cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge branch 'master' into ccls

Browse source
This commit is contained in:
Jörg Thalheim 2019-09-13 16:26:21 +01:00 committed by GitHub
commit 2e0c19121a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7760 changed files with 42539 additions and 28800 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
.github/CODEOWNERS vendored
View file

@ -58,11 +58,11 @@
/doc/languages-frameworks/python.section.md @FRidh
# Haskell
/pkgs/development/compilers/ghc @basvandijk
/pkgs/development/haskell-modules @basvandijk
/pkgs/development/haskell-modules/default.nix @basvandijk
/pkgs/development/haskell-modules/generic-builder.nix @basvandijk
/pkgs/development/haskell-modules/hoogle.nix @basvandijk
/pkgs/development/compilers/ghc @basvandijk @cdepillabout
/pkgs/development/haskell-modules @basvandijk @cdepillabout
/pkgs/development/haskell-modules/default.nix @basvandijk @cdepillabout
/pkgs/development/haskell-modules/generic-builder.nix @basvandijk @cdepillabout
/pkgs/development/haskell-modules/hoogle.nix @basvandijk @cdepillabout
# Perl
/pkgs/development/interpreters/perl @volth
@ -130,6 +130,12 @@
/nixos/tests/hardened.nix @joachifm
/pkgs/os-specific/linux/kernel/hardened-config.nix @joachifm
# Network Time Daemons
/pkgs/tools/networking/chrony @thoughtpolice
/pkgs/tools/networking/ntp @thoughtpolice
/pkgs/tools/networking/openntpd @thoughtpolice
/nixos/modules/services/networking/ntp @thoughtpolice
# Dhall
/pkgs/development/dhall-modules @Gabriel439 @Profpatsch
/pkgs/development/interpreters/dhall @Gabriel439 @Profpatsch
@ -150,3 +156,8 @@
/pkgs/applications/editors/emacs-modes @adisbladis
/pkgs/applications/editors/emacs @adisbladis
/pkgs/top-level/emacs-packages.nix @adisbladis
# Prometheus exporter modules and tests
/nixos/modules/services/monitoring/prometheus/exporters.nix @WilliButz
/nixos/modules/services/monitoring/prometheus/exporters.xml @WilliButz
/nixos/tests/prometheus-exporters.nix @WilliButz

2
.version
View file

@ -1 +1 @@
19.09
20.03

143
README.md
View file

@ -1,48 +1,113 @@
[<img src="https://nixos.org/logo/nixos-hires.png" width="500px" alt="logo" />](https://nixos.org/nixos)
<p align="center">
<a href="https://nixos.org/nixos"><img src="https://nixos.org/logo/nixos-hires.png" width="500px" alt="NixOS logo" /></a>
</p>
[![Code Triagers Badge](https://www.codetriage.com/nixos/nixpkgs/badges/users.svg)](https://www.codetriage.com/nixos/nixpkgs)
[![Open Collective supporters](https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporter&color=brightgreen)](https://opencollective.com/nixos)
<p align="center">
<a href="https://www.codetriage.com/nixos/nixpkgs"><img src="https://www.codetriage.com/nixos/nixpkgs/badges/users.svg" alt="Code Triagers badge" /></a>
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporter&color=brightgreen" alt="Open Collective supporters" /></a>
</p>
Nixpkgs is a collection of packages for the [Nix](https://nixos.org/nix/) package
manager. It is periodically built and tested by the [Hydra](https://hydra.nixos.org/)
build daemon as so-called channels. To get channel information via git, add
[nixpkgs-channels](https://github.com/NixOS/nixpkgs-channels.git) as a remote:
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over
40,000 software packages that can be installed with the
[Nix](https://nixos.org/nix/) package manager. It also implements
[NixOS](https://nixos.org/nixos/), a purely-functional Linux distribution.
```
% git remote add channels https://github.com/NixOS/nixpkgs-channels.git
```
# Manuals
For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. `nixos-19.03` for the latest
release and `nixos-unstable` for the latest successful build of master:
* [NixOS Manual](https://nixos.org/nixos/manual) - how to install, configure, and maintain a purely-functional Linux distribution
* [Nixpkgs Manual](https://nixos.org/nixpkgs/manual/) - contributing to Nixpkgs and using programming-language-specific Nix expressions
* [Nix Package Manager Manual](https://nixos.org/nix/manual) - how to write Nix expresssions (programs), and how to use Nix command line tools
```
% git remote update channels
% git rebase channels/nixos-19.03
```
For pull requests, please rebase onto nixpkgs `master`.
[NixOS](https://nixos.org/nixos/) Linux distribution source code is located inside
`nixos/` folder.
* [NixOS installation instructions](https://nixos.org/nixos/manual/#ch-installation)
* [Documentation (Nix Expression Language chapter)](https://nixos.org/nix/manual/#ch-expression-language)
* [Manual (How to write packages for Nix)](https://nixos.org/nixpkgs/manual/)
* [Manual (NixOS)](https://nixos.org/nixos/manual/)
* [Community maintained wiki](https://nixos.wiki/)
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for 19.03 release](https://hydra.nixos.org/jobset/nixos/release-19.03)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for 19.03 release](https://hydra.nixos.org/job/nixos/release-19.03/tested#tabs-constituents)
Communication:
# Community
* [Discourse Forum](https://discourse.nixos.org/)
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
* [NixOS Weekly](https://weekly.nixos.org/)
* [Community-maintained wiki](https://nixos.wiki/)
Note: MIT license does not apply to the packages built by Nixpkgs, merely to
the package descriptions (Nix expressions, build scripts, and so on). It also
might not apply to patches included in Nixpkgs, which may be derivative works
of the packages to which they apply. The aforementioned artifacts are all
covered by the licenses of the respective packages.
# Other Project Repositories
The sources of all offical Nix-related projects are in the [NixOS
organization on GitHub](https://github.com/NixOS/). Here are some of
the main ones:
* [Nix](https://github.com/NixOS/nix) - the purely functional package manager
* [NixOps](https://github.com/NixOS/nixops) - the tool to remotely deploy NixOS machines
* [Nix RFCs](https://github.com/NixOS/rfcs) - the formal process for making substantial changes to the community
* [NixOS homepage](https://github.com/NixOS/nixos-homepage) - the [NixOS.org](https://nixos.org) website
* [hydra](https://github.com/NixOS/hydra) - our continuous integration system
* [NixOS Artwork](https://github.com/NixOS/nixos-artwork) - NixOS artwork
# Continuous Integration and Distribution
Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 19.03 release](https://hydra.nixos.org/jobset/nixos/release-19.03)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 19.03 release](https://hydra.nixos.org/job/nixos/release-19.03/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are
met, the Nixpkgs expressions are distributed via [Nix
channels](https://nixos.org/nix/manual/#sec-channels). The channels
are provided via a read-only mirror of the Nixpkgs repository called
[nixpkgs-channels](https://github.com/NixOS/nixpkgs-channels).
# Contributing
Nixpkgs is among the most active projects on GitHub. While thousands
of open issues and pull requests might seem a lot at first, it helps
consider it in the context of the scope of the project. Nixpkgs
describes how to build over 40,000 pieces of software and implements a
Linux distribution. The [GitHub Insights](https://github.com/NixOS/nixpkgs/pulse)
page gives a sense of the project activity.
Community contributions are always welcome through GitHub Issues and
Pull Requests. When pull requests are made, our tooling automation bot,
[OfBorg](https://github.com/NixOS/ofborg) will perform various checks
to help ensure expression quality.
The *Nixpkgs maintainers* are people who have assigned themselves to
maintain specific individual packages. We encourage people who care
about a package to assign themselves as a maintainer. When a pull
request is made against a package, OfBorg will notify the appropriate
maintainer(s). The *Nixpkgs committers* are people who have been given
permission to merge.
Most contributions are based on and merged into these branches:
* `master` is the main branch where all small contributions go
* `staging` is branched from master, changes that have a big impact on
Hydra builds go to this branch
* `staging-next` is branched from staging and only fixes to stabilize
and security fixes with a big impact on Hydra builds should be
contributed to this branch. This branch is merged into master when
deemed of sufficiently high quality
For more information about contributing to the project, please visit
the [contributing page](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).
# Donations
The infrastructure for NixOS and related projects is maintained by a
nonprofit organization, the [NixOS
Foundation](https://nixos.org/nixos/foundation.html). To ensure the
continuity and expansion of the NixOS infrastructure, we are looking
for donations to our organization.
You can donate to the NixOS foundation by using Open Collective:
<a href="https://opencollective.com/nixos#support"><img src="https://opencollective.com/nixos/tiers/supporter.svg?width=890" /></a>
# License
Nixpkgs is licensed under the [MIT License](COPYING).
Note: MIT license does not apply to the packages built by Nixpkgs,
merely to the files in this repository (the Nix expressions, build
scripts, NixOS modules, etc.). It also might not apply to patches
included in Nixpkgs, which may be derivative works of the packages to
which they apply. The aforementioned artifacts are all covered by the
licenses of the respective packages.

4
doc/doc-support/lib-function-locations.nix
View file

@ -14,10 +14,10 @@ let
builtins.map
(subsetname: {
subsetname = subsetname;
functions = libDefPos toplib."${subsetname}";
functions = libDefPos toplib.${subsetname};
})
(builtins.filter
(name: builtins.isAttrs toplib."${name}")
(name: builtins.isAttrs toplib.${name})
(builtins.attrNames toplib));
nixpkgsLib = pkgs.lib;

1
doc/functions.xml
View file

@ -20,4 +20,5 @@
<xi:include href="functions/appimagetools.xml" />
<xi:include href="functions/prefer-remote-fetch.xml" />
<xi:include href="functions/nix-gitignore.xml" />
<xi:include href="functions/ocitools.xml" />
</chapter>

76
doc/functions/ocitools.xml Normal file
View file

@ -0,0 +1,76 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="sec-pkgs-ociTools">
<title>pkgs.ociTools</title>
<para>
<varname>pkgs.ociTools</varname> is a set of functions for creating
containers according to the
<link xlink:href="https://github.com/opencontainers/runtime-spec">OCI
container specification v1.0.0</link>. Beyond that it makes no assumptions
about the container runner you choose to use to run the created container.
</para>
<section xml:id="ssec-pkgs-ociTools-buildContainer">
<title>buildContainer</title>
<para>
This function creates a simple OCI container that runs a single command
inside of it. An OCI container consists of a <varname>config.json</varname>
and a rootfs directory.The nix store of the container will contain all
referenced dependencies of the given command.
</para>
<para>
The parameters of <varname>buildContainer</varname> with an example value
are described below:
</para>
<example xml:id='ex-ociTools-buildContainer'>
<title>Build Container</title>
<programlisting>
buildContainer {
args = [ (with pkgs; writeScript "run.sh" ''
#!${bash}/bin/bash
${coreutils}/bin/exec ${bash}/bin/bash
'').outPath ]; <co xml:id='ex-ociTools-buildContainer-1' />
mounts = {
"/data" = {
type = "none";
source = "/var/lib/mydata";
options = [ "bind" ];
};
};<co xml:id='ex-ociTools-buildContainer-2' />
readonly = false; <co xml:id='ex-ociTools-buildContainer-3' />
}
</programlisting>
<calloutlist>
<callout arearefs='ex-ociTools-buildContainer-1'>
<para>
<varname>args</varname> specifies a set of arguments to run inside the container.
This is the only required argument for <varname>buildContainer</varname>.
All referenced packages inside the derivation will be made available
inside the container
</para>
</callout>
<callout arearefs='ex-ociTools-buildContainer-2'>
<para>
<varname>mounts</varname> specifies additional mount points chosen by the
user. By default only a minimal set of necessary filesystems are mounted
into the container (e.g procfs, cgroupfs)
</para>
</callout>
<callout arearefs='ex-ociTools-buildContainer-3'>
<para>
<varname>readonly</varname> makes the container's rootfs read-only if it is set to true.
The default value is false <literal>false</literal>.
</para>
</callout>
</calloutlist>
</example>
</section>
</section>

263
doc/languages-frameworks/gnome.xml Normal file
View file

@ -0,0 +1,263 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-language-gnome">
<title>GNOME</title>
<section xml:id="ssec-gnome-packaging">
<title>Packaging GNOME applications</title>
<para>
Programs in the GNOME universe are written in various languages but they all use GObject-based libraries like GLib, GTK or GStreamer. These libraries are often modular, relying on looking into certain directories to find their modules. However, due to Nixs specific file system organization, this will fail without our intervention. Fortunately, the libraries usually allow overriding the directories through environment variables, either natively or thanks to a patch in nixpkgs. <link xlink:href="#fun-wrapProgram">Wrapping</link> the executables to ensure correct paths are available to the application constitutes a significant part of packaging a modern desktop application. In this section, we will describe various modules needed by such applications, environment variables needed to make the modules load, and finally a script that will do the work for us.
</para>
<section xml:id="ssec-gnome-settings">
<title>Settings</title>
<para>
<link xlink:href="https://developer.gnome.org/gio/stable/GSettings.html">GSettings</link> API is often used for storing settings. GSettings schemas are required, to know the type and other metadata of the stored values. GLib looks for <filename>glib-2.0/schemas/gschemas.compiled</filename> files inside the directories of <envar>XDG_DATA_DIRS</envar>.
</para>
<para>
On Linux, GSettings API is implemented using <link xlink:href="https://wiki.gnome.org/Projects/dconf">dconf</link> backend. You will need to add <literal>dconf</literal> GIO module to <envar>GIO_EXTRA_MODULES</envar> variable, otherwise the <literal>memory</literal> backend will be used and the saved settings will not be persistent.
</para>
<para>
Last you will need the dconf database D-Bus service itself. You can enable it using <option>programs.dconf.enable</option>.
</para>
<para>
Some applications will also require <package>gsettings-desktop-schemas</package> for things like reading proxy configuration or user interface customization. This dependency is often not mentioned by upstream, you should grep for <literal>org.gnome.desktop</literal> and <literal>org.gnome.system</literal> to see if the schemas are needed.
</para>
</section>
<section xml:id="ssec-gnome-icons">
<title>Icons</title>
<para>
When an application uses icons, an icon theme should be available in <envar>XDG_DATA_DIRS</envar>. The package for the default, icon-less <link xlink:href="https://www.freedesktop.org/wiki/Software/icon-theme/">hicolor-icon-theme</link> contains <link linkend="ssec-gnome-hooks-hicolor-icon-theme">a setup hook</link> that will pick up icon themes from <literal>buildInputs</literal> and pass it to our wrapper. Unfortunately, relying on that would mean every user has to download the theme included in the package expression no matter their preference. For that reason, we leave the installation of icon theme on the user. If you use one of the desktop environments, you probably already have an icon theme installed.
</para>
</section>
<section xml:id="ssec-gnome-themes">
<title>GTK Themes</title>
<para>
Previously, a GTK theme needed to be in <envar>XDG_DATA_DIRS</envar>. This is no longer necessary for most programs since GTK incorporated Adwaita theme. Some programs (for example, those designed for <link xlink:href="https://elementary.io/docs/human-interface-guidelines#human-interface-guidelines">elementary HIG</link>) might require a special theme like <package>pantheon.elementary-gtk-theme</package>.
</para>
</section>
<section xml:id="ssec-gnome-typelibs">
<title>GObject introspection typelibs</title>
<para>
<link xlink:href="https://wiki.gnome.org/Projects/GObjectIntrospection">GObject introspection</link> allows applications to use C libraries in other languages easily. It does this through <literal>typelib</literal> files searched in <envar>GI_TYPELIB_PATH</envar>.
</para>
</section>
<section xml:id="ssec-gnome-plugins">
<title>Various plug-ins</title>
<para>
If your application uses <link xlink:href="https://gstreamer.freedesktop.org/">GStreamer</link> or <link xlink:href="https://wiki.gnome.org/Projects/Grilo">Grilo</link>, you should set <envar>GST_PLUGIN_SYSTEM_PATH_1_0</envar> and <envar>GRL_PLUGIN_PATH</envar>, respectively.
</para>
</section>
</section>
<section xml:id="ssec-gnome-hooks">
<title>Onto <package>wrapGAppsHook</package></title>
<para>
Given the requirements above, the package expression would become messy quickly:
<programlisting>
preFixup = ''
for f in $(find $out/bin/ $out/libexec/ -type f -executable); do
wrapProgram "$f" \
--prefix GIO_EXTRA_MODULES : "${getLib gnome3.dconf}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "$out/share" \
--prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/${name}" \
--prefix XDG_DATA_DIRS : "${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}" \
--prefix XDG_DATA_DIRS : "${hicolor-icon-theme}/share" \
--prefix GI_TYPELIB_PATH : "${lib.makeSearchPath "lib/girepository-1.0" [ pango json-glib ]}"
done
'';
</programlisting>
Fortunately, there is <package>wrapGAppsHook</package>, that does the wrapping for us. In particular, it works in conjunction with other setup hooks that will populate the variable:
<itemizedlist>
<listitem xml:id="ssec-gnome-hooks-wrapgappshook">
<para>
<package>wrapGAppsHook</package> itself will add the packages <filename>share</filename> directory to <envar>XDG_DATA_DIRS</envar>.
</para>
</listitem>
<listitem xml:id="ssec-gnome-hooks-glib">
<para>
<package>glib</package> setup hook will populate <envar>GSETTINGS_SCHEMAS_PATH</envar> and then <package>wrapGAppsHook</package> will prepend it to <envar>XDG_DATA_DIRS</envar>.
</para>
</listitem>
<listitem xml:id="ssec-gnome-hooks-dconf">
<para>
<package>gnome3.dconf.lib</package> is a dependency of <package>wrapGAppsHook</package>, which then also adds it to the <envar>GIO_EXTRA_MODULES</envar> variable.
</para>
</listitem>
<listitem xml:id="ssec-gnome-hooks-hicolor-icon-theme">
<para>
<package>hicolor-icon-theme</package>s setup hook will add icon themes to <envar>XDG_ICON_DIRS</envar> which is prepended to <envar>XDG_DATA_DIRS</envar> by <package>wrapGAppsHook</package>.
</para>
</listitem>
<listitem xml:id="ssec-gnome-hooks-gobject-introspection">
<para>
<package>gobject-introspection</package> setup hook populates <envar>GI_TYPELIB_PATH</envar> variable with <filename>lib/girepository-1.0</filename> directories of dependencies, which is then added to wrapper by <package>wrapGAppsHook</package>. It also adds <filename>share</filename> directories of dependencies to <envar>XDG_DATA_DIRS</envar>, which is intended to promote GIR files but it also <link xlink:href="https://github.com/NixOS/nixpkgs/issues/32790">pollutes the closures</link> of packages using <package>wrapGAppsHook</package>.
</para>
<warning>
<para>
The setup hook <link xlink:href="https://github.com/NixOS/nixpkgs/issues/56943">currently</link> does not work in expressions with <literal>strictDeps</literal> enabled, like Python packages. In those cases, you will need to disable it with <code>strictDeps = false;</code>.
</para>
</warning>
</listitem>
<listitem xml:id="ssec-gnome-hooks-gst-grl-plugins">
<para>
Setup hooks of <package>gst_all_1.gstreamer</package> and <package>gnome3.grilo</package> will populate the <envar>GST_PLUGIN_SYSTEM_PATH_1_0</envar> and <envar>GRL_PLUGIN_PATH</envar> variables, respectively, which will then be added to the wrapper by <literal>wrapGAppsHook</literal>.
</para>
</listitem>
</itemizedlist>
</para>
<para>
You can also pass additional arguments to <literal>makeWrapper</literal> using <literal>gappsWrapperArgs</literal> in <literal>preFixup</literal> hook:
<programlisting>
preFixup = ''
gappsWrapperArgs+=(
# Thumbnailers
--prefix XDG_DATA_DIRS : "${gdk-pixbuf}/share"
--prefix XDG_DATA_DIRS : "${librsvg}/share"
--prefix XDG_DATA_DIRS : "${shared-mime-info}/share"
)
'';
</programlisting>
</para>
</section>
<section xml:id="ssec-gnome-updating">
<title>Updating GNOME packages</title>
<para>
Most GNOME package offer <link linkend="var-passthru-updateScript"><literal>updateScript</literal></link>, it is therefore possible to update to latest source tarball by running <command>nix-shell maintainers/scripts/update.nix --argstr package gnome3.nautilus</command> or even en masse with <command>nix-shell maintainers/scripts/update.nix --argstr path gnome3</command>. Read the packages <filename>NEWS</filename> file to see what changed.
</para>
</section>
<section xml:id="ssec-gnome-common-issues">
<title>Frequently encountered issues</title>
<variablelist>
<varlistentry xml:id="ssec-gnome-common-issues-no-schemas">
<term>
<computeroutput>GLib-GIO-ERROR **: <replaceable>06:04:50.903</replaceable>: No GSettings schemas are installed on the system</computeroutput>
</term>
<listitem>
<para>
There are no schemas avalable in <envar>XDG_DATA_DIRS</envar>. Temporarily add a random package containing schemas like <package>gsettings-desktop-schemas</package> to <literal>buildInputs</literal>. <link linkend="ssec-gnome-hooks-glib"><package>glib</package></link> and <link linkend="ssec-gnome-hooks-wrapgappshook"><package>wrapGAppsHook</package></link> setup hooks will take care of making the schemas available to application and you will see the actual missing schemas with the <link linkend="ssec-gnome-common-issues-missing-schema">next error</link>. Or you can try looking through the source code for the actual schemas used.
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="ssec-gnome-common-issues-missing-schema">
<term>
<computeroutput>GLib-GIO-ERROR **: <replaceable>06:04:50.903</replaceable>: Settings schema <replaceable>org.gnome.foo</replaceable> is not installed</computeroutput>
</term>
<listitem>
<para>
Package is missing some GSettings schemas. You can find out the package containing the schema with <command>nix-locate <replaceable>org.gnome.foo</replaceable>.gschema.xml</command> and let the hooks handle the wrapping as <link linkend="ssec-gnome-common-issues-no-schemas">above</link>.
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="ssec-gnome-common-issues-double-wrapped">
<term>
When using <package>wrapGAppsHook</package> with special derivers you can end up with double wrapped binaries.
</term>
<listitem>
<para>
This is because derivers like <function>python.pkgs.buildPythonApplication</function> or <function>qt5.mkDerivation</function> have setup-hooks automatically added that produce wrappers with <package>makeWrapper</package>. The simplest way to workaround that is to disable the <package>wrapGAppsHook</package> automatic wrapping with <code>dontWrapGApps = true;</code> and pass the arguments it intended to pass to <package>makeWrapper</package> to another.
</para>
<para>
In the case of a Python application it could look like:
<programlisting>
python3.pkgs.buildPythonApplication {
pname = "gnome-music";
version = "3.32.2";
nativeBuildInputs = [
wrapGAppsHook
gobject-introspection
...
];
dontWrapGApps = true;
# Arguments to be passed to `makeWrapper`, only used by buildPython*
makeWrapperArgs = [
"\${gappsWrapperArgs[@]}"
];
}
</programlisting>
And for a QT app like:
<programlisting>
mkDerivation {
pname = "calibre";
version = "3.47.0";
nativeBuildInputs = [
wrapGAppsHook
qmake
...
];
dontWrapGApps = true;
# Arguments to be passed to `makeWrapper`, only used by qt5s mkDerivation
qtWrapperArgs [
"\${gappsWrapperArgs[@]}"
];
}
</programlisting>
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="ssec-gnome-common-issues-unwrappable-package">
<term>
I am packaging a project that cannot be wrapped, like a library or GNOME Shell extension.
</term>
<listitem>
<para>
You can rely on applications depending on the library set the necessary environment variables but that it often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
<itemizedlist>
<listitem xml:id="ssec-gnome-common-issues-unwrappable-package-gnome-shell-ext">
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/7bb8f05f12ca3cff9da72b56caa2f7472d5732bc/pkgs/desktops/gnome-3/core/gnome-shell-extensions/default.nix#L21-L24">Replacing a <envar>GI_TYPELIB_PATH</envar> in GNOME Shell extension</link> we are using <function>substituteAll</function> to include the path to a typelib into a patch.
</para>
</listitem>
<listitem xml:id="ssec-gnome-common-issues-unwrappable-package-gsettings">
<para>
The following examples are hardcoding GSettings schema paths. To get the schema paths we use the functions
<itemizedlist>
<listitem>
<para>
<function>glib.getSchemaPath</function> Takes a nix package attribute as an argument.
</para>
</listitem>
<listitem>
<para>
<function>glib.makeSchemaPath</function> Takes a package output like <literal>$out</literal> and a derivation name. You should use this if the schemas you need to hardcode are in the same derivation.
</para>
</listitem>
</itemizedlist>
</para>
<para xml:id="ssec-gnome-common-issues-unwrappable-package-gsettings-vala">
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/7bb8f05f12ca3cff9da72b56caa2f7472d5732bc/pkgs/desktops/pantheon/apps/elementary-files/default.nix#L78-L86">Hard-coding GSettings schema path in Vala plug-in (dynamically loaded library)</link> here, <function>substituteAll</function> cannot be used since the schema comes from the same package preventing us from pass its path to the function, probably due to a <link xlink:href="https://github.com/NixOS/nix/issues/1846">Nix bug</link>.
</para>
<para xml:id="ssec-gnome-common-issues-unwrappable-package-gsettings-c">
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/29c120c065d03b000224872251bed93932d42412/pkgs/development/libraries/glib-networking/default.nix#L31-L34">Hard-coding GSettings schema path in C library</link> nothing special other than using <link xlink:href="https://github.com/NixOS/nixpkgs/pull/67957#issuecomment-527717467">Coccinelle patch</link> to generate the patch itself.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</varlistentry>
</variablelist>
</section>
</section>

1
doc/languages-frameworks/index.xml
View file

@ -14,6 +14,7 @@
<xi:include href="beam.xml" />
<xi:include href="bower.xml" />
<xi:include href="coq.xml" />
<xi:include href="gnome.xml" />
<xi:include href="go.xml" />
<xi:include href="haskell.section.xml" />
<xi:include href="idris.section.xml" />

19
doc/languages-frameworks/python.section.md
View file

@ -540,7 +540,8 @@ and the aliases
#### `buildPythonPackage` function
The `buildPythonPackage` function is implemented in
`pkgs/development/interpreters/python/build-python-package.nix`
`pkgs/development/interpreters/python/mk-python-derivation`
using setup hooks.
The following is an example:
```nix
@ -797,6 +798,22 @@ such as `ignoreCollisions = true` or `postBuild`. If you need them, you have to
Python 2 namespace packages may provide `__init__.py` that collide. In that case `python.buildEnv`
should be used with `ignoreCollisions = true`.
#### Setup hooks
The following are setup hooks specifically for Python packages. Most of these are
used in `buildPythonPackage`.
- `flitBuildHook` to build a wheel using `flit`.
- `pipBuildHook` to build a wheel using `pip` and PEP 517. Note a build system (e.g. `setuptools` or `flit`) should still be added as `nativeBuildInput`.
- `pipInstallHook` to install wheels.
- `pytestCheckHook` to run tests with `pytest`.
- `pythonCatchConflictsHook` to check whether a Python package is not already existing.
- `pythonImportsCheckHook` to check whether importing the listed modules works.
- `pythonRemoveBinBytecode` to remove bytecode from the `/bin` folder.
- `setuptoolsBuildHook` to build a wheel using `setuptools`.
- `setuptoolsCheckHook` to run tests with `python setup.py test`.
- `wheelUnpackHook` to move a wheel to the correct folder so it can be installed with the `pipInstallHook`.
### Development mode
Development or editable mode is supported. To develop Python packages

365
doc/languages-frameworks/ruby.section.md Normal file
View file

@ -0,0 +1,365 @@
---
title: Ruby
author: Michael Fellinger
date: 2019-05-23
---
# Ruby
## User Guide
### Using Ruby
#### Overview
Several versions of Ruby interpreters are available on Nix, as well as over 250 gems and many applications written in Ruby.
The attribute `ruby` refers to the default Ruby interpreter, which is currently
MRI 2.5. It's also possible to refer to specific versions, e.g. `ruby_2_6`, `jruby`, or `mruby`.
In the nixpkgs tree, Ruby packages can be found throughout, depending on what
they do, and are called from the main package set. Ruby gems, however are
separate sets, and there's one default set for each interpreter (currently MRI
only).
There are two main approaches for using Ruby with gems.
One is to use a specifically locked `Gemfile` for an application that has very strict dependencies.
The other is to depend on the common gems, which we'll explain further down, and
rely on them being updated regularly.
The interpreters have common attributes, namely `gems`, and `withPackages`. So
you can refer to `ruby.gems.nokogiri`, or `ruby_2_5.gems.nokogiri` to get the
Nokogiri gem already compiled and ready to use.
Since not all gems have executables like `nokogiri`, it's usually more
convenient to use the `withPackages` function like this:
`ruby.withPackages (p: with p; [ nokogiri ])`. This will also make sure that the
Ruby in your environment will be able to find the gem and it can be used in your
Ruby code (for example via `ruby` or `irb` executables) via `require "nokogiri"`
as usual.
#### Temporary Ruby environment with `nix-shell`
Rather than having a single Ruby environment shared by all Ruby
development projects on a system, Nix allows you to create separate
environments per project. `nix-shell` gives you the possibility to
temporarily load another environment akin to a combined `chruby` or
`rvm` and `bundle exec`.
There are two methods for loading a shell with Ruby packages. The first and
recommended method is to create an environment with `ruby.withPackages` and load
that.
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])"
```
The other method, which is not recommended, is to create an environment and list
all the packages directly.
```shell
nix-shell -p ruby.gems.nokogiri ruby.gems.pry
```
Again, it's possible to launch the interpreter from the shell. The Ruby
interpreter has the attribute `gems` which contains all Ruby gems for that
specific interpreter.
##### Load environment from `.nix` expression
As explained in the Nix manual, `nix-shell` can also load an expression from a
`.nix` file. Say we want to have Ruby 2.5, `nokogori`, and `pry`. Consider a
`shell.nix` file with:
```nix
with import <nixpkgs> {};
ruby.withPackages (ps: with ps; [ nokogiri pry ])
```
What's happening here?
1. We begin with importing the Nix Packages collections. `import <nixpkgs>`
imports the `<nixpkgs>` function, `{}` calls it and the `with` statement
brings all attributes of `nixpkgs` in the local scope. These attributes form
the main package set.
2. Then we create a Ruby environment with the `withPackages` function.
3. The `withPackages` function expects us to provide a function as an argument
that takes the set of all ruby gems and returns a list of packages to include
in the environment. Here, we select the packages `nokogiri` and `pry` from
the package set.
##### Execute command with `--run`
A convenient flag for `nix-shell` is `--run`. It executes a command in the
`nix-shell`. We can e.g. directly open a `pry` REPL:
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])" --run "pry"
```
Or immediately require `nokogiri` in pry:
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])" --run "pry -rnokogiri"
```
Or run a script using this environment:
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])" --run "ruby example.rb"
```
##### Using `nix-shell` as shebang
In fact, for the last case, there is a more convenient method. You can add a
[shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) to your script
specifying which dependencies `nix-shell` needs. With the following shebang, you
can just execute `./example.rb`, and it will run with all dependencies.
```ruby
#! /usr/bin/env nix-shell
#! nix-shell -i ruby -p "ruby.withPackages (ps: with ps; [ nokogiri rest-client ])"
require 'nokogiri'
require 'rest-client'
body = RestClient.get('http://example.com').body
puts Nokogiri::HTML(body).at('h1').text
```
### Developing with Ruby
#### Using an existing Gemfile
In most cases, you'll already have a `Gemfile.lock` listing all your dependencies.
This can be used to generate a `gemset.nix` which is used to fetch the gems and
combine them into a single environment.
The reason why you need to have a separate file for this, is that Nix requires
you to have a checksum for each input to your build.
Since the `Gemfile.lock` that `bundler` generates doesn't provide us with
checksums, we have to first download each gem, calculate its SHA256, and store
it in this separate file.
So the steps from having just a `Gemfile` to a `gemset.nix` are:
```shell
bundle lock
bundix
```
If you already have a `Gemfile.lock`, you can simply run `bundix` and it will
work the same.
To update the gems in your `Gemfile.lock`, you may use the `bundix -l` flag,
which will create a new `Gemfile.lock` in case the `Gemfile` has a more recent
time of modification.
Once the `gemset.nix` is generated, it can be used in a
`bundlerEnv` derivation. Here is an example you could use for your `shell.nix`:
```nix
# ...
let
gems = bundlerEnv {
name = "gems-for-some-project";
gemdir = ./.;
};
in mkShell { buildInputs = [ gems gems.wrappedRuby ]; }
```
With this file in your directory, you can run `nix-shell` to build and use the gems.
The important parts here are `bundlerEnv` and `wrappedRuby`.
The `bundlerEnv` is a wrapper over all the gems in your gemset. This means that
all the `/lib` and `/bin` directories will be available, and the executables of
all gems (even of indirect dependencies) will end up in your `$PATH`.
The `wrappedRuby` provides you with all executables that come with Ruby itself,
but wrapped so they can easily find the gems in your gemset.
One common issue that you might have is that you have Ruby 2.6, but also
`bundler` in your gemset. That leads to a conflict for `/bin/bundle` and
`/bin/bundler`. You can resolve this by wrapping either your Ruby or your gems
in a `lowPrio` call. So in order to give the `bundler` from your gemset
priority, it would be used like this:
```nix
# ...
mkShell { buildInputs = [ gems (lowPrio gems.wrappedRuby) ]; }
```
#### Gem-specific configurations and workarounds
In some cases, especially if the gem has native extensions, you might need to
modify the way the gem is built.
This is done via a common configuration file that includes all of the
workarounds for each gem.
This file lives at `/pkgs/development/ruby-modules/gem-config/default.nix`,
since it already contains a lot of entries, it should be pretty easy to add the
modifications you need for your needs.
In the meanwhile, or if the modification is for a private gem, you can also add
the configuration to only your own environment.
Two places that allow this modification are the `ruby` derivation, or `bundlerEnv`.
Here's the `ruby` one:
```nix
{ pg_version ? "10", pkgs ? import <nixpkgs> { } }:
let
myRuby = pkgs.ruby.override {
defaultGemConfig = pkgs.defaultGemConfig // {
pg = attrs: {
buildFlags =
[ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
};
};
};
in myRuby.withPackages (ps: with ps; [ pg ])
```
And an example with `bundlerEnv`:
```nix
{ pg_version ? "10", pkgs ? import <nixpkgs> { } }:
let
gems = pkgs.bundlerEnv {
name = "gems-for-some-project";
gemdir = ./.;
gemConfig = pkgs.defaultGemConfig // {
pg = attrs: {
buildFlags =
[ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
};
};
};
in mkShell { buildInputs = [ gems gems.wrappedRuby ]; }
```
And finally via overlays:
```nix
{ pg_version ? "10" }:
let
pkgs = import <nixpkgs> {
overlays = [
(self: super: {
defaultGemConfig = super.defaultGemConfig // {
pg = attrs: {
buildFlags = [
"--with-pg-config=${
pkgs."postgresql_${pg_version}"
}/bin/pg_config"
];
};
};
})
];
};
in pkgs.ruby.withPackages (ps: with ps; [ pg ])
```
Then we can get whichever postgresql version we desire and the `pg` gem will
always reference it correctly:
```shell
$ nix-shell --argstr pg_version 9_4 --run 'ruby -rpg -e "puts PG.library_version"'
90421
$ nix-shell --run 'ruby -rpg -e "puts PG.library_version"'
100007
```
Of course for this use-case one could also use overlays since the configuration
for `pg` depends on the `postgresql` alias, but for demonstration purposes this
has to suffice.
#### Adding a gem to the default gemset
Now that you know how to get a working Ruby environment with Nix, it's time to
go forward and start actually developing with Ruby.
We will first have a look at how Ruby gems are packaged on Nix. Then, we will
look at how you can use development mode with your code.
All gems in the standard set are automatically generated from a single
`Gemfile`. The dependency resolution is done with `bundler` and makes it more
likely that all gems are compatible to each other.
In order to add a new gem to nixpkgs, you can put it into the
`/pkgs/development/ruby-modules/with-packages/Gemfile` and run
`./maintainers/scripts/update-ruby-packages`.
To test that it works, you can then try using the gem with:
```shell
NIX_PATH=nixpkgs=$PWD nix-shell -p "ruby.withPackages (ps: with ps; [ name-of-your-gem ])"
```
#### Packaging applications
A common task is to add a ruby executable to nixpkgs, popular examples would be
`chef`, `jekyll`, or `sass`. A good way to do that is to use the `bundlerApp`
function, that allows you to make a package that only exposes the listed
executables, otherwise the package may cause conflicts through common paths like
`bin/rake` or `bin/bundler` that aren't meant to be used.
The absolute easiest way to do that is to write a
`Gemfile` along these lines:
```ruby
source 'https://rubygems.org' do
gem 'mdl'
end
```
If you want to package a specific version, you can use the standard Gemfile
syntax for that, e.g. `gem 'mdl', '0.5.0'`, but if you want the latest stable
version anyway, it's easier to update by simply running the `bundle lock` and
`bundix` steps again.
Now you can also also make a `default.nix` that looks like this:
```nix
{ lib, bundlerApp }:
bundlerApp {
pname = "mdl";
gemdir = ./.;
exes = [ "mdl" ];
}
```
All that's left to do is to generate the corresponding `Gemfile.lock` and
`gemset.nix` as described above in the `Using an existing Gemfile` section.
##### Packaging executables that require wrapping
Sometimes your app will depend on other executables at runtime, and tries to
find it through the `PATH` environment variable.
In this case, you can provide a `postBuild` hook to `bundlerApp` that wraps the
gem in another script that prefixes the `PATH`.
Of course you could also make a custom `gemConfig` if you know exactly how to
patch it, but it's usually much easier to maintain with a simple wrapper so the
patch doesn't have to be adjusted for each version.
Here's another example:
```nix
{ lib, bundlerApp, makeWrapper, git, gnutar, gzip }:
bundlerApp {
pname = "r10k";
gemdir = ./.;
exes = [ "r10k" ];
buildInputs = [ makeWrapper ];
postBuild = ''
wrapProgram $out/bin/r10k --prefix PATH : ${lib.makeBinPath [ git gnutar gzip ]}
'';
}
```

51
doc/stdenv.xml
View file

@ -699,7 +699,7 @@ passthru = {
</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry xml:id="var-passthru-updateScript">
<term>
<varname>passthru.updateScript</varname>
</term>
@ -2629,13 +2629,11 @@ addEnvHooks "$hostOffset" myBashFunction
</varlistentry>
<varlistentry>
<term>
GStreamer
GNOME platform
</term>
<listitem>
<para>
Adds the GStreamer plugins subdirectory of each build input to the
<envar>GST_PLUGIN_SYSTEM_PATH_1_0</envar> or
<envar>GST_PLUGIN_SYSTEM_PATH</envar> environment variable.
Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in <xref linkend="sec-language-gnome" />.
</para>
</listitem>
</varlistentry>
@ -2714,6 +2712,49 @@ nativeBuildInputs = [ breakpointHook ];
</note>
</listitem>
</varlistentry>
<varlistentry>
<term>
installShellFiles
</term>
<listitem>
<para>
This hook helps with installing manpages and shell completion files. It
exposes 2 shell functions <literal>installManPage</literal> and
<literal>installShellCompletion</literal> that can be used from your
<literal>postInstall</literal> hook.
</para>
<para>
The <literal>installManPage</literal> function takes one or more paths
to manpages to install. The manpages must have a section suffix, and may
optionally be compressed (with <literal>.gz</literal> suffix). This
function will place them into the correct directory.
</para>
<para>
The <literal>installShellCompletion</literal> function takes one or more
paths to shell completion files. By default it will autodetect the shell
type from the completion file extension, but you may also specify it by
passing one of <literal>--bash</literal>, <literal>--fish</literal>, or
<literal>--zsh</literal>. These flags apply to all paths listed after
them (up until another shell flag is given). Each path may also have a
custom installation name provided by providing a flag <literal>--name
NAME</literal> before the path. If this flag is not provided, zsh
completions will be renamed automatically such that
<literal>foobar.zsh</literal> becomes <literal>_foobar</literal>.
<programlisting>
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
installManPage doc/foobar.1 doc/barfoo.3
# explicit behavior
installShellCompletion --bash --name foobar.bash share/completions.bash
installShellCompletion --fish --name foobar.fish share/completions.fish
installShellCompletion --zsh --name _foobar share/completions.zsh
# implicit behavior
installShellCompletion share/completions/foobar.{bash,fish,zsh}
'';
</programlisting>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
libiconv, libintl

2
lib/attrsets.nix
View file

@ -354,7 +354,7 @@ rec {
=> { a = ["x" "y"]; b = ["z"] }
*/
zipAttrsWith = f: sets: zipAttrsWithNames (concatMap attrNames sets) f sets;
/* Like `zipAttrsWith' with `(name: values: value)' as the function.
/* Like `zipAttrsWith' with `(name: values: values)' as the function.
Example:
zipAttrs [{a = "x";} {a = "y"; b = "z";}]

2
lib/customisation.nix
View file

@ -47,7 +47,7 @@ rec {
/* `makeOverridable` takes a function from attribute set to attribute set and
injects `override` attibute which can be used to override arguments of
injects `override` attribute which can be used to override arguments of
the function.
nix-repl> x = {a, b}: { result = a + b; }

2
lib/deprecated.nix
View file

@ -24,7 +24,7 @@ rec {
let arg = (merger init (defaultMergeArg init x));
# now add the function with composed args already applied to the final attrs
base = (setAttrMerge "passthru" {} (f arg)
( z: z // rec {
( z: z // {
function = foldArgs merger f arg;
args = (lib.attrByPath ["passthru" "args"] {} z) // x;
} ));

2
lib/kernel.nix
View file

@ -1,7 +1,7 @@
{ lib, version }:
with lib;
rec {
{
# Common patterns/legacy
whenAtLeast = ver: mkIf (versionAtLeast version ver);
whenOlder = ver: mkIf (versionOlder version ver);

2
lib/licenses.nix
View file

@ -7,7 +7,7 @@ let
in
lib.mapAttrs (n: v: v // { shortName = n; }) rec {
lib.mapAttrs (n: v: v // { shortName = n; }) {
/* License identifiers from spdx.org where possible.
* If you cannot find your license here, then look for a similar license or
* add it to this list. The URL mentioned above is a good source for inspiration.

6
lib/lists.nix
View file

@ -88,7 +88,7 @@ rec {
/* Strict version of `foldl`.
The difference is that evaluation is forced upon access. Usually used
with small whole results (in contract with lazily-generated list or large
with small whole results (in contrast with lazily-generated list or large
lists where only a part is consumed.)
Type: foldl' :: (b -> a -> b) -> b -> [a] -> b
@ -459,11 +459,11 @@ rec {
if length list < 2
then # finish
{ result = list; }
else if dfsthis ? "cycle"
else if dfsthis ? cycle
then # there's a cycle, starting from the current vertex, return it
{ cycle = reverseList ([ dfsthis.cycle ] ++ dfsthis.visited);
inherit (dfsthis) loops; }
else if toporest ? "cycle"
else if toporest ? cycle
then # there's a cycle somewhere else in the graph, return it
toporest
# Slow, but short. Can be made a bit faster with an explicit stack.

37
lib/sources.nix
View file

@ -36,18 +36,47 @@ rec {
# allowing you to chain multiple calls together without any
# intermediate copies being put in the nix store.
#
# lib.cleanSourceWith f (lib.cleanSourceWith g ./.) # Succeeds!
# builtins.filterSource f (builtins.filterSource g ./.) # Fails!
cleanSourceWith = { filter, src }:
# lib.cleanSourceWith {
# filter = f;
# src = lib.cleanSourceWith {
# filter = g;
# src = ./.;
# };
# }
# # Succeeds!
#
# builtins.filterSource f (builtins.filterSource g ./.)
# # Fails!
#
# Parameters:
#
# src: A path or cleanSourceWith result to filter and/or rename.
#
# filter: A function (path -> type -> bool)
# Optional with default value: constant true (include everything)
# The function will be combined with the && operator such
# that src.filter is called lazily.
# For implementing a filter, see
# https://nixos.org/nix/manual/#builtin-filterSource
#
# name: Optional name to use as part of the store path.
# This defaults `src.name` or otherwise `baseNameOf src`.
# We recommend setting `name` whenever `src` is syntactically `./.`.
# Otherwise, you depend on `./.`'s name in the parent directory,
# which can cause inconsistent names, defeating caching.
#
cleanSourceWith = { filter ? _path: _type: true, src, name ? null }:
let
isFiltered = src ? _isLibCleanSourceWith;
origSrc = if isFiltered then src.origSrc else src;
filter' = if isFiltered then name: type: filter name type && src.filter name type else filter;
name' = if name != null then name else if isFiltered then src.name else baseNameOf src;
in {
inherit origSrc;
filter = filter';
outPath = builtins.filterSource filter' origSrc;
outPath = builtins.path { filter = filter'; path = origSrc; name = name'; };
_isLibCleanSourceWith = true;
name = name';
};
# Filter sources by a list of regular expressions.

22
lib/systems/default.nix
View file

@ -58,13 +58,13 @@ rec {
uname = {
# uname -s
system = {
"linux" = "Linux";
"windows" = "Windows";
"darwin" = "Darwin";
"netbsd" = "NetBSD";
"freebsd" = "FreeBSD";
"openbsd" = "OpenBSD";
"wasi" = "Wasi";
linux = "Linux";
windows = "Windows";
darwin = "Darwin";
netbsd = "NetBSD";
freebsd = "FreeBSD";
openbsd = "OpenBSD";
wasi = "Wasi";
}.${final.parsed.kernel.name} or null;
# uname -p
@ -86,10 +86,10 @@ rec {
else if final.isx86_64 then "x86_64"
else if final.isx86 then "i386"
else {
"powerpc" = "ppc";
"powerpcle" = "ppc";
"powerpc64" = "ppc64";
"powerpc64le" = "ppc64le";
powerpc = "ppc";
powerpcle = "ppc";
powerpc64 = "ppc64";
powerpc64le = "ppc64le";
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
emulator = pkgs: let

2
lib/systems/doubles.nix
View file

@ -33,7 +33,7 @@ let
filterDoubles = f: map parse.doubleFromSystem (lists.filter f allParsed);
in rec {
in {
inherit all;
none = [];

23
lib/systems/examples.nix
View file

@ -24,27 +24,27 @@ rec {
platform = platforms.powernv;
};
sheevaplug = rec {
sheevaplug = {
config = "armv5tel-unknown-linux-gnueabi";
platform = platforms.sheevaplug;
};
raspberryPi = rec {
raspberryPi = {
config = "armv6l-unknown-linux-gnueabihf";
platform = platforms.raspberrypi;
};
armv7l-hf-multiplatform = rec {
armv7l-hf-multiplatform = {
config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.armv7l-hf-multiplatform;
};
aarch64-multiplatform = rec {
aarch64-multiplatform = {
config = "aarch64-unknown-linux-gnu";
platform = platforms.aarch64-multiplatform;
};
armv7a-android-prebuilt = rec {
armv7a-android-prebuilt = {
config = "armv7a-unknown-linux-androideabi";
sdkVer = "24";
ndkVer = "18b";
@ -52,7 +52,7 @@ rec {
useAndroidPrebuilt = true;
};
aarch64-android-prebuilt = rec {
aarch64-android-prebuilt = {
config = "aarch64-unknown-linux-android";
sdkVer = "24";
ndkVer = "18b";
@ -65,17 +65,17 @@ rec {
inherit (platform.gcc) fpu;
};
pogoplug4 = rec {
pogoplug4 = {
config = "armv5tel-unknown-linux-gnueabi";
platform = platforms.pogoplug4;
};
ben-nanonote = rec {
ben-nanonote = {
config = "mipsel-unknown-linux-uclibc";
platform = platforms.ben_nanonote;
};
fuloongminipc = rec {
fuloongminipc = {
config = "mipsel-unknown-linux-gnu";
platform = platforms.fuloong2f_n32;
};
@ -236,4 +236,9 @@ rec {
useLLVM = true;
};
# Ghcjs
ghcjs = {
config = "js-unknown-ghcjs";
platform = {};
};
}

4
lib/systems/inspect.nix
View file

@ -12,7 +12,7 @@ rec {
isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
isPowerPC = { cpu = cpuTypes.powerpc; };
isPower = { cpu = { family = "power"; }; };
isPower = { cpu = { family = "power"; }; };
isx86 = { cpu = { family = "x86"; }; };
isAarch32 = { cpu = { family = "arm"; bits = 32; }; };
isAarch64 = { cpu = { family = "arm"; bits = 64; }; };
@ -23,6 +23,7 @@ rec {
isMsp430 = { cpu = { family = "msp430"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };
isJavaScript = { cpu = cpuTypes.js; };
is32bit = { cpu = { bits = 32; }; };
is64bit = { cpu = { bits = 64; }; };
@ -44,6 +45,7 @@ rec {
isCygwin = { kernel = kernels.windows; abi = abis.cygnus; };
isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
isWasi = { kernel = kernels.wasi; };
isGhcjs = { kernel = kernels.ghcjs; };
isNone = { kernel = kernels.none; };
isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];

9
lib/systems/parse.nix
View file

@ -106,11 +106,13 @@ rec {
wasm32 = { bits = 32; significantByte = littleEndian; family = "wasm"; };
wasm64 = { bits = 64; significantByte = littleEndian; family = "wasm"; };
alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; };
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};
# Determine where two CPUs are compatible with each other. That is,
@ -271,6 +273,7 @@ rec {
solaris = { execFormat = elf; families = { }; };
wasi = { execFormat = wasm; families = { }; };
windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; };
} // { # aliases
# 'darwin' is the kernel for all of them. We choose macOS by default.
darwin = kernels.macos;
@ -384,6 +387,8 @@ rec {
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
else if (elemAt l 2 == "ghcjs")
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}
@ -403,7 +408,7 @@ rec {
getKernel = name: kernels.${name} or (throw "Unknown kernel: ${name}");
getAbi = name: abis.${name} or (throw "Unknown ABI: ${name}");
parsed = rec {
parsed = {
cpu = getCpu args.cpu;
vendor =
/**/ if args ? vendor then getVendor args.vendor

22
lib/systems/platforms.nix
View file

@ -456,16 +456,16 @@ rec {
};
selectBySystem = system: {
"i486-linux" = pc32;
"i586-linux" = pc32;
"i686-linux" = pc32;
"x86_64-linux" = pc64;
"armv5tel-linux" = sheevaplug;
"armv6l-linux" = raspberrypi;
"armv7a-linux" = armv7l-hf-multiplatform;
"armv7l-linux" = armv7l-hf-multiplatform;
"aarch64-linux" = aarch64-multiplatform;
"mipsel-linux" = fuloong2f_n32;
"powerpc64le-linux" = powernv;
i486-linux = pc32;
i586-linux = pc32;
i686-linux = pc32;
x86_64-linux = pc64;
armv5tel-linux = sheevaplug;
armv6l-linux = raspberrypi;
armv7a-linux = armv7l-hf-multiplatform;
armv7l-linux = armv7l-hf-multiplatform;
aarch64-linux = aarch64-multiplatform;
mipsel-linux = fuloong2f_n32;
powerpc64le-linux = powernv;
}.${system} or pcBase;
}

2
lib/trivial.nix
View file

@ -134,7 +134,7 @@ rec {
On each release the first letter is bumped and a new animal is chosen
starting with that new letter.
*/
codeName = "Loris";
codeName = "Markhor";
/* Returns the current nixpkgs version suffix as string. */
versionSuffix =

11
lib/types.nix
View file

@ -42,7 +42,7 @@ rec {
# Default type functor
defaultFunctor = name: {
inherit name;
type = types."${name}" or null;
type = types.${name} or null;
wrapped = null;
payload = null;
binOp = a: b: null;
@ -107,7 +107,7 @@ rec {
merge = mergeEqualOption;
};
int = mkOptionType rec {
int = mkOptionType {
name = "int";
description = "signed integer";
check = isInt;
@ -136,7 +136,7 @@ rec {
sign = bit: range: ign (0 - (range / 2)) (range / 2 - 1)
"signedInt${toString bit}" "${toString bit} bit signed integer";
in rec {
in {
/* An int with a fixed range.
*
* Example:
@ -172,7 +172,7 @@ rec {
# Alias of u16 for a port number
port = ints.u16;
float = mkOptionType rec {
float = mkOptionType {
name = "float";
description = "floating point number";
check = isFloat;
@ -217,7 +217,8 @@ rec {
# Deprecated; should not be used because it quietly concatenates
# strings, which is usually not what you want.
string = separatedString "";
string = warn "types.string is deprecated because it quietly concatenates strings"
(separatedString "");
attrs = mkOptionType {
name = "attrs";

2
lib/versions.nix
View file

@ -7,7 +7,7 @@ let
in
rec {
{
/* Get the major version string from a string.

67
maintainers/maintainer-list.nix
View file

@ -1225,11 +1225,15 @@
githubId = 25088352;
name = "Christian Kögler";
};
ckampka = {
kampka = {
email = "christian@kampka.net";
github = "kampka";
githubId = 422412;
name = "Christian Kampka";
keys = [{
longkeyid = "ed25519/0x1CBE9645DD68E915";
fingerprint = "F7FA 0BD0 8775 337C F6AB 4A14 1CBE 9645 DD68 E915";
}];
};
ckauhaus = {
email = "kc@flyingcircus.io";
@ -1633,6 +1637,12 @@
githubId = 10913120;
name = "Dje4321";
};
dkabot = {
email = "dkabot@dkabot.com";
github = "dkabot";
githubId = 1316469;
name = "Naomi Morse";
};
dmalikov = {
email = "malikov.d.y@gmail.com";
github = "dmalikov";
@ -2091,7 +2101,7 @@
githubId = 2817965;
name = "f--t";
};
f-breidenstein = {
fleaz = {
email = "mail@felixbreidenstein.de";
github = "fleaz";
githubId = 2489598;
@ -2592,6 +2602,15 @@
email = "t@larkery.com";
name = "Tom Hinton";
};
hkjn = {
email = "me@hkjn.me";
name = "Henrik Jonsson";
github = "hkjn";
keys = [{
longkeyid = "rsa4096/0x03EFBF839A5FDC15";
fingerprint = "D618 7A03 A40A 3D56 62F5 4B46 03EF BF83 9A5F DC15";
}];
};
hlolli = {
email = "hlolli@gmail.com";
github = "hlolli";
@ -3069,6 +3088,16 @@
githubId = 8735102;
name = "John Ramsden";
};
jojosch = {
name = "Johannes Schleifenbaum";
email = "johannes@js-webcoding.de";
github = "jojosch";
githubId = 327488;
keys = [{
longkeyid = "ed25519/059093B1A278BCD0";
fingerprint = "7249 70E6 A661 D84E 8B47 678A 0590 93B1 A278 BCD0";
}];
};
joko = {
email = "ioannis.koutras@gmail.com";
github = "jokogr";
@ -3229,6 +3258,12 @@
githubId = 1047859;
name = "Kaz Wesley";
};
kcalvinalvin = {
email = "calvin@kcalvinalvin.info";
github = "kcalvinalvin";
githubId = 37185887;
name = "Calvin Kim";
};
kentjames = {
email = "jameschristopherkent@gmail.com";
github = "kentjames";
@ -4584,6 +4619,12 @@
githubId = 9939720;
name = "Philippe Nguyen";
};
nrdxp = {
email = "tim.deh@pm.me";
github = "nrdxp";
githubId = 34083928;
name = "Tim DeHerrera";
};
nshalman = {
email = "nahamu@gmail.com";
github = "nshalman";
@ -4756,6 +4797,12 @@
githubId = 11016164;
name = "Fedor Pakhomov";
};
pamplemousse = {
email = "xav.maso@gmail.com";
github = "Pamplemousse";
githubId = 2647236;
name = "Xavier Maso";
};
panaeon = {
email = "vitalii.voloshyn@gmail.com";
github = "panaeon";
@ -5095,6 +5142,12 @@
githubId = 9568176;
name = "Piotr Halama";
};
puckipedia = {
email = "puck@puckipedia.com";
github = "puckipedia";
githubId = 488734;
name = "Puck Meerburg";
};
puffnfresh = {
email = "brian@brianmckenna.org";
github = "puffnfresh";
@ -5403,6 +5456,12 @@
githubId = 852967;
name = "Russell O'Connor";
};
roelvandijk = {
email = "roel@lambdacube.nl";
github = "roelvandijk";
githubId = 710906;
name = "Roel van Dijk";
};
romildo = {
email = "malaquias@gmail.com";
github = "romildo";
@ -5790,6 +5849,10 @@
github = "sikmir";
githubId = 688044;
name = "Nikolay Korotkiy";
keys = [{
longkeyid = "rsa2048/0xD1DE6D7F693663A5";
fingerprint = "ADF4 C13D 0E36 1240 BD01 9B51 D1DE 6D7F 6936 63A5";
}];
};
simonvandel = {
email = "simon.vandel@gmail.com";

4
maintainers/scripts/luarocks-config.lua Normal file
View file

@ -0,0 +1,4 @@
rocks_servers = {
"https://luarocks.org"
}
version_check_on_fail = false

2
maintainers/scripts/luarocks-packages.csv
View file

@ -52,7 +52,9 @@ luasocket,,,,,
luasql-sqlite3,,,,,vyp
luassert,,,,,
luasystem,,,,,
luautf8,,,,,pstn
luazip,,,,,
lua-yajl,,,,,pstn
luuid,,,,,
luv,,,,,
markdown,,,,,

1 # nix name luarocks name server version luaversion maintainers
52 luasql-sqlite3 vyp
53 luassert
54 luasystem
55 luautf8 pstn
56 luazip
57 lua-yajl pstn
58 luuid
59 luv
60 markdown

1
maintainers/scripts/update-luarocks-packages
View file

@ -15,6 +15,7 @@ CSV_FILE="maintainers/scripts/luarocks-packages.csv"
TMP_FILE="$(mktemp)"
# Set in the update-luarocks-shell.nix
NIXPKGS_PATH="$LUAROCKS_NIXPKGS_PATH"
export LUAROCKS_CONFIG="$NIXPKGS_PATH/maintainers/scripts/luarocks-config.lua"
# 10 is a pretty arbitrary number of simultaneous jobs, but it is generally
# impolite to hit a webserver with *too* many simultaneous connections :)

13
maintainers/scripts/update-ruby-packages Executable file
View file

@ -0,0 +1,13 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bundler bundix
set -euf -o pipefail
(
cd pkgs/development/ruby-modules/with-packages
rm -f gemset.nix Gemfile.lock
bundle lock
bundix
mv gemset.nix ../../../top-level/ruby-packages.nix
rm -f Gemfile.lock
)

2
nixos/doc/manual/Makefile
View file

@ -24,7 +24,7 @@ fix-misc-xml:
clean:
rm -f manual-combined.xml generated
generated: ./options-to-docbook.xsl
generated:
nix-build ../../release.nix \
--attr manualGeneratedSources.x86_64-linux \
--out-link ./generated

6
nixos/doc/manual/configuration/customizing-packages.xml
View file

@ -24,8 +24,8 @@
<para>
Apart from high-level options, its possible to tweak a package in almost
arbitrary ways, such as changing or disabling dependencies of a package. For
instance, the Emacs package in Nixpkgs by default has a dependency on GTK+ 2.
If you want to build it against GTK+ 3, you can specify that as follows:
instance, the Emacs package in Nixpkgs by default has a dependency on GTK 2.
If you want to build it against GTK 3, you can specify that as follows:
<programlisting>
<xref linkend="opt-environment.systemPackages"/> = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];
</programlisting>
@ -33,7 +33,7 @@
function that produces Emacs, with the original arguments amended by the set
of arguments specified by you. So here the function argument
<varname>gtk</varname> gets the value <literal>pkgs.gtk3</literal>, causing
Emacs to depend on GTK+ 3. (The parentheses are necessary because in Nix,
Emacs to depend on GTK 3. (The parentheses are necessary because in Nix,
function application binds more weakly than list construction, so without
them, <xref linkend="opt-environment.systemPackages"/> would be a list with
two elements.)

2
nixos/doc/manual/configuration/profiles/clone-config.xml
View file

@ -16,6 +16,6 @@
On images where the installation media also becomes an installation target,
copying over <literal>configuration.nix</literal> should be disabled by
setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
This is already done in <literal>sd-image.nix</literal>.
For example, this is done in <literal>sd-image-aarch64.nix</literal>.
</para>
</section>

6
nixos/doc/manual/configuration/x-windows.xml
View file

@ -279,6 +279,12 @@ xkb_symbols &quot;media&quot;
<programlisting>
<xref linkend="opt-services.xserver.displayManager.sessionCommands"/> = "setxkbmap -keycodes media";
</programlisting>
<para>
If you are manually starting the X server, you should set the argument
<literal>-xkbdir /etc/X11/xkb</literal>, otherwise X won't find your layout files.
For example with <command>xinit</command> run
<screen><prompt>$ </prompt>xinit -- -xkbdir /etc/X11/xkb</screen>
</para>
<para>
To learn how to write layouts take a look at the XKB
<link xlink:href="https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts">

6
nixos/doc/manual/installation/installing.xml
View file

@ -392,7 +392,11 @@
<filename>hardware-configuration.nix</filename> is included from
<filename>configuration.nix</filename> and will be overwritten by future
invocations of <command>nixos-generate-config</command>; thus, you
generally should not modify it.)
generally should not modify it.) Additionally, you may want to look at
<link xlink:href="https://github.com/NixOS/nixos-hardware">Hardware
configuration for known-hardware</link> at this point or after
installation.
</para>
<note>
<para>

1
nixos/doc/manual/release-notes/release-notes.xml
View file

@ -8,6 +8,7 @@
This section lists the release notes for each stable version of NixOS and
current unstable revision.
</para>
<xi:include href="rl-2003.xml" />
<xi:include href="rl-1909.xml" />
<xi:include href="rl-1903.xml" />
<xi:include href="rl-1809.xml" />

2
nixos/doc/manual/release-notes/rl-1703.xml
View file

@ -730,7 +730,7 @@ in
</listitem>
<listitem>
<para>
<literal>jre</literal> now defaults to GTK+ UI by default. This improves
<literal>jre</literal> now defaults to GTK UI by default. This improves
visual consistency and makes Java follow system font style, improving the
situation on HighDPI displays. This has a cost of increased closure size;
for server and other headless workloads it's recommended to use

196
nixos/doc/manual/release-notes/rl-1909.xml
View file

@ -57,6 +57,64 @@
and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading.
</para>
</listitem>
<listitem>
<para>
The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages
like games.
<itemizedlist>
<para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para>
<listitem><para><xref linkend="opt-services.gnome3.core-os-services.enable"/></para></listitem>
<listitem><para><xref linkend="opt-services.gnome3.core-shell.enable"/></para></listitem>
<listitem><para><xref linkend="opt-services.gnome3.core-utilities.enable"/></para></listitem>
<listitem><para><xref linkend="opt-services.gnome3.games.enable"/></para></listitem>
</itemizedlist>
With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually
disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications.
<option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option>
in the GNOME 3 module.
</para>
</listitem>
<listitem>
<para>
Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications
to match as close as possible to a default reference GNOME 3 experience.
</para>
<bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead>
<itemizedlist>
<title>Applications removed from defaults:</title>
<listitem><para><literal>accerciser</literal></para></listitem>
<listitem><para><literal>dconf-editor</literal></para></listitem>
<listitem><para><literal>evolution</literal></para></listitem>
<listitem><para><literal>gnome-documents</literal></para></listitem>
<listitem><para><literal>gnome-nettool</literal></para></listitem>
<listitem><para><literal>gnome-power-manager</literal></para></listitem>
<listitem><para><literal>gnome-todo</literal></para></listitem>
<listitem><para><literal>gnome-tweaks</literal></para></listitem>
<listitem><para><literal>gnome-usage</literal></para></listitem>
<listitem><para><literal>gucharmap</literal></para></listitem>
<listitem><para><literal>nautilus-sendto</literal></para></listitem>
<listitem><para><literal>vinagre</literal></para></listitem>
</itemizedlist>
<itemizedlist>
<title>Applications added to defaults:</title>
<listitem><para><literal>cheese</literal></para></listitem>
<listitem><para><literal>geary</literal></para></listitem>
</itemizedlist>
<bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead>
<itemizedlist>
<title>Applications added to defaults:</title>
<listitem><para><literal>gnome-color-manager</literal></para></listitem>
<listitem><para><literal>orca</literal></para></listitem>
</itemizedlist>
<itemizedlist>
<title>Services enabled:</title>
<listitem><para><option>services.avahi.enable</option></para></listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
@ -77,7 +135,43 @@
<literal>./programs/dwm-status.nix</literal>
</para>
</listitem>
<listitem>
<para>
The new <varname>hardware.printers</varname> module allows to declaratively configure CUPS printers
via the <varname>ensurePrinters</varname> and
<varname>ensureDefaultPrinter</varname> options.
<varname>ensurePrinters</varname> will never delete existing printers,
but will make sure that the given printers are configured as declared.
</para>
</listitem>
<listitem>
<para>
There is a new <xref linkend="opt-services.system-config-printer.enable"/> and <xref linkend="opt-programs.system-config-printer.enable"/> module
for the program of the same name. If you previously had <literal>system-config-printer</literal> enabled through some other
means you should migrate to using one of these modules.
</para>
<itemizedlist>
<para>If you're a user of the following desktopManager modules no action is needed:</para>
<listitem>
<para><option>services.xserver.desktopManager.plasma5</option></para>
</listitem>
<listitem>
<para><option>services.xserver.desktopManager.gnome3</option></para>
</listitem>
<listitem>
<para><option>services.xserver.desktopManager.pantheon</option></para>
</listitem>
<listitem>
<para><option>services.xserver.desktopManager.mate</option></para>
<para>
Note Mate uses <literal>programs.system-config-printer</literal> as it doesn't
use it as a service, but its graphical interface directly.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
@ -110,6 +204,11 @@
accordingly.
</para>
</listitem>
<listitem>
<para>
PostgreSQL 9.4 is scheduled EOL during the 19.09 life cycle and has been removed.
</para>
</listitem>
<listitem>
<para>
The options <option>services.prometheus.alertmanager.user</option> and
@ -348,7 +447,37 @@
What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>.
</para>
</listitem>
<listitem>
<para>
<option>services.xserver.desktopManager.xterm</option> is now disabled by default if <literal>stateVersion</literal> is 19.09 or higher.
Previously the xterm desktopManager was enabled when xserver was enabled, but it isn't useful for all people so it didn't make sense to
have any desktopManager enabled default.
</para>
</listitem>
<listitem>
<para>
The WeeChat plugin <literal>pkgs.weechatScripts.weechat-xmpp</literal> has been removed as it doesn't receive
any updates from upstream and depends on outdated Python2-based modules.
</para>
</listitem>
<listitem>
<para>
Old unsupported versions (<literal>logstash5</literal>,
<literal>kibana5</literal>,
<literal>filebeat5</literal>,
<literal>heartbeat5</literal>,
<literal>metricbeat5</literal>,
<literal>packetbeat5</literal>) of the ELK-stack and Elastic beats have been removed.
</para>
</listitem>
<listitem>
<para>
For NixOS 19.03, both Prometheus 1 and 2 were available to allow for
a seamless transition from version 1 to 2 with existing setups.
Because Prometheus 1 is no longer developed, it was removed.
Prometheus 2 is now configured with <literal>services.prometheus</literal>.
</para>
</listitem>
</itemizedlist>
</section>
@ -547,8 +676,8 @@
</para>
</listitem>
</itemizedlist>
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>.
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
and restricts the SysRq key combinations to the sync command only.
These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
(which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>).
@ -591,6 +720,67 @@
The defaults from fontconfig are sufficient.
</para>
</listitem>
<listitem>
<para>
The <literal>crashplan</literal> package and the
<literal>crashplan</literal> service have been removed from nixpkgs due to
crashplan shutting down the service, while the <literal>crashplansb</literal>
package and <literal>crashplan-small-business</literal> service have been
removed from nixpkgs due to lack of maintainer.
</para>
<para>
The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user,
<filename class="directory">/run/redis</filename> as runtime directory and
<filename class="directory">/var/lib/redis</filename> as state directory.
Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP),
because this features causes major performance problems for Redis,
e.g. (https://redis.io/topics/latency).
</para>
</listitem>
<listitem>
<para>
Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>.
<itemizedlist>
<para>Users of the following options will have this enabled by default:</para>
<listitem>
<para><option>services.xserver.enable</option></para>
</listitem>
<listitem>
<para><option>programs.sway.enable</option></para>
</listitem>
<listitem>
<para><option>programs.way-cooler.enable</option></para>
</listitem>
<listitem>
<para><option>services.xrdp.enable</option></para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The <literal>altcoins</literal> categorization of packages has
been removed. You now access these packages at the top level,
ie. <literal>nix-shell -p dogecoin</literal> instead of
<literal>nix-shell -p altcoins.dogecoin</literal>, etc.
</para>
</listitem>
<listitem>
<para>
Ceph has been upgraded to v14.2.1.
See the <link xlink:href="https://ceph.com/releases/v14-2-0-nautilus-released/">release notes</link> for details.
The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module.
Note: There's been some issues with python-cherrypy, which is used by the dashboard
and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.weechat</literal> is now compiled against <literal>pkgs.python3</literal>.
Weechat also recommends <link xlink:href="https://weechat.org/scripts/python3/">to use Python3
in their docs.</link>
</para>
</listitem>
</itemizedlist>
</section>
</section>

80
nixos/doc/manual/release-notes/rl-2003.xml Normal file
View file

@ -0,0 +1,80 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.03">
<title>Release 20.03 (“Markhor”, 2020.03/??)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.03-highlights">
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release has the
following highlights:
</para>
<itemizedlist>
<listitem>
<para>
Support is planned until the end of October 2020, handing over to 20.09.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.03-new-services">
<title>New Services</title>
<para>
The following new services were added since the last release:
</para>
<itemizedlist>
<listitem>
<para />
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.03-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para />
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.03-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para />
</listitem>
</itemizedlist>
</section>
</section>

2
nixos/lib/make-options-doc/default.nix
View file

@ -126,7 +126,7 @@ let
}
'';
in rec {
in {
inherit optionsNix;
optionsAsciiDoc = lib.concatStringsSep "\n" (lib.mapAttrsToList singleAsciiDoc optionsNix);

8
nixos/lib/qemu-flags.nix
View file

@ -17,9 +17,9 @@ in
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
qemuBinary = qemuPkg: {
"x86_64-linux" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
"armv7l-linux" = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
"aarch64-linux" = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
"x86_64-darwin" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
}.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm";
}

112
nixos/lib/utils.nix
View file

@ -24,4 +24,116 @@ rec {
throw "${shell} is not a shell package"
else
shell;
/* Recurse into a list or an attrset, searching for attrs named like
the value of the "attr" parameter, and return an attrset where the
names are the corresponding jq path where the attrs were found and
the values are the values of the attrs.
Example:
recursiveGetAttrWithJqPrefix {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
};
};
}
];
} "_secret" -> { ".example[1].relevant.secret" = "/path/to/secret"; }
*/
recursiveGetAttrWithJqPrefix = item: attr:
let
recurse = prefix: item:
if item ? ${attr} then
nameValuePair prefix item.${attr}
else if isAttrs item then
map (name: recurse (prefix + "." + name) item.${name}) (attrNames item)
else if isList item then
imap0 (index: item: recurse (prefix + "[${toString index}]") item) item
else
[];
in listToAttrs (flatten (recurse "" item));
/* Takes an attrset and a file path and generates a bash snippet that
outputs a JSON file at the file path with all instances of
{ _secret = "/path/to/secret" }
in the attrset replaced with the contents of the file
"/path/to/secret" in the output JSON.
When a configuration option accepts an attrset that is finally
converted to JSON, this makes it possible to let the user define
arbitrary secret values.
Example:
If the file "/path/to/secret" contains the string
"topsecretpassword1234",
genJqSecretsReplacementSnippet {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
};
};
}
];
} "/path/to/output.json"
would generate a snippet that, when run, outputs the following
JSON file at "/path/to/output.json":
{
"example": [
{
"irrelevant": "not interesting"
},
{
"ignored": "ignored attr",
"relevant": {
"secret": "topsecretpassword1234"
}
}
]
}
*/
genJqSecretsReplacementSnippet = genJqSecretsReplacementSnippet' "_secret";
# Like genJqSecretsReplacementSnippet, but allows the name of the
# attr which identifies the secret to be changed.
genJqSecretsReplacementSnippet' = attr: set: output:
let
secrets = recursiveGetAttrWithJqPrefix set attr;
in ''
if [[ -h '${output}' ]]; then
rm '${output}'
fi
''
+ concatStringsSep
"\n"
(imap1 (index: name: "export secret${toString index}=$(<'${secrets.${name}}')")
(attrNames secrets))
+ "\n"
+ "${pkgs.jq}/bin/jq >'${output}' '"
+ concatStringsSep
" | "
(imap1 (index: name: ''${name} = $ENV.secret${toString index}'')
(attrNames secrets))
+ ''
' <<'EOF'
${builtins.toJSON set}
EOF
'';
}

28
nixos/maintainers/scripts/ec2/amazon-image.nix
View file

@ -17,7 +17,7 @@ in {
name = mkOption {
type = types.str;
description = "The name of the generated derivation";
default = "nixos-disk-image";
default = "nixos-amazon-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}";
};
contents = mkOption {
@ -42,7 +42,7 @@ in {
format = mkOption {
type = types.enum [ "raw" "qcow2" "vpc" ];
default = "qcow2";
default = "vpc";
description = "The image format to output";
};
};
@ -51,7 +51,9 @@ in {
inherit lib config;
inherit (cfg) contents format name;
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
partitionTableType = if config.ec2.hvm then "legacy" else "none";
partitionTableType = if config.ec2.efi then "efi"
else if config.ec2.hvm then "legacy"
else "none";
diskSize = cfg.sizeMB;
fsType = "ext4";
configFile = pkgs.writeText "configuration.nix"
@ -61,7 +63,27 @@ in {
${optionalString config.ec2.hvm ''
ec2.hvm = true;
''}
${optionalString config.ec2.efi ''
ec2.efi = true;
''}
}
'';
postVM = ''
extension=''${diskImage##*.}
friendlyName=$out/${cfg.name}.$extension
mv "$diskImage" "$friendlyName"
diskImage=$friendlyName
mkdir -p $out/nix-support
echo "file ${cfg.format} $diskImage" >> $out/nix-support/hydra-build-products
${pkgs.jq}/bin/jq -n \
--arg label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg file "$diskImage" \
'$ARGS.named' \
> $out/nix-support/image-info.json
'';
};
}

513
nixos/maintainers/scripts/ec2/create-amis.sh
View file

@ -1,279 +1,296 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p qemu ec2_ami_tools jq ec2_api_tools awscli
#!nix-shell -p awscli -p jq -p qemu -i bash
# To start with do: nix-shell -p awscli --run "aws configure"
# Uploads and registers NixOS images built from the
# <nixos/release.nix> amazonImage attribute. Images are uploaded and
# registered via a home region, and then copied to other regions.
set -e
set -o pipefail
# The home region requires an s3 bucket, and a "vmimport" IAM role
# with access to the S3 bucket. Configuration of the vmimport role is
# documented in
# https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.version | sed s/'"'//g)
major=${version:0:5}
echo "NixOS version is $version ($major)"
# set -x
set -euo pipefail
stateDir=/home/deploy/amis/ec2-image-$version
echo "keeping state in $stateDir"
mkdir -p $stateDir
# configuration
state_dir=/home/deploy/amis/ec2-images
home_region=eu-west-1
bucket=nixos-amis
rm -f ec2-amis.nix
regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1
us-east-1 us-east-2 us-west-1 us-west-2
ca-central-1
ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2
ap-south-1 ap-east-1
sa-east-1)
types="hvm"
stores="ebs"
regions="eu-west-1 eu-west-2 eu-west-3 eu-central-1 us-east-1 us-east-2 us-west-1 us-west-2 ca-central-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2 sa-east-1 ap-south-1"
log() {
echo "$@" >&2
}
for type in $types; do
link=$stateDir/$type
imageFile=$link/nixos.qcow2
system=x86_64-linux
arch=x86_64
if [ -z "$1" ]; then
log "Usage: ./upload-amazon-image.sh IMAGE_OUTPUT"
exit 1
fi
# Build the image.
if ! [ -L $link ]; then
if [ $type = pv ]; then hvmFlag=false; else hvmFlag=true; fi
# result of the amazon-image from nixos/release.nix
store_path=$1
echo "building image type '$type'..."
nix-build -o $link \
'<nixpkgs/nixos>' \
-A config.system.build.amazonImage \
--arg configuration "{ imports = [ <nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix> ]; ec2.hvm = $hvmFlag; }"
if [ ! -e "$store_path" ]; then
log "Store path: $store_path does not exist, fetching..."
nix-store --realise "$store_path"
fi
if [ ! -d "$store_path" ]; then
log "store_path: $store_path is not a directory. aborting"
exit 1
fi
read_image_info() {
if [ ! -e "$store_path/nix-support/image-info.json" ]; then
log "Image missing metadata"
exit 1
fi
jq -r "$1" "$store_path/nix-support/image-info.json"
}
# We handle a single image per invocation, store all attributes in
# globals for convenience.
image_label=$(read_image_info .label)
image_system=$(read_image_info .system)
image_file=$(read_image_info .file)
image_logical_bytes=$(read_image_info .logical_bytes)
# Derived attributes
image_logical_gigabytes=$((($image_logical_bytes-1)/1024/1024/1024+1)) # Round to the next GB
case "$image_system" in
aarch64-linux)
amazon_arch=arm64
;;
x86_64-linux)
amazon_arch=x86_64
;;
*)
log "Unknown system: $image_system"
exit 1
esac
image_name="NixOS-${image_label}-${image_system}"
image_description="NixOS ${image_label} ${image_system}"
log "Image Details:"
log " Name: $image_name"
log " Description: $image_description"
log " Size (gigabytes): $image_logical_gigabytes"
log " System: $image_system"
log " Amazon Arch: $amazon_arch"
read_state() {
local state_key=$1
local type=$2
cat "$state_dir/$state_key.$type" 2>/dev/null || true
}
write_state() {
local state_key=$1
local type=$2
local val=$3
mkdir -p $state_dir
echo "$val" > "$state_dir/$state_key.$type"
}
wait_for_import() {
local region=$1
local task_id=$2
local state snapshot_id
log "Waiting for import task $task_id to be completed"
while true; do
read state progress snapshot_id < <(
aws ec2 describe-import-snapshot-tasks --region $region --import-task-ids "$task_id" | \
jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail | "\(.Status) \(.Progress) \(.SnapshotId)"'
)
log " ... state=$state progress=$progress snapshot_id=$snapshot_id"
case "$state" in
active)
sleep 10
;;
completed)
echo "$snapshot_id"
return
;;
*)
log "Unexpected snapshot import state: '${state}'"
exit 1
;;
esac
done
}
wait_for_image() {
local region=$1
local ami_id=$2
local state
log "Waiting for image $ami_id to be available"
while true; do
read state < <(
aws ec2 describe-images --image-ids "$ami_id" --region $region | \
jq -r ".Images[].State"
)
log " ... state=$state"
case "$state" in
pending)
sleep 10
;;
available)
return
;;
*)
log "Unexpected AMI state: '${state}'"
exit 1
;;
esac
done
}
make_image_public() {
local region=$1
local ami_id=$2
wait_for_image $region "$ami_id"
log "Making image $ami_id public"
aws ec2 modify-image-attribute \
--image-id "$ami_id" --region "$region" --launch-permission 'Add={Group=all}' >&2
}
upload_image() {
local region=$1
local aws_path=${image_file#/}
local state_key="$region.$image_label.$image_system"
local task_id=$(read_state "$state_key" task_id)
local snapshot_id=$(read_state "$state_key" snapshot_id)
local ami_id=$(read_state "$state_key" ami_id)
if [ -z "$task_id" ]; then
log "Checking for image on S3"
if ! aws s3 ls --region "$region" "s3://${bucket}/${aws_path}" >&2; then
log "Image missing from aws, uploading"
aws s3 cp --region $region "$image_file" "s3://${bucket}/${aws_path}" >&2
fi
log "Importing image from S3 path s3://$bucket/$aws_path"
task_id=$(aws ec2 import-snapshot --disk-container "{
\"Description\": \"nixos-image-${image_label}-${image_system}\",
\"Format\": \"vhd\",
\"UserBucket\": {
\"S3Bucket\": \"$bucket\",
\"S3Key\": \"$aws_path\"
}
}" --region $region | jq -r '.ImportTaskId')
write_state "$state_key" task_id "$task_id"
fi
for store in $stores; do
if [ -z "$snapshot_id" ]; then
snapshot_id=$(wait_for_import "$region" "$task_id")
write_state "$state_key" snapshot_id "$snapshot_id"
fi
bucket=nixos-amis
bucketDir="$version-$type-$store"
if [ -z "$ami_id" ]; then
log "Registering snapshot $snapshot_id as AMI"
prevAmi=
prevRegion=
local block_device_mappings=(
"DeviceName=/dev/sda1,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp2}"
)
for region in $regions; do
local extra_flags=(
--root-device-name /dev/sda1
--sriov-net-support simple
--ena-support
--virtualization-type hvm
)
name=nixos-$version-$arch-$type-$store
description="NixOS $system $version ($type-$store)"
block_device_mappings+=(DeviceName=/dev/sdb,VirtualName=ephemeral0)
block_device_mappings+=(DeviceName=/dev/sdc,VirtualName=ephemeral1)
block_device_mappings+=(DeviceName=/dev/sdd,VirtualName=ephemeral2)
block_device_mappings+=(DeviceName=/dev/sde,VirtualName=ephemeral3)
amiFile=$stateDir/$region.$type.$store.ami-id
ami_id=$(
aws ec2 register-image \
--name "$image_name" \
--description "$image_description" \
--region $region \
--architecture $amazon_arch \
--block-device-mappings "${block_device_mappings[@]}" \
"${extra_flags[@]}" \
| jq -r '.ImageId'
)
if ! [ -e $amiFile ]; then
write_state "$state_key" ami_id "$ami_id"
fi
echo "doing $name in $region..."
make_image_public $region "$ami_id"
if [ -n "$prevAmi" ]; then
ami=$(aws ec2 copy-image \
--region "$region" \
--source-region "$prevRegion" --source-image-id "$prevAmi" \
--name "$name" --description "$description" | jq -r '.ImageId')
if [ "$ami" = null ]; then break; fi
else
echo "$ami_id"
}
if [ $store = s3 ]; then
copy_to_region() {
local region=$1
local from_region=$2
local from_ami_id=$3
# Bundle the image.
imageDir=$stateDir/$type-bundled
state_key="$region.$image_label.$image_system"
ami_id=$(read_state "$state_key" ami_id)
# Convert the image to raw format.
rawFile=$stateDir/$type.raw
if ! [ -e $rawFile ]; then
qemu-img convert -f qcow2 -O raw $imageFile $rawFile.tmp
mv $rawFile.tmp $rawFile
fi
if [ -z "$ami_id" ]; then
log "Copying $from_ami_id to $region"
ami_id=$(
aws ec2 copy-image \
--region "$region" \
--source-region "$from_region" \
--source-image-id "$from_ami_id" \
--name "$image_name" \
--description "$image_description" \
| jq -r '.ImageId'
)
if ! [ -d $imageDir ]; then
rm -rf $imageDir.tmp
mkdir -p $imageDir.tmp
ec2-bundle-image \
-d $imageDir.tmp \
-i $rawFile --arch $arch \
--user "$AWS_ACCOUNT" -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
mv $imageDir.tmp $imageDir
fi
write_state "$state_key" ami_id "$ami_id"
fi
# Upload the bundle to S3.
if ! [ -e $imageDir/uploaded ]; then
echo "uploading bundle to S3..."
ec2-upload-bundle \
-m $imageDir/$type.raw.manifest.xml \
-b "$bucket/$bucketDir" \
-a "$AWS_ACCESS_KEY_ID" -s "$AWS_SECRET_ACCESS_KEY" \
--location EU
touch $imageDir/uploaded
fi
make_image_public $region "$ami_id"
extraFlags="--image-location $bucket/$bucketDir/$type.raw.manifest.xml"
echo "$ami_id"
}
else
upload_all() {
home_image_id=$(upload_image "$home_region")
jq -n \
--arg key "$home_region.$image_system" \
--arg value "$home_image_id" \
'$ARGS.named'
# Convert the image to vhd format so we don't have
# to upload a huge raw image.
vhdFile=$stateDir/$type.vhd
if ! [ -e $vhdFile ]; then
qemu-img convert -f qcow2 -O vpc $imageFile $vhdFile.tmp
mv $vhdFile.tmp $vhdFile
fi
vhdFileLogicalBytes="$(qemu-img info "$vhdFile" | grep ^virtual\ size: | cut -f 2 -d \( | cut -f 1 -d \ )"
vhdFileLogicalGigaBytes=$(((vhdFileLogicalBytes-1)/1024/1024/1024+1)) # Round to the next GB
echo "Disk size is $vhdFileLogicalBytes bytes. Will be registered as $vhdFileLogicalGigaBytes GB."
taskId=$(cat $stateDir/$region.$type.task-id 2> /dev/null || true)
volId=$(cat $stateDir/$region.$type.vol-id 2> /dev/null || true)
snapId=$(cat $stateDir/$region.$type.snap-id 2> /dev/null || true)
# Import the VHD file.
if [ -z "$snapId" -a -z "$volId" -a -z "$taskId" ]; then
echo "importing $vhdFile..."
taskId=$(ec2-import-volume $vhdFile --no-upload -f vhd \
-O "$AWS_ACCESS_KEY_ID" -W "$AWS_SECRET_ACCESS_KEY" \
-o "$AWS_ACCESS_KEY_ID" -w "$AWS_SECRET_ACCESS_KEY" \
--region "$region" -z "${region}a" \
--bucket "$bucket" --prefix "$bucketDir/" \
| tee /dev/stderr \
| sed 's/.*\(import-vol-[0-9a-z]\+\).*/\1/ ; t ; d')
echo -n "$taskId" > $stateDir/$region.$type.task-id
fi
if [ -z "$snapId" -a -z "$volId" ]; then
ec2-resume-import $vhdFile -t "$taskId" --region "$region" \
-O "$AWS_ACCESS_KEY_ID" -W "$AWS_SECRET_ACCESS_KEY" \
-o "$AWS_ACCESS_KEY_ID" -w "$AWS_SECRET_ACCESS_KEY"
fi
# Wait for the volume creation to finish.
if [ -z "$snapId" -a -z "$volId" ]; then
echo "waiting for import to finish..."
while true; do
volId=$(aws ec2 describe-conversion-tasks --conversion-task-ids "$taskId" --region "$region" | jq -r .ConversionTasks[0].ImportVolume.Volume.Id)
if [ "$volId" != null ]; then break; fi
sleep 10
done
echo -n "$volId" > $stateDir/$region.$type.vol-id
fi
# Delete the import task.
if [ -n "$volId" -a -n "$taskId" ]; then
echo "removing import task..."
ec2-delete-disk-image -t "$taskId" --region "$region" \
-O "$AWS_ACCESS_KEY_ID" -W "$AWS_SECRET_ACCESS_KEY" \
-o "$AWS_ACCESS_KEY_ID" -w "$AWS_SECRET_ACCESS_KEY" || true
rm -f $stateDir/$region.$type.task-id
fi
# Create a snapshot.
if [ -z "$snapId" ]; then
echo "creating snapshot..."
# FIXME: this can fail with InvalidVolume.NotFound. Eventual consistency yay.
snapId=$(aws ec2 create-snapshot --volume-id "$volId" --region "$region" --description "$description" | jq -r .SnapshotId)
if [ "$snapId" = null ]; then exit 1; fi
echo -n "$snapId" > $stateDir/$region.$type.snap-id
fi
# Wait for the snapshot to finish.
echo "waiting for snapshot to finish..."
while true; do
status=$(aws ec2 describe-snapshots --snapshot-ids "$snapId" --region "$region" | jq -r .Snapshots[0].State)
if [ "$status" = completed ]; then break; fi
sleep 10
done
# Delete the volume.
if [ -n "$volId" ]; then
echo "deleting volume..."
aws ec2 delete-volume --volume-id "$volId" --region "$region" || true
rm -f $stateDir/$region.$type.vol-id
fi
blockDeviceMappings="DeviceName=/dev/sda1,Ebs={SnapshotId=$snapId,VolumeSize=$vhdFileLogicalGigaBytes,DeleteOnTermination=true,VolumeType=gp2}"
extraFlags=""
if [ $type = pv ]; then
extraFlags+=" --root-device-name /dev/sda1"
else
extraFlags+=" --root-device-name /dev/sda1"
extraFlags+=" --sriov-net-support simple"
extraFlags+=" --ena-support"
fi
blockDeviceMappings+=" DeviceName=/dev/sdb,VirtualName=ephemeral0"
blockDeviceMappings+=" DeviceName=/dev/sdc,VirtualName=ephemeral1"
blockDeviceMappings+=" DeviceName=/dev/sdd,VirtualName=ephemeral2"
blockDeviceMappings+=" DeviceName=/dev/sde,VirtualName=ephemeral3"
fi
if [ $type = hvm ]; then
extraFlags+=" --sriov-net-support simple"
extraFlags+=" --ena-support"
fi
# Register the AMI.
if [ $type = pv ]; then
kernel=$(aws ec2 describe-images --owner amazon --filters "Name=name,Values=pv-grub-hd0_1.05-$arch.gz" | jq -r .Images[0].ImageId)
if [ "$kernel" = null ]; then break; fi
echo "using PV-GRUB kernel $kernel"
extraFlags+=" --virtualization-type paravirtual --kernel $kernel"
else
extraFlags+=" --virtualization-type hvm"
fi
ami=$(aws ec2 register-image \
--name "$name" \
--description "$description" \
--region "$region" \
--architecture "$arch" \
--block-device-mappings $blockDeviceMappings \
$extraFlags | jq -r .ImageId)
if [ "$ami" = null ]; then break; fi
fi
echo -n "$ami" > $amiFile
echo "created AMI $ami of type '$type' in $region..."
else
ami=$(cat $amiFile)
fi
echo "region = $region, type = $type, store = $store, ami = $ami"
if [ -z "$prevAmi" ]; then
prevAmi="$ami"
prevRegion="$region"
fi
done
for region in "${regions[@]}"; do
if [ "$region" = "$home_region" ]; then
continue
fi
copied_image_id=$(copy_to_region "$region" "$home_region" "$home_image_id")
jq -n \
--arg key "$region.$image_system" \
--arg value "$copied_image_id" \
'$ARGS.named'
done
}
done
for type in $types; do
link=$stateDir/$type
system=x86_64-linux
arch=x86_64
for store in $stores; do
for region in $regions; do
name=nixos-$version-$arch-$type-$store
amiFile=$stateDir/$region.$type.$store.ami-id
ami=$(cat $amiFile)
echo "region = $region, type = $type, store = $store, ami = $ami"
echo -n "waiting for AMI..."
while true; do
status=$(aws ec2 describe-images --image-ids "$ami" --region "$region" | jq -r .Images[0].State)
if [ "$status" = available ]; then break; fi
sleep 10
echo -n '.'
done
echo
# Make the image public.
aws ec2 modify-image-attribute \
--image-id "$ami" --region "$region" --launch-permission 'Add={Group=all}'
echo " \"$major\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix
done
done
done
upload_all | jq --slurp from_entries

4
nixos/modules/config/fonts/fontconfig-penultimate.nix
View file

@ -35,8 +35,8 @@ let
then "fontconfig"
else "fontconfig_${version}";
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
cache = makeCache pkgs."${fcPackage}";
cache32 = makeCache pkgs.pkgsi686Linux."${fcPackage}";
cache = makeCache pkgs.${fcPackage};
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage};
in
pkgs.writeText "fc-00-nixos-cache.conf" ''
<?xml version='1.0'?>

2
nixos/modules/config/fonts/fontconfig-ultimate.nix
View file

@ -79,7 +79,7 @@ in
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
fonts.fontconfig.confPackages = [ confPkg ];
environment.variables."INFINALITY_FT" = cfg.preset;
environment.variables.INFINALITY_FT = cfg.preset;
};

23
nixos/modules/config/fonts/fontconfig.nix
View file

@ -51,8 +51,8 @@ let
then "fontconfig"
else "fontconfig_${version}";
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
cache = makeCache pkgs."${fcPackage}";
cache32 = makeCache pkgs.pkgsi686Linux."${fcPackage}";
cache = makeCache pkgs.${fcPackage};
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage};
in
pkgs.writeText "fc-00-nixos-cache.conf" ''
<?xml version='1.0'?>
@ -116,7 +116,7 @@ let
defaultFontsConf =
let genDefault = fonts: name:
optionalString (fonts != []) ''
<alias>
<alias binding="same">
<family>${name}</family>
<prefer>
${concatStringsSep ""
@ -139,6 +139,8 @@ let
${genDefault cfg.defaultFonts.monospace "monospace"}
${genDefault cfg.defaultFonts.emoji "emoji"}
</fontconfig>
'';
@ -344,6 +346,21 @@ in
in case multiple languages must be supported.
'';
};
emoji = mkOption {
type = types.listOf types.str;
default = ["Noto Color Emoji"];
description = ''
System-wide default emoji font(s). Multiple fonts may be listed
in case a font does not support all emoji.
Note that fontconfig matches color emoji fonts preferentially,
so if you want to use a black and white font while having
a color font installed (eg. Noto Color Emoji installed alongside
Noto Emoji), fontconfig will still choose the color font even
when it is later in the list.
'';
};
};
hinting = {

1
nixos/modules/config/fonts/fonts.nix
View file

@ -43,6 +43,7 @@ with lib;
pkgs.xorg.fontmiscmisc
pkgs.xorg.fontcursormisc
pkgs.unifont
pkgs.noto-fonts-emoji
];
};

2
nixos/modules/config/gtk/gtk-icon-cache.nix
View file

@ -7,7 +7,7 @@ with lib;
type = types.bool;
default = config.services.xserver.enable;
description = ''
Whether to build icon theme caches for GTK+ applications.
Whether to build icon theme caches for GTK applications.
'';
};
};

4
nixos/modules/config/krb5/default.nix
View file

@ -15,7 +15,7 @@ let
realms = optionalAttrs (lib.all (value: value != null) [
cfg.defaultRealm cfg.kdc cfg.kerberosAdminServer
]) {
"${cfg.defaultRealm}" = {
${cfg.defaultRealm} = {
kdc = cfg.kdc;
admin_server = cfg.kerberosAdminServer;
};
@ -25,7 +25,7 @@ let
cfg.domainRealm cfg.defaultRealm
]) {
".${cfg.domainRealm}" = cfg.defaultRealm;
"${cfg.domainRealm}" = cfg.defaultRealm;
${cfg.domainRealm} = cfg.defaultRealm;
};
};

8
nixos/modules/config/malloc.nix
View file

@ -6,7 +6,7 @@ let
# The set of alternative malloc(3) providers.
providers = {
"graphene-hardened" = rec {
graphene-hardened = {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
description = ''
An allocator designed to mitigate memory corruption attacks, such as
@ -14,7 +14,7 @@ let
'';
};
"jemalloc" = {
jemalloc = {
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
description = ''
A general purpose allocator that emphasizes fragmentation avoidance
@ -22,7 +22,7 @@ let
'';
};
"scudo" = {
scudo = {
libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
description = ''
A user-mode allocator based on LLVM Sanitizers CombinedAllocator,
@ -32,7 +32,7 @@ let
};
};
providerConf = providers."${cfg.provider}";
providerConf = providers.${cfg.provider};
# An output that contains only the shared library, to avoid
# needlessly bloating the system closure

8
nixos/modules/config/networking.nix
View file

@ -171,13 +171,13 @@ in
environment.etc =
{ # /etc/services: TCP/UDP port assignments.
"services".source = pkgs.iana-etc + "/etc/services";
services.source = pkgs.iana-etc + "/etc/services";
# /etc/protocols: IP protocol numbers.
"protocols".source = pkgs.iana-etc + "/etc/protocols";
protocols.source = pkgs.iana-etc + "/etc/protocols";
# /etc/hosts: Hostname-to-IP mappings.
"hosts".text = let
hosts.text = let
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip};
allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set);
in ''
@ -190,7 +190,7 @@ in
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
# /etc/rpc: RPC program numbers.
"rpc".source = pkgs.glibc.out + "/etc/rpc";
rpc.source = pkgs.glibc.out + "/etc/rpc";
};
networking.proxy.envVars =

4
nixos/modules/config/power-management.nix
View file

@ -78,7 +78,7 @@ in
};
# Service executed before suspending/hibernating.
systemd.services."pre-sleep" =
systemd.services.pre-sleep =
{ description = "Pre-Sleep Actions";
wantedBy = [ "sleep.target" ];
before = [ "sleep.target" ];
@ -89,7 +89,7 @@ in
serviceConfig.Type = "oneshot";
};
systemd.services."post-resume" =
systemd.services.post-resume =
{ description = "Post-Resume Actions";
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
script =

4
nixos/modules/config/shells-environment.nix
View file

@ -163,7 +163,7 @@ in
l = "ls -alh";
};
environment.etc."shells".text =
environment.etc.shells.text =
''
${concatStringsSep "\n" (map utils.toShellPath cfg.shells)}
/bin/sh
@ -171,7 +171,7 @@ in
# For resetting environment with `. /etc/set-environment` when needed
# and discoverability (see motivation of #30418).
environment.etc."set-environment".source = config.system.build.setEnvironment;
environment.etc.set-environment.source = config.system.build.setEnvironment;
system.build.setEnvironment = pkgs.writeText "set-environment"
''

3
nixos/modules/config/system-path.nix
View file

@ -135,6 +135,9 @@ in
# outputs TODO: note that the tools will often not be linked by default
postBuild =
''
# Remove wrapped binaries, they shouldn't be accessible via PATH.
find $out/bin -maxdepth 1 -name ".*-wrapped" -type l -delete
if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
$out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
fi

2
nixos/modules/config/terminfo.nix
View file

@ -8,7 +8,7 @@
"/share/terminfo"
];
environment.etc."terminfo" = {
environment.etc.terminfo = {
source = "${config.system.path}/share/terminfo";
};

16
nixos/modules/config/users-groups.nix
View file

@ -181,7 +181,7 @@ let
};
hashedPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the hashed password for the user.
@ -191,7 +191,7 @@ let
};
password = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the (clear text) password for the user.
@ -203,7 +203,7 @@ let
};
passwordFile = mkOption {
type = with types; uniq (nullOr string);
type = with types; nullOr str;
default = null;
description = ''
The full path to a file that contains the user's password. The password
@ -215,7 +215,7 @@ let
};
initialHashedPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the initial hashed password for the user, i.e. the
@ -230,7 +230,7 @@ let
};
initialPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the initial password for the user, i.e. the
@ -304,7 +304,7 @@ let
};
members = mkOption {
type = with types; listOf string;
type = with types; listOf str;
default = [];
description = ''
The user names of the group members, added to the
@ -546,11 +546,11 @@ in {
environment.systemPackages = systemShells;
environment.etc = {
"subuid" = {
subuid = {
text = subuidFile;
mode = "0644";
};
"subgid" = {
subgid = {
text = subgidFile;
mode = "0644";
};

2
nixos/modules/hardware/nitrokey.nix
View file

@ -36,6 +36,6 @@ in
{ inherit (cfg) group; }
))
];
users.groups."${cfg.group}" = {};
users.groups.${cfg.group} = {};
};
}

133
nixos/modules/hardware/openrazer.nix Normal file
View file

@ -0,0 +1,133 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.hardware.openrazer;
kernelPackages = config.boot.kernelPackages;
toPyBoolStr = b: if b then "True" else "False";
daemonExe = "${pkgs.openrazer-daemon}/bin/openrazer-daemon --config ${daemonConfFile}";
daemonConfFile = pkgs.writeTextFile {
name = "razer.conf";
text = ''
[General]
verbose_logging = ${toPyBoolStr cfg.verboseLogging}
[Startup]
sync_effects_enabled = ${toPyBoolStr cfg.syncEffectsEnabled}
devices_off_on_screensaver = ${toPyBoolStr cfg.devicesOffOnScreensaver}
mouse_battery_notifier = ${toPyBoolStr cfg.mouseBatteryNotifier}
[Statistics]
key_statistics = ${toPyBoolStr cfg.keyStatistics}
'';
};
dbusServiceFile = pkgs.writeTextFile rec {
name = "org.razer.service";
destination = "/share/dbus-1/services/${name}";
text = ''
[D-BUS Service]
Name=org.razer
Exec=${daemonExe}
SystemdService=openrazer-daemon.service
'';
};
drivers = [
"razerkbd"
"razermouse"
"razerfirefly"
"razerkraken"
"razermug"
"razercore"
];
in
{
options = {
hardware.openrazer = {
enable = mkEnableOption "OpenRazer drivers and userspace daemon.";
verboseLogging = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable verbose logging. Logs debug messages.
'';
};
syncEffectsEnabled = mkOption {
type = types.bool;
default = true;
description = ''
Set the sync effects flag to true so any assignment of
effects will work across devices.
'';
};
devicesOffOnScreensaver = mkOption {
type = types.bool;
default = true;
description = ''
Turn off the devices when the systems screensaver kicks in.
'';
};
mouseBatteryNotifier = mkOption {
type = types.bool;
default = true;
description = ''
Mouse battery notifier.
'';
};
keyStatistics = mkOption {
type = types.bool;
default = false;
description = ''
Collects number of keypresses per hour per key used to
generate a heatmap.
'';
};
};
};
config = mkIf cfg.enable {
boot.extraModulePackages = [ kernelPackages.openrazer ];
boot.kernelModules = drivers;
# Makes the man pages available so you can succesfully run
# > systemctl --user help openrazer-daemon
environment.systemPackages = [ pkgs.python3Packages.openrazer-daemon.man ];
services.udev.packages = [ kernelPackages.openrazer ];
services.dbus.packages = [ dbusServiceFile ];
# A user must be a member of the plugdev group in order to start
# the openrazer-daemon. Therefore we make sure that the plugdev
# group exists.
users.groups.plugdev = {};
systemd.user.services.openrazer-daemon = {
description = "Daemon to manage razer devices in userspace";
unitConfig.Documentation = "man:openrazer-daemon(8)";
# Requires a graphical session so the daemon knows when the screensaver
# starts. See the 'devicesOffOnScreensaver' option.
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
Type = "dbus";
BusName = "org.razer";
ExecStart = "${daemonExe} --foreground";
Restart = "always";
};
};
};
meta = {
maintainers = with lib.maintainers; [ roelvandijk ];
};
}

135
nixos/modules/hardware/printers.nix Normal file
View file

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.printers;
ppdOptionsString = options: optionalString (options != {})
(concatStringsSep " "
(mapAttrsToList (name: value: "-o '${name}'='${value}'") options)
);
ensurePrinter = p: ''
${pkgs.cups}/bin/lpadmin -p '${p.name}' -E \
${optionalString (p.location != null) "-L '${p.location}'"} \
${optionalString (p.description != null) "-D '${p.description}'"} \
-v '${p.deviceUri}' \
-m '${p.model}' \
${ppdOptionsString p.ppdOptions}
'';
ensureDefaultPrinter = name: ''
${pkgs.cups}/bin/lpoptions -d '${name}'
'';
# "graph but not # or /" can't be implemented as regex alone due to missing lookahead support
noInvalidChars = str: all (c: c != "#" && c != "/") (stringToCharacters str);
printerName = (types.addCheck (types.strMatching "[[:graph:]]+") noInvalidChars)
// { description = "printable string without spaces, # and /"; };
in {
options = {
hardware.printers = {
ensureDefaultPrinter = mkOption {
type = types.nullOr printerName;
default = null;
description = ''
Ensures the named printer is the default CUPS printer / printer queue.
'';
};
ensurePrinters = mkOption {
description = ''
Will regularly ensure that the given CUPS printers are configured as declared here.
If a printer's options are manually changed afterwards, they will be overwritten eventually.
This option will never delete any printer, even if removed from this list.
You can check existing printers with <command>lpstat -s</command>
and remove printers with <command>lpadmin -x &lt;printer-name&gt;</command>.
Printers not listed here can still be manually configured.
'';
default = [];
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = printerName;
example = "BrotherHL_Workroom";
description = ''
Name of the printer / printer queue.
May contain any printable characters except "/", "#", and space.
'';
};
location = mkOption {
type = types.nullOr types.str;
default = null;
example = "Workroom";
description = ''
Optional human-readable location.
'';
};
description = mkOption {
type = types.nullOr types.str;
default = null;
example = "Brother HL-5140";
description = ''
Optional human-readable description.
'';
};
deviceUri = mkOption {
type = types.str;
example = [
"ipp://printserver.local/printers/BrotherHL_Workroom"
"usb://HP/DESKJET%20940C?serial=CN16E6C364BH"
];
description = ''
How to reach the printer.
<command>lpinfo -v</command> shows a list of supported device URIs and schemes.
'';
};
model = mkOption {
type = types.str;
example = literalExample ''
gutenprint.''${lib.version.majorMinor (lib.getVersion pkgs.cups)}://brother-hl-5140/expert
'';
description = ''
Location of the ppd driver file for the printer.
<command>lpinfo -m</command> shows a list of supported models.
'';
};
ppdOptions = mkOption {
type = types.attrsOf types.str;
example = {
PageSize = "A4";
Duplex = "DuplexNoTumble";
};
default = {};
description = ''
Sets PPD options for the printer.
<command>lpoptions [-p printername] -l</command> shows suported PPD options for the given printer.
'';
};
};
});
};
};
};
config = mkIf (cfg.ensurePrinters != [] && config.services.printing.enable) {
systemd.services.ensure-printers = let
cupsUnit = if config.services.printing.startWhenNeeded then "cups.socket" else "cups.service";
in {
description = "Ensure NixOS-configured CUPS printers";
wantedBy = [ "multi-user.target" ];
requires = [ cupsUnit ];
# in contrast to cups.socket, for cups.service, this is actually not enough,
# as the cups service reports its activation before clients can actually interact with it.
# Because of this, commands like `lpinfo -v` will report a bad file descriptor
# due to the missing UNIX socket without sufficient sleep time.
after = [ cupsUnit ];
serviceConfig = {
Type = "oneshot";
};
# sleep 10 is required to wait until cups.service is actually initialized and has created its UNIX socket file
script = (optionalString (!config.services.printing.startWhenNeeded) "sleep 10\n")
+ (concatMapStringsSep "\n" ensurePrinter cfg.ensurePrinters)
+ optionalString (cfg.ensureDefaultPrinter != null) (ensureDefaultPrinter cfg.ensureDefaultPrinter);
};
};
}

4
nixos/modules/hardware/raid/hpsa.nix
View file

@ -4,11 +4,11 @@ with lib;
let
hpssacli = pkgs.stdenv.mkDerivation rec {
name = "hpssacli-${version}";
pname = "hpssacli";
version = "2.40-13.0";
src = pkgs.fetchurl {
url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb";
url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${pname}-${version}_amd64.deb";
sha256 = "11w7fwk93lmfw0yya4jpjwdmgjimqxx6412sqa166g1pz4jil4sw";
};

2
nixos/modules/hardware/video/ati.nix
View file

@ -33,7 +33,7 @@ in
boot.blacklistedKernelModules = [ "radeon" ];
environment.etc."ati".source = "${ati_x11}/etc/ati";
environment.etc.ati.source = "${ati_x11}/etc/ati";
};

4
nixos/modules/hardware/video/nvidia.nix
View file

@ -88,7 +88,7 @@ in
};
hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
default = "";
example = "PCI:1:0:0";
description = ''
@ -98,7 +98,7 @@ in
};
hardware.nvidia.optimus_prime.intelBusId = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
default = "";
example = "PCI:0:2:0";
description = ''

3
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View file

@ -13,9 +13,6 @@ with lib;
enable = true;
enableQt4Support = false;
};
# Enable touchpad support for many laptops.
synaptics.enable = true;
};
environment.systemPackages = with pkgs; [

4
nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
View file

@ -59,4 +59,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

4
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
View file

@ -56,4 +56,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

4
nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix
View file

@ -45,4 +45,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

8
nixos/modules/installer/cd-dvd/sd-image.nix
View file

@ -54,7 +54,7 @@ in
};
firmwarePartitionID = mkOption {
type = types.string;
type = types.str;
default = "0x2178694e";
description = ''
Volume ID for the /boot/firmware partition on the SD card. This value
@ -63,7 +63,7 @@ in
};
rootPartitionUUID = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
description = ''
@ -194,9 +194,5 @@ in
rm -f /nix-path-registration
fi
'';
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
};
}

2
nixos/modules/installer/cd-dvd/system-tarball-pc.nix
View file

@ -129,7 +129,7 @@ in
];
nixpkgs.config = {
packageOverrides = p: rec {
packageOverrides = p: {
linux_3_4 = p.linux_3_4.override {
extraConfig = ''
# Enable drivers in kernel for most NICs.

2
nixos/modules/installer/netboot/netboot.nix
View file

@ -18,7 +18,7 @@ with lib;
};
config = rec {
config = {
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View file

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/hbhdjn5ik3byg642d1m11k3k3s0kn3py-nix-2.2.2";
i686-linux = "/nix/store/fz5cikwvj3n0a6zl44h6l2z3cin64mda-nix-2.2.2";
aarch64-linux = "/nix/store/2gba4cyl4wvxzfbhmli90jy4n5aj0kjj-nix-2.2.2";
x86_64-darwin = "/nix/store/87i4fp46jfw9yl8c7i9gx75m5yph7irl-nix-2.2.2";
x86_64-linux = "/nix/store/3ds3cgji9vjxdbgp10av6smyym1126d1-nix-2.3";
i686-linux = "/nix/store/ln1ndqvfpc9cdl03vqxi6kvlxm9wfv9g-nix-2.3";
aarch64-linux = "/nix/store/n8a1rwzrp20qcr2c4hvyn6c5q9zx8csw-nix-2.3";
x86_64-darwin = "/nix/store/jq6npmpld02sz4rgniz0qrsdfnm6j17a-nix-2.3";
}

2
nixos/modules/misc/version.nix
View file

@ -85,7 +85,7 @@ in
# Generate /etc/os-release. See
# https://www.freedesktop.org/software/systemd/man/os-release.html for the
# format.
environment.etc."os-release".text =
environment.etc.os-release.text =
''
NAME=NixOS
ID=nixos

20
nixos/modules/module-list.nix
View file

@ -58,7 +58,9 @@
./hardware/network/intel-2200bg.nix
./hardware/nitrokey.nix
./hardware/opengl.nix
./hardware/openrazer.nix
./hardware/pcmcia.nix
./hardware/printers.nix
./hardware/raid/hpsa.nix
./hardware/steam-hardware.nix
./hardware/usb-wwan.nix
@ -138,6 +140,7 @@
./programs/qt5ct.nix
./programs/screen.nix
./programs/sedutil.nix
./programs/seahorse.nix
./programs/slock.nix
./programs/shadow.nix
./programs/shell.nix
@ -148,16 +151,19 @@
./programs/sysdig.nix
./programs/systemtap.nix
./programs/sway.nix
./programs/system-config-printer.nix
./programs/thefuck.nix
./programs/tmux.nix
./programs/tsm-client.nix
./programs/udevil.nix
./programs/usbtop.nix
./programs/venus.nix
./programs/vim.nix
./programs/wavemon.nix
./programs/way-cooler.nix
./programs/waybar.nix
./programs/wireshark.nix
./programs/x2goserver.nix
./programs/xfs_quota.nix
./programs/xonsh.nix
./programs/xss-lock.nix
@ -214,8 +220,6 @@
./services/backup/bacula.nix
./services/backup/borgbackup.nix
./services/backup/duplicati.nix
./services/backup/crashplan.nix
./services/backup/crashplan-small-business.nix
./services/backup/duplicity.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
@ -280,6 +284,7 @@
./services/databases/virtuoso.nix
./services/desktops/accountsservice.nix
./services/desktops/bamf.nix
./services/desktops/blueman.nix
./services/desktops/deepin/deepin.nix
./services/desktops/dleyna-renderer.nix
./services/desktops/dleyna-server.nix
@ -301,11 +306,11 @@
./services/desktops/gnome3/gnome-settings-daemon.nix
./services/desktops/gnome3/gnome-user-share.nix
./services/desktops/gnome3/rygel.nix
./services/desktops/gnome3/seahorse.nix
./services/desktops/gnome3/sushi.nix
./services/desktops/gnome3/tracker.nix
./services/desktops/gnome3/tracker-miners.nix
./services/desktops/profile-sync-daemon.nix
./services/desktops/system-config-printer.nix
./services/desktops/telepathy.nix
./services/desktops/tumbler.nix
./services/desktops/zeitgeist.nix
@ -562,7 +567,6 @@
./services/networking/bird.nix
./services/networking/bitlbee.nix
./services/networking/charybdis.nix
./services/networking/chrony.nix
./services/networking/cjdns.nix
./services/networking/cntlm.nix
./services/networking/connman.nix
@ -645,14 +649,15 @@
./services/networking/nntp-proxy.nix
./services/networking/nsd.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
./services/networking/ntp/chrony.nix
./services/networking/ntp/ntpd.nix
./services/networking/ntp/openntpd.nix
./services/networking/nullidentdmod.nix
./services/networking/nylon.nix
./services/networking/ocserv.nix
./services/networking/ofono.nix
./services/networking/oidentd.nix
./services/networking/openfire.nix
./services/networking/openntpd.nix
./services/networking/openvpn.nix
./services/networking/ostinato.nix
./services/networking/owamp.nix
@ -698,6 +703,7 @@
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/syncthing-relay.nix
./services/networking/syncplay.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tedicross.nix
@ -847,6 +853,7 @@
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
./services/x11/hardware/cmt.nix
./services/x11/gdk-pixbuf.nix
./services/x11/redshift.nix
./services/x11/urxvtd.nix
@ -944,6 +951,7 @@
./virtualisation/openvswitch.nix
./virtualisation/parallels-guest.nix
./virtualisation/qemu-guest-agent.nix
./virtualisation/railcar.nix
./virtualisation/rkt.nix
./virtualisation/virtualbox-guest.nix
./virtualisation/virtualbox-host.nix

2
nixos/modules/programs/atop.nix
View file

@ -30,7 +30,7 @@ in
};
config = mkIf (cfg.settings != {}) {
environment.etc."atoprc".text =
environment.etc.atoprc.text =
concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
};
}

6
nixos/modules/programs/bash/bash.nix
View file

@ -159,7 +159,7 @@ in
};
environment.etc."profile".text =
environment.etc.profile.text =
''
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
# This file is read for login shells.
@ -184,7 +184,7 @@ in
fi
'';
environment.etc."bashrc".text =
environment.etc.bashrc.text =
''
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
@ -212,7 +212,7 @@ in
# Configuration for readline in bash. We use "option default"
# priority to allow user override using both .text and .source.
environment.etc."inputrc".source = mkOptionDefault ./inputrc;
environment.etc.inputrc.source = mkOptionDefault ./inputrc;
users.defaultUserShell = mkDefault pkgs.bashInteractive;

2
nixos/modules/programs/firejail.nix
View file

@ -5,7 +5,7 @@ with lib;
let
cfg = config.programs.firejail;
wrappedBins = pkgs.stdenv.mkDerivation rec {
wrappedBins = pkgs.stdenv.mkDerivation {
name = "firejail-wrapped-binaries";
nativeBuildInputs = with pkgs; [ makeWrapper ];
buildCommand = ''

12
nixos/modules/programs/less.nix
View file

@ -54,8 +54,8 @@ in
type = types.attrsOf types.str;
default = {};
example = {
"h" = "noaction 5\e(";
"l" = "noaction 5\e)";
h = "noaction 5\e(";
l = "noaction 5\e)";
};
description = "Defines new command keys.";
};
@ -74,7 +74,7 @@ in
type = types.attrsOf types.str;
default = {};
example = {
"\e" = "abort";
e = "abort";
};
description = "Defines new line-editing keys.";
};
@ -111,11 +111,11 @@ in
environment.systemPackages = [ pkgs.less ];
environment.variables = {
"LESSKEY_SYSTEM" = toString lessKey;
LESSKEY_SYSTEM = toString lessKey;
} // optionalAttrs (cfg.lessopen != null) {
"LESSOPEN" = cfg.lessopen;
LESSOPEN = cfg.lessopen;
} // optionalAttrs (cfg.lessclose != null) {
"LESSCLOSE" = cfg.lessclose;
LESSCLOSE = cfg.lessclose;
};
warnings = optional (

14
nixos/modules/programs/mtr.nix
View file

@ -4,6 +4,7 @@ with lib;
let
cfg = config.programs.mtr;
in {
options = {
programs.mtr = {
@ -15,13 +16,22 @@ in {
setcap wrapper for it.
'';
};
package = mkOption {
type = types.package;
default = pkgs.mtr;
description = ''
The package to use.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ mtr ];
environment.systemPackages = with pkgs; [ cfg.package ];
security.wrappers.mtr-packet = {
source = "${pkgs.mtr}/bin/mtr-packet";
source = "${cfg.package}/bin/mtr-packet";
capabilities = "cap_net_raw+p";
};
};

2
nixos/modules/programs/nano.nix
View file

@ -35,7 +35,7 @@ in
###### implementation
config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) {
environment.etc."nanorc".text = lib.concatStrings [ cfg.nanorc
environment.etc.nanorc.text = lib.concatStrings [ cfg.nanorc
(lib.optionalString cfg.syntaxHighlight ''${LF}include "${pkgs.nano}/share/nano/*.nanorc"'') ];
};

2
nixos/modules/programs/npm.nix
View file

@ -36,7 +36,7 @@ in
###### implementation
config = lib.mkIf cfg.enable {
environment.etc."npmrc".text = cfg.npmrc;
environment.etc.npmrc.text = cfg.npmrc;
environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc";

2
nixos/modules/programs/plotinus.nix
View file

@ -18,7 +18,7 @@ in
enable = mkOption {
default = false;
description = ''
Whether to enable the Plotinus GTK+3 plugin. Plotinus provides a
Whether to enable the Plotinus GTK 3 plugin. Plotinus provides a
popup (triggered by Ctrl-Shift-P) to search the menus of a
compatible application.
'';

4
nixos/modules/programs/plotinus.xml
View file

@ -13,10 +13,10 @@
<link xlink:href="https://github.com/p-e-w/plotinus"/>
</para>
<para>
Plotinus is a searchable command palette in every modern GTK+ application.
Plotinus is a searchable command palette in every modern GTK application.
</para>
<para>
When in a GTK+3 application and Plotinus is enabled, you can press
When in a GTK 3 application and Plotinus is enabled, you can press
<literal>Ctrl+Shift+P</literal> to open the command palette. The command
palette provides a searchable list of of all menu items in the application.
</para>

2
nixos/modules/programs/screen.nix
View file

@ -24,7 +24,7 @@ in
###### implementation
config = mkIf (cfg.screenrc != "") {
environment.etc."screenrc".text = cfg.screenrc;
environment.etc.screenrc.text = cfg.screenrc;
environment.systemPackages = [ pkgs.screen ];
};

44
nixos/modules/programs/seahorse.nix Normal file
View file

@ -0,0 +1,44 @@
# Seahorse.
{ config, pkgs, lib, ... }:
with lib;
{
# Added 2019-08-27
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "seahorse" "enable" ]
[ "programs" "seahorse" "enable" ])
];
###### interface
options = {
programs.seahorse = {
enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring";
};
};
###### implementation
config = mkIf config.programs.seahorse.enable {
environment.systemPackages = [
pkgs.gnome3.seahorse
];
services.dbus.packages = [
pkgs.gnome3.seahorse
];
};
}

32
nixos/modules/programs/system-config-printer.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, pkgs, lib, ... }:
with lib;
{
###### interface
options = {
programs.system-config-printer = {
enable = mkEnableOption "system-config-printer, a Graphical user interface for CUPS administration";
};
};
###### implementation
config = mkIf config.programs.system-config-printer.enable {
environment.systemPackages = [
pkgs.system-config-printer
];
services.system-config-printer.enable = true;
};
}

2
nixos/modules/programs/thefuck.nix
View file

@ -17,7 +17,7 @@ in
alias = mkOption {
default = "fuck";
type = types.string;
type = types.str;
description = ''
`thefuck` needs an alias to be configured.

21
nixos/modules/programs/usbtop.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.usbtop;
in {
options = {
programs.usbtop.enable = mkEnableOption "usbtop and required kernel module";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
usbtop
];
boot.kernelModules = [
"usbmon"
];
};
}

148
nixos/modules/programs/x2goserver.nix Normal file
View file

@ -0,0 +1,148 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.x2goserver;
defaults = {
superenicer = { enable = cfg.superenicer.enable; };
};
confText = generators.toINI {} (recursiveUpdate defaults cfg.settings);
x2goServerConf = pkgs.writeText "x2goserver.conf" confText;
x2goAgentOptions = pkgs.writeText "x2goagent.options" ''
X2GO_NXOPTIONS=""
X2GO_NXAGENT_DEFAULT_OPTIONS="${concatStringsSep " " cfg.nxagentDefaultOptions}"
'';
in {
options.programs.x2goserver = {
enable = mkEnableOption "x2goserver" // {
description = ''
Enables the x2goserver module.
NOTE: This will create a good amount of symlinks in `/usr/local/bin`
'';
};
superenicer = {
enable = mkEnableOption "superenicer" // {
description = ''
Enables the SupeReNicer code in x2gocleansessions, this will renice
suspended sessions to nice level 19 and renice them to level 0 if the
session becomes marked as running again
'';
};
};
nxagentDefaultOptions = mkOption {
type = types.listOf types.str;
default = [ "-extension GLX" "-nolisten tcp" ];
example = [ "-extension GLX" "-nolisten tcp" ];
description = ''
List of default nx agent options.
'';
};
settings = mkOption {
type = types.attrsOf types.attrs;
default = {};
description = ''
x2goserver.conf ini configuration as nix attributes. See
`x2goserver.conf(5)` for details
'';
example = literalExample ''
superenicer = {
"enable" = "yes";
"idle-nice-level" = 19;
};
telekinesis = { "enable" = "no"; };
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.x2goserver ];
users.groups.x2go = {};
users.users.x2go = {
home = "/var/lib/x2go/db";
group = "x2go";
};
security.wrappers.x2gosqliteWrapper = {
source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";
owner = "x2go";
group = "x2go";
setgid = true;
};
security.wrappers.x2goprintWrapper = {
source = "${pkgs.x2goserver}/bin/x2goprint";
owner = "x2go";
group = "x2go";
setgid = true;
};
systemd.tmpfiles.rules = with pkgs; [
"d /var/lib/x2go/ - x2go x2go - -"
"d /var/lib/x2go/db - x2go x2go - -"
"d /var/lib/x2go/conf - x2go x2go - -"
"d /run/x2go 0755 x2go x2go - -"
] ++
# x2goclient sends SSH commands with preset PATH set to
# "/usr/local/bin;/usr/bin;/bin". Since we cannot filter arbitrary ssh
# commands, we have to make the following executables available.
map (f: "L+ /usr/local/bin/${f} - - - - ${x2goserver}/bin/${f}") [
"x2goagent" "x2gobasepath" "x2gocleansessions" "x2gocmdexitmessage"
"x2godbadmin" "x2gofeature" "x2gofeaturelist" "x2gofm" "x2gogetapps"
"x2gogetservers" "x2golistdesktops" "x2golistmounts" "x2golistsessions"
"x2golistsessions_root" "x2golistshadowsessions" "x2gomountdirs"
"x2gopath" "x2goprint" "x2goresume-desktopsharing" "x2goresume-session"
"x2goruncommand" "x2goserver-run-extensions" "x2gosessionlimit"
"x2gosetkeyboard" "x2goshowblocks" "x2gostartagent"
"x2gosuspend-desktopsharing" "x2gosuspend-session"
"x2goterminate-desktopsharing" "x2goterminate-session"
"x2goumount-session" "x2goversion"
] ++ [
"L+ /usr/local/bin/awk - - - - ${gawk}/bin/awk"
"L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
"L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
"L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
"L+ /usr/local/bin/setsid - - - - ${utillinux}/bin/setsid"
"L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
"L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
];
systemd.services.x2goserver = {
description = "X2Go Server Daemon";
wantedBy = [ "multi-user.target" ];
unitConfig.Documentation = "man:x2goserver.conf(5)";
serviceConfig = {
Type = "forking";
ExecStart = "${pkgs.x2goserver}/bin/x2gocleansessions";
PIDFile = "/run/x2go/x2goserver.pid";
User = "x2go";
Group = "x2go";
RuntimeDirectory = "x2go";
StateDirectory = "x2go";
};
preStart = ''
if [ ! -e /var/lib/x2go/setup_ran ]
then
mkdir -p /var/lib/x2go/conf
cp -r ${pkgs.x2goserver}/etc/x2go/* /var/lib/x2go/conf/
ln -sf ${x2goServerConf} /var/lib/x2go/conf/x2goserver.conf
ln -sf ${x2goAgentOptions} /var/lib/x2go/conf/x2goagent.options
${pkgs.x2goserver}/bin/x2godbadmin --createdb
touch /var/lib/x2go/setup_ran
fi
'';
};
# https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=276
security.sudo.extraConfig = ''
Defaults env_keep+=QT_GRAPHICSSYSTEM
'';
};
}

2
nixos/modules/programs/xfs_quota.nix
View file

@ -61,7 +61,7 @@ in
description = "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.";
example = {
"projname" = {
projname = {
id = 50;
path = "/xfsprojects/projname";
sizeHardLimit = "50g";

2
nixos/modules/programs/xonsh.nix
View file

@ -45,7 +45,7 @@ in
config = mkIf cfg.enable {
environment.etc."xonshrc".text = cfg.config;
environment.etc.xonshrc.text = cfg.config;
environment.systemPackages = [ cfg.package ];

2
nixos/modules/programs/xss-lock.nix
View file

@ -12,7 +12,7 @@ in
lockerCommand = mkOption {
default = "${pkgs.i3lock}/bin/i3lock";
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
type = types.string;
type = types.separatedString " ";
description = "Locker to be used with xsslock";
};

8
nixos/modules/programs/yabar.nix
View file

@ -76,7 +76,7 @@ in
font = mkOption {
default = "sans bold 9";
example = "Droid Sans, FontAwesome Bold 9";
type = types.string;
type = types.str;
description = ''
The font that will be used to draw the status bar.
@ -95,7 +95,7 @@ in
extra = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
description = ''
An attribute set which contains further attributes of a bar.
@ -107,7 +107,7 @@ in
type = types.attrsOf(types.submodule {
options.exec = mkOption {
example = "YABAR_DATE";
type = types.string;
type = types.str;
description = ''
The type of the indicator to be executed.
'';
@ -125,7 +125,7 @@ in
options.extra = mkOption {
default = {};
type = types.attrsOf (types.either types.string types.int);
type = types.attrsOf (types.either types.str types.int);
description = ''
An attribute set which contains further attributes of a indicator.

4
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
View file

@ -33,7 +33,7 @@ in
patterns = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
example = literalExample ''
{
@ -50,7 +50,7 @@ in
};
styles = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
example = literalExample ''
{

8
nixos/modules/programs/zsh/zsh.nix
View file

@ -133,7 +133,7 @@ in
programs.zsh.shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases;
environment.etc."zshenv".text =
environment.etc.zshenv.text =
''
# /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
# This file is read for all shells.
@ -157,7 +157,7 @@ in
fi
'';
environment.etc."zprofile".text =
environment.etc.zprofile.text =
''
# /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
# This file is read for login shells.
@ -176,7 +176,7 @@ in
fi
'';
environment.etc."zshrc".text =
environment.etc.zshrc.text =
''
# /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
# This file is read for interactive shells.
@ -225,7 +225,7 @@ in
fi
'';
environment.etc."zinputrc".source = ./zinputrc;
environment.etc.zinputrc.source = ./zinputrc;
environment.systemPackages = [ pkgs.zsh ]
++ optional cfg.enableCompletion pkgs.nix-zsh-completions;

13
nixos/modules/rename.nix
View file

@ -34,6 +34,7 @@ with lib;
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "caFile" ] [ "services" "kubernetes" "apiserver" "etcd" "caFile" ])
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "applyManifests" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "")
(mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"])
(mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
@ -51,10 +52,11 @@ with lib;
(mkRemovedOptionModule [ "services" "misc" "nzbget" "openFirewall" ] "The port used by nzbget is managed through the web interface so you should adjust your firewall rules accordingly.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
(mkRemovedOptionModule [ "services" "prometheus2" "alertmanagerURL" ] ''
(mkRemovedOptionModule [ "services" "prometheus" "alertmanagerURL" ] ''
Due to incompatibility, the alertmanagerURL option has been removed,
please use 'services.prometheus2.alertmanagers' instead.
'')
(mkRenamedOptionModule [ "services" "prometheus2" ] [ "services" "prometheus" ])
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
@ -256,7 +258,7 @@ with lib;
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
# ACME
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
@ -285,6 +287,13 @@ with lib;
throw "services.redshift.longitude is set to null, you can remove this"
else builtins.fromJSON value))
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]

5
nixos/modules/security/acme.nix
View file

@ -213,7 +213,7 @@ in
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
ExecStopPost =
ExecStopPost =
let
script = pkgs.writeScript "acme-post-stop" ''
#!${pkgs.runtimeShell} -e
@ -298,6 +298,9 @@ in
};
})
);
systemd.targets.acme-selfsigned-certificates = mkIf cfg.preliminarySelfsigned {};
systemd.targets.acme-certificates = {};
})
];

4
nixos/modules/security/auditd.nix
View file

@ -6,6 +6,10 @@ with lib;
options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
config = mkIf config.security.auditd.enable {
boot.kernelParams = [ "audit=1" ];
environment.systemPackages = [ pkgs.audit ];
systemd.services.auditd = {
description = "Linux Audit daemon";
wantedBy = [ "basic.target" ];

2
nixos/modules/security/chromium-suid-sandbox.nix
View file

@ -24,6 +24,6 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ sandbox ];
security.wrappers."${sandbox.passthru.sandboxExecutableName}".source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
security.wrappers.${sandbox.passthru.sandboxExecutableName}.source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
};
}

Some files were not shown because too many files have changed in this diff Show more