lukegb/depot
1
0
Fork 0
Code Issues1 Pull requests Projects Packages Activity Actions

Merge commit 'bb2538441065d4683beb017bf5d97d71f2dfc7ab' into HEAD

Browse source
This commit is contained in:
Luke Granger-Brown 2025-04-01 22:51:04 +01:00
commit f53f5b3d48
3444 changed files with 60182 additions and 181767 deletions
third_party/nixpkgs
.git-blame-ignore-revs
.github/workflows
backport.ymlcheck-maintainers-sorted.ymlcheck-nix-format.ymlcheck-nixf-tidy.ymlcheck-shell.ymlcodeowners-v2.ymleditorconfig-v2.ymleval-lib-tests.ymleval.ymlkeep-sorted.ymlmanual-nixos-v2.ymlmanual-nixpkgs-v2.ymlnix-parse-v2.ymlnixpkgs-vet.ymlperiodic-merge.yml
README.md
ci
OWNERS
eval/compare
default.nix
doc
hooks
installShellFiles.section.md
languages-frameworks
android.section.mdneovim.section.mdvim.section.md
packages
index.mdinkscape.section.md
redirects.json
release-notes
rl-2505.section.md
lib
default.nixfilesystem.nixgenerators.nixlicenses.nix
tests
misc.nixmodules.sh
modules
deprecated-wrapped.nix
nix-for-tests.nix
packages-from-directory
plain
a.nixb.nix
c
my-extra-feature.patch
not-a-namespace
not-a-package.nix
package.nixsupport-definitions.nix
my-namespace
d.nixe.nix
f
package.nix
my-sub-namespace
g.nixh.nix
scope
a.nixb.nix
c
my-extra-feature.patch
not-a-namespace
not-a-package.nix
package.nixsupport-definitions.nix
my-namespace
d.nixe.nix
f
package.nix
my-sub-namespace
g.nixh.nix
types.nix
maintainers
maintainer-list.nixteam-list.nix
nixos
doc/manual
development
option-types.section.mdsettings-options.section.mdwriting-documentation.chapter.md
redirects.json
release-notes
rl-2205.section.mdrl-2505.section.md
lib/test-driver/src/test_driver
machine.py
modules
config
fonts
fontconfig.nix
nix-channel.nixshells-environment.nixsystem-environment.nix
xdg/portals
lxqt.nix
hardware
video
nvidia.nix
xpad-noone.nix
installer/tools
nix-fallback-paths.nix
module-list.nix
profiles
installation-device.nix
programs
bat.nixfirefox.nixk3b.nixsteam.nixstreamcontroller.nixyabar.nix
services
databases
postgresql.md
desktop-managers
lomiri.nix
desktops
geoclue2.nixwlock.nix
hardware
bitbox-bridge.nixbluetooth.nixopenrgb.nix
home-automation
ebusd.nix
misc
homepage-dashboard.nixorthanc.nixpinchflat.nixredmine.nixsnapper.nix
monitoring
fluent-bit.nixscrutiny.nix
network-filesystems
ipfs-cluster.nix
networking
blocky.nix
Show more

7
third_party/nixpkgs/.git-blame-ignore-revs vendored
View file

@ -241,3 +241,10 @@ e0fe216f4912dd88a021d12a44155fd2cfeb31c8
# nixos/iso-image.nix: nixfmt
da9a092c34cef6947d7aee2b134f61df45171631
# python-packages: format with nixfmt-rfc-style
5f6f5e13ae0b6960cbf1be8aeb3d0048285a08d1
# python-packages: sort with keep-sorted
fd14c067813572afc03ddbf7cdedc3eab5a59954
783add849cbca228a36ffdf407e5d380dc2fe6c4

2
third_party/nixpkgs/.github/workflows/backport.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
steps:
# Use a GitHub App to create the PR so that CI gets triggered
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
- uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
id: app-token
with:
app-id: ${{ vars.NIXPKGS_CI_APP_ID }}

2
third_party/nixpkgs/.github/workflows/check-maintainers-sorted.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
lib
maintainers
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true

2
third_party/nixpkgs/.github/workflows/check-nix-format.yml vendored
View file

@ -44,7 +44,7 @@ jobs:
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=${{ env.url }}

2
third_party/nixpkgs/.github/workflows/check-nixf-tidy.yml vendored
View file

@ -34,7 +34,7 @@ jobs:
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=${{ env.url }}

2
third_party/nixpkgs/.github/workflows/check-shell.yml vendored
View file

@ -27,7 +27,7 @@ jobs:
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
- name: Build shell
run: nix-build shell.nix

8
third_party/nixpkgs/.github/workflows/codeowners-v2.yml vendored
View file

@ -45,7 +45,7 @@ jobs:
needs: get-merge-commit
if: github.repository_owner == 'NixOS' && needs.get-merge-commit.outputs.mergedSha
steps:
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
with:
@ -63,7 +63,7 @@ jobs:
- name: Build codeowners validator
run: nix-build base/ci -A codeownersValidator
- uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
id: app-token
with:
app-id: ${{ vars.OWNER_RO_APP_ID }}
@ -90,13 +90,13 @@ jobs:
runs-on: ubuntu-24.04
if: github.repository_owner == 'NixOS'
steps:
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR head.
# This is intentional, because we need to request the review of owners as declared in the base branch.
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
id: app-token
with:
app-id: ${{ vars.OWNER_APP_ID }}

2
third_party/nixpkgs/.github/workflows/editorconfig-v2.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
# nixpkgs commit is pinned so that it doesn't break
# editorconfig-checker 2.4.0

2
third_party/nixpkgs/.github/workflows/eval-lib-tests.yml vendored
View file

@ -22,7 +22,7 @@ jobs:
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true

20
third_party/nixpkgs/.github/workflows/eval.yml vendored
View file

@ -43,7 +43,7 @@ jobs:
echo "targetSha=$targetSha" >> "$GITHUB_OUTPUT"
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
@ -54,7 +54,7 @@ jobs:
echo "systems=$(<result/systems.json)" >> "$GITHUB_OUTPUT"
- name: Upload the list of all attributes
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: paths
path: result/*
@ -71,7 +71,7 @@ jobs:
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
@ -108,7 +108,7 @@ jobs:
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
@ -123,7 +123,7 @@ jobs:
# If it uses too much memory, slightly decrease chunkSize
- name: Upload the output paths and eval stats
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: intermediate-${{ matrix.system }}
path: result/*
@ -149,7 +149,7 @@ jobs:
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
@ -160,7 +160,7 @@ jobs:
-o prResult
- name: Upload the combined results
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: result
path: prResult/*
@ -224,7 +224,7 @@ jobs:
- name: Upload the combined results
if: steps.targetRunId.outputs.targetRunId
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: comparison
path: comparison/*
@ -241,7 +241,7 @@ jobs:
steps:
# See ./codeowners-v2.yml, reuse the same App because we need the same permissions
# Can't use the token received from permissions above, because it can't get enough permissions
- uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
id: app-token
with:
app-id: ${{ vars.OWNER_APP_ID }}
@ -254,7 +254,7 @@ jobs:
path: comparison
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
# Important: This workflow job runs with extra permissions,
# so we need to make sure to not run untrusted code from PRs

40
third_party/nixpkgs/.github/workflows/keep-sorted.yml vendored Normal file
View file

@ -0,0 +1,40 @@
name: Check that files are sorted
on:
pull_request_target:
types: [opened, synchronize, reopened]
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixos:
name: keep-sorted
runs-on: ubuntu-24.04
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- name: Get Nixpkgs revision for keep-sorted
run: |
# Pin to a commit from nixpkgs-unstable to avoid e.g. building nixfmt from staging.
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=${{ env.url }}
- name: Install keep-sorted
run: "nix-env -f '<nixpkgs>' -iAP keep-sorted"
- name: Check that Nix files are sorted
run: |
git ls-files | xargs keep-sorted --mode lint

26
third_party/nixpkgs/.github/workflows/manual-nixos-v2.yml vendored
View file

@ -19,13 +19,21 @@ permissions: {}
jobs:
nixos:
name: nixos-manual-build
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
system:
- x86_64-linux
- aarch64-linux
runs-on: >-
${{ (matrix.system == 'x86_64-linux' && 'ubuntu-24.04')
|| (matrix.system == 'aarch64-linux' && 'ubuntu-24.04-arm') }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
@ -34,7 +42,15 @@ jobs:
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Building NixOS manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux
- name: Build NixOS manual
id: build-manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.${{ matrix.system }}
- name: Upload NixOS manual
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: nixos-manual-${{ matrix.system }}
path: result/
if-no-files-found: error

2
third_party/nixpkgs/.github/workflows/manual-nixpkgs-v2.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true

2
third_party/nixpkgs/.github/workflows/nix-parse-v2.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=channel:nixpkgs-unstable

2
third_party/nixpkgs/.github/workflows/nixpkgs-vet.yml vendored
View file

@ -43,7 +43,7 @@ jobs:
git worktree add "$target" "$(git rev-parse HEAD^1)"
echo "target=$target" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
- name: Fetching the pinned tool
# Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh

2
third_party/nixpkgs/.github/workflows/periodic-merge.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
steps:
# Use a GitHub App to create the PR so that CI gets triggered
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
- uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
id: app-token
with:
app-id: ${{ vars.NIXPKGS_CI_APP_ID }}

2
third_party/nixpkgs/README.md vendored
View file

@ -27,7 +27,7 @@
# Community
* [Discourse Forum](https://discourse.nixos.org/)
* [Matrix Chat](https://matrix.to/#/#community:nixos.org)
* [Matrix Chat](https://matrix.to/#/#space:nixos.org)
* [NixOS Weekly](https://weekly.nixos.org/)
* [Official wiki](https://wiki.nixos.org/)
* [Community-maintained list of ways to get in touch](https://wiki.nixos.org/wiki/Get_In_Touch#Chat) (Discord, Telegram, IRC, etc.)

14
third_party/nixpkgs/ci/OWNERS vendored
View file

@ -149,10 +149,13 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix @philipmw
/nixos/tests/amazon-cloudwatch-agent.nix @philipmw
# Monitoring
/nixos/modules/services/monitoring/fluent-bit.nix @arianvp
/nixos/tests/fluent-bit.nix @arianvp
# nixos-rebuild-ng
/pkgs/by-name/ni/nixos-rebuild-ng @thiagokokada
# Updaters
## update.nix
/maintainers/scripts/update.nix @jtojnar
@ -217,7 +220,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
/nixos/tests/chromium.nix @emilylange @networkException
# Certificate Authorities
pkgs/data/misc/cacert/ @ajs124 @lukegb @mweinelt
pkgs/by-name/ca/cacert @ajs124 @lukegb @mweinelt
pkgs/development/libraries/nss/ @ajs124 @lukegb @mweinelt
pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
@ -272,7 +275,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/nixos/tests/home-assistant.nix @mweinelt
/nixos/tests/zigbee2mqtt.nix @mweinelt
/pkgs/servers/home-assistant @mweinelt
/pkgs/tools/misc/esphome @mweinelt
/pkgs/by-name/es/esphome @mweinelt
# Network Time Daemons
/pkgs/by-name/ch/chrony @thoughtpolice
@ -399,6 +402,11 @@ pkgs/by-name/fo/forgejo/ @adamcstephens @bendlas @emilylange
/pkgs/development/compilers/ocaml @ulrikstrid
/pkgs/development/ocaml-modules @ulrikstrid
# ZFS
/nixos/modules/tasks/filesystems/zfs.nix @adamcstephens @amarshall
/nixos/tests/zfs.nix @adamcstephens @amarshall
/pkgs/os-specific/linux/zfs @adamcstephens @amarshall
# Zig
/pkgs/development/compilers/zig @figsoda @RossComputerGuy
/doc/hooks/zig.section.md @figsoda @RossComputerGuy

10
third_party/nixpkgs/ci/eval/compare/default.nix vendored
View file

@ -71,7 +71,15 @@ let
getLabels
;
getAttrs = dir: builtins.fromJSON (builtins.readFile "${dir}/outpaths.json");
getAttrs =
dir:
let
raw = builtins.readFile "${dir}/outpaths.json";
# The file contains Nix paths; we need to ignore them for evaluation purposes,
# else there will be a "is not allowed to refer to a store path" error.
data = builtins.unsafeDiscardStringContext raw;
in
builtins.fromJSON data;
beforeAttrs = getAttrs beforeResultDir;
afterAttrs = getAttrs afterResultDir;

19
third_party/nixpkgs/doc/hooks/installShellFiles.section.md vendored
View file

@ -99,12 +99,17 @@ failure. To prevent this, guard the completion generation commands.
```nix
{
nativeBuildInputs = [ installShellFiles ];
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
# using named fd
installShellCompletion --cmd foobar \
--bash <($out/bin/foobar --bash-completion) \
--fish <($out/bin/foobar --fish-completion) \
--zsh <($out/bin/foobar --zsh-completion)
'';
postInstall = lib.optionalString (stdenv.hostPlatform.emulatorAvailable buildPackages) (
let
emulator = stdenv.hostPlatform.emulator buildPackages;
in
''
# using named fd
installShellCompletion --cmd foobar \
--bash <(${emulator} $out/bin/foobar --bash-completion) \
--fish <(${emulator} $out/bin/foobar --fish-completion) \
--zsh <(${emulator} $out/bin/foobar --zsh-completion)
''
);
}
```

79
third_party/nixpkgs/doc/languages-frameworks/android.section.md vendored
View file

@ -27,7 +27,7 @@ buildInputs = [
];
```
These will export ANDROID_SDK_ROOT and ANDROID_NDK_ROOT to the SDK and NDK directories
These will export `ANDROID_SDK_ROOT` and `ANDROID_NDK_ROOT` to the SDK and NDK directories
in the specified Android build environment.
## Deploying an Android SDK installation with plugins {#deploying-an-android-sdk-installation-with-plugins}
@ -39,24 +39,12 @@ with import <nixpkgs> {};
let
androidComposition = androidenv.composeAndroidPackages {
cmdLineToolsVersion = "8.0";
toolsVersion = "26.1.1";
platformToolsVersion = "30.0.5";
buildToolsVersions = [ "30.0.3" ];
includeEmulator = false;
emulatorVersion = "30.3.4";
platformVersions = [ "28" "29" "30" ];
includeSources = false;
includeSystemImages = false;
platformVersions = [ "34" "35" ];
systemImageTypes = [ "google_apis_playstore" ];
abiVersions = [ "armeabi-v7a" "arm64-v8a" ];
cmakeVersions = [ "3.10.2" ];
includeNDK = true;
ndkVersions = ["22.0.7026061"];
useGoogleAPIs = false;
useGoogleTVAddOns = false;
includeExtras = [
"extras;google;gcm"
"extras;google;auto"
];
};
in
@ -69,27 +57,44 @@ exceptions are the tools, platform-tools and build-tools sub packages.
The following parameters are supported:
* `cmdLineToolsVersion `, specifies the version of the `cmdline-tools` package to use
* `cmdLineToolsVersion` specifies the version of the `cmdline-tools` package to use.
It defaults to the latest.
* `toolsVersion`, specifies the version of the `tools` package. Notice `tools` is
obsolete, and currently only `26.1.1` is available, so there's not a lot of
options here, however, you can set it as `null` if you don't want it.
* `platformsToolsVersion` specifies the version of the `platform-tools` plugin
options here, however, you can set it as `null` if you don't want it. It defaults
to the latest.
* `platformToolsVersion` specifies the version of the `platform-tools` plugin.
It defaults to the latest.
* `buildToolsVersions` specifies the versions of the `build-tools` plugins to
use.
use. It defaults to the latest.
* `includeEmulator` specifies whether to deploy the emulator package (`false`
by default). When enabled, the version of the emulator to deploy can be
specified by setting the `emulatorVersion` parameter.
specified by setting the `emulatorVersion` parameter. If set to
`"if-supported"`, it will deploy the emulator if it's supported by the system.
* `includeCmake` specifies whether CMake should be included. It defaults to true
on x86-64 and Darwin platforms, and also supports `"if-supported"`.
* `cmakeVersions` specifies which CMake versions should be deployed.
It defaults to the latest.
* `includeNDK` specifies that the Android NDK bundle should be included.
Defaults to: `false`.
Defaults to `false` though can be set to `true` or `"if-supported"`.
* `ndkVersions` specifies the NDK versions that we want to use. These are linked
under the `ndk` directory of the SDK root, and the first is linked under the
`ndk-bundle` directory.
`ndk-bundle` directory. It defaults to the latest.
* `ndkVersion` is equivalent to specifying one entry in `ndkVersions`, and
`ndkVersions` overrides this parameter if provided.
* `includeExtras` is an array of identifier strings referring to arbitrary
add-on packages that should be installed.
add-on packages that should be installed. Note that extras may not be compatible
with all platforms (for example, the Google TV head unit, which does not
have an aarch64-linux compile).
* `platformVersions` specifies which platform SDK versions should be included.
It defaults to including only the latest API level, though you can add more.
* `numLatestPlatformVersions` specifies how many of the latest API levels to include,
if you are using the default for `platformVersions`. It defaults to 1, though you can
increase this to, for example, 5 to get the last 5 years of Android API packages.
* `minPlatformVersion` and `maxPlatformVersion` take priority over `platformVersions`
if both are provided. Note that `maxPlatformVersion` always defaults to the latest
Android SDK platform version, allowing you to specify `minPlatformVersion` to describe
the minimum SDK version your Android composition supports.
For each platform version that has been specified, we can apply the following
options:
@ -108,9 +113,10 @@ For each requested system image we can specify the following options:
* `systemImageTypes` specifies what kind of system images should be included.
Defaults to: `default`.
* `abiVersions` specifies what kind of ABI version of each system image should
be included. Defaults to: `armeabi-v7a`.
be included. Defaults to `armeabi-v7a` and `arm64-v8a`.
Most of the function arguments have reasonable default settings.
Most of the function arguments have reasonable default settings, preferring the latest
versions of tools when possible.
You can specify license names:
@ -127,7 +133,8 @@ pull from:
by running `generate.sh`, which in turn will call into `mkrepo.rb`.
* `repoXmls` is an attribute set containing paths to repo XML files. If specified,
it takes priority over `repoJson`, and will trigger a local build writing out a
repo.json to the Nix store based on the given repository XMLs.
repo.json to the Nix store based on the given repository XMLs. Note that this uses
import-from-derivation.
```nix
{
@ -312,27 +319,23 @@ android {
## Querying the available versions of each plugin {#querying-the-available-versions-of-each-plugin}
repo.json provides all the options in one file now.
A shell script in the `pkgs/development/mobile/androidenv/` subdirectory can be used to retrieve all
possible options:
```bash
./querypackages.sh packages
```
The above command-line instruction queries all package versions in repo.json.
All androidenv packages are available on [search.nixos.org](https://search.nixos.org).
Note that `aarch64-linux` compatibility is currently spotty, though `x86_64-linux` and `aarch64-darwin`
are well supported. This is because Google's repository definitions mark some packages for "all" architectures
that are really only for `x86_64` or `aarch64`.
## Updating the generated expressions {#updating-the-generated-expressions}
repo.json is generated from XML files that the Android Studio package manager uses.
To update the expressions run the `generate.sh` script that is stored in the
To update the expressions run the `update.sh` script that is stored in the
`pkgs/development/mobile/androidenv/` subdirectory:
```bash
./generate.sh
./update.sh
```
This is run automatically by the nixpkgs update script.
## Building an Android application with Ant {#building-an-android-application-with-ant}
In addition to the SDK, it is also possible to build an Ant-based Android

7
third_party/nixpkgs/doc/languages-frameworks/neovim.section.md vendored
View file

@ -170,13 +170,12 @@ To only check a specific module, add it manually to the plugin definition [overr
};
```
Some plugins will have lua modules that require a user configuration to function properly or can contain optional lua modules that we dont want to test requiring.
We can skip specific modules using `nvimSkipModule`. Similar to `nvimRequireCheck`, it accepts a single string or a list of strings.
- `nvimSkipModule = MODULE;`
- `nvimSkipModule = [ MODULE1 MODULE2 ];`
We can skip specific modules using `nvimSkipModules`. Similar to `nvimRequireCheck`, it accepts a list of strings.
- `nvimSkipModules = [ MODULE1 MODULE2 ];`
```nix
asyncrun-vim = super.asyncrun-vim.overrideAttrs {
nvimSkipModule = [
nvimSkipModules = [
# vim plugin with optional toggleterm integration
"asyncrun.toggleterm"
"asyncrun.toggleterm2"

4
third_party/nixpkgs/doc/languages-frameworks/vim.section.md vendored
View file

@ -139,9 +139,9 @@ Note: this is not possible anymore for Neovim.
## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs}
Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`nix-shell -p vimPluginsUpdater --run vim-plugins-updater`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/updater.nix). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names).
Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`nix-shell -p vimPluginsUpdater --run vim-plugins-updater`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/utils/updater.nix). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names).
When the vim updater detects an nvim-treesitter update, it also runs [`nvim-treesitter/update.py $(nix-build -A vimPlugins.nvim-treesitter)`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py) to update the tree sitter grammars for `nvim-treesitter`.
When the vim updater detects an nvim-treesitter update, it also runs [`nvim-treesitter/update.py $(nix-build -A vimPlugins.nvim-treesitter)`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/utils/update.py) to update the tree sitter grammars for `nvim-treesitter`.
Some plugins require overrides in order to function properly. Overrides are placed in [overrides.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/overrides.nix). Overrides are most often required when a plugin requires some dependencies, or extra steps are required during the build process. For example `deoplete-fish` requires both `deoplete-nvim` and `vim-fish`, and so the following override was added:

1
third_party/nixpkgs/doc/packages/index.md vendored
View file

@ -14,6 +14,7 @@ fish.section.md
fuse.section.md
geant4.section.md
ibus.section.md
inkscape.section.md
kakoune.section.md
krita.section.md
linux.section.md

29
third_party/nixpkgs/doc/packages/inkscape.section.md vendored Normal file
View file

@ -0,0 +1,29 @@
# Inkscape {#sec-inkscape}
[Inkscape](https://inkscape.org) is a powerful vector graphics editor.
## Plugins {#inkscape-plugins}
Inkscape plugins are collected in the [`inkscape-extensions`](https://search.nixos.org/packages?channel=unstable&type=packages&query=cudaPackages) package set.
To enable them, use an override on `inkscape-with-extensions`:
```nix
inkscape-with-extensions.override {
inkscapeExtensions = with inkscape-extensions; [
inkstitch
];
}
```
Similarly, this works in the shell:
```bash
$ nix-shell -p 'inkscape-with-extensions.override { inkscapeExtensions = with inkscape-extensions; [inkstitch]; }'
[nix-shell:~]$ # Ink/Stitch is now available via the extension menu
[nix-shell:~]$ inkscape
```
All available extension can be enabled by passing `inkscapeExtensions = null;`.
::: {.note}
Loading the Inkscape extensions stand-alone (without using `override`) does not affect Inkscape at all.
:::

9
third_party/nixpkgs/doc/redirects.json vendored
View file

@ -17,6 +17,9 @@
"ex-testEqualArrayOrMap-test-function-add-cowbell": [
"index.html#ex-testEqualArrayOrMap-test-function-add-cowbell"
],
"inkscape-plugins": [
"index.html#inkscape-plugins"
],
"neovim": [
"index.html#neovim"
],
@ -62,6 +65,9 @@
"sec-build-helper-extendMkDerivation": [
"index.html#sec-build-helper-extendMkDerivation"
],
"sec-inkscape": [
"index.html#sec-inkscape"
],
"sec-language-cosmic": [
"index.html#sec-language-cosmic"
],
@ -110,6 +116,9 @@
"sec-nixpkgs-release-25.05-lib-deprecations": [
"release-notes.html#sec-nixpkgs-release-25.05-lib-deprecations"
],
"sec-nixpkgs-release-25.05-lib-additions-improvements": [
"release-notes.html#sec-nixpkgs-release-25.05-lib-additions-improvements"
],
"sec-overlays-install": [
"index.html#sec-overlays-install"
],

29
third_party/nixpkgs/doc/release-notes/rl-2505.section.md vendored
View file

@ -21,6 +21,10 @@
- [testers.shellcheck](https://nixos.org/manual/nixpkgs/unstable/#tester-shellcheck) now warns when `name` is not provided.
The `name` argument will become mandatory in a future release.
- `xdragon` package has been renamed to `dragon-drop`.
`xdragon` is an alias to `dragon-drop` and the package still provides `bin/xdragon`.
`bin/dragon` is no longer supplied.
- The `nixLog*` family of functions made available through the standard environment have been rewritten to prefix messages with both the debug level and the function name of the caller.
The `nixLog` function, which logs unconditionally, was also re-introduced and modified to prefix messages with the function name of the caller.
For more information, [see this PR](https://github.com/NixOS/nixpkgs/pull/370742).
@ -29,6 +33,10 @@
It should generally be replaced with `rustPlatform.fetchCargoVendor`, but `rustPlatform.importCargoLock` may also be appropriate in some circumstances.
`rustPlatform.buildRustPackage` users must set `useFetchCargoVendor` to `true` and regenerate the `cargoHash`.
- The `nixos/modules/virtualisation/amazon-ec2-amis.nix` file is not supported anymore since 24.05. It will throw
and error starting 25.05 with instructions the following instructions:
The canonical source for NixOS AMIs is the AWS API. Please see https://nixos.org/download/#nixos-amazon or https://nixos.github.io/amis/ for instructions.
- NetBox was updated to `>= 4.2.0`. Have a look at the breaking changes
of the [4.1 release](https://github.com/netbox-community/netbox/releases/tag/v4.1.0)
and the [4.2 release](https://github.com/netbox-community/netbox/releases/tag/v4.2.0),
@ -36,10 +44,17 @@
- NetBox version 4.0.X available as `netbox_4_0` was removed. Please upgrade to `4.2`.
- `golangci-lint` has reached `v2`. Please read the changes and view the migration guide [here](https://golangci-lint.run/product/changelog/#200).
- `i3status-rust`-package no longer enables `notmuch` by default. It can be enabled via `withNotmuch`.
- Default ICU version updated from 74 to 76
- Apache Kafka was updated to `>= 4.0.0`. Please note that this is the first release which operates
entirely without Apache ZooKeeper support, and all clusters need to be migrated to KRaft mode. See
the [release announcement](https://kafka.apache.org/blog#apache_kafka_400_release_announcement)
for more details.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
### Titanium removed {#sec-nixpkgs-release-25.05-incompatibilities-titanium-removed}
@ -48,7 +63,7 @@
### NexusMods.App upgraded {#sec-nixpkgs-release-25.05-incompatibilities-nexusmods-app-upgraded}
- `nexusmods-app` has been upgraded from version 0.6.3 to 0.8.2.
- `nexusmods-app` has been upgraded from version 0.6.3 to 0.8.3.
- Before upgrading, you **must reset all app state** (mods, games, settings, etc). NexusMods.App will crash if any state from a version older than 0.7.0 is still present.
@ -69,13 +84,25 @@
- The `virtualisation.hypervGuest.videoMode` option has been removed. Standard tooling can now be used to configure display modes for Hyper-V VMs.
- [`lib.packagesFromDirectoryRecursive`] now rejects unknown arguments.
[`lib.packagesFromDirectoryRecursive`]: https://nixos.org/manual/nixpkgs/stable/#function-library-lib.filesystem.packagesFromDirectoryRecursive
### Deprecations {#sec-nixpkgs-release-25.05-lib-deprecations}
- `functor` is an implementation detail and should not be relied upon, but since its status wasn't clear and it has had some use cases without alternatives, changes are being handled as gracefully as possible. Deprecations within functor:
- `functor.wrapped` is now deprecated for some types and using it will give a warning with migration instructions. It is deprecated for these types:
- `lib.types.attrsWith`
- `lib.types.listOf`
- `lib.types.unique` and `lib.types.uniq`
- `lib.types.nullOr`
- `lib.types.functionTo`
- `lib.types.coercedTo`
- `lib.types.either`
- Plasma 5 and Qt 5 based versions of associated software are deprecated in NixOS 25.05, and will be removed in NixOS 25.11. Users are encouraged to upgrade to Plasma 6.
- `rustPlatform.buildRustPackage` stops handling the deprecated argument `cargoSha256`. Out-of-tree packages that haven't migrated from `cargoSha256` to `cargoHash` now receive errors.
### Additions and Improvements {#sec-nixpkgs-release-25.05-lib-additions-improvements}
- [`lib.packagesFromDirectoryRecursive`] can now construct nested scopes matching the directory tree passed as input.

1
third_party/nixpkgs/lib/default.nix vendored
View file

@ -156,6 +156,7 @@ let
makeScope makeScopeWithSplicing makeScopeWithSplicing'
extendMkDerivation;
inherit (self.derivations) lazyDerivation optionalDrvAttr warnOnInstantiate;
inherit (self.generators) mkLuaInline;
inherit (self.meta) addMetaAttrs dontDistribute setName updateName
appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
hiPrioSet licensesSpdx getLicenseFromSpdxId getLicenseFromSpdxIdOr

102
third_party/nixpkgs/lib/filesystem.nix vendored
View file

@ -12,11 +12,6 @@ let
toString
;
inherit (lib.attrsets)
mapAttrs'
filterAttrs
;
inherit (lib.filesystem)
pathIsDirectory
pathIsRegularFile
@ -26,7 +21,6 @@ let
inherit (lib.strings)
hasSuffix
removeSuffix
;
in
@ -296,11 +290,10 @@ in
`callPackage <directory>/package.nix { }` is returned.
- Otherwise, the input directory's contents are listed and transformed into
an attribute set.
- If a file name has the `.nix` extension, it is turned into attribute
- If a regular file's name has the `.nix` extension, it is turned into attribute
where:
- The attribute name is the file name without the `.nix` extension
- The attribute value is `callPackage <file path> { }`
- Other files are ignored.
- Directories are turned into an attribute where:
- The attribute name is the name of the directory
- The attribute value is the result of calling
@ -308,14 +301,16 @@ in
As a result, directories with no `.nix` files (including empty
directories) will be transformed into empty attribute sets.
- Other files are ignored, including symbolic links to directories and to regular `.nix`
files; this is because nixlang code cannot distinguish the type of a link's target.
# Type
```
packagesFromDirectoryRecursive :: {
callPackage :: Path -> {} -> a,
newScope? :: AttrSet -> scope,
directory :: Path,
...
} -> AttrSet
```
@ -325,10 +320,14 @@ in
: The function used to convert a Nix file's path into a leaf of the attribute set.
It is typically the `callPackage` function, taken from either `pkgs` or a new scope corresponding to the `directory`.
`newScope`
: If present, this function is used when recursing into a directory, to generate a new scope.
The arguments are updated with the scope's `callPackage` and `newScope` functions, so packages can require
anything in their scope, or in an ancestor of their scope.
`directory`
: The directory to read package files from.
# Examples
:::{.example}
## Basic use of `lib.packagesFromDirectoryRecursive`
@ -348,12 +347,10 @@ in
::::{.example}
## Create a scope for the nix files found in a directory
```nix
lib.makeScope pkgs.newScope (
self: packagesFromDirectoryRecursive {
inherit (self) callPackage;
directory = ./my-packages;
}
)
packagesFromDirectoryRecursive {
inherit (pkgs) callPackage newScope;
directory = ./my-packages;
}
=> { ... }
```
@ -372,46 +369,59 @@ in
:::{.note}
`a.nix` cannot directly take as inputs packages defined in a child directory, such as `b1`.
:::
:::{.warning}
As of now, `lib.packagesFromDirectoryRecursive` cannot create nested scopes for sub-directories.
In particular, files under `b/` can only require (as inputs) other files under `my-packages`,
but not to those in the same directory, nor those in a parent directory; e.g, `b2.nix` cannot directly
require `b1`.
:::
::::
*/
packagesFromDirectoryRecursive =
let
inherit (lib) concatMapAttrs id makeScope recurseIntoAttrs removeSuffix;
inherit (lib.path) append;
# Generate an attrset corresponding to a given directory.
# This function is outside `packagesFromDirectoryRecursive`'s lambda expression,
# to prevent accidentally using its parameters.
processDir = { callPackage, directory, ... }@args:
concatMapAttrs (name: type:
# for each directory entry
let path = append directory name; in
if type == "directory" then {
# recurse into directories
"${name}" = packagesFromDirectoryRecursive (args // {
directory = path;
});
} else if type == "regular" && hasSuffix ".nix" name then {
# call .nix files
"${removeSuffix ".nix" name}" = callPackage path {};
} else if type == "regular" then {
# ignore non-nix files
} else throw ''
lib.filesystem.packagesFromDirectoryRecursive: Unsupported file type ${type} at path ${toString path}
''
) (builtins.readDir directory);
in
{
callPackage,
newScope ? throw "lib.packagesFromDirectoryRecursive: newScope wasn't passed in args",
directory,
...
}:
}@args:
let
inherit (lib) concatMapAttrs removeSuffix;
inherit (lib.path) append;
defaultPath = append directory "package.nix";
in
if pathExists defaultPath then
# if `${directory}/package.nix` exists, call it directly
callPackage defaultPath {}
else concatMapAttrs (name: type:
# otherwise, for each directory entry
let path = append directory name; in
if type == "directory" then {
# recurse into directories
"${name}" = packagesFromDirectoryRecursive {
inherit callPackage;
directory = path;
};
} else if type == "regular" && hasSuffix ".nix" name then {
# call .nix files
"${removeSuffix ".nix" name}" = callPackage path {};
} else if type == "regular" then {
# ignore non-nix files
} else throw ''
lib.filesystem.packagesFromDirectoryRecursive: Unsupported file type ${type} at path ${toString path}
''
) (builtins.readDir directory);
else if args ? newScope then
# Create a new scope and mark it `recurseForDerivations`.
# This lets the packages refer to each other.
# See:
# [lib.makeScope](https://nixos.org/manual/nixpkgs/unstable/#function-library-lib.customisation.makeScope) and
# [lib.recurseIntoAttrs](https://nixos.org/manual/nixpkgs/unstable/#function-library-lib.customisation.makeScope)
recurseIntoAttrs (makeScope newScope (self:
# generate the attrset representing the directory, using the new scope's `callPackage` and `newScope`
processDir (args // {
inherit (self) callPackage newScope;
})
))
else
processDir args
;
}

4
third_party/nixpkgs/lib/generators.nix vendored
View file

@ -743,6 +743,8 @@ in rec {
"nil"
else if isInt v || isFloat v || isString v || isBool v then
toJSON v
else if isPath v || isDerivation v then
toJSON "${v}"
else if isList v then
(if v == [ ] then "{}" else
"{${introSpace}${concatItems (map (value: "${toLua innerArgs value}") v)}${outroSpace}}")
@ -752,8 +754,6 @@ in rec {
"(${v.expr})"
else if v == { } then
"{}"
else if isDerivation v then
''"${toString v}"''
else
"{${introSpace}${concatItems (
mapAttrsToList (key: value: "[${toJSON key}] = ${toLua innerArgs value}") v

5
third_party/nixpkgs/lib/licenses.nix vendored
View file

@ -95,6 +95,11 @@ lib.mapAttrs mkLicense ({
free = false;
};
aml = {
spdxId = "AML";
fullName = "Apple MIT License";
};
ampas = {
spdxId = "AMPAS";
fullName = "Academy of Motion Picture Arts and Sciences BSD";

32
third_party/nixpkgs/lib/tests/misc.nix vendored
View file

@ -2617,7 +2617,7 @@ runTests {
testPackagesFromDirectoryRecursive = {
expr = packagesFromDirectoryRecursive {
callPackage = path: overrides: import path overrides;
directory = ./packages-from-directory;
directory = ./packages-from-directory/plain;
};
expected = {
a = "a";
@ -2642,7 +2642,7 @@ runTests {
testPackagesFromDirectoryRecursiveTopLevelPackageNix = {
expr = packagesFromDirectoryRecursive {
callPackage = path: overrides: import path overrides;
directory = ./packages-from-directory/c;
directory = ./packages-from-directory/plain/c;
};
expected = "c";
};
@ -2687,4 +2687,32 @@ runTests {
checkC = false;
};
};
# Check that `packagesFromDirectoryRecursive` can be used to create scopes
# for sub-directories
testPackagesFromDirectoryNestedScopes = let
inherit (lib) makeScope recurseIntoAttrs;
emptyScope = makeScope lib.callPackageWith (_: {});
in {
expr = lib.filterAttrsRecursive (name: value: !lib.elem name [ "callPackage" "newScope" "overrideScope" "packages" ]) (packagesFromDirectoryRecursive {
inherit (emptyScope) callPackage newScope;
directory = ./packages-from-directory/scope;
});
expected = lib.recurseIntoAttrs {
a = "a";
b = "b";
# Note: Other files/directories in `./test-data/c/` are ignored and can be
# used by `package.nix`.
c = "c";
my-namespace = lib.recurseIntoAttrs {
d = "d";
e = "e";
f = "f";
my-sub-namespace = lib.recurseIntoAttrs {
g = "g";
h = "h";
};
};
};
};
}

32
third_party/nixpkgs/lib/tests/modules.sh vendored
View file

@ -415,6 +415,38 @@ NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribu
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.listOf.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedListOf.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
# unique / uniq
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.unique.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedUnique.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.unique.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedUnique.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
# nullOr
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.nullOr.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedNullOr.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.nullOr.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedNullOr.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
# functionTo
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.functionTo.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedFunctionTo.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.functionTo.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedFunctionTo.type.nestedTypes.elemType.functor.wrapped ./deprecated-wrapped.nix
# coercedTo
# Note: test 'nestedTypes.finalType' and 'nestedTypes.coercedType'
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.coercedTo.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.coercedTo.type.nestedTypes.finalType.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.coercedTo.type.nestedTypes.coercedType.functor.wrapped ./deprecated-wrapped.nix
# either
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.either.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedEither.type.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.either.type.nestedTypes.left.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.either.type.nestedTypes.right.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedEither.type.nestedTypes.left.functor.wrapped ./deprecated-wrapped.nix
NIX_ABORT_ON_WARN=1 checkConfigError 'The deprecated `.*functor.wrapped` attribute .*is accessed, use `.*nestedTypes.elemType` instead.' options.mergedEither.type.nestedTypes.right.functor.wrapped ./deprecated-wrapped.nix
# Even with multiple assignments, a type error should be thrown if any of them aren't valid
checkConfigError 'A definition for option .* is not of type .*' \

49
third_party/nixpkgs/lib/tests/modules/deprecated-wrapped.nix vendored
View file

@ -6,6 +6,11 @@ let
# attrsOf uses attrsWith internally
attrsOf
listOf
unique
nullOr
functionTo
coercedTo
either
;
in
{
@ -26,6 +31,38 @@ in
options.mergedListOf = mkOption {
type = listOf (listOf types.str);
};
# unique
options.unique = mkOption {
type = unique { message = ""; } (listOf types.str);
};
options.mergedUnique = mkOption {
type = unique { message = ""; } (listOf types.str);
};
# nullOr
options.nullOr = mkOption {
type = nullOr (listOf types.str);
};
options.mergedNullOr = mkOption {
type = nullOr (listOf types.str);
};
# functionTo
options.functionTo = mkOption {
type = functionTo (listOf types.str);
};
options.mergedFunctionTo = mkOption {
type = functionTo (listOf types.str);
};
# coercedTo
# Note: coercedTo is a non-mergeable option-type
options.coercedTo = mkOption {
type = coercedTo (listOf types.str) lib.id (listOf types.str);
};
options.either = mkOption {
type = either (listOf types.str) (listOf types.str);
};
options.mergedEither = mkOption {
type = either (listOf types.str) (listOf types.str);
};
}
)
# Module B
@ -38,6 +75,18 @@ in
options.mergedListOf = mkOption {
type = listOf (listOf types.str);
};
options.mergedUnique = mkOption {
type = unique { message = ""; } (listOf types.str);
};
options.mergedNullOr = mkOption {
type = nullOr (listOf types.str);
};
options.mergedFunctionTo = mkOption {
type = functionTo (listOf types.str);
};
options.mergedEither = mkOption {
type = either (listOf types.str) (listOf types.str);
};
}
)
];

18
third_party/nixpkgs/lib/tests/nix-for-tests.nix vendored
View file

@ -12,5 +12,21 @@
# See also: https://github.com/NixOS/nix/issues/7582
builtins.mapAttrs (
_: pkg: if builtins.isAttrs pkg then pkg.override { withAWS = false; } else pkg
attr: pkg:
if
# TODO descend in `nixComponents_*` and override `nix-store`. Also
# need to introduce the flag needed to do that with.
#
# This must be done before Nix 2.26 and beyond becomes the default.
!(builtins.elem attr [
"nixComponents_2_26"
"nix_2_26"
"latest"
])
# There may-be non-package things, like functions, in there too
&& builtins.isAttrs pkg
then
pkg.override { withAWS = false; }
else
pkg
) pkgs.nixVersions

0
third_party/nixpkgs/lib/tests/packages-from-directory/a.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/a.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/b.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/b.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/c/my-extra-feature.patch → third_party/nixpkgs/lib/tests/packages-from-directory/plain/c/my-extra-feature.patch vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/c/not-a-namespace/not-a-package.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/c/not-a-namespace/not-a-package.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/c/package.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/c/package.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/c/support-definitions.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/c/support-definitions.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/my-namespace/d.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/my-namespace/d.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/my-namespace/e.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/my-namespace/e.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/my-namespace/f/package.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/my-namespace/f/package.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/my-namespace/my-sub-namespace/g.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/my-namespace/my-sub-namespace/g.nix vendored
View file

0
third_party/nixpkgs/lib/tests/packages-from-directory/my-namespace/my-sub-namespace/h.nix → third_party/nixpkgs/lib/tests/packages-from-directory/plain/my-namespace/my-sub-namespace/h.nix vendored
View file

1
third_party/nixpkgs/lib/tests/packages-from-directory/scope/a.nix vendored Normal file
View file

@ -0,0 +1 @@
{ }: "a"

3
third_party/nixpkgs/lib/tests/packages-from-directory/scope/b.nix vendored Normal file
View file

@ -0,0 +1,3 @@
{ a }:
assert a == "a";
"b"

0
third_party/nixpkgs/lib/tests/packages-from-directory/scope/c/my-extra-feature.patch vendored Normal file
View file

1
third_party/nixpkgs/lib/tests/packages-from-directory/scope/c/not-a-namespace/not-a-package.nix vendored Normal file
View file

@ -0,0 +1 @@
{ }

1
third_party/nixpkgs/lib/tests/packages-from-directory/scope/c/package.nix vendored Normal file
View file

@ -0,0 +1 @@
{ }: "c"

1
third_party/nixpkgs/lib/tests/packages-from-directory/scope/c/support-definitions.nix vendored Normal file
View file

@ -0,0 +1 @@
{ }

5
third_party/nixpkgs/lib/tests/packages-from-directory/scope/my-namespace/d.nix vendored Normal file
View file

@ -0,0 +1,5 @@
{ a, e }:
# Check we can get parameter from the parent scope(s) as well as the current one
assert a == "a";
assert e == "e";
"d"

3
third_party/nixpkgs/lib/tests/packages-from-directory/scope/my-namespace/e.nix vendored Normal file
View file

@ -0,0 +1,3 @@
{ d }:
# Check that mutual recursion is possible
"e"

1
third_party/nixpkgs/lib/tests/packages-from-directory/scope/my-namespace/f/package.nix vendored Normal file
View file

@ -0,0 +1 @@
{ }: "f"

7
third_party/nixpkgs/lib/tests/packages-from-directory/scope/my-namespace/my-sub-namespace/g.nix vendored Normal file
View file

@ -0,0 +1,7 @@
{
a,
d,
h,
}:
# Check we can get parameters from ancestral scopes (e.g. the scope's grandparent)
"g"

1
third_party/nixpkgs/lib/tests/packages-from-directory/scope/my-namespace/my-sub-namespace/h.nix vendored Normal file
View file

@ -0,0 +1 @@
{ }: "h"

38
third_party/nixpkgs/lib/types.nix vendored
View file

@ -75,6 +75,7 @@ let
# Note that individual attributes can be overriden if needed.
elemTypeFunctor = name: { elemType, ... }@payload: {
inherit name payload;
wrappedDeprecationMessage = makeWrappedDeprecationMessage payload;
type = outer_types.types.${name};
binOp = a: b:
let
@ -85,10 +86,10 @@ let
null
else
{ elemType = merged; };
wrappedDeprecationMessage = { loc }: lib.warn ''
The deprecated `${lib.optionalString (loc != null) "type."}functor.wrapped` attribute ${lib.optionalString (loc != null) "of the option `${showOption loc}` "}is accessed, use `${lib.optionalString (loc != null) "type."}nestedTypes.elemType` instead.
'' payload.elemType;
};
makeWrappedDeprecationMessage = payload: { loc }: lib.warn ''
The deprecated `${lib.optionalString (loc != null) "type."}functor.wrapped` attribute ${lib.optionalString (loc != null) "of the option `${showOption loc}` "}is accessed, use `${lib.optionalString (loc != null) "type."}nestedTypes.elemType` instead.
'' payload.elemType;
outer_types =
@ -834,6 +835,15 @@ rec {
};
};
# A value produced by `lib.mkLuaInline`
luaInline = mkOptionType {
name = "luaInline";
description = "inline lua";
descriptionClass = "noun";
check = x: x._type or null == "lua-inline";
merge = mergeEqualOption;
};
uniq = unique { message = ""; };
unique = { message }: type: mkOptionType rec {
@ -844,7 +854,9 @@ rec {
getSubOptions = type.getSubOptions;
getSubModules = type.getSubModules;
substSubModules = m: uniq (type.substSubModules m);
functor = (defaultFunctor name) // { wrapped = type; };
functor = elemTypeFunctor name { elemType = type; } // {
type = payload: types.unique { inherit message; } payload.elemType;
};
nestedTypes.elemType = type;
};
@ -864,7 +876,9 @@ rec {
getSubOptions = elemType.getSubOptions;
getSubModules = elemType.getSubModules;
substSubModules = m: nullOr (elemType.substSubModules m);
functor = (defaultFunctor name) // { wrapped = elemType; };
functor = (elemTypeFunctor name { inherit elemType; }) // {
type = payload: types.nullOr payload.elemType;
};
nestedTypes.elemType = elemType;
};
@ -883,7 +897,9 @@ rec {
getSubOptions = prefix: elemType.getSubOptions (prefix ++ [ "<function body>" ]);
getSubModules = elemType.getSubModules;
substSubModules = m: functionTo (elemType.substSubModules m);
functor = (defaultFunctor "functionTo") // { wrapped = elemType; };
functor = (elemTypeFunctor "functionTo" { inherit elemType; }) // {
type = payload: types.functionTo payload.elemType;
};
nestedTypes.elemType = elemType;
};
@ -1118,13 +1134,13 @@ rec {
then t2.merge loc defs
else mergeOneOption loc defs;
typeMerge = f':
let mt1 = t1.typeMerge (elemAt f'.wrapped 0).functor;
mt2 = t2.typeMerge (elemAt f'.wrapped 1).functor;
let mt1 = t1.typeMerge (elemAt f'.payload.elemType 0).functor;
mt2 = t2.typeMerge (elemAt f'.payload.elemType 1).functor;
in
if (name == f'.name) && (mt1 != null) && (mt2 != null)
then functor.type mt1 mt2
else null;
functor = (defaultFunctor name) // { wrapped = [ t1 t2 ]; };
functor = elemTypeFunctor name { elemType = [ t1 t2 ]; };
nestedTypes.left = t1;
nestedTypes.right = t2;
};
@ -1157,7 +1173,9 @@ rec {
getSubModules = finalType.getSubModules;
substSubModules = m: coercedTo coercedType coerceFunc (finalType.substSubModules m);
typeMerge = t: null;
functor = (defaultFunctor name) // { wrapped = finalType; };
functor = (defaultFunctor name) // {
wrappedDeprecationMessage = makeWrappedDeprecationMessage { elemType = finalType; };
};
nestedTypes.coercedType = coercedType;
nestedTypes.finalType = finalType;
};

186
third_party/nixpkgs/maintainers/maintainer-list.nix vendored
View file

@ -1092,6 +1092,12 @@
githubId = 45104896;
name = "Alexandru Nechita";
};
alexandrutocar = {
email = "at@myquiet.place";
github = "alexandrutocar";
githubId = 65486851;
name = "Alexandru Tocar";
};
alexarice = {
email = "alexrice999@hotmail.co.uk";
github = "alexarice";
@ -2481,6 +2487,11 @@
githubId = 206242;
name = "Andreas Wiese";
};
aware70 = {
name = "aware70";
github = "aware70";
githubId = 7832566;
};
awwpotato = {
email = "awwpotato@voidq.com";
github = "awwpotato";
@ -2885,6 +2896,13 @@
github = "beezow";
githubId = 42082156;
};
bellackn = {
name = "Nico Bellack";
email = "blcknc@pm.me";
github = "bellackn";
githubId = 32039602;
keys = [ { fingerprint = "2B46 58FF 887A 8366 F88B BE92 CF83 0BB3 B973 9A6A"; } ];
};
ben9986 = {
name = "Ben Carmichael";
email = "ben9986.unvmn@passinbox.com";
@ -3621,6 +3639,11 @@
githubId = 200617;
name = "Ben Sima";
};
bstanderline = {
name = "bstanderline";
github = "bstanderline";
githubId = 153822813;
};
btlvr = {
email = "btlvr@protonmail.com";
github = "btlvr";
@ -4182,6 +4205,12 @@
githubId = 1774239;
name = "Charlie Egan";
};
charludo = {
email = "github@charlotteharludo.com";
github = "charludo";
githubId = 47758554;
name = "Charlotte Harludo";
};
chayleaf = {
email = "chayleaf-nix@pavluk.org";
github = "chayleaf";
@ -5083,6 +5112,12 @@
githubId = 202474;
name = "Jens Reimann";
};
curran = {
email = "curran@mercury.com";
github = "curranosaurus";
githubId = 148147150;
name = "Curran McConnell";
};
cust0dian = {
email = "serg@effectful.software";
github = "cust0dian";
@ -6410,7 +6445,7 @@
name = "Sebastian Krohn";
};
drawbu = {
email = "clement2104.boillot@gmail.com";
email = "nixpkgs@drawbu.dev";
github = "drawbu";
githubId = 69208565;
name = "Clément Boillot";
@ -6677,6 +6712,12 @@
githubId = 424946;
name = "James Earl Douglas";
};
EarthGman = {
email = "earthgman@protonmail.com";
name = "EarthGman";
github = "EarthGman";
githubId = 117403037;
};
EBADBEEF = {
name = "EBADBEEF";
email = "errno@ebadf.com";
@ -7095,13 +7136,6 @@
githubId = 13485450;
name = "Emmanuel Rosa";
};
emneo = {
name = "emneo";
email = "emneo@kreog.com";
github = "emneo-dev";
githubId = 44233177;
keys = [ { fingerprint = "5FD0 400D 0E78 EAF9 8431 4880 8EBF C4B9 24C6 2D20"; } ];
};
emptyflask = {
email = "jon@emptyflask.dev";
github = "emptyflask";
@ -7822,6 +7856,12 @@
githubId = 11705326;
name = "Max Kochurov";
};
fettgoenner = {
email = "paulmatti@protonmail.com";
github = "fettgoenner";
githubId = 92429150;
name = "Paul Meinhold";
};
ffinkdevs = {
email = "fink@h0st.space";
github = "ffinkdevs";
@ -10408,6 +10448,7 @@
};
isabelroses = {
email = "isabel@isabelroses.com";
matrix = "@isabel:isabelroses.com";
github = "isabelroses";
githubId = 71222764;
name = "Isabel Roses";
@ -10615,13 +10656,6 @@
github = "jacbart";
githubId = 7909687;
};
jacekpoz = {
name = "Jacek Poziemski";
email = "jacek@poz.pet";
matrix = "@jacek:poz.pet";
github = "jacekpoz";
githubId = 64381190;
};
jacfal = {
name = "Jakub Pravda";
email = "me@jakubpravda.net";
@ -11698,6 +11732,12 @@
github = "jonochang";
githubId = 13179;
};
jonocodes = {
name = "Jono Finger";
email = "jono@foodnotblogs.com";
github = "jonocodes";
githubId = 1310468;
};
jopejoe1 = {
email = "nixpkgs@missing.ninja";
matrix = "@jopejoe1:matrix.org";
@ -13694,6 +13734,13 @@
githubId = 10554636;
name = "Braian A. Diez";
};
linuxwhata = {
email = "linuxwhata@qq.com";
matrix = "@lwa:envs.net";
github = "linuxwhata";
githubId = 68576488;
name = "Zhou Ke";
};
lionello = {
email = "lio@lunesu.com";
github = "lionello";
@ -14249,6 +14296,17 @@
githubId = 7910815;
name = "Alex McGrath";
};
lykos153 = {
email = "silvio.ankermann@cloudandheat.com";
github = "Lykos153";
githubId = 6453662;
name = "Silvio Ankermann";
keys = [
{
fingerprint = "8D47 6294 7205 541C 62A4 9C88 F422 6CA3 971C 4E97";
}
];
};
lyn = {
name = "Lyn";
matrix = "@lynatic:catgirl.cloud";
@ -15145,6 +15203,13 @@
githubId = 158568;
name = "Matthias C. M. Troffaes";
};
mcparland = {
email = "john@mcpar.land";
github = "mcpar-land";
githubId = 55669980;
name = "John McParland";
keys = [ { fingerprint = "39D2 171D D733 C718 DD21 285E B326 E14B 05D8 7A4E"; } ];
};
McSinyx = {
email = "cnx@loang.net";
github = "McSinyx";
@ -15424,16 +15489,10 @@
};
mic92 = {
email = "joerg@thalheim.io";
matrix = "@mic92:nixos.dev";
matrix = "@joerg:thalheim.io";
github = "Mic92";
githubId = 96200;
name = "Jörg Thalheim";
keys = [
{
# compare with https://keybase.io/Mic92
fingerprint = "3DEE 1C55 6E1C 3DC5 54F5 875A 003F 2096 411B 5F92";
}
];
};
michaeladler = {
email = "therisen06@gmail.com";
@ -17324,6 +17383,12 @@
githubId = 7191115;
name = "Nova Leary";
};
novmar = {
email = "novotny@marnov.cz";
github = "novmar";
githubId = 26750149;
name = "Marcel Novotny";
};
novoxd = {
email = "radnovox@gmail.com";
github = "novoxd";
@ -18123,6 +18188,14 @@
githubId = 20342389;
name = "paneku";
};
panchoh = {
name = "pancho horrillo";
email = "pancho@pancho.name";
matrix = "@panchoh:matrix.org";
github = "panchoh";
githubId = 471059;
keys = [ { fingerprint = "4430 F502 8B19 FAF4 A40E C4E8 11E0 447D 4ABB A7D0"; } ];
};
panda2134 = {
email = "me+nixpkgs@panda2134.site";
github = "panda2134";
@ -18657,6 +18730,12 @@
githubId = 88469;
name = "Jaime Breva";
};
phodina = {
email = "phodina@protonmail.com";
github = "phodina";
githubId = 2997905;
name = "Petr Hodina";
};
photex = {
email = "photex@gmail.com";
github = "photex";
@ -19122,6 +19201,13 @@
githubId = 24578572;
name = "Blake North";
};
poz = {
name = "Jacek Poziemski";
email = "poz@poz.pet";
matrix = "@poz:poz.pet";
github = "imnotpoz";
githubId = 64381190;
};
ppenguin = {
name = "Jeroen Versteeg";
email = "hieronymusv@gmail.com";
@ -19507,6 +19593,13 @@
github = "qdlmcfresh";
githubId = 10837173;
};
qf0xb = {
name = "Quirin Brändli";
email = "development@qf0xb.de";
github = "QF0xB";
githubId = 37348361;
keys = [ { fingerprint = "9036 0B7D B6B7 8B75 E901 3D11 3FF8 C23C 46F2 CC90"; } ];
};
qjoly = {
email = "github@une-pause-cafe.fr";
github = "qjoly";
@ -20698,6 +20791,13 @@
keys = [ { fingerprint = "7DCA 5615 8AB2 621F 2F32 9FF4 1C7C E491 479F A273"; } ];
name = "Rahul Butani";
};
rseichter = {
email = "nixos.org@seichter.de";
github = "rseichter";
githubId = 30873939;
keys = [ { fingerprint = "6AE2 A847 23D5 6D98 5B34 0BC0 8E5F A470 9F69 E911"; } ];
name = "Ralph Seichter";
};
rski = {
name = "rski";
email = "rom.skiad+nix@gmail.com";
@ -20974,6 +21074,13 @@
githubId = 7309170;
name = "Ryota Kameoka";
};
rypervenche = {
email = "git@ryper.org";
github = "rypervenche";
githubId = 1411504;
name = "rypervenche";
keys = [ { fingerprint = "1198 7A9F 03AE 47F0 4919 E334 6A41 2C4A ECE1 66EF"; } ];
};
rytone = {
email = "max@ryt.one";
github = "rastertail";
@ -21339,6 +21446,12 @@
githubId = 64630479;
name = "Schweber";
};
SchweGELBin = {
email = "abramjannikmichael06@gmail.com";
name = "Jannik Michael Abram";
github = "SchweGELBin";
githubId = 67663319;
};
sciencentistguy = {
email = "jamie@quigley.xyz";
name = "Jamie Quigley";
@ -21584,6 +21697,12 @@
githubId = 529649;
name = "Raffael Mancini";
};
sepiabrown = {
email = "bboxone@gmail.com";
github = "sepiabrown";
githubId = 35622998;
name = "Suwon Park";
};
seppeljordan = {
email = "sebastian.jordan.mail@googlemail.com";
github = "seppeljordan";
@ -23281,6 +23400,12 @@
}
];
};
taliyahwebb = {
email = "taliyahmail@proton.me";
github = "taliyahwebb";
githubId = 161863235;
name = "Taliyah Webb";
};
talkara = {
email = "taito.horiuchi@relexsolutions.com";
github = "talkara";
@ -24649,6 +24774,12 @@
github = "uku3lig";
githubId = 61147779;
};
ulic-youthlic = {
name = "youthlic";
email = "ulic.youthlic+nixpkgs@gmail.com";
github = "ulic-youthlic";
githubId = 121918198;
};
ulinja = {
email = "julian@lobbes.dev";
github = "ulinja";
@ -25790,6 +25921,17 @@
github = "wraithm";
githubId = 1512913;
};
wrbbz = {
name = "Arsenii Zorin";
email = "me@wrb.bz";
github = "wrbbz";
githubId = 14261606;
keys = [
{ fingerprint = "3724 B33B 0B85 F067 814C DA30 FC77 0786 0149 E41E"; }
{ fingerprint = "A18D 996A D48C 10E8 B985 A219 B43D 995D 2501 1DFA"; }
{ fingerprint = "34DB 8D31 F782 2B61 FF06 9503 8B5C 43DC 9105 2999"; }
];
};
wrmilling = {
name = "Winston R. Milling";
email = "Winston@Milli.ng";

14
third_party/nixpkgs/maintainers/team-list.nix vendored
View file

@ -85,6 +85,7 @@ with lib.maintainers;
beam = {
members = [
adamcstephens
ankhers
Br1ght0ne
DianaOlympos
@ -218,6 +219,7 @@ with lib.maintainers;
cuda = {
members = [
connorbaker
prusnak
samuela
SomeoneSerge
];
@ -330,6 +332,7 @@ with lib.maintainers;
AndersonTorres
adisbladis
linj
panchoh
];
scope = "Maintain the Emacs editor and packages.";
shortName = "Emacs";
@ -594,6 +597,7 @@ with lib.maintainers;
jitsi = {
members = [
cleeyv
novmar
ryantm
lassulus
yayayayaka
@ -760,7 +764,6 @@ with lib.maintainers;
marketing = {
members = [
garbas
tomberek
];
scope = "Marketing of Nix/NixOS/nixpkgs.";
@ -784,7 +787,6 @@ with lib.maintainers;
ma27
fadenb
mguentner
ralith
dandellion
nickcao
teutat3s
@ -810,16 +812,20 @@ with lib.maintainers;
members = [
_9999years
Gabriella439
curran
];
scope = "Group registry for packages maintained by Mercury";
shortName = "Mercury Employees";
};
# same as https://github.com/orgs/NixOS/teams/nix-team
nix = {
members = [
eelco
grahamc
pierron
mic92
tomberek
roberth
ericson2314
];
scope = "Maintain the Nix package manager.";
shortName = "Nix/nix-cli ecosystem";

9
third_party/nixpkgs/nixos/doc/manual/development/option-types.section.md vendored
View file

@ -232,6 +232,13 @@ merging is handled.
definitions cannot be merged. The regular expression is processed
using `builtins.match`.
### Specialised types {#sec-option-types-specialised}
`types.luaInline`
: A string wrapped using `lib.mkLuaInline`. Allows embedding lua expressions
inline within generated lua. Multiple definitions cannot be merged.
## Submodule types {#sec-option-types-submodule}
Submodules are detailed in [Submodule](#section-option-types-submodule).
@ -364,7 +371,7 @@ If the you're interested in can be distinguished without a label, you may simpli
options.destination = mkOption { … };
};
};
ignore = types.mkOption {
drop = types.mkOption {
description = "Drop the packet without sending anything back.";
type = types.submodule {};
};

25
third_party/nixpkgs/nixos/doc/manual/development/settings-options.section.md vendored
View file

@ -402,6 +402,31 @@ have a predefined type and string generator already declared under
: Outputs the given attribute set as an Elixir map, instead of the
default Elixir keyword list
`pkgs.formats.lua { asBindings ? false, multiline ? true, columnWidth ? 100, indentWidth ? 2, indentUsingTabs ? false }`
: A function taking an attribute set with values
`asBindings` (default `false`)
: Whether to treat attributes as variable bindings
`multiline` (default `true`)
: Whether to procude a multiline output. The output may still wrap across
multiple lines if it would otherwise exceed `columnWidth`.
`columnWidth` (default `100`)
: The column width to use to attempt to wrap lines.
`indentWidth` (default `2`)
: The width of a single indentation level.
`indentUsingTabs` (default `false`)
: Whether the indentation should use tabs instead of spaces.
`pkgs.formats.php { finalVariable }` []{#pkgs-formats-php}
: A function taking an attribute set with values

4
third_party/nixpkgs/nixos/doc/manual/development/writing-documentation.chapter.md vendored
View file

@ -11,12 +11,12 @@ The sources of the [](#book-nixos-manual) are in the
[`nixos/doc/manual`](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual)
subdirectory of the Nixpkgs repository.
You can quickly validate your edits with `make`:
You can quickly validate your edits with `devmode`:
```ShellSession
$ cd /path/to/nixpkgs/nixos/doc/manual
$ nix-shell
nix-shell$ devmode
[nix-shell:~]$ devmode
```
Once you are done making modifications to the manual, it's important to

6
third_party/nixpkgs/nixos/doc/manual/redirects.json vendored
View file

@ -1592,6 +1592,9 @@
"sec-option-types-string": [
"index.html#sec-option-types-string"
],
"sec-option-types-specialised": [
"index.html#sec-option-types-specialised"
],
"sec-option-types-submodule": [
"index.html#sec-option-types-submodule"
],
@ -1943,6 +1946,9 @@
"sec-nixpkgs-release-25.05-lib-deprecations": [
"release-notes.html#sec-nixpkgs-release-25.05-lib-deprecations"
],
"sec-nixpkgs-release-25.05-lib-additions-improvements": [
"release-notes.html#sec-nixpkgs-release-25.05-lib-additions-improvements"
],
"sec-release-24.11": [
"release-notes.html#sec-release-24.11"
],

2
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md vendored
View file

@ -101,7 +101,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](#opt-services.invoiceplane.sites._name_.enable).
- [k3b](https://userbase.kde.org/K3b), the KDE disk burning application. Available as [programs.k3b](#opt-programs.k3b.enable).
- [k3b](https://userbase.kde.org/K3b), the KDE disk burning application. Available as programs.k3b.
- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](#opt-programs.k40-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device.

33
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2505.section.md vendored
View file

@ -38,7 +38,7 @@
- The `nixos-generate-config` command now supports a optional `--flake` option, which will generate a flake.nix file alongside the `configuration.nix` and `hardware-configuration.nix`, providing an easy instroduction into flake-based system configurations.
- A `nixos-rebuild build-image` sub-command has been added.
It allows users to build platform-specific (disk) images from their NixOS configurations. `nixos-rebuild build-image` works similar to the popular [nix-community/nixos-generators](https://github.com/nix-community/nixos-generators) project. See new [section on image building in the nixpkgs manual](https://nixos.org/manual/nixpkgs/unstable/#sec-image-nixos-rebuild-build-image). It is also available for `nixos-rebuild-ng`.
It allows users to build platform-specific (disk) images from their NixOS configurations. `nixos-rebuild build-image` works similar to the popular [nix-community/nixos-generators](https://github.com/nix-community/nixos-generators) project. See new [section on image building in the NixOS manual](https://nixos.org/manual/nixos/unstable/#sec-image-nixos-rebuild-build-image). It is also available for `nixos-rebuild-ng`.
- `nixos-option` has been rewritten to a Nix expression called by a simple bash script. This lowers our maintenance threshold, makes eval errors less verbose, adds support for flake-based configurations, descending into `attrsOf` and `listOf` submodule options, and `--show-trace`.
@ -58,6 +58,11 @@
- A new `pkgs.mattermost.buildPlugin` function has been added, which allows plugins to be built from source, including webapp frontends with a supported package-lock.json. See the Mattermost NixOS test and [manual](https://nixos.org/manual/nixpkgs/unstable/#sec-mattermost-plugins-build) for an example.
- Note that the Mattermost module will create an account _without_ a well-known UID if the username differs from the default (`mattermost`). If you used Mattermost with a nonstandard username, you may want to review the module changes before upgrading.
- androidenv has been updated:
- All versions specified in composeAndroidPackages now track latest. Android packages are automatically updated on unstable, and run the androidenv test suite on every update.
- Some androidenv packages are now searchable on [search.nixos.org](https://search.nixos.org).
- We now use the latest Google repositories, which should improve aarch64-darwin compatibility. The SDK now additionally evaluates on aarch64-linux, though not all packages are functional.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## New Modules {#sec-release-25.05-new-modules}
@ -84,6 +89,8 @@
- [Yggdrasil-Jumper](https://github.com/one-d-wide/yggdrasil-jumper) is an independent project that aims to transparently reduce latency of a connection over Yggdrasil network, utilizing NAT traversal to automatically bypass intermediary nodes.
- [xpad-noone](https://github.com/medusalix/xpad-noone) is the original upstream xpad driver from the Linux kernel with support for Xbox One controllers removed especially useful for people who want to use an XBox One controller under the xone driver and an Xbox 360 controller under the xpad driver at the same time. Available as [hardware.xpad-noone](options.html#hardware.xpad-noone).
- [uMurmur](https://umurmur.net), minimalistic Mumble server primarily targeted to run on embedded computers. Available as [services.umurmur](options.html#opt-services.umurmur).
- [Zenoh](https://zenoh.io/), a pub/sub/query protocol with low overhead. The Zenoh router daemon is available as [services.zenohd](options.html#opt-services.zenohd.enable)
@ -114,8 +121,12 @@
- [zwave-js-ui](https://zwave-js.github.io/zwave-js-ui/), a full featured Z-Wave Control Panel and MQTT Gateway. Available as [services.zwave-js-ui](#opt-services.zwave-js-ui.enable).
- [Pinchflat](https://github.com/kieraneglin/pinchflat), a selfhosted YouTube media manager used to track channels and download videos on release. Available as [services.pinchflat](#opt-services.pinchflat.enable).
- [Amazon CloudWatch Agent](https://github.com/aws/amazon-cloudwatch-agent), the official telemetry collector for AWS CloudWatch and AWS X-Ray. Available as [services.amazon-cloudwatch-agent](options.html#opt-services.amazon-cloudwatch-agent.enable).
- [Fluent Bit](https://github.com/fluent/fluent-bit), a fast Log, Metrics and Traces Processor and Forwarder. Available as [services.fluent-bit](#opt-services.fluent-bit.enable).
- [Bat](https://github.com/sharkdp/bat), a {manpage}`cat(1)` clone with wings. Available as [programs.bat](options.html#opt-programs.bat).
- [Autotier](https://github.com/45Drives/autotier), a passthrough FUSE filesystem. Available as [services.autotierfs](options.html#opt-services.autotierfs.enable).
@ -128,6 +139,8 @@
- [cross-seed](https://www.cross-seed.org), a tool to set-up fully automatic cross-seeding of torrents. Available as [services.cross-seed](#opt-services.cross-seed.enable).
- [Froide-Govplan](https://github.com/okfde/froide-govplan), a web application government planer. Available as [services.froide-govplan](#opt-services.froide-govplan.enable).
- [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](options.html#opt-services.agorakit.enable).
- [vivid](https://github.com/sharkdp/vivid), a generator for LS_COLOR. Available as [programs.vivid](#opt-programs.vivid.enable).
@ -202,6 +215,9 @@
- [Pareto Security](https://paretosecurity.com/) is an alternative to corporate compliance solutions for companies that care about security but know it doesn't have to be invasive. Available as [services.paretosecurity](#opt-services.paretosecurity.enable)
- [ipfs-cluster](https://ipfscluster.io/), Pinset orchestration for IPFS. Available as [services.ipfs-cluster](#opt-services.ipfs-cluster.enable)
- [bitbox-bridge](https://github.com/BitBoxSwiss/bitbox-bridge), a bridge software that connects BitBox hardware wallets to computers & web wallets like [Rabby](https://rabby.io/). Allows one to interact & transact with smart contracts, Web3 websites & financial services without storing private keys anywhere other than the hardware wallet. Available as [services.bitbox-bridge](#opt-services.bitbox-bridge.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-25.05-incompatibilities}
@ -216,6 +232,8 @@
- `python3Packages.beancount` was updated to 3.1.0. Previous major version remains available as `python3Packages.beancount_2`.
- `wastebin` has been updated to 3.0.0. See the [Changelog](https://github.com/matze/wastebin/blob/master/CHANGELOG.md#300) for breaking changes to the configuration.
- `binwalk` was updated to 3.1.0, which has been rewritten in rust. The python module is no longer available.
See the release notes of [3.1.0](https://github.com/ReFirmLabs/binwalk/releases/tag/v3.1.0) for more information.
@ -227,6 +245,15 @@
- `pkgs.nextcloud28` has been removed since it's out of support upstream.
- `teleport` has been upgraded from major version 16 to major version 17.
Refer to [upstream upgrade instructions](https://goteleport.com/docs/upgrading/overview/)
and [release notes for v17](https://goteleport.com/docs/changelog/#1701-11152024).
- `services.cloudflare-dyndns.apiTokenFile` now must be just your Cloudflare api token. Previously it was supposed to be a file of the form `CLOUDFLARE_API_TOKEN=...`.
- Emacs lisp build helpers, such as `emacs.pkgs.melpaBuild`, now enables `__structuredAttrs` by default.
Environment variables have to be passed via the `env` attribute.
- `buildGoModule` now passes environment variables via the `env` attribute. `CGO_ENABLED` should now be specified with `env.CGO_ENABLED` when passing to buildGoModule. Direct specification of `CGO_ENABLED` is now redirected by a compatibility layer with a warning, but will become an error in future releases.
Go-related environment variables previously shadowed by `buildGoModule` now results in errors when specified directly. Such variables include `GOOS` and `GOARCH`.
@ -569,6 +596,8 @@
- GOverlay has been updated to 1.2, please check the [upstream changelog](https://github.com/benjamimgois/goverlay/releases) for more details.
- [`services.geoclue2`](#opt-services.geoclue2.enable) now has an `enableStatic` option, which allows the NixOS configuration to specify a fixed location for GeoClue to use.
- [`services.mongodb`](#opt-services.mongodb.enable) is now compatible with the `mongodb-ce` binary package. To make use of it, set [`services.mongodb.package`](#opt-services.mongodb.package) to `pkgs.mongodb-ce`.
- [`services.jupyter`](#opt-services.jupyter.enable) is now compatible with `Jupyter Notebook 7`. See [the migration guide](https://jupyter-notebook.readthedocs.io/en/latest/migrate_to_notebook7.html) for details.
@ -605,6 +634,8 @@
- `services.soft-serve` now restarts upon config change.
- `services.keycloak` now provides a `realmFiles` option that allows to import realms during startup. See https://www.keycloak.org/server/importExport
- `bind.cacheNetworks` now only controls access for recursive queries, where it previously controlled access for all queries.
- [`services.mongodb.enableAuth`](#opt-services.mongodb.enableAuth) now uses the newer [mongosh](https://github.com/mongodb-js/mongosh) shell instead of the legacy shell to configure the initial superuser. You can configure the mongosh package to use through the [`services.mongodb.mongoshPackage`](#opt-services.mongodb.mongoshPackage) option.

7
third_party/nixpkgs/nixos/lib/test-driver/src/test_driver/machine.py vendored
View file

@ -1,6 +1,7 @@
import base64
import io
import os
import platform
import queue
import re
import select
@ -199,7 +200,13 @@ class StartCommand:
allow_reboot: bool = False,
) -> str:
display_opts = ""
display_available = any(x in os.environ for x in ["DISPLAY", "WAYLAND_DISPLAY"])
if platform.system() == "Darwin":
# We have no DISPLAY variables on macOS and seemingly no better way
# to find out
display_available = "TERM_PROGRAM" in os.environ
if not display_available:
display_opts += " -nographic"

2
third_party/nixpkgs/nixos/modules/config/fonts/fontconfig.nix vendored
View file

@ -58,7 +58,7 @@ let
<fontconfig>
<!-- Font directories -->
${lib.concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.packages)}
${lib.optionalString (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) ''
${lib.optionalString (pkgs.stdenv.hostPlatform.emulatorAvailable pkgs.buildPackages) ''
<!-- Pre-generated font caches -->
<cachedir>${cache}</cachedir>
${lib.optionalString (pkgs.stdenv.hostPlatform.isx86_64 && cfg.cache32Bit) ''

2
third_party/nixpkgs/nixos/modules/config/nix-channel.nix vendored
View file

@ -70,7 +70,7 @@ in
defaultChannel = mkOption {
internal = true;
type = types.str;
default = "https://nixos.org/channels/nixos-24.11";
default = "https://nixos.org/channels/nixos-unstable";
description = "Default NixOS channel to which the root user is subscribed.";
};
};

8
third_party/nixpkgs/nixos/modules/config/shells-environment.nix vendored
View file

@ -34,14 +34,18 @@ in
description = ''
A set of environment variables used in the global environment.
These variables will be set on shell initialisation (e.g. in /etc/profile).
The value of each variable can be either a string or a list of
strings. The latter is concatenated, interspersed with colon
characters.
Setting a variable to `null` does nothing. You can override a
variable set by another module to `null` to unset it.
'';
type = with lib.types; attrsOf (oneOf [ (listOf (oneOf [ int str path ])) int str path ]);
type = with lib.types; attrsOf (nullOr (oneOf [ (listOf (oneOf [ int str path ])) int str path ]));
apply = let
toStr = v: if lib.isPath v then "${v}" else toString v;
in lib.mapAttrs (n: v: if lib.isList v then lib.concatMapStringsSep ":" toStr v else toStr v);
in attrs: lib.mapAttrs (n: v: if lib.isList v then lib.concatMapStringsSep ":" toStr v else toStr v) (lib.filterAttrs (n: v: v != null) attrs);
};
environment.profiles = lib.mkOption {

3
third_party/nixpkgs/nixos/modules/config/system-environment.nix vendored
View file

@ -21,6 +21,9 @@ in
list of strings. The latter is concatenated, interspersed with
colon characters.
Setting a variable to `null` does nothing. You can override a
variable set by another module to `null` to unset it.
Note, due to limitations in the PAM format values may not
contain the `"` character.

8
third_party/nixpkgs/nixos/modules/config/xdg/portals/lxqt.nix vendored
View file

@ -27,10 +27,10 @@ in
default = [ ];
example = lib.literalExpression ''
[
pkgs.libsForQt5.qtstyleplugin-kvantum
pkgs.breeze-qt5
pkgs.qtcurve
];
pkgs.libsForQt5.qtstyleplugin-kvantum
pkgs.breeze-qt5
pkgs.qtcurve
];
'';
description = ''
Extra Qt styles that will be available to the

32
third_party/nixpkgs/nixos/modules/hardware/video/nvidia.nix vendored
View file

@ -17,7 +17,7 @@ let
offloadCfg = pCfg.offload;
reverseSyncCfg = pCfg.reverseSync;
primeEnabled = syncCfg.enable || reverseSyncCfg.enable || offloadCfg.enable;
busIDType = lib.types.strMatching "([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?";
busIDType = lib.types.strMatching "([[:print:]]+:[0-9]{1,3}(@[0-9]{1,10})?:[0-9]{1,2}:[0-9])?";
ibtSupport = useOpenModules || (nvidia_x11.ibtSupport or false);
settingsFormat = pkgs.formats.keyValue { };
in
@ -120,30 +120,48 @@ in
prime.nvidiaBusId = lib.mkOption {
type = busIDType;
default = "";
example = "PCI:1:0:0";
example = "PCI:1@0:0:0";
description = ''
Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci
shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".
shows the NVIDIA GPU at "0001:02:03.4", set this option to "PCI:2@1:3:4".
lspci might omit the PCI domain (0001 in above example) if it is zero.
In which case, use "@0" instead.
Please be aware that this option takes decimal address while lspci reports
hexadecimal address. So for device at domain "10000", use "@65536".
'';
};
prime.intelBusId = lib.mkOption {
type = busIDType;
default = "";
example = "PCI:0:2:0";
example = "PCI:0@0:2:0";
description = ''
Bus ID of the Intel GPU. You can find it using lspci; for example if lspci
shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".
shows the Intel GPU at "0001:02:03.4", set this option to "PCI:2@1:3:4".
lspci might omit the PCI domain (0001 in above example) if it is zero.
In which case, use "@0" instead.
Please be aware that this option takes decimal address while lspci reports
hexadecimal address. So for device at domain "10000", use "@65536".
'';
};
prime.amdgpuBusId = lib.mkOption {
type = busIDType;
default = "";
example = "PCI:4:0:0";
example = "PCI:4@0:0:0";
description = ''
Bus ID of the AMD APU. You can find it using lspci; for example if lspci
shows the AMD APU at "04:00.0", set this option to "PCI:4:0:0".
shows the AMD APU at "0001:02:03.4", set this option to "PCI:2@1:3:4".
lspci might omit the PCI domain (0001 in above example) if it is zero.
In which case, use "@0" instead.
Please be aware that this option takes decimal address while lspci reports
hexadecimal address. So for device at domain "10000", use "@65536".
'';
};

25
third_party/nixpkgs/nixos/modules/hardware/xpad-noone.nix vendored Normal file
View file

@ -0,0 +1,25 @@
{
config,
lib,
...
}:
let
cfg = config.hardware.xpad-noone;
in
{
options.hardware.xpad-noone = {
enable = lib.mkEnableOption "The Xpad driver from the Linux kernel with support for Xbox One controllers removed";
};
config = lib.mkIf cfg.enable {
boot = {
blacklistedKernelModules = [ "xpad" ];
extraModulePackages = with config.boot.kernelPackages; [ xpad-noone ];
};
};
meta = {
maintainers = with lib.maintainers; [ Cryolitia ];
};
}

12
third_party/nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix vendored
View file

@ -1,8 +1,8 @@
{
x86_64-linux = "/nix/store/kwck2vdfdp2v4jr9c4daryyk9mlbx406-nix-2.24.12";
i686-linux = "/nix/store/s9qqyxzcgjl7xrfhnnjiiy9v876pcphi-nix-2.24.12";
aarch64-linux = "/nix/store/pmj4g05d4nlr3gcr8nyadgwir3svbkmx-nix-2.24.12";
riscv64-linux = "/nix/store/nzr3m4x3mcnfpnmyap31f9pviwv29vyc-nix-riscv64-unknown-linux-gnu-2.24.12";
x86_64-darwin = "/nix/store/pf6msb0yzccznd75yil32mzk284h90z4-nix-2.24.12";
aarch64-darwin = "/nix/store/vaaakw66qnbw4g007rf2nggy0rmhf8fh-nix-2.24.12";
x86_64-linux = "/nix/store/00a7rdfwhm6avqkgj68grddbzyz3h6ql-nix-2.24.13";
i686-linux = "/nix/store/s6c620v60hfishzi1lbfpryk65lbvg8g-nix-2.24.13";
aarch64-linux = "/nix/store/7yg9is1shh3383iwi6qynz3vh91l1f9d-nix-2.24.13";
riscv64-linux = "/nix/store/fagjkrx5r6p52xp8qb5581bmnlgp01sn-nix-riscv64-unknown-linux-gnu-2.24.13";
x86_64-darwin = "/nix/store/ifby7rrgkkly5pzjnyac90lzvrak3i9y-nix-2.24.13";
aarch64-darwin = "/nix/store/b0rbdp6ba2fprprpgsw1a8pplzg0j324-nix-2.24.13";
}

7
third_party/nixpkgs/nixos/modules/module-list.nix vendored
View file

@ -122,6 +122,7 @@
./hardware/wooting.nix
./hardware/xone.nix
./hardware/xpadneo.nix
./hardware/xpad-noone.nix
./i18n/input-method/default.nix
./i18n/input-method/fcitx5.nix
./i18n/input-method/hime.nix
@ -560,6 +561,7 @@
./services/desktops/system76-scheduler.nix
./services/desktops/telepathy.nix
./services/desktops/tumbler.nix
./services/desktops/wlock.nix
./services/desktops/zeitgeist.nix
./services/development/athens.nix
./services/development/blackfire.nix
@ -611,6 +613,7 @@
./services/hardware/asusd.nix
./services/hardware/auto-cpufreq.nix
./services/hardware/auto-epp.nix
./services/hardware/bitbox-bridge.nix
./services/hardware/bluetooth.nix
./services/hardware/bolt.nix
./services/hardware/brltty.nix
@ -857,6 +860,7 @@
./services/misc/parsoid.nix
./services/misc/persistent-evdev.nix
./services/misc/pghero.nix
./services/misc/pinchflat.nix
./services/misc/pinnwand.nix
./services/misc/plex.nix
./services/misc/plikd.nix
@ -934,6 +938,7 @@
./services/monitoring/das_watchdog.nix
./services/monitoring/datadog-agent.nix
./services/monitoring/do-agent.nix
./services/monitoring/fluent-bit.nix
./services/monitoring/fusion-inventory.nix
./services/monitoring/gatus.nix
./services/monitoring/gitwatch.nix
@ -1016,6 +1021,7 @@
./services/network-filesystems/kubo.nix
./services/network-filesystems/litestream/default.nix
./services/network-filesystems/moosefs.nix
./services/network-filesystems/ipfs-cluster.nix
./services/network-filesystems/netatalk.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/openafs/client.nix
@ -1511,6 +1517,7 @@
./services/web-apps/flarum.nix
./services/web-apps/fluidd.nix
./services/web-apps/freshrss.nix
./services/web-apps/froide-govplan.nix
./services/web-apps/galene.nix
./services/web-apps/gancio.nix
./services/web-apps/gerrit.nix

4
third_party/nixpkgs/nixos/modules/profiles/installation-device.nix vendored
View file

@ -102,10 +102,10 @@ with lib;
stdenv
stdenvNoCC # for runCommand
busybox
jq # for closureInfo
# For boot.initrd.systemd
makeInitrdNGTool
];
]
++ jq.all; # for closureInfo
boot.swraid.enable = true;
# remove warning about unset mail

18
third_party/nixpkgs/nixos/modules/programs/bat.nix vendored
View file

@ -18,6 +18,8 @@ let
nameValuePair
optionalString
types
isBool
boolToString
;
inherit (types) listOf package;
@ -26,6 +28,15 @@ let
settingsFormat = pkgs.formats.keyValue { listsAsDuplicateKeys = true; };
inherit (settingsFormat) generate type;
recursiveToString =
value:
if isList value then
map recursiveToString value
else if isBool value then
boolToString value
else
toString value;
initScript =
{
program,
@ -97,12 +108,7 @@ in
environment = {
systemPackages = [ cfg.package ] ++ cfg.extraPackages;
etc."bat/config".source = generate "bat-config" (
mapAttrs' (
name: value:
nameValuePair ("--" + name) (
if (isList value) then map (str: "\"${str}\"") value else "\"${value}\""
)
) cfg.settings
mapAttrs' (name: value: nameValuePair ("--" + name) (recursiveToString value)) cfg.settings
);
};

7
third_party/nixpkgs/nixos/modules/programs/firefox.nix vendored
View file

@ -118,8 +118,15 @@ in
Some of these might be able to be configured more ergonomically
using policies.
See [here](https://mozilla.github.io/policy-templates/#preferences) for allowed preferences.
${organisationInfo}
'';
example = lib.literalExpression ''
{
"browser.tabs.tabmanager.enabled" = false;
}
'';
};
preferencesStatus = lib.mkOption {

52
third_party/nixpkgs/nixos/modules/programs/k3b.nix vendored
View file

@ -1,50 +1,8 @@
{ config, pkgs, lib, ... }:
{ lib, ... }:
{
# interface
options.programs.k3b = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable k3b, the KDE disk burning application.
Additionally to installing `k3b` enabling this will
add `setuid` wrappers in `/run/wrappers/bin`
for both `cdrdao` and `cdrecord`. On first
run you must manually configure the path of `cdrdae` and
`cdrecord` to correspond to the appropriate paths under
`/run/wrappers/bin` in the "Setup External Programs" menu.
'';
};
};
# implementation
config = lib.mkIf config.programs.k3b.enable {
environment.systemPackages = with pkgs; [
k3b
dvdplusrwtools
cdrdao
cdrtools
];
security.wrappers = {
cdrdao = {
setuid = true;
owner = "root";
group = "cdrom";
permissions = "u+wrx,g+x";
source = "${pkgs.cdrdao}/bin/cdrdao";
};
cdrecord = {
setuid = true;
owner = "root";
group = "cdrom";
permissions = "u+wrx,g+x";
source = "${pkgs.cdrtools}/bin/cdrecord";
};
};
};
imports = [
(lib.mkRemovedOptionModule [ "programs" "k3b" "enable" ]
"Please add kdePackages.k3b to environment.systemPackages instead")
];
}

13
third_party/nixpkgs/nixos/modules/programs/steam.nix vendored
View file

@ -11,7 +11,7 @@ let
in
pkgs.writeShellScriptBin "steam-gamescope" ''
${builtins.concatStringsSep "\n" exports}
gamescope --steam ${builtins.toString cfg.gamescopeSession.args} -- steam -tenfoot -pipewire-dmabuf
gamescope --steam ${builtins.toString cfg.gamescopeSession.args} -- steam ${builtins.toString cfg.gamescopeSession.steamArgs}
'';
gamescopeSessionFile =
@ -160,6 +160,17 @@ in {
Environmental variables to be passed to GameScope for the session.
'';
};
steamArgs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [
"-tenfoot"
"-pipewire-dmabuf"
];
description = ''
Arguments to be passed to Steam for the session.
'';
};
};
};
};

9
third_party/nixpkgs/nixos/modules/programs/streamcontroller.nix vendored
View file

@ -10,7 +10,14 @@ in
{
options.programs.streamcontroller = {
enable = lib.mkEnableOption "StreamController";
package = lib.mkPackageOption pkgs "streamcontroller" { default = [ "streamcontroller" ]; };
package = lib.mkOption {
default = pkgs.streamcontroller.override { isKde = config.services.desktopManager.plasma6.enable; };
defaultText = lib.literalExpression "pkgs.streamcontroller";
type = lib.types.package;
description = ''
The StreamController package to use
'';
};
};
config = lib.mkIf cfg.enable {

3
third_party/nixpkgs/nixos/modules/programs/yabar.nix vendored
View file

@ -79,8 +79,7 @@ in
description = ''
The package which contains the `yabar` binary.
Nixpkgs provides the `yabar` and `yabar-unstable`,
so it's possible to choose.
Nixpkgs offers both a stable (`yabar`) and unstable (`yabar-unstable`) version of Yabar.
'';
};

33
third_party/nixpkgs/nixos/modules/services/databases/postgresql.md vendored
View file

@ -9,7 +9,7 @@
<!-- FIXME: more stuff, like maintainer? -->
PostgreSQL is an advanced, free relational database.
PostgreSQL is an advanced, free, relational database.
<!-- MORE -->
## Configuring {#module-services-postgres-configuring}
@ -67,7 +67,7 @@ name. This can be done with
If the database user name equals the connecting system user name,
postgres by default will accept a passwordless connection via unix
domain socket. This makes it possible to run many postgres-backed
services without creating any database secrets at all
services without creating any database secrets at all.
### Assigning extra permissions {#module-services-postgres-initializing-extra-permissions}
@ -178,7 +178,7 @@ These instructions are also applicable to other versions.
:::
Major PostgreSQL upgrades require a downtime and a few imperative steps to be called. This is the case because
each major version has some internal changes in the databases' state during major releases. Because of that,
each major version has some internal changes in the databases' state. Because of that,
NixOS places the state into {file}`/var/lib/postgresql/&lt;version&gt;` where each `version`
can be obtained like this:
```
@ -203,19 +203,18 @@ For an upgrade, a script like this can be used to simplify the process:
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${cfg.dataDir}"
export OLDBIN="${cfg.package}/bin"
export OLDBIN="${cfg.finalPackage}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
sudo -u postgres $NEWBIN/pg_upgrade \
sudo -u postgres "$NEWBIN/pg_upgrade" \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
--old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \
"$@"
'')
];
@ -224,11 +223,11 @@ For an upgrade, a script like this can be used to simplify the process:
The upgrade process is:
1. Rebuild nixos configuration with the configuration above added to your {file}`configuration.nix`. Alternatively, add that into separate file and reference it in `imports` list.
2. Login as root (`sudo su -`)
3. Run `upgrade-pg-cluster`. It will stop old postgresql, initialize a new one and migrate the old one to the new one. You may supply arguments like `--jobs 4` and `--link` to speedup migration process. See <https://www.postgresql.org/docs/current/pgupgrade.html> for details.
4. Change postgresql package in NixOS configuration to the one you were upgrading to via [](#opt-services.postgresql.package). Rebuild NixOS. This should start new postgres using upgraded data directory and all services you stopped during the upgrade.
5. After the upgrade it's advisable to analyze the new cluster.
1. Add the above to your {file}`configuration.nix` and rebuild. Alternatively, add that into a separate file and reference it in the `imports` list.
2. Login as root (`sudo su -`).
3. Run `upgrade-pg-cluster`. This will stop the old postgresql cluster, initialize a new one and migrate the old one to the new one. You may supply arguments like `--jobs 4` and `--link` to speedup the migration process. See <https://www.postgresql.org/docs/current/pgupgrade.html> for details.
4. Change the postgresql package in NixOS configuration to the one you were upgrading to via [](#opt-services.postgresql.package). Rebuild NixOS. This should start the new postgres version using the upgraded data directory and all services you stopped during the upgrade.
5. After the upgrade it's advisable to analyze the new cluster:
- For PostgreSQL ≥ 14, use the `vacuumdb` command printed by the upgrades script.
- For PostgreSQL < 14, run (as `su -l postgres` in the [](#opt-services.postgresql.dataDir), in this example {file}`/var/lib/postgresql/13`):
@ -273,7 +272,7 @@ A complete list of options for the PostgreSQL module may be found [here](#opt-se
## Plugins {#module-services-postgres-plugins}
Plugins collection for each PostgreSQL version can be accessed with `.pkgs`. For example, for `pkgs.postgresql_15` package, its plugin collection is accessed by `pkgs.postgresql_15.pkgs`:
The collection of plugins for each PostgreSQL version can be accessed with `.pkgs`. For example, for the `pkgs.postgresql_15` package, its plugin collection is accessed by `pkgs.postgresql_15.pkgs`:
```ShellSession
$ nix repl '<nixpkgs>'
@ -301,7 +300,7 @@ To add plugins via NixOS configuration, set `services.postgresql.extensions`:
}
```
You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like:
You can build a custom `postgresql-with-plugins` (to be used outside of NixOS) using the function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like this:
```nix
self: super: {
postgresql_custom = self.postgresql_17.withPackages (ps: [
@ -331,7 +330,7 @@ self: super: {
## JIT (Just-In-Time compilation) {#module-services-postgres-jit}
[JIT](https://www.postgresql.org/docs/current/jit-reason.html)-support in the PostgreSQL package
is disabled by default because of the ~300MiB closure-size increase from the LLVM dependency. It
is disabled by default because of the ~600MiB closure-size increase from the LLVM dependency. It
can be optionally enabled in PostgreSQL with the following config option:
```nix
@ -384,7 +383,7 @@ several common hardening options from `systemd`, most notably:
}
```
The NixOS module also contains necessary adjustments for extensions from `nixpkgs`
The NixOS module also contains necessary adjustments for extensions from `nixpkgs`,
if these are enabled. If an extension or a postgresql feature from `nixpkgs` breaks
with hardening, it's considered a bug.

9
third_party/nixpkgs/nixos/modules/services/desktop-managers/lomiri.nix vendored
View file

@ -202,8 +202,9 @@ in
systemd.user.services =
let
lomiriService = "lomiri.service";
lomiriServiceNames = [
"lomiri.service"
lomiriService
"lomiri-full-greeter.service"
"lomiri-full-shell.service"
"lomiri-greeter.service"
@ -225,9 +226,9 @@ in
"lomiri-polkit-agent" = {
description = "Lomiri Polkit agent";
wantedBy = lomiriServiceNames;
after = [ "graphical-session.target" ];
partOf = lomiriServiceNames;
wantedBy = [ lomiriService ];
after = [ lomiriService ];
partOf = [ lomiriService ];
serviceConfig = {
Type = "simple";
Restart = "always";

81
third_party/nixpkgs/nixos/modules/services/desktops/geoclue2.nix vendored
View file

@ -136,6 +136,48 @@ in
'';
};
enableStatic = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable the static source. This source defines a fixed
location using the `staticLatitude`, `staticLongitude`,
`staticAltitude`, and `staticAccuracy` options.
Setting `enableStatic` to true will disable all other sources, to
prevent conflicts. Use `lib.mkForce true` when enabling other sources
if for some reason you want to override this.
'';
};
staticLatitude = lib.mkOption {
type = lib.types.numbers.between (-90) 90;
description = ''
Latitude to use for the static source. Defaults to `location.latitude`.
'';
};
staticLongitude = lib.mkOption {
type = lib.types.numbers.between (-180) 180;
description = ''
Longitude to use for the static source. Defaults to `location.longitude`.
'';
};
staticAltitude = lib.mkOption {
type = lib.types.number;
description = ''
Altitude in meters to use for the static source.
'';
};
staticAccuracy = lib.mkOption {
type = lib.types.numbers.positive;
description = ''
Accuracy radius in meters to use for the static source.
'';
};
geoProviderUrl = lib.mkOption {
type = lib.types.str;
default = "https://location.services.mozilla.com/v1/geolocate?key=geoclue";
@ -224,6 +266,16 @@ in
groups.geoclue = { };
};
services.geoclue2 = {
enable3G = lib.mkIf cfg.enableStatic false;
enableCDMA = lib.mkIf cfg.enableStatic false;
enableModemGPS = lib.mkIf cfg.enableStatic false;
enableNmea = lib.mkIf cfg.enableStatic false;
enableWifi = lib.mkIf cfg.enableStatic false;
staticLatitude = lib.mkDefault config.location.latitude;
staticLongitude = lib.mkDefault config.location.longitude;
};
systemd.services.geoclue = {
wants = lib.optionals cfg.enableWifi [ "network-online.target" ];
after = lib.optionals cfg.enableWifi [ "network-online.target" ];
@ -284,16 +336,33 @@ in
modem-gps = {
enable = cfg.enableModemGPS;
};
wifi = {
enable = cfg.enableWifi;
url = cfg.geoProviderUrl;
submit-data = lib.boolToString cfg.submitData;
submission-url = cfg.submissionUrl;
submission-nick = cfg.submissionNick;
wifi =
{
enable = cfg.enableWifi;
}
// lib.optionalAttrs cfg.enableWifi {
url = cfg.geoProviderUrl;
submit-data = lib.boolToString cfg.submitData;
submission-url = cfg.submissionUrl;
submission-nick = cfg.submissionNick;
};
static-source = {
enable = cfg.enableStatic;
};
}
// lib.mapAttrs' appConfigToINICompatible cfg.appConfig
);
environment.etc.geolocation = lib.mkIf cfg.enableStatic {
mode = "0440";
group = "geoclue";
text = ''
${toString cfg.staticLatitude}
${toString cfg.staticLongitude}
${toString cfg.staticAltitude}
${toString cfg.staticAccuracy}
'';
};
};
meta = with lib; {

31
third_party/nixpkgs/nixos/modules/services/desktops/wlock.nix vendored Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.wlock;
in
{
options = {
services.wlock = {
enable = lib.mkEnableOption "wlock, a Wayland sessionlocker using the ext-session-lock-v1 protocol";
package = lib.mkPackageOption pkgs "wlock" { };
};
};
config = lib.mkIf cfg.enable {
security.wrappers.wlock = {
owner = "root";
group = "root";
# mirror upstream chmod of 4755
setuid = true;
setgid = false;
source = lib.getExe cfg.package;
};
};
meta.maintainers = [ lib.maintainers.fliegendewurst ];
}

71
third_party/nixpkgs/nixos/modules/services/hardware/bitbox-bridge.nix vendored Normal file
View file

@ -0,0 +1,71 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.bitbox-bridge;
in
{
options = {
services.bitbox-bridge = {
enable = lib.mkEnableOption "Bitbox bridge daemon, for use with Bitbox hardware wallets.";
package = lib.mkPackageOption pkgs "bitbox-bridge" { };
port = lib.mkOption {
type = lib.types.port;
default = 8178;
description = ''
Listening port for the bitbox-bridge.
'';
};
runOnMount = lib.mkEnableOption null // {
default = true;
description = ''
Run bitbox-bridge.service only when hardware wallet is plugged, also registers the systemd device unit.
This option is enabled by default to save power, when false, bitbox-bridge service runs all the time instead.
'';
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
services.udev.packages =
[ cfg.package ]
++ lib.optionals (cfg.runOnMount) [
(pkgs.writeTextFile {
name = "bitbox-bridge-run-on-mount-udev-rules";
destination = "/etc/udev/rules.d/99-bitbox-bridge-run-on-mount.rules";
text = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2403", MODE="0660", GROUP="bitbox", TAG+="systemd", SYMLINK+="bitbox02", ENV{SYSTEMD_WANTS}="bitbox-bridge.service"
'';
})
];
systemd.services.bitbox-bridge = {
description = "BitBox Bridge";
wantedBy = [ "multi-user.target" ];
bindsTo = lib.optionals (cfg.runOnMount) [ "dev-bitbox02.device" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/bitbox-bridge -p ${builtins.toString cfg.port}";
User = "bitbox";
};
};
users.groups.bitbox = { };
users.users.bitbox = {
group = "bitbox";
description = "bitbox-bridge daemon user";
isSystemUser = true;
extraGroups = [ "bitbox" ];
};
};
}

37
third_party/nixpkgs/nixos/modules/services/hardware/bluetooth.nix vendored
View file

@ -2,6 +2,7 @@
config,
lib,
pkgs,
utils,
...
}:
let
@ -9,7 +10,6 @@ let
package = cfg.package;
inherit (lib)
mkDefault
mkEnableOption
mkIf
mkOption
@ -17,10 +17,7 @@ let
mkRenamedOptionModule
mkRemovedOptionModule
concatStringsSep
escapeShellArgs
literalExpression
optional
optionals
optionalAttrs
recursiveUpdate
types
@ -146,10 +143,34 @@ in
{
wantedBy = [ "bluetooth.target" ];
aliases = [ "dbus-org.bluez.service" ];
serviceConfig.ExecStart = [
""
"${package}/libexec/bluetooth/bluetoothd ${escapeShellArgs args}"
];
serviceConfig = {
ExecStart = [
""
"${package}/libexec/bluetooth/bluetoothd ${utils.escapeSystemdExecArgs args}"
];
CapabilityBoundingSet = [
"CAP_NET_BIND_SERVICE" # sockets and tethering
];
NoNewPrivileges = true;
RestrictNamespaces = true;
ProtectControlGroups = true;
MemoryDenyWriteExecute = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
LockPersonality = true;
RestrictRealtime = true;
ProtectProc = "invisible";
PrivateTmp = true;
PrivateUsers = false;
# loading hardware modules
ProtectKernelModules = false;
ProtectKernelTunables = false;
PrivateNetwork = false; # tethering
};
# restarting can leave people without a mouse/keyboard
unitConfig.X-RestartIfChanged = false;
};

2
third_party/nixpkgs/nixos/modules/services/hardware/openrgb.nix vendored
View file

@ -54,6 +54,8 @@ in
systemd.services.openrgb = {
description = "OpenRGB server daemon";
after = [ "network.target" ];
wants = [ "dev-usb.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
StateDirectory = "OpenRGB";

1
third_party/nixpkgs/nixos/modules/services/home-automation/ebusd.nix vendored
View file

@ -73,6 +73,7 @@ in
"main"
"network"
"bus"
"device"
"update"
"other"
];

124
third_party/nixpkgs/nixos/modules/services/misc/homepage-dashboard.nix vendored
View file

@ -192,80 +192,54 @@ in
};
};
config =
let
# If homepage-dashboard is enabled, but none of the configuration values have been updated,
# then default to "unmanaged" configuration which is manually updated in
# var/lib/homepage-dashboard. This is to maintain backwards compatibility, and should be
# deprecated in a future release.
managedConfig =
!(
cfg.bookmarks == [ ]
&& cfg.customCSS == ""
&& cfg.customJS == ""
&& cfg.docker == { }
&& cfg.kubernetes == { }
&& cfg.services == [ ]
&& cfg.settings == { }
&& cfg.widgets == [ ]
);
configDir = if managedConfig then "/etc/homepage-dashboard" else "/var/lib/homepage-dashboard";
msg =
"using unmanaged configuration for homepage-dashboard is deprecated and will be removed"
+ " in 24.05. please see the NixOS documentation for `services.homepage-dashboard' and add"
+ " your bookmarks, services, widgets, and other configuration using the options provided.";
in
lib.mkIf cfg.enable {
warnings = lib.optional (!managedConfig) msg;
environment.etc = lib.mkIf managedConfig {
"homepage-dashboard/custom.css".text = cfg.customCSS;
"homepage-dashboard/custom.js".text = cfg.customJS;
"homepage-dashboard/bookmarks.yaml".source = settingsFormat.generate "bookmarks.yaml" cfg.bookmarks;
"homepage-dashboard/docker.yaml".source = settingsFormat.generate "docker.yaml" cfg.docker;
"homepage-dashboard/kubernetes.yaml".source =
settingsFormat.generate "kubernetes.yaml" cfg.kubernetes;
"homepage-dashboard/services.yaml".source = settingsFormat.generate "services.yaml" cfg.services;
"homepage-dashboard/settings.yaml".source = settingsFormat.generate "settings.yaml" cfg.settings;
"homepage-dashboard/widgets.yaml".source = settingsFormat.generate "widgets.yaml" cfg.widgets;
};
systemd.services.homepage-dashboard = {
description = "Homepage Dashboard";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
HOMEPAGE_CONFIG_DIR = configDir;
NIXPKGS_HOMEPAGE_CACHE_DIR = "/var/cache/homepage-dashboard";
PORT = toString cfg.listenPort;
LOG_TARGETS = lib.mkIf managedConfig "stdout";
};
serviceConfig = {
Type = "simple";
DynamicUser = true;
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
StateDirectory = lib.mkIf (!managedConfig) "homepage-dashboard";
CacheDirectory = "homepage-dashboard";
ExecStart = lib.getExe cfg.package;
Restart = "on-failure";
};
preStart = ''
# Related:
# * https://github.com/NixOS/nixpkgs/issues/346016 ("homepage-dashboard: cache dir is not cleared upon version upgrade")
# * https://github.com/gethomepage/homepage/discussions/4560 ("homepage NixOS package does not clear cache on upgrade leaving broken state")
# * https://github.com/vercel/next.js/discussions/58864 ("Feature Request: Allow configuration of cache dir")
rm -rf "$NIXPKGS_HOMEPAGE_CACHE_DIR"/*
'';
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.listenPort ];
};
config = lib.mkIf cfg.enable {
environment.etc = {
"homepage-dashboard/custom.css".text = cfg.customCSS;
"homepage-dashboard/custom.js".text = cfg.customJS;
"homepage-dashboard/bookmarks.yaml".source = settingsFormat.generate "bookmarks.yaml" cfg.bookmarks;
"homepage-dashboard/docker.yaml".source = settingsFormat.generate "docker.yaml" cfg.docker;
"homepage-dashboard/kubernetes.yaml".source =
settingsFormat.generate "kubernetes.yaml" cfg.kubernetes;
"homepage-dashboard/services.yaml".source = settingsFormat.generate "services.yaml" cfg.services;
"homepage-dashboard/settings.yaml".source = settingsFormat.generate "settings.yaml" cfg.settings;
"homepage-dashboard/widgets.yaml".source = settingsFormat.generate "widgets.yaml" cfg.widgets;
};
systemd.services.homepage-dashboard = {
description = "Homepage Dashboard";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
HOMEPAGE_CONFIG_DIR = "/etc/homepage-dashboard";
NIXPKGS_HOMEPAGE_CACHE_DIR = "/var/cache/homepage-dashboard";
PORT = toString cfg.listenPort;
LOG_TARGETS = "stdout";
};
serviceConfig = {
Type = "simple";
DynamicUser = true;
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
StateDirectory = "homepage-dashboard";
CacheDirectory = "homepage-dashboard";
ExecStart = lib.getExe cfg.package;
Restart = "on-failure";
};
enableStrictShellChecks = true;
# Related:
# * https://github.com/NixOS/nixpkgs/issues/346016 ("homepage-dashboard: cache dir is not cleared upon version upgrade")
# * https://github.com/gethomepage/homepage/discussions/4560 ("homepage NixOS package does not clear cache on upgrade leaving broken state")
# * https://github.com/vercel/next.js/discussions/58864 ("Feature Request: Allow configuration of cache dir")
preStart = ''
rm -rf "''${NIXPKGS_HOMEPAGE_CACHE_DIR:?}"/*
'';
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.listenPort ];
};
};
}

2
third_party/nixpkgs/nixos/modules/services/misc/orthanc.nix vendored
View file

@ -83,7 +83,7 @@ in
};
config = lib.mkIf cfg.enable {
services.orthanc.settings = options.services.orthanc.settings.default;
services.orthanc.settings = opt.settings.default;
systemd.services.orthanc = {
description = "Orthanc is a lightweight, RESTful DICOM server for healthcare and medical research";

158
third_party/nixpkgs/nixos/modules/services/misc/pinchflat.nix vendored Normal file
View file

@ -0,0 +1,158 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.pinchflat;
inherit (lib)
mkEnableOption
mkPackageOption
mkOption
types
mkIf
getExe
literalExpression
optional
attrValues
mapAttrs
;
stateDir = "/var/lib/pinchflat";
in
{
options = {
services.pinchflat = {
enable = mkEnableOption "pinchflat";
mediaDir = mkOption {
type = types.path;
default = "${stateDir}/media";
description = "The directory into which Pinchflat downloads videos.";
};
port = mkOption {
type = types.port;
default = 8945;
description = "Port on which the Pinchflat web interface is available.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for the Pinchflat web interface";
};
selfhosted = mkOption {
type = types.bool;
default = false;
description = "Use a weak secret. If true, you are not required to provide a {env}`SECRET_KEY_BASE` through the `secretsFile` option. Do not use this option in production!";
};
logLevel = mkOption {
type = types.enum [
"debug"
"info"
"warning"
"error"
];
default = "info";
description = "Log level for Pinchflat.";
};
extraConfig = mkOption {
type =
with types;
attrsOf (
nullOr (oneOf [
bool
int
str
])
);
default = { };
example = literalExpression ''
{
YT_DLP_WORKER_CONCURRENCY = 1;
}
'';
description = ''
The configuration of Pinchflat is handled through environment variables.
The available configuration options can be found in [the Pinchflat README](https://github.com/kieraneglin/pinchflat/README.md#environment-variables).
'';
};
secretsFile = mkOption {
type = with types; nullOr path;
default = null;
example = "/run/secrets/pinchflat";
description = ''
Secrets like {env}`SECRET_KEY_BASE` and {env}`BASIC_AUTH_PASSWORD`
should be passed to the service without adding them to the world-readable Nix store.
Note that either this file needs to be available on the host on which `pinchflat` is running,
or the option `selfhosted` must be `true`.
Further, {env}`SECRET_KEY_BASE` has a minimum length requirement of 64 bytes.
One way to generate such a secret is to use `openssl rand -hex 64`.
As an example, the contents of the file might look like this:
```
SECRET_KEY_BASE=...copy-paste a secret token here...
BASIC_AUTH_USERNAME=...basic auth username...
BASIC_AUTH_PASSWORD=...basic auth password...
```
'';
};
package = mkPackageOption pkgs "pinchflat" { };
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.selfhosted || !builtins.isNull cfg.secretsFile;
message = "Either `selfhosted` must be true, or a `secretsFile` must be configured.";
}
];
systemd.services.pinchflat = {
description = "pinchflat";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
DynamicUser = true;
StateDirectory = baseNameOf stateDir;
Environment =
[
"PORT=${builtins.toString cfg.port}"
"TZ=${config.time.timeZone}"
"MEDIA_PATH=${cfg.mediaDir}"
"CONFIG_PATH=${stateDir}"
"DATABASE_PATH=${stateDir}/db/pinchflat.db"
"LOG_PATH=${stateDir}/logs/pinchflat.log"
"METADATA_PATH=${stateDir}/metadata"
"EXTRAS_PATH=${stateDir}/extras"
"TMPFILE_PATH=${stateDir}/tmp"
"TZ_DATA_PATH=${stateDir}/extras/elixir_tz_data"
"LOG_LEVEL=${cfg.logLevel}"
"PHX_SERVER=true"
]
++ optional cfg.selfhosted [ "RUN_CONTEXT=selfhosted" ]
++ attrValues (mapAttrs (name: value: name + "=" + builtins.toString value) cfg.extraConfig);
EnvironmentFile = optional (cfg.secretsFile != null) cfg.secretsFile;
ExecStartPre = "${lib.getExe' cfg.package "migrate"}";
ExecStart = "${getExe cfg.package} start";
Restart = "on-failure";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
};
}

13
third_party/nixpkgs/nixos/modules/services/misc/redmine.nix vendored
View file

@ -395,8 +395,9 @@ in
"d '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/plugins' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/public' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/public/assets' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/public/plugin_assets' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/public/themes' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/themes' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/tmp' 0750 ${cfg.user} ${cfg.group} - -"
"d /run/redmine - - - - -"
@ -405,8 +406,9 @@ in
"L+ /run/redmine/files - - - - ${cfg.stateDir}/files"
"L+ /run/redmine/log - - - - ${cfg.stateDir}/log"
"L+ /run/redmine/plugins - - - - ${cfg.stateDir}/plugins"
"L+ /run/redmine/public/assets - - - - ${cfg.stateDir}/public/assets"
"L+ /run/redmine/public/plugin_assets - - - - ${cfg.stateDir}/public/plugin_assets"
"L+ /run/redmine/public/themes - - - - ${cfg.stateDir}/public/themes"
"L+ /run/redmine/themes - - - - ${cfg.stateDir}/themes"
"L+ /run/redmine/tmp - - - - ${cfg.stateDir}/tmp"
];
@ -434,7 +436,7 @@ in
preStart = ''
rm -rf "${cfg.stateDir}/plugins/"*
rm -rf "${cfg.stateDir}/public/themes/"*
rm -rf "${cfg.stateDir}/themes/"*
# start with a fresh config directory
# the config directory is copied instead of linked as some mutable data is stored in there
@ -452,11 +454,11 @@ in
# link in all user specified themes
for theme in ${concatStringsSep " " (mapAttrsToList unpackTheme cfg.themes)}; do
ln -fs $theme/* "${cfg.stateDir}/public/themes"
ln -fs $theme/* "${cfg.stateDir}/themes"
done
# link in redmine provided themes
ln -sf ${cfg.package}/share/redmine/public/themes.dist/* "${cfg.stateDir}/public/themes/"
ln -sf ${cfg.package}/share/redmine/themes.dist/* "${cfg.stateDir}/themes/"
# link in all user specified plugins
@ -486,6 +488,7 @@ in
${bundle} exec rake db:migrate
${bundle} exec rake redmine:plugins:migrate
${bundle} exec rake redmine:load_default_data
${bundle} exec rake assets:precompile
'';
serviceConfig = {

7
third_party/nixpkgs/nixos/modules/services/misc/snapper.nix vendored
View file

@ -55,10 +55,15 @@ let
};
FSTYPE = lib.mkOption {
type = lib.types.enum [ "btrfs" ];
type = lib.types.enum [
"btrfs"
"bcachefs"
];
default = "btrfs";
description = ''
Filesystem type. Only btrfs is stable and tested.
bcachefs support is experimental.
'';
};

103
third_party/nixpkgs/nixos/modules/services/monitoring/fluent-bit.nix vendored Normal file
View file

@ -0,0 +1,103 @@
{
config,
lib,
pkgs,
utils,
...
}:
let
cfg = config.services.fluent-bit;
yamlFormat = pkgs.formats.yaml { };
in
{
options.services.fluent-bit = {
enable = lib.mkEnableOption "Fluent Bit";
package = lib.mkPackageOption pkgs "fluent-bit" { };
configurationFile = lib.mkOption {
type = lib.types.path;
default = yamlFormat.generate "fluent-bit.yaml" cfg.settings;
defaultText = lib.literalExpression ''yamlFormat.generate "fluent-bit.yaml" cfg.settings'';
description = ''
Fluent Bit configuration. See
<https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/yaml>
for supported values.
{option}`configurationFile` takes precedence over {option}`settings`.
Note: Restricted evaluation blocks access to paths outside the Nix store.
This means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done.
As a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change.
`systemctl restart fluent-bit.service` must be used instead.
'';
example = "/etc/fluent-bit/fluent-bit.yaml";
};
settings = lib.mkOption {
type = yamlFormat.type;
default = { };
description = ''
See {option}`configurationFile`.
{option}`configurationFile` takes precedence over {option}`settings`.
'';
example = {
service = {
grace = 30;
};
pipeline = {
inputs = [
{
name = "systemd";
systemd_filter = "_SYSTEMD_UNIT=fluent-bit.service";
}
];
outputs = [
{
name = "file";
path = "/var/log/fluent-bit";
file = "fluent-bit.out";
}
];
};
};
};
# See https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/yaml/service-section.
graceLimit = lib.mkOption {
type = lib.types.nullOr (
lib.types.oneOf [
lib.types.ints.positive
lib.types.str
]
);
default = null;
description = ''
The grace time limit. Sets the systemd unit's `TimeoutStopSec`.
The `service.grace` option in the Fluent Bit configuration should be this option.
'';
example = 30;
};
};
config = lib.mkIf cfg.enable {
# See https://github.com/fluent/fluent-bit/blob/v3.2.6/init/systemd.in.
systemd.services.fluent-bit = {
description = "Fluent Bit";
after = [ "network.target" ];
requires = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
# See https://nixos.org/manual/nixos/stable#sec-logging.
SupplementaryGroups = "systemd-journal";
ExecStart = utils.escapeSystemdExecArgs [
(lib.getExe cfg.package)
"--config"
cfg.configurationFile
];
Restart = "always";
TimeoutStopSec = lib.mkIf (cfg.graceLimit != null) cfg.graceLimit;
};
};
};
}

27
third_party/nixpkgs/nixos/modules/services/monitoring/scrutiny.nix vendored
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, utils, ... }:
let
inherit (lib) maintainers;
inherit (lib.meta) getExe;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.options) literalExpression mkEnableOption mkOption mkPackageOption;
inherit (lib.types) bool enum nullOr port str submodule;
inherit (utils) genJqSecretsReplacementSnippet;
cfg = config.services.scrutiny;
# Define the settings format used for this program
@ -36,6 +37,11 @@ in
Scrutiny settings to be rendered into the configuration file.
See <https://github.com/AnalogJ/scrutiny/blob/master/example.scrutiny.yaml>.
Options containing secret data should be set to an attribute set
containing the attribute `_secret`. This attribute should be a string
or structured JSON with `quote = false;`, pointing to a file that
contains the value the option should be set to.
'';
default = { };
type = submodule {
@ -130,6 +136,11 @@ in
Collector settings to be rendered into the collector configuration file.
See <https://github.com/AnalogJ/scrutiny/blob/master/example.collector.yaml>.
Options containing secret data should be set to an attribute set
containing the attribute `_secret`. This attribute should be a string
or structured JSON with `quote = false;`, pointing to a file that
contains the value the option should be set to.
'';
default = { };
type = submodule {
@ -177,6 +188,9 @@ in
SCRUTINY_WEB_DATABASE_LOCATION = "/var/lib/scrutiny/scrutiny.db";
SCRUTINY_WEB_SRC_FRONTEND_PATH = "${cfg.package}/share/scrutiny";
};
preStart = ''
${genJqSecretsReplacementSnippet cfg.settings "/run/scrutiny/config.yaml"}
'';
postStart = ''
for i in $(seq 300); do
if "${lib.getExe pkgs.curl}" --fail --silent --head "http://${cfg.settings.web.listen.host}:${toString cfg.settings.web.listen.port}" >/dev/null; then
@ -191,8 +205,10 @@ in
'';
serviceConfig = {
DynamicUser = true;
ExecStart = "${getExe cfg.package} start --config ${settingsFormat.generate "scrutiny.yaml" cfg.settings}";
ExecStart = "${getExe cfg.package} start --config /run/scrutiny/config.yaml";
Restart = "always";
RuntimeDirectory = "scrutiny";
RuntimeDirectoryMode = "0700";
StateDirectory = "scrutiny";
StateDirectoryMode = "0750";
};
@ -216,9 +232,14 @@ in
COLLECTOR_VERSION = "1";
COLLECTOR_API_ENDPOINT = cfg.collector.settings.api.endpoint;
};
preStart = ''
${genJqSecretsReplacementSnippet cfg.collector.settings "/run/scrutiny-collector/config.yaml"}
'';
serviceConfig = {
Type = "oneshot";
ExecStart = "${getExe cfg.collector.package} run --config ${settingsFormat.generate "scrutiny-collector.yaml" cfg.collector.settings}";
ExecStart = "${getExe cfg.collector.package} run --config /run/scrutiny-collector/config.yaml";
RuntimeDirectory = "scrutiny-collector";
RuntimeDirectoryMode = "0700";
};
startAt = cfg.collector.schedule;
};

126
third_party/nixpkgs/nixos/modules/services/network-filesystems/ipfs-cluster.nix vendored Normal file
View file

@ -0,0 +1,126 @@
{
config,
lib,
pkgs,
options,
...
}:
let
cfg = config.services.ipfs-cluster;
# secret is by envvar, not flag
initFlags = toString [
(lib.optionalString (cfg.initPeers != [ ]) "--peers")
(lib.strings.concatStringsSep "," cfg.initPeers)
];
in
{
options = {
services.ipfs-cluster = {
enable = lib.mkEnableOption "Pinset orchestration for IPFS - requires ipfs daemon to be useful";
consensus = lib.mkOption {
type = lib.types.enum [
"raft"
"crdt"
];
description = "Consensus protocol - 'raft' or 'crdt'. https://cluster.ipfs.io/documentation/guides/consensus/";
};
dataDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/ipfs-cluster";
description = "The data dir for ipfs-cluster.";
};
initPeers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Peer addresses to initialize with on first run.";
};
openSwarmPort = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Open swarm port, secured by the cluster secret. This does not expose the API or proxy. https://cluster.ipfs.io/documentation/guides/security/";
};
secretFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
File containing the cluster secret in the format of EnvironmentFile as described by
{manpage}`systemd.exec(5)`. For example:
<programlisting>
CLUSTER_SECRET=<replaceable>...</replaceable>
</programlisting>
If null, a new secret will be generated on first run and stored in the data directory.
A secret in the correct format can also be generated by: `openssl rand -hex 32`
'';
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> config.services.kubo.enable;
message = "ipfs-cluster requires ipfs - configure and enable services.kubo";
}
];
environment.systemPackages = [ pkgs.ipfs-cluster ];
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' - ${config.services.kubo.user} ${config.services.kubo.group} - -"
];
systemd.services.ipfs-cluster-init = {
path = [
"/run/wrappers"
pkgs.ipfs-cluster
];
environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = [
"${lib.getExe' pkgs.ipfs-cluster "ipfs-cluster-service"} init --consensus ${cfg.consensus} ${initFlags}"
];
Type = "oneshot";
RemainAfterExit = true;
User = config.services.kubo.user;
Group = config.services.kubo.group;
EnvironmentFile = lib.mkIf (cfg.secretFile != null) cfg.secretFile;
};
# only run once (= when the data directory is empty)
unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
};
systemd.services.ipfs-cluster = {
environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "multi-user.target" ];
wants = [ "ipfs-cluster-init.service" ];
after = [ "ipfs-cluster-init.service" ];
serviceConfig = {
Type = "notify";
ExecStart = [ "${lib.getExe' pkgs.ipfs-cluster "ipfs-cluster-service"} daemon" ];
User = config.services.kubo.user;
Group = config.services.kubo.group;
};
};
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openSwarmPort [ 9096 ];
};
meta = {
maintainers = with lib.maintainers; [
sorki
];
};
}

52
third_party/nixpkgs/nixos/modules/services/networking/blocky.nix vendored
View file

@ -30,16 +30,56 @@ in
config = lib.mkIf cfg.enable {
systemd.services.blocky = {
description = "A DNS proxy and ad-blocker for the local network";
wantedBy = [ "multi-user.target" ];
wants = [
"network-online.target"
"nss-lookup.target"
];
before = [
"nss-lookup.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
DynamicUser = true;
ExecStart = "${lib.getExe cfg.package} --config ${configFile}";
Restart = "on-failure";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
DynamicUser = true;
ExecStart = "${lib.getExe cfg.package} --config ${configFile}";
LockPersonality = true;
LogsDirectory = "blocky";
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
NonBlocking = true;
PrivateDevices = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
Restart = "on-failure";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RuntimeDirectory = "blocky";
StateDirectory = "blocky";
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"@chown"
"~@aio"
"~@keyring"
"~@memlock"
"~@setuid"
"~@timer"
];
};
};
};
meta.maintainers = with lib.maintainers; [ paepcke ];
}

Some files were not shown because too many files have changed in this diff Show more