Project import generated by Copybara.
GitOrigin-RevId: d9dba88d08a9cdf483c3d45f0d7220cf97a4ce64
This commit is contained in:
parent
07c381ccb7
commit
ffc78d3539
1033 changed files with 53722 additions and 20846 deletions
28
third_party/nixpkgs/.github/workflows/manual-nixos.yml
vendored
Normal file
28
third_party/nixpkgs/.github/workflows/manual-nixos.yml
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
name: "Build NixOS manual"
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
branches:
|
||||
- master
|
||||
paths:
|
||||
- 'nixos/**'
|
||||
|
||||
jobs:
|
||||
nixos:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@v12
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
- uses: cachix/cachix-action@v8
|
||||
with:
|
||||
# This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere.
|
||||
name: nixpkgs-ci
|
||||
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
|
||||
- name: Building NixOS manual
|
||||
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux
|
28
third_party/nixpkgs/.github/workflows/manual-nixpkgs.yml
vendored
Normal file
28
third_party/nixpkgs/.github/workflows/manual-nixpkgs.yml
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
name: "Build Nixpkgs manual"
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
branches:
|
||||
- master
|
||||
paths:
|
||||
- 'doc/**'
|
||||
|
||||
jobs:
|
||||
nixpkgs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@v12
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
- uses: cachix/cachix-action@v8
|
||||
with:
|
||||
# This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere.
|
||||
name: nixpkgs-ci
|
||||
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
|
||||
- name: Building Nixpkgs manual
|
||||
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual
|
|
@ -11,6 +11,10 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase-staging')
|
||||
steps:
|
||||
- uses: peter-evans/create-or-update-comment@v1
|
||||
with:
|
||||
comment-id: ${{ github.event.comment.id }}
|
||||
reactions: eyes
|
||||
- uses: scherermichael-oss/action-has-permission@1.0.6
|
||||
id: check-write-access
|
||||
with:
|
||||
|
|
2
third_party/nixpkgs/COPYING
vendored
2
third_party/nixpkgs/COPYING
vendored
|
@ -1,4 +1,4 @@
|
|||
Copyright (c) 2003-2020 Eelco Dolstra and the Nixpkgs/NixOS contributors
|
||||
Copyright (c) 2003-2021 Eelco Dolstra and the Nixpkgs/NixOS contributors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Cataclysm: Dark Days Ahead
|
||||
# Cataclysm: Dark Days Ahead {#cataclysm-dark-days-ahead}
|
||||
|
||||
## How to install Cataclysm DDA
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ This works just like `runCommand`. The only difference is that it also provides
|
|||
|
||||
Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network roundrip and can speed up a build.
|
||||
|
||||
::: {.note}
|
||||
::: note
|
||||
This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the `system` is usually the same as `builtins.currentSystem`.
|
||||
:::
|
||||
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
---
|
||||
title: Agda
|
||||
author: Alex Rice (alexarice)
|
||||
date: 2020-01-06
|
||||
---
|
||||
# Agda
|
||||
# Agda {#agda}
|
||||
|
||||
## How to use Agda
|
||||
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
---
|
||||
title: Android
|
||||
author: Sander van der Burg
|
||||
date: 2018-11-18
|
||||
---
|
||||
# Android
|
||||
# Android {#android}
|
||||
|
||||
The Android build environment provides three major features and a number of
|
||||
supporting features.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Crystal
|
||||
# Crystal {#crystal}
|
||||
|
||||
## Building a Crystal package
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Emscripten
|
||||
# Emscripten {#emscripten}
|
||||
|
||||
[Emscripten](https://github.com/kripken/emscripten): An LLVM-to-JavaScript Compiler
|
||||
|
||||
|
|
|
@ -1,10 +1,4 @@
|
|||
---
|
||||
title: User's Guide for Haskell in Nixpkgs
|
||||
author: Peter Simons
|
||||
date: 2015-06-01
|
||||
---
|
||||
|
||||
# Haskell
|
||||
# Haskell {#haskell}
|
||||
|
||||
The documentation for the Haskell infrastructure is published at
|
||||
<https://haskell4nix.readthedocs.io/>. The source code for that
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Idris
|
||||
# Idris {#idris}
|
||||
|
||||
## Installing Idris
|
||||
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
---
|
||||
title: iOS
|
||||
author: Sander van der Burg
|
||||
date: 2019-11-10
|
||||
---
|
||||
# iOS
|
||||
# iOS {#ios}
|
||||
|
||||
This component is basically a wrapper/workaround that makes it possible to
|
||||
expose an Xcode installation as a Nix package by means of symlinking to the
|
||||
|
|
|
@ -1,10 +1,4 @@
|
|||
---
|
||||
title: Lua
|
||||
author: Matthieu Coudron
|
||||
date: 2019-02-05
|
||||
---
|
||||
|
||||
# User's Guide to Lua Infrastructure
|
||||
# User's Guide to Lua Infrastructure {#users-guide-to-lua-infrastructure}
|
||||
|
||||
## Using Lua
|
||||
|
||||
|
|
|
@ -1,10 +1,4 @@
|
|||
---
|
||||
title: Maven
|
||||
author: Farid Zakaria
|
||||
date: 2020-10-15
|
||||
---
|
||||
|
||||
# Maven
|
||||
# Maven {#maven}
|
||||
|
||||
Maven is a well-known build tool for the Java ecosystem however it has some challenges when integrating into the Nix build system.
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
Node.js
|
||||
=======
|
||||
# Node.js {#node.js}
|
||||
|
||||
The `pkgs/development/node-packages` folder contains a generated collection of
|
||||
[NPM packages](https://npmjs.com/) that can be installed with the Nix package
|
||||
manager.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Python
|
||||
# Python {#python}
|
||||
|
||||
## User Guide
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
R
|
||||
=
|
||||
# R {#r}
|
||||
|
||||
## Installation
|
||||
|
||||
|
|
|
@ -1,10 +1,4 @@
|
|||
---
|
||||
title: Rust
|
||||
author: Matthias Beyer
|
||||
date: 2017-03-05
|
||||
---
|
||||
|
||||
# Rust
|
||||
# Rust {#rust}
|
||||
|
||||
To install the rust compiler and cargo put
|
||||
|
||||
|
@ -27,16 +21,16 @@ Rust applications are packaged by using the `buildRustPackage` helper from `rust
|
|||
```
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "ripgrep";
|
||||
version = "11.0.2";
|
||||
version = "12.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BurntSushi";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "1iga3320mgi7m853la55xip514a3chqsdi1a1rwv25lr9b1p7vd3";
|
||||
sha256 = "1hqps7l5qrjh9f914r5i6kmcz6f1yb951nv4lby0cjnp5l253kps";
|
||||
};
|
||||
|
||||
cargoSha256 = "17ldqr3asrdcsh4l29m3b5r37r5d0b3npq1lrgjmxb6vlx6a36qh";
|
||||
cargoSha256 = "03wf9r2csi6jpa7v5sw5lpxkrk4wfzwmzx7k3991q3bdjzcwnnwp";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A fast line-oriented regex search tool, similar to ag and ack";
|
||||
|
@ -47,10 +41,31 @@ rustPlatform.buildRustPackage rec {
|
|||
}
|
||||
```
|
||||
|
||||
`buildRustPackage` requires a `cargoSha256` attribute which is computed over
|
||||
all crate sources of this package. Currently it is obtained by inserting a
|
||||
fake checksum into the expression and building the package once. The correct
|
||||
checksum can then be taken from the failed build.
|
||||
`buildRustPackage` requires either the `cargoSha256` or the
|
||||
`cargoHash` attribute which is computed over all crate sources of this
|
||||
package. `cargoHash256` is used for traditional Nix SHA-256 hashes,
|
||||
such as the one in the example above. `cargoHash` should instead be
|
||||
used for [SRI](https://www.w3.org/TR/SRI/) hashes. For example:
|
||||
|
||||
```
|
||||
cargoHash = "sha256-l1vL2ZdtDRxSGvP0X/l3nMw8+6WF67KPutJEzUROjg8=";
|
||||
```
|
||||
|
||||
Both types of hashes are permitted when contributing to nixpkgs. The
|
||||
Cargo hash is obtained by inserting a fake checksum into the
|
||||
expression and building the package once. The correct checksum can
|
||||
then be taken from the failed build. A fake hash can be used for
|
||||
`cargoSha256` as follows:
|
||||
|
||||
```
|
||||
cargoSha256 = stdenv.lib.fakeSha256;
|
||||
```
|
||||
|
||||
For `cargoHash` you can use:
|
||||
|
||||
```
|
||||
cargoHash = stdenv.lib.fakeHash;
|
||||
```
|
||||
|
||||
Per the instructions in the [Cargo Book](https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html)
|
||||
best practices guide, Rust applications should always commit the `Cargo.lock`
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
# TeX Live {#sec-language-texlive}
|
||||
|
||||
Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute `texlive`.
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
---
|
||||
title: Titanium
|
||||
author: Sander van der Burg
|
||||
date: 2018-11-18
|
||||
---
|
||||
# Titanium
|
||||
# Titanium {#titanium}
|
||||
|
||||
The Nixpkgs repository contains facilities to deploy a variety of versions of
|
||||
the [Titanium SDK](https://www.appcelerator.com) versions, a cross-platform
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
---
|
||||
title: User's Guide for Vim in Nixpkgs
|
||||
author: Marc Weber
|
||||
date: 2016-06-25
|
||||
---
|
||||
# Vim
|
||||
# Vim {#vim}
|
||||
|
||||
Both Neovim and Vim can be configured to include your favorite plugins
|
||||
and additional libraries.
|
||||
|
|
8
third_party/nixpkgs/doc/preface.chapter.md
vendored
8
third_party/nixpkgs/doc/preface.chapter.md
vendored
|
@ -1,10 +1,4 @@
|
|||
---
|
||||
title: Preface
|
||||
author: Frederik Rietdijk
|
||||
date: 2015-11-25
|
||||
---
|
||||
|
||||
# Preface
|
||||
# Preface {#preface}
|
||||
|
||||
The Nix Packages collection (Nixpkgs) is a set of thousands of packages for the
|
||||
[Nix package manager](https://nixos.org/nix/), released under a
|
||||
|
|
60
third_party/nixpkgs/lib/licenses.nix
vendored
60
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -817,14 +817,54 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
|
|||
};
|
||||
} // {
|
||||
# TODO: remove legacy aliases
|
||||
agpl3 = lib.licenses.agpl3Only;
|
||||
fdl11 = lib.licenses.fdl11Only;
|
||||
fdl12 = lib.licenses.fdl12Only;
|
||||
fdl13 = lib.licenses.fdl13Only;
|
||||
gpl1 = lib.licenses.gpl1Only;
|
||||
gpl2 = lib.licenses.gpl2Only;
|
||||
gpl3 = lib.licenses.gpl3Only;
|
||||
lgpl2 = lib.licenses.lgpl2Only;
|
||||
lgpl21 = lib.licenses.lgpl21Only;
|
||||
lgpl3 = lib.licenses.lgpl3Only;
|
||||
agpl3 = spdx {
|
||||
spdxId = "AGPL-3.0";
|
||||
fullName = "GNU Affero General Public License v3.0";
|
||||
deprecated = true;
|
||||
};
|
||||
fdl11 = spdx {
|
||||
spdxId = "GFDL-1.1";
|
||||
fullName = "GNU Free Documentation License v1.1";
|
||||
deprecated = true;
|
||||
};
|
||||
fdl12 = spdx {
|
||||
spdxId = "GFDL-1.2";
|
||||
fullName = "GNU Free Documentation License v1.2";
|
||||
deprecated = true;
|
||||
};
|
||||
fdl13 = spdx {
|
||||
spdxId = "GFDL-1.3";
|
||||
fullName = "GNU Free Documentation License v1.3";
|
||||
deprecated = true;
|
||||
};
|
||||
gpl1 = spdx {
|
||||
spdxId = "GPL-1.0";
|
||||
fullName = "GNU General Public License v1.0";
|
||||
deprecated = true;
|
||||
};
|
||||
gpl2 = spdx {
|
||||
spdxId = "GPL-2.0";
|
||||
fullName = "GNU General Public License v2.0";
|
||||
deprecated = true;
|
||||
};
|
||||
gpl3 = spdx {
|
||||
spdxId = "GPL-3.0";
|
||||
fullName = "GNU General Public License v3.0";
|
||||
deprecated = true;
|
||||
};
|
||||
lgpl2 = spdx {
|
||||
spdxId = "LGPL-2.0";
|
||||
fullName = "GNU Library General Public License v2";
|
||||
deprecated = true;
|
||||
};
|
||||
lgpl21 = spdx {
|
||||
spdxId = "LGPL-2.1";
|
||||
fullName = "GNU Lesser General Public License v2.1";
|
||||
deprecated = true;
|
||||
};
|
||||
lgpl3 = spdx {
|
||||
spdxId = "LGPL-3.0";
|
||||
fullName = "GNU Lesser General Public License v3.0";
|
||||
deprecated = true;
|
||||
};
|
||||
}
|
||||
|
|
2
third_party/nixpkgs/lib/systems/default.nix
vendored
2
third_party/nixpkgs/lib/systems/default.nix
vendored
|
@ -124,6 +124,8 @@ rec {
|
|||
then "${qemu-user}/bin/qemu-${final.qemuArch}"
|
||||
else if final.isWasi
|
||||
then "${pkgs.wasmtime}/bin/wasmtime"
|
||||
else if final.isMmix
|
||||
then "${pkgs.mmixware}/bin/mmix"
|
||||
else throw "Don't know how to run ${final.config} executables.";
|
||||
|
||||
} // mapAttrs (n: v: v final.parsed) inspect.predicates
|
||||
|
|
|
@ -490,8 +490,9 @@ rec {
|
|||
|
||||
# ARM
|
||||
else if platform.isAarch32 then let
|
||||
version = platform.parsed.cpu.version or "";
|
||||
in if lib.versionOlder version "6" then sheevaplug
|
||||
version = platform.parsed.cpu.version or null;
|
||||
in if version == null then pcBase
|
||||
else if lib.versionOlder version "6" then sheevaplug
|
||||
else if lib.versionOlder version "7" then raspberrypi
|
||||
else armv7l-hf-multiplatform
|
||||
else if platform.isAarch64 then aarch64-multiplatform
|
||||
|
|
|
@ -70,6 +70,18 @@
|
|||
githubId = 7414843;
|
||||
name = "Nicholas von Klitzing";
|
||||
};
|
||||
_3noch = {
|
||||
email = "eacameron@gmail.com";
|
||||
github = "3noch";
|
||||
githubId = 882455;
|
||||
name = "Elliot Cameron";
|
||||
};
|
||||
_6AA4FD = {
|
||||
email = "f6442954@gmail.com";
|
||||
github = "6AA4FD";
|
||||
githubId = 12578560;
|
||||
name = "Quinn Bohner";
|
||||
};
|
||||
a1russell = {
|
||||
email = "adamlr6+pub@gmail.com";
|
||||
github = "a1russell";
|
||||
|
@ -2867,6 +2879,12 @@
|
|||
githubId = 30512529;
|
||||
name = "Evils";
|
||||
};
|
||||
ewok = {
|
||||
email = "ewok@ewok.ru";
|
||||
github = "ewok";
|
||||
githubId = 454695;
|
||||
name = "Artur Taranchiev";
|
||||
};
|
||||
exfalso = {
|
||||
email = "0slemi0@gmail.com";
|
||||
github = "exfalso";
|
||||
|
@ -3607,6 +3625,12 @@
|
|||
email = "t@larkery.com";
|
||||
name = "Tom Hinton";
|
||||
};
|
||||
hirenashah = {
|
||||
email = "hiren@hiren.io";
|
||||
github = "hirenashah";
|
||||
githubId = 19825977;
|
||||
name = "Hiren Shah";
|
||||
};
|
||||
hjones2199 = {
|
||||
email = "hjones2199@gmail.com";
|
||||
github = "hjones2199";
|
||||
|
@ -3687,6 +3711,12 @@
|
|||
githubId = 2789926;
|
||||
name = "Imran Hossain";
|
||||
};
|
||||
iammrinal0 = {
|
||||
email = "nixpkgs@mrinalpurohit.in";
|
||||
github = "iammrinal0";
|
||||
githubId = 890062;
|
||||
name = "Mrinal";
|
||||
};
|
||||
iand675 = {
|
||||
email = "ian@iankduncan.com";
|
||||
github = "iand675";
|
||||
|
@ -3917,6 +3947,12 @@
|
|||
githubId = 2179419;
|
||||
name = "Arseniy Seroka";
|
||||
};
|
||||
jakeisnt = {
|
||||
name = "Jacob Chvatal";
|
||||
email = "jake@isnt.online";
|
||||
github = "jakeisnt";
|
||||
githubId = 29869612;
|
||||
};
|
||||
jakelogemann = {
|
||||
email = "jake.logemann@gmail.com";
|
||||
github = "jakelogemann";
|
||||
|
@ -5919,6 +5955,12 @@
|
|||
githubId = 1001112;
|
||||
name = "Marcin Janczyk";
|
||||
};
|
||||
mjlbach = {
|
||||
email = "m.j.lbach@gmail.com";
|
||||
github = "mjlbach";
|
||||
githubId = 13316262;
|
||||
name = "Michael Lingelbach";
|
||||
};
|
||||
mjp = {
|
||||
email = "mike@mythik.co.uk";
|
||||
github = "MikePlayle";
|
||||
|
@ -6429,6 +6471,16 @@
|
|||
githubId = 1219785;
|
||||
name = "Félix Baylac-Jacqué";
|
||||
};
|
||||
ninjin = {
|
||||
email = "pontus@stenetorp.se";
|
||||
github = "ninjin";
|
||||
githubId = 354934;
|
||||
name = "Pontus Stenetorp";
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0xD430287500E6483C";
|
||||
fingerprint = "0966 2F9F 3FDA C22B C22E 4CE1 D430 2875 00E6 483C";
|
||||
}];
|
||||
};
|
||||
nioncode = {
|
||||
email = "nioncode+github@gmail.com";
|
||||
github = "nioncode";
|
||||
|
@ -6677,6 +6729,12 @@
|
|||
githubId = 111265;
|
||||
name = "Ozan Sener";
|
||||
};
|
||||
otavio = {
|
||||
email = "otavio.salvador@ossystems.com.br";
|
||||
github = "otavio";
|
||||
githubId = 25278;
|
||||
name = "Otavio Salvador";
|
||||
};
|
||||
otwieracz = {
|
||||
email = "slawek@otwiera.cz";
|
||||
github = "otwieracz";
|
||||
|
@ -9374,6 +9432,12 @@
|
|||
fingerprint = "4D23 ECDF 880D CADF 5ECA 4458 874B D6F9 16FA A742";
|
||||
}];
|
||||
};
|
||||
vel = {
|
||||
email = "llathasa@outlook.com";
|
||||
github = "llathasa-veleth";
|
||||
githubId = 61933599;
|
||||
name = "vel";
|
||||
};
|
||||
velovix = {
|
||||
email = "xaviosx@gmail.com";
|
||||
github = "velovix";
|
||||
|
|
|
@ -14,13 +14,12 @@ fi
|
|||
|
||||
tmp=$(mktemp -d)
|
||||
pushd $tmp >/dev/null
|
||||
wget -nH -r -c --no-parent "${WGET_ARGS[@]}" -A '*.tar.xz.sha256' -A '*.mirrorlist' >/dev/null
|
||||
find -type f -name '*.mirrorlist' -delete
|
||||
wget -nH -r -c --no-parent "${WGET_ARGS[@]}" >/dev/null
|
||||
|
||||
csv=$(mktemp)
|
||||
find . -type f | while read src; do
|
||||
# Sanitize file name
|
||||
filename=$(gawk '{ print $2 }' "$src" | tr '@' '_')
|
||||
filename=$(basename "$src" | tr '@' '_')
|
||||
nameVersion="${filename%.tar.*}"
|
||||
name=$(echo "$nameVersion" | sed -e 's,-[[:digit:]].*,,' | sed -e 's,-opensource-src$,,' | sed -e 's,-everywhere-src$,,')
|
||||
version=$(echo "$nameVersion" | sed -e 's,^\([[:alpha:]][[:alnum:]]*-\)\+,,')
|
||||
|
@ -40,8 +39,8 @@ gawk -F , "{ print \$1 }" $csv | sort | uniq | while read name; do
|
|||
latestVersion=$(echo "$versions" | sort -rV | head -n 1)
|
||||
src=$(gawk -F , "/^$name,$latestVersion,/ { print \$3 }" $csv)
|
||||
filename=$(gawk -F , "/^$name,$latestVersion,/ { print \$4 }" $csv)
|
||||
url="$(dirname "${src:2}")/$filename"
|
||||
sha256=$(gawk '{ print $1 }' "$src")
|
||||
url="${src:2}"
|
||||
sha256=$(nix-hash --type sha256 --base32 --flat "$src")
|
||||
cat >>"$SRCS" <<EOF
|
||||
$name = {
|
||||
version = "$latestVersion";
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
<para>
|
||||
A profile with most (vanilla) hardening options enabled by default,
|
||||
potentially at the cost of features and performance.
|
||||
potentially at the cost of stability, features and performance.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
@ -21,4 +21,12 @@
|
|||
xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">
|
||||
profile source</literal> for further detail on which settings are altered.
|
||||
</para>
|
||||
<warning>
|
||||
<para>
|
||||
This profile enables options that are known to affect system
|
||||
stability. If you experience any stability issues when using the
|
||||
profile, try disabling it. If you report an issue and use this
|
||||
profile, always mention that you do.
|
||||
</para>
|
||||
</warning>
|
||||
</section>
|
||||
|
|
|
@ -168,6 +168,14 @@
|
|||
<literal>/var/lib/powerdns</literal> to <literal>/run/pdns</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
xfsprogs was update from 4.19 to 5.10. It now enables reflink support by default on filesystem creation.
|
||||
Support for reflinks was added with an experimental status to kernel 4.9 and deemed stable in kernel 4.16.
|
||||
If you want to be able to mount XFS filesystems created with this release of xfsprogs on kernel releases older than those, you need to format them
|
||||
with <literal>mkfs.xfs -m reflink=0</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<package>btc1</package> has been abandoned upstream, and removed.
|
||||
|
@ -278,6 +286,16 @@
|
|||
<xref linkend="opt-services.privoxy.enableTor" /> = true;
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>services.tor</literal> module has a new exhaustively typed <xref linkend="opt-services.tor.settings" /> option following RFC 0042; backward compatibility with old options has been preserved when aliasing was possible.
|
||||
The corresponding systemd service has been hardened,
|
||||
but there is a chance that the service still requires more permissions,
|
||||
so please report any related trouble on the bugtracker.
|
||||
Onion services v3 are now supported in <xref linkend="opt-services.tor.relay.onionServices" />.
|
||||
A new <xref linkend="opt-services.tor.openFirewall" /> option as been introduced for allowing connections on all the TCP ports configured.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The options <literal>services.slurm.dbdserver.storagePass</literal>
|
||||
|
@ -287,6 +305,12 @@
|
|||
This avoids that the password gets exposed in the nix store.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>wafHook</literal> hook does not wrap Python anymore.
|
||||
Packages depending on <literal>wafHook</literal> need to include any Python into their <literal>nativeBuildInputs</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Starting with version 1.7.0, the project formerly named <literal>CodiMD</literal>
|
||||
|
@ -295,6 +319,40 @@
|
|||
Based on <xref linkend="opt-system.stateVersion" />, existing installations will continue to work.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<package>fish-foreign-env</package> is now an alias for the
|
||||
<package>fishPlugins.foreign-env</package> package, in which the fish
|
||||
functions have been relocated to the
|
||||
<literal>vendor_functions.d</literal> directory to be loaded automatically.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The prometheus json exporter is now managed by the prometheus community. Together with additional features
|
||||
some backwards incompatibilities were introduced.
|
||||
Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the
|
||||
endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter's
|
||||
<literal>/probe</literal> endpoint.
|
||||
In the prometheus scrape configuration the scrape target might look like this:
|
||||
<programlisting>
|
||||
http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Existing configuration for the exporter needs to be updated, but can partially be re-used.
|
||||
Documentation is available in the upstream repository and a small example for NixOS is available
|
||||
in the corresponding NixOS test.
|
||||
</para>
|
||||
<para>
|
||||
These changes also affect <xref linkend="opt-services.prometheus.exporters.rspamd.enable" />, which is
|
||||
just a preconfigured instance of the json exporter.
|
||||
</para>
|
||||
<para>
|
||||
For more information, take a look at the <link xlink:href="https://github.com/prometheus-community/json_exporter">
|
||||
official documentation</link> of the json_exporter.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
|
|
@ -145,7 +145,8 @@ in
|
|||
'';
|
||||
|
||||
systemd.services.systemd-vconsole-setup =
|
||||
{ before = [ "display-manager.service" ];
|
||||
{
|
||||
before = optional config.services.xserver.enable "display-manager.service";
|
||||
after = [ "systemd-udev-settle.service" ];
|
||||
restartTriggers = [ vconsoleConf consoleEnv ];
|
||||
};
|
||||
|
|
|
@ -227,6 +227,15 @@ foreach my $u (@{$spec->{users}}) {
|
|||
$u->{hashedPassword} = hashPassword($u->{password});
|
||||
}
|
||||
|
||||
if (!defined $u->{shell}) {
|
||||
if (defined $existing) {
|
||||
$u->{shell} = $existing->{shell};
|
||||
} else {
|
||||
warn "warning: no declarative or previous shell for ‘$name’, setting shell to nologin\n";
|
||||
$u->{shell} = "/run/current-system/sw/bin/nologin";
|
||||
}
|
||||
}
|
||||
|
||||
$u->{fakePassword} = $existing->{fakePassword} // "x";
|
||||
$usersOut{$name} = $u;
|
||||
|
||||
|
|
|
@ -153,7 +153,7 @@ let
|
|||
};
|
||||
|
||||
shell = mkOption {
|
||||
type = types.either types.shellPackage types.path;
|
||||
type = types.nullOr (types.either types.shellPackage types.path);
|
||||
default = pkgs.shadow;
|
||||
defaultText = "pkgs.shadow";
|
||||
example = literalExample "pkgs.bashInteractive";
|
||||
|
|
67
third_party/nixpkgs/nixos/modules/hardware/opentabletdriver.nix
vendored
Normal file
67
third_party/nixpkgs/nixos/modules/hardware/opentabletdriver.nix
vendored
Normal file
|
@ -0,0 +1,67 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.hardware.opentabletdriver;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
hardware.opentabletdriver = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enable OpenTabletDriver udev rules, user service and blacklist kernel
|
||||
modules known to conflict with OpenTabletDriver.
|
||||
'';
|
||||
};
|
||||
|
||||
blacklistedKernelModules = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "hid-uclogic" "wacom" ];
|
||||
description = ''
|
||||
Blacklist of kernel modules known to conflict with OpenTabletDriver.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.opentabletdriver;
|
||||
defaultText = "pkgs.opentabletdriver";
|
||||
description = ''
|
||||
OpenTabletDriver derivation to use.
|
||||
'';
|
||||
};
|
||||
|
||||
daemon = {
|
||||
enable = mkOption {
|
||||
default = true;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to start OpenTabletDriver daemon as a systemd user service.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
services.udev.packages = [ cfg.package ];
|
||||
|
||||
boot.blacklistedKernelModules = cfg.blacklistedKernelModules;
|
||||
|
||||
systemd.user.services.opentabletdriver = with pkgs; mkIf cfg.daemon.enable {
|
||||
description = "Open source, cross-platform, user-mode tablet driver";
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
partOf = [ "graphical-session.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${cfg.package}/bin/otd-daemon -c ${cfg.package}/lib/OpenTabletDriver/Configurations";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -17,8 +17,7 @@
|
|||
# The serial ports listed here are:
|
||||
# - ttyS0: for Tegra (Jetson TX1)
|
||||
# - ttyAMA0: for QEMU's -machine virt
|
||||
# Also increase the amount of CMA to ensure the virtual console on the RPi3 works.
|
||||
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
|
||||
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
# Allows early (earlier) modesetting for the Raspberry Pi
|
||||
|
@ -30,13 +29,25 @@
|
|||
sdImage = {
|
||||
populateFirmwareCommands = let
|
||||
configTxt = pkgs.writeText "config.txt" ''
|
||||
[pi3]
|
||||
kernel=u-boot-rpi3.bin
|
||||
|
||||
[pi4]
|
||||
kernel=u-boot-rpi4.bin
|
||||
enable_gic=1
|
||||
armstub=armstub8-gic.bin
|
||||
|
||||
# Otherwise the resolution will be weird in most cases, compared to
|
||||
# what the pi3 firmware does by default.
|
||||
disable_overscan=1
|
||||
|
||||
[all]
|
||||
# Boot in 64-bit mode.
|
||||
arm_64bit=1
|
||||
|
||||
# U-Boot used to need this to work, regardless of whether UART is actually used or not.
|
||||
# TODO: check when/if this can be removed.
|
||||
# U-Boot needs this to work, regardless of whether UART is actually used or not.
|
||||
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
|
||||
# a requirement in the future.
|
||||
enable_uart=1
|
||||
|
||||
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
|
||||
|
@ -45,8 +56,17 @@
|
|||
'';
|
||||
in ''
|
||||
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
|
||||
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
|
||||
|
||||
# Add the config
|
||||
cp ${configTxt} firmware/config.txt
|
||||
|
||||
# Add pi3 specific files
|
||||
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
|
||||
|
||||
# Add pi4 specific files
|
||||
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
|
||||
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
|
||||
'';
|
||||
populateRootCommands = ''
|
||||
mkdir -p ./files/boot
|
||||
|
|
|
@ -3,36 +3,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../profiles/base.nix
|
||||
../../profiles/installation-device.nix
|
||||
./sd-image.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.raspberryPi.enable = true;
|
||||
boot.loader.raspberryPi.version = 4;
|
||||
imports = [ ./sd-image-aarch64.nix ];
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||
|
||||
boot.consoleLogLevel = lib.mkDefault 7;
|
||||
|
||||
sdImage = {
|
||||
firmwareSize = 128;
|
||||
firmwarePartitionName = "NIXOS_BOOT";
|
||||
# This is a hack to avoid replicating config.txt from boot.loader.raspberryPi
|
||||
populateFirmwareCommands =
|
||||
"${config.system.build.installBootLoader} ${config.system.build.toplevel} -d ./firmware";
|
||||
# As the boot process is done entirely in the firmware partition.
|
||||
populateRootCommands = "";
|
||||
};
|
||||
|
||||
fileSystems."/boot/firmware" = {
|
||||
# This effectively "renames" the attrsOf entry set in sd-image.nix
|
||||
mountPoint = "/boot";
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
# the installation media is also the installation target,
|
||||
# so we don't want to provide the installation configuration.nix.
|
||||
installer.cloneConfig = false;
|
||||
}
|
||||
|
|
|
@ -104,7 +104,7 @@ in
|
|||
'';
|
||||
|
||||
# Some more help text.
|
||||
services.mingetty.helpLine =
|
||||
services.getty.helpLine =
|
||||
''
|
||||
|
||||
Log in as "root" with an empty password. ${
|
||||
|
|
|
@ -122,7 +122,7 @@ in
|
|||
device = "/dev/something";
|
||||
};
|
||||
|
||||
services.mingetty = {
|
||||
services.getty = {
|
||||
# Some more help text.
|
||||
helpLine = ''
|
||||
Log in as "root" with an empty password. ${
|
||||
|
|
|
@ -69,6 +69,9 @@ mount --rbind /sys "$mountPoint/sys"
|
|||
|
||||
# Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings.
|
||||
LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" chroot "$mountPoint" "$system/activate" 1>&2 || true
|
||||
|
||||
# Create /tmp
|
||||
chroot "$mountPoint" systemd-tmpfiles --create --remove --exclude-prefix=/dev 1>&2 || true
|
||||
)
|
||||
|
||||
exec chroot "$mountPoint" "${command[@]}"
|
||||
|
|
|
@ -261,7 +261,7 @@ in
|
|||
++ optionals cfg.doc.enable ([ manual.manualHTML nixos-help ]
|
||||
++ optionals config.services.xserver.enable [ pkgs.nixos-icons ]);
|
||||
|
||||
services.mingetty.helpLine = mkIf cfg.doc.enable (
|
||||
services.getty.helpLine = mkIf cfg.doc.enable (
|
||||
"\nRun 'nixos-help' for the NixOS manual."
|
||||
);
|
||||
})
|
||||
|
|
|
@ -66,6 +66,7 @@
|
|||
./hardware/tuxedo-keyboard.nix
|
||||
./hardware/usb-wwan.nix
|
||||
./hardware/onlykey.nix
|
||||
./hardware/opentabletdriver.nix
|
||||
./hardware/wooting.nix
|
||||
./hardware/uinput.nix
|
||||
./hardware/video/amdgpu.nix
|
||||
|
@ -141,6 +142,7 @@
|
|||
./programs/light.nix
|
||||
./programs/mosh.nix
|
||||
./programs/mininet.nix
|
||||
./programs/msmtp.nix
|
||||
./programs/mtr.nix
|
||||
./programs/nano.nix
|
||||
./programs/neovim.nix
|
||||
|
@ -538,6 +540,7 @@
|
|||
./services/monitoring/do-agent.nix
|
||||
./services/monitoring/fusion-inventory.nix
|
||||
./services/monitoring/grafana.nix
|
||||
./services/monitoring/grafana-image-renderer.nix
|
||||
./services/monitoring/grafana-reporter.nix
|
||||
./services/monitoring/graphite.nix
|
||||
./services/monitoring/hdaps.nix
|
||||
|
@ -743,6 +746,7 @@
|
|||
./services/networking/skydns.nix
|
||||
./services/networking/shadowsocks.nix
|
||||
./services/networking/shairport-sync.nix
|
||||
./services/networking/shellhub-agent.nix
|
||||
./services/networking/shorewall.nix
|
||||
./services/networking/shorewall6.nix
|
||||
./services/networking/shout.nix
|
||||
|
@ -848,7 +852,7 @@
|
|||
./services/torrent/peerflix.nix
|
||||
./services/torrent/rtorrent.nix
|
||||
./services/torrent/transmission.nix
|
||||
./services/ttys/agetty.nix
|
||||
./services/ttys/getty.nix
|
||||
./services/ttys/gpm.nix
|
||||
./services/ttys/kmscon.nix
|
||||
./services/wayland/cage.nix
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# A profile with most (vanilla) hardening options enabled by default,
|
||||
# potentially at the cost of features and performance.
|
||||
# potentially at the cost of stability, features and performance.
|
||||
#
|
||||
# This profile enables options that are known to affect system
|
||||
# stability. If you experience any stability issues when using the
|
||||
# profile, try disabling it. If you report an issue and use this
|
||||
# profile, always mention that you do.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
|
|
|
@ -45,10 +45,10 @@ with lib;
|
|||
};
|
||||
|
||||
# Automatically log in at the virtual consoles.
|
||||
services.mingetty.autologinUser = "nixos";
|
||||
services.getty.autologinUser = "nixos";
|
||||
|
||||
# Some more help text.
|
||||
services.mingetty.helpLine = ''
|
||||
services.getty.helpLine = ''
|
||||
The "nixos" and "root" accounts have empty passwords.
|
||||
|
||||
An ssh daemon is running. You then must set a password
|
||||
|
|
|
@ -27,8 +27,8 @@ if (!defined $res || scalar @$res == 0) {
|
|||
my $package = @$res[0]->{package};
|
||||
if ($ENV{"NIX_AUTO_INSTALL"} // "") {
|
||||
print STDERR <<EOF;
|
||||
The program ‘$program’ is currently not installed. It is provided by
|
||||
the package ‘$package’, which I will now install for you.
|
||||
The program '$program' is currently not installed. It is provided by
|
||||
the package '$package', which I will now install for you.
|
||||
EOF
|
||||
;
|
||||
exit 126 if system("nix-env", "-iA", "nixos.$package") == 0;
|
||||
|
@ -36,16 +36,17 @@ EOF
|
|||
exec("nix-shell", "-p", $package, "--run", shell_quote("exec", @ARGV));
|
||||
} else {
|
||||
print STDERR <<EOF;
|
||||
The program ‘$program’ is currently not installed. You can install it by typing:
|
||||
nix-env -iA nixos.$package
|
||||
The program '$program' is not in your PATH. You can make it available in an
|
||||
ephemeral shell by typing:
|
||||
nix-shell -p $package
|
||||
EOF
|
||||
}
|
||||
} else {
|
||||
print STDERR <<EOF;
|
||||
The program ‘$program’ is currently not installed. It is provided by
|
||||
several packages. You can install it by typing one of the following:
|
||||
The program '$program' is not in your PATH. It is provided by several packages.
|
||||
You can make it available in an ephemeral shell by typing one of the following:
|
||||
EOF
|
||||
print STDERR " nix-env -iA nixos.$_->{package}\n" foreach @$res;
|
||||
print STDERR " nix-shell -p $_->{package}\n" foreach @$res;
|
||||
}
|
||||
|
||||
exit 127;
|
||||
|
|
|
@ -112,7 +112,7 @@ in
|
|||
environment.etc."fish/nixos-env-preinit.fish".text = ''
|
||||
# This happens before $__fish_datadir/config.fish sets fish_function_path, so it is currently
|
||||
# unset. We set it and then completely erase it, leaving its configuration to $__fish_datadir/config.fish
|
||||
set fish_function_path ${pkgs.fish-foreign-env}/share/fish-foreign-env/functions $__fish_datadir/functions
|
||||
set fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d $__fish_datadir/functions
|
||||
|
||||
# source the NixOS environment config
|
||||
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]
|
||||
|
@ -128,7 +128,7 @@ in
|
|||
|
||||
# if we haven't sourced the general config, do it
|
||||
if not set -q __fish_nixos_general_config_sourced
|
||||
set fish_function_path ${pkgs.fish-foreign-env}/share/fish-foreign-env/functions $fish_function_path
|
||||
set --prepend fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d
|
||||
fenv source /etc/fish/foreign-env/shellInit > /dev/null
|
||||
set -e fish_function_path[1]
|
||||
|
||||
|
@ -142,7 +142,7 @@ in
|
|||
# if we haven't sourced the login config, do it
|
||||
status --is-login; and not set -q __fish_nixos_login_config_sourced
|
||||
and begin
|
||||
set fish_function_path ${pkgs.fish-foreign-env}/share/fish-foreign-env/functions $fish_function_path
|
||||
set --prepend fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d
|
||||
fenv source /etc/fish/foreign-env/loginShellInit > /dev/null
|
||||
set -e fish_function_path[1]
|
||||
|
||||
|
@ -158,7 +158,7 @@ in
|
|||
and begin
|
||||
${fishAliases}
|
||||
|
||||
set fish_function_path ${pkgs.fish-foreign-env}/share/fish-foreign-env/functions $fish_function_path
|
||||
set --prepend fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d
|
||||
fenv source /etc/fish/foreign-env/interactiveShellInit > /dev/null
|
||||
set -e fish_function_path[1]
|
||||
|
||||
|
|
104
third_party/nixpkgs/nixos/modules/programs/msmtp.nix
vendored
Normal file
104
third_party/nixpkgs/nixos/modules/programs/msmtp.nix
vendored
Normal file
|
@ -0,0 +1,104 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.programs.msmtp;
|
||||
|
||||
in {
|
||||
meta.maintainers = with maintainers; [ pacien ];
|
||||
|
||||
options = {
|
||||
programs.msmtp = {
|
||||
enable = mkEnableOption "msmtp - an SMTP client";
|
||||
|
||||
setSendmail = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to set the system sendmail to msmtp's.
|
||||
'';
|
||||
};
|
||||
|
||||
defaults = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
example = {
|
||||
aliases = "/etc/aliases";
|
||||
port = 587;
|
||||
tls = true;
|
||||
};
|
||||
description = ''
|
||||
Default values applied to all accounts.
|
||||
See msmtp(1) for the available options.
|
||||
'';
|
||||
};
|
||||
|
||||
accounts = mkOption {
|
||||
type = with types; attrsOf attrs;
|
||||
default = {};
|
||||
example = {
|
||||
"default" = {
|
||||
host = "smtp.example";
|
||||
auth = true;
|
||||
user = "someone";
|
||||
passwordeval = "cat /secrets/password.txt";
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
Named accounts and their respective configurations.
|
||||
The special name "default" allows a default account to be defined.
|
||||
See msmtp(1) for the available options.
|
||||
|
||||
Use `programs.msmtp.extraConfig` instead of this attribute set-based
|
||||
option if ordered account inheritance is needed.
|
||||
|
||||
It is advised to use the `passwordeval` setting to read the password
|
||||
from a secret file to avoid having it written in the world-readable
|
||||
nix store. The password file must end with a newline (`\n`).
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra lines to add to the msmtp configuration verbatim.
|
||||
See msmtp(1) for the syntax and available options.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.msmtp ];
|
||||
|
||||
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
|
||||
program = "sendmail";
|
||||
source = "${pkgs.msmtp}/bin/sendmail";
|
||||
setuid = false;
|
||||
setgid = false;
|
||||
};
|
||||
|
||||
environment.etc."msmtprc".text = let
|
||||
mkValueString = v:
|
||||
if v == true then "on"
|
||||
else if v == false then "off"
|
||||
else generators.mkValueStringDefault {} v;
|
||||
mkKeyValueString = k: v: "${k} ${mkValueString v}";
|
||||
mkInnerSectionString =
|
||||
attrs: concatStringsSep "\n" (mapAttrsToList mkKeyValueString attrs);
|
||||
mkAccountString = name: attrs: ''
|
||||
account ${name}
|
||||
${mkInnerSectionString attrs}
|
||||
'';
|
||||
in ''
|
||||
defaults
|
||||
${mkInnerSectionString cfg.defaults}
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList mkAccountString cfg.accounts)}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -162,15 +162,16 @@ in
|
|||
(mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
|
||||
];
|
||||
|
||||
environment.etc."ssmtp/ssmtp.conf".source =
|
||||
let
|
||||
toStr = value:
|
||||
# careful here: ssmtp REQUIRES all config lines to end with a newline char!
|
||||
environment.etc."ssmtp/ssmtp.conf".text = with generators; toKeyValue {
|
||||
mkKeyValue = mkKeyValueDefault {
|
||||
mkValueString = value:
|
||||
if value == true then "YES"
|
||||
else if value == false then "NO"
|
||||
else builtins.toString value
|
||||
else mkValueStringDefault {} value
|
||||
;
|
||||
in
|
||||
pkgs.writeText "ssmtp.conf" (concatStringsSep "\n" (mapAttrsToList (key: value: "${key}=${toStr value}") cfg.settings));
|
||||
} "=";
|
||||
} cfg.settings;
|
||||
|
||||
environment.systemPackages = [pkgs.ssmtp];
|
||||
|
||||
|
|
|
@ -394,7 +394,7 @@ let
|
|||
${optionalString cfg.requireWheel
|
||||
"auth required pam_wheel.so use_uid"}
|
||||
${optionalString cfg.logFailures
|
||||
"auth required pam_tally.so"}
|
||||
"auth required pam_faillock.so"}
|
||||
${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
|
||||
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"}
|
||||
${optionalString cfg.fprintAuth
|
||||
|
|
|
@ -5,7 +5,7 @@ with lib;
|
|||
let
|
||||
dataDir = "/var/lib/matrix-appservice-discord";
|
||||
registrationFile = "${dataDir}/discord-registration.yaml";
|
||||
appDir = "${pkgs.matrix-appservice-discord}/lib/node_modules/matrix-appservice-discord";
|
||||
appDir = "${pkgs.matrix-appservice-discord}/${pkgs.matrix-appservice-discord.passthru.nodeAppDir}";
|
||||
cfg = config.services.matrix-appservice-discord;
|
||||
# TODO: switch to configGen.json once RFC42 is implemented
|
||||
settingsFile = pkgs.writeText "matrix-appservice-discord-settings.json" (builtins.toJSON cfg.settings);
|
||||
|
@ -22,12 +22,6 @@ in {
|
|||
default = {
|
||||
database = {
|
||||
filename = "${dataDir}/discord.db";
|
||||
|
||||
# TODO: remove those old config keys once the following issues are solved:
|
||||
# * https://github.com/Half-Shot/matrix-appservice-discord/issues/490
|
||||
# * https://github.com/Half-Shot/matrix-appservice-discord/issues/498
|
||||
userStorePath = "${dataDir}/user-store.db";
|
||||
roomStorePath = "${dataDir}/room-store.db";
|
||||
};
|
||||
|
||||
# empty values necessary for registration file generation
|
||||
|
|
150
third_party/nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix
vendored
Normal file
150
third_party/nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix
vendored
Normal file
|
@ -0,0 +1,150 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.grafana-image-renderer;
|
||||
|
||||
format = pkgs.formats.json { };
|
||||
|
||||
configFile = format.generate "grafana-image-renderer-config.json" cfg.settings;
|
||||
in {
|
||||
options.services.grafana-image-renderer = {
|
||||
enable = mkEnableOption "grafana-image-renderer";
|
||||
|
||||
chromium = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
The chromium to use for image rendering.
|
||||
'';
|
||||
};
|
||||
|
||||
verbose = mkEnableOption "verbosity for the service";
|
||||
|
||||
provisionGrafana = mkEnableOption "Grafana configuration for grafana-image-renderer";
|
||||
|
||||
settings = mkOption {
|
||||
type = types.submodule {
|
||||
freeformType = format.type;
|
||||
|
||||
options = {
|
||||
service = {
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8081;
|
||||
description = ''
|
||||
The TCP port to use for the rendering server.
|
||||
'';
|
||||
};
|
||||
logging.level = mkOption {
|
||||
type = types.enum [ "error" "warning" "info" "debug" ];
|
||||
default = "info";
|
||||
description = ''
|
||||
The log-level of the <filename>grafana-image-renderer.service</filename>-unit.
|
||||
'';
|
||||
};
|
||||
};
|
||||
rendering = {
|
||||
width = mkOption {
|
||||
default = 1000;
|
||||
type = types.ints.positive;
|
||||
description = ''
|
||||
Width of the PNG used to display the alerting graph.
|
||||
'';
|
||||
};
|
||||
height = mkOption {
|
||||
default = 500;
|
||||
type = types.ints.positive;
|
||||
description = ''
|
||||
Height of the PNG used to display the alerting graph.
|
||||
'';
|
||||
};
|
||||
mode = mkOption {
|
||||
default = "default";
|
||||
type = types.enum [ "default" "reusable" "clustered" ];
|
||||
description = ''
|
||||
Rendering mode of <package>grafana-image-renderer</package>:
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>default:</literal> Creates on browser-instance
|
||||
per rendering request.</para></listitem>
|
||||
<listitem><para><literal>reusable:</literal> One browser instance
|
||||
will be started and reused for each rendering request.</para></listitem>
|
||||
<listitem><para><literal>clustered:</literal> allows to precisely
|
||||
configure how many browser-instances are supposed to be used. The values
|
||||
for that mode can be declared in <literal>rendering.clustering</literal>.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
'';
|
||||
};
|
||||
args = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "--no-sandbox" ];
|
||||
description = ''
|
||||
List of CLI flags passed to <package>chromium</package>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
default = {};
|
||||
|
||||
description = ''
|
||||
Configuration attributes for <package>grafana-image-renderer</package>.
|
||||
|
||||
See <link xlink:href="https://github.com/grafana/grafana-image-renderer/blob/ce1f81438e5f69c7fd7c73ce08bab624c4c92e25/default.json" />
|
||||
for supported values.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = cfg.provisionGrafana -> config.services.grafana.enable;
|
||||
message = ''
|
||||
To provision a Grafana instance to use grafana-image-renderer,
|
||||
`services.grafana.enable` must be set to `true`!
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
services.grafana.extraOptions = mkIf cfg.provisionGrafana {
|
||||
RENDERING_SERVER_URL = "http://localhost:${toString cfg.settings.service.port}/render";
|
||||
RENDERING_CALLBACK_URL = "http://localhost:${toString config.services.grafana.port}";
|
||||
};
|
||||
|
||||
services.grafana-image-renderer.chromium = mkDefault pkgs.chromium;
|
||||
|
||||
services.grafana-image-renderer.settings = {
|
||||
rendering = mapAttrs (const mkDefault) {
|
||||
chromeBin = "${cfg.chromium}/bin/chromium";
|
||||
verboseLogging = cfg.verbose;
|
||||
timezone = config.time.timeZone;
|
||||
};
|
||||
|
||||
services = {
|
||||
logging.level = mkIf cfg.verbose (mkDefault "debug");
|
||||
metrics.enabled = mkDefault false;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.grafana-image-renderer = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
description = " A Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)";
|
||||
|
||||
environment = {
|
||||
PUPPETEER_SKIP_CHROMIUM_DOWNLOAD = "true";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
PrivateTmp = true;
|
||||
ExecStart = "${pkgs.grafana-image-renderer}/bin/grafana-image-renderer server --config=${configFile}";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ ma27 ];
|
||||
}
|
|
@ -5,10 +5,11 @@ with lib;
|
|||
let
|
||||
cfg = config.services.grafana;
|
||||
opt = options.services.grafana;
|
||||
declarativePlugins = pkgs.linkFarm "grafana-plugins" (builtins.map (pkg: { name = pkg.pname; path = pkg; }) cfg.declarativePlugins);
|
||||
|
||||
envOptions = {
|
||||
PATHS_DATA = cfg.dataDir;
|
||||
PATHS_PLUGINS = "${cfg.dataDir}/plugins";
|
||||
PATHS_PLUGINS = if builtins.isNull cfg.declarativePlugins then "${cfg.dataDir}/plugins" else declarativePlugins;
|
||||
PATHS_LOGS = "${cfg.dataDir}/log";
|
||||
|
||||
SERVER_PROTOCOL = cfg.protocol;
|
||||
|
@ -260,6 +261,12 @@ in {
|
|||
defaultText = "pkgs.grafana";
|
||||
type = types.package;
|
||||
};
|
||||
declarativePlugins = mkOption {
|
||||
type = with types; nullOr (listOf path);
|
||||
default = null;
|
||||
description = "If non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot be manually installed.";
|
||||
example = literalExample "with pkgs.grafanaPlugins; [ grafana-piechart-panel ]";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
description = "Data directory.";
|
||||
|
|
|
@ -112,17 +112,21 @@ let
|
|||
http://tools.ietf.org/html/rfc4366#section-3.1
|
||||
'';
|
||||
};
|
||||
remote_timeout = mkDefOpt types.str "30s" ''
|
||||
Timeout for requests to the remote write endpoint.
|
||||
'';
|
||||
relabel_configs = mkOpt (types.listOf promTypes.relabel_config) ''
|
||||
List of remote write relabel configurations.
|
||||
List of relabel configurations.
|
||||
'';
|
||||
name = mkOpt types.string ''
|
||||
Name of the remote write config, which if specified must be unique among remote write configs.
|
||||
Name of the remote read config, which if specified must be unique among remote read configs.
|
||||
The name will be used in metrics and logging in place of a generated value to help users distinguish between
|
||||
remote write configs.
|
||||
remote read configs.
|
||||
'';
|
||||
required_matchers = mkOpt (types.attrsOf types.str) ''
|
||||
An optional list of equality matchers which have to be
|
||||
present in a selector to query the remote read endpoint.
|
||||
'';
|
||||
remote_timeout = mkOpt types.str ''
|
||||
Timeout for requests to the remote read endpoint.
|
||||
'';
|
||||
read_recent = mkOpt types.bool ''
|
||||
Whether reads should be made for queries for time ranges that
|
||||
the local storage should have complete data for.
|
||||
'';
|
||||
basic_auth = mkOpt (types.submodule {
|
||||
options = {
|
||||
|
@ -136,30 +140,22 @@ let
|
|||
password_file = mkOpt types.str "HTTP password file";
|
||||
};
|
||||
}) ''
|
||||
Sets the `Authorization` header on every remote write request with the
|
||||
Sets the `Authorization` header on every remote read request with the
|
||||
configured username and password.
|
||||
password and password_file are mutually exclusive.
|
||||
'';
|
||||
bearer_token = mkOpt types.str ''
|
||||
Sets the `Authorization` header on every remote write request with
|
||||
Sets the `Authorization` header on every remote read request with
|
||||
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
|
||||
'';
|
||||
bearer_token_file = mkOpt types.str ''
|
||||
Sets the `Authorization` header on every remote write request with the bearer token
|
||||
Sets the `Authorization` header on every remote read request with the bearer token
|
||||
read from the configured file. It is mutually exclusive with `bearer_token`.
|
||||
'';
|
||||
tls_config = mkOpt promTypes.tls_config ''
|
||||
Configures the remote write request's TLS settings.
|
||||
Configures the remote read request's TLS settings.
|
||||
'';
|
||||
proxy_url = mkOpt types.str "Optional Proxy URL.";
|
||||
metadata_config = {
|
||||
send = mkDefOpt types.bool "true" ''
|
||||
Whether metric metadata is sent to remote storage or not.
|
||||
'';
|
||||
send_interval = mkDefOpt types.str "1m" ''
|
||||
How frequently metric metadata is sent to remote storage.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -172,13 +168,12 @@ let
|
|||
http://tools.ietf.org/html/rfc4366#section-3.1
|
||||
'';
|
||||
};
|
||||
remote_timeout = mkDefOpt types.str "30s" ''
|
||||
remote_timeout = mkOpt types.str ''
|
||||
Timeout for requests to the remote write endpoint.
|
||||
'';
|
||||
relabel_configs = mkOpt (types.listOf promTypes.relabel_config) ''
|
||||
List of remote write relabel configurations.
|
||||
List of relabel configurations.
|
||||
'';
|
||||
write_relabel_configs = mkOpt (types.listOf promTypes.relabel_config) ''
|
||||
List of remote write relabel configurations.
|
||||
'';
|
||||
name = mkOpt types.string ''
|
||||
Name of the remote write config, which if specified must be unique among remote write configs.
|
||||
The name will be used in metrics and logging in place of a generated value to help users distinguish between
|
||||
|
@ -212,14 +207,50 @@ let
|
|||
Configures the remote write request's TLS settings.
|
||||
'';
|
||||
proxy_url = mkOpt types.str "Optional Proxy URL.";
|
||||
metadata_config = {
|
||||
send = mkDefOpt types.bool "true" ''
|
||||
Whether metric metadata is sent to remote storage or not.
|
||||
'';
|
||||
send_interval = mkDefOpt types.str "1m" ''
|
||||
How frequently metric metadata is sent to remote storage.
|
||||
'';
|
||||
};
|
||||
queue_config = mkOpt (types.submodule {
|
||||
options = {
|
||||
capacity = mkOpt types.int ''
|
||||
Number of samples to buffer per shard before we block reading of more
|
||||
samples from the WAL. It is recommended to have enough capacity in each
|
||||
shard to buffer several requests to keep throughput up while processing
|
||||
occasional slow remote requests.
|
||||
'';
|
||||
max_shards = mkOpt types.int ''
|
||||
Maximum number of shards, i.e. amount of concurrency.
|
||||
'';
|
||||
min_shards = mkOpt types.int ''
|
||||
Minimum number of shards, i.e. amount of concurrency.
|
||||
'';
|
||||
max_samples_per_send = mkOpt types.int ''
|
||||
Maximum number of samples per send.
|
||||
'';
|
||||
batch_send_deadline = mkOpt types.str ''
|
||||
Maximum time a sample will wait in buffer.
|
||||
'';
|
||||
min_backoff = mkOpt types.str ''
|
||||
Initial retry delay. Gets doubled for every retry.
|
||||
'';
|
||||
max_backoff = mkOpt types.str ''
|
||||
Maximum retry delay.
|
||||
'';
|
||||
};
|
||||
}) ''
|
||||
Configures the queue used to write to remote storage.
|
||||
'';
|
||||
metadata_config = mkOpt (types.submodule {
|
||||
options = {
|
||||
send = mkOpt types.bool ''
|
||||
Whether metric metadata is sent to remote storage or not.
|
||||
'';
|
||||
send_interval = mkOpt types.str ''
|
||||
How frequently metric metadata is sent to remote storage.
|
||||
'';
|
||||
};
|
||||
}) ''
|
||||
Configures the sending of series metadata to remote storage.
|
||||
Metadata configuration is subject to change at any point
|
||||
or be removed in future releases.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -554,10 +585,10 @@ let
|
|||
regular expression matches.
|
||||
'';
|
||||
|
||||
action = mkDefOpt (types.enum ["replace" "keep" "drop"]) "replace" ''
|
||||
action =
|
||||
mkDefOpt (types.enum ["replace" "keep" "drop" "hashmod" "labelmap" "labeldrop" "labelkeep"]) "replace" ''
|
||||
Action to perform based on regex matching.
|
||||
'';
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -23,6 +23,7 @@ let
|
|||
exporterOpts = genAttrs [
|
||||
"apcupsd"
|
||||
"bind"
|
||||
"bird"
|
||||
"blackbox"
|
||||
"collectd"
|
||||
"dnsmasq"
|
||||
|
@ -235,8 +236,6 @@ in
|
|||
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";
|
||||
services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey;
|
||||
services.prometheus.exporters.minio.minioAccessSecret = mkDefault config.services.minio.secretKey;
|
||||
})] ++ [(mkIf config.services.rspamd.enable {
|
||||
services.prometheus.exporters.rspamd.url = mkDefault "http://localhost:11334/stat";
|
||||
})] ++ [(mkIf config.services.prometheus.exporters.rtl_433.enable {
|
||||
hardware.rtl-sdr.enable = mkDefault true;
|
||||
})] ++ [(mkIf config.services.nginx.enable {
|
||||
|
|
46
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix
vendored
Normal file
46
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix
vendored
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ config, lib, pkgs, options }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.bird;
|
||||
in
|
||||
{
|
||||
port = 9324;
|
||||
extraOpts = {
|
||||
birdVersion = mkOption {
|
||||
type = types.enum [ 1 2 ];
|
||||
default = 2;
|
||||
description = ''
|
||||
Specifies whether BIRD1 or BIRD2 is in use.
|
||||
'';
|
||||
};
|
||||
birdSocket = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/run/bird.ctl";
|
||||
description = ''
|
||||
Path to BIRD2 (or BIRD1 v4) socket.
|
||||
'';
|
||||
};
|
||||
newMetricFormat = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable the new more-generic metric format.
|
||||
'';
|
||||
};
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
SupplementaryGroups = singleton (if cfg.birdVersion == 1 then "bird" else "bird2");
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-bird-exporter}/bin/bird_exporter \
|
||||
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
-bird.socket ${cfg.birdSocket} \
|
||||
-bird.v2=${if cfg.birdVersion == 2 then "true" else "false"} \
|
||||
-format.new=${if cfg.newMetricFormat then "true" else "false"} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -8,28 +8,36 @@ in
|
|||
{
|
||||
port = 7979;
|
||||
extraOpts = {
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
URL to scrape JSON from.
|
||||
'';
|
||||
};
|
||||
configFile = mkOption {
|
||||
type = types.path;
|
||||
description = ''
|
||||
Path to configuration file.
|
||||
'';
|
||||
};
|
||||
listenAddress = {}; # not used
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \
|
||||
--port ${toString cfg.port} \
|
||||
${cfg.url} ${escapeShellArg cfg.configFile} \
|
||||
${pkgs.prometheus-json-exporter}/bin/json_exporter \
|
||||
--config.file ${escapeShellArg cfg.configFile} \
|
||||
--web.listen-address="${cfg.listenAddress}:${toString cfg.port}" \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "url" ] ''
|
||||
This option was removed. The URL of the endpoint serving JSON
|
||||
must now be provided to the exporter by prometheus via the url
|
||||
parameter `target'.
|
||||
|
||||
In prometheus a scrape URL would look like this:
|
||||
|
||||
http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint
|
||||
|
||||
For more information, take a look at the official documentation
|
||||
(https://github.com/prometheus-community/json_exporter) of the json_exporter.
|
||||
'')
|
||||
({ options.warnings = options.warnings; options.assertions = options.assertions; })
|
||||
];
|
||||
}
|
||||
|
|
|
@ -10,64 +10,55 @@ let
|
|||
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq '.' > $out
|
||||
'';
|
||||
|
||||
generateConfig = extraLabels: (map (path: {
|
||||
name = "rspamd_${replaceStrings [ "." " " ] [ "_" "_" ] path}";
|
||||
path = "$.${path}";
|
||||
labels = extraLabels;
|
||||
}) [
|
||||
"actions.'add header'"
|
||||
"actions.'no action'"
|
||||
"actions.'rewrite subject'"
|
||||
"actions.'soft reject'"
|
||||
"actions.greylist"
|
||||
"actions.reject"
|
||||
"bytes_allocated"
|
||||
"chunks_allocated"
|
||||
"chunks_freed"
|
||||
"chunks_oversized"
|
||||
"connections"
|
||||
"control_connections"
|
||||
"ham_count"
|
||||
"learned"
|
||||
"pools_allocated"
|
||||
"pools_freed"
|
||||
"read_only"
|
||||
"scanned"
|
||||
"shared_chunks_allocated"
|
||||
"spam_count"
|
||||
"total_learns"
|
||||
]) ++ [{
|
||||
name = "rspamd_statfiles";
|
||||
type = "object";
|
||||
path = "$.statfiles[*]";
|
||||
labels = recursiveUpdate {
|
||||
symbol = "$.symbol";
|
||||
type = "$.type";
|
||||
} extraLabels;
|
||||
values = {
|
||||
revision = "$.revision";
|
||||
size = "$.size";
|
||||
total = "$.total";
|
||||
used = "$.used";
|
||||
languages = "$.languages";
|
||||
users = "$.users";
|
||||
};
|
||||
}];
|
||||
generateConfig = extraLabels: {
|
||||
metrics = (map (path: {
|
||||
name = "rspamd_${replaceStrings [ "." " " ] [ "_" "_" ] path}";
|
||||
path = "$.${path}";
|
||||
labels = extraLabels;
|
||||
}) [
|
||||
"actions.'add header'"
|
||||
"actions.'no action'"
|
||||
"actions.'rewrite subject'"
|
||||
"actions.'soft reject'"
|
||||
"actions.greylist"
|
||||
"actions.reject"
|
||||
"bytes_allocated"
|
||||
"chunks_allocated"
|
||||
"chunks_freed"
|
||||
"chunks_oversized"
|
||||
"connections"
|
||||
"control_connections"
|
||||
"ham_count"
|
||||
"learned"
|
||||
"pools_allocated"
|
||||
"pools_freed"
|
||||
"read_only"
|
||||
"scanned"
|
||||
"shared_chunks_allocated"
|
||||
"spam_count"
|
||||
"total_learns"
|
||||
]) ++ [{
|
||||
name = "rspamd_statfiles";
|
||||
type = "object";
|
||||
path = "$.statfiles[*]";
|
||||
labels = recursiveUpdate {
|
||||
symbol = "$.symbol";
|
||||
type = "$.type";
|
||||
} extraLabels;
|
||||
values = {
|
||||
revision = "$.revision";
|
||||
size = "$.size";
|
||||
total = "$.total";
|
||||
used = "$.used";
|
||||
languages = "$.languages";
|
||||
users = "$.users";
|
||||
};
|
||||
}];
|
||||
};
|
||||
in
|
||||
{
|
||||
port = 7980;
|
||||
extraOpts = {
|
||||
listenAddress = {}; # not used
|
||||
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
URL to the rspamd metrics endpoint.
|
||||
Defaults to http://localhost:11334/stat when
|
||||
<option>services.rspamd.enable</option> is true.
|
||||
'';
|
||||
};
|
||||
|
||||
extraLabels = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {
|
||||
|
@ -84,9 +75,25 @@ in
|
|||
};
|
||||
};
|
||||
serviceOpts.serviceConfig.ExecStart = ''
|
||||
${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \
|
||||
--port ${toString cfg.port} \
|
||||
${cfg.url} ${prettyJSON (generateConfig cfg.extraLabels)} \
|
||||
${pkgs.prometheus-json-exporter}/bin/json_exporter \
|
||||
--config.file ${prettyJSON (generateConfig cfg.extraLabels)} \
|
||||
--web.listen-address "${cfg.listenAddress}:${toString cfg.port}" \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "url" ] ''
|
||||
This option was removed. The URL of the rspamd metrics endpoint
|
||||
must now be provided to the exporter by prometheus via the url
|
||||
parameter `target'.
|
||||
|
||||
In prometheus a scrape URL would look like this:
|
||||
|
||||
http://some.rspamd-exporter.host:7980/probe?target=http://some.rspamd.host:11334/stat
|
||||
|
||||
For more information, take a look at the official documentation
|
||||
(https://github.com/prometheus-community/json_exporter) of the json_exporter.
|
||||
'')
|
||||
({ options.warnings = options.warnings; options.assertions = options.assertions; })
|
||||
];
|
||||
}
|
||||
|
|
|
@ -4,13 +4,7 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.corerad;
|
||||
|
||||
writeTOML = name: x:
|
||||
pkgs.runCommandNoCCLocal name {
|
||||
passAsFile = ["config"];
|
||||
config = builtins.toJSON x;
|
||||
buildInputs = [ pkgs.go-toml ];
|
||||
} "jsontoml < $configPath > $out";
|
||||
settingsFormat = pkgs.formats.toml {};
|
||||
|
||||
in {
|
||||
meta.maintainers = with maintainers; [ mdlayher ];
|
||||
|
@ -19,7 +13,7 @@ in {
|
|||
enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon";
|
||||
|
||||
settings = mkOption {
|
||||
type = types.uniq types.attrs;
|
||||
type = settingsFormat.type;
|
||||
example = literalExample ''
|
||||
{
|
||||
interfaces = [
|
||||
|
@ -64,7 +58,7 @@ in {
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
# Prefer the config file over settings if both are set.
|
||||
services.corerad.configFile = mkDefault (writeTOML "corerad.toml" cfg.settings);
|
||||
services.corerad.configFile = mkDefault (settingsFormat.generate "corerad.toml" cfg.settings);
|
||||
|
||||
systemd.services.corerad = {
|
||||
description = "CoreRAD IPv6 NDP RA daemon";
|
||||
|
|
|
@ -16,7 +16,7 @@ let
|
|||
${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
|
||||
${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
|
||||
'' + optionalString cfg.enableTor ''
|
||||
forward-socks4a / ${config.services.tor.client.socksListenAddressFaster} .
|
||||
forward-socks5t / 127.0.0.1:9063 .
|
||||
toggle 1
|
||||
enable-remote-toggle 0
|
||||
enable-edit-actions 0
|
||||
|
@ -123,6 +123,11 @@ in
|
|||
serviceConfig.ProtectSystem = "full";
|
||||
};
|
||||
|
||||
services.tor.settings.SOCKSPort = mkIf cfg.enableTor [
|
||||
# Route HTTP traffic over a faster port (without IsolateDestAddr).
|
||||
{ addr = "127.0.0.1"; port = 9063; IsolateDestAddr = false; }
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
|
||||
|
|
91
third_party/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix
vendored
Normal file
91
third_party/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix
vendored
Normal file
|
@ -0,0 +1,91 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.shellhub-agent;
|
||||
in {
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.shellhub-agent = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the ShellHub Agent daemon, which allows
|
||||
secure remote logins.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.shellhub-agent;
|
||||
defaultText = "pkgs.shellhub-agent";
|
||||
description = ''
|
||||
Which ShellHub Agent package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
tenantId = mkOption {
|
||||
type = types.str;
|
||||
example = "ba0a880c-2ada-11eb-a35e-17266ef329d6";
|
||||
description = ''
|
||||
The tenant ID to use when connecting to the ShellHub
|
||||
Gateway.
|
||||
'';
|
||||
};
|
||||
|
||||
server = mkOption {
|
||||
type = types.str;
|
||||
default = "https://cloud.shellhub.io";
|
||||
description = ''
|
||||
Server address of ShellHub Gateway to connect.
|
||||
'';
|
||||
};
|
||||
|
||||
privateKey = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/shellhub-agent/private.key";
|
||||
description = ''
|
||||
Location where to store the ShellHub Agent private
|
||||
key.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.services.shellhub-agent = {
|
||||
description = "ShellHub Agent";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "local-fs.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"local-fs.target"
|
||||
"network.target"
|
||||
"network-online.target"
|
||||
"time-sync.target"
|
||||
];
|
||||
|
||||
environment.SERVER_ADDRESS = cfg.server;
|
||||
environment.PRIVATE_KEY = cfg.privateKey;
|
||||
environment.TENANT_ID = cfg.tenantId;
|
||||
|
||||
serviceConfig = {
|
||||
# The service starts sessions for different users.
|
||||
User = "root";
|
||||
Restart = "on-failure";
|
||||
ExecStart = "${cfg.package}/bin/agent";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
};
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -4,7 +4,7 @@ with lib;
|
|||
|
||||
let
|
||||
|
||||
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
|
||||
autologinArg = optionalString (config.services.getty.autologinUser != null) "--autologin ${config.services.getty.autologinUser}";
|
||||
gettyCmd = extraArgs: "@${pkgs.util-linux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
|
||||
|
||||
in
|
||||
|
@ -13,9 +13,13 @@ in
|
|||
|
||||
###### interface
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "mingetty" ] [ "services" "getty" ])
|
||||
];
|
||||
|
||||
options = {
|
||||
|
||||
services.mingetty = {
|
||||
services.getty = {
|
||||
|
||||
autologinUser = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
|
@ -29,7 +33,7 @@ in
|
|||
greetingLine = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Welcome line printed by mingetty.
|
||||
Welcome line printed by agetty.
|
||||
The default shows current NixOS version label, machine type and tty.
|
||||
'';
|
||||
};
|
||||
|
@ -38,7 +42,7 @@ in
|
|||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Help line printed by mingetty below the welcome line.
|
||||
Help line printed by agetty below the welcome line.
|
||||
Used by the installation CD to give some hints on
|
||||
how to proceed.
|
||||
'';
|
||||
|
@ -65,7 +69,7 @@ in
|
|||
config = {
|
||||
# Note: this is set here rather than up there so that changing
|
||||
# nixos.label would not rebuild manual pages
|
||||
services.mingetty.greetingLine = mkDefault ''<<< Welcome to NixOS ${config.system.nixos.label} (\m) - \l >>>'';
|
||||
services.getty.greetingLine = mkDefault ''<<< Welcome to NixOS ${config.system.nixos.label} (\m) - \l >>>'';
|
||||
|
||||
systemd.services."getty@" =
|
||||
{ serviceConfig.ExecStart = [
|
||||
|
@ -76,7 +80,7 @@ in
|
|||
};
|
||||
|
||||
systemd.services."serial-getty@" =
|
||||
let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed); in
|
||||
let speeds = concatStringsSep "," (map toString config.services.getty.serialSpeed); in
|
||||
{ serviceConfig.ExecStart = [
|
||||
"" # override upstream default with an empty ExecStart
|
||||
(gettyCmd "%I ${speeds} $TERM")
|
||||
|
@ -106,8 +110,8 @@ in
|
|||
{ # Friendly greeting on the virtual consoles.
|
||||
source = pkgs.writeText "issue" ''
|
||||
|
||||
[1;32m${config.services.mingetty.greetingLine}[0m
|
||||
${config.services.mingetty.helpLine}
|
||||
[1;32m${config.services.getty.greetingLine}[0m
|
||||
${config.services.getty.helpLine}
|
||||
|
||||
'';
|
||||
};
|
|
@ -27,6 +27,33 @@ let
|
|||
) cfg.virtualHosts;
|
||||
enableIPv6 = config.networking.enableIPv6;
|
||||
|
||||
defaultFastcgiParams = {
|
||||
SCRIPT_FILENAME = "$document_root$fastcgi_script_name";
|
||||
QUERY_STRING = "$query_string";
|
||||
REQUEST_METHOD = "$request_method";
|
||||
CONTENT_TYPE = "$content_type";
|
||||
CONTENT_LENGTH = "$content_length";
|
||||
|
||||
SCRIPT_NAME = "$fastcgi_script_name";
|
||||
REQUEST_URI = "$request_uri";
|
||||
DOCUMENT_URI = "$document_uri";
|
||||
DOCUMENT_ROOT = "$document_root";
|
||||
SERVER_PROTOCOL = "$server_protocol";
|
||||
REQUEST_SCHEME = "$scheme";
|
||||
HTTPS = "$https if_not_empty";
|
||||
|
||||
GATEWAY_INTERFACE = "CGI/1.1";
|
||||
SERVER_SOFTWARE = "nginx/$nginx_version";
|
||||
|
||||
REMOTE_ADDR = "$remote_addr";
|
||||
REMOTE_PORT = "$remote_port";
|
||||
SERVER_ADDR = "$server_addr";
|
||||
SERVER_PORT = "$server_port";
|
||||
SERVER_NAME = "$server_name";
|
||||
|
||||
REDIRECT_STATUS = "200";
|
||||
};
|
||||
|
||||
recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
@ -283,6 +310,10 @@ let
|
|||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
''}
|
||||
${concatStringsSep "\n"
|
||||
(mapAttrsToList (n: v: ''fastcgi_param ${n} "${v}";'')
|
||||
(optionalAttrs (config.fastcgiParams != {})
|
||||
(defaultFastcgiParams // config.fastcgiParams)))}
|
||||
${optionalString (config.index != null) "index ${config.index};"}
|
||||
${optionalString (config.tryFiles != null) "try_files ${config.tryFiles};"}
|
||||
${optionalString (config.root != null) "root ${config.root};"}
|
||||
|
|
|
@ -101,6 +101,16 @@ with lib;
|
|||
'';
|
||||
};
|
||||
|
||||
fastcgiParams = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
description = ''
|
||||
FastCGI parameters to override. Unlike in the Nginx
|
||||
configuration file, overriding only some default parameters
|
||||
won't unset the default values for other parameters.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
|
|
|
@ -8,8 +8,7 @@ let
|
|||
cfg = xcfg.desktopManager.plasma5;
|
||||
|
||||
inherit (pkgs) kdeApplications kdeFrameworks plasma5;
|
||||
libsForQt5 = pkgs.libsForQt514;
|
||||
qt5 = pkgs.qt514;
|
||||
inherit (pkgs) qt5 libsForQt5;
|
||||
inherit (pkgs) writeText;
|
||||
|
||||
pulseaudio = config.hardware.pulseaudio;
|
||||
|
|
|
@ -20,20 +20,13 @@ def copy_if_not_exists(source, dest):
|
|||
if not os.path.exists(dest):
|
||||
shutil.copyfile(source, dest)
|
||||
|
||||
def generation_dir(profile, generation):
|
||||
def system_dir(profile, generation):
|
||||
if profile:
|
||||
return "/nix/var/nix/profiles/system-profiles/%s-%d-link" % (profile, generation)
|
||||
else:
|
||||
return "/nix/var/nix/profiles/system-%d-link" % (generation)
|
||||
|
||||
def system_dir(profile, generation, specialisation):
|
||||
d = generation_dir(profile, generation)
|
||||
if specialisation:
|
||||
return os.path.join(d, "specialisation", specialisation)
|
||||
else:
|
||||
return d
|
||||
|
||||
BOOT_ENTRY = """title NixOS{profile}{specialisation}
|
||||
BOOT_ENTRY = """title NixOS{profile}
|
||||
version Generation {generation} {description}
|
||||
linux {kernel}
|
||||
initrd {initrd}
|
||||
|
@ -49,26 +42,24 @@ MEMTEST_BOOT_ENTRY = """title MemTest86
|
|||
efi /efi/memtest86/BOOTX64.efi
|
||||
"""
|
||||
|
||||
def generation_conf_filename(profile, generation, specialisation):
|
||||
profile_part = f"-{profile}" if profile else ""
|
||||
specialisation_part = f"-specialisation-{specialisation}" if specialisation else ""
|
||||
return f"nixos{profile_part}{specialisation_part}-generation-{generation}.conf"
|
||||
|
||||
def write_loader_conf(profile, generation, specialisation):
|
||||
def write_loader_conf(profile, generation):
|
||||
with open("@efiSysMountPoint@/loader/loader.conf.tmp", 'w') as f:
|
||||
if "@timeout@" != "":
|
||||
f.write("timeout @timeout@\n")
|
||||
f.write("default %s\n" % generation_conf_filename(profile, generation, specialisation))
|
||||
if profile:
|
||||
f.write("default nixos-%s-generation-%d.conf\n" % (profile, generation))
|
||||
else:
|
||||
f.write("default nixos-generation-%d.conf\n" % (generation))
|
||||
if not @editor@:
|
||||
f.write("editor 0\n");
|
||||
f.write("console-mode @consoleMode@\n");
|
||||
os.rename("@efiSysMountPoint@/loader/loader.conf.tmp", "@efiSysMountPoint@/loader/loader.conf")
|
||||
|
||||
def profile_path(profile, generation, specialisation, name):
|
||||
return os.readlink("%s/%s" % (system_dir(profile, generation, specialisation), name))
|
||||
def profile_path(profile, generation, name):
|
||||
return os.readlink("%s/%s" % (system_dir(profile, generation), name))
|
||||
|
||||
def copy_from_profile(profile, generation, specialisation, name, dry_run=False):
|
||||
store_file_path = profile_path(profile, generation, specialisation, name)
|
||||
def copy_from_profile(profile, generation, name, dry_run=False):
|
||||
store_file_path = profile_path(profile, generation, name)
|
||||
suffix = os.path.basename(store_file_path)
|
||||
store_dir = os.path.basename(os.path.dirname(store_file_path))
|
||||
efi_file_path = "/efi/nixos/%s-%s.efi" % (store_dir, suffix)
|
||||
|
@ -96,17 +87,19 @@ def describe_generation(generation_dir):
|
|||
|
||||
return description
|
||||
|
||||
def write_entry(profile, generation, specialisation, machine_id):
|
||||
kernel = copy_from_profile(profile, generation, specialisation, "kernel")
|
||||
initrd = copy_from_profile(profile, generation, specialisation, "initrd")
|
||||
def write_entry(profile, generation, machine_id):
|
||||
kernel = copy_from_profile(profile, generation, "kernel")
|
||||
initrd = copy_from_profile(profile, generation, "initrd")
|
||||
try:
|
||||
append_initrd_secrets = profile_path(profile, generation, specialisation, "append-initrd-secrets")
|
||||
append_initrd_secrets = profile_path(profile, generation, "append-initrd-secrets")
|
||||
subprocess.check_call([append_initrd_secrets, "@efiSysMountPoint@%s" % (initrd)])
|
||||
except FileNotFoundError:
|
||||
pass
|
||||
entry_file = "@efiSysMountPoint@/loader/entries/%s" % (
|
||||
generation_conf_filename(profile, generation, specialisation))
|
||||
generation_dir = os.readlink(system_dir(profile, generation, specialisation))
|
||||
if profile:
|
||||
entry_file = "@efiSysMountPoint@/loader/entries/nixos-%s-generation-%d.conf" % (profile, generation)
|
||||
else:
|
||||
entry_file = "@efiSysMountPoint@/loader/entries/nixos-generation-%d.conf" % (generation)
|
||||
generation_dir = os.readlink(system_dir(profile, generation))
|
||||
tmp_path = "%s.tmp" % (entry_file)
|
||||
kernel_params = "systemConfig=%s init=%s/init " % (generation_dir, generation_dir)
|
||||
|
||||
|
@ -114,7 +107,6 @@ def write_entry(profile, generation, specialisation, machine_id):
|
|||
kernel_params = kernel_params + params_file.read()
|
||||
with open(tmp_path, 'w') as f:
|
||||
f.write(BOOT_ENTRY.format(profile=" [" + profile + "]" if profile else "",
|
||||
specialisation=" (%s)" % specialisation if specialisation else "",
|
||||
generation=generation,
|
||||
kernel=kernel,
|
||||
initrd=initrd,
|
||||
|
@ -143,14 +135,7 @@ def get_generations(profile=None):
|
|||
gen_lines.pop()
|
||||
|
||||
configurationLimit = @configurationLimit@
|
||||
return [ (profile, int(line.split()[0]), None) for line in gen_lines ][-configurationLimit:]
|
||||
|
||||
def get_specialisations(profile, generation, _):
|
||||
specialisations_dir = os.path.join(
|
||||
system_dir(profile, generation, None), "specialisation")
|
||||
if not os.path.exists(specialisations_dir):
|
||||
return []
|
||||
return [(profile, generation, spec) for spec in os.listdir(specialisations_dir)]
|
||||
return [ (profile, int(line.split()[0])) for line in gen_lines ][-configurationLimit:]
|
||||
|
||||
def remove_old_entries(gens):
|
||||
rex_profile = re.compile("^@efiSysMountPoint@/loader/entries/nixos-(.*)-generation-.*\.conf$")
|
||||
|
@ -238,8 +223,6 @@ def main():
|
|||
remove_old_entries(gens)
|
||||
for gen in gens:
|
||||
write_entry(*gen, machine_id)
|
||||
for specialisation in get_specialisations(*gen):
|
||||
write_entry(*specialisation, machine_id)
|
||||
if os.readlink(system_dir(*gen)) == args.default_config:
|
||||
write_loader_conf(*gen)
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ let
|
|||
echo "attempting to fetch configuration from EC2 user data..."
|
||||
|
||||
export HOME=/root
|
||||
export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.git pkgs.gnutar pkgs.gzip pkgs.gnused config.system.build.nixos-rebuild]}:$PATH
|
||||
export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.git pkgs.gnutar pkgs.gzip pkgs.gnused pkgs.xz config.system.build.nixos-rebuild]}:$PATH
|
||||
export NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
|
||||
|
||||
userData=/etc/ec2-metadata/user-data
|
||||
|
|
|
@ -11,7 +11,7 @@ with lib;
|
|||
users.users.root.initialHashedPassword = mkOverride 150 "";
|
||||
|
||||
# Some more help text.
|
||||
services.mingetty.helpLine =
|
||||
services.getty.helpLine =
|
||||
''
|
||||
|
||||
Log in as "root" with an empty password.
|
||||
|
|
|
@ -56,10 +56,10 @@ let
|
|||
ip -6 route add $HOST_ADDRESS6 dev eth0
|
||||
ip -6 route add default via $HOST_ADDRESS6
|
||||
fi
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList renderExtraVeth cfg.extraVeths)}
|
||||
fi
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList renderExtraVeth cfg.extraVeths)}
|
||||
|
||||
# Start the regular stage 1 script.
|
||||
exec "$1"
|
||||
''
|
||||
|
@ -223,8 +223,8 @@ let
|
|||
${ipcall cfg "ip route" "$LOCAL_ADDRESS" "localAddress"}
|
||||
${ipcall cfg "ip -6 route" "$LOCAL_ADDRESS6" "localAddress6"}
|
||||
fi
|
||||
${concatStringsSep "\n" (mapAttrsToList renderExtraVeth cfg.extraVeths)}
|
||||
fi
|
||||
${concatStringsSep "\n" (mapAttrsToList renderExtraVeth cfg.extraVeths)}
|
||||
''
|
||||
);
|
||||
|
||||
|
|
|
@ -176,10 +176,10 @@ let
|
|||
description = ''
|
||||
Define which other containers this one depends on. They will be added to both After and Requires for the unit.
|
||||
|
||||
Use the same name as the attribute under <literal>virtualisation.oci-containers</literal>.
|
||||
Use the same name as the attribute under <literal>virtualisation.oci-containers.containers</literal>.
|
||||
'';
|
||||
example = literalExample ''
|
||||
virtualisation.oci-containers = {
|
||||
virtualisation.oci-containers.containers = {
|
||||
node1 = {};
|
||||
node2 = {
|
||||
dependsOn = [ "node1" ];
|
||||
|
|
|
@ -158,6 +158,7 @@ in
|
|||
home-assistant = handleTest ./home-assistant.nix {};
|
||||
hostname = handleTest ./hostname.nix {};
|
||||
hound = handleTest ./hound.nix {};
|
||||
hub = handleTest ./git/hub.nix {};
|
||||
hydra = handleTest ./hydra {};
|
||||
i3wm = handleTest ./i3wm.nix {};
|
||||
icingaweb2 = handleTest ./icingaweb2.nix {};
|
||||
|
|
|
@ -247,5 +247,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
).strip()
|
||||
== "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}"
|
||||
)
|
||||
|
||||
with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"):
|
||||
docker.succeed(
|
||||
"docker load --input='${examples.layeredStoreSymlink}'",
|
||||
"docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'",
|
||||
"docker rmi ${examples.layeredStoreSymlink.imageName}",
|
||||
)
|
||||
'';
|
||||
})
|
||||
|
|
7
third_party/nixpkgs/nixos/tests/dovecot.nix
vendored
7
third_party/nixpkgs/nixos/tests/dovecot.nix
vendored
|
@ -4,8 +4,11 @@ import ./make-test-python.nix {
|
|||
machine = { pkgs, ... }: {
|
||||
imports = [ common/user-account.nix ];
|
||||
services.postfix.enable = true;
|
||||
services.dovecot2.enable = true;
|
||||
services.dovecot2.protocols = [ "imap" "pop3" ];
|
||||
services.dovecot2 = {
|
||||
enable = true;
|
||||
protocols = [ "imap" "pop3" ];
|
||||
modules = [ pkgs.dovecot_pigeonhole ];
|
||||
};
|
||||
environment.systemPackages = let
|
||||
sendTestMail = pkgs.writeScriptBin "send-testmail" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
|
|
17
third_party/nixpkgs/nixos/tests/git/hub.nix
vendored
Normal file
17
third_party/nixpkgs/nixos/tests/git/hub.nix
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
import ../make-test-python.nix ({ pkgs, ...} : {
|
||||
name = "hub";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ nequissimus ];
|
||||
};
|
||||
|
||||
nodes.hub = { pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.gitAndTools.hub ];
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
assert "git version ${pkgs.git.version}\nhub version ${pkgs.gitAndTools.hub.version}\n" in hub.succeed("hub version")
|
||||
assert "These GitHub commands are provided by hub" in hub.succeed("hub help")
|
||||
'';
|
||||
})
|
14
third_party/nixpkgs/nixos/tests/grafana.nix
vendored
14
third_party/nixpkgs/nixos/tests/grafana.nix
vendored
|
@ -17,6 +17,10 @@ let
|
|||
};
|
||||
|
||||
extraNodeConfs = {
|
||||
declarativePlugins = {
|
||||
services.grafana.declarativePlugins = [ pkgs.grafanaPlugins.grafana-clock-panel ];
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
services.grafana.database = {
|
||||
host = "127.0.0.1:5432";
|
||||
|
@ -52,7 +56,7 @@ let
|
|||
nameValuePair dbName (mkMerge [
|
||||
baseGrafanaConf
|
||||
(extraNodeConfs.${dbName} or {})
|
||||
])) [ "sqlite" "postgresql" "mysql" ]);
|
||||
])) [ "sqlite" "declarativePlugins" "postgresql" "mysql" ]);
|
||||
|
||||
in {
|
||||
name = "grafana";
|
||||
|
@ -66,6 +70,14 @@ in {
|
|||
testScript = ''
|
||||
start_all()
|
||||
|
||||
with subtest("Declarative plugins installed"):
|
||||
declarativePlugins.wait_for_unit("grafana.service")
|
||||
declarativePlugins.wait_for_open_port(3000)
|
||||
declarativePlugins.succeed(
|
||||
"curl -sSfN -u testadmin:snakeoilpwd http://127.0.0.1:3000/api/plugins | grep -q grafana-clock-panel"
|
||||
)
|
||||
declarativePlugins.shutdown()
|
||||
|
||||
with subtest("Successful API query as admin user with sqlite db"):
|
||||
sqlite.wait_for_unit("grafana.service")
|
||||
sqlite.wait_for_open_port(3000)
|
||||
|
|
2
third_party/nixpkgs/nixos/tests/login.nix
vendored
2
third_party/nixpkgs/nixos/tests/login.nix
vendored
|
@ -50,7 +50,7 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... }:
|
|||
with subtest("Virtual console logout"):
|
||||
machine.send_chars("exit\n")
|
||||
machine.wait_until_fails("pgrep -u alice bash")
|
||||
machine.screenshot("mingetty")
|
||||
machine.screenshot("getty")
|
||||
|
||||
with subtest("Check whether ctrl-alt-delete works"):
|
||||
machine.send_key("ctrl-alt-delete")
|
||||
|
|
|
@ -1,11 +1,19 @@
|
|||
{ system ? builtins.currentSystem,
|
||||
config ? {},
|
||||
pkgs ? import ../.. { inherit system config; }
|
||||
}:
|
||||
|
||||
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||
|
||||
let
|
||||
lib = pkgs.lib;
|
||||
|
||||
# Makes a test for a PostgreSQL package, given by name and looked up from `pkgs`.
|
||||
makePostgresqlWalReceiverTest = postgresqlPackage:
|
||||
{
|
||||
name = postgresqlPackage;
|
||||
value =
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: let
|
||||
|
||||
let
|
||||
pkg = pkgs."${postgresqlPackage}";
|
||||
postgresqlDataDir = "/var/lib/postgresql/${pkg.psqlSchema}";
|
||||
replicationUser = "wal_receiver_user";
|
||||
|
@ -19,7 +27,7 @@ let
|
|||
then pkgs.writeTextDir "recovery.signal" ""
|
||||
else pkgs.writeTextDir "recovery.conf" "restore_command = 'cp ${walBackupDir}/%f %p'";
|
||||
|
||||
in {
|
||||
in makeTest {
|
||||
name = "postgresql-wal-receiver-${postgresqlPackage}";
|
||||
meta.maintainers = with lib.maintainers; [ pacien ];
|
||||
|
||||
|
@ -104,7 +112,7 @@ let
|
|||
"test $(sudo -u postgres psql --pset='pager=off' --tuples-only --command='select count(distinct val) from dummy;') -eq 100"
|
||||
)
|
||||
'';
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
# Maps the generic function over all attributes of PostgreSQL packages
|
||||
|
|
|
@ -96,6 +96,31 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
bird = {
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
};
|
||||
metricProvider = {
|
||||
services.bird2.enable = true;
|
||||
services.bird2.config = ''
|
||||
protocol kernel MyObviousTestString {
|
||||
ipv4 {
|
||||
import all;
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
||||
protocol device {
|
||||
}
|
||||
'';
|
||||
};
|
||||
exporterTest = ''
|
||||
wait_for_unit("prometheus-bird-exporter.service")
|
||||
wait_for_open_port(9324)
|
||||
succeed("curl -sSf http://localhost:9324/metrics | grep -q 'MyObviousTestString'")
|
||||
'';
|
||||
};
|
||||
|
||||
blackbox = {
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
|
@ -197,10 +222,11 @@ let
|
|||
exporterConfig = {
|
||||
enable = true;
|
||||
url = "http://localhost";
|
||||
configFile = pkgs.writeText "json-exporter-conf.json" (builtins.toJSON [{
|
||||
name = "json_test_metric";
|
||||
path = "$.test";
|
||||
}]);
|
||||
configFile = pkgs.writeText "json-exporter-conf.json" (builtins.toJSON {
|
||||
metrics = [
|
||||
{ name = "json_test_metric"; path = "$.test"; }
|
||||
];
|
||||
});
|
||||
};
|
||||
metricProvider = {
|
||||
systemd.services.prometheus-json-exporter.after = [ "nginx.service" ];
|
||||
|
@ -216,7 +242,9 @@ let
|
|||
wait_for_open_port(80)
|
||||
wait_for_unit("prometheus-json-exporter.service")
|
||||
wait_for_open_port(7979)
|
||||
succeed("curl -sSf localhost:7979/metrics | grep -q 'json_test_metric 1'")
|
||||
succeed(
|
||||
"curl -sSf 'localhost:7979/probe?target=http://localhost' | grep -q 'json_test_metric 1'"
|
||||
)
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -634,7 +662,7 @@ let
|
|||
wait_for_open_port(11334)
|
||||
wait_for_open_port(7980)
|
||||
wait_until_succeeds(
|
||||
"curl -sSf localhost:7980/metrics | grep -q 'rspamd_scanned{host=\"rspamd\"} 0'"
|
||||
"curl -sSf 'localhost:7980/probe?target=http://localhost:11334/stat' | grep -q 'rspamd_scanned{host=\"rspamd\"} 0'"
|
||||
)
|
||||
'';
|
||||
};
|
||||
|
|
14
third_party/nixpkgs/nixos/tests/shadow.nix
vendored
14
third_party/nixpkgs/nixos/tests/shadow.nix
vendored
|
@ -2,6 +2,7 @@ let
|
|||
password1 = "foobar";
|
||||
password2 = "helloworld";
|
||||
password3 = "bazqux";
|
||||
password4 = "asdf123";
|
||||
in import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "shadow";
|
||||
meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; };
|
||||
|
@ -19,6 +20,10 @@ in import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
password = password2;
|
||||
shell = pkgs.shadow;
|
||||
};
|
||||
users.ash = {
|
||||
password = password4;
|
||||
shell = pkgs.bash;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -41,6 +46,15 @@ in import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
shadow.wait_for_file("/tmp/1")
|
||||
assert "emma" in shadow.succeed("cat /tmp/1")
|
||||
|
||||
with subtest("Switch user"):
|
||||
shadow.send_chars("su - ash\n")
|
||||
shadow.sleep(2)
|
||||
shadow.send_chars("${password4}\n")
|
||||
shadow.sleep(2)
|
||||
shadow.send_chars("whoami > /tmp/3\n")
|
||||
shadow.wait_for_file("/tmp/3")
|
||||
assert "ash" in shadow.succeed("cat /tmp/3")
|
||||
|
||||
with subtest("Change password"):
|
||||
shadow.send_key("alt-f3")
|
||||
shadow.wait_until_succeeds(f"[ $(fgconsole) = 3 ]")
|
||||
|
|
23
third_party/nixpkgs/nixos/tests/systemd-boot.nix
vendored
23
third_party/nixpkgs/nixos/tests/systemd-boot.nix
vendored
|
@ -39,29 +39,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
# Check that specialisations create corresponding boot entries.
|
||||
specialisation = makeTest {
|
||||
name = "systemd-boot-specialisation";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ lukegb ];
|
||||
|
||||
machine = { pkgs, lib, ... }: {
|
||||
imports = [ common ];
|
||||
specialisation.something.configuration = {};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.start()
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
machine.succeed(
|
||||
"test -e /boot/loader/entries/nixos-specialisation-something-generation-1.conf"
|
||||
)
|
||||
machine.succeed(
|
||||
"grep -q 'title NixOS (something)' /boot/loader/entries/nixos-specialisation-something-generation-1.conf"
|
||||
)
|
||||
'';
|
||||
};
|
||||
|
||||
# Boot without having created an EFI entry--instead using default "/EFI/BOOT/BOOTX64.EFI"
|
||||
fallback = makeTest {
|
||||
name = "systemd-boot-fallback";
|
||||
|
|
2
third_party/nixpkgs/nixos/tests/tor.nix
vendored
2
third_party/nixpkgs/nixos/tests/tor.nix
vendored
|
@ -17,7 +17,7 @@ rec {
|
|||
environment.systemPackages = with pkgs; [ netcat ];
|
||||
services.tor.enable = true;
|
||||
services.tor.client.enable = true;
|
||||
services.tor.controlPort = 9051;
|
||||
services.tor.settings.ControlPort = 9051;
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ stdenv, fetchFromGitHub, cairo, fftw, gtkmm2, lv2, lvtk, pkgconfig
|
||||
, wafHook }:
|
||||
, wafHook, python3 }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ams-lv2";
|
||||
|
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1lz2mvk4gqsyf92yxd3aaldx0d0qi28h4rnnvsaz4ls0ccqm80nk";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig wafHook ];
|
||||
nativeBuildInputs = [ pkgconfig wafHook python3 ];
|
||||
buildInputs = [ cairo fftw gtkmm2 lv2 lvtk ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ stdenv, fetchzip, wxGTK30, pkgconfig, file, gettext,
|
||||
libvorbis, libmad, libjack2, lv2, lilv, serd, sord, sratom, suil, alsaLib, libsndfile, soxr, flac, lame,
|
||||
expat, libid3tag, ffmpeg_3, soundtouch, /*, portaudio - given up fighting their portaudio.patch */
|
||||
autoconf, automake, libtool
|
||||
}:
|
||||
cmake
|
||||
}:
|
||||
|
||||
with stdenv.lib;
|
||||
|
||||
|
@ -15,16 +15,8 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1xk0piv72d2xd3p7igr916fhcbrm76fhjr418k1rlqdzzg1hfljn";
|
||||
};
|
||||
|
||||
preConfigure = /* we prefer system-wide libs */ ''
|
||||
autoreconf -vi # use system libraries
|
||||
|
||||
# we will get a (possibly harmless) warning during configure without this
|
||||
substituteInPlace configure \
|
||||
--replace /usr/bin/file ${file}/bin/file
|
||||
'';
|
||||
|
||||
configureFlags = [
|
||||
"--with-libsamplerate"
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_BUILD_TYPE=Release"
|
||||
];
|
||||
|
||||
# audacity only looks for lame and ffmpeg at runtime, so we need to link them in manually
|
||||
|
@ -43,15 +35,13 @@ stdenv.mkDerivation rec {
|
|||
"-lswscale"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ pkgconfig autoconf automake libtool ];
|
||||
nativeBuildInputs = [ pkgconfig cmake ];
|
||||
buildInputs = [
|
||||
file gettext wxGTK30 expat alsaLib
|
||||
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK30.gtk
|
||||
ffmpeg_3 libmad lame libvorbis flac soundtouch
|
||||
]; #ToDo: detach sbsms
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
dontDisableStatic = true;
|
||||
doCheck = false; # Test fails
|
||||
|
||||
|
|
|
@ -1,23 +1,77 @@
|
|||
{ fetchurl, bitwig-studio1, pulseaudio, libjack2, xorg }:
|
||||
{ stdenv, fetchurl, alsaLib, cairo, dpkg, freetype
|
||||
, gdk-pixbuf, glib, gtk3, lib, xorg
|
||||
, libglvnd, libjack2, ffmpeg_3
|
||||
, libxkbcommon, xdg_utils, zlib, pulseaudio
|
||||
, wrapGAppsHook, makeWrapper }:
|
||||
|
||||
bitwig-studio1.overrideAttrs (oldAttrs: rec {
|
||||
name = "bitwig-studio-${version}";
|
||||
version = "3.2.8";
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bitwig-studio";
|
||||
version = "3.3.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
|
||||
sha256 = "18ldgmnv7bigb4mch888kjpf4abalpiwmlhwd7rjb9qf6p72fhpj";
|
||||
url = "https://downloads.bitwig.com/stable/${version}/${pname}-${version}.deb";
|
||||
sha256 = "0f7xysk0cl48q7i28m25hasmrp30grgm3kah0s7xmkjgm33887pi";
|
||||
};
|
||||
|
||||
buildInputs = oldAttrs.buildInputs ++ [ xorg.libXtst ];
|
||||
nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];
|
||||
|
||||
runtimeDependencies = [ pulseaudio libjack2 ];
|
||||
unpackCmd = ''
|
||||
mkdir -p root
|
||||
dpkg-deb -x $curSrc root
|
||||
'';
|
||||
|
||||
dontBuild = true;
|
||||
dontWrapGApps = true; # we only want $gappsWrapperArgs here
|
||||
|
||||
buildInputs = with xorg; [
|
||||
alsaLib cairo freetype gdk-pixbuf glib gtk3 libxcb xcbutil xcbutilwm zlib libXtst libxkbcommon pulseaudio libjack2 libX11 libglvnd libXcursor stdenv.cc.cc.lib
|
||||
];
|
||||
|
||||
binPath = lib.makeBinPath [
|
||||
xdg_utils ffmpeg_3
|
||||
];
|
||||
|
||||
ldLibraryPath = lib.strings.makeLibraryPath buildInputs;
|
||||
|
||||
installPhase = ''
|
||||
${oldAttrs.installPhase}
|
||||
|
||||
# recover commercial jre
|
||||
rm -f $out/libexec/lib/jre
|
||||
cp -r opt/bitwig-studio/lib/jre $out/libexec/lib
|
||||
mkdir -p $out/bin
|
||||
cp -r opt/bitwig-studio $out/libexec
|
||||
ln -s $out/libexec/bitwig-studio $out/bin/bitwig-studio
|
||||
cp -r usr/share $out/share
|
||||
substitute usr/share/applications/bitwig-studio.desktop \
|
||||
$out/share/applications/bitwig-studio.desktop \
|
||||
--replace /usr/bin/bitwig-studio $out/bin/bitwig-studio
|
||||
'';
|
||||
})
|
||||
|
||||
postFixup = ''
|
||||
# patchelf fails to set rpath on BitwigStudioEngine, so we use
|
||||
# the LD_LIBRARY_PATH way
|
||||
|
||||
find $out -type f -executable \
|
||||
-not -name '*.so.*' \
|
||||
-not -name '*.so' \
|
||||
-not -name '*.jar' \
|
||||
-not -path '*/resources/*' | \
|
||||
while IFS= read -r f ; do
|
||||
patchelf --set-interpreter "${stdenv.cc.bintools.dynamicLinker}" $f
|
||||
wrapProgram $f \
|
||||
"''${gappsWrapperArgs[@]}" \
|
||||
--prefix PATH : "${binPath}" \
|
||||
--prefix LD_LIBRARY_PATH : "${ldLibraryPath}"
|
||||
done
|
||||
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A digital audio workstation";
|
||||
longDescription = ''
|
||||
Bitwig Studio is a multi-platform music-creation system for
|
||||
production, performance and DJing, with a focus on flexible
|
||||
editing tools and a super-fast workflow.
|
||||
'';
|
||||
homepage = "https://www.bitwig.com/";
|
||||
license = licenses.unfree;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
maintainers = with maintainers; [ bfortz michalrus mrVanDalo ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
{ stdenv, fetchurl, ffmpeg, sox }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bs1770gain";
|
||||
version = "0.5.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/bs1770gain/${pname}-${version}.tar.gz";
|
||||
sha256 = "1p6yz5q7czyf9ard65sp4kawdlkg40cfscr3b24znymmhs3p7rbk";
|
||||
};
|
||||
|
||||
buildInputs = [ ffmpeg sox ];
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-Wno-error";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A audio/video loudness scanner implementing ITU-R BS.1770";
|
||||
license = licenses.gpl2Plus;
|
||||
homepage = "http://bs1770gain.sourceforge.net/";
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
|
@ -1,12 +1,12 @@
|
|||
{ stdenv, fetchurl, cmake }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "0.6.1";
|
||||
version = "0.6.3";
|
||||
pname = "game-music-emu";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://bitbucket.org/mpyne/game-music-emu/downloads/${pname}-${version}.tar.bz2";
|
||||
sha256 = "08fk7zddpn7v93d0fa7fcypx7hvgwx9b5psj9l6m8b87k2hbw4fw";
|
||||
url = "https://bitbucket.org/mpyne/game-music-emu/downloads/${pname}-${version}.tar.xz";
|
||||
sha256 = "07857vdkak306d9s5g6fhmjyxk7vijzjhkmqb15s7ihfxx9lx8xb";
|
||||
};
|
||||
|
||||
buildInputs = [ cmake ];
|
||||
|
@ -16,6 +16,6 @@ stdenv.mkDerivation rec {
|
|||
description = "A collection of video game music file emulators";
|
||||
license = licenses.lgpl21Plus;
|
||||
platforms = platforms.all;
|
||||
maintainers = [ ];
|
||||
maintainers = with maintainers; [ luc65r ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,13 +3,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "geonkick";
|
||||
version = "2.5.1";
|
||||
version = "2.6.1";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "iurie-sw";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "14svwrxqw15j6wjy3x8s28yyrafa31bm7d1ns5h6gvpndccwc1kw";
|
||||
sha256 = "1l647j11pb9lkknnh4q99mmfcvr644b02lfcdjh98z60vqm1s54c";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, fetchurl, fftwSinglePrec, lv2, pkgconfig, wafHook }:
|
||||
{ stdenv, fetchurl, fftwSinglePrec, lv2, pkgconfig, wafHook, python3 }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "mda-lv2";
|
||||
|
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1a3cv6w5xby9yn11j695rbh3c4ih7rxfxmkca9s1324ljphh06m8";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig wafHook ];
|
||||
nativeBuildInputs = [ pkgconfig wafHook python3 ];
|
||||
buildInputs = [ fftwSinglePrec lv2 ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -2,14 +2,14 @@
|
|||
, SDL2, alsaLib, libjack2, lhasa, perl, rtmidi, zlib, zziplib }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.02.00";
|
||||
version = "1.03.00";
|
||||
pname = "milkytracker";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "milkytracker";
|
||||
repo = "MilkyTracker";
|
||||
rev = "v${version}";
|
||||
sha256 = "05a6d7l98k9i82dwrgi855dnccm3f2lkb144gi244vhk1156n0ca";
|
||||
sha256 = "025fj34gq2kmkpwcswcyx7wdxb89vm944dh685zi4bxx0hz16vvk";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];
|
||||
|
|
|
@ -14,9 +14,9 @@ let
|
|||
|
||||
mopidy-gmusic = callPackage ./gmusic.nix { };
|
||||
|
||||
mopidy-local = callPackage ./local.nix { };
|
||||
mopidy-iris = callPackage ./iris.nix { };
|
||||
|
||||
mopidy-spotify = callPackage ./spotify.nix { };
|
||||
mopidy-local = callPackage ./local.nix { };
|
||||
|
||||
mopidy-moped = callPackage ./moped.nix { };
|
||||
|
||||
|
@ -26,20 +26,21 @@ let
|
|||
|
||||
mopidy-mpris = callPackage ./mpris.nix { };
|
||||
|
||||
mopidy-musicbox-webclient = callPackage ./musicbox-webclient.nix { };
|
||||
|
||||
mopidy-scrobbler = callPackage ./scrobbler.nix { };
|
||||
|
||||
mopidy-somafm = callPackage ./somafm.nix { };
|
||||
|
||||
mopidy-spotify-tunigo = callPackage ./spotify-tunigo.nix { };
|
||||
|
||||
mopidy-youtube = callPackage ./youtube.nix { };
|
||||
|
||||
mopidy-soundcloud = callPackage ./soundcloud.nix { };
|
||||
|
||||
mopidy-musicbox-webclient = callPackage ./musicbox-webclient.nix { };
|
||||
mopidy-spotify = callPackage ./spotify.nix { };
|
||||
|
||||
mopidy-iris = callPackage ./iris.nix { };
|
||||
mopidy-spotify-tunigo = callPackage ./spotify-tunigo.nix { };
|
||||
|
||||
mopidy-tunein = callPackage ./tunein.nix { };
|
||||
|
||||
mopidy-youtube = callPackage ./youtube.nix { };
|
||||
};
|
||||
|
||||
in self
|
||||
|
|
|
@ -38,10 +38,6 @@ pythonPackages.buildPythonApplication rec {
|
|||
# There are no tests
|
||||
doCheck = false;
|
||||
|
||||
preFixup = ''
|
||||
gappsWrapperArgs+=(--prefix GST_PLUGIN_SYSTEM_PATH : "$GST_PLUGIN_SYSTEM_PATH")
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://www.mopidy.com/";
|
||||
description = ''
|
||||
|
|
24
third_party/nixpkgs/pkgs/applications/audio/mopidy/scrobbler.nix
vendored
Normal file
24
third_party/nixpkgs/pkgs/applications/audio/mopidy/scrobbler.nix
vendored
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ stdenv, python3Packages, mopidy }:
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "Mopidy-Scrobbler";
|
||||
version = "2.0.1";
|
||||
|
||||
src = python3Packages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "11vxgax4xgkggnq4fr1rh2rcvzspkkimck5p3h4phdj3qpnj0680";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [ mopidy pylast ];
|
||||
|
||||
# no tests implemented
|
||||
doCheck = false;
|
||||
pythonImportsCheck = [ "mopidy_scrobbler" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/mopidy/mopidy-scrobbler";
|
||||
description = "Mopidy extension for scrobbling played tracks to Last.fm.";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ jakeisnt ];
|
||||
};
|
||||
}
|
|
@ -7,7 +7,7 @@ rustPlatform.buildRustPackage rec {
|
|||
src = fetchFromGitHub {
|
||||
owner = "betta-cyber";
|
||||
repo = "netease-music-tui";
|
||||
rev = "${version}";
|
||||
rev = version;
|
||||
sha256 = "0m5b3q493d32kxznm4apn56216l07b1c49km236i03mpfvdw7m1f";
|
||||
};
|
||||
|
||||
|
|
27
third_party/nixpkgs/pkgs/applications/audio/new-session-manager/default.nix
vendored
Normal file
27
third_party/nixpkgs/pkgs/applications/audio/new-session-manager/default.nix
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ stdenv, fetchFromGitHub, meson, pkg-config, ninja, liblo, libjack2, fltk }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "new-session-manager";
|
||||
version = "1.4.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "linuxaudio";
|
||||
repo = "new-session-manager";
|
||||
rev = "v${version}";
|
||||
sha256 = "PqOv4tx3NLxL2+GWIUVgL72EQYMyDPIMrAkyby3TZ+0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ meson pkg-config ninja ];
|
||||
|
||||
buildInputs = [ liblo libjack2 fltk ];
|
||||
|
||||
hardeningDisable = [ "format" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://linuxaudio.github.io/new-session-manager/";
|
||||
description = "A session manager designed for audio applications.";
|
||||
maintainers = [ maintainers._6AA4FD ];
|
||||
license = licenses.gpl3Plus;
|
||||
platforms = ["x86_64-linux"];
|
||||
};
|
||||
}
|
|
@ -1,24 +1,49 @@
|
|||
{ stdenv, lib, cmake, pkgconfig, libogg, fetchFromGitHub, libiconv }:
|
||||
{ stdenv, fetchFromGitHub, fetchpatch, cmake, pkg-config, libiconv, libogg
|
||||
, ffmpeg, glibcLocales, perl, perlPackages }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "opustags";
|
||||
version = "1.4.0";
|
||||
version = "1.5.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "fmang";
|
||||
repo = "opustags";
|
||||
rev = version;
|
||||
sha256 = "1y0czl72paawy342ff9ickaamkih43k59yfcdw7bnddypyfa7nbg";
|
||||
sha256 = "1dicv4s395b9gb4jpr0rnxdq9azr45pid62q3x08lb7cvyq3yxbh";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Fix building on darwin
|
||||
(fetchpatch {
|
||||
url = "https://github.com/fmang/opustags/commit/64fc6f8f6d20e034892e89abff0236c85cae98dc.patch";
|
||||
sha256 = "1djifzqhf1w51gbpqbndsh3gnl9iizp6hppxx8x2a92i9ns22zpg";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://github.com/fmang/opustags/commit/f98208c1a1d10c15f98b127bbfdf88a7b15b08dc.patch";
|
||||
sha256 = "1h3v0r336fca0y8zq1vl2wr8gaqs3vvrrckx7pvji4k1jpiqvp38";
|
||||
})
|
||||
];
|
||||
|
||||
buildInputs = [ libogg ];
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ] ++ lib.optional stdenv.isDarwin libiconv;
|
||||
nativeBuildInputs = [ cmake pkg-config ] ++ stdenv.lib.optional stdenv.isDarwin libiconv;
|
||||
|
||||
meta = with lib; {
|
||||
doCheck = true;
|
||||
|
||||
checkInputs = [ ffmpeg glibcLocales perl ] ++ (with perlPackages; [ ListMoreUtils ]);
|
||||
|
||||
checkPhase = ''
|
||||
export LANG="en_US.UTF-8"
|
||||
export LC_ALL="en_US.UTF-8"
|
||||
make check
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/fmang/opustags";
|
||||
description = "Ogg Opus tags editor";
|
||||
platforms = platforms.all;
|
||||
maintainers = [ maintainers.kmein ];
|
||||
broken = stdenv.isDarwin;
|
||||
maintainers = with maintainers; [ kmein SuperSandro2000 ];
|
||||
license = licenses.bsd3;
|
||||
};
|
||||
}
|
||||
|
|
27
third_party/nixpkgs/pkgs/applications/audio/plujain-ramp/default.nix
vendored
Normal file
27
third_party/nixpkgs/pkgs/applications/audio/plujain-ramp/default.nix
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ stdenv, fetchFromGitHub, lv2 }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "v1.1.3";
|
||||
pname = "plujain-ramp";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Houston4444";
|
||||
repo = "plujain-ramp";
|
||||
rev = "1bc1fed211e140c7330d6035122234afe78e5257";
|
||||
sha256 = "1k7qpr8c15d623c4zqxwdklp98amildh03cqsnqq5ia9ba8z3016";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
lv2
|
||||
];
|
||||
|
||||
installFlags = [ "INSTALL_PATH=$(out)/lib/lv2" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A mono rhythmic tremolo LV2 Audio Plugin";
|
||||
homepage = "https://github.com/Houston4444/plujain-ramp";
|
||||
license = licenses.gpl2Only;
|
||||
platforms = platforms.linux;
|
||||
maintainers = [ maintainers.hirenashah ];
|
||||
};
|
||||
}
|
|
@ -8,13 +8,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pt2-clone";
|
||||
version = "1.27";
|
||||
version = "1.28";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "8bitbubsy";
|
||||
repo = "pt2-clone";
|
||||
rev = "v${version}";
|
||||
sha256 = "1hg36pfzgdbhd5bkzi3cpn6v39q8xis2jk7w6qm615r587393pwd";
|
||||
sha256 = "1c2x43f46l7556kl9y9qign0g6ywdkh7ywkzv6c9y63n68ph20x2";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
|
|
@ -1,26 +1,26 @@
|
|||
{ stdenv, fetchFromGitHub,
|
||||
automake, pkgconfig, lv2, fftw, cmake, xorg, libjack2, libsamplerate, libsndfile
|
||||
}:
|
||||
{ stdenv, fetchFromGitHub, pkg-config, lv2, fftw, cmake, libXpm
|
||||
, libXft, libjack2, libsamplerate, libsndfile }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
repo = "rkrlv2";
|
||||
name = "${repo}-b2.0";
|
||||
pname = "rkrlv2";
|
||||
version = "beta_3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ssj71";
|
||||
inherit repo;
|
||||
rev = "beta_2";
|
||||
sha256 = "128jcilbrd1l65c01w2bazsb21x78mng0jjkhi3x9crf1n9qbh2m";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "WjpPNUEYw4aGrh57J+7kkxKFXgCJWNaWAmueFbNUJJo=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = with xorg; [ automake lv2 fftw cmake libXpm libjack2 libsamplerate libsndfile libXft ];
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
buildInputs = [ libXft libXpm lv2 fftw libjack2 libsamplerate libsndfile ];
|
||||
|
||||
meta = {
|
||||
meta = with stdenv.lib; {
|
||||
description = "Rakarrak effects ported to LV2";
|
||||
homepage = "https://github.com/ssj71/rkrlv2";
|
||||
license = stdenv.lib.licenses.gpl3;
|
||||
maintainers = [ stdenv.lib.maintainers.joelmo ];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
license = licenses.gpl2Only;
|
||||
maintainers = [ maintainers.joelmo ];
|
||||
platforms = platforms.unix;
|
||||
broken = stdenv.isAarch64; # g++: error: unrecognized command line option '-mfpmath=sse'
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, makeWrapper, fetchFromBitbucket, fetchFromGitHub, pkgconfig
|
||||
{ stdenv, makeWrapper, fetchzip, fetchFromGitHub, pkgconfig
|
||||
, alsaLib, curl, glew, glfw, gtk2-x11, jansson, libjack2, libXext, libXi
|
||||
, libzip, rtaudio, rtmidi, speex, libsamplerate }:
|
||||
|
||||
|
@ -7,10 +7,8 @@ let
|
|||
# Others are downloaded with `make deps`. Due to previous issues with the
|
||||
# `glfw` submodule (see above) and because we can not access the network when
|
||||
# building in a sandbox, we fetch the dependency source manually.
|
||||
pfft-source = fetchFromBitbucket {
|
||||
owner = "jpommier";
|
||||
repo = "pffft";
|
||||
rev = "74d7261be17cf659d5930d4830609406bd7553e3";
|
||||
pfft-source = fetchzip {
|
||||
url = "https://vcvrack.com/downloads/dep/pffft.zip";
|
||||
sha256 = "084csgqa6f1a270bhybjayrh3mpyi2jimc87qkdgsqcp8ycsx1l1";
|
||||
};
|
||||
nanovg-source = fetchFromGitHub {
|
||||
|
|
|
@ -28,13 +28,13 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero-gui";
|
||||
version = "0.17.1.7";
|
||||
version = "0.17.1.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero-gui";
|
||||
rev = "v${version}";
|
||||
sha256 = "1dd2ddkxh9ynxnscysl46hj4dm063h1v13fnyah69am26qzzbby4";
|
||||
sha256 = "13cjrfdkr7c2ff8j2rg8hvhlc00af38vcs67wlx2109i2baq4pp3";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -17,13 +17,13 @@ assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero";
|
||||
version = "0.17.1.7";
|
||||
version = "0.17.1.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero";
|
||||
rev = "v${version}";
|
||||
sha256 = "1fdw4i4rw87yz3hz4yc1gdw0gr2mmf9038xaw2l4rrk5y50phjp4";
|
||||
sha256 = "10blazbk1602slx3wrmw4jfgkdry55iclrhm5drdficc5v3h735g";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue