kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

Merge branch 'master' into parnell/fetchdocker

Browse Source
wip/yesman
Parnell Springmeyer 6 years ago committed by GitHub
parent c2a5f684d2 7fad46051e
commit 6f95cb1459
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
711 changed files with 28459 additions and 13731 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      doc/languages-frameworks/haskell.md
  2. 100
      doc/languages-frameworks/rust.md
  3. 26
      doc/package-notes.xml
  4. 14
      doc/stdenv.xml
  5. 14
      lib/customisation.nix
  6. 4
      lib/debug.nix
  7. 9
      lib/default.nix
  8. 8
      lib/deprecated.nix
  9. 4
      lib/generators.nix
  10. 16
      lib/licenses.nix
  11. 32
      lib/lists.nix
  12. 11
      lib/maintainers.nix
  13. 2
      lib/modules.nix
  14. 9
      lib/options.nix
  15. 4
      lib/systems/doubles.nix
  16. 152
      lib/systems/parse.nix
  17. 5
      lib/systems/platforms.nix
  18. 63
      lib/trivial.nix
  19. 4
      lib/types.nix
  20. 4
      nixos/default.nix
  21. 58
      nixos/doc/manual/default.nix
  22. 18
      nixos/doc/manual/installation/changing-config.xml
  23. 9
      nixos/doc/manual/options-to-docbook.xsl
  24. 36
      nixos/doc/manual/release-notes/rl-1803.xml
  25. 2
      nixos/lib/testing.nix
  26. 7
      nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
  27. 4
      nixos/modules/misc/ids.nix
  28. 60
      nixos/modules/misc/nixpkgs.nix
  29. 8
      nixos/modules/module-list.nix
  30. 2
      nixos/modules/profiles/clone-config.nix
  31. 1
      nixos/modules/programs/adb.nix
  32. 10
      nixos/modules/programs/shadow.nix
  33. 7
      nixos/modules/programs/tmux.nix
  34. 149
      nixos/modules/programs/yabar.nix
  35. 4
      nixos/modules/rename.nix
  36. 14
      nixos/modules/security/acme.nix
  37. 21
      nixos/modules/security/pam.nix
  38. 31
      nixos/modules/services/computing/slurm/slurm.nix
  39. 4
      nixos/modules/services/databases/mysql.nix
  40. 32
      nixos/modules/services/hardware/acpid.nix
  41. 2
      nixos/modules/services/hardware/nvidia-optimus.nix
  42. 4
      nixos/modules/services/mail/dovecot.nix
  43. 261
      nixos/modules/services/mail/rspamd.nix
  44. 135
      nixos/modules/services/misc/home-assistant.nix
  45. 63
      nixos/modules/services/misc/matrix-synapse.nix
  46. 58
      nixos/modules/services/misc/nix-daemon.nix
  47. 11
      nixos/modules/services/misc/zookeeper.nix
  48. 99
      nixos/modules/services/network-filesystems/openafs-client/default.nix
  49. 239
      nixos/modules/services/network-filesystems/openafs/client.nix
  50. 28
      nixos/modules/services/network-filesystems/openafs/lib.nix
  51. 260
      nixos/modules/services/network-filesystems/openafs/server.nix
  52. 10
      nixos/modules/services/networking/aria2.nix
  53. 6
      nixos/modules/services/networking/kresd.nix
  54. 238
      nixos/modules/services/networking/monero.nix
  55. 2
      nixos/modules/services/networking/mosquitto.nix
  56. 63
      nixos/modules/services/networking/rxe.nix
  57. 3
      nixos/modules/services/networking/ssh/sshd.nix
  58. 64
      nixos/modules/services/security/physlock.nix
  59. 30
      nixos/modules/services/security/tor.nix
  60. 12
      nixos/modules/services/web-servers/traefik.nix
  61. 12
      nixos/modules/services/x11/desktop-managers/plasma5.nix
  62. 4
      nixos/modules/services/x11/window-managers/2bwm.nix
  63. 3
      nixos/modules/system/boot/kernel.nix
  64. 27
      nixos/modules/tasks/filesystems/zfs.nix
  65. 4
      nixos/modules/tasks/network-interfaces-scripted.nix
  66. 24
      nixos/modules/tasks/network-interfaces-systemd.nix
  67. 10
      nixos/modules/tasks/network-interfaces.nix
  68. 25
      nixos/modules/virtualisation/xen-dom0.nix
  69. 5
      nixos/release-combined.nix
  70. 3
      nixos/release-small.nix
  71. 8
      nixos/release.nix
  72. 46
      nixos/tests/home-assistant.nix
  73. 2
      nixos/tests/make-test.nix
  74. 30
      nixos/tests/matrix-synapse.nix
  75. 43
      nixos/tests/networking.nix
  76. 27
      nixos/tests/predictable-interface-names.nix
  77. 140
      nixos/tests/rspamd.nix
  78. 53
      nixos/tests/rxe.nix
  79. 25
      nixos/tests/yabar.nix
  80. 4
      pkgs/applications/altcoins/default.nix
  81. 27
      pkgs/applications/altcoins/dero.nix
  82. 35
      pkgs/applications/altcoins/sumokoin.nix
  83. 37
      pkgs/applications/audio/infamousPlugins/default.nix
  84. 4
      pkgs/applications/audio/mopidy-iris/default.nix
  85. 2
      pkgs/applications/audio/ncmpc/default.nix
  86. 6
      pkgs/applications/audio/normalize/default.nix
  87. 4
      pkgs/applications/audio/qmmp/default.nix
  88. 4
      pkgs/applications/audio/spotify/default.nix
  89. 6
      pkgs/applications/editors/android-studio/default.nix
  90. 12
      pkgs/applications/editors/emacs-modes/elpa-generated.nix
  91. 1656
      pkgs/applications/editors/emacs-modes/melpa-generated.nix
  92. 376
      pkgs/applications/editors/emacs-modes/melpa-stable-generated.nix
  93. 12
      pkgs/applications/editors/emacs-modes/org-generated.nix
  94. 6
      pkgs/applications/editors/emacs-modes/proofgeneral/HEAD.nix
  95. 41
      pkgs/applications/editors/emacs/site-start.el
  96. 20
      pkgs/applications/editors/jetbrains/default.nix
  97. 3
      pkgs/applications/editors/neovim/wrapper.nix
  98. 55
      pkgs/applications/editors/rstudio/default.nix
  99. 5
      pkgs/applications/editors/tiled/default.nix
  100. 6
      pkgs/applications/editors/typora/default.nix
  101. Some files were not shown because too many files have changed in this diff Show More

8
doc/languages-frameworks/haskell.md
Unescape View File

@ -334,14 +334,10 @@ navigate there.
Finally, you can run
```shell
hoogle server -p 8080
hoogle server -p 8080 --local
```
and navigate to http://localhost:8080/ for your own local
[Hoogle](https://www.haskell.org/hoogle/). Note, however, that Firefox and
possibly other browsers disallow navigation from `http:` to `file:` URIs for
security reasons, which might be quite an inconvenience. See [this
page](http://kb.mozillazine.org/Links_to_local_pages_do_not_work) for
workarounds.
[Hoogle](https://www.haskell.org/hoogle/).
### How to build a Haskell project using Stack

100
doc/languages-frameworks/rust.md
Unescape View File

@ -79,19 +79,24 @@ an example for a minimal `hello` crate:
Now, the file produced by the call to `carnix`, called `hello.nix`, looks like:
```
with import <nixpkgs> {};
# Generated by carnix 0.6.5: carnix -o hello.nix --src ./. Cargo.lock --standalone
{ lib, buildPlatform, buildRustCrate, fetchgit }:
let kernel = buildPlatform.parsed.kernel.name;
# ... (content skipped)
hello_0_1_0_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "hello";
version = "0.1.0";
authors = [ "Authorname <user@example.com>" ];
src = ./.;
inherit dependencies buildDependencies features;
};
in
rec {
hello_0_1_0 = hello_0_1_0_ rec {};
hello = f: hello_0_1_0 { features = hello_0_1_0_features { hello_0_1_0 = f; }; };
hello_0_1_0_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "hello";
version = "0.1.0";
authors = [ "pe@pijul.org <pe@pijul.org>" ];
src = ./.;
inherit dependencies buildDependencies features;
};
hello_0_1_0 = { features?(hello_0_1_0_features {}) }: hello_0_1_0_ {};
hello_0_1_0_features = f: updateFeatures f (rec {
hello_0_1_0.default = (f.hello_0_1_0.default or true);
}) [ ];
}
```
@ -103,33 +108,44 @@ dependencies, for instance by adding a single line `libc="*"` to our
following nix file:
```
with import <nixpkgs> {};
# Generated by carnix 0.6.5: carnix -o hello.nix --src ./. Cargo.lock --standalone
{ lib, buildPlatform, buildRustCrate, fetchgit }:
let kernel = buildPlatform.parsed.kernel.name;
# ... (content skipped)
hello_0_1_0_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "hello";
version = "0.1.0";
authors = [ "Jörg Thalheim <joerg@thalheim.io>" ];
src = ./.;
inherit dependencies buildDependencies features;
};
libc_0_2_34_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "libc";
version = "0.2.34";
authors = [ "The Rust Project Developers" ];
sha256 = "11jmqdxmv0ka10ay0l8nzx0nl7s2lc3dbrnh1mgbr2grzwdyxi2s";
inherit dependencies buildDependencies features;
};
in
rec {
hello_0_1_0 = hello_0_1_0_ rec {
dependencies = [ libc_0_2_34 ];
hello = f: hello_0_1_0 { features = hello_0_1_0_features { hello_0_1_0 = f; }; };
hello_0_1_0_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "hello";
version = "0.1.0";
authors = [ "pe@pijul.org <pe@pijul.org>" ];
src = ./.;
inherit dependencies buildDependencies features;
};
libc_0_2_36_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "libc";
version = "0.2.36";
authors = [ "The Rust Project Developers" ];
sha256 = "01633h4yfqm0s302fm0dlba469bx8y6cs4nqc8bqrmjqxfxn515l";
inherit dependencies buildDependencies features;
};
libc_0_2_34_features."default".from_hello_0_1_0__default = true;
libc_0_2_34 = libc_0_2_34_ rec {
features = mkFeatures libc_0_2_34_features;
hello_0_1_0 = { features?(hello_0_1_0_features {}) }: hello_0_1_0_ {
dependencies = mapFeatures features ([ libc_0_2_36 ]);
};
libc_0_2_34_features."use_std".self_default = hasDefault libc_0_2_34_features;
hello_0_1_0_features = f: updateFeatures f (rec {
hello_0_1_0.default = (f.hello_0_1_0.default or true);
libc_0_2_36.default = true;
}) [ libc_0_2_36_features ];
libc_0_2_36 = { features?(libc_0_2_36_features {}) }: libc_0_2_36_ {
features = mkFeatures (features.libc_0_2_36 or {});
};
libc_0_2_36_features = f: updateFeatures f (rec {
libc_0_2_36.default = (f.libc_0_2_36.default or true);
libc_0_2_36.use_std =
(f.libc_0_2_36.use_std or false) ||
(f.libc_0_2_36.default or false) ||
(libc_0_2_36.default or false);
}) [];
}
```
@ -146,7 +162,7 @@ or build inputs by overriding the hello crate in a seperate file.
```
with import <nixpkgs> {};
(import ./hello.nix).hello_0_1_0.override {
((import ./hello.nix).hello {}).override {
crateOverrides = defaultCrateOverrides // {
hello = attrs: { buildInputs = [ openssl ]; };
};
@ -166,7 +182,7 @@ patches the derivation:
```
with import <nixpkgs> {};
(import ./hello.nix).hello_0_1_0.override {
((import ./hello.nix).hello {}).override {
crateOverrides = defaultCrateOverrides // {
hello = attrs: lib.optionalAttrs (lib.versionAtLeast attrs.version "1.0") {
postPatch = ''
@ -187,7 +203,7 @@ crate, we could do:
```
with import <nixpkgs> {};
(import hello.nix).hello_0_1_0.override {
((import hello.nix).hello {}).override {
crateOverrides = defaultCrateOverrides // {
libc = attrs: { buildInputs = []; };
};
@ -199,23 +215,35 @@ Three more parameters can be overridden:
- The version of rustc used to compile the crate:
```
hello_0_1_0.override { rust = pkgs.rust; };
(hello {}).override { rust = pkgs.rust; };
```
- Whether to build in release mode or debug mode (release mode by
default):
```
hello_0_1_0.override { release = false; };
(hello {}).override { release = false; };
```
- Whether to print the commands sent to rustc when building
(equivalent to `--verbose` in cargo:
```
hello_0_1_0.override { verbose = false; };
(hello {}).override { verbose = false; };
```
One can also supply features switches. For example, if we want to
compile `diesel_cli` only with the `postgres` feature, and no default
features, we would write:
```
(callPackage ./diesel.nix {}).diesel {
default = false;
postgres = true;
}
```
## Using the Rust nightlies overlay

26
doc/package-notes.xml
Unescape View File

@ -660,6 +660,32 @@ cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
passing <command>-q</command> to the Emacs command.
</para>
<para>
Sometimes <varname>emacsWithPackages</varname> is not enough, as
this package set has some priorities imposed on packages (with
the lowest priority assigned to Melpa Unstable, and the highest for
packages manually defined in
<filename>pkgs/top-level/emacs-packages.nix</filename>). But you
can't control this priorities when some package is installed as a
dependency. You can override it on per-package-basis, providing all
the required dependencies manually - but it's tedious and there is
always a possibility that an unwanted dependency will sneak in
through some other package. To completely override such a package
you can use <varname>overrideScope</varname>.
</para>
<screen>
overrides = super: self: rec {
haskell-mode = self.melpaPackages.haskell-mode;
...
};
((emacsPackagesNgGen emacs).overrideScope overrides).emacsWithPackages (p: with p; [
# here both these package will use haskell-mode of our own choice
ghc-mod
dante
])
</screen>
</section>
</section>

14
doc/stdenv.xml
Unescape View File

@ -1802,6 +1802,20 @@ addEnvHooks "$hostOffset" myBashFunction
disabled or patched to work with PaX.</para></listitem>
</varlistentry>
<varlistentry>
<term>autoPatchelfHook</term>
<listitem><para>This is a special setup hook which helps in packaging
proprietary software in that it automatically tries to find missing shared
library dependencies of ELF files. All packages within the
<envar>runtimeDependencies</envar> environment variable are unconditionally
added to executables, which is useful for programs that use
<citerefentry>
<refentrytitle>dlopen</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry>
to load libraries at runtime.</para></listitem>
</varlistentry>
</variablelist>
</para>

14
lib/customisation.nix
Unescape View File

@ -1,7 +1,7 @@
{ lib }:
let
inherit (builtins) attrNames isFunction;
inherit (builtins) attrNames;
in
@ -72,7 +72,7 @@ rec {
makeOverridable = f: origArgs:
let
ff = f origArgs;
overrideWith = newArgs: origArgs // (if builtins.isFunction newArgs then newArgs origArgs else newArgs);
overrideWith = newArgs: origArgs // (if lib.isFunction newArgs then newArgs origArgs else newArgs);
in
if builtins.isAttrs ff then (ff // {
override = newArgs: makeOverridable f (overrideWith newArgs);
@ -81,7 +81,7 @@ rec {
${if ff ? overrideAttrs then "overrideAttrs" else null} = fdrv:
makeOverridable (args: (f args).overrideAttrs fdrv) origArgs;
})
else if builtins.isFunction ff then {
else if lib.isFunction ff then {
override = newArgs: makeOverridable f (overrideWith newArgs);
__functor = self: ff;
overrideDerivation = throw "overrideDerivation not yet supported for functors";
@ -112,8 +112,8 @@ rec {
*/
callPackageWith = autoArgs: fn: args:
let
f = if builtins.isFunction fn then fn else import fn;
auto = builtins.intersectAttrs (builtins.functionArgs f) autoArgs;
f = if lib.isFunction fn then fn else import fn;
auto = builtins.intersectAttrs (lib.functionArgs f) autoArgs;
in makeOverridable f (auto // args);
@ -122,8 +122,8 @@ rec {
individual attributes. */
callPackagesWith = autoArgs: fn: args:
let
f = if builtins.isFunction fn then fn else import fn;
auto = builtins.intersectAttrs (builtins.functionArgs f) autoArgs;
f = if lib.isFunction fn then fn else import fn;
auto = builtins.intersectAttrs (lib.functionArgs f) autoArgs;
origArgs = auto // args;
pkgs = f origArgs;
mkAttrOverridable = name: pkg: makeOverridable (newArgs: (f newArgs).${name}) origArgs;

4
lib/debug.nix
Unescape View File

@ -2,10 +2,10 @@
let
inherit (builtins) trace attrNamesToStr isAttrs isFunction isList isInt
inherit (builtins) trace attrNamesToStr isAttrs isList isInt
isString isBool head substring attrNames;
inherit (lib) all id mapAttrsFlatten elem;
inherit (lib) all id mapAttrsFlatten elem isFunction;
in

9
lib/default.nix
Unescape View File

@ -51,12 +51,13 @@ let
inherit (builtins) add addErrorContext attrNames
concatLists deepSeq elem elemAt filter genericClosure genList
getAttr hasAttr head isAttrs isBool isFunction isInt isList
getAttr hasAttr head isAttrs isBool isInt isList
isString length lessThan listToAttrs pathExists readFile
replaceStrings seq stringLength sub substring tail;
inherit (trivial) id const concat or and boolToString mergeAttrs
flip mapNullable inNixShell min max importJSON warn info
nixpkgsVersion mod;
nixpkgsVersion mod compare splitByAndCompare
functionArgs setFunctionArgs isFunction;
inherit (fixedPoints) fix fix' extends composeExtensions
makeExtensible makeExtensibleWithCustomName;
@ -71,8 +72,8 @@ let
inherit (lists) singleton foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count
optional optionals toList range partition zipListsWith zipLists
reverseList listDfs toposort sort take drop sublist last init
crossLists unique intersectLists subtractLists
reverseList listDfs toposort sort compareLists take drop sublist
last init crossLists unique intersectLists subtractLists
mutuallyExclusive;
inherit (strings) concatStrings concatMapStrings concatImapStrings
intersperse concatStringsSep concatMapStringsSep

8
lib/deprecated.nix
Unescape View File

@ -1,6 +1,6 @@
{ lib }:
let
inherit (builtins) isFunction head tail isList isAttrs isInt attrNames;
inherit (builtins) head tail isList isAttrs isInt attrNames;
in
@ -53,7 +53,7 @@ rec {
f: # the function applied to the arguments
initial: # you pass attrs, the functions below are passing a function taking the fix argument
let
takeFixed = if isFunction initial then initial else (fixed : initial); # transform initial to an expression always taking the fixed argument
takeFixed = if lib.isFunction initial then initial else (fixed : initial); # transform initial to an expression always taking the fixed argument
tidy = args:
let # apply all functions given in "applyPreTidy" in sequence
applyPreTidyFun = fold ( n: a: x: n ( a x ) ) lib.id (maybeAttr "applyPreTidy" [] args);
@ -63,7 +63,7 @@ rec {
let args = takeFixed fixed;
mergeFun = args.${n};
in if isAttrs x then (mergeFun args x)
else assert isFunction x;
else assert lib.isFunction x;
mergeFun args (x ( args // { inherit fixed; }));
in overridableDelayableArgs f newArgs;
in
@ -374,7 +374,7 @@ rec {
if isAttrs x then
if x ? outPath then "derivation"
else "attrs"
else if isFunction x then "function"
else if lib.isFunction x then "function"
else if isList x then "list"
else if x == true then "bool"
else if x == false then "bool"

4
lib/generators.nix
Unescape View File

@ -14,6 +14,8 @@ let
libAttr = lib.attrsets;
flipMapAttrs = flip libAttr.mapAttrs;
inherit (lib) isFunction;
in
rec {
@ -110,7 +112,7 @@ rec {
else if isString v then "\"" + v + "\""
else if null == v then "null"
else if isFunction v then
let fna = functionArgs v;
let fna = lib.functionArgs v;
showFnas = concatStringsSep "," (libAttr.mapAttrsToList
(name: hasDefVal: if hasDefVal then "(${name})" else name)
fna);

16
lib/licenses.nix
Unescape View File

@ -79,6 +79,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = ''Beerware License'';
};
bsd0 = spdx {
spdxId = "0BSD";
fullName = "BSD Zero Clause License";
};
bsd2 = spdx {
spdxId = "BSD-2-Clause";
fullName = ''BSD 2-clause "Simplified" License'';
@ -200,6 +205,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Eclipse Public License 1.0";
};
epl20 = spdx {
spdxId = "EPL-2.0";
fullName = "Eclipse Public License 2.0";
};
epson = {
fullName = "Seiko Epson Corporation Software License Agreement for Linux";
url = https://download.ebz.epson.net/dsc/du/02/eula/global/LINUX_EN.html;
@ -477,6 +487,12 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "PostgreSQL License";
};
postman = {
fullName = "Postman EULA";
url = https://www.getpostman.com/licenses/postman_base_app;
free = false;
};
psfl = spdx {
spdxId = "Python-2.0";
fullName = "Python Software Foundation License version 2";

32
lib/lists.nix
Unescape View File

@ -385,6 +385,30 @@ rec {
if len < 2 then list
else (sort strictLess pivot.left) ++ [ first ] ++ (sort strictLess pivot.right));
/* Compare two lists element-by-element.
Example:
compareLists compare [] []
=> 0
compareLists compare [] [ "a" ]
=> -1
compareLists compare [ "a" ] []
=> 1
compareLists compare [ "a" "b" ] [ "a" "c" ]
=> 1
*/
compareLists = cmp: a: b:
if a == []
then if b == []
then 0
else -1
else if b == []
then 1
else let rel = cmp (head a) (head b); in
if rel == 0
then compareLists cmp (tail a) (tail b)
else rel;
/* Return the first (at most) N elements of a list.
Example:
@ -440,8 +464,12 @@ rec {
init = list: assert list != []; take (length list - 1) list;
/* FIXME(zimbatm) Not used anywhere
*/
/* return the image of the cross product of some lists by a function
Example:
crossLists (x:y: "${toString x}${toString y}") [[1 2] [3 4]]
=> [ "13" "14" "23" "24" ]
*/
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];

11
lib/maintainers.nix
Unescape View File

@ -225,12 +225,14 @@
ertes = "Ertugrul Söylemez <esz@posteo.de>";
ethercrow = "Dmitry Ivanov <ethercrow@gmail.com>";
etu = "Elis Hirwing <elis@hirwing.se>";
exfalso = "Andras Slemmer <0slemi0@gmail.com>";
exi = "Reno Reckling <nixos@reckling.org>";
exlevan = "Alexey Levan <exlevan@gmail.com>";
expipiplus1 = "Joe Hermaszewski <nix@monoid.al>";
fadenb = "Tristan Helmich <tristan.helmich+nixos@gmail.com>";
falsifian = "James Cook <james.cook@utoronto.ca>";
fare = "Francois-Rene Rideau <fahree@gmail.com>";
f-breidenstein = "Felix Breidenstein <mail@felixbreidenstein.de>";
fgaz = "Francesco Gazzetta <francygazz@gmail.com>";
FireyFly = "Jonas Höglund <nix@firefly.nu>";
flokli = "Florian Klink <flokli@flokli.de>";
@ -257,6 +259,7 @@
gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
gebner = "Gabriel Ebner <gebner@gebner.org>";
geistesk = "Alvar Penning <post@0x21.biz>";
genesis = "Ronan Bignaux <ronan@aimao.org>";
georgewhewell = "George Whewell <georgerw@gmail.com>";
gilligan = "Tobias Pflug <tobias.pflug@gmail.com>";
giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
@ -446,6 +449,7 @@
mirrexagon = "Andrew Abbott <mirrexagon@mirrexagon.com>";
mjanczyk = "Marcin Janczyk <m@dragonvr.pl>";
mjp = "Mike Playle <mike@mythik.co.uk>"; # github = "MikePlayle";
mkg = "Mark K Gardner <mkg@vt.edu>";
mlieberman85 = "Michael Lieberman <mlieberman85@gmail.com>";
mmahut = "Marek Mahut <marek.mahut@gmail.com>";
moaxcp = "John Mercier <moaxcp@gmail.com>";
@ -460,6 +464,7 @@
mounium = "Katona László <muoniurn@gmail.com>";
MP2E = "Cray Elliott <MP2E@archlinux.us>";
mpcsh = "Mark Cohen <m@mpc.sh>";
mpickering = "Matthew Pickering <matthewtpickering@gmail.com>";
mpscholten = "Marc Scholten <marc@mpscholten.de>";
mpsyco = "Francis St-Amour <fr.st-amour@gmail.com>";
mrVanDalo = "Ingolf Wanger <contact@ingolf-wagner.de>";
@ -542,6 +547,7 @@
pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
pmeunier = "Pierre-Étienne Meunier <pierre-etienne.meunier@inria.fr>";
pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
pneumaticat = "Kevin Liu <kevin@potatofrom.space>";
polyrod = "Maurizio Di Pietro <dc1mdp@gmail.com>";
pradeepchhetri = "Pradeep Chhetri <pradeep.chhetri89@gmail.com>";
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
@ -562,6 +568,7 @@
rasendubi = "Alexey Shmalko <rasen.dubi@gmail.com>";
raskin = "Michael Raskin <7c6f434c@mail.ru>";
ravloony = "Tom Macdonald <ravloony@gmail.com>";
razvan = "Răzvan Flavius Panda <razvan.panda@gmail.com>";
rbasso = "Rafael Basso <rbasso@sharpgeeks.net>";
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
redvers = "Redvers Davies <red@infect.me>";
@ -693,6 +700,7 @@
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
tomsmeets = "Tom Smeets <tom@tsmeets.nl>";
travisbhartwell = "Travis B. Hartwell <nafai@travishartwell.net>";
treemo = "Matthieu Chevrier <matthieu.chevrier@treemo.fr>";
trevorj = "Trevor Joynson <nix@trevor.joynson.io>";
trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";
tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>";
@ -707,11 +715,13 @@
utdemir = "Utku Demir <me@utdemir.com>";
#urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>"; inactive since 2012
uwap = "uwap <me@uwap.name>";
va1entin = "Valentin Heidelberger <github@valentinsblog.com>";
vaibhavsagar = "Vaibhav Sagar <vaibhavsagar@gmail.com>";
valeriangalliat = "Valérian Galliat <val@codejam.info>";
vandenoever = "Jos van den Oever <jos@vandenoever.info>";
vanschelven = "Klaas van Schelven <klaas@vanschelven.com>";
vanzef = "Ivan Solyankin <vanzef@gmail.com>";
varunpatro = "Varun Patro <varun.kumar.patro@gmail.com>";
vbgl = "Vincent Laporte <Vincent.Laporte@gmail.com>";
vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
vcunat = "Vladimír Čunát <vcunat@gmail.com>";
@ -753,6 +763,7 @@
y0no = "Yoann Ono <y0no@y0no.fr>";
yarr = "Dmitry V. <savraz@gmail.com>";
yegortimoshenko = "Yegor Timoshenko <yegortimoshenko@gmail.com>";
yesbox = "Jesper Geertsen Jonsson <jesper.geertsen.jonsson@gmail.com>";
ylwghst = "Burim Augustin Berisa <ylwghst@onionmail.info>";
yochai = "Yochai <yochai@titat.info>";
yorickvp = "Yorick van Pelt <yorickvanpelt@gmail.com>";

2
lib/modules.nix
Unescape View File

@ -155,7 +155,7 @@ rec {
# a module will resolve strictly the attributes used as argument but
# not their values. The values are forwarding the result of the
# evaluation of the option.
requiredArgs = builtins.attrNames (builtins.functionArgs f);
requiredArgs = builtins.attrNames (lib.functionArgs f);
context = name: ''while evaluating the module argument `${name}' in "${key}":'';
extraArgs = builtins.listToAttrs (map (name: {
inherit name;

9
lib/options.nix
Unescape View File

@ -14,6 +14,7 @@ rec {
, defaultText ? null # Textual representation of the default, for in the manual.
, example ? null # Example value used in the manual.
, description ? null # String describing the option.
, relatedPackages ? null # Related packages used in the manual (see `genRelatedPackages` in ../nixos/doc/manual/default.nix).
, type ? null # Option type, providing type-checking and value merging.
, apply ? null # Function that converts the option value to something else.
, internal ? null # Whether the option is for NixOS developers only.
@ -76,7 +77,6 @@ rec {
getValues = map (x: x.value);
getFiles = map (x: x.file);
# Generate documentation template from the list of option declaration like
# the set generated with filterOptionSets.
optionAttrSetToDocList = optionAttrSetToDocList' [];
@ -93,9 +93,10 @@ rec {
readOnly = opt.readOnly or false;
type = opt.type.description or null;
}
// (if opt ? example then { example = scrubOptionValue opt.example; } else {})
// (if opt ? default then { default = scrubOptionValue opt.default; } else {})
// (if opt ? defaultText then { default = opt.defaultText; } else {});
// optionalAttrs (opt ? example) { example = scrubOptionValue opt.example; }
// optionalAttrs (opt ? default) { default = scrubOptionValue opt.default; }
// optionalAttrs (opt ? defaultText) { default = opt.defaultText; }
// optionalAttrs (opt ? relatedPackages && opt.relatedPackages != null) { inherit (opt) relatedPackages; };
subOptions =
let ss = opt.type.getSubOptions opt.loc;

4
lib/systems/doubles.nix
Unescape View File

@ -1,8 +1,8 @@
{ lib }:
let
inherit (lib) lists;
parse = import ./parse.nix { inherit lib; };
inherit (import ./inspect.nix { inherit lib; }) predicates;
inherit (lib.systems) parse;
inherit (lib.systems.inspect) predicates;
inherit (lib.attrsets) matchAttrs;
all = [

152
lib/systems/parse.nix
Unescape View File

@ -4,6 +4,16 @@
# http://llvm.org/docs/doxygen/html/Triple_8cpp_source.html especially
# Triple::normalize. Parsing should essentially act as a more conservative
# version of that last function.
#
# Most of the types below come in "open" and "closed" pairs. The open ones
# specify what information we need to know about systems in general, and the
# closed ones are sub-types representing the whitelist of systems we support in
# practice.
#
# Code in the remainder of nixpkgs shouldn't rely on the closed ones in
# e.g. exhaustive cases. Its more a sanity check to make sure nobody defines
# systems that overlap with existing ones and won't notice something amiss.
#
{ lib }:
with lib.lists;
with lib.types;
@ -11,29 +21,52 @@ with lib.attrsets;
with (import ./inspect.nix { inherit lib; }).predicates;
let
setTypesAssert = type: pred:
inherit (lib.options) mergeOneOption;
setTypes = type:
mapAttrs (name: value:
assert pred value;
setType type ({ inherit name; } // value));
setTypes = type: setTypesAssert type (_: true);
assert type.check value;
setType type.name ({ inherit name; } // value));
in
rec {
isSignificantByte = isType "significant-byte";
significantBytes = setTypes "significant-byte" {
################################################################################
types.openSignifiantByte = mkOptionType {
name = "significant-byte";
description = "Endianness";
merge = mergeOneOption;
};
types.significantByte = enum (attrValues significantBytes);
significantBytes = setTypes types.openSignifiantByte {
bigEndian = {};
littleEndian = {};
};
isCpuType = isType "cpu-type";
cpuTypes = with significantBytes; setTypesAssert "cpu-type"
(x: elem x.bits [8 16 32 64 128]
&& (if 8 < x.bits
then isSignificantByte x.significantByte
else !(x ? significantByte)))
{
################################################################################
# Reasonable power of 2
types.bitWidth = enum [ 8 16 32 64 128 ];
################################################################################
types.openCpuType = mkOptionType {
name = "cpu-type";
description = "instruction set architecture name and information";
merge = mergeOneOption;
check = x: types.bitWidth.check x.bits
&& (if 8 < x.bits
then types.significantByte.check x.significantByte
else !(x ? significantByte));
};
types.cpuType = enum (attrValues cpuTypes);
cpuTypes = with significantBytes; setTypes types.openCpuType {
arm = { bits = 32; significantByte = littleEndian; family = "arm"; };
armv5tel = { bits = 32; significantByte = littleEndian; family = "arm"; };
armv6l = { bits = 32; significantByte = littleEndian; family = "arm"; };
@ -50,16 +83,34 @@ rec {
wasm64 = { bits = 64; significantByte = littleEndian; family = "wasm"; };
};
isVendor = isType "vendor";
vendors = setTypes "vendor" {
################################################################################
types.openVendor = mkOptionType {
name = "vendor";
description = "vendor for the platform";
merge = mergeOneOption;
};
types.vendor = enum (attrValues vendors);
vendors = setTypes types.openVendor {
apple = {};
pc = {};
unknown = {};
};
isExecFormat = isType "exec-format";
execFormats = setTypes "exec-format" {
################################################################################
types.openExecFormat = mkOptionType {
name = "exec-format";
description = "executable container used by the kernel";
merge = mergeOneOption;
};
types.execFormat = enum (attrValues execFormats);
execFormats = setTypes types.openExecFormat {
aout = {}; # a.out
elf = {};
macho = {};
@ -68,15 +119,33 @@ rec {
unknown = {};
};
isKernelFamily = isType "kernel-family";
kernelFamilies = setTypes "kernel-family" {
################################################################################
types.openKernelFamily = mkOptionType {
name = "exec-format";
description = "executable container used by the kernel";
merge = mergeOneOption;
};
types.kernelFamily = enum (attrValues kernelFamilies);
kernelFamilies = setTypes types.openKernelFamily {
bsd = {};
};
isKernel = x: isType "kernel" x;
kernels = with execFormats; with kernelFamilies; setTypesAssert "kernel"
(x: isExecFormat x.execFormat && all isKernelFamily (attrValues x.families))
{
################################################################################
types.openKernel = mkOptionType {
name = "kernel";
description = "kernel name and information";
merge = mergeOneOption;
check = x: types.execFormat.check x.execFormat
&& all types.kernelFamily.check (attrValues x.families);
};
types.kernel = enum (attrValues kernels);
kernels = with execFormats; with kernelFamilies; setTypes types.openKernel {
darwin = { execFormat = macho; families = { }; };
freebsd = { execFormat = elf; families = { inherit bsd; }; };
hurd = { execFormat = elf; families = { }; };
@ -93,8 +162,17 @@ rec {
win32 = kernels.windows;
};
isAbi = isType "abi";
abis = setTypes "abi" {
################################################################################
types.openAbi = mkOptionType {
name = "abi";
description = "binary interface for compiled code and syscalls";
merge = mergeOneOption;
};
types.abi = enum (attrValues abis);
abis = setTypes types.openAbi {
cygnus = {};
gnu = {};
msvc = {};
@ -106,12 +184,24 @@ rec {
unknown = {};
};
################################################################################
types.system = mkOptionType {
name = "system";
description = "fully parsed representation of llvm- or nix-style platform tuple";
merge = mergeOneOption;
check = { cpu, vendor, kernel, abi }:
types.cpuType.check cpu
&& types.vendor.check vendor
&& types.kernel.check kernel
&& types.abi.check abi;
};
isSystem = isType "system";
mkSystem = { cpu, vendor, kernel, abi }:
assert isCpuType cpu && isVendor vendor && isKernel kernel && isAbi abi;
setType "system" {
inherit cpu vendor kernel abi;
};
mkSystem = components:
assert types.system.check components;
setType "system" components;
mkSkeletonFromList = l: {
"2" = # We only do 2-part hacks for things Nix already supports
@ -174,4 +264,6 @@ rec {
optAbi = lib.optionalString (abi != abis.unknown) "-${abi.name}";
in "${cpu.name}-${vendor.name}-${kernel.name}${optAbi}";
################################################################################
}

5
lib/systems/platforms.nix
Unescape View File

@ -479,6 +479,11 @@ rec {
kernelPreferBuiltin = true;
kernelTarget = "zImage";
kernelExtraConfig = ''
# Serial port for Raspberry Pi 3. Upstream forgot to add it to the ARMv7 defconfig.
SERIAL_8250_BCM2835AUX y
SERIAL_8250_EXTENDED y
SERIAL_8250_SHARE_IRQ y
# Fix broken sunxi-sid nvmem driver.
TI_CPTS y

63
lib/trivial.nix
Unescape View File

@ -52,7 +52,7 @@ rec {
# Pull in some builtins not included elsewhere.
inherit (builtins)
pathExists readFile isBool isFunction
pathExists readFile isBool
isInt add sub lessThan
seq deepSeq genericClosure;
@ -81,6 +81,42 @@ rec {
*/
mod = base: int: base - (int * (builtins.div base int));
/* C-style comparisons
a < b, compare a b => -1
a == b, compare a b => 0
a > b, compare a b => 1
*/
compare = a: b:
if a < b
then -1
else if a > b
then 1
else 0;
/* Split type into two subtypes by predicate `p`, take all elements
of the first subtype to be less than all the elements of the
second subtype, compare elements of a single subtype with `yes`
and `no` respectively.
Example:
let cmp = splitByAndCompare (hasPrefix "foo") compare compare; in
cmp "a" "z" => -1
cmp "fooa" "fooz" => -1
cmp "f" "a" => 1
cmp "fooa" "a" => -1
# while
compare "fooa" "a" => 1
*/
splitByAndCompare = p: yes: no: a: b:
if p a
then if p b then yes a b else -1
else if p b then 1 else no a b;
/* Reads a JSON file. */
importJSON = path:
builtins.fromJSON (builtins.readFile path);
@ -99,4 +135,29 @@ rec {
*/
warn = msg: builtins.trace "WARNING: ${msg}";
info = msg: builtins.trace "INFO: ${msg}";
# | Add metadata about expected function arguments to a function.
# The metadata should match the format given by
# builtins.functionArgs, i.e. a set from expected argument to a bool
# representing whether that argument has a default or not.
# setFunctionArgs : (a → b) → Map String Bool → (a → b)
#
# This function is necessary because you can't dynamically create a
# function of the { a, b ? foo, ... }: format, but some facilities
# like callPackage expect to be able to query expected arguments.
setFunctionArgs = f: args:
{ # TODO: Should we add call-time "type" checking like built in?
__functor = self: f;
__functionArgs = args;
};
# | Extract the expected function arguments from a function.
# This works both with nix-native { a, b ? foo, ... }: style
# functions and functions with args set with 'setFunctionArgs'. It
# has the same return type and semantics as builtins.functionArgs.
# setFunctionArgs : (a → b) → Map String Bool.
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
isFunction = f: builtins.isFunction f ||
(f ? __functor && isFunction (f.__functor f));
}

4
lib/types.nix
Unescape View File

@ -256,6 +256,10 @@ rec {
functor = (defaultFunctor name) // { wrapped = elemType; };
};
nonEmptyListOf = elemType:
let list = addCheck (types.listOf elemType) (l: l != []);
in list // { description = "non-empty " + list.description; };
attrsOf = elemType: mkOptionType rec {
name = "attrsOf";
description = "attribute set of ${elemType.description}s";

4
nixos/default.nix
Unescape View File

@ -9,8 +9,6 @@ let
modules = [ configuration ];
};
inherit (eval) pkgs;
# This is for `nixos-rebuild build-vm'.
vmConfig = (import ./lib/eval-config.nix {
inherit system;
@ -30,7 +28,7 @@ let
in
{
inherit (eval) config options;
inherit (eval) pkgs config options;
system = eval.config.system.build.toplevel;

58
nixos/doc/manual/default.nix
Unescape View File

@ -6,22 +6,52 @@ let
lib = pkgs.lib;
# Remove invisible and internal options.
optionsList = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
# Replace functions by the string <function>
substFunction = x:
if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x
else if builtins.isList x then map substFunction x
else if builtins.isFunction x then "<function>"
else if lib.isFunction x then "<function>"
else x;
# Clean up declaration sites to not refer to the NixOS source tree.
optionsList' = lib.flip map optionsList (opt: opt // {
# Generate DocBook documentation for a list of packages. This is
# what `relatedPackages` option of `mkOption` from
# ../../../lib/options.nix influences.
#
# Each element of `relatedPackages` can be either
# - a string: that will be interpreted as an attribute name from `pkgs`,
# - a list: that will be interpreted as an attribute path from `pkgs`,
# - an attrset: that can specify `name`, `path`, `package`, `comment`
# (either of `name`, `path` is required, the rest are optional).
genRelatedPackages = packages:
let
unpack = p: if lib.isString p then { name = p; }
else if lib.isList p then { path = p; }
else p;
describe = args:
let
name = args.name or (lib.concatStringsSep "." args.path);
path = args.path or [ args.name ];
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs);
in "<listitem>"
+ "<para><literal>pkgs.${name} (${package.meta.name})</literal>"
+ lib.optionalString (!package.meta.evaluates) " <emphasis>[UNAVAILABLE]</emphasis>"
+ ": ${package.meta.description or "???"}.</para>"
+ lib.optionalString (args ? comment) "\n<para>${args.comment}</para>"
# Lots of `longDescription's break DocBook, so we just wrap them into <programlisting>
+ lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>"
+ "</listitem>";
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
optionsListDesc = lib.flip map optionsListVisible (opt: opt // {
# Clean up declaration sites to not refer to the NixOS source tree.
declarations = map stripAnyPrefixes opt.declarations;
}
// lib.optionalAttrs (opt ? example) { example = substFunction opt.example; }
// lib.optionalAttrs (opt ? default) { default = substFunction opt.default; }
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; });
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; }
// lib.optionalAttrs (opt ? relatedPackages) { relatedPackages = genRelatedPackages opt.relatedPackages; });
# We need to strip references to /nix/store/* from options,
# including any `extraSources` if some modules came from elsewhere,
@ -32,8 +62,22 @@ let
prefixesToStrip = map (p: "${toString p}/") ([ ../../.. ] ++ extraSources);
stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix) prefixesToStrip;
# Custom "less" that pushes up all the things ending in ".enable*"
# and ".package"
optionListLess = a: b:
let
splt = lib.splitString ".";
ise = lib.hasPrefix "enable";
isp = lib.hasPrefix "package";
cmp = lib.splitByAndCompare ise lib.compare
(lib.splitByAndCompare isp lib.compare lib.compare);
in lib.compareLists cmp (splt a) (splt b) < 0;
# Customly sort option list for the man page.
optionsList = lib.sort (a: b: optionListLess a.name b.name) optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList');
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsDocBook = runCommand "options-db.xml" {} ''
optionsXML=${optionsXML}
@ -191,7 +235,7 @@ in rec {
mkdir -p $dst
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON
(builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList'))))
(builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList))))
} $dst/options.json
mkdir -p $out/nix-support

18
nixos/doc/manual/installation/changing-config.xml
Unescape View File

@ -70,9 +70,21 @@ $ ./result/bin/run-*-vm
</screen>
The VM does not have any data from your host system, so your existing
user accounts and home directories will not be available. You can
forward ports on the host to the guest. For instance, the following
will forward host port 2222 to guest port 22 (SSH):
user accounts and home directories will not be available unless you
have set <literal>mutableUsers = false</literal>. Another way is to
temporarily add the following to your configuration:
<screen>
users.extraUsers.your-user.initialPassword = "test"
</screen>
<emphasis>Important:</emphasis> delete the $hostname.qcow2 file if you
have started the virtual machine at least once without the right
users, otherwise the changes will not get picked up.
You can forward ports on the host to the guest. For
instance, the following will forward host port 2222 to guest port 22
(SSH):
<screen>
$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm

9
nixos/doc/manual/options-to-docbook.xsl
Unescape View File

@ -70,6 +70,15 @@
</para>
</xsl:if>
<xsl:if test="attr[@name = 'relatedPackages']">
<para>
<emphasis>Related packages:</emphasis>
<xsl:text> </xsl:text>
<xsl:value-of disable-output-escaping="yes"
select="attr[@name = 'relatedPackages']/string/@value" />
</para>
</xsl:if>
<xsl:if test="count(attr[@name = 'declarations']/list/*) != 0">
<para>
<emphasis>Declared by:</emphasis>

36
nixos/doc/manual/release-notes/rl-1803.xml
Unescape View File

@ -88,6 +88,28 @@ following incompatible changes:</para>
<option>services.pgmanage</option>.
</para>
</listitem>
<listitem>
<para>
Package attributes starting with a digit have been prefixed with an
underscore sign. This is to avoid quoting in the configuration and
other issues with command-line tools like <literal>nix-env</literal>.
The change affects the following packages:
<itemizedlist>
<listitem>
<para><literal>2048-in-terminal</literal><literal>_2048-in-terminal</literal></para>
</listitem>
<listitem>
<para><literal>90secondportraits</literal><literal>_90secondportraits</literal></para>
</listitem>
<listitem>
<para><literal>2bwm</literal><literal>_2bwm</literal></para>
</listitem>
<listitem>
<para><literal>389-ds-base</literal><literal>_389-ds-base</literal></para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
<emphasis role="strong">
@ -160,6 +182,20 @@ following incompatible changes:</para>
<literal>lib.mkOverride</literal> can be used.
</para>
</listitem>
<listitem>
<para>
The following changes apply if the <literal>stateVersion</literal> is changed to 18.03 or higher.
For <literal>stateVersion = "17.09"</literal> or lower the old behavior is preserved.
</para>
<itemizedlist>
<listitem>
<para>
<literal>matrix-synapse</literal> uses postgresql by default instead of sqlite.
Migration instructions can be found <link xlink:href="https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst#porting-from-sqlite"> here </link>.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>

2
nixos/lib/testing.nix
Unescape View File

@ -85,7 +85,7 @@ rec {
testScript' =
# Call the test script with the computed nodes.
if builtins.isFunction testScript
if lib.isFunction testScript
then testScript { inherit nodes; }
else testScript;

7
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
Unescape View File

@ -43,11 +43,18 @@ in
sdImage = {
populateBootCommands = let
configTxt = pkgs.writeText "config.txt" ''
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
[pi2]
kernel=u-boot-rpi2.bin
[pi3]
kernel=u-boot-rpi3.bin
# U-Boot used to need this to work, regardless of whether UART is actually used or not.
# TODO: check when/if this can be removed.
enable_uart=1
'';
in ''

4
nixos/modules/misc/ids.nix
Unescape View File

@ -302,6 +302,8 @@
kodi = 283;
restya-board = 284;
mighttpd2 = 285;
hass = 286;
monero = 287;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -572,6 +574,8 @@
kodi = 283;
restya-board = 284;
mighttpd2 = 285;
hass = 286;
monero = 287;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

60
nixos/modules/misc/nixpkgs.nix
Unescape View File

@ -3,11 +3,13 @@
with lib;
let
cfg = config.nixpkgs;
isConfig = x:
builtins.isAttrs x || builtins.isFunction x;
builtins.isAttrs x || lib.isFunction x;
optCall = f: x:
if builtins.isFunction f
if lib.isFunction f
then f x
else f;
@ -38,16 +40,55 @@ let
overlayType = mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = builtins.isFunction;
check = lib.isFunction;
merge = lib.mergeOneOption;
};
_pkgs = import ../../.. config.nixpkgs;
pkgsType = mkOptionType {
name = "nixpkgs";
description = "An evaluation of Nixpkgs; the top level attribute set of packages";
check = builtins.isAttrs;
};
in
{
options.nixpkgs = {
pkgs = mkOption {
defaultText = literalExample
''import "''${nixos}/.." {
inherit (config.nixpkgs) config overlays system;
}
'';
default = import ../../.. { inherit (cfg) config overlays system; };
type = pkgsType;
example = literalExample ''import <nixpkgs> {}'';
description = ''
This is the evaluation of Nixpkgs that will be provided to
all NixOS modules. Defining this option has the effect of
ignoring the other options that would otherwise be used to
evaluate Nixpkgs, because those are arguments to the default
value. The default value imports the Nixpkgs source files
relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency,
so the <code>nixos</code> in the default value is in fact a
relative path. The <code>config</code>, <code>overlays</code>
and <code>system</code> come from this option's siblings.
This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend
on a container that should be built with the exact same evaluation
of Nixpkgs, for example. Applications like this should set
their default value using <code>lib.mkDefault</code>, so
user-provided configuration can override it without using
<code>lib</code>.
Note that using a distinct version of Nixpkgs with NixOS may
be an unexpected source of problems. Use this option with care.
'';
};
config = mkOption {
default = {};
example = literalExample
@ -59,6 +100,8 @@ in
The configuration of the Nix Packages collection. (For
details, see the Nixpkgs documentation.) It allows you to set
package configuration options.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
@ -69,7 +112,6 @@ in
[ (self: super: {
openssh = super.openssh.override {
hpnSupport = true;
withKerberos = true;
kerberos = self.libkrb5;
};
};
@ -83,6 +125,8 @@ in
takes as an argument the <emphasis>original</emphasis> Nixpkgs.
The first argument should be used for finding dependencies, and
the second should be used for overriding recipes.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
@ -94,14 +138,16 @@ in
If unset, it defaults to the platform type of your host system.
Specifying this option is useful when doing distributed
multi-platform deployment, or when building virtual machines.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
};
config = {
_module.args = {
pkgs = _pkgs;
pkgs_i686 = _pkgs.pkgsi686Linux;
pkgs = cfg.pkgs;
pkgs_i686 = cfg.pkgs.pkgsi686Linux;
};
};
}

8
nixos/modules/module-list.nix
Unescape View File

@ -111,6 +111,7 @@
./programs/wireshark.nix
./programs/xfs_quota.nix
./programs/xonsh.nix
./programs/yabar.nix
./programs/zsh/oh-my-zsh.nix
./programs/zsh/zsh.nix
./programs/zsh/zsh-syntax-highlighting.nix
@ -315,6 +316,7 @@
./services/misc/gogs.nix
./services/misc/gollum.nix
./services/misc/gpsd.nix
./services/misc/home-assistant.nix
./services/misc/ihaskell.nix
./services/misc/irkerd.nix
./services/misc/jackett.nix
@ -416,7 +418,8 @@
./services/network-filesystems/ipfs.nix
./services/network-filesystems/netatalk.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/openafs-client/default.nix
./services/network-filesystems/openafs/client.nix
./services/network-filesystems/openafs/server.nix
./services/network-filesystems/rsyncd.nix
./services/network-filesystems/samba.nix
./services/network-filesystems/tahoe.nix
@ -425,6 +428,7 @@
./services/network-filesystems/yandex-disk.nix
./services/network-filesystems/xtreemfs.nix
./services/networking/amuled.nix
./services/networking/aria2.nix
./services/networking/asterisk.nix
./services/networking/atftpd.nix
./services/networking/avahi-daemon.nix
@ -489,6 +493,7 @@
./services/networking/minidlna.nix
./services/networking/miniupnpd.nix
./services/networking/mosquitto.nix
./services/networking/monero.nix
./services/networking/miredo.nix
./services/networking/mstpd.nix
./services/networking/murmur.nix
@ -526,6 +531,7 @@
./services/networking/redsocks.nix
./services/networking/resilio.nix
./services/networking/rpcbind.nix
./services/networking/rxe.nix
./services/networking/sabnzbd.nix
./services/networking/searx.nix
./services/networking/seeks.nix

2
nixos/modules/profiles/clone-config.nix
Unescape View File

@ -17,7 +17,7 @@ let
# you should use files).
moduleFiles =
# FIXME: use typeOf (Nix 1.6.1).
filter (x: !isAttrs x && !builtins.isFunction x) modules;
filter (x: !isAttrs x && !lib.isFunction x) modules;
# Partition module files because between NixOS and non-NixOS files. NixOS
# files may change if the repository is updated.

1
nixos/modules/programs/adb.nix
Unescape View File

@ -16,6 +16,7 @@ with lib;
To grant access to a user, it must be part of adbusers group:
<code>users.extraUsers.alice.extraGroups = ["adbusers"];</code>
'';
relatedPackages = [ ["androidenv" "platformTools"] ];
};
};
};

10
nixos/modules/programs/shadow.nix
Unescape View File

@ -26,8 +26,9 @@ let
# Ensure privacy for newly created home directories.
UMASK 077
# Uncomment this to allow non-root users to change their account
#information. This should be made configurable.
# Uncomment this and install chfn SUID to allow non-root
# users to change their account GECOS information.
# This should be made configurable.
#CHFN_RESTRICT frwh
'';
@ -103,13 +104,12 @@ in
security.wrappers = {
su.source = "${pkgs.shadow.su}/bin/su";
chfn.source = "${pkgs.shadow.out}/bin/chfn";
sg.source = "${pkgs.shadow.out}/bin/sg";
newgrp.source = "${pkgs.shadow.out}/bin/newgrp";
newuidmap.source = "${pkgs.shadow.out}/bin/newuidmap";
newgidmap.source = "${pkgs.shadow.out}/bin/newgidmap";
} // (if config.users.mutableUsers then {
passwd.source = "${pkgs.shadow.out}/bin/passwd";
sg.source = "${pkgs.shadow.out}/bin/sg";
newgrp.source = "${pkgs.shadow.out}/bin/newgrp";
} else {});
};
}

7
nixos/modules/programs/tmux.nix
Unescape View File

@ -61,7 +61,12 @@ in {
options = {
programs.tmux = {
enable = mkEnableOption "<command>tmux</command> - a <command>screen</command> replacement.";
enable = mkOption {
type = types.bool;
default = false;
description = "Whenever to configure <command>tmux</command> system-wide.";
relatedPackages = [ "tmux" ];
};
aggressiveResize = mkOption {
default = false;

149
nixos/modules/programs/yabar.nix
Unescape View File

@ -0,0 +1,149 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.programs.yabar;
mapExtra = v: lib.concatStringsSep "\n" (mapAttrsToList (
key: val: "${key} = ${if (isString val) then "\"${val}\"" else "${builtins.toString val}"};"
) v);
listKeys = r: concatStringsSep "," (map (n: "\"${n}\"") (attrNames r));
configFile = let
bars = mapAttrsToList (
name: cfg: ''
${name}: {
font: "${cfg.font}";
position: "${cfg.position}";
${mapExtra cfg.extra}
block-list: [${listKeys cfg.indicators}]
${concatStringsSep "\n" (mapAttrsToList (
name: cfg: ''
${name}: {
exec: "${cfg.exec}";
align: "${cfg.align}";
${mapExtra cfg.extra}
};
''
) cfg.indicators)}
};
''
) cfg.bars;
in pkgs.writeText "yabar.conf" ''
bar-list = [${listKeys cfg.bars}];
${concatStringsSep "\n" bars}
'';
in
{
options.programs.yabar = {
enable = mkEnableOption "yabar";
package = mkOption {
default = pkgs.yabar;
example = literalExample "pkgs.yabar-unstable";
type = types.package;
description = ''
The package which contains the `yabar` binary.
Nixpkgs provides the `yabar` and `yabar-unstable`
derivations since 18.03, so it's possible to choose.
'';
};
bars = mkOption {
default = {};
type = types.attrsOf(types.submodule {
options = {
font = mkOption {
default = "sans bold 9";
example = "Droid Sans, FontAwesome Bold 9";
type = types.string;
description = ''
The font that will be used to draw the status bar.
'';
};
position = mkOption {
default = "top";
example = "bottom";
type = types.enum [ "top" "bottom" ];
description = ''
The position where the bar will be rendered.
'';
};
extra = mkOption {
default = {};
type = types.attrsOf types.string;
description = ''
An attribute set which contains further attributes of a bar.
'';
};
indicators = mkOption {
default = {};
type = types.attrsOf(types.submodule {
options.exec = mkOption {
example = "YABAR_DATE";
type = types.string;
description = ''
The type of the indicator to be executed.
'';
};
options.align = mkOption {
default = "left";
example = "right";
type = types.enum [ "left" "center" "right" ];
description = ''
Whether to align the indicator at the left or right of the bar.
'';
};
options.extra = mkOption {
default = {};
type = types.attrsOf (types.either types.string types.int);
description = ''
An attribute set which contains further attributes of a indicator.
'';
};
});
description = ''
Indicators that should be rendered by yabar.
'';
};
};
});
description = ''
List of bars that should be rendered by yabar.
'';
};
};
config = mkIf cfg.enable {
systemd.user.services.yabar = {
description = "yabar service";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
script = ''
${cfg.package}/bin/yabar -c ${configFile}
'';
serviceConfig.Restart = "always";
};
};
}

4
nixos/modules/rename.nix
Unescape View File

@ -210,6 +210,7 @@ with lib;
"Set the option `services.xserver.displayManager.sddm.package' instead.")
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
(mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
@ -220,5 +221,8 @@ with lib;
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "theme" ] [ "programs" "zsh" "ohMyZsh" "theme" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "custom" ] [ "programs" "zsh" "ohMyZsh" "custom" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "plugins" ] [ "programs" "zsh" "ohMyZsh" "plugins" ])
# Xen
(mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ])
];
}

14
nixos/modules/security/acme.nix
Unescape View File

@ -6,10 +6,11 @@ let
cfg = config.security.acme;
certOpts = { ... }: {
certOpts = { name, ... }: {
options = {
webroot = mkOption {
type = types.str;
example = "/var/lib/acme/acme-challenges";
description = ''
Where the webroot of the HTTP vhost is located.
<filename>.well-known/acme-challenge/</filename> directory
@ -20,8 +21,8 @@ let
};
domain = mkOption {
type = types.nullOr types.str;
default = null;
type = types.str;
default = name;
description = "Domain to fetch certificate for (defaults to the entry name)";
};
@ -48,7 +49,7 @@ let
default = false;
description = ''
Give read permissions to the specified group
(<option>security.acme.group</option>) to read SSL private certificates.
(<option>security.acme.cert.&lt;name&gt;.group</option>) to read SSL private certificates.
'';
};
@ -87,7 +88,7 @@ let
}
'';
description = ''
Extra domain names for which certificates are to be issued, with their
A list of extra domain names, which are included in the one certificate to be issued, with their
own server roots if needed.
'';
};
@ -193,10 +194,9 @@ in
servicesLists = mapAttrsToList certToServices cfg.certs;
certToServices = cert: data:
let
domain = if data.domain != null then data.domain else cert;
cpath = "${cfg.directory}/${cert}";
rights = if data.allowKeysForGroup then "750" else "700";
cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins
++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)

21
nixos/modules/security/pam.nix
Unescape View File

@ -46,6 +46,18 @@ let
'';
};
googleAuthenticator = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
If set, users with enabled Google Authenticator (created
<filename>~/.google_authenticator</filename>) will be required
to provide Google Authenticator token to log in.
'';
};
};
usbAuth = mkOption {
default = config.security.pam.usb.enable;
type = types.bool;
@ -284,7 +296,12 @@ let
# prompts the user for password so we run it once with 'required' at an
# earlier point and it will run again with 'sufficient' further down.
# We use try_first_pass the second time to avoid prompting password twice
(optionalString (cfg.unixAuth && (config.security.pam.enableEcryptfs || cfg.pamMount || cfg.enableKwallet || cfg.enableGnomeKeyring)) ''
(optionalString (cfg.unixAuth &&
(config.security.pam.enableEcryptfs
|| cfg.pamMount
|| cfg.enableKwallet
|| cfg.enableGnomeKeyring
|| cfg.googleAuthenticator.enable)) ''
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth
${optionalString config.security.pam.enableEcryptfs
"auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
@ -295,6 +312,8 @@ let
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString cfg.enableGnomeKeyring
("auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so")}
${optionalString cfg.googleAuthenticator.enable
"auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"}
'') + ''
${optionalString cfg.unixAuth
"auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"}

31
nixos/modules/services/computing/slurm/slurm.nix
Unescape View File

@ -6,14 +6,20 @@ let
cfg = config.services.slurm;
# configuration file can be generated by http://slurm.schedmd.com/configurator.html
configFile = pkgs.writeText "slurm.conf"
configFile = pkgs.writeText "slurm.conf"
''
${optionalString (cfg.controlMachine != null) ''controlMachine=${cfg.controlMachine}''}
${optionalString (cfg.controlAddr != null) ''controlAddr=${cfg.controlAddr}''}
${optionalString (cfg.nodeName != null) ''nodeName=${cfg.nodeName}''}
${optionalString (cfg.partitionName != null) ''partitionName=${cfg.partitionName}''}
PlugStackConfig=${plugStackConfig}
${cfg.extraConfig}
'';
plugStackConfig = pkgs.writeText "plugstack.conf"
''
${optionalString cfg.enableSrunX11 ''optional ${pkgs.slurm-spank-x11}/lib/x11.so''}
'';
in
{
@ -28,7 +34,7 @@ in
enable = mkEnableOption "slurm control daemon";
};
client = {
enable = mkEnableOption "slurm rlient daemon";
@ -86,8 +92,19 @@ in
'';
};
enableSrunX11 = mkOption {
default = false;
type = types.bool;
description = ''
If enabled srun will accept the option "--x11" to allow for X11 forwarding
from within an interactive session or a batch job. This activates the
slurm-spank-x11 module. Note that this requires 'services.openssh.forwardX11'
to be enabled on the compute nodes.
'';
};
extraConfig = mkOption {
default = "";
default = "";
type = types.lines;
description = ''
Extra configuration options that will be added verbatim at
@ -134,7 +151,8 @@ in
environment.systemPackages = [ wrappedSlurm ];
systemd.services.slurmd = mkIf (cfg.client.enable) {
path = with pkgs; [ wrappedSlurm coreutils ];
path = with pkgs; [ wrappedSlurm coreutils ]
++ lib.optional cfg.enableSrunX11 slurm-spank-x11;
wantedBy = [ "multi-user.target" ];
after = [ "systemd-tmpfiles-clean.service" ];
@ -152,8 +170,9 @@ in
};
systemd.services.slurmctld = mkIf (cfg.server.enable) {
path = with pkgs; [ wrappedSlurm munge coreutils ];
path = with pkgs; [ wrappedSlurm munge coreutils ]
++ lib.optional cfg.enableSrunX11 slurm-spank-x11;
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "munged.service" ];
requires = [ "munged.service" ];

4
nixos/modules/services/databases/mysql.nix
Unescape View File

@ -289,10 +289,10 @@ in
# Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}"
( echo "create database ${database.name};"
( echo "create database `${database.name}`;"
${optionalString (database ? "schema") ''
echo "use ${database.name};"
echo "use `${database.name}`;"
if [ -f "${database.schema}" ]
then

32
nixos/modules/services/hardware/acpid.nix
Unescape View File

@ -31,7 +31,7 @@ let
''
fn=$out/${name}
echo "event=${handler.event}" > $fn
echo "action=${pkgs.writeScript "${name}.sh" (concatStringsSep "\n" [ "#! ${pkgs.bash}/bin/sh" handler.action ])}" >> $fn
echo "action=${pkgs.writeShellScriptBin "${name}.sh" handler.action }/bin/${name}.sh '%e'" >> $fn
'';
in concatStringsSep "\n" (mapAttrsToList f (canonicalHandlers // config.services.acpid.handlers))
}
@ -69,11 +69,33 @@ in
};
});
description = "Event handlers.";
default = {};
example = { mute = { event = "button/mute.*"; action = "amixer set Master toggle"; }; };
description = ''
Event handlers.
<note><para>
Handler can be a single command.
</para></note>
'';
default = {};
example = {
ac-power = {
event = "ac_adapter/*";
action = ''
vals=($1) # space separated string to array of multiple values
case ''${vals[3]} in
00000000)
echo unplugged >> /tmp/acpi.log
;;
00000001)
echo plugged in >> /tmp/acpi.log
;;
*)
echo unknown >> /tmp/acpi.log
;;
esac
'';
};
};
};
powerEventCommands = mkOption {

2
nixos/modules/services/hardware/nvidia-optimus.nix
Unescape View File

@ -23,7 +23,7 @@ let kernel = config.boot.kernelPackages; in
###### implementation
config = lib.mkIf config.hardware.nvidiaOptimus.disable {
boot.blacklistedKernelModules = ["nouveau" "nvidia" "nvidiafb"];
boot.blacklistedKernelModules = ["nouveau" "nvidia" "nvidiafb" "nvidia-drm"];
boot.kernelModules = [ "bbswitch" ];
boot.extraModulePackages = [ kernel.bbswitch ];

4
nixos/modules/services/mail/dovecot.nix
Unescape View File

@ -104,7 +104,7 @@ let
};
mailboxConfig = mailbox: ''
mailbox ${mailbox.name} {
mailbox "${mailbox.name}" {
auto = ${toString mailbox.auto}
'' + optionalString (mailbox.specialUse != null) ''
special_use = \${toString mailbox.specialUse}
@ -113,7 +113,7 @@ let
mailboxes = { lib, pkgs, ... }: {
options = {
name = mkOption {
type = types.str;
type = types.strMatching ''[^"]+'';
example = "Spam";
description = "The name of the mailbox.";
};

261
nixos/modules/services/mail/rspamd.nix
Unescape View File

@ -1,14 +1,152 @@
{ config, lib, pkgs, ... }:
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.services.rspamd;
opts = options.services.rspamd;
mkBindSockets = socks: concatStringsSep "\n" (map (each: " bind_socket = \"${each}\"") socks);
bindSocketOpts = {options, config, ... }: {
options = {
socket = mkOption {
type = types.str;
example = "localhost:11333";
description = ''
Socket for this worker to listen on in a format acceptable by rspamd.
'';
};
mode = mkOption {
type = types.str;
default = "0644";
description = "Mode to set on unix socket";
};
owner = mkOption {
type = types.str;
default = "${cfg.user}";
description = "Owner to set on unix socket";
};
group = mkOption {
type = types.str;
default = "${cfg.group}";
description = "Group to set on unix socket";
};
rawEntry = mkOption {
type = types.str;
internal = true;
};
};
config.rawEntry = let
maybeOption = option:
optionalString options.${option}.isDefined " ${option}=${config.${option}}";
in
if (!(hasPrefix "/" config.socket)) then "${config.socket}"
else "${config.socket}${maybeOption "mode"}${maybeOption "owner"}${maybeOption "group"}";
};
rspamdConfFile = pkgs.writeText "rspamd.conf"
workerOpts = { name, ... }: {
options = {
enable = mkOption {
type = types.nullOr types.bool;
default = null;
description = "Whether to run the rspamd worker.";
};
name = mkOption {
type = types.nullOr types.str;
default = name;
description = "Name of the worker";
};
type = mkOption {
type = types.nullOr (types.enum [
"normal" "controller" "fuzzy_storage" "proxy" "lua"
]);
description = "The type of this worker";
};
bindSockets = mkOption {
type = types.listOf (types.either types.str (types.submodule bindSocketOpts));
default = [];
description = ''
List of sockets to listen, in format acceptable by rspamd
'';
example = [{
socket = "/run/rspamd.sock";
mode = "0666";
owner = "rspamd";
} "*:11333"];
apply = value: map (each: if (isString each)
then if (isUnixSocket each)
then {socket = each; owner = cfg.user; group = cfg.group; mode = "0644"; rawEntry = "${each}";}
else {socket = each; rawEntry = "${each}";}
else each) value;
};
count = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
Number of worker instances to run
'';
};
includes = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of files to include in configuration
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Additional entries to put verbatim into worker section of rspamd config file.";
};
};
config = mkIf (name == "normal" || name == "controller" || name == "fuzzy") {
type = mkDefault name;
includes = mkDefault [ "$CONFDIR/worker-${name}.inc" ];
bindSockets = mkDefault (if name == "normal"
then [{
socket = "/run/rspamd/rspamd.sock";
mode = "0660";
owner = cfg.user;
group = cfg.group;
}]
else if name == "controller"
then [ "localhost:11334" ]
else [] );
};
};
indexOf = default: start: list: e:
if list == []
then default
else if (head list) == e then start
else (indexOf default (start + (length (listenStreams (head list).socket))) (tail list) e);
systemdSocket = indexOf (abort "Socket not found") 0 allSockets;
isUnixSocket = socket: hasPrefix "/" (if (isString socket) then socket else socket.socket);
isPort = hasPrefix "*:";
isIPv4Socket = hasPrefix "*v4:";
isIPv6Socket = hasPrefix "*v6:";
isLocalHost = hasPrefix "localhost:";
listenStreams = socket:
if (isLocalHost socket) then
let port = (removePrefix "localhost:" socket);
in [ "127.0.0.1:${port}" ] ++ (if config.networking.enableIPv6 then ["[::1]:${port}"] else [])
else if (isIPv6Socket socket) then [removePrefix "*v6:" socket]
else if (isPort socket) then [removePrefix "*:" socket]
else if (isIPv4Socket socket) then
throw "error: IPv4 only socket not supported in rspamd with socket activation"
else if (length (splitString " " socket)) != 1 then
throw "error: string options not supported in rspamd with socket activation"
else [socket];
mkBindSockets = enabled: socks: concatStringsSep "\n " (flatten (map (each:
if cfg.socketActivation && enabled != false then
let systemd = (systemdSocket each);
in (imap (idx: e: "bind_socket = \"systemd:${toString (systemd + idx - 1)}\";") (listenStreams each.socket))
else "bind_socket = \"${each.rawEntry}\";") socks));
rspamdConfFile = pkgs.writeText "rspamd.conf"
''
.include "$CONFDIR/common.conf"
@ -22,19 +160,33 @@ let
.include "$CONFDIR/logging.inc"
}
worker {
${mkBindSockets cfg.bindSocket}
.include "$CONFDIR/worker-normal.inc"
}
worker {
${mkBindSockets cfg.bindUISocket}
.include "$CONFDIR/worker-controller.inc"
}
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
worker ${optionalString (value.name != "normal" && value.name != "controller") "${value.name}"} {
type = "${value.type}";
${optionalString (value.enable != null)
"enabled = ${if value.enable != false then "yes" else "no"};"}
${mkBindSockets value.enable value.bindSockets}
${optionalString (value.count != null) "count = ${toString value.count};"}
${concatStringsSep "\n " (map (each: ".include \"${each}\"") value.includes)}
${value.extraConfig}
}
'') cfg.workers)}
${cfg.extraConfig}
'';
allMappedSockets = flatten (mapAttrsToList (name: value:
if value.enable != false
then imap (idx: each: {
name = "${name}";
index = idx;
value = each;
}) value.bindSockets
else []) cfg.workers);
allSockets = map (e: e.value) allMappedSockets;
allSocketNames = map (each: "rspamd-${each.name}-${toString each.index}.socket") allMappedSockets;
in
{
@ -48,36 +200,43 @@ in
enable = mkEnableOption "Whether to run the rspamd daemon.";
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to run the rspamd daemon in debug mode.";
};
bindSocket = mkOption {
type = types.listOf types.str;
default = [
"/run/rspamd/rspamd.sock mode=0660 owner=${cfg.user} group=${cfg.group}"
];
defaultText = ''[
"/run/rspamd/rspamd.sock mode=0660 owner=${cfg.user} group=${cfg.group}"
]'';
socketActivation = mkOption {
type = types.bool;
description = ''
List of sockets to listen, in format acceptable by rspamd
'';
example = ''
bindSocket = [
"/run/rspamd.sock mode=0666 owner=rspamd"
"*:11333"
];
Enable systemd socket activation for rspamd.
'';
};
bindUISocket = mkOption {
type = types.listOf types.str;
default = [
"localhost:11334"
];
workers = mkOption {
type = with types; attrsOf (submodule workerOpts);
description = ''
List of sockets for web interface, in format acceptable by rspamd
Attribute set of workers to start.
'';
default = {
normal = {};
controller = {};
};
example = literalExample ''
{
normal = {
includes = [ "$CONFDIR/worker-normal.inc" ];
bindSockets = [{
socket = "/run/rspamd/rspamd.sock";
mode = "0660";
owner = "${cfg.user}";
group = "${cfg.group}";
}];
};
controller = {
includes = [ "$CONFDIR/worker-controller.inc" ];
bindSockets = [ "[::1]:11334" ];
};
}
'';
};
@ -113,6 +272,13 @@ in
config = mkIf cfg.enable {
services.rspamd.socketActivation = mkDefault (!opts.bindSocket.isDefined && !opts.bindUISocket.isDefined);
assertions = [ {
assertion = !cfg.socketActivation || !(opts.bindSocket.isDefined || opts.bindUISocket.isDefined);
message = "Can't use socketActivation for rspamd when using renamed bind socket options";
} ];
# Allow users to run 'rspamc' and 'rspamadm'.
environment.systemPackages = [ pkgs.rspamd ];
@ -128,17 +294,22 @@ in
gid = config.ids.gids.rspamd;
};
environment.etc."rspamd.conf".source = rspamdConfFile;
systemd.services.rspamd = {
description = "Rspamd Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
wantedBy = mkIf (!cfg.socketActivation) [ "multi-user.target" ];
after = [ "network.target" ] ++
(if cfg.socketActivation then allSocketNames else []);
requires = mkIf cfg.socketActivation allSocketNames;
serviceConfig = {
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
Restart = "always";
RuntimeDirectory = "rspamd";
PrivateTmp = true;
Sockets = mkIf cfg.socketActivation (concatStringsSep " " allSocketNames);
};
preStart = ''
@ -146,5 +317,25 @@ in
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
'';
};
systemd.sockets = mkIf cfg.socketActivation
(listToAttrs (map (each: {
name = "rspamd-${each.name}-${toString each.index}";
value = {
description = "Rspamd socket ${toString each.index} for worker ${each.name}";
wantedBy = [ "sockets.target" ];
listenStreams = (listenStreams each.value.socket);
socketConfig = {
BindIPv6Only = mkIf (isIPv6Socket each.value.socket) "ipv6-only";
Service = "rspamd.service";
SocketUser = mkIf (isUnixSocket each.value.socket) each.value.owner;
SocketGroup = mkIf (isUnixSocket each.value.socket) each.value.group;
SocketMode = mkIf (isUnixSocket each.value.socket) each.value.mode;
};
};
}) allMappedSockets));
};
imports = [
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
];
}

135
nixos/modules/services/misc/home-assistant.nix
Unescape View File

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.home-assistant;
configFile = pkgs.writeText "configuration.yaml" (builtins.toJSON cfg.config);
availableComponents = pkgs.home-assistant.availableComponents;
# Given component "parentConfig.platform", returns whether config.parentConfig
# is a list containing a set with set.platform == "platform".
#
# For example, the component sensor.luftdaten is used as follows:
# config.sensor = [ {
# platform = "luftdaten";
# ...
# } ];
useComponentPlatform = component:
let
path = splitString "." component;
parentConfig = attrByPath (init path) null cfg.config;
platform = last path;
in isList parentConfig && any
(item: item.platform or null == platform)
parentConfig;
# Returns whether component is used in config
useComponent = component:
hasAttrByPath (splitString "." component) cfg.config
|| useComponentPlatform component;
# List of components used in config
extraComponents = filter useComponent availableComponents;
package = if cfg.autoExtraComponents
then (cfg.package.override { inherit extraComponents; })
else cfg.package;
in {
meta.maintainers = with maintainers; [ dotlambda ];
options.services.home-assistant = {
enable = mkEnableOption "Home Assistant";
configDir = mkOption {
default = "/var/lib/hass";
type = types.path;
description = "The config directory, where your <filename>configuration.yaml</filename> is located.";
};
config = mkOption {
default = null;
type = with types; nullOr attrs;
example = literalExample ''
{
homeassistant = {
name = "Home";
time_zone = "UTC";
};
frontend = { };
http = { };
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
}
'';
description = ''
Your <filename>configuration.yaml</filename> as a Nix attribute set.
Beware that setting this option will delete your previous <filename>configuration.yaml</filename>.
'';
};
package = mkOption {
default = pkgs.home-assistant;
defaultText = "pkgs.home-assistant";
type = types.package;
example = literalExample ''
pkgs.home-assistant.override {
extraPackages = ps: with ps; [ colorlog ];
}
'';
description = ''
Home Assistant package to use.
Override <literal>extraPackages</literal> in order to add additional dependencies.
'';
};
autoExtraComponents = mkOption {
default = true;
type = types.bool;
description = ''
If set to <literal>true</literal>, the components used in <literal>config</literal>
are set as the specified package's <literal>extraComponents</literal>.
This in turn adds all packaged dependencies to the derivation.
You might still see import errors in your log.
In this case, you will need to package the necessary dependencies yourself
or ask for someone else to package them.
If a dependency is packaged but not automatically added to this list,
you might need to specify it in <literal>extraPackages</literal>.
'';
};
};
config = mkIf cfg.enable {
systemd.services.home-assistant = {
description = "Home Assistant";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = lib.optionalString (cfg.config != null) ''
rm -f ${cfg.configDir}/configuration.yaml
ln -s ${configFile} ${cfg.configDir}/configuration.yaml
'';
serviceConfig = {
ExecStart = ''
${package}/bin/hass --config "${cfg.configDir}"
'';
User = "hass";
Group = "hass";
Restart = "on-failure";
ProtectSystem = "strict";
ReadWritePaths = "${cfg.configDir}";
PrivateTmp = true;
};
};
users.extraUsers.hass = {
home = cfg.configDir;
createHome = true;
group = "hass";
uid = config.ids.uids.hass;
};
users.extraGroups.hass.gid = config.ids.gids.hass;
};
}

63
nixos/modules/services/misc/matrix-synapse.nix
Unescape View File

@ -4,6 +4,8 @@ with lib;
let
cfg = config.services.matrix-synapse;
pg = config.services.postgresql;
usePostgresql = cfg.database_type == "psycopg2";
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
@ -38,7 +40,7 @@ database: {
name: "${cfg.database_type}",
args: {
${concatStringsSep ",\n " (
mapAttrsToList (n: v: "\"${n}\": ${v}") cfg.database_args
mapAttrsToList (n: v: "\"${n}\": ${builtins.toJSON v}") cfg.database_args
)}
}
}
@ -155,7 +157,7 @@ in {
tls_certificate_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.crt";
example = "${cfg.dataDir}/homeserver.tls.crt";
description = ''
PEM encoded X509 certificate for TLS.
You can replace the self-signed certificate that synapse
@ -167,7 +169,7 @@ in {
tls_private_key_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.key";
example = "${cfg.dataDir}/homeserver.tls.key";
description = ''
PEM encoded private key for TLS. Specify null if synapse is not
speaking TLS directly.
@ -176,7 +178,7 @@ in {
tls_dh_params_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.dh";
example = "${cfg.dataDir}/homeserver.tls.dh";
description = ''
PEM dh parameters for ephemeral keys
'';
@ -184,6 +186,7 @@ in {
server_name = mkOption {
type = types.str;
example = "example.com";
default = config.networking.hostName;
description = ''
The domain name of the server, with optional explicit port.
This is used by remote servers to connect to this server,
@ -339,16 +342,39 @@ in {
};
database_type = mkOption {
type = types.enum [ "sqlite3" "psycopg2" ];
default = "sqlite3";
default = if versionAtLeast config.system.stateVersion "18.03"
then "psycopg2"
else "sqlite3";
description = ''
The database engine name. Can be sqlite or psycopg2.
'';
};
create_local_database = mkOption {
type = types.bool;
default = true;
description = ''
Whether to create a local database automatically.
'';
};
database_name = mkOption {
type = types.str;
default = "matrix-synapse";
description = "Database name.";
};
database_user = mkOption {
type = types.str;
default = "matrix-synapse";
description = "Database user name.";
};
database_args = mkOption {
type = types.attrs;
default = {
database = "${cfg.dataDir}/homeserver.db";
};
sqlite3 = { database = "${cfg.dataDir}/homeserver.db"; };
psycopg2 = {
user = cfg.database_user;
database = cfg.database_name;
};
}."${cfg.database_type}";
description = ''
Arguments to pass to the engine.
'';
@ -623,15 +649,36 @@ in {
gid = config.ids.gids.matrix-synapse;
} ];
services.postgresql.enable = mkIf usePostgresql (mkDefault true);
systemd.services.matrix-synapse = {
description = "Synapse Matrix homeserver";
after = [ "network.target" ];
after = [ "network.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
${cfg.package}/bin/homeserver \
--config-path ${configFile} \
--keys-directory ${cfg.dataDir} \
--generate-keys
'' + optionalString (usePostgresql && cfg.create_local_database) ''
if ! test -e "${cfg.dataDir}/db-created"; then
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createuser \
--login \
--no-createdb \
--no-createrole \
--encrypted \
${cfg.database_user}
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createdb \
--owner=${cfg.database_user} \
--encoding=UTF8 \
--lc-collate=C \
--lc-ctype=C \
--template=template0 \
${cfg.database_name}
touch "${cfg.dataDir}/db-created"
fi
'';
serviceConfig = {
Type = "simple";

58
nixos/modules/services/misc/nix-daemon.nix
Unescape View File

@ -8,7 +8,7 @@ let
nix = cfg.package.out;
isNix112 = versionAtLeast (getVersion nix) "1.12pre";
isNix20 = versionAtLeast (getVersion nix) "2.0pre";
makeNixBuildUser = nr:
{ name = "nixbld${toString nr}";
@ -26,32 +26,40 @@ let
nixConf =
let
# If we're using sandbox for builds, then provide /bin/sh in
# the sandbox as a bind-mount to bash. This means we also need to
# include the entire closure of bash.
# In Nix < 2.0, If we're using sandbox for builds, then provide
# /bin/sh in the sandbox as a bind-mount to bash. This means we
# also need to include the entire closure of bash. Nix >= 2.0
# provides a /bin/sh by default.
sh = pkgs.stdenv.shell;
binshDeps = pkgs.writeReferencesToFile sh;
in
pkgs.runCommand "nix.conf" {extraOptions = cfg.extraOptions; } ''
extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
pkgs.runCommand "nix.conf" { extraOptions = cfg.extraOptions; inherit binshDeps; } ''
${optionalString (!isNix20) ''
extraPaths=$(for i in $(cat binshDeps); do if test -d $i; then echo $i; fi; done)
''}
cat > $out <<END
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
build-max-jobs = ${toString (cfg.maxJobs)}
build-cores = ${toString (cfg.buildCores)}
build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths)
binary-caches = ${toString cfg.binaryCaches}
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys}
${if isNix20 then "max-jobs" else "build-max-jobs"} = ${toString (cfg.maxJobs)}
${if isNix20 then "cores" else "build-cores"} = ${toString (cfg.buildCores)}
${if isNix20 then "sandbox" else "build-use-sandbox"} = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
${if isNix20 then "extra-sandbox-paths" else "build-sandbox-paths"} = ${toString cfg.sandboxPaths} ${optionalString (!isNix20) "/bin/sh=${sh} $(echo $extraPaths)"}
${if isNix20 then "substituters" else "binary-caches"} = ${toString cfg.binaryCaches}
${if isNix20 then "trusted-substituters" else "trusted-binary-caches"} = ${toString cfg.trustedBinaryCaches}
${if isNix20 then "trusted-public-keys" else "binary-cache-public-keys"} = ${toString cfg.binaryCachePublicKeys}
auto-optimise-store = ${boolToString cfg.autoOptimiseStore}
${optionalString cfg.requireSignedBinaryCaches ''
signed-binary-caches = *
${if isNix20 then ''
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"}
'' else ''
signed-binary-caches = ${if cfg.requireSignedBinaryCaches then "*" else ""}
''}
trusted-users = ${toString cfg.trustedUsers}
allowed-users = ${toString cfg.allowedUsers}
${optionalString (isNix20 && !cfg.distributedBuilds) ''
builders =
''}
$extraOptions
END
'';
@ -377,8 +385,9 @@ in
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
systemd.services.nix-daemon =
{ path = [ nix pkgs.openssl.bin pkgs.utillinux config.programs.ssh.package ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
{ path = [ nix pkgs.utillinux ]
++ optionals cfg.distributedBuilds [ config.programs.ssh.package pkgs.gzip ]
++ optionals (!isNix20) [ pkgs.openssl.bin ];
environment = cfg.envVars
// { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
@ -396,10 +405,9 @@ in
};
nix.envVars =
{ NIX_CONF_DIR = "/etc/nix";
}
optionalAttrs (!isNix20) {
NIX_CONF_DIR = "/etc/nix";
// optionalAttrs (!isNix112) {
# Enable the copy-from-other-stores substituter, which allows
# builds to be sped up by copying build results from remote
# Nix stores. To do this, mount the remote file system on a
@ -407,12 +415,8 @@ in
NIX_OTHER_STORES = "/run/nix/remote-stores/*/nix";
}
// optionalAttrs cfg.distributedBuilds {
NIX_BUILD_HOOK =
if isNix112 then
"${nix}/libexec/nix/build-remote"
else
"${nix}/libexec/nix/build-remote.pl";
// optionalAttrs (cfg.distributedBuilds && !isNix20) {
NIX_BUILD_HOOK = "${nix}/libexec/nix/build-remote.pl";
};
# Set up the environment variables for running Nix.
@ -420,7 +424,7 @@ in
{ NIX_PATH = concatStringsSep ":" cfg.nixPath;
};
environment.extraInit =
environment.extraInit = optionalString (!isNix20)
''
# Set up secure multi-user builds: non-root users build through the
# Nix daemon.

11
nixos/modules/services/misc/zookeeper.nix
Unescape View File

@ -106,10 +106,19 @@ in {
'';
};
package = mkOption {
description = "The zookeeper package to use";
default = pkgs.zookeeper;
defaultText = "pkgs.zookeeper";
type = types.package;
};
};
config = mkIf cfg.enable {
environment.systemPackages = [cfg.package];
systemd.services.zookeeper = {
description = "Zookeeper Daemon";
wantedBy = [ "multi-user.target" ];
@ -118,7 +127,7 @@ in {
serviceConfig = {
ExecStart = ''
${pkgs.jre}/bin/java \
-cp "${pkgs.zookeeper}/lib/*:${pkgs.zookeeper}/${pkgs.zookeeper.name}.jar:${configDir}" \
-cp "${cfg.package}/lib/*:${cfg.package}/${cfg.package.name}.jar:${configDir}" \
${escapeShellArgs cfg.extraCmdLineOptions} \
-Dzookeeper.datadir.autocreate=false \
${optionalString cfg.preferIPv4 "-Djava.net.preferIPv4Stack=true"} \

99
nixos/modules/services/network-filesystems/openafs-client/default.nix
Unescape View File

@ -1,99 +0,0 @@
{ config, pkgs, lib, ... }:
let
inherit (lib) mkOption mkIf;
cfg = config.services.openafsClient;
cellServDB = pkgs.fetchurl {
url = http://dl.central.org/dl/cellservdb/CellServDB.2017-03-14;
sha256 = "1197z6c5xrijgf66rhaymnm5cvyg2yiy1i20y4ah4mrzmjx0m7sc";
};
afsConfig = pkgs.runCommand "afsconfig" {} ''
mkdir -p $out
echo ${cfg.cellName} > $out/ThisCell
cp ${cellServDB} $out/CellServDB
echo "/afs:${cfg.cacheDirectory}:${cfg.cacheSize}" > $out/cacheinfo
'';
openafsPkgs = config.boot.kernelPackages.openafsClient;
in
{
###### interface
options = {
services.openafsClient = {
enable = mkOption {
default = false;
description = "Whether to enable the OpenAFS client.";
};
cellName = mkOption {
default = "grand.central.org";
description = "Cell name.";
};
cacheSize = mkOption {
default = "100000";
description = "Cache size.";
};
cacheDirectory = mkOption {
default = "/var/cache/openafs";
description = "Cache directory.";
};
crypt = mkOption {
default = false;
description = "Whether to enable (weak) protocol encryption.";
};
sparse = mkOption {
default = false;
description = "Minimal cell list in /afs.";
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ openafsPkgs ];
environment.etc = [
{ source = afsConfig;
target = "openafs";
}
];
systemd.services.afsd = {
description = "AFS client";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = { RemainAfterExit = true; };
preStart = ''
mkdir -p -m 0755 /afs
mkdir -m 0700 -p ${cfg.cacheDirectory}
${pkgs.kmod}/bin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb
${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"}
'';
# Doing this in preStop, because after these commands AFS is basically
# stopped, so systemd has nothing to do, just noticing it. If done in
# postStop, then we get a hang + kernel oops, because AFS can't be
# stopped simply by sending signals to processes.
preStop = ''
${pkgs.utillinux}/bin/umount /afs
${openafsPkgs}/sbin/afsd -shutdown
'';
};
};
}

239
nixos/modules/services/network-filesystems/openafs/client.nix
Unescape View File

@ -0,0 +1,239 @@
{ config, pkgs, lib, ... }:
with import ./lib.nix { inherit lib; };
let
inherit (lib) getBin mkOption mkIf optionalString singleton types;
cfg = config.services.openafsClient;
cellServDB = pkgs.fetchurl {
url = http://dl.central.org/dl/cellservdb/CellServDB.2017-03-14;
sha256 = "1197z6c5xrijgf66rhaymnm5cvyg2yiy1i20y4ah4mrzmjx0m7sc";
};
clientServDB = pkgs.writeText "client-cellServDB-${cfg.cellName}" (mkCellServDB cfg.cellName cfg.cellServDB);
afsConfig = pkgs.runCommand "afsconfig" {} ''
mkdir -p $out
echo ${cfg.cellName} > $out/ThisCell
cat ${cellServDB} ${clientServDB} > $out/CellServDB
echo "${cfg.mountPoint}:${cfg.cache.directory}:${toString cfg.cache.blocks}" > $out/cacheinfo
'';
openafsMod = config.boot.kernelPackages.openafs;
openafsBin = lib.getBin pkgs.openafs;
in
{
###### interface
options = {
services.openafsClient = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to enable the OpenAFS client.";
};
afsdb = mkOption {
default = true;
type = types.bool;
description = "Resolve cells via AFSDB DNS records.";
};
cellName = mkOption {
default = "";
type = types.str;
description = "Cell name.";
example = "grand.central.org";
};
cellServDB = mkOption {
default = [];
type = with types; listOf (submodule { options = cellServDBConfig; });
description = ''
This cell's database server records, added to the global
CellServDB. See CellServDB(5) man page for syntax. Ignored when
<literal>afsdb</literal> is set to <literal>true</literal>.
'';
example = ''
[ { ip = "1.2.3.4"; dnsname = "first.afsdb.server.dns.fqdn.org"; }
{ ip = "2.3.4.5"; dnsname = "second.afsdb.server.dns.fqdn.org"; }
]
'';
};
cache = {
blocks = mkOption {
default = 100000;
type = types.int;
description = "Cache size in 1KB blocks.";
};
chunksize = mkOption {
default = 0;
type = types.ints.between 0 30;
description = ''
Size of each cache chunk given in powers of
2. <literal>0</literal> resets the chunk size to its default
values (13 (8 KB) for memcache, 18-20 (256 KB to 1 MB) for
diskcache). Maximum value is 30. Important performance
parameter. Set to higher values when dealing with large files.
'';
};
directory = mkOption {
default = "/var/cache/openafs";
type = types.str;
description = "Cache directory.";
};
diskless = mkOption {
default = false;
type = types.bool;
description = ''
Use in-memory cache for diskless machines. Has no real
performance benefit anymore.
'';
};
};
crypt = mkOption {
default = true;
type = types.bool;
description = "Whether to enable (weak) protocol encryption.";
};
daemons = mkOption {
default = 2;
type = types.int;
description = ''
Number of daemons to serve user requests. Numbers higher than 6
usually do no increase performance. Default is sufficient for up
to five concurrent users.
'';
};
fakestat = mkOption {
default = false;
type = types.bool;
description = ''
Return fake data on stat() calls. If <literal>true</literal>,
always do so. If <literal>false</literal>, only do so for
cross-cell mounts (as these are potentially expensive).
'';
};
inumcalc = mkOption {
default = "compat";
type = types.strMatching "compat|md5";
description = ''
Inode calculation method. <literal>compat</literal> is
computationally less expensive, but <literal>md5</literal> greatly
reduces the likelihood of inode collisions in larger scenarios
involving multiple cells mounted into one AFS space.
'';
};
mountPoint = mkOption {
default = "/afs";
type = types.str;
description = ''
Mountpoint of the AFS file tree, conventionally
<literal>/afs</literal>. When set to a different value, only
cross-cells that use the same value can be accessed.
'';
};
sparse = mkOption {
default = true;
type = types.bool;
description = "Minimal cell list in /afs.";
};
startDisconnected = mkOption {
default = false;
type = types.bool;
description = ''
Start up in disconnected mode. You need to execute
<literal>fs disco online</literal> (as root) to switch to
connected mode. Useful for roaming devices.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.afsdb || cfg.cellServDB != [];
message = "You should specify all cell-local database servers in config.services.openafsClient.cellServDB or set config.services.openafsClient.afsdb.";
}
{ assertion = cfg.cellName != "";
message = "You must specify the local cell name in config.services.openafsClient.cellName.";
}
];
environment.systemPackages = [ pkgs.openafs ];
environment.etc = {
clientCellServDB = {
source = pkgs.runCommand "CellServDB" {} ''
cat ${cellServDB} ${clientServDB} > $out
'';
target = "openafs/CellServDB";
mode = "0644";
};
clientCell = {
text = ''
${cfg.cellName}
'';
target = "openafs/ThisCell";
mode = "0644";
};
};
systemd.services.afsd = {
description = "AFS client";
wantedBy = [ "multi-user.target" ];
after = singleton (if cfg.startDisconnected then "network.target" else "network-online.target");
serviceConfig = { RemainAfterExit = true; };
restartIfChanged = false;
preStart = ''
mkdir -p -m 0755 ${cfg.mountPoint}
mkdir -m 0700 -p ${cfg.cache.directory}
${pkgs.kmod}/bin/insmod ${openafsMod}/lib/modules/*/extra/openafs/libafs.ko.xz
${openafsBin}/sbin/afsd \
-mountdir ${cfg.mountPoint} \
-confdir ${afsConfig} \
${optionalString (!cfg.cache.diskless) "-cachedir ${cfg.cache.directory}"} \
-blocks ${toString cfg.cache.blocks} \
-chunksize ${toString cfg.cache.chunksize} \
${optionalString cfg.cache.diskless "-memcache"} \
-inumcalc ${cfg.inumcalc} \
${if cfg.fakestat then "-fakestat-all" else "-fakestat"} \
${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} \
${optionalString cfg.afsdb "-afsdb"}
${openafsBin}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"}
${optionalString cfg.startDisconnected "${openafsBin}/bin/fs discon offline"}
'';
# Doing this in preStop, because after these commands AFS is basically
# stopped, so systemd has nothing to do, just noticing it. If done in
# postStop, then we get a hang + kernel oops, because AFS can't be
# stopped simply by sending signals to processes.
preStop = ''
${pkgs.utillinux}/bin/umount ${cfg.mountPoint}
${openafsBin}/sbin/afsd -shutdown
${pkgs.kmod}/sbin/rmmod libafs
'';
};
};
}

28
nixos/modules/services/network-filesystems/openafs/lib.nix
Unescape View File

@ -0,0 +1,28 @@
{ lib, ...}:
let
inherit (lib) concatStringsSep mkOption types;
in rec {
mkCellServDB = cellName: db: ''
>${cellName}
'' + (concatStringsSep "\n" (map (dbm: if (dbm.ip != "" && dbm.dnsname != "") then dbm.ip + " #" + dbm.dnsname else "")
db));
# CellServDB configuration type
cellServDBConfig = {
ip = mkOption {
type = types.str;
default = "";
example = "1.2.3.4";
description = "IP Address of a database server";
};
dnsname = mkOption {
type = types.str;
default = "";
example = "afs.example.org";
description = "DNS full-qualified domain name of a database server";
};
};
}

260
nixos/modules/services/network-filesystems/openafs/server.nix
Unescape View File

@ -0,0 +1,260 @@
{ config, pkgs, lib, ... }:
with import ./lib.nix { inherit lib; };
let
inherit (lib) concatStringsSep intersperse mapAttrsToList mkForce mkIf mkMerge mkOption optionalString types;
bosConfig = pkgs.writeText "BosConfig" (''
restrictmode 1
restarttime 16 0 0 0 0
checkbintime 3 0 5 0 0
'' + (optionalString cfg.roles.database.enable ''
bnode simple vlserver 1
parm ${openafsBin}/libexec/openafs/vlserver ${optionalString cfg.dottedPrincipals "-allow-dotted-principals"} ${cfg.roles.database.vlserverArgs}
end
bnode simple ptserver 1
parm ${openafsBin}/libexec/openafs/ptserver ${optionalString cfg.dottedPrincipals "-allow-dotted-principals"} ${cfg.roles.database.ptserverArgs}
end
'') + (optionalString cfg.roles.fileserver.enable ''
bnode dafs dafs 1
parm ${openafsBin}/libexec/openafs/dafileserver ${optionalString cfg.dottedPrincipals "-allow-dotted-principals"} -udpsize ${udpSizeStr} ${cfg.roles.fileserver.fileserverArgs}
parm ${openafsBin}/libexec/openafs/davolserver ${optionalString cfg.dottedPrincipals "-allow-dotted-principals"} -udpsize ${udpSizeStr} ${cfg.roles.fileserver.volserverArgs}
parm ${openafsBin}/libexec/openafs/salvageserver ${cfg.roles.fileserver.salvageserverArgs}
parm ${openafsBin}/libexec/openafs/dasalvager ${cfg.roles.fileserver.salvagerArgs}
end
'') + (optionalString (cfg.roles.database.enable && cfg.roles.backup.enable) ''
bnode simple buserver 1
parm ${openafsBin}/libexec/openafs/buserver ${cfg.roles.backup.buserverArgs} ${optionalString (cfg.roles.backup.cellServDB != []) "-cellservdb /etc/openafs/backup/"}
end
''));
netInfo = if (cfg.advertisedAddresses != []) then
pkgs.writeText "NetInfo" ((concatStringsSep "\nf " cfg.advertisedAddresses) + "\n")
else null;
buCellServDB = pkgs.writeText "backup-cellServDB-${cfg.cellName}" (mkCellServDB cfg.cellName cfg.roles.backup.cellServDB);
cfg = config.services.openafsServer;
udpSizeStr = toString cfg.udpPacketSize;
openafsBin = lib.getBin pkgs.openafs;
in {
options = {
services.openafsServer = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable the OpenAFS server. An OpenAFS server needs a
complex setup. So, be aware that enabling this service and setting
some options does not give you a turn-key-ready solution. You need
at least a running Kerberos 5 setup, as OpenAFS relies on it for
authentication. See the Guide "QuickStartUnix" coming with
<literal>pkgs.openafs.doc</literal> for complete setup
instructions.
'';
};
advertisedAddresses = mkOption {
default = [];
description = "List of IP addresses this server is advertised under. See NetInfo(5)";
};
cellName = mkOption {
default = "";
type = types.str;
description = "Cell name, this server will serve.";
example = "grand.central.org";
};
cellServDB = mkOption {
default = [];
type = with types; listOf (submodule [ { options = cellServDBConfig;} ]);
description = "Definition of all cell-local database server machines.";
};
roles = {
fileserver = {
enable = mkOption {
default = true;
type = types.bool;
description = "Fileserver role, serves files and volumes from its local storage.";
};
fileserverArgs = mkOption {
default = "-vattachpar 128 -vhashsize 11 -L -rxpck 400 -cb 1000000";
type = types.str;
description = "Arguments to the dafileserver process. See its man page.";
};
volserverArgs = mkOption {
default = "";
type = types.str;
description = "Arguments to the davolserver process. See its man page.";
example = "-sync never";
};
salvageserverArgs = mkOption {
default = "";
type = types.str;
description = "Arguments to the salvageserver process. See its man page.";
example = "-showlog";
};
salvagerArgs = mkOption {
default = "";
type = types.str;
description = "Arguments to the dasalvager process. See its man page.";
example = "-showlog -showmounts";
};
};
database = {
enable = mkOption {
default = true;
type = types.bool;
description = ''
Database server role, maintains the Volume Location Database,
Protection Database (and Backup Database, see
<literal>backup</literal> role). There can be multiple
servers in the database role for replication, which then need
reliable network connection to each other.
Servers in this role appear in AFSDB DNS records or the
CellServDB.
'';
};
vlserverArgs = mkOption {
default = "";
type = types.str;
description = "Arguments to the vlserver process. See its man page.";
example = "-rxbind";
};
ptserverArgs = mkOption {
default = "";
type = types.str;
description = "Arguments to the ptserver process. See its man page.";
example = "-restricted -default_access S---- S-M---";
};
};
backup = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Backup server role. Use in conjunction with the
<literal>database</literal> role to maintain the Backup
Database. Normally only used in conjunction with tape storage
or IBM's Tivoli Storage Manager.
'';
};
buserverArgs = mkOption {
default = "";
type = types.str;
description = "Arguments to the buserver process. See its man page.";
example = "-p 8";
};
cellServDB = mkOption {
default = [];
type = with types; listOf (submodule [ { options = cellServDBConfig;} ]);
description = ''
Definition of all cell-local backup database server machines.
Use this when your cell uses less backup database servers than
other database server machines.
'';
};
};
};
dottedPrincipals= mkOption {
default = false;
type = types.bool;
description = ''
If enabled, allow principal names containing (.) dots. Enabling
this has security implications!
'';
};
udpPacketSize = mkOption {
default = 1310720;
type = types.int;
description = ''
UDP packet size to use in Bytes. Higher values can speed up
communications. The default of 1 MB is a sufficient in most
cases. Make sure to increase the kernel's UDP buffer size
accordingly via <literal>net.core(w|r|opt)mem_max</literal>
sysctl.
'';
};
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.cellServDB != [];
message = "You must specify all cell-local database servers in config.services.openafsServer.cellServDB.";
}
{ assertion = cfg.cellName != "";
message = "You must specify the local cell name in config.services.openafsServer.cellName.";
}
];
environment.systemPackages = [ pkgs.openafs ];
environment.etc = {
bosConfig = {
source = bosConfig;
target = "openafs/BosConfig";
mode = "0644";
};
cellServDB = {
text = mkCellServDB cfg.cellName cfg.cellServDB;
target = "openafs/server/CellServDB";
mode = "0644";
};
thisCell = {
text = cfg.cellName;
target = "openafs/server/ThisCell";
mode = "0644";
};
buCellServDB = {
enable = (cfg.roles.backup.cellServDB != []);
text = mkCellServDB cfg.cellName cfg.roles.backup.cellServDB;
target = "openafs/backup/CellServDB";
};
};
systemd.services = {
openafs-server = {
description = "OpenAFS server";
after = [ "syslog.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
unitConfig.ConditionPathExists = [ "/etc/openafs/server/rxkad.keytab" ];
preStart = ''
mkdir -m 0755 -p /var/openafs
${optionalString (netInfo != null) "cp ${netInfo} /var/openafs/netInfo"}
${optionalString (cfg.roles.backup.cellServDB != []) "cp ${buCellServDB}"}
'';
serviceConfig = {
ExecStart = "${openafsBin}/bin/bosserver -nofork";
ExecStop = "${openafsBin}/bin/bos shutdown localhost -wait -localauth";
};
};
};
};
}

10
nixos/modules/services/networking/aria2.nix
Unescape View File

@ -10,9 +10,9 @@ let
settingsDir = "${homeDir}";
sessionFile = "${homeDir}/aria2.session";
downloadDir = "${homeDir}/Downloads";
rangesToStringList = map (x: builtins.toString x.from +"-"+ builtins.toString x.to);
settingsFile = pkgs.writeText "aria2.conf"
''
dir=${cfg.downloadDir}
@ -110,12 +110,12 @@ in
mkdir -m 0770 -p "${homeDir}"
chown aria2:aria2 "${homeDir}"
if [[ ! -d "${config.services.aria2.downloadDir}" ]]
then
then
mkdir -m 0770 -p "${config.services.aria2.downloadDir}"
chown aria2:aria2 "${config.services.aria2.downloadDir}"
fi
if [[ ! -e "${sessionFile}" ]]
then
then
touch "${sessionFile}"
chown aria2:aria2 "${sessionFile}"
fi
@ -132,4 +132,4 @@ in
};
};
};
}
}

6
nixos/modules/services/networking/kresd.nix
Unescape View File

@ -43,7 +43,7 @@ in
type = with types; listOf str;
default = [ "::1" "127.0.0.1" ];
description = ''
What addresses the server should listen on.
What addresses the server should listen on. (UDP+TCP 53)
'';
};
# TODO: perhaps options for more common stuff like cache size or forwarding
@ -99,9 +99,9 @@ in
Restart = "on-failure";
};
# Trust anchor goes from dns-root-data by default.
script = ''
exec '${package}/bin/kresd' --config '${configFile}' \
-k '${pkgs.dns-root-data}/root.key'
exec '${package}/bin/kresd' --config '${configFile}' --forks=1
'';
requires = [ "kresd.socket" ];

238
nixos/modules/services/networking/monero.nix
Unescape View File

@ -0,0 +1,238 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.monero;
dataDir = "/var/lib/monero";
listToConf = option: list:
concatMapStrings (value: "${option}=${value}\n") list;
login = (cfg.rpc.user != null && cfg.rpc.password != null);
configFile = with cfg; pkgs.writeText "monero.conf" ''
log-file=/dev/stdout
data-dir=${dataDir}
${optionalString mining.enable ''
start-mining=${mining.address}
mining-threads=${toString mining.threads}
''}
rpc-bind-ip=${rpc.address}
rpc-bind-port=${toString rpc.port}
${optionalString login ''
rpc-login=${rpc.user}:${rpc.password}
''}
${optionalString rpc.restricted ''
restrict-rpc=1
''}
limit-rate-up=${toString limits.upload}
limit-rate-down=${toString limits.download}
max-concurrency=${toString limits.threads}
block-sync-size=${toString limits.syncSize}
${listToConf "add-peer" extraNodes}
${listToConf "add-priority-node" priorityNodes}
${listToConf "add-exclusive-node" exclusiveNodes}
${extraConfig}
'';
in
{
###### interface
options = {
services.monero = {
enable = mkEnableOption "Monero node daemon.";
mining.enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to mine moneroj.
'';
};
mining.address = mkOption {
type = types.str;
default = "";
description = ''
Monero address where to send mining rewards.
'';
};
mining.threads = mkOption {
type = types.addCheck types.int (x: x>=0);
default = 0;
description = ''
Number of threads used for mining.
Set to <literal>0</literal> to use all available.
'';
};
rpc.user = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
User name for RPC connections.
'';
};
rpc.password = mkOption {
type = types.str;
default = null;
description = ''
Password for RPC connections.
'';
};
rpc.address = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
IP address the RPC server will bind to.
'';
};
rpc.port = mkOption {
type = types.int;
default = 18081;
description = ''
Port the RPC server will bind to.
'';
};
rpc.restricted = mkOption {
type = types.bool;
default = false;
description = ''
Whether to restrict RPC to view only commands.
'';
};
limits.upload = mkOption {
type = types.addCheck types.int (x: x>=-1);
default = -1;
description = ''
Limit of the upload rate in kB/s.
Set to <literal>-1</literal> to leave unlimited.
'';
};
limits.download = mkOption {
type = types.addCheck types.int (x: x>=-1);
default = -1;
description = ''
Limit of the download rate in kB/s.
Set to <literal>-1</literal> to leave unlimited.
'';
};
limits.threads = mkOption {
type = types.addCheck types.int (x: x>=0);
default = 0;
description = ''
Maximum number of threads used for a parallel job.
Set to <literal>0</literal> to leave unlimited.
'';
};
limits.syncSize = mkOption {
type = types.addCheck types.int (x: x>=0);
default = 0;
description = ''
Maximum number of blocks to sync at once.
Set to <literal>0</literal> for adaptive.
'';
};
extraNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
List of additional peer IP addresses to add to the local list.
'';
};
priorityNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
List of peer IP addresses to connect to and
attempt to keep the connection open.
'';
};
exclusiveNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
List of peer IP addresses to connect to *only*.
If given the other peer options will be ignored.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra lines to be added verbatim to monerod configuration.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = singleton {
name = "monero";
uid = config.ids.uids.monero;
description = "Monero daemon user";
home = dataDir;
createHome = true;
};
users.extraGroups = singleton {
name = "monero";
gid = config.ids.gids.monero;
};
systemd.services.monero = {
description = "monero daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "monero";
Group = "monero";
ExecStart = "${pkgs.monero}/bin/monerod --config-file=${configFile} --non-interactive";
Restart = "always";
SuccessExitStatus = [ 0 1 ];
};
};
assertions = singleton {
assertion = cfg.mining.enable -> cfg.mining.address != "";
message = ''
You need a Monero address to receive mining rewards:
specify one using option monero.mining.address.
'';
};
};
}

2
nixos/modules/services/networking/mosquitto.nix
Unescape View File

@ -212,7 +212,7 @@ in
'' + concatStringsSep "\n" (
mapAttrsToList (n: c:
if c.hashedPassword != null then
"echo '${n}:${c.hashedPassword}' > ${cfg.dataDir}/passwd"
"echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd"
else optionalString (c.password != null)
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} ${c.password}"
) cfg.users);

63
nixos/modules/services/networking/rxe.nix
Unescape View File

@ -0,0 +1,63 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.networking.rxe;
runRxeCmd = cmd: ifcs:
concatStrings ( map (x: "${pkgs.rdma-core}/bin/rxe_cfg -n ${cmd} ${x};") ifcs);
startScript = pkgs.writeShellScriptBin "rxe-start" ''
${pkgs.rdma-core}/bin/rxe_cfg -n start
${runRxeCmd "add" cfg.interfaces}
${pkgs.rdma-core}/bin/rxe_cfg
'';
stopScript = pkgs.writeShellScriptBin "rxe-stop" ''
${runRxeCmd "remove" cfg.interfaces }
${pkgs.rdma-core}/bin/rxe_cfg -n stop
'';
in {
###### interface
options = {
networking.rxe = {
enable = mkEnableOption "RDMA over converged ethernet";
interfaces = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "eth0" ];
description = ''
Enable RDMA on the listed interfaces. The corresponding virtual
RDMA interfaces will be named rxe0 ... rxeN where the ordering
will be as they are named in the list. UDP port 4791 must be
open on the respective ethernet interfaces.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.rxe = {
path = with pkgs; [ kmod rdma-core ];
description = "RoCE interfaces";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-modules-load.service" "network-online.target" ];
wants = [ "network-pre.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${startScript}/bin/rxe-start";
ExecStop = "${stopScript}/bin/rxe-stop";
};
};
};
}

3
nixos/modules/services/networking/ssh/sshd.nix
Unescape View File

@ -375,9 +375,6 @@ in
# LogLevel VERBOSE logs user's key fingerprint on login.
# Needed to have a clear audit track of which key was used to log in.
LogLevel VERBOSE
# Use kernel sandbox mechanisms where possible in unprivileged processes.
UsePrivilegeSeparation sandbox
'';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;

64
nixos/modules/services/security/physlock.nix
Unescape View File

@ -30,6 +30,20 @@ in
'';
};
allowAnyUser = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow any user to lock the screen. This will install a
setuid wrapper to allow any user to start physlock as root, which
is a minor security risk. Call the physlock binary to use this instead
of using the systemd service.
Note that you might need to relog to have the correct binary in your
PATH upon changing this option.
'';
};
disableSysRq = mkOption {
type = types.bool;
default = true;
@ -79,28 +93,36 @@ in
###### implementation
config = mkIf cfg.enable {
# for physlock -l and physlock -L
environment.systemPackages = [ pkgs.physlock ];
systemd.services."physlock" = {
enable = true;
description = "Physlock";
wantedBy = optional cfg.lockOn.suspend "suspend.target"
++ optional cfg.lockOn.hibernate "hibernate.target"
++ cfg.lockOn.extraTargets;
before = optional cfg.lockOn.suspend "systemd-suspend.service"
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
++ cfg.lockOn.extraTargets;
serviceConfig.Type = "forking";
script = ''
${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}
'';
};
config = mkIf cfg.enable (mkMerge [
{
# for physlock -l and physlock -L
environment.systemPackages = [ pkgs.physlock ];
systemd.services."physlock" = {
enable = true;
description = "Physlock";
wantedBy = optional cfg.lockOn.suspend "suspend.target"
++ optional cfg.lockOn.hibernate "hibernate.target"
++ cfg.lockOn.extraTargets;
before = optional cfg.lockOn.suspend "systemd-suspend.service"
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
++ cfg.lockOn.extraTargets;
serviceConfig = {
Type = "forking";
ExecStart = "${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}";
};
};
security.pam.services.physlock = {};
security.pam.services.physlock = {};
};
}
(mkIf cfg.allowAnyUser {
security.wrappers.physlock = { source = "${pkgs.physlock}/bin/physlock"; user = "root"; };
})
]);
}

30
nixos/modules/services/security/tor.nix
Unescape View File

@ -88,6 +88,9 @@ let
${flip concatMapStrings v.map (p: ''
HiddenServicePort ${toString p.port} ${p.destination}
'')}
${optionalString (v.authorizeClient != null) ''
HiddenServiceAuthorizeClient ${v.authorizeClient.authType} ${concatStringsSep "," v.authorizeClient.clientNames}
''}
''))
+ cfg.extraConfig;
@ -619,6 +622,33 @@ in
}));
};
authorizeClient = mkOption {
default = null;
description = "If configured, the hidden service is accessible for authorized clients only.";
type = types.nullOr (types.submodule ({config, ...}: {
options = {
authType = mkOption {
type = types.enum [ "basic" "stealth" ];
description = ''
Either <literal>"basic"</literal> for a general-purpose authorization protocol
or <literal>"stealth"</literal> for a less scalable protocol
that also hides service activity from unauthorized clients.
'';
};
clientNames = mkOption {
type = types.nonEmptyListOf (types.strMatching "[A-Za-z0-9+-_]+");
description = ''
Only clients that are listed here are authorized to access the hidden service.
Generated authorization data can be found in <filename>${torDirectory}/onion/$name/hostname</filename>.
Clients need to put this authorization data in their configuration file using <literal>HidServAuth</literal>.
'';
};
};
}));
};
};
config = {

12
nixos/modules/services/web-servers/traefik.nix
Unescape View File

@ -64,6 +64,16 @@ in {
'';
};
group = mkOption {
default = "traefik";
type = types.string;
example = "docker";
description = ''
Set the group that traefik runs under.
For the docker backend this needs to be set to <literal>docker</literal> instead.
'';
};
package = mkOption {
default = pkgs.traefik;
defaultText = "pkgs.traefik";
@ -87,7 +97,7 @@ in {
];
Type = "simple";
User = "traefik";
Group = "traefik";
Group = cfg.group;
Restart = "on-failure";
StartLimitInterval = 86400;
StartLimitBurst = 5;

12
nixos/modules/services/x11/desktop-managers/plasma5.nix
Unescape View File

@ -47,6 +47,18 @@ in
${getBin config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
''}
if [ -f "$HOME/.config/kdeglobals" ]
then
# Remove extraneous font style names.
# See also: https://phabricator.kde.org/D9070
${getBin pkgs.gnused}/bin/sed -i "$HOME/.config/kdeglobals" \
-e '/^fixed=/ s/,Regular$//' \
-e '/^font=/ s/,Regular$//' \
-e '/^menuFont=/ s/,Regular$//' \
-e '/^smallestReadableFont=/ s/,Regular$//' \
-e '/^toolBarFont=/ s/,Regular$//'
fi
exec "${getBin plasma5.plasma-workspace}/bin/startkde"
'';
};

4
nixos/modules/services/x11/window-managers/2bwm.nix
Unescape View File

@ -25,12 +25,12 @@ in
{ name = "2bwm";
start =
''
${pkgs."2bwm"}/bin/2bwm &
${pkgs._2bwm}/bin/2bwm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs."2bwm" ];
environment.systemPackages = [ pkgs._2bwm ];
};

3
nixos/modules/system/boot/kernel.nix
Unescape View File

@ -206,7 +206,8 @@ in
"xhci_hcd"
"xhci_pci"
"usbhid"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat" "hid_logitech_hidpp"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
"hid_logitech_hidpp" "hid_logitech_dj"
] ++ optionals (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
# Misc. x86 keyboard stuff.

27
nixos/modules/tasks/filesystems/zfs.nix
Unescape View File

@ -24,7 +24,11 @@ let
kernel = config.boot.kernelPackages;
packages = if config.boot.zfs.enableUnstable then {
packages = if config.boot.zfs.enableLegacyCrypto then {
spl = kernel.splLegacyCrypto;
zfs = kernel.zfsLegacyCrypto;
zfsUser = pkgs.zfsLegacyCrypto;
} else if config.boot.zfs.enableUnstable then {
spl = kernel.splUnstable;
zfs = kernel.zfsUnstable;
zfsUser = pkgs.zfsUnstable;
@ -75,6 +79,27 @@ in
'';
};
enableLegacyCrypto = mkOption {
type = types.bool;
default = false;
description = ''
Enabling this option will allow you to continue to use the old format for
encrypted datasets. With the inclusion of stability patches the format of
encrypted datasets has changed. They can still be accessed and mounted but
in read-only mode mounted. It is highly recommended to convert them to
the new format.
This option is only for convenience to people that cannot convert their
datasets to the new format yet and it will be removed in due time.
For migration strategies from old format to this new one, check the Wiki:
https://nixos.wiki/wiki/NixOS_on_ZFS#Encrypted_Dataset_Format_Change
See https://github.com/zfsonlinux/zfs/pull/6864 for more details about
the stability patches.
'';
};
extraPools = mkOption {
type = types.listOf types.str;
default = [];

4
nixos/modules/tasks/network-interfaces-scripted.nix
Unescape View File

@ -230,9 +230,7 @@ let
RemainAfterExit = true;
};
script = ''
ip tuntap add dev "${i.name}" \
${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \
user "${i.virtualOwner}"
ip tuntap add dev "${i.name}" mode "${i.virtualType}" user "${i.virtualOwner}"
'';
postStop = ''
ip link del ${i.name} || true

24
nixos/modules/tasks/network-interfaces-systemd.nix
Unescape View File

@ -74,21 +74,17 @@ in
networks."99-main" = genericNetwork mkDefault;
}
(mkMerge (flip map interfaces (i: {
netdevs = mkIf i.virtual (
let
devType = if i.virtualType != null then i.virtualType
else (if hasPrefix "tun" i.name then "tun" else "tap");
in {
"40-${i.name}" = {
netdevConfig = {
Name = i.name;
Kind = devType;
};
"${devType}Config" = optionalAttrs (i.virtualOwner != null) {
User = i.virtualOwner;
};
netdevs = mkIf i.virtual ({
"40-${i.name}" = {
netdevConfig = {
Name = i.name;
Kind = i.virtualType;
};
});
"${i.virtualType}Config" = optionalAttrs (i.virtualOwner != null) {
User = i.virtualOwner;
};
};
});
networks."40-${i.name}" = mkMerge [ (genericNetwork mkDefault) {
name = mkDefault i.name;
DHCP = mkForce (dhcpStr

10
nixos/modules/tasks/network-interfaces.nix
Unescape View File

@ -273,11 +273,13 @@ let
};
virtualType = mkOption {
default = null;
type = with types; nullOr (enum [ "tun" "tap" ]);
default = if hasPrefix "tun" name then "tun" else "tap";
defaultText = literalExample ''if hasPrefix "tun" name then "tun" else "tap"'';
type = with types; enum [ "tun" "tap" ];
description = ''
The explicit type of interface to create. Accepts tun or tap strings.
Also accepts null to implicitly detect the type of device.
The type of interface to create.
The default is TUN for an interface name starting
with "tun", otherwise TAP.
'';
};

25
nixos/modules/virtualisation/xen-dom0.nix
Unescape View File

@ -35,24 +35,19 @@ in
description = ''
The package used for Xen binary.
'';
relatedPackages = [ "xen" "xen-light" ];
};
virtualisation.xen.qemu = mkOption {
type = types.path;
defaultText = "\${pkgs.xen}/lib/xen/bin/qemu-system-i386";
example = literalExample "''${pkgs.qemu_xen-light}/bin/qemu-system-i386";
description = ''
The qemu binary to use for Dom-0 backend.
'';
};
virtualisation.xen.qemu-package = mkOption {
virtualisation.xen.package-qemu = mkOption {
type = types.package;
defaultText = "pkgs.xen";
example = literalExample "pkgs.qemu_xen-light";
description = ''
The package with qemu binaries for xendomains.
The package with qemu binaries for dom0 qemu and xendomains.
'';
relatedPackages = [ "xen"
{ name = "qemu_xen-light"; comment = "For use with pkgs.xen-light."; }
];
};
virtualisation.xen.bootParams =
@ -158,8 +153,7 @@ in
} ];
virtualisation.xen.package = mkDefault pkgs.xen;
virtualisation.xen.qemu = mkDefault "${pkgs.xen}/lib/xen/bin/qemu-system-i386";
virtualisation.xen.qemu-package = mkDefault pkgs.xen;
virtualisation.xen.package-qemu = mkDefault pkgs.xen;
virtualisation.xen.stored = mkDefault "${cfg.package}/bin/oxenstored";
environment.systemPackages = [ cfg.package ];
@ -339,7 +333,8 @@ in
after = [ "xen-console.service" ];
requires = [ "xen-store.service" ];
serviceConfig.ExecStart = ''
${cfg.qemu} -xen-attach -xen-domid 0 -name dom0 -M xenpv \
${cfg.package-qemu}/${cfg.package-qemu.qemu-system-i386} \
-xen-attach -xen-domid 0 -name dom0 -M xenpv \
-nographic -monitor /dev/null -serial /dev/null -parallel /dev/null
'';
};
@ -448,7 +443,7 @@ in
before = [ "dhcpd.service" ];
restartIfChanged = false;
serviceConfig.RemainAfterExit = "yes";
path = [ cfg.package cfg.qemu-package ];
path = [ cfg.package cfg.package-qemu ];
environment.XENDOM_CONFIG = "${cfg.package}/etc/sysconfig/xendomains";
preStart = "mkdir -p /var/lock/subsys -m 755";
serviceConfig.ExecStart = "${cfg.package}/etc/init.d/xendomains start";

5
nixos/release-combined.nix
Unescape View File

@ -2,7 +2,7 @@
# and nixos-14.04). The channel is updated every time the ‘tested’ job
# succeeds, and all other jobs have finished (they may fail).
{ nixpkgs ? { outPath = ./..; revCount = 56789; shortRev = "gfedcba"; }
{ nixpkgs ? { outPath = (import ../lib).cleanSource ./..; revCount = 56789; shortRev = "gfedcba"; }
, stableBranch ? false
, supportedSystems ? [ "x86_64-linux" ]
, limitedSupportedSystems ? [ "i686-linux" ]
@ -52,7 +52,8 @@ in rec {
(all nixos.dummy)
(all nixos.manual)
(all nixos.iso_minimal)
nixos.iso_minimal.x86_64-linux
nixos.iso_minimal.i686-linux
nixos.iso_graphical.x86_64-linux
nixos.ova.x86_64-linux

3
nixos/release-small.nix
Unescape View File

@ -2,7 +2,7 @@
# small subset of Nixpkgs, mostly useful for servers that need fast
# security updates.
{ nixpkgs ? { outPath = ./..; revCount = 56789; shortRev = "gfedcba"; }
{ nixpkgs ? { outPath = (import ../lib).cleanSource ./..; revCount = 56789; shortRev = "gfedcba"; }
, stableBranch ? false
, supportedSystems ? [ "x86_64-linux" ] # no i686-linux
}:
@ -41,6 +41,7 @@ in rec {
nfs3
openssh
php-pcre
predictable-interface-names
proxy
simple;
installer = {

8
nixos/release.nix
Unescape View File

@ -1,4 +1,4 @@
{ nixpkgs ? { outPath = ./..; revCount = 56789; shortRev = "gfedcba"; }
{ nixpkgs ? { outPath = (import ../lib).cleanSource ./..; revCount = 56789; shortRev = "gfedcba"; }
, stableBranch ? false
, supportedSystems ? [ "x86_64-linux" "aarch64-linux" ]
}:
@ -267,6 +267,7 @@ in rec {
tests.graphite = callTest tests/graphite.nix {};
tests.hardened = callTest tests/hardened.nix { };
tests.hibernate = callTest tests/hibernate.nix {};
tests.home-assistant = callTest tests/home-assistant.nix { };
tests.hound = callTest tests/hound.nix {};
tests.hocker-fetchdocker = callTest tests/hocker-fetchdocker {};
tests.i3wm = callTest tests/i3wm.nix {};
@ -292,6 +293,7 @@ in rec {
tests.login = callTest tests/login.nix {};
#tests.logstash = callTest tests/logstash.nix {};
tests.mathics = callTest tests/mathics.nix {};
tests.matrix-synapse = callTest tests/matrix-synapse.nix {};
tests.mesos = callTest tests/mesos.nix {};
tests.misc = callTest tests/misc.nix {};
tests.mongodb = callTest tests/mongodb.nix {};
@ -325,6 +327,7 @@ in rec {
tests.pgmanage = callTest tests/pgmanage.nix {};
tests.postgis = callTest tests/postgis.nix {};
#tests.pgjwt = callTest tests/pgjwt.nix {};
tests.predictable-interface-names = callSubTests tests/predictable-interface-names.nix {};
tests.printing = callTest tests/printing.nix {};
tests.prometheus = callTest tests/prometheus.nix {};
tests.proxy = callTest tests/proxy.nix {};
@ -332,7 +335,9 @@ in rec {
# tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.radicale = callTest tests/radicale.nix {};
tests.rspamd = callSubTests tests/rspamd.nix {};
tests.runInMachine = callTest tests/run-in-machine.nix {};
tests.rxe = callTest tests/rxe.nix {};
tests.samba = callTest tests/samba.nix {};
tests.sddm = callSubTests tests/sddm.nix {};
tests.simple = callTest tests/simple.nix {};
@ -350,6 +355,7 @@ in rec {
tests.wordpress = callTest tests/wordpress.nix {};
tests.xfce = callTest tests/xfce.nix {};
tests.xmonad = callTest tests/xmonad.nix {};
tests.yabar = callTest tests/yabar.nix {};
tests.zookeeper = callTest tests/zookeeper.nix {};
/* Build a bunch of typical closures so that Hydra can keep track of

46
nixos/tests/home-assistant.nix
Unescape View File

@ -0,0 +1,46 @@
import ./make-test.nix ({ pkgs, ... }:
let
configDir = "/var/lib/foobar";
in {
name = "home-assistant";
nodes = {
hass =
{ config, pkgs, ... }:
{
services.home-assistant = {
inherit configDir;
enable = true;
config = {
homeassistant = {
name = "Home";
time_zone = "UTC";
latitude = "0.0";
longitude = "0.0";
elevation = 0;
};
frontend = { };
http = { };
};
};
};
};
testScript = ''
startAll;
$hass->waitForUnit("home-assistant.service");
# Since config is specified using a Nix attribute set,
# configuration.yaml is a link to the Nix store
$hass->succeed("test -L ${configDir}/configuration.yaml");
# Check that Home Assistant's web interface and API can be reached
$hass->waitForOpenPort(8123);
$hass->succeed("curl --fail http://localhost:8123/states");
$hass->succeed("curl --fail http://localhost:8123/api/ | grep 'API running'");
$hass->fail("cat ${configDir}/home-assistant.log | grep -qF ERROR");
'';
})

2
nixos/tests/make-test.nix
Unescape View File

@ -2,4 +2,4 @@ f: { system ? builtins.currentSystem, ... } @ args:
with import ../lib/testing.nix { inherit system; };
makeTest (if builtins.isFunction f then f (args // { inherit pkgs; inherit (pkgs) lib; }) else f)
makeTest (if pkgs.lib.isFunction f then f (args // { inherit pkgs; inherit (pkgs) lib; }) else f)

30
nixos/tests/matrix-synapse.nix
Unescape View File

@ -0,0 +1,30 @@
import ./make-test.nix ({ pkgs, ... } : {
name = "matrix-synapse";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ corngood ];
};
nodes = {
server_postgres = args: {
services.matrix-synapse.enable = true;
services.matrix-synapse.database_type = "psycopg2";
};
server_sqlite = args: {
services.matrix-synapse.enable = true;
services.matrix-synapse.database_type = "sqlite3";
};
};
testScript = ''
startAll;
$server_postgres->waitForUnit("matrix-synapse.service");
$server_postgres->waitUntilSucceeds("curl -Lk https://localhost:8448/");
$server_postgres->requireActiveUnit("postgresql.service");
$server_sqlite->waitForUnit("matrix-synapse.service");
$server_sqlite->waitUntilSucceeds("curl -Lk https://localhost:8448/");
$server_sqlite->mustSucceed("[ -e /var/lib/matrix-synapse/homeserver.db ]");
'';
})

43
nixos/tests/networking.nix
Unescape View File

@ -433,6 +433,49 @@ let
$client2->succeed("ip addr show dev vlan >&2");
'';
};
virtual = {
name = "Virtual";
machine = {
networking.interfaces."tap0" = {
ip4 = [ { address = "192.168.1.1"; prefixLength = 24; } ];
ip6 = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ];
virtual = true;
};
networking.interfaces."tun0" = {
ip4 = [ { address = "192.168.1.2"; prefixLength = 24; } ];
ip6 = [ { address = "2001:1470:fffd:2097::"; prefixLength = 64; } ];
virtual = true;
};
};
testScript = ''
my $targetList = <<'END';
tap0: tap UNKNOWN_FLAGS:800 user 0
tun0: tun UNKNOWN_FLAGS:800 user 0
END
# Wait for networking to come up
$machine->start;
$machine->waitForUnit("network.target");
# Test interfaces set up
my $list = $machine->succeed("ip tuntap list | sort");
"$list" eq "$targetList" or die(
"The list of virtual interfaces does not match the expected one:\n",
"Result:\n", "$list\n",
"Expected:\n", "$targetList\n"
);
# Test interfaces clean up
$machine->succeed("systemctl stop network-addresses-tap0");
$machine->succeed("systemctl stop network-addresses-tun0");
my $residue = $machine->succeed("ip tuntap list");
$residue eq "" or die(
"Some virtual interface has not been properly cleaned:\n",
"$residue\n"
);
'';
};
};
in mapAttrs (const (attrs: makeTest (attrs // {

27
nixos/tests/predictable-interface-names.nix
Unescape View File

@ -0,0 +1,27 @@
{ system ? builtins.currentSystem
, pkgs ? import ../.. { inherit system; }
}:
with import ../lib/testing.nix { inherit system; };
let boolToString = x: if x then "yes" else "no"; in
let testWhenSetTo = predictable: withNetworkd:
makeTest {
name = "${if predictable then "" else "un"}predictableInterfaceNames${if withNetworkd then "-with-networkd" else ""}";
meta = {};
machine = { config, pkgs, ... }: {
networking.usePredictableInterfaceNames = pkgs.stdenv.lib.mkForce predictable;
networking.useNetworkd = withNetworkd;
networking.dhcpcd.enable = !withNetworkd;
};
testScript = ''
print $machine->succeed("ip link");
$machine->succeed("ip link show ${if predictable then "ens3" else "eth0"}");
$machine->fail("ip link show ${if predictable then "eth0" else "ens3"}");
'';
}; in
with pkgs.stdenv.lib.lists;
with pkgs.stdenv.lib.attrsets;
listToAttrs (map (drv: nameValuePair drv.name drv) (
crossLists testWhenSetTo [[true false] [true false]]
))

140
nixos/tests/rspamd.nix
Unescape View File

@ -0,0 +1,140 @@
{ system ? builtins.currentSystem }:
with import ../lib/testing.nix { inherit system; };
with pkgs.lib;
let
initMachine = ''
startAll
$machine->waitForUnit("rspamd.service");
$machine->succeed("id \"rspamd\" >/dev/null");
'';
checkSocket = socket: user: group: mode: ''
$machine->succeed("ls ${socket} >/dev/null");
$machine->succeed("[[ \"\$(stat -c %U ${socket})\" == \"${user}\" ]]");
$machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
$machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
'';
simple = name: socketActivation: enableIPv6: makeTest {
name = "rspamd-${name}";
machine = {
services.rspamd = {
enable = true;
socketActivation = socketActivation;
};
networking.enableIPv6 = enableIPv6;
};
testScript = ''
startAll
$machine->waitForUnit("multi-user.target");
$machine->waitForOpenPort(11334);
$machine->waitForUnit("rspamd.service");
$machine->succeed("id \"rspamd\" >/dev/null");
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
sleep 10;
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd.service"));
${if socketActivation then ''
$machine->log($machine->succeed("systemctl cat rspamd-controller-1.socket"));
$machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
'' else ''
$machine->fail("systemctl cat rspamd-controller-1.socket");
$machine->fail("systemctl cat rspamd-normal-1.socket");
''}
$machine->log($machine->succeed("curl http://localhost:11334/auth"));
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
${optionalString enableIPv6 ''
$machine->log($machine->succeed("curl http://[::1]:11334/auth"));
''}
'';
};
in
{
simple = simple "simple" false true;
ipv4only = simple "ipv4only" false false;
simple-socketActivated = simple "simple-socketActivated" true true;
ipv4only-socketActivated = simple "ipv4only-socketActivated" true false;
deprecated = makeTest {
name = "rspamd-deprecated";
machine = {
services.rspamd = {
enable = true;
bindSocket = [ "/run/rspamd.sock mode=0600 user=root group=root" ];
bindUISocket = [ "/run/rspamd-worker.sock mode=0666 user=root group=root" ];
};
};
testScript = ''
${initMachine}
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->fail("systemctl cat rspamd-normal-1.socket");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
'';
};
bindports = makeTest {
name = "rspamd-bindports";
machine = {
services.rspamd = {
enable = true;
socketActivation = false;
workers.normal.bindSockets = [{
socket = "/run/rspamd.sock";
mode = "0600";
owner = "root";
group = "root";
}];
workers.controller.bindSockets = [{
socket = "/run/rspamd-worker.sock";
mode = "0666";
owner = "root";
group = "root";
}];
};
};
testScript = ''
${initMachine}
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->fail("systemctl cat rspamd-normal-1.socket");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
'';
};
socketActivated = makeTest {
name = "rspamd-socketActivated";
machine = {
services.rspamd = {
enable = true;
workers.normal.bindSockets = [{
socket = "/run/rspamd.sock";
mode = "0600";
owner = "root";
group = "root";
}];
workers.controller.bindSockets = [{
socket = "/run/rspamd-worker.sock";
mode = "0666";
owner = "root";
group = "root";
}];
};
};
testScript = ''
startAll
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
'';
};
}

53
nixos/tests/rxe.nix
Unescape View File

@ -0,0 +1,53 @@
import ./make-test.nix ({ pkgs, ... } :
let
node = { config, pkgs, lib, ... } : {
networking = {
firewall = {
allowedUDPPorts = [ 4791 ]; # open RoCE port
allowedTCPPorts = [ 4800 ]; # port for test utils
};
rxe = {
enable = true;
interfaces = [ "eth1" ];
};
};
environment.systemPackages = with pkgs; [ rdma-core screen ];
};
in {
name = "rxe";
nodes = {
server = node;
client = node;
};
testScript = ''
# Test if rxe interface comes up
$server->waitForUnit("default.target");
$server->succeed("systemctl status rxe.service");
$server->succeed("ibv_devices | grep rxe0");
$client->waitForUnit("default.target");
# ping pong test
$server->succeed("screen -dmS rc_pingpong ibv_rc_pingpong -p 4800 -g0");
$client->succeed("sleep 2; ibv_rc_pingpong -p 4800 -g0 server");
$server->succeed("screen -dmS uc_pingpong ibv_uc_pingpong -p 4800 -g0");
$client->succeed("sleep 2; ibv_uc_pingpong -p 4800 -g0 server");
$server->succeed("screen -dmS ud_pingpong ibv_ud_pingpong -p 4800 -s 1024 -g0");
$client->succeed("sleep 2; ibv_ud_pingpong -p 4800 -s 1024 -g0 server");
$server->succeed("screen -dmS srq_pingpong ibv_srq_pingpong -p 4800 -g0");
$client->succeed("sleep 2; ibv_srq_pingpong -p 4800 -g0 server");
$server->succeed("screen -dmS rping rping -s -a server -C 10");
$client->succeed("sleep 2; rping -c -a server -C 10");
'';
})

25
nixos/tests/yabar.nix
Unescape View File

@ -0,0 +1,25 @@
import ./make-test.nix ({ pkgs, lib }:
with lib;
{
name = "yabar";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
nodes.yabar = {
imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "bob";
programs.yabar.enable = true;
};
testScript = ''
$yabar->start;
$yabar->waitForX;
$yabar->waitForUnit("yabar.service", "bob");
'';
})

4
pkgs/applications/altcoins/default.nix
Unescape View File

@ -26,6 +26,8 @@ rec {
dashpay = callPackage ./dashpay.nix { };
dero = callPackage ./dero.nix { };
dogecoin = callPackage ./dogecoin.nix { withGui = true; };
dogecoind = callPackage ./dogecoin.nix { withGui = false; };
@ -59,6 +61,8 @@ rec {
stellar-core = callPackage ./stellar-core.nix { };
sumokoin = callPackage ./sumokoin.nix { };
zcash = callPackage ./zcash {
withGui = false;
openssl = openssl_1_1_0;

27
pkgs/applications/altcoins/dero.nix
Unescape View File

@ -0,0 +1,27 @@
{ lib, stdenv, fetchFromGitHub, cmake, pkgconfig, unbound, openssl, boost
, libunwind, lmdb, miniupnpc, readline }:
stdenv.mkDerivation rec {
name = "dero-${version}";
version = "0.11.3";
src = fetchFromGitHub {
owner = "deroproject";
repo = "dero";
rev = "v${version}";
sha256 = "0cv4yg2lkmkdhlc3753gnbg1nzldk2kxwdyizwhvanq3ycqban4b";
};
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ boost miniupnpc openssl lmdb unbound readline ];
enableParallelBuilding = true;
meta = with lib; {
description = "Secure, private blockchain with smart contracts based on Monero";
homepage = "https://dero.io/";
license = licenses.bsd3;
maintainers = with maintainers; [ fpletz ];
platforms = platforms.linux;
};
}

35
pkgs/applications/altcoins/sumokoin.nix
Unescape View File

@ -0,0 +1,35 @@
{ lib, stdenv, fetchFromGitHub, cmake, unbound, openssl, boost
, libunwind, lmdb, miniupnpc }:
stdenv.mkDerivation rec {
name = "sumokoin-${version}";
version = "0.2.0.0";
src = fetchFromGitHub {
owner = "sumoprojects";
repo = "sumokoin";
rev = "v${version}";
sha256 = "0ndgcawhxh3qb3llrrilrwzhs36qpxv7f53rxgcansbff9b3za6n";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ unbound openssl boost libunwind lmdb miniupnpc ];
postPatch = ''
substituteInPlace src/blockchain_db/lmdb/db_lmdb.cpp --replace mdb_size_t size_t
'';
cmakeFlags = [
"-DLMDB_INCLUDE=${lmdb}/include"
];
enableParallelBuilding = true;
meta = with lib; {
description = "Sumokoin is a fork of Monero and a truely fungible cryptocurrency";
homepage = "https://www.sumokoin.org/";
license = licenses.bsd3;
maintainers = with maintainers; [ fpletz ];
platforms = platforms.linux;
};
}

37
pkgs/applications/audio/infamousPlugins/default.nix
Unescape View File

@ -0,0 +1,37 @@
{ stdenv, fetchFromGitHub, pkgconfig, cairomm, cmake, lv2, libpthreadstubs, libXdmcp, libXft, ntk, pcre, fftwFloat, zita-resampler }:
stdenv.mkDerivation rec {
name = "infamousPlugins-v${version}";
version = "0.2.04";
src = fetchFromGitHub {
owner = "ssj71";
repo = "infamousPlugins";
rev = "v${version}";
sha256 = "0hmqk80w4qxq09iag7b7srf2g0wigkyhzq0ywxvhz2iz0hq9k0dh";
};
nativeBuildInputs = [ pkgconfig cmake ];
buildInputs = [ cairomm lv2 libpthreadstubs libXdmcp libXft ntk pcre fftwFloat zita-resampler ];
meta = with stdenv.lib; {
homepage = https://ssj71.github.io/infamousPlugins;
description = "A collection of open-source LV2 plugins";
longDescription = ''
These are audio plugins in the LV2 format, developed for linux. Most are suitable for live use.
This collection contains:
* Cellular Automaton Synth - additive synthesizer, where 16 harmonics are added according to rules of elementary cellular automata
* Envelope Follower - a fully featured envelope follower plugin
* Hip2B - a distortion/destroyer plugin
* cheap distortion - another distortion plugin, but this one I wanted to get it as light as possible
* stuck - a clone of the electro-harmonix freeze
* power cut - this effect is commonly called tape stop
* power up - the opposite of the power cut
* ewham - a whammy style pitchshifter
* lushlife - a simulated double tracking plugin capable of everything from a thin beatle effect to thick lush choruses to weird outlandish effects
'';
license = licenses.gpl2;
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
};
}

4
pkgs/applications/audio/mopidy-iris/default.nix
Unescape View File

@ -2,12 +2,12 @@
pythonPackages.buildPythonApplication rec {
name = "mopidy-iris-${version}";
version = "3.11.0";
version = "3.12.4";
src = pythonPackages.fetchPypi {
inherit version;
pname = "Mopidy-Iris";
sha256 = "1a9pn35vv1b9v0s30ajjg7gjjvcfjwgfyp7z61m567nv6cr37vhq";
sha256 = "0k64rfnp5b4rybb396zzx12wnnca43a8l1s6s6dr6cflgk9aws87";
};
propagatedBuildInputs = [

2
pkgs/applications/audio/ncmpc/default.nix
Unescape View File

@ -15,6 +15,8 @@ stdenv.mkDerivation rec {
buildInputs = [ glib ncurses mpd_clientlib ];
nativeBuildInputs = [ meson ninja pkgconfig gettext ];
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl";
meta = with stdenv.lib; {
description = "Curses-based interface for MPD (music player daemon)";
homepage = https://www.musicpd.org/clients/ncmpc/;

6
pkgs/applications/audio/normalize/default.nix
Unescape View File

@ -1,14 +1,16 @@
{ stdenv, fetchurl }:
{ stdenv, fetchurl, libmad }:
stdenv.mkDerivation rec {
name = "normalize-${version}";
version = "0.7.7";
src = fetchurl {
url = "mirror://savannah/normalize/normalize-0.7.7.tar.gz";
url = "mirror://savannah/normalize/${name}.tar.gz";
sha256 = "1n5khss10vjjp6w69q9qcl4kqfkd0pr555lgqghrchn6rjms4mb0";
};
buildInputs = [ libmad ];
meta = with stdenv.lib; {
homepage = http://normalize.nongnu.org/;
description = "Audio file normalizer";

4
pkgs/applications/audio/qmmp/default.nix
Unescape View File

@ -29,11 +29,11 @@
# handle that.
stdenv.mkDerivation rec {
name = "qmmp-1.1.10";
name = "qmmp-1.2.0";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "16hb3s48filq0q18m7x9vmhpirk4fh0aqj8kwbapv8mkcnzq2mqy";
sha256 = "17kci7srgbkk62dgxlmg3lv2y7z04jsinpgx6jmxjpnpblpcj840";
};
buildInputs =

4
pkgs/applications/audio/spotify/default.nix
Unescape View File

@ -9,7 +9,7 @@ let
# Latest version number can be found at:
# http://repository-origin.spotify.com/pool/non-free/s/spotify-client/
# Be careful not to pick the testing version.
version = "1.0.69.336.g7edcc575-39";
version = "1.0.70.399.g5ffabd56-26";
deps = [
alsaLib
@ -54,7 +54,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb";
sha256 = "0bh2q7g478g7wj661fypxcbhrbq87zingfyigg7rz1shgsgwc3gd";
sha256 = "0kpakz11xkyqqjvln4jkhc3z5my8zgpw8m6jx954cjdbc6vkxd29";
};
buildInputs = [ dpkg makeWrapper ];

6
pkgs/applications/editors/android-studio/default.nix
Unescape View File

@ -27,9 +27,9 @@ in rec {
preview = mkStudio {
pname = "android-studio-preview";
version = "3.1.0.8"; # "Android Studio 3.1 Canary 9"
build = "173.4559767";
sha256Hash = "0wy3bqd4wvvcwlqcv06mwlqgc119pjpc102ix3yacqvki9qyi1r0";
version = "3.1.0.10"; # "Android Studio 3.1 Beta 2"
build = "173.4580418";
sha256Hash = "0s56vbyq6b1q75ss6pqvhzwqzb6xbp6841f3y5cwhrch2xalxjkc";
meta = stable.meta // {
description = "The Official IDE for Android (preview version)";

12
pkgs/applications/editors/emacs-modes/elpa-generated.nix
Unescape View File

@ -768,10 +768,10 @@
el-search = callPackage ({ cl-print, elpaBuild, emacs, fetchurl, lib, stream }:
elpaBuild {
pname = "el-search";
version = "1.5.3";
version = "1.5.4";
src = fetchurl {
url = "https://elpa.gnu.org/packages/el-search-1.5.3.tar";
sha256 = "095gpanpf88j65cbf4r6c787qxi07kqpvdsh0dsdpg9m3ivmxbra";
url = "https://elpa.gnu.org/packages/el-search-1.5.4.tar";
sha256 = "1k0makrk3p6hknpnr3kbiszqzw3rpw18gnx2m8scr9vv0wif4qmk";
};
packageRequires = [ cl-print emacs stream ];
meta = {
@ -1637,10 +1637,10 @@
}) {};
paced = callPackage ({ async, elpaBuild, emacs, fetchurl, lib }: elpaBuild {
pname = "paced";
version = "1.0.1";
version = "1.1.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/paced-1.0.1.tar";
sha256 = "1y2sl3iqz2vjgkbc859sm3h9jhnrgla9ynazy9d5rql0nsb6sn8p";
url = "https://elpa.gnu.org/packages/paced-1.1.2.tar";
sha256 = "1hxbzlzmlndj2gs9n741whi7rj6vbcnxdn89lg2l0997pqmsx58y";
};
packageRequires = [ async emacs ];
meta = {

1656
pkgs/applications/editors/emacs-modes/melpa-generated.nix
View File

File diff suppressed because it is too large Load Diff

376
pkgs/applications/editors/emacs-modes/melpa-stable-generated.nix
Unescape View File

@ -611,12 +611,12 @@
ac-rtags = callPackage ({ auto-complete, fetchFromGitHub, fetchurl, lib, melpaBuild, rtags }:
melpaBuild {
pname = "ac-rtags";
version = "2.16";
version = "2.18";
src = fetchFromGitHub {
owner = "Andersbakken";
repo = "rtags";
rev = "8ef7554852541eced514c56d5e39d6073f7a2ef9";
sha256 = "0hh9m0ykw3r9h4gv4a99px00py1h5hs86043mp1m0nmkjibf6w56";
rev = "98d668e85cf9ae84e775742752c5656dd2df2f17";
sha256 = "0raqjbkl1ykga4ahgl9xw49cgh3cyqcf42z36z7d6fz1fw192kg0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3dea16daf0d72188c8b4043534f0833fe9b04e07/recipes/ac-rtags";
@ -3775,12 +3775,12 @@
caml = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "caml";
version = "4.6.1pre1";
version = "4.6.1pre2";
src = fetchFromGitHub {
owner = "ocaml";
repo = "ocaml";
rev = "b50ba2e822ff3a780f9b5a323d48e40881a88fc7";
sha256 = "10im6z3nrkn0yh8004jwk68gjl0lz7qq3dpj24q50nhhqabw9ah5";
rev = "b057bd0758f63f41fd8853ee025c58368e33ed21";
sha256 = "1s066clvar4ws0mingh68jrj87dak52grs8mnd2ibcf1kf21w08q";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d5a3263cdcc229b11a3e96edbf632d56f32c47aa/recipes/caml";
@ -3838,12 +3838,12 @@
cask = callPackage ({ cl-lib ? null, dash, epl, f, fetchFromGitHub, fetchurl, lib, melpaBuild, package-build, s, shut-up }:
melpaBuild {
pname = "cask";
version = "0.8.1";
version = "0.8.2";
src = fetchFromGitHub {
owner = "cask";
repo = "cask";
rev = "58f641960bcb152b33fcd27d41111291702e2da6";
sha256 = "1sl094adnchjvf189c3l1njawrj5ww1sv5vvjr9hb1ng2rw20z7b";
rev = "afdd191b97e76c8393f656336699419a2b39ca1a";
sha256 = "10qiapg6kp890q8n2pamvnnpxwcgcldw20mp23pmwzh9nsvqrpbs";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/b86c666ee9b0620390a250dddd42b17cbec2409f/recipes/cask";
@ -5555,12 +5555,12 @@
company-rtags = callPackage ({ company, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, rtags }:
melpaBuild {
pname = "company-rtags";
version = "2.16";
version = "2.18";
src = fetchFromGitHub {
owner = "Andersbakken";
repo = "rtags";
rev = "8ef7554852541eced514c56d5e39d6073f7a2ef9";
sha256 = "0hh9m0ykw3r9h4gv4a99px00py1h5hs86043mp1m0nmkjibf6w56";
rev = "98d668e85cf9ae84e775742752c5656dd2df2f17";
sha256 = "0raqjbkl1ykga4ahgl9xw49cgh3cyqcf42z36z7d6fz1fw192kg0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3dea16daf0d72188c8b4043534f0833fe9b04e07/recipes/company-rtags";
@ -6854,22 +6854,22 @@
license = lib.licenses.free;
};
}) {};
datetime = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
datetime = callPackage ({ emacs, extmap, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "datetime";
version = "0.3.2";
version = "0.4";
src = fetchFromGitHub {
owner = "doublep";
repo = "datetime";
rev = "d99e56785d750d6c7e416955f047fe057fae54a6";
sha256 = "0s2pmj2wpprmdx1mppbch8i1srwhfl2pzyhsmczan75wmiblpqfj";
rev = "2a92d80cdc7febf620cd184cf1204a68985d0e8b";
sha256 = "0lzdgnmvkvap5j8hvn6pidfnc2ax317sj5r6b2nahllhh53mlr4j";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/fff9f0748b0ef76130b24e85ed109325256f956e/recipes/datetime";
sha256 = "0mnkckibymc5dswmzd1glggna2fspk06ld71m7aaz6j78nfrm850";
url = "https://raw.githubusercontent.com/milkypostman/melpa/91ef4352603cc69930ab3d63f0a90eee63f5f328/recipes/datetime";
sha256 = "0c000fnqg936dhjw5qij4lydzllw1x1jgnyy960zh6r61pk062xj";
name = "datetime";
};
packageRequires = [ emacs ];
packageRequires = [ emacs extmap ];
meta = {
homepage = "https://melpa.org/#/datetime";
license = lib.licenses.free;
@ -7935,12 +7935,12 @@
dotenv-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "dotenv-mode";
version = "0.2.1";
version = "0.2.3";
src = fetchFromGitHub {
owner = "preetpalS";
repo = "emacs-dotenv-mode";
rev = "8d45b98beb04f486eb13d71765589e7dccb8ffa9";
sha256 = "00hm097m1jn3pb6k3r2jhkhn1zaf6skcwv1v4dxlvdx8by1md49q";
rev = "574bf1e3dfa79aa836c67759d9eec904a6878c77";
sha256 = "0rx0f9vs68lbrjmzsajcxxhv6dm3wjiil12xzqg924d7fx3b1w52";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/9fc022c54b90933e70dcedb6a85167c2d9d7ba79/recipes/dotenv-mode";
@ -8103,12 +8103,12 @@
dtrt-indent = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "dtrt-indent";
version = "0.3";
version = "0.4";
src = fetchFromGitHub {
owner = "jscheid";
repo = "dtrt-indent";
rev = "69d0c5e143453708dbf0ebec4e368bc26fff683c";
sha256 = "154m53hhzjawmrg2vlqjcg9npgq1igw9f0fz6gh7vscmbxl5dnjq";
rev = "1cca0834800e8f775a558e84fc6d4fdcb6a235d0";
sha256 = "0vq1qz12kbphl9hfsnq1v2yzsy0p6v6wi4h9b3a0iwvbya4f110l";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/61bcbcfa6c0f38a1d87f5b6913b8be6c50ef2994/recipes/dtrt-indent";
@ -8354,12 +8354,12 @@
eacl = callPackage ({ emacs, fetchFromGitHub, fetchurl, ivy, lib, melpaBuild }:
melpaBuild {
pname = "eacl";
version = "1.0.3";
version = "1.1.1";
src = fetchFromGitHub {
owner = "redguardtoo";
repo = "eacl";
rev = "ef58d13fbff4b5c49f934cfb9e3fd6ee219ef4b2";
sha256 = "0xxxzdr6iddxwx8z4lfay4n9r1ry8571lj2gadz5ycff6f6bxmhb";
rev = "ec601f3a8da331dd0a9e7a93d40ae3925bd06700";
sha256 = "1kgayh2q97rxzds5ba1zc9ah08kbah9lqbwhmb7pxxgvgx9yfagg";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/8223bec7eed97f0bad300af9caa4c8207322d39a/recipes/eacl";
@ -9160,12 +9160,12 @@
elbank = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, seq }:
melpaBuild {
pname = "elbank";
version = "1.0";
version = "1.1";
src = fetchFromGitHub {
owner = "NicolasPetton";
repo = "Elbank";
rev = "e4b532373a32889b8ab3389bd3e726dff5dd0bcf";
sha256 = "0kqiwa5gr8q0rhr598v9p7dx88i3359j49j04crqwnc5y107s1xk";
rev = "245cbc218e94793909ecede2e0d360c7d86f3122";
sha256 = "1qcxh8v5dj2wcxxs3qcdny00p906nj33wsxyswwa4jbhh2vfxz12";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/05d252ee84adae2adc88fd325540f76b6cdaf010/recipes/elbank";
@ -9286,12 +9286,12 @@
elfeed-protocol = callPackage ({ cl-lib ? null, elfeed, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "elfeed-protocol";
version = "0.5.1";
version = "0.5.2";
src = fetchFromGitHub {
owner = "fasheng";
repo = "elfeed-protocol";
rev = "97049eb980ce1cc2b871e4c7819133f1e4936a83";
sha256 = "1d2i3jg5a2wd7mb4xfdy3wbx12yigqq4ykj3zbcamvx59siip591";
rev = "e809a0f1c5b9713ec8d1932fa6412c57bc10150b";
sha256 = "0ly7g9a85r5vm8fr45km43vdl9jbzdqyiy9a7d95wx63p6aip7vs";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3f1eef8add7cd2cfefe6fad6d8e69d65696e9677/recipes/elfeed-protocol";
@ -10256,12 +10256,12 @@
epl = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "epl";
version = "0.8";
version = "0.9";
src = fetchFromGitHub {
owner = "cask";
repo = "epl";
rev = "a76ec344a7fee3ca7e7dfb98b86ebc3b8c1a3837";
sha256 = "0sjxd5y5hxhrbgfkpwx6m724r3841b53hgc61a0g5zwispw5pmrr";
rev = "fd906d3f92d58ecf24169055744409886ceb06ce";
sha256 = "0d3z5z90ln8ipk1yds1n1p8fj9yyh2kpspqjs7agl38indra3nb4";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/9c6cf24e86d8865bd2e4b405466118de1894851f/recipes/epl";
@ -12035,6 +12035,27 @@
license = lib.licenses.free;
};
}) {};
extmap = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "extmap";
version = "1.0";
src = fetchFromGitHub {
owner = "doublep";
repo = "extmap";
rev = "3860b69fb19c962425d4e271ee0a24547b67d323";
sha256 = "1vjwinb7m9l2bw324v4m1g4mc9yqjs84bfjci93m0a1ih8n4zdbr";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/91ef4352603cc69930ab3d63f0a90eee63f5f328/recipes/extmap";
sha256 = "0c12gfd3480y4fc22ik02n7h85k6s70i5jv5i872h0yi68cgd01j";
name = "extmap";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/extmap";
license = lib.licenses.free;
};
}) {};
exwm-x = callPackage ({ bind-key, cl-lib ? null, exwm, fetchFromGitHub, fetchurl, lib, melpaBuild, swiper, switch-window }:
melpaBuild {
pname = "exwm-x";
@ -12119,6 +12140,27 @@
license = lib.licenses.free;
};
}) {};
f3 = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, helm, lib, melpaBuild }:
melpaBuild {
pname = "f3";
version = "0.1";
src = fetchFromGitHub {
owner = "cosmicexplorer";
repo = "f3";
rev = "19120dda2d760d3dd6c6aa620121d1de0a40932d";
sha256 = "1qg48zbjdjqimw4516ymrsilz41zkib9321q0caf9474s9xyp2bi";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/5b40de62a82d6895a37ff795d56f7d0f783461e6/recipes/f3";
sha256 = "099wibgp9k6sgglaqigic5ay6qg7aqijnis5crwjl7b81ddqp610";
name = "f3";
};
packageRequires = [ cl-lib emacs helm ];
meta = {
homepage = "https://melpa.org/#/f3";
license = lib.licenses.free;
};
}) {};
fabric = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "fabric";
@ -12248,16 +12290,16 @@
faust-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "faust-mode";
version = "0.4";
version = "0.6";
src = fetchFromGitHub {
owner = "magnetophon";
owner = "rukano";
repo = "emacs-faust-mode";
rev = "85f67bc4daabe6fd8dc6f5195c470716b543faa1";
sha256 = "0rmq6ca75x47hk2bpsk1j2ja62kpplgyanpiqq4hk6q259rd4lyv";
rev = "7c31b22bdbfd2f8c16ec117d2975d56dd61ac15c";
sha256 = "0a3p69ay88da13cz2cqx00r3qs2swnn7vkcvchcqyrdybfjs7y4z";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/31f4177ce35313e0f40e9ef0e5a1043ecd181573/recipes/faust-mode";
sha256 = "1lfn4q1wcc3vzazv2yzcnpvnmq6bqcczq8lpkz7w8yj8i5kpjvsc";
url = "https://raw.githubusercontent.com/milkypostman/melpa/b362e7daeabd07c726ad9770d7d4941dfffd5b19/recipes/faust-mode";
sha256 = "0l8cbf5i6lv6i5vyqp6ngfmrm2y6z2070b8m10w4376kbbnr266z";
name = "faust-mode";
};
packageRequires = [];
@ -13346,12 +13388,12 @@
flycheck-rtags = callPackage ({ emacs, fetchFromGitHub, fetchurl, flycheck, lib, melpaBuild, rtags }:
melpaBuild {
pname = "flycheck-rtags";
version = "2.16";
version = "2.18";
src = fetchFromGitHub {
owner = "Andersbakken";
repo = "rtags";
rev = "8ef7554852541eced514c56d5e39d6073f7a2ef9";
sha256 = "0hh9m0ykw3r9h4gv4a99px00py1h5hs86043mp1m0nmkjibf6w56";
rev = "98d668e85cf9ae84e775742752c5656dd2df2f17";
sha256 = "0raqjbkl1ykga4ahgl9xw49cgh3cyqcf42z36z7d6fz1fw192kg0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3dea16daf0d72188c8b4043534f0833fe9b04e07/recipes/flycheck-rtags";
@ -14228,12 +14270,12 @@
fountain-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "fountain-mode";
version = "2.4.1";
version = "2.4.2";
src = fetchFromGitHub {
owner = "rnkn";
repo = "fountain-mode";
rev = "f1dc9dff6779c0ce6ab0a1c0ae349df1194a314f";
sha256 = "0j1s6qws773aq3si7pnc1xmlrh9x3v3sfdni6pnlsirv2sc7c4g9";
rev = "e2878da13e7b87a824ebd6c842e9f552369b220c";
sha256 = "091c8scwdxfrg710d1rkqad6l2y8hiw8f5jg4ayvrjm7d0s29hsa";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/913386ac8d5049d37154da3ab32bde408a226511/recipes/fountain-mode";
@ -14446,12 +14488,12 @@
futhark-mode = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "futhark-mode";
version = "0.2.0";
version = "0.3.0";
src = fetchFromGitHub {
owner = "HIPERFIT";
repo = "futhark";
rev = "e574976f5d8df1089672549a913a86c4039ab2cb";
sha256 = "0p32sxswyjj22pg25i509d9a4j8k7c6xkbv55pd8jvjfxc2hdy3p";
rev = "81b858a79b29622a1db732f97225cad705c4acf5";
sha256 = "04zxal7j58whcy384sscwc7npcqdjlq01jjjn0i35pf2v7r045xy";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/0607f01aad7e77d53595ad8db95d32acfd29b148/recipes/futhark-mode";
@ -14509,12 +14551,12 @@
fwb-cmds = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "fwb-cmds";
version = "1.0.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = "tarsius";
repo = "fwb-cmds";
rev = "57973f99cf4a185b5cccbf941478fad25e8428c3";
sha256 = "1c7h043lz10mw1hdsx9viksy6q79jipz2mm18y1inlbqhmg33n2b";
rev = "7d4abf8aa13b2235e4e2f0bb9049ebd6b491f710";
sha256 = "10xjs8gm9l3riffxip1ffg8xhcf8srffh01yn6ifyln5f70b063d";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/fe40cdeb5e19628937820181479897acdad40200/recipes/fwb-cmds";
@ -14947,6 +14989,27 @@
license = lib.licenses.free;
};
}) {};
git-attr = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "git-attr";
version = "0.0.3";
src = fetchFromGitHub {
owner = "arnested";
repo = "emacs-git-attr";
rev = "c03078637a00ea301cbcc7ae301ae928b10af889";
sha256 = "05wzy8g0yjkks0zmcvwn9dmr6kxk1bz91xic3c08b0j1z5lbsdv7";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3417e4bc586df60b5e6239b1f7683b87953f5b7c/recipes/git-attr";
sha256 = "084l3zdcgy1ka2wq1fz9d6ryhg38gxvr52njlv43gwibzvbqniyi";
name = "git-attr";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/git-attr";
license = lib.licenses.free;
};
}) {};
git-auto-commit-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "git-auto-commit-mode";
@ -15199,22 +15262,22 @@
license = lib.licenses.free;
};
}) {};
git-timemachine = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
git-timemachine = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "git-timemachine";
version = "3.0";
version = "4.4";
src = fetchFromGitHub {
owner = "pidu";
repo = "git-timemachine";
rev = "7c66a878ee89861dcd59b5dfc598520daa156052";
sha256 = "1brz9dc7ngywndlxbqbi3pbjbjydgqc9bjzf05lgx0pzr1ppc3w3";
rev = "020d02cd77df6bf6f0efd4d4c597aad2083b6302";
sha256 = "1g7gxa2snh8ya8r3wim834qszhcmpp154gnvqkc3b1gw8x7jdrql";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/41e95e41fc429b688f0852f58ec6ce80303b68ce/recipes/git-timemachine";
sha256 = "0nhl3g31r4a8j7rp5kbh17ixi16w32h80bc92vvjj3dlmk996nzq";
name = "git-timemachine";
};
packageRequires = [];
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/git-timemachine";
license = lib.licenses.free;
@ -16252,12 +16315,12 @@
grab-x-link = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "grab-x-link";
version = "0.4.1";
version = "0.5";
src = fetchFromGitHub {
owner = "xuchunyang";
repo = "grab-x-link";
rev = "d2ef886097f59e1facc5cb5d8cd1c77bf340be76";
sha256 = "1iny8ga9xb7pfd59l4ljlj6zvvxzr7bv468sibkhlaqvjljn2xq1";
rev = "d19f0c0da0ddc55005a4c1cdc2b8c5de8bea1e8c";
sha256 = "1l9jg2w8ym169b5dhg3k5vksbmicg4n1a55x7ddjysf8n887cpid";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/64d4d4e6f9d6a3ea670757f248afd355baf1d933/recipes/grab-x-link";
@ -18486,12 +18549,12 @@
helm-rtags = callPackage ({ fetchFromGitHub, fetchurl, helm, lib, melpaBuild, rtags }:
melpaBuild {
pname = "helm-rtags";
version = "2.16";
version = "2.18";
src = fetchFromGitHub {
owner = "Andersbakken";
repo = "rtags";
rev = "8ef7554852541eced514c56d5e39d6073f7a2ef9";
sha256 = "0hh9m0ykw3r9h4gv4a99px00py1h5hs86043mp1m0nmkjibf6w56";
rev = "98d668e85cf9ae84e775742752c5656dd2df2f17";
sha256 = "0raqjbkl1ykga4ahgl9xw49cgh3cyqcf42z36z7d6fz1fw192kg0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3dea16daf0d72188c8b4043534f0833fe9b04e07/recipes/helm-rtags";
@ -18612,12 +18675,12 @@
helm-system-packages = callPackage ({ emacs, fetchFromGitHub, fetchurl, helm, lib, melpaBuild, seq }:
melpaBuild {
pname = "helm-system-packages";
version = "1.7.0";
version = "1.8.0";
src = fetchFromGitHub {
owner = "emacs-helm";
repo = "helm-system-packages";
rev = "22ff951b092a3fbde8eadf284a24e86bb4694f6a";
sha256 = "0argxi8dppgyfljwn654a7183lva74wnnwzkk3xlrvgngmir56kp";
rev = "beb7e488454402a122b9dec9a019ea190b9b7dc3";
sha256 = "0wclsv69v84d7bknnlralham94s7iqal7aczsvfxgj97hpwgywfz";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/0c46cfb0fcda0500e15d04106150a072a1a75ccc/recipes/helm-system-packages";
@ -19536,12 +19599,12 @@
ialign = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "ialign";
version = "0.4.0";
version = "0.4.1";
src = fetchFromGitHub {
owner = "mkcms";
repo = "interactive-align";
rev = "1d00ab870d06b946d94e5e6d340b85a3e51fbfb1";
sha256 = "191w5di4f0in49h60xmc5d6xaisbkv8y9f9bxzc3162c4b982qfr";
rev = "523df320197b587abd8c0ec4e9fbc763aeab1cf6";
sha256 = "04jak5j4yywl7fn5sggc125yh6cy0livf55194mfxs2kmbs5wm0h";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/072f1f7ce17e2972863bce10af9c52b3c6502eab/recipes/ialign";
@ -20394,6 +20457,27 @@
license = lib.licenses.free;
};
}) {};
info-colors = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "info-colors";
version = "0.2";
src = fetchFromGitHub {
owner = "ubolonton";
repo = "info-colors";
rev = "13dd9b6a7288e6bb692b210bcb9cd72016658dae";
sha256 = "1h2q19574sc1lrxm9k78668pwcg3z17bnbgykmah01zlmbs264sx";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d671ae8dc27439eea427e1848fc11c96ec5aee64/recipes/info-colors";
sha256 = "1mbabrfdy9xn7lpqivqm8prp83qmdv5r0acijwvxqd3a52aadc2x";
name = "info-colors";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/info-colors";
license = lib.licenses.free;
};
}) {};
inherit-local = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "inherit-local";
@ -20942,12 +21026,12 @@
ivy-rtags = callPackage ({ fetchFromGitHub, fetchurl, ivy, lib, melpaBuild, rtags }:
melpaBuild {
pname = "ivy-rtags";
version = "2.16";
version = "2.18";
src = fetchFromGitHub {
owner = "Andersbakken";
repo = "rtags";
rev = "8ef7554852541eced514c56d5e39d6073f7a2ef9";
sha256 = "0hh9m0ykw3r9h4gv4a99px00py1h5hs86043mp1m0nmkjibf6w56";
rev = "98d668e85cf9ae84e775742752c5656dd2df2f17";
sha256 = "0raqjbkl1ykga4ahgl9xw49cgh3cyqcf42z36z7d6fz1fw192kg0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3dea16daf0d72188c8b4043534f0833fe9b04e07/recipes/ivy-rtags";
@ -21759,12 +21843,12 @@
kaolin-themes = callPackage ({ autothemer, cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "kaolin-themes";
version = "1.2.1";
version = "1.3.0";
src = fetchFromGitHub {
owner = "ogdenwebb";
repo = "emacs-kaolin-themes";
rev = "56bafd9b1b022ebfd98cad022792957164ec56fb";
sha256 = "02nmrdc2ldvfzyn3s9qrvq61nl93krc1vyr4ad1vkmbyqrwszyvd";
rev = "d730208cff185ee86a81f8a5a6feadfea78ab9cc";
sha256 = "0xfb8zi6jvwdivklc3lk5dzf8nnx05pm4fip44s4al6ajns8hgya";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/043a4e3bd5301ef8f4df2cbda0b3f4111eb399e4/recipes/kaolin-themes";
@ -22323,6 +22407,27 @@
license = lib.licenses.free;
};
}) {};
lcr = callPackage ({ dash, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "lcr";
version = "0.9";
src = fetchFromGitHub {
owner = "jyp";
repo = "lcr";
rev = "3bc341205bba437c8fec4fefefaf39793c0405ae";
sha256 = "0jvdnb3fn33wq7ixb7ayrallq1j5gc9nh3i3nmy03yg11h60h1am";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/29374d3da932675b7b3e28ab8906690dad9c9cbe/recipes/lcr";
sha256 = "07syirjlrw8g95zk273953mnmg9x4bv8jpyvvzghhin4saiiiw3k";
name = "lcr";
};
packageRequires = [ dash emacs ];
meta = {
homepage = "https://melpa.org/#/lcr";
license = lib.licenses.free;
};
}) {};
leanote = callPackage ({ async, cl-lib ? null, emacs, fetchFromGitHub, fetchurl, let-alist, lib, melpaBuild, pcache, request, s }:
melpaBuild {
pname = "leanote";
@ -22753,12 +22858,12 @@
live-py-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "live-py-mode";
version = "2.21.0";
version = "2.21.1";
src = fetchFromGitHub {
owner = "donkirkby";
repo = "live-py-plugin";
rev = "465c3f807c3ccd9af0af7032aec40c039d950ac0";
sha256 = "1idn0bjxw5sgjb7p958fdxn8mg2rs8yjqsz8k56r9jjzr7z9jdfx";
rev = "e0a5627e6591e1cbb9f93aabc44adbdc50b346c9";
sha256 = "0dhm7gdd1smlibj5jmzps97kwkpzcigbdp0l26baa2mkc6155y66";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c7615237e80b46b5c50cb51a3ed5b07d92566fb7/recipes/live-py-mode";
@ -23138,8 +23243,8 @@
sha256 = "1zvib46hn2c0g2zdnf4vcwjrs9dj5sb81hpqm7bqm8f97p9dv6ym";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/0263ca6aea7bf6eae26a637454affbda6bd106df/recipes/magit";
sha256 = "03cmja9rcqc9250bsp1wwv94683mrcbnz1gjn8y7v62jlfi5qws5";
url = "https://raw.githubusercontent.com/milkypostman/melpa/b0a9a6277974a7a38c0c46d9921b54747a85501a/recipes/magit";
sha256 = "1wbqz2s1ips0kbhy6jv0mm4vh110m5r65rx0ik11dsqv1fv3hwga";
name = "magit";
};
packageRequires = [
@ -23242,12 +23347,12 @@
magit-gh-pulls = callPackage ({ emacs, fetchFromGitHub, fetchurl, gh, lib, magit, melpaBuild, pcache, s }:
melpaBuild {
pname = "magit-gh-pulls";
version = "0.5.2";
version = "0.5.3";
src = fetchFromGitHub {
owner = "sigma";
repo = "magit-gh-pulls";
rev = "e4a73781e3c1c7e4a09232b25e3474463cdf77b6";
sha256 = "19iqa2kzarpa75xy34hqvpy1y7dzx84pj540wwkj04dnpb4fwj2z";
rev = "d526f4c9ee1709c79f8a4630699ce1f25ae054e7";
sha256 = "11fd3c7wnqy08khj6za8spbsm3k1rqqih21lbax2iwvxl8jv4dv0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/9b54fe4f51820c2f707e1f5d8a1128fff19a319c/recipes/magit-gh-pulls";
@ -28019,12 +28124,12 @@
ox-epub = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, org }:
melpaBuild {
pname = "ox-epub";
version = "0.2.4";
version = "0.3";
src = fetchFromGitHub {
owner = "ofosos";
repo = "ox-epub";
rev = "4b4585264a28152f2eda0f7e5ceed132f9d23e16";
sha256 = "1k3lv4qqkp87piwlwl3gahac1zpjzv397f65g4khbpby2kgg8dpi";
rev = "3d958203e169cbfb2204c43cb4c5543befec0b9d";
sha256 = "057sqmvm8hwkhcg3yd4i8zz2xlqsqrpyiklyiw750s3i5mxdn0k7";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c3ac31dfef00e83fa6b716ea006f35afb5dc6cd5/recipes/ox-epub";
@ -28331,6 +28436,27 @@
license = lib.licenses.free;
};
}) {};
panda-theme = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "panda-theme";
version = "0.1";
src = fetchFromGitHub {
owner = "jamiecollinson";
repo = "emacs-panda-theme";
rev = "ae24179e7a8a9667b169f00dbd891257530c1d22";
sha256 = "05vv4idl9h59jd089hpd09xcy1ix30bq0c4fif2b66170aychvii";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/a90ca1275ceab8e1ea4fdfa9049fbd24a5fd0bf5/recipes/panda-theme";
sha256 = "1q3zp331hz8l54p8ym9jrs4f36aj15r8aka6bqqnalnk237xqxl7";
name = "panda-theme";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/panda-theme";
license = lib.licenses.free;
};
}) {};
pandoc = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "pandoc";
@ -30811,6 +30937,27 @@
license = lib.licenses.free;
};
}) {};
pynt = callPackage ({ deferred, ein, emacs, epc, fetchFromGitHub, fetchurl, helm, lib, melpaBuild }:
melpaBuild {
pname = "pynt";
version = "1.0.0";
src = fetchFromGitHub {
owner = "ebanner";
repo = "pynt";
rev = "bc750cd244141005ea3b7bb87f75c6f6c5a5778f";
sha256 = "0mj8lkc40iv8d6afl4dba7gsbi0mgnx9ivanvczq6pxp5d4kgfsn";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/fdb297084188a957a46dcd036e65d9d893044bea/recipes/pynt";
sha256 = "07c0zc68r3pskn3bac3a8x5nrsykl90a1h22865g3i5vil76vvg3";
name = "pynt";
};
packageRequires = [ deferred ein emacs epc helm ];
meta = {
homepage = "https://melpa.org/#/pynt";
license = lib.licenses.free;
};
}) {};
python-environment = callPackage ({ deferred, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "python-environment";
@ -32206,12 +32353,12 @@
rtags = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "rtags";
version = "2.16";
version = "2.18";
src = fetchFromGitHub {
owner = "Andersbakken";
repo = "rtags";
rev = "8ef7554852541eced514c56d5e39d6073f7a2ef9";
sha256 = "0hh9m0ykw3r9h4gv4a99px00py1h5hs86043mp1m0nmkjibf6w56";
rev = "98d668e85cf9ae84e775742752c5656dd2df2f17";
sha256 = "0raqjbkl1ykga4ahgl9xw49cgh3cyqcf42z36z7d6fz1fw192kg0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3dea16daf0d72188c8b4043534f0833fe9b04e07/recipes/rtags";
@ -35248,12 +35395,12 @@
swiper-helm = callPackage ({ emacs, fetchFromGitHub, fetchurl, helm, lib, melpaBuild, swiper }:
melpaBuild {
pname = "swiper-helm";
version = "0.1.0";
version = "0.2.0";
src = fetchFromGitHub {
owner = "abo-abo";
repo = "swiper-helm";
rev = "f3d6dba865629eed8fb14f92dab1fad50734891b";
sha256 = "1y2dbd3ikdpjvi8xz10jkrx2773h7cgr6jxm5b2bldm81lvi8x64";
rev = "93fb6db87bc6a5967898b5fd3286954cc72a0008";
sha256 = "05n4h20lfyg1kis5rig72ajbz680ml5fmsy6l1w4g9jx2xybpll2";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/674c709490e13267e09417e08953ff76bfbaddb7/recipes/swiper-helm";
@ -36192,12 +36339,12 @@
tide = callPackage ({ cl-lib ? null, dash, fetchFromGitHub, fetchurl, flycheck, lib, melpaBuild, s, typescript-mode }:
melpaBuild {
pname = "tide";
version = "2.6.2";
version = "2.7.1";
src = fetchFromGitHub {
owner = "ananthakumaran";
repo = "tide";
rev = "1ee2e6e5f6e22b180af08264e5654b26599f96fe";
sha256 = "0gd149vlf3297lm595xw3hc9jd45wisbrpbr505qhkffrj60q1lq";
rev = "6ca5319cdd581d323944584242a1ba45a115ee3d";
sha256 = "1jcnzx8g742pfh9nv3gcsxdj31kfpjzl202by30pzg2xz54i48gb";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/a21e063011ebbb03ac70bdcf0a379f9e383bdfab/recipes/tide";
@ -36380,12 +36527,12 @@
transmission = callPackage ({ emacs, fetchFromGitHub, fetchurl, let-alist, lib, melpaBuild }:
melpaBuild {
pname = "transmission";
version = "0.12";
version = "0.12.1";
src = fetchFromGitHub {
owner = "holomorph";
repo = "transmission";
rev = "0de5a5fa2438890ae9c2ca61999042ab175df3e9";
sha256 = "1wqlbbm71s1hvglsdp1qs7nvj6gnkjkai4rr8hhp1lliiyd5vmia";
rev = "03a36853f141387654b7cb9217c7417db096a083";
sha256 = "0kvg2gawsgy440x1fsl2c4pkxwp3zirq9rzixanklk0ryijhd3ry";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/9ed7e414687c0bd82b140a1bd8044084d094d18f/recipes/transmission";
@ -37118,6 +37265,27 @@
license = lib.licenses.free;
};
}) {};
usql = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "usql";
version = "0.0.1";
src = fetchFromGitHub {
owner = "nickbarnwell";
repo = "usql.el";
rev = "4cd8f4cf5c2e75485343321f02d621915aef10e8";
sha256 = "0cw25g8jvfjpzq3sabc3zbp0qynknzc0mq5psspcbxffk2qalbb9";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c8f6b968312a09d062fcc8f942d29c93df2a5a3c/recipes/usql";
sha256 = "10ks164kcly5gkb2qmn700a51kph2sry4a64jwn60p5xl7w7af84";
name = "usql";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/usql";
license = lib.licenses.free;
};
}) {};
utop = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "utop";
@ -38863,12 +39031,12 @@
xterm-color = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "xterm-color";
version = "1.6";
version = "1.7";
src = fetchFromGitHub {
owner = "atomontage";
repo = "xterm-color";
rev = "ed3d0f4ccb2b28ff034192c50f244a97197d3911";
sha256 = "0djh18lm3xn9h4fa5ra0jrlzdzwhvhcalipj73j5gmmfaif4ya9q";
rev = "42374a98f1039e105cad9f16ce585dffc96a3f1c";
sha256 = "09mzzql76z3gn39qnfjspm8waps8msbkilmlk3n2zrizpbps6crj";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/b34a42f1bf5641871da8ce2b688325023262b643/recipes/xterm-color";

12
pkgs/applications/editors/emacs-modes/org-generated.nix
Unescape View File

@ -1,10 +1,10 @@
{ callPackage }: {
org = callPackage ({ elpaBuild, fetchurl, lib }: elpaBuild {
pname = "org";
version = "20180129";
version = "20180205";
src = fetchurl {
url = "https://orgmode.org/elpa/org-20180129.tar";
sha256 = "0cwxqr34c77qmv7flcpd46qwkn0nzli21s3m9km00mwc8xy308n4";
url = "https://orgmode.org/elpa/org-20180205.tar";
sha256 = "03045w9pr45byrj7wqzkb6i56d4r7xykfr066qmywspk764wmfyh";
};
packageRequires = [];
meta = {
@ -14,10 +14,10 @@
}) {};
org-plus-contrib = callPackage ({ elpaBuild, fetchurl, lib }: elpaBuild {
pname = "org-plus-contrib";
version = "20180129";
version = "20180205";
src = fetchurl {
url = "https://orgmode.org/elpa/org-plus-contrib-20180129.tar";
sha256 = "1bk7jmizlvfbq2bbis3kal8nllxj752a8dkq7j68q6kfbc6w1z24";
url = "https://orgmode.org/elpa/org-plus-contrib-20180205.tar";
sha256 = "0pbs3b0miqmpjw3d6mcw61dqyy6gnpdq6m18xmkbfvk5nn9lv7i6";
};
packageRequires = [];
meta = {

6
pkgs/applications/editors/emacs-modes/proofgeneral/HEAD.nix
Unescape View File

@ -2,13 +2,13 @@
stdenv.mkDerivation (rec {
name = "ProofGeneral-unstable-${version}";
version = "2017-11-06";
version = "2018-01-30";
src = fetchFromGitHub {
owner = "ProofGeneral";
repo = "PG";
rev = "2eab72c33751768c8a6cde36b978ea4a36b91843";
sha256 = "1l3n48d6d4l5q3wkhdyp8dc6hzdw1ckdzr57dj8rdm78j87vh2cg";
rev = "945cada601c5729edd16fcc989a3969c8b34d20a";
sha256 = "1zjmbhq6c8g8b93nnsvr5pxx6mlcndb0fz152b2h80vfh9663cn8";
};
buildInputs = [ emacs texinfo perl which ] ++ stdenv.lib.optional enableDoc texLive;

41
pkgs/applications/editors/emacs/site-start.el
Unescape View File

@ -1,18 +1,39 @@
;;; NixOS specific load-path
(setq load-path
(append (reverse (mapcar (lambda (x) (concat x "/share/emacs/site-lisp/"))
(split-string (or (getenv "NIX_PROFILES") ""))))
load-path))
(defun nix--profile-paths ()
"Returns a list of all paths in the NIX_PROFILES environment
variable, ordered from more-specific (the user profile) to the
least specific (the system profile)"
(reverse (split-string (or (getenv "NIX_PROFILES") ""))))
;;; Extend `load-path' to search for elisp files in subdirectories of
;;; all folders in `NIX_PROFILES'. Also search for one level of
;;; subdirectories in these directories to handle multi-file libraries
;;; like `mu4e'.'
(require 'seq)
(let* ((subdirectory-sites (lambda (site-lisp)
(when (file-exists-p site-lisp)
(seq-filter (lambda (f) (file-directory-p (file-truename f)))
;; Returns all files in `site-lisp', excluding `.' and `..'
(directory-files site-lisp 'full "^\\([^.]\\|\\.[^.]\\|\\.\\..\\)")))))
(paths (apply #'append
(mapcar (lambda (profile-dir)
(let ((site-lisp (concat profile-dir "/share/emacs/site-lisp/")))
(cons site-lisp (funcall subdirectory-sites site-lisp))))
(nix--profile-paths)))))
(setq load-path (append paths load-path)))
;;; Make `woman' find the man pages
(eval-after-load 'woman
'(setq woman-manpath
(append (reverse (mapcar (lambda (x) (concat x "/share/man/"))
(split-string (or (getenv "NIX_PROFILES") ""))))
(append (mapcar (lambda (x) (concat x "/share/man/"))
(nix--profile-paths))
woman-manpath)))
;;; Make tramp work for remote NixOS machines
(eval-after-load 'tramp
;; TODO: We should also add the other `NIX_PROFILES' to this path.
;; However, these are user-specific, so we would need to discover
;; them dynamically after connecting via `tramp'
'(add-to-list 'tramp-remote-path "/run/current-system/sw/bin"))
;;; C source directory
@ -22,9 +43,9 @@
;;; from: /nix/store/<hash>-emacs-<version>/share/emacs/site-lisp/site-start.el
;;; to: /nix/store/<hash>-emacs-<version>/share/emacs/<version>/src/
(let ((emacs
(file-name-directory ;; .../emacs/
(directory-file-name ;; .../emacs/site-lisp
(file-name-directory load-file-name)))) ;; .../emacs/site-lisp/
(file-name-directory ; .../emacs/
(directory-file-name ; .../emacs/site-lisp
(file-name-directory load-file-name)))) ; .../emacs/site-lisp/
(version
(file-name-as-directory
(concat

20
pkgs/applications/editors/jetbrains/default.nix
Unescape View File

@ -234,12 +234,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2017.3.2"; /* updated by script */
version = "2017.3.3"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "0lv0nwfgm6h67mxhh0a2154ym7wcbm1qp3k1k1i00lg0lwig1rcw"; /* updated by script */
sha256 = "0j090863y68ppw34qkldm8h4lpbhalhqn70gb0ifj9bglf17503d"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion_Release"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -273,12 +273,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2017.3.3"; /* updated by script */
version = "2017.3.4"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "1wxaz25609wri2d91s9wy00gngplyjg7gzix3mzdhgysm00qizf1"; /* updated by script */
sha256 = "15qsfirzmmjhwzkhx36zr4n0z5lhs021n2n3wim01g309ymr4gl9"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IDEA_Release";
@ -286,12 +286,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2017.3.3"; /* updated by script */
version = "2017.3.4"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz";
sha256 = "01d5a6m927q9bnjlpz8va8bfjnj52k8q6i3im5ygj6lwadbzawyf"; /* updated by script */
sha256 = "0f937s6zc1sv0gdlxf9kkc8l8rg78a5mxsfr2laab0g37rfy8c99"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IDEA_Release";
@ -299,12 +299,12 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "2017.3.3"; /* updated by script */
version = "2017.3.4"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "0mk4d2c41qvfz7sqxqw7adak86pm95wvhzxrfg32y01r5i5q0av7"; /* updated by script */
sha256 = "1hxkn0p0lp021bbysypwn8s69iggb76iwq38jv5a1ql7v5r1nwvd"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
update-channel = "PS2017.3";
@ -364,12 +364,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2017.3.3"; /* updated by script */
version = "2017.3.4"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "1fhs13944928rqcqbv8d29qm1y0zzry4drr9gqqmj814y2vkbpnl"; /* updated by script */
sha256 = "0d5whqa6c76l6g5yj0yq8a3k1x6d9kxwnac1dwsiy5dbr5jk0cyj"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WS_Release";

3
pkgs/applications/editors/neovim/wrapper.nix
Unescape View File

@ -1,6 +1,5 @@
{ stdenv, lib, makeDesktopItem, makeWrapper, lndir
{ stdenv, lib, makeDesktopItem, makeWrapper
, vimUtils
, neovim
, bundlerEnv, ruby
, pythonPackages
, python3Packages

55
pkgs/applications/editors/rstudio/default.nix
Unescape View File

@ -4,7 +4,10 @@
}:
let
version = "1.1.414";
verMajor = "1";
verMinor = "1";
verPatch = "423";
version = "${verMajor}.${verMinor}.${verPatch}";
ginVer = "1.5";
gwtVer = "2.7.0";
in
@ -19,46 +22,30 @@ stdenv.mkDerivation rec {
owner = "rstudio";
repo = "rstudio";
rev = "v${version}";
sha256 = "1rr2zkv53r8swhq5d745jpp0ivxpsizzh7srf34isqpkn5pgx3v8";
sha256 = "02kpmzh0vr0gb5dhiwcm4gwjbc3biwz0km655mgzmx9j64cyd3nf";
};
# Hack RStudio to only use the input R.
patches = [ ./r-location.patch ];
postPatch = "substituteInPlace src/cpp/core/r_util/REnvironmentPosix.cpp --replace '@R@' ${R}";
inherit ginVer;
ginSrc = fetchurl {
url = "https://s3.amazonaws.com/rstudio-buildtools/gin-${ginVer}.zip";
sha256 = "155bjrgkf046b8ln6a55x06ryvm8agnnl7l8bkwwzqazbpmz8qgm";
};
inherit gwtVer;
gwtSrc = fetchurl {
url = "https://s3.amazonaws.com/rstudio-buildtools/gwt-${gwtVer}.zip";
sha256 = "1cs78z9a1jg698j2n35wsy07cy4fxcia9gi00x0r0qc3fcdhcrda";
};
hunspellDictionaries = builtins.attrValues hunspellDicts;
hunspellDictionaries = with stdenv.lib; filter isDerivation (attrValues hunspellDicts);
mathJaxSrc = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/mathjax-26.zip;
sha256 = "0wbcqb9rbfqqvvhqr1pbqax75wp8ydqdyhp91fbqfqp26xzjv6lk";
};
rmarkdownSrc = fetchFromGitHub {
owner = "rstudio";
repo = "rmarkdown";
rev = "v1.8";
sha256 = "1blqxdr1vp2z5wd52nmf8hq36sdd4s2pyms441dqj50v35f8girb";
};
rsconnectSrc = fetchFromGitHub {
owner = "rstudio";
repo = "rsconnect";
rev = "953c945779dd180c1bfe68f41c173c13ec3e222d";
sha256 = "1yxwd9v4mvddh7m5rbljicmssw7glh1lhin7a9f01vxxa92vpj7z";
};
rstudiolibclang = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/libclang-3.5.zip;
sha256 = "1sl5vb8misipwbbbykdymw172w9qrh8xv3p29g0bf3nzbnv6zc7c";
@ -71,31 +58,31 @@ stdenv.mkDerivation rec {
preConfigure =
''
export RSTUDIO_VERSION_MAJOR=${verMajor}
export RSTUDIO_VERSION_MINOR=${verMinor}
export RSTUDIO_VERSION_PATCH=${verPatch}
GWT_LIB_DIR=src/gwt/lib
mkdir -p $GWT_LIB_DIR/gin/$ginVer
unzip $ginSrc -d $GWT_LIB_DIR/gin/$ginVer
mkdir -p $GWT_LIB_DIR/gin/${ginVer}
unzip ${ginSrc} -d $GWT_LIB_DIR/gin/${ginVer}
unzip $gwtSrc
unzip ${gwtSrc}
mkdir -p $GWT_LIB_DIR/gwt
mv gwt-$gwtVer $GWT_LIB_DIR/gwt/$gwtVer
mv gwt-${gwtVer} $GWT_LIB_DIR/gwt/${gwtVer}
mkdir dependencies/common/dictionaries
for dict in $hunspellDictionaries; do
for i in "$dict/share/hunspell/"*
do ln -sv $i dependencies/common/dictionaries/
done
for dict in ${builtins.concatStringsSep " " hunspellDictionaries}; do
for i in "$dict/share/hunspell/"*; do
ln -sv $i dependencies/common/dictionaries/
done
done
unzip $mathJaxSrc -d dependencies/common/mathjax-26
mkdir -p dependencies/common/rmarkdown
ln -s $rmarkdownSrc dependencies/common/rmarkdown/
mkdir -p dependencies/common/rsconnect
ln -s $rsconnectSrc dependencies/common/rsconnect/
unzip ${mathJaxSrc} -d dependencies/common/mathjax-26
mkdir -p dependencies/common/libclang/3.5
unzip $rstudiolibclang -d dependencies/common/libclang/3.5
unzip ${rstudiolibclang} -d dependencies/common/libclang/3.5
mkdir -p dependencies/common/libclang/builtin-headers
unzip $rstudiolibclangheaders -d dependencies/common/libclang/builtin-headers
unzip ${rstudiolibclangheaders} -d dependencies/common/libclang/builtin-headers
mkdir -p dependencies/common/pandoc
cp ${pandoc}/bin/pandoc dependencies/common/pandoc/

5
pkgs/applications/editors/tiled/default.nix
Unescape View File

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
name = "tiled-${version}";
version = "1.1.1";
version = "1.1.2";
src = fetchFromGitHub {
owner = "bjorn";
repo = "tiled";
rev = "v${version}";
sha256 = "1c6n5xshadxv5qwv8kfrj1kbfnkvx6nyxc9p4mpzkjrkxw1b1qf1";
sha256 = "1bzp89914rlrwf2whky3fx10rwxqiwbw9acyqllvam3l4hmv4nlz";
};
nativeBuildInputs = [ pkgconfig qmake ];
@ -24,6 +24,7 @@ stdenv.mkDerivation rec {
bsd2 # libtiled and tmxviewer
gpl2Plus # all the rest
];
maintainers = with maintainers; [ dywedir ];
platforms = platforms.linux;
};
}

6
pkgs/applications/editors/typora/default.nix
Unescape View File

@ -3,18 +3,18 @@
stdenv.mkDerivation rec {
name = "typora-${version}";
version = "0.9.41";
version = "0.9.44";
src =
if stdenv.system == "x86_64-linux" then
fetchurl {
url = "https://www.typora.io/linux/typora_${version}_amd64.deb";
sha256 = "e4916f86c7c12aec8fd59b3ef79c2a4d3f77b02a0a9e962916c688871c9fda1d";
sha256 = "9442c090bf2619d270890228abd7dabb9e217c0b200615f8ed3cb255efd122d5";
}
else
fetchurl {
url = "https://www.typora.io/linux/typora_${version}_i386.deb";
sha256 = "18960fb4b2cd6cf9cb77025a4035a3258f1599b1d225fb673b49c1588fa272d6";
sha256 = "ae228ca946d03940b85df30c995c4de3f942a780e32d4dcab872dec671c66ef3";
}
;

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save