Compare commits
10 commits
6af48cec0b
...
6d006b8b8d
Author | SHA1 | Date | |
---|---|---|---|
6d006b8b8d | |||
46dfafdc79 | |||
f4339d94fc | |||
8584ad10d8 | |||
da66e90c04 | |||
3ed4d12aac | |||
1823ff693c | |||
c879c10e37 | |||
8ed41d3189 | |||
703c1128b0 |
2221 changed files with 91131 additions and 159713 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -26,6 +26,7 @@
|
||||||
/py/icalfilter/config/*
|
/py/icalfilter/config/*
|
||||||
/rust/*/target/*
|
/rust/*/target/*
|
||||||
result-*
|
result-*
|
||||||
|
result
|
||||||
|
|
||||||
*.sw?
|
*.sw?
|
||||||
*.pyc
|
*.pyc
|
||||||
|
|
|
@ -47,7 +47,7 @@ func validateSignature(content, secret, signature string) bool {
|
||||||
|
|
||||||
const (
|
const (
|
||||||
talkRegexFragment = `[0-9]+(_[\p{L}\p{N}\-]+)?`
|
talkRegexFragment = `[0-9]+(_[\p{L}\p{N}\-]+)?`
|
||||||
fileEndRegexFragment = `[0-9]{8}-[0-9]{6}[.]mp4`
|
fileEndRegexFragment = `[0-9]{8}-[0-9]{6}(-[a-zA-Z0-9][a-zA-Z0-9\-]*)?[.]mp4`
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
|
@ -49,8 +49,8 @@ let
|
||||||
pythonRemoveDeps = true;
|
pythonRemoveDeps = true;
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
substituteInPlace --replace-fail pyproject.toml \
|
substituteInPlace pyproject.toml \
|
||||||
'"mslex",' ""
|
--replace-fail '"mslex",' ""
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
cxxheaderparser = pm: pm.buildPythonPackage rec {
|
cxxheaderparser = pm: pm.buildPythonPackage rec {
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
{
|
{
|
||||||
"src": {
|
"src": {
|
||||||
"url": "https://github.com/RogueMaster/flipperzero-firmware-wPlugins",
|
"url": "https://github.com/RogueMaster/flipperzero-firmware-wPlugins",
|
||||||
"rev": "0835dbcb3dbc9d2258e4671bbe88ec6354898250",
|
"rev": "56daaa4fc27ce534eaae9af58c4b4b8e28d37511",
|
||||||
"date": "2024-10-29T11:31:07-04:00",
|
"date": "2024-11-22T23:15:00-05:00",
|
||||||
"path": "/nix/store/s7jflcgy3djp439yhk1l6hnd3yv698hm-flipperzero-firmware-wPlugins-0835dbc",
|
"path": "/nix/store/bk7s9zszi88d9wvdspd1jslx89jz22m0-flipperzero-firmware-wPlugins-56daaa4",
|
||||||
"sha256": "05iz06d7cqzbi2wi4s3k2li9wlwy4gznp2kb61v5bdqbwi82hgi0",
|
"sha256": "006ckp959mh03qyrwc17y8b83wcg56sr5mb4wqaqzaa94fw4mkgy",
|
||||||
"hash": "sha256-ID4oUOQLt1V2MGuKa/8jnlOeIhVzaBK5iOtjdpoBPxY=",
|
"hash": "sha256-/s1KuCNJqY8V5mTVkrUpj/GBFvInMJ49HgDWVNKdzAA=",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": true,
|
"fetchSubmodules": true,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
"leaveDotGit": false
|
"leaveDotGit": false
|
||||||
},
|
},
|
||||||
"version": "RM1029-1144-0.420.0-0835dbc",
|
"version": "RM1123-0051-0.420.0-56daaa4",
|
||||||
"upstreamVersion": "0.420.0"
|
"upstreamVersion": "0.420.0"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
rev = "v0.22.0";
|
rev = "v0.23.0";
|
||||||
src = (pkgs.fetchFromGitHub {
|
src = (pkgs.fetchFromGitHub {
|
||||||
owner = "martinvonz";
|
owner = "martinvonz";
|
||||||
repo = "jj";
|
repo = "jj";
|
||||||
inherit rev;
|
inherit rev;
|
||||||
hash = "sha256-GbKmX1Ev/8di3A1XT5ZIRjzn2zP6DMye2NpA26PGVIs=";
|
hash = "sha256-NCeD+WA3uVl4l/KKFDtdG8+vpm10Y3rEAf8kY6SP0yo=";
|
||||||
}) // {
|
}) // {
|
||||||
shortRev = rev;
|
shortRev = rev;
|
||||||
};
|
};
|
||||||
|
@ -22,8 +22,8 @@ let
|
||||||
rust-overlay-src = (pkgs.fetchFromGitHub {
|
rust-overlay-src = (pkgs.fetchFromGitHub {
|
||||||
owner = "oxalica";
|
owner = "oxalica";
|
||||||
repo = "rust-overlay";
|
repo = "rust-overlay";
|
||||||
rev = "b259ef799b5ac014604da71ecd92d4a52603ed2d";
|
rev = "ed8aa5b64f7d36d9338eb1d0a3bb60cf52069a72";
|
||||||
hash = "sha256-H7KGGJUU9BcDNnfXiATBGgs6FJKWQdfftNJS+/v2aMU=";
|
hash = "sha256-RHt12f/slrzDpSL7SSkydh8wUE4Nr4r23HlpWywed9E=";
|
||||||
});
|
});
|
||||||
rust-overlay = (import "${rust-overlay-src}/flake.nix").outputs {
|
rust-overlay = (import "${rust-overlay-src}/flake.nix").outputs {
|
||||||
self = rust-overlay;
|
self = rust-overlay;
|
||||||
|
|
54
ops/nixos/lib/forgejo-runner-cacher.nix
Normal file
54
ops/nixos/lib/forgejo-runner-cacher.nix
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
{ depot, lib, pkgs, utils, config, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.my.forgejo-runner;
|
||||||
|
in {
|
||||||
|
options.my.forgejo-runner = {
|
||||||
|
enable = lib.mkEnableOption "forgejo runner";
|
||||||
|
|
||||||
|
enablePodman = lib.mkEnableOption "forgejo runner with Podman labels";
|
||||||
|
|
||||||
|
selfHostedLabels = lib.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.str;
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkMerge [
|
||||||
|
(lib.mkIf cfg.enable {
|
||||||
|
my.vault.secrets.forgejo-runner-environment = {
|
||||||
|
restartUnits = ["gitea-runner-${utils.escapeSystemdPath config.services.gitea-actions-runner.instances.depot.name}.service"];
|
||||||
|
group = "root";
|
||||||
|
template = ''
|
||||||
|
{{ with secret "kv/apps/forgejo-runner" }}
|
||||||
|
TOKEN={{ .Data.data.TOKEN }}
|
||||||
|
{{ end }}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-runner;
|
||||||
|
instances.depot = {
|
||||||
|
enable = true;
|
||||||
|
name = config.networking.hostName;
|
||||||
|
url = "https://git.lukegb.com";
|
||||||
|
tokenFile = config.my.vault.secrets.forgejo-runner-environment.path;
|
||||||
|
labels = map (label: "${label}:host://-self-hosted") cfg.selfHostedLabels;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.gc.automatic = false;
|
||||||
|
}) (lib.mkIf (cfg.enable && cfg.enablePodman) {
|
||||||
|
services.gitea-actions-runner.instances.depot.labels = lib.mkAfter [
|
||||||
|
"debian-latest:docker://node:22-bookworm"
|
||||||
|
"lix:docker://git.lix.systems/lix-project/lix:${pkgs.lix.version}"
|
||||||
|
];
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
dockerSocket.enable = true;
|
||||||
|
};
|
||||||
|
})];
|
||||||
|
}
|
|
@ -1,42 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
{ depot, lib, pkgs, config, ... }:
|
|
||||||
{
|
|
||||||
my.vault.secrets.gitlab-runner-environment = {
|
|
||||||
restartUnits = ["gitlab-runner.service"];
|
|
||||||
group = "root";
|
|
||||||
template = ''
|
|
||||||
{{ with secret "kv/apps/gitlab-runner" }}
|
|
||||||
{{ .Data.data.environment }}
|
|
||||||
{{ end }}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.gitlab-runner = {
|
|
||||||
enable = true;
|
|
||||||
settings.concurrent = 1;
|
|
||||||
services = {
|
|
||||||
deployer = {
|
|
||||||
registrationConfigFile = config.my.vault.secrets.gitlab-runner-environment.path;
|
|
||||||
executor = "shell";
|
|
||||||
tagList = [ "cacher" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
gracefulTermination = true;
|
|
||||||
gracefulTimeout = "4min";
|
|
||||||
package = depot.nix.pkgs.heptapod-runner;
|
|
||||||
extraPackages = with pkgs; [
|
|
||||||
git
|
|
||||||
depot.nix.pkgs.heptapod-runner-mercurial
|
|
||||||
];
|
|
||||||
};
|
|
||||||
users.users.gitlab-runner = {
|
|
||||||
isNormalUser = true;
|
|
||||||
group = "nogroup";
|
|
||||||
createHome = true;
|
|
||||||
home = "/srv/gitlab-runner";
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.gc.automatic = false;
|
|
||||||
}
|
|
|
@ -8,7 +8,7 @@
|
||||||
../lib/zfs.nix
|
../lib/zfs.nix
|
||||||
./bgp.nix
|
./bgp.nix
|
||||||
../lib/bgp.nix
|
../lib/bgp.nix
|
||||||
../lib/gitlab-runner-cacher.nix
|
../lib/forgejo-runner-cacher.nix
|
||||||
#../lib/nixbuild-distributed.nix # error: build of '/nix/store/3r7456yr8r9g4fl7w6xbgqlbsdjwfvr4-stdlib-pkgs.json.drv' on 'ssh://eu.nixbuild.net' failed: unexpected: Built outputs are invalid
|
#../lib/nixbuild-distributed.nix # error: build of '/nix/store/3r7456yr8r9g4fl7w6xbgqlbsdjwfvr4-stdlib-pkgs.json.drv' on 'ssh://eu.nixbuild.net' failed: unexpected: Built outputs are invalid
|
||||||
../lib/hackyplayer.nix
|
../lib/hackyplayer.nix
|
||||||
../lib/emfminiserv.nix
|
../lib/emfminiserv.nix
|
||||||
|
@ -299,6 +299,12 @@
|
||||||
};
|
};
|
||||||
my.ip.tailscale = "100.97.110.48";
|
my.ip.tailscale = "100.97.110.48";
|
||||||
my.ip.tailscale6 = "fd7a:115c:a1e0::3a01:6e30";
|
my.ip.tailscale6 = "fd7a:115c:a1e0::3a01:6e30";
|
||||||
|
|
||||||
|
my.forgejo-runner = {
|
||||||
|
enable = true;
|
||||||
|
enablePodman = false; # NAT is hard.
|
||||||
|
selfHostedLabels = [ "cacher" ];
|
||||||
|
};
|
||||||
#my.coredns.bind = [ "bond0" "tailscale0" "127.0.0.1" "::1" ];
|
#my.coredns.bind = [ "bond0" "tailscale0" "127.0.0.1" "::1" ];
|
||||||
|
|
||||||
services.openssh.hostKeys = [
|
services.openssh.hostKeys = [
|
||||||
|
|
|
@ -66,7 +66,7 @@
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
my.apps.authentik = {};
|
my.apps.authentik = {};
|
||||||
my.apps.gitlab-runner = {};
|
my.apps.forgejo-runner = {};
|
||||||
my.apps.plex-pass = {};
|
my.apps.plex-pass = {};
|
||||||
my.apps.ads-b = {};
|
my.apps.ads-b = {};
|
||||||
my.apps.nixbuild = {};
|
my.apps.nixbuild = {};
|
||||||
|
@ -78,19 +78,18 @@
|
||||||
my.apps.bsky-pds = {};
|
my.apps.bsky-pds = {};
|
||||||
|
|
||||||
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
||||||
my.servers.bvm-forgejo.apps = [ "pomerium" ];
|
my.servers.bvm-forgejo.apps = [ "pomerium" "forgejo-runner" ];
|
||||||
my.servers.howl.apps = [ "nixbuild" ];
|
my.servers.howl.apps = [ "nixbuild" ];
|
||||||
my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ];
|
my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ];
|
||||||
my.servers.nausicaa.apps = [ "quotesdb" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" ];
|
my.servers.nausicaa.apps = [ "quotesdb" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" ];
|
||||||
my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" "tumblrandom" ];
|
my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" "tumblrandom" ];
|
||||||
my.servers.clouvider-fra01.apps = [ "deluge" ];
|
my.servers.clouvider-fra01.apps = [ "deluge" ];
|
||||||
my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" "nixbuild" ];
|
my.servers.clouvider-lon01.apps = [ "quotesdb" "nixbuild" ];
|
||||||
my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" "nixbuild" ];
|
my.servers.cofractal-ams01.apps = [ "deluge" "nixbuild" ];
|
||||||
my.servers.bvm-twitterchiver.apps = [ "twitterchiver" ];
|
my.servers.bvm-twitterchiver.apps = [ "twitterchiver" ];
|
||||||
my.servers.bvm-matrix.apps = [ "turn" "matrix-synapse" ];
|
my.servers.bvm-matrix.apps = [ "turn" "matrix-synapse" ];
|
||||||
my.servers.bvm-prosody.apps = [ "turn" ];
|
my.servers.bvm-prosody.apps = [ "turn" ];
|
||||||
my.servers.bvm-heptapod.apps = [ "gitlab-runner" ];
|
|
||||||
my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ];
|
my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ];
|
||||||
my.servers.bvm-netbox.apps = [ "netbox" ];
|
my.servers.bvm-netbox.apps = [ "netbox" ];
|
||||||
my.servers.rexxar.apps = [ "deluge" "gitlab-runner" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" "fup" "bsky-pds" ];
|
my.servers.rexxar.apps = [ "deluge" "forgejo-runner" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" "fup" "bsky-pds" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,34 +7,44 @@ assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### Describe the bug
|
## Describe the bug
|
||||||
A clear and concise description of what the bug is.
|
|
||||||
|
<!-- A clear and concise description of what the bug is. -->
|
||||||
|
|
||||||
|
## Steps To Reproduce
|
||||||
|
|
||||||
### Steps To Reproduce
|
|
||||||
Steps to reproduce the behavior:
|
Steps to reproduce the behavior:
|
||||||
|
|
||||||
1. ...
|
1. ...
|
||||||
2. ...
|
2. ...
|
||||||
3. ...
|
3. ...
|
||||||
|
|
||||||
### Expected behavior
|
## Expected behavior
|
||||||
A clear and concise description of what you expected to happen.
|
|
||||||
|
|
||||||
### Screenshots
|
<!-- A clear and concise description of what you expected to happen. -->
|
||||||
If applicable, add screenshots to help explain your problem.
|
|
||||||
|
|
||||||
### Additional context
|
## Screenshots
|
||||||
Add any other context about the problem here.
|
|
||||||
|
|
||||||
### Notify maintainers
|
<!-- If applicable, add screenshots to help explain your problem: -->
|
||||||
|
|
||||||
|
## Additional context
|
||||||
|
|
||||||
|
<!-- Add any other context about the problem here. -->
|
||||||
|
|
||||||
|
## Metadata
|
||||||
|
|
||||||
|
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
||||||
|
|
||||||
|
## Notify maintainers
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||||
If in doubt, check `git blame` for whoever last touched something.
|
If in doubt, check `git blame` for whoever last touched something.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
### Metadata
|
---
|
||||||
|
|
||||||
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
Note for maintainers: Please tag this issue in your PR.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -7,31 +7,43 @@ assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### Steps To Reproduce
|
## Steps To Reproduce
|
||||||
|
|
||||||
Steps to reproduce the behavior:
|
Steps to reproduce the behavior:
|
||||||
|
|
||||||
1. build *X*
|
1. build *X*
|
||||||
|
|
||||||
### Build log
|
## Build log
|
||||||
|
|
||||||
|
<!-- insert build log in code block in collapsable section -->
|
||||||
|
|
||||||
|
<details>
|
||||||
|
|
||||||
|
<summary>Build Log</summary>
|
||||||
|
|
||||||
```
|
```
|
||||||
log here if short otherwise a link to a gist
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Additional context
|
</details>
|
||||||
|
|
||||||
Add any other context about the problem here.
|
## Additional context
|
||||||
|
|
||||||
### Notify maintainers
|
<!-- Add any other context about the problem here. -->
|
||||||
|
|
||||||
|
## Metadata
|
||||||
|
|
||||||
|
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
||||||
|
|
||||||
|
## Notify maintainers
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||||
If in doubt, check `git blame` for whoever last touched something.
|
If in doubt, check `git blame` for whoever last touched something.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
### Metadata
|
---
|
||||||
|
|
||||||
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
|
Note for maintainers: Please tag this issue in your PR.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -23,12 +23,9 @@ assignees: ''
|
||||||
- [ ] checked [open documentation issues] for possible duplicates
|
- [ ] checked [open documentation issues] for possible duplicates
|
||||||
- [ ] checked [open documentation pull requests] for possible solutions
|
- [ ] checked [open documentation pull requests] for possible solutions
|
||||||
|
|
||||||
[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/
|
---
|
||||||
[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/
|
|
||||||
[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc
|
Note for maintainers: Please tag this issue in your PR.
|
||||||
[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual
|
|
||||||
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
|
|
||||||
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -36,3 +33,9 @@ Add a :+1: [reaction] to [issues you find important].
|
||||||
|
|
||||||
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
|
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
|
||||||
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc
|
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc
|
||||||
|
[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/
|
||||||
|
[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/
|
||||||
|
[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc
|
||||||
|
[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual
|
||||||
|
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
|
||||||
|
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
|
||||||
|
|
|
@ -7,11 +7,11 @@ assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### Description
|
## Description
|
||||||
|
|
||||||
<!-- Describe what the module should accomplish: -->
|
<!-- Describe what the module should accomplish: -->
|
||||||
|
|
||||||
### Notify maintainers
|
## Notify maintainers
|
||||||
|
|
||||||
<!-- If applicable, tag the maintainers of the package that corresponds to the module. If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
<!-- If applicable, tag the maintainers of the package that corresponds to the module. If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
||||||
|
|
||||||
|
|
|
@ -7,23 +7,30 @@ assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## Package Information
|
||||||
|
|
||||||
|
<!-- Search for the package here: https://search.nixos.org/packages?channel=unstable -->
|
||||||
|
|
||||||
- Package name:
|
- Package name:
|
||||||
- Latest released version:
|
- Latest released version:
|
||||||
<!-- Search your package here: https://search.nixos.org/packages?channel=unstable -->
|
|
||||||
- Current version on the unstable channel:
|
- Current version on the unstable channel:
|
||||||
- Current version on the stable/release channel:
|
- Current version on the stable/release channel:
|
||||||
|
|
||||||
|
## Checklist
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Type the name of your package and try to find an open pull request for the package
|
Type the name of your package and try to find an open pull request for the package
|
||||||
If you find an open pull request, you can review it!
|
If you find an open pull request, you can review it!
|
||||||
There's a high chance that you'll have the new version right away while helping the community!
|
There's a high chance that you'll have the new version right away while helping the community!
|
||||||
-->
|
-->
|
||||||
|
|
||||||
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
|
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
|
||||||
|
|
||||||
**Notify maintainers**
|
## Notify maintainers
|
||||||
|
|
||||||
<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
|
||||||
|
|
||||||
-----
|
---
|
||||||
|
|
||||||
Note for maintainers: Please tag this issue in your PR.
|
Note for maintainers: Please tag this issue in your PR.
|
||||||
|
|
||||||
|
|
|
@ -7,11 +7,11 @@ assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
**Project description**
|
## Project description
|
||||||
|
|
||||||
<!-- Describe the project a little: -->
|
<!-- Describe the project a little: -->
|
||||||
|
|
||||||
**Metadata**
|
## Metadata
|
||||||
|
|
||||||
* homepage URL:
|
* homepage URL:
|
||||||
* source URL:
|
* source URL:
|
||||||
|
@ -20,6 +20,10 @@ assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
Note for maintainers: Please tag this issue in your PR.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
Add a :+1: [reaction] to [issues you find important].
|
Add a :+1: [reaction] to [issues you find important].
|
||||||
|
|
||||||
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
|
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
|
||||||
|
|
|
@ -31,12 +31,12 @@ Fixing bit-by-bit reproducibility also has additional advantages, such as
|
||||||
avoiding hard-to-reproduce bugs, making content-addressed storage more effective
|
avoiding hard-to-reproduce bugs, making content-addressed storage more effective
|
||||||
and reducing rebuilds in such systems.
|
and reducing rebuilds in such systems.
|
||||||
|
|
||||||
### Steps To Reproduce
|
## Steps To Reproduce
|
||||||
|
|
||||||
In the following steps, replace `<package>` with the canonical name of the
|
In the following steps, replace `<package>` with the canonical name of the
|
||||||
package.
|
package.
|
||||||
|
|
||||||
#### 1. Build the package
|
### 1. Build the package
|
||||||
|
|
||||||
This step will build the package. Specific arguments are passed to the command
|
This step will build the package. Specific arguments are passed to the command
|
||||||
to keep the build artifacts so we can compare them in case of differences.
|
to keep the build artifacts so we can compare them in case of differences.
|
||||||
|
@ -53,7 +53,7 @@ Or using the new command line style:
|
||||||
nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed
|
nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 2. Compare the build artifacts
|
### 2. Compare the build artifacts
|
||||||
|
|
||||||
If the previous command completes successfully, no differences were found and
|
If the previous command completes successfully, no differences were found and
|
||||||
there's nothing to do, builds are reproducible.
|
there's nothing to do, builds are reproducible.
|
||||||
|
@ -67,7 +67,7 @@ metadata (*e.g. timestamp*) differences.
|
||||||
nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>
|
nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 3. Examine the build log
|
### 3. Examine the build log
|
||||||
|
|
||||||
To examine the build log, use:
|
To examine the build log, use:
|
||||||
|
|
||||||
|
@ -81,10 +81,20 @@ Or with the new command line style:
|
||||||
nix log $(nix path-info --derivation nixpkgs#<package>)
|
nix log $(nix path-info --derivation nixpkgs#<package>)
|
||||||
```
|
```
|
||||||
|
|
||||||
### Additional context
|
## Additional context
|
||||||
|
|
||||||
(please share the relevant fragment of the diffoscope output here, and any
|
(please share the relevant fragment of the diffoscope output here, and any additional analysis you may have done)
|
||||||
additional analysis you may have done)
|
|
||||||
|
## Notify maintainers
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Please @ people who are in the `meta.maintainers` list of the offending package or module.
|
||||||
|
If in doubt, check `git blame` for whoever last touched something.
|
||||||
|
-->
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Note for maintainers: Please tag this issue in your PR.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ For new packages please briefly describe the package or provide a link to its ho
|
||||||
- made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages
|
- made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages
|
||||||
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
|
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
|
||||||
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
|
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
|
||||||
- [24.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) (or backporting [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) and [24.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) Release notes)
|
- [25.05 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) Release notes)
|
||||||
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
|
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
|
||||||
- [ ] (Module updates) Added a release notes entry if the change is significant
|
- [ ] (Module updates) Added a release notes entry if the change is significant
|
||||||
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module
|
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module
|
||||||
|
|
4
third_party/nixpkgs/.github/labeler.yml
vendored
4
third_party/nixpkgs/.github/labeler.yml
vendored
|
@ -293,6 +293,7 @@
|
||||||
- any-glob-to-any-file:
|
- any-glob-to-any-file:
|
||||||
- nixos/**/*
|
- nixos/**/*
|
||||||
- pkgs/by-name/sw/switch-to-configuration-ng/**/*
|
- pkgs/by-name/sw/switch-to-configuration-ng/**/*
|
||||||
|
- pkgs/by-name/ni/nixos-rebuild-ng/**/*
|
||||||
- pkgs/os-specific/linux/nixos-rebuild/**/*
|
- pkgs/os-specific/linux/nixos-rebuild/**/*
|
||||||
|
|
||||||
"6.topic: nixos-container":
|
"6.topic: nixos-container":
|
||||||
|
@ -358,8 +359,9 @@
|
||||||
- changed-files:
|
- changed-files:
|
||||||
- any-glob-to-any-file:
|
- any-glob-to-any-file:
|
||||||
- doc/languages-frameworks/php.section.md
|
- doc/languages-frameworks/php.section.md
|
||||||
|
- nixos/tests/php/**/*
|
||||||
- pkgs/build-support/php/**/*
|
- pkgs/build-support/php/**/*
|
||||||
- pkgs/development/interpreters/php/*
|
- pkgs/development/interpreters/php/**/*
|
||||||
- pkgs/development/php-packages/**/*
|
- pkgs/development/php-packages/**/*
|
||||||
- pkgs/test/php/default.nix
|
- pkgs/test/php/default.nix
|
||||||
- pkgs/top-level/php-packages.nix
|
- pkgs/top-level/php-packages.nix
|
||||||
|
|
|
@ -39,6 +39,10 @@ jobs:
|
||||||
into: staging-next-24.05
|
into: staging-next-24.05
|
||||||
- from: staging-next-24.05
|
- from: staging-next-24.05
|
||||||
into: staging-24.05
|
into: staging-24.05
|
||||||
|
- from: release-24.11
|
||||||
|
into: staging-next-24.11
|
||||||
|
- from: staging-next-24.11
|
||||||
|
into: staging-24.11
|
||||||
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
|
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
|
|
2
third_party/nixpkgs/CONTRIBUTING.md
vendored
2
third_party/nixpkgs/CONTRIBUTING.md
vendored
|
@ -345,7 +345,7 @@ See [Nix Channel Status](https://status.nixos.org/) for the current channels and
|
||||||
Here's a brief overview of the main Git branches and what channels they're used for:
|
Here's a brief overview of the main Git branches and what channels they're used for:
|
||||||
|
|
||||||
- `master`: The main branch, used for the unstable channels such as `nixpkgs-unstable`, `nixos-unstable` and `nixos-unstable-small`.
|
- `master`: The main branch, used for the unstable channels such as `nixpkgs-unstable`, `nixos-unstable` and `nixos-unstable-small`.
|
||||||
- `release-YY.MM` (e.g. `release-24.05`): The NixOS release branches, used for the stable channels such as `nixos-24.05`, `nixos-24.05-small` and `nixpkgs-24.05-darwin`.
|
- `release-YY.MM` (e.g. `release-24.11`): The NixOS release branches, used for the stable channels such as `nixos-24.11`, `nixos-24.11-small` and `nixpkgs-24.11-darwin`.
|
||||||
|
|
||||||
When a channel is updated, a corresponding Git branch is also updated to point to the corresponding commit.
|
When a channel is updated, a corresponding Git branch is also updated to point to the corresponding commit.
|
||||||
So e.g. the [`nixpkgs-unstable` branch](https://github.com/nixos/nixpkgs/tree/nixpkgs-unstable) corresponds to the Git commit from the [`nixpkgs-unstable` channel](https://channels.nixos.org/nixpkgs-unstable).
|
So e.g. the [`nixpkgs-unstable` branch](https://github.com/nixos/nixpkgs/tree/nixpkgs-unstable) corresponds to the Git commit from the [`nixpkgs-unstable` channel](https://channels.nixos.org/nixpkgs-unstable).
|
||||||
|
|
4
third_party/nixpkgs/README.md
vendored
4
third_party/nixpkgs/README.md
vendored
|
@ -9,7 +9,7 @@
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<a href="https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
|
<a href="CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
|
||||||
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=supporters&color=brightgreen" alt="Open Collective supporters" /></a>
|
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=supporters&color=brightgreen" alt="Open Collective supporters" /></a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ Community contributions are always welcome through GitHub Issues and
|
||||||
Pull Requests.
|
Pull Requests.
|
||||||
|
|
||||||
For more information about contributing to the project, please visit
|
For more information about contributing to the project, please visit
|
||||||
the [contributing page](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).
|
the [contributing page](CONTRIBUTING.md).
|
||||||
|
|
||||||
# Donations
|
# Donations
|
||||||
|
|
||||||
|
|
11
third_party/nixpkgs/ci/OWNERS
vendored
11
third_party/nixpkgs/ci/OWNERS
vendored
|
@ -105,6 +105,11 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
|
||||||
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
|
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
|
||||||
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius
|
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius
|
||||||
|
|
||||||
|
# NixOS Render Docs
|
||||||
|
/pkgs/by-name/ni/nixos-render-docs @fricklerhandwerk @GetPsyched @hsjobeki
|
||||||
|
/doc/redirects.json @fricklerhandwerk @GetPsyched @hsjobeki
|
||||||
|
/nixos/doc/manual/redirects.json @fricklerhandwerk @GetPsyched @hsjobeki
|
||||||
|
|
||||||
# NixOS integration test driver
|
# NixOS integration test driver
|
||||||
/nixos/lib/test-driver @tfc
|
/nixos/lib/test-driver @tfc
|
||||||
|
|
||||||
|
@ -138,6 +143,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
|
||||||
/nixos/tests/amazon-ssm-agent.nix @arianvp
|
/nixos/tests/amazon-ssm-agent.nix @arianvp
|
||||||
/nixos/modules/system/boot/grow-partition.nix @arianvp
|
/nixos/modules/system/boot/grow-partition.nix @arianvp
|
||||||
|
|
||||||
|
# nixos-rebuild-ng
|
||||||
|
/pkgs/by-name/ni/nixos-rebuild-ng @thiagokokada
|
||||||
|
|
||||||
|
|
||||||
# Updaters
|
# Updaters
|
||||||
|
@ -149,8 +156,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
|
||||||
|
|
||||||
# Python-related code and docs
|
# Python-related code and docs
|
||||||
/doc/languages-frameworks/python.section.md @mweinelt @natsukium
|
/doc/languages-frameworks/python.section.md @mweinelt @natsukium
|
||||||
/maintainers/scripts/update-python-libraries @natsukium
|
/maintainers/scripts/update-python-libraries @mweinelt @natsukium
|
||||||
/pkgs/development/interpreters/python @natsukium
|
/pkgs/development/interpreters/python @mweinelt @natsukium
|
||||||
/pkgs/top-level/python-packages.nix @natsukium
|
/pkgs/top-level/python-packages.nix @natsukium
|
||||||
/pkgs/top-level/release-python.nix @natsukium
|
/pkgs/top-level/release-python.nix @natsukium
|
||||||
|
|
||||||
|
|
8
third_party/nixpkgs/doc/README.md
vendored
8
third_party/nixpkgs/doc/README.md
vendored
|
@ -21,7 +21,7 @@ Rendered documentation:
|
||||||
- [Unstable (from master)](https://nixos.org/manual/nixpkgs/unstable/)
|
- [Unstable (from master)](https://nixos.org/manual/nixpkgs/unstable/)
|
||||||
- [Stable (from latest release)](https://nixos.org/manual/nixpkgs/stable/)
|
- [Stable (from latest release)](https://nixos.org/manual/nixpkgs/stable/)
|
||||||
|
|
||||||
The rendering tool is [nixos-render-docs](../pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs), sometimes abbreviated `nrd`.
|
The rendering tool is [nixos-render-docs](../pkgs/by-name/ni/nixos-render-docs), sometimes abbreviated `nrd`.
|
||||||
|
|
||||||
## Contributing to this documentation
|
## Contributing to this documentation
|
||||||
|
|
||||||
|
@ -42,6 +42,12 @@ It is a daemon, that:
|
||||||
2. HTTP serves the manual, injecting a script that triggers reload on changes
|
2. HTTP serves the manual, injecting a script that triggers reload on changes
|
||||||
3. opens the manual in the default browser
|
3. opens the manual in the default browser
|
||||||
|
|
||||||
|
### Testing redirects
|
||||||
|
|
||||||
|
Once you have a successful build, you can open the relevant HTML (path mentioned above) in a browser along with the anchor, and observe the redirection.
|
||||||
|
|
||||||
|
Note that if you already loaded the page and *then* input the anchor, you will need to perform a reload. This is because browsers do not re-run client JS code when only the anchor has changed.
|
||||||
|
|
||||||
## Syntax
|
## Syntax
|
||||||
|
|
||||||
As per [RFC 0072](https://github.com/NixOS/rfcs/pull/72), all new documentation content should be written in [CommonMark](https://commonmark.org/) Markdown dialect.
|
As per [RFC 0072](https://github.com/NixOS/rfcs/pull/72), all new documentation content should be written in [CommonMark](https://commonmark.org/) Markdown dialect.
|
||||||
|
|
|
@ -755,25 +755,63 @@ Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `hash`
|
||||||
|
|
||||||
Used with Git. Expects `url` to a Git repo, `rev`, and `hash`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`.
|
Used with Git. Expects `url` to a Git repo, `rev`, and `hash`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`.
|
||||||
|
|
||||||
Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
|
Additionally, the following optional arguments can be given:
|
||||||
|
|
||||||
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information:
|
*`fetchSubmodules`* (Boolean)
|
||||||
|
|
||||||
```nix
|
: Whether to also fetch the submodules of a repository.
|
||||||
{ stdenv, fetchgit }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
*`fetchLFS`* (Boolean)
|
||||||
name = "hello";
|
|
||||||
src = fetchgit {
|
: Whether to fetch LFS objects.
|
||||||
url = "https://...";
|
|
||||||
sparseCheckout = [
|
*`postFetch`* (String)
|
||||||
"directory/to/be/included"
|
|
||||||
"another/directory"
|
: Shell code executed after the file has been fetched successfully.
|
||||||
];
|
This can do things like check or transform the file.
|
||||||
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
|
||||||
};
|
*`leaveDotGit`* (Boolean)
|
||||||
}
|
|
||||||
```
|
: Whether the `.git` directory of the clone should *not* be removed after checkout.
|
||||||
|
|
||||||
|
Be warned though that the git repository format is not stable and this flag is therefore not suitable for actual use by itself.
|
||||||
|
Only use this for testing purposes or in conjunction with removing the `.git` directory in `postFetch`.
|
||||||
|
|
||||||
|
*`deepClone`* (Boolean)
|
||||||
|
|
||||||
|
: Clone the entire repository as opposing to just creating a shallow clone.
|
||||||
|
This implies `leaveDotGit`.
|
||||||
|
|
||||||
|
*`sparseCheckout`* (List of String)
|
||||||
|
|
||||||
|
: Prevent git from fetching unnecessary blobs from server.
|
||||||
|
This is useful if only parts of the repository are needed.
|
||||||
|
|
||||||
|
::: {.example #ex-fetchgit-sparseCheckout}
|
||||||
|
|
||||||
|
# Use `sparseCheckout` to only include some directories:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{ stdenv, fetchgit }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
name = "hello";
|
||||||
|
src = fetchgit {
|
||||||
|
url = "https://...";
|
||||||
|
sparseCheckout = [
|
||||||
|
"directory/to/be/included"
|
||||||
|
"another/directory"
|
||||||
|
];
|
||||||
|
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
:::
|
||||||
|
|
||||||
|
See [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information.
|
||||||
|
|
||||||
|
Some additional parameters for niche use-cases can be found listed in the function parameters in the declaration of `fetchgit`: `pkgs/build-support/fetchgit/default.nix`.
|
||||||
|
Future parameters additions might also happen without immediately being documented here.
|
||||||
|
|
||||||
## `fetchfossil` {#fetchfossil}
|
## `fetchfossil` {#fetchfossil}
|
||||||
|
|
||||||
|
|
16
third_party/nixpkgs/doc/doc-support/package.nix
vendored
16
third_party/nixpkgs/doc/doc-support/package.nix
vendored
|
@ -5,6 +5,8 @@
|
||||||
lib,
|
lib,
|
||||||
stdenvNoCC,
|
stdenvNoCC,
|
||||||
callPackage,
|
callPackage,
|
||||||
|
devmode,
|
||||||
|
mkShellNoCC,
|
||||||
documentation-highlighter,
|
documentation-highlighter,
|
||||||
nixos-render-docs,
|
nixos-render-docs,
|
||||||
nixpkgs ? { },
|
nixpkgs ? { },
|
||||||
|
@ -29,6 +31,7 @@ stdenvNoCC.mkDerivation (
|
||||||
../anchor-use.js
|
../anchor-use.js
|
||||||
../anchor.min.js
|
../anchor.min.js
|
||||||
../manpage-urls.json
|
../manpage-urls.json
|
||||||
|
../redirects.json
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -60,6 +63,7 @@ stdenvNoCC.mkDerivation (
|
||||||
|
|
||||||
nixos-render-docs manual html \
|
nixos-render-docs manual html \
|
||||||
--manpage-urls ./manpage-urls.json \
|
--manpage-urls ./manpage-urls.json \
|
||||||
|
--redirects ./redirects.json \
|
||||||
--revision ${nixpkgs.rev or "master"} \
|
--revision ${nixpkgs.rev or "master"} \
|
||||||
--stylesheet style.css \
|
--stylesheet style.css \
|
||||||
--stylesheet highlightjs/mono-blue.css \
|
--stylesheet highlightjs/mono-blue.css \
|
||||||
|
@ -95,10 +99,14 @@ stdenvNoCC.mkDerivation (
|
||||||
|
|
||||||
pythonInterpreterTable = callPackage ./python-interpreter-table.nix { };
|
pythonInterpreterTable = callPackage ./python-interpreter-table.nix { };
|
||||||
|
|
||||||
shell = callPackage ../../pkgs/tools/nix/web-devmode.nix {
|
shell =
|
||||||
buildArgs = "./.";
|
let
|
||||||
open = "/share/doc/nixpkgs/manual.html";
|
devmode' = devmode.override {
|
||||||
};
|
buildArgs = "./.";
|
||||||
|
open = "/share/doc/nixpkgs/manual.html";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
mkShellNoCC { packages = [ devmode' ]; };
|
||||||
|
|
||||||
tests.manpage-urls = callPackage ../tests/manpage-urls.nix { };
|
tests.manpage-urls = callPackage ../tests/manpage-urls.nix { };
|
||||||
};
|
};
|
||||||
|
|
10
third_party/nixpkgs/doc/hooks/meson.section.md
vendored
10
third_party/nixpkgs/doc/hooks/meson.section.md
vendored
|
@ -18,6 +18,16 @@ setup hook registering ninja-based build and install phases.
|
||||||
|
|
||||||
Controls the flags passed to `meson setup` during configure phase.
|
Controls the flags passed to `meson setup` during configure phase.
|
||||||
|
|
||||||
|
#### `mesonBuildDir` {#meson-build-dir}
|
||||||
|
|
||||||
|
Directory where Meson will put intermediate files.
|
||||||
|
|
||||||
|
Setting this can be useful for debugging multiple Meson builds while in the same source directory, for example, when building for different platforms.
|
||||||
|
Different values for each build will prevent build artefacts from interefering with each other.
|
||||||
|
This setting has no tangible effect when running the build in a sandboxed derivation.
|
||||||
|
|
||||||
|
The default value is `build`.
|
||||||
|
|
||||||
#### `mesonWrapMode` {#meson-wrap-mode}
|
#### `mesonWrapMode` {#meson-wrap-mode}
|
||||||
|
|
||||||
Which value is passed as
|
Which value is passed as
|
||||||
|
|
|
@ -52,12 +52,12 @@ rustPlatform.buildRustPackage rec {
|
||||||
|
|
||||||
buildInputs =
|
buildInputs =
|
||||||
[ openssl ]
|
[ openssl ]
|
||||||
++ lib.optionals stdenv.isLinux [
|
++ lib.optionals stdenv.hostPlatform.isLinux [
|
||||||
glib-networking # Most Tauri apps need networking
|
glib-networking # Most Tauri apps need networking
|
||||||
libsoup
|
libsoup
|
||||||
webkitgtk_4_0
|
webkitgtk_4_0
|
||||||
]
|
]
|
||||||
++ lib.optionals stdenv.isDarwin (
|
++ lib.optionals stdenv.hostPlatform.isDarwin (
|
||||||
with darwin.apple_sdk.frameworks;
|
with darwin.apple_sdk.frameworks;
|
||||||
[
|
[
|
||||||
AppKit
|
AppKit
|
||||||
|
|
|
@ -42,7 +42,7 @@ $ dotnet --info
|
||||||
Version: 7.0.202
|
Version: 7.0.202
|
||||||
Commit: 6c74320bc3
|
Commit: 6c74320bc3
|
||||||
|
|
||||||
Środowisko uruchomieniowe:
|
Runtime Environment:
|
||||||
OS Name: nixos
|
OS Name: nixos
|
||||||
OS Version: 23.05
|
OS Version: 23.05
|
||||||
OS Platform: Linux
|
OS Platform: Linux
|
||||||
|
|
|
@ -57,8 +57,8 @@ Available compilers are collected under `haskell.compiler`.
|
||||||
Each of those compiler versions has a corresponding attribute set `packages` built with
|
Each of those compiler versions has a corresponding attribute set `packages` built with
|
||||||
it. However, the non-standard package sets are not tested regularly and, as a
|
it. However, the non-standard package sets are not tested regularly and, as a
|
||||||
result, contain fewer working packages. The corresponding package set for GHC
|
result, contain fewer working packages. The corresponding package set for GHC
|
||||||
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` is just an alias
|
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` (at the time of writing) is just an alias
|
||||||
for `haskell.packages.ghc964`:
|
for `haskell.packages.ghc966`:
|
||||||
|
|
||||||
Every package set also re-exposes the GHC used to build its packages as `haskell.packages.*.ghc`.
|
Every package set also re-exposes the GHC used to build its packages as `haskell.packages.*.ghc`.
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,7 @@ sets are
|
||||||
* `pkgs.python311Packages`
|
* `pkgs.python311Packages`
|
||||||
* `pkgs.python312Packages`
|
* `pkgs.python312Packages`
|
||||||
* `pkgs.python313Packages`
|
* `pkgs.python313Packages`
|
||||||
|
* `pkgs.python314Packages`
|
||||||
* `pkgs.pypy27Packages`
|
* `pkgs.pypy27Packages`
|
||||||
* `pkgs.pypy39Packages`
|
* `pkgs.pypy39Packages`
|
||||||
* `pkgs.pypy310Packages`
|
* `pkgs.pypy310Packages`
|
||||||
|
|
|
@ -25,12 +25,14 @@ stdenv.mkDerivation {
|
||||||
|
|
||||||
The same goes for Qt 5 where libraries and tools are under `libsForQt5`.
|
The same goes for Qt 5 where libraries and tools are under `libsForQt5`.
|
||||||
|
|
||||||
Any Qt package should include `wrapQtAppsHook` in `nativeBuildInputs`, or explicitly set `dontWrapQtApps` to bypass generating the wrappers.
|
Any Qt package should include `wrapQtAppsHook` or `wrapQtAppsNoGuiHook` in `nativeBuildInputs`, or explicitly set `dontWrapQtApps` to bypass generating the wrappers.
|
||||||
|
|
||||||
::: {.note}
|
::: {.note}
|
||||||
Qt 6 graphical applications should also include `qtwayland` in `buildInputs` on Linux (but not on platforms e.g. Darwin, where `qtwayland` is not available), to ensure the Wayland platform plugin is available.
|
|
||||||
|
|
||||||
This may become default in the future, see [NixOS/nixpkgs#269674](https://github.com/NixOS/nixpkgs/pull/269674).
|
`wrapQtAppsHook` propagates plugins and QML components from `qtwayland` on platforms that support it, to allow applications to act as native Wayland clients. It should be used for all graphical applications.
|
||||||
|
|
||||||
|
`wrapQtAppsNoGuiHook` does not propagate `qtwayland` to reduce closure size for purely command-line applications.
|
||||||
|
|
||||||
:::
|
:::
|
||||||
|
|
||||||
## Packages supporting multiple Qt versions {#qt-versions}
|
## Packages supporting multiple Qt versions {#qt-versions}
|
||||||
|
|
|
@ -64,10 +64,18 @@ hash using `nix-hash --to-sri --type sha256 "<original sha256>"`.
|
||||||
```
|
```
|
||||||
|
|
||||||
Exception: If the application has cargo `git` dependencies, the `cargoHash`
|
Exception: If the application has cargo `git` dependencies, the `cargoHash`
|
||||||
approach will not work, and you will need to copy the `Cargo.lock` file of the application
|
approach will not work by default. In this case, you can set `useFetchCargoVendor = true`
|
||||||
to nixpkgs and continue with the next section for specifying the options of the `cargoLock`
|
to use an improved fetcher that supports handling `git` dependencies.
|
||||||
section.
|
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
useFetchCargoVendor = true;
|
||||||
|
cargoHash = "sha256-RqPVFovDaD2rW31HyETJfQ0qVwFxoGEvqkIgag3H6KU=";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
If this method still does not work, you can resort to copying the `Cargo.lock` file into nixpkgs
|
||||||
|
and importing it as described in the [next section](#importing-a-cargo.lock-file).
|
||||||
|
|
||||||
Both types of hashes are permitted when contributing to nixpkgs. The
|
Both types of hashes are permitted when contributing to nixpkgs. The
|
||||||
Cargo hash is obtained by inserting a fake checksum into the
|
Cargo hash is obtained by inserting a fake checksum into the
|
||||||
|
@ -462,6 +470,17 @@ also be used:
|
||||||
the `Cargo.lock`/`Cargo.toml` files need to be patched before
|
the `Cargo.lock`/`Cargo.toml` files need to be patched before
|
||||||
vendoring.
|
vendoring.
|
||||||
|
|
||||||
|
In case the lockfile contains cargo `git` dependencies, you can use
|
||||||
|
`fetchCargoVendor` instead.
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
cargoDeps = rustPlatform.fetchCargoVendor {
|
||||||
|
inherit src;
|
||||||
|
hash = "sha256-RqPVFovDaD2rW31HyETJfQ0qVwFxoGEvqkIgag3H6KU=";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
If a `Cargo.lock` file is available, you can alternatively use the
|
If a `Cargo.lock` file is available, you can alternatively use the
|
||||||
`importCargoLock` function. In contrast to `fetchCargoTarball`, this
|
`importCargoLock` function. In contrast to `fetchCargoTarball`, this
|
||||||
function does not require a hash (unless git dependencies are used)
|
function does not require a hash (unless git dependencies are used)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# TeX Live {#sec-language-texlive}
|
# TeX Live {#sec-language-texlive}
|
||||||
|
|
||||||
Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute `texlive`.
|
There is a TeX Live packaging that lives entirely under attribute `texlive`.
|
||||||
|
|
||||||
## User's guide (experimental new interface) {#sec-language-texlive-user-guide-experimental}
|
## User's guide (experimental new interface) {#sec-language-texlive-user-guide-experimental}
|
||||||
|
|
||||||
|
|
|
@ -8,4 +8,4 @@ HTTP has a couple of different mechanisms for caching to prevent clients from ha
|
||||||
|
|
||||||
Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) response header. The value of the `ETag` header specifies some identifier for the particular content that the server is sending (e.g., a hash). When a client makes a second request for the same resource, it sends that value back in an `If-None-Match` header. If the ETag value is unchanged, then the server does not need to resend the content.
|
Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) response header. The value of the `ETag` header specifies some identifier for the particular content that the server is sending (e.g., a hash). When a client makes a second request for the same resource, it sends that value back in an `If-None-Match` header. If the ETag value is unchanged, then the server does not need to resend the content.
|
||||||
|
|
||||||
As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. With NixOS 24.05 and later, the `ETag` additionally includes the response content length, to ensure files served with static compression do not share `ETag`s with their uncompressed version. This `ETag` functionality is enabled automatically; you do not need to do modify any configuration to get this behavior.
|
The nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. With NixOS 24.05 and later, the `ETag` additionally includes the response content length, to ensure files served with static compression do not share `ETag`s with their uncompressed version. This `ETag` functionality is enabled automatically; you do not need to do modify any configuration to get this behavior.
|
||||||
|
|
|
@ -31,7 +31,6 @@ Use `programs.steam.enable = true;` if you want to add steam to `systemPackages`
|
||||||
|
|
||||||
- **Using the FOSS Radeon or nouveau (nvidia) drivers**
|
- **Using the FOSS Radeon or nouveau (nvidia) drivers**
|
||||||
|
|
||||||
- The `newStdcpp` parameter was removed since NixOS 17.09 and should not be needed anymore.
|
|
||||||
- Steam ships statically linked with a version of `libcrypto` that conflicts with the one dynamically loaded by radeonsi_dri.so. If you get the error:
|
- Steam ships statically linked with a version of `libcrypto` that conflicts with the one dynamically loaded by radeonsi_dri.so. If you get the error:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
4193
third_party/nixpkgs/doc/redirects.json
vendored
Normal file
4193
third_party/nixpkgs/doc/redirects.json
vendored
Normal file
File diff suppressed because it is too large
Load diff
2
third_party/nixpkgs/lib/.version
vendored
2
third_party/nixpkgs/lib/.version
vendored
|
@ -1 +1 @@
|
||||||
24.11
|
25.05
|
27
third_party/nixpkgs/lib/licenses.nix
vendored
27
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -115,7 +115,6 @@ lib.mapAttrs mkLicense ({
|
||||||
arphicpl = {
|
arphicpl = {
|
||||||
spdxId = "Arphic-1999";
|
spdxId = "Arphic-1999";
|
||||||
fullName = "Arphic Public License";
|
fullName = "Arphic Public License";
|
||||||
url = "https://www.freedesktop.org/wiki/Arphic_Public_License/";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
artistic1 = {
|
artistic1 = {
|
||||||
|
@ -213,6 +212,11 @@ lib.mapAttrs mkLicense ({
|
||||||
fullName = "BSD 3-Clause Clear License";
|
fullName = "BSD 3-Clause Clear License";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
bsd3Lbnl = {
|
||||||
|
spdxId = "BSD-3-Clause-LBNL";
|
||||||
|
fullName = "Lawrence Berkeley National Labs BSD variant license";
|
||||||
|
};
|
||||||
|
|
||||||
bsdOriginal = {
|
bsdOriginal = {
|
||||||
spdxId = "BSD-4-Clause";
|
spdxId = "BSD-4-Clause";
|
||||||
fullName = ''BSD 4-clause "Original" or "Old" License'';
|
fullName = ''BSD 4-clause "Original" or "Old" License'';
|
||||||
|
@ -236,7 +240,6 @@ lib.mapAttrs mkLicense ({
|
||||||
bsl11 = {
|
bsl11 = {
|
||||||
spdxId = "BUSL-1.1";
|
spdxId = "BUSL-1.1";
|
||||||
fullName = "Business Source License 1.1";
|
fullName = "Business Source License 1.1";
|
||||||
url = "https://mariadb.com/bsl11";
|
|
||||||
free = false;
|
free = false;
|
||||||
redistributable = true;
|
redistributable = true;
|
||||||
};
|
};
|
||||||
|
@ -249,13 +252,11 @@ lib.mapAttrs mkLicense ({
|
||||||
cal10 = {
|
cal10 = {
|
||||||
spdxId = "CAL-1.0";
|
spdxId = "CAL-1.0";
|
||||||
fullName = "Cryptographic Autonomy License version 1.0 (CAL-1.0)";
|
fullName = "Cryptographic Autonomy License version 1.0 (CAL-1.0)";
|
||||||
url = "https://opensource.org/licenses/CAL-1.0";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
caldera = {
|
caldera = {
|
||||||
spdxId = "Caldera";
|
spdxId = "Caldera";
|
||||||
fullName = "Caldera License";
|
fullName = "Caldera License";
|
||||||
url = "http://www.lemis.com/grog/UNIX/ancient-source-all.pdf";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
capec = {
|
capec = {
|
||||||
|
@ -459,7 +460,6 @@ lib.mapAttrs mkLicense ({
|
||||||
|
|
||||||
ecl20 = {
|
ecl20 = {
|
||||||
fullName = "Educational Community License, Version 2.0";
|
fullName = "Educational Community License, Version 2.0";
|
||||||
url = "https://opensource.org/licenses/ECL-2.0";
|
|
||||||
shortName = "ECL 2.0";
|
shortName = "ECL 2.0";
|
||||||
spdxId = "ECL-2.0";
|
spdxId = "ECL-2.0";
|
||||||
};
|
};
|
||||||
|
@ -477,7 +477,6 @@ lib.mapAttrs mkLicense ({
|
||||||
elastic20 = {
|
elastic20 = {
|
||||||
spdxId = "Elastic-2.0";
|
spdxId = "Elastic-2.0";
|
||||||
fullName = "Elastic License 2.0";
|
fullName = "Elastic License 2.0";
|
||||||
url = "https://github.com/elastic/elasticsearch/blob/main/licenses/ELASTIC-LICENSE-2.0.txt";
|
|
||||||
free = false;
|
free = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -671,7 +670,6 @@ lib.mapAttrs mkLicense ({
|
||||||
iasl = {
|
iasl = {
|
||||||
spdxId = "Intel-ACPI";
|
spdxId = "Intel-ACPI";
|
||||||
fullName = "Intel ACPI Software License Agreement";
|
fullName = "Intel ACPI Software License Agreement";
|
||||||
url = "https://old.calculate-linux.org/packages/licenses/iASL";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
icu = {
|
icu = {
|
||||||
|
@ -697,7 +695,6 @@ lib.mapAttrs mkLicense ({
|
||||||
info-zip = {
|
info-zip = {
|
||||||
spdxId = "Info-ZIP";
|
spdxId = "Info-ZIP";
|
||||||
fullName = "Info-ZIP License";
|
fullName = "Info-ZIP License";
|
||||||
url = "https://infozip.sourceforge.net/license.html";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
inria-compcert = {
|
inria-compcert = {
|
||||||
|
@ -882,7 +879,6 @@ lib.mapAttrs mkLicense ({
|
||||||
miros = {
|
miros = {
|
||||||
spdxId = "MirOS";
|
spdxId = "MirOS";
|
||||||
fullName = "MirOS License";
|
fullName = "MirOS License";
|
||||||
url = "https://opensource.org/licenses/MirOS";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
mit = {
|
mit = {
|
||||||
|
@ -890,6 +886,11 @@ lib.mapAttrs mkLicense ({
|
||||||
fullName = "MIT License";
|
fullName = "MIT License";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mit-cmu = {
|
||||||
|
spdxId = "MIT-CMU";
|
||||||
|
fullName = "CMU License";
|
||||||
|
};
|
||||||
|
|
||||||
mit-feh = {
|
mit-feh = {
|
||||||
spdxId = "MIT-feh";
|
spdxId = "MIT-feh";
|
||||||
fullName = "feh License";
|
fullName = "feh License";
|
||||||
|
@ -939,7 +940,6 @@ lib.mapAttrs mkLicense ({
|
||||||
mulan-psl2 = {
|
mulan-psl2 = {
|
||||||
spdxId = "MulanPSL-2.0";
|
spdxId = "MulanPSL-2.0";
|
||||||
fullName = "Mulan Permissive Software License, Version 2";
|
fullName = "Mulan Permissive Software License, Version 2";
|
||||||
url = "https://license.coscl.org.cn/MulanPSL2";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
naist-2003 = {
|
naist-2003 = {
|
||||||
|
@ -974,7 +974,6 @@ lib.mapAttrs mkLicense ({
|
||||||
fullName = "Netdata Cloud UI License v1.0";
|
fullName = "Netdata Cloud UI License v1.0";
|
||||||
free = false;
|
free = false;
|
||||||
redistributable = true; # Only if used in Netdata products.
|
redistributable = true; # Only if used in Netdata products.
|
||||||
url = "https://raw.githubusercontent.com/netdata/netdata/master/web/gui/v2/LICENSE.md";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nistSoftware = {
|
nistSoftware = {
|
||||||
|
@ -1072,7 +1071,6 @@ lib.mapAttrs mkLicense ({
|
||||||
parity70 = {
|
parity70 = {
|
||||||
spdxId = "Parity-7.0.0";
|
spdxId = "Parity-7.0.0";
|
||||||
fullName = "Parity Public License 7.0.0";
|
fullName = "Parity Public License 7.0.0";
|
||||||
url = "https://paritylicense.com/versions/7.0.0.html";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
php301 = {
|
php301 = {
|
||||||
|
@ -1094,7 +1092,6 @@ lib.mapAttrs mkLicense ({
|
||||||
psfl = {
|
psfl = {
|
||||||
spdxId = "Python-2.0";
|
spdxId = "Python-2.0";
|
||||||
fullName = "Python Software Foundation License version 2";
|
fullName = "Python Software Foundation License version 2";
|
||||||
url = "https://docs.python.org/license.html";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
publicDomain = {
|
publicDomain = {
|
||||||
|
@ -1223,8 +1220,8 @@ lib.mapAttrs mkLicense ({
|
||||||
};
|
};
|
||||||
|
|
||||||
ufl = {
|
ufl = {
|
||||||
|
spdxId = "Ubuntu-font-1.0";
|
||||||
fullName = "Ubuntu Font License 1.0";
|
fullName = "Ubuntu Font License 1.0";
|
||||||
url = "https://ubuntu.com/legal/font-licence";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
unfree = {
|
unfree = {
|
||||||
|
@ -1268,7 +1265,6 @@ lib.mapAttrs mkLicense ({
|
||||||
upl = {
|
upl = {
|
||||||
spdxId = "UPL-1.0";
|
spdxId = "UPL-1.0";
|
||||||
fullName = "Universal Permissive License";
|
fullName = "Universal Permissive License";
|
||||||
url = "https://oss.oracle.com/licenses/upl/";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
vim = {
|
vim = {
|
||||||
|
@ -1334,7 +1330,6 @@ lib.mapAttrs mkLicense ({
|
||||||
xfig = {
|
xfig = {
|
||||||
spdxId = "Xfig";
|
spdxId = "Xfig";
|
||||||
fullName = "xfig";
|
fullName = "xfig";
|
||||||
url = "https://mcj.sourceforge.net/authors.html#xfig";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
xinetd = {
|
xinetd = {
|
||||||
|
|
2
third_party/nixpkgs/lib/trivial.nix
vendored
2
third_party/nixpkgs/lib/trivial.nix
vendored
|
@ -415,7 +415,7 @@ in {
|
||||||
On each release the first letter is bumped and a new animal is chosen
|
On each release the first letter is bumped and a new animal is chosen
|
||||||
starting with that new letter.
|
starting with that new letter.
|
||||||
*/
|
*/
|
||||||
codeName = "Vicuna";
|
codeName = "Warbler";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Returns the current nixpkgs version suffix as string.
|
Returns the current nixpkgs version suffix as string.
|
||||||
|
|
176
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
176
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -1834,6 +1834,12 @@
|
||||||
githubId = 10587952;
|
githubId = 10587952;
|
||||||
name = "Armijn Hemel";
|
name = "Armijn Hemel";
|
||||||
};
|
};
|
||||||
|
arminius-smh = {
|
||||||
|
email = "armin@sprejz.de";
|
||||||
|
github = "arminius-smh";
|
||||||
|
githubId = 159054879;
|
||||||
|
name = "Armin Manfred Sprejz";
|
||||||
|
};
|
||||||
arnarg = {
|
arnarg = {
|
||||||
email = "arnarg@fastmail.com";
|
email = "arnarg@fastmail.com";
|
||||||
github = "arnarg";
|
github = "arnarg";
|
||||||
|
@ -2832,6 +2838,12 @@
|
||||||
githubId = 24254289;
|
githubId = 24254289;
|
||||||
name = "Payas Relekar";
|
name = "Payas Relekar";
|
||||||
};
|
};
|
||||||
|
bhasherbel = {
|
||||||
|
email = "nixos.maintainer@bhasher.com";
|
||||||
|
github = "bhasherbel";
|
||||||
|
githubId = 45831883;
|
||||||
|
name = "Brieuc Dubois";
|
||||||
|
};
|
||||||
bhipple = {
|
bhipple = {
|
||||||
email = "bhipple@protonmail.com";
|
email = "bhipple@protonmail.com";
|
||||||
github = "bhipple";
|
github = "bhipple";
|
||||||
|
@ -4122,6 +4134,12 @@
|
||||||
githubId = 43564;
|
githubId = 43564;
|
||||||
name = "Claes Holmerson";
|
name = "Claes Holmerson";
|
||||||
};
|
};
|
||||||
|
claha = {
|
||||||
|
email = "hallstrom.claes@gmail.com";
|
||||||
|
github = "claha";
|
||||||
|
githubId = 9336788;
|
||||||
|
name = "Claes Hallström";
|
||||||
|
};
|
||||||
clebs = {
|
clebs = {
|
||||||
email = "borja.clemente@gmail.com";
|
email = "borja.clemente@gmail.com";
|
||||||
github = "clebs";
|
github = "clebs";
|
||||||
|
@ -4167,6 +4185,12 @@
|
||||||
githubId = 69784758;
|
githubId = 69784758;
|
||||||
matrix = "@clot27:matrix.org";
|
matrix = "@clot27:matrix.org";
|
||||||
};
|
};
|
||||||
|
cloudripper = {
|
||||||
|
email = "other.wing8806@fastmail.com";
|
||||||
|
github = "cloudripper";
|
||||||
|
githubId = 70971768;
|
||||||
|
name = "cloudripper";
|
||||||
|
};
|
||||||
clr-cera = {
|
clr-cera = {
|
||||||
email = "clrcera05@gmail.com";
|
email = "clrcera05@gmail.com";
|
||||||
github = "clr-cera";
|
github = "clr-cera";
|
||||||
|
@ -4483,7 +4507,7 @@
|
||||||
name = "Chris Ostrouchov";
|
name = "Chris Ostrouchov";
|
||||||
};
|
};
|
||||||
cottand = {
|
cottand = {
|
||||||
email = "nico@dcotta.eu";
|
email = "nico@dcotta.com";
|
||||||
github = "cottand";
|
github = "cottand";
|
||||||
githubId = 45274424;
|
githubId = 45274424;
|
||||||
name = "Nico D'Cotta";
|
name = "Nico D'Cotta";
|
||||||
|
@ -4769,6 +4793,12 @@
|
||||||
githubId = 743057;
|
githubId = 743057;
|
||||||
name = "Danylo Hlynskyi";
|
name = "Danylo Hlynskyi";
|
||||||
};
|
};
|
||||||
|
danbulant = {
|
||||||
|
name = "Daniel Bulant";
|
||||||
|
email = "danbulant@gmail.com";
|
||||||
|
github = "danbulant";
|
||||||
|
githubId = 30036876;
|
||||||
|
};
|
||||||
danc86 = {
|
danc86 = {
|
||||||
name = "Dan Callaghan";
|
name = "Dan Callaghan";
|
||||||
email = "djc@djc.id.au";
|
email = "djc@djc.id.au";
|
||||||
|
@ -5150,6 +5180,12 @@
|
||||||
github = "DeclanRixon";
|
github = "DeclanRixon";
|
||||||
githubId = 57464835;
|
githubId = 57464835;
|
||||||
};
|
};
|
||||||
|
deeengan = {
|
||||||
|
github = "deeengan";
|
||||||
|
githubId = 87693324;
|
||||||
|
name = "Dee Engan";
|
||||||
|
keys = [ { fingerprint = "9C24 79F5 F0CE 48F4 00EE 4A5B B8ED 46EB 468B F72D"; } ];
|
||||||
|
};
|
||||||
deejayem = {
|
deejayem = {
|
||||||
email = "nixpkgs.bu5hq@simplelogin.com";
|
email = "nixpkgs.bu5hq@simplelogin.com";
|
||||||
github = "deejayem";
|
github = "deejayem";
|
||||||
|
@ -5762,6 +5798,12 @@
|
||||||
githubId = 6806011;
|
githubId = 6806011;
|
||||||
name = "Robert Schütz";
|
name = "Robert Schütz";
|
||||||
};
|
};
|
||||||
|
dotmobo = {
|
||||||
|
email = "morgan.bohn@gmail.com";
|
||||||
|
github = "dotmobo";
|
||||||
|
githubId = 1997638;
|
||||||
|
name = ".mobo";
|
||||||
|
};
|
||||||
dottedmag = {
|
dottedmag = {
|
||||||
email = "dottedmag@dottedmag.net";
|
email = "dottedmag@dottedmag.net";
|
||||||
github = "dottedmag";
|
github = "dottedmag";
|
||||||
|
@ -5835,7 +5877,7 @@
|
||||||
name = "Sebastian Krohn";
|
name = "Sebastian Krohn";
|
||||||
};
|
};
|
||||||
drawbu = {
|
drawbu = {
|
||||||
email = "clement21.boillot@gmail.com";
|
email = "clement2104.boillot@gmail.com";
|
||||||
github = "drawbu";
|
github = "drawbu";
|
||||||
githubId = 69208565;
|
githubId = 69208565;
|
||||||
name = "Clément Boillot";
|
name = "Clément Boillot";
|
||||||
|
@ -7105,6 +7147,12 @@
|
||||||
githubId = 628359;
|
githubId = 628359;
|
||||||
name = "Felix Singer";
|
name = "Felix Singer";
|
||||||
};
|
};
|
||||||
|
felixzieger = {
|
||||||
|
name = "Felix Zieger";
|
||||||
|
github = "felixzieger";
|
||||||
|
githubId = 67903933;
|
||||||
|
email = "nixpkgs@felixzieger.de";
|
||||||
|
};
|
||||||
felschr = {
|
felschr = {
|
||||||
email = "dev@felschr.com";
|
email = "dev@felschr.com";
|
||||||
matrix = "@felschr:matrix.org";
|
matrix = "@felschr:matrix.org";
|
||||||
|
@ -8299,6 +8347,14 @@
|
||||||
githubId = 7385287;
|
githubId = 7385287;
|
||||||
name = "Lana Black";
|
name = "Lana Black";
|
||||||
};
|
};
|
||||||
|
grgi = {
|
||||||
|
name = "Gregor Giesen";
|
||||||
|
email = "gregor@giesen.net";
|
||||||
|
matrix = "@gregor:giesen.net";
|
||||||
|
github = "grgi";
|
||||||
|
githubId = 6435815;
|
||||||
|
keys = [ { fingerprint = "0F92 602B 1860 4476 77F4 8A67 C303 16AA C10F 3EA7"; } ];
|
||||||
|
};
|
||||||
gridaphobe = {
|
gridaphobe = {
|
||||||
email = "eric@seidel.io";
|
email = "eric@seidel.io";
|
||||||
github = "gridaphobe";
|
github = "gridaphobe";
|
||||||
|
@ -10285,6 +10341,13 @@
|
||||||
githubId = 2502736;
|
githubId = 2502736;
|
||||||
name = "James Hillyerd";
|
name = "James Hillyerd";
|
||||||
};
|
};
|
||||||
|
jhol = {
|
||||||
|
name = "Joel Holdsworth";
|
||||||
|
email = "joel@airwebreathe.org.uk";
|
||||||
|
github = "jhol";
|
||||||
|
githubId = 1449493;
|
||||||
|
keys = [ { fingerprint = "08F7 2546 95DE EAEF 03DE B0E4 D874 562D DC99 D889"; } ];
|
||||||
|
};
|
||||||
jhollowe = {
|
jhollowe = {
|
||||||
email = "jhollowe@johnhollowell.com";
|
email = "jhollowe@johnhollowell.com";
|
||||||
github = "jhollowe";
|
github = "jhollowe";
|
||||||
|
@ -10935,6 +10998,12 @@
|
||||||
githubId = 54635632;
|
githubId = 54635632;
|
||||||
keys = [ { fingerprint = "4C68 56EE DFDA 20FB 77E8 9169 1964 2151 C218 F6F5"; } ];
|
keys = [ { fingerprint = "4C68 56EE DFDA 20FB 77E8 9169 1964 2151 C218 F6F5"; } ];
|
||||||
};
|
};
|
||||||
|
jthulhu = {
|
||||||
|
name = "Adrien Mathieu";
|
||||||
|
email = "adrien.lc.mathieu@gmail.com";
|
||||||
|
github = "jthulhu";
|
||||||
|
githubId = 23179762;
|
||||||
|
};
|
||||||
jtobin = {
|
jtobin = {
|
||||||
email = "jared@jtobin.io";
|
email = "jared@jtobin.io";
|
||||||
github = "jtobin";
|
github = "jtobin";
|
||||||
|
@ -11440,6 +11509,13 @@
|
||||||
name = "Khushraj Rathod";
|
name = "Khushraj Rathod";
|
||||||
keys = [ { fingerprint = "1988 3FD8 EA2E B4EC 0A93 1E22 B77B 2A40 E770 2F19"; } ];
|
keys = [ { fingerprint = "1988 3FD8 EA2E B4EC 0A93 1E22 B77B 2A40 E770 2F19"; } ];
|
||||||
};
|
};
|
||||||
|
kiara = {
|
||||||
|
name = "kiara";
|
||||||
|
email = "cinereal@riseup.net";
|
||||||
|
github = "KiaraGrouwstra";
|
||||||
|
githubId = 3059397;
|
||||||
|
matrix = "@cinerealkiara:matrix.org";
|
||||||
|
};
|
||||||
KibaFox = {
|
KibaFox = {
|
||||||
email = "kiba.fox@foxypossibilities.com";
|
email = "kiba.fox@foxypossibilities.com";
|
||||||
github = "KibaFox";
|
github = "KibaFox";
|
||||||
|
@ -11804,6 +11880,12 @@
|
||||||
githubId = 26622971;
|
githubId = 26622971;
|
||||||
name = "Ronnie Ebrin";
|
name = "Ronnie Ebrin";
|
||||||
};
|
};
|
||||||
|
kraftnix = {
|
||||||
|
email = "kraftnix@protonmail.com";
|
||||||
|
github = "kraftnix";
|
||||||
|
githubId = 83026656;
|
||||||
|
name = "kraftnix";
|
||||||
|
};
|
||||||
kragniz = {
|
kragniz = {
|
||||||
email = "louis@kragniz.eu";
|
email = "louis@kragniz.eu";
|
||||||
github = "kragniz";
|
github = "kragniz";
|
||||||
|
@ -11883,6 +11965,12 @@
|
||||||
github = "krzaczek";
|
github = "krzaczek";
|
||||||
githubId = 5773701;
|
githubId = 5773701;
|
||||||
};
|
};
|
||||||
|
KSJ2000 = {
|
||||||
|
email = "katsho123@outlook.com";
|
||||||
|
name = "KSJ2000";
|
||||||
|
github = "KSJ2000";
|
||||||
|
githubId = 184105270;
|
||||||
|
};
|
||||||
ktf = {
|
ktf = {
|
||||||
email = "giulio.eulisse@cern.ch";
|
email = "giulio.eulisse@cern.ch";
|
||||||
github = "ktf";
|
github = "ktf";
|
||||||
|
@ -11920,6 +12008,13 @@
|
||||||
name = "André Kugland";
|
name = "André Kugland";
|
||||||
keys = [ { fingerprint = "6A62 5E60 E3FF FCAE B3AA 50DC 1DA9 3817 80CD D833"; } ];
|
keys = [ { fingerprint = "6A62 5E60 E3FF FCAE B3AA 50DC 1DA9 3817 80CD D833"; } ];
|
||||||
};
|
};
|
||||||
|
kuglimon = {
|
||||||
|
name = "Tatu Argillander";
|
||||||
|
email = "tatu.argillander@kouralabs.com";
|
||||||
|
github = "kuglimon";
|
||||||
|
githubId = 629430;
|
||||||
|
keys = [ { fingerprint = "2843 750C B1AB E256 94BE 40E2 D843 D30B 42CA 0E2D"; } ];
|
||||||
|
};
|
||||||
kupac = {
|
kupac = {
|
||||||
github = "Kupac";
|
github = "Kupac";
|
||||||
githubId = 8224569;
|
githubId = 8224569;
|
||||||
|
@ -13412,6 +13507,12 @@
|
||||||
githubId = 1709273;
|
githubId = 1709273;
|
||||||
name = "Robin Hack";
|
name = "Robin Hack";
|
||||||
};
|
};
|
||||||
|
marnym = {
|
||||||
|
email = "markus@nyman.dev";
|
||||||
|
github = "marnym";
|
||||||
|
githubId = 56825922;
|
||||||
|
name = "Markus Nyman";
|
||||||
|
};
|
||||||
marsupialgutz = {
|
marsupialgutz = {
|
||||||
email = "mars@possums.xyz";
|
email = "mars@possums.xyz";
|
||||||
github = "pupbrained";
|
github = "pupbrained";
|
||||||
|
@ -14334,12 +14435,6 @@
|
||||||
githubId = 5378535;
|
githubId = 5378535;
|
||||||
name = "Milo Gertjejansen";
|
name = "Milo Gertjejansen";
|
||||||
};
|
};
|
||||||
milran = {
|
|
||||||
email = "milranmike@protonmail.com";
|
|
||||||
github = "wattmto";
|
|
||||||
githubId = 93639059;
|
|
||||||
name = "Milran Mike";
|
|
||||||
};
|
|
||||||
mimame = {
|
mimame = {
|
||||||
email = "miguel.madrid.mencia@gmail.com";
|
email = "miguel.madrid.mencia@gmail.com";
|
||||||
github = "mimame";
|
github = "mimame";
|
||||||
|
@ -14494,12 +14589,6 @@
|
||||||
githubId = 16974598;
|
githubId = 16974598;
|
||||||
name = "Mike Playle";
|
name = "Mike Playle";
|
||||||
};
|
};
|
||||||
mkaito = {
|
|
||||||
email = "chris@mkaito.net";
|
|
||||||
github = "mkaito";
|
|
||||||
githubId = 20434;
|
|
||||||
name = "Christian Höppner";
|
|
||||||
};
|
|
||||||
mkazulak = {
|
mkazulak = {
|
||||||
email = "kazulakm@gmail.com";
|
email = "kazulakm@gmail.com";
|
||||||
github = "mulderr";
|
github = "mulderr";
|
||||||
|
@ -15117,6 +15206,13 @@
|
||||||
githubId = 1234956;
|
githubId = 1234956;
|
||||||
"keys" = [ { "fingerprint" = "F21A 6194 C9DB 9899 CD09 E24E 434B 2C14 B8C3 3422"; } ];
|
"keys" = [ { "fingerprint" = "F21A 6194 C9DB 9899 CD09 E24E 434B 2C14 B8C3 3422"; } ];
|
||||||
};
|
};
|
||||||
|
nadiaholmquist = {
|
||||||
|
name = "Nadia Holmquist Pedersen";
|
||||||
|
email = "nadia@nhp.sh";
|
||||||
|
matrix = "@nhp:matrix.org";
|
||||||
|
github = "nadiaholmquist";
|
||||||
|
githubId = 893884;
|
||||||
|
};
|
||||||
nadir-ishiguro = {
|
nadir-ishiguro = {
|
||||||
github = "nadir-ishiguro";
|
github = "nadir-ishiguro";
|
||||||
githubId = 23151917;
|
githubId = 23151917;
|
||||||
|
@ -15846,6 +15942,12 @@
|
||||||
githubId = 30374463;
|
githubId = 30374463;
|
||||||
name = "Michal S.";
|
name = "Michal S.";
|
||||||
};
|
};
|
||||||
|
notthebee = {
|
||||||
|
email = "moe@notthebe.ee";
|
||||||
|
github = "notthebee";
|
||||||
|
githubId = 30384331;
|
||||||
|
name = "Wolfgang";
|
||||||
|
};
|
||||||
notthemessiah = {
|
notthemessiah = {
|
||||||
email = "brian.cohen.88@gmail.com";
|
email = "brian.cohen.88@gmail.com";
|
||||||
github = "NOTtheMessiah";
|
github = "NOTtheMessiah";
|
||||||
|
@ -16519,6 +16621,13 @@
|
||||||
githubId = 120342602;
|
githubId = 120342602;
|
||||||
name = "Michael Paepcke";
|
name = "Michael Paepcke";
|
||||||
};
|
};
|
||||||
|
pagedMov = {
|
||||||
|
email = "kylerclay@proton.me";
|
||||||
|
github = "pagedMov";
|
||||||
|
githubId = 19557376;
|
||||||
|
name = "Kyler Clay";
|
||||||
|
keys = [ { fingerprint = "784B 3623 94E7 8F11 0B9D AE0F 56FD CFA6 2A93 B51E"; } ];
|
||||||
|
};
|
||||||
paholg = {
|
paholg = {
|
||||||
email = "paho@paholg.com";
|
email = "paho@paholg.com";
|
||||||
github = "paholg";
|
github = "paholg";
|
||||||
|
@ -16793,6 +16902,12 @@
|
||||||
githubId = 943430;
|
githubId = 943430;
|
||||||
name = "David Hagege";
|
name = "David Hagege";
|
||||||
};
|
};
|
||||||
|
peat-psuwit = {
|
||||||
|
name = "Ratchanan Srirattanamet";
|
||||||
|
email = "peat@peat-network.xyz";
|
||||||
|
github = "peat-psuwit";
|
||||||
|
githubId = 6771175;
|
||||||
|
};
|
||||||
pedohorse = {
|
pedohorse = {
|
||||||
github = "pedohorse";
|
github = "pedohorse";
|
||||||
githubId = 13556996;
|
githubId = 13556996;
|
||||||
|
@ -18098,12 +18213,6 @@
|
||||||
githubId = 5653911;
|
githubId = 5653911;
|
||||||
name = "Rampoina";
|
name = "Rampoina";
|
||||||
};
|
};
|
||||||
rane = {
|
|
||||||
email = "rane+nix@junkyard.systems";
|
|
||||||
github = "digitalrane";
|
|
||||||
githubId = 1829286;
|
|
||||||
name = "Rane";
|
|
||||||
};
|
|
||||||
ranfdev = {
|
ranfdev = {
|
||||||
email = "ranfdev@gmail.com";
|
email = "ranfdev@gmail.com";
|
||||||
name = "Lorenzo Miglietta";
|
name = "Lorenzo Miglietta";
|
||||||
|
@ -18728,6 +18837,12 @@
|
||||||
githubId = 6204883;
|
githubId = 6204883;
|
||||||
name = "Longrin Wischnewski";
|
name = "Longrin Wischnewski";
|
||||||
};
|
};
|
||||||
|
robbiebuxton = {
|
||||||
|
email = "robbiesbuxton@gmail.com";
|
||||||
|
github = "robbiebuxton";
|
||||||
|
githubId = 67549526;
|
||||||
|
name = "Robbie Buxton";
|
||||||
|
};
|
||||||
robbinch = {
|
robbinch = {
|
||||||
email = "robbinch33@gmail.com";
|
email = "robbinch33@gmail.com";
|
||||||
github = "robbinch";
|
github = "robbinch";
|
||||||
|
@ -19573,6 +19688,13 @@
|
||||||
githubId = 5104601;
|
githubId = 5104601;
|
||||||
name = "schnusch";
|
name = "schnusch";
|
||||||
};
|
};
|
||||||
|
schrobingus = {
|
||||||
|
email = "brent.monning.jr@gmail.com";
|
||||||
|
name = "Brent Monning";
|
||||||
|
github = "schrobingus";
|
||||||
|
githubId = 72168352;
|
||||||
|
matrix = "@schrobingus:matrix.org";
|
||||||
|
};
|
||||||
Schweber = {
|
Schweber = {
|
||||||
github = "Schweber";
|
github = "Schweber";
|
||||||
githubId = 64630479;
|
githubId = 64630479;
|
||||||
|
@ -23309,6 +23431,12 @@
|
||||||
github = "water-sucks";
|
github = "water-sucks";
|
||||||
githubId = 68445574;
|
githubId = 68445574;
|
||||||
};
|
};
|
||||||
|
wattmto = {
|
||||||
|
email = "dev@wattmto.dev";
|
||||||
|
github = "wattmto";
|
||||||
|
githubId = 93639059;
|
||||||
|
name = "wattmto";
|
||||||
|
};
|
||||||
waynr = {
|
waynr = {
|
||||||
name = "Wayne Warren";
|
name = "Wayne Warren";
|
||||||
email = "wayne.warren.s@gmail.com";
|
email = "wayne.warren.s@gmail.com";
|
||||||
|
@ -23440,6 +23568,12 @@
|
||||||
githubId = 7121530;
|
githubId = 7121530;
|
||||||
name = "Wolf Honoré";
|
name = "Wolf Honoré";
|
||||||
};
|
};
|
||||||
|
whtsht = {
|
||||||
|
email = "whiteshirt0079@gmail.com";
|
||||||
|
github = "whtsht";
|
||||||
|
githubId = 85547207;
|
||||||
|
name = "Hinata Toma";
|
||||||
|
};
|
||||||
wietsedv = {
|
wietsedv = {
|
||||||
email = "wietsedv@proton.me";
|
email = "wietsedv@proton.me";
|
||||||
github = "wietsedv";
|
github = "wietsedv";
|
||||||
|
@ -24086,7 +24220,7 @@
|
||||||
githubId = 47071325;
|
githubId = 47071325;
|
||||||
};
|
};
|
||||||
ymstnt = {
|
ymstnt = {
|
||||||
name = "YMSTNT";
|
name = "ymstnt";
|
||||||
github = "ymstnt";
|
github = "ymstnt";
|
||||||
githubId = 21342713;
|
githubId = 21342713;
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,69 +8,12 @@
|
||||||
to 'fetch-deps', 'nuget-to-nix', or other changes to the dotnet build
|
to 'fetch-deps', 'nuget-to-nix', or other changes to the dotnet build
|
||||||
infrastructure. Regular updates should be done through the individual packages
|
infrastructure. Regular updates should be done through the individual packages
|
||||||
update scripts.
|
update scripts.
|
||||||
*/
|
*/
|
||||||
{ startWith ? null }:
|
{ ... }@args:
|
||||||
let
|
import ./update.nix (
|
||||||
pkgs = import ../.. { config.allowAliases = false; };
|
{
|
||||||
|
predicate = _: _: true;
|
||||||
inherit (pkgs) lib;
|
get-script = pkg: pkg.fetch-deps or null;
|
||||||
|
}
|
||||||
packagesWith = cond: pkgs:
|
// args
|
||||||
let
|
)
|
||||||
packagesWithInner = attrs:
|
|
||||||
lib.concatLists (
|
|
||||||
lib.mapAttrsToList (name: elem:
|
|
||||||
let
|
|
||||||
result = builtins.tryEval elem;
|
|
||||||
in
|
|
||||||
if result.success then
|
|
||||||
let
|
|
||||||
value = result.value;
|
|
||||||
in
|
|
||||||
if lib.isDerivation value then
|
|
||||||
lib.optional (cond value) value
|
|
||||||
else
|
|
||||||
if lib.isAttrs value && (value.recurseForDerivations or false || value.recurseForRelease or false) then
|
|
||||||
packagesWithInner value
|
|
||||||
else []
|
|
||||||
else []) attrs);
|
|
||||||
in
|
|
||||||
packagesWithInner pkgs;
|
|
||||||
|
|
||||||
packages = lib.unique
|
|
||||||
(lib.filter (p:
|
|
||||||
(builtins.tryEval p.outPath).success ||
|
|
||||||
builtins.trace "warning: skipping ${p.name} because it failed to evaluate" false)
|
|
||||||
((pkgs: (lib.drop (lib.lists.findFirstIndex (p: p.name == startWith) 0 pkgs) pkgs))
|
|
||||||
(packagesWith (p: p ? fetch-deps) pkgs)));
|
|
||||||
|
|
||||||
helpText = ''
|
|
||||||
Please run:
|
|
||||||
|
|
||||||
% nix-shell maintainers/scripts/update-dotnet-lockfiles.nix
|
|
||||||
'';
|
|
||||||
|
|
||||||
fetchScripts = map (p: p.fetch-deps) packages;
|
|
||||||
|
|
||||||
in pkgs.stdenv.mkDerivation {
|
|
||||||
name = "nixpkgs-update-dotnet-lockfiles";
|
|
||||||
buildCommand = ''
|
|
||||||
echo ""
|
|
||||||
echo "----------------------------------------------------------------"
|
|
||||||
echo ""
|
|
||||||
echo "Not possible to update packages using \`nix-build\`"
|
|
||||||
echo ""
|
|
||||||
echo "${helpText}"
|
|
||||||
echo "----------------------------------------------------------------"
|
|
||||||
exit 1
|
|
||||||
'';
|
|
||||||
shellHook = ''
|
|
||||||
unset shellHook # do not contaminate nested shells
|
|
||||||
set -e
|
|
||||||
for x in $fetchScripts; do
|
|
||||||
$x
|
|
||||||
done
|
|
||||||
exit
|
|
||||||
'';
|
|
||||||
inherit fetchScripts;
|
|
||||||
}
|
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
{ package ? null
|
{ package ? null
|
||||||
, maintainer ? null
|
, maintainer ? null
|
||||||
, predicate ? null
|
, predicate ? null
|
||||||
|
, get-script ? pkg: pkg.updateScript or null
|
||||||
, path ? null
|
, path ? null
|
||||||
, max-workers ? null
|
, max-workers ? null
|
||||||
, include-overlays ? false
|
, include-overlays ? false
|
||||||
|
@ -17,13 +18,13 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
pkgs = import ./../../default.nix (
|
pkgs = import ./../../default.nix ((
|
||||||
if include-overlays == false then
|
if include-overlays == false then
|
||||||
{ overlays = []; }
|
{ overlays = []; }
|
||||||
else if include-overlays == true then
|
else if include-overlays == true then
|
||||||
{ } # Let Nixpkgs include overlays impurely.
|
{ } # Let Nixpkgs include overlays impurely.
|
||||||
else { overlays = include-overlays; }
|
else { overlays = include-overlays; }
|
||||||
);
|
) // { config.allowAliases = false; });
|
||||||
|
|
||||||
inherit (pkgs) lib;
|
inherit (pkgs) lib;
|
||||||
|
|
||||||
|
@ -56,7 +57,7 @@ let
|
||||||
|
|
||||||
somewhatUniqueRepresentant =
|
somewhatUniqueRepresentant =
|
||||||
{ package, attrPath }: {
|
{ package, attrPath }: {
|
||||||
inherit (package) updateScript;
|
updateScript = (get-script package);
|
||||||
# Some updaters use the same `updateScript` value for all packages.
|
# Some updaters use the same `updateScript` value for all packages.
|
||||||
# Also compare `meta.description`.
|
# Also compare `meta.description`.
|
||||||
position = package.meta.position or null;
|
position = package.meta.position or null;
|
||||||
|
@ -89,7 +90,7 @@ let
|
||||||
/* Recursively find all packages in `pkgs` with updateScript matching given predicate.
|
/* Recursively find all packages in `pkgs` with updateScript matching given predicate.
|
||||||
*/
|
*/
|
||||||
packagesWithUpdateScriptMatchingPredicate = cond:
|
packagesWithUpdateScriptMatchingPredicate = cond:
|
||||||
packagesWith (path: pkg: builtins.hasAttr "updateScript" pkg && cond path pkg);
|
packagesWith (path: pkg: (get-script pkg != null) && cond path pkg);
|
||||||
|
|
||||||
/* Recursively find all packages in `pkgs` with updateScript by given maintainer.
|
/* Recursively find all packages in `pkgs` with updateScript by given maintainer.
|
||||||
*/
|
*/
|
||||||
|
@ -121,7 +122,7 @@ let
|
||||||
if pathContent == null then
|
if pathContent == null then
|
||||||
builtins.throw "Attribute path `${path}` does not exist."
|
builtins.throw "Attribute path `${path}` does not exist."
|
||||||
else
|
else
|
||||||
packagesWithPath prefix (path: pkg: builtins.hasAttr "updateScript" pkg)
|
packagesWithPath prefix (path: pkg: (get-script pkg != null))
|
||||||
pathContent;
|
pathContent;
|
||||||
|
|
||||||
/* Find a package under `path` in `pkgs` and require that it has an updateScript.
|
/* Find a package under `path` in `pkgs` and require that it has an updateScript.
|
||||||
|
@ -132,7 +133,7 @@ let
|
||||||
in
|
in
|
||||||
if package == null then
|
if package == null then
|
||||||
builtins.throw "Package with an attribute name `${path}` does not exist."
|
builtins.throw "Package with an attribute name `${path}` does not exist."
|
||||||
else if ! builtins.hasAttr "updateScript" package then
|
else if get-script package == null then
|
||||||
builtins.throw "Package with an attribute name `${path}` does not have a `passthru.updateScript` attribute defined."
|
builtins.throw "Package with an attribute name `${path}` does not have a `passthru.updateScript` attribute defined."
|
||||||
else
|
else
|
||||||
{ attrPath = path; inherit package; };
|
{ attrPath = path; inherit package; };
|
||||||
|
@ -193,13 +194,13 @@ let
|
||||||
|
|
||||||
/* Transform a matched package into an object for update.py.
|
/* Transform a matched package into an object for update.py.
|
||||||
*/
|
*/
|
||||||
packageData = { package, attrPath }: {
|
packageData = { package, attrPath }: let updateScript = get-script package; in {
|
||||||
name = package.name;
|
name = package.name;
|
||||||
pname = lib.getName package;
|
pname = lib.getName package;
|
||||||
oldVersion = lib.getVersion package;
|
oldVersion = lib.getVersion package;
|
||||||
updateScript = map builtins.toString (lib.toList (package.updateScript.command or package.updateScript));
|
updateScript = map builtins.toString (lib.toList (updateScript.command or updateScript));
|
||||||
supportedFeatures = package.updateScript.supportedFeatures or [];
|
supportedFeatures = updateScript.supportedFeatures or [];
|
||||||
attrPath = package.updateScript.attrPath or attrPath;
|
attrPath = updateScript.attrPath or attrPath;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* JSON file with data for update.py.
|
/* JSON file with data for update.py.
|
||||||
|
@ -230,4 +231,5 @@ in pkgs.stdenv.mkDerivation {
|
||||||
unset shellHook # do not contaminate nested shells
|
unset shellHook # do not contaminate nested shells
|
||||||
exec ${pkgs.python3.interpreter} ${./update.py} ${builtins.concatStringsSep " " args}
|
exec ${pkgs.python3.interpreter} ${./update.py} ${builtins.concatStringsSep " " args}
|
||||||
'';
|
'';
|
||||||
|
nativeBuildInputs = [ pkgs.git pkgs.nix pkgs.cacert ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1076,7 +1076,6 @@ with lib.maintainers;
|
||||||
members = [
|
members = [
|
||||||
hehongbo
|
hehongbo
|
||||||
lach
|
lach
|
||||||
rane
|
|
||||||
sigmasquadron
|
sigmasquadron
|
||||||
];
|
];
|
||||||
scope = "Maintain the Xen Project Hypervisor and the related tooling ecosystem.";
|
scope = "Maintain the Xen Project Hypervisor and the related tooling ecosystem.";
|
||||||
|
|
|
@ -52,7 +52,7 @@ and [](#opt-services.kubernetes.easyCerts)
|
||||||
to true. This sets up flannel as CNI and activates automatic PKI bootstrapping.
|
to true. This sets up flannel as CNI and activates automatic PKI bootstrapping.
|
||||||
|
|
||||||
::: {.note}
|
::: {.note}
|
||||||
As of NixOS 19.03, it is mandatory to configure:
|
It is mandatory to configure:
|
||||||
[](#opt-services.kubernetes.masterAddress).
|
[](#opt-services.kubernetes.masterAddress).
|
||||||
The masterAddress must be resolveable and routeable by all cluster nodes.
|
The masterAddress must be resolveable and routeable by all cluster nodes.
|
||||||
In single node clusters, this can be set to `localhost`.
|
In single node clusters, this can be set to `localhost`.
|
||||||
|
|
|
@ -17,6 +17,12 @@ There's also [a convenient development daemon](https://nixos.org/manual/nixpkgs/
|
||||||
|
|
||||||
The above instructions don't deal with the appendix of available `configuration.nix` options, and the manual pages related to NixOS. These are built, and written in a different location and in a different format, as explained in the next sections.
|
The above instructions don't deal with the appendix of available `configuration.nix` options, and the manual pages related to NixOS. These are built, and written in a different location and in a different format, as explained in the next sections.
|
||||||
|
|
||||||
|
## Testing redirects {#sec-contributing-redirects}
|
||||||
|
|
||||||
|
Once you have a successful build, you can open the relevant HTML (path mentioned above) in a browser along with the anchor, and observe the redirection.
|
||||||
|
|
||||||
|
Note that if you already loaded the page and *then* input the anchor, you will need to perform a reload. This is because browsers do not re-run client JS code when only the anchor has changed.
|
||||||
|
|
||||||
## Contributing to the `configuration.nix` options documentation {#sec-contributing-options}
|
## Contributing to the `configuration.nix` options documentation {#sec-contributing-options}
|
||||||
|
|
||||||
The documentation for all the different `configuration.nix` options is automatically generated by reading the `description`s of all the NixOS options defined at `nixos/modules/`. If you want to improve such `description`, find it in the `nixos/modules/` directory, and edit it and open a pull request.
|
The documentation for all the different `configuration.nix` options is automatically generated by reading the `description`s of all the NixOS options defined at `nixos/modules/`. If you want to improve such `description`, find it in the `nixos/modules/` directory, and edit it and open a pull request.
|
||||||
|
|
|
@ -122,6 +122,7 @@ in rec {
|
||||||
|
|
||||||
nixos-render-docs -j $NIX_BUILD_CORES manual html \
|
nixos-render-docs -j $NIX_BUILD_CORES manual html \
|
||||||
--manpage-urls ${manpageUrls} \
|
--manpage-urls ${manpageUrls} \
|
||||||
|
--redirects ${./redirects.json} \
|
||||||
--revision ${escapeShellArg revision} \
|
--revision ${escapeShellArg revision} \
|
||||||
--generator "nixos-render-docs ${pkgs.lib.version}" \
|
--generator "nixos-render-docs ${pkgs.lib.version}" \
|
||||||
--stylesheet style.css \
|
--stylesheet style.css \
|
||||||
|
|
|
@ -312,6 +312,8 @@ have a predefined type and string generator already declared under
|
||||||
may be transformed into multiple key-value pairs depending on
|
may be transformed into multiple key-value pairs depending on
|
||||||
`listToValue`).
|
`listToValue`).
|
||||||
|
|
||||||
|
The attribute `lib.type.atom` contains the used INI atom.
|
||||||
|
|
||||||
`pkgs.formats.iniWithGlobalSection` { *`listsAsDuplicateKeys`* ? false, *`listToValue`* ? null, \.\.\. }
|
`pkgs.formats.iniWithGlobalSection` { *`listsAsDuplicateKeys`* ? false, *`listToValue`* ? null, \.\.\. }
|
||||||
|
|
||||||
: A function taking an attribute set with values
|
: A function taking an attribute set with values
|
||||||
|
@ -333,6 +335,8 @@ have a predefined type and string generator already declared under
|
||||||
attrset of key-value pairs for a single section, the global section which
|
attrset of key-value pairs for a single section, the global section which
|
||||||
preceedes the section definitions.
|
preceedes the section definitions.
|
||||||
|
|
||||||
|
The attribute `lib.type.atom` contains the used INI atom.
|
||||||
|
|
||||||
`pkgs.formats.toml` { }
|
`pkgs.formats.toml` { }
|
||||||
|
|
||||||
: A function taking an empty attribute set (for future extensibility)
|
: A function taking an empty attribute set (for future extensibility)
|
||||||
|
|
|
@ -206,8 +206,7 @@ The first steps to all these are the same:
|
||||||
line)
|
line)
|
||||||
|
|
||||||
::: {.note}
|
::: {.note}
|
||||||
Support for `NIXOS_LUSTRATE` was added in NixOS 16.09. The act of
|
The act of "lustrating" refers to the wiping of the existing distribution.
|
||||||
"lustrating" refers to the wiping of the existing distribution.
|
|
||||||
Creating `/etc/NIXOS_LUSTRATE` can also be used on NixOS to remove
|
Creating `/etc/NIXOS_LUSTRATE` can also be used on NixOS to remove
|
||||||
all mutable files from your root partition (anything that's not in
|
all mutable files from your root partition (anything that's not in
|
||||||
`/nix` or `/boot` gets "lustrated" on the next boot.
|
`/nix` or `/boot` gets "lustrated" on the next boot.
|
||||||
|
|
2177
third_party/nixpkgs/nixos/doc/manual/redirects.json
vendored
Normal file
2177
third_party/nixpkgs/nixos/doc/manual/redirects.json
vendored
Normal file
File diff suppressed because it is too large
Load diff
|
@ -3,6 +3,7 @@
|
||||||
This section lists the release notes for each stable version of NixOS and current unstable revision.
|
This section lists the release notes for each stable version of NixOS and current unstable revision.
|
||||||
|
|
||||||
```{=include=} sections
|
```{=include=} sections
|
||||||
|
rl-2505.section.md
|
||||||
rl-2411.section.md
|
rl-2411.section.md
|
||||||
rl-2405.section.md
|
rl-2405.section.md
|
||||||
rl-2311.section.md
|
rl-2311.section.md
|
||||||
|
|
|
@ -101,8 +101,12 @@
|
||||||
systemd-sysusers to achieve a system without Perl, as it can create normal
|
systemd-sysusers to achieve a system without Perl, as it can create normal
|
||||||
users and change passwords. Available as [services.userborn](#opt-services.userborn.enable).
|
users and change passwords. Available as [services.userborn](#opt-services.userborn.enable).
|
||||||
|
|
||||||
|
- [g810-led](https://github.com/MatMoul/g810-led), a LED controller for Logitech G keyboards. Available as [services.g810-led](options.html#opt-services.g810-led.enable).
|
||||||
|
|
||||||
- [Hatsu](https://github.com/importantimport/hatsu), a self-hosted bridge that interacts with Fediverse on behalf of your static site. Available as [services.hatsu](options.html#opt-services.hatsu.enable).
|
- [Hatsu](https://github.com/importantimport/hatsu), a self-hosted bridge that interacts with Fediverse on behalf of your static site. Available as [services.hatsu](options.html#opt-services.hatsu.enable).
|
||||||
|
|
||||||
|
- [Soteria](https://github.com/ImVaskel/soteria), a polkit authentication agent to handle elevated prompts for any desktop environment. Normally this should only be used on DEs or WMs that do not provide a graphical polkit frontend on their own. Available as [`security.soteria`](#opt-security.soteria.enable).
|
||||||
|
|
||||||
- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood.enable).
|
- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood.enable).
|
||||||
|
|
||||||
- [Niri](https://github.com/YaLTeR/niri), a scrollable-tiling Wayland compositor. Available as [programs.niri](options.html#opt-programs.niri.enable).
|
- [Niri](https://github.com/YaLTeR/niri), a scrollable-tiling Wayland compositor. Available as [programs.niri](options.html#opt-programs.niri.enable).
|
||||||
|
@ -115,6 +119,8 @@
|
||||||
|
|
||||||
- [Eintopf](https://eintopf.info), a community event and calendar web application. Available as [services.eintopf](options.html#opt-services.eintopf.enable).
|
- [Eintopf](https://eintopf.info), a community event and calendar web application. Available as [services.eintopf](options.html#opt-services.eintopf.enable).
|
||||||
|
|
||||||
|
- [`pay-respects`](https://codeberg.org/iff/pay-respects), a terminal command correction program, alternative to `thefuck`, written in Rust. Available as [programs.pay-respects](options.html#opt-programs.pay-respects).
|
||||||
|
|
||||||
- [Radicle](https://radicle.xyz), an open source, peer-to-peer code collaboration stack built on Git. Available as [services.radicle](#opt-services.radicle.enable).
|
- [Radicle](https://radicle.xyz), an open source, peer-to-peer code collaboration stack built on Git. Available as [services.radicle](#opt-services.radicle.enable).
|
||||||
|
|
||||||
- [ddns-updater](https://github.com/qdm12/ddns-updater), a service with a WebUI to update DNS records periodically for many providers. Available as [services.ddns-updater](#opt-services.ddns-updater.enable).
|
- [ddns-updater](https://github.com/qdm12/ddns-updater), a service with a WebUI to update DNS records periodically for many providers. Available as [services.ddns-updater](#opt-services.ddns-updater.enable).
|
||||||
|
@ -123,6 +129,8 @@
|
||||||
|
|
||||||
- [HomeBox](https://github.com/sysadminsmedia/homebox), an inventory and organization system built for the home user. Available as [services.homebox](#opt-services.homebox.enable).
|
- [HomeBox](https://github.com/sysadminsmedia/homebox), an inventory and organization system built for the home user. Available as [services.homebox](#opt-services.homebox.enable).
|
||||||
|
|
||||||
|
- [evremap](https://github.com/wez/evremap), a keyboard input remapper for Linux/Wayland systems. Available as [services.evremap](options.html#opt-services.evremap).
|
||||||
|
|
||||||
- [matrix-hookshot](https://matrix-org.github.io/matrix-hookshot), a Matrix bot for connecting to external services. Available as [services.matrix-hookshot](#opt-services.matrix-hookshot.enable).
|
- [matrix-hookshot](https://matrix-org.github.io/matrix-hookshot), a Matrix bot for connecting to external services. Available as [services.matrix-hookshot](#opt-services.matrix-hookshot.enable).
|
||||||
|
|
||||||
- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various Git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
|
- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various Git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
|
||||||
|
@ -131,6 +139,8 @@
|
||||||
|
|
||||||
- [zeronsd](https://github.com/zerotier/zeronsd), a DNS server for ZeroTier users. Available with [services.zeronsd.servedNetworks](#opt-services.zeronsd.servedNetworks).
|
- [zeronsd](https://github.com/zerotier/zeronsd), a DNS server for ZeroTier users. Available with [services.zeronsd.servedNetworks](#opt-services.zeronsd.servedNetworks).
|
||||||
|
|
||||||
|
- [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](#opt-services.agorakit.enable).
|
||||||
|
|
||||||
- [Collabora Online](https://www.collaboraonline.com/), a collaborative online office suite based on LibreOffice technology. Available as [services.collabora-online](options.html#opt-services.collabora-online.enable).
|
- [Collabora Online](https://www.collaboraonline.com/), a collaborative online office suite based on LibreOffice technology. Available as [services.collabora-online](options.html#opt-services.collabora-online.enable).
|
||||||
|
|
||||||
- [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a WebUI for connecting devices. Available as [services.wg-access-server](#opt-services.wg-access-server.enable).
|
- [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a WebUI for connecting devices. Available as [services.wg-access-server](#opt-services.wg-access-server.enable).
|
||||||
|
@ -195,6 +205,8 @@
|
||||||
|
|
||||||
- [Zapret](https://github.com/bol-van/zapret), a DPI bypass tool. Available as [services.zapret](option.html#opt-services.zapret.enable).
|
- [Zapret](https://github.com/bol-van/zapret), a DPI bypass tool. Available as [services.zapret](option.html#opt-services.zapret.enable).
|
||||||
|
|
||||||
|
- [Glances](https://github.com/nicolargo/glances), an open-source system cross-platform monitoring tool. Available as [services.glances](option.html#opt-services.glances).
|
||||||
|
|
||||||
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
|
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
|
||||||
|
|
||||||
- Nixpkgs now requires Nix 2.3.17 or newer to allow for zstd compressed binary artifacts.
|
- Nixpkgs now requires Nix 2.3.17 or newer to allow for zstd compressed binary artifacts.
|
||||||
|
@ -203,8 +215,9 @@
|
||||||
|
|
||||||
- The NVIDIA driver no longer defaults to the proprietary kernel module with versions >= 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open modules.
|
- The NVIDIA driver no longer defaults to the proprietary kernel module with versions >= 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open modules.
|
||||||
|
|
||||||
- The `(buildPythonPackage { ... }).override` attribute is now deprecated and removed in favour of `overridePythonAttrs`.
|
- The `(buildPythonPackage { ... }).override` and `(buildPythonPackage { ... }).overrideDerivation` attributes is now deprecated and removed in favour of `overridePythonAttrs` and `lib.overrideDerivation`.
|
||||||
This change does not affect the override interface of most Python packages, as [`<pkg>.override`](https://nixos.org/manual/nixpkgs/unstable/#sec-pkg-override) provided by `callPackage` shadows such a locally-defined `override` attribute.
|
This change does not affect the override interface of most Python packages, as [`<pkg>.override`](https://nixos.org/manual/nixpkgs/unstable/#sec-pkg-override) provided by `callPackage` shadows such a locally-defined `override` attribute.
|
||||||
|
The `<pkg>.overrideDerivation` attribute of Python packages called with `callPackage` will also remain available after this change.
|
||||||
|
|
||||||
- All Cinnamon and XApp packages have been moved to top-level (i.e., `cinnamon.nemo` is now `nemo`).
|
- All Cinnamon and XApp packages have been moved to top-level (i.e., `cinnamon.nemo` is now `nemo`).
|
||||||
|
|
||||||
|
@ -225,7 +238,7 @@
|
||||||
- The VirtualBox demo installer appliance has been removed.
|
- The VirtualBox demo installer appliance has been removed.
|
||||||
Please use the standard installer ISOs instead.
|
Please use the standard installer ISOs instead.
|
||||||
|
|
||||||
- `grafana` has been updated to version 11.1. This version doesn't support setting `http_addr` to a hostname anymore, an IP address is expected.
|
- `grafana` has been updated to version 11.3. This version doesn't support setting `http_addr` to a hostname anymore, an IP address is expected.
|
||||||
|
|
||||||
- `deno` has been updated to Deno 2, which has breaking changes.
|
- `deno` has been updated to Deno 2, which has breaking changes.
|
||||||
See the [migration guide](https://docs.deno.com/runtime/reference/migration_guide/) for details.
|
See the [migration guide](https://docs.deno.com/runtime/reference/migration_guide/) for details.
|
||||||
|
@ -236,6 +249,8 @@
|
||||||
|
|
||||||
- `knot-dns` has been updated to version 3.4.x. Check the [migration guide](https://www.knot-dns.cz/docs/latest/html/migration.html#upgrade-3-3-x-to-3-4-x) for breaking changes.
|
- `knot-dns` has been updated to version 3.4.x. Check the [migration guide](https://www.knot-dns.cz/docs/latest/html/migration.html#upgrade-3-3-x-to-3-4-x) for breaking changes.
|
||||||
|
|
||||||
|
- `mutmut` has been updated to version 3.0.5.
|
||||||
|
|
||||||
- `services.kubernetes.kubelet.clusterDns` now accepts a list of DNS resolvers rather than a single string, bringing the module more in line with the upstream Kubelet configuration schema.
|
- `services.kubernetes.kubelet.clusterDns` now accepts a list of DNS resolvers rather than a single string, bringing the module more in line with the upstream Kubelet configuration schema.
|
||||||
|
|
||||||
- `bluemap` has changed the format used to store map tiles, and the database layout has been heavily modified. Upstream recommends a clean reinstallation: <https://github.com/BlueMap-Minecraft/BlueMap/releases/tag/v5.2>. Unless you are using an SQL storage backend, this should only entail deleting the contents of `config.services.bluemap.coreSettings.data` (defaults to `/var/lib/bluemap`) and `config.services.bluemap.webRoot` (defaults to `/var/lib/bluemap/web`).
|
- `bluemap` has changed the format used to store map tiles, and the database layout has been heavily modified. Upstream recommends a clean reinstallation: <https://github.com/BlueMap-Minecraft/BlueMap/releases/tag/v5.2>. Unless you are using an SQL storage backend, this should only entail deleting the contents of `config.services.bluemap.coreSettings.data` (defaults to `/var/lib/bluemap`) and `config.services.bluemap.webRoot` (defaults to `/var/lib/bluemap/web`).
|
||||||
|
@ -303,10 +318,21 @@
|
||||||
- The `mautrix-signal` module was adapted to incorporate the configuration changes that resulted from the update to the mautrix bridgev2 architecture. Pre-0.7.0 configurations should continue to work.
|
- The `mautrix-signal` module was adapted to incorporate the configuration changes that resulted from the update to the mautrix bridgev2 architecture. Pre-0.7.0 configurations should continue to work.
|
||||||
In case you want to update your configuration, make sure to check the NixOS manual.
|
In case you want to update your configuration, make sure to check the NixOS manual.
|
||||||
|
|
||||||
|
- `cargo-tauri` has been updated to major version 2. Please review [the migration guide](https://tauri.app/start/migrate/from-tauri-1/).
|
||||||
|
v1 of `cargo-tauri` is still available as `cargo-tauri_1`, but will be removed in future releases.
|
||||||
|
|
||||||
- The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver.
|
- The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver.
|
||||||
|
|
||||||
|
- `postgresql_12` has been removed since it reached its end of life.
|
||||||
|
|
||||||
- `postgresql` no longer accepts the `enableSystemd` override. Use `systemdSupport` instead.
|
- `postgresql` no longer accepts the `enableSystemd` override. Use `systemdSupport` instead.
|
||||||
|
|
||||||
|
- `postgresql` was split into default and -dev outputs. To make this work without circular dependencies, the output of the `pg_config` system view has been removed. The `pg_config` binary is provided in the -dev output and still works as expected.
|
||||||
|
|
||||||
|
- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.
|
||||||
|
|
||||||
|
- `postgresql` is now [hardened by default](#module-services-postgres-hardening) using the common `systemd` settings for that.
|
||||||
|
|
||||||
- The dhcpcd service (`networking.useDHCP`) has been hardened and now runs exclusively as the "dhcpcd" user.
|
- The dhcpcd service (`networking.useDHCP`) has been hardened and now runs exclusively as the "dhcpcd" user.
|
||||||
Users that were relying on the root privileges in `networking.dhcpcd.runHook` will have to write specific [sudo](security.sudo.extraRules) or [polkit](security.polkit.extraConfig) rules to allow dhcpcd to perform privileged actions.
|
Users that were relying on the root privileges in `networking.dhcpcd.runHook` will have to write specific [sudo](security.sudo.extraRules) or [polkit](security.polkit.extraConfig) rules to allow dhcpcd to perform privileged actions.
|
||||||
|
|
||||||
|
@ -572,8 +598,6 @@
|
||||||
|
|
||||||
- Docker now defaults to 27.x, as version 24.x stopped receiving security updates and bug fixes after [February 1, 2024](https://github.com/moby/moby/pull/46772#discussion_r1686464084).
|
- Docker now defaults to 27.x, as version 24.x stopped receiving security updates and bug fixes after [February 1, 2024](https://github.com/moby/moby/pull/46772#discussion_r1686464084).
|
||||||
|
|
||||||
- `postgresql` was split into default and -dev outputs. To make this work without circular dependencies, the output of the `pg_config` system view has been removed. The `pg_config` binary is provided in the -dev output and still works as expected.
|
|
||||||
|
|
||||||
- `keycloak` was updated to version 25, which introduces new hostname related options.
|
- `keycloak` was updated to version 25, which introduces new hostname related options.
|
||||||
See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.
|
See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.
|
||||||
|
|
||||||
|
@ -688,11 +712,10 @@
|
||||||
|
|
||||||
- `isync` has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details.
|
- `isync` has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details.
|
||||||
|
|
||||||
- Legacy package `globalprotect-openconnect` 1.x and related module
|
- Two new packages -- `gpauth` and `gpclient` from the 2.x version of the
|
||||||
`services.globalprotect` were dropped. Two new packages -- `gpauth` and `gpclient`
|
GlobalProtect-openconnect project -- are added in parallel to
|
||||||
from the 2.x version of the GlobalProtect-openconnect project -- are added in its
|
`globalprotect-openconnect`. The GUI components related to the project are
|
||||||
place. The GUI components related to the project are non-free and not
|
non-free and not packaged.
|
||||||
packaged.
|
|
||||||
|
|
||||||
- Compatible string matching for `hardware.deviceTree.overlays` has been changed to a more correct behavior. See [below](#sec-release-24.11-migration-dto-compatible) for details.
|
- Compatible string matching for `hardware.deviceTree.overlays` has been changed to a more correct behavior. See [below](#sec-release-24.11-migration-dto-compatible) for details.
|
||||||
|
|
||||||
|
@ -715,6 +738,20 @@
|
||||||
- `python3Packages.nose` has been removed, as it has been deprecated and unmaintained for almost a decade and does not work on Python 3.12.
|
- `python3Packages.nose` has been removed, as it has been deprecated and unmaintained for almost a decade and does not work on Python 3.12.
|
||||||
Please switch to `pytest` or another test runner/framework.
|
Please switch to `pytest` or another test runner/framework.
|
||||||
|
|
||||||
|
- `dotnet-sdk`, `dotnet-runtime`, and all other dotnet packages now use a
|
||||||
|
wrapper package containing `bin/dotnet`, build hooks, etc. If you need to
|
||||||
|
reference the underlying dotnet distribution (DOTNET_ROOT) you should use e.g.
|
||||||
|
`dotnet-runtime.unwrapped`.
|
||||||
|
|
||||||
|
- The root of dotnet distribution packages (DOTNET_ROOT) is now under e.g.
|
||||||
|
`${dotnet-sdk.unwrapped}/share/dotnet` instead of directly in the package
|
||||||
|
root. This is consistent with packaging guidelines and more friendly for FHS
|
||||||
|
environments.
|
||||||
|
|
||||||
|
- `dotnet-sdk`, `dotnet-runtime`, and `dotnet-aspnetcore` now point to dotnet 8
|
||||||
|
rather than dotnet 6. For packages that still need dotnet 6, use
|
||||||
|
`dotnet-sdk_6`, etc.
|
||||||
|
|
||||||
## Other Notable Changes {#sec-release-24.11-notable-changes}
|
## Other Notable Changes {#sec-release-24.11-notable-changes}
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
@ -783,6 +820,8 @@
|
||||||
|
|
||||||
- The new `boot.loader.systemd-boot.windows` option makes setting up dual-booting with Windows on a different drive easier.
|
- The new `boot.loader.systemd-boot.windows` option makes setting up dual-booting with Windows on a different drive easier.
|
||||||
|
|
||||||
|
- The `boot.loader.raspberryPi` options were marked as deprecated in 23.11 and have now been removed.
|
||||||
|
|
||||||
- Linux 4.19 has been removed because it will reach its end of life within the lifespan of 24.11.
|
- Linux 4.19 has been removed because it will reach its end of life within the lifespan of 24.11.
|
||||||
|
|
||||||
- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
|
- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
|
||||||
|
@ -817,8 +856,6 @@
|
||||||
|
|
||||||
- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep). Available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
|
- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep). Available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
|
||||||
|
|
||||||
- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.
|
|
||||||
|
|
||||||
- Mattermost has been updated from 9.5 to 9.11 ESR. See the [changelog](https://docs.mattermost.com/about/mattermost-v9-changelog.html#release-v9-11-extended-support-release) for more details.
|
- Mattermost has been updated from 9.5 to 9.11 ESR. See the [changelog](https://docs.mattermost.com/about/mattermost-v9-changelog.html#release-v9-11-extended-support-release) for more details.
|
||||||
|
|
||||||
- `cargo-tauri.hook` was introduced to help users build [Tauri](https://tauri.app/) projects. It is meant to be used alongside
|
- `cargo-tauri.hook` was introduced to help users build [Tauri](https://tauri.app/) projects. It is meant to be used alongside
|
||||||
|
@ -838,8 +875,6 @@
|
||||||
|
|
||||||
- `iproute2` now has libbpf support.
|
- `iproute2` now has libbpf support.
|
||||||
|
|
||||||
- `postgresql` is now [hardened by default](#module-services-postgres-hardening) using the common `systemd` settings for that.
|
|
||||||
|
|
||||||
If you use extensions that are not packaged in nixpkgs, please review whether it still works
|
If you use extensions that are not packaged in nixpkgs, please review whether it still works
|
||||||
with the current settings and adjust accordingly if needed.
|
with the current settings and adjust accordingly if needed.
|
||||||
|
|
||||||
|
@ -856,6 +891,8 @@
|
||||||
|
|
||||||
- `qgis` and `qgis-ltr` are now built without `grass` by default. `grass` support can be enabled with `qgis.override { withGrass = true; }`.
|
- `qgis` and `qgis-ltr` are now built without `grass` by default. `grass` support can be enabled with `qgis.override { withGrass = true; }`.
|
||||||
|
|
||||||
|
- `virtualisation.incus` module gained new `incus-user.service` and `incus-user.socket` systemd units. It is now possible to add a user to `incus` group instead of `incus-admin` for increased security.
|
||||||
|
|
||||||
## Detailed Migration Information {#sec-release-24.11-migration}
|
## Detailed Migration Information {#sec-release-24.11-migration}
|
||||||
|
|
||||||
### `sound` options removal {#sec-release-24.11-migration-sound}
|
### `sound` options removal {#sec-release-24.11-migration-sound}
|
||||||
|
|
36
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2505.section.md
vendored
Normal file
36
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2505.section.md
vendored
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# Release 25.05 (“Warbler”, 2025.05/??) {#sec-release-25.05}
|
||||||
|
|
||||||
|
## Highlights {#sec-release-25.05-highlights}
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
- Create the first release note entry in this section!
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
## New Modules {#sec-release-25.05-new-modules}
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
- [Kimai](https://www.kimai.org/), a web-based multi-user time-tracking application. Available as [services.kimai](option.html#opt-services.kimai).
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
## Backward Incompatibilities {#sec-release-25.05-incompatibilities}
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
- `kanata` was updated to v1.7.0, which introduces several breaking changes.
|
||||||
|
See the release notes of
|
||||||
|
[v1.7.0](https://github.com/jtroo/kanata/releases/tag/v1.7.0)
|
||||||
|
for more information.
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
## Other Notable Changes {#sec-release-25.05-notable-changes}
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
- Create the first release note entry in this section!
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
|
@ -6,8 +6,11 @@ let
|
||||||
|
|
||||||
common = import ./common.nix;
|
common = import ./common.nix;
|
||||||
inherit (common) outputPath indexPath;
|
inherit (common) outputPath indexPath;
|
||||||
|
devmode = pkgs.devmode.override {
|
||||||
|
buildArgs = "../../release.nix -A manualHTML.${builtins.currentSystem}";
|
||||||
|
open = "/${outputPath}/${indexPath}";
|
||||||
|
};
|
||||||
in
|
in
|
||||||
pkgs.callPackage ../../../pkgs/tools/nix/web-devmode.nix {
|
pkgs.mkShellNoCC {
|
||||||
buildArgs = "../../release.nix -A manualHTML.${builtins.currentSystem}";
|
packages = [ devmode ];
|
||||||
open = "/${outputPath}/${indexPath}";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -57,7 +57,7 @@ rec {
|
||||||
throwUnsupportedGuestSystem = guestMap:
|
throwUnsupportedGuestSystem = guestMap:
|
||||||
throw "Unsupported guest system ${guestSystem} for host ${hostSystem}, supported: ${lib.concatStringsSep ", " (lib.attrNames guestMap)}";
|
throw "Unsupported guest system ${guestSystem} for host ${hostSystem}, supported: ${lib.concatStringsSep ", " (lib.attrNames guestMap)}";
|
||||||
in
|
in
|
||||||
if hostStdenv.isLinux then
|
if hostStdenv.hostPlatform.isLinux then
|
||||||
linuxHostGuestMatrix.${guestSystem} or "${qemuPkg}/bin/qemu-kvm"
|
linuxHostGuestMatrix.${guestSystem} or "${qemuPkg}/bin/qemu-kvm"
|
||||||
else
|
else
|
||||||
let
|
let
|
||||||
|
|
|
@ -70,7 +70,7 @@ in
|
||||||
defaultChannel = mkOption {
|
defaultChannel = mkOption {
|
||||||
internal = true;
|
internal = true;
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "https://nixos.org/channels/nixos-unstable";
|
default = "https://nixos.org/channels/nixos-24.11";
|
||||||
description = "Default NixOS channel to which the root user is subscribed.";
|
description = "Default NixOS channel to which the root user is subscribed.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -101,7 +101,7 @@ in
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = cfg.enable32Bit -> pkgs.stdenv.hostPlatform.isx86_64;
|
assertion = cfg.enable32Bit -> pkgs.stdenv.hostPlatform.isx86_64;
|
||||||
message = "`hardware.graphics.enable32Bit` only makes sense on a 64-bit system.";
|
message = "`hardware.graphics.enable32Bit` is only supported on an x86_64 system.";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
assertion = cfg.enable32Bit -> (config.boot.kernelPackages.kernel.features.ia32Emulation or false);
|
assertion = cfg.enable32Bit -> (config.boot.kernelPackages.kernel.features.ia32Emulation or false);
|
||||||
|
|
|
@ -218,7 +218,7 @@ in
|
||||||
mkToolModule = { name, package ? pkgs.${name} }: { config, ... }: {
|
mkToolModule = { name, package ? pkgs.${name} }: { config, ... }: {
|
||||||
options.system.tools.${name}.enable = lib.mkEnableOption "${name} script" // {
|
options.system.tools.${name}.enable = lib.mkEnableOption "${name} script" // {
|
||||||
default = config.nix.enable && ! config.system.disableInstallerTools;
|
default = config.nix.enable && ! config.system.disableInstallerTools;
|
||||||
internal = true;
|
defaultText = "config.nix.enable && !config.system.disableInstallerTools";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf config.system.tools.${name}.enable {
|
config = lib.mkIf config.system.tools.${name}.enable {
|
||||||
|
|
|
@ -42,6 +42,7 @@ let
|
||||||
VARIANT = optionalString (cfg.variantName != null) cfg.variantName;
|
VARIANT = optionalString (cfg.variantName != null) cfg.variantName;
|
||||||
VARIANT_ID = optionalString (cfg.variant_id != null) cfg.variant_id;
|
VARIANT_ID = optionalString (cfg.variant_id != null) cfg.variant_id;
|
||||||
DEFAULT_HOSTNAME = config.networking.fqdnOrHostName;
|
DEFAULT_HOSTNAME = config.networking.fqdnOrHostName;
|
||||||
|
SUPPORT_END = "2025-06-30";
|
||||||
};
|
};
|
||||||
|
|
||||||
initrdReleaseContents = (removeAttrs osReleaseContents [ "BUILD_ID" ]) // {
|
initrdReleaseContents = (removeAttrs osReleaseContents [ "BUILD_ID" ]) // {
|
||||||
|
|
|
@ -148,6 +148,7 @@
|
||||||
./programs/alvr.nix
|
./programs/alvr.nix
|
||||||
./programs/appgate-sdp.nix
|
./programs/appgate-sdp.nix
|
||||||
./programs/appimage.nix
|
./programs/appimage.nix
|
||||||
|
./programs/arp-scan.nix
|
||||||
./programs/atop.nix
|
./programs/atop.nix
|
||||||
./programs/ausweisapp.nix
|
./programs/ausweisapp.nix
|
||||||
./programs/autojump.nix
|
./programs/autojump.nix
|
||||||
|
@ -295,6 +296,7 @@
|
||||||
./programs/sysdig.nix
|
./programs/sysdig.nix
|
||||||
./programs/system-config-printer.nix
|
./programs/system-config-printer.nix
|
||||||
./programs/systemtap.nix
|
./programs/systemtap.nix
|
||||||
|
./programs/tcpdump.nix
|
||||||
./programs/thefuck.nix
|
./programs/thefuck.nix
|
||||||
./programs/thunar.nix
|
./programs/thunar.nix
|
||||||
./programs/thunderbird.nix
|
./programs/thunderbird.nix
|
||||||
|
@ -362,6 +364,7 @@
|
||||||
./security/polkit.nix
|
./security/polkit.nix
|
||||||
./security/rngd.nix
|
./security/rngd.nix
|
||||||
./security/rtkit.nix
|
./security/rtkit.nix
|
||||||
|
./security/soteria.nix
|
||||||
./security/sudo.nix
|
./security/sudo.nix
|
||||||
./security/sudo-rs.nix
|
./security/sudo-rs.nix
|
||||||
./security/systemd-confinement.nix
|
./security/systemd-confinement.nix
|
||||||
|
@ -588,6 +591,7 @@
|
||||||
./services/hardware/fancontrol.nix
|
./services/hardware/fancontrol.nix
|
||||||
./services/hardware/freefall.nix
|
./services/hardware/freefall.nix
|
||||||
./services/hardware/fwupd.nix
|
./services/hardware/fwupd.nix
|
||||||
|
./services/hardware/g810-led.nix
|
||||||
./services/hardware/handheld-daemon.nix
|
./services/hardware/handheld-daemon.nix
|
||||||
./services/hardware/hddfancontrol.nix
|
./services/hardware/hddfancontrol.nix
|
||||||
./services/hardware/illum.nix
|
./services/hardware/illum.nix
|
||||||
|
@ -752,6 +756,7 @@
|
||||||
./services/misc/etebase-server.nix
|
./services/misc/etebase-server.nix
|
||||||
./services/misc/etesync-dav.nix
|
./services/misc/etesync-dav.nix
|
||||||
./services/misc/evdevremapkeys.nix
|
./services/misc/evdevremapkeys.nix
|
||||||
|
./services/misc/evremap.nix
|
||||||
./services/misc/felix.nix
|
./services/misc/felix.nix
|
||||||
./services/misc/flaresolverr.nix
|
./services/misc/flaresolverr.nix
|
||||||
./services/misc/forgejo.nix
|
./services/misc/forgejo.nix
|
||||||
|
@ -887,6 +892,7 @@
|
||||||
./services/monitoring/do-agent.nix
|
./services/monitoring/do-agent.nix
|
||||||
./services/monitoring/fusion-inventory.nix
|
./services/monitoring/fusion-inventory.nix
|
||||||
./services/monitoring/gatus.nix
|
./services/monitoring/gatus.nix
|
||||||
|
./services/monitoring/glances.nix
|
||||||
./services/monitoring/goss.nix
|
./services/monitoring/goss.nix
|
||||||
./services/monitoring/grafana-agent.nix
|
./services/monitoring/grafana-agent.nix
|
||||||
./services/monitoring/grafana-image-renderer.nix
|
./services/monitoring/grafana-image-renderer.nix
|
||||||
|
@ -1052,6 +1058,7 @@
|
||||||
./services/networking/gdomap.nix
|
./services/networking/gdomap.nix
|
||||||
./services/networking/ghostunnel.nix
|
./services/networking/ghostunnel.nix
|
||||||
./services/networking/git-daemon.nix
|
./services/networking/git-daemon.nix
|
||||||
|
./services/networking/globalprotect-vpn.nix
|
||||||
./services/networking/gns3-server.nix
|
./services/networking/gns3-server.nix
|
||||||
./services/networking/gnunet.nix
|
./services/networking/gnunet.nix
|
||||||
./services/networking/go-autoconfig.nix
|
./services/networking/go-autoconfig.nix
|
||||||
|
@ -1388,6 +1395,7 @@
|
||||||
./services/wayland/cage.nix
|
./services/wayland/cage.nix
|
||||||
./services/wayland/hypridle.nix
|
./services/wayland/hypridle.nix
|
||||||
./services/web-apps/akkoma.nix
|
./services/web-apps/akkoma.nix
|
||||||
|
./services/web-apps/agorakit.nix
|
||||||
./services/web-apps/alps.nix
|
./services/web-apps/alps.nix
|
||||||
./services/web-apps/anuko-time-tracker.nix
|
./services/web-apps/anuko-time-tracker.nix
|
||||||
./services/web-apps/artalk.nix
|
./services/web-apps/artalk.nix
|
||||||
|
@ -1408,6 +1416,7 @@
|
||||||
./services/web-apps/crabfit.nix
|
./services/web-apps/crabfit.nix
|
||||||
./services/web-apps/davis.nix
|
./services/web-apps/davis.nix
|
||||||
./services/web-apps/cryptpad.nix
|
./services/web-apps/cryptpad.nix
|
||||||
|
./services/web-apps/dashy.nix
|
||||||
./services/web-apps/dependency-track.nix
|
./services/web-apps/dependency-track.nix
|
||||||
./services/web-apps/dex.nix
|
./services/web-apps/dex.nix
|
||||||
./services/web-apps/discourse.nix
|
./services/web-apps/discourse.nix
|
||||||
|
@ -1452,6 +1461,7 @@
|
||||||
./services/web-apps/kasmweb/default.nix
|
./services/web-apps/kasmweb/default.nix
|
||||||
./services/web-apps/kavita.nix
|
./services/web-apps/kavita.nix
|
||||||
./services/web-apps/keycloak.nix
|
./services/web-apps/keycloak.nix
|
||||||
|
./services/web-apps/kimai.nix
|
||||||
./services/web-apps/komga.nix
|
./services/web-apps/komga.nix
|
||||||
./services/web-apps/lanraragi.nix
|
./services/web-apps/lanraragi.nix
|
||||||
./services/web-apps/lemmy.nix
|
./services/web-apps/lemmy.nix
|
||||||
|
@ -1626,7 +1636,6 @@
|
||||||
./system/boot/loader/external/external.nix
|
./system/boot/loader/external/external.nix
|
||||||
./system/boot/loader/init-script/init-script.nix
|
./system/boot/loader/init-script/init-script.nix
|
||||||
./system/boot/loader/loader.nix
|
./system/boot/loader/loader.nix
|
||||||
./system/boot/loader/raspberrypi/raspberrypi.nix
|
|
||||||
./system/boot/loader/systemd-boot/systemd-boot.nix
|
./system/boot/loader/systemd-boot/systemd-boot.nix
|
||||||
./system/boot/luksroot.nix
|
./system/boot/luksroot.nix
|
||||||
./system/boot/stratisroot.nix
|
./system/boot/stratisroot.nix
|
||||||
|
|
32
third_party/nixpkgs/nixos/modules/programs/arp-scan.nix
vendored
Normal file
32
third_party/nixpkgs/nixos/modules/programs/arp-scan.nix
vendored
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.programs.arp-scan;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
programs.arp-scan = {
|
||||||
|
enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to configure a setcap wrapper for arp-scan.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
security.wrappers.arp-scan = {
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
capabilities = "cap_net_raw+p";
|
||||||
|
source = lib.getExe pkgs.arp-scan;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -313,7 +313,9 @@ in
|
||||||
old.extraPrefsFiles or [ ]
|
old.extraPrefsFiles or [ ]
|
||||||
++ cfg.autoConfigFiles
|
++ cfg.autoConfigFiles
|
||||||
++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ];
|
++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ];
|
||||||
nativeMessagingHosts = old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages;
|
nativeMessagingHosts = lib.unique (
|
||||||
|
old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages
|
||||||
|
);
|
||||||
cfg = (old.cfg or { }) // cfg.wrapperConfig;
|
cfg = (old.cfg or { }) // cfg.wrapperConfig;
|
||||||
}))
|
}))
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,10 +1,16 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.programs.iftop;
|
cfg = config.programs.iftop;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
programs.iftop.enable = lib.mkEnableOption "iftop + setcap wrapper";
|
programs.iftop.enable = lib.mkEnableOption "iftop and setcap wrapper for it";
|
||||||
};
|
};
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
environment.systemPackages = [ pkgs.iftop ];
|
environment.systemPackages = [ pkgs.iftop ];
|
||||||
|
@ -12,7 +18,7 @@ in {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
capabilities = "cap_net_raw+p";
|
capabilities = "cap_net_raw+p";
|
||||||
source = "${pkgs.iftop}/bin/iftop";
|
source = lib.getExe pkgs.iftop;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
56
third_party/nixpkgs/nixos/modules/programs/pay-respects.nix
vendored
Normal file
56
third_party/nixpkgs/nixos/modules/programs/pay-respects.nix
vendored
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
inherit (lib)
|
||||||
|
getExe
|
||||||
|
maintainers
|
||||||
|
mkEnableOption
|
||||||
|
mkIf
|
||||||
|
mkOption
|
||||||
|
types
|
||||||
|
;
|
||||||
|
inherit (types) str;
|
||||||
|
cfg = config.programs.pay-respects;
|
||||||
|
|
||||||
|
initScript =
|
||||||
|
shell:
|
||||||
|
if (shell != "fish") then
|
||||||
|
''
|
||||||
|
eval $(${getExe pkgs.pay-respects} ${shell} --alias ${cfg.alias})
|
||||||
|
''
|
||||||
|
else
|
||||||
|
''
|
||||||
|
${getExe pkgs.pay-respects} ${shell} --alias ${cfg.alias} | source
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
programs.pay-respects = {
|
||||||
|
enable = mkEnableOption "pay-respects, an app which corrects your previous console command";
|
||||||
|
|
||||||
|
alias = mkOption {
|
||||||
|
default = "f";
|
||||||
|
type = str;
|
||||||
|
description = ''
|
||||||
|
`pay-respects` needs an alias to be configured.
|
||||||
|
The default value is `f`, but you can use anything else as well.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ pkgs.pay-respects ];
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
bash.interactiveShellInit = initScript "bash";
|
||||||
|
fish.interactiveShellInit = mkIf config.programs.fish.enable initScript "fish";
|
||||||
|
zsh.interactiveShellInit = mkIf config.programs.zsh.enable initScript "zsh";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
meta.maintainers = with maintainers; [ sigmasquadron ];
|
||||||
|
}
|
36
third_party/nixpkgs/nixos/modules/programs/tcpdump.nix
vendored
Normal file
36
third_party/nixpkgs/nixos/modules/programs/tcpdump.nix
vendored
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.programs.tcpdump;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
programs.tcpdump = {
|
||||||
|
enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to configure a setcap wrapper for tcpdump.
|
||||||
|
To use it, add your user to the `pcap` group.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
security.wrappers.tcpdump = {
|
||||||
|
owner = "root";
|
||||||
|
group = "pcap";
|
||||||
|
capabilities = "cap_net_raw+p";
|
||||||
|
permissions = "u+rx,g+x";
|
||||||
|
source = lib.getExe pkgs.tcpdump;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.pcap = { };
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,8 +1,14 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.programs.traceroute;
|
cfg = config.programs.traceroute;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
programs.traceroute = {
|
programs.traceroute = {
|
||||||
enable = lib.mkOption {
|
enable = lib.mkOption {
|
||||||
|
@ -20,7 +26,7 @@ in {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
capabilities = "cap_net_raw+p";
|
capabilities = "cap_net_raw+p";
|
||||||
source = "${pkgs.traceroute}/bin/traceroute";
|
source = lib.getExe pkgs.traceroute;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.programs.hyprland;
|
cfg = config.programs.hyprland;
|
||||||
|
@ -13,29 +18,53 @@ in
|
||||||
A configuration file will be generated in {file}`~/.config/hypr/hyprland.conf`.
|
A configuration file will be generated in {file}`~/.config/hypr/hyprland.conf`.
|
||||||
See <https://wiki.hyprland.org> for more information'';
|
See <https://wiki.hyprland.org> for more information'';
|
||||||
|
|
||||||
package = lib.mkPackageOption pkgs "hyprland" {
|
package =
|
||||||
extraDescription = ''
|
lib.mkPackageOption pkgs "hyprland" {
|
||||||
If the package is not overridable with `enableXWayland`, then the module option
|
extraDescription = ''
|
||||||
{option}`xwayland` will have no effect.
|
If the package is not overridable with `enableXWayland`, then the module option
|
||||||
'';
|
{option}`xwayland` will have no effect.
|
||||||
} // {
|
'';
|
||||||
apply = p: wayland-lib.genFinalPackage p {
|
}
|
||||||
enableXWayland = cfg.xwayland.enable;
|
// {
|
||||||
|
apply =
|
||||||
|
p:
|
||||||
|
wayland-lib.genFinalPackage p {
|
||||||
|
enableXWayland = cfg.xwayland.enable;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
portalPackage =
|
||||||
|
lib.mkPackageOption pkgs "xdg-desktop-portal-hyprland" {
|
||||||
|
extraDescription = ''
|
||||||
|
If the package is not overridable with `hyprland`, then the Hyprland package
|
||||||
|
used by the portal may differ from the one set in the module option {option}`package`.
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
// {
|
||||||
|
apply =
|
||||||
|
p:
|
||||||
|
wayland-lib.genFinalPackage p {
|
||||||
|
hyprland = cfg.package;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
xwayland.enable = lib.mkEnableOption "XWayland" // {
|
||||||
|
default = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
portalPackage = lib.mkPackageOption pkgs "xdg-desktop-portal-hyprland" {
|
withUWSM = lib.mkEnableOption null // {
|
||||||
extraDescription = ''
|
description = ''
|
||||||
If the package is not overridable with `hyprland`, then the Hyprland package
|
Launch Hyprland with the UWSM (Universal Wayland Session Manager) session manager.
|
||||||
used by the portal may differ from the one set in the module option {option}`package`.
|
This has improved systemd support and is recommended for most users.
|
||||||
'';
|
This automatically starts appropiate targets like `graphical-session.target`,
|
||||||
} // {
|
and `wayland-session@Hyprland.target`.
|
||||||
apply = p: wayland-lib.genFinalPackage p {
|
|
||||||
hyprland = cfg.package;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
xwayland.enable = lib.mkEnableOption "XWayland" // { default = true; };
|
::: {.note}
|
||||||
|
Some changes may need to be made to Hyprland configs depending on your setup, see
|
||||||
|
[Hyprland wiki](https://wiki.hyprland.org/Useful-Utilities/Systemd-start/#uwsm).
|
||||||
|
:::
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
systemd.setPath.enable = lib.mkEnableOption null // {
|
systemd.setPath.enable = lib.mkEnableOption null // {
|
||||||
default = lib.versionOlder cfg.package.version "0.41.2";
|
default = lib.versionOlder cfg.package.version "0.41.2";
|
||||||
|
@ -49,46 +78,65 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable (lib.mkMerge [
|
config = lib.mkIf cfg.enable (
|
||||||
{
|
lib.mkMerge [
|
||||||
environment.systemPackages = [ cfg.package ];
|
{
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
# To make a Hyprland session available if a display manager like SDDM is enabled:
|
xdg.portal = {
|
||||||
services.displayManager.sessionPackages = [ cfg.package ];
|
enable = true;
|
||||||
|
extraPortals = [ cfg.portalPackage ];
|
||||||
|
configPackages = lib.mkDefault [ cfg.package ];
|
||||||
|
};
|
||||||
|
|
||||||
xdg.portal = {
|
systemd = lib.mkIf cfg.systemd.setPath.enable {
|
||||||
enable = true;
|
user.extraConfig = ''
|
||||||
extraPortals = [ cfg.portalPackage ];
|
DefaultEnvironment="PATH=/run/wrappers/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:$PATH"
|
||||||
configPackages = lib.mkDefault [ cfg.package ];
|
'';
|
||||||
};
|
};
|
||||||
|
}
|
||||||
|
|
||||||
systemd = lib.mkIf cfg.systemd.setPath.enable {
|
(lib.mkIf (cfg.withUWSM) {
|
||||||
user.extraConfig = ''
|
programs.uwsm.enable = true;
|
||||||
DefaultEnvironment="PATH=/run/wrappers/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:$PATH"
|
# Configure UWSM to launch Hyprland from a display manager like SDDM
|
||||||
'';
|
programs.uwsm.waylandCompositors = {
|
||||||
};
|
hyprland = {
|
||||||
}
|
prettyName = "Hyprland";
|
||||||
|
comment = "Hyprland compositor managed by UWSM";
|
||||||
|
binPath = "/run/current-system/sw/bin/Hyprland";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(lib.mkIf (!cfg.withUWSM) {
|
||||||
|
# To make a vanilla Hyprland session available in DM
|
||||||
|
services.displayManager.sessionPackages = [ cfg.package ];
|
||||||
|
})
|
||||||
|
|
||||||
(import ./wayland-session.nix {
|
(import ./wayland-session.nix {
|
||||||
inherit lib pkgs;
|
inherit lib pkgs;
|
||||||
enableXWayland = cfg.xwayland.enable;
|
enableXWayland = cfg.xwayland.enable;
|
||||||
enableWlrPortal = lib.mkDefault false; # Hyprland has its own portal, wlr is not needed
|
enableWlrPortal = lib.mkDefault false; # Hyprland has its own portal, wlr is not needed
|
||||||
})
|
})
|
||||||
]);
|
]
|
||||||
|
);
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
(lib.mkRemovedOptionModule
|
(lib.mkRemovedOptionModule [
|
||||||
[ "programs" "hyprland" "xwayland" "hidpi" ]
|
"programs"
|
||||||
"XWayland patches are deprecated. Refer to https://wiki.hyprland.org/Configuring/XWayland"
|
"hyprland"
|
||||||
)
|
"xwayland"
|
||||||
(lib.mkRemovedOptionModule
|
"hidpi"
|
||||||
[ "programs" "hyprland" "enableNvidiaPatches" ]
|
] "XWayland patches are deprecated. Refer to https://wiki.hyprland.org/Configuring/XWayland")
|
||||||
"Nvidia patches are no longer needed"
|
(lib.mkRemovedOptionModule [
|
||||||
)
|
"programs"
|
||||||
(lib.mkRemovedOptionModule
|
"hyprland"
|
||||||
[ "programs" "hyprland" "nvidiaPatches" ]
|
"enableNvidiaPatches"
|
||||||
"Nvidia patches are no longer needed"
|
] "Nvidia patches are no longer needed")
|
||||||
)
|
(lib.mkRemovedOptionModule [
|
||||||
|
"programs"
|
||||||
|
"hyprland"
|
||||||
|
"nvidiaPatches"
|
||||||
|
] "Nvidia patches are no longer needed")
|
||||||
];
|
];
|
||||||
|
|
||||||
meta.maintainers = with lib.maintainers; [ fufexan ];
|
meta.maintainers = with lib.maintainers; [ fufexan ];
|
||||||
|
|
|
@ -64,8 +64,8 @@ in
|
||||||
description = ''
|
description = ''
|
||||||
The package which contains the `yabar` binary.
|
The package which contains the `yabar` binary.
|
||||||
|
|
||||||
Nixpkgs provides the `yabar` and `yabar-unstable`
|
Nixpkgs provides the `yabar` and `yabar-unstable`,
|
||||||
derivations since 18.03, so it's possible to choose.
|
so it's possible to choose.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
2
third_party/nixpkgs/nixos/modules/rename.nix
vendored
|
@ -20,6 +20,7 @@ in
|
||||||
(mkAliasOptionModuleMD [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
|
(mkAliasOptionModuleMD [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
|
||||||
|
|
||||||
# Completely removed modules
|
# Completely removed modules
|
||||||
|
(mkRemovedOptionModule [ "boot" "loader" "raspberryPi" ] "The raspberryPi boot loader has been removed. See https://github.com/NixOS/nixpkgs/pull/241534 for what to use instead.")
|
||||||
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
|
||||||
(mkRemovedOptionModule [ "environment" "noXlibs" ] ''
|
(mkRemovedOptionModule [ "environment" "noXlibs" ] ''
|
||||||
The environment.noXlibs option was removed, as it often caused surprising breakages for new users.
|
The environment.noXlibs option was removed, as it often caused surprising breakages for new users.
|
||||||
|
@ -80,7 +81,6 @@ in
|
||||||
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
|
||||||
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
|
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
|
||||||
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
|
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
|
||||||
(mkRemovedOptionModule [ "services" "globalprotect"] "The corresponding package was removed from nixpkgs.")
|
|
||||||
(mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
|
(mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
|
||||||
(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
|
(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
|
||||||
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
|
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
|
||||||
|
|
|
@ -87,6 +87,8 @@ let
|
||||||
RestrictAddressFamilies = [
|
RestrictAddressFamilies = [
|
||||||
"AF_INET"
|
"AF_INET"
|
||||||
"AF_INET6"
|
"AF_INET6"
|
||||||
|
"AF_UNIX"
|
||||||
|
"AF_NETLINK"
|
||||||
];
|
];
|
||||||
RestrictNamespaces = true;
|
RestrictNamespaces = true;
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
|
|
50
third_party/nixpkgs/nixos/modules/security/soteria.nix
vendored
Normal file
50
third_party/nixpkgs/nixos/modules/security/soteria.nix
vendored
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.security.soteria;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.security.soteria = {
|
||||||
|
enable = lib.mkEnableOption null // {
|
||||||
|
description = ''
|
||||||
|
Whether to enable Soteria, a Polkit authentication agent
|
||||||
|
for any desktop environment.
|
||||||
|
|
||||||
|
::: {.note}
|
||||||
|
You should only enable this if you are on a Desktop Environment that
|
||||||
|
does not provide a graphical polkit authentication agent, or you are on
|
||||||
|
a standalone window manager or Wayland compositor.
|
||||||
|
:::
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
package = lib.mkPackageOption pkgs "soteria" { };
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
security.polkit.enable = true;
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
systemd.user.services.polkit-soteria = {
|
||||||
|
description = "Soteria, Polkit authentication agent for any desktop environment";
|
||||||
|
|
||||||
|
wantedBy = [ "graphical-session.target" ];
|
||||||
|
wants = [ "graphical-session.target" ];
|
||||||
|
after = [ "graphical-session.target" ];
|
||||||
|
|
||||||
|
script = lib.getExe cfg.package;
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "on-failure";
|
||||||
|
RestartSec = 1;
|
||||||
|
TimeoutStopSec = 10;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [ johnrtitor ];
|
||||||
|
}
|
|
@ -12,6 +12,7 @@ let
|
||||||
|
|
||||||
mopidyEnv = buildEnv {
|
mopidyEnv = buildEnv {
|
||||||
name = "mopidy-with-extensions-${mopidy.version}";
|
name = "mopidy-with-extensions-${mopidy.version}";
|
||||||
|
ignoreCollisions = true;
|
||||||
paths = closePropagation cfg.extensionPackages;
|
paths = closePropagation cfg.extensionPackages;
|
||||||
pathsToLink = [ "/${mopidyPackages.python.sitePackages}" ];
|
pathsToLink = [ "/${mopidyPackages.python.sitePackages}" ];
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
|
@ -334,6 +334,12 @@ in
|
||||||
|
|
||||||
environment.etc."my.cnf".source = cfg.configFile;
|
environment.etc."my.cnf".source = cfg.configFile;
|
||||||
|
|
||||||
|
# The mysql_install_db binary will try to adjust the permissions, but fail to do so with a permission
|
||||||
|
# denied error in some circumstances. Setting the permissions manually with tmpfiles is a workaround.
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${cfg.dataDir} 0755 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.mysql = {
|
systemd.services.mysql = {
|
||||||
description = "MySQL Server";
|
description = "MySQL Server";
|
||||||
|
|
||||||
|
|
|
@ -261,8 +261,9 @@ Technically, we'd not want to have EOL'ed packages in a stable NixOS release, wh
|
||||||
Thus:
|
Thus:
|
||||||
- In September/October the new major version will be released and added to nixos-unstable.
|
- In September/October the new major version will be released and added to nixos-unstable.
|
||||||
- In November the last minor version for the oldest major will be released.
|
- In November the last minor version for the oldest major will be released.
|
||||||
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor.
|
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor that will usually be released in November.
|
||||||
- In November, before branch-off for the .11 release, the EOL-ed major will be removed from nixos-unstable.
|
- This is relevant for people who need to use this major for as long as possible. In that case its desirable to be able to pin nixpkgs to a commit that still has it, at the latest minor available.
|
||||||
|
- In November, before branch-off for the .11 release and after the update to the latest minor, the EOL-ed major will be removed from nixos-unstable.
|
||||||
|
|
||||||
This leaves a small gap of a couple of weeks after the latest minor release and the end of our support window for the .05 release, in which there could be an emergency release to other major versions of PostgreSQL - but not the oldest major we have in that branch. In that case: If we can't trivially patch the issue, we will mark the package/version as insecure **immediately**.
|
This leaves a small gap of a couple of weeks after the latest minor release and the end of our support window for the .05 release, in which there could be an emergency release to other major versions of PostgreSQL - but not the oldest major we have in that branch. In that case: If we can't trivially patch the issue, we will mark the package/version as insecure **immediately**.
|
||||||
|
|
||||||
|
@ -292,7 +293,7 @@ postgresql_15.pkgs.pg_partman postgresql_15.pkgs.pgroonga
|
||||||
To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
|
To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
services.postgresql.package = pkgs.postgresql_12;
|
services.postgresql.package = pkgs.postgresql_17;
|
||||||
services.postgresql.extraPlugins = ps: with ps; [
|
services.postgresql.extraPlugins = ps: with ps; [
|
||||||
pg_repack
|
pg_repack
|
||||||
postgis
|
postgis
|
||||||
|
@ -303,7 +304,7 @@ To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
|
||||||
You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like:
|
You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like:
|
||||||
```nix
|
```nix
|
||||||
self: super: {
|
self: super: {
|
||||||
postgresql_custom = self.postgresql_12.withPackages (ps: [
|
postgresql_custom = self.postgresql_17.withPackages (ps: [
|
||||||
ps.pg_repack
|
ps.pg_repack
|
||||||
ps.postgis
|
ps.postgis
|
||||||
]);
|
]);
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib)
|
inherit (lib)
|
||||||
|
any
|
||||||
attrValues
|
attrValues
|
||||||
concatMapStrings
|
concatMapStrings
|
||||||
concatStringsSep
|
concatStringsSep
|
||||||
|
@ -9,6 +10,7 @@ let
|
||||||
elem
|
elem
|
||||||
escapeShellArgs
|
escapeShellArgs
|
||||||
filterAttrs
|
filterAttrs
|
||||||
|
getName
|
||||||
isString
|
isString
|
||||||
literalExpression
|
literalExpression
|
||||||
mapAttrs
|
mapAttrs
|
||||||
|
@ -26,23 +28,24 @@ let
|
||||||
optionalString
|
optionalString
|
||||||
types
|
types
|
||||||
versionAtLeast
|
versionAtLeast
|
||||||
|
warn
|
||||||
;
|
;
|
||||||
|
|
||||||
cfg = config.services.postgresql;
|
cfg = config.services.postgresql;
|
||||||
|
|
||||||
postgresql =
|
# ensure that
|
||||||
let
|
# services.postgresql = {
|
||||||
# ensure that
|
# enableJIT = true;
|
||||||
# services.postgresql = {
|
# package = pkgs.postgresql_<major>;
|
||||||
# enableJIT = true;
|
# };
|
||||||
# package = pkgs.postgresql_<major>;
|
# works.
|
||||||
# };
|
basePackage = if cfg.enableJIT
|
||||||
# works.
|
then cfg.package.withJIT
|
||||||
base = if cfg.enableJIT then cfg.package.withJIT else cfg.package.withoutJIT;
|
else cfg.package.withoutJIT;
|
||||||
in
|
|
||||||
if cfg.extraPlugins == []
|
postgresql = if cfg.extensions == []
|
||||||
then base
|
then basePackage
|
||||||
else base.withPackages cfg.extraPlugins;
|
else basePackage.withPackages cfg.extensions;
|
||||||
|
|
||||||
toStr = value:
|
toStr = value:
|
||||||
if true == value then "yes"
|
if true == value then "yes"
|
||||||
|
@ -60,6 +63,8 @@ let
|
||||||
|
|
||||||
groupAccessAvailable = versionAtLeast postgresql.version "11.0";
|
groupAccessAvailable = versionAtLeast postgresql.version "11.0";
|
||||||
|
|
||||||
|
extensionNames = map getName postgresql.installedExtensions;
|
||||||
|
extensionInstalled = extension: elem extension extensionNames;
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -68,6 +73,7 @@ in
|
||||||
|
|
||||||
(mkRenamedOptionModule [ "services" "postgresql" "logLinePrefix" ] [ "services" "postgresql" "settings" "log_line_prefix" ])
|
(mkRenamedOptionModule [ "services" "postgresql" "logLinePrefix" ] [ "services" "postgresql" "settings" "log_line_prefix" ])
|
||||||
(mkRenamedOptionModule [ "services" "postgresql" "port" ] [ "services" "postgresql" "settings" "port" ])
|
(mkRenamedOptionModule [ "services" "postgresql" "port" ] [ "services" "postgresql" "settings" "port" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "postgresql" "extraPlugins" ] [ "services" "postgresql" "extensions" ])
|
||||||
];
|
];
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
|
@ -371,12 +377,12 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraPlugins = mkOption {
|
extensions = mkOption {
|
||||||
type = with types; coercedTo (listOf path) (path: _ignorePg: path) (functionTo (listOf path));
|
type = with types; coercedTo (listOf path) (path: _ignorePg: path) (functionTo (listOf path));
|
||||||
default = _: [];
|
default = _: [];
|
||||||
example = literalExpression "ps: with ps; [ postgis pg_repack ]";
|
example = literalExpression "ps: with ps; [ postgis pg_repack ]";
|
||||||
description = ''
|
description = ''
|
||||||
List of PostgreSQL plugins.
|
List of PostgreSQL extensions to install.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -484,10 +490,18 @@ in
|
||||||
|
|
||||||
services.postgresql.package = let
|
services.postgresql.package = let
|
||||||
mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version.";
|
mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version.";
|
||||||
|
mkWarn = ver: warn ''
|
||||||
|
The postgresql package is not pinned and selected automatically by
|
||||||
|
`system.stateVersion`. Right now this is `pkgs.postgresql_${ver}`, the
|
||||||
|
oldest postgresql version available and thus the next that will be
|
||||||
|
removed when EOL on the next stable cycle.
|
||||||
|
|
||||||
|
See also https://endoflife.date/postgresql
|
||||||
|
'';
|
||||||
base = if versionAtLeast config.system.stateVersion "24.11" then pkgs.postgresql_16
|
base = if versionAtLeast config.system.stateVersion "24.11" then pkgs.postgresql_16
|
||||||
else if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
|
else if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
|
||||||
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
|
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
|
||||||
else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
|
else if versionAtLeast config.system.stateVersion "21.11" then mkWarn "13" pkgs.postgresql_13
|
||||||
else if versionAtLeast config.system.stateVersion "20.03" then mkThrow "11"
|
else if versionAtLeast config.system.stateVersion "20.03" then mkThrow "11"
|
||||||
else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6"
|
else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6"
|
||||||
else mkThrow "9_5";
|
else mkThrow "9_5";
|
||||||
|
@ -630,7 +644,7 @@ in
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
ProtectHome = true;
|
ProtectHome = true;
|
||||||
ProtectSystem = "strict";
|
ProtectSystem = "strict";
|
||||||
MemoryDenyWriteExecute = lib.mkDefault (cfg.settings.jit == "off");
|
MemoryDenyWriteExecute = lib.mkDefault (cfg.settings.jit == "off" && (!any extensionInstalled [ "plv8" ]));
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
LockPersonality = true;
|
LockPersonality = true;
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
|
@ -654,10 +668,12 @@ in
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
RestrictSUIDSGID = true;
|
RestrictSUIDSGID = true;
|
||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
SystemCallFilter = [
|
SystemCallFilter =
|
||||||
"@system-service"
|
[
|
||||||
"~@privileged @resources"
|
"@system-service"
|
||||||
];
|
"~@privileged @resources"
|
||||||
|
]
|
||||||
|
++ lib.optionals (any extensionInstalled [ "plv8" ]) [ "@pkey" ];
|
||||||
UMask = if groupAccessAvailable then "0027" else "0077";
|
UMask = if groupAccessAvailable then "0027" else "0077";
|
||||||
}
|
}
|
||||||
(mkIf (cfg.dataDir != "/var/lib/postgresql") {
|
(mkIf (cfg.dataDir != "/var/lib/postgresql") {
|
||||||
|
|
|
@ -1,200 +1,258 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.desktopManager.lomiri;
|
cfg = config.services.desktopManager.lomiri;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options.services.desktopManager.lomiri = {
|
options.services.desktopManager.lomiri = {
|
||||||
enable = lib.mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
the Lomiri graphical shell (formerly known as Unity8)
|
the Lomiri graphical shell (formerly known as Unity8)
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
basics = lib.mkOption {
|
||||||
|
internal = true;
|
||||||
|
description = ''
|
||||||
|
Enable basic things for getting Lomiri working.
|
||||||
|
'';
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = config.services.xserver.displayManager.lightdm.greeters.lomiri.enable || cfg.enable;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkMerge [
|
||||||
environment = {
|
# Basics for getting Lomiri to work
|
||||||
systemPackages = (with pkgs; [
|
(lib.mkIf cfg.basics {
|
||||||
glib # XDG MIME-related tools identify it as GNOME, add gio for MIME identification to work
|
environment = {
|
||||||
libayatana-common
|
# To override the default keyboard layout in Lomiri
|
||||||
ubports-click
|
etc.${pkgs.lomiri.lomiri.passthru.etcLayoutsFile}.text = lib.strings.replaceStrings [ "," ] [
|
||||||
]) ++ (with pkgs.lomiri; [
|
"\n"
|
||||||
hfd-service
|
] config.services.xserver.xkb.layout;
|
||||||
history-service
|
|
||||||
libusermetrics
|
|
||||||
lomiri
|
|
||||||
lomiri-calculator-app
|
|
||||||
lomiri-camera-app
|
|
||||||
lomiri-clock-app
|
|
||||||
lomiri-content-hub
|
|
||||||
lomiri-docviewer-app
|
|
||||||
lomiri-download-manager
|
|
||||||
lomiri-filemanager-app
|
|
||||||
lomiri-gallery-app
|
|
||||||
lomiri-polkit-agent
|
|
||||||
lomiri-schemas # exposes some required dbus interfaces
|
|
||||||
lomiri-session # wrappers to properly launch the session
|
|
||||||
lomiri-sounds
|
|
||||||
lomiri-system-settings
|
|
||||||
lomiri-terminal-app
|
|
||||||
lomiri-thumbnailer
|
|
||||||
lomiri-url-dispatcher
|
|
||||||
lomiri-wallpapers
|
|
||||||
mediascanner2 # TODO possibly needs to be kicked off by graphical-session.target
|
|
||||||
morph-browser
|
|
||||||
qtmir # not having its desktop file for Xwayland available causes any X11 application to crash the session
|
|
||||||
suru-icon-theme
|
|
||||||
telephony-service
|
|
||||||
teleports
|
|
||||||
]);
|
|
||||||
|
|
||||||
# To override the default keyboard layout in Lomiri
|
pathsToLink = [
|
||||||
etc.${pkgs.lomiri.lomiri.passthru.etcLayoutsFile}.text = lib.strings.replaceStrings [","] ["\n"] config.services.xserver.xkb.layout;
|
# Data
|
||||||
};
|
"/share/locale" # TODO LUITK hardcoded default locale path, fix individual apps to not rely on it
|
||||||
|
"/share/wallpapers"
|
||||||
|
];
|
||||||
|
|
||||||
hardware = {
|
systemPackages = with pkgs.lomiri; [
|
||||||
bluetooth.enable = lib.mkDefault true;
|
lomiri-wallpapers # default + additional wallpaper
|
||||||
};
|
suru-icon-theme # basic indicator icons
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
networking.networkmanager.enable = lib.mkDefault true;
|
fonts.packages = with pkgs; [
|
||||||
|
ubuntu-classic # Ubuntu is default font
|
||||||
systemd.packages = with pkgs.lomiri; [
|
|
||||||
hfd-service
|
|
||||||
lomiri-download-manager
|
|
||||||
];
|
|
||||||
|
|
||||||
services.dbus.packages = with pkgs.lomiri; [
|
|
||||||
hfd-service
|
|
||||||
libusermetrics
|
|
||||||
lomiri-download-manager
|
|
||||||
];
|
|
||||||
|
|
||||||
fonts.packages = with pkgs; [
|
|
||||||
# Applications tend to default to Ubuntu font
|
|
||||||
ubuntu-classic
|
|
||||||
];
|
|
||||||
|
|
||||||
# Copy-pasted basic stuff
|
|
||||||
hardware.graphics.enable = lib.mkDefault true;
|
|
||||||
fonts.enableDefaultPackages = lib.mkDefault true;
|
|
||||||
programs.dconf.enable = lib.mkDefault true;
|
|
||||||
|
|
||||||
# Xwayland is partly hardcoded in Mir so it can't really be fully turned off, and it must be on PATH for X11 apps *and Lomiri's web browser* to work.
|
|
||||||
# Until Mir/Lomiri can be properly used without it, force it on so everything behaves as expected.
|
|
||||||
programs.xwayland.enable = lib.mkForce true;
|
|
||||||
|
|
||||||
services.accounts-daemon.enable = true;
|
|
||||||
|
|
||||||
services.ayatana-indicators = {
|
|
||||||
enable = true;
|
|
||||||
packages = (with pkgs; [
|
|
||||||
ayatana-indicator-datetime
|
|
||||||
ayatana-indicator-display
|
|
||||||
ayatana-indicator-messages
|
|
||||||
ayatana-indicator-power
|
|
||||||
ayatana-indicator-session
|
|
||||||
] ++ lib.optionals config.hardware.bluetooth.enable [
|
|
||||||
ayatana-indicator-bluetooth
|
|
||||||
] ++ lib.optionals (config.hardware.pulseaudio.enable || config.services.pipewire.pulse.enable) [
|
|
||||||
ayatana-indicator-sound
|
|
||||||
]) ++ (with pkgs.lomiri; [
|
|
||||||
telephony-service
|
|
||||||
] ++ lib.optionals config.networking.networkmanager.enable [
|
|
||||||
lomiri-indicator-network
|
|
||||||
]);
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udisks2.enable = true;
|
|
||||||
services.upower.enable = true;
|
|
||||||
services.geoclue2.enable = true;
|
|
||||||
|
|
||||||
services.gnome.evolution-data-server = {
|
|
||||||
enable = true;
|
|
||||||
plugins = with pkgs; [
|
|
||||||
# TODO: lomiri.address-book-service
|
|
||||||
];
|
];
|
||||||
};
|
|
||||||
|
|
||||||
services.telepathy.enable = true;
|
# Xwayland is partly hardcoded in Mir so it can't really be fully turned off, and it must be on PATH for X11 apps *and Lomiri's web browser* to work.
|
||||||
|
# Until Mir/Lomiri can be properly used without it, force it on so everything behaves as expected.
|
||||||
|
programs.xwayland.enable = lib.mkForce true;
|
||||||
|
|
||||||
services.displayManager = {
|
services.ayatana-indicators = {
|
||||||
defaultSession = lib.mkDefault "lomiri";
|
enable = true;
|
||||||
sessionPackages = with pkgs.lomiri; [ lomiri-session ];
|
packages = (
|
||||||
};
|
with pkgs;
|
||||||
|
[
|
||||||
|
ayatana-indicator-datetime # Clock
|
||||||
|
ayatana-indicator-session # Controls for shutting down etc
|
||||||
|
]
|
||||||
|
);
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
services.xserver = {
|
# Full Lomiri DE
|
||||||
enable = lib.mkDefault true;
|
(lib.mkIf cfg.enable {
|
||||||
displayManager.lightdm = {
|
# We need the basic setup as well
|
||||||
|
services.desktopManager.lomiri.basics = true;
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
systemPackages =
|
||||||
|
(with pkgs; [
|
||||||
|
glib # XDG MIME-related tools identify it as GNOME, add gio for MIME identification to work
|
||||||
|
libayatana-common
|
||||||
|
ubports-click
|
||||||
|
])
|
||||||
|
++ (with pkgs.lomiri; [
|
||||||
|
hfd-service
|
||||||
|
libusermetrics
|
||||||
|
lomiri
|
||||||
|
lomiri-calculator-app
|
||||||
|
lomiri-camera-app
|
||||||
|
lomiri-clock-app
|
||||||
|
lomiri-content-hub
|
||||||
|
lomiri-docviewer-app
|
||||||
|
lomiri-download-manager
|
||||||
|
lomiri-filemanager-app
|
||||||
|
lomiri-gallery-app
|
||||||
|
lomiri-history-service
|
||||||
|
lomiri-polkit-agent
|
||||||
|
lomiri-schemas # exposes some required dbus interfaces
|
||||||
|
lomiri-session # wrappers to properly launch the session
|
||||||
|
lomiri-sounds
|
||||||
|
lomiri-system-settings
|
||||||
|
lomiri-terminal-app
|
||||||
|
lomiri-thumbnailer
|
||||||
|
lomiri-url-dispatcher
|
||||||
|
mediascanner2 # TODO possibly needs to be kicked off by graphical-session.target
|
||||||
|
morph-browser
|
||||||
|
qtmir # not having its desktop file for Xwayland available causes any X11 application to crash the session
|
||||||
|
telephony-service
|
||||||
|
teleports
|
||||||
|
]);
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
bluetooth.enable = lib.mkDefault true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.networkmanager.enable = lib.mkDefault true;
|
||||||
|
|
||||||
|
systemd.packages = with pkgs.lomiri; [
|
||||||
|
hfd-service
|
||||||
|
lomiri-download-manager
|
||||||
|
];
|
||||||
|
|
||||||
|
services.dbus.packages = with pkgs.lomiri; [
|
||||||
|
hfd-service
|
||||||
|
libusermetrics
|
||||||
|
lomiri-download-manager
|
||||||
|
];
|
||||||
|
|
||||||
|
# Copy-pasted basic stuff
|
||||||
|
hardware.graphics.enable = lib.mkDefault true;
|
||||||
|
fonts.enableDefaultPackages = lib.mkDefault true;
|
||||||
|
programs.dconf.enable = lib.mkDefault true;
|
||||||
|
|
||||||
|
services.accounts-daemon.enable = true;
|
||||||
|
|
||||||
|
services.ayatana-indicators = {
|
||||||
|
enable = true;
|
||||||
|
packages =
|
||||||
|
(
|
||||||
|
with pkgs;
|
||||||
|
[
|
||||||
|
ayatana-indicator-display
|
||||||
|
ayatana-indicator-messages
|
||||||
|
ayatana-indicator-power
|
||||||
|
]
|
||||||
|
++ lib.optionals config.hardware.bluetooth.enable [ ayatana-indicator-bluetooth ]
|
||||||
|
++ lib.optionals (config.hardware.pulseaudio.enable || config.services.pipewire.pulse.enable) [
|
||||||
|
ayatana-indicator-sound
|
||||||
|
]
|
||||||
|
)
|
||||||
|
++ (
|
||||||
|
with pkgs.lomiri;
|
||||||
|
[ telephony-service ]
|
||||||
|
++ lib.optionals config.networking.networkmanager.enable [ lomiri-indicator-network ]
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udisks2.enable = true;
|
||||||
|
services.upower.enable = true;
|
||||||
|
services.geoclue2.enable = true;
|
||||||
|
|
||||||
|
services.gnome.evolution-data-server = {
|
||||||
|
enable = true;
|
||||||
|
plugins = with pkgs; [
|
||||||
|
# TODO: lomiri.address-book-service
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.telepathy.enable = true;
|
||||||
|
|
||||||
|
services.displayManager = {
|
||||||
|
defaultSession = lib.mkDefault "lomiri";
|
||||||
|
sessionPackages = with pkgs.lomiri; [ lomiri-session ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.xserver = {
|
||||||
enable = lib.mkDefault true;
|
enable = lib.mkDefault true;
|
||||||
greeters.lomiri.enable = lib.mkDefault true;
|
displayManager.lightdm = {
|
||||||
};
|
enable = lib.mkDefault true;
|
||||||
};
|
greeters.lomiri.enable = lib.mkDefault true;
|
||||||
|
|
||||||
environment.pathsToLink = [
|
|
||||||
# Configs for inter-app data exchange system
|
|
||||||
"/share/lomiri-content-hub/peers"
|
|
||||||
# Configs for inter-app URL requests
|
|
||||||
"/share/lomiri-url-dispatcher/urls"
|
|
||||||
# Splash screens & other images for desktop apps launched via lomiri-app-launch
|
|
||||||
"/share/lomiri-app-launch"
|
|
||||||
# TODO Try to get maliit stuff working
|
|
||||||
"/share/maliit/plugins"
|
|
||||||
# At least the network indicator is still under the unity name, due to leftover Unity-isms
|
|
||||||
"/share/unity"
|
|
||||||
# Data
|
|
||||||
"/share/locale" # TODO LUITK hardcoded default locale path, fix individual apps to not rely on it
|
|
||||||
"/share/sounds"
|
|
||||||
"/share/wallpapers"
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.user.services = {
|
|
||||||
# Unconditionally run service that collects system-installed URL handlers before LUD
|
|
||||||
# TODO also run user-installed one?
|
|
||||||
"lomiri-url-dispatcher-update-system-dir" = {
|
|
||||||
description = "Lomiri URL dispatcher system directory updater";
|
|
||||||
wantedBy = [ "lomiri-url-dispatcher.service" ];
|
|
||||||
before = [ "lomiri-url-dispatcher.service" ];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStart = "${pkgs.lomiri.lomiri-url-dispatcher}/libexec/lomiri-url-dispatcher/lomiri-update-directory /run/current-system/sw/share/lomiri-url-dispatcher/urls/";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
"lomiri-polkit-agent" = rec {
|
environment.pathsToLink = [
|
||||||
description = "Lomiri Polkit agent";
|
# Configs for inter-app data exchange system
|
||||||
wantedBy = [ "lomiri.service" "lomiri-full-greeter.service" "lomiri-full-shell.service" "lomiri-greeter.service" "lomiri-shell.service" ];
|
"/share/lomiri-content-hub/peers"
|
||||||
after = [ "graphical-session.target" ];
|
# Configs for inter-app URL requests
|
||||||
partOf = wantedBy;
|
"/share/lomiri-url-dispatcher/urls"
|
||||||
serviceConfig = {
|
# Splash screens & other images for desktop apps launched via lomiri-app-launch
|
||||||
Type = "simple";
|
"/share/lomiri-app-launch"
|
||||||
Restart = "always";
|
# TODO Try to get maliit stuff working
|
||||||
ExecStart = "${pkgs.lomiri.lomiri-polkit-agent}/libexec/lomiri-polkit-agent/policykit-agent";
|
"/share/maliit/plugins"
|
||||||
|
# At least the network indicator is still under the unity name, due to leftover Unity-isms
|
||||||
|
"/share/unity"
|
||||||
|
# Data
|
||||||
|
"/share/sounds"
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.user.services = {
|
||||||
|
# Unconditionally run service that collects system-installed URL handlers before LUD
|
||||||
|
# TODO also run user-installed one?
|
||||||
|
"lomiri-url-dispatcher-update-system-dir" = {
|
||||||
|
description = "Lomiri URL dispatcher system directory updater";
|
||||||
|
wantedBy = [ "lomiri-url-dispatcher.service" ];
|
||||||
|
before = [ "lomiri-url-dispatcher.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${pkgs.lomiri.lomiri-url-dispatcher}/libexec/lomiri-url-dispatcher/lomiri-update-directory /run/current-system/sw/share/lomiri-url-dispatcher/urls/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"lomiri-polkit-agent" = rec {
|
||||||
|
description = "Lomiri Polkit agent";
|
||||||
|
wantedBy = [
|
||||||
|
"lomiri.service"
|
||||||
|
"lomiri-full-greeter.service"
|
||||||
|
"lomiri-full-shell.service"
|
||||||
|
"lomiri-greeter.service"
|
||||||
|
"lomiri-shell.service"
|
||||||
|
];
|
||||||
|
after = [ "graphical-session.target" ];
|
||||||
|
partOf = wantedBy;
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
|
ExecStart = "${pkgs.lomiri.lomiri-polkit-agent}/libexec/lomiri-polkit-agent/policykit-agent";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
"dbus-com.lomiri.UserMetrics" = {
|
"dbus-com.lomiri.UserMetrics" = {
|
||||||
serviceConfig = {
|
serviceConfig =
|
||||||
Type = "dbus";
|
{
|
||||||
BusName = "com.lomiri.UserMetrics";
|
Type = "dbus";
|
||||||
User = "usermetrics";
|
BusName = "com.lomiri.UserMetrics";
|
||||||
StandardOutput = "syslog";
|
User = "usermetrics";
|
||||||
SyslogIdentifier = "com.lomiri.UserMetrics";
|
StandardOutput = "syslog";
|
||||||
ExecStart = "${pkgs.lomiri.libusermetrics}/libexec/libusermetrics/usermetricsservice";
|
SyslogIdentifier = "com.lomiri.UserMetrics";
|
||||||
} // lib.optionalAttrs (!config.security.apparmor.enable) {
|
ExecStart = "${pkgs.lomiri.libusermetrics}/libexec/libusermetrics/usermetricsservice";
|
||||||
# Due to https://gitlab.com/ubports/development/core/libusermetrics/-/issues/8, auth must be disabled when not using AppArmor, lest the next database usage breaks
|
}
|
||||||
Environment = "USERMETRICS_NO_AUTH=1";
|
// lib.optionalAttrs (!config.security.apparmor.enable) {
|
||||||
|
# Due to https://gitlab.com/ubports/development/core/libusermetrics/-/issues/8, auth must be disabled when not using AppArmor, lest the next database usage breaks
|
||||||
|
Environment = "USERMETRICS_NO_AUTH=1";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
users.users.usermetrics = {
|
users.users.usermetrics = {
|
||||||
group = "usermetrics";
|
group = "usermetrics";
|
||||||
home = "/var/lib/usermetrics";
|
home = "/var/lib/usermetrics";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.usermetrics = { };
|
users.groups.usermetrics = { };
|
||||||
};
|
})
|
||||||
|
];
|
||||||
|
|
||||||
meta.maintainers = lib.teams.lomiri.members;
|
meta.maintainers = lib.teams.lomiri.members;
|
||||||
}
|
}
|
||||||
|
|
|
@ -73,6 +73,7 @@ in {
|
||||||
kguiaddons # provides geo URL handlers
|
kguiaddons # provides geo URL handlers
|
||||||
kiconthemes # provides Qt plugins
|
kiconthemes # provides Qt plugins
|
||||||
kimageformats # provides Qt plugins
|
kimageformats # provides Qt plugins
|
||||||
|
qtimageformats # provides optional image formats such as .webp and .avif
|
||||||
kio # provides helper service + a bunch of other stuff
|
kio # provides helper service + a bunch of other stuff
|
||||||
kio-admin # managing files as admin
|
kio-admin # managing files as admin
|
||||||
kio-extras # stuff for MTP, AFC, etc
|
kio-extras # stuff for MTP, AFC, etc
|
||||||
|
|
|
@ -5,9 +5,6 @@
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
# the demo agent isn't built by default, but we need it here
|
|
||||||
package = pkgs.geoclue2.override { withDemoAgent = config.services.geoclue2.enableDemoAgent; };
|
|
||||||
|
|
||||||
cfg = config.services.geoclue2;
|
cfg = config.services.geoclue2;
|
||||||
|
|
||||||
defaultWhitelist = [ "gnome-shell" "io.elementary.desktop.agent-geoclue2" ];
|
defaultWhitelist = [ "gnome-shell" "io.elementary.desktop.agent-geoclue2" ];
|
||||||
|
@ -132,6 +129,17 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.geoclue2;
|
||||||
|
defaultText = literalExpression "pkgs.geoclue2";
|
||||||
|
apply = pkg: pkg.override {
|
||||||
|
# the demo agent isn't built by default, but we need it here
|
||||||
|
withDemoAgent = cfg.enableDemoAgent;
|
||||||
|
};
|
||||||
|
description = "The geoclue2 package to use";
|
||||||
|
};
|
||||||
|
|
||||||
submitData = mkOption {
|
submitData = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -180,11 +188,11 @@ in
|
||||||
###### implementation
|
###### implementation
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
environment.systemPackages = [ package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
services.dbus.packages = [ package ];
|
services.dbus.packages = [ cfg.package ];
|
||||||
|
|
||||||
systemd.packages = [ package ];
|
systemd.packages = [ cfg.package ];
|
||||||
|
|
||||||
# we cannot use DynamicUser as we need the the geoclue user to exist for the
|
# we cannot use DynamicUser as we need the the geoclue user to exist for the
|
||||||
# dbus policy to work
|
# dbus policy to work
|
||||||
|
@ -223,7 +231,7 @@ in
|
||||||
unitConfig.ConditionUser = "!@system";
|
unitConfig.ConditionUser = "!@system";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "exec";
|
Type = "exec";
|
||||||
ExecStart = "${package}/libexec/geoclue-2.0/demos/agent";
|
ExecStart = "${cfg.package}/libexec/geoclue-2.0/demos/agent";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -37,7 +37,7 @@ If you want to prevent Athens from writing to disk, you can instead configure it
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
To use the local proxy in Go builds, you can set the proxy as environment variable:
|
To use the local proxy in Go builds (outside of `nix`), you can set the proxy as environment variable:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
|
@ -47,6 +47,21 @@ To use the local proxy in Go builds, you can set the proxy as environment variab
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
It is currently not possible to use the local proxy for builds done by the Nix daemon. This might be enabled
|
To also use the local proxy for Go builds happening in `nix` (with `buildGoModule`), the nix daemon can be configured to pass the GOPROXY environment variable to the `goModules` fixed-output derivation.
|
||||||
by experimental features, specifically [`configurable-impure-env`](https://nixos.org/manual/nix/unstable/contributing/experimental-features#xp-feature-configurable-impure-env),
|
|
||||||
in upcoming Nix versions.
|
This can either be done via the nix-daemon systemd unit:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
systemd.services.nix-daemon.environment.GOPROXY = "http://localhost:3000";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
or via the [impure-env experimental feature](https://nix.dev/manual/nix/2.24/command-ref/conf-file#conf-impure-env):
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
nix.settings.experimental-features = [ "configurable-impure-env" ];
|
||||||
|
nix.settings.impure-env = "GOPROXY=http://localhost:3000";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
45
third_party/nixpkgs/nixos/modules/services/hardware/g810-led.nix
vendored
Normal file
45
third_party/nixpkgs/nixos/modules/services/hardware/g810-led.nix
vendored
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.g810-led;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.g810-led = {
|
||||||
|
enable = lib.mkEnableOption "g810-led, a Linux LED controller for some Logitech G Keyboards";
|
||||||
|
|
||||||
|
package = lib.mkPackageOption pkgs "g810-led" { };
|
||||||
|
|
||||||
|
profile = lib.mkOption {
|
||||||
|
type = lib.types.nullOr lib.types.lines;
|
||||||
|
default = null;
|
||||||
|
example = ''
|
||||||
|
# G810-LED Profile (turn all keys on)
|
||||||
|
|
||||||
|
# Set all keys on
|
||||||
|
a ffffff
|
||||||
|
|
||||||
|
# Commit changes
|
||||||
|
c
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
Keyboard profile to apply at boot time.
|
||||||
|
|
||||||
|
The upstream repository provides [example configurations](https://github.com/MatMoul/g810-led/tree/master/sample_profiles).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
environment.etc."g810-led/profile".text = lib.mkIf (cfg.profile != null) cfg.profile;
|
||||||
|
|
||||||
|
services.udev.packages = [ cfg.package ];
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [ GaetanLepage ];
|
||||||
|
}
|
|
@ -11,6 +11,11 @@ in
|
||||||
enable = mkEnableOption "Handheld Daemon";
|
enable = mkEnableOption "Handheld Daemon";
|
||||||
package = mkPackageOption pkgs "handheld-daemon" { };
|
package = mkPackageOption pkgs "handheld-daemon" { };
|
||||||
|
|
||||||
|
ui = {
|
||||||
|
enable = mkEnableOption "Handheld Daemon UI";
|
||||||
|
package = mkPackageOption pkgs "handheld-daemon-ui" { };
|
||||||
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -20,7 +25,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ cfg.package ];
|
services.handheld-daemon.ui.enable = mkDefault true;
|
||||||
|
environment.systemPackages = [
|
||||||
|
cfg.package
|
||||||
|
] ++ lib.optional cfg.ui.enable cfg.ui.package;
|
||||||
services.udev.packages = [ cfg.package ];
|
services.udev.packages = [ cfg.package ];
|
||||||
systemd.packages = [ cfg.package ];
|
systemd.packages = [ cfg.package ];
|
||||||
|
|
||||||
|
@ -31,6 +39,11 @@ in
|
||||||
|
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
|
|
||||||
|
path = mkIf cfg.ui.enable [
|
||||||
|
cfg.ui.package
|
||||||
|
pkgs.lsof
|
||||||
|
];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${ lib.getExe cfg.package } --user ${ cfg.user }";
|
ExecStart = "${ lib.getExe cfg.package } --user ${ cfg.user }";
|
||||||
Nice = "-12";
|
Nice = "-12";
|
||||||
|
|
|
@ -18,6 +18,8 @@ in
|
||||||
|
|
||||||
enable = lib.mkEnableOption "udisks2, a DBus service that allows applications to query and manipulate storage devices";
|
enable = lib.mkEnableOption "udisks2, a DBus service that allows applications to query and manipulate storage devices";
|
||||||
|
|
||||||
|
package = lib.mkPackageOption pkgs "udisks2" {};
|
||||||
|
|
||||||
mountOnMedia = lib.mkOption {
|
mountOnMedia = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -67,11 +69,11 @@ in
|
||||||
|
|
||||||
config = lib.mkIf config.services.udisks2.enable {
|
config = lib.mkIf config.services.udisks2.enable {
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.udisks2 ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
environment.etc = (lib.mapAttrs' (name: value: lib.nameValuePair "udisks2/${name}" { source = value; } ) configFiles) // (
|
environment.etc = (lib.mapAttrs' (name: value: lib.nameValuePair "udisks2/${name}" { source = value; } ) configFiles) // (
|
||||||
let
|
let
|
||||||
libblockdev = pkgs.udisks2.libblockdev;
|
libblockdev = cfg.package.libblockdev;
|
||||||
majorVer = lib.versions.major libblockdev.version;
|
majorVer = lib.versions.major libblockdev.version;
|
||||||
in {
|
in {
|
||||||
# We need to make sure /etc/libblockdev/@major_ver@/conf.d is populated to avoid
|
# We need to make sure /etc/libblockdev/@major_ver@/conf.d is populated to avoid
|
||||||
|
@ -82,18 +84,18 @@ in
|
||||||
|
|
||||||
security.polkit.enable = true;
|
security.polkit.enable = true;
|
||||||
|
|
||||||
services.dbus.packages = [ pkgs.udisks2 ];
|
services.dbus.packages = [ cfg.package ];
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ]
|
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ]
|
||||||
++ lib.optional cfg.mountOnMedia "D! /media 0755 root root -";
|
++ lib.optional cfg.mountOnMedia "D! /media 0755 root root -";
|
||||||
|
|
||||||
services.udev.packages = [ pkgs.udisks2 ];
|
services.udev.packages = [ cfg.package ];
|
||||||
|
|
||||||
services.udev.extraRules = lib.optionalString cfg.mountOnMedia ''
|
services.udev.extraRules = lib.optionalString cfg.mountOnMedia ''
|
||||||
ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_FILESYSTEM_SHARED}="1"
|
ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_FILESYSTEM_SHARED}="1"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
systemd.packages = [ pkgs.udisks2 ];
|
systemd.packages = [ cfg.package ];
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -142,18 +142,10 @@ in
|
||||||
CapabilityBoundingSet = "";
|
CapabilityBoundingSet = "";
|
||||||
DeviceAllow = if builtins.elem options.device [ "cuda" "auto" ] then [
|
DeviceAllow = if builtins.elem options.device [ "cuda" "auto" ] then [
|
||||||
# https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf
|
# https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf
|
||||||
# CUDA not working? Check DeviceAllow and PrivateDevices first!
|
"char-nvidia-uvm"
|
||||||
"/dev/nvidia0"
|
"char-nvidia-frontend"
|
||||||
"/dev/nvidia1"
|
"char-nvidia-caps"
|
||||||
"/dev/nvidia2"
|
"char-nvidiactl"
|
||||||
"/dev/nvidia3"
|
|
||||||
"/dev/nvidia4"
|
|
||||||
"/dev/nvidia-caps/nvidia-cap1"
|
|
||||||
"/dev/nvidia-caps/nvidia-cap2"
|
|
||||||
"/dev/nvidiactl"
|
|
||||||
"/dev/nvidia-modeset"
|
|
||||||
"/dev/nvidia-uvm"
|
|
||||||
"/dev/nvidia-uvm-tools"
|
|
||||||
] else "";
|
] else "";
|
||||||
DevicePolicy = "closed";
|
DevicePolicy = "closed";
|
||||||
LockPersonality = true;
|
LockPersonality = true;
|
||||||
|
|
|
@ -76,9 +76,7 @@ in
|
||||||
|
|
||||||
# Hardening
|
# Hardening
|
||||||
CapabilityBoundingSet = "";
|
CapabilityBoundingSet = "";
|
||||||
DeviceAllow = [
|
DeviceAllow = lib.optionals (lib.hasPrefix "/" cfg.settings.serial.port) [ cfg.settings.serial.port ];
|
||||||
config.services.zigbee2mqtt.settings.serial.port
|
|
||||||
];
|
|
||||||
DevicePolicy = "closed";
|
DevicePolicy = "closed";
|
||||||
LockPersonality = true;
|
LockPersonality = true;
|
||||||
MemoryDenyWriteExecute = false;
|
MemoryDenyWriteExecute = false;
|
||||||
|
|
|
@ -27,7 +27,7 @@ in
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
# for cli usage
|
# for cli usage
|
||||||
environment.systemPackages = [ pkgs.vector ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
systemd.services.vector = {
|
systemd.services.vector = {
|
||||||
description = "Vector event and log aggregator";
|
description = "Vector event and log aggregator";
|
||||||
|
@ -40,7 +40,7 @@ in
|
||||||
conf = format.generate "vector.toml" cfg.settings;
|
conf = format.generate "vector.toml" cfg.settings;
|
||||||
validateConfig = file:
|
validateConfig = file:
|
||||||
pkgs.runCommand "validate-vector-conf" {
|
pkgs.runCommand "validate-vector-conf" {
|
||||||
nativeBuildInputs = [ pkgs.vector ];
|
nativeBuildInputs = [ cfg.package ];
|
||||||
} ''
|
} ''
|
||||||
vector validate --no-environment "${file}"
|
vector validate --no-environment "${file}"
|
||||||
ln -s "${file}" "$out"
|
ln -s "${file}" "$out"
|
||||||
|
|
|
@ -18,7 +18,7 @@ in
|
||||||
type = lib.types.listOf lib.types.path;
|
type = lib.types.listOf lib.types.path;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = lib.literalExpression "with pkgs; [ pass gnome-keyring ]";
|
example = lib.literalExpression "with pkgs; [ pass gnome-keyring ]";
|
||||||
description = "List of derivations to put in protonmail-bride's path.";
|
description = "List of derivations to put in protonmail-bridge's path.";
|
||||||
};
|
};
|
||||||
|
|
||||||
logLevel = lib.mkOption {
|
logLevel = lib.mkOption {
|
||||||
|
|
|
@ -7,7 +7,7 @@ let
|
||||||
stateDir = "/var/lib/public-inbox";
|
stateDir = "/var/lib/public-inbox";
|
||||||
|
|
||||||
gitIni = pkgs.formats.gitIni { listsAsDuplicateKeys = true; };
|
gitIni = pkgs.formats.gitIni { listsAsDuplicateKeys = true; };
|
||||||
iniAtom = elemAt gitIni.type/*attrsOf*/.functor.wrapped/*attrsOf*/.functor.wrapped/*either*/.functor.wrapped 0;
|
iniAtom = gitIni.lib.types.atom;
|
||||||
|
|
||||||
useSpamAssassin = cfg.settings.publicinboxmda.spamcheck == "spamc" ||
|
useSpamAssassin = cfg.settings.publicinboxmda.spamcheck == "spamc" ||
|
||||||
cfg.settings.publicinboxwatch.spamcheck == "spamc";
|
cfg.settings.publicinboxwatch.spamcheck == "spamc";
|
||||||
|
|
125
third_party/nixpkgs/nixos/modules/services/misc/duckdns.nix
vendored
Normal file
125
third_party/nixpkgs/nixos/modules/services/misc/duckdns.nix
vendored
Normal file
|
@ -0,0 +1,125 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.duckdns;
|
||||||
|
duckdns = pkgs.writeShellScriptBin "duckdns" ''
|
||||||
|
DRESPONSE=$(curl -sS --max-time 60 --no-progress-meter -k -K- <<< "url = \"https://www.duckdns.org/update?verbose=true&domains=$DUCKDNS_DOMAINS&token=$DUCKDNS_TOKEN&ip=\"")
|
||||||
|
IPV4=$(echo "$DRESPONSE" | awk 'NR==2')
|
||||||
|
IPV6=$(echo "$DRESPONSE" | awk 'NR==3')
|
||||||
|
RESPONSE=$(echo "$DRESPONSE" | awk 'NR==1')
|
||||||
|
IPCHANGE=$(echo "$DRESPONSE" | awk 'NR==4')
|
||||||
|
|
||||||
|
if [[ "$RESPONSE" = "OK" ]] && [[ "$IPCHANGE" = "UPDATED" ]]; then
|
||||||
|
if [[ "$IPV4" != "" ]] && [[ "$IPV6" == "" ]]; then
|
||||||
|
echo "Your IP was updated at $(date) to IPv4: $IPV4"
|
||||||
|
elif [[ "$IPV4" == "" ]] && [[ "$IPV6" != "" ]]; then
|
||||||
|
echo "Your IP was updated at $(date) to IPv6: $IPV6"
|
||||||
|
else
|
||||||
|
echo "Your IP was updated at $(date) to IPv4: $IPV4 & IPv6 to: $IPV6"
|
||||||
|
fi
|
||||||
|
elif [[ "$RESPONSE" = "OK" ]] && [[ "$IPCHANGE" = "NOCHANGE" ]]; then
|
||||||
|
echo "DuckDNS request at $(date) successful. IP(s) unchanged."
|
||||||
|
else
|
||||||
|
echo -e "Something went wrong, please check your settings\nThe response returned was:\n$DRESPONSE\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.duckdns = {
|
||||||
|
enable = lib.mkEnableOption "DuckDNS Dynamic DNS Client";
|
||||||
|
tokenFile = lib.mkOption {
|
||||||
|
default = null;
|
||||||
|
type = lib.types.path;
|
||||||
|
description = ''
|
||||||
|
The path to a file containing the token
|
||||||
|
used to authenticate with DuckDNS.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
domains = lib.mkOption {
|
||||||
|
default = null;
|
||||||
|
type = lib.types.nullOr (lib.types.listOf lib.types.str);
|
||||||
|
example = [ "examplehost" ];
|
||||||
|
description = ''
|
||||||
|
The domain(s) to update in DuckDNS
|
||||||
|
(without the .duckdns.org suffix)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
domainsFile = lib.mkOption {
|
||||||
|
default = null;
|
||||||
|
type = lib.types.nullOr lib.types.path;
|
||||||
|
example = lib.literalExpression ''
|
||||||
|
pkgs.writeText "duckdns-domains.txt" '''
|
||||||
|
examplehost
|
||||||
|
examplehost2
|
||||||
|
examplehost3
|
||||||
|
'''
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
The path to a file containing a
|
||||||
|
newline-separated list of DuckDNS
|
||||||
|
domain(s) to be updated
|
||||||
|
(without the .duckdns.org suffix)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = cfg.domains != null || cfg.domainsFile != null;
|
||||||
|
message = "Either services.duckdns.domains or services.duckdns.domainsFile has to be defined";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
assertion = !(cfg.domains != null && cfg.domainsFile != null);
|
||||||
|
message = "services.duckdns.domains and services.duckdns.domainsFile can't both be defined at the same time";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
assertion = (cfg.tokenFile != null);
|
||||||
|
message = "services.duckdns.tokenFile has to be defined";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = [ duckdns ];
|
||||||
|
|
||||||
|
systemd.services.duckdns = {
|
||||||
|
description = "DuckDNS Dynamic DNS Client";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
startAt = "*:0/5";
|
||||||
|
path = [
|
||||||
|
pkgs.gnused
|
||||||
|
pkgs.systemd
|
||||||
|
pkgs.curl
|
||||||
|
pkgs.gawk
|
||||||
|
duckdns
|
||||||
|
];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
LoadCredential = [
|
||||||
|
"DUCKDNS_TOKEN_FILE:${cfg.tokenFile}"
|
||||||
|
] ++ lib.optionals (cfg.domainsFile != null) [ "DUCKDNS_DOMAINS_FILE:${cfg.domainsFile}" ];
|
||||||
|
DynamicUser = true;
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
export DUCKDNS_TOKEN=$(systemd-creds cat DUCKDNS_TOKEN_FILE)
|
||||||
|
${lib.optionalString (cfg.domains != null) ''
|
||||||
|
export DUCKDNS_DOMAINS='${lib.strings.concatStringsSep "," cfg.domains}'
|
||||||
|
''}
|
||||||
|
${lib.optionalString (cfg.domainsFile != null) ''
|
||||||
|
export DUCKDNS_DOMAINS=$(systemd-creds cat DUCKDNS_DOMAINS_FILE | sed -z 's/\n/,/g')
|
||||||
|
''}
|
||||||
|
exec ${lib.getExe duckdns}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [ notthebee ];
|
||||||
|
}
|
167
third_party/nixpkgs/nixos/modules/services/misc/evremap.nix
vendored
Normal file
167
third_party/nixpkgs/nixos/modules/services/misc/evremap.nix
vendored
Normal file
|
@ -0,0 +1,167 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.evremap;
|
||||||
|
format = pkgs.formats.toml { };
|
||||||
|
|
||||||
|
key = lib.types.strMatching "KEY_[[:upper:]]+" // {
|
||||||
|
description = "key ID prefixed with KEY_";
|
||||||
|
};
|
||||||
|
|
||||||
|
mkKeyOption =
|
||||||
|
description:
|
||||||
|
lib.mkOption {
|
||||||
|
type = key;
|
||||||
|
description = ''
|
||||||
|
${description}
|
||||||
|
|
||||||
|
You can get a list of keys by running `evremap list-keys`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
mkKeySeqOption =
|
||||||
|
description:
|
||||||
|
(mkKeyOption description)
|
||||||
|
// {
|
||||||
|
type = lib.types.listOf key;
|
||||||
|
};
|
||||||
|
|
||||||
|
dualRoleModule = lib.types.submodule {
|
||||||
|
options = {
|
||||||
|
input = mkKeyOption "The key that should be remapped.";
|
||||||
|
hold = mkKeySeqOption "The key sequence that should be output when the input key is held.";
|
||||||
|
tap = mkKeySeqOption "The key sequence that should be output when the input key is tapped.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
remapModule = lib.types.submodule {
|
||||||
|
options = {
|
||||||
|
input = mkKeySeqOption "The key sequence that should be remapped.";
|
||||||
|
output = mkKeySeqOption "The key sequence that should be output when the input sequence is entered.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.evremap = {
|
||||||
|
enable = lib.mkEnableOption "evremap, a keyboard input remapper for Linux/Wayland systems";
|
||||||
|
|
||||||
|
settings = lib.mkOption {
|
||||||
|
type = lib.types.submodule {
|
||||||
|
freeformType = format.type;
|
||||||
|
|
||||||
|
options = {
|
||||||
|
device_name = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
example = "AT Translated Set 2 keyboard";
|
||||||
|
description = ''
|
||||||
|
The name of the device that should be remapped.
|
||||||
|
|
||||||
|
You can get a list of devices by running `evremap list-devices` with elevated permissions.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
dual_role = lib.mkOption {
|
||||||
|
type = lib.types.listOf dualRoleModule;
|
||||||
|
default = [ ];
|
||||||
|
example = [
|
||||||
|
{
|
||||||
|
input = "KEY_CAPSLOCK";
|
||||||
|
hold = [ "KEY_LEFTCTRL" ];
|
||||||
|
tap = [ "KEY_ESC" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
description = ''
|
||||||
|
List of dual-role remappings that output different key sequences based on whether the
|
||||||
|
input key is held or tapped.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
remap = lib.mkOption {
|
||||||
|
type = lib.types.listOf remapModule;
|
||||||
|
default = [ ];
|
||||||
|
example = [
|
||||||
|
{
|
||||||
|
input = [
|
||||||
|
"KEY_LEFTALT"
|
||||||
|
"KEY_UP"
|
||||||
|
];
|
||||||
|
output = [ "KEY_PAGEUP" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
description = ''
|
||||||
|
List of remappings.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
description = ''
|
||||||
|
Settings for evremap.
|
||||||
|
|
||||||
|
See the [upstream documentation](https://github.com/wez/evremap/blob/master/README.md#configuration)
|
||||||
|
for how to configure evremap.
|
||||||
|
'';
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ pkgs.evremap ];
|
||||||
|
|
||||||
|
hardware.uinput.enable = true;
|
||||||
|
|
||||||
|
systemd.services.evremap = {
|
||||||
|
description = "evremap - keyboard input remapper";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
script = "${lib.getExe pkgs.evremap} remap ${format.generate "evremap.toml" cfg.settings}";
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
DynamicUser = true;
|
||||||
|
User = "evremap";
|
||||||
|
SupplementaryGroups = [
|
||||||
|
config.users.groups.input.name
|
||||||
|
config.users.groups.uinput.name
|
||||||
|
];
|
||||||
|
Restart = "on-failure";
|
||||||
|
RestartSec = 5;
|
||||||
|
TimeoutSec = 20;
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectHome = true;
|
||||||
|
ProcSubset = "pid";
|
||||||
|
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateNetwork = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictAddressFamilies = "none";
|
||||||
|
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
LockPersonality = true;
|
||||||
|
IPAddressDeny = "any";
|
||||||
|
AmbientCapabilities = "";
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"~@resources"
|
||||||
|
"~@privileged"
|
||||||
|
];
|
||||||
|
UMask = "0027";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
20
third_party/nixpkgs/nixos/modules/services/monitoring/glances.md
vendored
Normal file
20
third_party/nixpkgs/nixos/modules/services/monitoring/glances.md
vendored
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# Glances {#module-serives-glances}
|
||||||
|
|
||||||
|
Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS
|
||||||
|
and Windows operating systems.
|
||||||
|
|
||||||
|
Visit [the Glances project page](https://github.com/nicolargo/glances) to learn
|
||||||
|
more about it.
|
||||||
|
|
||||||
|
# Quickstart {#module-serives-glances-quickstart}
|
||||||
|
|
||||||
|
Use the following configuration to start a public instance of Glances locally:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
services.glances = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
```
|
110
third_party/nixpkgs/nixos/modules/services/monitoring/glances.nix
vendored
Normal file
110
third_party/nixpkgs/nixos/modules/services/monitoring/glances.nix
vendored
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
utils,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.glances;
|
||||||
|
|
||||||
|
inherit (lib)
|
||||||
|
getExe
|
||||||
|
maintainers
|
||||||
|
mkEnableOption
|
||||||
|
mkOption
|
||||||
|
mkIf
|
||||||
|
mkPackageOption
|
||||||
|
;
|
||||||
|
|
||||||
|
inherit (lib.types)
|
||||||
|
bool
|
||||||
|
listOf
|
||||||
|
port
|
||||||
|
str
|
||||||
|
;
|
||||||
|
|
||||||
|
inherit (utils)
|
||||||
|
escapeSystemdExecArgs
|
||||||
|
;
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.glances = {
|
||||||
|
enable = mkEnableOption "Glances";
|
||||||
|
|
||||||
|
package = mkPackageOption pkgs "glances" { };
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
description = "Port the server will isten on.";
|
||||||
|
type = port;
|
||||||
|
default = 61208;
|
||||||
|
};
|
||||||
|
|
||||||
|
openFirewall = mkOption {
|
||||||
|
description = "Open port in the firewall for glances.";
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraArgs = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default = [ "--webserver" ];
|
||||||
|
example = [
|
||||||
|
"--webserver"
|
||||||
|
"--disable-webui"
|
||||||
|
];
|
||||||
|
description = ''
|
||||||
|
Extra command-line arguments to pass to glances.
|
||||||
|
|
||||||
|
See https://glances.readthedocs.io/en/latest/cmds.html for all available options.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
systemd.services."glances" = {
|
||||||
|
description = "Glances";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
DynamicUser = true;
|
||||||
|
ExecStart = "${getExe cfg.package} --port ${toString cfg.port} ${escapeSystemdExecArgs cfg.extraArgs}";
|
||||||
|
Restart = "on-failure";
|
||||||
|
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
ProtectSystem = "full";
|
||||||
|
ProtectHome = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
RestrictAddressFamilies = [
|
||||||
|
"AF_INET"
|
||||||
|
"AF_INET6"
|
||||||
|
"AF_NETLINK"
|
||||||
|
"AF_UNIX"
|
||||||
|
];
|
||||||
|
LockPersonality = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ReadWritePaths = [ "/var/log" ];
|
||||||
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
|
SystemCallFilter = [ "@system-service" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = with maintainers; [ claha ];
|
||||||
|
}
|
|
@ -255,6 +255,7 @@ in
|
||||||
Grafana settings. See <https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/>
|
Grafana settings. See <https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/>
|
||||||
for available options. INI format is used.
|
for available options. INI format is used.
|
||||||
'';
|
'';
|
||||||
|
default = { };
|
||||||
type = types.submodule {
|
type = types.submodule {
|
||||||
freeformType = settingsFormatIni.type;
|
freeformType = settingsFormatIni.type;
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,11 @@ in
|
||||||
|
|
||||||
package = lib.mkPackageOption pkgs "clatd" { };
|
package = lib.mkPackageOption pkgs "clatd" { };
|
||||||
|
|
||||||
|
enableNetworkManagerIntegration = lib.mkEnableOption "NetworkManager integration" // {
|
||||||
|
default = config.networking.networkmanager.enable;
|
||||||
|
defaultText = "config.networking.networkmanager.enable";
|
||||||
|
};
|
||||||
|
|
||||||
settings = lib.mkOption {
|
settings = lib.mkOption {
|
||||||
type = lib.types.submodule ({ name, ... }: {
|
type = lib.types.submodule ({ name, ... }: {
|
||||||
freeformType = settingsFormat.type;
|
freeformType = settingsFormat.type;
|
||||||
|
@ -75,5 +80,17 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.networkmanager.dispatcherScripts = cfg.enableNetworkManagerIntegration [
|
||||||
|
{
|
||||||
|
type = "basic";
|
||||||
|
# https://github.com/toreanderson/clatd/blob/master/scripts/clatd.networkmanager
|
||||||
|
source = pkgs.writeShellScript "restart-clatd" ''
|
||||||
|
[ "$DEVICE_IFACE" = "clat" ] && exit 0
|
||||||
|
[ "$2" != "up" ] && [ "$2" != "down" ] && exit 0
|
||||||
|
${pkgs.systemd}/bin/systemctl restart clatd.service
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
62
third_party/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix
vendored
Normal file
62
third_party/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix
vendored
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.globalprotect;
|
||||||
|
|
||||||
|
execStart =
|
||||||
|
if cfg.csdWrapper == null then
|
||||||
|
"${pkgs.globalprotect-openconnect}/bin/gpservice"
|
||||||
|
else
|
||||||
|
"${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.services.globalprotect = {
|
||||||
|
enable = lib.mkEnableOption "globalprotect";
|
||||||
|
|
||||||
|
settings = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
GlobalProtect-openconnect configuration. For more information, visit
|
||||||
|
<https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>.
|
||||||
|
'';
|
||||||
|
default = { };
|
||||||
|
example = {
|
||||||
|
"vpn1.company.com" = {
|
||||||
|
openconnect-args = "--script=/path/to/vpnc-script";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
type = lib.types.attrs;
|
||||||
|
};
|
||||||
|
|
||||||
|
csdWrapper = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
A script that will produce a Host Integrity Protection (HIP) report,
|
||||||
|
as described at <https://www.infradead.org/openconnect/hip.html>
|
||||||
|
'';
|
||||||
|
default = null;
|
||||||
|
example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"'';
|
||||||
|
type = lib.types.nullOr lib.types.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.dbus.packages = [ pkgs.globalprotect-openconnect ];
|
||||||
|
|
||||||
|
environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;
|
||||||
|
|
||||||
|
systemd.services.gpservice = {
|
||||||
|
description = "GlobalProtect openconnect DBus service";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "dbus";
|
||||||
|
BusName = "com.yuezk.qt.GPService";
|
||||||
|
ExecStart = execStart;
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,7 +9,7 @@ let
|
||||||
cfg = config.services.magic-wormhole-mailbox-server;
|
cfg = config.services.magic-wormhole-mailbox-server;
|
||||||
# keep semicolon in dataDir for backward compatibility
|
# keep semicolon in dataDir for backward compatibility
|
||||||
dataDir = "/var/lib/magic-wormhole-mailbox-server;";
|
dataDir = "/var/lib/magic-wormhole-mailbox-server;";
|
||||||
python = pkgs.python311.withPackages (
|
python = pkgs.python3.withPackages (
|
||||||
py: with py; [
|
py: with py; [
|
||||||
magic-wormhole-mailbox-server
|
magic-wormhole-mailbox-server
|
||||||
twisted
|
twisted
|
||||||
|
|
|
@ -21,6 +21,8 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
options.services.minidlna.package = lib.mkPackageOption pkgs "minidlna" { };
|
||||||
|
|
||||||
options.services.minidlna.openFirewall = mkOption {
|
options.services.minidlna.openFirewall = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -141,7 +143,7 @@ in
|
||||||
CacheDirectory = "minidlna";
|
CacheDirectory = "minidlna";
|
||||||
RuntimeDirectory = "minidlna";
|
RuntimeDirectory = "minidlna";
|
||||||
PIDFile = "/run/minidlna/pid";
|
PIDFile = "/run/minidlna/pid";
|
||||||
ExecStart = "${pkgs.minidlna}/sbin/minidlnad -S -P /run/minidlna/pid -f ${settingsFile}";
|
ExecStart = "${lib.getExe cfg.package} -S -P /run/minidlna/pid -f ${settingsFile}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -27,6 +27,8 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
package = lib.options.mkPackageOption pkgs "shairport-sync" { };
|
||||||
|
|
||||||
arguments = mkOption {
|
arguments = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "-v -o pa";
|
default = "-v -o pa";
|
||||||
|
@ -100,12 +102,12 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync ${cfg.arguments}";
|
ExecStart = "${lib.getExe cfg.package} ${cfg.arguments}";
|
||||||
RuntimeDirectory = "shairport-sync";
|
RuntimeDirectory = "shairport-sync";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.shairport-sync ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -186,6 +186,7 @@ in
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
User = "spiped";
|
User = "spiped";
|
||||||
};
|
};
|
||||||
|
stopIfChanged = false;
|
||||||
|
|
||||||
scriptArgs = "%i";
|
scriptArgs = "%i";
|
||||||
script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/$1.spec`";
|
script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/$1.spec`";
|
||||||
|
|
|
@ -83,6 +83,7 @@ in
|
||||||
systemd.services.teleport = {
|
systemd.services.teleport = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
path = with pkgs; [ getent shadow sudo ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/teleport start \
|
${cfg.package}/bin/teleport start \
|
||||||
|
|
|
@ -1,10 +1,12 @@
|
||||||
{ config, options, pkgs, lib, ... }:
|
{ config, options, pkgs, lib, ... }:
|
||||||
with lib;
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) concatStringsSep literalExpression makeLibraryPath mkEnableOption
|
||||||
|
mkForce mkIf mkOption mkPackageOption mkRemovedOptionModule optional types;
|
||||||
|
|
||||||
cfg = config.services.aesmd;
|
cfg = config.services.aesmd;
|
||||||
opt = options.services.aesmd;
|
opt = options.services.aesmd;
|
||||||
|
|
||||||
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
|
sgx-psw = cfg.package;
|
||||||
|
|
||||||
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
|
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
|
||||||
concatStringsSep "\n" (
|
concatStringsSep "\n" (
|
||||||
|
@ -18,13 +20,17 @@ let
|
||||||
);
|
);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
imports = [
|
||||||
|
(mkRemovedOptionModule [ "debug" ] ''
|
||||||
|
Enable debug mode by overriding the aesmd package directly:
|
||||||
|
|
||||||
|
services.aesmd.package = pkgs.sgx-psw.override { debug = true; };
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
|
||||||
options.services.aesmd = {
|
options.services.aesmd = {
|
||||||
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
|
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
|
||||||
debug = mkOption {
|
package = mkPackageOption pkgs "sgx-psw" { };
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "Whether to build the PSW package in debug mode.";
|
|
||||||
};
|
|
||||||
environment = mkOption {
|
environment = mkOption {
|
||||||
type = with types; attrsOf str;
|
type = with types; attrsOf str;
|
||||||
default = { };
|
default = { };
|
||||||
|
@ -126,7 +132,7 @@ in
|
||||||
"|/dev/sgx_enclave"
|
"|/dev/sgx_enclave"
|
||||||
];
|
];
|
||||||
|
|
||||||
serviceConfig = rec {
|
serviceConfig = {
|
||||||
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
|
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
|
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
|
||||||
|
|
|
@ -177,7 +177,7 @@ in
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
example = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
|
example = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
|
||||||
description = ''
|
description = ''
|
||||||
"bantime.formula" used by default to calculate next value of ban time, default value bellow,
|
"bantime.formula" used by default to calculate next value of ban time, default value below,
|
||||||
the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32 ...
|
the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32 ...
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue