|
||||
})
|
135
third_party/nixpkgs/nixos/tests/lxd.nix
vendored
Normal file
135
third_party/nixpkgs/nixos/tests/lxd.nix
vendored
Normal file
|
@ -0,0 +1,135 @@
|
|||
import ./make-test-python.nix ({ pkgs, ...} :
|
||||
|
||||
let
|
||||
# Since we don't have access to the internet during the tests, we have to
|
||||
# pre-fetch lxd containers beforehand.
|
||||
#
|
||||
# I've chosen to import Alpine Linux, because its image is turbo-tiny and,
|
||||
# generally, sufficient for our tests.
|
||||
|
||||
alpine-meta = pkgs.fetchurl {
|
||||
url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/lxd.tar.xz";
|
||||
sha256 = "1hkvaj3rr333zmx1759njy435lps33gl4ks8zfm7m4nqvipm26a0";
|
||||
};
|
||||
|
||||
alpine-rootfs = pkgs.fetchurl {
|
||||
url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/rootfs.tar.xz";
|
||||
sha256 = "1v82zdra4j5xwsff09qlp7h5vbsg54s0j7rdg4rynichfid3r347";
|
||||
};
|
||||
|
||||
lxd-config = pkgs.writeText "config.yaml" ''
|
||||
storage_pools:
|
||||
- name: default
|
||||
driver: dir
|
||||
config:
|
||||
source: /var/lxd-pool
|
||||
|
||||
networks:
|
||||
- name: lxdbr0
|
||||
type: bridge
|
||||
config:
|
||||
ipv4.address: auto
|
||||
ipv6.address: none
|
||||
|
||||
profiles:
|
||||
- name: default
|
||||
devices:
|
||||
eth0:
|
||||
name: eth0
|
||||
network: lxdbr0
|
||||
type: nic
|
||||
root:
|
||||
path: /
|
||||
pool: default
|
||||
type: disk
|
||||
'';
|
||||
|
||||
in {
|
||||
name = "lxd";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ patryk27 ];
|
||||
};
|
||||
|
||||
machine = { lib, ... }: {
|
||||
virtualisation = {
|
||||
# Since we're testing `limits.cpu`, we've gotta have a known number of
|
||||
# cores to lay on
|
||||
cores = 2;
|
||||
|
||||
# Ditto, for `limits.memory`
|
||||
memorySize = 512;
|
||||
|
||||
lxc.lxcfs.enable = true;
|
||||
lxd.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("sockets.target")
|
||||
machine.wait_for_unit("lxd.service")
|
||||
|
||||
# It takes additional second for lxd to settle
|
||||
machine.sleep(1)
|
||||
|
||||
# lxd expects the pool's directory to already exist
|
||||
machine.succeed("mkdir /var/lxd-pool")
|
||||
|
||||
machine.succeed(
|
||||
"cat ${lxd-config} | lxd init --preseed"
|
||||
)
|
||||
|
||||
machine.succeed(
|
||||
"lxc image import ${alpine-meta} ${alpine-rootfs} --alias alpine"
|
||||
)
|
||||
|
||||
with subtest("Containers can be launched and destroyed"):
|
||||
machine.succeed("lxc launch alpine test")
|
||||
machine.succeed("lxc exec test true")
|
||||
machine.succeed("lxc delete -f test")
|
||||
|
||||
with subtest("Containers are being mounted with lxcfs inside"):
|
||||
machine.succeed("lxc launch alpine test")
|
||||
|
||||
## ---------- ##
|
||||
## limits.cpu ##
|
||||
|
||||
machine.succeed("lxc config set test limits.cpu 1")
|
||||
|
||||
# Since Alpine doesn't have `nproc` pre-installed, we've gotta resort
|
||||
# to the primal methods
|
||||
assert (
|
||||
"1"
|
||||
== machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()
|
||||
)
|
||||
|
||||
machine.succeed("lxc config set test limits.cpu 2")
|
||||
|
||||
assert (
|
||||
"2"
|
||||
== machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()
|
||||
)
|
||||
|
||||
## ------------- ##
|
||||
## limits.memory ##
|
||||
|
||||
machine.succeed("lxc config set test limits.memory 64MB")
|
||||
|
||||
assert (
|
||||
"MemTotal: 62500 kB"
|
||||
== machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()
|
||||
)
|
||||
|
||||
machine.succeed("lxc config set test limits.memory 128MB")
|
||||
|
||||
assert (
|
||||
"MemTotal: 125000 kB"
|
||||
== machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()
|
||||
)
|
||||
|
||||
machine.succeed("lxc delete -f test")
|
||||
|
||||
with subtest("Unless explicitly changed, lxd leans on iptables"):
|
||||
machine.succeed("lsmod | grep ip_tables")
|
||||
machine.fail("lsmod | grep nf_tables")
|
||||
'';
|
||||
})
|
|
@ -29,8 +29,8 @@ import ./make-test-python.nix ({ pkgs, ... } : let
|
|||
in {
|
||||
|
||||
name = "matrix-synapse";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ corngood ];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
maintainers = teams.matrix.members;
|
||||
};
|
||||
|
||||
nodes = {
|
||||
|
|
92
third_party/nixpkgs/nixos/tests/mysql/mysql.nix
vendored
92
third_party/nixpkgs/nixos/tests/mysql/mysql.nix
vendored
|
@ -5,20 +5,34 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
|||
};
|
||||
|
||||
nodes = {
|
||||
mysql =
|
||||
mysql57 =
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.testuser = { };
|
||||
users.users.testuser2 = { };
|
||||
services.mysql.enable = true;
|
||||
services.mysql.initialDatabases = [
|
||||
{ name = "testdb"; schema = ./testdb.sql; }
|
||||
{ name = "empty_testdb"; }
|
||||
{ name = "testdb3"; schema = ./testdb.sql; }
|
||||
];
|
||||
# note that using pkgs.writeText here is generally not a good idea,
|
||||
# as it will store the password in world-readable /nix/store ;)
|
||||
services.mysql.initialScript = pkgs.writeText "mysql-init.sql" ''
|
||||
CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123';
|
||||
CREATE USER 'testuser3'@'localhost' IDENTIFIED BY 'secure';
|
||||
GRANT ALL PRIVILEGES ON testdb3.* TO 'testuser3'@'localhost';
|
||||
'';
|
||||
services.mysql.ensureDatabases = [ "testdb" "testdb2" ];
|
||||
services.mysql.ensureUsers = [{
|
||||
name = "testuser";
|
||||
ensurePermissions = {
|
||||
"testdb.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
} {
|
||||
name = "testuser2";
|
||||
ensurePermissions = {
|
||||
"testdb2.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
services.mysql.package = pkgs.mysql57;
|
||||
};
|
||||
|
||||
|
@ -30,16 +44,30 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
|||
# Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled
|
||||
virtualisation.memorySize = 1024;
|
||||
|
||||
users.users.testuser = { };
|
||||
users.users.testuser2 = { };
|
||||
services.mysql.enable = true;
|
||||
services.mysql.initialDatabases = [
|
||||
{ name = "testdb"; schema = ./testdb.sql; }
|
||||
{ name = "empty_testdb"; }
|
||||
{ name = "testdb3"; schema = ./testdb.sql; }
|
||||
];
|
||||
# note that using pkgs.writeText here is generally not a good idea,
|
||||
# as it will store the password in world-readable /nix/store ;)
|
||||
services.mysql.initialScript = pkgs.writeText "mysql-init.sql" ''
|
||||
CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123';
|
||||
CREATE USER 'testuser3'@'localhost' IDENTIFIED BY 'secure';
|
||||
GRANT ALL PRIVILEGES ON testdb3.* TO 'testuser3'@'localhost';
|
||||
'';
|
||||
services.mysql.ensureDatabases = [ "testdb" "testdb2" ];
|
||||
services.mysql.ensureUsers = [{
|
||||
name = "testuser";
|
||||
ensurePermissions = {
|
||||
"testdb.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
} {
|
||||
name = "testuser2";
|
||||
ensurePermissions = {
|
||||
"testdb2.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
services.mysql.package = pkgs.mysql80;
|
||||
};
|
||||
|
||||
|
@ -81,17 +109,49 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
|||
testScript = ''
|
||||
start_all()
|
||||
|
||||
mysql.wait_for_unit("mysql")
|
||||
mysql.succeed("echo 'use empty_testdb;' | mysql -u root")
|
||||
mysql.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4")
|
||||
# ';' acts as no-op, just check whether login succeeds with the user created from the initialScript
|
||||
mysql.succeed("echo ';' | mysql -u passworduser --password=password123")
|
||||
mysql57.wait_for_unit("mysql")
|
||||
mysql57.succeed(
|
||||
"echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser"
|
||||
)
|
||||
mysql57.succeed(
|
||||
"echo 'use testdb; insert into tests values (41);' | sudo -u testuser mysql -u testuser"
|
||||
)
|
||||
# Ensure testuser2 is not able to insert into testdb as mysql testuser2
|
||||
mysql57.fail(
|
||||
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser2"
|
||||
)
|
||||
# Ensure testuser2 is not able to authenticate as mysql testuser
|
||||
mysql57.fail(
|
||||
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser"
|
||||
)
|
||||
mysql57.succeed(
|
||||
"echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 41"
|
||||
)
|
||||
mysql57.succeed(
|
||||
"echo 'use testdb3; select * from tests;' | mysql -u testuser3 --password=secure -N | grep 4"
|
||||
)
|
||||
|
||||
mysql80.wait_for_unit("mysql")
|
||||
mysql80.succeed("echo 'use empty_testdb;' | mysql -u root")
|
||||
mysql80.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4")
|
||||
# ';' acts as no-op, just check whether login succeeds with the user created from the initialScript
|
||||
mysql80.succeed("echo ';' | mysql -u passworduser --password=password123")
|
||||
mysql80.succeed(
|
||||
"echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser"
|
||||
)
|
||||
mysql80.succeed(
|
||||
"echo 'use testdb; insert into tests values (41);' | sudo -u testuser mysql -u testuser"
|
||||
)
|
||||
# Ensure testuser2 is not able to insert into testdb as mysql testuser2
|
||||
mysql80.fail(
|
||||
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser2"
|
||||
)
|
||||
# Ensure testuser2 is not able to authenticate as mysql testuser
|
||||
mysql80.fail(
|
||||
"echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser"
|
||||
)
|
||||
mysql80.succeed(
|
||||
"echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 41"
|
||||
)
|
||||
mysql80.succeed(
|
||||
"echo 'use testdb3; select * from tests;' | mysql -u testuser3 --password=secure -N | grep 4"
|
||||
)
|
||||
|
||||
mariadb.wait_for_unit("mysql")
|
||||
mariadb.succeed(
|
||||
|
|
|
@ -56,6 +56,21 @@ let
|
|||
*/
|
||||
|
||||
exporterTests = {
|
||||
apcupsd = {
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
};
|
||||
metricProvider = {
|
||||
services.apcupsd.enable = true;
|
||||
};
|
||||
exporterTest = ''
|
||||
wait_for_unit("apcupsd.service")
|
||||
wait_for_open_port(3551)
|
||||
wait_for_unit("prometheus-apcupsd-exporter.service")
|
||||
wait_for_open_port(9162)
|
||||
succeed("curl -sSf http://localhost:9162/metrics | grep -q 'apcupsd_info'")
|
||||
'';
|
||||
};
|
||||
|
||||
bind = {
|
||||
exporterConfig = {
|
||||
|
@ -202,6 +217,69 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
keylight = {
|
||||
# A hardware device is required to properly test this exporter, so just
|
||||
# perform a couple of basic sanity checks that the exporter is running
|
||||
# and requires a target, but cannot reach a specified target.
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
};
|
||||
exporterTest = ''
|
||||
wait_for_unit("prometheus-keylight-exporter.service")
|
||||
wait_for_open_port(9288)
|
||||
succeed(
|
||||
"curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics | grep -q '400'"
|
||||
)
|
||||
succeed(
|
||||
"curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics?target=nosuchdevice | grep -q '500'"
|
||||
)
|
||||
'';
|
||||
};
|
||||
|
||||
lnd = {
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
lndTlsPath = "/var/lib/lnd/tls.cert";
|
||||
lndMacaroonDir = "/var/lib/lnd";
|
||||
};
|
||||
metricProvider = {
|
||||
systemd.services.prometheus-lnd-exporter.serviceConfig.DynamicUser = false;
|
||||
services.bitcoind.enable = true;
|
||||
services.bitcoind.extraConfig = ''
|
||||
rpcauth=bitcoinrpc:e8fe33f797e698ac258c16c8d7aadfbe$872bdb8f4d787367c26bcfd75e6c23c4f19d44a69f5d1ad329e5adf3f82710f7
|
||||
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
|
||||
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
|
||||
'';
|
||||
systemd.services.lnd = {
|
||||
serviceConfig.ExecStart = ''
|
||||
${pkgs.lnd}/bin/lnd \
|
||||
--datadir=/var/lib/lnd \
|
||||
--tlscertpath=/var/lib/lnd/tls.cert \
|
||||
--tlskeypath=/var/lib/lnd/tls.key \
|
||||
--logdir=/var/log/lnd \
|
||||
--bitcoin.active \
|
||||
--bitcoin.mainnet \
|
||||
--bitcoin.node=bitcoind \
|
||||
--bitcoind.rpcuser=bitcoinrpc \
|
||||
--bitcoind.rpcpass=hunter2 \
|
||||
--bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 \
|
||||
--bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 \
|
||||
--readonlymacaroonpath=/var/lib/lnd/readonly.macaroon
|
||||
'';
|
||||
serviceConfig.StateDirectory = "lnd";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
};
|
||||
};
|
||||
exporterTest = ''
|
||||
wait_for_unit("lnd.service")
|
||||
wait_for_open_port(10009)
|
||||
wait_for_unit("prometheus-lnd-exporter.service")
|
||||
wait_for_open_port(9092)
|
||||
succeed("curl -sSf localhost:9092/metrics | grep -q '^promhttp_metric_handler'")
|
||||
'';
|
||||
};
|
||||
|
||||
mail = {
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
|
|
13
third_party/nixpkgs/nixos/tests/qboot.nix
vendored
Normal file
13
third_party/nixpkgs/nixos/tests/qboot.nix
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
name = "qboot";
|
||||
|
||||
machine = { ... }: {
|
||||
virtualisation.bios = pkgs.qboot;
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
start_all()
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
'';
|
||||
})
|
57
third_party/nixpkgs/nixos/tests/systemd-boot.nix
vendored
57
third_party/nixpkgs/nixos/tests/systemd-boot.nix
vendored
|
@ -6,26 +6,53 @@
|
|||
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||
with pkgs.lib;
|
||||
|
||||
makeTest {
|
||||
name = "systemd-boot";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ danielfullmer ];
|
||||
|
||||
machine = { pkgs, lib, ... }: {
|
||||
let
|
||||
common = {
|
||||
virtualisation.useBootLoader = true;
|
||||
virtualisation.useEFIBoot = true;
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
};
|
||||
in
|
||||
{
|
||||
basic = makeTest {
|
||||
name = "systemd-boot";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ danielfullmer ];
|
||||
|
||||
testScript = ''
|
||||
machine.start()
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
machine = common;
|
||||
|
||||
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
|
||||
testScript = ''
|
||||
machine.start()
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
# Ensure we actually booted using systemd-boot.
|
||||
# Magic number is the vendor UUID used by systemd-boot.
|
||||
machine.succeed(
|
||||
"test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
|
||||
)
|
||||
'';
|
||||
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
|
||||
|
||||
# Ensure we actually booted using systemd-boot
|
||||
# Magic number is the vendor UUID used by systemd-boot.
|
||||
machine.succeed(
|
||||
"test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
|
||||
)
|
||||
'';
|
||||
};
|
||||
|
||||
update = makeTest {
|
||||
name = "systemd-boot-update";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ danielfullmer ];
|
||||
|
||||
machine = common;
|
||||
|
||||
testScript = ''
|
||||
machine.succeed("mount -o remount,rw /boot")
|
||||
|
||||
# Replace version inside sd-boot with something older. See magic[] string in systemd src/boot/efi/boot.c
|
||||
machine.succeed(
|
||||
"""
|
||||
find /boot -iname '*.efi' -print0 | \
|
||||
xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 001 ####/' '{}'
|
||||
"""
|
||||
)
|
||||
|
||||
output = machine.succeed("/run/current-system/bin/switch-to-configuration boot")
|
||||
assert "updating systemd-boot from 001 to " in output
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
55
third_party/nixpkgs/nixos/tests/teeworlds.nix
vendored
Normal file
55
third_party/nixpkgs/nixos/tests/teeworlds.nix
vendored
Normal file
|
@ -0,0 +1,55 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
|
||||
let
|
||||
client =
|
||||
{ pkgs, ... }:
|
||||
|
||||
{ imports = [ ./common/x11.nix ];
|
||||
environment.systemPackages = [ pkgs.teeworlds ];
|
||||
};
|
||||
|
||||
in {
|
||||
name = "teeworlds";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ hax404 ];
|
||||
};
|
||||
|
||||
nodes =
|
||||
{ server =
|
||||
{ services.teeworlds = {
|
||||
enable = true;
|
||||
openPorts = true;
|
||||
};
|
||||
};
|
||||
|
||||
client1 = client;
|
||||
client2 = client;
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
start_all()
|
||||
|
||||
server.wait_for_unit("teeworlds.service")
|
||||
server.wait_until_succeeds("ss --numeric --udp --listening | grep -q 8303")
|
||||
|
||||
client1.wait_for_x()
|
||||
client2.wait_for_x()
|
||||
|
||||
client1.execute("teeworlds 'player_name Alice;connect server'&")
|
||||
server.wait_until_succeeds(
|
||||
'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Alice"'
|
||||
)
|
||||
|
||||
client2.execute("teeworlds 'player_name Bob;connect server'&")
|
||||
server.wait_until_succeeds(
|
||||
'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Bob"'
|
||||
)
|
||||
|
||||
server.sleep(10) # wait for a while to get a nice screenshot
|
||||
|
||||
client1.screenshot("screen_client1")
|
||||
client2.screenshot("screen_client2")
|
||||
'';
|
||||
|
||||
})
|
|
@ -3,21 +3,21 @@
|
|||
, qca-qt5, qjson, qtquickcontrols2, qtscript, qtwebengine
|
||||
, karchive, kcmutils, kconfig, kdnssd, kguiaddons, kinit, kirigami2, knewstuff, knotifyconfig, ktexteditor, kwindowsystem
|
||||
, fftw, phonon, plasma-framework, threadweaver
|
||||
, curl, ffmpeg, gdk-pixbuf, libaio, libmtp, loudmouth, lzo, lz4, mysql57, pcre, snappy, taglib, taglib_extras
|
||||
, curl, ffmpeg_3, gdk-pixbuf, libaio, liblastfm, libmtp, loudmouth, lzo, lz4, mysql57, pcre, snappy, taglib, taglib_extras
|
||||
}:
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "amarok";
|
||||
version = "2.9.0-20190824";
|
||||
pname = "amarok-unstable";
|
||||
version = "2020-06-12";
|
||||
|
||||
src = fetchgit {
|
||||
# master has the Qt5 version as of April 2018 but a formal release has not
|
||||
# yet been made so change this back to the proper upstream when such a
|
||||
# release is out
|
||||
url = "git://anongit.kde.org/amarok.git";
|
||||
url = "https://invent.kde.org/multimedia/amarok.git";
|
||||
# url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz";
|
||||
rev = "457fbda25a85a102bfda92aa7137e7ef5e4c8b00";
|
||||
sha256 = "1ig2mg8pqany6m2zplkrvldcv4ibxwsypnyv5igm7nz7ax82cd5j";
|
||||
rev = "fece39b0e81db310b6a6e08f93d83b0d498cd02b";
|
||||
sha256 = "12casnq6w5yp2jlvnr466pjpkn0vriry8jzfq2qkjl564y0vhy9x";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ extra-cmake-modules kdoctools ];
|
||||
|
@ -26,7 +26,7 @@ mkDerivation rec {
|
|||
qca-qt5 qjson qtquickcontrols2 qtscript qtwebengine
|
||||
karchive kcmutils kconfig kdnssd kguiaddons kinit kirigami2 knewstuff knotifyconfig ktexteditor kwindowsystem
|
||||
phonon plasma-framework threadweaver
|
||||
curl fftw ffmpeg gdk-pixbuf libaio libmtp loudmouth lz4 lzo mysql57.server mysql57.server.static
|
||||
curl fftw ffmpeg_3 gdk-pixbuf libaio liblastfm libmtp loudmouth lz4 lzo mysql57.server mysql57.server.static
|
||||
pcre snappy taglib taglib_extras
|
||||
];
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
, curl
|
||||
, dbus
|
||||
, doxygen
|
||||
, ffmpeg
|
||||
, ffmpeg_3
|
||||
, fftw
|
||||
, fftwSinglePrec
|
||||
, flac
|
||||
|
@ -87,7 +87,7 @@ stdenv.mkDerivation rec {
|
|||
cppunit
|
||||
curl
|
||||
dbus
|
||||
ffmpeg
|
||||
ffmpeg_3
|
||||
fftw
|
||||
fftwSinglePrec
|
||||
flac
|
||||
|
@ -149,8 +149,8 @@ stdenv.mkDerivation rec {
|
|||
sed 's|/usr/include/libintl.h|${glibc.dev}/include/libintl.h|' -i wscript
|
||||
patchShebangs ./tools/
|
||||
substituteInPlace libs/ardour/video_tools_paths.cc \
|
||||
--replace 'ffmpeg_exe = X_("");' 'ffmpeg_exe = X_("${ffmpeg}/bin/ffmpeg");' \
|
||||
--replace 'ffprobe_exe = X_("");' 'ffprobe_exe = X_("${ffmpeg}/bin/ffprobe");'
|
||||
--replace 'ffmpeg_exe = X_("");' 'ffmpeg_exe = X_("${ffmpeg_3}/bin/ffmpeg");' \
|
||||
--replace 'ffprobe_exe = X_("");' 'ffprobe_exe = X_("${ffmpeg_3}/bin/ffprobe");'
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
|
|
|
@ -2,13 +2,14 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "artyFX";
|
||||
version = "1.3";
|
||||
# Fix build with lv2 1.18: https://github.com/openAVproductions/openAV-ArtyFX/pull/41/commits/492587461b50d140455aa3c98d915eb8673bebf0
|
||||
version = "unstable-2020-04-28";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openAVproductions";
|
||||
repo = "openAV-ArtyFX";
|
||||
rev = "release-${version}";
|
||||
sha256 = "012hcy1mxl7gs2lipfcqp5x0xv1azb9hjrwf0h59yyxnzx96h7c9";
|
||||
rev = "492587461b50d140455aa3c98d915eb8673bebf0";
|
||||
sha256 = "0wwg8ivnpyy0235bapjy4g0ij85zq355jwi6c1nkrac79p4z9ail";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
|
|
@ -12,11 +12,11 @@
|
|||
with stdenv.lib;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2.9.5";
|
||||
version = "2.9.6";
|
||||
pname = "asunder";
|
||||
src = fetchurl {
|
||||
url = "http://littlesvr.ca/asunder/releases/${pname}-${version}.tar.bz2";
|
||||
sha256 = "069x6az2r3wlb2hd07iz0hxpxwknw7s9h7pyhnkmzv1pw9ci3kk4";
|
||||
sha256 = "1ycnd82lh7qy1pcbngd4b41s16j9hnm2kyfrncg4cwr3bfk7yg7a";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ intltool makeWrapper pkgconfig ];
