Merge commit '3ed4d12aac391a1eb607b388e386854780fd3cd3' into HEAD
This commit is contained in:
commit
da66e90c04
2211 changed files with 91019 additions and 159619 deletions
|
@ -7,34 +7,44 @@ assignees: ''
|
|||
|
||||
---
|
||||
|
||||
### Describe the bug
|
||||
A clear and concise description of what the bug is.
|
||||
## Describe the bug
|
||||
|
||||
<!-- A clear and concise description of what the bug is. -->
|
||||
|
||||
## Steps To Reproduce
|
||||
|
||||
### Steps To Reproduce
|
||||
Steps to reproduce the behavior:
|
||||
|
||||
1. ...
|
||||
2. ...
|
||||
3. ...
|
||||
|
||||
### Expected behavior
|
||||
A clear and concise description of what you expected to happen.
|
||||
## Expected behavior
|
||||
|
||||
### Screenshots
|
||||
If applicable, add screenshots to help explain your problem.
|
||||
<!-- A clear and concise description of what you expected to happen. -->
|
||||
|
||||
### Additional context
|
||||
Add any other context about the problem here.
|
||||
## Screenshots
|
||||
|
||||
### Notify maintainers
|
||||
<!-- If applicable, add screenshots to help explain your problem: -->
|
||||
|
||||
## Additional context
|
||||
|
||||
<!-- Add any other context about the problem here. -->
|
||||
|
||||
## Metadata
|
||||
|
||||
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
||||
|
||||
## Notify maintainers
|
||||
|
||||
<!--
|
||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||
If in doubt, check `git blame` for whoever last touched something.
|
||||
-->
|
||||
|
||||
### Metadata
|
||||
---
|
||||
|
||||
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
||||
Note for maintainers: Please tag this issue in your PR.
|
||||
|
||||
---
|
||||
|
||||
|
|
|
@ -7,31 +7,43 @@ assignees: ''
|
|||
|
||||
---
|
||||
|
||||
### Steps To Reproduce
|
||||
## Steps To Reproduce
|
||||
|
||||
Steps to reproduce the behavior:
|
||||
|
||||
1. build *X*
|
||||
|
||||
### Build log
|
||||
## Build log
|
||||
|
||||
<!-- insert build log in code block in collapsable section -->
|
||||
|
||||
<details>
|
||||
|
||||
<summary>Build Log</summary>
|
||||
|
||||
```
|
||||
log here if short otherwise a link to a gist
|
||||
```
|
||||
|
||||
### Additional context
|
||||
</details>
|
||||
|
||||
Add any other context about the problem here.
|
||||
## Additional context
|
||||
|
||||
### Notify maintainers
|
||||
<!-- Add any other context about the problem here. -->
|
||||
|
||||
## Metadata
|
||||
|
||||
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
||||
|
||||
## Notify maintainers
|
||||
|
||||
<!--
|
||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||
If in doubt, check `git blame` for whoever last touched something.
|
||||
-->
|
||||
|
||||
### Metadata
|
||||
---
|
||||
|
||||
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
||||
Note for maintainers: Please tag this issue in your PR.
|
||||
|
||||
---
|
||||
|
||||
|
|
|
@ -23,12 +23,9 @@ assignees: ''
|
|||
- [ ] checked [open documentation issues] for possible duplicates
|
||||
- [ ] checked [open documentation pull requests] for possible solutions
|
||||
|
||||
[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/
|
||||
[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/
|
||||
[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc
|
||||
[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual
|
||||
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
|
||||
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
|
||||
---
|
||||
|
||||
Note for maintainers: Please tag this issue in your PR.
|
||||
|
||||
---
|
||||
|
||||
|
@ -36,3 +33,9 @@ Add a :+1: [reaction] to [issues you find important].
|
|||
|
||||
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
|
||||
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc
|
||||
[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/
|
||||
[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/
|
||||
[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc
|
||||
[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual
|
||||
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
|
||||
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
|
||||
|
|
|
@ -7,11 +7,11 @@ assignees: ''
|
|||
|
||||
---
|
||||
|
||||
### Description
|
||||
## Description
|
||||
|
||||
<!-- Describe what the module should accomplish: -->
|
||||
|
||||
### Notify maintainers
|
||||
## Notify maintainers
|
||||
|
||||
<!-- If applicable, tag the maintainers of the package that corresponds to the module. If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
||||
|
||||
|
|
|
@ -7,23 +7,30 @@ assignees: ''
|
|||
|
||||
---
|
||||
|
||||
## Package Information
|
||||
|
||||
<!-- Search for the package here: https://search.nixos.org/packages?channel=unstable -->
|
||||
|
||||
- Package name:
|
||||
- Latest released version:
|
||||
<!-- Search your package here: https://search.nixos.org/packages?channel=unstable -->
|
||||
- Current version on the unstable channel:
|
||||
- Current version on the stable/release channel:
|
||||
|
||||
## Checklist
|
||||
|
||||
<!--
|
||||
Type the name of your package and try to find an open pull request for the package
|
||||
If you find an open pull request, you can review it!
|
||||
There's a high chance that you'll have the new version right away while helping the community!
|
||||
-->
|
||||
|
||||
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
|
||||
|
||||
**Notify maintainers**
|
||||
## Notify maintainers
|
||||
|
||||
<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
||||
|
||||
-----
|
||||
---
|
||||
|
||||
Note for maintainers: Please tag this issue in your PR.
|
||||
|
||||
|
|
|
@ -7,11 +7,11 @@ assignees: ''
|
|||
|
||||
---
|
||||
|
||||
**Project description**
|
||||
## Project description
|
||||
|
||||
<!-- Describe the project a little: -->
|
||||
|
||||
**Metadata**
|
||||
## Metadata
|
||||
|
||||
* homepage URL:
|
||||
* source URL:
|
||||
|
@ -20,6 +20,10 @@ assignees: ''
|
|||
|
||||
---
|
||||
|
||||
Note for maintainers: Please tag this issue in your PR.
|
||||
|
||||
---
|
||||
|
||||
Add a :+1: [reaction] to [issues you find important].
|
||||
|
||||
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
|
||||
|
|
|
@ -31,12 +31,12 @@ Fixing bit-by-bit reproducibility also has additional advantages, such as
|
|||
avoiding hard-to-reproduce bugs, making content-addressed storage more effective
|
||||
and reducing rebuilds in such systems.
|
||||
|
||||
### Steps To Reproduce
|
||||
## Steps To Reproduce
|
||||
|
||||
In the following steps, replace `<package>` with the canonical name of the
|
||||
package.
|
||||
|
||||
#### 1. Build the package
|
||||
### 1. Build the package
|
||||
|
||||
This step will build the package. Specific arguments are passed to the command
|
||||
to keep the build artifacts so we can compare them in case of differences.
|
||||
|
@ -53,7 +53,7 @@ Or using the new command line style:
|
|||
nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed
|
||||
```
|
||||
|
||||
#### 2. Compare the build artifacts
|
||||
### 2. Compare the build artifacts
|
||||
|
||||
If the previous command completes successfully, no differences were found and
|
||||
there's nothing to do, builds are reproducible.
|
||||
|
@ -67,7 +67,7 @@ metadata (*e.g. timestamp*) differences.
|
|||
nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>
|
||||
```
|
||||
|
||||
#### 3. Examine the build log
|
||||
### 3. Examine the build log
|
||||
|
||||
To examine the build log, use:
|
||||
|
||||
|
@ -81,10 +81,20 @@ Or with the new command line style:
|
|||
nix log $(nix path-info --derivation nixpkgs#<package>)
|
||||
```
|
||||
|
||||
### Additional context
|
||||
## Additional context
|
||||
|
||||
(please share the relevant fragment of the diffoscope output here, and any
|
||||
additional analysis you may have done)
|
||||
(please share the relevant fragment of the diffoscope output here, and any additional analysis you may have done)
|
||||
|
||||
## Notify maintainers
|
||||
|
||||
<!--
|
||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||
If in doubt, check `git blame` for whoever last touched something.
|
||||
-->
|
||||
|
||||
---
|
||||
|
||||
Note for maintainers: Please tag this issue in your PR.
|
||||
|
||||
---
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ For new packages please briefly describe the package or provide a link to its ho
|
|||
- made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages
|
||||
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
|
||||
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
|
||||
- [24.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) (or backporting [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) and [24.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) Release notes)
|
||||
- [25.05 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) Release notes)
|
||||
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
|
||||
- [ ] (Module updates) Added a release notes entry if the change is significant
|
||||
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module
|
||||
|
|
4
third_party/nixpkgs/.github/labeler.yml
vendored
4
third_party/nixpkgs/.github/labeler.yml
vendored
|
@ -293,6 +293,7 @@
|
|||
- any-glob-to-any-file:
|
||||
- nixos/**/*
|
||||
- pkgs/by-name/sw/switch-to-configuration-ng/**/*
|
||||
- pkgs/by-name/ni/nixos-rebuild-ng/**/*
|
||||
- pkgs/os-specific/linux/nixos-rebuild/**/*
|
||||
|
||||
"6.topic: nixos-container":
|
||||
|
@ -358,8 +359,9 @@
|
|||
- changed-files:
|
||||
- any-glob-to-any-file:
|
||||
- doc/languages-frameworks/php.section.md
|
||||
- nixos/tests/php/**/*
|
||||
- pkgs/build-support/php/**/*
|
||||
- pkgs/development/interpreters/php/*
|
||||
- pkgs/development/interpreters/php/**/*
|
||||
- pkgs/development/php-packages/**/*
|
||||
- pkgs/test/php/default.nix
|
||||
- pkgs/top-level/php-packages.nix
|
||||
|
|
|
@ -39,6 +39,10 @@ jobs:
|
|||
into: staging-next-24.05
|
||||
- from: staging-next-24.05
|
||||
into: staging-24.05
|
||||
- from: release-24.11
|
||||
into: staging-next-24.11
|
||||
- from: staging-next-24.11
|
||||
into: staging-24.11
|
||||
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
|
||||
steps:
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
|
|
2
third_party/nixpkgs/CONTRIBUTING.md
vendored
2
third_party/nixpkgs/CONTRIBUTING.md
vendored
|
@ -345,7 +345,7 @@ See [Nix Channel Status](https://status.nixos.org/) for the current channels and
|
|||
Here's a brief overview of the main Git branches and what channels they're used for:
|
||||
|
||||
- `master`: The main branch, used for the unstable channels such as `nixpkgs-unstable`, `nixos-unstable` and `nixos-unstable-small`.
|
||||
- `release-YY.MM` (e.g. `release-24.05`): The NixOS release branches, used for the stable channels such as `nixos-24.05`, `nixos-24.05-small` and `nixpkgs-24.05-darwin`.
|
||||
- `release-YY.MM` (e.g. `release-24.11`): The NixOS release branches, used for the stable channels such as `nixos-24.11`, `nixos-24.11-small` and `nixpkgs-24.11-darwin`.
|
||||
|
||||
When a channel is updated, a corresponding Git branch is also updated to point to the corresponding commit.
|
||||
So e.g. the [`nixpkgs-unstable` branch](https://github.com/nixos/nixpkgs/tree/nixpkgs-unstable) corresponds to the Git commit from the [`nixpkgs-unstable` channel](https://channels.nixos.org/nixpkgs-unstable).
|
||||
|
|
4
third_party/nixpkgs/README.md
vendored
4
third_party/nixpkgs/README.md
vendored
|
@ -9,7 +9,7 @@
|
|||
</p>
|
||||
|
||||
<p align="center">
|
||||
<a href="https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
|
||||
<a href="CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
|
||||
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=supporters&color=brightgreen" alt="Open Collective supporters" /></a>
|
||||
</p>
|
||||
|
||||
|
@ -74,7 +74,7 @@ Community contributions are always welcome through GitHub Issues and
|
|||
Pull Requests.
|
||||
|
||||
For more information about contributing to the project, please visit
|
||||
the [contributing page](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).
|
||||
the [contributing page](CONTRIBUTING.md).
|
||||
|
||||
# Donations
|
||||
|
||||
|
|
11
third_party/nixpkgs/ci/OWNERS
vendored
11
third_party/nixpkgs/ci/OWNERS
vendored
|
@ -105,6 +105,11 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
|
|||
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
|
||||
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius
|
||||
|
||||
# NixOS Render Docs
|
||||
/pkgs/by-name/ni/nixos-render-docs @fricklerhandwerk @GetPsyched @hsjobeki
|
||||
/doc/redirects.json @fricklerhandwerk @GetPsyched @hsjobeki
|
||||
/nixos/doc/manual/redirects.json @fricklerhandwerk @GetPsyched @hsjobeki
|
||||
|
||||
# NixOS integration test driver
|
||||
/nixos/lib/test-driver @tfc
|
||||
|
||||
|
@ -138,6 +143,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
|
|||
/nixos/tests/amazon-ssm-agent.nix @arianvp
|
||||
/nixos/modules/system/boot/grow-partition.nix @arianvp
|
||||
|
||||
# nixos-rebuild-ng
|
||||
/pkgs/by-name/ni/nixos-rebuild-ng @thiagokokada
|
||||
|
||||
|
||||
# Updaters
|
||||
|
@ -149,8 +156,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
|
|||
|
||||
# Python-related code and docs
|
||||
/doc/languages-frameworks/python.section.md @mweinelt @natsukium
|
||||
/maintainers/scripts/update-python-libraries @natsukium
|
||||
/pkgs/development/interpreters/python @natsukium
|
||||
/maintainers/scripts/update-python-libraries @mweinelt @natsukium
|
||||
/pkgs/development/interpreters/python @mweinelt @natsukium
|
||||
/pkgs/top-level/python-packages.nix @natsukium
|
||||
/pkgs/top-level/release-python.nix @natsukium
|
||||
|
||||
|
|
8
third_party/nixpkgs/doc/README.md
vendored
8
third_party/nixpkgs/doc/README.md
vendored
|
@ -21,7 +21,7 @@ Rendered documentation:
|
|||
- [Unstable (from master)](https://nixos.org/manual/nixpkgs/unstable/)
|
||||
- [Stable (from latest release)](https://nixos.org/manual/nixpkgs/stable/)
|
||||
|
||||
The rendering tool is [nixos-render-docs](../pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs), sometimes abbreviated `nrd`.
|
||||
The rendering tool is [nixos-render-docs](../pkgs/by-name/ni/nixos-render-docs), sometimes abbreviated `nrd`.
|
||||
|
||||
## Contributing to this documentation
|
||||
|
||||
|
@ -42,6 +42,12 @@ It is a daemon, that:
|
|||
2. HTTP serves the manual, injecting a script that triggers reload on changes
|
||||
3. opens the manual in the default browser
|
||||
|
||||
### Testing redirects
|
||||
|
||||
Once you have a successful build, you can open the relevant HTML (path mentioned above) in a browser along with the anchor, and observe the redirection.
|
||||
|
||||
Note that if you already loaded the page and *then* input the anchor, you will need to perform a reload. This is because browsers do not re-run client JS code when only the anchor has changed.
|
||||
|
||||
## Syntax
|
||||
|
||||
As per [RFC 0072](https://github.com/NixOS/rfcs/pull/72), all new documentation content should be written in [CommonMark](https://commonmark.org/) Markdown dialect.
|
||||
|
|
|
@ -755,14 +755,46 @@ Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `hash`
|
|||
|
||||
Used with Git. Expects `url` to a Git repo, `rev`, and `hash`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`.
|
||||
|
||||
Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
|
||||
Additionally, the following optional arguments can be given:
|
||||
|
||||
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information:
|
||||
*`fetchSubmodules`* (Boolean)
|
||||
|
||||
```nix
|
||||
{ stdenv, fetchgit }:
|
||||
: Whether to also fetch the submodules of a repository.
|
||||
|
||||
stdenv.mkDerivation {
|
||||
*`fetchLFS`* (Boolean)
|
||||
|
||||
: Whether to fetch LFS objects.
|
||||
|
||||
*`postFetch`* (String)
|
||||
|
||||
: Shell code executed after the file has been fetched successfully.
|
||||
This can do things like check or transform the file.
|
||||
|
||||
*`leaveDotGit`* (Boolean)
|
||||
|
||||
: Whether the `.git` directory of the clone should *not* be removed after checkout.
|
||||
|
||||
Be warned though that the git repository format is not stable and this flag is therefore not suitable for actual use by itself.
|
||||
Only use this for testing purposes or in conjunction with removing the `.git` directory in `postFetch`.
|
||||
|
||||
*`deepClone`* (Boolean)
|
||||
|
||||
: Clone the entire repository as opposing to just creating a shallow clone.
|
||||
This implies `leaveDotGit`.
|
||||
|
||||
*`sparseCheckout`* (List of String)
|
||||
|
||||
: Prevent git from fetching unnecessary blobs from server.
|
||||
This is useful if only parts of the repository are needed.
|
||||
|
||||
::: {.example #ex-fetchgit-sparseCheckout}
|
||||
|
||||
# Use `sparseCheckout` to only include some directories:
|
||||
|
||||
```nix
|
||||
{ stdenv, fetchgit }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "hello";
|
||||
src = fetchgit {
|
||||
url = "https://...";
|
||||
|
@ -772,8 +804,14 @@ stdenv.mkDerivation {
|
|||
];
|
||||
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||
};
|
||||
}
|
||||
```
|
||||
}
|
||||
```
|
||||
:::
|
||||
|
||||
See [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information.
|
||||
|
||||
Some additional parameters for niche use-cases can be found listed in the function parameters in the declaration of `fetchgit`: `pkgs/build-support/fetchgit/default.nix`.
|
||||
Future parameters additions might also happen without immediately being documented here.
|
||||
|
||||
## `fetchfossil` {#fetchfossil}
|
||||
|
||||
|
|
10
third_party/nixpkgs/doc/doc-support/package.nix
vendored
10
third_party/nixpkgs/doc/doc-support/package.nix
vendored
|
@ -5,6 +5,8 @@
|
|||
lib,
|
||||
stdenvNoCC,
|
||||
callPackage,
|
||||
devmode,
|
||||
mkShellNoCC,
|
||||
documentation-highlighter,
|
||||
nixos-render-docs,
|
||||
nixpkgs ? { },
|
||||
|
@ -29,6 +31,7 @@ stdenvNoCC.mkDerivation (
|
|||
../anchor-use.js
|
||||
../anchor.min.js
|
||||
../manpage-urls.json
|
||||
../redirects.json
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -60,6 +63,7 @@ stdenvNoCC.mkDerivation (
|
|||
|
||||
nixos-render-docs manual html \
|
||||
--manpage-urls ./manpage-urls.json \
|
||||
--redirects ./redirects.json \
|
||||
--revision ${nixpkgs.rev or "master"} \
|
||||
--stylesheet style.css \
|
||||
--stylesheet highlightjs/mono-blue.css \
|
||||
|
@ -95,10 +99,14 @@ stdenvNoCC.mkDerivation (
|
|||
|
||||
pythonInterpreterTable = callPackage ./python-interpreter-table.nix { };
|
||||
|
||||
shell = callPackage ../../pkgs/tools/nix/web-devmode.nix {
|
||||
shell =
|
||||
let
|
||||
devmode' = devmode.override {
|
||||
buildArgs = "./.";
|
||||
open = "/share/doc/nixpkgs/manual.html";
|
||||
};
|
||||
in
|
||||
mkShellNoCC { packages = [ devmode' ]; };
|
||||
|
||||
tests.manpage-urls = callPackage ../tests/manpage-urls.nix { };
|
||||
};
|
||||
|
|
10
third_party/nixpkgs/doc/hooks/meson.section.md
vendored
10
third_party/nixpkgs/doc/hooks/meson.section.md
vendored
|
@ -18,6 +18,16 @@ setup hook registering ninja-based build and install phases.
|
|||
|
||||
Controls the flags passed to `meson setup` during configure phase.
|
||||
|
||||
#### `mesonBuildDir` {#meson-build-dir}
|
||||
|
||||
Directory where Meson will put intermediate files.
|
||||
|
||||
Setting this can be useful for debugging multiple Meson builds while in the same source directory, for example, when building for different platforms.
|
||||
Different values for each build will prevent build artefacts from interefering with each other.
|
||||
This setting has no tangible effect when running the build in a sandboxed derivation.
|
||||
|
||||
The default value is `build`.
|
||||
|
||||
#### `mesonWrapMode` {#meson-wrap-mode}
|
||||
|
||||
Which value is passed as
|
||||
|
|
|
@ -52,12 +52,12 @@ rustPlatform.buildRustPackage rec {
|
|||
|
||||
buildInputs =
|
||||
[ openssl ]
|
||||
++ lib.optionals stdenv.isLinux [
|
||||
++ lib.optionals stdenv.hostPlatform.isLinux [
|
||||
glib-networking # Most Tauri apps need networking
|
||||
libsoup
|
||||
webkitgtk_4_0
|
||||
]
|
||||
++ lib.optionals stdenv.isDarwin (
|
||||
++ lib.optionals stdenv.hostPlatform.isDarwin (
|
||||
with darwin.apple_sdk.frameworks;
|
||||
[
|
||||
AppKit
|
||||
|
|
|
@ -42,7 +42,7 @@ $ dotnet --info
|
|||
Version: 7.0.202
|
||||
Commit: 6c74320bc3
|
||||
|
||||
Środowisko uruchomieniowe:
|
||||
Runtime Environment:
|
||||
OS Name: nixos
|
||||
OS Version: 23.05
|
||||
OS Platform: Linux
|
||||
|
|
|
@ -57,8 +57,8 @@ Available compilers are collected under `haskell.compiler`.
|
|||
Each of those compiler versions has a corresponding attribute set `packages` built with
|
||||
it. However, the non-standard package sets are not tested regularly and, as a
|
||||
result, contain fewer working packages. The corresponding package set for GHC
|
||||
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` is just an alias
|
||||
for `haskell.packages.ghc964`:
|
||||
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` (at the time of writing) is just an alias
|
||||
for `haskell.packages.ghc966`:
|
||||
|
||||
Every package set also re-exposes the GHC used to build its packages as `haskell.packages.*.ghc`.
|
||||
|
||||
|
|
|
@ -55,6 +55,7 @@ sets are
|
|||
* `pkgs.python311Packages`
|
||||
* `pkgs.python312Packages`
|
||||
* `pkgs.python313Packages`
|
||||
* `pkgs.python314Packages`
|
||||
* `pkgs.pypy27Packages`
|
||||
* `pkgs.pypy39Packages`
|
||||
* `pkgs.pypy310Packages`
|
||||
|
|
|
@ -25,12 +25,14 @@ stdenv.mkDerivation {
|
|||
|
||||
The same goes for Qt 5 where libraries and tools are under `libsForQt5`.
|
||||
|
||||
Any Qt package should include `wrapQtAppsHook` in `nativeBuildInputs`, or explicitly set `dontWrapQtApps` to bypass generating the wrappers.
|
||||
Any Qt package should include `wrapQtAppsHook` or `wrapQtAppsNoGuiHook` in `nativeBuildInputs`, or explicitly set `dontWrapQtApps` to bypass generating the wrappers.
|
||||
|
||||
::: {.note}
|
||||
Qt 6 graphical applications should also include `qtwayland` in `buildInputs` on Linux (but not on platforms e.g. Darwin, where `qtwayland` is not available), to ensure the Wayland platform plugin is available.
|
||||
|
||||
This may become default in the future, see [NixOS/nixpkgs#269674](https://github.com/NixOS/nixpkgs/pull/269674).
|
||||
`wrapQtAppsHook` propagates plugins and QML components from `qtwayland` on platforms that support it, to allow applications to act as native Wayland clients. It should be used for all graphical applications.
|
||||
|
||||
`wrapQtAppsNoGuiHook` does not propagate `qtwayland` to reduce closure size for purely command-line applications.
|
||||
|
||||
:::
|
||||
|
||||
## Packages supporting multiple Qt versions {#qt-versions}
|
||||
|
|
|
@ -64,10 +64,18 @@ hash using `nix-hash --to-sri --type sha256 "<original sha256>"`.
|
|||
```
|
||||
|
||||
Exception: If the application has cargo `git` dependencies, the `cargoHash`
|
||||
approach will not work, and you will need to copy the `Cargo.lock` file of the application
|
||||
to nixpkgs and continue with the next section for specifying the options of the `cargoLock`
|
||||
section.
|
||||
approach will not work by default. In this case, you can set `useFetchCargoVendor = true`
|
||||
to use an improved fetcher that supports handling `git` dependencies.
|
||||
|
||||
```nix
|
||||
{
|
||||
useFetchCargoVendor = true;
|
||||
cargoHash = "sha256-RqPVFovDaD2rW31HyETJfQ0qVwFxoGEvqkIgag3H6KU=";
|
||||
}
|
||||
```
|
||||
|
||||
If this method still does not work, you can resort to copying the `Cargo.lock` file into nixpkgs
|
||||
and importing it as described in the [next section](#importing-a-cargo.lock-file).
|
||||
|
||||
Both types of hashes are permitted when contributing to nixpkgs. The
|
||||
Cargo hash is obtained by inserting a fake checksum into the
|
||||
|
@ -462,6 +470,17 @@ also be used:
|
|||
the `Cargo.lock`/`Cargo.toml` files need to be patched before
|
||||
vendoring.
|
||||
|
||||
In case the lockfile contains cargo `git` dependencies, you can use
|
||||
`fetchCargoVendor` instead.
|
||||
```nix
|
||||
{
|
||||
cargoDeps = rustPlatform.fetchCargoVendor {
|
||||
inherit src;
|
||||
hash = "sha256-RqPVFovDaD2rW31HyETJfQ0qVwFxoGEvqkIgag3H6KU=";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
If a `Cargo.lock` file is available, you can alternatively use the
|
||||
`importCargoLock` function. In contrast to `fetchCargoTarball`, this
|
||||
function does not require a hash (unless git dependencies are used)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# TeX Live {#sec-language-texlive}
|
||||
|
||||
Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute `texlive`.
|
||||
There is a TeX Live packaging that lives entirely under attribute `texlive`.
|
||||
|
||||
## User's guide (experimental new interface) {#sec-language-texlive-user-guide-experimental}
|
||||
|
||||
|
|
|
@ -8,4 +8,4 @@ HTTP has a couple of different mechanisms for caching to prevent clients from ha
|
|||
|
||||
Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) response header. The value of the `ETag` header specifies some identifier for the particular content that the server is sending (e.g., a hash). When a client makes a second request for the same resource, it sends that value back in an `If-None-Match` header. If the ETag value is unchanged, then the server does not need to resend the content.
|
||||
|
||||
As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. With NixOS 24.05 and later, the `ETag` additionally includes the response content length, to ensure files served with static compression do not share `ETag`s with their uncompressed version. This `ETag` functionality is enabled automatically; you do not need to do modify any configuration to get this behavior.
|
||||
The nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. With NixOS 24.05 and later, the `ETag` additionally includes the response content length, to ensure files served with static compression do not share `ETag`s with their uncompressed version. This `ETag` functionality is enabled automatically; you do not need to do modify any configuration to get this behavior.
|
||||
|
|
|
@ -31,7 +31,6 @@ Use `programs.steam.enable = true;` if you want to add steam to `systemPackages`
|
|||
|
||||
- **Using the FOSS Radeon or nouveau (nvidia) drivers**
|
||||
|
||||
- The `newStdcpp` parameter was removed since NixOS 17.09 and should not be needed anymore.
|
||||
- Steam ships statically linked with a version of `libcrypto` that conflicts with the one dynamically loaded by radeonsi_dri.so. If you get the error:
|
||||
|
||||
```
|
||||
|
|
4193
third_party/nixpkgs/doc/redirects.json
vendored
Normal file
4193
third_party/nixpkgs/doc/redirects.json
vendored
Normal file
File diff suppressed because it is too large
Load diff
2
third_party/nixpkgs/lib/.version
vendored
2
third_party/nixpkgs/lib/.version
vendored
|
@ -1 +1 @@
|
|||
24.11
|
||||
25.05
|
27
third_party/nixpkgs/lib/licenses.nix
vendored
27
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -115,7 +115,6 @@ lib.mapAttrs mkLicense ({
|
|||
arphicpl = {
|
||||
spdxId = "Arphic-1999";
|
||||
fullName = "Arphic Public License";
|
||||
url = "https://www.freedesktop.org/wiki/Arphic_Public_License/";
|
||||
};
|
||||
|
||||
artistic1 = {
|
||||
|
@ -213,6 +212,11 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "BSD 3-Clause Clear License";
|
||||
};
|
||||
|
||||
bsd3Lbnl = {
|
||||
spdxId = "BSD-3-Clause-LBNL";
|
||||
fullName = "Lawrence Berkeley National Labs BSD variant license";
|
||||
};
|
||||
|
||||
bsdOriginal = {
|
||||
spdxId = "BSD-4-Clause";
|
||||
fullName = ''BSD 4-clause "Original" or "Old" License'';
|
||||
|
@ -236,7 +240,6 @@ lib.mapAttrs mkLicense ({
|
|||
bsl11 = {
|
||||
spdxId = "BUSL-1.1";
|
||||
fullName = "Business Source License 1.1";
|
||||
url = "https://mariadb.com/bsl11";
|
||||
free = false;
|
||||
redistributable = true;
|
||||
};
|
||||
|
@ -249,13 +252,11 @@ lib.mapAttrs mkLicense ({
|
|||
cal10 = {
|
||||
spdxId = "CAL-1.0";
|
||||
fullName = "Cryptographic Autonomy License version 1.0 (CAL-1.0)";
|
||||
url = "https://opensource.org/licenses/CAL-1.0";
|
||||
};
|
||||
|
||||
caldera = {
|
||||
spdxId = "Caldera";
|
||||
fullName = "Caldera License";
|
||||
url = "http://www.lemis.com/grog/UNIX/ancient-source-all.pdf";
|
||||
};
|
||||
|
||||
capec = {
|
||||
|
@ -459,7 +460,6 @@ lib.mapAttrs mkLicense ({
|
|||
|
||||
ecl20 = {
|
||||
fullName = "Educational Community License, Version 2.0";
|
||||
url = "https://opensource.org/licenses/ECL-2.0";
|
||||
shortName = "ECL 2.0";
|
||||
spdxId = "ECL-2.0";
|
||||
};
|
||||
|
@ -477,7 +477,6 @@ lib.mapAttrs mkLicense ({
|
|||
elastic20 = {
|
||||
spdxId = "Elastic-2.0";
|
||||
fullName = "Elastic License 2.0";
|
||||
url = "https://github.com/elastic/elasticsearch/blob/main/licenses/ELASTIC-LICENSE-2.0.txt";
|
||||
free = false;
|
||||
};
|
||||
|
||||
|
@ -671,7 +670,6 @@ lib.mapAttrs mkLicense ({
|
|||
iasl = {
|
||||
spdxId = "Intel-ACPI";
|
||||
fullName = "Intel ACPI Software License Agreement";
|
||||
url = "https://old.calculate-linux.org/packages/licenses/iASL";
|
||||
};
|
||||
|
||||
icu = {
|
||||
|
@ -697,7 +695,6 @@ lib.mapAttrs mkLicense ({
|
|||
info-zip = {
|
||||
spdxId = "Info-ZIP";
|
||||
fullName = "Info-ZIP License";
|
||||
url = "https://infozip.sourceforge.net/license.html";
|
||||
};
|
||||
|
||||
inria-compcert = {
|
||||
|
@ -882,7 +879,6 @@ lib.mapAttrs mkLicense ({
|
|||
miros = {
|
||||
spdxId = "MirOS";
|
||||
fullName = "MirOS License";
|
||||
url = "https://opensource.org/licenses/MirOS";
|
||||
};
|
||||
|
||||
mit = {
|
||||
|
@ -890,6 +886,11 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "MIT License";
|
||||
};
|
||||
|
||||
mit-cmu = {
|
||||
spdxId = "MIT-CMU";
|
||||
fullName = "CMU License";
|
||||
};
|
||||
|
||||
mit-feh = {
|
||||
spdxId = "MIT-feh";
|
||||
fullName = "feh License";
|
||||
|
@ -939,7 +940,6 @@ lib.mapAttrs mkLicense ({
|
|||
mulan-psl2 = {
|
||||
spdxId = "MulanPSL-2.0";
|
||||
fullName = "Mulan Permissive Software License, Version 2";
|
||||
url = "https://license.coscl.org.cn/MulanPSL2";
|
||||
};
|
||||
|
||||
naist-2003 = {
|
||||
|
@ -974,7 +974,6 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "Netdata Cloud UI License v1.0";
|
||||
free = false;
|
||||
redistributable = true; # Only if used in Netdata products.
|
||||
url = "https://raw.githubusercontent.com/netdata/netdata/master/web/gui/v2/LICENSE.md";
|
||||
};
|
||||
|
||||
nistSoftware = {
|
||||
|
@ -1072,7 +1071,6 @@ lib.mapAttrs mkLicense ({
|
|||
parity70 = {
|
||||
spdxId = "Parity-7.0.0";
|
||||
fullName = "Parity Public License 7.0.0";
|
||||
url = "https://paritylicense.com/versions/7.0.0.html";
|
||||
};
|
||||
|
||||
php301 = {
|
||||
|
@ -1094,7 +1092,6 @@ lib.mapAttrs mkLicense ({
|
|||
psfl = {
|
||||
spdxId = "Python-2.0";
|
||||
fullName = "Python Software Foundation License version 2";
|
||||
url = "https://docs.python.org/license.html";
|
||||
};
|
||||
|
||||
publicDomain = {
|
||||
|
@ -1223,8 +1220,8 @@ lib.mapAttrs mkLicense ({
|
|||
};
|
||||
|
||||
ufl = {
|
||||
spdxId = "Ubuntu-font-1.0";
|
||||
fullName = "Ubuntu Font License 1.0";
|
||||
url = "https://ubuntu.com/legal/font-licence";
|
||||
};
|
||||
|
||||
unfree = {
|
||||
|
@ -1268,7 +1265,6 @@ lib.mapAttrs mkLicense ({
|
|||
upl = {
|
||||
spdxId = "UPL-1.0";
|
||||
fullName = "Universal Permissive License";
|
||||
url = "https://oss.oracle.com/licenses/upl/";
|
||||
};
|
||||
|
||||
vim = {
|
||||
|
@ -1334,7 +1330,6 @@ lib.mapAttrs mkLicense ({
|
|||
xfig = {
|
||||
spdxId = "Xfig";
|
||||
fullName = "xfig";
|
||||
url = "https://mcj.sourceforge.net/authors.html#xfig";
|
||||
};
|
||||
|
||||
xinetd = {
|
||||
|
|
2
third_party/nixpkgs/lib/trivial.nix
vendored
2
third_party/nixpkgs/lib/trivial.nix
vendored
|
@ -415,7 +415,7 @@ in {
|
|||
On each release the first letter is bumped and a new animal is chosen
|
||||
starting with that new letter.
|
||||
*/
|
||||
codeName = "Vicuna";
|
||||
codeName = "Warbler";
|
||||
|
||||
/**
|
||||
Returns the current nixpkgs version suffix as string.
|
||||
|
|
176
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
176
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -1834,6 +1834,12 @@
|
|||
githubId = 10587952;
|
||||
name = "Armijn Hemel";
|
||||
};
|
||||
arminius-smh = {
|
||||
email = "armin@sprejz.de";
|
||||
github = "arminius-smh";
|
||||
githubId = 159054879;
|
||||
name = "Armin Manfred Sprejz";
|
||||
};
|
||||
arnarg = {
|
||||
email = "arnarg@fastmail.com";
|
||||
github = "arnarg";
|
||||
|
@ -2832,6 +2838,12 @@
|
|||
githubId = 24254289;
|
||||
name = "Payas Relekar";
|
||||
};
|
||||
bhasherbel = {
|
||||
email = "nixos.maintainer@bhasher.com";
|
||||
github = "bhasherbel";
|
||||
githubId = 45831883;
|
||||
name = "Brieuc Dubois";
|
||||
};
|
||||
bhipple = {
|
||||
email = "bhipple@protonmail.com";
|
||||
github = "bhipple";
|
||||
|
@ -4122,6 +4134,12 @@
|
|||
githubId = 43564;
|
||||
name = "Claes Holmerson";
|
||||
};
|
||||
claha = {
|
||||
email = "hallstrom.claes@gmail.com";
|
||||
github = "claha";
|
||||
githubId = 9336788;
|
||||
name = "Claes Hallström";
|
||||
};
|
||||
clebs = {
|
||||
email = "borja.clemente@gmail.com";
|
||||
github = "clebs";
|
||||
|
@ -4167,6 +4185,12 @@
|
|||
githubId = 69784758;
|
||||
matrix = "@clot27:matrix.org";
|
||||
};
|
||||
cloudripper = {
|
||||
email = "other.wing8806@fastmail.com";
|
||||
github = "cloudripper";
|
||||
githubId = 70971768;
|
||||
name = "cloudripper";
|
||||
};
|
||||
clr-cera = {
|
||||
email = "clrcera05@gmail.com";
|
||||
github = "clr-cera";
|
||||
|
@ -4483,7 +4507,7 @@
|
|||
name = "Chris Ostrouchov";
|
||||
};
|
||||
cottand = {
|
||||
email = "nico@dcotta.eu";
|
||||
email = "nico@dcotta.com";
|
||||
github = "cottand";
|
||||
githubId = 45274424;
|
||||
name = "Nico D'Cotta";
|
||||
|
@ -4769,6 +4793,12 @@
|
|||
githubId = 743057;
|
||||
name = "Danylo Hlynskyi";
|
||||
};
|
||||
danbulant = {
|
||||
name = "Daniel Bulant";
|
||||
email = "danbulant@gmail.com";
|
||||
github = "danbulant";
|
||||
githubId = 30036876;
|
||||
};
|
||||
danc86 = {
|
||||
name = "Dan Callaghan";
|
||||
email = "djc@djc.id.au";
|
||||
|
@ -5150,6 +5180,12 @@
|
|||
github = "DeclanRixon";
|
||||
githubId = 57464835;
|
||||
};
|
||||
deeengan = {
|
||||
github = "deeengan";
|
||||
githubId = 87693324;
|
||||
name = "Dee Engan";
|
||||
keys = [ { fingerprint = "9C24 79F5 F0CE 48F4 00EE 4A5B B8ED 46EB 468B F72D"; } ];
|
||||
};
|
||||
deejayem = {
|
||||
email = "nixpkgs.bu5hq@simplelogin.com";
|
||||
github = "deejayem";
|
||||
|
@ -5762,6 +5798,12 @@
|
|||
githubId = 6806011;
|
||||
name = "Robert Schütz";
|
||||
};
|
||||
dotmobo = {
|
||||
email = "morgan.bohn@gmail.com";
|
||||
github = "dotmobo";
|
||||
githubId = 1997638;
|
||||
name = ".mobo";
|
||||
};
|
||||
dottedmag = {
|
||||
email = "dottedmag@dottedmag.net";
|
||||
github = "dottedmag";
|
||||
|
@ -5835,7 +5877,7 @@
|
|||
name = "Sebastian Krohn";
|
||||
};
|
||||
drawbu = {
|
||||
email = "clement21.boillot@gmail.com";
|
||||
email = "clement2104.boillot@gmail.com";
|
||||
github = "drawbu";
|
||||
githubId = 69208565;
|
||||
name = "Clément Boillot";
|
||||
|
@ -7105,6 +7147,12 @@
|
|||
githubId = 628359;
|
||||
name = "Felix Singer";
|
||||
};
|
||||
felixzieger = {
|
||||
name = "Felix Zieger";
|
||||
github = "felixzieger";
|
||||
githubId = 67903933;
|
||||
email = "nixpkgs@felixzieger.de";
|
||||
};
|
||||
felschr = {
|
||||
email = "dev@felschr.com";
|
||||
matrix = "@felschr:matrix.org";
|
||||
|
@ -8299,6 +8347,14 @@
|
|||
githubId = 7385287;
|
||||
name = "Lana Black";
|
||||
};
|
||||
grgi = {
|
||||
name = "Gregor Giesen";
|
||||
email = "gregor@giesen.net";
|
||||
matrix = "@gregor:giesen.net";
|
||||
github = "grgi";
|
||||
githubId = 6435815;
|
||||
keys = [ { fingerprint = "0F92 602B 1860 4476 77F4 8A67 C303 16AA C10F 3EA7"; } ];
|
||||
};
|
||||
gridaphobe = {
|
||||
email = "eric@seidel.io";
|
||||
github = "gridaphobe";
|
||||
|
@ -10285,6 +10341,13 @@
|
|||
githubId = 2502736;
|
||||
name = "James Hillyerd";
|
||||
};
|
||||
jhol = {
|
||||
name = "Joel Holdsworth";
|
||||
email = "joel@airwebreathe.org.uk";
|
||||
github = "jhol";
|
||||
githubId = 1449493;
|
||||
keys = [ { fingerprint = "08F7 2546 95DE EAEF 03DE B0E4 D874 562D DC99 D889"; } ];
|
||||
};
|
||||
jhollowe = {
|
||||
email = "jhollowe@johnhollowell.com";
|
||||
github = "jhollowe";
|
||||
|
@ -10935,6 +10998,12 @@
|
|||
githubId = 54635632;
|
||||
keys = [ { fingerprint = "4C68 56EE DFDA 20FB 77E8 9169 1964 2151 C218 F6F5"; } ];
|
||||
};
|
||||
jthulhu = {
|
||||
name = "Adrien Mathieu";
|
||||
email = "adrien.lc.mathieu@gmail.com";
|
||||
github = "jthulhu";
|
||||
githubId = 23179762;
|
||||
};
|
||||
jtobin = {
|
||||
email = "jared@jtobin.io";
|
||||
github = "jtobin";
|
||||
|
@ -11440,6 +11509,13 @@
|
|||
name = "Khushraj Rathod";
|
||||
keys = [ { fingerprint = "1988 3FD8 EA2E B4EC 0A93 1E22 B77B 2A40 E770 2F19"; } ];
|
||||
};
|
||||
kiara = {
|
||||
name = "kiara";
|
||||
email = "cinereal@riseup.net";
|
||||
github = "KiaraGrouwstra";
|
||||
githubId = 3059397;
|
||||
matrix = "@cinerealkiara:matrix.org";
|
||||
};
|
||||
KibaFox = {
|
||||
email = "kiba.fox@foxypossibilities.com";
|
||||
github = "KibaFox";
|
||||
|
@ -11804,6 +11880,12 @@
|
|||
githubId = 26622971;
|
||||
name = "Ronnie Ebrin";
|
||||
};
|
||||
kraftnix = {
|
||||
email = "kraftnix@protonmail.com";
|
||||
github = "kraftnix";
|
||||
githubId = 83026656;
|
||||
name = "kraftnix";
|
||||
};
|
||||
kragniz = {
|
||||
email = "louis@kragniz.eu";
|
||||
github = "kragniz";
|
||||
|
@ -11883,6 +11965,12 @@
|
|||
github = "krzaczek";
|
||||
githubId = 5773701;
|
||||
};
|
||||
KSJ2000 = {
|
||||
email = "katsho123@outlook.com";
|
||||
name = "KSJ2000";
|
||||
github = "KSJ2000";
|
||||
githubId = 184105270;
|
||||
};
|
||||
ktf = {
|
||||
email = "giulio.eulisse@cern.ch";
|
||||
github = "ktf";
|
||||
|
@ -11920,6 +12008,13 @@
|
|||
name = "André Kugland";
|
||||
keys = [ { fingerprint = "6A62 5E60 E3FF FCAE B3AA 50DC 1DA9 3817 80CD D833"; } ];
|
||||
};
|
||||
kuglimon = {
|
||||
name = "Tatu Argillander";
|
||||
email = "tatu.argillander@kouralabs.com";
|
||||
github = "kuglimon";
|
||||
githubId = 629430;
|
||||
keys = [ { fingerprint = "2843 750C B1AB E256 94BE 40E2 D843 D30B 42CA 0E2D"; } ];
|
||||
};
|
||||
kupac = {
|
||||
github = "Kupac";
|
||||
githubId = 8224569;
|
||||
|
@ -13412,6 +13507,12 @@
|
|||
githubId = 1709273;
|
||||
name = "Robin Hack";
|
||||
};
|
||||
marnym = {
|
||||
email = "markus@nyman.dev";
|
||||
github = "marnym";
|
||||
githubId = 56825922;
|
||||
name = "Markus Nyman";
|
||||
};
|
||||
marsupialgutz = {
|
||||
email = "mars@possums.xyz";
|
||||
github = "pupbrained";
|
||||
|
@ -14334,12 +14435,6 @@
|
|||
githubId = 5378535;
|
||||
name = "Milo Gertjejansen";
|
||||
};
|
||||
milran = {
|
||||
email = "milranmike@protonmail.com";
|
||||
github = "wattmto";
|
||||
githubId = 93639059;
|
||||
name = "Milran Mike";
|
||||
};
|
||||
mimame = {
|
||||
email = "miguel.madrid.mencia@gmail.com";
|
||||
github = "mimame";
|
||||
|
@ -14494,12 +14589,6 @@
|
|||
githubId = 16974598;
|
||||
name = "Mike Playle";
|
||||
};
|
||||
mkaito = {
|
||||
email = "chris@mkaito.net";
|
||||
github = "mkaito";
|
||||
githubId = 20434;
|
||||
name = "Christian Höppner";
|
||||
};
|
||||
mkazulak = {
|
||||
email = "kazulakm@gmail.com";
|
||||
github = "mulderr";
|
||||
|
@ -15117,6 +15206,13 @@
|
|||
githubId = 1234956;
|
||||
"keys" = [ { "fingerprint" = "F21A 6194 C9DB 9899 CD09 E24E 434B 2C14 B8C3 3422"; } ];
|
||||
};
|
||||
nadiaholmquist = {
|
||||
name = "Nadia Holmquist Pedersen";
|
||||
email = "nadia@nhp.sh";
|
||||
matrix = "@nhp:matrix.org";
|
||||
github = "nadiaholmquist";
|
||||
githubId = 893884;
|
||||
};
|
||||
nadir-ishiguro = {
|
||||
github = "nadir-ishiguro";
|
||||
githubId = 23151917;
|
||||
|
@ -15846,6 +15942,12 @@
|
|||
githubId = 30374463;
|
||||
name = "Michal S.";
|
||||
};
|
||||
notthebee = {
|
||||
email = "moe@notthebe.ee";
|
||||
github = "notthebee";
|
||||
githubId = 30384331;
|
||||
name = "Wolfgang";
|
||||
};
|
||||
notthemessiah = {
|
||||
email = "brian.cohen.88@gmail.com";
|
||||
github = "NOTtheMessiah";
|
||||
|
@ -16519,6 +16621,13 @@
|
|||
githubId = 120342602;
|
||||
name = "Michael Paepcke";
|
||||
};
|
||||
pagedMov = {
|
||||
email = "kylerclay@proton.me";
|
||||
github = "pagedMov";
|
||||
githubId = 19557376;
|
||||
name = "Kyler Clay";
|
||||
keys = [ { fingerprint = "784B 3623 94E7 8F11 0B9D AE0F 56FD CFA6 2A93 B51E"; } ];
|
||||
};
|
||||
paholg = {
|
||||
email = "paho@paholg.com";
|
||||
github = "paholg";
|
||||
|
@ -16793,6 +16902,12 @@
|
|||
githubId = 943430;
|
||||
name = "David Hagege";
|
||||
};
|
||||
peat-psuwit = {
|
||||
name = "Ratchanan Srirattanamet";
|
||||
email = "peat@peat-network.xyz";
|
||||
github = "peat-psuwit";
|
||||
githubId = 6771175;
|
||||
};
|
||||
pedohorse = {
|
||||
github = "pedohorse";
|
||||
githubId = 13556996;
|
||||
|
@ -18098,12 +18213,6 @@
|
|||
githubId = 5653911;
|
||||
name = "Rampoina";
|
||||
};
|
||||
rane = {
|
||||
email = "rane+nix@junkyard.systems";
|
||||
github = "digitalrane";
|
||||
githubId = 1829286;
|
||||
name = "Rane";
|
||||
};
|
||||
ranfdev = {
|
||||
email = "ranfdev@gmail.com";
|
||||
name = "Lorenzo Miglietta";
|
||||
|
@ -18728,6 +18837,12 @@
|
|||
githubId = 6204883;
|
||||
name = "Longrin Wischnewski";
|
||||
};
|
||||
robbiebuxton = {
|
||||
email = "robbiesbuxton@gmail.com";
|
||||
github = "robbiebuxton";
|
||||
githubId = 67549526;
|
||||
name = "Robbie Buxton";
|
||||
};
|
||||
robbinch = {
|
||||
email = "robbinch33@gmail.com";
|
||||
github = "robbinch";
|
||||
|
@ -19573,6 +19688,13 @@
|
|||
githubId = 5104601;
|
||||
name = "schnusch";
|
||||
};
|
||||
schrobingus = {
|
||||
email = "brent.monning.jr@gmail.com";
|
||||
name = "Brent Monning";
|
||||
github = "schrobingus";
|
||||
githubId = 72168352;
|
||||
matrix = "@schrobingus:matrix.org";
|
||||
};
|
||||
Schweber = {
|
||||
github = "Schweber";
|
||||
githubId = 64630479;
|
||||
|
@ -23309,6 +23431,12 @@
|
|||
github = "water-sucks";
|
||||
githubId = 68445574;
|
||||
};
|
||||
wattmto = {
|
||||
email = "dev@wattmto.dev";
|
||||
github = "wattmto";
|
||||
githubId = 93639059;
|
||||
name = "wattmto";
|
||||
};
|
||||
waynr = {
|
||||
name = "Wayne Warren";
|
||||
email = "wayne.warren.s@gmail.com";
|
||||
|
@ -23440,6 +23568,12 @@
|
|||
githubId = 7121530;
|
||||
name = "Wolf Honoré";
|
||||
};
|
||||
whtsht = {
|
||||
email = "whiteshirt0079@gmail.com";
|
||||
github = "whtsht";
|
||||
githubId = 85547207;
|
||||
name = "Hinata Toma";
|
||||
};
|
||||
wietsedv = {
|
||||
email = "wietsedv@proton.me";
|
||||
github = "wietsedv";
|
||||
|
@ -24086,7 +24220,7 @@
|
|||
githubId = 47071325;
|
||||
};
|
||||
ymstnt = {
|
||||
name = "YMSTNT";
|
||||
name = "ymstnt";
|
||||
github = "ymstnt";
|
||||
githubId = 21342713;
|
||||
};
|
||||
|
|
|
@ -8,69 +8,12 @@
|
|||
to 'fetch-deps', 'nuget-to-nix', or other changes to the dotnet build
|
||||
infrastructure. Regular updates should be done through the individual packages
|
||||
update scripts.
|
||||
*/
|
||||
{ startWith ? null }:
|
||||
let
|
||||
pkgs = import ../.. { config.allowAliases = false; };
|
||||
|
||||
inherit (pkgs) lib;
|
||||
|
||||
packagesWith = cond: pkgs:
|
||||
let
|
||||
packagesWithInner = attrs:
|
||||
lib.concatLists (
|
||||
lib.mapAttrsToList (name: elem:
|
||||
let
|
||||
result = builtins.tryEval elem;
|
||||
in
|
||||
if result.success then
|
||||
let
|
||||
value = result.value;
|
||||
in
|
||||
if lib.isDerivation value then
|
||||
lib.optional (cond value) value
|
||||
else
|
||||
if lib.isAttrs value && (value.recurseForDerivations or false || value.recurseForRelease or false) then
|
||||
packagesWithInner value
|
||||
else []
|
||||
else []) attrs);
|
||||
in
|
||||
packagesWithInner pkgs;
|
||||
|
||||
packages = lib.unique
|
||||
(lib.filter (p:
|
||||
(builtins.tryEval p.outPath).success ||
|
||||
builtins.trace "warning: skipping ${p.name} because it failed to evaluate" false)
|
||||
((pkgs: (lib.drop (lib.lists.findFirstIndex (p: p.name == startWith) 0 pkgs) pkgs))
|
||||
(packagesWith (p: p ? fetch-deps) pkgs)));
|
||||
|
||||
helpText = ''
|
||||
Please run:
|
||||
|
||||
% nix-shell maintainers/scripts/update-dotnet-lockfiles.nix
|
||||
'';
|
||||
|
||||
fetchScripts = map (p: p.fetch-deps) packages;
|
||||
|
||||
in pkgs.stdenv.mkDerivation {
|
||||
name = "nixpkgs-update-dotnet-lockfiles";
|
||||
buildCommand = ''
|
||||
echo ""
|
||||
echo "----------------------------------------------------------------"
|
||||
echo ""
|
||||
echo "Not possible to update packages using \`nix-build\`"
|
||||
echo ""
|
||||
echo "${helpText}"
|
||||
echo "----------------------------------------------------------------"
|
||||
exit 1
|
||||
'';
|
||||
shellHook = ''
|
||||
unset shellHook # do not contaminate nested shells
|
||||
set -e
|
||||
for x in $fetchScripts; do
|
||||
$x
|
||||
done
|
||||
exit
|
||||
'';
|
||||
inherit fetchScripts;
|
||||
}
|
||||
*/
|
||||
{ ... }@args:
|
||||
import ./update.nix (
|
||||
{
|
||||
predicate = _: _: true;
|
||||
get-script = pkg: pkg.fetch-deps or null;
|
||||
}
|
||||
// args
|
||||
)
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
{ package ? null
|
||||
, maintainer ? null
|
||||
, predicate ? null
|
||||
, get-script ? pkg: pkg.updateScript or null
|
||||
, path ? null
|
||||
, max-workers ? null
|
||||
, include-overlays ? false
|
||||
|
@ -17,13 +18,13 @@
|
|||
}:
|
||||
|
||||
let
|
||||
pkgs = import ./../../default.nix (
|
||||
pkgs = import ./../../default.nix ((
|
||||
if include-overlays == false then
|
||||
{ overlays = []; }
|
||||
else if include-overlays == true then
|
||||
{ } # Let Nixpkgs include overlays impurely.
|
||||
else { overlays = include-overlays; }
|
||||
);
|
||||
) // { config.allowAliases = false; });
|
||||
|
||||
inherit (pkgs) lib;
|
||||
|
||||
|
@ -56,7 +57,7 @@ let
|
|||
|
||||
somewhatUniqueRepresentant =
|
||||
{ package, attrPath }: {
|
||||
inherit (package) updateScript;
|
||||
updateScript = (get-script package);
|
||||
# Some updaters use the same `updateScript` value for all packages.
|
||||
# Also compare `meta.description`.
|
||||
position = package.meta.position or null;
|
||||
|
@ -89,7 +90,7 @@ let
|
|||
/* Recursively find all packages in `pkgs` with updateScript matching given predicate.
|
||||
*/
|
||||
packagesWithUpdateScriptMatchingPredicate = cond:
|
||||
packagesWith (path: pkg: builtins.hasAttr "updateScript" pkg && cond path pkg);
|
||||
packagesWith (path: pkg: (get-script pkg != null) && cond path pkg);
|
||||
|
||||
/* Recursively find all packages in `pkgs` with updateScript by given maintainer.
|
||||
*/
|
||||
|
@ -121,7 +122,7 @@ let
|
|||
if pathContent == null then
|
||||
builtins.throw "Attribute path `${path}` does not exist."
|
||||
else
|
||||
packagesWithPath prefix (path: pkg: builtins.hasAttr "updateScript" pkg)
|
||||
packagesWithPath prefix (path: pkg: (get-script pkg != null))
|
||||
pathContent;
|
||||
|
||||
/* Find a package under `path` in `pkgs` and require that it has an updateScript.
|
||||
|
@ -132,7 +133,7 @@ let
|
|||
in
|
||||
if package == null then
|
||||
builtins.throw "Package with an attribute name `${path}` does not exist."
|
||||
else if ! builtins.hasAttr "updateScript" package then
|
||||
else if get-script package == null then
|
||||
builtins.throw "Package with an attribute name `${path}` does not have a `passthru.updateScript` attribute defined."
|
||||
else
|
||||
{ attrPath = path; inherit package; };
|
||||
|
@ -193,13 +194,13 @@ let
|
|||
|
||||
/* Transform a matched package into an object for update.py.
|
||||
*/
|
||||
packageData = { package, attrPath }: {
|
||||
packageData = { package, attrPath }: let updateScript = get-script package; in {
|
||||
name = package.name;
|
||||
pname = lib.getName package;
|
||||
oldVersion = lib.getVersion package;
|
||||
updateScript = map builtins.toString (lib.toList (package.updateScript.command or package.updateScript));
|
||||
supportedFeatures = package.updateScript.supportedFeatures or [];
|
||||
attrPath = package.updateScript.attrPath or attrPath;
|
||||
updateScript = map builtins.toString (lib.toList (updateScript.command or updateScript));
|
||||
supportedFeatures = updateScript.supportedFeatures or [];
|
||||
attrPath = updateScript.attrPath or attrPath;
|
||||
};
|
||||
|
||||
/* JSON file with data for update.py.
|
||||
|
@ -230,4 +231,5 @@ in pkgs.stdenv.mkDerivation {
|
|||
unset shellHook # do not contaminate nested shells
|
||||
exec ${pkgs.python3.interpreter} ${./update.py} ${builtins.concatStringsSep " " args}
|
||||
'';
|
||||
nativeBuildInputs = [ pkgs.git pkgs.nix pkgs.cacert ];
|
||||
}
|
||||
|
|
|
@ -1076,7 +1076,6 @@ with lib.maintainers;
|
|||
members = [
|
||||
hehongbo
|
||||
lach
|
||||
rane
|
||||
sigmasquadron
|
||||
];
|
||||
scope = "Maintain the Xen Project Hypervisor and the related tooling ecosystem.";
|
||||
|
|
|
@ -52,7 +52,7 @@ and [](#opt-services.kubernetes.easyCerts)
|
|||
to true. This sets up flannel as CNI and activates automatic PKI bootstrapping.
|
||||
|
||||
::: {.note}
|
||||
As of NixOS 19.03, it is mandatory to configure:
|
||||
It is mandatory to configure:
|
||||
[](#opt-services.kubernetes.masterAddress).
|
||||
The masterAddress must be resolveable and routeable by all cluster nodes.
|
||||
In single node clusters, this can be set to `localhost`.
|
||||
|
|
|
@ -17,6 +17,12 @@ There's also [a convenient development daemon](https://nixos.org/manual/nixpkgs/
|
|||
|
||||
The above instructions don't deal with the appendix of available `configuration.nix` options, and the manual pages related to NixOS. These are built, and written in a different location and in a different format, as explained in the next sections.
|
||||
|
||||
## Testing redirects {#sec-contributing-redirects}
|
||||
|
||||
Once you have a successful build, you can open the relevant HTML (path mentioned above) in a browser along with the anchor, and observe the redirection.
|
||||
|
||||
Note that if you already loaded the page and *then* input the anchor, you will need to perform a reload. This is because browsers do not re-run client JS code when only the anchor has changed.
|
||||
|
||||
## Contributing to the `configuration.nix` options documentation {#sec-contributing-options}
|
||||
|
||||
The documentation for all the different `configuration.nix` options is automatically generated by reading the `description`s of all the NixOS options defined at `nixos/modules/`. If you want to improve such `description`, find it in the `nixos/modules/` directory, and edit it and open a pull request.
|
||||
|
|
|
@ -122,6 +122,7 @@ in rec {
|
|||
|
||||
nixos-render-docs -j $NIX_BUILD_CORES manual html \
|
||||
--manpage-urls ${manpageUrls} \
|
||||
--redirects ${./redirects.json} \
|
||||
--revision ${escapeShellArg revision} \
|
||||
--generator "nixos-render-docs ${pkgs.lib.version}" \
|
||||
--stylesheet style.css \
|
||||
|
|
|
@ -312,6 +312,8 @@ have a predefined type and string generator already declared under
|
|||
may be transformed into multiple key-value pairs depending on
|
||||
`listToValue`).
|
||||
|
||||
The attribute `lib.type.atom` contains the used INI atom.
|
||||
|
||||
`pkgs.formats.iniWithGlobalSection` { *`listsAsDuplicateKeys`* ? false, *`listToValue`* ? null, \.\.\. }
|
||||
|
||||
: A function taking an attribute set with values
|
||||
|
@ -333,6 +335,8 @@ have a predefined type and string generator already declared under
|
|||
attrset of key-value pairs for a single section, the global section which
|
||||
preceedes the section definitions.
|
||||
|
||||
The attribute `lib.type.atom` contains the used INI atom.
|
||||
|
||||
`pkgs.formats.toml` { }
|
||||
|
||||
: A function taking an empty attribute set (for future extensibility)
|
||||
|
|
|
@ -206,8 +206,7 @@ The first steps to all these are the same:
|
|||
line)
|
||||
|
||||
::: {.note}
|
||||
Support for `NIXOS_LUSTRATE` was added in NixOS 16.09. The act of
|
||||
"lustrating" refers to the wiping of the existing distribution.
|
||||
The act of "lustrating" refers to the wiping of the existing distribution.
|
||||
Creating `/etc/NIXOS_LUSTRATE` can also be used on NixOS to remove
|
||||
all mutable files from your root partition (anything that's not in
|
||||
`/nix` or `/boot` gets "lustrated" on the next boot.
|
||||
|
|
2177
third_party/nixpkgs/nixos/doc/manual/redirects.json
vendored
Normal file
2177
third_party/nixpkgs/nixos/doc/manual/redirects.json
vendored
Normal file
File diff suppressed because it is too large
Load diff
|
@ -3,6 +3,7 @@
|
|||
This section lists the release notes for each stable version of NixOS and current unstable revision.
|
||||
|
||||
```{=include=} sections
|
||||
rl-2505.section.md
|
||||
rl-2411.section.md
|
||||
rl-2405.section.md
|
||||
rl-2311.section.md
|
||||
|
|
|
@ -101,8 +101,12 @@
|
|||
systemd-sysusers to achieve a system without Perl, as it can create normal
|
||||
users and change passwords. Available as [services.userborn](#opt-services.userborn.enable).
|
||||
|
||||
- [g810-led](https://github.com/MatMoul/g810-led), a LED controller for Logitech G keyboards. Available as [services.g810-led](options.html#opt-services.g810-led.enable).
|
||||
|
||||
- [Hatsu](https://github.com/importantimport/hatsu), a self-hosted bridge that interacts with Fediverse on behalf of your static site. Available as [services.hatsu](options.html#opt-services.hatsu.enable).
|
||||
|
||||
- [Soteria](https://github.com/ImVaskel/soteria), a polkit authentication agent to handle elevated prompts for any desktop environment. Normally this should only be used on DEs or WMs that do not provide a graphical polkit frontend on their own. Available as [`security.soteria`](#opt-security.soteria.enable).
|
||||
|
||||
- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood.enable).
|
||||
|
||||
- [Niri](https://github.com/YaLTeR/niri), a scrollable-tiling Wayland compositor. Available as [programs.niri](options.html#opt-programs.niri.enable).
|
||||
|
@ -115,6 +119,8 @@
|
|||
|
||||
- [Eintopf](https://eintopf.info), a community event and calendar web application. Available as [services.eintopf](options.html#opt-services.eintopf.enable).
|
||||
|
||||
- [`pay-respects`](https://codeberg.org/iff/pay-respects), a terminal command correction program, alternative to `thefuck`, written in Rust. Available as [programs.pay-respects](options.html#opt-programs.pay-respects).
|
||||
|
||||
- [Radicle](https://radicle.xyz), an open source, peer-to-peer code collaboration stack built on Git. Available as [services.radicle](#opt-services.radicle.enable).
|
||||
|
||||
- [ddns-updater](https://github.com/qdm12/ddns-updater), a service with a WebUI to update DNS records periodically for many providers. Available as [services.ddns-updater](#opt-services.ddns-updater.enable).
|
||||
|
@ -123,6 +129,8 @@
|
|||
|
||||
- [HomeBox](https://github.com/sysadminsmedia/homebox), an inventory and organization system built for the home user. Available as [services.homebox](#opt-services.homebox.enable).
|
||||
|
||||
- [evremap](https://github.com/wez/evremap), a keyboard input remapper for Linux/Wayland systems. Available as [services.evremap](options.html#opt-services.evremap).
|
||||
|
||||
- [matrix-hookshot](https://matrix-org.github.io/matrix-hookshot), a Matrix bot for connecting to external services. Available as [services.matrix-hookshot](#opt-services.matrix-hookshot.enable).
|
||||
|
||||
- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various Git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
|
||||
|
@ -131,6 +139,8 @@
|
|||
|
||||
- [zeronsd](https://github.com/zerotier/zeronsd), a DNS server for ZeroTier users. Available with [services.zeronsd.servedNetworks](#opt-services.zeronsd.servedNetworks).
|
||||
|
||||
- [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](#opt-services.agorakit.enable).
|
||||
|
||||
- [Collabora Online](https://www.collaboraonline.com/), a collaborative online office suite based on LibreOffice technology. Available as [services.collabora-online](options.html#opt-services.collabora-online.enable).
|
||||
|
||||
- [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a WebUI for connecting devices. Available as [services.wg-access-server](#opt-services.wg-access-server.enable).
|
||||
|
@ -195,6 +205,8 @@
|
|||
|
||||
- [Zapret](https://github.com/bol-van/zapret), a DPI bypass tool. Available as [services.zapret](option.html#opt-services.zapret.enable).
|
||||
|
||||
- [Glances](https://github.com/nicolargo/glances), an open-source system cross-platform monitoring tool. Available as [services.glances](option.html#opt-services.glances).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
|
||||
|
||||
- Nixpkgs now requires Nix 2.3.17 or newer to allow for zstd compressed binary artifacts.
|
||||
|
@ -203,8 +215,9 @@
|
|||
|
||||
- The NVIDIA driver no longer defaults to the proprietary kernel module with versions >= 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open modules.
|
||||
|
||||
- The `(buildPythonPackage { ... }).override` attribute is now deprecated and removed in favour of `overridePythonAttrs`.
|
||||
- The `(buildPythonPackage { ... }).override` and `(buildPythonPackage { ... }).overrideDerivation` attributes is now deprecated and removed in favour of `overridePythonAttrs` and `lib.overrideDerivation`.
|
||||
This change does not affect the override interface of most Python packages, as [`<pkg>.override`](https://nixos.org/manual/nixpkgs/unstable/#sec-pkg-override) provided by `callPackage` shadows such a locally-defined `override` attribute.
|
||||
The `<pkg>.overrideDerivation` attribute of Python packages called with `callPackage` will also remain available after this change.
|
||||
|
||||
- All Cinnamon and XApp packages have been moved to top-level (i.e., `cinnamon.nemo` is now `nemo`).
|
||||
|
||||
|
@ -225,7 +238,7 @@
|
|||
- The VirtualBox demo installer appliance has been removed.
|
||||
Please use the standard installer ISOs instead.
|
||||
|
||||
- `grafana` has been updated to version 11.1. This version doesn't support setting `http_addr` to a hostname anymore, an IP address is expected.
|
||||
- `grafana` has been updated to version 11.3. This version doesn't support setting `http_addr` to a hostname anymore, an IP address is expected.
|
||||
|
||||
- `deno` has been updated to Deno 2, which has breaking changes.
|
||||
See the [migration guide](https://docs.deno.com/runtime/reference/migration_guide/) for details.
|
||||
|
@ -236,6 +249,8 @@
|
|||
|
||||
- `knot-dns` has been updated to version 3.4.x. Check the [migration guide](https://www.knot-dns.cz/docs/latest/html/migration.html#upgrade-3-3-x-to-3-4-x) for breaking changes.
|
||||
|
||||
- `mutmut` has been updated to version 3.0.5.
|
||||
|
||||
- `services.kubernetes.kubelet.clusterDns` now accepts a list of DNS resolvers rather than a single string, bringing the module more in line with the upstream Kubelet configuration schema.
|
||||
|
||||
- `bluemap` has changed the format used to store map tiles, and the database layout has been heavily modified. Upstream recommends a clean reinstallation: <https://github.com/BlueMap-Minecraft/BlueMap/releases/tag/v5.2>. Unless you are using an SQL storage backend, this should only entail deleting the contents of `config.services.bluemap.coreSettings.data` (defaults to `/var/lib/bluemap`) and `config.services.bluemap.webRoot` (defaults to `/var/lib/bluemap/web`).
|
||||
|
@ -303,10 +318,21 @@
|
|||
- The `mautrix-signal` module was adapted to incorporate the configuration changes that resulted from the update to the mautrix bridgev2 architecture. Pre-0.7.0 configurations should continue to work.
|
||||
In case you want to update your configuration, make sure to check the NixOS manual.
|
||||
|
||||
- `cargo-tauri` has been updated to major version 2. Please review [the migration guide](https://tauri.app/start/migrate/from-tauri-1/).
|
||||
v1 of `cargo-tauri` is still available as `cargo-tauri_1`, but will be removed in future releases.
|
||||
|
||||
- The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver.
|
||||
|
||||
- `postgresql_12` has been removed since it reached its end of life.
|
||||
|
||||
- `postgresql` no longer accepts the `enableSystemd` override. Use `systemdSupport` instead.
|
||||
|
||||
- `postgresql` was split into default and -dev outputs. To make this work without circular dependencies, the output of the `pg_config` system view has been removed. The `pg_config` binary is provided in the -dev output and still works as expected.
|
||||
|
||||
- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.
|
||||
|
||||
- `postgresql` is now [hardened by default](#module-services-postgres-hardening) using the common `systemd` settings for that.
|
||||
|
||||
- The dhcpcd service (`networking.useDHCP`) has been hardened and now runs exclusively as the "dhcpcd" user.
|
||||
Users that were relying on the root privileges in `networking.dhcpcd.runHook` will have to write specific [sudo](security.sudo.extraRules) or [polkit](security.polkit.extraConfig) rules to allow dhcpcd to perform privileged actions.
|
||||
|
||||
|
@ -572,8 +598,6 @@
|
|||
|
||||
- Docker now defaults to 27.x, as version 24.x stopped receiving security updates and bug fixes after [February 1, 2024](https://github.com/moby/moby/pull/46772#discussion_r1686464084).
|
||||
|
||||
- `postgresql` was split into default and -dev outputs. To make this work without circular dependencies, the output of the `pg_config` system view has been removed. The `pg_config` binary is provided in the -dev output and still works as expected.
|
||||
|
||||
- `keycloak` was updated to version 25, which introduces new hostname related options.
|
||||
See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.
|
||||
|
||||
|
@ -688,11 +712,10 @@
|
|||
|
||||
- `isync` has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details.
|
||||
|
||||
- Legacy package `globalprotect-openconnect` 1.x and related module
|
||||
`services.globalprotect` were dropped. Two new packages -- `gpauth` and `gpclient`
|
||||
from the 2.x version of the GlobalProtect-openconnect project -- are added in its
|
||||
place. The GUI components related to the project are non-free and not
|
||||
packaged.
|
||||
- Two new packages -- `gpauth` and `gpclient` from the 2.x version of the
|
||||
GlobalProtect-openconnect project -- are added in parallel to
|
||||
`globalprotect-openconnect`. The GUI components related to the project are
|
||||
non-free and not packaged.
|
||||
|
||||
- Compatible string matching for `hardware.deviceTree.overlays` has been changed to a more correct behavior. See [below](#sec-release-24.11-migration-dto-compatible) for details.
|
||||
|
||||
|
@ -715,6 +738,20 @@
|
|||
- `python3Packages.nose` has been removed, as it has been deprecated and unmaintained for almost a decade and does not work on Python 3.12.
|
||||
Please switch to `pytest` or another test runner/framework.
|
||||
|
||||
- `dotnet-sdk`, `dotnet-runtime`, and all other dotnet packages now use a
|
||||
wrapper package containing `bin/dotnet`, build hooks, etc. If you need to
|
||||
reference the underlying dotnet distribution (DOTNET_ROOT) you should use e.g.
|
||||
`dotnet-runtime.unwrapped`.
|
||||
|
||||
- The root of dotnet distribution packages (DOTNET_ROOT) is now under e.g.
|
||||
`${dotnet-sdk.unwrapped}/share/dotnet` instead of directly in the package
|
||||
root. This is consistent with packaging guidelines and more friendly for FHS
|
||||
environments.
|
||||
|
||||
- `dotnet-sdk`, `dotnet-runtime`, and `dotnet-aspnetcore` now point to dotnet 8
|
||||
rather than dotnet 6. For packages that still need dotnet 6, use
|
||||
`dotnet-sdk_6`, etc.
|
||||
|
||||
## Other Notable Changes {#sec-release-24.11-notable-changes}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
@ -783,6 +820,8 @@
|
|||
|
||||
- The new `boot.loader.systemd-boot.windows` option makes setting up dual-booting with Windows on a different drive easier.
|
||||
|
||||
- The `boot.loader.raspberryPi` options were marked as deprecated in 23.11 and have now been removed.
|
||||
|
||||
- Linux 4.19 has been removed because it will reach its end of life within the lifespan of 24.11.
|
||||
|
||||
- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
|
||||
|
@ -817,8 +856,6 @@
|
|||
|
||||
- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep). Available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
|
||||
|
||||
- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.
|
||||
|
||||
- Mattermost has been updated from 9.5 to 9.11 ESR. See the [changelog](https://docs.mattermost.com/about/mattermost-v9-changelog.html#release-v9-11-extended-support-release) for more details.
|
||||
|
||||
- `cargo-tauri.hook` was introduced to help users build [Tauri](https://tauri.app/) projects. It is meant to be used alongside
|
||||
|
@ -838,8 +875,6 @@
|
|||
|
||||
- `iproute2` now has libbpf support.
|
||||
|
||||
- `postgresql` is now [hardened by default](#module-services-postgres-hardening) using the common `systemd` settings for that.
|
||||
|
||||
If you use extensions that are not packaged in nixpkgs, please review whether it still works
|
||||
with the current settings and adjust accordingly if needed.
|
||||
|
||||
|
@ -856,6 +891,8 @@
|
|||
|
||||
- `qgis` and `qgis-ltr` are now built without `grass` by default. `grass` support can be enabled with `qgis.override { withGrass = true; }`.
|
||||
|
||||
- `virtualisation.incus` module gained new `incus-user.service` and `incus-user.socket` systemd units. It is now possible to add a user to `incus` group instead of `incus-admin` for increased security.
|
||||
|
||||
## Detailed Migration Information {#sec-release-24.11-migration}
|
||||
|
||||
### `sound` options removal {#sec-release-24.11-migration-sound}
|
||||
|
|
36
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2505.section.md
vendored
Normal file
36
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2505.section.md
vendored
Normal file
|
@ -0,0 +1,36 @@
|
|||
# Release 25.05 (“Warbler”, 2025.05/??) {#sec-release-25.05}
|
||||
|
||||
## Highlights {#sec-release-25.05-highlights}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- Create the first release note entry in this section!
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## New Modules {#sec-release-25.05-new-modules}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- [Kimai](https://www.kimai.org/), a web-based multi-user time-tracking application. Available as [services.kimai](option.html#opt-services.kimai).
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## Backward Incompatibilities {#sec-release-25.05-incompatibilities}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- `kanata` was updated to v1.7.0, which introduces several breaking changes.
|
||||
See the release notes of
|
||||
[v1.7.0](https://github.com/jtroo/kanata/releases/tag/v1.7.0)
|
||||
for more information.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## Other Notable Changes {#sec-release-25.05-notable-changes}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- Create the first release note entry in this section!
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
|
@ -6,8 +6,11 @@ let
|
|||
|
||||
common = import ./common.nix;
|
||||
inherit (common) outputPath indexPath;
|
||||
in
|
||||
pkgs.callPackage ../../../pkgs/tools/nix/web-devmode.nix {
|
||||
devmode = pkgs.devmode.override {
|
||||
buildArgs = "../../release.nix -A manualHTML.${builtins.currentSystem}";
|
||||
open = "/${outputPath}/${indexPath}";
|
||||
};
|
||||
in
|
||||
pkgs.mkShellNoCC {
|
||||
packages = [ devmode ];
|
||||
}
|
||||
|
|
|
@ -57,7 +57,7 @@ rec {
|
|||
throwUnsupportedGuestSystem = guestMap:
|
||||
throw "Unsupported guest system ${guestSystem} for host ${hostSystem}, supported: ${lib.concatStringsSep ", " (lib.attrNames guestMap)}";
|
||||
in
|
||||
if hostStdenv.isLinux then
|
||||
if hostStdenv.hostPlatform.isLinux then
|
||||
linuxHostGuestMatrix.${guestSystem} or "${qemuPkg}/bin/qemu-kvm"
|
||||
else
|
||||
let
|
||||
|
|
|
@ -70,7 +70,7 @@ in
|
|||
defaultChannel = mkOption {
|
||||
internal = true;
|
||||
type = types.str;
|
||||
default = "https://nixos.org/channels/nixos-unstable";
|
||||
default = "https://nixos.org/channels/nixos-24.11";
|
||||
description = "Default NixOS channel to which the root user is subscribed.";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -101,7 +101,7 @@ in
|
|||
assertions = [
|
||||
{
|
||||
assertion = cfg.enable32Bit -> pkgs.stdenv.hostPlatform.isx86_64;
|
||||
message = "`hardware.graphics.enable32Bit` only makes sense on a 64-bit system.";
|
||||
message = "`hardware.graphics.enable32Bit` is only supported on an x86_64 system.";
|
||||
}
|
||||
{
|
||||
assertion = cfg.enable32Bit -> (config.boot.kernelPackages.kernel.features.ia32Emulation or false);
|
||||
|
|
|
@ -218,7 +218,7 @@ in
|
|||
mkToolModule = { name, package ? pkgs.${name} }: { config, ... }: {
|
||||
options.system.tools.${name}.enable = lib.mkEnableOption "${name} script" // {
|
||||
default = config.nix.enable && ! config.system.disableInstallerTools;
|
||||
internal = true;
|
||||
defaultText = "config.nix.enable && !config.system.disableInstallerTools";
|
||||
};
|
||||
|
||||
config = lib.mkIf config.system.tools.${name}.enable {
|
||||
|
|
|
@ -42,6 +42,7 @@ let
|
|||
VARIANT = optionalString (cfg.variantName != null) cfg.variantName;
|
||||
VARIANT_ID = optionalString (cfg.variant_id != null) cfg.variant_id;
|
||||
DEFAULT_HOSTNAME = config.networking.fqdnOrHostName;
|
||||
SUPPORT_END = "2025-06-30";
|
||||
};
|
||||
|
||||
initrdReleaseContents = (removeAttrs osReleaseContents [ "BUILD_ID" ]) // {
|
||||
|
|
|
@ -148,6 +148,7 @@
|
|||
./programs/alvr.nix
|
||||
./programs/appgate-sdp.nix
|
||||
./programs/appimage.nix
|
||||
./programs/arp-scan.nix
|
||||
./programs/atop.nix
|
||||
./programs/ausweisapp.nix
|
||||
./programs/autojump.nix
|
||||
|
@ -295,6 +296,7 @@
|
|||
./programs/sysdig.nix
|
||||
./programs/system-config-printer.nix
|
||||
./programs/systemtap.nix
|
||||
./programs/tcpdump.nix
|
||||
./programs/thefuck.nix
|
||||
./programs/thunar.nix
|
||||
./programs/thunderbird.nix
|
||||
|
@ -362,6 +364,7 @@
|
|||
./security/polkit.nix
|
||||
./security/rngd.nix
|
||||
./security/rtkit.nix
|
||||
./security/soteria.nix
|
||||
./security/sudo.nix
|
||||
./security/sudo-rs.nix
|
||||
./security/systemd-confinement.nix
|
||||
|
@ -588,6 +591,7 @@
|
|||
./services/hardware/fancontrol.nix
|
||||
./services/hardware/freefall.nix
|
||||
./services/hardware/fwupd.nix
|
||||
./services/hardware/g810-led.nix
|
||||
./services/hardware/handheld-daemon.nix
|
||||
./services/hardware/hddfancontrol.nix
|
||||
./services/hardware/illum.nix
|
||||
|
@ -752,6 +756,7 @@
|
|||
./services/misc/etebase-server.nix
|
||||
./services/misc/etesync-dav.nix
|
||||
./services/misc/evdevremapkeys.nix
|
||||
./services/misc/evremap.nix
|
||||
./services/misc/felix.nix
|
||||
./services/misc/flaresolverr.nix
|
||||
./services/misc/forgejo.nix
|
||||
|
@ -887,6 +892,7 @@
|
|||
./services/monitoring/do-agent.nix
|
||||
./services/monitoring/fusion-inventory.nix
|
||||
./services/monitoring/gatus.nix
|
||||
./services/monitoring/glances.nix
|
||||
./services/monitoring/goss.nix
|
||||
./services/monitoring/grafana-agent.nix
|
||||
./services/monitoring/grafana-image-renderer.nix
|
||||
|
@ -1052,6 +1058,7 @@
|
|||
./services/networking/gdomap.nix
|
||||
./services/networking/ghostunnel.nix
|
||||
./services/networking/git-daemon.nix
|
||||
./services/networking/globalprotect-vpn.nix
|
||||
./services/networking/gns3-server.nix
|
||||
./services/networking/gnunet.nix
|
||||
./services/networking/go-autoconfig.nix
|
||||
|
@ -1388,6 +1395,7 @@
|
|||
./services/wayland/cage.nix
|
||||
./services/wayland/hypridle.nix
|
||||
./services/web-apps/akkoma.nix
|
||||
./services/web-apps/agorakit.nix
|
||||
./services/web-apps/alps.nix
|
||||
./services/web-apps/anuko-time-tracker.nix
|
||||
./services/web-apps/artalk.nix
|
||||
|
@ -1408,6 +1416,7 @@
|
|||
./services/web-apps/crabfit.nix
|
||||
./services/web-apps/davis.nix
|
||||
./services/web-apps/cryptpad.nix
|
||||
./services/web-apps/dashy.nix
|
||||
./services/web-apps/dependency-track.nix
|
||||
./services/web-apps/dex.nix
|
||||
./services/web-apps/discourse.nix
|
||||
|
@ -1452,6 +1461,7 @@
|
|||
./services/web-apps/kasmweb/default.nix
|
||||
./services/web-apps/kavita.nix
|
||||
./services/web-apps/keycloak.nix
|
||||
./services/web-apps/kimai.nix
|
||||
./services/web-apps/komga.nix
|
||||
./services/web-apps/lanraragi.nix
|
||||
./services/web-apps/lemmy.nix
|
||||
|
@ -1626,7 +1636,6 @@
|
|||
./system/boot/loader/external/external.nix
|
||||
./system/boot/loader/init-script/init-script.nix
|
||||
./system/boot/loader/loader.nix
|
||||
./system/boot/loader/raspberrypi/raspberrypi.nix
|
||||
./system/boot/loader/systemd-boot/systemd-boot.nix
|
||||
./system/boot/luksroot.nix
|
||||
./system/boot/stratisroot.nix
|
||||
|
|
32
third_party/nixpkgs/nixos/modules/programs/arp-scan.nix
vendored
Normal file
32
third_party/nixpkgs/nixos/modules/programs/arp-scan.nix
vendored
Normal file
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.programs.arp-scan;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.arp-scan = {
|
||||
enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to configure a setcap wrapper for arp-scan.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.wrappers.arp-scan = {
|
||||
owner = "root";
|
||||
group = "root";
|
||||
capabilities = "cap_net_raw+p";
|
||||
source = lib.getExe pkgs.arp-scan;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -313,7 +313,9 @@ in
|
|||
old.extraPrefsFiles or [ ]
|
||||
++ cfg.autoConfigFiles
|
||||
++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ];
|
||||
nativeMessagingHosts = old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages;
|
||||
nativeMessagingHosts = lib.unique (
|
||||
old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages
|
||||
);
|
||||
cfg = (old.cfg or { }) // cfg.wrapperConfig;
|
||||
}))
|
||||
];
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.programs.iftop;
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.iftop.enable = lib.mkEnableOption "iftop + setcap wrapper";
|
||||
programs.iftop.enable = lib.mkEnableOption "iftop and setcap wrapper for it";
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.iftop ];
|
||||
|
@ -12,7 +18,7 @@ in {
|
|||
owner = "root";
|
||||
group = "root";
|
||||
capabilities = "cap_net_raw+p";
|
||||
source = "${pkgs.iftop}/bin/iftop";
|
||||
source = lib.getExe pkgs.iftop;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
56
third_party/nixpkgs/nixos/modules/programs/pay-respects.nix
vendored
Normal file
56
third_party/nixpkgs/nixos/modules/programs/pay-respects.nix
vendored
Normal file
|
@ -0,0 +1,56 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib)
|
||||
getExe
|
||||
maintainers
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
types
|
||||
;
|
||||
inherit (types) str;
|
||||
cfg = config.programs.pay-respects;
|
||||
|
||||
initScript =
|
||||
shell:
|
||||
if (shell != "fish") then
|
||||
''
|
||||
eval $(${getExe pkgs.pay-respects} ${shell} --alias ${cfg.alias})
|
||||
''
|
||||
else
|
||||
''
|
||||
${getExe pkgs.pay-respects} ${shell} --alias ${cfg.alias} | source
|
||||
'';
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.pay-respects = {
|
||||
enable = mkEnableOption "pay-respects, an app which corrects your previous console command";
|
||||
|
||||
alias = mkOption {
|
||||
default = "f";
|
||||
type = str;
|
||||
description = ''
|
||||
`pay-respects` needs an alias to be configured.
|
||||
The default value is `f`, but you can use anything else as well.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.pay-respects ];
|
||||
|
||||
programs = {
|
||||
bash.interactiveShellInit = initScript "bash";
|
||||
fish.interactiveShellInit = mkIf config.programs.fish.enable initScript "fish";
|
||||
zsh.interactiveShellInit = mkIf config.programs.zsh.enable initScript "zsh";
|
||||
};
|
||||
};
|
||||
meta.maintainers = with maintainers; [ sigmasquadron ];
|
||||
}
|
36
third_party/nixpkgs/nixos/modules/programs/tcpdump.nix
vendored
Normal file
36
third_party/nixpkgs/nixos/modules/programs/tcpdump.nix
vendored
Normal file
|
@ -0,0 +1,36 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.programs.tcpdump;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.tcpdump = {
|
||||
enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to configure a setcap wrapper for tcpdump.
|
||||
To use it, add your user to the `pcap` group.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.wrappers.tcpdump = {
|
||||
owner = "root";
|
||||
group = "pcap";
|
||||
capabilities = "cap_net_raw+p";
|
||||
permissions = "u+rx,g+x";
|
||||
source = lib.getExe pkgs.tcpdump;
|
||||
};
|
||||
|
||||
users.groups.pcap = { };
|
||||
};
|
||||
}
|
|
@ -1,8 +1,14 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.programs.traceroute;
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.traceroute = {
|
||||
enable = lib.mkOption {
|
||||
|
@ -20,7 +26,7 @@ in {
|
|||
owner = "root";
|
||||
group = "root";
|
||||
capabilities = "cap_net_raw+p";
|
||||
source = "${pkgs.traceroute}/bin/traceroute";
|
||||
source = lib.getExe pkgs.traceroute;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.programs.hyprland;
|
||||
|
@ -13,29 +18,53 @@ in
|
|||
A configuration file will be generated in {file}`~/.config/hypr/hyprland.conf`.
|
||||
See <https://wiki.hyprland.org> for more information'';
|
||||
|
||||
package = lib.mkPackageOption pkgs "hyprland" {
|
||||
package =
|
||||
lib.mkPackageOption pkgs "hyprland" {
|
||||
extraDescription = ''
|
||||
If the package is not overridable with `enableXWayland`, then the module option
|
||||
{option}`xwayland` will have no effect.
|
||||
'';
|
||||
} // {
|
||||
apply = p: wayland-lib.genFinalPackage p {
|
||||
}
|
||||
// {
|
||||
apply =
|
||||
p:
|
||||
wayland-lib.genFinalPackage p {
|
||||
enableXWayland = cfg.xwayland.enable;
|
||||
};
|
||||
};
|
||||
|
||||
portalPackage = lib.mkPackageOption pkgs "xdg-desktop-portal-hyprland" {
|
||||
portalPackage =
|
||||
lib.mkPackageOption pkgs "xdg-desktop-portal-hyprland" {
|
||||
extraDescription = ''
|
||||
If the package is not overridable with `hyprland`, then the Hyprland package
|
||||
used by the portal may differ from the one set in the module option {option}`package`.
|
||||
'';
|
||||
} // {
|
||||
apply = p: wayland-lib.genFinalPackage p {
|
||||
}
|
||||
// {
|
||||
apply =
|
||||
p:
|
||||
wayland-lib.genFinalPackage p {
|
||||
hyprland = cfg.package;
|
||||
};
|
||||
};
|
||||
|
||||
xwayland.enable = lib.mkEnableOption "XWayland" // { default = true; };
|
||||
xwayland.enable = lib.mkEnableOption "XWayland" // {
|
||||
default = true;
|
||||
};
|
||||
|
||||
withUWSM = lib.mkEnableOption null // {
|
||||
description = ''
|
||||
Launch Hyprland with the UWSM (Universal Wayland Session Manager) session manager.
|
||||
This has improved systemd support and is recommended for most users.
|
||||
This automatically starts appropiate targets like `graphical-session.target`,
|
||||
and `wayland-session@Hyprland.target`.
|
||||
|
||||
::: {.note}
|
||||
Some changes may need to be made to Hyprland configs depending on your setup, see
|
||||
[Hyprland wiki](https://wiki.hyprland.org/Useful-Utilities/Systemd-start/#uwsm).
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.setPath.enable = lib.mkEnableOption null // {
|
||||
default = lib.versionOlder cfg.package.version "0.41.2";
|
||||
|
@ -49,13 +78,11 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable (lib.mkMerge [
|
||||
config = lib.mkIf cfg.enable (
|
||||
lib.mkMerge [
|
||||
{
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
# To make a Hyprland session available if a display manager like SDDM is enabled:
|
||||
services.displayManager.sessionPackages = [ cfg.package ];
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = [ cfg.portalPackage ];
|
||||
|
@ -69,26 +96,47 @@ in
|
|||
};
|
||||
}
|
||||
|
||||
(lib.mkIf (cfg.withUWSM) {
|
||||
programs.uwsm.enable = true;
|
||||
# Configure UWSM to launch Hyprland from a display manager like SDDM
|
||||
programs.uwsm.waylandCompositors = {
|
||||
hyprland = {
|
||||
prettyName = "Hyprland";
|
||||
comment = "Hyprland compositor managed by UWSM";
|
||||
binPath = "/run/current-system/sw/bin/Hyprland";
|
||||
};
|
||||
};
|
||||
})
|
||||
(lib.mkIf (!cfg.withUWSM) {
|
||||
# To make a vanilla Hyprland session available in DM
|
||||
services.displayManager.sessionPackages = [ cfg.package ];
|
||||
})
|
||||
|
||||
(import ./wayland-session.nix {
|
||||
inherit lib pkgs;
|
||||
enableXWayland = cfg.xwayland.enable;
|
||||
enableWlrPortal = lib.mkDefault false; # Hyprland has its own portal, wlr is not needed
|
||||
})
|
||||
]);
|
||||
]
|
||||
);
|
||||
|
||||
imports = [
|
||||
(lib.mkRemovedOptionModule
|
||||
[ "programs" "hyprland" "xwayland" "hidpi" ]
|
||||
"XWayland patches are deprecated. Refer to https://wiki.hyprland.org/Configuring/XWayland"
|
||||
)
|
||||
(lib.mkRemovedOptionModule
|
||||
[ "programs" "hyprland" "enableNvidiaPatches" ]
|
||||
"Nvidia patches are no longer needed"
|
||||
)
|
||||
(lib.mkRemovedOptionModule
|
||||
[ "programs" "hyprland" "nvidiaPatches" ]
|
||||
"Nvidia patches are no longer needed"
|
||||
)
|
||||
(lib.mkRemovedOptionModule [
|
||||
"programs"
|
||||
"hyprland"
|
||||
"xwayland"
|
||||
"hidpi"
|
||||
] "XWayland patches are deprecated. Refer to https://wiki.hyprland.org/Configuring/XWayland")
|
||||
(lib.mkRemovedOptionModule [
|
||||
"programs"
|
||||
"hyprland"
|
||||
"enableNvidiaPatches"
|
||||
] "Nvidia patches are no longer needed")
|
||||
(lib.mkRemovedOptionModule [
|
||||
"programs"
|
||||
"hyprland"
|
||||
"nvidiaPatches"
|
||||
] "Nvidia patches are no longer needed")
|
||||
];
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ fufexan ];
|
||||
|
|
|
@ -64,8 +64,8 @@ in
|
|||
description = ''
|
||||
The package which contains the `yabar` binary.
|
||||
|
||||
Nixpkgs provides the `yabar` and `yabar-unstable`
|
||||
derivations since 18.03, so it's possible to choose.
|
||||
Nixpkgs provides the `yabar` and `yabar-unstable`,
|
||||
so it's possible to choose.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
|
@ -20,6 +20,7 @@ in
|
|||
(mkAliasOptionModuleMD [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
|
||||
|
||||
# Completely removed modules
|
||||
(mkRemovedOptionModule [ "boot" "loader" "raspberryPi" ] "The raspberryPi boot loader has been removed. See https://github.com/NixOS/nixpkgs/pull/241534 for what to use instead.")
|
||||
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
||||
(mkRemovedOptionModule [ "environment" "noXlibs" ] ''
|
||||
The environment.noXlibs option was removed, as it often caused surprising breakages for new users.
|
||||
|
@ -80,7 +81,6 @@ in
|
|||
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
|
||||
(mkRemovedOptionModule [ "services" "globalprotect"] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
|
||||
(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
|
||||
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
|
||||
|
|
|
@ -87,6 +87,8 @@ let
|
|||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_UNIX"
|
||||
"AF_NETLINK"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
|
|
50
third_party/nixpkgs/nixos/modules/security/soteria.nix
vendored
Normal file
50
third_party/nixpkgs/nixos/modules/security/soteria.nix
vendored
Normal file
|
@ -0,0 +1,50 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.security.soteria;
|
||||
in
|
||||
{
|
||||
options.security.soteria = {
|
||||
enable = lib.mkEnableOption null // {
|
||||
description = ''
|
||||
Whether to enable Soteria, a Polkit authentication agent
|
||||
for any desktop environment.
|
||||
|
||||
::: {.note}
|
||||
You should only enable this if you are on a Desktop Environment that
|
||||
does not provide a graphical polkit authentication agent, or you are on
|
||||
a standalone window manager or Wayland compositor.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
package = lib.mkPackageOption pkgs "soteria" { };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.polkit.enable = true;
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.user.services.polkit-soteria = {
|
||||
description = "Soteria, Polkit authentication agent for any desktop environment";
|
||||
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
wants = [ "graphical-session.target" ];
|
||||
after = [ "graphical-session.target" ];
|
||||
|
||||
script = lib.getExe cfg.package;
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "on-failure";
|
||||
RestartSec = 1;
|
||||
TimeoutStopSec = 10;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ johnrtitor ];
|
||||
}
|
|
@ -12,6 +12,7 @@ let
|
|||
|
||||
mopidyEnv = buildEnv {
|
||||
name = "mopidy-with-extensions-${mopidy.version}";
|
||||
ignoreCollisions = true;
|
||||
paths = closePropagation cfg.extensionPackages;
|
||||
pathsToLink = [ "/${mopidyPackages.python.sitePackages}" ];
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
|
|
@ -334,6 +334,12 @@ in
|
|||
|
||||
environment.etc."my.cnf".source = cfg.configFile;
|
||||
|
||||
# The mysql_install_db binary will try to adjust the permissions, but fail to do so with a permission
|
||||
# denied error in some circumstances. Setting the permissions manually with tmpfiles is a workaround.
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.dataDir} 0755 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
systemd.services.mysql = {
|
||||
description = "MySQL Server";
|
||||
|
||||
|
|
|
@ -261,8 +261,9 @@ Technically, we'd not want to have EOL'ed packages in a stable NixOS release, wh
|
|||
Thus:
|
||||
- In September/October the new major version will be released and added to nixos-unstable.
|
||||
- In November the last minor version for the oldest major will be released.
|
||||
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor.
|
||||
- In November, before branch-off for the .11 release, the EOL-ed major will be removed from nixos-unstable.
|
||||
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor that will usually be released in November.
|
||||
- This is relevant for people who need to use this major for as long as possible. In that case its desirable to be able to pin nixpkgs to a commit that still has it, at the latest minor available.
|
||||
- In November, before branch-off for the .11 release and after the update to the latest minor, the EOL-ed major will be removed from nixos-unstable.
|
||||
|
||||
This leaves a small gap of a couple of weeks after the latest minor release and the end of our support window for the .05 release, in which there could be an emergency release to other major versions of PostgreSQL - but not the oldest major we have in that branch. In that case: If we can't trivially patch the issue, we will mark the package/version as insecure **immediately**.
|
||||
|
||||
|
@ -292,7 +293,7 @@ postgresql_15.pkgs.pg_partman postgresql_15.pkgs.pgroonga
|
|||
To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
|
||||
```nix
|
||||
{
|
||||
services.postgresql.package = pkgs.postgresql_12;
|
||||
services.postgresql.package = pkgs.postgresql_17;
|
||||
services.postgresql.extraPlugins = ps: with ps; [
|
||||
pg_repack
|
||||
postgis
|
||||
|
@ -303,7 +304,7 @@ To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
|
|||
You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like:
|
||||
```nix
|
||||
self: super: {
|
||||
postgresql_custom = self.postgresql_12.withPackages (ps: [
|
||||
postgresql_custom = self.postgresql_17.withPackages (ps: [
|
||||
ps.pg_repack
|
||||
ps.postgis
|
||||
]);
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
let
|
||||
inherit (lib)
|
||||
any
|
||||
attrValues
|
||||
concatMapStrings
|
||||
concatStringsSep
|
||||
|
@ -9,6 +10,7 @@ let
|
|||
elem
|
||||
escapeShellArgs
|
||||
filterAttrs
|
||||
getName
|
||||
isString
|
||||
literalExpression
|
||||
mapAttrs
|
||||
|
@ -26,23 +28,24 @@ let
|
|||
optionalString
|
||||
types
|
||||
versionAtLeast
|
||||
warn
|
||||
;
|
||||
|
||||
cfg = config.services.postgresql;
|
||||
|
||||
postgresql =
|
||||
let
|
||||
# ensure that
|
||||
# services.postgresql = {
|
||||
# enableJIT = true;
|
||||
# package = pkgs.postgresql_<major>;
|
||||
# };
|
||||
# works.
|
||||
base = if cfg.enableJIT then cfg.package.withJIT else cfg.package.withoutJIT;
|
||||
in
|
||||
if cfg.extraPlugins == []
|
||||
then base
|
||||
else base.withPackages cfg.extraPlugins;
|
||||
basePackage = if cfg.enableJIT
|
||||
then cfg.package.withJIT
|
||||
else cfg.package.withoutJIT;
|
||||
|
||||
postgresql = if cfg.extensions == []
|
||||
then basePackage
|
||||
else basePackage.withPackages cfg.extensions;
|
||||
|
||||
toStr = value:
|
||||
if true == value then "yes"
|
||||
|
@ -60,6 +63,8 @@ let
|
|||
|
||||
groupAccessAvailable = versionAtLeast postgresql.version "11.0";
|
||||
|
||||
extensionNames = map getName postgresql.installedExtensions;
|
||||
extensionInstalled = extension: elem extension extensionNames;
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -68,6 +73,7 @@ in
|
|||
|
||||
(mkRenamedOptionModule [ "services" "postgresql" "logLinePrefix" ] [ "services" "postgresql" "settings" "log_line_prefix" ])
|
||||
(mkRenamedOptionModule [ "services" "postgresql" "port" ] [ "services" "postgresql" "settings" "port" ])
|
||||
(mkRenamedOptionModule [ "services" "postgresql" "extraPlugins" ] [ "services" "postgresql" "extensions" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
@ -371,12 +377,12 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraPlugins = mkOption {
|
||||
extensions = mkOption {
|
||||
type = with types; coercedTo (listOf path) (path: _ignorePg: path) (functionTo (listOf path));
|
||||
default = _: [];
|
||||
example = literalExpression "ps: with ps; [ postgis pg_repack ]";
|
||||
description = ''
|
||||
List of PostgreSQL plugins.
|
||||
List of PostgreSQL extensions to install.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -484,10 +490,18 @@ in
|
|||
|
||||
services.postgresql.package = let
|
||||
mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version.";
|
||||
mkWarn = ver: warn ''
|
||||
The postgresql package is not pinned and selected automatically by
|
||||
`system.stateVersion`. Right now this is `pkgs.postgresql_${ver}`, the
|
||||
oldest postgresql version available and thus the next that will be
|
||||
removed when EOL on the next stable cycle.
|
||||
|
||||
See also https://endoflife.date/postgresql
|
||||
'';
|
||||
base = if versionAtLeast config.system.stateVersion "24.11" then pkgs.postgresql_16
|
||||
else if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
|
||||
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
|
||||
else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
|
||||
else if versionAtLeast config.system.stateVersion "21.11" then mkWarn "13" pkgs.postgresql_13
|
||||
else if versionAtLeast config.system.stateVersion "20.03" then mkThrow "11"
|
||||
else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6"
|
||||
else mkThrow "9_5";
|
||||
|
@ -630,7 +644,7 @@ in
|
|||
PrivateTmp = true;
|
||||
ProtectHome = true;
|
||||
ProtectSystem = "strict";
|
||||
MemoryDenyWriteExecute = lib.mkDefault (cfg.settings.jit == "off");
|
||||
MemoryDenyWriteExecute = lib.mkDefault (cfg.settings.jit == "off" && (!any extensionInstalled [ "plv8" ]));
|
||||
NoNewPrivileges = true;
|
||||
LockPersonality = true;
|
||||
PrivateDevices = true;
|
||||
|
@ -654,10 +668,12 @@ in
|
|||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
SystemCallFilter =
|
||||
[
|
||||
"@system-service"
|
||||
"~@privileged @resources"
|
||||
];
|
||||
]
|
||||
++ lib.optionals (any extensionInstalled [ "plv8" ]) [ "@pkey" ];
|
||||
UMask = if groupAccessAvailable then "0027" else "0077";
|
||||
}
|
||||
(mkIf (cfg.dataDir != "/var/lib/postgresql") {
|
||||
|
|
|
@ -1,23 +1,84 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.services.desktopManager.lomiri;
|
||||
in {
|
||||
in
|
||||
{
|
||||
options.services.desktopManager.lomiri = {
|
||||
enable = lib.mkEnableOption ''
|
||||
the Lomiri graphical shell (formerly known as Unity8)
|
||||
'';
|
||||
|
||||
basics = lib.mkOption {
|
||||
internal = true;
|
||||
description = ''
|
||||
Enable basic things for getting Lomiri working.
|
||||
'';
|
||||
type = lib.types.bool;
|
||||
default = config.services.xserver.displayManager.lightdm.greeters.lomiri.enable || cfg.enable;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
config = lib.mkMerge [
|
||||
# Basics for getting Lomiri to work
|
||||
(lib.mkIf cfg.basics {
|
||||
environment = {
|
||||
systemPackages = (with pkgs; [
|
||||
# To override the default keyboard layout in Lomiri
|
||||
etc.${pkgs.lomiri.lomiri.passthru.etcLayoutsFile}.text = lib.strings.replaceStrings [ "," ] [
|
||||
"\n"
|
||||
] config.services.xserver.xkb.layout;
|
||||
|
||||
pathsToLink = [
|
||||
# Data
|
||||
"/share/locale" # TODO LUITK hardcoded default locale path, fix individual apps to not rely on it
|
||||
"/share/wallpapers"
|
||||
];
|
||||
|
||||
systemPackages = with pkgs.lomiri; [
|
||||
lomiri-wallpapers # default + additional wallpaper
|
||||
suru-icon-theme # basic indicator icons
|
||||
];
|
||||
};
|
||||
|
||||
fonts.packages = with pkgs; [
|
||||
ubuntu-classic # Ubuntu is default font
|
||||
];
|
||||
|
||||
# Xwayland is partly hardcoded in Mir so it can't really be fully turned off, and it must be on PATH for X11 apps *and Lomiri's web browser* to work.
|
||||
# Until Mir/Lomiri can be properly used without it, force it on so everything behaves as expected.
|
||||
programs.xwayland.enable = lib.mkForce true;
|
||||
|
||||
services.ayatana-indicators = {
|
||||
enable = true;
|
||||
packages = (
|
||||
with pkgs;
|
||||
[
|
||||
ayatana-indicator-datetime # Clock
|
||||
ayatana-indicator-session # Controls for shutting down etc
|
||||
]
|
||||
);
|
||||
};
|
||||
})
|
||||
|
||||
# Full Lomiri DE
|
||||
(lib.mkIf cfg.enable {
|
||||
# We need the basic setup as well
|
||||
services.desktopManager.lomiri.basics = true;
|
||||
|
||||
environment = {
|
||||
systemPackages =
|
||||
(with pkgs; [
|
||||
glib # XDG MIME-related tools identify it as GNOME, add gio for MIME identification to work
|
||||
libayatana-common
|
||||
ubports-click
|
||||
]) ++ (with pkgs.lomiri; [
|
||||
])
|
||||
++ (with pkgs.lomiri; [
|
||||
hfd-service
|
||||
history-service
|
||||
libusermetrics
|
||||
lomiri
|
||||
lomiri-calculator-app
|
||||
|
@ -28,6 +89,7 @@ in {
|
|||
lomiri-download-manager
|
||||
lomiri-filemanager-app
|
||||
lomiri-gallery-app
|
||||
lomiri-history-service
|
||||
lomiri-polkit-agent
|
||||
lomiri-schemas # exposes some required dbus interfaces
|
||||
lomiri-session # wrappers to properly launch the session
|
||||
|
@ -36,17 +98,12 @@ in {
|
|||
lomiri-terminal-app
|
||||
lomiri-thumbnailer
|
||||
lomiri-url-dispatcher
|
||||
lomiri-wallpapers
|
||||
mediascanner2 # TODO possibly needs to be kicked off by graphical-session.target
|
||||
morph-browser
|
||||
qtmir # not having its desktop file for Xwayland available causes any X11 application to crash the session
|
||||
suru-icon-theme
|
||||
telephony-service
|
||||
teleports
|
||||
]);
|
||||
|
||||
# To override the default keyboard layout in Lomiri
|
||||
etc.${pkgs.lomiri.lomiri.passthru.etcLayoutsFile}.text = lib.strings.replaceStrings [","] ["\n"] config.services.xserver.xkb.layout;
|
||||
};
|
||||
|
||||
hardware = {
|
||||
|
@ -66,39 +123,33 @@ in {
|
|||
lomiri-download-manager
|
||||
];
|
||||
|
||||
fonts.packages = with pkgs; [
|
||||
# Applications tend to default to Ubuntu font
|
||||
ubuntu-classic
|
||||
];
|
||||
|
||||
# Copy-pasted basic stuff
|
||||
hardware.graphics.enable = lib.mkDefault true;
|
||||
fonts.enableDefaultPackages = lib.mkDefault true;
|
||||
programs.dconf.enable = lib.mkDefault true;
|
||||
|
||||
# Xwayland is partly hardcoded in Mir so it can't really be fully turned off, and it must be on PATH for X11 apps *and Lomiri's web browser* to work.
|
||||
# Until Mir/Lomiri can be properly used without it, force it on so everything behaves as expected.
|
||||
programs.xwayland.enable = lib.mkForce true;
|
||||
|
||||
services.accounts-daemon.enable = true;
|
||||
|
||||
services.ayatana-indicators = {
|
||||
enable = true;
|
||||
packages = (with pkgs; [
|
||||
ayatana-indicator-datetime
|
||||
packages =
|
||||
(
|
||||
with pkgs;
|
||||
[
|
||||
ayatana-indicator-display
|
||||
ayatana-indicator-messages
|
||||
ayatana-indicator-power
|
||||
ayatana-indicator-session
|
||||
] ++ lib.optionals config.hardware.bluetooth.enable [
|
||||
ayatana-indicator-bluetooth
|
||||
] ++ lib.optionals (config.hardware.pulseaudio.enable || config.services.pipewire.pulse.enable) [
|
||||
]
|
||||
++ lib.optionals config.hardware.bluetooth.enable [ ayatana-indicator-bluetooth ]
|
||||
++ lib.optionals (config.hardware.pulseaudio.enable || config.services.pipewire.pulse.enable) [
|
||||
ayatana-indicator-sound
|
||||
]) ++ (with pkgs.lomiri; [
|
||||
telephony-service
|
||||
] ++ lib.optionals config.networking.networkmanager.enable [
|
||||
lomiri-indicator-network
|
||||
]);
|
||||
]
|
||||
)
|
||||
++ (
|
||||
with pkgs.lomiri;
|
||||
[ telephony-service ]
|
||||
++ lib.optionals config.networking.networkmanager.enable [ lomiri-indicator-network ]
|
||||
);
|
||||
};
|
||||
|
||||
services.udisks2.enable = true;
|
||||
|
@ -139,9 +190,7 @@ in {
|
|||
# At least the network indicator is still under the unity name, due to leftover Unity-isms
|
||||
"/share/unity"
|
||||
# Data
|
||||
"/share/locale" # TODO LUITK hardcoded default locale path, fix individual apps to not rely on it
|
||||
"/share/sounds"
|
||||
"/share/wallpapers"
|
||||
];
|
||||
|
||||
systemd.user.services = {
|
||||
|
@ -159,7 +208,13 @@ in {
|
|||
|
||||
"lomiri-polkit-agent" = rec {
|
||||
description = "Lomiri Polkit agent";
|
||||
wantedBy = [ "lomiri.service" "lomiri-full-greeter.service" "lomiri-full-shell.service" "lomiri-greeter.service" "lomiri-shell.service" ];
|
||||
wantedBy = [
|
||||
"lomiri.service"
|
||||
"lomiri-full-greeter.service"
|
||||
"lomiri-full-shell.service"
|
||||
"lomiri-greeter.service"
|
||||
"lomiri-shell.service"
|
||||
];
|
||||
after = [ "graphical-session.target" ];
|
||||
partOf = wantedBy;
|
||||
serviceConfig = {
|
||||
|
@ -172,14 +227,16 @@ in {
|
|||
|
||||
systemd.services = {
|
||||
"dbus-com.lomiri.UserMetrics" = {
|
||||
serviceConfig = {
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "dbus";
|
||||
BusName = "com.lomiri.UserMetrics";
|
||||
User = "usermetrics";
|
||||
StandardOutput = "syslog";
|
||||
SyslogIdentifier = "com.lomiri.UserMetrics";
|
||||
ExecStart = "${pkgs.lomiri.libusermetrics}/libexec/libusermetrics/usermetricsservice";
|
||||
} // lib.optionalAttrs (!config.security.apparmor.enable) {
|
||||
}
|
||||
// lib.optionalAttrs (!config.security.apparmor.enable) {
|
||||
# Due to https://gitlab.com/ubports/development/core/libusermetrics/-/issues/8, auth must be disabled when not using AppArmor, lest the next database usage breaks
|
||||
Environment = "USERMETRICS_NO_AUTH=1";
|
||||
};
|
||||
|
@ -194,7 +251,8 @@ in {
|
|||
};
|
||||
|
||||
users.groups.usermetrics = { };
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
meta.maintainers = lib.teams.lomiri.members;
|
||||
}
|
||||
|
|
|
@ -73,6 +73,7 @@ in {
|
|||
kguiaddons # provides geo URL handlers
|
||||
kiconthemes # provides Qt plugins
|
||||
kimageformats # provides Qt plugins
|
||||
qtimageformats # provides optional image formats such as .webp and .avif
|
||||
kio # provides helper service + a bunch of other stuff
|
||||
kio-admin # managing files as admin
|
||||
kio-extras # stuff for MTP, AFC, etc
|
||||
|
|
|
@ -5,9 +5,6 @@
|
|||
with lib;
|
||||
|
||||
let
|
||||
# the demo agent isn't built by default, but we need it here
|
||||
package = pkgs.geoclue2.override { withDemoAgent = config.services.geoclue2.enableDemoAgent; };
|
||||
|
||||
cfg = config.services.geoclue2;
|
||||
|
||||
defaultWhitelist = [ "gnome-shell" "io.elementary.desktop.agent-geoclue2" ];
|
||||
|
@ -132,6 +129,17 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.geoclue2;
|
||||
defaultText = literalExpression "pkgs.geoclue2";
|
||||
apply = pkg: pkg.override {
|
||||
# the demo agent isn't built by default, but we need it here
|
||||
withDemoAgent = cfg.enableDemoAgent;
|
||||
};
|
||||
description = "The geoclue2 package to use";
|
||||
};
|
||||
|
||||
submitData = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -180,11 +188,11 @@ in
|
|||
###### implementation
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = [ package ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
services.dbus.packages = [ package ];
|
||||
services.dbus.packages = [ cfg.package ];
|
||||
|
||||
systemd.packages = [ package ];
|
||||
systemd.packages = [ cfg.package ];
|
||||
|
||||
# we cannot use DynamicUser as we need the the geoclue user to exist for the
|
||||
# dbus policy to work
|
||||
|
@ -223,7 +231,7 @@ in
|
|||
unitConfig.ConditionUser = "!@system";
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
ExecStart = "${package}/libexec/geoclue-2.0/demos/agent";
|
||||
ExecStart = "${cfg.package}/libexec/geoclue-2.0/demos/agent";
|
||||
Restart = "on-failure";
|
||||
PrivateTmp = true;
|
||||
};
|
||||
|
|
|
@ -37,7 +37,7 @@ If you want to prevent Athens from writing to disk, you can instead configure it
|
|||
}
|
||||
```
|
||||
|
||||
To use the local proxy in Go builds, you can set the proxy as environment variable:
|
||||
To use the local proxy in Go builds (outside of `nix`), you can set the proxy as environment variable:
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -47,6 +47,21 @@ To use the local proxy in Go builds, you can set the proxy as environment variab
|
|||
}
|
||||
```
|
||||
|
||||
It is currently not possible to use the local proxy for builds done by the Nix daemon. This might be enabled
|
||||
by experimental features, specifically [`configurable-impure-env`](https://nixos.org/manual/nix/unstable/contributing/experimental-features#xp-feature-configurable-impure-env),
|
||||
in upcoming Nix versions.
|
||||
To also use the local proxy for Go builds happening in `nix` (with `buildGoModule`), the nix daemon can be configured to pass the GOPROXY environment variable to the `goModules` fixed-output derivation.
|
||||
|
||||
This can either be done via the nix-daemon systemd unit:
|
||||
|
||||
```nix
|
||||
{
|
||||
systemd.services.nix-daemon.environment.GOPROXY = "http://localhost:3000";
|
||||
}
|
||||
```
|
||||
|
||||
or via the [impure-env experimental feature](https://nix.dev/manual/nix/2.24/command-ref/conf-file#conf-impure-env):
|
||||
|
||||
```nix
|
||||
{
|
||||
nix.settings.experimental-features = [ "configurable-impure-env" ];
|
||||
nix.settings.impure-env = "GOPROXY=http://localhost:3000";
|
||||
}
|
||||
```
|
||||
|
|
45
third_party/nixpkgs/nixos/modules/services/hardware/g810-led.nix
vendored
Normal file
45
third_party/nixpkgs/nixos/modules/services/hardware/g810-led.nix
vendored
Normal file
|
@ -0,0 +1,45 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.g810-led;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.g810-led = {
|
||||
enable = lib.mkEnableOption "g810-led, a Linux LED controller for some Logitech G Keyboards";
|
||||
|
||||
package = lib.mkPackageOption pkgs "g810-led" { };
|
||||
|
||||
profile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.lines;
|
||||
default = null;
|
||||
example = ''
|
||||
# G810-LED Profile (turn all keys on)
|
||||
|
||||
# Set all keys on
|
||||
a ffffff
|
||||
|
||||
# Commit changes
|
||||
c
|
||||
'';
|
||||
description = ''
|
||||
Keyboard profile to apply at boot time.
|
||||
|
||||
The upstream repository provides [example configurations](https://github.com/MatMoul/g810-led/tree/master/sample_profiles).
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.etc."g810-led/profile".text = lib.mkIf (cfg.profile != null) cfg.profile;
|
||||
|
||||
services.udev.packages = [ cfg.package ];
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ GaetanLepage ];
|
||||
}
|
|
@ -11,6 +11,11 @@ in
|
|||
enable = mkEnableOption "Handheld Daemon";
|
||||
package = mkPackageOption pkgs "handheld-daemon" { };
|
||||
|
||||
ui = {
|
||||
enable = mkEnableOption "Handheld Daemon UI";
|
||||
package = mkPackageOption pkgs "handheld-daemon-ui" { };
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
|
@ -20,7 +25,10 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
services.handheld-daemon.ui.enable = mkDefault true;
|
||||
environment.systemPackages = [
|
||||
cfg.package
|
||||
] ++ lib.optional cfg.ui.enable cfg.ui.package;
|
||||
services.udev.packages = [ cfg.package ];
|
||||
systemd.packages = [ cfg.package ];
|
||||
|
||||
|
@ -31,6 +39,11 @@ in
|
|||
|
||||
restartIfChanged = true;
|
||||
|
||||
path = mkIf cfg.ui.enable [
|
||||
cfg.ui.package
|
||||
pkgs.lsof
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${ lib.getExe cfg.package } --user ${ cfg.user }";
|
||||
Nice = "-12";
|
||||
|
|
|
@ -18,6 +18,8 @@ in
|
|||
|
||||
enable = lib.mkEnableOption "udisks2, a DBus service that allows applications to query and manipulate storage devices";
|
||||
|
||||
package = lib.mkPackageOption pkgs "udisks2" {};
|
||||
|
||||
mountOnMedia = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
|
@ -67,11 +69,11 @@ in
|
|||
|
||||
config = lib.mkIf config.services.udisks2.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.udisks2 ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
environment.etc = (lib.mapAttrs' (name: value: lib.nameValuePair "udisks2/${name}" { source = value; } ) configFiles) // (
|
||||
let
|
||||
libblockdev = pkgs.udisks2.libblockdev;
|
||||
libblockdev = cfg.package.libblockdev;
|
||||
majorVer = lib.versions.major libblockdev.version;
|
||||
in {
|
||||
# We need to make sure /etc/libblockdev/@major_ver@/conf.d is populated to avoid
|
||||
|
@ -82,18 +84,18 @@ in
|
|||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services.dbus.packages = [ pkgs.udisks2 ];
|
||||
services.dbus.packages = [ cfg.package ];
|
||||
|
||||
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ]
|
||||
++ lib.optional cfg.mountOnMedia "D! /media 0755 root root -";
|
||||
|
||||
services.udev.packages = [ pkgs.udisks2 ];
|
||||
services.udev.packages = [ cfg.package ];
|
||||
|
||||
services.udev.extraRules = lib.optionalString cfg.mountOnMedia ''
|
||||
ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_FILESYSTEM_SHARED}="1"
|
||||
'';
|
||||
|
||||
systemd.packages = [ pkgs.udisks2 ];
|
||||
systemd.packages = [ cfg.package ];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -142,18 +142,10 @@ in
|
|||
CapabilityBoundingSet = "";
|
||||
DeviceAllow = if builtins.elem options.device [ "cuda" "auto" ] then [
|
||||
# https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf
|
||||
# CUDA not working? Check DeviceAllow and PrivateDevices first!
|
||||
"/dev/nvidia0"
|
||||
"/dev/nvidia1"
|
||||
"/dev/nvidia2"
|
||||
"/dev/nvidia3"
|
||||
"/dev/nvidia4"
|
||||
"/dev/nvidia-caps/nvidia-cap1"
|
||||
"/dev/nvidia-caps/nvidia-cap2"
|
||||
"/dev/nvidiactl"
|
||||
"/dev/nvidia-modeset"
|
||||
"/dev/nvidia-uvm"
|
||||
"/dev/nvidia-uvm-tools"
|
||||
"char-nvidia-uvm"
|
||||
"char-nvidia-frontend"
|
||||
"char-nvidia-caps"
|
||||
"char-nvidiactl"
|
||||
] else "";
|
||||
DevicePolicy = "closed";
|
||||
LockPersonality = true;
|
||||
|
|
|
@ -76,9 +76,7 @@ in
|
|||
|
||||
# Hardening
|
||||
CapabilityBoundingSet = "";
|
||||
DeviceAllow = [
|
||||
config.services.zigbee2mqtt.settings.serial.port
|
||||
];
|
||||
DeviceAllow = lib.optionals (lib.hasPrefix "/" cfg.settings.serial.port) [ cfg.settings.serial.port ];
|
||||
DevicePolicy = "closed";
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = false;
|
||||
|
|
|
@ -27,7 +27,7 @@ in
|
|||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# for cli usage
|
||||
environment.systemPackages = [ pkgs.vector ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.vector = {
|
||||
description = "Vector event and log aggregator";
|
||||
|
@ -40,7 +40,7 @@ in
|
|||
conf = format.generate "vector.toml" cfg.settings;
|
||||
validateConfig = file:
|
||||
pkgs.runCommand "validate-vector-conf" {
|
||||
nativeBuildInputs = [ pkgs.vector ];
|
||||
nativeBuildInputs = [ cfg.package ];
|
||||
} ''
|
||||
vector validate --no-environment "${file}"
|
||||
ln -s "${file}" "$out"
|
||||
|
|
|
@ -18,7 +18,7 @@ in
|
|||
type = lib.types.listOf lib.types.path;
|
||||
default = [ ];
|
||||
example = lib.literalExpression "with pkgs; [ pass gnome-keyring ]";
|
||||
description = "List of derivations to put in protonmail-bride's path.";
|
||||
description = "List of derivations to put in protonmail-bridge's path.";
|
||||
};
|
||||
|
||||
logLevel = lib.mkOption {
|
||||
|
|
|
@ -7,7 +7,7 @@ let
|
|||
stateDir = "/var/lib/public-inbox";
|
||||
|
||||
gitIni = pkgs.formats.gitIni { listsAsDuplicateKeys = true; };
|
||||
iniAtom = elemAt gitIni.type/*attrsOf*/.functor.wrapped/*attrsOf*/.functor.wrapped/*either*/.functor.wrapped 0;
|
||||
iniAtom = gitIni.lib.types.atom;
|
||||
|
||||
useSpamAssassin = cfg.settings.publicinboxmda.spamcheck == "spamc" ||
|
||||
cfg.settings.publicinboxwatch.spamcheck == "spamc";
|
||||
|
|
125
third_party/nixpkgs/nixos/modules/services/misc/duckdns.nix
vendored
Normal file
125
third_party/nixpkgs/nixos/modules/services/misc/duckdns.nix
vendored
Normal file
|
@ -0,0 +1,125 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.duckdns;
|
||||
duckdns = pkgs.writeShellScriptBin "duckdns" ''
|
||||
DRESPONSE=$(curl -sS --max-time 60 --no-progress-meter -k -K- <<< "url = \"https://www.duckdns.org/update?verbose=true&domains=$DUCKDNS_DOMAINS&token=$DUCKDNS_TOKEN&ip=\"")
|
||||
IPV4=$(echo "$DRESPONSE" | awk 'NR==2')
|
||||
IPV6=$(echo "$DRESPONSE" | awk 'NR==3')
|
||||
RESPONSE=$(echo "$DRESPONSE" | awk 'NR==1')
|
||||
IPCHANGE=$(echo "$DRESPONSE" | awk 'NR==4')
|
||||
|
||||
if [[ "$RESPONSE" = "OK" ]] && [[ "$IPCHANGE" = "UPDATED" ]]; then
|
||||
if [[ "$IPV4" != "" ]] && [[ "$IPV6" == "" ]]; then
|
||||
echo "Your IP was updated at $(date) to IPv4: $IPV4"
|
||||
elif [[ "$IPV4" == "" ]] && [[ "$IPV6" != "" ]]; then
|
||||
echo "Your IP was updated at $(date) to IPv6: $IPV6"
|
||||
else
|
||||
echo "Your IP was updated at $(date) to IPv4: $IPV4 & IPv6 to: $IPV6"
|
||||
fi
|
||||
elif [[ "$RESPONSE" = "OK" ]] && [[ "$IPCHANGE" = "NOCHANGE" ]]; then
|
||||
echo "DuckDNS request at $(date) successful. IP(s) unchanged."
|
||||
else
|
||||
echo -e "Something went wrong, please check your settings\nThe response returned was:\n$DRESPONSE\n"
|
||||
exit 1
|
||||
fi
|
||||
'';
|
||||
in
|
||||
{
|
||||
options.services.duckdns = {
|
||||
enable = lib.mkEnableOption "DuckDNS Dynamic DNS Client";
|
||||
tokenFile = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.path;
|
||||
description = ''
|
||||
The path to a file containing the token
|
||||
used to authenticate with DuckDNS.
|
||||
'';
|
||||
};
|
||||
|
||||
domains = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr (lib.types.listOf lib.types.str);
|
||||
example = [ "examplehost" ];
|
||||
description = ''
|
||||
The domain(s) to update in DuckDNS
|
||||
(without the .duckdns.org suffix)
|
||||
'';
|
||||
};
|
||||
|
||||
domainsFile = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
example = lib.literalExpression ''
|
||||
pkgs.writeText "duckdns-domains.txt" '''
|
||||
examplehost
|
||||
examplehost2
|
||||
examplehost3
|
||||
'''
|
||||
'';
|
||||
description = ''
|
||||
The path to a file containing a
|
||||
newline-separated list of DuckDNS
|
||||
domain(s) to be updated
|
||||
(without the .duckdns.org suffix)
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.domains != null || cfg.domainsFile != null;
|
||||
message = "Either services.duckdns.domains or services.duckdns.domainsFile has to be defined";
|
||||
}
|
||||
{
|
||||
assertion = !(cfg.domains != null && cfg.domainsFile != null);
|
||||
message = "services.duckdns.domains and services.duckdns.domainsFile can't both be defined at the same time";
|
||||
}
|
||||
{
|
||||
assertion = (cfg.tokenFile != null);
|
||||
message = "services.duckdns.tokenFile has to be defined";
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ duckdns ];
|
||||
|
||||
systemd.services.duckdns = {
|
||||
description = "DuckDNS Dynamic DNS Client";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
startAt = "*:0/5";
|
||||
path = [
|
||||
pkgs.gnused
|
||||
pkgs.systemd
|
||||
pkgs.curl
|
||||
pkgs.gawk
|
||||
duckdns
|
||||
];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
LoadCredential = [
|
||||
"DUCKDNS_TOKEN_FILE:${cfg.tokenFile}"
|
||||
] ++ lib.optionals (cfg.domainsFile != null) [ "DUCKDNS_DOMAINS_FILE:${cfg.domainsFile}" ];
|
||||
DynamicUser = true;
|
||||
};
|
||||
script = ''
|
||||
export DUCKDNS_TOKEN=$(systemd-creds cat DUCKDNS_TOKEN_FILE)
|
||||
${lib.optionalString (cfg.domains != null) ''
|
||||
export DUCKDNS_DOMAINS='${lib.strings.concatStringsSep "," cfg.domains}'
|
||||
''}
|
||||
${lib.optionalString (cfg.domainsFile != null) ''
|
||||
export DUCKDNS_DOMAINS=$(systemd-creds cat DUCKDNS_DOMAINS_FILE | sed -z 's/\n/,/g')
|
||||
''}
|
||||
exec ${lib.getExe duckdns}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ notthebee ];
|
||||
}
|
167
third_party/nixpkgs/nixos/modules/services/misc/evremap.nix
vendored
Normal file
167
third_party/nixpkgs/nixos/modules/services/misc/evremap.nix
vendored
Normal file
|
@ -0,0 +1,167 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.evremap;
|
||||
format = pkgs.formats.toml { };
|
||||
|
||||
key = lib.types.strMatching "KEY_[[:upper:]]+" // {
|
||||
description = "key ID prefixed with KEY_";
|
||||
};
|
||||
|
||||
mkKeyOption =
|
||||
description:
|
||||
lib.mkOption {
|
||||
type = key;
|
||||
description = ''
|
||||
${description}
|
||||
|
||||
You can get a list of keys by running `evremap list-keys`.
|
||||
'';
|
||||
};
|
||||
mkKeySeqOption =
|
||||
description:
|
||||
(mkKeyOption description)
|
||||
// {
|
||||
type = lib.types.listOf key;
|
||||
};
|
||||
|
||||
dualRoleModule = lib.types.submodule {
|
||||
options = {
|
||||
input = mkKeyOption "The key that should be remapped.";
|
||||
hold = mkKeySeqOption "The key sequence that should be output when the input key is held.";
|
||||
tap = mkKeySeqOption "The key sequence that should be output when the input key is tapped.";
|
||||
};
|
||||
};
|
||||
|
||||
remapModule = lib.types.submodule {
|
||||
options = {
|
||||
input = mkKeySeqOption "The key sequence that should be remapped.";
|
||||
output = mkKeySeqOption "The key sequence that should be output when the input sequence is entered.";
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.services.evremap = {
|
||||
enable = lib.mkEnableOption "evremap, a keyboard input remapper for Linux/Wayland systems";
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
freeformType = format.type;
|
||||
|
||||
options = {
|
||||
device_name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "AT Translated Set 2 keyboard";
|
||||
description = ''
|
||||
The name of the device that should be remapped.
|
||||
|
||||
You can get a list of devices by running `evremap list-devices` with elevated permissions.
|
||||
'';
|
||||
};
|
||||
|
||||
dual_role = lib.mkOption {
|
||||
type = lib.types.listOf dualRoleModule;
|
||||
default = [ ];
|
||||
example = [
|
||||
{
|
||||
input = "KEY_CAPSLOCK";
|
||||
hold = [ "KEY_LEFTCTRL" ];
|
||||
tap = [ "KEY_ESC" ];
|
||||
}
|
||||
];
|
||||
description = ''
|
||||
List of dual-role remappings that output different key sequences based on whether the
|
||||
input key is held or tapped.
|
||||
'';
|
||||
};
|
||||
|
||||
remap = lib.mkOption {
|
||||
type = lib.types.listOf remapModule;
|
||||
default = [ ];
|
||||
example = [
|
||||
{
|
||||
input = [
|
||||
"KEY_LEFTALT"
|
||||
"KEY_UP"
|
||||
];
|
||||
output = [ "KEY_PAGEUP" ];
|
||||
}
|
||||
];
|
||||
description = ''
|
||||
List of remappings.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
description = ''
|
||||
Settings for evremap.
|
||||
|
||||
See the [upstream documentation](https://github.com/wez/evremap/blob/master/README.md#configuration)
|
||||
for how to configure evremap.
|
||||
'';
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.evremap ];
|
||||
|
||||
hardware.uinput.enable = true;
|
||||
|
||||
systemd.services.evremap = {
|
||||
description = "evremap - keyboard input remapper";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
script = "${lib.getExe pkgs.evremap} remap ${format.generate "evremap.toml" cfg.settings}";
|
||||
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
User = "evremap";
|
||||
SupplementaryGroups = [
|
||||
config.users.groups.input.name
|
||||
config.users.groups.uinput.name
|
||||
];
|
||||
Restart = "on-failure";
|
||||
RestartSec = 5;
|
||||
TimeoutSec = 20;
|
||||
|
||||
# Hardening
|
||||
ProtectClock = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProtectHome = true;
|
||||
ProcSubset = "pid";
|
||||
|
||||
PrivateTmp = true;
|
||||
PrivateNetwork = true;
|
||||
PrivateUsers = true;
|
||||
|
||||
RestrictRealtime = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictAddressFamilies = "none";
|
||||
|
||||
MemoryDenyWriteExecute = true;
|
||||
LockPersonality = true;
|
||||
IPAddressDeny = "any";
|
||||
AmbientCapabilities = "";
|
||||
CapabilityBoundingSet = "";
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@resources"
|
||||
"~@privileged"
|
||||
];
|
||||
UMask = "0027";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
20
third_party/nixpkgs/nixos/modules/services/monitoring/glances.md
vendored
Normal file
20
third_party/nixpkgs/nixos/modules/services/monitoring/glances.md
vendored
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Glances {#module-serives-glances}
|
||||
|
||||
Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS
|
||||
and Windows operating systems.
|
||||
|
||||
Visit [the Glances project page](https://github.com/nicolargo/glances) to learn
|
||||
more about it.
|
||||
|
||||
# Quickstart {#module-serives-glances-quickstart}
|
||||
|
||||
Use the following configuration to start a public instance of Glances locally:
|
||||
|
||||
```nix
|
||||
{
|
||||
services.glances = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
```
|
110
third_party/nixpkgs/nixos/modules/services/monitoring/glances.nix
vendored
Normal file
110
third_party/nixpkgs/nixos/modules/services/monitoring/glances.nix
vendored
Normal file
|
@ -0,0 +1,110 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
utils,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.glances;
|
||||
|
||||
inherit (lib)
|
||||
getExe
|
||||
maintainers
|
||||
mkEnableOption
|
||||
mkOption
|
||||
mkIf
|
||||
mkPackageOption
|
||||
;
|
||||
|
||||
inherit (lib.types)
|
||||
bool
|
||||
listOf
|
||||
port
|
||||
str
|
||||
;
|
||||
|
||||
inherit (utils)
|
||||
escapeSystemdExecArgs
|
||||
;
|
||||
|
||||
in
|
||||
{
|
||||
options.services.glances = {
|
||||
enable = mkEnableOption "Glances";
|
||||
|
||||
package = mkPackageOption pkgs "glances" { };
|
||||
|
||||
port = mkOption {
|
||||
description = "Port the server will isten on.";
|
||||
type = port;
|
||||
default = 61208;
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
description = "Open port in the firewall for glances.";
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
extraArgs = mkOption {
|
||||
type = listOf str;
|
||||
default = [ "--webserver" ];
|
||||
example = [
|
||||
"--webserver"
|
||||
"--disable-webui"
|
||||
];
|
||||
description = ''
|
||||
Extra command-line arguments to pass to glances.
|
||||
|
||||
See https://glances.readthedocs.io/en/latest/cmds.html for all available options.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services."glances" = {
|
||||
description = "Glances";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
DynamicUser = true;
|
||||
ExecStart = "${getExe cfg.package} --port ${toString cfg.port} ${escapeSystemdExecArgs cfg.extraArgs}";
|
||||
Restart = "on-failure";
|
||||
|
||||
NoNewPrivileges = true;
|
||||
ProtectSystem = "full";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_NETLINK"
|
||||
"AF_UNIX"
|
||||
];
|
||||
LockPersonality = true;
|
||||
RestrictRealtime = true;
|
||||
ProtectClock = true;
|
||||
ReadWritePaths = [ "/var/log" ];
|
||||
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||
SystemCallFilter = [ "@system-service" ];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ claha ];
|
||||
}
|
|
@ -255,6 +255,7 @@ in
|
|||
Grafana settings. See <https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/>
|
||||
for available options. INI format is used.
|
||||
'';
|
||||
default = { };
|
||||
type = types.submodule {
|
||||
freeformType = settingsFormatIni.type;
|
||||
|
||||
|
|
|
@ -13,6 +13,11 @@ in
|
|||
|
||||
package = lib.mkPackageOption pkgs "clatd" { };
|
||||
|
||||
enableNetworkManagerIntegration = lib.mkEnableOption "NetworkManager integration" // {
|
||||
default = config.networking.networkmanager.enable;
|
||||
defaultText = "config.networking.networkmanager.enable";
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = lib.types.submodule ({ name, ... }: {
|
||||
freeformType = settingsFormat.type;
|
||||
|
@ -75,5 +80,17 @@ in
|
|||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.networkmanager.dispatcherScripts = cfg.enableNetworkManagerIntegration [
|
||||
{
|
||||
type = "basic";
|
||||
# https://github.com/toreanderson/clatd/blob/master/scripts/clatd.networkmanager
|
||||
source = pkgs.writeShellScript "restart-clatd" ''
|
||||
[ "$DEVICE_IFACE" = "clat" ] && exit 0
|
||||
[ "$2" != "up" ] && [ "$2" != "down" ] && exit 0
|
||||
${pkgs.systemd}/bin/systemctl restart clatd.service
|
||||
'';
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
62
third_party/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix
vendored
Normal file
62
third_party/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix
vendored
Normal file
|
@ -0,0 +1,62 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.globalprotect;
|
||||
|
||||
execStart =
|
||||
if cfg.csdWrapper == null then
|
||||
"${pkgs.globalprotect-openconnect}/bin/gpservice"
|
||||
else
|
||||
"${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
|
||||
in
|
||||
|
||||
{
|
||||
options.services.globalprotect = {
|
||||
enable = lib.mkEnableOption "globalprotect";
|
||||
|
||||
settings = lib.mkOption {
|
||||
description = ''
|
||||
GlobalProtect-openconnect configuration. For more information, visit
|
||||
<https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>.
|
||||
'';
|
||||
default = { };
|
||||
example = {
|
||||
"vpn1.company.com" = {
|
||||
openconnect-args = "--script=/path/to/vpnc-script";
|
||||
};
|
||||
};
|
||||
type = lib.types.attrs;
|
||||
};
|
||||
|
||||
csdWrapper = lib.mkOption {
|
||||
description = ''
|
||||
A script that will produce a Host Integrity Protection (HIP) report,
|
||||
as described at <https://www.infradead.org/openconnect/hip.html>
|
||||
'';
|
||||
default = null;
|
||||
example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"'';
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.dbus.packages = [ pkgs.globalprotect-openconnect ];
|
||||
|
||||
environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;
|
||||
|
||||
systemd.services.gpservice = {
|
||||
description = "GlobalProtect openconnect DBus service";
|
||||
serviceConfig = {
|
||||
Type = "dbus";
|
||||
BusName = "com.yuezk.qt.GPService";
|
||||
ExecStart = execStart;
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -9,7 +9,7 @@ let
|
|||
cfg = config.services.magic-wormhole-mailbox-server;
|
||||
# keep semicolon in dataDir for backward compatibility
|
||||
dataDir = "/var/lib/magic-wormhole-mailbox-server;";
|
||||
python = pkgs.python311.withPackages (
|
||||
python = pkgs.python3.withPackages (
|
||||
py: with py; [
|
||||
magic-wormhole-mailbox-server
|
||||
twisted
|
||||
|
|
|
@ -21,6 +21,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
options.services.minidlna.package = lib.mkPackageOption pkgs "minidlna" { };
|
||||
|
||||
options.services.minidlna.openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -141,7 +143,7 @@ in
|
|||
CacheDirectory = "minidlna";
|
||||
RuntimeDirectory = "minidlna";
|
||||
PIDFile = "/run/minidlna/pid";
|
||||
ExecStart = "${pkgs.minidlna}/sbin/minidlnad -S -P /run/minidlna/pid -f ${settingsFile}";
|
||||
ExecStart = "${lib.getExe cfg.package} -S -P /run/minidlna/pid -f ${settingsFile}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -27,6 +27,8 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
package = lib.options.mkPackageOption pkgs "shairport-sync" { };
|
||||
|
||||
arguments = mkOption {
|
||||
type = types.str;
|
||||
default = "-v -o pa";
|
||||
|
@ -100,12 +102,12 @@ in
|
|||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync ${cfg.arguments}";
|
||||
ExecStart = "${lib.getExe cfg.package} ${cfg.arguments}";
|
||||
RuntimeDirectory = "shairport-sync";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.shairport-sync ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
};
|
||||
|
||||
|
|
|
@ -186,6 +186,7 @@ in
|
|||
Restart = "always";
|
||||
User = "spiped";
|
||||
};
|
||||
stopIfChanged = false;
|
||||
|
||||
scriptArgs = "%i";
|
||||
script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/$1.spec`";
|
||||
|
|
|
@ -83,6 +83,7 @@ in
|
|||
systemd.services.teleport = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
path = with pkgs; [ getent shadow sudo ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/teleport start \
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
{ config, options, pkgs, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (lib) concatStringsSep literalExpression makeLibraryPath mkEnableOption
|
||||
mkForce mkIf mkOption mkPackageOption mkRemovedOptionModule optional types;
|
||||
|
||||
cfg = config.services.aesmd;
|
||||
opt = options.services.aesmd;
|
||||
|
||||
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
|
||||
sgx-psw = cfg.package;
|
||||
|
||||
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
|
||||
concatStringsSep "\n" (
|
||||
|
@ -18,13 +20,17 @@ let
|
|||
);
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "debug" ] ''
|
||||
Enable debug mode by overriding the aesmd package directly:
|
||||
|
||||
services.aesmd.package = pkgs.sgx-psw.override { debug = true; };
|
||||
'')
|
||||
];
|
||||
|
||||
options.services.aesmd = {
|
||||
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
|
||||
debug = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to build the PSW package in debug mode.";
|
||||
};
|
||||
package = mkPackageOption pkgs "sgx-psw" { };
|
||||
environment = mkOption {
|
||||
type = with types; attrsOf str;
|
||||
default = { };
|
||||
|
@ -126,7 +132,7 @@ in
|
|||
"|/dev/sgx_enclave"
|
||||
];
|
||||
|
||||
serviceConfig = rec {
|
||||
serviceConfig = {
|
||||
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
|
||||
set -euo pipefail
|
||||
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
|
||||
|
|
|
@ -177,7 +177,7 @@ in
|
|||
type = types.nullOr types.str;
|
||||
example = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
|
||||
description = ''
|
||||
"bantime.formula" used by default to calculate next value of ban time, default value bellow,
|
||||
"bantime.formula" used by default to calculate next value of ban time, default value below,
|
||||
the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32 ...
|
||||
'';
|
||||
};
|
||||
|
|
482
third_party/nixpkgs/nixos/modules/services/web-apps/agorakit.nix
vendored
Normal file
482
third_party/nixpkgs/nixos/modules/services/web-apps/agorakit.nix
vendored
Normal file
|
@ -0,0 +1,482 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.agorakit;
|
||||
agorakit = pkgs.agorakit.override { dataDir = cfg.dataDir; };
|
||||
db = cfg.database;
|
||||
mail = cfg.mail;
|
||||
|
||||
user = cfg.user;
|
||||
group = cfg.group;
|
||||
|
||||
# shell script for local administration
|
||||
artisan = pkgs.writeScriptBin "agorakit" ''
|
||||
#! ${pkgs.runtimeShell}
|
||||
cd ${agorakit}
|
||||
sudo() {
|
||||
if [[ "$USER" != ${user} ]]; then
|
||||
exec /run/wrappers/bin/sudo -u ${user} "$@"
|
||||
else
|
||||
exec "$@"
|
||||
fi
|
||||
}
|
||||
sudo ${lib.getExe pkgs.php} artisan "$@"
|
||||
'';
|
||||
|
||||
tlsEnabled = cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME;
|
||||
in
|
||||
{
|
||||
options.services.agorakit = {
|
||||
enable = mkEnableOption "agorakit";
|
||||
|
||||
user = mkOption {
|
||||
default = "agorakit";
|
||||
description = "User agorakit runs as.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
default = "agorakit";
|
||||
description = "Group agorakit runs as.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
appKeyFile = mkOption {
|
||||
description = ''
|
||||
A file containing the Laravel APP_KEY - a 32 character long,
|
||||
base64 encoded key used for encryption where needed. Can be
|
||||
generated with <code>head -c 32 /dev/urandom | base64</code>.
|
||||
'';
|
||||
example = "/run/keys/agorakit-appkey";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
hostName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default =
|
||||
if config.networking.domain != null then config.networking.fqdn else config.networking.hostName;
|
||||
defaultText = lib.literalExpression "config.networking.fqdn";
|
||||
example = "agorakit.example.com";
|
||||
description = ''
|
||||
The hostname to serve agorakit on.
|
||||
'';
|
||||
};
|
||||
|
||||
appURL = mkOption {
|
||||
description = ''
|
||||
The root URL that you want to host agorakit on. All URLs in agorakit will be generated using this value.
|
||||
If you change this in the future you may need to run a command to update stored URLs in the database.
|
||||
Command example: <code>php artisan agorakit:update-url https://old.example.com https://new.example.com</code>
|
||||
'';
|
||||
default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostName}";
|
||||
defaultText = ''http''${lib.optionalString tlsEnabled "s"}://''${cfg.hostName}'';
|
||||
example = "https://example.com";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
description = "agorakit data directory";
|
||||
default = "/var/lib/agorakit";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
database = {
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Database host address.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 3306;
|
||||
description = "Database host port.";
|
||||
};
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "agorakit";
|
||||
description = "Database name.";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = user;
|
||||
defaultText = lib.literalExpression "user";
|
||||
description = "Database username.";
|
||||
};
|
||||
passwordFile = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
example = "/run/keys/agorakit-dbpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
<option>database.user</option>.
|
||||
'';
|
||||
};
|
||||
createLocally = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Create the database and database user locally.";
|
||||
};
|
||||
};
|
||||
|
||||
mail = {
|
||||
driver = mkOption {
|
||||
type = types.enum [
|
||||
"smtp"
|
||||
"sendmail"
|
||||
];
|
||||
default = "smtp";
|
||||
description = "Mail driver to use.";
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Mail host address.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 1025;
|
||||
description = "Mail host port.";
|
||||
};
|
||||
fromName = mkOption {
|
||||
type = types.str;
|
||||
default = "agorakit";
|
||||
description = "Mail \"from\" name.";
|
||||
};
|
||||
from = mkOption {
|
||||
type = types.str;
|
||||
default = "mail@agorakit.com";
|
||||
description = "Mail \"from\" email.";
|
||||
};
|
||||
user = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "agorakit";
|
||||
description = "Mail username.";
|
||||
};
|
||||
passwordFile = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
example = "/run/keys/agorakit-mailpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
<option>mail.user</option>.
|
||||
'';
|
||||
};
|
||||
encryption = mkOption {
|
||||
type = with types; nullOr (enum [ "tls" ]);
|
||||
default = null;
|
||||
description = "SMTP encryption mechanism to use.";
|
||||
};
|
||||
};
|
||||
|
||||
maxUploadSize = mkOption {
|
||||
type = types.str;
|
||||
default = "18M";
|
||||
example = "1G";
|
||||
description = "The maximum size for uploads (e.g. images).";
|
||||
};
|
||||
|
||||
poolConfig = mkOption {
|
||||
type =
|
||||
with types;
|
||||
attrsOf (oneOf [
|
||||
str
|
||||
int
|
||||
bool
|
||||
]);
|
||||
default = {
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 32;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 2;
|
||||
"pm.max_spare_servers" = 4;
|
||||
"pm.max_requests" = 500;
|
||||
};
|
||||
description = ''
|
||||
Options for the agorakit PHP pool. See the documentation on <literal>php-fpm.conf</literal>
|
||||
for details on configuration directives.
|
||||
'';
|
||||
};
|
||||
|
||||
nginx = mkOption {
|
||||
type = types.submodule (
|
||||
recursiveUpdate (import ../web-servers/nginx/vhost-options.nix {
|
||||
inherit config lib;
|
||||
}) { }
|
||||
);
|
||||
default = { };
|
||||
example = ''
|
||||
{
|
||||
serverAliases = [
|
||||
"agorakit.''${config.networking.domain}"
|
||||
];
|
||||
# To enable encryption and let let's encrypt take care of certificate
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
With this option, you can customize the nginx virtualHost settings.
|
||||
'';
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type =
|
||||
with types;
|
||||
attrsOf (
|
||||
nullOr (
|
||||
either
|
||||
(oneOf [
|
||||
bool
|
||||
int
|
||||
port
|
||||
path
|
||||
str
|
||||
])
|
||||
(submodule {
|
||||
options = {
|
||||
_secret = mkOption {
|
||||
type = nullOr str;
|
||||
description = ''
|
||||
The path to a file containing the value the
|
||||
option should be set to in the final
|
||||
configuration file.
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
)
|
||||
);
|
||||
default = { };
|
||||
example = ''
|
||||
{
|
||||
ALLOWED_IFRAME_HOSTS = "https://example.com";
|
||||
AUTH_METHOD = "oidc";
|
||||
OIDC_NAME = "MyLogin";
|
||||
OIDC_DISPLAY_NAME_CLAIMS = "name";
|
||||
OIDC_CLIENT_ID = "agorakit";
|
||||
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret"};
|
||||
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
|
||||
OIDC_ISSUER_DISCOVER = true;
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Agorakit configuration options to set in the
|
||||
<filename>.env</filename> file.
|
||||
|
||||
Refer to <link xlink:href="https://github.com/agorakit/agorakit"/>
|
||||
for details on supported values.
|
||||
|
||||
Settings containing secret data should be set to an attribute
|
||||
set containing the attribute <literal>_secret</literal> - a
|
||||
string pointing to a file containing the value the option
|
||||
should be set to. See the example to get a better picture of
|
||||
this: in the resulting <filename>.env</filename> file, the
|
||||
<literal>OIDC_CLIENT_SECRET</literal> key will be set to the
|
||||
contents of the <filename>/run/keys/oidc_secret</filename>
|
||||
file.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = db.createLocally -> db.user == user;
|
||||
message = "services.agorakit.database.user must be set to ${user} if services.agorakit.database.createLocally is set true.";
|
||||
}
|
||||
{
|
||||
assertion = db.createLocally -> db.passwordFile == null;
|
||||
message = "services.agorakit.database.passwordFile cannot be specified if services.agorakit.database.createLocally is set to true.";
|
||||
}
|
||||
];
|
||||
|
||||
services.agorakit.config = {
|
||||
APP_ENV = "production";
|
||||
APP_KEY._secret = cfg.appKeyFile;
|
||||
APP_URL = cfg.appURL;
|
||||
DB_HOST = db.host;
|
||||
DB_PORT = db.port;
|
||||
DB_DATABASE = db.name;
|
||||
DB_USERNAME = db.user;
|
||||
MAIL_DRIVER = mail.driver;
|
||||
MAIL_FROM_NAME = mail.fromName;
|
||||
MAIL_FROM = mail.from;
|
||||
MAIL_HOST = mail.host;
|
||||
MAIL_PORT = mail.port;
|
||||
MAIL_USERNAME = mail.user;
|
||||
MAIL_ENCRYPTION = mail.encryption;
|
||||
DB_PASSWORD._secret = db.passwordFile;
|
||||
MAIL_PASSWORD._secret = mail.passwordFile;
|
||||
APP_SERVICES_CACHE = "/run/agorakit/cache/services.php";
|
||||
APP_PACKAGES_CACHE = "/run/agorakit/cache/packages.php";
|
||||
APP_CONFIG_CACHE = "/run/agorakit/cache/config.php";
|
||||
APP_ROUTES_CACHE = "/run/agorakit/cache/routes-v7.php";
|
||||
APP_EVENTS_CACHE = "/run/agorakit/cache/events.php";
|
||||
SESSION_SECURE_COOKIE = tlsEnabled;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ artisan ];
|
||||
|
||||
services.mysql = mkIf db.createLocally {
|
||||
enable = true;
|
||||
package = mkDefault pkgs.mysql;
|
||||
ensureDatabases = [ db.name ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = db.user;
|
||||
ensurePermissions = {
|
||||
"${db.name}.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.phpfpm.pools.agorakit = {
|
||||
inherit user group;
|
||||
phpOptions = ''
|
||||
log_errors = on
|
||||
post_max_size = ${cfg.maxUploadSize}
|
||||
upload_max_filesize = ${cfg.maxUploadSize}
|
||||
'';
|
||||
settings = {
|
||||
"listen.mode" = "0660";
|
||||
"listen.owner" = user;
|
||||
"listen.group" = group;
|
||||
} // cfg.poolConfig;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = mkDefault true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedBrotliSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts.${cfg.hostName} = mkMerge [
|
||||
cfg.nginx
|
||||
{
|
||||
root = mkForce "${agorakit}/public";
|
||||
locations = {
|
||||
"/" = {
|
||||
index = "index.php";
|
||||
tryFiles = "$uri $uri/ /index.php?$query_string";
|
||||
};
|
||||
"~ \.php$".extraConfig = ''
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."agorakit".socket};
|
||||
'';
|
||||
"~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
|
||||
extraConfig = "expires 365d;";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.agorakit-setup = {
|
||||
description = "Preparation tasks for agorakit";
|
||||
before = [ "phpfpm-agorakit.service" ];
|
||||
after = optional db.createLocally "mysql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = user;
|
||||
UMask = 77;
|
||||
WorkingDirectory = "${agorakit}";
|
||||
RuntimeDirectory = "agorakit/cache";
|
||||
RuntimeDirectoryMode = 700;
|
||||
};
|
||||
path = [ pkgs.replace-secret ];
|
||||
script =
|
||||
let
|
||||
isSecret = v: isAttrs v && v ? _secret && isString v._secret;
|
||||
agorakitEnvVars = lib.generators.toKeyValue {
|
||||
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
|
||||
mkValueString =
|
||||
v:
|
||||
with builtins;
|
||||
if isInt v then
|
||||
toString v
|
||||
else if isString v then
|
||||
v
|
||||
else if true == v then
|
||||
"true"
|
||||
else if false == v then
|
||||
"false"
|
||||
else if isSecret v then
|
||||
hashString "sha256" v._secret
|
||||
else
|
||||
throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty { }) v}";
|
||||
};
|
||||
};
|
||||
secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.config);
|
||||
mkSecretReplacement = file: ''
|
||||
replace-secret ${
|
||||
escapeShellArgs [
|
||||
(builtins.hashString "sha256" file)
|
||||
file
|
||||
"${cfg.dataDir}/.env"
|
||||
]
|
||||
}
|
||||
'';
|
||||
secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
|
||||
filteredConfig = lib.converge (lib.filterAttrsRecursive (
|
||||
_: v:
|
||||
!elem v [
|
||||
{ }
|
||||
null
|
||||
]
|
||||
)) cfg.config;
|
||||
agorakitEnv = pkgs.writeText "agorakit.env" (agorakitEnvVars filteredConfig);
|
||||
in
|
||||
''
|
||||
# error handling
|
||||
set -euo pipefail
|
||||
|
||||
# create .env file
|
||||
install -T -m 0600 -o ${user} ${agorakitEnv} "${cfg.dataDir}/.env"
|
||||
${secretReplacements}
|
||||
if ! grep 'APP_KEY=base64:' "${cfg.dataDir}/.env" >/dev/null; then
|
||||
sed -i 's/APP_KEY=/APP_KEY=base64:/' "${cfg.dataDir}/.env"
|
||||
fi
|
||||
|
||||
# migrate & seed db
|
||||
${pkgs.php}/bin/php artisan key:generate --force
|
||||
${pkgs.php}/bin/php artisan migrate --force
|
||||
${pkgs.php}/bin/php artisan config:cache
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.dataDir} 0710 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/public 0750 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/public/uploads 0750 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/app 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/fonts 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/framework 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/framework/cache 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/framework/sessions 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/framework/views 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/logs 0700 ${user} ${group} - -"
|
||||
"d ${cfg.dataDir}/storage/uploads 0700 ${user} ${group} - -"
|
||||
];
|
||||
|
||||
users = {
|
||||
users = mkIf (user == "agorakit") {
|
||||
agorakit = {
|
||||
inherit group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
"${config.services.nginx.user}".extraGroups = [ group ];
|
||||
};
|
||||
groups = mkIf (group == "agorakit") { agorakit = { }; };
|
||||
};
|
||||
};
|
||||
}
|
|
@ -129,9 +129,6 @@ in
|
|||
services.changedetection-io = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.datastorePath}
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
@ -153,7 +150,7 @@ in
|
|||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
tmpfiles.rules = mkIf defaultStateDir [
|
||||
tmpfiles.rules = mkIf (!defaultStateDir) [
|
||||
"d ${cfg.datastorePath} 0750 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
};
|
||||
|
|
|
@ -163,7 +163,7 @@ in {
|
|||
|
||||
services.mysql = mkIf cfg.enable {
|
||||
enable = true;
|
||||
package = pkgs.mysql;
|
||||
package = pkgs.mariadb;
|
||||
ensureDatabases = [cfg.database.database];
|
||||
ensureUsers = [
|
||||
{
|
||||
|
|
|
@ -227,7 +227,7 @@ in
|
|||
ensureClauses.login = true;
|
||||
}
|
||||
];
|
||||
extraPlugins = ps: with ps; [ pgvecto-rs ];
|
||||
extensions = ps: with ps; [ pgvecto-rs ];
|
||||
settings = {
|
||||
shared_preload_libraries = [ "vectors.so" ];
|
||||
search_path = "\"$user\", public, vectors";
|
||||
|
|
403
third_party/nixpkgs/nixos/modules/services/web-apps/kimai.nix
vendored
Normal file
403
third_party/nixpkgs/nixos/modules/services/web-apps/kimai.nix
vendored
Normal file
|
@ -0,0 +1,403 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.kimai;
|
||||
eachSite = cfg.sites;
|
||||
user = "kimai";
|
||||
webserver = config.services.${cfg.webserver};
|
||||
stateDir = hostName: "/var/lib/kimai/${hostName}";
|
||||
|
||||
pkg =
|
||||
hostName: cfg:
|
||||
pkgs.stdenv.mkDerivation rec {
|
||||
pname = "kimai-${hostName}";
|
||||
src = cfg.package;
|
||||
version = src.version;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r * $out/
|
||||
|
||||
# Symlink .env file. This will be dynamically created at the service
|
||||
# startup.
|
||||
ln -sf ${stateDir hostName}/.env $out/share/php/kimai/.env
|
||||
|
||||
# Symlink the var/ folder
|
||||
# TODO: we may have to symlink individual folders if we want to also
|
||||
# manage plugins from Nix.
|
||||
rm -rf $out/share/php/kimai/var
|
||||
ln -s ${stateDir hostName} $out/share/php/kimai/var
|
||||
|
||||
# Symlink local.yaml.
|
||||
ln -s ${kimaiConfig hostName cfg} $out/share/php/kimai/config/packages/local.yaml
|
||||
'';
|
||||
};
|
||||
|
||||
kimaiConfig =
|
||||
hostName: cfg:
|
||||
pkgs.writeTextFile {
|
||||
name = "kimai-config-${hostName}.yaml";
|
||||
text = generators.toYAML { } cfg.settings;
|
||||
};
|
||||
|
||||
siteOpts =
|
||||
{
|
||||
lib,
|
||||
name,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options = {
|
||||
package = mkPackageOption pkgs "kimai" { };
|
||||
|
||||
database = {
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Database host address.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 3306;
|
||||
description = "Database host port.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "kimai";
|
||||
description = "Database name.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "kimai";
|
||||
description = "Database user.";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/kimai-dbpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
{option}`database.user`.
|
||||
'';
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
defaultText = literalExpression "/run/mysqld/mysqld.sock";
|
||||
description = "Path to the unix socket file to use for authentication.";
|
||||
};
|
||||
|
||||
charset = mkOption {
|
||||
type = types.str;
|
||||
default = "utf8mb4";
|
||||
description = "Database charset.";
|
||||
};
|
||||
|
||||
serverVersion = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
MySQL *exact* version string. Not used if `createdLocally` is set,
|
||||
but must be set otherwise. See
|
||||
https://www.kimai.org/documentation/installation.html#column-table_name-in-where-clause-is-ambiguous
|
||||
for how to set this value, especially if you're using MariaDB.
|
||||
'';
|
||||
};
|
||||
|
||||
createLocally = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Create the database and database user locally.";
|
||||
};
|
||||
};
|
||||
|
||||
poolConfig = mkOption {
|
||||
type =
|
||||
with types;
|
||||
attrsOf (oneOf [
|
||||
str
|
||||
int
|
||||
bool
|
||||
]);
|
||||
default = {
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 32;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 2;
|
||||
"pm.max_spare_servers" = 4;
|
||||
"pm.max_requests" = 500;
|
||||
};
|
||||
description = ''
|
||||
Options for the Kimai PHP pool. See the documentation on `php-fpm.conf`
|
||||
for details on configuration directives.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = types.attrsOf types.anything;
|
||||
default = { };
|
||||
description = ''
|
||||
Structural Kimai's local.yaml configuration.
|
||||
Refer to <https://www.kimai.org/documentation/local-yaml.html#localyaml>
|
||||
for details.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
{
|
||||
kimai = {
|
||||
timesheet = {
|
||||
rounding = {
|
||||
default = {
|
||||
begin = 15;
|
||||
end = 15;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/secrets/kimai.env";
|
||||
description = ''
|
||||
Securely pass environment variabels to Kimai. This can be used to
|
||||
set other environement variables such as MAILER_URL.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
# interface
|
||||
options = {
|
||||
services.kimai = {
|
||||
sites = mkOption {
|
||||
type = types.attrsOf (types.submodule siteOpts);
|
||||
default = { };
|
||||
description = "Specification of one or more Kimai sites to serve";
|
||||
};
|
||||
|
||||
webserver = mkOption {
|
||||
type = types.enum [ "nginx" ];
|
||||
default = "nginx";
|
||||
description = ''
|
||||
The webserver to configure for the PHP frontend.
|
||||
|
||||
At the moment, only `nginx` is supported. PRs are welcome for support
|
||||
for other web servers.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# implementation
|
||||
config = mkIf (eachSite != { }) (mkMerge [
|
||||
{
|
||||
|
||||
assertions =
|
||||
(mapAttrsToList (hostName: cfg: {
|
||||
assertion = cfg.database.createLocally -> cfg.database.user == user;
|
||||
message = ''services.kimai.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
|
||||
}) eachSite)
|
||||
++ (mapAttrsToList (hostName: cfg: {
|
||||
assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
|
||||
message = ''services.kimai.sites."${hostName}".database.passwordFile cannot be specified if services.kimai.sites."${hostName}".database.createLocally is set to true.'';
|
||||
}) eachSite)
|
||||
++ (mapAttrsToList (hostName: cfg: {
|
||||
assertion = !cfg.database.createLocally -> cfg.database.serverVersion != null;
|
||||
message = ''services.kimai.sites."${hostName}".database.serverVersion must be specified if services.kimai.sites."${hostName}".database.createLocally is set to false.'';
|
||||
}) eachSite);
|
||||
|
||||
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
|
||||
enable = true;
|
||||
package = mkDefault pkgs.mariadb;
|
||||
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
|
||||
ensureUsers = mapAttrsToList (hostName: cfg: {
|
||||
name = cfg.database.user;
|
||||
ensurePermissions = {
|
||||
"${cfg.database.name}.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}) eachSite;
|
||||
};
|
||||
|
||||
services.phpfpm.pools = mapAttrs' (
|
||||
hostName: cfg:
|
||||
(nameValuePair "kimai-${hostName}" {
|
||||
inherit user;
|
||||
group = webserver.group;
|
||||
settings = {
|
||||
"listen.owner" = webserver.user;
|
||||
"listen.group" = webserver.group;
|
||||
} // cfg.poolConfig;
|
||||
})
|
||||
) eachSite;
|
||||
|
||||
}
|
||||
|
||||
{
|
||||
systemd.tmpfiles.rules = flatten (
|
||||
mapAttrsToList (hostName: cfg: [
|
||||
"d '${stateDir hostName}' 0770 ${user} ${webserver.group} - -"
|
||||
]) eachSite
|
||||
);
|
||||
|
||||
systemd.services = mkMerge [
|
||||
(mapAttrs' (
|
||||
hostName: cfg:
|
||||
(nameValuePair "kimai-init-${hostName}" {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-kimai-${hostName}.service" ];
|
||||
after = optional cfg.database.createLocally "mysql.service";
|
||||
script =
|
||||
let
|
||||
envFile = "${stateDir hostName}/.env";
|
||||
appSecretFile = "${stateDir hostName}/.app_secret";
|
||||
mysql = "${config.services.mysql.package}/bin/mysql";
|
||||
|
||||
dbUser = cfg.database.user;
|
||||
dbPwd = if cfg.database.passwordFile != null then ":$(cat ${cfg.database.passwordFile})" else "";
|
||||
dbHost = cfg.database.host;
|
||||
dbPort = toString cfg.database.port;
|
||||
dbName = cfg.database.name;
|
||||
dbCharset = cfg.database.charset;
|
||||
dbUnixSocket = if cfg.database.socket != null then "&unixSocket=${cfg.database.socket}" else "";
|
||||
# Note: serverVersion is a shell variable. See below.
|
||||
dbUri =
|
||||
"mysql://${dbUser}${dbPwd}@${dbHost}:${dbPort}"
|
||||
+ "/${dbName}?charset=${dbCharset}"
|
||||
+ "&serverVersion=$serverVersion${dbUnixSocket}";
|
||||
in
|
||||
''
|
||||
set -eu
|
||||
|
||||
serverVersion=${
|
||||
if !cfg.database.createLocally then
|
||||
cfg.database.serverVersion
|
||||
else
|
||||
# Obtain MySQL version string dynamically from the running
|
||||
# instance. Doctrine ORM's doc said it should be possible to
|
||||
# autodetect this, however Kimai's doc insists that it has to
|
||||
# be set.
|
||||
# https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#mysql
|
||||
# https://stackoverflow.com/q/9558867
|
||||
"$(${mysql} --silent --skip-column-names --execute 'SELECT VERSION();')"
|
||||
}
|
||||
|
||||
# Create .env file containing DATABASE_URL and other default
|
||||
# variables. Set umask to make sure .env is not readable by
|
||||
# unrelated users.
|
||||
oldUmask=$(umask)
|
||||
umask 177
|
||||
|
||||
if ! [ -e ${appSecretFile} ]; then
|
||||
tr -dc A-Za-z0-9 </dev/urandom | head -c 20 >${appSecretFile}
|
||||
fi
|
||||
|
||||
cat >${envFile} <<EOF
|
||||
DATABASE_URL=${dbUri}
|
||||
MAILER_FROM=kimai@example.com
|
||||
MAILER_URL=null://null
|
||||
APP_ENV=prod
|
||||
APP_SECRET=$(cat ${appSecretFile})
|
||||
CORS_ALLOW_ORIGIN=^https?://localhost(:[0-9]+)?\$
|
||||
EOF
|
||||
|
||||
umask $oldUmask
|
||||
|
||||
# Run kimai:install to ensure database is created or updated.
|
||||
# Note that kimai:update is an alias to kimai:install.
|
||||
${pkg hostName cfg}/bin/console kimai:install
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = user;
|
||||
Group = webserver.group;
|
||||
EnvironmentFile = [ cfg.environmentFile ];
|
||||
};
|
||||
})
|
||||
) eachSite)
|
||||
|
||||
(mapAttrs' (
|
||||
hostName: cfg:
|
||||
(nameValuePair "phpfpm-kimai-${hostName}.service" {
|
||||
serviceConfig = {
|
||||
EnvironmentFile = [ cfg.environmentFile ];
|
||||
};
|
||||
})
|
||||
) eachSite)
|
||||
|
||||
(optionalAttrs (any (v: v.database.createLocally) (attrValues eachSite)) {
|
||||
"${cfg.webserver}".after = [ "mysql.service" ];
|
||||
})
|
||||
];
|
||||
|
||||
users.users.${user} = {
|
||||
group = webserver.group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
}
|
||||
|
||||
(mkIf (cfg.webserver == "nginx") {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = mapAttrs (hostName: cfg: {
|
||||
serverName = mkDefault hostName;
|
||||
root = "${pkg hostName cfg}/share/php/kimai/public";
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
'';
|
||||
locations = {
|
||||
"/" = {
|
||||
priority = 200;
|
||||
extraConfig = ''
|
||||
try_files $uri /index.php$is_args$args;
|
||||
'';
|
||||
};
|
||||
"~ ^/index\\.php(/|$)" = {
|
||||
priority = 500;
|
||||
extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."kimai-${hostName}".socket};
|
||||
fastcgi_index index.php;
|
||||
include "${config.services.nginx.package}/conf/fastcgi.conf";
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
||||
# Mitigate https://httpoxy.org/ vulnerabilities
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
fastcgi_intercept_errors off;
|
||||
fastcgi_buffer_size 16k;
|
||||
fastcgi_buffers 4 16k;
|
||||
fastcgi_connect_timeout 300;
|
||||
fastcgi_send_timeout 300;
|
||||
fastcgi_read_timeout 300;
|
||||
'';
|
||||
};
|
||||
"~ \\.php$" = {
|
||||
priority = 800;
|
||||
extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}) eachSite;
|
||||
};
|
||||
})
|
||||
|
||||
]);
|
||||
}
|
|
@ -383,7 +383,7 @@ in
|
|||
ensureDBOwnership = false;
|
||||
}
|
||||
];
|
||||
extraPlugins = ps: with ps; [ postgis ];
|
||||
extensions = ps: with ps; [ postgis ];
|
||||
};
|
||||
|
||||
# Nginx config taken from support/nginx/mobilizon-release.conf
|
||||
|
|
|
@ -586,37 +586,6 @@ in
|
|||
ensureDatabases = [ "outline" ];
|
||||
};
|
||||
|
||||
# Outline is unable to create the uuid-ossp extension when using postgresql 12, in later version this
|
||||
# extension can be created without superuser permission. This services therefor this extension before
|
||||
# outline starts and postgresql 12 is using on the host.
|
||||
#
|
||||
# Can be removed after postgresql 12 is dropped from nixos.
|
||||
systemd.services.outline-postgresql =
|
||||
let
|
||||
pgsql = config.services.postgresql;
|
||||
in
|
||||
lib.mkIf (cfg.databaseUrl == "local" && pgsql.package == pkgs.postgresql_12) {
|
||||
after = [ "postgresql.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
wantedBy = [ "outline.service" ];
|
||||
partOf = [ "outline.service" ];
|
||||
path = [
|
||||
pgsql.package
|
||||
];
|
||||
script = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
psql outline -tAc 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp"'
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
User = pgsql.superUser;
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.servers.outline = lib.mkIf (cfg.redisUrl == "local") {
|
||||
enable = true;
|
||||
user = config.services.outline.user;
|
||||
|
|
|
@ -145,7 +145,7 @@ in
|
|||
PRISMA_QUERY_ENGINE_LIBRARY = "${pkgs.prisma-engines}/lib/libquery_engine.node";
|
||||
PRISMA_INTROSPECTION_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/introspection-engine";
|
||||
PRISMA_FMT_BINARY = "${pkgs.prisma-engines}/bin/prisma-fmt";
|
||||
PORT = toString cfg.backend.port;
|
||||
BACKEND_PORT = toString cfg.backend.port;
|
||||
DATABASE_URL = "file:${cfg.dataDir}/pingvin-share.db?connection_limit=1";
|
||||
DATA_DIRECTORY = cfg.dataDir;
|
||||
};
|
||||
|
|
|
@ -74,7 +74,7 @@ this could be most useful for testing a particular plug-in in isolation.
|
|||
: This is a known [issue](https://github.com/NixOS/nixpkgs/issues/64611) and there is no known workaround.
|
||||
|
||||
[Does AppCenter work, or is it available?]{#sec-pantheon-faq-appcenter}
|
||||
: AppCenter has been available since 20.03. Starting from 21.11, the Flatpak backend should work so you can install some Flatpak applications using it. However, due to missing appstream metadata, the Packagekit backend does not function currently. See this [issue](https://github.com/NixOS/nixpkgs/issues/15932).
|
||||
: AppCenter is available and the Flatpak backend should work so you can install some Flatpak applications using it. However, due to missing appstream metadata, the Packagekit backend does not function currently. See this [issue](https://github.com/NixOS/nixpkgs/issues/15932).
|
||||
|
||||
If you are using Pantheon, AppCenter should be installed by default if you have [Flatpak support](#module-services-flatpak) enabled. If you also wish to add the `appcenter` Flatpak remote:
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue