From 2fa416732c3a3c9cadc9d6833abc9a11d87f8f12 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 12:52:56 +0200 Subject: [PATCH 01/33] nixos/config/nix: Move legacyConfMappings --- nixos/modules/config/nix.nix | 42 ++++++++++++++++++++++ nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/nix-daemon.nix | 17 +-------- 3 files changed, 44 insertions(+), 16 deletions(-) create mode 100644 nixos/modules/config/nix.nix diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix new file mode 100644 index 000000000000..78cab3c7f8ce --- /dev/null +++ b/nixos/modules/config/nix.nix @@ -0,0 +1,42 @@ +/* + Manages /etc/nix.conf, build machines and any nix-specific global config files. + */ +{ config, lib, pkgs, ... }: + +let + + cfg = config.nix; + + inherit (lib) + mapAttrsToList + mkRenamedOptionModuleWith + ; + + legacyConfMappings = { + useSandbox = "sandbox"; + buildCores = "cores"; + maxJobs = "max-jobs"; + sandboxPaths = "extra-sandbox-paths"; + binaryCaches = "substituters"; + trustedBinaryCaches = "trusted-substituters"; + binaryCachePublicKeys = "trusted-public-keys"; + autoOptimiseStore = "auto-optimise-store"; + requireSignedBinaryCaches = "require-sigs"; + trustedUsers = "trusted-users"; + allowedUsers = "allowed-users"; + systemFeatures = "system-features"; + }; + +in +{ + imports = + mapAttrsToList + (oldConf: newConf: + mkRenamedOptionModuleWith { + sinceRelease = 2205; + from = [ "nix" oldConf ]; + to = [ "nix" "settings" newConf ]; + }) + legacyConfMappings; + +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bd715535dd6a..b6e500442c6e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -16,6 +16,7 @@ ./config/malloc.nix ./config/mysql.nix ./config/networking.nix + ./config/nix.nix ./config/no-x-libs.nix ./config/nsswitch.nix ./config/power-management.nix diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 44cf71ad401a..95ee75922dab 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -77,21 +77,6 @@ let ''); }; - legacyConfMappings = { - useSandbox = "sandbox"; - buildCores = "cores"; - maxJobs = "max-jobs"; - sandboxPaths = "extra-sandbox-paths"; - binaryCaches = "substituters"; - trustedBinaryCaches = "trusted-substituters"; - binaryCachePublicKeys = "trusted-public-keys"; - autoOptimiseStore = "auto-optimise-store"; - requireSignedBinaryCaches = "require-sigs"; - trustedUsers = "trusted-users"; - allowedUsers = "allowed-users"; - systemFeatures = "system-features"; - }; - semanticConfType = with types; let confAtom = nullOr @@ -117,7 +102,7 @@ in (mkRenamedOptionModuleWith { sinceRelease = 2205; from = [ "nix" "daemonIONiceLevel" ]; to = [ "nix" "daemonIOSchedPriority" ]; }) (mkRenamedOptionModuleWith { sinceRelease = 2211; from = [ "nix" "readOnlyStore" ]; to = [ "boot" "readOnlyNixStore" ]; }) (mkRemovedOptionModule [ "nix" "daemonNiceLevel" ] "Consider nix.daemonCPUSchedPolicy instead.") - ] ++ mapAttrsToList (oldConf: newConf: mkRenamedOptionModuleWith { sinceRelease = 2205; from = [ "nix" oldConf ]; to = [ "nix" "settings" newConf ]; }) legacyConfMappings; + ]; ###### interface From 6649d1e3696e7148f3575de0c015630567224a4e Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 13:03:32 +0200 Subject: [PATCH 02/33] nixos/config/nix: Move nixConf --- nixos/modules/config/nix.nix | 78 ++++++++++++++++++++-- nixos/modules/services/misc/nix-daemon.nix | 52 +-------------- 2 files changed, 75 insertions(+), 55 deletions(-) diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index 78cab3c7f8ce..c740f8ccc32f 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -4,13 +4,32 @@ { config, lib, pkgs, ... }: let + inherit (lib) + concatStringsSep + boolToString + escape + floatToString + getVersion + isBool + isDerivation + isFloat + isInt + isList + isString + mapAttrsToList + mkIf + mkRenamedOptionModuleWith + optionalString + strings + toPretty + versionAtLeast + ; cfg = config.nix; - inherit (lib) - mapAttrsToList - mkRenamedOptionModuleWith - ; + nixPackage = cfg.package.out; + + isNixAtLeast = versionAtLeast (getVersion nixPackage); legacyConfMappings = { useSandbox = "sandbox"; @@ -27,6 +46,54 @@ let systemFeatures = "system-features"; }; + nixConf = + assert isNixAtLeast "2.2"; + let + + mkValueString = v: + if v == null then "" + else if isInt v then toString v + else if isBool v then boolToString v + else if isFloat v then floatToString v + else if isList v then toString v + else if isDerivation v then toString v + else if builtins.isPath v then toString v + else if isString v then v + else if strings.isConvertibleWithToString v then toString v + else abort "The nix conf value: ${toPretty {} v} can not be encoded"; + + mkKeyValue = k: v: "${escape [ "=" ] k} = ${mkValueString v}"; + + mkKeyValuePairs = attrs: concatStringsSep "\n" (mapAttrsToList mkKeyValue attrs); + + in + pkgs.writeTextFile { + name = "nix.conf"; + text = '' + # WARNING: this file is generated from the nix.* options in + # your NixOS configuration, typically + # /etc/nixos/configuration.nix. Do not edit it! + ${mkKeyValuePairs cfg.settings} + ${cfg.extraOptions} + ''; + checkPhase = lib.optionalString cfg.checkConfig ( + if pkgs.stdenv.hostPlatform != pkgs.stdenv.buildPlatform then '' + echo "Ignoring validation for cross-compilation" + '' + else '' + echo "Validating generated nix.conf" + ln -s $out ./nix.conf + set -e + set +o pipefail + NIX_CONF_DIR=$PWD \ + ${cfg.package}/bin/nix show-config ${optionalString (isNixAtLeast "2.3pre") "--no-net"} \ + ${optionalString (isNixAtLeast "2.4pre") "--option experimental-features nix-command"} \ + |& sed -e 's/^warning:/error:/' \ + | (! grep '${if cfg.checkAllErrors then "^error:" else "^error: unknown setting"}') + set -o pipefail + ''); + }; + in { imports = @@ -39,4 +106,7 @@ in }) legacyConfMappings; + config = mkIf cfg.enable { + environment.etc."nix/nix.conf".source = nixConf; + }; } diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 95ee75922dab..b4b909a48d56 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -29,54 +29,6 @@ let nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers)); - nixConf = - assert isNixAtLeast "2.2"; - let - - mkValueString = v: - if v == null then "" - else if isInt v then toString v - else if isBool v then boolToString v - else if isFloat v then floatToString v - else if isList v then toString v - else if isDerivation v then toString v - else if builtins.isPath v then toString v - else if isString v then v - else if strings.isConvertibleWithToString v then toString v - else abort "The nix conf value: ${toPretty {} v} can not be encoded"; - - mkKeyValue = k: v: "${escape [ "=" ] k} = ${mkValueString v}"; - - mkKeyValuePairs = attrs: concatStringsSep "\n" (mapAttrsToList mkKeyValue attrs); - - in - pkgs.writeTextFile { - name = "nix.conf"; - text = '' - # WARNING: this file is generated from the nix.* options in - # your NixOS configuration, typically - # /etc/nixos/configuration.nix. Do not edit it! - ${mkKeyValuePairs cfg.settings} - ${cfg.extraOptions} - ''; - checkPhase = lib.optionalString cfg.checkConfig ( - if pkgs.stdenv.hostPlatform != pkgs.stdenv.buildPlatform then '' - echo "Ignoring validation for cross-compilation" - '' - else '' - echo "Validating generated nix.conf" - ln -s $out ./nix.conf - set -e - set +o pipefail - NIX_CONF_DIR=$PWD \ - ${cfg.package}/bin/nix show-config ${optionalString (isNixAtLeast "2.3pre") "--no-net"} \ - ${optionalString (isNixAtLeast "2.4pre") "--option experimental-features nix-command"} \ - |& sed -e 's/^warning:/error:/' \ - | (! grep '${if cfg.checkAllErrors then "^error:" else "^error: unknown setting"}') - set -o pipefail - ''); - }; - semanticConfType = with types; let confAtom = nullOr @@ -659,8 +611,6 @@ in ] ++ optional (config.programs.bash.enableCompletion) pkgs.nix-bash-completions; - environment.etc."nix/nix.conf".source = nixConf; - environment.etc."nix/registry.json".text = builtins.toJSON { version = 2; flakes = mapAttrsToList (n: v: { inherit (v) from to exact; }) cfg.registry; @@ -737,7 +687,7 @@ in LimitNOFILE = 1048576; }; - restartTriggers = [ nixConf ]; + restartTriggers = [ config.environment.etc."nix/nix.conf".source ]; # `stopIfChanged = false` changes to switch behavior # from stop -> update units -> start From d73da5b868387eea41203a3daba7d9f6ab880b1b Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 13:11:34 +0200 Subject: [PATCH 03/33] nixos/config/nix: Move nix.settings --- nixos/modules/config/nix.nix | 237 ++++++++++++++++++++- nixos/modules/services/misc/nix-daemon.nix | 225 ------------------- 2 files changed, 236 insertions(+), 226 deletions(-) diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index c740f8ccc32f..af2d8678b6ce 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -16,12 +16,19 @@ let isInt isList isString + literalExpression mapAttrsToList + mkAfter + mkDefault mkIf + mkOption mkRenamedOptionModuleWith optionalString + optionals strings + systems toPretty + types versionAtLeast ; @@ -46,6 +53,22 @@ let systemFeatures = "system-features"; }; + semanticConfType = with types; + let + confAtom = nullOr + (oneOf [ + bool + int + float + str + path + package + ]) // { + description = "Nix config atom (null, bool, int, float, str, path or package)"; + }; + in + attrsOf (either confAtom (listOf confAtom)); + nixConf = assert isNixAtLeast "2.2"; let @@ -96,7 +119,10 @@ let in { - imports = + imports = [ + (mkRenamedOptionModuleWith { sinceRelease = 2003; from = [ "nix" "useChroot" ]; to = [ "nix" "useSandbox" ]; }) + (mkRenamedOptionModuleWith { sinceRelease = 2003; from = [ "nix" "chrootDirs" ]; to = [ "nix" "sandboxPaths" ]; }) + ] ++ mapAttrsToList (oldConf: newConf: mkRenamedOptionModuleWith { @@ -106,7 +132,216 @@ in }) legacyConfMappings; + options = { + nix = { + settings = mkOption { + type = types.submodule { + freeformType = semanticConfType; + + options = { + max-jobs = mkOption { + type = types.either types.int (types.enum [ "auto" ]); + default = "auto"; + example = 64; + description = lib.mdDoc '' + This option defines the maximum number of jobs that Nix will try to + build in parallel. The default is auto, which means it will use all + available logical cores. It is recommend to set it to the total + number of logical cores in your system (e.g., 16 for two CPUs with 4 + cores each and hyper-threading). + ''; + }; + + auto-optimise-store = mkOption { + type = types.bool; + default = false; + example = true; + description = lib.mdDoc '' + If set to true, Nix automatically detects files in the store that have + identical contents, and replaces them with hard links to a single copy. + This saves disk space. If set to false (the default), you can still run + nix-store --optimise to get rid of duplicate files. + ''; + }; + + cores = mkOption { + type = types.int; + default = 0; + example = 64; + description = lib.mdDoc '' + This option defines the maximum number of concurrent tasks during + one build. It affects, e.g., -j option for make. + The special value 0 means that the builder should use all + available CPU cores in the system. Some builds may become + non-deterministic with this option; use with care! Packages will + only be affected if enableParallelBuilding is set for them. + ''; + }; + + sandbox = mkOption { + type = types.either types.bool (types.enum [ "relaxed" ]); + default = true; + description = lib.mdDoc '' + If set, Nix will perform builds in a sandboxed environment that it + will set up automatically for each build. This prevents impurities + in builds by disallowing access to dependencies outside of the Nix + store by using network and mount namespaces in a chroot environment. + + This is enabled by default even though it has a possible performance + impact due to the initial setup time of a sandbox for each build. It + doesn't affect derivation hashes, so changing this option will not + trigger a rebuild of packages. + + When set to "relaxed", this option permits derivations that set + `__noChroot = true;` to run outside of the sandboxed environment. + Exercise caution when using this mode of operation! It is intended to + be a quick hack when building with packages that are not easily setup + to be built reproducibly. + ''; + }; + + extra-sandbox-paths = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "/dev" "/proc" ]; + description = lib.mdDoc '' + Directories from the host filesystem to be included + in the sandbox. + ''; + }; + + substituters = mkOption { + type = types.listOf types.str; + description = lib.mdDoc '' + List of binary cache URLs used to obtain pre-built binaries + of Nix packages. + + By default https://cache.nixos.org/ is added. + ''; + }; + + trusted-substituters = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "https://hydra.nixos.org/" ]; + description = lib.mdDoc '' + List of binary cache URLs that non-root users can use (in + addition to those specified using + {option}`nix.settings.substituters`) by passing + `--option binary-caches` to Nix commands. + ''; + }; + + require-sigs = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + If enabled (the default), Nix will only download binaries from binary caches if + they are cryptographically signed with any of the keys listed in + {option}`nix.settings.trusted-public-keys`. If disabled, signatures are neither + required nor checked, so it's strongly recommended that you use only + trustworthy caches and https to prevent man-in-the-middle attacks. + ''; + }; + + trusted-public-keys = mkOption { + type = types.listOf types.str; + example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; + description = lib.mdDoc '' + List of public keys used to sign binary caches. If + {option}`nix.settings.trusted-public-keys` is enabled, + then Nix will use a binary from a binary cache if and only + if it is signed by *any* of the keys + listed here. By default, only the key for + `cache.nixos.org` is included. + ''; + }; + + trusted-users = mkOption { + type = types.listOf types.str; + default = [ "root" ]; + example = [ "root" "alice" "@wheel" ]; + description = lib.mdDoc '' + A list of names of users that have additional rights when + connecting to the Nix daemon, such as the ability to specify + additional binary caches, or to import unsigned NARs. You + can also specify groups by prefixing them with + `@`; for instance, + `@wheel` means all users in the wheel + group. + ''; + }; + + system-features = mkOption { + type = types.listOf types.str; + example = [ "kvm" "big-parallel" "gccarch-skylake" ]; + description = lib.mdDoc '' + The set of features supported by the machine. Derivations + can express dependencies on system features through the + `requiredSystemFeatures` attribute. + + By default, pseudo-features `nixos-test`, `benchmark`, + and `big-parallel` used in Nixpkgs are set, `kvm` + is also included if it is available. + ''; + }; + + allowed-users = mkOption { + type = types.listOf types.str; + default = [ "*" ]; + example = [ "@wheel" "@builders" "alice" "bob" ]; + description = lib.mdDoc '' + A list of names of users (separated by whitespace) that are + allowed to connect to the Nix daemon. As with + {option}`nix.settings.trusted-users`, you can specify groups by + prefixing them with `@`. Also, you can + allow all users by specifying `*`. The + default is `*`. Note that trusted users are + always allowed to connect. + ''; + }; + }; + }; + default = { }; + example = literalExpression '' + { + use-sandbox = true; + show-trace = true; + + system-features = [ "big-parallel" "kvm" "recursive-nix" ]; + sandbox-paths = { "/bin/sh" = "''${pkgs.busybox-sandbox-shell.out}/bin/busybox"; }; + } + ''; + description = lib.mdDoc '' + Configuration for Nix, see + or + {manpage}`nix.conf(5)` for available options. + The value declared here will be translated directly to the key-value pairs Nix expects. + + You can use {command}`nix-instantiate --eval --strict '' -A config.nix.settings` + to view the current value. By default it is empty. + + Nix configurations defined under {option}`nix.*` will be translated and applied to this + option. In addition, configuration specified in {option}`nix.extraOptions` will be appended + verbatim to the resulting config file. + ''; + }; + }; + }; + config = mkIf cfg.enable { environment.etc."nix/nix.conf".source = nixConf; + nix.settings = { + trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; + substituters = mkAfter [ "https://cache.nixos.org/" ]; + system-features = mkDefault ( + [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ + optionals (pkgs.stdenv.hostPlatform ? gcc.arch) ( + # a builder can run code for `gcc.arch` and inferior architectures + [ "gccarch-${pkgs.stdenv.hostPlatform.gcc.arch}" ] ++ + map (x: "gccarch-${x}") (systems.architectures.inferiors.${pkgs.stdenv.hostPlatform.gcc.arch} or []) + ) + ); + }; }; } diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index b4b909a48d56..c6adfec04fda 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -29,28 +29,10 @@ let nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers)); - semanticConfType = with types; - let - confAtom = nullOr - (oneOf [ - bool - int - float - str - path - package - ]) // { - description = "Nix config atom (null, bool, int, float, str, path or package)"; - }; - in - attrsOf (either confAtom (listOf confAtom)); - in { imports = [ - (mkRenamedOptionModuleWith { sinceRelease = 2003; from = [ "nix" "useChroot" ]; to = [ "nix" "useSandbox" ]; }) - (mkRenamedOptionModuleWith { sinceRelease = 2003; from = [ "nix" "chrootDirs" ]; to = [ "nix" "sandboxPaths" ]; }) (mkRenamedOptionModuleWith { sinceRelease = 2205; from = [ "nix" "daemonIONiceLevel" ]; to = [ "nix" "daemonIOSchedPriority" ]; }) (mkRenamedOptionModuleWith { sinceRelease = 2211; from = [ "nix" "readOnlyStore" ]; to = [ "boot" "readOnlyNixStore" ]; }) (mkRemovedOptionModule [ "nix" "daemonNiceLevel" ] "Consider nix.daemonCPUSchedPolicy instead.") @@ -404,199 +386,6 @@ in ''; description = lib.mdDoc "Additional text appended to {file}`nix.conf`."; }; - - settings = mkOption { - type = types.submodule { - freeformType = semanticConfType; - - options = { - max-jobs = mkOption { - type = types.either types.int (types.enum [ "auto" ]); - default = "auto"; - example = 64; - description = lib.mdDoc '' - This option defines the maximum number of jobs that Nix will try to - build in parallel. The default is auto, which means it will use all - available logical cores. It is recommend to set it to the total - number of logical cores in your system (e.g., 16 for two CPUs with 4 - cores each and hyper-threading). - ''; - }; - - auto-optimise-store = mkOption { - type = types.bool; - default = false; - example = true; - description = lib.mdDoc '' - If set to true, Nix automatically detects files in the store that have - identical contents, and replaces them with hard links to a single copy. - This saves disk space. If set to false (the default), you can still run - nix-store --optimise to get rid of duplicate files. - ''; - }; - - cores = mkOption { - type = types.int; - default = 0; - example = 64; - description = lib.mdDoc '' - This option defines the maximum number of concurrent tasks during - one build. It affects, e.g., -j option for make. - The special value 0 means that the builder should use all - available CPU cores in the system. Some builds may become - non-deterministic with this option; use with care! Packages will - only be affected if enableParallelBuilding is set for them. - ''; - }; - - sandbox = mkOption { - type = types.either types.bool (types.enum [ "relaxed" ]); - default = true; - description = lib.mdDoc '' - If set, Nix will perform builds in a sandboxed environment that it - will set up automatically for each build. This prevents impurities - in builds by disallowing access to dependencies outside of the Nix - store by using network and mount namespaces in a chroot environment. - - This is enabled by default even though it has a possible performance - impact due to the initial setup time of a sandbox for each build. It - doesn't affect derivation hashes, so changing this option will not - trigger a rebuild of packages. - - When set to "relaxed", this option permits derivations that set - `__noChroot = true;` to run outside of the sandboxed environment. - Exercise caution when using this mode of operation! It is intended to - be a quick hack when building with packages that are not easily setup - to be built reproducibly. - ''; - }; - - extra-sandbox-paths = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "/dev" "/proc" ]; - description = lib.mdDoc '' - Directories from the host filesystem to be included - in the sandbox. - ''; - }; - - substituters = mkOption { - type = types.listOf types.str; - description = lib.mdDoc '' - List of binary cache URLs used to obtain pre-built binaries - of Nix packages. - - By default https://cache.nixos.org/ is added. - ''; - }; - - trusted-substituters = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "https://hydra.nixos.org/" ]; - description = lib.mdDoc '' - List of binary cache URLs that non-root users can use (in - addition to those specified using - {option}`nix.settings.substituters`) by passing - `--option binary-caches` to Nix commands. - ''; - }; - - require-sigs = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - If enabled (the default), Nix will only download binaries from binary caches if - they are cryptographically signed with any of the keys listed in - {option}`nix.settings.trusted-public-keys`. If disabled, signatures are neither - required nor checked, so it's strongly recommended that you use only - trustworthy caches and https to prevent man-in-the-middle attacks. - ''; - }; - - trusted-public-keys = mkOption { - type = types.listOf types.str; - example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; - description = lib.mdDoc '' - List of public keys used to sign binary caches. If - {option}`nix.settings.trusted-public-keys` is enabled, - then Nix will use a binary from a binary cache if and only - if it is signed by *any* of the keys - listed here. By default, only the key for - `cache.nixos.org` is included. - ''; - }; - - trusted-users = mkOption { - type = types.listOf types.str; - default = [ "root" ]; - example = [ "root" "alice" "@wheel" ]; - description = lib.mdDoc '' - A list of names of users that have additional rights when - connecting to the Nix daemon, such as the ability to specify - additional binary caches, or to import unsigned NARs. You - can also specify groups by prefixing them with - `@`; for instance, - `@wheel` means all users in the wheel - group. - ''; - }; - - system-features = mkOption { - type = types.listOf types.str; - example = [ "kvm" "big-parallel" "gccarch-skylake" ]; - description = lib.mdDoc '' - The set of features supported by the machine. Derivations - can express dependencies on system features through the - `requiredSystemFeatures` attribute. - - By default, pseudo-features `nixos-test`, `benchmark`, - and `big-parallel` used in Nixpkgs are set, `kvm` - is also included if it is available. - ''; - }; - - allowed-users = mkOption { - type = types.listOf types.str; - default = [ "*" ]; - example = [ "@wheel" "@builders" "alice" "bob" ]; - description = lib.mdDoc '' - A list of names of users (separated by whitespace) that are - allowed to connect to the Nix daemon. As with - {option}`nix.settings.trusted-users`, you can specify groups by - prefixing them with `@`. Also, you can - allow all users by specifying `*`. The - default is `*`. Note that trusted users are - always allowed to connect. - ''; - }; - }; - }; - default = { }; - example = literalExpression '' - { - use-sandbox = true; - show-trace = true; - - system-features = [ "big-parallel" "kvm" "recursive-nix" ]; - sandbox-paths = { "/bin/sh" = "''${pkgs.busybox-sandbox-shell.out}/bin/busybox"; }; - } - ''; - description = lib.mdDoc '' - Configuration for Nix, see - or - {manpage}`nix.conf(5)` for available options. - The value declared here will be translated directly to the key-value pairs Nix expects. - - You can use {command}`nix-instantiate --eval --strict '' -A config.nix.settings` - to view the current value. By default it is empty. - - Nix configurations defined under {option}`nix.*` will be translated and applied to this - option. In addition, configuration specified in {option}`nix.extraOptions` will be appended - verbatim to the resulting config file. - ''; - }; }; }; @@ -755,20 +544,6 @@ in # Legacy configuration conversion. nix.settings = mkMerge [ - { - trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; - substituters = mkAfter [ "https://cache.nixos.org/" ]; - - system-features = mkDefault ( - [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ - optionals (pkgs.stdenv.hostPlatform ? gcc.arch) ( - # a builder can run code for `gcc.arch` and inferior architectures - [ "gccarch-${pkgs.stdenv.hostPlatform.gcc.arch}" ] ++ - map (x: "gccarch-${x}") (systems.architectures.inferiors.${pkgs.stdenv.hostPlatform.gcc.arch} or []) - ) - ); - } - (mkIf (!cfg.distributedBuilds) { builders = null; }) (mkIf (isNixAtLeast "2.3pre") { sandbox-fallback = false; }) From 19e33831c698da6b2e8a5d9a49b3f63b896fe219 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 13:13:47 +0200 Subject: [PATCH 04/33] nixos/config/nix: Move nix.check* --- nixos/modules/config/nix.nix | 16 ++++++++++++++++ nixos/modules/services/misc/nix-daemon.nix | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index af2d8678b6ce..3161f1309214 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -134,6 +134,22 @@ in options = { nix = { + checkConfig = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + If enabled, checks that Nix can parse the generated nix.conf. + ''; + }; + + checkAllErrors = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + If enabled, checks the nix.conf parsing for any kind of error. When disabled, checks only for unknown settings. + ''; + }; + settings = mkOption { type = types.submodule { freeformType = semanticConfType; diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index c6adfec04fda..87b8d068912b 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -300,22 +300,6 @@ in ''; }; - checkConfig = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - If enabled, checks that Nix can parse the generated nix.conf. - ''; - }; - - checkAllErrors = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - If enabled, checks the nix.conf parsing for any kind of error. When disabled, checks only for unknown settings. - ''; - }; - registry = mkOption { type = types.attrsOf (types.submodule ( let From 4bbd44908c5d4d271daf91d71325ec5b6b2cf0c5 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 13:40:14 +0200 Subject: [PATCH 05/33] nixos/config/nix: Move extraOptions --- nixos/modules/config/nix.nix | 10 ++++++++++ nixos/modules/services/misc/nix-daemon.nix | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index 3161f1309214..8285db20faa1 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -150,6 +150,16 @@ in ''; }; + extraOptions = mkOption { + type = types.lines; + default = ""; + example = '' + keep-outputs = true + keep-derivations = true + ''; + description = lib.mdDoc "Additional text appended to {file}`nix.conf`."; + }; + settings = mkOption { type = types.submodule { freeformType = semanticConfType; diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 87b8d068912b..e5afffab21da 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -360,16 +360,6 @@ in A system-wide flake registry. ''; }; - - extraOptions = mkOption { - type = types.lines; - default = ""; - example = '' - keep-outputs = true - keep-derivations = true - ''; - description = lib.mdDoc "Additional text appended to {file}`nix.conf`."; - }; }; }; From d6a68f05428c3ed7d76565917e9baca68c610164 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 13:38:30 +0200 Subject: [PATCH 06/33] nixos/config/nix-remote-build: Factor out --- nixos/modules/config/nix-remote-build.nix | 219 +++++++++++++++++++++ nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/nix-daemon.nix | 182 ----------------- 3 files changed, 220 insertions(+), 182 deletions(-) create mode 100644 nixos/modules/config/nix-remote-build.nix diff --git a/nixos/modules/config/nix-remote-build.nix b/nixos/modules/config/nix-remote-build.nix new file mode 100644 index 000000000000..2a30bbdc746d --- /dev/null +++ b/nixos/modules/config/nix-remote-build.nix @@ -0,0 +1,219 @@ +{ config, lib, ... }: + +let + inherit (lib) + any + concatMapStrings + concatStringsSep + filter + getVersion + mkIf + mkMerge + mkOption + optional + optionalString + types + versionAtLeast + ; + + cfg = config.nix; + + nixPackage = cfg.package.out; + + isNixAtLeast = versionAtLeast (getVersion nixPackage); + + buildMachinesText = + concatMapStrings + (machine: + (concatStringsSep " " ([ + "${optionalString (machine.protocol != null) "${machine.protocol}://"}${optionalString (machine.sshUser != null) "${machine.sshUser}@"}${machine.hostName}" + (if machine.system != null then machine.system else if machine.systems != [ ] then concatStringsSep "," machine.systems else "-") + (if machine.sshKey != null then machine.sshKey else "-") + (toString machine.maxJobs) + (toString machine.speedFactor) + (let res = (machine.supportedFeatures ++ machine.mandatoryFeatures); + in if (res == []) then "-" else (concatStringsSep "," res)) + (let res = machine.mandatoryFeatures; + in if (res == []) then "-" else (concatStringsSep "," machine.mandatoryFeatures)) + ] + ++ optional (isNixAtLeast "2.4pre") (if machine.publicHostKey != null then machine.publicHostKey else "-"))) + + "\n" + ) + cfg.buildMachines; + +in +{ + options = { + nix = { + buildMachines = mkOption { + type = types.listOf (types.submodule { + options = { + hostName = mkOption { + type = types.str; + example = "nixbuilder.example.org"; + description = lib.mdDoc '' + The hostname of the build machine. + ''; + }; + protocol = mkOption { + type = types.enum [ null "ssh" "ssh-ng" ]; + default = "ssh"; + example = "ssh-ng"; + description = lib.mdDoc '' + The protocol used for communicating with the build machine. + Use `ssh-ng` if your remote builder and your + local Nix version support that improved protocol. + + Use `null` when trying to change the special localhost builder + without a protocol which is for example used by hydra. + ''; + }; + system = mkOption { + type = types.nullOr types.str; + default = null; + example = "x86_64-linux"; + description = lib.mdDoc '' + The system type the build machine can execute derivations on. + Either this attribute or {var}`systems` must be + present, where {var}`system` takes precedence if + both are set. + ''; + }; + systems = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "x86_64-linux" "aarch64-linux" ]; + description = lib.mdDoc '' + The system types the build machine can execute derivations on. + Either this attribute or {var}`system` must be + present, where {var}`system` takes precedence if + both are set. + ''; + }; + sshUser = mkOption { + type = types.nullOr types.str; + default = null; + example = "builder"; + description = lib.mdDoc '' + The username to log in as on the remote host. This user must be + able to log in and run nix commands non-interactively. It must + also be privileged to build derivations, so must be included in + {option}`nix.settings.trusted-users`. + ''; + }; + sshKey = mkOption { + type = types.nullOr types.str; + default = null; + example = "/root/.ssh/id_buildhost_builduser"; + description = lib.mdDoc '' + The path to the SSH private key with which to authenticate on + the build machine. The private key must not have a passphrase. + If null, the building user (root on NixOS machines) must have an + appropriate ssh configuration to log in non-interactively. + + Note that for security reasons, this path must point to a file + in the local filesystem, *not* to the nix store. + ''; + }; + maxJobs = mkOption { + type = types.int; + default = 1; + description = lib.mdDoc '' + The number of concurrent jobs the build machine supports. The + build machine will enforce its own limits, but this allows hydra + to schedule better since there is no work-stealing between build + machines. + ''; + }; + speedFactor = mkOption { + type = types.int; + default = 1; + description = lib.mdDoc '' + The relative speed of this builder. This is an arbitrary integer + that indicates the speed of this builder, relative to other + builders. Higher is faster. + ''; + }; + mandatoryFeatures = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "big-parallel" ]; + description = lib.mdDoc '' + A list of features mandatory for this builder. The builder will + be ignored for derivations that don't require all features in + this list. All mandatory features are automatically included in + {var}`supportedFeatures`. + ''; + }; + supportedFeatures = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "kvm" "big-parallel" ]; + description = lib.mdDoc '' + A list of features supported by this builder. The builder will + be ignored for derivations that require features not in this + list. + ''; + }; + publicHostKey = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + The (base64-encoded) public host key of this builder. The field + is calculated via {command}`base64 -w0 /etc/ssh/ssh_host_type_key.pub`. + If null, SSH will use its regular known-hosts file when connecting. + ''; + }; + }; + }); + default = [ ]; + description = lib.mdDoc '' + This option lists the machines to be used if distributed builds are + enabled (see {option}`nix.distributedBuilds`). + Nix will perform derivations on those machines via SSH by copying the + inputs to the Nix store on the remote machine, starting the build, + then copying the output back to the local Nix store. + ''; + }; + + distributedBuilds = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to distribute builds to the machines listed in + {option}`nix.buildMachines`. + ''; + }; + }; + }; + + # distributedBuilds does *not* inhibit /etc/machines generation; caller may + # override that nix option. + config = mkIf cfg.enable { + assertions = + let badMachine = m: m.system == null && m.systems == [ ]; + in + [ + { + assertion = !(any badMachine cfg.buildMachines); + message = '' + At least one system type (via system or + systems) must be set for every build machine. + Invalid machine specifications: + '' + " " + + (concatStringsSep "\n " + (map (m: m.hostName) + (filter (badMachine) cfg.buildMachines))); + } + ]; + + # List of machines for distributed Nix builds + environment.etc."nix/machines" = + mkIf (cfg.buildMachines != [ ]) { + text = buildMachinesText; + }; + + # Legacy configuration conversion. + nix.settings = mkIf (!cfg.distributedBuilds) { builders = null; }; + }; +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b6e500442c6e..f54e14c5879c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -17,6 +17,7 @@ ./config/mysql.nix ./config/networking.nix ./config/nix.nix + ./config/nix-remote-build.nix ./config/no-x-libs.nix ./config/nsswitch.nix ./config/power-management.nix diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index e5afffab21da..4368cdd63eb7 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -62,15 +62,6 @@ in ''; }; - distributedBuilds = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to distribute builds to the machines listed in - {option}`nix.buildMachines`. - ''; - }; - daemonCPUSchedPolicy = mkOption { type = types.enum [ "other" "batch" "idle" ]; default = "other"; @@ -137,137 +128,6 @@ in ''; }; - buildMachines = mkOption { - type = types.listOf (types.submodule { - options = { - hostName = mkOption { - type = types.str; - example = "nixbuilder.example.org"; - description = lib.mdDoc '' - The hostname of the build machine. - ''; - }; - protocol = mkOption { - type = types.enum [ null "ssh" "ssh-ng" ]; - default = "ssh"; - example = "ssh-ng"; - description = lib.mdDoc '' - The protocol used for communicating with the build machine. - Use `ssh-ng` if your remote builder and your - local Nix version support that improved protocol. - - Use `null` when trying to change the special localhost builder - without a protocol which is for example used by hydra. - ''; - }; - system = mkOption { - type = types.nullOr types.str; - default = null; - example = "x86_64-linux"; - description = lib.mdDoc '' - The system type the build machine can execute derivations on. - Either this attribute or {var}`systems` must be - present, where {var}`system` takes precedence if - both are set. - ''; - }; - systems = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "x86_64-linux" "aarch64-linux" ]; - description = lib.mdDoc '' - The system types the build machine can execute derivations on. - Either this attribute or {var}`system` must be - present, where {var}`system` takes precedence if - both are set. - ''; - }; - sshUser = mkOption { - type = types.nullOr types.str; - default = null; - example = "builder"; - description = lib.mdDoc '' - The username to log in as on the remote host. This user must be - able to log in and run nix commands non-interactively. It must - also be privileged to build derivations, so must be included in - {option}`nix.settings.trusted-users`. - ''; - }; - sshKey = mkOption { - type = types.nullOr types.str; - default = null; - example = "/root/.ssh/id_buildhost_builduser"; - description = lib.mdDoc '' - The path to the SSH private key with which to authenticate on - the build machine. The private key must not have a passphrase. - If null, the building user (root on NixOS machines) must have an - appropriate ssh configuration to log in non-interactively. - - Note that for security reasons, this path must point to a file - in the local filesystem, *not* to the nix store. - ''; - }; - maxJobs = mkOption { - type = types.int; - default = 1; - description = lib.mdDoc '' - The number of concurrent jobs the build machine supports. The - build machine will enforce its own limits, but this allows hydra - to schedule better since there is no work-stealing between build - machines. - ''; - }; - speedFactor = mkOption { - type = types.int; - default = 1; - description = lib.mdDoc '' - The relative speed of this builder. This is an arbitrary integer - that indicates the speed of this builder, relative to other - builders. Higher is faster. - ''; - }; - mandatoryFeatures = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "big-parallel" ]; - description = lib.mdDoc '' - A list of features mandatory for this builder. The builder will - be ignored for derivations that don't require all features in - this list. All mandatory features are automatically included in - {var}`supportedFeatures`. - ''; - }; - supportedFeatures = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "kvm" "big-parallel" ]; - description = lib.mdDoc '' - A list of features supported by this builder. The builder will - be ignored for derivations that require features not in this - list. - ''; - }; - publicHostKey = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - The (base64-encoded) public host key of this builder. The field - is calculated via {command}`base64 -w0 /etc/ssh/ssh_host_type_key.pub`. - If null, SSH will use its regular known-hosts file when connecting. - ''; - }; - }; - }); - default = [ ]; - description = lib.mdDoc '' - This option lists the machines to be used if distributed builds are - enabled (see {option}`nix.distributedBuilds`). - Nix will perform derivations on those machines via SSH by copying the - inputs to the Nix store on the remote machine, starting the build, - then copying the output back to the local Nix store. - ''; - }; - # Environment variables for running Nix. envVars = mkOption { type = types.attrs; @@ -379,46 +239,6 @@ in flakes = mapAttrsToList (n: v: { inherit (v) from to exact; }) cfg.registry; }; - # List of machines for distributed Nix builds in the format - # expected by build-remote.pl. - environment.etc."nix/machines" = mkIf (cfg.buildMachines != [ ]) { - text = - concatMapStrings - (machine: - (concatStringsSep " " ([ - "${optionalString (machine.protocol != null) "${machine.protocol}://"}${optionalString (machine.sshUser != null) "${machine.sshUser}@"}${machine.hostName}" - (if machine.system != null then machine.system else if machine.systems != [ ] then concatStringsSep "," machine.systems else "-") - (if machine.sshKey != null then machine.sshKey else "-") - (toString machine.maxJobs) - (toString machine.speedFactor) - (let res = (machine.supportedFeatures ++ machine.mandatoryFeatures); - in if (res == []) then "-" else (concatStringsSep "," res)) - (let res = machine.mandatoryFeatures; - in if (res == []) then "-" else (concatStringsSep "," machine.mandatoryFeatures)) - ] - ++ optional (isNixAtLeast "2.4pre") (if machine.publicHostKey != null then machine.publicHostKey else "-"))) - + "\n" - ) - cfg.buildMachines; - }; - - assertions = - let badMachine = m: m.system == null && m.systems == [ ]; - in - [ - { - assertion = !(any badMachine cfg.buildMachines); - message = '' - At least one system type (via system or - systems) must be set for every build machine. - Invalid machine specifications: - '' + " " + - (concatStringsSep "\n " - (map (m: m.hostName) - (filter (badMachine) cfg.buildMachines))); - } - ]; - systemd.packages = [ nixPackage ]; # Will only work once https://github.com/NixOS/nix/pull/6285 is merged @@ -518,8 +338,6 @@ in # Legacy configuration conversion. nix.settings = mkMerge [ - (mkIf (!cfg.distributedBuilds) { builders = null; }) - (mkIf (isNixAtLeast "2.3pre") { sandbox-fallback = false; }) ]; From 1c772cd857b40f86105c99297d7e41d823428c95 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 13:50:09 +0200 Subject: [PATCH 07/33] nixos/config/flakes: Factor out --- nixos/modules/config/flakes.nix | 88 ++++++++++++++++++++++ nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/nix-daemon.nix | 66 ---------------- 3 files changed, 89 insertions(+), 66 deletions(-) create mode 100644 nixos/modules/config/flakes.nix diff --git a/nixos/modules/config/flakes.nix b/nixos/modules/config/flakes.nix new file mode 100644 index 000000000000..d0f5dc6e520a --- /dev/null +++ b/nixos/modules/config/flakes.nix @@ -0,0 +1,88 @@ +{ config, lib, ... }: +let + inherit (lib) + filterAttrs + literalExpression + mapAttrsToList + mkDefault + mkIf + mkOption + types + ; + + cfg = config.nix; + +in +{ + options = { + nix = { + registry = mkOption { + type = types.attrsOf (types.submodule ( + let + referenceAttrs = with types; attrsOf (oneOf [ + str + int + bool + path + package + ]); + in + { config, name, ... }: + { + options = { + from = mkOption { + type = referenceAttrs; + example = { type = "indirect"; id = "nixpkgs"; }; + description = lib.mdDoc "The flake reference to be rewritten."; + }; + to = mkOption { + type = referenceAttrs; + example = { type = "github"; owner = "my-org"; repo = "my-nixpkgs"; }; + description = lib.mdDoc "The flake reference {option}`from` is rewritten to."; + }; + flake = mkOption { + type = types.nullOr types.attrs; + default = null; + example = literalExpression "nixpkgs"; + description = lib.mdDoc '' + The flake input {option}`from` is rewritten to. + ''; + }; + exact = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Whether the {option}`from` reference needs to match exactly. If set, + a {option}`from` reference like `nixpkgs` does not + match with a reference like `nixpkgs/nixos-20.03`. + ''; + }; + }; + config = { + from = mkDefault { type = "indirect"; id = name; }; + to = mkIf (config.flake != null) (mkDefault ( + { + type = "path"; + path = config.flake.outPath; + } // filterAttrs + (n: _: n == "lastModified" || n == "rev" || n == "revCount" || n == "narHash") + config.flake + )); + }; + } + )); + default = { }; + description = lib.mdDoc '' + A system-wide flake registry. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + environment.etc."nix/registry.json".text = builtins.toJSON { + version = 2; + flakes = mapAttrsToList (n: v: { inherit (v) from to exact; }) cfg.registry; + }; + }; +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f54e14c5879c..75b0e19d558f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -2,6 +2,7 @@ ./config/appstream.nix ./config/console.nix ./config/debug-info.nix + ./config/flakes.nix ./config/fonts/fontconfig.nix ./config/fonts/fontdir.nix ./config/fonts/fonts.nix diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 4368cdd63eb7..94798dfb5398 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -159,67 +159,6 @@ in (e.g. ``). ''; }; - - registry = mkOption { - type = types.attrsOf (types.submodule ( - let - referenceAttrs = with types; attrsOf (oneOf [ - str - int - bool - path - package - ]); - in - { config, name, ... }: - { - options = { - from = mkOption { - type = referenceAttrs; - example = { type = "indirect"; id = "nixpkgs"; }; - description = lib.mdDoc "The flake reference to be rewritten."; - }; - to = mkOption { - type = referenceAttrs; - example = { type = "github"; owner = "my-org"; repo = "my-nixpkgs"; }; - description = lib.mdDoc "The flake reference {option}`from` is rewritten to."; - }; - flake = mkOption { - type = types.nullOr types.attrs; - default = null; - example = literalExpression "nixpkgs"; - description = lib.mdDoc '' - The flake input {option}`from` is rewritten to. - ''; - }; - exact = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Whether the {option}`from` reference needs to match exactly. If set, - a {option}`from` reference like `nixpkgs` does not - match with a reference like `nixpkgs/nixos-20.03`. - ''; - }; - }; - config = { - from = mkDefault { type = "indirect"; id = name; }; - to = mkIf (config.flake != null) (mkDefault ( - { - type = "path"; - path = config.flake.outPath; - } // filterAttrs - (n: _: n == "lastModified" || n == "rev" || n == "revCount" || n == "narHash") - config.flake - )); - }; - } - )); - default = { }; - description = lib.mdDoc '' - A system-wide flake registry. - ''; - }; }; }; @@ -234,11 +173,6 @@ in ] ++ optional (config.programs.bash.enableCompletion) pkgs.nix-bash-completions; - environment.etc."nix/registry.json".text = builtins.toJSON { - version = 2; - flakes = mapAttrsToList (n: v: { inherit (v) from to exact; }) cfg.registry; - }; - systemd.packages = [ nixPackage ]; # Will only work once https://github.com/NixOS/nix/pull/6285 is merged From 5c0c96a8283de416891bb4f8fd67c6e5693ac1a2 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 13:53:25 +0200 Subject: [PATCH 08/33] nixos/config/nix-channel: Factor out root channel initialization --- nixos/modules/config/nix-channel.nix | 35 ++++++++++++++++++++++ nixos/modules/misc/version.nix | 7 ----- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/nix-daemon.nix | 5 ---- 4 files changed, 36 insertions(+), 12 deletions(-) create mode 100644 nixos/modules/config/nix-channel.nix diff --git a/nixos/modules/config/nix-channel.nix b/nixos/modules/config/nix-channel.nix new file mode 100644 index 000000000000..8e6061e49561 --- /dev/null +++ b/nixos/modules/config/nix-channel.nix @@ -0,0 +1,35 @@ +{ config, lib, ... }: +let + inherit (lib) + mkIf + mkOption + stringAfter + types + ; + + cfg = config.nix; + +in +{ + options = { + system = { + defaultChannel = mkOption { + internal = true; + type = types.str; + default = "https://nixos.org/channels/nixos-unstable"; + description = lib.mdDoc "Default NixOS channel to which the root user is subscribed."; + }; + }; + }; + + config = mkIf cfg.enable { + + system.activationScripts.nix-channel = stringAfter [ "etc" "users" ] + '' + # Subscribe the root user to the NixOS channel by default. + if [ ! -e "/root/.nix-channels" ]; then + echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels" + fi + ''; + }; +} diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index 0f55ab8a09ce..0a66eafe933e 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -140,13 +140,6 @@ in ''; }; - defaultChannel = mkOption { - internal = true; - type = types.str; - default = "https://nixos.org/channels/nixos-unstable"; - description = lib.mdDoc "Default NixOS channel to which the root user is subscribed."; - }; - configurationRevision = mkOption { type = types.nullOr types.str; default = null; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 75b0e19d558f..fea69935cc6f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -18,6 +18,7 @@ ./config/mysql.nix ./config/networking.nix ./config/nix.nix + ./config/nix-channel.nix ./config/nix-remote-build.nix ./config/no-x-libs.nix ./config/nsswitch.nix diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 94798dfb5398..4e986b217ef7 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -263,11 +263,6 @@ in system.activationScripts.nix = stringAfter [ "etc" "users" ] '' install -m 0755 -d /nix/var/nix/{gcroots,profiles}/per-user - - # Subscribe the root user to the NixOS channel by default. - if [ ! -e "/root/.nix-channels" ]; then - echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels" - fi ''; # Legacy configuration conversion. From fad172a36672161235efec7b118e2240deaabd76 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 14:05:41 +0200 Subject: [PATCH 09/33] nixos/config/nix-channel: Move NIX_PATH logic --- nixos/modules/config/nix-channel.nix | 27 ++++++++++++++++++++++ nixos/modules/services/misc/nix-daemon.nix | 23 +----------------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/nixos/modules/config/nix-channel.nix b/nixos/modules/config/nix-channel.nix index 8e6061e49561..c37c3f73c30e 100644 --- a/nixos/modules/config/nix-channel.nix +++ b/nixos/modules/config/nix-channel.nix @@ -12,6 +12,22 @@ let in { options = { + nix = { + nixPath = mkOption { + type = types.listOf types.str; + default = [ + "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + description = lib.mdDoc '' + The default Nix expression search path, used by the Nix + evaluator to look up paths enclosed in angle brackets + (e.g. ``). + ''; + }; + }; + system = { defaultChannel = mkOption { internal = true; @@ -24,6 +40,17 @@ in config = mkIf cfg.enable { + environment.extraInit = + '' + if [ -e "$HOME/.nix-defexpr/channels" ]; then + export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}" + fi + ''; + + environment.sessionVariables = { + NIX_PATH = cfg.nixPath; + }; + system.activationScripts.nix-channel = stringAfter [ "etc" "users" ] '' # Subscribe the root user to the NixOS channel by default. diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 4e986b217ef7..51b87bf585c4 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -145,20 +145,6 @@ in you should increase this value. ''; }; - - nixPath = mkOption { - type = types.listOf types.str; - default = [ - "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" - "nixos-config=/etc/nixos/configuration.nix" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - description = lib.mdDoc '' - The default Nix expression search path, used by the Nix - evaluator to look up paths enclosed in angle brackets - (e.g. ``). - ''; - }; }; }; @@ -242,14 +228,7 @@ in }; # Set up the environment variables for running Nix. - environment.sessionVariables = cfg.envVars // { NIX_PATH = cfg.nixPath; }; - - environment.extraInit = - '' - if [ -e "$HOME/.nix-defexpr/channels" ]; then - export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}" - fi - ''; + environment.sessionVariables = cfg.envVars; nix.nrBuildUsers = mkDefault ( if cfg.settings.auto-allocate-uids or false then 0 From 0f71c406cf43f6add5bb0e8e7f8b16b2ab53d69b Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 5 Jul 2023 14:59:01 +0200 Subject: [PATCH 10/33] nixos/nix-daemon: Move to services/system It is now only about the system service. Granted, it also installs the client package, but that could be factored out later, with actual test to support such a new type of configuration. --- nixos/modules/module-list.nix | 2 +- nixos/modules/services/{misc => system}/nix-daemon.nix | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename nixos/modules/services/{misc => system}/nix-daemon.nix (100%) diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index fea69935cc6f..ad92f22fafb1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -665,7 +665,6 @@ ./services/misc/moonraker.nix ./services/misc/n8n.nix ./services/misc/nitter.nix - ./services/misc/nix-daemon.nix ./services/misc/nix-gc.nix ./services/misc/nix-optimise.nix ./services/misc/nix-ssh-serve.nix @@ -1147,6 +1146,7 @@ ./services/system/earlyoom.nix ./services/system/kerberos/default.nix ./services/system/localtimed.nix + ./services/system/nix-daemon.nix ./services/system/nscd.nix ./services/system/saslauthd.nix ./services/system/self-deploy.nix diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/system/nix-daemon.nix similarity index 100% rename from nixos/modules/services/misc/nix-daemon.nix rename to nixos/modules/services/system/nix-daemon.nix From a60989cbc9c6a9dcdadbfebf8fe43fb7d8f31aa3 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 6 Jul 2023 05:23:28 +0000 Subject: [PATCH 11/33] armTrustedFirmwareTools: 2.8 -> 2.9.0 --- pkgs/misc/arm-trusted-firmware/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix index 63c9da2e8fb9..ee7fedbedbe8 100644 --- a/pkgs/misc/arm-trusted-firmware/default.nix +++ b/pkgs/misc/arm-trusted-firmware/default.nix @@ -26,13 +26,13 @@ let stdenv.mkDerivation (rec { pname = "arm-trusted-firmware${lib.optionalString (platform != null) "-${platform}"}"; - version = "2.8"; + version = "2.9.0"; src = fetchFromGitHub { owner = "ARM-software"; repo = "arm-trusted-firmware"; rev = "v${version}"; - hash = "sha256-WDJMMIWZHNqxxAKeHiZDxtPjfsfQAWsbYv+0o0PiJQs="; + hash = "sha256-F7RNYNLh0ORzl5PmzRX9wGK8dZgUQVLKQg1M9oNd0pk="; }; patches = lib.optionals deleteHDCPBlobBeforeBuild [ From c6800f3ea4f46c5bbc2cec95b30b13bc9dda782b Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 6 Jul 2023 12:59:52 +0300 Subject: [PATCH 12/33] krita: migrate to opencolorio --- pkgs/applications/graphics/krita/generic.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/graphics/krita/generic.nix b/pkgs/applications/graphics/krita/generic.nix index 4adedcaffe79..4f16661cedb1 100644 --- a/pkgs/applications/graphics/krita/generic.nix +++ b/pkgs/applications/graphics/krita/generic.nix @@ -3,7 +3,7 @@ , kguiaddons, ki18n, kitemmodels, kitemviews, kwindowsystem , kio, kcrash, breeze-icons , boost, libraw, fftw, eigen, exiv2, libheif, lcms2, gsl, openexr, giflib, libjxl -, openjpeg, opencolorio_1, xsimd, poppler, curl, ilmbase, libmypaint, libwebp +, openjpeg, opencolorio, xsimd, poppler, curl, ilmbase, libmypaint, libwebp , qtmultimedia, qtx11extras, quazip , python3Packages , version @@ -27,7 +27,7 @@ mkDerivation rec { karchive kconfig kwidgetsaddons kcompletion kcoreaddons kguiaddons ki18n kitemmodels kitemviews kwindowsystem kio kcrash breeze-icons boost libraw fftw eigen exiv2 lcms2 gsl openexr libheif giflib libjxl - openjpeg opencolorio_1 poppler curl ilmbase libmypaint libwebp + openjpeg opencolorio poppler curl ilmbase libmypaint libwebp qtmultimedia qtx11extras quazip python3Packages.pyqt5 xsimd From 4bb9210d89f46d061cfd38017f81ae5b7666ee9e Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 6 Jul 2023 12:18:21 +0200 Subject: [PATCH 13/33] python311Packages.google-cloud-videointelligence: 2.11.2 -> 2.11.3 Changelog: https://github.com/googleapis/python-videointelligence/blob/v2.11.3/CHANGELOG.md --- .../python-modules/google-cloud-videointelligence/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/google-cloud-videointelligence/default.nix b/pkgs/development/python-modules/google-cloud-videointelligence/default.nix index 5f81eeb54991..14f12cff1aff 100644 --- a/pkgs/development/python-modules/google-cloud-videointelligence/default.nix +++ b/pkgs/development/python-modules/google-cloud-videointelligence/default.nix @@ -13,14 +13,14 @@ buildPythonPackage rec { pname = "google-cloud-videointelligence"; - version = "2.11.2"; + version = "2.11.3"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-WlBpQ234J1rCA1jpPPCxUa+k6+DAKivZV6kLknnUArw="; + hash = "sha256-qWpj8ATCcGj0WyJ6ZidfimqMPs0Gu1gfkvppiX1bF5c="; }; propagatedBuildInputs = [ From 5e531f61bd5e203b6d39824ef40c76fb0e950ed0 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 6 Jul 2023 12:37:12 +0200 Subject: [PATCH 14/33] python311Packages.google-cloud-datastore: 2.16.0 -> 2.16.1 Changelog: https://github.com/googleapis/python-datastore/blob/v2.16.1/CHANGELOG.md --- .../python-modules/google-cloud-datastore/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/google-cloud-datastore/default.nix b/pkgs/development/python-modules/google-cloud-datastore/default.nix index 98b11c1d073a..a86274ea5f40 100644 --- a/pkgs/development/python-modules/google-cloud-datastore/default.nix +++ b/pkgs/development/python-modules/google-cloud-datastore/default.nix @@ -15,14 +15,14 @@ buildPythonPackage rec { pname = "google-cloud-datastore"; - version = "2.16.0"; + version = "2.16.1"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-70n9jgOvR5OYWBPKSR50E1ST/60uGzlbsiYXCkJNo18="; + hash = "sha256-cQ7yfr37UDQPRnHFMq1MFSVmWYXpQhmE/81rlrV+NLs="; }; propagatedBuildInputs = [ From 285f5e858eb204ecf08a60c40a99aee1d2dc7bd1 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Wed, 7 Jun 2023 12:39:27 +1000 Subject: [PATCH 15/33] darwin.builder: use port 31022 by default --- doc/builders/special/darwin-builder.section.md | 14 ++++++++++---- nixos/modules/profiles/macos-builder.nix | 10 +++++----- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/doc/builders/special/darwin-builder.section.md b/doc/builders/special/darwin-builder.section.md index b5b6ab8971e9..7c5c38bf85ee 100644 --- a/doc/builders/special/darwin-builder.section.md +++ b/doc/builders/special/darwin-builder.section.md @@ -4,9 +4,6 @@ This requires macOS version 12.4 or later. -This also requires that port 22 on your machine is free (since Nix does not -permit specifying a non-default SSH port for builders). - You will also need to be a trusted user for your Nix installation. In other words, your `/etc/nix/nix.conf` should have something like: @@ -50,12 +47,21 @@ To delegate builds to the remote builder, add the following options to your ``` # - Replace ${ARCH} with either aarch64 or x86_64 to match your host machine # - Replace ${MAX_JOBS} with the maximum number of builds (pick 4 if you're not sure) -builders = ssh-ng://builder@localhost ${ARCH}-linux /etc/nix/builder_ed25519 ${MAX_JOBS} - - - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo= +builders = ssh-ng://builder@linux-builder ${ARCH}-linux /etc/nix/builder_ed25519 ${MAX_JOBS} - - - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo= # Not strictly necessary, but this will reduce your disk utilization builders-use-substitutes = true ``` +To allow Nix to connect to a builder not running on port 22, you will also need to create a new file at `/etc/ssh/ssh_config.d/100-linux-builder.conf`: + +``` +Host linux-builder + Hostname localhost + HostKeyAlias linux-builder + Port 31022 +``` + … and then restart your Nix daemon to apply the change: ```ShellSession diff --git a/nixos/modules/profiles/macos-builder.nix b/nixos/modules/profiles/macos-builder.nix index 768c673e7f37..f1c991d6ffa6 100644 --- a/nixos/modules/profiles/macos-builder.nix +++ b/nixos/modules/profiles/macos-builder.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let keysDirectory = "/var/keys"; @@ -67,9 +67,9 @@ in ''; }; hostPort = mkOption { - default = 22; + default = 31022; type = types.int; - example = 31022; + example = 22; description = '' The localhost host port to forward TCP to the guest port. ''; @@ -139,13 +139,13 @@ in hostPkgs = config.virtualisation.host.pkgs; - script = hostPkgs.writeShellScriptBin "create-builder" ( + script = hostPkgs.writeShellScriptBin "create-builder" ( # When running as non-interactively as part of a DarwinConfiguration the working directory # must be set to a writeable directory. (if cfg.workingDirectory != "." then '' ${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}" cd "${cfg.workingDirectory}" - '' else "") + '' + '' else "") + '' KEYS="''${KEYS:-./keys}" ${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}" PRIVATE_KEY="''${KEYS}/${user}_${keyType}" From 98d970bc375c37a2f9c5c276d80ae2a3d8b1e4a5 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Wed, 7 Jun 2023 12:41:59 +1000 Subject: [PATCH 16/33] nixos/qemu-vm: use CA certificates from host --- nixos/modules/profiles/macos-builder.nix | 4 ++++ nixos/modules/security/ca.nix | 6 ++++- nixos/modules/virtualisation/qemu-vm.nix | 28 +++++++++++++++++++++++- 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/nixos/modules/profiles/macos-builder.nix b/nixos/modules/profiles/macos-builder.nix index f1c991d6ffa6..7ed68f06476b 100644 --- a/nixos/modules/profiles/macos-builder.nix +++ b/nixos/modules/profiles/macos-builder.nix @@ -234,6 +234,10 @@ in # This ensures that anything built on the guest isn't lost when the guest is # restarted. writableStoreUseTmpfs = false; + + # Pass certificates from host to the guest otherwise when custom CA certificates + # are required we can't use the cached builder. + useHostCerts = true; }; }; } diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index c704e2c1f51c..3cd56bff04d1 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -18,6 +18,10 @@ in { options = { + security.pki.installCACerts = mkEnableOption "Add CA certificates to system" // { + default = true; + internal = true; + }; security.pki.certificateFiles = mkOption { type = types.listOf types.path; @@ -70,7 +74,7 @@ in }; - config = { + config = mkIf cfg.installCACerts { # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility. environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 4aac0fa90e8b..d0a5ddd87ccf 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -166,6 +166,16 @@ let # Create a directory for exchanging data with the VM. mkdir -p "$TMPDIR/xchg" + ${lib.optionalString cfg.useHostCerts + '' + mkdir -p "$TMPDIR/certs" + if [ -e "$NIX_SSL_CERT_FILE" ]; then + cp -L "$NIX_SSL_CERT_FILE" "$TMPDIR"/certs/ca-certificates.crt + else + echo \$NIX_SSL_CERT_FILE should point to a valid file if virtualisation.useHostCerts is enabled. + fi + ''} + ${lib.optionalString cfg.useEFIBoot '' # Expose EFI variables, it's useful even when we are not using a bootloader (!). @@ -877,7 +887,6 @@ in ''; }; - virtualisation.bios = mkOption { type = types.nullOr types.package; @@ -890,6 +899,17 @@ in ''; }; + virtualisation.useHostCerts = + mkOption { + type = types.bool; + default = false; + description = + lib.mdDoc '' + If enabled, when `NIX_SSL_CERT_FILE` is set on the host, + pass the CA certificates from the host to the VM. + ''; + }; + }; config = { @@ -1024,8 +1044,14 @@ in source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; }; + certs = mkIf cfg.useHostCerts { + source = ''"$TMPDIR"/certs''; + target = "/etc/ssl/certs"; + }; }; + security.pki.installCACerts = mkIf cfg.useHostCerts false; + virtualisation.qemu.networkingOptions = let forwardingOptions = flip concatMapStrings cfg.forwardPorts From 34f6ce2fc2db08bf86022f47975d23e625843d2a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Wed, 14 Jun 2023 09:16:34 +1000 Subject: [PATCH 17/33] darwin.builder: allow overriding configuration --- nixos/modules/profiles/macos-builder.nix | 2 +- pkgs/top-level/darwin-packages.nix | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/modules/profiles/macos-builder.nix b/nixos/modules/profiles/macos-builder.nix index 7ed68f06476b..554115705b64 100644 --- a/nixos/modules/profiles/macos-builder.nix +++ b/nixos/modules/profiles/macos-builder.nix @@ -157,7 +157,7 @@ in if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then (set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}") fi - KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${config.system.build.vm}/bin/run-nixos-vm + KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm} ''); in diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix index fa03c385e4f3..a583b84b430d 100644 --- a/pkgs/top-level/darwin-packages.nix +++ b/pkgs/top-level/darwin-packages.nix @@ -229,7 +229,7 @@ impure-cmds // appleSourcePackages // chooseLibs // { discrete-scroll = callPackage ../os-specific/darwin/discrete-scroll { }; # See doc/builders/special/darwin-builder.section.md - builder = + builder = lib.makeOverridable ({ modules }: let toGuest = builtins.replaceStrings [ "darwin" ] [ "linux" ]; @@ -237,7 +237,7 @@ impure-cmds // appleSourcePackages // chooseLibs // { configuration = { imports = [ ../../nixos/modules/profiles/macos-builder.nix - ]; + ] ++ modules; virtualisation.host = { inherit pkgs; }; }; @@ -246,5 +246,5 @@ impure-cmds // appleSourcePackages // chooseLibs // { }; in - nixos.config.system.build.macos-builder-installer; + nixos.config.system.build.macos-builder-installer) { modules = [ ]; }; }) From edef4868982e5a1ca3226231fb1a7eb292b4c96a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 4 Jul 2023 20:46:42 +1000 Subject: [PATCH 18/33] darwin.linux-builder: rename from `darwin.builder` --- doc/builders/special/darwin-builder.section.md | 10 +++++++--- nixos/modules/profiles/macos-builder.nix | 2 +- pkgs/top-level/darwin-packages.nix | 6 +++++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/doc/builders/special/darwin-builder.section.md b/doc/builders/special/darwin-builder.section.md index 7c5c38bf85ee..13d01a0e3af8 100644 --- a/doc/builders/special/darwin-builder.section.md +++ b/doc/builders/special/darwin-builder.section.md @@ -1,9 +1,13 @@ -# darwin.builder {#sec-darwin-builder} +# darwin.linux-builder {#sec-darwin-builder} -`darwin.builder` provides a way to bootstrap a Linux builder on a macOS machine. +`darwin.linux-builder` provides a way to bootstrap a Linux builder on a macOS machine. This requires macOS version 12.4 or later. +The builder runs on host port 31022 by default. +You can change it by overriding `virtualisation.darwin-builder.hostPort`. +See the [example](#sec-darwin-builder-example-flake). + You will also need to be a trusted user for your Nix installation. In other words, your `/etc/nix/nix.conf` should have something like: @@ -14,7 +18,7 @@ extra-trusted-users = To launch the builder, run the following flake: ```ShellSession -$ nix run nixpkgs#darwin.builder +$ nix run nixpkgs#darwin.linux-builder ``` That will prompt you to enter your `sudo` password: diff --git a/nixos/modules/profiles/macos-builder.nix b/nixos/modules/profiles/macos-builder.nix index 554115705b64..83a849956182 100644 --- a/nixos/modules/profiles/macos-builder.nix +++ b/nixos/modules/profiles/macos-builder.nix @@ -177,7 +177,7 @@ in Please inspect the trace of the following command to figure out which module has a dependency on stateVersion. - nix-instantiate --attr darwin.builder --show-trace + nix-instantiate --attr darwin.linux-builder --show-trace ''); }; diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix index a583b84b430d..f1d48814ebe2 100644 --- a/pkgs/top-level/darwin-packages.nix +++ b/pkgs/top-level/darwin-packages.nix @@ -3,6 +3,7 @@ , generateSplicesForMkScope, makeScopeWithSplicing , stdenv , preLibcCrossHeaders +, config }: let @@ -229,7 +230,7 @@ impure-cmds // appleSourcePackages // chooseLibs // { discrete-scroll = callPackage ../os-specific/darwin/discrete-scroll { }; # See doc/builders/special/darwin-builder.section.md - builder = lib.makeOverridable ({ modules }: + linux-builder = lib.makeOverridable ({ modules }: let toGuest = builtins.replaceStrings [ "darwin" ] [ "linux" ]; @@ -247,4 +248,7 @@ impure-cmds // appleSourcePackages // chooseLibs // { in nixos.config.system.build.macos-builder-installer) { modules = [ ]; }; + +} // lib.optionalAttrs config.allowAliases { + builder = throw "'darwin.builder' has been changed and renamed to 'darwin.linux-builder'. The default ssh port is now 31022. Please update your configuration or override the port back to 22. See https://nixos.org/manual/nixpkgs/unstable/#sec-darwin-builder"; # added 2023-07-06 }) From 07de9b62cce851d0dbb707c082957d00a202f47e Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 6 Jul 2023 19:48:22 +0200 Subject: [PATCH 19/33] nixos/*nix*: Add imports as inherently necessary Albeit not technically necessary because of nixos//module-list.nix --- nixos/modules/config/nix-remote-build.nix | 4 ++++ nixos/modules/services/system/nix-daemon.nix | 2 ++ 2 files changed, 6 insertions(+) diff --git a/nixos/modules/config/nix-remote-build.nix b/nixos/modules/config/nix-remote-build.nix index 2a30bbdc746d..c5ffcc8cf0aa 100644 --- a/nixos/modules/config/nix-remote-build.nix +++ b/nixos/modules/config/nix-remote-build.nix @@ -43,6 +43,10 @@ let in { + imports = [ + ./nix.nix + ]; + options = { nix = { buildMachines = mkOption { diff --git a/nixos/modules/services/system/nix-daemon.nix b/nixos/modules/services/system/nix-daemon.nix index 51b87bf585c4..72e177dd1775 100644 --- a/nixos/modules/services/system/nix-daemon.nix +++ b/nixos/modules/services/system/nix-daemon.nix @@ -33,6 +33,8 @@ in { imports = [ + ../../config/nix.nix + (mkRenamedOptionModuleWith { sinceRelease = 2205; from = [ "nix" "daemonIONiceLevel" ]; to = [ "nix" "daemonIOSchedPriority" ]; }) (mkRenamedOptionModuleWith { sinceRelease = 2211; from = [ "nix" "readOnlyStore" ]; to = [ "boot" "readOnlyNixStore" ]; }) (mkRemovedOptionModule [ "nix" "daemonNiceLevel" ] "Consider nix.daemonCPUSchedPolicy instead.") From c83ad0598b51571b7d2f0b5343c6722f7394dde1 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 6 Jul 2023 19:54:57 +0200 Subject: [PATCH 20/33] nixos/*nix*: Update module impl docs and link related modules Something extra for the readers. --- nixos/modules/config/flakes.nix | 7 +++++++ nixos/modules/config/nix-channel.nix | 8 ++++++++ nixos/modules/config/nix-remote-build.nix | 7 +++++++ nixos/modules/config/nix.nix | 8 +++++++- nixos/modules/services/system/nix-daemon.nix | 7 +++++++ 5 files changed, 36 insertions(+), 1 deletion(-) diff --git a/nixos/modules/config/flakes.nix b/nixos/modules/config/flakes.nix index d0f5dc6e520a..242d8d3b82b7 100644 --- a/nixos/modules/config/flakes.nix +++ b/nixos/modules/config/flakes.nix @@ -1,3 +1,10 @@ +/* + Manages the flake registry. + + See also + - ./nix.nix + - ./nix-channel.nix + */ { config, lib, ... }: let inherit (lib) diff --git a/nixos/modules/config/nix-channel.nix b/nixos/modules/config/nix-channel.nix index c37c3f73c30e..ba8360ffc094 100644 --- a/nixos/modules/config/nix-channel.nix +++ b/nixos/modules/config/nix-channel.nix @@ -1,3 +1,11 @@ +/* + Manages the things that are needed for a traditional nix-channel based + configuration to work. + + See also + - ./nix.nix + - ./flakes.nix + */ { config, lib, ... }: let inherit (lib) diff --git a/nixos/modules/config/nix-remote-build.nix b/nixos/modules/config/nix-remote-build.nix index c5ffcc8cf0aa..6bc39f3c7527 100644 --- a/nixos/modules/config/nix-remote-build.nix +++ b/nixos/modules/config/nix-remote-build.nix @@ -1,3 +1,10 @@ +/* + Manages the remote build configuration, /etc/nix/machines + + See also + - ./nix.nix + - nixos/modules/services/system/nix-daemon.nix + */ { config, lib, ... }: let diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index 8285db20faa1..aa1a2c3c6a8e 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -1,5 +1,11 @@ /* - Manages /etc/nix.conf, build machines and any nix-specific global config files. + Manages /etc/nix.conf. + + See also + - ./nix-channel.nix + - ./flakes.nix + - ./nix-remote-build.nix + - nixos/modules/services/system/nix-daemon.nix */ { config, lib, pkgs, ... }: diff --git a/nixos/modules/services/system/nix-daemon.nix b/nixos/modules/services/system/nix-daemon.nix index 72e177dd1775..7e7ebd7adf84 100644 --- a/nixos/modules/services/system/nix-daemon.nix +++ b/nixos/modules/services/system/nix-daemon.nix @@ -1,3 +1,10 @@ +/* + Declares what makes the nix-daemon work on systemd. + + See also + - nixos/modules/config/nix.nix: the nix.conf + - nixos/modules/config/nix-remote-build.nix: the nix.conf +*/ { config, lib, pkgs, ... }: with lib; From 12cb2b0b4034f0df7cd575a0a547b9f3f56dae63 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 6 Jul 2023 23:27:17 +0200 Subject: [PATCH 21/33] nixos: flakes.nix -> nix-flakes.nix I guess this is what people expect to find. Thanks Sandro. --- nixos/modules/config/nix-channel.nix | 2 +- nixos/modules/config/{flakes.nix => nix-flakes.nix} | 0 nixos/modules/config/nix.nix | 2 +- nixos/modules/module-list.nix | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename nixos/modules/config/{flakes.nix => nix-flakes.nix} (100%) diff --git a/nixos/modules/config/nix-channel.nix b/nixos/modules/config/nix-channel.nix index ba8360ffc094..557f17d8b3b7 100644 --- a/nixos/modules/config/nix-channel.nix +++ b/nixos/modules/config/nix-channel.nix @@ -4,7 +4,7 @@ See also - ./nix.nix - - ./flakes.nix + - ./nix-flakes.nix */ { config, lib, ... }: let diff --git a/nixos/modules/config/flakes.nix b/nixos/modules/config/nix-flakes.nix similarity index 100% rename from nixos/modules/config/flakes.nix rename to nixos/modules/config/nix-flakes.nix diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index aa1a2c3c6a8e..cee4f54db0cb 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -3,7 +3,7 @@ See also - ./nix-channel.nix - - ./flakes.nix + - ./nix-flakes.nix - ./nix-remote-build.nix - nixos/modules/services/system/nix-daemon.nix */ diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ad92f22fafb1..0275d50e83ef 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -2,7 +2,6 @@ ./config/appstream.nix ./config/console.nix ./config/debug-info.nix - ./config/flakes.nix ./config/fonts/fontconfig.nix ./config/fonts/fontdir.nix ./config/fonts/fonts.nix @@ -19,6 +18,7 @@ ./config/networking.nix ./config/nix.nix ./config/nix-channel.nix + ./config/nix-flakes.nix ./config/nix-remote-build.nix ./config/no-x-libs.nix ./config/nsswitch.nix From 306fa4f55dd46f437b464298f104eb7b567ba05e Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 6 Jul 2023 23:37:04 +0200 Subject: [PATCH 22/33] mediawiki: 1.39.3 -> 1.40.0 https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/ Fixes: CVE-2023-29197, CVE-2023-36674, CVE-2023-36675 --- pkgs/servers/web-apps/mediawiki/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/web-apps/mediawiki/default.nix b/pkgs/servers/web-apps/mediawiki/default.nix index 5c39fc48ae6d..6a2a3116cf84 100644 --- a/pkgs/servers/web-apps/mediawiki/default.nix +++ b/pkgs/servers/web-apps/mediawiki/default.nix @@ -2,11 +2,11 @@ stdenvNoCC.mkDerivation rec { pname = "mediawiki"; - version = "1.39.3"; + version = "1.40.0"; src = fetchurl { url = "https://releases.wikimedia.org/mediawiki/${lib.versions.majorMinor version}/mediawiki-${version}.tar.gz"; - hash = "sha256-41dpNDh2r0JJbaQ64vRyJPuMd5uPRXBcQUfG/zUizB0="; + hash = "sha256-6cSHdxhpjwgtgJbYqdFs2a6yHuGYKj2LRgOvfP0VitQ="; }; postPatch = '' From fa5ed4aeb8e63d5d5239fd2d896063427f1e63a8 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 6 Jul 2023 23:13:05 +0000 Subject: [PATCH 23/33] awscli2: 2.12.6 -> 2.12.7 --- pkgs/tools/admin/awscli2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/admin/awscli2/default.nix b/pkgs/tools/admin/awscli2/default.nix index 27add903969f..ca0805371af4 100644 --- a/pkgs/tools/admin/awscli2/default.nix +++ b/pkgs/tools/admin/awscli2/default.nix @@ -18,14 +18,14 @@ let in with py.pkgs; buildPythonApplication rec { pname = "awscli2"; - version = "2.12.6"; # N.B: if you change this, check if overrides are still up-to-date + version = "2.12.7"; # N.B: if you change this, check if overrides are still up-to-date format = "pyproject"; src = fetchFromGitHub { owner = "aws"; repo = "aws-cli"; rev = version; - hash = "sha256-pvgIXQzL3v4a9Nw+qyXTdVwJxIk2qWw5nVsxu7gGwEg="; + hash = "sha256-XVJ+qiM+iQZjFJNgybb2AzvYJTKlWOLR+4Pm03QrpGo="; }; postPatch = '' From a6771f0a0cff95f3cb5930810a1ee03e5f6ce886 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 7 Jul 2023 00:58:00 +0000 Subject: [PATCH 24/33] kodiPackages.requests: 2.27.1+matrix.1 -> 2.31.0 --- pkgs/applications/video/kodi/addons/requests/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/kodi/addons/requests/default.nix b/pkgs/applications/video/kodi/addons/requests/default.nix index 7f505f5532ef..e21dac1ef3a0 100644 --- a/pkgs/applications/video/kodi/addons/requests/default.nix +++ b/pkgs/applications/video/kodi/addons/requests/default.nix @@ -2,11 +2,11 @@ buildKodiAddon rec { pname = "requests"; namespace = "script.module.requests"; - version = "2.27.1+matrix.1"; + version = "2.31.0"; src = fetchzip { url = "https://mirrors.kodi.tv/addons/nexus/${namespace}/${namespace}-${version}.zip"; - sha256 = "sha256-QxxVT6XaEYQtAFkZde8EaTXzGO7cjG2pApQZcA32xA0="; + sha256 = "sha256-05BSD5aoN2CTnjqaSKYMb93j5nIfLvpJHyeQsK++sTw="; }; propagatedBuildInputs = [ From 9e70c76a6211278d486b56aed511219758517b2d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 7 Jul 2023 03:00:55 +0000 Subject: [PATCH 25/33] python310Packages.hg-evolve: 11.0.1 -> 11.0.2 --- pkgs/development/python-modules/hg-evolve/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/hg-evolve/default.nix b/pkgs/development/python-modules/hg-evolve/default.nix index 5b65426e15f5..1e914096f7d5 100644 --- a/pkgs/development/python-modules/hg-evolve/default.nix +++ b/pkgs/development/python-modules/hg-evolve/default.nix @@ -6,11 +6,11 @@ buildPythonPackage rec { pname = "hg-evolve"; - version = "11.0.1"; + version = "11.0.2"; src = fetchPypi { inherit pname version; - hash = "sha256-gupC35pLQOJgSmXiBp+KxqWuMX3iKSX9xDUtEaB/wFQ="; + hash = "sha256-qDURFcDm7zvDEv1Z+aoXtFfbilul6q6KlkjBvhkeYkM="; }; nativeCheckInputs = [ From 1a3fc126f90e0a371f7ccd4a7cb7809bac68be88 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Fri, 7 Jul 2023 13:51:33 +0800 Subject: [PATCH 26/33] =?UTF-8?q?pantheon.gala:=207.1.0=20=E2=86=92=207.1.?= =?UTF-8?q?1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/elementary/gala/releases/tag/7.1.1 --- pkgs/desktops/pantheon/desktop/gala/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/pantheon/desktop/gala/default.nix b/pkgs/desktops/pantheon/desktop/gala/default.nix index d9bec11e0da4..745f8b6c0149 100644 --- a/pkgs/desktops/pantheon/desktop/gala/default.nix +++ b/pkgs/desktops/pantheon/desktop/gala/default.nix @@ -26,13 +26,13 @@ stdenv.mkDerivation rec { pname = "gala"; - version = "7.1.0"; + version = "7.1.1"; src = fetchFromGitHub { owner = "elementary"; repo = pname; rev = version; - sha256 = "sha256-x0EIah/iTluJk7P3k0g23cQldx++W58FbjnHNlF31AQ="; + sha256 = "sha256-s63znprGrMvitefAKlbL3r1s0kbo7NA9bhrNH8w0h2o="; }; patches = [ From 0fb36e7ed47cc68d96163ab76b988e9adac4d344 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Fri, 7 Jul 2023 13:54:13 +0800 Subject: [PATCH 27/33] =?UTF-8?q?gnome.mutter43:=2043.6=20=E2=86=92=2043.7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/mutter/-/compare/43.6...43.7 --- pkgs/desktops/gnome/core/mutter/43/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome/core/mutter/43/default.nix b/pkgs/desktops/gnome/core/mutter/43/default.nix index 9f029419b2d2..0f864c6f3497 100644 --- a/pkgs/desktops/gnome/core/mutter/43/default.nix +++ b/pkgs/desktops/gnome/core/mutter/43/default.nix @@ -51,13 +51,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "mutter"; - version = "43.6"; + version = "43.7"; outputs = [ "out" "dev" "man" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/mutter/${lib.versions.major finalAttrs.version}/mutter-${finalAttrs.version}.tar.xz"; - sha256 = "F1oiDSFv8Z8YLWeqc89eUaJVIL6bruaCAA4QRECkciU="; + sha256 = "NBrLmwNUyytflewz32aZtKAHaNydIi1rYAtW4kKGlmc="; }; patches = [ From 783851240e0953206b2c2e102650f3be2a13ce36 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 7 Jul 2023 07:15:40 +0000 Subject: [PATCH 28/33] python310Packages.pytools: 2022.1.14 -> 2023.1 --- pkgs/development/python-modules/pytools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pytools/default.nix b/pkgs/development/python-modules/pytools/default.nix index 77318092885f..7cf21f3cc667 100644 --- a/pkgs/development/python-modules/pytools/default.nix +++ b/pkgs/development/python-modules/pytools/default.nix @@ -11,12 +11,12 @@ buildPythonPackage rec { pname = "pytools"; - version = "2022.1.14"; + version = "2023.1"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - hash = "sha256-QQFzcWELsqA2hVl8UoUgXmWXx/F3OD2VyLhxJEsSwU4="; + hash = "sha256-8Q5CUiCu+h/5JTQrZY/wLcM1l8IfuI16Y/lEG/LnpQ4="; }; propagatedBuildInputs = [ From 1a50f524094a4001c64537f4bbccb393ea9edf61 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 7 Jul 2023 09:47:55 +0200 Subject: [PATCH 29/33] logesq: pass a function to mkDerivation for easier overrides --- pkgs/applications/misc/logseq/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/logseq/default.nix b/pkgs/applications/misc/logseq/default.nix index 6d827cc3e5fa..407745492bec 100644 --- a/pkgs/applications/misc/logseq/default.nix +++ b/pkgs/applications/misc/logseq/default.nix @@ -8,7 +8,10 @@ , nix-update-script }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: let + inherit (finalAttrs) pname version src appimageContents; + +in { pname = "logseq"; version = "0.9.10"; @@ -69,4 +72,4 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ ]; platforms = [ "x86_64-linux" ]; }; -} +}) From ad2ad1b5506094ede1ba30a8491575be2291b166 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 7 Jul 2023 08:20:12 +0000 Subject: [PATCH 30/33] python310Packages.mypy-boto3-s3: 1.26.163 -> 1.28.0 --- pkgs/development/python-modules/mypy-boto3-s3/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/mypy-boto3-s3/default.nix b/pkgs/development/python-modules/mypy-boto3-s3/default.nix index ba784ef9d4cc..628d0b322090 100644 --- a/pkgs/development/python-modules/mypy-boto3-s3/default.nix +++ b/pkgs/development/python-modules/mypy-boto3-s3/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "mypy-boto3-s3"; - version = "1.26.163"; + version = "1.28.0"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-R9NjnNCXqhQtyspDtDH6en7vtW4Vluv/Yl9XHxa9diM="; + hash = "sha256-J4Z8oyWoRXAKAI8/yplQBrMvLg0Yr+Z2NStJRT9HfWk="; }; propagatedBuildInputs = [ From 05386496dfbec1f020ecf3302f3753dad6ece873 Mon Sep 17 00:00:00 2001 From: Pol Dellaiera Date: Fri, 7 Jul 2023 09:16:14 +0200 Subject: [PATCH 31/33] phpExtensions.inotify: disable on darwin The `inotify` extension is only available on Linux. --- pkgs/top-level/php-packages.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix index 2be6447f83be..78833e89b138 100644 --- a/pkgs/top-level/php-packages.nix +++ b/pkgs/top-level/php-packages.nix @@ -203,7 +203,20 @@ lib.makeScope pkgs.newScope (self: with self; { # This is a set of PHP extensions meant to be used in php.buildEnv # or php.withExtensions to extend the functionality of the PHP # interpreter. - extensions = { + # The extensions attributes is composed of three sections: + # 1. The contrib conditional extensions, which are only available on specific versions or system + # 2. The contrib extensions available + # 3. The core extensions + extensions = + # Contrib conditional extensions + lib.optionalAttrs (!(lib.versionAtLeast php.version "8.3")) { + blackfire = callPackage ../development/tools/misc/blackfire/php-probe.nix { inherit php; }; + } // lib.optionalAttrs (!stdenv.isDarwin) { + # Only available on Linux: https://www.php.net/manual/en/inotify.requirements.php + inotify = callPackage ../development/php-packages/inotify { }; + } // + # Contrib extensions + { amqp = callPackage ../development/php-packages/amqp { }; apcu = callPackage ../development/php-packages/apcu { }; @@ -226,8 +239,6 @@ lib.makeScope pkgs.newScope (self: with self; { imagick = callPackage ../development/php-packages/imagick { }; - inotify = callPackage ../development/php-packages/inotify { }; - mailparse = callPackage ../development/php-packages/mailparse { }; maxminddb = callPackage ../development/php-packages/maxminddb { }; @@ -292,6 +303,7 @@ lib.makeScope pkgs.newScope (self: with self; { yaml = callPackage ../development/php-packages/yaml { }; } // ( + # Core extensions let # This list contains build instructions for different modules that one may # want to build. @@ -637,7 +649,5 @@ lib.makeScope pkgs.newScope (self: with self; { # Produce the final attribute set of all extensions defined. in builtins.listToAttrs namedExtensions - ) // lib.optionalAttrs (!(lib.versionAtLeast php.version "8.3")) { - blackfire = callPackage ../development/tools/misc/blackfire/php-probe.nix { inherit php; }; - }; + ); }) From 88d7aa56e14ea80d6005f3d1646bf6dad13f8673 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 7 Jul 2023 10:57:51 +0200 Subject: [PATCH 32/33] nixos/nix*: remove not necessary imports We do not really declare module dependencies anywhere else and it would a nousance to move any file if many other referenced it without being necessary. Also most higher level modules depend on most of the lower level ones. So removing this because it can only potentially cause weird issues. --- nixos/modules/config/nix-remote-build.nix | 4 ---- nixos/modules/services/system/nix-daemon.nix | 2 -- 2 files changed, 6 deletions(-) diff --git a/nixos/modules/config/nix-remote-build.nix b/nixos/modules/config/nix-remote-build.nix index 6bc39f3c7527..98c8fc06d2ee 100644 --- a/nixos/modules/config/nix-remote-build.nix +++ b/nixos/modules/config/nix-remote-build.nix @@ -50,10 +50,6 @@ let in { - imports = [ - ./nix.nix - ]; - options = { nix = { buildMachines = mkOption { diff --git a/nixos/modules/services/system/nix-daemon.nix b/nixos/modules/services/system/nix-daemon.nix index 7e7ebd7adf84..ad86a567b7af 100644 --- a/nixos/modules/services/system/nix-daemon.nix +++ b/nixos/modules/services/system/nix-daemon.nix @@ -40,8 +40,6 @@ in { imports = [ - ../../config/nix.nix - (mkRenamedOptionModuleWith { sinceRelease = 2205; from = [ "nix" "daemonIONiceLevel" ]; to = [ "nix" "daemonIOSchedPriority" ]; }) (mkRenamedOptionModuleWith { sinceRelease = 2211; from = [ "nix" "readOnlyStore" ]; to = [ "boot" "readOnlyNixStore" ]; }) (mkRemovedOptionModule [ "nix" "daemonNiceLevel" ] "Consider nix.daemonCPUSchedPolicy instead.") From e389943a24e924f2be34de19a3fcea73bb1674ef Mon Sep 17 00:00:00 2001 From: Ali Caglayan Date: Thu, 6 Jul 2023 16:24:53 +0200 Subject: [PATCH 33/33] dune_3: 3.9.0 -> 3.9.1 Signed-off-by: Ali Caglayan --- pkgs/development/tools/ocaml/dune/3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/ocaml/dune/3.nix b/pkgs/development/tools/ocaml/dune/3.nix index 1fe1383203f0..24fd8f39312f 100644 --- a/pkgs/development/tools/ocaml/dune/3.nix +++ b/pkgs/development/tools/ocaml/dune/3.nix @@ -6,11 +6,11 @@ else stdenv.mkDerivation rec { pname = "dune"; - version = "3.9.0"; + version = "3.9.1"; src = fetchurl { url = "https://github.com/ocaml/dune/releases/download/${version}/dune-${version}.tbz"; - hash = "sha256-xIJaneRUrt9FDC2yWsNTAz4x0yap0bS3os1yYGOb1UQ="; + hash = "sha256-8MPOSfNsczuK7nJhHxB88G3mvEI75yYqqxuz8DwFqHg="; }; nativeBuildInputs = [ ocaml findlib ];