kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

Merge remote-tracking branch 'origin/master' into haskell-updates

Browse Source
launchpad/nixpkgs/master
(cdep)illabout 3 years ago
parent 2c9b564bd2 a2eaa1fb67
commit faf5bbb6bf
No known key found for this signature in database
GPG Key ID: 462E0C03D11422F4
1240 changed files with 27239 additions and 10615 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      .github/CODEOWNERS
  2. 22
      .github/workflows/backport.yml
  3. 21
      .github/workflows/nixos-manual.yml
  4. 2
      .github/workflows/rebase.yml
  5. 2
      .version
  6. 4
      README.md
  7. 4
      doc/contributing/submitting-changes.chapter.md
  8. 14
      doc/languages-frameworks/beam.section.md
  9. 1
      flake.nix
  10. 5
      lib/flake.nix
  11. 15
      lib/systems/default.nix
  12. 2
      lib/systems/doubles.nix
  13. 15
      lib/systems/examples.nix
  14. 12
      lib/systems/platforms.nix
  15. 2
      lib/trivial.nix
  16. 58
      maintainers/maintainer-list.nix
  17. 9
      maintainers/team-list.nix
  18. 13
      nixos/doc/manual/contributing-to-this-manual.chapter.md
  19. 22
      nixos/doc/manual/contributing-to-this-manual.xml
  20. 18
      nixos/doc/manual/development/building-nixos.chapter.md
  21. 33
      nixos/doc/manual/development/building-nixos.xml
  22. 3
      nixos/doc/manual/development/development.xml
  23. 366
      nixos/doc/manual/development/releases.xml
  24. 5
      nixos/doc/manual/from_md/README.md
  25. 22
      nixos/doc/manual/from_md/contributing-to-this-manual.chapter.xml
  26. 33
      nixos/doc/manual/from_md/development/building-nixos.chapter.xml
  27. 26
      nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
  28. 6
      nixos/doc/manual/installation/installing.xml
  29. 2
      nixos/doc/manual/manual.xml
  30. 33
      nixos/doc/manual/md-to-db.sh
  31. 1
      nixos/doc/manual/release-notes/release-notes.xml
  32. 31
      nixos/doc/manual/release-notes/rl-2105.xml
  33. 9
      nixos/doc/manual/release-notes/rl-2111.section.md
  34. 2
      nixos/modules/hardware/xpadneo.nix
  35. 39
      nixos/modules/installer/cd-dvd/iso-image.nix
  36. 1
      nixos/modules/module-list.nix
  37. 2
      nixos/modules/programs/atop.nix
  38. 2
      nixos/modules/programs/bash/undistract-me.nix
  39. 114
      nixos/modules/services/audio/botamusique.nix
  40. 16
      nixos/modules/services/backup/syncoid.nix
  41. 3
      nixos/modules/services/hardware/spacenavd.nix
  42. 17
      nixos/modules/services/misc/matrix-synapse.nix
  43. 1
      nixos/modules/services/monitoring/prometheus/exporters.nix
  44. 74
      nixos/modules/services/monitoring/prometheus/exporters/pihole.nix
  45. 2
      nixos/modules/services/networking/kresd.nix
  46. 3
      nixos/modules/services/networking/solanum.nix
  47. 109
      nixos/modules/services/networking/wireguard.nix
  48. 1
      nixos/modules/services/security/bitwarden_rs/default.nix
  49. 38
      nixos/modules/services/web-servers/nginx/default.nix
  50. 12
      nixos/modules/services/web-servers/nginx/vhost-options.nix
  51. 4
      nixos/modules/services/x11/desktop-managers/cinnamon.nix
  52. 2
      nixos/modules/services/x11/desktop-managers/lxqt.nix
  53. 5
      nixos/modules/services/x11/desktop-managers/plasma5.nix
  54. 107
      nixos/modules/system/boot/luksroot.nix
  55. 1
      nixos/modules/tasks/filesystems.nix
  56. 7
      nixos/modules/virtualisation/libvirtd.nix
  57. 2
      nixos/modules/virtualisation/nixos-containers.nix
  58. 1
      nixos/tests/all-tests.nix
  59. 37
      nixos/tests/atop.nix
  60. 47
      nixos/tests/botamusique.nix
  61. 38
      nixos/tests/sanoid.nix
  62. 12
      pkgs/applications/audio/ardour/default.nix
  63. 15
      pkgs/applications/audio/flac/default.nix
  64. 4
      pkgs/applications/audio/ft2-clone/default.nix
  65. 1
      pkgs/applications/audio/gradio/default.nix
  66. 37
      pkgs/applications/audio/helvum/default.nix
  67. 4
      pkgs/applications/audio/linuxsampler/default.nix
  68. 2
      pkgs/applications/audio/mmtc/default.nix
  69. 14
      pkgs/applications/audio/mousai/default.nix
  70. 2
      pkgs/applications/audio/muso/default.nix
  71. 2
      pkgs/applications/audio/netease-music-tui/default.nix
  72. 1
      pkgs/applications/audio/parlatype/default.nix
  73. 8
      pkgs/applications/audio/plexamp/default.nix
  74. 54
      pkgs/applications/audio/plexamp/update-plexamp.sh
  75. 15
      pkgs/applications/audio/reaper/default.nix
  76. 2
      pkgs/applications/audio/spotify-tui/default.nix
  77. 2
      pkgs/applications/audio/spotifyd/default.nix
  78. 41
      pkgs/applications/audio/surge/default.nix
  79. 6
      pkgs/applications/audio/whipper/default.nix
  80. 36
      pkgs/applications/audio/ytmdesktop/default.nix
  81. 2
      pkgs/applications/audio/zynaddsubfx/default.nix
  82. 2
      pkgs/applications/audio/zynaddsubfx/mruby-zest/default.nix
  83. 4
      pkgs/applications/blockchains/exodus/default.nix
  84. 27
      pkgs/applications/blockchains/faraday/default.nix
  85. 15
      pkgs/applications/blockchains/stellar-core-dirty-version.patch
  86. 31
      pkgs/applications/blockchains/stellar-core.nix
  87. 2
      pkgs/applications/editors/amp/default.nix
  88. 9
      pkgs/applications/editors/android-studio/default.nix
  89. 7
      pkgs/applications/editors/emacs/elisp-packages/melpa-packages.nix
  90. 2
      pkgs/applications/editors/hexdino/default.nix
  91. 2
      pkgs/applications/editors/kibi/default.nix
  92. 5
      pkgs/applications/editors/lite/default.nix
  93. 2
      pkgs/applications/editors/neovim/gnvim/default.nix
  94. 2
      pkgs/applications/editors/neovim/neovide/default.nix
  95. 40
      pkgs/applications/editors/neovim/utils.nix
  96. 27
      pkgs/applications/editors/neovim/wrapper.nix
  97. 4
      pkgs/applications/editors/netbeans/default.nix
  98. 2
      pkgs/applications/editors/ox/default.nix
  99. 2
      pkgs/applications/editors/poke/default.nix
  100. 21
      pkgs/applications/editors/sublime/3/common.nix
  101. Some files were not shown because too many files have changed in this diff Show More

4
.github/CODEOWNERS
Unescape View File

@ -46,6 +46,7 @@
/nixos/default.nix @nbp @infinisil
/nixos/lib/from-env.nix @nbp @infinisil
/nixos/lib/eval-config.nix @nbp @infinisil
/nixos/doc @ryantm
/nixos/doc/manual/configuration/abstractions.xml @nbp
/nixos/doc/manual/configuration/config-file.xml @nbp
/nixos/doc/manual/configuration/config-syntax.xml @nbp
@ -179,8 +180,7 @@
/pkgs/top-level/emacs-packages.nix @adisbladis
# Neovim
/pkgs/applications/editors/neovim @jonringer
/pkgs/applications/editors/neovim @teto
/pkgs/applications/editors/neovim @jonringer @teto
# VimPlugins
/pkgs/misc/vim-plugins @jonringer @softinio

22
.github/workflows/backport.yml
Unescape View File

@ -0,0 +1,22 @@
name: Backport
on:
pull_request:
types: [closed]
jobs:
backport:
name: Create backport PRs
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
# required to find all branches
fetch-depth: 0
- name: Create backport PRs
# should be kept in sync with `version`
uses: zeebe-io/backport-action@9b8949dcd4295d364b0939f07d0c7593598d26cd
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
github_workspace: ${{ github.workspace }}
# should be kept in sync with `uses`
version: 9b8949dcd4295d364b0939f07d0c7593598d26cd

21
.github/workflows/nixos-manual.yml
Unescape View File

@ -0,0 +1,21 @@
name: NixOS manual checks
on:
pull_request:
branches-ignore:
- 'release-**'
paths:
- 'nixos/**/*.xml'
- 'nixos/**/*.md'
jobs:
tests:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v12
- name: Check DocBook files generated from Markdown are consistent
run: |
nixos/doc/manual/md-to-db.sh
git diff --exit-code

2
.github/workflows/rebase.yml
Unescape View File

@ -41,7 +41,7 @@ jobs:
- name: check branch
env:
PERMANENT_BRANCHES: "haskell-updates|master|nixos|nixpkgs|python-unstable|release|staging"
VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|staging|staging-20.09|staging-next"
VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|release-21.05|staging|staging-20.09|staging-21.05|staging-next|staging-next-21.05"
run: |
message() {
cat <<EOF

2
.version
Unescape View File

@ -1 +1 @@
21.05
21.11

4
README.md
Unescape View File

@ -21,10 +21,10 @@
# Community
* [Discourse Forum](https://discourse.nixos.org/)
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
* [Matrix Chat](https://matrix.to/#/#community:nixos.org)
* [NixOS Weekly](https://weekly.nixos.org/)
* [Community-maintained wiki](https://nixos.wiki/)
* [Community-maintained list of ways to get in touch](https://nixos.wiki/wiki/Get_In_Touch#Chat) (Discord, Matrix, Telegram, other IRC channels, etc.)
* [Community-maintained list of ways to get in touch](https://nixos.wiki/wiki/Get_In_Touch#Chat) (Discord, Telegram, IRC, etc.)
# Other Project Repositories

4
doc/contributing/submitting-changes.chapter.md
Unescape View File

@ -238,7 +238,7 @@ The `staging` branch is a development branch where mass-rebuilds go. It should o
### Staging-next branch {#submitting-changes-staging-next-branch}
The `staging-next` branch is for stabilizing mass-rebuilds submitted to the `staging` branch prior to merging them into `master`. Mass-rebuilds should go via the `staging` branch. It should only see non-breaking commits that are fixing issues blocking it from being merged into the `master ` branch.
The `staging-next` branch is for stabilizing mass-rebuilds submitted to the `staging` branch prior to merging them into `master`. Mass-rebuilds must go via the `staging` branch. It must only see non-breaking commits that are fixing issues blocking it from being merged into the `master ` branch.
If the branch is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days and then merge into master.
@ -248,6 +248,8 @@ For cherry-picking a commit to a stable release branch (“backporting”), use
Add a reason for the backport by using `git cherry-pick -xe <original commit>` instead when it is not obvious from the original commit message. It is not needed when it's a minor version update that includes security and bug fixes but don't add new features or when the commit fixes an otherwise broken package.
For backporting Pull Requests to stable branches, assign label `backport <branch>` to the original Pull Requests and automation should take care of the rest once the Pull Requests is merged.
Here is an example of a cherry-picked commit message with good reason description:
```

14
doc/languages-frameworks/beam.section.md
Unescape View File

@ -4,13 +4,19 @@
In this document and related Nix expressions, we use the term, _BEAM_, to describe the environment. BEAM is the name of the Erlang Virtual Machine and, as far as we're concerned, from a packaging perspective, all languages that run on the BEAM are interchangeable. That which varies, like the build system, is transparent to users of any given BEAM package, so we make no distinction.
## Available versions and deprecations schedule
### Elixir
nixpkgs follows the [official elixir deprecation schedule](https://hexdocs.pm/elixir/compatibility-and-deprecations.html) and keeps the last 5 released versions of Elixir available.
## Structure {#beam-structure}
All BEAM-related expressions are available via the top-level `beam` attribute, which includes:
- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR19`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR22`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlangR19`.
- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlang22`.
The default Erlang compiler, defined by `beam.interpreters.erlang`, is aliased as `erlang`. The default BEAM package set is defined by `beam.packages.erlang` and aliased at the top level as `beamPackages`.
@ -80,7 +86,7 @@ let
version = "0.0.1";
mixEnv = "prod";
mixDeps = packages.fetchMixDeps {
mixFodDeps = packages.fetchMixDeps {
pname = "mix-deps-${pname}";
inherit src mixEnv version;
# nix will complain and tell you the right value to replace this with
@ -124,7 +130,7 @@ let
in packages.mixRelease {
inherit src pname version mixEnv mixDeps;
inherit src pname version mixEnv mixFodDeps;
# if you have build time environment variables add them here
MY_ENV_VAR="my_value";
preInstall = ''

1
flake.nix
Unescape View File

@ -18,6 +18,7 @@
"aarch64-linux"
"armv6l-linux"
"armv7l-linux"
"aarch64-darwin"
];
forAllSystems = f: lib.genAttrs systems (system: f system);

5
lib/flake.nix
Unescape View File

@ -0,0 +1,5 @@
{
description = "Library of low-level helper functions for nix expressions.";
outputs = { self }: { lib = import ./lib; };
}

15
lib/systems/default.nix
Unescape View File

@ -41,6 +41,19 @@ rec {
else if final.isNetBSD then "nblibc"
# TODO(@Ericson2314) think more about other operating systems
else "native/impure";
# Choose what linker we wish to use by default. Someday we might also
# choose the C compiler, runtime library, C++ standard library, etc. in
# this way, nice and orthogonally, and deprecate `useLLVM`. But due to
# the monolithic GCC build we cannot actually make those choices
# independently, so we are just doing `linker` and keeping `useLLVM` for
# now.
linker =
/**/ if final.useLLVM or false then "lld"
else if final.isDarwin then "cctools"
# "bfd" and "gold" both come from GNU binutils. The existance of Gold
# is why we use the more obscure "bfd" and not "binutils" for this
# choice.
else "bfd";
extensions = {
sharedLibrary =
/**/ if final.isDarwin then ".dylib"
@ -118,7 +131,7 @@ rec {
else null;
# The canonical name for this attribute is darwinSdkVersion, but some
# platforms define the old name "sdkVer".
darwinSdkVersion = final.sdkVer or "10.12";
darwinSdkVersion = final.sdkVer or (if final.isAarch64 then "11.0" else "10.12");
darwinMinVersion = final.darwinSdkVersion;
darwinMinVersionVariable =
if final.isMacOS then "MACOSX_DEPLOYMENT_TARGET"

2
lib/systems/doubles.nix
Unescape View File

@ -96,5 +96,5 @@ in {
embedded = filterDoubles predicates.isNone;
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "armv7a-linux" "aarch64-linux" "powerpc64-linux" "powerpc64le-linux"];
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "armv7a-linux" "aarch64-linux" "powerpc64-linux" "powerpc64le-linux" "aarch64-darwin"];
}

15
lib/systems/examples.nix
Unescape View File

@ -70,6 +70,15 @@ rec {
useAndroidPrebuilt = true;
};
aarch64-android = {
config = "aarch64-unknown-linux-android";
sdkVer = "30";
ndkVer = "21";
libc = "bionic";
useAndroidPrebuilt = false;
useLLVM = true;
};
scaleway-c1 = armv7l-hf-multiplatform // platforms.scaleway-c1;
pogoplug4 = {
@ -231,6 +240,12 @@ rec {
useiOSPrebuilt = true;
};
aarch64-darwin = {
config = "aarch64-apple-darwin";
xcodePlatform = "MacOSX";
platform = {};
};
#
# Windows
#

12
lib/systems/platforms.nix
Unescape View File

@ -375,6 +375,13 @@ rec {
};
};
apple-m1 = {
gcc = {
arch = "armv8.3-a+crypto+sha2+aes+crc+fp16+lse+simd+ras+rdm+rcpc";
cpu = "apple-a13";
};
};
##
## MIPS
##
@ -495,7 +502,10 @@ rec {
else if lib.versionOlder version "6" then sheevaplug
else if lib.versionOlder version "7" then raspberrypi
else armv7l-hf-multiplatform
else if platform.isAarch64 then aarch64-multiplatform
else if platform.isAarch64 then
if platform.isDarwin then apple-m1
else aarch64-multiplatform
else if platform.isRiscV then riscv-multiplatform

2
lib/trivial.nix
Unescape View File

@ -171,7 +171,7 @@ rec {
On each release the first letter is bumped and a new animal is chosen
starting with that new letter.
*/
codeName = "Okapi";
codeName = "Porcupine";
/* Returns the current nixpkgs version suffix as string. */
versionSuffix =

58
maintainers/maintainer-list.nix
Unescape View File

@ -3663,6 +3663,12 @@
githubId = 10353047;
name = "Tobias Happ";
};
gfrascadorio = {
email = "gfrascadorio@tutanota.com";
github = "gfrascadorio";
githubId = 37602871;
name = "Galois";
};
ggpeti = {
email = "ggpeti@gmail.com";
github = "ggpeti";
@ -5190,6 +5196,12 @@
githubId = 546087;
name = "Kristoffer K. Føllesdal";
};
kho-dialga = {
email = "ivandashenyou@gmail.com";
github = "kho-dialga";
githubId = 55767703;
name = "Iván Brito";
};
khumba = {
email = "bog@khumba.net";
github = "khumba";
@ -5505,6 +5517,12 @@
}];
name = "Las Safin";
};
l3af = {
email = "L3afMeAlon3@gmail.com";
github = "L3afMe";
githubId = 72546287;
name = "L3af";
};
laikq = {
email = "gwen@quasebarth.de";
github = "laikq";
@ -5696,6 +5714,12 @@
githubId = 6652840;
name = "Jade";
};
lgcl = {
email = "dev@lgcl.de";
name = "Leon Vack";
github = "LogicalOverflow";
githubId = 5919957;
};
lheckemann = {
email = "git@sphalerite.org";
github = "lheckemann";
@ -6452,10 +6476,10 @@
email = "softs@metabarcoding.org";
name = "Celine Mercier";
};
metadark = {
kira-bruneau = {
email = "kira.bruneau@pm.me";
name = "Kira Bruneau";
github = "metadark";
github = "kira-bruneau";
githubId = 382041;
};
meutraa = {
@ -7459,6 +7483,12 @@
githubId = 1538622;
name = "Michael Reilly";
};
onixie = {
email = "onixie@gmail.com";
github = "onixie";
githubId = 817073;
name = "Yc. Shen";
};
onsails = {
email = "andrey@onsails.com";
github = "onsails";
@ -8083,6 +8113,12 @@
githubId = 406946;
name = "Valentin Lorentz";
};
proofofkeags = {
email = "keagan.mcclelland@gmail.com";
github = "ProofOfKeags";
githubId = 4033651;
name = "Keagan McClelland";
};
protoben = {
email = "protob3n@gmail.com";
github = "protoben";
@ -8685,6 +8721,12 @@
githubId = 221121;
name = "Robert P. Seaton";
};
rraval = {
email = "ronuk.raval@gmail.com";
github = "rraval";
githubId = 373566;
name = "Ronuk Raval";
};
rszibele = {
email = "richard@szibele.com";
github = "rszibele";
@ -9125,6 +9167,12 @@
githubId = 1443459;
name = "Sheena Artrip";
};
sheepforce = {
email = "phillip.seeber@googlemail.com";
github = "sheepforce";
githubId = 16844216;
name = "Phillip Seeber";
};
sheganinans = {
email = "sheganinans@gmail.com";
github = "sheganinans";
@ -9483,6 +9531,12 @@
githubId = 1699155;
name = "Steve Elliott";
};
stelcodes = {
email = "stel@stel.codes";
github = "stelcodes";
githubId = 22163194;
name = "Stel Abrego";
};
stephank = {
email = "nix@stephank.nl";
github = "stephank";

9
maintainers/team-list.nix
Unescape View File

@ -78,6 +78,15 @@ with lib.maintainers; {
scope = "Maintain Freedesktop.org packages for graphical desktop.";
};
gcc = {
members = [
synthetica
vcunat
ericson2314
];
scope = "Maintain GCC (GNU Compiler Collection) compilers";
};
golang = {
members = [
c00w

13
nixos/doc/manual/contributing-to-this-manual.chapter.md
Unescape View File

@ -0,0 +1,13 @@
# Contributing to this manual {#chap-contributing}
The DocBook and CommonMark sources of NixOS' manual are in the [nixos/doc/manual](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual) subdirectory of the [Nixpkgs](https://github.com/NixOS/nixpkgs) repository.
You can quickly check your edits with the following:
```ShellSession
$ cd /path/to/nixpkgs
$ ./nixos/doc/manual/md-to-db.sh
$ nix-build nixos/release.nix -A manual.x86_64-linux
```
If the build succeeds, the manual will be in `./result/share/doc/nixos/index.html`.

22
nixos/doc/manual/contributing-to-this-manual.xml
Unescape View File

@ -1,22 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-contributing">
<title>Contributing to this manual</title>
<para>
The DocBook sources of NixOS' manual are in the <filename
xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual">
nixos/doc/manual</filename> subdirectory of the <link
xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link> repository.
</para>
<para>
You can quickly check your edits with the following:
</para>
<screen>
<prompt>$ </prompt>cd /path/to/nixpkgs
<prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux
</screen>
<para>
If the build succeeds, the manual will be in
<filename>./result/share/doc/nixos/index.html</filename>.
</para>
</chapter>

18
nixos/doc/manual/development/building-nixos.chapter.md
Unescape View File

@ -0,0 +1,18 @@
# Building Your Own NixOS CD {#sec-building-cd}
Building a NixOS CD is as easy as configuring your own computer. The idea is to use another module which will replace your `configuration.nix` to configure the system that would be installed on the CD.
Default CD/DVD configurations are available inside `nixos/modules/installer/cd-dvd`
```ShellSession
$ git clone https://github.com/NixOS/nixpkgs.git
$ cd nixpkgs/nixos
$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
```
Before burning your CD/DVD, you can check the content of the image by mounting anywhere like suggested by the following command:
```ShellSession
# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen>
```
If you want to customize your NixOS CD in more detail, or generate other kinds of images, you might want to check out [nixos-generators](https://github.com/nix-community/nixos-generators). This can also be a good starting point when you want to use Nix to build a 'minimal' image that doesn't include a NixOS installation.

33
nixos/doc/manual/development/building-nixos.xml
Unescape View File

@ -1,33 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-building-cd">
<title>Building Your Own NixOS CD</title>
<para>
Building a NixOS CD is as easy as configuring your own computer. The idea is
to use another module which will replace your
<filename>configuration.nix</filename> to configure the system that would be
installed on the CD.
</para>
<para>
Default CD/DVD configurations are available inside
<filename>nixos/modules/installer/cd-dvd</filename>.
<screen>
<prompt>$ </prompt>git clone https://github.com/NixOS/nixpkgs.git
<prompt>$ </prompt>cd nixpkgs/nixos
<prompt>$ </prompt>nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix</screen>
</para>
<para>
Before burning your CD/DVD, you can check the content of the image by
mounting anywhere like suggested by the following command:
<screen>
<prompt># </prompt>mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen>
</para>
<para>
If you want to customize your NixOS CD in more detail, or generate other kinds
of images, you might want to check out <link
xlink:href="https://github.com/nix-community/nixos-generators">nixos-generators</link>. This can also be a good starting point when you want to use Nix to build a
'minimal' image that doesn't include a NixOS installation.
</para>
</chapter>

3
nixos/doc/manual/development/development.xml
Unescape View File

@ -13,8 +13,7 @@
<xi:include href="writing-modules.xml" />
<xi:include href="building-parts.xml" />
<xi:include href="writing-documentation.xml" />
<xi:include href="building-nixos.xml" />
<xi:include href="../from_md/development/building-nixos.chapter.xml" />
<xi:include href="nixos-tests.xml" />
<xi:include href="testing-installer.xml" />
<xi:include href="releases.xml" />
</part>

366
nixos/doc/manual/development/releases.xml
Unescape View File

@ -1,366 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-releases">
<title>Releases</title>
<section xml:id="release-process">
<title>Release process</title>
<para>
Going through an example of releasing NixOS 19.09:
</para>
<section xml:id="one-month-before-the-beta">
<title>One month before the beta</title>
<itemizedlist>
<listitem>
<para>
Create an announcement on <link xlink:href="https://discourse.nixos.org">Discourse</link> as a warning about upcoming beta <quote>feature freeze</quote> in a month. <link xlink:href="https://discourse.nixos.org/t/nixos-19-09-feature-freeze/3707">See this post as an example</link>.
</para>
</listitem>
<listitem>
<para>
Discuss with Eelco Dolstra and the community (via IRC, ML) about what will reach the deadline. Any issue or Pull Request targeting the release should be included in the release milestone.
</para>
</listitem>
<listitem>
<para>
Remove attributes that we know we will not be able to support, especially if there is a stable alternative. E.g. Check that our Linux kernels’ <link xlink:href="https://www.kernel.org/category/releases.html">projected end-of-life</link> are after our release projected end-of-life.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="at-beta-release-time">
<title>At beta release time</title>
<orderedlist>
<listitem>
<para>
From the master branch run:
</para>
<programlisting>
git checkout -b release-19.09
</programlisting>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/10e61bf5be57736035ec7a804cb0bf3d083bf2cf#diff-9c798092bac0caeb5c52d509be0ca263R69">Bump the <literal>system.defaultChannel</literal> attribute in <literal>nixos/modules/misc/version.nix</literal></link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/10e61bf5be57736035ec7a804cb0bf3d083bf2cf#diff-831e8d9748240fb23e6734fdc2a6d16eR15">Update <literal>versionSuffix</literal> in <literal>nixos/release.nix</literal></link>
</para>
</listitem>
</orderedlist>
<para>
To get the commit count, use the following command:
</para>
<programlisting>
git rev-list --count release-19.09
</programlisting>
<orderedlist>
<listitem>
<para>
Edit changelog at <literal>nixos/doc/manual/release-notes/rl-1909.xml</literal>.
</para>
<itemizedlist>
<listitem>
<para>
Get all new NixOS modules:
</para>
<programlisting>
git diff release-19.03..release-19.09 nixos/modules/module-list.nix | grep ^+
</programlisting>
</listitem>
<listitem>
<para>
Note systemd, kernel, glibc, desktop environment, and Nix upgrades.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Tag the release:
</para>
<programlisting>
git tag --annotate --message="Release 19.09-beta" 19.09-beta
git push upstream 19.09-beta
</programlisting>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/01268fda85b7eee4e462c873d8654f975067731f#diff-2bc0e46110b507d6d5a344264ef15adaR1">On the <literal>master</literal> branch, increment the <literal>.version</literal> file</link>
</para>
<programlisting>
echo -n "20.03" > .version
</programlisting>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/01268fda85b7eee4e462c873d8654f975067731f#diff-03f3d41b68f62079c55001f1a1c55c1dR137">Update <literal>codeName</literal> in <literal>lib/trivial.nix</literal></link> This will be the name for the next release.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/01268fda85b7eee4e462c873d8654f975067731f#diff-e7ee5ff686cdcc513ca089d6e5682587R11">Create a new release notes file for the upcoming release + 1</link>, in our case this is <literal>rl-2003.xml</literal>.
</para>
</listitem>
<listitem>
<para>
Contact the infrastructure team to create the necessary Hydra Jobsets.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixos-org-configurations/blob/master/channels.nix">Create a channel at https://nixos.org/channels by creating a PR to nixos-org-configurations, changing <literal>channels.nix</literal></link>
</para>
</listitem>
<listitem>
<para>
Get all Hydra jobsets for the release to have their first evaluation.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/13559">Create an issue for tracking Zero Hydra Failures progress. ZHF is an effort to get build failures down to zero.</link>
</para>
</listitem>
</orderedlist>
</section>
<section xml:id="during-beta">
<title>During Beta</title>
<itemizedlist>
<listitem>
<para>
Monitor the master branch for bugfixes and minor updates and cherry-pick them to the release branch.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="before-the-final-release">
<title>Before the final release</title>
<itemizedlist>
<listitem>
<para>
Re-check that the release notes are complete.
</para>
</listitem>
<listitem>
<para>
Release Nix (currently only Eelco Dolstra can do that). <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/tools/nix-fallback-paths.nix">Make sure fallback is updated.</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/40fd9ae3ac8048758abdcfc7d28a78b5f22fe97e">Update README.md with new stable NixOS version information.</link>
</para>
</listitem>
<listitem>
<para>
Change <literal>stableBranch</literal> to <literal>true</literal> in Hydra and wait for the channel to update.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="at-final-release-time">
<title>At final release time</title>
<orderedlist>
<listitem>
<para>
Update <xref linkend="sec-upgrading" /> section of the manual to match new stable release version.
</para>
</listitem>
<listitem>
<para>
Update <literal>rl-1909.xml</literal> with the release date.
</para>
</listitem>
<listitem>
<para>
Tag the final release
</para>
<programlisting>
git tag --annotate --message="Release 19.09" 19.09
git push upstream 19.09
</programlisting>
</listitem>
<listitem>
<para>
Update <link xlink:href="https://github.com/NixOS/nixos-homepage">nixos-homepage</link> for the release.
</para>
<orderedlist>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixos-homepage/blob/47ac3571c4d71e841fd4e6c6e1872e762b9c4942/Makefile#L1">Update <literal>NIXOS_SERIES</literal> in the <literal>Makefile</literal></link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixos-homepage/blob/47ac3571c4d71e841fd4e6c6e1872e762b9c4942/nixos-release.tt#L1">Update <literal>nixos-release.tt</literal> with the new NixOS version</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixos-homepage/blob/47ac3571c4d71e841fd4e6c6e1872e762b9c4942/flake.nix#L10">Update the <literal>flake.nix</literal> input <literal>released-nixpkgs</literal> to 19.09</link>.
</para>
</listitem>
<listitem>
<para>
Run <literal>./update.sh</literal> (this updates flake.lock to updated channel).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixos-homepage/blob/a5626c71c03a2dd69086564e56f1a230a2bb177a/logo/nixos-logo-19.09-loris-lores.png">Add a compressed version of the NixOS logo for 19.09</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixos-homepage/commit/a5626c71c03a2dd69086564e56f1a230a2bb177a#diff-9cdc6434d3e4fd93a6e5bb0a531a7c71R5">Compose a news item for the website RSS feed</link>.
</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>
Create a new topic on <link xlink:href="https://discourse.nixos.org/">the Discourse instance</link> to announce the release.
</para>
</listitem>
</orderedlist>
<para>
You should include the following information:
</para>
<itemizedlist>
<listitem>
<para>
Number of commits for the release:
</para>
<programlisting>
bash git log release-19.03..release-19.09 --format=%an | wc -l
</programlisting>
</listitem>
<listitem>
<para>
Commits by contributor:
</para>
<programlisting>
git shortlog --summary --numbered release-19.03..release-19.09
</programlisting>
</listitem>
</itemizedlist>
<para>
Best to check how the previous post was formulated to see what needs to be included.
</para>
</section>
</section>
<section xml:id="release-management-team">
<title>Release Management Team</title>
<para>
For each release there are two release managers. After each release the release manager having managed two releases steps down and the release management team of the last release appoints a new release manager.
</para>
<para>
This makes sure a release management team always consists of one release manager who already has managed one release and one release manager being introduced to their role, making it easier to pass on knowledge and experience.
</para>
<para>
Release managers for the current NixOS release are tracked by GitHub team <link xlink:href="https://github.com/orgs/NixOS/teams/nixos-release-managers/members"><literal>@NixOS/nixos-release-managers</literal></link>.
</para>
<para>
A release manager’s role and responsibilities are:
</para>
<itemizedlist>
<listitem>
<para>
manage the release process
</para>
</listitem>
<listitem>
<para>
start discussions about features and changes for a given release
</para>
</listitem>
<listitem>
<para>
create a roadmap
</para>
</listitem>
<listitem>
<para>
release in cooperation with Eelco Dolstra
</para>
</listitem>
<listitem>
<para>
decide which bug fixes, features, etc… get backported after a release
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="release-schedule">
<title>Release schedule</title>
<informaltable>
<tgroup cols="2">
<colspec align="left" />
<colspec align="left" />
<thead>
<row>
<entry>
Date
</entry>
<entry>
Event
</entry>
</row>
</thead>
<tbody>
<row>
<entry>
2016-07-25
</entry>
<entry>
Send email to nix-dev about upcoming branch-off
</entry>
</row>
<row>
<entry>
2016-09-01
</entry>
<entry><literal>release-16.09</literal> branch and corresponding jobsets are created,
change freeze
</entry>
</row>
<row>
<entry>
2016-09-30
</entry>
<entry>
NixOS 16.09 released
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</section>
</chapter>

5
nixos/doc/manual/from_md/README.md
Unescape View File

@ -0,0 +1,5 @@
This directory is temporarily needed while we transition the manual to CommonMark. It stores the output of the ../md-to-db.sh script that converts CommonMark files back to DocBook.
We are choosing to convert the Markdown to DocBook at authoring time instead of manual building time, because we do not want the pandoc toolchain to become part of the NixOS closure.
Do not edit the DocBook files inside this directory or its subdirectories. Instead, edit the corresponding .md file in the normal manual directories, and run ../md-to-db.sh to update the file here.

22
nixos/doc/manual/from_md/contributing-to-this-manual.chapter.xml
Unescape View File

@ -0,0 +1,22 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="chap-contributing">
<title>Contributing to this manual</title>
<para>
The DocBook and CommonMark sources of NixOS’ manual are in the
<link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual">nixos/doc/manual</link>
subdirectory of the
<link xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link>
repository.
</para>
<para>
You can quickly check your edits with the following:
</para>
<programlisting>
$ cd /path/to/nixpkgs
$ ./nixos/doc/manual/md-to-db.sh
$ nix-build nixos/release.nix -A manual.x86_64-linux
</programlisting>
<para>
If the build succeeds, the manual will be in
<literal>./result/share/doc/nixos/index.html</literal>.
</para>
</chapter>

33
nixos/doc/manual/from_md/development/building-nixos.chapter.xml
Unescape View File

@ -0,0 +1,33 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-building-cd">
<title>Building Your Own NixOS CD</title>
<para>
Building a NixOS CD is as easy as configuring your own computer. The
idea is to use another module which will replace your
<literal>configuration.nix</literal> to configure the system that
would be installed on the CD.
</para>
<para>
Default CD/DVD configurations are available inside
<literal>nixos/modules/installer/cd-dvd</literal>
</para>
<programlisting>
$ git clone https://github.com/NixOS/nixpkgs.git
$ cd nixpkgs/nixos
$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
</programlisting>
<para>
Before burning your CD/DVD, you can check the content of the image
by mounting anywhere like suggested by the following command:
</para>
<programlisting>
# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso&lt;/screen&gt;
</programlisting>
<para>
If you want to customize your NixOS CD in more detail, or generate
other kinds of images, you might want to check out
<link xlink:href="https://github.com/nix-community/nixos-generators">nixos-generators</link>.
This can also be a good starting point when you want to use Nix to
build a <quote>minimal</quote> image that doesn’t include a NixOS
installation.
</para>
</chapter>

26
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
Unescape View File

@ -0,0 +1,26 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="release-21.11">
<title>Release 21.11 (<quote>?</quote>, 2021.11/??)</title>
<para>
In addition to numerous new and upgraded packages, this release has
the following highlights:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Support is planned until the end of April 2022, handing over to
22.05.
</para>
</listitem>
</itemizedlist>
<section xml:id="backward-incompatibilities">
<title>Backward incompatibilities</title>
<itemizedlist spacing="compact">
<listitem>
<para>
The <literal>staticjinja</literal> package has been upgraded
from 1.0.4 to 2.0.0
</para>
</listitem>
</itemizedlist>
</section>
</section>

6
nixos/doc/manual/installation/installing.xml
Unescape View File

@ -46,6 +46,12 @@
to increase the font size.
</para>
<para>
To install over a serial port connect with <literal>115200n8</literal>
(e.g. <command>picocom -b 115200 /dev/ttyUSB0</command>). When the
bootloader lists boot entries, select the serial console boot entry.
</para>
<section xml:id="sec-installation-booting-networking">
<title>Networking in the installer</title>

2
nixos/doc/manual/manual.xml
Unescape View File

@ -19,6 +19,6 @@
<xi:include href="./generated/options-db.xml"
xpointer="configuration-variable-list" />
</appendix>
<xi:include href="contributing-to-this-manual.xml" />
<xi:include href="./from_md/contributing-to-this-manual.chapter.xml" />
<xi:include href="release-notes/release-notes.xml" />
</book>

33
nixos/doc/manual/md-to-db.sh
Unescape View File

@ -0,0 +1,33 @@
#! /usr/bin/env nix-shell
#! nix-shell -I nixpkgs=channel:nixpkgs-unstable -i bash -p pandoc
# This script is temporarily needed while we transition the manual to
# CommonMark. It converts the .md files in the regular manual folder
# into DocBook files in the from_md folder.
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
pushd $DIR
OUT="$DIR/from_md"
mapfile -t MD_FILES < <(find . -type f -regex '.*\.md$')
for mf in ${MD_FILES[*]}; do
if [ "${mf: -11}" == ".section.md" ]; then
mkdir -p $(dirname "$OUT/$mf")
pandoc "$mf" -t docbook \
--extract-media=media \
-f markdown+smart \
| cat > "$OUT/${mf%".section.md"}.section.xml"
fi
if [ "${mf: -11}" == ".chapter.md" ]; then
mkdir -p $(dirname "$OUT/$mf")
pandoc "$mf" -t docbook \
--top-level-division=chapter \
--extract-media=media \
-f markdown+smart \
| cat > "$OUT/${mf%".chapter.md"}.chapter.xml"
fi
done
popd

1
nixos/doc/manual/release-notes/release-notes.xml
Unescape View File

@ -8,6 +8,7 @@
This section lists the release notes for each stable version of NixOS and
current unstable revision.
</para>
<xi:include href="../from_md/release-notes/rl-2111.section.xml" />
<xi:include href="rl-2105.xml" />
<xi:include href="rl-2009.xml" />
<xi:include href="rl-2003.xml" />

31
nixos/doc/manual/release-notes/rl-2105.xml
Unescape View File

@ -100,6 +100,18 @@
Now nginx uses the zlib-ng library by default.
</para>
</listitem>
<listitem>
<para>
KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
<link xlink:href="https://kde.org/announcements/gear/21.04/">release
notes</link> for details.
</para>
<para>
The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
in keeping with the new name. The old name remains for compatibility, but
it is deprecated.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
@ -383,6 +395,15 @@
which is the new stable release. OpenAFS 1.6 was removed.
</para>
</listitem>
<listitem>
<para>
The WireGuard module gained a new option
<option>networking.wireguard.interfaces.&lt;name&gt;.peers.*.dynamicEndpointRefreshSeconds</option>
that implements refreshing the IP of DNS-based endpoints periodically
(which WireGuard itself
<link xlink:href="https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html">cannot do</link>).
</para>
</listitem>
<listitem>
<para>
MariaDB has been updated to 10.5.
@ -415,7 +436,7 @@
</para>
<programlisting>
TMPDIR=$(mktemp -d)
slaptest -f /path/to/slapd.conf $TMPDIR
slaptest -f /path/to/slapd.conf -F $TMPDIR
slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
</programlisting>
<para>
@ -1112,6 +1133,14 @@ environment.systemPackages = [
Nixpkgs now contains <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically packaged GNOME Shell extensions</link> from the <link xlink:href="https://extensions.gnome.org/">GNOME Extensions</link> portal. You can find them, filed by their UUID, under <literal>gnome38Extensions</literal> attribute for GNOME 3.38 and under <literal>gnome40Extensions</literal> for GNOME 40. Finally, the <literal>gnomeExtensions</literal> attribute contains extensions for the latest GNOME Shell version in Nixpkgs, listed under a more human-friendly name. The unqualified attribute scope also contains manually packaged extensions. Note that the automatically packaged extensions are provided for convenience and are not checked or guaranteed to work.
</para>
</listitem>
<listitem>
<para>
Erlang/OTP versions older than R21 got dropped. We also dropped the cuter package, as it was purely an example of how to build a package.
We also dropped <literal>lfe_1_2</literal> as it could not build with R21+.
Moving forward, we expect to only support 3 yearly releases of OTP.
</para>
</listitem>
</itemizedlist>
</section>
</section>

9
nixos/doc/manual/release-notes/rl-2111.section.md
Unescape View File

@ -0,0 +1,9 @@
# Release 21.11 (“?”, 2021.11/??) {#release-21.11}
In addition to numerous new and upgraded packages, this release has the following highlights:
* Support is planned until the end of April 2022, handing over to 22.05.
## Backward incompatibilities
* The `staticjinja` package has been upgraded from 1.0.4 to 2.0.0

2
nixos/modules/hardware/xpadneo.nix
Unescape View File

@ -24,6 +24,6 @@ in
};
meta = {
maintainers = with maintainers; [ metadark ];
maintainers = with maintainers; [ kira-bruneau ];
};
}

39
nixos/modules/installer/cd-dvd/iso-image.nix
Unescape View File

@ -182,13 +182,29 @@ let
# Menu configuration
#
# Search using a "marker file"
search --set=root --file /EFI/nixos-installer-image
insmod gfxterm
insmod png
set gfxpayload=keep
set gfxmode=${concatStringsSep "," [
# GRUB will use the first valid mode listed here.
# `auto` will sometimes choose the smallest valid mode it detects.
# So instead we'll list a lot of possibly valid modes :/
#"3840x2160"
#"2560x1440"
"1920x1080"
"1366x768"
"1280x720"
"1024x768"
"800x600"
"auto"
]}
# Fonts can be loaded?
# (This font is assumed to always be provided as a fallback by NixOS)
if loadfont /EFI/boot/unicode.pf2; then
if loadfont (\$root)/EFI/boot/unicode.pf2; then
set with_fonts=true
fi
if [ "\$textmode" != "true" -a "\$with_fonts" == "true" ]; then
@ -212,11 +228,11 @@ let
${ # When there is a theme configured, use it, otherwise use the background image.
if config.isoImage.grubTheme != null then ''
# Sets theme.
set theme=/EFI/boot/grub-theme/theme.txt
set theme=(\$root)/EFI/boot/grub-theme/theme.txt
# Load theme fonts
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
'' else ''
if background_image /EFI/boot/efi-background.png; then
if background_image (\$root)/EFI/boot/efi-background.png; then
# Black background means transparent background when there
# is a background image set... This seems undocumented :(
set color_normal=black/black
@ -239,6 +255,9 @@ let
} ''
mkdir -p $out/EFI/boot/
# Add a marker so GRUB can find the filesystem.
touch $out/EFI/nixos-installer-image
# ALWAYS required modules.
MODULES="fat iso9660 part_gpt part_msdos \
normal boot linux configfile loopback chain halt \
@ -294,12 +313,12 @@ let
${grubMenuCfg}
hiddenentry 'Text mode' --hotkey 't' {
loadfont /EFI/boot/unicode.pf2
loadfont (\$root)/EFI/boot/unicode.pf2
set textmode=true
terminal_output gfxterm console
}
hiddenentry 'GUI mode' --hotkey 'g' {
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
set textmode=false
terminal_output gfxterm
}
@ -370,8 +389,10 @@ let
${lib.optionalString (refindBinary != null) ''
# GRUB apparently cannot do "chainloader" operations on "CD".
if [ "\$root" != "cd0" ]; then
# Force root to be the FAT partition
# Otherwise it breaks rEFInd's boot
search --set=root --no-floppy --fs-uuid 1234-5678
menuentry 'rEFInd' --class refind {
# \$root defaults to the drive the EFI is found on.
chainloader (\$root)/EFI/boot/${refindBinary}
}
fi
@ -403,7 +424,9 @@ let
mkdir ./boot
cp -p "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}" \
"${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}" ./boot/
touch --date=@0 ./EFI ./boot
# Rewrite dates for everything in the FS
find . -exec touch --date=2000-01-01 {} +
usage_size=$(du -sb --apparent-size . | tr -cd '[:digit:]')
# Make the image 110% as big as the files need to make up for FAT overhead

1
nixos/modules/module-list.nix
Unescape View File

@ -238,6 +238,7 @@
./services/amqp/activemq/default.nix
./services/amqp/rabbitmq.nix
./services/audio/alsa.nix
./services/audio/botamusique.nix
./services/audio/jack.nix
./services/audio/icecast.nix
./services/audio/jmusicbot.nix

2
nixos/modules/programs/atop.nix
Unescape View File

@ -19,6 +19,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.atop;
defaultText = "pkgs.atop";
description = ''
Which package to use for Atop.
'';
@ -36,6 +37,7 @@ in
package = mkOption {
type = types.package;
default = config.boot.kernelPackages.netatop;
defaultText = "config.boot.kernelPackages.netatop";
description = ''
Which package to use for netatop.
'';

2
nixos/modules/programs/bash/undistract-me.nix
Unescape View File

@ -31,6 +31,6 @@ in
};
meta = {
maintainers = with maintainers; [ metadark ];
maintainers = with maintainers; [ kira-bruneau ];
};
}

114
nixos/modules/services/audio/botamusique.nix
Unescape View File

@ -0,0 +1,114 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.botamusique;
format = pkgs.formats.ini {};
configFile = format.generate "botamusique.ini" cfg.settings;
in
{
meta.maintainers = with lib.maintainers; [ hexa ];
options.services.botamusique = {
enable = mkEnableOption "botamusique, a bot to play audio streams on mumble";
package = mkOption {
type = types.package;
default = pkgs.botamusique;
description = "The botamusique package to use.";
};
settings = mkOption {
type = with types; submodule {
freeformType = format.type;
options = {
server.host = mkOption {
type = types.str;
default = "localhost";
example = "mumble.example.com";
description = "Hostname of the mumble server to connect to.";
};
server.port = mkOption {
type = types.port;
default = 64738;
description = "Port of the mumble server to connect to.";
};
bot.username = mkOption {
type = types.str;
default = "botamusique";
description = "Name the bot should appear with.";
};
bot.comment = mkOption {
type = types.str;
default = "Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!";
description = "Comment displayed for the bot.";
};
};
};
default = {};
description = ''
Your <filename>configuration.ini</filename> as a Nix attribute set. Look up
possible options in the <link xlink:href="https://github.com/azlux/botamusique/blob/master/configuration.example.ini">configuration.example.ini</link>.
'';
};
};
config = mkIf cfg.enable {
systemd.services.botamusique = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.Documentation = "https://github.com/azlux/botamusique/wiki";
environment.HOME = "/var/lib/botamusique";
serviceConfig = {
ExecStart = "${cfg.package}/bin/botamusique --config ${configFile}";
Restart = "always"; # the bot exits when the server connection is lost
# Hardening
CapabilityBoundingSet = [ "" ];
DynamicUser = true;
IPAddressDeny = [
"link-local"
"multicast"
];
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProcSubset = "pid";
PrivateDevices = true;
PrivateUsers = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
StateDirectory = "botamusique";
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
"~@resources"
];
UMask = "0077";
WorkingDirectory = "/var/lib/botamusique";
};
};
};
}

16
nixos/modules/services/backup/syncoid.nix
Unescape View File

@ -197,14 +197,14 @@ in {
])) (attrValues cfg.commands);
after = [ "zfs.target" ];
serviceConfig = {
ExecStartPre = (map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
cfg.user "hold,send" pool
]) (getPools "source")) ++
(map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
cfg.user "create,mount,receive,rollback" pool
]) (getPools "target"));
ExecStartPre = let
allowCmd = permissions: pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
cfg.user (concatStringsSep "," permissions) pool
];
in
(map (allowCmd [ "hold" "send" "snapshot" "destroy" ]) (getPools "source")) ++
(map (allowCmd [ "create" "mount" "receive" "rollback" ]) (getPools "target"));
User = cfg.user;
Group = cfg.group;
};

3
nixos/modules/services/hardware/spacenavd.nix
Unescape View File

@ -13,13 +13,12 @@ in {
};
config = mkIf cfg.enable {
systemd.services.spacenavd = {
systemd.user.services.spacenavd = {
description = "Daemon for the Spacenavigator 6DOF mice by 3Dconnexion";
after = [ "syslog.target" ];
wantedBy = [ "graphical.target" ];
serviceConfig = {
ExecStart = "${pkgs.spacenavd}/bin/spacenavd -d -l syslog";
StandardError = "syslog";
};
};
};

17
nixos/modules/services/misc/matrix-synapse.nix
Unescape View File

@ -699,12 +699,12 @@ in {
];
users.users.matrix-synapse = {
group = "matrix-synapse";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse;
};
group = "matrix-synapse";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse;
};
users.groups.matrix-synapse = {
gid = config.ids.gids.matrix-synapse;
@ -726,6 +726,10 @@ in {
User = "matrix-synapse";
Group = "matrix-synapse";
WorkingDirectory = cfg.dataDir;
ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
'')) ];
ExecStart = ''
${cfg.package}/bin/homeserver \
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
@ -733,6 +737,7 @@ in {
'';
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
UMask = "0077";
};
};
};

1
nixos/modules/services/monitoring/prometheus/exporters.nix
Unescape View File

@ -48,6 +48,7 @@ let
"node"
"openldap"
"openvpn"
"pihole"
"postfix"
"postgres"
"py-air-control"

74
nixos/modules/services/monitoring/prometheus/exporters/pihole.nix
Unescape View File

@ -0,0 +1,74 @@
{ config, lib, pkgs, options }:
with lib;
let
cfg = config.services.prometheus.exporters.pihole;
in
{
port = 9617;
extraOpts = {
apiToken = mkOption {
type = types.str;
default = "";
example = "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003";
description = ''
pi-hole API token which can be used instead of a password
'';
};
interval = mkOption {
type = types.str;
default = "10s";
example = "30s";
description = ''
How often to scrape new data
'';
};
password = mkOption {
type = types.str;
default = "";
example = "password";
description = ''
The password to login into pihole. An api token can be used instead.
'';
};
piholeHostname = mkOption {
type = types.str;
default = "pihole";
example = "127.0.0.1";
description = ''
Hostname or address where to find the pihole webinterface
'';
};
piholePort = mkOption {
type = types.port;
default = "80";
example = "443";
description = ''
The port pihole webinterface is reachable on
'';
};
protocol = mkOption {
type = types.enum [ "http" "https" ];
default = "http";
example = "https";
description = ''
The protocol which is used to connect to pihole
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.bash}/bin/bash -c "${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
-interval ${cfg.interval} \
${optionalString (cfg.apiToken != "") "-pihole_api_token ${cfg.apiToken}"} \
-pihole_hostname ${cfg.piholeHostname} \
${optionalString (cfg.password != "") "-pihole_password ${cfg.password}"} \
-pihole_port ${toString cfg.piholePort} \
-pihole_protocol ${cfg.protocol} \
-port ${toString cfg.port}"
'';
};
};
}

2
nixos/modules/services/networking/kresd.nix
Unescape View File

@ -115,6 +115,8 @@ in {
config = mkIf cfg.enable {
environment.etc."knot-resolver/kresd.conf".source = configFile; # not required
networking.resolvconf.useLocalResolver = mkDefault true;
users.users.knot-resolver =
{ isSystemUser = true;
group = "knot-resolver";

3
nixos/modules/services/networking/solanum.nix
Unescape View File

@ -82,9 +82,6 @@ in
description = "Solanum IRC daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
BANDB_DBPATH = "/var/lib/solanum/ban.db";
};
serviceConfig = {
ExecStart = "${solanum}/bin/solanum -foreground -logfile /dev/stdout -configfile ${configFile} -pidfile /run/solanum/ircd.pid";
DynamicUser = true;

109
nixos/modules/services/networking/wireguard.nix
Unescape View File

@ -198,7 +198,32 @@ let
example = "demo.wireguard.io:12913";
type = with types; nullOr str;
description = ''Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.'';
and then a port number of the peer.
Warning for endpoints with changing IPs:
The WireGuard kernel side cannot perform DNS resolution.
Thus DNS resolution is done once by the <literal>wg</literal> userspace
utility, when setting up WireGuard. Consequently, if the IP address
behind the name changes, WireGuard will not notice.
This is especially common for dynamic-DNS setups, but also applies to
any other DNS-based setup.
If you do not use IP endpoints, you likely want to set
<option>networking.wireguard.dynamicEndpointRefreshSeconds</option>
to refresh the IPs periodically.
'';
};
dynamicEndpointRefreshSeconds = mkOption {
default = 0;
example = 5;
type = with types; int;
description = ''
Periodically re-execute the <literal>wg</literal> utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes.
Setting this to <literal>0</literal> disables periodic reexecution.
'';
};
persistentKeepalive = mkOption {
@ -259,12 +284,18 @@ let
'';
};
generatePeerUnit = { interfaceName, interfaceCfg, peer }:
peerUnitServiceName = interfaceName: publicKey: dynamicRefreshEnabled:
let
keyToUnitName = replaceChars
[ "/" "-" " " "+" "=" ]
[ "-" "\\x2d" "\\x20" "\\x2b" "\\x3d" ];
unitName = keyToUnitName peer.publicKey;
unitName = keyToUnitName publicKey;
refreshSuffix = optionalString dynamicRefreshEnabled "-refresh";
in
"wireguard-${interfaceName}-peer-${unitName}${refreshSuffix}";
generatePeerUnit = { interfaceName, interfaceCfg, peer }:
let
psk =
if peer.presharedKey != null
then pkgs.writeText "wg-psk" peer.presharedKey
@ -273,7 +304,12 @@ let
dst = interfaceCfg.interfaceNamespace;
ip = nsWrap "ip" src dst;
wg = nsWrap "wg" src dst;
in nameValuePair "wireguard-${interfaceName}-peer-${unitName}"
dynamicRefreshEnabled = peer.dynamicEndpointRefreshSeconds != 0;
# We generate a different name (a `-refresh` suffix) when `dynamicEndpointRefreshSeconds`
# to avoid that the same service switches `Type` (`oneshot` vs `simple`),
# with the intent to make scripting more obvious.
serviceName = peerUnitServiceName interfaceName peer.publicKey dynamicRefreshEnabled;
in nameValuePair serviceName
{
description = "WireGuard Peer - ${interfaceName} - ${peer.publicKey}";
requires = [ "wireguard-${interfaceName}.service" ];
@ -283,36 +319,59 @@ let
environment.WG_ENDPOINT_RESOLUTION_RETRIES = "infinity";
path = with pkgs; [ iproute2 wireguard-tools ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
serviceConfig =
if !dynamicRefreshEnabled
then
{
Type = "oneshot";
RemainAfterExit = true;
}
else
{
Type = "simple"; # re-executes 'wg' indefinitely
# Note that `Type = "oneshot"` services with `RemainAfterExit = true`
# cannot be used with systemd timers (see `man systemd.timer`),
# which is why `simple` with a loop is the best choice here.
# It also makes starting and stopping easiest.
};
script = let
wg_setup = "${wg} set ${interfaceName} peer ${peer.publicKey}" +
optionalString (psk != null) " preshared-key ${psk}" +
optionalString (peer.endpoint != null) " endpoint ${peer.endpoint}" +
optionalString (peer.persistentKeepalive != null) " persistent-keepalive ${toString peer.persistentKeepalive}" +
optionalString (peer.allowedIPs != []) " allowed-ips ${concatStringsSep "," peer.allowedIPs}";
wg_setup = concatStringsSep " " (
[ ''${wg} set ${interfaceName} peer "${peer.publicKey}"'' ]
++ optional (psk != null) ''preshared-key "${psk}"''
++ optional (peer.endpoint != null) ''endpoint "${peer.endpoint}"''
++ optional (peer.persistentKeepalive != null) ''persistent-keepalive "${toString peer.persistentKeepalive}"''
++ optional (peer.allowedIPs != []) ''allowed-ips "${concatStringsSep "," peer.allowedIPs}"''
);
route_setup =
optionalString interfaceCfg.allowedIPsAsRoutes
(concatMapStringsSep "\n"
(allowedIP:
"${ip} route replace ${allowedIP} dev ${interfaceName} table ${interfaceCfg.table}"
''${ip} route replace "${allowedIP}" dev "${interfaceName}" table "${interfaceCfg.table}"''
) peer.allowedIPs);
in ''
${wg_setup}
${route_setup}
${optionalString (peer.dynamicEndpointRefreshSeconds != 0) ''
# Re-execute 'wg' periodically to notice DNS / hostname changes.
# Note this will not time out on transient DNS failures such as DNS names
# because we have set 'WG_ENDPOINT_RESOLUTION_RETRIES=infinity'.
# Also note that 'wg' limits its maximum retry delay to 20 seconds as of writing.
while ${wg_setup}; do
sleep "${toString peer.dynamicEndpointRefreshSeconds}";
done
''}
'';
postStop = let
route_destroy = optionalString interfaceCfg.allowedIPsAsRoutes
(concatMapStringsSep "\n"
(allowedIP:
"${ip} route delete ${allowedIP} dev ${interfaceName} table ${interfaceCfg.table}"
''${ip} route delete "${allowedIP}" dev "${interfaceName}" table "${interfaceCfg.table}"''
) peer.allowedIPs);
in ''
${wg} set ${interfaceName} peer ${peer.publicKey} remove
${wg} set "${interfaceName}" peer "${peer.publicKey}" remove
${route_destroy}
'';
};
@ -348,23 +407,25 @@ let
${values.preSetup}
${ipPreMove} link add dev ${name} type wireguard
${optionalString (values.interfaceNamespace != null && values.interfaceNamespace != values.socketNamespace) "${ipPreMove} link set ${name} netns ${ns}"}
${ipPreMove} link add dev "${name}" type wireguard
${optionalString (values.interfaceNamespace != null && values.interfaceNamespace != values.socketNamespace) ''${ipPreMove} link set "${name}" netns "${ns}"''}
${concatMapStringsSep "\n" (ip:
"${ipPostMove} address add ${ip} dev ${name}"
''${ipPostMove} address add "${ip}" dev "${name}"''
) values.ips}
${wg} set ${name} private-key ${privKey} ${
optionalString (values.listenPort != null) " listen-port ${toString values.listenPort}"}
${concatStringsSep " " (
[ ''${wg} set "${name}" private-key "${privKey}"'' ]
++ optional (values.listenPort != null) ''listen-port "${toString values.listenPort}"''
)}
${ipPostMove} link set up dev ${name}
${ipPostMove} link set up dev "${name}"
${values.postSetup}
'';
postStop = ''
${ipPostMove} link del dev ${name}
${ipPostMove} link del dev "${name}"
${values.postShutdown}
'';
};
@ -374,7 +435,7 @@ let
nsList = filter (ns: ns != null) [ src dst ];
ns = last nsList;
in
if (length nsList > 0 && ns != "init") then "ip netns exec ${ns} ${cmd}" else cmd;
if (length nsList > 0 && ns != "init") then ''ip netns exec "${ns}" "${cmd}"'' else cmd;
in
{

1
nixos/modules/services/security/bitwarden_rs/default.nix
Unescape View File

@ -121,7 +121,6 @@ in {
EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
ExecStart = "${bitwarden_rs}/bin/bitwarden_rs";
LimitNOFILE = "1048576";
LimitNPROC = "64";
PrivateTmp = "true";
PrivateDevices = "true";
ProtectHome = "true";

38
nixos/modules/services/web-servers/nginx/default.nix
Unescape View File

@ -230,13 +230,13 @@ let
defaultListen =
if vhost.listen != [] then vhost.listen
else ((optionals hasSSL (
singleton { addr = "0.0.0.0"; port = 443; ssl = true; }
++ optional enableIPv6 { addr = "[::]"; port = 443; ssl = true; }
)) ++ optionals (!onlySSL) (
singleton { addr = "0.0.0.0"; port = 80; ssl = false; }
++ optional enableIPv6 { addr = "[::]"; port = 80; ssl = false; }
));
else optionals (hasSSL || vhost.rejectSSL) (
singleton { addr = "0.0.0.0"; port = 443; ssl = true; }
++ optional enableIPv6 { addr = "[::]"; port = 443; ssl = true; }
) ++ optionals (!onlySSL) (
singleton { addr = "0.0.0.0"; port = 80; ssl = false; }
++ optional enableIPv6 { addr = "[::]"; port = 80; ssl = false; }
);
hostListen =
if vhost.forceSSL
@ -303,6 +303,9 @@ let
${optionalString (hasSSL && vhost.sslTrustedCertificate != null) ''
ssl_trusted_certificate ${vhost.sslTrustedCertificate};
''}
${optionalString vhost.rejectSSL ''
ssl_reject_handshake on;
''}
${mkBasicAuth vhostName vhost}
@ -771,20 +774,27 @@ in
}
{
assertion = all (conf: with conf;
!(addSSL && (onlySSL || enableSSL)) &&
!(forceSSL && (onlySSL || enableSSL)) &&
!(addSSL && forceSSL)
assertion = all (host: with host;
count id [ addSSL (onlySSL || enableSSL) forceSSL rejectSSL ] <= 1
) (attrValues virtualHosts);
message = ''
Options services.nginx.service.virtualHosts.<name>.addSSL,
services.nginx.virtualHosts.<name>.onlySSL and services.nginx.virtualHosts.<name>.forceSSL
are mutually exclusive.
services.nginx.virtualHosts.<name>.onlySSL,
services.nginx.virtualHosts.<name>.forceSSL and
services.nginx.virtualHosts.<name>.rejectSSL are mutually exclusive.
'';
}
{
assertion = any (host: host.rejectSSL) (attrValues virtualHosts) -> versionAtLeast cfg.package.version "1.19.4";
message = ''
services.nginx.virtualHosts.<name>.rejectSSL requires nginx version
1.19.4 or above; see the documentation for services.nginx.package.
'';
}
{
assertion = all (conf: !(conf.enableACME && conf.useACMEHost != null)) (attrValues virtualHosts);
assertion = all (host: !(host.enableACME && host.useACMEHost != null)) (attrValues virtualHosts);
message = ''
Options services.nginx.service.virtualHosts.<name>.enableACME and
services.nginx.virtualHosts.<name>.useACMEHost are mutually exclusive.

12
nixos/modules/services/web-servers/nginx/vhost-options.nix
Unescape View File

@ -118,6 +118,18 @@ with lib;
'';
};
rejectSSL = mkOption {
type = types.bool;
default = false;
description = ''
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
<link linkend="opt-services.nginx.virtualHosts._name_.default">default</link>
server blocks to avoid serving the certificate for another vhost. Uses the
<literal>ssl_reject_handshake</literal> directive available in nginx versions
1.19.4 and above.
'';
};
sslCertificate = mkOption {
type = types.path;
example = "/var/host.cert";

4
nixos/modules/services/x11/desktop-managers/cinnamon.nix
Unescape View File

@ -128,6 +128,7 @@ in
cinnamon-session
cinnamon-desktop
cinnamon-menus
cinnamon-translations
# utils needed by some scripts
killall
@ -137,6 +138,9 @@ in
# cinnamon-killer-daemon: provided by cinnamon-common
gnome.networkmanagerapplet # session requirement - also nm-applet not needed
# For a polkit authentication agent
polkit_gnome
# packages
nemo
cinnamon-control-center

2
nixos/modules/services/x11/desktop-managers/lxqt.nix
Unescape View File

@ -58,8 +58,8 @@ in
# Link some extra directories in /run/current-system/software/share
environment.pathsToLink = [ "/share" ];
# virtual file systems support for PCManFM-QT
services.gvfs.enable = true;
services.gvfs.package = pkgs.gvfs;
services.upower.enable = config.powerManagement.enable;
};

5
nixos/modules/services/x11/desktop-managers/plasma5.nix
Unescape View File

@ -8,7 +8,7 @@ let
cfg = xcfg.desktopManager.plasma5;
libsForQt5 = pkgs.plasma5Packages;
inherit (libsForQt5) kdeApplications kdeFrameworks plasma5;
inherit (libsForQt5) kdeGear kdeFrameworks plasma5;
inherit (pkgs) writeText;
pulseaudio = config.hardware.pulseaudio;
@ -213,7 +213,7 @@ in
environment.systemPackages =
with libsForQt5;
with plasma5; with kdeApplications; with kdeFrameworks;
with plasma5; with kdeGear; with kdeFrameworks;
[
frameworkintegration
kactivities
@ -316,6 +316,7 @@ in
++ lib.optionals config.hardware.bluetooth.enable [ bluedevil bluez-qt pkgs.openobex pkgs.obexftp ]
++ lib.optional config.networking.networkmanager.enable plasma-nm
++ lib.optional config.hardware.pulseaudio.enable plasma-pa
++ lib.optional config.services.pipewire.pulse.enable plasma-pa
++ lib.optional config.powerManagement.enable powerdevil
++ lib.optional config.services.colord.enable pkgs.colord-kde
++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]

107
nixos/modules/system/boot/luksroot.nix
Unescape View File

@ -140,24 +140,27 @@ let
umount /crypt-ramfs 2>/dev/null
'';
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, fallbackToPassword, preOpenCommands, postOpenCommands,... }: assert name' == name;
openCommand = name: dev: assert name == dev.name;
let
csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
csopen = "cryptsetup luksOpen ${dev.device} ${dev.name}"
+ optionalString dev.allowDiscards " --allow-discards"
+ optionalString dev.bypassWorkqueues " --perf-no_read_workqueue --perf-no_write_workqueue"
+ optionalString (dev.header != null) " --header=${dev.header}";
cschange = "cryptsetup luksChangeKey ${dev.device} ${optionalString (dev.header != null) "--header=${dev.header}"}";
in ''
# Wait for luksRoot (and optionally keyFile and/or header) to appear, e.g.
# if on a USB drive.
wait_target "device" ${device} || die "${device} is unavailable"
wait_target "device" ${dev.device} || die "${dev.device} is unavailable"
${optionalString (header != null) ''
wait_target "header" ${header} || die "${header} is unavailable"
${optionalString (dev.header != null) ''
wait_target "header" ${dev.header} || die "${dev.header} is unavailable"
''}
do_open_passphrase() {
local passphrase
while true; do
echo -n "Passphrase for ${device}: "
echo -n "Passphrase for ${dev.device}: "
passphrase=
while true; do
if [ -e /crypt-ramfs/passphrase ]; then
@ -166,7 +169,7 @@ let
break
else
# ask cryptsetup-askpass
echo -n "${device}" > /crypt-ramfs/device
echo -n "${dev.device}" > /crypt-ramfs/device
# and try reading it from /dev/console with a timeout
IFS= read -t 1 -r passphrase
@ -182,7 +185,7 @@ let
fi
fi
done
echo -n "Verifying passphrase for ${device}..."
echo -n "Verifying passphrase for ${dev.device}..."
echo -n "$passphrase" | ${csopen} --key-file=-
if [ $? == 0 ]; then
echo " - success"
@ -202,13 +205,13 @@ let
# LUKS
open_normally() {
${if (keyFile != null) then ''
if wait_target "key file" ${keyFile}; then
${csopen} --key-file=${keyFile} \
${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"} \
${optionalString (keyFileOffset != null) "--keyfile-offset=${toString keyFileOffset}"}
${if (dev.keyFile != null) then ''
if wait_target "key file" ${dev.keyFile}; then
${csopen} --key-file=${dev.keyFile} \
${optionalString (dev.keyFileSize != null) "--keyfile-size=${toString dev.keyFileSize}"} \
${optionalString (dev.keyFileOffset != null) "--keyfile-offset=${toString dev.keyFileOffset}"}
else
${if fallbackToPassword then "echo" else "die"} "${keyFile} is unavailable"
${if dev.fallbackToPassword then "echo" else "die"} "${dev.keyFile} is unavailable"
echo " - failing back to interactive password prompt"
do_open_passphrase
fi
@ -217,7 +220,7 @@ let
''}
}
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
${optionalString (luks.yubikeySupport && (dev.yubikey != null)) ''
# YubiKey
rbtohex() {
( od -An -vtx1 | tr -d ' \n' )
@ -243,16 +246,16 @@ let
local new_response
local new_k_luks
mount -t ${yubikey.storage.fsType} ${yubikey.storage.device} /crypt-storage || \
mount -t ${dev.yubikey.storage.fsType} ${dev.yubikey.storage.device} /crypt-storage || \
die "Failed to mount YubiKey salt storage device"
salt="$(cat /crypt-storage${yubikey.storage.path} | sed -n 1p | tr -d '\n')"
iterations="$(cat /crypt-storage${yubikey.storage.path} | sed -n 2p | tr -d '\n')"
salt="$(cat /crypt-storage${dev.yubikey.storage.path} | sed -n 1p | tr -d '\n')"
iterations="$(cat /crypt-storage${dev.yubikey.storage.path} | sed -n 2p | tr -d '\n')"
challenge="$(echo -n $salt | openssl-wrap dgst -binary -sha512 | rbtohex)"
response="$(ykchalresp -${toString yubikey.slot} -x $challenge 2>/dev/null)"
response="$(ykchalresp -${toString dev.yubikey.slot} -x $challenge 2>/dev/null)"
for try in $(seq 3); do
${optionalString yubikey.twoFactor ''
${optionalString dev.yubikey.twoFactor ''
echo -n "Enter two-factor passphrase: "
k_user=
while true; do
@ -278,9 +281,9 @@ let
''}
if [ ! -z "$k_user" ]; then
k_luks="$(echo -n $k_user | pbkdf2-sha512 ${toString yubikey.keyLength} $iterations $response | rbtohex)"
k_luks="$(echo -n $k_user | pbkdf2-sha512 ${toString dev.yubikey.keyLength} $iterations $response | rbtohex)"
else
k_luks="$(echo | pbkdf2-sha512 ${toString yubikey.keyLength} $iterations $response | rbtohex)"
k_luks="$(echo | pbkdf2-sha512 ${toString dev.yubikey.keyLength} $iterations $response | rbtohex)"
fi
echo -n "$k_luks" | hextorb | ${csopen} --key-file=-
@ -302,7 +305,7 @@ let
[ "$opened" == false ] && die "Maximum authentication errors reached"
echo -n "Gathering entropy for new salt (please enter random keys to generate entropy if this blocks for long)..."
for i in $(seq ${toString yubikey.saltLength}); do
for i in $(seq ${toString dev.yubikey.saltLength}); do
byte="$(dd if=/dev/random bs=1 count=1 2>/dev/null | rbtohex)";
new_salt="$new_salt$byte";
echo -n .
@ -310,25 +313,25 @@ let
echo "ok"
new_iterations="$iterations"
${optionalString (yubikey.iterationStep > 0) ''
new_iterations="$(($new_iterations + ${toString yubikey.iterationStep}))"
${optionalString (dev.yubikey.iterationStep > 0) ''
new_iterations="$(($new_iterations + ${toString dev.yubikey.iterationStep}))"
''}
new_challenge="$(echo -n $new_salt | openssl-wrap dgst -binary -sha512 | rbtohex)"
new_response="$(ykchalresp -${toString yubikey.slot} -x $new_challenge 2>/dev/null)"
new_response="$(ykchalresp -${toString dev.yubikey.slot} -x $new_challenge 2>/dev/null)"
if [ ! -z "$k_user" ]; then
new_k_luks="$(echo -n $k_user | pbkdf2-sha512 ${toString yubikey.keyLength} $new_iterations $new_response | rbtohex)"
new_k_luks="$(echo -n $k_user | pbkdf2-sha512 ${toString dev.yubikey.keyLength} $new_iterations $new_response | rbtohex)"
else
new_k_luks="$(echo | pbkdf2-sha512 ${toString yubikey.keyLength} $new_iterations $new_response | rbtohex)"
new_k_luks="$(echo | pbkdf2-sha512 ${toString dev.yubikey.keyLength} $new_iterations $new_response | rbtohex)"
fi
echo -n "$new_k_luks" | hextorb > /crypt-ramfs/new_key
echo -n "$k_luks" | hextorb | ${cschange} --key-file=- /crypt-ramfs/new_key
if [ $? == 0 ]; then
echo -ne "$new_salt\n$new_iterations" > /crypt-storage${yubikey.storage.path}
echo -ne "$new_salt\n$new_iterations" > /crypt-storage${dev.yubikey.storage.path}
else
echo "Warning: Could not update LUKS key, current challenge persists!"
fi
@ -338,7 +341,7 @@ let
}
open_with_hardware() {
if wait_yubikey ${toString yubikey.gracePeriod}; then
if wait_yubikey ${toString dev.yubikey.gracePeriod}; then
do_open_yubikey
else
echo "No YubiKey found, falling back to non-YubiKey open procedure"
@ -347,7 +350,7 @@ let
}
''}
${optionalString (luks.gpgSupport && (gpgCard != null)) ''
${optionalString (luks.gpgSupport && (dev.gpgCard != null)) ''
do_open_gpg_card() {
# Make all of these local to this function
@ -355,12 +358,12 @@ let
local pin
local opened
gpg --import /gpg-keys/${device}/pubkey.asc > /dev/null 2> /dev/null
gpg --import /gpg-keys/${dev.device}/pubkey.asc > /dev/null 2> /dev/null
gpg --card-status > /dev/null 2> /dev/null
for try in $(seq 3); do
echo -n "PIN for GPG Card associated with device ${device}: "
echo -n "PIN for GPG Card associated with device ${dev.device}: "
pin=
while true; do
if [ -e /crypt-ramfs/passphrase ]; then
@ -382,8 +385,8 @@ let
fi
fi
done
echo -n "Verifying passphrase for ${device}..."
echo -n "$pin" | gpg -q --batch --passphrase-fd 0 --pinentry-mode loopback -d /gpg-keys/${device}/cryptkey.gpg 2> /dev/null | ${csopen} --key-file=- > /dev/null 2> /dev/null
echo -n "Verifying passphrase for ${dev.device}..."
echo -n "$pin" | gpg -q --batch --passphrase-fd 0 --pinentry-mode loopback -d /gpg-keys/${dev.device}/cryptkey.gpg 2> /dev/null | ${csopen} --key-file=- > /dev/null 2> /dev/null
if [ $? == 0 ]; then
echo " - success"
${if luks.reusePassphrases then ''
@ -403,7 +406,7 @@ let
}
open_with_hardware() {
if wait_gpgcard ${toString gpgCard.gracePeriod}; then
if wait_gpgcard ${toString dev.gpgCard.gracePeriod}; then
do_open_gpg_card
else
echo "No GPG Card found, falling back to normal open procedure"
@ -412,15 +415,15 @@ let
}
''}
${optionalString (luks.fido2Support && (fido2.credential != null)) ''
${optionalString (luks.fido2Support && (dev.fido2.credential != null)) ''
open_with_hardware() {
local passsphrase
${if fido2.passwordLess then ''
${if dev.fido2.passwordLess then ''
export passphrase=""
'' else ''
read -rsp "FIDO2 salt for ${device}: " passphrase
read -rsp "FIDO2 salt for ${dev.device}: " passphrase
echo
''}
${optionalString (lib.versionOlder kernelPackages.kernel.version "5.4") ''
@ -428,7 +431,7 @@ let
echo "Please move your mouse to create needed randomness."
''}
echo "Waiting for your FIDO2 device..."
fido2luks open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase
fido2luks open ${dev.device} ${dev.name} ${dev.fido2.credential} --await-dev ${toString dev.fido2.gracePeriod} --salt string:$passphrase
if [ $? -ne 0 ]; then
echo "No FIDO2 key found, falling back to normal open procedure"
open_normally
@ -437,16 +440,16 @@ let
''}
# commands to run right before we mount our device
${preOpenCommands}
${dev.preOpenCommands}
${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) || (luks.fido2Support && (fido2.credential != null)) then ''
${if (luks.yubikeySupport && (dev.yubikey != null)) || (luks.gpgSupport && (dev.gpgCard != null)) || (luks.fido2Support && (dev.fido2.credential != null)) then ''
open_with_hardware
'' else ''
open_normally
''}
# commands to run right after we mounted our device
${postOpenCommands}
${dev.postOpenCommands}
'';
askPass = pkgs.writeScriptBin "cryptsetup-askpass" ''
@ -621,6 +624,17 @@ in
'';
};
bypassWorkqueues = mkOption {
default = false;
type = types.bool;
description = ''
Whether to bypass dm-crypt's internal read and write workqueues.
Enabling this should improve performance on SSDs; see
<link xlink:href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance">here</link>
for more information. Needs Linux 5.9 or later.
'';
};
fallbackToPassword = mkOption {
default = false;
type = types.bool;
@ -833,6 +847,11 @@ in
{ assertion = !(luks.fido2Support && luks.yubikeySupport);
message = "FIDO2 and YubiKey may not be used at the same time.";
}
{ assertion = any (dev: dev.bypassWorkqueues) (attrValues luks.devices)
-> versionAtLeast kernelPackages.kernel.version "5.9";
message = "boot.initrd.luks.devices.<name>.bypassWorkqueues is not supported for kernels older than 5.9";
}
];
# actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested

1
nixos/modules/tasks/filesystems.nix
Unescape View File

@ -321,6 +321,7 @@ in
RemainAfterExit = true;
};
unitConfig = {
ConditionPathIsMountPoint = "!/sys/fs/pstore";
ConditionVirtualization = "!container";
DefaultDependencies = false; # needed to prevent a cycle
};

7
nixos/modules/virtualisation/libvirtd.nix
Unescape View File

@ -11,9 +11,10 @@ let
auth_unix_rw = "polkit"
${cfg.extraConfig}
'';
ovmfFilePrefix = if pkgs.stdenv.isAarch64 then "AAVMF" else "OVMF";
qemuConfigFile = pkgs.writeText "qemu.conf" ''
${optionalString cfg.qemuOvmf ''
nvram = ["/run/libvirt/nix-ovmf/OVMF_CODE.fd:/run/libvirt/nix-ovmf/OVMF_VARS.fd"]
nvram = [ "/run/libvirt/nix-ovmf/${ovmfFilePrefix}_CODE.fd:/run/libvirt/nix-ovmf/${ovmfFilePrefix}_VARS.fd" ]
''}
${optionalString (!cfg.qemuRunAsRoot) ''
user = "qemu-libvirtd"
@ -206,8 +207,8 @@ in {
done
${optionalString cfg.qemuOvmf ''
ln -s --force ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd /run/${dirName}/nix-ovmf/
ln -s --force ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd /run/${dirName}/nix-ovmf/
ln -s --force ${pkgs.OVMF.fd}/FV/${ovmfFilePrefix}_CODE.fd /run/${dirName}/nix-ovmf/
ln -s --force ${pkgs.OVMF.fd}/FV/${ovmfFilePrefix}_VARS.fd /run/${dirName}/nix-ovmf/
''}
'';

2
nixos/modules/virtualisation/nixos-containers.nix
Unescape View File

@ -428,7 +428,7 @@ let
extraVeths = {};
additionalCapabilities = [];
ephemeral = false;
timeoutStartSec = "15s";
timeoutStartSec = "1min";
allowedDevices = [];
hostAddress = null;
hostAddress6 = null;

1
nixos/tests/all-tests.nix
Unescape View File

@ -47,6 +47,7 @@ in
boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
boot-stage1 = handleTest ./boot-stage1.nix {};
borgbackup = handleTest ./borgbackup.nix {};
botamusique = handleTest ./botamusique.nix {};
buildbot = handleTest ./buildbot.nix {};
buildkite-agents = handleTest ./buildkite-agents.nix {};
caddy = handleTest ./caddy.nix {};

37
nixos/tests/atop.nix
Unescape View File

@ -14,7 +14,10 @@ let assertions = rec {
'';
unit = name: state: ''
with subtest("Unit ${name} should be ${state}"):
machine.require_unit_state("${name}", "${state}")
if "${state}" == "active":
machine.wait_for_unit("${name}")
else:
machine.require_unit_state("${name}", "${state}")
'';
version = ''
import re
@ -44,9 +47,19 @@ let assertions = rec {
if present then
unit "atop.service" "active"
+ ''
with subtest("atop.service should have written some data to /var/log/atop"):
files = int(machine.succeed("ls -1 /var/log/atop | wc -l"))
assert files > 0, "Expected at least 1 data file"
with subtest("atop.service should write some data to /var/log/atop"):
def has_data_files(last: bool) -> bool:
files = int(machine.succeed("ls -1 /var/log/atop | wc -l"))
if files == 0:
machine.log("Did not find at least one 1 data file")
if not last:
machine.log("Will retry...")
return False
return True
with machine.nested("Waiting for data files"):
retry(has_data_files)
'' else unit "atop.service" "inactive";
atopRotateTimer = present:
unit "atop-rotate.timer" (if present then "active" else "inactive");
@ -55,11 +68,21 @@ let assertions = rec {
unit "atopacct.service" "active"
+ ''
with subtest("atopacct.service should enable process accounting"):
machine.succeed("test -f /run/pacct_source")
machine.wait_until_succeeds("test -f /run/pacct_source")
with subtest("atopacct.service should write data to /run/pacct_shadow.d"):
files = int(machine.succeed("ls -1 /run/pacct_shadow.d | wc -l"))
assert files >= 1, "Expected at least 1 pacct_shadow.d file"
def has_data_files(last: bool) -> bool:
files = int(machine.succeed("ls -1 /run/pacct_shadow.d | wc -l"))
if files == 0:
machine.log("Did not find at least one 1 data file")
if not last:
machine.log("Will retry...")
return False
return True
with machine.nested("Waiting for data files"):
retry(has_data_files)
'' else unit "atopacct.service" "inactive";
netatop = present:
if present then

47
nixos/tests/botamusique.nix
Unescape View File

@ -0,0 +1,47 @@
import ./make-test-python.nix ({ pkgs, lib, ...} :
{
name = "botamusique";
meta.maintainers = with lib.maintainers; [ hexa ];
nodes = {
machine = { config, ... }: {
services.murmur = {
enable = true;
registerName = "NixOS tests";
};
services.botamusique = {
enable = true;
settings = {
server = {
channel = "NixOS tests";
};
bot = {
version = false;
auto_check_update = false;
};
};
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("murmur.service")
machine.wait_for_unit("botamusique.service")
machine.sleep(10)
machine.wait_until_succeeds(
"journalctl -u murmur.service -e | grep -q '<1:botamusique(-1)> Authenticated'"
)
with subtest("Check systemd hardening"):
output = machine.execute("systemctl show botamusique.service")[1]
machine.log(output)
output = machine.execute("systemd-analyze security botamusique.service")[1]
machine.log(output)
'';
})

38
nixos/tests/sanoid.nix
Unescape View File

@ -33,14 +33,22 @@ in {
autosnap = true;
};
datasets."pool/test".useTemplate = [ "test" ];
datasets."pool/sanoid".useTemplate = [ "test" ];
extraArgs = [ "--verbose" ];
};
services.syncoid = {
enable = true;
sshKey = "/var/lib/syncoid/id_ecdsa";
commonArgs = [ "--no-sync-snap" ];
commands."pool/test".target = "root@target:pool/test";
commands = {
# Sync snapshot taken by sanoid
"pool/sanoid" = {
target = "root@target:pool/sanoid";
extraArgs = [ "--no-sync-snap" ];
};
# Take snapshot and sync
"pool/syncoid".target = "root@target:pool/syncoid";
};
};
};
target = { ... }: {
@ -54,18 +62,19 @@ in {
testScript = ''
source.succeed(
"mkdir /tmp/mnt",
"mkdir /mnt",
"parted --script /dev/vdb -- mklabel msdos mkpart primary 1024M -1s",
"udevadm settle",
"zpool create pool /dev/vdb1",
"zfs create -o mountpoint=legacy pool/test",
"mount -t zfs pool/test /tmp/mnt",
"zpool create pool -R /mnt /dev/vdb1",
"zfs create pool/sanoid",
"zfs create pool/syncoid",
"udevadm settle",
)
target.succeed(
"mkdir /mnt",
"parted --script /dev/vdb -- mklabel msdos mkpart primary 1024M -1s",
"udevadm settle",
"zpool create pool /dev/vdb1",
"zpool create pool -R /mnt /dev/vdb1",
"udevadm settle",
)
@ -76,16 +85,15 @@ in {
"chown -R syncoid:syncoid /var/lib/syncoid/",
)
source.succeed("touch /tmp/mnt/test.txt")
# Take snapshot with sanoid
source.succeed("touch /mnt/pool/sanoid/test.txt")
source.systemctl("start --wait sanoid.service")
# Sync snapshots
target.wait_for_open_port(22)
source.succeed("touch /mnt/pool/syncoid/test.txt")
source.systemctl("start --wait syncoid.service")
target.succeed(
"mkdir /tmp/mnt",
"zfs set mountpoint=legacy pool/test",
"mount -t zfs pool/test /tmp/mnt",
)
target.succeed("cat /tmp/mnt/test.txt")
target.succeed("cat /mnt/pool/sanoid/test.txt")
target.succeed("cat /mnt/pool/syncoid/test.txt")
'';
})

12
pkgs/applications/audio/ardour/default.nix
Unescape View File

@ -8,7 +8,7 @@
, curl
, dbus
, doxygen
, ffmpeg_3
, ffmpeg
, fftw
, fftwSinglePrec
, flac
@ -56,13 +56,13 @@
}:
stdenv.mkDerivation rec {
pname = "ardour";
version = "6.5";
version = "6.7";
# don't fetch releases from the GitHub mirror, they are broken
src = fetchgit {
url = "git://git.ardour.org/ardour/ardour.git";
rev = version;
sha256 = "0sd38hchyr16biq9hcxha4ljy3pf0yhcgn90i5zfqcznnc57ildx";
sha256 = "19jc29fjwgvqbg3gnmy50mrz8mh5x4nwddglasvwx83nc87qwllx";
};
patches = [
@ -89,7 +89,7 @@ stdenv.mkDerivation rec {
cppunit
curl
dbus
ffmpeg_3
ffmpeg
fftw
fftwSinglePrec
flac
@ -148,8 +148,8 @@ stdenv.mkDerivation rec {
sed 's|/usr/include/libintl.h|${glibc.dev}/include/libintl.h|' -i wscript
patchShebangs ./tools/
substituteInPlace libs/ardour/video_tools_paths.cc \
--replace 'ffmpeg_exe = X_("");' 'ffmpeg_exe = X_("${ffmpeg_3}/bin/ffmpeg");' \
--replace 'ffprobe_exe = X_("");' 'ffprobe_exe = X_("${ffmpeg_3}/bin/ffprobe");'
--replace 'ffmpeg_exe = X_("");' 'ffmpeg_exe = X_("${ffmpeg}/bin/ffmpeg");' \
--replace 'ffprobe_exe = X_("");' 'ffprobe_exe = X_("${ffmpeg}/bin/ffprobe");'
'';
postInstall = ''

15
pkgs/applications/audio/flac/default.nix
Unescape View File

@ -1,13 +1,22 @@
{ lib, stdenv, fetchurl, libogg }:
{ lib, stdenv, fetchurl, fetchpatch, libogg }:
stdenv.mkDerivation rec {
name = "flac-1.3.3";
pname = "flac";
version = "1.3.3";
src = fetchurl {
url = "http://downloads.xiph.org/releases/flac/${name}.tar.xz";
url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz";
sha256 = "0j0p9sf56a2fm2hkjnf7x3py5ir49jyavg4q5zdyd7bcf6yq4gi1";
};
patches = [
(fetchpatch {
name = "CVE-2020-0499.patch";
url = "https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4.patch";
sha256 = "160qzq9ms5addz7sx06pnyjjkqrffr54r4wd8735vy4x008z71ah";
})
];
buildInputs = [ libogg ];
#doCheck = true; # takes lots of time

4
pkgs/applications/audio/ft2-clone/default.nix
Unescape View File

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.46";
version = "1.47";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "sha256-Y6FgIbNCsxnM/B2bEB7oufBjU1BnBYaz7/oysWttIOc=";
sha256 = "sha256-KLHJROOtRPtGHBYEMByY7LG6FY4vES6WndCiz7okan8=";
};
# Adapt the linux-only CMakeLists to darwin (more reliable than make-macos.sh)

1
pkgs/applications/audio/gradio/default.nix
Unescape View File

@ -55,7 +55,6 @@ in stdenv.mkDerivation {
gsettings-desktop-schemas
] ++ gst_plugins;
enableParallelBuilding = true;
postInstall = ''
glib-compile-schemas "$out"/share/glib-2.0/schemas
'';

37
pkgs/applications/audio/helvum/default.nix
Unescape View File

@ -0,0 +1,37 @@
{ lib
, fetchFromGitLab
, rustPlatform
, pkg-config
, clang
, libclang
, glib
, gtk4
, pipewire
}:
rustPlatform.buildRustPackage rec {
pname = "helvum";
version = "0.2.0";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "ryuukyu";
repo = pname;
rev = version;
sha256 = "sha256-sQ4epL3QNOLHuR/dr/amHgiaxV/1SWeb3eijnjAAR3w=";
};
cargoSha256 = "sha256-uNTSU06Fz/ud04K40e98rb7o/uAht0DsiJOXeHX72vw=";
nativeBuildInputs = [ clang pkg-config ];
buildInputs = [ glib gtk4 pipewire ];
LIBCLANG_PATH = "${libclang.lib}/lib";
meta = with lib; {
description = "A GTK patchbay for pipewire";
homepage = "https://gitlab.freedesktop.org/ryuukyu/helvum";
license = licenses.gpl3Only;
maintainers = with maintainers; [ fufexan ];
};
}

4
pkgs/applications/audio/linuxsampler/default.nix
Unescape View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
pname = "linuxsampler";
version = "2.1.1";
version = "2.2.0";
src = fetchurl {
url = "https://download.linuxsampler.org/packages/${pname}-${version}.tar.bz2";
sha256 = "1gijf50x5xbpya5dj3v2mzj7azx4qk9p012csgddp73f0qi0n190";
sha256 = "sha256-xNFjxrrC0B8Oj10HIQ1AmI7pO34HuYRyyUaoB2MDmYw=";
};
preConfigure = ''

2
pkgs/applications/audio/mmtc/default.nix
Unescape View File

@ -11,7 +11,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "0ag87hgdg6fvk80fgznba0xjlcajks5w5s6y8lvwhz9irn2kq2rz";
};
cargoSha256 = "06xqh0mqbik00qyg8mn1ddbn15v3pdwvh1agghg22xgx53kmnxb3";
cargoSha256 = "0lkx0zj9xc0rlrq91l4wydzp430hxlrqyq7ii8wq2fcan8ln22lv";
nativeBuildInputs = [ installShellFiles ];

14
pkgs/applications/audio/mousai/default.nix
Unescape View File

@ -7,8 +7,8 @@
, glib
, gobject-introspection
, gst_all_1
, gtk3
, libhandy
, gtk4
, libadwaita
, librsvg
, meson
, ninja
@ -18,7 +18,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "mousai";
version = "0.3.2";
version = "0.4.1";
format = "other";
@ -26,7 +26,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "SeaDve";
repo = "Mousai";
rev = "v${version}";
sha256 = "sha256-sBB2kqlC+2qPgQinhGxY8lq9unxgQoOOhDP5o1pUWMo=";
sha256 = "sha256-AfR5n1dIm9X5OoPiikQEhHBFQq0rmQH4h7cCJ2yXoXI=";
};
postPatch = ''
@ -38,7 +38,7 @@ python3.pkgs.buildPythonApplication rec {
desktop-file-utils
gettext
glib
gtk3
gtk4
meson
ninja
pkg-config
@ -50,8 +50,8 @@ python3.pkgs.buildPythonApplication rec {
gst_all_1.gstreamer
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good
gtk3
libhandy
gtk4
libadwaita
librsvg
];

2
pkgs/applications/audio/muso/default.nix
Unescape View File

@ -26,7 +26,7 @@ rustPlatform.buildRustPackage rec {
cp share/* $out/share/muso/
'';
cargoSha256 = "06jgk54r3f8gq6iylv5rgsawss3hc5kmvk02y4gl8iwfnw4xrvmg";
cargoSha256 = "1hgdzyz005244f2mh97js9ga0a6s2hcd6iydz07f1hmhsh1j2bwy";
meta = with lib; {
description = "An automatic music sorter (based on ID3 tags)";

2
pkgs/applications/audio/netease-music-tui/default.nix
Unescape View File

@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec {
nativeBuildInputs = [ pkg-config ];
buildInputs = [ alsaLib openssl ];
cargoSha256 = "0f06wc7h2zjipifvxsskxvihjf6mykrjrm7yk0zf98ra079bc9g9";
cargoSha256 = "1pca0sz4rz8qls6k2vhf70ixhnvgk81c4hbx81q3pv106g5k205f";
meta = with lib; {
homepage = "https://github.com/betta-cyber/netease-music-tui";

1
pkgs/applications/audio/parlatype/default.nix
Unescape View File

@ -48,7 +48,6 @@ stdenv.mkDerivation rec {
'';
doCheck = false;
enableParallelBuilding = true;
buildPhase = ''
export GST_PLUGIN_SYSTEM_PATH_1_0="$out/lib/gstreamer-1.0/:$GST_PLUGIN_SYSTEM_PATH_1_0"

8
pkgs/applications/audio/plexamp/default.nix
Unescape View File

@ -2,13 +2,13 @@
let
pname = "plexamp";
version = "3.4.4";
version = "3.4.6";
name = "${pname}-${version}";
src = fetchurl {
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
name="${pname}-${version}.AppImage";
sha256 = "1iz6qi12ljafb49l73rba5rwi5sdbd8ck5h2r6jiy260lgr2iiyk";
sha512 = "M2iLJxpufycxnUfdn9f85l47W8HCsi/K0SPVsxyyaeKloV3g6yTyOg1luMwHBLDeXEKwR9jtuvPlIMNyBCFm8w==";
};
appimageContents = appimageTools.extractType2 {
@ -29,10 +29,12 @@ in appimageTools.wrapType2 {
--replace 'Exec=AppRun' 'Exec=${pname}'
'';
passthru.updateScript = ./update-plexamp.sh;
meta = with lib; {
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
homepage = "https://plexamp.com/";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/26";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/28";
license = licenses.unfree;
maintainers = with maintainers; [ killercup synthetica ];
platforms = [ "x86_64-linux" ];

54
pkgs/applications/audio/plexamp/update-plexamp.sh
Unescape View File

@ -0,0 +1,54 @@
#! /usr/bin/env nix-shell
#! nix-shell -p yq bash curl bc ripgrep
#! nix-shell -i bash
set -Eeuxo pipefail
cleanup() {
rm -rf "$TMPDIR"
}
trap cleanup EXIT
ROOT="$(dirname "$(readlink -f "$0")")"
if [ ! -f "$ROOT/default.nix" ]; then
echo "ERROR: cannot find default.nix in $ROOT"
exit 1
fi
if [ "$(basename "$ROOT")" != plexamp ]; then
echo "ERROR: folder not named plexamp"
exit 1
fi
TMPDIR="$(mktemp -d)"
VERSION_FILE="$TMPDIR/version.yml"
VERSION_URL="https://plexamp.plex.tv/plexamp.plex.tv/desktop/latest-linux.yml"
curl "$VERSION_URL" -o "$VERSION_FILE"
VERSION="$(yq -r .version "$VERSION_FILE")"
SHA512="$(yq -r .sha512 "$VERSION_FILE")"
DEFAULT_NIX="$ROOT/default.nix"
WORKING_NIX="$TMPDIR/default.nix"
cp "$DEFAULT_NIX" "$WORKING_NIX"
sed -i "s@version = .*;@version = \"$VERSION\";@g" "$WORKING_NIX"
if diff "$DEFAULT_NIX" "$WORKING_NIX"; then
echo "WARNING: no changes"
exit 0
fi
# update sha hash (convenietly provided)
sed -i "s@sha.* = .*;@sha512 = \"$SHA512\";@g" "$WORKING_NIX"
# update the changelog ("just" increment the number)
CHANGELOG_URL=$(rg --only-matching 'changelog = "(.+)";' --replace '$1' $WORKING_NIX)
CHANGELOG_NUMBER=$(rg --only-matching '.*/([0-9]+)' --replace '$1' <<< $CHANGELOG_URL)
NEXT_CHANGELOG=$(($CHANGELOG_NUMBER + 1))
NEXT_URL=$(rg --only-matching '(.*)/[0-9]+' --replace "\$1/$NEXT_CHANGELOG" <<< $CHANGELOG_URL)
sed -i "s@changelog = \".*\";@changelog = \"$NEXT_URL\";@" $WORKING_NIX
mv $WORKING_NIX $DEFAULT_NIX

15
pkgs/applications/audio/reaper/default.nix
Unescape View File

@ -8,6 +8,8 @@
, lame
, ffmpeg
, vlc
, xdg-utils
, which
, jackSupport ? true, libjack2
, pulseaudioSupport ? config.pulseaudio or true, libpulseaudio
@ -15,14 +17,19 @@
stdenv.mkDerivation rec {
pname = "reaper";
version = "6.25";
version = "6.28";
src = fetchurl {
url = "https://www.reaper.fm/files/${lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_x86_64.tar.xz";
sha256 = "0i1idlr4ar28wvwcvwn9hqzb63kki1x1995cr87a9slxfa7zcshb";
hash = "sha256-38HSjR+rQWPzMOjq1abLn/MP3DCz5YzBg0v2kBsQmR4=";
};
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
nativeBuildInputs = [
autoPatchelfHook
makeWrapper
xdg-utils # Required for desktop integration
which
];
buildInputs = [
alsaLib
@ -41,7 +48,7 @@ stdenv.mkDerivation rec {
installPhase = ''
runHook preInstall
XDG_DATA_HOME="$out/share" ./install-reaper.sh \
HOME="$out/share" XDG_DATA_HOME="$out/share" ./install-reaper.sh \
--install $out/opt \
--integrate-user-desktop
rm $out/opt/REAPER/uninstall-reaper.sh

2
pkgs/applications/audio/spotify-tui/default.nix
Unescape View File

@ -11,7 +11,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "082y5m2vglzx9kdc2088zynz0njcnljnb0y170igmlsxq9wkrgg2";
};
cargoSha256 = "100c7x603qyhav3p24clwfal4ngh0258x9lqsi84kcj4wq2f3i8f";
cargoSha256 = "1khn6fx13qlfpqwnw7ysgan5h4nrg2qnzn2p74vn7jic3mqc3sax";
nativeBuildInputs = [ installShellFiles ] ++ lib.optionals stdenv.isLinux [ pkg-config python3 ];
buildInputs = [ ]

2
pkgs/applications/audio/spotifyd/default.nix
Unescape View File

@ -18,7 +18,7 @@ rustPackages.rustPlatform.buildRustPackage rec {
sha256 = "1a578h13iv8gqmskzlncfr42jlg5gp0zfcizv4wbd48y9hl8fh2l";
};
cargoSha256 = "1sm5yfgjx5xfnqqh1v8ycwzxw4kl6dq5gcvsdnc4h1cj3pdhbpcc";
cargoSha256 = "07dxfc0csrnfl01p9vdrqvca9f574svlf37dk3dz8p6q08ki0n1z";
cargoBuildFlags = [
"--no-default-features"

41
pkgs/applications/audio/surge/default.nix
Unescape View File

@ -1,41 +1,46 @@
{ lib, stdenv, fetchFromGitHub, cmake, git, pkg-config, python3
{ stdenv, lib, fetchurl, fetchFromGitHub, cmake, git, pkg-config, python3
, cairo, libsndfile, libxcb, libxkbcommon, xcbutil, xcbutilcursor, xcbutilkeysyms, zenity
, curl, rsync
}:
stdenv.mkDerivation rec {
pname = "surge";
version = "1.8.1";
version = "1.9.0";
src = fetchFromGitHub {
owner = "surge-synthesizer";
repo = pname;
rev = "release_${version}";
sha256 = "0lla860g7zgn9n1zgy14g4j72d5n5y7isyxz2w5xy2fzdpdg24ql";
leaveDotGit = true; # for SURGE_VERSION
fetchSubmodules = true;
src = fetchurl {
url = "https://github.com/surge-synthesizer/releases/releases/download/${version}/SurgeSrc_${version}.tgz";
sha256 = "00af4lfcipl0rn0dn4gfipx7nbk8ym1mrmji8v0ar98frsrpxg4k";
};
extraContent = fetchFromGitHub {
owner = "surge-synthesizer";
repo = "surge-extra-content";
# rev from: https://github.com/surge-synthesizer/surge/blob/release_1.8.1/cmake/stage-extra-content.cmake#L6
# or: https://github.com/surge-synthesizer/surge/blob/main/cmake/stage-extra-content.cmake
# SURGE_EXTRA_CONTENT_HASH
rev = "afc591cc06d9adc3dc8dc515a55c66873fa10296";
sha256 = "1wqv86l70nwlrb10n47rib80f47a96j9qqg8w5dv46ys1sq2nz7z";
};
nativeBuildInputs = [ cmake git pkg-config python3 ];
buildInputs = [ cairo libsndfile libxcb libxkbcommon xcbutil xcbutilcursor xcbutilkeysyms zenity ];
buildInputs = [ cairo libsndfile libxcb libxkbcommon xcbutil xcbutilcursor xcbutilkeysyms zenity curl rsync ];
postPatch = ''
substituteInPlace src/common/SurgeStorage.cpp --replace "/usr/share/Surge" "$out/share/surge"
substituteInPlace src/linux/UserInteractionsLinux.cpp --replace '"zenity' '"${zenity}/bin/zenity'
substituteInPlace vstgui.surge/vstgui/lib/platform/linux/x11fileselector.cpp --replace /usr/bin/zenity ${zenity}/bin/zenity
patchShebangs scripts/linux/emit-vector-piggy
patchShebangs scripts/linux/generate-lv2-ttl
patchShebangs scripts/linux/
cp -r $extraContent/Skins/ resources/data/skins
'';
installPhase = ''
mkdir -p $out/lib/lv2 $out/lib/vst3 $out/share/surge
cp -r surge_products/Surge.lv2 $out/lib/lv2/
cp -r surge_products/Surge.vst3 $out/lib/vst3/
cp -r ../resources/data/* $out/share/surge/
cd ..
cmake --build build --config Release --target install-everything-global
'';
doInstallCheck = true;
installCheckPhase = ''
cd ..
export HOME=$(mktemp -d)
export SURGE_DISABLE_NETWORK_TESTS=TRUE
build/surge-headless
'';

6
pkgs/applications/audio/whipper/default.nix
Unescape View File

@ -3,13 +3,13 @@
python3.pkgs.buildPythonApplication rec {
pname = "whipper";
version = "0.9.1.dev7+g${lib.substring 0 7 src.rev}";
version = "0.10.0";
src = fetchFromGitHub {
owner = "whipper-team";
repo = "whipper";
rev = "9e95f0604fa30ab06445fe46e3bc93bba6092a05";
sha256 = "1c2qldw9vxpvdfh5wl6mfcd7zzz3v8r86ffqll311lcp2zin33dg";
rev = "v${version}";
sha256 = "00cq03cy5dyghmibsdsq5sdqv3bzkzhshsng74bpnb5lasxp3ia5";
};
pythonPath = with python3.pkgs; [

36
pkgs/applications/audio/ytmdesktop/default.nix
Unescape View File

@ -0,0 +1,36 @@
{ lib, fetchurl, appimageTools, }:
let
pname = "ytmdesktop";
version = "1.13.0";
name = "${pname}-${version}";
src = fetchurl {
url = "https://github.com/ytmdesktop/ytmdesktop/releases/download/v${version}/YouTube-Music-Desktop-App-${version}.AppImage";
sha256 = "0f5l7hra3m3q9zd0ngc9dj4mh1lk0rgicvh9idpd27wr808vy28v";
};
appimageContents = appimageTools.extract { inherit name src; };
in appimageTools.wrapType2 rec {
inherit name src;
extraInstallCommands = ''
mv $out/bin/{${name},${pname}}
install -m 444 \
-D ${appimageContents}/youtube-music-desktop-app.desktop \
-t $out/share/applications
substituteInPlace \
$out/share/applications/youtube-music-desktop-app.desktop \
--replace 'Exec=AppRun' 'Exec=${pname}'
cp -r ${appimageContents}/usr/share/icons $out/share
'';
meta = with lib; {
description = "A Desktop App for YouTube Music";
homepage = "https://ytmdesktop.app/";
license = licenses.cc0;
platforms = platforms.linux;
maintainers = [ maintainers.lgcl ];
};
}

2
pkgs/applications/audio/zynaddsubfx/default.nix
Unescape View File

@ -111,7 +111,7 @@ in stdenv.mkDerivation rec {
else "https://zynaddsubfx.sourceforge.io";
license = licenses.gpl2;
maintainers = with maintainers; [ goibhniu metadark ];
maintainers = with maintainers; [ goibhniu kira-bruneau ];
platforms = platforms.linux;
};
}

2
pkgs/applications/audio/zynaddsubfx/mruby-zest/default.nix
Unescape View File

@ -103,7 +103,7 @@ stdenv.mkDerivation rec {
description = "The Zest Framework used in ZynAddSubFX's UI";
homepage = "https://github.com/mruby-zest";
license = licenses.lgpl21;
maintainers = with maintainers; [ metadark ];
maintainers = with maintainers; [ kira-bruneau ];
platforms = platforms.all;
};
}

4
pkgs/applications/blockchains/exodus/default.nix
Unescape View File

@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core, libxkbcommon, mesa }:
stdenv.mkDerivation rec {
pname = "exodus";
version = "21.1.18";
version = "21.1.29";
src = fetchurl {
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
sha256 = "sha256-cc0m1gOwIY4M0ljSSdj8WaQfU/ikGI1Zlf8gGDdht4Q=";
sha256 = "sha256-Qdiyjutzt8r1tIfcW7/AtSuOpf1Un5TeHoeZx5uQthM=";
};
sourceRoot = ".";

27
pkgs/applications/blockchains/faraday/default.nix
Unescape View File

@ -0,0 +1,27 @@
{ buildGoModule
, fetchFromGitHub
, lib
}:
buildGoModule rec {
pname = "faraday";
version = "0.2.3-alpha";
src = fetchFromGitHub {
owner = "lightninglabs";
repo = "faraday";
rev = "v${version}";
sha256 = "16cqaslsbwda23b5n0sfppybd3ma4ch545100ydxrwac4zhrq4kq";
};
vendorSha256 = "1hh99nfprlmhkc36arg3w1kxby59i2l7n258cp40niv7bjn37hrq";
subPackages = [ "cmd/frcli" "cmd/faraday" ];
meta = with lib; {
description = "LND Channel Management Tools";
homepage = "https://github.com/lightninglabs/faraday";
license = licenses.mit;
maintainers = with maintainers; [ proofofkeags ];
};
}

15
pkgs/applications/blockchains/stellar-core-dirty-version.patch
Unescape View File

@ -1,15 +0,0 @@
Subject: Prevent "-dirty" from being erroneously added to the version
diff --git a/src/Makefile.am b/src/Makefile.am
index d36d1a3..00048fc 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -28,7 +28,7 @@ always:
# Always rebuild because .git/HEAD is a symbolic ref one can't depend on
StellarCoreVersion.h: always
@vers=$$(cd "$(srcdir)" \
- && git describe --always --dirty --tags 2>/dev/null \
+ && git describe --always --tags 2>/dev/null \
|| echo "$(PACKAGE) $(VERSION)"); \
echo "#define STELLAR_CORE_VERSION \"$$vers\"" > $@~
@if cmp -s $@~ $@; then rm -f $@~; else \

31
pkgs/applications/blockchains/stellar-core.nix
Unescape View File

@ -1,31 +1,30 @@
{ lib, stdenv, fetchgit, autoconf, libtool, automake, pkg-config, git
, bison, flex, postgresql }:
{ lib, stdenv, fetchFromGitHub, autoconf, libtool, automake, pkg-config, git
, bison, flex, postgresql, ripgrep }:
let
stdenv.mkDerivation rec {
pname = "stellar-core";
version = "0.5.1";
version = "17.0.0";
in stdenv.mkDerivation {
name = "${pname}-${version}";
src = fetchgit {
url = "https://github.com/stellar/stellar-core.git";
rev = "refs/tags/v${version}";
sha256 = "0ldw3qr0sajgam38z2w2iym0214ial6iahbzx3b965cw92n8n88z";
src = fetchFromGitHub {
owner = "stellar";
repo = pname;
rev = "v${version}";
sha256 = "1ngl8yjqb8xzhdwzlxzzxf14q2hgwy2ysb17sn5380rrn0jswin1";
fetchSubmodules = true;
leaveDotGit = true;
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ autoconf automake libtool git ];
nativeBuildInputs = [ automake autoconf git libtool pkg-config ripgrep ];
propagatedBuildInputs = [ bison flex postgresql ];
patches = [ ./stellar-core-dirty-version.patch ];
preConfigure = ''
# Due to https://github.com/NixOS/nixpkgs/issues/8567 we cannot rely on
# having the .git directory present, so directly provide the version
substituteInPlace src/Makefile.am --replace '$$vers' '${pname} ${version}';
# Everything needs to be staged in git because the build uses
# `git ls-files` to search for source files to compile.
git init
git add .
./autogen.sh

2
pkgs/applications/editors/amp/default.nix
Unescape View File

@ -12,7 +12,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "0l1vpcfq6jrq2dkrmsa4ghwdpp7c54f46gz3n7nk0i41b12hnigw";
};
cargoSha256 = "09v991rl2w4c4jh7ga7q1lk6wyl2vr71j5cpniij8mcvszrz78qf";
cargoSha256 = "19r3xvysragmf02zk2l5s2hjg92gxdygsh52y7za81x443lvjyvq";
nativeBuildInputs = [ cmake pkg-config python3 ];
buildInputs = [ openssl xorg.libxcb libgit2 ] ++ lib.optionals stdenv.isDarwin

9
pkgs/applications/editors/android-studio/default.nix
Unescape View File

@ -14,13 +14,12 @@ let
sha256Hash = "074y6i0h8zamjgvvs882im44clds3g6aq8rssl7sq1wx6hrn5q36";
};
betaVersion = {
version = "4.2.0.24"; # "Android Studio 4.2.0"
build = "202.7322048";
sha256Hash = "1ii1zf8mv7xyql56wwkcdj5l4g3zaprdszv6r9md9r5zh78k4ccz";
version = "2020.3.1.16"; # "Android Studio Arctic Fox (2020.3.1) Beta 1"
sha256Hash = "0mp1cmxkqc022nv8cggywbwcf8lp6r802nh8hcw5j00hcdnhkcq0";
};
latestVersion = { # canary & dev
version = "2020.3.1.15"; # "Android Studio Arctic Fox (2020.3.1) Canary 15"
sha256Hash = "0k66ibflqwdlgapir5w2v1d4zjwn6464yk2hvlmif9lsfdvd0ivv";
version = "2021.1.1.1"; # "Android Studio Bumblebee (2021.1.1) Canary 1"
sha256Hash = "0aavmk8byw817356jm28rl998gcp3zm7x3fq14hm2awzhk5jaklm";
};
in {
# Attributes are named by their corresponding release channels

7
pkgs/applications/editors/emacs/elisp-packages/melpa-packages.nix
Unescape View File

@ -116,6 +116,13 @@ let
stripDebugList = [ "share" ];
});
erlang = super.erlang.overrideAttrs (attrs: {
buildInputs = attrs.buildInputs ++ [
pkgs.perl
pkgs.ncurses
];
});
# https://github.com/syl20bnr/evil-escape/pull/86
evil-escape = super.evil-escape.overrideAttrs (attrs: {
postPatch = ''

2
pkgs/applications/editors/hexdino/default.nix
Unescape View File

@ -11,7 +11,7 @@ rustPlatform.buildRustPackage {
sha256 = "11mz07735gxqfamjcjjmxya6swlvr1p77sgd377zjcmd6z54gwyf";
};
cargoSha256 = "06ghcd4j751mdkzwb88nqwk8la4zdb137y0iqrkpykkfx0as43x3";
cargoSha256 = "1hpndmpk1zlfvb4r95m13yvnsbjkwgw4pb9ala2d5yzfp38225nm";
buildInputs = [ ncurses ];

2
pkgs/applications/editors/kibi/default.nix
Unescape View File

@ -7,7 +7,7 @@ rustPlatform.buildRustPackage rec {
pname = "kibi";
version = "0.2.2";
cargoSha256 = "sha256-8iEUOLFwHBLS0HQL/oLnv6lcV3V9Hm4jMqXkqPvIF9E=";
cargoSha256 = "sha256-ebUCkcUACganeq5U0XU4VIGClKDZGhUw6K3WBgTUUUw=";
src = fetchFromGitHub {
owner = "ilai-deutel";

5
pkgs/applications/editors/lite/default.nix
Unescape View File

@ -4,6 +4,7 @@
, lua52Packages
, pkg-config
, makeWrapper
, openlibm
} :
stdenv.mkDerivation rec {
@ -19,7 +20,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper pkg-config ];
buildInputs = [ SDL2 lua52Packages.lua ];
buildInputs = [ SDL2 lua52Packages.lua openlibm ];
postPatch = ''
# use system Lua 5.2
@ -34,7 +35,7 @@ stdenv.mkDerivation rec {
# extracted and adapted from build.sh
CC=$NIX_CC/bin/cc
CFLAGS="-Wall -O3 -g -std=gnu11 -Isrc -DLUA_USE_POPEN $(pkg-config --cflags lua sdl2)"
LDFLAGS="$(pkg-config --libs lua sdl2)"
LDFLAGS="$(pkg-config --libs lua sdl2 openlibm)"
for f in $(find src -name "*.c"); do
$CC -c $CFLAGS $f -o "''${f//\//_}.o"
done

2
pkgs/applications/editors/neovim/gnvim/default.nix
Unescape View File

@ -11,7 +11,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "1cc3yk04v9icdjr5cn58mqc3ba1wqmlzhf9ly7biy9m8yk30w9y0";
};
cargoSha256 = "1fyn8nsabzrfl9ykf2gk2p8if0yjp6k0ybrmp0pw67pbwaxpb9ym";
cargoSha256 = "0z6hhahxdc6d7nzqvc8jlxn1frsc39va8z5pmwfmmq5z61ahk90z";
buildInputs = [ gtk webkitgtk ];

2
pkgs/applications/editors/neovim/neovide/default.nix
Unescape View File

@ -66,7 +66,7 @@ rustPlatform.buildRustPackage rec {
SKIA_OFFLINE_NINJA_COMMAND = "${ninja}/bin/ninja";
SKIA_OFFLINE_GN_COMMAND = "${gn}/bin/gn";
LIBCLANG_PATH = "${llvmPackages.libclang}/lib";
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
# test needs a valid fontconfig file
FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; };

40
pkgs/applications/editors/neovim/utils.nix
Unescape View File

@ -29,6 +29,11 @@ let
, withNodeJs ? false
, withRuby ? true
# expects a list of plugin configuration
# expects { plugin=far-vim; config = "let g:far#source='rg'"; optional = false; }
, plugins ? []
# forwarded to configure.customRC
, customRC ? ""
# same values as in vimUtils.vimrcContent
, configure ? { }
@ -44,7 +49,33 @@ let
'';
};
requiredPlugins = vimUtils.requiredPlugins configure;
# transform all plugins into an attrset
pluginsNormalized = map (x: if x ? plugin then { optional = false; } // x else { plugin = x; optional = false;}) plugins;
configurePatched = configure // {
packages.nix = {
start = lib.filter (f: f != null)
(map (x: if x.optional == false then x.plugin else null)
pluginsNormalized);
opt = lib.filter (f: f != null)
(map (x: if x.optional == true then x.plugin else null)
pluginsNormalized);
};
customRC = pluginRc + customRC;
};
# A function to get the configuration string (if any) from an element of 'plugins'
pluginConfig = p:
if (p.config or "") != "" then ''
" ${p.plugin.pname or p.plugin.name} {{{
${p.config}
" }}}
'' else "";
pluginRc = lib.concatMapStrings pluginConfig pluginsNormalized;
requiredPlugins = vimUtils.requiredPlugins configurePatched;
getDeps = attrname: map (plugin: plugin.${attrname} or (_: [ ]));
pluginPython3Packages = getDeps "python3Dependencies" requiredPlugins;
@ -89,12 +120,13 @@ let
"--suffix" "PATH" ":" binPath
];
manifestRc = vimUtils.vimrcContent (configure // { customRC = ""; });
neovimRcContent = vimUtils.vimrcContent configure;
manifestRc = vimUtils.vimrcContent (configurePatched // { customRC = ""; }) ;
neovimRcContent = vimUtils.vimrcContent configurePatched;
in
assert withPython2 -> throw "Python2 support has been removed from neovim, please remove withPython2 and extraPython2Packages.";
args // {
builtins.removeAttrs args ["plugins"] // {
wrapperArgs = makeWrapperArgs;
inherit neovimRcContent;
inherit manifestRc;

27
pkgs/applications/editors/neovim/wrapper.nix
Unescape View File

@ -11,8 +11,9 @@ neovim:
let
wrapper = {
# should contain all args but the binary
wrapperArgs ? ""
extraName ? ""
# should contain all args but the binary. Can be either a string or list
, wrapperArgs ? []
, manifestRc ? null
, withPython2 ? false
, withPython3 ? true, python3Env ? null
@ -20,10 +21,18 @@ let
, rubyEnv ? null
, vimAlias ? false
, viAlias ? false
# additional argument not generated by makeNeovimConfig
# it will append "-u <customRc>" to the wrapped arguments
# set to false if you want to control where to save the generated config
# (e.g., in ~/.config/init.vim or project/.nvimrc)
, wrapRc ? true
, ...
}:
}@args:
let
wrapperArgsStr = if isString wrapperArgs then wrapperArgs else lib.escapeShellArgs wrapperArgs;
# If configure != {}, we can't generate the rplugin.vim file with e.g
# NVIM_SYSTEM_RPLUGIN_MANIFEST *and* NVIM_RPLUGIN_MANIFEST env vars set in
# the wrapper. That's why only when configure != {} (tested both here and
@ -31,13 +40,15 @@ let
# wrapper with most arguments we need, excluding those that cause problems to
# generate rplugin.vim, but still required for the final wrapper.
finalMakeWrapperArgs =
[ "${neovim}/bin/nvim" "${placeholder "out"}/bin/nvim" ] ++
[ "--set" "NVIM_SYSTEM_RPLUGIN_MANIFEST" "${placeholder "out"}/rplugin.vim" ];
[ "${neovim}/bin/nvim" "${placeholder "out"}/bin/nvim" ]
++ [ "--set" "NVIM_SYSTEM_RPLUGIN_MANIFEST" "${placeholder "out"}/rplugin.vim" ]
++ optionals wrapRc [ "--add-flags" "-u ${writeText "init.vim" args.neovimRcContent}" ]
;
in
assert withPython2 -> throw "Python2 support has been removed from the neovim wrapper, please remove withPython2 and python2Env.";
symlinkJoin {
name = "neovim-${lib.getVersion neovim}";
name = "neovim-${lib.getVersion neovim}${extraName}";
# Remove the symlinks created by symlinkJoin which we need to perform
# extra actions upon
postBuild = lib.optionalString stdenv.isLinux ''
@ -66,7 +77,7 @@ let
in ''
echo "Generating remote plugin manifest"
export NVIM_RPLUGIN_MANIFEST=$out/rplugin.vim
makeWrapper ${lib.escapeShellArgs manifestWrapperArgs} ${wrapperArgs}
makeWrapper ${lib.escapeShellArgs manifestWrapperArgs} ${wrapperArgsStr}
# Some plugins assume that the home directory is accessible for
# initializing caches, temporary files, etc. Even if the plugin isn't
@ -96,7 +107,7 @@ let
'')
+ ''
rm $out/bin/nvim
makeWrapper ${lib.escapeShellArgs finalMakeWrapperArgs} ${wrapperArgs}
makeWrapper ${lib.escapeShellArgs finalMakeWrapperArgs} ${wrapperArgsStr}
'';
paths = [ neovim ];

4
pkgs/applications/editors/netbeans/default.nix
Unescape View File

@ -3,7 +3,7 @@
}:
let
version = "12.3";
version = "12.4";
desktopItem = makeDesktopItem {
name = "netbeans";
exec = "netbeans";
@ -19,7 +19,7 @@ stdenv.mkDerivation {
inherit version;
src = fetchurl {
url = "mirror://apache/netbeans/netbeans/${version}/netbeans-${version}-bin.zip";
sha512 = "2fy696qrfbdkzmq4cwd6l7v6rsc0bf9akh61w3azc544bq3vxl3v6s31hvg3ba0nsh0jv3nbdrk6jp1l4hwgcg9zg7kf2012a1vv2nk";
sha512 = "2jwfyq5ik0pwjd61mh0dhyw4xgpzfmgsjc947xg84n7xmns4mzgb8k5ggrss6hgqiqk7jl3psv7v837c2dxk1xdrdnkzs31cg9symbs";
};
buildCommand = ''

2
pkgs/applications/editors/ox/default.nix
Unescape View File

@ -11,7 +11,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "18iffnmvax6mbnhypf7yma98y5q2zlsyp9q18f92fdwz426r33p0";
};
cargoSha256 = "0v0a1dl9rq5qyy9xwnb59w62qr9db3y3zlmnp60wafvj70zi9zxs";
cargoSha256 = "0m5vglm58myf50vbb7m6gd3srk3n93afg70lz63i2kciqkkwsnjl";
meta = with lib; {
description = "An independent Rust text editor that runs in your terminal";

2
pkgs/applications/editors/poke/default.nix
Unescape View File

@ -66,7 +66,7 @@ in stdenv.mkDerivation rec {
description = "Interactive, extensible editor for binary data";
homepage = "http://www.jemarch.net/poke";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ AndersonTorres metadark ];
maintainers = with maintainers; [ AndersonTorres kira-bruneau ];
platforms = platforms.unix;
changelog = "https://git.savannah.gnu.org/cgit/poke.git/plain/ChangeLog?h=releases/poke-${version}";
};

21
pkgs/applications/editors/sublime/3/common.nix
Unescape View File

@ -2,7 +2,6 @@
{ fetchurl, lib, stdenv, xorg, glib, glibcLocales, gtk3, cairo, pango, libredirect, makeWrapper, wrapGAppsHook
, pkexecPath ? "/run/wrappers/bin/pkexec"
, writeScript, common-updater-scripts, curl, gnugrep
, openssl, bzip2, bash, unzip, zip
}:
@ -128,26 +127,6 @@ in stdenv.mkDerivation (rec {
done
'';
passthru.updateScript = writeScript "${pname}-update-script" ''
#!${stdenv.shell}
set -o errexit
PATH=${lib.makeBinPath [ common-updater-scripts curl gnugrep ]}
latestVersion=$(curl -s ${versionUrl})
if [[ "${buildVersion}" = "$latestVersion" ]]; then
echo "The new version same as the old version."
exit 0
fi
for platform in ${lib.concatStringsSep " " meta.platforms}; do
# The script will not perform an update when the version attribute is up to date from previous platform run
# We need to clear it before each run
update-source-version ${packageAttribute}.${primaryBinary} 0 0000000000000000000000000000000000000000000000000000000000000000 --file=${versionFile} --version-key=buildVersion --system=$platform
update-source-version ${packageAttribute}.${primaryBinary} $latestVersion --file=${versionFile} --version-key=buildVersion --system=$platform
done
'';
meta = with lib; {
description = "Sophisticated text editor for code, markup and prose";
homepage = "https://www.sublimetext.com/";

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save