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ stdenv, fetchurl, pkgconfig, wrapGAppsHook, gettext, glib, gtk3
|
||||
, libmowgli, dbus-glib, libxml2, xorg, gnome3, alsaLib
|
||||
, libpulseaudio, libjack2, fluidsynth, libmad, libogg, libvorbis
|
||||
, libcdio, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b
|
||||
, libcdio, libcddb, flac, ffmpeg_3, mpg123, libcue, libmms, libbs2b
|
||||
, libsndfile, libmodplug, libsamplerate, soxr, lirc, curl, wavpack
|
||||
, neon, faad2, lame, libnotify, libsidplayfp
|
||||
}:
|
||||
|
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
|
|||
gettext glib gtk3 libmowgli dbus-glib libxml2
|
||||
xorg.libXcomposite gnome3.adwaita-icon-theme alsaLib libjack2
|
||||
libpulseaudio fluidsynth libmad libogg libvorbis libcdio
|
||||
libcddb flac ffmpeg mpg123 libcue libmms libbs2b libsndfile
|
||||
libcddb flac ffmpeg_3 mpg123 libcue libmms libbs2b libsndfile
|
||||
libmodplug libsamplerate soxr lirc curl wavpack neon faad2
|
||||
lame libnotify libsidplayfp
|
||||
];
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
mkDerivation, lib, fetchurl, fetchpatch,
|
||||
gettext, pkgconfig,
|
||||
qtbase,
|
||||
alsaLib, curl, faad2, ffmpeg, flac, fluidsynth, gdk-pixbuf, lame, libbs2b,
|
||||
alsaLib, curl, faad2, ffmpeg_3, flac, fluidsynth, gdk-pixbuf, lame, libbs2b,
|
||||
libcddb, libcdio, libcue, libjack2, libmad, libmms, libmodplug,
|
||||
libmowgli, libnotify, libogg, libpulseaudio, libsamplerate, libsidplayfp,
|
||||
libsndfile, libvorbis, libxml2, lirc, mpg123, neon, qtmultimedia, soxr,
|
||||
|
@ -45,7 +45,7 @@ mkDerivation {
|
|||
qtbase
|
||||
|
||||
# Plugin dependencies
|
||||
alsaLib curl faad2 ffmpeg flac fluidsynth gdk-pixbuf lame libbs2b libcddb
|
||||
alsaLib curl faad2 ffmpeg_3 flac fluidsynth gdk-pixbuf lame libbs2b libcddb
|
||||
libcdio libcue libjack2 libmad libmms libmodplug libmowgli
|
||||
libnotify libogg libpulseaudio libsamplerate libsidplayfp libsndfile
|
||||
libvorbis libxml2 lirc mpg123 neon qtmultimedia soxr wavpack
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ stdenv, fetchzip, wxGTK30, pkgconfig, file, gettext,
|
||||
libvorbis, libmad, libjack2, lv2, lilv, serd, sord, sratom, suil, alsaLib, libsndfile, soxr, flac, lame,
|
||||
expat, libid3tag, ffmpeg, soundtouch, /*, portaudio - given up fighting their portaudio.patch */
|
||||
expat, libid3tag, ffmpeg_3, soundtouch, /*, portaudio - given up fighting their portaudio.patch */
|
||||
autoconf, automake, libtool
|
||||
}:
|
||||
|
||||
|
@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [
|
||||
file gettext wxGTK30 expat alsaLib
|
||||
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK30.gtk
|
||||
ffmpeg libmad lame libvorbis flac soundtouch
|
||||
ffmpeg_3 libmad lame libvorbis flac soundtouch
|
||||
]; #ToDo: detach sbsms
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -59,6 +59,7 @@ stdenv.mkDerivation rec {
|
|||
description = "Sound editor with graphical UI";
|
||||
homepage = "http://audacityteam.org/";
|
||||
license = licenses.gpl2Plus;
|
||||
maintainers = with maintainers; [ lheckemann ];
|
||||
platforms = intersectLists platforms.linux platforms.x86; # fails on ARM
|
||||
};
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue