alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge master into closure-size

Browse source 
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
This commit is contained in:
Vladimír Čunát 2016-03-08 09:57:58 +01:00
parent f306e67e15 0ee75214f3
commit 09af15654f
1276 changed files with 78548 additions and 29166 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CONTRIBUTING.md → .github/CONTRIBUTING.md vendored
View file

@ -1,7 +1,7 @@
# How to contribute
Note: contributing implies licensing those contributions
under the terms of [COPYING](./COPYING), which is an MIT-like license.
under the terms of [COPYING](../COPYING), which is an MIT-like license.
## Opening issues

17
.github/ISSUE_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,17 @@
## Basic info
To make sure that we are on the same page:
* Kernel: (run `uname -a`)
* System: (NixOS: `nixos-version`, Ubuntu/Fedora: `lsb_release -a`, ...)
* Nix version: (run `nix-env --version`)
* Nixpkgs version: (run `nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion`)
## Describe your issue here
### Expected result
### Actual result
### Steps to reproduce

18
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,18 @@
###### Things done:
- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS)
- [ ] Built on platform(s): NixOS / OSX / Linux
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).
###### More
Fixes issue #<insert id>
cc @<maintainer>
---
_Please note, that points are not mandatory, but rather desired._

3
.mention-bot
View file

@ -1,5 +1,6 @@
{
"userBlacklist": [
"civodul"
"civodul",
"jhasse"
]
}

2
.version
View file

@ -1 +1 @@
16.03
16.09

2
doc/configuration.xml
View file

@ -89,7 +89,7 @@ packages via <literal>packageOverrides</literal></title>
<para>You can define a function called
<varname>packageOverrides</varname> in your local
<filename>~/.nixpkgs/config</filename> to overide nix packages. It
<filename>~/.nixpkgs/config.nix</filename> to overide nix packages. It
must be a function that takes pkgs as an argument and return modified
set of packages.

10
doc/default.nix
View file

@ -42,6 +42,11 @@ stdenv.mkDerivation {
mkdir ./languages-frameworks
cp -s '${sources-langs}'/* ./languages-frameworks
''
+ toDocbook {
inputFile = ./introduction.md;
outputFile = "introduction.xml";
useChapters = true;
}
+ toDocbook {
inputFile = ./haskell-users-guide.md;
outputFile = "haskell-users-guide.xml";
@ -51,8 +56,11 @@ stdenv.mkDerivation {
inputFile = ./../pkgs/development/idris-modules/README.md;
outputFile = "languages-frameworks/idris.xml";
}
+ toDocbook {
inputFile = ./../pkgs/development/r-modules/README.md;
outputFile = "languages-frameworks/r.xml";
}
+ ''
cat languages-frameworks/idris.xml
echo ${nixpkgsVersion} > .version
xmllint --noout --nonet --xinclude --noxincludenode \

93
doc/haskell-users-guide.md
View file

@ -117,9 +117,10 @@ Also, the attributes `haskell.compiler.ghcXYC` and
### How to install a compiler
A simple development environment consists of a Haskell compiler and the tool
`cabal-install`, and we saw in section [How to install Haskell packages] how
you can install those programs into your user profile:
A simple development environment consists of a Haskell compiler and one or both
of the tools `cabal-install` and `stack`. We saw in section
[How to install Haskell packages] how you can install those programs into your
user profile:
$ nix-env -f "<nixpkgs>" -iA haskellPackages.ghc haskellPackages.cabal-install
@ -148,10 +149,16 @@ version; just enter the Nix shell environment with the command
$ nix-shell -p haskell.compiler.ghc784
to bring GHC 7.8.4 into `$PATH`. Re-running `cabal configure` switches your
build to use that compiler instead. If you're working on a project that doesn't
depend on any additional system libraries outside of GHC, then it's sufficient
even to run the `cabal configure` command inside of the shell:
to bring GHC 7.8.4 into `$PATH`. Alternatively, you can use Stack instead of
`nix-shell` directly to select compiler versions and other build tools
per-project. It uses `nix-shell` under the hood when Nix support is turned on.
See [How to build a Haskell project using Stack].
If you're using `cabal-install`, re-running `cabal configure` inside the spawned
shell switches your build to use that compiler instead. If you're working on
a project that doesn't depend on any additional system libraries outside of GHC,
then it's even sufficient to just run the `cabal configure` command inside of
the shell:
$ nix-shell -p haskell.compiler.ghc784 --command "cabal configure"
@ -320,6 +327,58 @@ security reasons, which might be quite an inconvenience. See [this
page](http://kb.mozillazine.org/Links_to_local_pages_do_not_work) for
workarounds.
### How to build a Haskell project using Stack
[Stack][http://haskellstack.org] is a popular build tool for Haskell projects.
It has first-class support for Nix. Stack can optionally use Nix to
automatically select the right version of GHC and other build tools to build,
test and execute apps in an existing project downloaded from somewhere on the
Internet. Pass the `--nix` flag to any `stack` command to do so, e.g.
$ git clone --recursive http://github.com/yesodweb/wai
$ cd wai
$ stack --nix build
If you want `stack` to use Nix by default, you can add a `nix` section to the
`stack.yaml` file, as explained in the [Stack documentation][stack-nix-doc]. For
example:
nix:
enable: true
packages: [pkgconfig zeromq zlib]
The example configuration snippet above tells Stack to create an ad hoc
environment for `nix-shell` as in the below section, in which the `pkgconfig`,
`zeromq` and `zlib` packages from Nixpkgs are available. All `stack` commands
will implicitly be executed inside this ad hoc environment.
Some projects have more sophisticated needs. For examples, some ad hoc
environments might need to expose Nixpkgs packages compiled in a certain way, or
with extra environment variables. In these cases, you'll need a `shell` field
instead of `packages`:
nix:
enable: true
shell-file: shell.nix
For more on how to write a `shell.nix` file see the below section. You'll need
to express a derivation. Note that Nixpkgs ships with a convenience wrapper
function around `mkDerivation` called `haskell.lib.buildStackProject` to help you
create this derivation in exactly the way Stack expects. All of the same inputs
as `mkDerivation` can be provided. For example, to build a Stack project that
including packages that link against a version of the R library compiled with
special options turned on:
with (import <nixpkgs> { });
let R = pkgs.R.override { enableStrictBarrier = true; };
in
haskell.lib.buildStackProject {
name = "HaskellR";
buildInputs = [ R zeromq zlib ];
}
[stack-nix-doc]: http://docs.haskellstack.org/en/stable/nix_integration.html
### How to create ad hoc environments for `nix-shell`
@ -605,7 +664,7 @@ can configure the environment variables
in their `~/.bashrc` file to avoid the compiler error.
### Using Stack together with Nix
### Builds using Stack complain about missing system libraries
-- While building package zlib-0.5.4.2 using:
runhaskell -package=Cabal-1.22.4.0 -clear-package-db [... lots of flags ...]
@ -633,13 +692,16 @@ means specific to Stack: you'll have that problem with any other
Haskell package that's built inside of nix-shell but run outside of that
environment.
I suppose we could try to remedy the issue by wrapping `stack` or
`cabal` with a script that tries to find those kind of implicit search
paths and makes them explicit on the "cabal configure" command line. I
don't think anyone is working on that subject yet, though, because the
problem doesn't seem so bad in practice.
You can remedy this issue in several ways. The easiest is to add a `nix` section
to the `stack.yaml` like the following:
You can remedy that issue in several ways. First of all, run
nix:
enable: true
packages: [ zlib ]
Stack's Nix support knows to add `${zlib}/lib` and `${zlib}/include` as an
`--extra-lib-dirs` and `extra-include-dirs`, respectively. Alternatively, you
can achieve the same effect by hand. First of all, run
$ nix-build --no-out-link "<nixpkgs>" -A zlib
/nix/store/alsvwzkiw4b7ip38l4nlfjijdvg3fvzn-zlib-1.2.8
@ -663,7 +725,8 @@ to find out the store path of the system's zlib library. Now, you can
Typically, you'll need --extra-include-dirs as well. It's possible
to add those flag to the project's "stack.yaml" or your user's
global "~/.stack/global/stack.yaml" file so that you don't have to
specify them manually every time.
specify them manually every time. But again, you're likely better off using
Stack's Nix support instead.
The same thing applies to `cabal configure`, of course, if you're
building with `cabal-install` instead of Stack.

48
doc/introduction.md Normal file
View file

@ -0,0 +1,48 @@
---
title: Introduction
author: Frederik Rietdijk
date: 2015-11-25
---
# Introduction
The Nix Packages collection (Nixpkgs) is a set of over 30,000 packages for the
[Nix package manager](http://nixos.org/nix/), released under a [permissive MIT/X11 license](https://github.com/NixOS/nixpkgs/blob/master/COPYING).
Packages are available for several architectures, and can be used with the Nix package manager
on most GNU/Linux distributions as well as NixOS.
This manual describes how to write packages for the Nix Packages collection
(Nixpkgs). Thus its for packagers and developers who want to add packages to
Nixpkgs. If you like to learn more about the Nix package manager and the Nix
expression language, then you are kindly referred to the [Nix manual](http://nixos.org/nix/manual/).
## Overview of Nixpkgs
Nix expressions describe how to build packages from source and are collected in
the [nixpkgs repository](https://github.com/NixOS/nixpkgs). Also included in the
collection are Nix expressions for [NixOS modules](http://nixos.org/nixos/manual/index.html#sec-writing-modules). With
these expressions the Nix package manager can build binary packages.
Packages, including the Nix packages collection, are distributed through
[channels](http://nixos.org/nix/manual/#sec-channels). The collection is
distributed for users of Nix on non-NixOS distributions through the channel
`nixpkgs`. Users of NixOS generally use one of the `nixos-*` channels, e.g.
`nixos-15.09`, which includes all packages and modules for the stable NixOS
15.09. The channels of the stable NixOS releases are generally only given
security updates. More up to date packages and modules are available via the
`nixos-unstable` channel.
Both `nixos-unstable` and `nixpkgs` follow the `master` branch of the Nixpkgs
repository, although both do lag the `master` branch by generally [a couple of days](http://howoldis.herokuapp.com/). Updates to a channel are distributed as
soon as all tests for that channel pass, e.g. [this table](http://hydra.nixos.org/job/nixpkgs/trunk/unstable#tabs-constituents)
shows the status of tests for the `nixpkgs` channel.
The tests are conducted by a cluster called [Hydra](http://nixos.org/hydra/),
which also builds binary packages from the Nix expressions in Nixpkgs. As soon
as a channel is updated, the binaries are made available via a [binary cache](https://cache.nixos.org). Until the channel updates, binaries that have
already been built, are available via [Hydra's binary cache](https://hydra.nixos.org).
The current Nix expressions of the channels are available in the
[`nixpkgs-channels`](https://github.com/NixOS/nixpkgs-channels) repository,
which has branches corresponding to the available channels. There is also the
Nixpkgs Monitor which keeps track of updates and security vulnerabilities.

21
doc/introduction.xml
View file

@ -1,21 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-introduction">
<title>Introduction</title>
<para>This manual tells you how to write packages for the Nix Packages
collection (Nixpkgs). Thus its for packagers and developers who want
to add packages to Nixpkgs. End users are kindly referred to the
<link xlink:href="http://hydra.nixos.org/job/nix/trunk/tarball/latest/download-by-type/doc/manual">Nix
manual</link>.</para>
<para>This manual does not describe the syntax and semantics of the
Nix expression language, which are given in the Nix manual in the
<link
xlink:href="http://hydra.nixos.org/job/nix/trunk/tarball/latest/download-by-type/doc/manual/#chap-writing-nix-expressions">chapter
on writing Nix expressions</link>. It only describes the facilities
provided by Nixpkgs to make writing packages easier, such as the
standard build environment (<literal>stdenv</literal>).</para>
</chapter>

1
doc/languages-frameworks/index.xml
View file

@ -21,6 +21,7 @@ such as Perl or Haskell. These are described in this chapter.</para>
<xi:include href="lua.xml" />
<xi:include href="coq.xml" />
<xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md -->
<xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md -->
<xi:include href="qt.xml" />

33
doc/meta.xml
View file

@ -258,45 +258,54 @@ a value from <varname>stdenv.lib.licenses</varname> defined in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>,
or in-place license description of the same format if the license is
unlikely to be useful in another expression.
unlikely to be useful in another expression.</para>
<para>Although it's typically better to indicate the specific license,
a few generic options are available:
A few generic options are available, although it's typically better
to indicate the specific license:
<variablelist>
<varlistentry>
<term><varname>free</varname></term>
<term><varname>stdenv.lib.licenses.free</varname>,
<varname>"free"</varname></term>
<listitem><para>Catch-all for free software licenses not listed
above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree-redistributable</varname></term>
<term><varname>stdenv.lib.licenses.unfreeRedistributable</varname>,
<varname>"unfree-redistributable"</varname></term>
<listitem><para>Unfree package that can be redistributed in binary
form. That is, its legal to redistribute the
form. That is, its legal to redistribute the
<emphasis>output</emphasis> of the derivation. This means that
the package can be included in the Nixpkgs
channel.</para>
<para>Sometimes proprietary software can only be redistributed
unmodified. Make sure the builder doesnt actually modify the
unmodified. Make sure the builder doesnt actually modify the
original binaries; otherwise were breaking the license. For
instance, the NVIDIA X11 drivers can be redistributed unmodified,
but our builder applies <command>patchelf</command> to make them
work. Thus, its license is <varname>unfree</varname> and it
work. Thus, its license is <varname>"unfree"</varname> and it
cannot be included in the Nixpkgs channel.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree</varname></term>
<listitem><para>Unfree package that cannot be redistributed. You
<term><varname>stdenv.lib.licenses.unfree</varname>,
<varname>"unfree"</varname></term>
<listitem><para>Unfree package that cannot be redistributed. You
can build it yourself, but you cannot redistribute the output of
the derivation. Thus it cannot be included in the Nixpkgs
the derivation. Thus it cannot be included in the Nixpkgs
channel.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree-redistributable-firmware</varname></term>
<term><varname>stdenv.lib.licenses.unfreeRedistributableFirmware</varname>,
<varname>"unfree-redistributable-firmware"</varname></term>
<listitem><para>This package supplies unfree, redistributable
firmware. This is a separate value from
<varname>unfree-redistributable</varname> because not everybody

5
lib/licenses.nix
View file

@ -155,6 +155,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Common Public License 1.0";
};
doc = spdx {
spdxId = "DOC";
fullName = "DOC License";
};
efl10 = spdx {
spdxId = "EFL-1.0";
fullName = "Eiffel Forum License v1.0";

61
lib/maintainers.nix
View file

@ -1,19 +1,21 @@
/* -*- coding: utf-8; -*- */
/* List of NixOS maintainers. The format is:
handle = "Real Name <address@example.org>";
where <handle> is preferred to be your GitHub username (so it's easy
to ping a package @<handle>), and <Real Name> is your real name, not
a pseudonym. Please keep the list alphabetically sorted. */
{
/* Add your name and email address here.
Keep the list alphabetically sorted.
Prefer the same attrname as your github username, please,
so it's easy to ping a package @maintainer.
*/
aaronschif = "Aaron Schif <aaronschif@gmail.com>";
a1russell = "Adam Russell <adamlr6+pub@gmail.com>";
aaronschif = "Aaron Schif <aaronschif@gmail.com>";
abaldeau = "Andreas Baldeau <andreas@baldeau.net>";
abbradar = "Nikolay Amiantov <ab@fmap.me>";
adev = "Adrien Devresse <adev@adev.name>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
aboseley = "Adam Boseley <adam.boseley@gmail.com>";
adev = "Adrien Devresse <adev@adev.name>";
aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";
aflatter = "Alexander Flatter <flatter@fastmail.fm>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";
aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
akaWolf = "Artjom Vejsel <akawolf0@gmail.com>";
@ -32,6 +34,7 @@
ardumont = "Antoine R. Dumont <eniotna.t@gmail.com>";
aristid = "Aristid Breitkreuz <aristidb@gmail.com>";
arobyn = "Alexei Robyn <shados@shados.net>";
artuuge = "Artur E. Ruuge <artuuge@gmail.com>";
asppsa = "Alastair Pharo <asppsa@gmail.com>";
astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
aszlig = "aszlig <aszlig@redmoonstudios.org>";
@ -45,8 +48,8 @@
bcarrell = "Brandon Carrell <brandoncarrell@gmail.com>";
bcdarwin = "Ben Darwin <bcdarwin@gmail.com>";
bdimcheff = "Brandon Dimcheff <brandon@dimcheff.com>";
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
benley = "Benjamin Staffin <benley@gmail.com>";
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
berdario = "Dario Bertini <berdario@gmail.com>";
bergey = "Daniel Bergey <bergey@teallabs.org>";
bjg = "Brian Gough <bjg@gnu.org>";
@ -58,6 +61,7 @@
bosu = "Boris Sukholitko <boriss@gmail.com>";
bramd = "Bram Duvigneau <bram@bramd.nl>";
bstrik = "Berno Strik <dutchman55@gmx.com>";
bzizou = "Bruno Bzeznik <Bruno@bzizou.net>";
c0dehero = "CodeHero <codehero@nerdpol.ch>";
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
campadrenalin = "Philip Horger <campadrenalin@gmail.com>";
@ -66,21 +70,24 @@
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
chattered = "Phil Scott <me@philscotted.com>";
christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
codsl = "codsl <codsl@riseup.net>";
codyopel = "Cody Opel <codyopel@gmail.com>";
colemickens = "Cole Mickens <cole.mickens@gmail.com>";
copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
couchemar = "Andrey Pavlov <couchemar@yandex.ru>";
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
cwoac = "Oliver Matthews <oliver@codersoffortune.net>";
DamienCassou = "Damien Cassou <damien@cassou.me>";
dasuxullebt = "Christoph-Simon Senjak <christoph.senjak@googlemail.com>";
davidak = "David Kleuker <post@davidak.de>";
davidrusu = "David Rusu <davidrusu.me@gmail.com>";
dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
deepfire = "Kosyrev Serge <_deepfire@feelingofgreen.ru>";
demin-dmitriy = "Dmitriy Demin <demindf@gmail.com>";
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
desiderius = "Didier J. Devroye <didier@devroye.name>";
devhell = "devhell <\"^\"@regexmail.net>";
dezgeg = "Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>";
@ -94,6 +101,7 @@
eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
ehegnes = "Eric Hegnes <eric.hegnes@gmail.com>";
ehmry = "Emery Hemingway <emery@vfemail.net>";
eikek = "Eike Kettner <eike.kettner@posteo.de>";
elasticdog = "Aaron Bull Schaefer <aaron@elasticdog.com>";
@ -119,6 +127,7 @@
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
fxfactorial = "Edgar Aroutiounian <edgar.factorial@gmail.com>";
gal_bolle = "Florent Becker <florent.becker@ens-lyon.org>";
garbas = "Rok Garbas <rok@garbas.si>";
garrison = "Jim Garrison <jim@garrison.cc>";
@ -129,6 +138,7 @@
gleber = "Gleb Peregud <gleber.p@gmail.com>";
globin = "Robin Gloster <mail@glob.in>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
Gonzih = "Max Gonzih <gonzih@gmail.com>";
gridaphobe = "Eric Seidel <eric@seidel.io>";
guibert = "David Guibert <david.guibert@gmail.com>";
havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
@ -140,6 +150,7 @@
iand675 = "Ian Duncan <ian@iankduncan.com>";
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
iElectric = "Domen Kozar <domen@dev.si>";
igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
@ -157,6 +168,7 @@
joelmo = "Joel Moberg <joel.moberg@gmail.com>";
joelteon = "Joel Taylor <me@joelt.io>";
jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
jraygauthier = "Raymond Gauthier <jraygauthier@gmail.com>";
jwiegley = "John Wiegley <johnw@newartisans.com>";
jwilberding = "Jordan Wilberding <jwilberding@afiniate.com>";
jzellner = "Jeff Zellner <jeffz@eml.cc>";
@ -172,6 +184,7 @@
lassulus = "Lassulus <lassulus@gmail.com>";
layus = "Guillaume Maudoux <layus.on@gmail.com>";
lebastr = "Alexander Lebedev <lebastr@gmail.com>";
leenaars = "Michiel Leenaars <ml.software@leenaa.rs>";
leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
lewo = "Antoine Eiche <lewo@abesis.fr>";
@ -184,8 +197,9 @@
lowfatcomputing = "Andreas Wagner <andreas.wagner@lowfatcomputing.org>";
lsix = "Lancelot SIX <lsix@lancelotsix.com>";
ludo = "Ludovic Courtès <ludo@gnu.org>";
lukego = "Luke Gorrie <luke@snabb.co>";
luispedro = "Luis Pedro Coelho <luis@luispedro.org>";
lukasepple = "Lukas Epple <post@lukasepple.de>";
lukego = "Luke Gorrie <luke@snabb.co>";
lw = "Sergey Sofeychuk <lw@fmap.me>";
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
magnetophon = "Bart Brouns <bart@magnetophon.nl>";
@ -195,24 +209,26 @@
manveru = "Michael Fellinger <m.fellinger@gmail.com>";
marcweber = "Marc Weber <marco-oweber@gmx.de>";
markWot = "Markus Wotringer <markus@wotringer.de>";
maurer = "Matthew Maurer <matthew.r.maurer+nix@gmail.com>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
mathnerd314 = "Mathnerd314 <mathnerd314.gph+hs@gmail.com>";
matthiasbeyer = "Matthias Beyer <mail@beyermatthias.de>";
maurer = "Matthew Maurer <matthew.r.maurer+nix@gmail.com>";
mbakke = "Marius Bakke <ymse@tuta.io>";
mbe = "Brandon Edens <brandonedens@gmail.com>";
mboes = "Mathieu Boespflug <mboes@tweag.net>";
mcmtroffaes = "Matthias C. M. Troffaes <matthias.troffaes@gmail.com>";
meditans = "Carlo Nucera <meditans@gmail.com>";
meisternu = "Matt Miemiec <meister@krutt.org>";
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
michaelpj = "Michael Peyton Jones <michaelpj@gmail.com>";
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
mingchuan = "Ming Chuan <ming@culpring.com>";
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mog = "Matthew O'Gorman <mog-lists@rldn.net>";
mornfall = "Petr Ročkai <me@mornfall.net>";
MP2E = "Cray Elliott <MP2E@archlinux.us>";
msackman = "Matthew Sackman <matthew@wellquite.org>";
mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
msteen = "Matthijs Steen <emailmatthijs@gmail.com>";
mtreskin = "Max Treskin <zerthurd@gmail.com>";
mudri = "James Wood <lamudri@gmail.com>";
@ -220,6 +236,7 @@
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
nequissimus = "Tim Steinbach <tim@nequissimus.com>";
nfjinjing = "Jinjing Wang <nfjinjing@gmail.com>";
nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
@ -238,8 +255,9 @@
palo = "Ingolf Wanger <palipalo9@googlemail.com>";
pashev = "Igor Pashev <pashev.igor@gmail.com>";
pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
phile314 = "Philipp Hausmann <nix@314.ch>";
philandstuff = "Philip Potter <philip.g.potter@gmail.com>";
phile314 = "Philipp Hausmann <nix@314.ch>";
Phlogistique = "Noé Rubinstein <noe.rubinstein@gmail.com>";
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
phunehehe = "Hoang Xuan Phu <phunehehe@gmail.com>";
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
@ -248,7 +266,6 @@
pjones = "Peter Jones <pjones@devalot.com>";
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
Phlogistique = "Noé Rubinstein <noe.rubinstein@gmail.com>";
pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
@ -276,6 +293,7 @@
rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
rvl = "Rodney Lorrimar <dev+nix@rodney.id.au>";
rvlander = "Gaëtan André <rvlander@gaetanandre.eu>";
ryantm = "Ryan Mulligan <ryan@ryantm.com>";
rycee = "Robert Helgesson <robert@rycee.net>";
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
@ -291,6 +309,8 @@
sjmackenzie = "Stewart Mackenzie <setori88@gmail.com>";
sjourdois = "Stéphane kwisatz Jourdois <sjourdois@gmail.com>";
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
skrzyp = "Jakub Skrzypnik <jot.skrzyp@gmail.com>";
sleexyz = "Sean Lee <freshdried@gmail.com>";
smironov = "Sergey Mironov <ierton@gmail.com>";
spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
spencerjanssen = "Spencer Janssen <spencerjanssen@gmail.com>";
@ -317,7 +337,7 @@
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
travisbhartwell = "Travis B. Hartwell <nafai@travishartwell.net>";
trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";
tstrobel = "Thomas Strobel <ts468@cam.ac.uk>";
tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>";
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
tv = "Tomislav Viljetić <tv@shackspace.de>";
tvestelind = "Tomas Vestelind <tomas.vestelind@fripost.org>";
@ -338,9 +358,9 @@
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
wjlroe = "William Roe <willroe@gmail.com>";
womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
wkennington = "William A. Kennington III <william@wkennington.com>";
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
wscott = "Wayne Scott <wsc9tt@gmail.com>";
wyvie = "Elijah Rum <elijahrum@gmail.com>";
yarr = "Dmitry V. <savraz@gmail.com>";
@ -350,5 +370,4 @@
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
zohl = "Al Zohali <zohl@fmap.me>";
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
Gonzih = "Max Gonzih <gonzih@gmail.com>";
}

29
lib/platforms.nix
View file

@ -1,21 +1,24 @@
let lists = import ./lists.nix; in
rec {
gnu = linux; /* ++ hurd ++ kfreebsd ++ ... */
linux = ["i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "mips64el-linux"];
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd ++ netbsd ++ illumos;
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
none = [];
arm = ["armv5tel-linux" "armv6l-linux" "armv7l-linux" ];
i686 = ["i686-linux" "i686-freebsd" "i686-netbsd" "i686-cygwin"];
mips = [ "mips64el-linux" ];
x86_64 = ["x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin"];
cygwin = ["i686-cygwin" "x86_64-cygwin"];
darwin = ["x86_64-darwin"];
freebsd = ["i686-freebsd" "x86_64-freebsd"];
openbsd = ["i686-openbsd" "x86_64-openbsd"];
netbsd = ["i686-netbsd" "x86_64-netbsd"];
cygwin = ["i686-cygwin" "x86_64-cygwin"];
gnu = linux; /* ++ hurd ++ kfreebsd ++ ... */
illumos = ["x86_64-solaris"];
linux = ["i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "mips64el-linux"];
netbsd = ["i686-netbsd" "x86_64-netbsd"];
openbsd = ["i686-openbsd" "x86_64-openbsd"];
unix = linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos;
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd ++ netbsd ++ illumos;
none = [];
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
x86_64 = ["x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin"];
i686 = ["i686-linux" "i686-freebsd" "i686-netbsd" "i686-cygwin"];
arm = ["armv5tel-linux" "armv6l-linux" "armv7l-linux" ];
mips = [ "mips64el-linux" ];
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux"];
}

6
lib/systems.nix
View file

@ -84,10 +84,10 @@ rec {
};
isDarwin = matchAttrs { kernel = kernels.darwin; };
isLinux = matchAttrs { kernel = kernels.linux; };
isi686 = matchAttrs { cpu = cpuTypes.i686; };
is64Bit = matchAttrs { cpu = { bits = 64; }; };
isDarwin = matchAttrs { kernel = kernels.darwin; };
isi686 = matchAttrs { cpu = cpuTypes.i686; };
isLinux = matchAttrs { kernel = kernels.linux; };
# This should revert the job done by config.guess from the gcc compiler.

10
lib/tests/release.nix
View file

@ -11,14 +11,14 @@ stdenv.mkDerivation {
buildCommand = ''
datadir="${nix}/share"
export TEST_ROOT=$(pwd)/test-tmp
export NIX_STORE_DIR=$TEST_ROOT/store
export NIX_BUILD_HOOK=
export NIX_CONF_DIR=$TEST_ROOT/etc
export NIX_DB_DIR=$TEST_ROOT/db
export NIX_LOCALSTATE_DIR=$TEST_ROOT/var
export NIX_LOG_DIR=$TEST_ROOT/var/log/nix
export NIX_STATE_DIR=$TEST_ROOT/var/nix
export NIX_DB_DIR=$TEST_ROOT/db
export NIX_CONF_DIR=$TEST_ROOT/etc
export NIX_MANIFESTS_DIR=$TEST_ROOT/var/nix/manifests
export NIX_BUILD_HOOK=
export NIX_STATE_DIR=$TEST_ROOT/var/nix
export NIX_STORE_DIR=$TEST_ROOT/store
export PAGER=cat
cacheDir=$TEST_ROOT/binary-cache
nix-store --init

21
lib/trivial.nix
View file

@ -75,4 +75,25 @@ rec {
min = x: y: if x < y then x else y;
max = x: y: if x > y then x else y;
/* Reads a JSON file. It is useful to import pure data into other nix
expressions.
Example:
mkDerivation {
src = fetchgit (importJSON ./repo.json)
#...
}
where repo.json contains:
{
"url": "git://some-domain/some/repo",
"rev": "265de7283488964f44f0257a8b4a055ad8af984d",
"sha256": "0sb3h3067pzf3a7mlxn1hikpcjrsvycjcnj9hl9b1c3ykcgvps7h"
}
*/
importJSON = path:
builtins.fromJSON (builtins.readFile path);
}

2
lib/types.nix
View file

@ -93,7 +93,7 @@ rec {
# derivation is a reserved keyword.
package = mkOptionType {
name = "derivation";
name = "package";
check = x: isDerivation x || isStorePath x;
merge = loc: defs:
let res = mergeOneOption loc defs;

3
maintainers/scripts/find-tarballs.nix
View file

@ -18,7 +18,8 @@ let
fetchurlDependencies =
filter
(drv: drv.outputHash or "" != "" && drv.outputHashMode == "flat" && drv.postFetch or "" == "" && drv ? urls)
(drv: drv.outputHash or "" != "" && drv.outputHashMode or "flat" == "flat"
&& drv.postFetch or "" == "" && drv ? urls)
dependencies;
dependencies = map (x: x.value) (genericClosure {

1122
maintainers/scripts/gnu/gnupdate
View file

File diff suppressed because it is too large Load diff

2
maintainers/scripts/nix-call-package
View file

@ -1,5 +1,5 @@
#! /bin/sh
echo "let pkgs = import /etc/nixos/nixpkgs$2 {}; x = pkgs.callPackage $1 { $3 }; in ${4:-x}" |
echo "let pkgs = import <nixpkgs$2> {}; x = pkgs.callPackage $1 { $3 }; in ${4:-x}" |
nix-instantiate --show-trace - |
xargs nix-store -r -K

12
maintainers/scripts/nix-generate-from-cpan.nix
View file

@ -1,22 +1,24 @@
{ stdenv, makeWrapper, perl, perlPackages }:
stdenv.mkDerivation {
name = "nix-generate-from-cpan-1";
name = "nix-generate-from-cpan-2";
buildInputs = [ makeWrapper perl perlPackages.YAMLLibYAML perlPackages.JSON perlPackages.CPANPLUS ];
buildInputs = with perlPackages; [
makeWrapper perl CPANMeta GetoptLongDescriptive CPANPLUS Readonly Log4Perl
];
unpackPhase = "true";
buildPhase = "true";
phases = [ "installPhase" ];
installPhase =
''
mkdir -p $out/bin
cp ${./nix-generate-from-cpan.pl} $out/bin/nix-generate-from-cpan
patchShebangs $out/bin/nix-generate-from-cpan
wrapProgram $out/bin/nix-generate-from-cpan --set PERL5LIB $PERL5LIB
'';
meta = {
maintainers = [ stdenv.lib.maintainers.eelco ];
maintainers = with stdenv.lib.maintainers; [ eelco rycee ];
description = "Utility to generate a Nix expression for a Perl package from CPAN";
};
}

479
maintainers/scripts/nix-generate-from-cpan.pl
View file

@ -1,154 +1,440 @@
#! /run/current-system/sw/bin/perl -w
#!/usr/bin/env perl
use utf8;
use strict;
use CPANPLUS::Backend;
use YAML::XS;
use JSON;
use warnings;
my $module_name = $ARGV[0];
die "syntax: $0 <MODULE-NAME>\n" unless defined $module_name;
use CPAN::Meta();
use CPANPLUS::Backend();
use Getopt::Long::Descriptive qw( describe_options );
use JSON::PP qw( encode_json );
use Log::Log4perl qw(:easy);
use Readonly();
my $cb = CPANPLUS::Backend->new;
# Readonly hash that maps CPAN style license strings to information
# necessary to generate a Nixpkgs style license attribute.
Readonly::Hash my %LICENSE_MAP => (
my @modules = $cb->search(type => "name", allow => [$module_name]);
die "module $module_name not found\n" if scalar @modules == 0;
die "multiple packages that match module $module_name\n" if scalar @modules > 1;
my $module = $modules[0];
# The Perl 5 License (Artistic 1 & GPL 1 or later).
perl_5 => {
licenses => [qw( artistic1 gpl1Plus )]
},
# GNU Affero General Public License, Version 3.
agpl_3 => {
licenses => [qw( agpl3Plus )],
amb => 1
},
# Apache Software License, Version 1.1.
apache_1_1 => {
licenses => ["Apache License 1.1"],
in_set => 0
},
# Apache License, Version 2.0.
apache_2_0 => {
licenses => [qw( asl20 )]
},
# Artistic License, (Version 1).
artistic_1 => {
licenses => [qw( artistic1 )]
},
# Artistic License, Version 2.0.
artistic_2 => {
licenses => [qw( artistic2 )]
},
# BSD License (three-clause).
bsd => {
licenses => [qw( bsd3 )],
amb => 1
},
# FreeBSD License (two-clause).
freebsd => {
licenses => [qw( bsd2 )]
},
# GNU Free Documentation License, Version 1.2.
gfdl_1_2 => {
licenses => [qw( fdl12 )]
},
# GNU Free Documentation License, Version 1.3.
gfdl_1_3 => {
licenses => [qw( fdl13 )]
},
# GNU General Public License, Version 1.
gpl_1 => {
licenses => [qw( gpl1Plus )],
amb => 1
},
# GNU General Public License, Version 2. Note, we will interpret
# "gpl" alone as GPL v2+.
gpl_2 => {
licenses => [qw( gpl2Plus )],
amb => 1
},
# GNU General Public License, Version 3.
gpl_3 => {
licenses => [qw( gpl3Plus )],
amb => 1
},
# GNU Lesser General Public License, Version 2.1. Note, we will
# interpret "gpl" alone as LGPL v2.1+.
lgpl_2_1 => {
licenses => [qw( lgpl21Plus )],
amb => 1
},
# GNU Lesser General Public License, Version 3.0.
lgpl_3_0 => {
licenses => [qw( lgpl3Plus )],
amb => 1
},
# MIT (aka X11) License.
mit => {
licenses => [qw( mit )]
},
# Mozilla Public License, Version 1.0.
mozilla_1_0 => {
licenses => [qw( mpl10 )]
},
# Mozilla Public License, Version 1.1.
mozilla_1_1 => {
licenses => [qw( mpl11 )]
},
# OpenSSL License.
openssl => {
licenses => [qw( openssl )]
},
# Q Public License, Version 1.0.
qpl_1_0 => {
licenses => [qw( qpl )]
},
# Original SSLeay License.
ssleay => {
licenses => ["Original SSLeay License"],
in_set => 0
},
# Sun Internet Standards Source License (SISSL).
sun => {
licenses => ["Sun Industry Standards Source License v1.1"],
in_set => 0
},
# zlib License.
zlib => {
licenses => [qw( zlib )]
},
# Other Open Source Initiative (OSI) approved license.
open_source => {
licenses => [qw( free )],
amb => 1
},
# Requires special permission from copyright holder.
restricted => {
licenses => [qw( unfree )],
amb => 1
},
# Not an OSI approved license, but not restricted. Note, we
# currently map this to unfreeRedistributable, which is a
# conservative choice.
unrestricted => {
licenses => [qw( unfreeRedistributable )],
amb => 1
},
# License not provided in metadata.
unknown => {
licenses => [qw( unknown )],
amb => 1
}
);
sub handle_opts {
my ( $opt, $usage ) = describe_options(
'usage: $0 %o MODULE',
[ 'maintainer|m=s', 'the package maintainer' ],
[ 'debug|d', 'enable debug output' ],
[ 'help', 'print usage message and exit' ]
);
if ( $opt->help ) {
print $usage->text;
exit;
}
my $module_name = $ARGV[0];
if ( !defined $module_name ) {
print STDERR "Missing module name\n";
print STDERR $usage->text;
exit 1;
}
return ( $opt, $module_name );
}
# Takes a Perl package attribute name and returns 1 if the name cannot
# be referred to as a bareword. This typically happens if the package
# name is a reserved Nix keyword.
sub is_reserved {
my ($pkg) = @_;
return $pkg =~ /^(?: assert |
else |
if |
import |
in |
inherit |
let |
rec |
then |
while |
with )$/x;
}
sub pkg_to_attr {
my ($pkg_name) = @_;
my $attr_name = $pkg_name;
$attr_name =~ s/-\d.*//; # strip version
return "LWP" if $attr_name eq "libwww-perl";
$attr_name =~ s/-//g;
return $attr_name;
my ($module) = @_;
my $attr_name = $module->package_name;
if ( $attr_name eq "libwww-perl" ) {
return "LWP";
}
else {
$attr_name =~ s/-//g;
return $attr_name;
}
}
sub get_pkg_name {
my ($module) = @_;
my $pkg_name = $module->package;
$pkg_name =~ s/\.tar.*//;
$pkg_name =~ s/\.zip//;
return $pkg_name;
return $module->package_name . '-' . $module->package_version;
}
my $pkg_name = get_pkg_name $module;
my $attr_name = pkg_to_attr $pkg_name;
sub read_meta {
my ($pkg_path) = @_;
print STDERR "attribute name: ", $attr_name, "\n";
print STDERR "module: ", $module->module, "\n";
print STDERR "version: ", $module->version, "\n";
print STDERR "package: ", $module->package, , " (", $pkg_name, ", ", $attr_name, ")\n";
print STDERR "path: ", $module->path, "\n";
my $yaml_path = "$pkg_path/META.yml";
my $json_path = "$pkg_path/META.json";
my $meta;
my $tar_path = $module->fetch();
print STDERR "downloaded to: $tar_path\n";
print STDERR "sha-256: ", $module->status->checksum_value, "\n";
my $pkg_path = $module->extract();
print STDERR "unpacked to: $pkg_path\n";
my $meta;
if (-e "$pkg_path/META.yml") {
eval {
$meta = YAML::XS::LoadFile("$pkg_path/META.yml");
};
if ($@) {
system("iconv -f windows-1252 -t utf-8 '$pkg_path/META.yml' > '$pkg_path/META.yml.tmp'");
$meta = YAML::XS::LoadFile("$pkg_path/META.yml.tmp");
if ( -r $json_path ) {
$meta = CPAN::Meta->load_file($json_path);
}
elsif ( -r $yaml_path ) {
$meta = CPAN::Meta->load_file($yaml_path);
}
else {
WARN("package has no META.yml or META.json");
}
} elsif (-e "$pkg_path/META.json") {
local $/;
open(my $fh, '<', "$pkg_path/META.json") or die;
$meta = decode_json(<$fh>);
} else {
warn "package has no META.yml or META.json\n";
}
print STDERR "metadata: ", encode_json($meta), "\n" if defined $meta;
return $meta;
}
# Map a module to the attribute corresponding to its package
# (e.g. HTML::HeadParser will be mapped to HTMLParser, because that
# module is in the HTML-Parser package).
sub module_to_pkg {
my ($module_name) = @_;
my @modules = $cb->search(type => "name", allow => [$module_name]);
if (scalar @modules == 0) {
my ( $cb, $module_name ) = @_;
my @modules = $cb->search( type => "name", allow => [$module_name] );
if ( scalar @modules == 0 ) {
# Fallback.
$module_name =~ s/:://g;
return $module_name;
}
my $module = $modules[0];
my $attr_name = pkg_to_attr(get_pkg_name $module);
print STDERR "mapped dep $module_name to $attr_name\n";
my $module = $modules[0];
my $attr_name = pkg_to_attr($module);
DEBUG("mapped dep $module_name to $attr_name");
return $attr_name;
}
sub get_deps {
my ($type) = @_;
my $deps;
if (defined $meta->{prereqs}) {
die "unimplemented";
} elsif ($type eq "runtime") {
$deps = $meta->{requires};
} elsif ($type eq "configure") {
$deps = $meta->{configure_requires};
} elsif ($type eq "build") {
$deps = $meta->{build_requires};
}
my ( $cb, $meta, $type ) = @_;
return if !defined $meta;
my $prereqs = $meta->effective_prereqs;
my $deps = $prereqs->requirements_for( $type, "requires" );
my @res;
foreach my $n (keys %{$deps}) {
foreach my $n ( $deps->required_modules ) {
next if $n eq "perl";
# Hacky way to figure out if this module is part of Perl.
if ($n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/) {
if ( $n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/ && $n !~ /^if$/ ) {
eval "use $n;";
if (!$@) {
print STDERR "skipping Perl-builtin module $n\n";
if ( !$@ ) {
DEBUG("skipping Perl-builtin module $n");
next;
}
}
push @res, module_to_pkg($n);
my $pkg = module_to_pkg( $cb, $n );
# If the package name is reserved then we need to refer to it
# through the "self" variable.
$pkg = "self.\"$pkg\"" if is_reserved($pkg);
push @res, $pkg;
}
return @res;
}
sub uniq {
return keys %{{ map { $_ => 1 } @_ }};
return keys %{ { map { $_ => 1 } @_ } };
}
my @build_deps = sort(uniq(get_deps("configure"), get_deps("build"), get_deps("test")));
print STDERR "build deps: @build_deps\n";
sub render_license {
my ($cpan_license) = @_;
my @runtime_deps = sort(uniq(get_deps("runtime")));
print STDERR "runtime deps: @runtime_deps\n";
return if !defined $cpan_license;
my $homepage = $meta->{resources}->{homepage};
print STDERR "homepage: $homepage\n" if defined $homepage;
my $licenses;
my $description = $meta->{abstract};
if (defined $description) {
$description = uc(substr($description, 0, 1)) . substr($description, 1); # capitalise first letter
$description =~ s/\.$//; # remove period at the end
# If the license is ambiguous then we'll print an extra warning.
# For example, "gpl_2" is ambiguous since it may refer to exactly
# "GPL v2" or to "GPL v2 or later".
my $amb = 0;
# Whether the license is available inside `stdenv.lib.licenses`.
my $in_set = 1;
my $nix_license = $LICENSE_MAP{$cpan_license};
if ( !$nix_license ) {
WARN("Unknown license: $cpan_license");
$licenses = [$cpan_license];
$in_set = 0;
}
else {
$licenses = $nix_license->{licenses};
$amb = $nix_license->{amb};
$in_set = !$nix_license->{in_set};
}
my $license_line;
if ( @$licenses == 0 ) {
# Avoid defining the license line.
}
elsif ($in_set) {
my $lic = 'stdenv.lib.licenses';
if ( @$licenses == 1 ) {
$license_line = "$lic.$licenses->[0]";
}
else {
$license_line = "with $lic; [ " . join( ' ', @$licenses ) . " ]";
}
}
else {
if ( @$licenses == 1 ) {
$license_line = $licenses->[0];
}
else {
$license_line = '[ ' . join( ' ', @$licenses ) . ' ]';
}
}
INFO("license: $cpan_license");
WARN("License '$cpan_license' is ambiguous, please verify") if $amb;
return $license_line;
}
my ( $opt, $module_name ) = handle_opts();
Log::Log4perl->easy_init(
{
level => $opt->debug ? $DEBUG : $INFO,
layout => '%m%n'
}
);
my $cb = CPANPLUS::Backend->new;
my @modules = $cb->search( type => "name", allow => [$module_name] );
die "module $module_name not found\n" if scalar @modules == 0;
die "multiple packages that match module $module_name\n" if scalar @modules > 1;
my $module = $modules[0];
my $pkg_name = get_pkg_name $module;
my $attr_name = pkg_to_attr $module;
INFO( "attribute name: ", $attr_name );
INFO( "module: ", $module->module );
INFO( "version: ", $module->version );
INFO( "package: ", $module->package, " (", $pkg_name, ", ", $attr_name, ")" );
INFO( "path: ", $module->path );
my $tar_path = $module->fetch();
INFO( "downloaded to: ", $tar_path );
INFO( "sha-256: ", $module->status->checksum_value );
my $pkg_path = $module->extract();
INFO( "unpacked to: ", $pkg_path );
my $meta = read_meta($pkg_path);
DEBUG( "metadata: ", encode_json( $meta->as_struct ) ) if defined $meta;
my @build_deps = sort( uniq(
get_deps( $cb, $meta, "configure" ),
get_deps( $cb, $meta, "build" ),
get_deps( $cb, $meta, "test" )
) );
INFO("build deps: @build_deps");
my @runtime_deps = sort( uniq( get_deps( $cb, $meta, "runtime" ) ) );
INFO("runtime deps: @runtime_deps");
my $homepage = $meta ? $meta->resources->{homepage} : undef;
INFO("homepage: $homepage") if defined $homepage;
my $description = $meta ? $meta->abstract : undef;
if ( defined $description ) {
$description = uc( substr( $description, 0, 1 ) )
. substr( $description, 1 ); # capitalise first letter
$description =~ s/\.$//; # remove period at the end
$description =~ s/\s*$//;
$description =~ s/^\s*//;
print STDERR "description: $description\n";
$description =~ s/\n+/ /; # Replace new lines by space.
INFO("description: $description");
}
my $license = $meta->{license};
if (defined $license) {
$license = "perl5" if $license eq "perl_5";
print STDERR "license: $license\n";
}
#print(Data::Dumper::Dumper($meta->licenses) . "\n");
my $license = $meta ? render_license( $meta->licenses ) : undef;
my $build_fun = -e "$pkg_path/Build.PL" && ! -e "$pkg_path/Makefile.PL" ? "buildPerlModule" : "buildPerlPackage";
INFO( "RSS feed: https://metacpan.org/feed/distribution/",
$module->package_name );
my $build_fun = -e "$pkg_path/Build.PL"
&& !-e "$pkg_path/Makefile.PL" ? "buildPerlModule" : "buildPerlPackage";
print STDERR "===\n";
print <<EOF;
$attr_name = $build_fun {
${\(is_reserved($attr_name) ? "\"$attr_name\"" : $attr_name)} = $build_fun rec {
name = "$pkg_name";
src = fetchurl {
url = mirror://cpan/${\$module->path}/${\$module->package};
url = "mirror://cpan/${\$module->path}/\${name}.${\$module->package_extension}";
sha256 = "${\$module->status->checksum_value}";
};
EOF
@ -164,11 +450,14 @@ EOF
print <<EOF if defined $homepage;
homepage = $homepage;
EOF
print <<EOF if defined $description;
print <<EOF if defined $description && $description ne "Unknown";
description = "$description";
EOF
print <<EOF if defined $license;
license = "$license";
license = $license;
EOF
print <<EOF if $opt->maintainer;
maintainers = [ maintainers.${\$opt->maintainer} ];
EOF
print <<EOF;
};

11
maintainers/scripts/travis-nox-review-pr.sh
View file

@ -11,11 +11,7 @@ if [[ $1 == nix ]]; then
# Make sure we can use hydra's binary cache
sudo mkdir /etc/nix
sudo tee /etc/nix/nix.conf <<EOF >/dev/null
binary-caches = http://cache.nixos.org http://hydra.nixos.org
trusted-binary-caches = http://hydra.nixos.org
build-max-jobs = 4
EOF
sudo sh -c 'echo "build-max-jobs = 4" > /etc/nix/nix.conf'
# Verify evaluation
echo "=== Verifying that nixpkgs evaluates..."
@ -27,6 +23,9 @@ elif [[ $1 == nox ]]; then
elif [[ $1 == build ]]; then
source $HOME/.nix-profile/etc/profile.d/nix.sh
echo "=== Checking tarball creation"
nix-build pkgs/top-level/release.nix -A tarball
if [[ $TRAVIS_PULL_REQUEST == false ]]; then
echo "=== Not a pull request"
else
@ -41,8 +40,6 @@ elif [[ $1 == build ]]; then
exit 1
fi
fi
# echo "=== Checking tarball creation"
# nix-build pkgs/top-level/release.nix -A tarball
else
echo "$0: Unknown option $1" >&2
false

2
maintainers/scripts/vanity.sh
View file

@ -28,7 +28,7 @@ fetchGithubName () {
)"
userid="$(
curl https://github.com/NixOS/nixpkgs/commit/"$commitid" 2>/dev/null |
grep authored -B10 | grep 'href="/' |
grep committed -B10 | grep 'href="/' |
sed -re 's@.* href="/@@; s@".*@@' |
grep -v "/commit/"
)";

16
nixos/default.nix
View file

@ -1,20 +1,12 @@
{ configuration ? import ./lib/from-env.nix "NIXOS_CONFIG" <nixos-config>
, system ? builtins.currentSystem
, extraModules ? []
# This attribute is used to specify a different nixos version, a different
# system or additional modules which might be set conditionally.
, reEnter ? false
}:
let
reEnterModule = {
config.nixos.path = with (import ../lib); mkIf reEnter (mkForce null);
config.nixos.configuration = configuration;
};
eval = import ./lib/eval-config.nix {
inherit system;
modules = [ configuration reEnterModule ] ++ extraModules;
modules = [ configuration ];
};
inherit (eval) pkgs;
@ -22,14 +14,14 @@ let
# This is for `nixos-rebuild build-vm'.
vmConfig = (import ./lib/eval-config.nix {
inherit system;
modules = [ configuration reEnterModule ./modules/virtualisation/qemu-vm.nix ] ++ extraModules;
modules = [ configuration ./modules/virtualisation/qemu-vm.nix ];
}).config;
# This is for `nixos-rebuild build-vm-with-bootloader'.
vmWithBootLoaderConfig = (import ./lib/eval-config.nix {
inherit system;
modules =
[ configuration reEnterModule
[ configuration
./modules/virtualisation/qemu-vm.nix
{ virtualisation.useBootLoader = true; }
];
@ -38,7 +30,7 @@ let
in
{
inherit (eval.config.nixos.reflect) config options;
inherit (eval) config options;
system = eval.config.system.build.toplevel;

2
nixos/doc/manual/configuration/configuration.xml
View file

@ -26,8 +26,8 @@ effect after you run <command>nixos-rebuild</command>.</para>
<!-- FIXME: auto-include NixOS module docs -->
<xi:include href="postgresql.xml" />
<xi:include href="gitlab.xml" />
<xi:include href="acme.xml" />
<xi:include href="nixos.xml" />
<!-- Apache; libvirtd virtualisation -->

2
nixos/doc/manual/default.nix
View file

@ -56,8 +56,8 @@ let
cp -prd $sources/* . # */
chmod -R u+w .
cp ${../../modules/services/databases/postgresql.xml} configuration/postgresql.xml
cp ${../../modules/services/misc/gitlab.xml} configuration/gitlab.xml
cp ${../../modules/security/acme.xml} configuration/acme.xml
cp ${../../modules/misc/nixos.xml} configuration/nixos.xml
ln -s ${optionsDocBook} options-db.xml
echo "${version}" > version
'';

5
nixos/doc/manual/installation/installing.xml
View file

@ -22,7 +22,10 @@
(with empty password).</para></listitem>
<listitem><para>If you downloaded the graphical ISO image, you can
run <command>start display-manager</command> to start KDE.</para></listitem>
run <command>start display-manager</command> to start KDE. If you
want to continue on the terminal, you can use
<command>loadkeys</command> to switch to your preferred keyboard layout.
(We even provide neo2 via <command>loadkeys de neo</command>!)</para></listitem>
<listitem><para>The boot process should have brought up networking (check
<command>ip a</command>). Networking is necessary for the

2
nixos/doc/manual/release-notes/release-notes.xml
View file

@ -9,7 +9,7 @@
<para>This section lists the release notes for each stable version of NixOS
and current unstable revision.</para>
<xi:include href="rl-unstable.xml" />
<xi:include href="rl-1603.xml" />
<xi:include href="rl-1509.xml" />
<xi:include href="rl-1412.xml" />
<xi:include href="rl-1404.xml" />

87
nixos/doc/manual/release-notes/rl-unstable.xml → nixos/doc/manual/release-notes/rl-1603.xml
View file

@ -2,28 +2,15 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-unstable">
xml:id="sec-release-16.03">
<title>Unstable</title>
<title>Release 16.03 (“Emu”, 2016/03/??)</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights:</para>
<itemizedlist>
<listitem>
<para>You can now pin a specific version of NixOS in your <filename>configuration.nix</filename>
by setting:
<programlisting>
nixos.path = ./nixpkgs-unstable-2015-12-06/nixos;
</programlisting>
This will make NixOS re-evaluate your configuration with the modules of
the specified NixOS version at the given path. For more details, see
<xref linkend="module-misc-nixos" /></para>
</listitem>
<listitem>
<para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
The package and attribute names are plain <literal>firefox</literal>
@ -41,8 +28,10 @@ nixos.path = ./nixpkgs-unstable-2015-12-06/nixos;
<itemizedlist>
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
<listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
<listitem><para><literal>services/security/haka.nix</literal></para></listitem>
<listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem>
</itemizedlist>
</para>
@ -196,6 +185,68 @@ fileSystems."/example" = {
<literal>services.hardware.opengl.extraPackages{,32}</literal> instead. You can
also specify VDPAU drivers there.</para>
</listitem>
<listitem>
<para>
<literal>programs.ibus</literal> moved to <literal>i18n.inputMethod.ibus</literal>.
The option <literal>programs.ibus.plugins</literal> changed to <literal>i18n.inputMethod.ibus.engines</literal>
and the option to enable ibus changed from <literal>programs.ibus.enable</literal> to
<literal>i18n.inputMethod.enabled</literal>.
<literal>i18n.inputMethod.enabled</literal> should be set to the used input method name,
<literal>"ibus"</literal> for ibus.
An example of the new style:
<programlisting>
i18n.inputMethod.enabled = "ibus";
i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
</programlisting>
That is equivalent to the old version:
<programlisting>
programs.ibus.enable = true;
programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
</programlisting>
</para>
</listitem>
<listitem>
<para><literal>services.udev.extraRules</literal> option now writes rules
to <filename>99-local.rules</filename> instead of <filename>10-local.rules</filename>.
This makes all the user rules apply after others, so their results wouldn't be
overriden by anything else.</para>
</listitem>
<listitem>
<para>Large parts of the <literal>services.gitlab</literal> module has been
been rewritten. There are new configuration options available. The
<literal>stateDir</literal> option was renamned to
<literal>statePath</literal> and the <literal>satellitesDir</literal> option
was removed. Please review the currently available options.</para>
</listitem>
<listitem>
<para>
The option <option>services.nsd.zones.&lt;name&gt;.data</option> no
longer interpret the dollar sign ($) as a shell variable, as such it
should not be escaped anymore. Thus the following zone data:
</para>
<programlisting>
\$ORIGIN example.com.
\$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
</programlisting>
<para>
Should modified to look like the actual file expected by nsd:
</para>
<programlisting>
$ORIGIN example.com.
$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
</programlisting>
</listitem>
</itemizedlist>
@ -214,6 +265,12 @@ fileSystems."/example" = {
NixOS.</para>
</listitem>
<listitem>
<para>Input method support was improved. New NixOS modules (fcitx, nabi and uim),
fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n)
have been added.</para>
</listitem>
</itemizedlist></para>
</section>

2
nixos/lib/make-iso9660-image.nix
View file

@ -22,7 +22,7 @@
, # Whether this should be an efi-bootable El-Torito CD.
efiBootable ? false
, # Wheter this should be an hybrid CD (bootable from USB as well as CD).
, # Whether this should be an hybrid CD (bootable from USB as well as CD).
usbBootable ? false
, # The path (in the ISO file system) of the boot image.

41
nixos/modules/config/gtk-exe-env.nix
View file

@ -1,41 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
];
options = {
gtkPlugins = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
Plugin packages for GTK+ such as input methods.
'';
};
};
config = {
environment.variables = if builtins.length config.gtkPlugins > 0
then
let
paths = [ pkgs.gtk2 pkgs.gtk3 ] ++ config.gtkPlugins;
env = pkgs.buildEnv {
name = "gtk-exe-env";
inherit paths;
postBuild = lib.concatStringsSep "\n"
(map (d: d.gtkExeEnvPostBuild or "") paths);
ignoreCollisions = true;
};
in {
GTK_EXE_PREFIX = builtins.toString env;
GTK_PATH = [
"${env}/lib/gtk-2.0"
"${env}/lib/gtk-3.0"
];
}
else {};
};
}

37
nixos/modules/config/qt-plugin-env.nix
View file

@ -1,37 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
];
options = {
qtPlugins = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
Plugin packages for Qt such as input methods.
'';
};
};
config = {
environment.variables = if builtins.length config.qtPlugins > 0
then
let
paths = [ pkgs.qt48 ] ++ config.qtPlugins;
env = pkgs.buildEnv {
name = "qt-plugin-env";
inherit paths;
postBuild = lib.concatStringsSep "\n"
(map (d: d.qtPluginEnvPostBuild or "") paths);
ignoreCollisions = true;
};
in {
QT_PLUGIN_PATH = [ (builtins.toString env) ];
}
else {};
};
}

20
nixos/modules/config/vpnc.nix
View file

@ -17,16 +17,16 @@ in
services = mkOption {
type = types.attrsOf types.str;
default = {};
example = {
test =
''
IPSec gateway 192.168.1.1
IPSec ID someID
IPSec secret secretKey
Xauth username name
Xauth password pass
'';
};
example = literalExample ''
{ test = '''
IPSec gateway 192.168.1.1
IPSec ID someID
IPSec secret secretKey
Xauth username name
Xauth password pass
''';
}
'';
description =
''
The names of cisco VPNs and their associated definitions

2
nixos/modules/hardware/all-firmware.nix
View file

@ -22,7 +22,7 @@ with lib;
###### implementation
config = mkIf config.hardware.enableAllFirmware {
hardware.firmware = [ pkgs.firmwareLinuxNonfree ];
hardware.firmware = [ pkgs.firmwareLinuxNonfree pkgs.intel2200BGFirmware ];
};
}

2
nixos/modules/hardware/network/intel-2200bg.nix
View file

@ -23,7 +23,7 @@
config = lib.mkIf config.networking.enableIntel2200BGFirmware {
hardware.enableAllFirmware = true;
hardware.firmware = [ pkgs.intel2200BGFirmware ];
};

29
nixos/modules/i18n/inputMethod/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, lib, ... }:
with lib;
{
options = {
i18n.inputMethod = {
enabled = mkOption {
type = types.nullOr (types.enum [ "ibus" "fcitx" "nabi" "uim" ]);
default = null;
example = "fcitx";
description = ''
Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.
Input methods are specially used to input Chinese, Japanese and Korean characters.
Currently the following input methods are available in NixOS:
<itemizedlist>
<listitem><para>ibus: The intelligent input bus, extra input engines can be added using <literal>i18n.inputMethod.ibus.engines</literal>.</para></listitem>
<listitem><para>fcitx: A customizable lightweight input method, extra input engines can be added using <literal>i18n.inputMethod.fcitx.engines</literal>.</para></listitem>
<listitem><para>nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.</para></listitem>
<listitem><para>uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.</para></listitem>
</itemizedlist>
'';
};
};
};
}

44
nixos/modules/i18n/inputMethod/fcitx.nix Normal file
View file

@ -0,0 +1,44 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.i18n.inputMethod.fcitx;
fcitxPackage = pkgs.fcitx-with-plugins.override { plugins = cfg.engines; };
fcitxEngine = types.package // {
name = "fcitx-engine";
check = x: (lib.types.package.check x) && (attrByPath ["meta" "isFcitxEngine"] false x);
};
in
{
options = {
i18n.inputMethod.fcitx = {
engines = mkOption {
type = with types; listOf fcitxEngine;
default = [];
example = literalExample "with pkgs.fcitx-engines; [ mozc hangul ]";
description =
let
engines =
lib.concatStringsSep ", "
(map (name: "<literal>${name}</literal>")
(lib.attrNames pkgs.fcitx-engines));
in
"Enabled Fcitx engines. Available engines are: ${engines}.";
};
};
};
config = mkIf (config.i18n.inputMethod.enabled == "fcitx") {
environment.systemPackages = [ fcitxPackage ];
environment.variables = {
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
};
services.xserver.displayManager.sessionCommands = "${fcitxPackage}/bin/fcitx";
};
}

55
nixos/modules/i18n/inputMethod/ibus.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.i18n.inputMethod.ibus;
ibusPackage = pkgs.ibus-with-plugins.override { plugins = cfg.engines; };
ibusEngine = types.package // {
name = "ibus-engine";
check = x: (lib.types.package.check x) && (attrByPath ["meta" "isIbusEngine"] false x);
};
ibusAutostart = pkgs.writeTextFile {
name = "autostart-ibus-daemon";
destination = "/etc/xdg/autostart/ibus-daemon.desktop";
text = ''
[Desktop Entry]
Name=IBus
Type=Application
Exec=${ibusPackage}/bin/ibus-daemon --daemonize --xim --cache=refresh
'';
};
in
{
options = {
i18n.inputMethod.ibus = {
engines = mkOption {
type = with types; listOf ibusEngine;
default = [];
example = literalExample "with pkgs.ibus-engines; [ mozc hangul ]";
description =
let
engines =
lib.concatStringsSep ", "
(map (name: "<literal>${name}</literal>")
(lib.attrNames pkgs.ibus-engines));
in
"Enabled IBus engines. Available engines are: ${engines}.";
};
};
};
config = mkIf (config.i18n.inputMethod.enabled == "ibus") {
# Without dconf enabled it is impossible to use IBus
environment.systemPackages = with pkgs; [
ibusPackage ibus-qt gnome3.dconf ibusAutostart
];
environment.variables = {
GTK_IM_MODULE = "ibus";
QT_IM_MODULE = "ibus";
XMODIFIERS = "@im=ibus";
};
};
}

16
nixos/modules/i18n/inputMethod/nabi.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = mkIf (config.i18n.inputMethod.enabled == "nabi") {
environment.systemPackages = [ pkgs.nabi ];
environment.variables = {
GTK_IM_MODULE = "nabi";
QT_IM_MODULE = "nabi";
XMODIFIERS = "@im=nabi";
};
services.xserver.displayManager.sessionCommands = "${pkgs.nabi}/bin/nabi &";
};
}

37
nixos/modules/i18n/inputMethod/uim.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.i18n.inputMethod.uim;
in
{
options = {
i18n.inputMethod.uim = {
toolbar = mkOption {
type = types.enum [ "gtk" "gtk3" "gtk-systray" "gtk3-systray" "qt4" ];
default = "gtk";
example = "gtk-systray";
description = ''
selected UIM toolbar.
'';
};
};
};
config = mkIf (config.i18n.inputMethod.enabled == "uim") {
environment.systemPackages = [ pkgs.uim ];
environment.variables = {
GTK_IM_MODULE = "uim";
QT_IM_MODULE = "uim";
XMODIFIERS = "@im=uim";
};
services.xserver.displayManager.sessionCommands = ''
${pkgs.uim}/bin/uim-xim &
${pkgs.uim}/bin/uim-toolbar-${cfg.toolbar} &
'';
};
}

78
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix Normal file
View file

@ -0,0 +1,78 @@
# This module defines a NixOS installation CD that contains X11 and
# GNOME 3.
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ ./installation-cd-base.nix ];
services.xserver = {
enable = true;
# GDM doesn't start in virtual machines with ISO
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
desktopManager.gnome3 = {
enable = true;
extraGSettingsOverrides = ''
[org.gnome.desktop.background]
show-desktop-icons=true
[org.gnome.nautilus.desktop]
trash-icon-visible=false
volumes-visible=false
home-icon-visible=false
network-icon-visible=false
'';
extraGSettingsOverridePackages = [ pkgs.gnome3.nautilus ];
};
};
environment.systemPackages =
[ # Include gparted for partitioning disks.
pkgs.gparted
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
pkgs.glxinfo
];
# Don't start the X server by default.
services.xserver.autorun = mkForce false;
# Auto-login as root.
services.xserver.displayManager.gdm.autoLogin = {
enable = true;
user = "root";
};
system.activationScripts.installerDesktop = let
# Must be executable
desktopFile = pkgs.writeScript "nixos-manual.desktop" ''
[Desktop Entry]
Version=1.0
Type=Link
Name=NixOS Manual
URL=${config.system.build.manual.manual}/share/doc/nixos/index.html
Icon=system-help
'';
# use cp and chmod +x, we must be sure the apps are in the nix store though
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
cp ${pkgs.gnome3.gnome_terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
chmod a+rx /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
chmod a+rx /root/Desktop/gparted.desktop
'';
}

2
nixos/modules/installer/cd-dvd/installation-cd-graphical-new-kernel.nix → nixos/modules/installer/cd-dvd/installation-cd-graphical-kde-new-kernel.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [ ./installation-cd-graphical.nix ];
imports = [ ./installation-cd-graphical-kde.nix ];
boot.kernelPackages = pkgs.linuxPackages_latest;
}

0
nixos/modules/installer/cd-dvd/installation-cd-graphical.nix → nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View file

2
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
View file

@ -23,7 +23,7 @@ in
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
# FIXME: this probably should be in installation-device.nix
users.extraUsers.root.initialHashedPassword = "";

10
nixos/modules/installer/cd-dvd/sd-image.nix
View file

@ -30,7 +30,7 @@ in
bootSize = mkOption {
type = types.int;
default = 128;
default = 120;
description = ''
Size of the /boot partition, in megabytes.
'';
@ -66,10 +66,10 @@ in
buildInputs = with pkgs; [ dosfstools e2fsprogs mtools libfaketime utillinux ];
buildCommand = ''
# Create the image file sized to fit /boot and /, plus 4M of slack
# Create the image file sized to fit /boot and /, plus 20M of slack
rootSizeBlocks=$(du -B 512 --apparent-size ${rootfsImage} | awk '{ print $1 }')
bootSizeBlocks=$((${toString config.sdImage.bootSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + bootSizeBlocks * 512 + 4096 * 1024))
imageSize=$((rootSizeBlocks * 512 + bootSizeBlocks * 512 + 20 * 1024 * 1024))
truncate -s $imageSize $out
# type=b is 'W95 FAT32', type=83 is 'Linux'.
@ -77,8 +77,8 @@ in
label: dos
label-id: 0x2178694e
start=1M, size=$bootSizeBlocks, type=b, bootable
type=83
start=8M, size=$bootSizeBlocks, type=b, bootable
start=${toString (8 + config.sdImage.bootSize)}M, type=83
EOF
# Copy the rootfs into the SD image

2
nixos/modules/installer/tools/auto-upgrade.nix
View file

@ -74,7 +74,7 @@ let cfg = config.system.autoUpgrade; in
serviceConfig.Type = "oneshot";
environment = config.nix.envVars //
{ inherit (config.environment.sessionVariables) NIX_PATH SSL_CERT_FILE;
{ inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
};

9
nixos/modules/misc/ids.nix
View file

@ -248,6 +248,12 @@
matrix-synapse = 224;
rspamd = 225;
rmilter = 226;
cfdyndns = 227;
gammu-smsd = 228;
pdnsd = 229;
octoprint = 230;
avahi-autoipd = 231;
nntp-proxy = 232;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -473,6 +479,9 @@
matrix-synapse = 224;
rspamd = 225;
rmilter = 226;
cfdyndns = 227;
pdnsd = 229;
octoprint = 230;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

4
nixos/modules/misc/locate.nix
View file

@ -67,7 +67,9 @@ in {
};
config = {
warnings = let opt = options.services.locate.period; in optional opt.isDefined "The `period` definition in ${showFiles opt.files} has been removed; please replace it with `interval`, using the new systemd.time interval specifier.";
warnings =
let opt = options.services.locate.period; in
optional opt.isDefined "The services.locate.period option in ${showFiles opt.files} has been removed; please replace it with services.locate.interval, using the systemd.time(7) calendar event format.";
systemd.services.update-locatedb =
{ description = "Update Locate Database";

82
nixos/modules/misc/nixos.nix
View file

@ -1,82 +0,0 @@
{ config, options, lib, ... }:
# This modules is used to inject a different NixOS version as well as its
# argument such that one can pin a specific version with the versionning
# system of the configuration.
let
nixosReentry = import config.nixos.path {
inherit (config.nixos) configuration extraModules;
inherit (config.nixpkgs) system;
reEnter = true;
};
in
with lib;
{
options = {
nixos.path = mkOption {
default = null;
example = literalExample "./nixpkgs-15.09/nixos";
type = types.nullOr types.path;
description = ''
This option give the ability to evaluate the current set of modules
with a different version of NixOS. This option can be used version
the version of NixOS with the configuration without relying on the
<literal>NIX_PATH</literal> environment variable.
'';
};
nixos.system = mkOption {
example = "i686-linux";
type = types.uniq types.str;
description = ''
Name of the system used to compile NixOS.
'';
};
nixos.extraModules = mkOption {
default = [];
example = literalExample "[ ./sshd-config.nix ]";
type = types.listOf (types.either (types.submodule ({...}:{options={};})) types.path);
description = ''
Define additional modules which would be loaded to evaluate the
configuration.
'';
};
nixos.configuration = mkOption {
type = types.unspecified;
internal = true;
description = ''
Option used by <filename>nixos/default.nix</filename> to re-inject
the same configuration module as the one used for the current
execution.
'';
};
nixos.reflect = mkOption {
default = { inherit config options; };
type = types.unspecified;
internal = true;
description = ''
Provides <literal>config</literal> and <literal>options</literal>
computed by the module system and given as argument to all
modules. These are used for introspection of options and
configuration by tools such as <literal>nixos-option</literal>.
'';
};
};
config = mkMerge [
(mkIf (config.nixos.path != null) (mkForce {
system.build.toplevel = nixosReentry.system;
system.build.vm = nixosReentry.vm;
nixos.reflect = { inherit (nixosReentry) config options; };
}))
{ meta.maintainers = singleton lib.maintainers.pierron;
meta.doc = ./nixos.xml;
}
];
}

84
nixos/modules/misc/nixos.xml
View file

@ -1,84 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-misc-nixos">
<title>NixOS Reentry</title>
<!-- FIXME: render nicely -->
<!-- FIXME: source can be added automatically -->
<para><emphasis>Source:</emphasis> <filename>modules/misc/nixos.nix</filename></para>
<!-- FIXME: more stuff, like maintainer? -->
<para>NixOS reentry can be used for both pinning the evaluation to a
specific version of NixOS, and to dynamically add additional modules into
the Module evaluation.</para>
<section><title>NixOS Version Pinning</title>
<para>To pin a specific version of NixOS, you need a version that you can
either clone localy, or that you can fetch remotely.</para>
<para>If you already have a cloned version of NixOS in the directory
<filename>/etc/nixos/nixpkgs-16-03</filename>, then you can specify the
<option>nixos.path</option> with either the path or the relative path of
your NixOS clone. For example, you can add the following to your
<filename>/etc/nixos/configuration.nix</filename> file:
<programlisting>
nixos.path = ./nixpkgs-16-03/nixos;
</programlisting>
</para>
<para>Another option is to fetch a specific version of NixOS, with either
the <literal>fetchTarball</literal> builtin, or the
<literal>pkgs.fetchFromGitHub</literal> function and use the result as an
input.
<programlisting>
nixos.path = "${builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/1f27976e03c15183191d1b4aa1a40d1f14666cd2.tar.gz}/nixos";
</programlisting>
</para>
</section>
<section><title>Adding Module Dynamically</title>
<para>To add additional module, the recommended way is to use statically
known modules in the list of imported arguments as described in <xref
linkend="sec-modularity" />. Unfortunately, this recommended method has
limitation, such that the list of imported files cannot be selected based on
the content of the configuration.
Fortunately, NixOS reentry system can be used as an alternative to register
new imported modules based on the content of the configuration. To do so,
one should define both <option>nixos.path</option> and
<option>nixos.extraModules</option> options.
<programlisting>
nixos.path = &lt;nixos&gt;;
nixos.extraModules =
if config.networking.hostName == "server" then
[ ./server.nix ] else [ ./client.nix ];
</programlisting>
Also note, that the above can be reimplemented in a different way which is
not as expensive, by using <literal>mkIf</literal> at the top each
configuration if both modules are present on the file system (see <xref
linkend="sec-option-definitions" />) and by always inmporting both
modules.</para>
</section>
<section><title>Options</title>
<para>FIXME: auto-generated list of module options.</para>
</section>
</chapter>

22
nixos/modules/module-list.nix
View file

@ -7,7 +7,6 @@
./config/fonts/fonts.nix
./config/fonts/ghostscript.nix
./config/gnu.nix
./config/gtk-exe-env.nix
./config/i18n.nix
./config/krb5.nix
./config/ldap.nix
@ -16,7 +15,6 @@
./config/nsswitch.nix
./config/power-management.nix
./config/pulseaudio.nix
./config/qt-plugin-env.nix
./config/shells-environment.nix
./config/swap.nix
./config/sysctl.nix
@ -43,6 +41,11 @@
./hardware/video/nvidia.nix
./hardware/video/ati.nix
./hardware/video/webcam/facetimehd.nix
./i18n/inputMethod/default.nix
./i18n/inputMethod/fcitx.nix
./i18n/inputMethod/ibus.nix
./i18n/inputMethod/nabi.nix
./i18n/inputMethod/uim.nix
./installer/tools/auto-upgrade.nix
./installer/tools/nixos-checkout.nix
./installer/tools/tools.nix
@ -53,7 +56,6 @@
./misc/lib.nix
./misc/locate.nix
./misc/meta.nix
./misc/nixos.nix
./misc/nixpkgs.nix
./misc/passthru.nix
./misc/version.nix
@ -66,7 +68,6 @@
./programs/environment.nix
./programs/freetds.nix
./programs/fish.nix
./programs/ibus.nix
./programs/kbdlight.nix
./programs/light.nix
./programs/man.nix
@ -76,7 +77,6 @@
./programs/shell.nix
./programs/ssh.nix
./programs/ssmtp.nix
./programs/uim.nix
./programs/venus.nix
./programs/wvdial.nix
./programs/xfs_quota.nix
@ -89,6 +89,7 @@
./security/ca.nix
./security/duosec.nix
./security/grsecurity.nix
./security/oath.nix
./security/pam.nix
./security/pam_usb.nix
./security/pam_mount.nix
@ -201,6 +202,7 @@
./services/misc/bepasty.nix
./services/misc/canto-daemon.nix
./services/misc/calibre-server.nix
./services/misc/cfdyndns.nix
./services/misc/cpuminer-cryptonight.nix
./services/misc/cgminer.nix
./services/misc/confd.nix
@ -211,6 +213,7 @@
./services/misc/etcd.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/gammu-smsd.nix
#./services/misc/gitit.nix
./services/misc/gitlab.nix
./services/misc/gitolite.nix
@ -227,6 +230,7 @@
./services/misc/nix-gc.nix
./services/misc/nixos-manual.nix
./services/misc/nix-ssh-serve.nix
./services/misc/octoprint.nix
./services/misc/parsoid.nix
./services/misc/phd.nix
./services/misc/plex.nix
@ -236,6 +240,7 @@
./services/misc/ripple-data-api.nix
./services/misc/rogue.nix
./services/misc/siproxd.nix
./services/misc/spice-vdagentd.nix
./services/misc/subsonic.nix
./services/misc/sundtek.nix
./services/misc/svnserve.nix
@ -250,6 +255,7 @@
./services/monitoring/dd-agent.nix
./services/monitoring/grafana.nix
./services/monitoring/graphite.nix
./services/monitoring/hdaps.nix
./services/monitoring/heapster.nix
./services/monitoring/longview.nix
./services/monitoring/monit.nix
@ -268,6 +274,7 @@
./services/monitoring/zabbix-agent.nix
./services/monitoring/zabbix-server.nix
./services/network-filesystems/drbd.nix
./services/network-filesystems/netatalk.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/openafs-client/default.nix
./services/network-filesystems/rsyncd.nix
@ -316,11 +323,11 @@
./services/networking/hostapd.nix
./services/networking/i2pd.nix
./services/networking/i2p.nix
./services/networking/ifplugd.nix
./services/networking/iodined.nix
./services/networking/ircd-hybrid/default.nix
./services/networking/kippo.nix
./services/networking/lambdabot.nix
./services/networking/libreswan.nix
./services/networking/mailpile.nix
./services/networking/minidlna.nix
./services/networking/miniupnpd.nix
@ -331,6 +338,7 @@
./services/networking/networkmanager.nix
./services/networking/ngircd.nix
./services/networking/nix-serve.nix
./services/networking/nntp-proxy.nix
./services/networking/nsd.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
@ -340,6 +348,7 @@
./services/networking/openntpd.nix
./services/networking/openvpn.nix
./services/networking/ostinato.nix
./services/networking/pdnsd.nix
./services/networking/polipo.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix
@ -439,6 +448,7 @@
./services/x11/display-managers/lightdm.nix
./services/x11/display-managers/sddm.nix
./services/x11/display-managers/slim.nix
./services/x11/hardware/libinput.nix
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix

1
nixos/modules/profiles/base.nix
View file

@ -17,6 +17,7 @@
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes
pkgs.which # 88K size
# Some networking tools.
pkgs.fuse

2
nixos/modules/profiles/qemu-guest.nix
View file

@ -14,4 +14,6 @@
# to the *boot time* of the host).
hwclock -s
'';
security.rngd.enable = false;
}

2
nixos/modules/programs/bash/bash.nix
View file

@ -56,7 +56,7 @@ in
*/
shellAliases = mkOption {
default = config.environment.shellAliases // { which = "type -P"; };
default = config.environment.shellAliases;
description = ''
Set of aliases for bash shell. See <option>environment.shellAliases</option>
for an option format description.

16
nixos/modules/programs/freetds.nix
View file

@ -17,14 +17,14 @@ in
environment.freetds = mkOption {
type = types.attrsOf types.str;
default = {};
example = {
MYDATABASE =
''
host = 10.0.2.100
port = 1433
tds version = 7.2
'';
};
example = literalExample ''
{ MYDATABASE = '''
host = 10.0.2.100
port = 1433
tds version = 7.2
''';
}
'';
description =
''
Configure freetds database entries. Each attribute denotes

51
nixos/modules/programs/ibus.nix
View file

@ -1,51 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.ibus;
in
{
options = {
programs.ibus = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable IBus input method";
};
plugins = mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
IBus plugin packages
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.ibus pkgs.gnome3.dconf ];
gtkPlugins = [ pkgs.ibus ];
qtPlugins = [ pkgs.ibus-qt ];
environment.variables =
let
env = pkgs.buildEnv {
name = "ibus-env";
paths = [ pkgs.ibus ] ++ cfg.plugins;
};
in {
GTK_IM_MODULE = "ibus";
QT_IM_MODULE = "ibus";
XMODIFIERS = "@im=ibus";
IBUS_COMPONENT_PATH = "${env}/share/ibus/component";
};
services.xserver.displayManager.sessionCommands = "${pkgs.ibus}/bin/ibus-daemon --daemonize --xim --cache=none";
};
}

3
nixos/modules/programs/ssh.nix
View file

@ -36,6 +36,7 @@ in
askPassword = mkOption {
type = types.str;
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
description = ''Program used by SSH to ask for passwords.'';
};
@ -226,7 +227,5 @@ in
environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword;
programs.ssh.askPassword = mkDefault "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
};
}

31
nixos/modules/programs/uim.nix
View file

@ -1,31 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.uim;
in
{
options = {
uim = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable UIM input method";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.uim ];
gtkPlugins = [ pkgs.uim ];
qtPlugins = [ pkgs.uim ];
environment.variables.GTK_IM_MODULE = "uim";
environment.variables.QT_IM_MODULE = "uim";
environment.variables.XMODIFIERS = "@im=uim";
services.xserver.displayManager.sessionCommands = "uim-xim &";
};
}

4
nixos/modules/programs/venus.nix
View file

@ -99,6 +99,7 @@ in
};
outputTheme = mkOption {
default = "${pkgs.venus}/themes/classic_fancy";
type = types.path;
description = ''
Directory containing a config.ini file which is merged with this one.
@ -165,11 +166,8 @@ in
script = "exec venus-planet ${configFile}";
serviceConfig.User = "${cfg.user}";
serviceConfig.Group = "${cfg.group}";
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
startAt = cfg.dates;
};
services.venus.outputTheme = mkDefault "${pkgs.venus}/themes/classic_fancy";
};
}

6
nixos/modules/rename.nix
View file

@ -28,6 +28,9 @@ with lib;
(mkRenamedOptionModule [ "services" "subsonic" "host" ] [ "services" "subsonic" "listenAddress" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ])
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
(mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])
@ -59,6 +62,9 @@ with lib;
# Tarsnap
(mkRenamedOptionModule [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ])
# ibus
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
# proxy
(mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])

2
nixos/modules/security/acme.nix
View file

@ -56,7 +56,7 @@ let
plugins = mkOption {
type = types.listOf (types.enum [
"cert.der" "cert.pem" "chain.pem" "external_pem.sh"
"cert.der" "cert.pem" "chain.pem" "external.sh"
"fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json"
]);
default = [ "fullchain.pem" "key.pem" "account_key.json" ];

25
nixos/modules/security/ca.nix
View file

@ -35,14 +35,17 @@ in
security.pki.certificates = mkOption {
type = types.listOf types.str;
default = [];
example = singleton ''
NixOS.org
=========
-----BEGIN CERTIFICATE-----
MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
...
-----END CERTIFICATE-----
example = literalExample ''
[ '''
NixOS.org
=========
-----BEGIN CERTIFICATE-----
MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
...
-----END CERTIFICATE-----
'''
]
'';
description = ''
A list of trusted root certificates in PEM format.
@ -64,12 +67,6 @@ in
# CentOS/Fedora compatibility.
environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates;
environment.sessionVariables =
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
# FIXME: unneeded - remove eventually.
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt";
};
};
}

50
nixos/modules/security/oath.nix Normal file
View file

@ -0,0 +1,50 @@
# This module provides configuration for the OATH PAM modules.
{ config, lib, pkgs, ... }:
with lib;
{
options = {
security.pam.oath = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the OATH (one-time password) PAM module.
'';
};
digits = mkOption {
type = types.enum [ 6 7 8 ];
default = 6;
description = ''
Specify the length of the one-time password in number of
digits.
'';
};
window = mkOption {
type = types.int;
default = 5;
description = ''
Specify the number of one-time passwords to check in order
to accommodate for situations where the system and the
client are slightly out of sync (iteration for HOTP or time
steps for TOTP).
'';
};
usersFile = mkOption {
type = types.path;
default = "/etc/users.oath";
description = ''
Set the path to file where the user's credentials are
stored. This file must not be world readable!
'';
};
};
};
}

17
nixos/modules/security/pam.nix
View file

@ -75,7 +75,7 @@ let
};
oathAuth = mkOption {
default = config.security.pam.enableOATH;
default = config.security.pam.oath.enable;
type = types.bool;
description = ''
If set, the OATH Toolkit will be used.
@ -259,8 +259,8 @@ let
"auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"}
${optionalString cfg.otpwAuth
"auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.oathAuth
"auth sufficient ${pkgs.oathToolkit}/lib/security/pam_oath.so window=5 usersfile=/etc/users.oath"}
${let oath = config.security.pam.oath; in optionalString cfg.oathAuth
"auth sufficient ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"}
${optionalString config.users.ldap.enable
"auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"}
${optionalString config.krb5.enable ''
@ -302,8 +302,6 @@ let
"session optional ${pam_krb5}/lib/security/pam_krb5.so"}
${optionalString cfg.otpwAuth
"session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.oathAuth
"session optional ${pkgs.oathToolkit}/lib/security/pam_oath.so window=5 usersfile=/etc/users.oath"}
${optionalString cfg.startSession
"session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
${optionalString cfg.forwardXAuth
@ -405,13 +403,6 @@ in
'';
};
security.pam.enableOATH = mkOption {
default = false;
description = ''
Enable the OATH (one-time password) PAM module.
'';
};
security.pam.enableU2F = mkOption {
default = false;
description = ''
@ -446,7 +437,7 @@ in
++ optional config.users.ldap.enable pam_ldap
++ optionals config.krb5.enable [pam_krb5 pam_ccreds]
++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]
++ optionals config.security.pam.enableOATH [ pkgs.oathToolkit ]
++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ]
++ optionals config.security.pam.enableU2F [ pkgs.pam_u2f ]
++ optionals config.security.pam.enableEcryptfs [ pkgs.ecryptfs ];

3
nixos/modules/services/amqp/activemq/default.nix
View file

@ -32,6 +32,7 @@ in {
'';
};
configurationDir = mkOption {
default = "${activemq}/conf";
description = ''
The base directory for ActiveMQ's configuration.
By default, this directory is searched for a file named activemq.xml,
@ -125,8 +126,6 @@ in {
'';
};
services.activemq.configurationDir = mkDefault "${activemq}/conf";
};
}

1
nixos/modules/services/computing/slurm/slurm.nix
View file

@ -37,6 +37,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.slurm-llnl;
defaultText = "pkgs.slurm-llnl";
example = literalExample "pkgs.slurm-llnl-full";
description = ''
The packge to use for slurm binaries.

17
nixos/modules/services/continuous-integration/jenkins/default.nix
View file

@ -92,11 +92,12 @@ in {
type = with types; attrsOf str;
description = ''
Additional environment variables to be passed to the jenkins process.
As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and
GIT_SSL_CAINFO from <option>environment.sessionVariables</option>,
NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to
the value of <option>services.jenkins.home</option>. This option has
precedence and can be used to override those mentioned variables.
As a base environment, jenkins receives NIX_PATH from
<option>environment.sessionVariables</option>, NIX_REMOTE is set to
"daemon" and JENKINS_HOME is set to the value of
<option>services.jenkins.home</option>.
This option has precedence and can be used to override those
mentioned variables.
'';
};
@ -136,11 +137,7 @@ in {
environment =
let
selectedSessionVars =
lib.filterAttrs (n: v: builtins.elem n
[ "NIX_PATH"
"SSL_CERT_FILE"
"GIT_SSL_CAINFO"
])
lib.filterAttrs (n: v: builtins.elem n [ "NIX_PATH" ])
config.environment.sessionVariables;
in
selectedSessionVars //

17
nixos/modules/services/hardware/sane.nix
View file

@ -21,7 +21,13 @@ in
hardware.sane.enable = mkOption {
type = types.bool;
default = false;
description = "Enable support for SANE scanners.";
description = ''
Enable support for SANE scanners.
<note><para>
Users in the "scanner" group will gain access to the scanner.
</para></note>
'';
};
hardware.sane.snapshot = mkOption {
@ -33,7 +39,14 @@ in
hardware.sane.extraBackends = mkOption {
type = types.listOf types.path;
default = [];
description = "Packages providing extra SANE backends to enable.";
description = ''
Packages providing extra SANE backends to enable.
<note><para>
The example contains the package for HP scanners.
</para></note>
'';
example = literalExample "[ pkgs.hplipWithPlugin ]";
};
hardware.sane.configDir = mkOption {

8
nixos/modules/services/hardware/udev.nix
View file

@ -13,13 +13,13 @@ let
extraUdevRules = pkgs.writeTextFile {
name = "extra-udev-rules";
text = cfg.extraRules;
destination = "/etc/udev/rules.d/10-local.rules";
destination = "/etc/udev/rules.d/99-local.rules";
};
extraHwdbFile = pkgs.writeTextFile {
name = "extra-hwdb-file";
text = cfg.extraHwdb;
destination = "/etc/udev/hwdb.d/10-local.hwdb";
destination = "/etc/udev/hwdb.d/99-local.hwdb";
};
nixosRules = ''
@ -212,8 +212,8 @@ in
type = types.lines;
description = ''
Additional <command>udev</command> rules. They'll be written
into file <filename>10-local.rules</filename>. Thus they are
read before all other rules.
into file <filename>99-local.rules</filename>. Thus they are
read and applied after all other rules.
'';
};

6
nixos/modules/services/logging/logstash.nix
View file

@ -85,7 +85,7 @@ in
type = types.lines;
default = ''stdin { type => "example" }'';
description = "Logstash input configuration.";
example = literalExample ''
example = ''
# Read from journal
pipe {
command => "''${pkgs.systemd}/bin/journalctl -f -o json"
@ -98,7 +98,7 @@ in
type = types.lines;
default = ''noop {}'';
description = "logstash filter configuration.";
example = literalExample ''
example = ''
if [type] == "syslog" {
# Keep only relevant systemd fields
# http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html
@ -114,7 +114,7 @@ in
outputConfig = mkOption {
type = types.lines;
default = literalExample ''stdout { debug => true debug_format => "json"}'';
default = ''stdout { debug => true debug_format => "json"}'';
description = "Logstash output configuration.";
example = ''
redis { host => "localhost" data_type => "list" key => "logstash" codec => json }

2
nixos/modules/services/mail/dovecot.nix
View file

@ -254,7 +254,7 @@ in
${concatStringsSep "\n" (mapAttrsToList (to: from: ''
if [ -d '${from}' ]; then
mkdir '${stateDir}/sieve/${to}'
cp ${from}/*.sieve '${stateDir}/sieve/${to}'
cp "${from}/"*.sieve '${stateDir}/sieve/${to}'
else
cp '${from}' '${stateDir}/sieve/${to}'
fi

6
nixos/modules/services/mail/dspam.nix
View file

@ -19,7 +19,10 @@ let
SystemLog on
UserLog on
${optionalString (cfg.domainSocket != null) ''ServerDomainSocketPath "${cfg.domainSocket}"''}
${optionalString (cfg.domainSocket != null) ''
ServerDomainSocketPath "${cfg.domainSocket}"
ClientHost "${cfg.domainSocket}"
''}
${cfg.extraConfig}
'';
@ -108,6 +111,7 @@ in {
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = optional (cfg.domainSocket == defaultSock) "dspam";
RuntimeDirectoryMode = optional (cfg.domainSocket == defaultSock) "0750";
PermissionsStartOnly = true;
# DSPAM segfaults on just about every error
Restart = "on-failure";

9
nixos/modules/services/mail/opendkim.nix
View file

@ -49,7 +49,12 @@ in {
domains = mkOption {
type = types.str;
description = "Local domains set; messages from them are signed, not verified.";
default = "csl:${config.networking.hostName}";
example = "csl:example.com,mydomain.net";
description = ''
Local domains set (see <literal>opendkim(8)</literal> for more information on datasets).
Messages from them are signed, not verified.
'';
};
keyFile = mkOption {
@ -77,8 +82,6 @@ in {
config = mkIf cfg.enable {
services.opendkim.domains = mkDefault "csl:${config.networking.hostName}";
users.extraUsers = optionalAttrs (cfg.user == "opendkim") (singleton
{ name = "opendkim";
group = cfg.group;

8
nixos/modules/services/misc/bepasty.nix
View file

@ -103,9 +103,13 @@ in
after = [ "network.target" ];
restartIfChanged = true;
environment = {
environment = let
penv = python.buildEnv.override {
extraLibs = [ bepasty gevent ];
};
in {
BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf";
PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages";
PYTHONPATH= "${penv}/${python.sitePackages}/";
};
serviceConfig = {

70
nixos/modules/services/misc/cfdyndns.nix Normal file
View file

@ -0,0 +1,70 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.cfdyndns;
in
{
options = {
services.cfdyndns = {
enable = mkEnableOption "Cloudflare Dynamic DNS Client";
email = mkOption {
type = types.str;
description = ''
The email address to use to authenticate to CloudFlare.
'';
};
apikey = mkOption {
type = types.str;
description = ''
The API Key to use to authenticate to CloudFlare.
'';
};
records = mkOption {
default = [];
example = [ "host.tld" ];
type = types.listOf types.str;
description = ''
The records to update in CloudFlare.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.cfdyndns = {
description = "CloudFlare Dynamic DNS Client";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
startAt = "5 minutes";
serviceConfig = {
Type = "simple";
User = config.ids.uids.cfdyndns;
Group = config.ids.gids.cfdyndns;
ExecStart = "/bin/sh -c '${pkgs.cfdyndns}/bin/cfdyndns'";
};
environment = {
CLOUDFLARE_EMAIL="${cfg.email}";
CLOUDFLARE_APIKEY="${cfg.apikey}";
CLOUDFLARE_RECORDS="${concatStringsSep "," cfg.records}";
};
};
users.extraUsers = {
cfdyndns = {
group = "cfdyndns";
uid = config.ids.uids.cfdyndns;
};
};
users.extraGroups = {
cfdyndns = {
gid = config.ids.gids.cfdyndns;
};
};
};
}

1
nixos/modules/services/misc/defaultUnicornConfig.rb
View file

@ -187,7 +187,6 @@ working_directory ENV["GITLAB_PATH"]
pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid"
listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024
listen "127.0.0.1:8080", :tcp_nopush => true
timeout 60

253
nixos/modules/services/misc/gammu-smsd.nix Normal file
View file

@ -0,0 +1,253 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.services.gammu-smsd;
configFile = pkgs.writeText "gammu-smsd.conf" ''
[gammu]
Device = ${cfg.device.path}
Connection = ${cfg.device.connection}
SynchronizeTime = ${if cfg.device.synchronizeTime then "yes" else "no"}
LogFormat = ${cfg.log.format}
${if (cfg.device.pin != null) then "PIN = ${cfg.device.pin}" else ""}
${cfg.extraConfig.gammu}
[smsd]
LogFile = ${cfg.log.file}
Service = ${cfg.backend.service}
${optionalString (cfg.backend.service == "files") ''
InboxPath = ${cfg.backend.files.inboxPath}
OutboxPath = ${cfg.backend.files.outboxPath}
SentSMSPath = ${cfg.backend.files.sentSMSPath}
ErrorSMSPath = ${cfg.backend.files.errorSMSPath}
''}
${optionalString (cfg.backend.service == "sql" && cfg.backend.sql.driver == "sqlite") ''
Driver = ${cfg.backend.sql.driver}
DBDir = ${cfg.backend.sql.database}
''}
${optionalString (cfg.backend.service == "sql" && cfg.backend.sql.driver == "native_pgsql") (
with cfg.backend; ''
Driver = ${sql.driver}
${if (sql.database!= null) then "Database = ${sql.database}" else ""}
${if (sql.host != null) then "Host = ${sql.host}" else ""}
${if (sql.user != null) then "User = ${sql.user}" else ""}
${if (sql.password != null) then "Password = ${sql.password}" else ""}
'')}
${cfg.extraConfig.smsd}
'';
initDBDir = "share/doc/gammu/examples/sql";
gammuPackage = with cfg.backend; (pkgs.gammu.override {
dbiSupport = (service == "sql" && sql.driver == "sqlite");
postgresSupport = (service == "sql" && sql.driver == "native_pgsql");
});
in {
options = {
services.gammu-smsd = {
enable = mkEnableOption "gammu-smsd daemon";
user = mkOption {
type = types.str;
default = "smsd";
description = "User that has access to the device";
};
device = {
path = mkOption {
type = types.path;
description = "Device node or address of the phone";
example = "/dev/ttyUSB2";
};
group = mkOption {
type = types.str;
default = "root";
description = "Owner group of the device";
example = "dialout";
};
connection = mkOption {
type = types.str;
default = "at";
description = "Protocol which will be used to talk to the phone";
};
synchronizeTime = mkOption {
type = types.bool;
default = true;
description = "Whether to set time from computer to the phone during starting connection";
};
pin = mkOption {
type = types.nullOr types.str;
default = null;
description = "PIN code for the simcard";
};
};
log = {
file = mkOption {
type = types.str;
default = "syslog";
description = "Path to file where information about communication will be stored";
};
format = mkOption {
type = types.enum [ "nothing" "text" "textall" "textalldate" "errors" "errorsdate" "binary" ];
default = "errors";
description = "Determines what will be logged to the LogFile";
};
};
extraConfig = {
gammu = mkOption {
type = types.lines;
default = "";
description = "Extra config lines to be added into [gammu] section";
};
smsd = mkOption {
type = types.lines;
default = "";
description = "Extra config lines to be added into [smsd] section";
};
};
backend = {
service = mkOption {
type = types.enum [ "null" "files" "sql" ];
default = "null";
description = "Service to use to store sms data.";
};
files = {
inboxPath = mkOption {
type = types.path;
default = "/var/spool/sms/inbox/";
description = "Where the received SMSes are stored";
};
outboxPath = mkOption {
type = types.path;
default = "/var/spool/sms/outbox/";
description = "Where SMSes to be sent should be placed";
};
sentSMSPath = mkOption {
type = types.path;
default = "/var/spool/sms/sent/";
description = "Where the transmitted SMSes are placed";
};
errorSMSPath = mkOption {
type = types.path;
default = "/var/spool/sms/error/";
description = "Where SMSes with error in transmission is placed";
};
};
sql = {
driver = mkOption {
type = types.enum [ "native_mysql" "native_pgsql" "odbc" "dbi" ];
description = "DB driver to use";
};
sqlDialect = mkOption {
type = types.nullOr types.str;
default = null;
description = "SQL dialect to use (odbc driver only)";
};
database = mkOption {
type = types.str;
default = null;
description = "Database name to store sms data";
};
host = mkOption {
type = types.str;
default = "localhost";
description = "Database server address";
};
user = mkOption {
type = types.nullOr types.str;
default = null;
description = "User name used for connection to the database";
};
password = mkOption {
type = types.nullOr types.str;
default = null;
description = "User password used for connetion to the database";
};
};
};
};
};
config = mkIf cfg.enable {
users.extraUsers.${cfg.user} = {
description = "gammu-smsd user";
uid = config.ids.uids.gammu-smsd;
extraGroups = [ "${cfg.device.group}" ];
};
environment.systemPackages = with cfg.backend; [ gammuPackage ]
++ optionals (service == "sql" && sql.driver == "sqlite") [ pkgs.sqlite ];
systemd.services.gammu-smsd = {
description = "gammu-smsd daemon";
wantedBy = [ "multi-user.target" ];
wants = with cfg.backend; [ ]
++ optionals (service == "sql" && sql.driver == "native_pgsql") [ "postgresql.service" ];
preStart = with cfg.backend;
optionalString (service == "files") (with files; ''
mkdir -m 755 -p ${inboxPath} ${outboxPath} ${sentSMSPath} ${errorSMSPath}
chown ${cfg.user} -R ${inboxPath}
chown ${cfg.user} -R ${outboxPath}
chown ${cfg.user} -R ${sentSMSPath}
chown ${cfg.user} -R ${errorSMSPath}
'')
+ optionalString (service == "sql" && sql.driver == "sqlite") ''
cat "${gammuPackage}/${initDBDir}/sqlite.sql" \
| ${pkgs.sqlite}/bin/sqlite3 ${sql.database}
''
+ (let execPsql = extraArgs: concatStringsSep " " [
(optionalString (sql.password != null) "PGPASSWORD=${sql.password}")
"${config.services.postgresql.package}/bin/psql"
(optionalString (sql.host != null) "-h ${sql.host}")
(optionalString (sql.user != null) "-U ${sql.user}")
"$extraArgs"
"${sql.database}"
]; in optionalString (service == "sql" && sql.driver == "native_pgsql") ''
echo '\i '"${gammuPackage}/${initDBDir}/pgsql.sql" | ${execPsql ""}
'');
serviceConfig = {
User = "${cfg.user}";
Group = "${cfg.device.group}";
PermissionsStartOnly = true;
ExecStart = "${gammuPackage}/bin/gammu-smsd -c ${configFile}";
};
};
};
}

384
nixos/modules/services/misc/gitlab.nix
View file

@ -7,10 +7,13 @@ with lib;
let
cfg = config.services.gitlab;
ruby = pkgs.gitlab.ruby;
ruby = cfg.packages.gitlab.ruby;
bundler = pkgs.bundler;
gemHome = "${pkgs.gitlab.env}/${ruby.gemPath}";
gemHome = "${cfg.packages.gitlab.env}/${ruby.gemPath}";
gitlabSocket = "${cfg.statePath}/tmp/sockets/gitlab.socket";
pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url;
databaseYml = ''
production:
@ -21,14 +24,15 @@ let
username: ${cfg.databaseUsername}
encoding: utf8
'';
gitlabShellYml = ''
user: gitlab
gitlab_url: "http://${cfg.host}:${toString cfg.port}/"
user: ${cfg.user}
gitlab_url: "http+unix://${pathUrlQuote gitlabSocket}"
http_settings:
self_signed_cert: false
repos_path: "${cfg.stateDir}/repositories"
secret_file: "${cfg.stateDir}/config/gitlab_shell_secret"
log_file: "${cfg.stateDir}/log/gitlab-shell.log"
repos_path: "${cfg.statePath}/repositories"
secret_file: "${cfg.statePath}/config/gitlab_shell_secret"
log_file: "${cfg.statePath}/log/gitlab-shell.log"
redis:
bin: ${pkgs.redis}/bin/redis-cli
host: 127.0.0.1
@ -37,33 +41,102 @@ let
namespace: resque:gitlab
'';
gitlabConfig = {
# These are the default settings from config/gitlab.example.yml
production = flip recursiveUpdate cfg.extraConfig {
gitlab = {
host = cfg.host;
port = cfg.port;
https = cfg.https;
user = cfg.user;
email_enabled = true;
email_display_name = "GitLab";
email_reply_to = "noreply@localhost";
default_theme = 2;
default_projects_features = {
issues = true;
merge_requests = true;
wiki = true;
snippets = false;
builds = true;
};
};
artifacts = {
enabled = true;
};
lfs = {
enabled = true;
};
gravatar = {
enabled = true;
};
cron_jobs = {
stuck_ci_builds_worker = {
cron = "0 0 * * *";
};
};
gitlab_ci = {
builds_path = "${cfg.statePath}/builds";
};
ldap = {
enabled = false;
};
omniauth = {
enabled = false;
};
shared = {
path = "${cfg.statePath}/shared";
};
backup = {
path = "${cfg.backupPath}";
};
gitlab_shell = {
path = "${cfg.packages.gitlab-shell}";
repos_path = "${cfg.statePath}/repositories";
hooks_path = "${cfg.statePath}/shell/hooks";
secret_file = "${cfg.statePath}/config/gitlab_shell_secret";
upload_pack = true;
receive_pack = true;
};
git = {
bin_path = "git";
max_size = 20971520; # 20MB
timeout = 10;
};
extra = {};
};
};
gitlabEnv = {
HOME = "${cfg.statePath}/home";
GEM_HOME = gemHome;
BUNDLE_GEMFILE = "${cfg.packages.gitlab}/share/gitlab/Gemfile";
UNICORN_PATH = "${cfg.statePath}/";
GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/";
GITLAB_STATE_PATH = "${cfg.statePath}";
GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads";
GITLAB_LOG_PATH = "${cfg.statePath}/log";
GITLAB_SHELL_PATH = "${cfg.packages.gitlab-shell}";
GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/shell/config.yml";
GITLAB_SHELL_SECRET_PATH = "${cfg.statePath}/config/gitlab_shell_secret";
GITLAB_SHELL_HOOKS_PATH = "${cfg.statePath}/shell/hooks";
RAILS_ENV = "production";
};
unicornConfig = builtins.readFile ./defaultUnicornConfig.rb;
gitlab-runner = pkgs.stdenv.mkDerivation rec {
name = "gitlab-runner";
buildInputs = [ pkgs.gitlab pkgs.bundler pkgs.makeWrapper ];
buildInputs = [ cfg.packages.gitlab bundler pkgs.makeWrapper ];
phases = "installPhase fixupPhase";
buildPhase = "";
installPhase = ''
mkdir -p $out/bin
makeWrapper ${bundler}/bin/bundle $out/bin/gitlab-runner\
--set RAKEOPT '"-f ${pkgs.gitlab}/share/gitlab/Rakefile"'\
--set GEM_HOME '${gemHome}'\
--set UNICORN_PATH "${cfg.stateDir}/"\
--set GITLAB_PATH "${pkgs.gitlab}/share/gitlab/"\
--set GITLAB_APPLICATION_LOG_PATH "${cfg.stateDir}/log/application.log"\
--set GITLAB_SATELLITES_PATH "${cfg.stateDir}/satellites"\
--set GITLAB_SHELL_PATH "${pkgs.gitlab-shell}"\
--set GITLAB_REPOSITORIES_PATH "${cfg.stateDir}/repositories"\
--set GITLAB_SHELL_HOOKS_PATH "${cfg.stateDir}/shell/hooks"\
--set BUNDLE_GEMFILE "${pkgs.gitlab}/share/gitlab/Gemfile"\
--set GITLAB_EMAIL_FROM "${cfg.emailFrom}"\
--set GITLAB_SHELL_CONFIG_PATH "${cfg.stateDir}/shell/config.yml"\
--set GITLAB_SHELL_SECRET_PATH "${cfg.stateDir}/config/gitlab_shell_secret"\
--set GITLAB_HOST "${cfg.host}"\
--set GITLAB_PORT "${toString cfg.port}"\
--set GITLAB_BACKUP_PATH "${cfg.backupPath}"\
--set RAILS_ENV "production"
makeWrapper ${bundler}/bin/bundle $out/bin/gitlab-runner \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '\"${value}\"' ") gitlabEnv)} \
--set GITLAB_CONFIG_PATH '"${cfg.statePath}/config"' \
--set PATH '"${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH"' \
--set RAKEOPT '"-f ${cfg.packages.gitlab}/share/gitlab/Rakefile"'
'';
};
@ -79,13 +152,25 @@ in {
'';
};
satelliteDir = mkOption {
type = types.str;
default = "/var/gitlab/git-satellites";
description = "Gitlab directory to store checked out git trees requires for operation.";
packages.gitlab = mkOption {
type = types.package;
default = pkgs.gitlab;
description = "Reference to the gitlab package";
};
stateDir = mkOption {
packages.gitlab-shell = mkOption {
type = types.package;
default = pkgs.gitlab-shell;
description = "Reference to the gitlab-shell package";
};
packages.gitlab-workhorse = mkOption {
type = types.package;
default = pkgs.gitlab-workhorse;
description = "Reference to the gitlab-workhorse package";
};
statePath = mkOption {
type = types.str;
default = "/var/gitlab/state";
description = "Gitlab state directory, logs are stored here.";
@ -93,7 +178,7 @@ in {
backupPath = mkOption {
type = types.str;
default = cfg.stateDir + "/backup";
default = cfg.statePath + "/backup";
description = "Gitlab path for backups.";
};
@ -136,14 +221,67 @@ in {
port = mkOption {
type = types.int;
default = 8080;
description = "Gitlab server listening port.";
description = ''
Gitlab server port for copy-paste URLs, e.g. 80 or 443 if you're
service over https.
'';
};
https = mkOption {
type = types.bool;
default = false;
description = "Whether gitlab prints URLs with https as scheme.";
};
user = mkOption {
type = types.str;
default = "gitlab";
description = "User to run gitlab and all related services.";
};
group = mkOption {
type = types.str;
default = "gitlab";
description = "Group to run gitlab and all related services.";
};
initialRootEmail = mkOption {
type = types.str;
default = "admin@local.host";
description = ''
Initial email address of the root account if this is a new install.
'';
};
initialRootPassword = mkOption {
type = types.str;
default = "UseNixOS!";
description = ''
Initial password of the root account if this is a new install.
'';
};
extraConfig = mkOption {
type = types.attrs;
default = {};
example = {
gitlab = {
default_projects_features = {
builds = false;
};
};
};
description = ''
Extra options to be merged into config/gitlab.yml as nix
attribute set.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.git gitlab-runner pkgs.gitlab-shell ];
environment.systemPackages = [ pkgs.git gitlab-runner cfg.packages.gitlab-shell ];
assertions = [
{ assertion = cfg.databasePassword != "";
@ -159,39 +297,24 @@ in {
services.postfix.enable = mkDefault true;
users.extraUsers = [
{ name = "gitlab";
group = "gitlab";
home = "${cfg.stateDir}/home";
{ name = cfg.user;
group = cfg.group;
home = "${cfg.statePath}/home";
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.gitlab;
} ];
}
];
users.extraGroups = [
{ name = "gitlab";
{ name = cfg.group;
gid = config.ids.gids.gitlab;
} ];
}
];
systemd.services.gitlab-sidekiq = {
after = [ "network.target" "redis.service" ];
wantedBy = [ "multi-user.target" ];
environment.HOME = "${cfg.stateDir}/home";
environment.GEM_HOME = gemHome;
environment.UNICORN_PATH = "${cfg.stateDir}/";
environment.GITLAB_PATH = "${pkgs.gitlab}/share/gitlab/";
environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
environment.GITLAB_EMAIL_FROM = "${cfg.emailFrom}";
environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml";
environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret";
environment.GITLAB_HOST = "${cfg.host}";
environment.GITLAB_PORT = "${toString cfg.port}";
environment.GITLAB_DATABASE_HOST = "${cfg.databaseHost}";
environment.GITLAB_DATABASE_PASSWORD = "${cfg.databasePassword}";
environment.RAILS_ENV = "production";
environment = gitlabEnv;
path = with pkgs; [
config.services.postgresql.package
gitAndTools.git
@ -201,116 +324,131 @@ in {
];
serviceConfig = {
Type = "simple";
User = "gitlab";
Group = "gitlab";
User = cfg.user;
Group = cfg.group;
TimeoutSec = "300";
WorkingDirectory = "${pkgs.gitlab}/share/gitlab";
ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.stateDir}/tmp/sidekiq.pid\"";
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
};
};
systemd.services.gitlab-git-http-server = {
systemd.services.gitlab-workhorse = {
after = [ "network.target" "gitlab.service" ];
wantedBy = [ "multi-user.target" ];
environment.HOME = "${cfg.stateDir}/home";
environment.HOME = gitlabEnv.HOME;
environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH;
path = with pkgs; [
gitAndTools.git
openssh
];
preStart = ''
mkdir -p /run/gitlab
chown ${cfg.user}:${cfg.group} /run/gitlab
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
Type = "simple";
User = "gitlab";
Group = "gitlab";
User = cfg.user;
Group = cfg.group;
TimeoutSec = "300";
ExecStart = "${pkgs.gitlab-git-http-server}/bin/gitlab-git-http-server -listenUmask 0 -listenNetwork unix -listenAddr ${cfg.stateDir}/tmp/sockets/gitlab-git-http-server.socket -authBackend http://localhost:8080 ${cfg.stateDir}/repositories";
ExecStart =
"${cfg.packages.gitlab-workhorse}/bin/gitlab-workhorse "
+ "-listenUmask 0 "
+ "-listenNetwork unix "
+ "-listenAddr /run/gitlab/gitlab-workhorse.socket "
+ "-authSocket ${gitlabSocket} "
+ "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public";
};
};
systemd.services.gitlab = {
after = [ "network.target" "postgresql.service" "redis.service" ];
wantedBy = [ "multi-user.target" ];
environment.HOME = "${cfg.stateDir}/home";
environment.GEM_HOME = gemHome;
environment.UNICORN_PATH = "${cfg.stateDir}/";
environment.GITLAB_PATH = "${pkgs.gitlab}/share/gitlab/";
environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml";
environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret";
environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
environment.GITLAB_EMAIL_FROM = "${cfg.emailFrom}";
environment.GITLAB_HOST = "${cfg.host}";
environment.GITLAB_PORT = "${toString cfg.port}";
environment.GITLAB_DATABASE_HOST = "${cfg.databaseHost}";
environment.GITLAB_DATABASE_PASSWORD = "${cfg.databasePassword}";
environment.RAILS_ENV = "production";
environment = gitlabEnv;
path = with pkgs; [
config.services.postgresql.package
gitAndTools.git
ruby
openssh
nodejs
];
preStart = ''
# TODO: use env vars
mkdir -p ${cfg.stateDir}
mkdir -p ${cfg.stateDir}/log
mkdir -p ${cfg.stateDir}/satellites
mkdir -p ${cfg.stateDir}/repositories
mkdir -p ${cfg.stateDir}/shell/hooks
mkdir -p ${cfg.stateDir}/tmp/pids
mkdir -p ${cfg.stateDir}/tmp/sockets
rm -rf ${cfg.stateDir}/config
mkdir -p ${cfg.stateDir}/config
mkdir -p ${cfg.backupPath}
mkdir -p ${cfg.statePath}/builds
mkdir -p ${cfg.statePath}/repositories
mkdir -p ${gitlabConfig.production.shared.path}/artifacts
mkdir -p ${gitlabConfig.production.shared.path}/lfs-objects
mkdir -p ${cfg.statePath}/log
mkdir -p ${cfg.statePath}/shell
mkdir -p ${cfg.statePath}/tmp/pids
mkdir -p ${cfg.statePath}/tmp/sockets
rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks
mkdir -p ${cfg.statePath}/config ${cfg.statePath}/shell
# TODO: What exactly is gitlab-shell doing with the secret?
tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 20 > ${cfg.stateDir}/config/gitlab_shell_secret
mkdir -p ${cfg.stateDir}/home/.ssh
touch ${cfg.stateDir}/home/.ssh/authorized_keys
tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 20 > ${cfg.statePath}/config/gitlab_shell_secret
cp -rf ${pkgs.gitlab}/share/gitlab/config ${cfg.stateDir}/
cp ${pkgs.gitlab}/share/gitlab/VERSION ${cfg.stateDir}/VERSION
# The uploads directory is hardcoded somewhere deep in rails. It is
# symlinked in the gitlab package to /run/gitlab/uploads to make it
# configurable
mkdir -p /run/gitlab
mkdir -p ${cfg.statePath}/uploads
ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
chown -R ${cfg.user}:${cfg.group} /run/gitlab
ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.stateDir}/config/database.yml
ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.stateDir}/config/unicorn.rb
# Prepare home directory
mkdir -p ${gitlabEnv.HOME}/.ssh
touch ${gitlabEnv.HOME}/.ssh/authorized_keys
chown -R ${cfg.user}:${cfg.group} ${gitlabEnv.HOME}/
chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME}/
chown -R gitlab:gitlab ${cfg.stateDir}/
chmod -R 755 ${cfg.stateDir}/
cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
ln -sf ${cfg.statePath}/config /run/gitlab/config
cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
# JSON is a subset of YAML
ln -fs ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml
ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.statePath}/config/database.yml
ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.statePath}/config/unicorn.rb
chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}/
chmod -R ug+rwX,o-rwx+X ${cfg.statePath}/
# Install the shell required to push repositories
ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} "$GITLAB_SHELL_CONFIG_PATH"
ln -fs ${cfg.packages.gitlab-shell}/hooks "$GITLAB_SHELL_HOOKS_PATH"
${cfg.packages.gitlab-shell}/bin/install
if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then
if ! test -e "${cfg.stateDir}/db-created"; then
if ! test -e "${cfg.statePath}/db-created"; then
psql postgres -c "CREATE ROLE gitlab WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER ENCRYPTED PASSWORD '${cfg.databasePassword}'"
${config.services.postgresql.package}/bin/createdb --owner gitlab gitlab || true
touch "${cfg.stateDir}/db-created"
touch "${cfg.statePath}/db-created"
# force=yes disables the manual-interaction yes/no prompt
# which breaks without an stdin.
force=yes ${bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile gitlab:setup RAILS_ENV=production
# The gitlab:setup task is horribly broken somehow, these two tasks will do the same for setting up the initial database
${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production
${gitlab-runner}/bin/gitlab-runner exec rake db:seed_fu RAILS_ENV=production \
GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}";
fi
fi
${bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile db:migrate RAILS_ENV=production
# Install the shell required to push repositories
ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} ${cfg.stateDir}/shell/config.yml
export GITLAB_SHELL_CONFIG_PATH=""${cfg.stateDir}/shell/config.yml
${pkgs.gitlab-shell}/bin/install
# Always do the db migrations just to be sure the database is up-to-date
${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production
# Change permissions in the last step because some of the
# intermediary scripts like to create directories as root.
chown -R gitlab:gitlab ${cfg.stateDir}/
chmod -R 755 ${cfg.stateDir}/
# Change permissions in the last step because some of the
# intermediary scripts like to create directories as root.
chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}
chmod -R u+rwX,go-rwx+X ${cfg.statePath}
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
Type = "simple";
User = "gitlab";
Group = "gitlab";
User = cfg.user;
Group = cfg.group;
TimeoutSec = "300";
WorkingDirectory = "${pkgs.gitlab}/share/gitlab";
ExecStart="${bundler}/bin/bundle exec \"unicorn -c ${cfg.stateDir}/config/unicorn.rb -E production\"";
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStart="${bundler}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
};
};

103
nixos/modules/services/misc/gitlab.xml Normal file
View file

@ -0,0 +1,103 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-gitlab">
<title>Gitlab</title>
<para>Gitlab is a feature-rich git hosting service.</para>
<section><title>Prerequisites</title>
<para>The gitlab service exposes only an Unix socket at
<literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a
webserver to proxy HTTP requests to the socket.</para>
<para>For instance, this could be used for Nginx:
<programlisting>
services.nginx.httpConfig = ''
server {
server_name git.example.com;
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_certificate /var/lib/acme/git.example.com/fullchain.pem;
ssl_certificate_key /var/lib/acme/git.example.com/key.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/run/gitlab/gitlab-workhorse.socket;
}
}
'';
</programlisting>
</para>
</section>
<section><title>Configuring</title>
<para>Gitlab depends on both PostgreSQL and Redis and will automatically enable
both services. In the case of PostgreSQL, a database and a role will be created.
</para>
<para>The default state dir is /var/gitlab/state. This is where all data like
the repositories and uploads will be stored.</para>
<para>A basic configuration could look like this:
<programlisting>
services.gitlab = {
enable = true;
databasePassword = "eXaMpl3";
initialRootPassword = "UseNixOS!";
https = true;
host = "git.example.com";
port = 443;
user = "git";
group = "git";
extraConfig = {
gitlab = {
default_projects_features = { builds = false; };
};
};
};
</programlisting>
</para>
<para>Refer to <xref linkend="ch-options" /> for all available configuration
options for the <literal>services.gitlab</literal> module.</para>
</section>
<section><title>Maintenance</title>
<para>You can run all Gitlab related commands like rake tasks with
<literal>gitlab-runner</literal> which will be available on the system
when gitlab is enabled. You will have to run the commands as the user that
you configured to run gitlab.</para>
<para>For instance, to backup a Gitlab instance:
<programlisting>
$ sudo -u git -H gitlab-runner exec rake gitlab:backup:create
</programlisting>
A list of all availabe rake tasks can be obtained by running:
<programlisting>
$ sudo -u git -H gitlab-runner exec rake -T
</programlisting>
</para>
</section>
</chapter>

1
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -61,6 +61,7 @@ in {
package = mkOption {
type = types.package;
default = pkgs.matrix-synapse;
defaultText = "pkgs.matrix-synapse";
description = ''
Overridable attribute of the matrix synapse server package to use.
'';

2
nixos/modules/services/misc/nix-daemon.nix
View file

@ -367,6 +367,8 @@ in
// { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
// config.networking.proxy.envVars;
unitConfig.RequiresMountsFor = "/nix/store";
serviceConfig =
{ Nice = cfg.daemonNiceLevel;
IOSchedulingPriority = cfg.daemonIONiceLevel;

38
nixos/modules/services/misc/nixos-manual.nix
View file

@ -17,16 +17,32 @@ let
nixpkgs.system = config.nixpkgs.system;
};
eval = evalModules {
modules = [ versionModule ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
};
/* For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
manual = import ../../../doc/manual {
inherit pkgs;
version = config.system.nixosVersion;
revision = config.system.nixosRevision;
options = eval.options;
options =
let
scrubbedEval = evalModules {
modules = [ versionModule ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
};
scrubDerivations = namePrefix: pkgSet: mapAttrs
(name: value:
let wholeName = "${namePrefix}.${name}"; in
if isAttrs value then
scrubDerivations wholeName value
// (optionalAttrs (isDerivation value) { outPath = "\${${wholeName}}"; })
else value
)
pkgSet;
in scrubbedEval.options;
};
entry = "${manual.manual}/share/doc/nixos/index.html";
@ -72,7 +88,8 @@ in
};
services.nixosManual.ttyNumber = mkOption {
default = "8";
type = types.int;
default = 8;
description = ''
Virtual console on which to show the manual.
'';
@ -80,6 +97,7 @@ in
services.nixosManual.browser = mkOption {
type = types.path;
default = "${pkgs.w3m-nox}/bin/w3m";
description = ''
Browser used to show the manual.
'';
@ -96,7 +114,7 @@ in
[ manual.manual help ]
++ optional config.programs.man.enable manual.manpages;
boot.extraTTYs = mkIf cfg.showManual ["tty${cfg.ttyNumber}"];
boot.extraTTYs = mkIf cfg.showManual ["tty${toString cfg.ttyNumber}"];
systemd.services = optionalAttrs cfg.showManual
{ "nixos-manual" =
@ -106,7 +124,7 @@ in
{ ExecStart = "${cfg.browser} ${entry}";
StandardInput = "tty";
StandardOutput = "tty";
TTYPath = "/dev/tty${cfg.ttyNumber}";
TTYPath = "/dev/tty${toString cfg.ttyNumber}";
TTYReset = true;
TTYVTDisallocate = true;
Restart = "always";
@ -117,8 +135,6 @@ in
services.mingetty.helpLine = mkIf cfg.showManual
"\nPress <Alt-F${toString cfg.ttyNumber}> for the NixOS manual.";
services.nixosManual.browser = mkDefault "${pkgs.w3m-nox}/bin/w3m";
};
}

120
nixos/modules/services/misc/octoprint.nix Normal file
View file

@ -0,0 +1,120 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.octoprint;
cfgUpdate = pkgs.writeText "octoprint-config.yaml" (builtins.toJSON {
plugins.cura.cura_engine = "${pkgs.curaengine}/bin/CuraEngine";
server.host = cfg.host;
server.port = cfg.port;
webcam.ffmpeg = "${pkgs.ffmpeg}/bin/ffmpeg";
});
pluginsEnv = pkgs.python.buildEnv.override {
extraLibs = cfg.plugins pkgs.octoprint-plugins;
};
in
{
##### interface
options = {
services.octoprint = {
enable = mkEnableOption "OctoPrint, web interface for 3D printers";
host = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Host to bind OctoPrint to.
'';
};
port = mkOption {
type = types.int;
default = 5000;
description = ''
Port to bind OctoPrint to.
'';
};
user = mkOption {
type = types.str;
default = "octoprint";
description = "User for the daemon.";
};
group = mkOption {
type = types.str;
default = "octoprint";
description = "Group for the daemon.";
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/octoprint";
description = "State directory of the daemon.";
};
plugins = mkOption {
#type = types.functionTo (types.listOf types.package);
default = plugins: [];
defaultText = "plugins: []";
example = literalExample "plugins: [ m3d-fio ]";
description = "Additional plugins.";
};
};
};
##### implementation
config = mkIf cfg.enable {
users.extraUsers = optionalAttrs (cfg.user == "octoprint") (singleton
{ name = "octoprint";
group = cfg.group;
uid = config.ids.uids.octoprint;
});
users.extraGroups = optionalAttrs (cfg.group == "octoprint") (singleton
{ name = "octoprint";
gid = config.ids.gids.octoprint;
});
systemd.services.octoprint = {
description = "OctoPrint, web interface for 3D printers";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [ pluginsEnv ];
environment.PYTHONPATH = makeSearchPath pkgs.python.sitePackages [ pluginsEnv ];
preStart = ''
mkdir -p "${cfg.stateDir}"
if [ -e "${cfg.stateDir}/config.yaml" ]; then
${pkgs.yaml-merge}/bin/yaml-merge "${cfg.stateDir}/config.yaml" "${cfgUpdate}" > "${cfg.stateDir}/config.yaml.tmp"
mv "${cfg.stateDir}/config.yaml.tmp" "${cfg.stateDir}/config.yaml"
else
cp "${cfgUpdate}" "${cfg.stateDir}/config.yaml"
chmod 600 "${cfg.stateDir}/config.yaml"
fi
chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}"
'';
serviceConfig = {
ExecStart = "${pkgs.octoprint}/bin/octoprint -b ${cfg.stateDir}";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
};
};
};
}

1
nixos/modules/services/misc/plex.nix
View file

@ -58,6 +58,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.plex;
defaultText = "pkgs.plex";
description = ''
The Plex package to use. Plex subscribers may wish to use their own
package here, pointing to subscriber-only server versions.

30
nixos/modules/services/misc/spice-vdagentd.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.spice-vdagentd;
in
{
options = {
services.spice-vdagentd = {
enable = mkEnableOption "Spice guest vdagent daemon";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.spice-vdagent ];
systemd.services.spice-vdagentd = {
description = "spice-vdagent daemon";
wantedBy = [ "graphical.target" ];
preStart = ''
mkdir -p "/var/run/spice-vdagentd/"
'';
serviceConfig = {
Type = "forking";
ExecStart = "/bin/sh -c '${pkgs.spice-vdagent}/bin/spice-vdagentd'";
};
};
};
}

4
nixos/modules/services/misc/subsonic.nix
View file

@ -97,6 +97,7 @@ in
transcoders = mkOption {
type = types.listOf types.path;
default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ];
description = ''
List of paths to transcoder executables that should be accessible
from Subsonic. Symlinks will be created to each executable inside
@ -152,8 +153,5 @@ in
};
users.extraGroups.subsonic.gid = config.ids.gids.subsonic;
services.subsonic.transcoders = mkDefault [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ];
};
}

11
nixos/modules/services/monitoring/collectd.nix
View file

@ -34,6 +34,15 @@ in {
type = bool;
};
package = mkOption {
default = pkgs.collectd;
defaultText = "pkgs.collectd";
description = ''
Which collectd package to use.
'';
type = package;
};
user = mkOption {
default = "collectd";
description = ''
@ -91,7 +100,7 @@ in {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.collectd}/sbin/collectd -C ${conf} -P ${cfg.pidFile}";
ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -P ${cfg.pidFile}";
Type = "forking";
PIDFile = cfg.pidFile;
User = optional (cfg.user!="root") cfg.user;

1
nixos/modules/services/monitoring/dd-agent.nix
View file

@ -183,7 +183,6 @@ in {
Restart = "always";
RestartSec = 2;
};
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ];
};

4
nixos/modules/services/monitoring/grafana.nix
View file

@ -87,6 +87,7 @@ in {
staticRootPath = mkOption {
description = "Root path for static assets.";
default = "${cfg.package}/share/grafana/public";
type = types.str;
};
@ -232,8 +233,5 @@ in {
home = cfg.dataDir;
createHome = true;
};
services.grafana.staticRootPath = mkDefault "${cfg.package}/share/grafana/public";
};
}

22
nixos/modules/services/monitoring/hdaps.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.hdapsd;
hdapsd = [ pkgs.hdapsd ];
in
{
options = {
services.hdapsd.enable = mkEnableOption
''
Hard Drive Active Protection System Daemon,
devices are detected and managed automatically by udev and systemd
'';
};
config = mkIf cfg.enable {
services.udev.packages = hdapsd;
systemd.packages = hdapsd;
};
}

150
nixos/modules/services/network-filesystems/netatalk.nix Normal file
View file

@ -0,0 +1,150 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.netatalk;
extmapFile = pkgs.writeText "extmap.conf" cfg.extmap;
afpToString = x: if builtins.typeOf x == "bool"
then (if x then "true" else "false")
else toString x;
volumeConfig = name:
let vol = getAttr name cfg.volumes; in
"[${name}]\n " + (toString (
map
(key: "${key} = ${afpToString (getAttr key vol)}\n")
(attrNames vol)
));
afpConf = ''[Global]
extmap file = ${extmapFile}
afp port = ${toString cfg.port}
${cfg.extraConfig}
${if cfg.homes.enable then ''[Homes]
${optionalString (cfg.homes.path != "") "path = ${cfg.homes.path}"}
basedir regex = ${cfg.homes.basedirRegex}
${cfg.homes.extraConfig}
'' else ""}
${toString (map volumeConfig (attrNames cfg.volumes))}
'';
afpConfFile = pkgs.writeText "afp.conf" afpConf;
in
{
options = {
services.netatalk = {
enable = mkOption {
default = false;
description = "Whether to enable the Netatalk AFP fileserver.";
};
port = mkOption {
default = 548;
description = "TCP port to be used for AFP.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = "uam list = uams_guest.so";
description = ''
Lines of configuration to add to the <literal>[Global]</literal> section.
See <literal>man apf.conf</literal> for more information.
'';
};
homes = {
enable = mkOption {
default = false;
description = "Enable sharing of the UNIX server user home directories.";
};
path = mkOption {
default = "";
example = "afp-data";
description = "Share not the whole user home but this subdirectory path.";
};
basedirRegex = mkOption {
example = "/home";
description = "Regex which matches the parent directory of the user homes.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Lines of configuration to add to the <literal>[Homes]</literal> section.
See <literal>man apf.conf</literal> for more information.
'';
};
};
volumes = mkOption {
default = { };
type = types.attrsOf (types.attrsOf types.unspecified);
description =
''
Set of AFP volumes to export.
See <literal>man apf.conf</literal> for more information.
'';
example =
{ srv =
{ path = "/srv";
"read only" = true;
"hosts allow" = "10.1.0.0/16 10.2.1.100 2001:0db8:1234::/48";
};
};
};
extmap = mkOption {
type = types.lines;
default = "";
description = ''
File name extension mappings.
See <literal>man extmap.conf</literal> for more information.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.netatalk = {
description = "Netatalk AFP fileserver for Macintosh clients";
unitConfig.Documentation = "man:afp.conf(5) man:netatalk(8) man:afpd(8) man:cnid_metad(8) man:cnid_dbd(8)";
after = [ "network.target" "avahi-daemon.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.netatalk ];
serviceConfig = {
Type = "forking";
GuessMainPID = "no";
PIDFile = "/run/lock/netatalk";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID";
ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
Restart = "always";
RestartSec = 1;
};
};
security.pam.services.netatalk.unixAuth = true;
};
}

20
nixos/modules/services/network-filesystems/samba.nix
View file

@ -79,6 +79,14 @@ in
description = ''
Whether to enable Samba, which provides file and print
services to Windows clients through the SMB/CIFS protocol.
<note>
<para>If you use the firewall consider adding the following:</para>
<programlisting>
networking.firewall.allowedTCPPorts = [ 139 445 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
</programlisting>
</note>
'';
};
@ -86,7 +94,7 @@ in
type = types.package;
default = pkgs.samba;
defaultText = "pkgs.samba";
example = literalExample "pkgs.samba4";
example = literalExample "pkgs.samba3";
description = ''
Defines which package should be used for the samba server.
'';
@ -118,6 +126,10 @@ in
description = ''
Additional global section and extra section lines go in here.
'';
example = ''
guest account = nobody
map to guest = bad user
'';
};
configText = mkOption {
@ -154,9 +166,11 @@ in
'';
type = types.attrsOf (types.attrsOf types.unspecified);
example =
{ srv =
{ path = "/srv";
{ public =
{ path = "/srv/public";
"read only" = true;
browseable = "yes";
"guest ok" = "yes";
comment = "Public samba share.";
};
};

4
nixos/modules/services/networking/bird.nix
View file

@ -30,7 +30,7 @@ in
user = mkOption {
type = types.string;
default = "ircd";
default = "bird";
description = ''
BIRD Internet Routing Daemon user.
'';
@ -38,7 +38,7 @@ in
group = mkOption {
type = types.string;
default = "ircd";
default = "bird";
description = ''
BIRD Internet Routing Daemon group.
'';

1
nixos/modules/services/networking/consul.nix
View file

@ -33,6 +33,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.consul;
defaultText = "pkgs.consul";
description = ''
The package used for the Consul agent and CLI.
'';

1
nixos/modules/services/networking/ddclient.nix
View file

@ -127,7 +127,6 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
serviceConfig = {
# Uncomment this if too many problems occur:
# Type = "forking";

5
nixos/modules/services/networking/dnscrypt-proxy.nix
View file

@ -52,7 +52,10 @@ in
default = "opendns";
type = types.nullOr types.string;
description = ''
The name of the upstream DNSCrypt resolver to use.
The name of the upstream DNSCrypt resolver to use. See
<literal>${resolverListFile}</literal> for alternative resolvers
(e.g., if you are concerned about logging and/or server
location).
'';
};
customResolver = mkOption {

1
nixos/modules/services/networking/ejabberd.nix
View file

@ -32,6 +32,7 @@ in {
package = mkOption {
type = types.package;
default = pkgs.ejabberd;
defaultText = "pkgs.ejabberd";
description = "ejabberd server package to use";
};

Some files were not shown because too many files have changed in this diff Show more