alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge branch 'master' into staging

Browse source
This commit is contained in:
Orivej Desh 2020-03-23 00:42:14 +00:00
parent 805f6235df e1c3085354
commit 1b89aa3f7a
802 changed files with 31592 additions and 15462 deletions
doc/languages-frameworks
android.section.mdrust.section.md
lib
modules.nixoptions.nix
systems
doubles.nix
tests
modules.sh
modules
declare-enable-nested.nixdeclare-int-positive-value-nested.nixdefine-option-dependently-nested.nixdefine-option-dependently.nix
systems.nix
maintainers
maintainer-list.nix
scripts
nix-generate-from-cpan.pl
team-list.nix
nixos
doc/manual
configuration
configuration.xml
release-notes
rl-2003.xmlrl-2009.xml
lib
eval-config.nix
maintainers/scripts/ec2
amazon-image.nix
modules
hardware
wooting.nix
installer/tools
tools.nix
misc
documentation.nixnixpkgs.nix
module-list.nix
programs
ssmtp.nix
security
google_oslogin.nixtpm2.nix
services
computing/foldingathome
client.nix
misc
folding-at-home.nixmatrix-synapse.nixmatrix-synapse.xmlsssd.nix
monitoring
netdata.nix
networking
firewall.nixiodine.nixresilio.nixsmartdns.nix
ssh
sshd.nix
stubby.nixsupplicant.nixsupybot.nixtailscale.nixzerotierone.nix
security
fail2ban.nix
x11/desktop-managers
kodi.nix
system
activation
top-level.nix
boot
kernel.nixnetworkd.nixstage-1.nix
tests
all-tests.nixfenics.nixiodine.nixmatrix-synapse.nixnetworking.nix
pkgs/applications
audio
ardour
default.nix
aucatctl
default.nix
cadence
default.nix
clementine
default.nix
cmt
default.nix
ft2-clone
default.nix
guitarix
default.nix
hydrogen
default.nix
jack-rack
default.nix
mopidy
iris.nixmpd.nix
mup
default.nixghostscript-permit-file-write.patch
musescore
default.nixremove_qtwebengine_install_hack.patch
netease-cloud-music
default.nix
non
default.nix
parlatype
default.nix
pt2-clone
default.nix
rosegarden
default.nix
sonic-lineup
default.nix
sonic-visualiser
default.nix
soundtracker
default.nix
spotify-tui
default.nix
vorbis-tools
default.nix
blockchains
go-ethereum.nixlnd.nix
monero-gui
default.nixmove-log-file.patch
monero
default.nix
quorum.nix
zcash
default.nix
librustzcash
default.nix
editors
android-studio
default.nix
emacs-modes
elpa-generated.nixrecipes-archive-melpa.json
emacs
default.nix
glow
default.nix
jetbrains
default.nix
neovim
wrapper.nix
texworks
default.nix
gis
openorienteering-mapper
default.nix
saga
default.nix
graphics
cq-editor
default.nix
darktable
default.nix
jbrout
default.nix
Show more

2
doc/languages-frameworks/android.section.md
View file

@ -235,5 +235,5 @@ package manager uses. To update the expressions run the `generate.sh` script
that is stored in the `pkgs/development/mobile/androidenv/` sub directory:
```bash
sh ./generate.sh
./generate.sh
```

6
doc/languages-frameworks/rust.section.md
View file

@ -60,9 +60,9 @@ Nix depends on this file, so if it missing you can use `cargoPatches` to apply
it in the `patchPhase`. Consider sending a PR upstream with a note to the
maintainer describing why it's important to include in the application.
Unless `legacyCargoFetcher` is set to `true`, the fetcher will also verify that
the `Cargo.lock` file is in sync with the `src` attribute, and will compress the
vendor directory into a tar.gz archive.
The fetcher will verify that the `Cargo.lock` file is in sync with the `src`
attribute, and fail the build if not. It will also will compress the vendor
directory into a tar.gz archive.
### Building a crate for a different target

13
lib/modules.nix
View file

@ -93,7 +93,11 @@ rec {
res set._definedNames
else
res;
result = { inherit options config; };
result = {
inherit options;
config = removeAttrs config [ "_module" ];
inherit (config) _module;
};
in result;
# collectModules :: (modulesPath: String) -> (modules: [ Module ]) -> (args: Attrs) -> [ Module ]
@ -410,10 +414,9 @@ rec {
# Type-check the remaining definitions, and merge them. Or throw if no definitions.
mergedValue =
if isDefined then
foldl' (res: def:
if type.check def.value then res
else throw "The option value `${showOption loc}' in `${def.file}' is not of type `${type.description}'."
) (type.merge loc defsFinal) defsFinal
if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
else let firstInvalid = findFirst (def: ! type.check def.value) null defsFinal;
in throw "The option value `${showOption loc}' in `${firstInvalid.file}' is not of type `${type.description}'."
else
# (nixos-option detects this specific error message and gives it special
# handling. If changed here, please change it there too.)

2
lib/options.nix
View file

@ -159,7 +159,7 @@ rec {
let ss = opt.type.getSubOptions opt.loc;
in if ss != {} then optionAttrSetToDocList' opt.loc ss else [];
in
[ docOption ] ++ subOptions) (collect isOption options);
[ docOption ] ++ optionals docOption.visible subOptions) (collect isOption options);
/* This function recursively removes all derivation attributes from

8
lib/systems/doubles.nix
View file

@ -26,7 +26,13 @@ let
"riscv32-linux" "riscv64-linux"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none" "vc4-none"
"arm-none" "armv6l-none" "aarch64-none"
"avr-none"
"i686-none" "x86_64-none"
"powerpc-none"
"msp430-none"
"riscv64-none" "riscv32-none"
"vc4-none"
"js-ghcjs"
];

13
lib/tests/modules.sh
View file

@ -185,6 +185,14 @@ checkConfigError 'The option .* defined in .* does not exist' config.enable ./di
# Check that imports can depend on derivations
checkConfigOutput "true" config.enable ./import-from-store.nix
# Check that configs can be conditional on option existence
checkConfigOutput true config.enable ./define-option-dependently.nix ./declare-enable.nix ./declare-int-positive-value.nix
checkConfigOutput 360 config.value ./define-option-dependently.nix ./declare-enable.nix ./declare-int-positive-value.nix
checkConfigOutput 7 config.value ./define-option-dependently.nix ./declare-int-positive-value.nix
checkConfigOutput true config.set.enable ./define-option-dependently-nested.nix ./declare-enable-nested.nix ./declare-int-positive-value-nested.nix
checkConfigOutput 360 config.set.value ./define-option-dependently-nested.nix ./declare-enable-nested.nix ./declare-int-positive-value-nested.nix
checkConfigOutput 7 config.set.value ./define-option-dependently-nested.nix ./declare-int-positive-value-nested.nix
# Check attrsOf and lazyAttrsOf. Only lazyAttrsOf should be lazy, and only
# attrsOf should work with conditional definitions
# In addition, lazyAttrsOf should honor an options emptyValue
@ -194,6 +202,11 @@ checkConfigOutput "true" config.conditionalWorks ./declare-attrsOf.nix ./attrsOf
checkConfigOutput "false" config.conditionalWorks ./declare-lazyAttrsOf.nix ./attrsOf-conditional-check.nix
checkConfigOutput "empty" config.value.foo ./declare-lazyAttrsOf.nix ./attrsOf-conditional-check.nix
# Even with multiple assignments, a type error should be thrown if any of them aren't valid
checkConfigError 'The option value .* in .* is not of type .*' \
config.value ./declare-int-unsigned-value.nix ./define-value-list.nix ./define-value-int-positive.nix
cat <<EOF
====== module tests ======
$pass Pass

14
lib/tests/modules/declare-enable-nested.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, ... }:
{
options.set = {
enable = lib.mkOption {
default = false;
example = true;
type = lib.types.bool;
description = ''
Some descriptive text
'';
};
};
}

9
lib/tests/modules/declare-int-positive-value-nested.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, ... }:
{
options.set = {
value = lib.mkOption {
type = lib.types.ints.positive;
};
};
}

16
lib/tests/modules/define-option-dependently-nested.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, options, ... }:
# Some modules may be distributed separately and need to adapt to other modules
# that are distributed and versioned separately.
{
# Always defined, but the value depends on the presence of an option.
config.set = {
value = if options ? set.enable then 360 else 7;
}
# Only define if possible.
// lib.optionalAttrs (options ? set.enable) {
enable = true;
};
}

16
lib/tests/modules/define-option-dependently.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, options, ... }:
# Some modules may be distributed separately and need to adapt to other modules
# that are distributed and versioned separately.
{
# Always defined, but the value depends on the presence of an option.
config = {
value = if options ? enable then 360 else 7;
}
# Only define if possible.
// lib.optionalAttrs (options ? enable) {
enable = true;
};
}

2
lib/tests/systems.nix
View file

@ -14,7 +14,7 @@ let
in with lib.systems.doubles; lib.runTests {
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js);
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
testmips = mseteq mips [ "mipsel-linux" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];

73
maintainers/maintainer-list.nix
View file

@ -711,6 +711,12 @@
githubId = 55833;
name = "Troels Henriksen";
};
atkinschang = {
email = "atkinschang+nixpkgs@gmail.com";
github = "AtkinsChang";
githubId = 5193600;
name = "Atkins Chang";
};
atnnn = {
email = "etienne@atnnn.com";
github = "atnnn";
@ -1919,6 +1925,12 @@
githubId = 126339;
name = "Domen Kozar";
};
dominikh = {
email = "dominik@honnef.co";
github = "dominikh";
githubId = 39825;
name = "Dominik Honnef";
};
doronbehar = {
email = "me@doronbehar.com";
github = "doronbehar";
@ -2748,6 +2760,12 @@
githubId = 3217744;
name = "Peter Ferenczy";
};
gila = {
email = "jeffry.molanus@gmail.com";
github = "gila";
githubId = 15957973;
name = "Jeffry Molanus";
};
gilligan = {
email = "tobias.pflug@gmail.com";
github = "gilligan";
@ -3713,6 +3731,16 @@
githubId = 66669;
name = "Jeff Zellner";
};
kaction = {
name = "Dmitry Bogatov";
email = "KAction@disroot.org";
github = "kaction";
githubId = 44864956;
key = [{
longkeyid = "ed25519/0x749FD4DFA2E94236";
fingerprint = "3F87 0A7C A7B4 3731 2F13 6083 749F D4DF A2E9 4236";
}];
};
kaiha = {
email = "kai.harries@gmail.com";
github = "kaiha";
@ -3746,6 +3774,12 @@
github = "kampfschlaefer";
name = "Arnold Krille";
};
karantan = {
name = "Gasper Vozel";
email = "karantan@gmail.com";
github = "karantan";
githubId = 7062631;
};
karolchmist = {
email = "info+nix@chmist.com";
name = "karolchmist";
@ -3914,6 +3948,11 @@
githubId = 13721712;
name = "Konrad Langenberg";
};
kolbycrouch = {
email = "kjc.devel@gmail.com";
github = "kolbycrouch";
name = "Kolby Crouch";
};
konimex = {
email = "herdiansyah@netc.eu";
github = "konimex";
@ -4132,6 +4171,12 @@
github = "leonardoce";
name = "Leonardo Cecchi";
};
leshainc = {
email = "leshainc@fomalhaut.me";
github = "LeshaInc";
githubId = 42153076;
name = "Alexey Nikashkin";
};
lethalman = {
email = "lucabru@src.gnome.org";
github = "lethalman";
@ -4144,6 +4189,16 @@
githubId = 3425311;
name = "Antoine Eiche";
};
lexuge = {
name = "Harry Ying";
email = "lexugeyky@outlook.com";
github = "LEXUGE";
githubId = 13804737;
keys = [{
longkeyid = "rsa4096/0xAE53B4C2E58EDD45";
fingerprint = "7FE2 113A A08B 695A C8B8 DDE6 AE53 B4C2 E58E DD45";
}];
};
lheckemann = {
email = "git@sphalerite.org";
github = "lheckemann";
@ -4587,6 +4642,12 @@
githubId = 1269099;
name = "Marius Bakke";
};
mbaillie = {
email = "martin@baillie.email";
github = "martinbaillie";
githubId = 613740;
name = "Martin Baillie";
};
mbbx6spp = {
email = "me@susanpotter.net";
github = "mbbx6spp";
@ -4791,6 +4852,12 @@
githubId = 3958340;
name = "Eshin Kunishima";
};
mikesperber = {
email = "sperber@deinprogramm.de";
github = "mikesperber";
githubId = 1387206;
name = "Mike Sperber";
};
mildlyincompetent = {
email = "nix@kch.dev";
github = "mildlyincompetent";
@ -6169,6 +6236,12 @@
githubId = 2507744;
name = "Roland Koebler";
};
rkrzr = {
email = "ops+nixpkgs@channable.com";
github = "rkrzr";
githubId = 82817;
name = "Robert Kreuzer";
};
rlupton20 = {
email = "richard.lupton@gmail.com";
github = "rlupton20";

13
maintainers/scripts/nix-generate-from-cpan.pl
View file

@ -6,6 +6,7 @@ use warnings;
use CPAN::Meta();
use CPANPLUS::Backend();
use Module::CoreList;
use Getopt::Long::Descriptive qw( describe_options );
use JSON::PP qw( encode_json );
use Log::Log4perl qw(:easy);
@ -164,7 +165,7 @@ Readonly::Hash my %LICENSE_MAP => (
# License not provided in metadata.
unknown => {
licenses => [qw( unknown )],
licenses => [],
amb => 1
}
);
@ -278,14 +279,8 @@ sub get_deps {
foreach my $n ( $deps->required_modules ) {
next if $n eq "perl";
# Figure out whether the module is a core module by attempting
# to `use` the module in a pure Perl interpreter and checking
# whether it succeeded. Note, $^X is a magic variable holding
# the path to the running Perl interpreter.
if ( system("env -i $^X -M$n -e1 >/dev/null 2>&1") == 0 ) {
DEBUG("skipping Perl-builtin module $n");
next;
}
my @core = Module::CoreList->find_modules(qr/^$n$/);
next if (@core);
my $pkg = module_to_pkg( $cb, $n );

9
maintainers/team-list.nix
View file

@ -21,4 +21,13 @@ with lib.maintainers; {
members = [ jtojnar worldofpeace ];
scope = "Maintain Freedesktop.org packages for graphical desktop.";
};
gnome = {
members = [
hedning
jtojnar
worldofpeace
];
scope = "Maintain GNOME desktop environment and platform.";
};
}

1
nixos/doc/manual/configuration/configuration.xml
View file

@ -21,7 +21,6 @@
<xi:include href="xfce.xml" />
<xi:include href="networking.xml" />
<xi:include href="linux-kernel.xml" />
<xi:include href="matrix.xml" />
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
<xi:include href="profiles.xml" />
<xi:include href="kubernetes.xml" />

74
nixos/doc/manual/release-notes/rl-2003.xml
View file

@ -196,10 +196,10 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</listitem>
<listitem>
<para>
There is now only one Xfce package-set and module. This means attributes, <literal>xfce4-14</literal>
<literal>xfce4-12</literal>, and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in future NixOS releases will be the latest released version of Xfce available at the
time during the releases development (if viable).
There is now only one Xfce package-set and module. This means that attributes <literal>xfce4-14</literal>
and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in the future NixOS releases will be the latest released version of Xfce available at the
time of the release's development (if viable).
</para>
</listitem>
<listitem>
@ -235,7 +235,7 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
<listitem>
<para>
The <literal>buildRustCrate</literal> infrastructure now produces <literal>lib</literal> outputs in addition to the <literal>out</literal> output.
This has led to drastically reduced closed sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
This has led to drastically reduced closure sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
</para>
</listitem>
<listitem>
@ -641,6 +641,13 @@ auth required pam_succeed_if.so uid >= 1000 quiet
The previous behavior can be restored by setting <literal>config.riot-web.conf = { disable_guests = false; piwik = true; }</literal>.
</para>
</listitem>
<listitem>
<para>
Stand-alone usage of <literal>Upower</literal> now requires
<option>services.upower.enable</option> instead of just installing into
<xref linkend="opt-environment.systemPackages"/>.
</para>
</listitem>
</itemizedlist>
</section>
@ -712,6 +719,63 @@ auth required pam_succeed_if.so uid >= 1000 quiet
For further reference, please read <link xlink:href="https://github.com/NixOS/nixpkgs/pull/68953">#68953</link> or the corresponding <link xlink:href="https://discourse.nixos.org/t/predictable-network-interface-names-in-initrd/4055">discourse thread</link>.
</para>
</listitem>
<listitem>
<para>
The <package>matrix-synapse</package>-package has been updated to
<link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.11.1">v1.11.1</link>.
Due to <link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.10.0rc1">stricter requirements</link>
for database configuration when using <package>postgresql</package>, the automated database setup
of the module has been removed to avoid any further edge-cases.
</para>
<para>
<package>matrix-synapse</package> expects <literal>postgresql</literal>-databases to have the options
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal> set to
<link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link> which basically
instructs <literal>postgresql</literal> to ignore any locale-based preferences.
</para>
<para>
Depending on your setup, you need to incorporate one of the following changes in your setup to
upgrade to 20.03:
<itemizedlist>
<listitem><para>If you use <literal>sqlite3</literal> you don't need to do anything.</para></listitem>
<listitem><para>If you use <literal>postgresql</literal> on a different server, you don't need
to change anything as well since this module was never designed to configure remote databases.
</para></listitem>
<listitem><para>If you use <literal>postgresql</literal> and configured your synapse initially on
<literal>19.09</literal> or older, you simply need to enable <package>postgresql</package>-support
explicitly:
<programlisting>{ ... }: {
services.matrix-synapse = {
<link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
/* and all the other config you've defined here */
};
<link linkend="opt-services.postgresql.enable">services.postgresql.enable</link> = true;
}</programlisting>
</para></listitem>
<listitem><para>If you deploy a fresh <package>matrix-synapse</package>, you need to configure
the database yourself (e.g. by using the
<link linkend="opt-services.postgresql.initialScript">services.postgresql.initialScript</link>
option). An example for this can be found in the
<link linkend="module-services-matrix">documentation of the Matrix module</link>.
</para></listitem>
<listitem><para>If you initially deployed your <package>matrix-synapse</package> on
<literal>nixos-unstable</literal> <emphasis>after</emphasis> the <literal>19.09</literal>-release,
your database is misconfigured due to a regression in NixOS. For now, <package>matrix-synapse</package> will
startup with a warning, but it's recommended to reconfigure the database to set the values
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal> to
<link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link>.
</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-systemd.network.links">systemd.network.links</link> option is now respected
even when <link linkend="opt-systemd.network.enable">systemd-networkd</link> is disabled.
This mirrors the behaviour of systemd - It's udev that parses <literal>.link</literal> files,
not <command>systemd-networkd</command>.
</para>
</listitem>
</itemizedlist>
</section>
</section>

19
nixos/doc/manual/release-notes/rl-2009.xml
View file

@ -28,6 +28,15 @@
PHP now defaults to PHP 7.4, updated from 7.3.
</para>
</listitem>
<listitem>
<para>
Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
and <link linkend="opt-services.openssh.authorizedKeysCommandUser">authorizedKeysCommandUser</link>, have
been added to the <literal>openssh</literal> module. If you have <literal>AuthorizedKeysCommand</literal>
in your <link linkend="opt-services.openssh.extraConfig">services.openssh.extraConfig</link> you should
make use of these new options instead.
</para>
</listitem>
</itemizedlist>
</section>
@ -77,6 +86,16 @@
}</programlisting>
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.supybot.enable">supybot</link> module now uses <literal>/var/lib/supybot</literal>
as its default <link linkend="opt-services.supybot.stateDir">stateDir</link> path if <literal>stateVersion</literal>
is 20.09 or higher. It also enables number of
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing">systemd sandboxing options</link>
which may possibly interfere with some plugins. If this is the case you can disable the options through attributes in
<option>systemd.services.supybot.serviceConfig</option>.
</para>
</listitem>
</itemizedlist>
</section>

4
nixos/lib/eval-config.nix
View file

@ -61,7 +61,7 @@ in rec {
args = extraArgs;
specialArgs =
{ modulesPath = builtins.toString ../modules; } // specialArgs;
}) config options;
}) config options _module;
# These are the extra arguments passed to every module. In
# particular, Nixpkgs is passed through the "pkgs" argument.
@ -69,5 +69,5 @@ in rec {
inherit baseModules extraModules modules;
};
inherit (config._module.args) pkgs;
inherit (_module.args) pkgs;
}

11
nixos/maintainers/scripts/ec2/amazon-image.nix
View file

@ -8,10 +8,15 @@ in {
imports = [ ../../../modules/virtualisation/amazon-image.nix ];
# Required to provide good EBS experience,
# Amazon recomments setting this to the highest possible value for a good EBS
# experience, which prior to 4.15 was 255.
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes
# TODO change value to 4294967295 when kernel is updated to 4.15 or later
config.boot.kernelParams = [ "nvme_core.io_timeout=255" ];
config.boot.kernelParams =
let timeout =
if pkgs.lib.versionAtLeast config.boot.kernelPackages.kernel.version "4.15"
then "4294967295"
else "255";
in [ "nvme_core.io_timeout=${timeout}" ];
options.amazonImage = {
name = mkOption {

12
nixos/modules/hardware/wooting.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.hardware.wooting.enable =
mkEnableOption "Enable support for Wooting keyboards";
config = mkIf config.hardware.wooting.enable {
environment.systemPackages = [ pkgs.wootility ];
services.udev.packages = [ pkgs.wooting-udev-rules ];
};
}

8
nixos/modules/installer/tools/tools.nix
View file

@ -42,7 +42,10 @@ let
inherit (config.system.nixos-generate-config) configuration;
};
nixos-option = pkgs.callPackage ./nixos-option { };
nixos-option =
if lib.versionAtLeast (lib.getVersion pkgs.nix) "2.4pre"
then null
else pkgs.callPackage ./nixos-option { };
nixos-version = makeProg {
name = "nixos-version";
@ -184,10 +187,9 @@ in
nixos-install
nixos-rebuild
nixos-generate-config
nixos-option
nixos-version
nixos-enter
];
] ++ lib.optional (nixos-option != null) nixos-option;
system.build = {
inherit nixos-install nixos-generate-config nixos-option nixos-rebuild nixos-enter;

14
nixos/modules/misc/documentation.nix
View file

@ -17,6 +17,7 @@ let
inherit pkgs config;
version = config.system.nixos.release;
revision = "release-${version}";
extraSources = cfg.nixos.extraModuleSources;
options =
let
scrubbedEval = evalModules {
@ -163,6 +164,19 @@ in
'';
};
nixos.extraModuleSources = mkOption {
type = types.listOf (types.either types.path types.str);
default = [ ];
description = ''
Which extra NixOS module paths the generated NixOS's documentation should strip
from options.
'';
example = literalExample ''
# e.g. with options from modules in ''${pkgs.customModules}/nix:
[ pkgs.customModules ]
'';
};
};
};

4
nixos/modules/misc/nixpkgs.nix
View file

@ -236,8 +236,8 @@ in
let
nixosExpectedSystem =
if config.nixpkgs.crossSystem != null
then config.nixpkgs.crossSystem.system
else config.nixpkgs.localSystem.system;
then config.nixpkgs.crossSystem.system or (lib.systems.parse.doubleFromSystem (lib.systems.parse.mkSystemFromString config.nixpkgs.crossSystem.config))
else config.nixpkgs.localSystem.system or (lib.systems.parse.doubleFromSystem (lib.systems.parse.mkSystemFromString config.nixpkgs.localSystem.config));
nixosOption =
if config.nixpkgs.crossSystem != null
then "nixpkgs.crossSystem"

10
nixos/modules/module-list.nix
View file

@ -64,6 +64,7 @@
./hardware/tuxedo-keyboard.nix
./hardware/usb-wwan.nix
./hardware/onlykey.nix
./hardware/wooting.nix
./hardware/video/amdgpu.nix
./hardware/video/amdgpu-pro.nix
./hardware/video/ati.nix
@ -200,6 +201,7 @@
./security/wrappers/default.nix
./security/sudo.nix
./security/systemd-confinement.nix
./security/tpm2.nix
./services/admin/oxidized.nix
./services/admin/salt/master.nix
./services/admin/salt/minion.nix
@ -247,9 +249,10 @@
./services/cluster/kubernetes/proxy.nix
./services/cluster/kubernetes/scheduler.nix
./services/computing/boinc/client.nix
./services/computing/torque/server.nix
./services/computing/torque/mom.nix
./services/computing/foldingathome/client.nix
./services/computing/slurm/slurm.nix
./services/computing/torque/mom.nix
./services/computing/torque/server.nix
./services/continuous-integration/buildbot/master.nix
./services/continuous-integration/buildbot/worker.nix
./services/continuous-integration/buildkite-agents.nix
@ -432,7 +435,6 @@
./services/misc/ethminer.nix
./services/misc/exhibitor.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/freeswitch.nix
./services/misc/fstrim.nix
./services/misc/gammu-smsd.nix
@ -709,6 +711,7 @@
./services/networking/shorewall6.nix
./services/networking/shout.nix
./services/networking/sniproxy.nix
./services/networking/smartdns.nix
./services/networking/smokeping.nix
./services/networking/softether.nix
./services/networking/spacecookie.nix
@ -726,6 +729,7 @@
./services/networking/syncthing.nix
./services/networking/syncthing-relay.nix
./services/networking/syncplay.nix
./services/networking/tailscale.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tedicross.nix

12
nixos/modules/programs/ssmtp.nix
View file

@ -14,8 +14,16 @@ in
{
imports = [
(mkRenamedOptionModule [ "networking" "defaultMailServer" ] [ "services" "ssmtp" ])
(mkRenamedOptionModule [ "services" "ssmtp" "directDelivery" ] [ "services" "ssmtp" "enable" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPass" ] [ "services" "ssmtp" "authPass" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
];
options = {

6
nixos/modules/security/google_oslogin.nix
View file

@ -59,10 +59,8 @@ in
exec ${package}/bin/google_authorized_keys "$@"
'';
};
services.openssh.extraConfig = ''
AuthorizedKeysCommand /etc/ssh/authorized_keys_command_google_oslogin %u
AuthorizedKeysCommandUser nobody
'';
services.openssh.authorizedKeysCommand = "/etc/ssh/authorized_keys_command_google_oslogin %u";
services.openssh.authorizedKeysCommandUser = "nobody";
};
}

185
nixos/modules/security/tpm2.nix Normal file
View file

@ -0,0 +1,185 @@
{ lib, pkgs, config, ... }:
let
cfg = config.security.tpm2;
# This snippet is taken from tpm2-tss/dist/tpm-udev.rules, but modified to allow custom user/groups
# The idea is that the tssUser is allowed to acess the TPM and kernel TPM resource manager, while
# the tssGroup is only allowed to access the kernel resource manager
# Therefore, if either of the two are null, the respective part isn't generated
udevRules = tssUser: tssGroup: ''
${lib.optionalString (tssUser != null) ''KERNEL=="tpm[0-9]*", MODE="0660", OWNER="${tssUser}"''}
${lib.optionalString (tssUser != null || tssGroup != null)
''KERNEL=="tpmrm[0-9]*", MODE="0660"''
+ lib.optionalString (tssUser != null) '', OWNER="${tssUser}"''
+ lib.optionalString (tssGroup != null) '', GROUP="${tssGroup}"''
}
'';
in {
options.security.tpm2 = {
enable = lib.mkEnableOption "Trusted Platform Module 2 support";
tssUser = lib.mkOption {
description = ''
Name of the tpm device-owner and service user, set if applyUdevRules is
set.
'';
type = lib.types.nullOr lib.types.str;
default = if cfg.abrmd.enable then "tss" else "root";
defaultText = ''"tss" when using the userspace resource manager,'' +
''"root" otherwise'';
};
tssGroup = lib.mkOption {
description = ''
Group of the tpm kernel resource manager (tpmrm) device-group, set if
applyUdevRules is set.
'';
type = lib.types.nullOr lib.types.str;
default = "tss";
};
applyUdevRules = lib.mkOption {
description = ''
Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or
the /dev/tpmrm[0-9] by tssGroup respectively
'';
type = lib.types.bool;
default = true;
};
abrmd = {
enable = lib.mkEnableOption ''
Trusted Platform 2 userspace resource manager daemon
'';
package = lib.mkOption {
description = "tpm2-abrmd package to use";
type = lib.types.package;
default = pkgs.tpm2-abrmd;
defaultText = "pkgs.tpm2-abrmd";
};
};
pkcs11 = {
enable = lib.mkEnableOption ''
TPM2 PKCS#11 tool and shared library in system path
(<literal>/run/current-system/sw/lib/libtpm2_pkcs11.so</literal>)
'';
package = lib.mkOption {
description = "tpm2-pkcs11 package to use";
type = lib.types.package;
default = pkgs.tpm2-pkcs11;
defaultText = "pkgs.tpm2-pkcs11";
};
};
tctiEnvironment = {
enable = lib.mkOption {
description = ''
Set common TCTI environment variables to the specified value.
The variables are
<itemizedlist>
<listitem>
<para>
<literal>TPM2TOOLS_TCTI</literal>
</para>
</listitem>
<listitem>
<para>
<literal>TPM2_PKCS11_TCTI</literal>
</para>
</listitem>
</itemizedlist>
'';
type = lib.types.bool;
default = false;
};
interface = lib.mkOption {
description = ''
The name of the TPM command transmission interface (TCTI) library to
use.
'';
type = lib.types.enum [ "tabrmd" "device" ];
default = "device";
};
deviceConf = lib.mkOption {
description = ''
Configuration part of the device TCTI, e.g. the path to the TPM device.
Applies if interface is set to "device".
The format is specified in the
<link xlink:href="https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md#tcti-options">
tpm2-tools repository</link>.
'';
type = lib.types.str;
default = "/dev/tpmrm0";
};
tabrmdConf = lib.mkOption {
description = ''
Configuration part of the tabrmd TCTI, like the D-Bus bus name.
Applies if interface is set to "tabrmd".
The format is specified in the
<link xlink:href="https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md#tcti-options">
tpm2-tools repository</link>.
'';
type = lib.types.str;
default = "bus_name=com.intel.tss2.Tabrmd";
};
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
# PKCS11 tools and library
environment.systemPackages = lib.mkIf cfg.pkcs11.enable [
(lib.getBin cfg.pkcs11.package)
(lib.getLib cfg.pkcs11.package)
];
services.udev.extraRules = lib.mkIf cfg.applyUdevRules
(udevRules cfg.tssUser cfg.tssGroup);
# Create the tss user and group only if the default value is used
users.users.${cfg.tssUser} = lib.mkIf (cfg.tssUser == "tss") {
isSystemUser = true;
};
users.groups.${cfg.tssGroup} = lib.mkIf (cfg.tssGroup == "tss") {};
environment.variables = lib.mkIf cfg.tctiEnvironment.enable (
lib.attrsets.genAttrs [
"TPM2TOOLS_TCTI"
"TPM2_PKCS11_TCTI"
] (_: ''${cfg.tctiEnvironment.interface}:${
if cfg.tctiEnvironment.interface == "tabrmd" then
cfg.tctiEnvironment.tabrmdConf
else
cfg.tctiEnvironment.deviceConf
}'')
);
}
(lib.mkIf cfg.abrmd.enable {
systemd.services."tpm2-abrmd" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "dbus";
Restart = "always";
RestartSec = 30;
BusName = "com.intel.tss2.Tabrmd";
StandardOutput = "syslog";
ExecStart = "${cfg.abrmd.package}/bin/tpm2-abrmd";
User = "tss";
Group = "nogroup";
};
};
services.dbus.packages = lib.singleton cfg.abrmd.package;
})
]);
meta.maintainers = with lib.maintainers; [ lschuermann ];
}

81
nixos/modules/services/computing/foldingathome/client.nix Normal file
View file

@ -0,0 +1,81 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.foldingathome;
args =
["--team" "${toString cfg.team}"]
++ lib.optionals (cfg.user != null) ["--user" cfg.user]
++ cfg.extraArgs
;
in
{
imports = [
(mkRenamedOptionModule [ "services" "foldingAtHome" ] [ "services" "foldingathome" ])
(mkRenamedOptionModule [ "services" "foldingathome" "nickname" ] [ "services" "foldingathome" "user" ])
(mkRemovedOptionModule [ "services" "foldingathome" "config" ] ''
Use <literal>services.foldingathome.extraArgs instead<literal>
'')
];
options.services.foldingathome = {
enable = mkEnableOption "Enable the Folding@home client";
package = mkOption {
type = types.package;
default = pkgs.fahclient;
defaultText = "pkgs.fahclient";
description = ''
Which Folding@home client to use.
'';
};
user = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The user associated with the reported computation results. This will
be used in the ranking statistics.
'';
};
team = mkOption {
type = types.int;
default = 236565;
description = ''
The team ID associated with the reported computation results. This
will be used in the ranking statistics.
By default, use the NixOS folding@home team ID is being used.
'';
};
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra startup options for the FAHClient. Run
<literal>FAHClient --help</literal> to find all the available options.
'';
};
};
config = mkIf cfg.enable {
systemd.services.foldingathome = {
description = "Folding@home client";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = ''
exec ${cfg.package}/bin/FAHClient ${lib.escapeShellArgs args}
'';
serviceConfig = {
DynamicUser = true;
StateDirectory = "foldingathome";
WorkingDirectory = "%S/foldingathome";
};
};
};
meta = {
maintainers = with lib.maintainers; [ zimbatm ];
};
}

67
nixos/modules/services/misc/folding-at-home.nix
View file

@ -1,67 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
stateDir = "/var/lib/foldingathome";
cfg = config.services.foldingAtHome;
fahUser = "foldingathome";
in {
###### interface
options = {
services.foldingAtHome = {
enable = mkOption {
default = false;
description = ''
Whether to enable the Folding@Home to use idle CPU time.
'';
};
nickname = mkOption {
default = "Anonymous";
description = ''
A unique handle for statistics.
'';
};
config = mkOption {
default = "";
description = ''
Extra configuration. Contents will be added verbatim to the
configuration file.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
users.users.${fahUser} =
{ uid = config.ids.uids.foldingathome;
description = "Folding@Home user";
home = stateDir;
};
systemd.services.foldingathome = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${fahUser} ${stateDir}
cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg
'';
script = "${pkgs.su}/bin/su -s ${pkgs.runtimeShell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'";
};
services.foldingAtHome.config = ''
[settings]
username=${cfg.nickname}
'';
};
}

46
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -111,6 +111,9 @@ app_service_config_files: ${builtins.toJSON cfg.app_service_config_files}
${cfg.extraConfig}
'';
hasLocalPostgresDB = let args = cfg.database_args; in
usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
in {
options = {
services.matrix-synapse = {
@ -354,13 +357,6 @@ in {
The database engine name. Can be sqlite or psycopg2.
'';
};
create_local_database = mkOption {
type = types.bool;
default = true;
description = ''
Whether to create a local database automatically.
'';
};
database_name = mkOption {
type = types.str;
default = "matrix-synapse";
@ -657,6 +653,25 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{ assertion = hasLocalPostgresDB -> config.services.postgresql.enable;
message = ''
Cannot deploy matrix-synapse with a configuration for a local postgresql database
and a missing postgresql service. Since 20.03 it's mandatory to manually configure the
database (please read the thread in https://github.com/NixOS/nixpkgs/pull/80447 for
further reference).
If you
- try to deploy a fresh synapse, you need to configure the database yourself. An example
for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>
- update your existing matrix-synapse instance, you simply need to add `services.postgresql.enable = true`
to your configuration.
For further information about this update, please read the release-notes of 20.03 carefully.
'';
}
];
users.users.matrix-synapse = {
group = "matrix-synapse";
home = cfg.dataDir;
@ -669,18 +684,9 @@ in {
gid = config.ids.gids.matrix-synapse;
};
services.postgresql = mkIf (usePostgresql && cfg.create_local_database) {
enable = mkDefault true;
ensureDatabases = [ cfg.database_name ];
ensureUsers = [{
name = cfg.database_user;
ensurePermissions = { "DATABASE \"${cfg.database_name}\"" = "ALL PRIVILEGES"; };
}];
};
systemd.services.matrix-synapse = {
description = "Synapse Matrix homeserver";
after = [ "network.target" ] ++ lib.optional config.services.postgresql.enable "postgresql.service" ;
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
wantedBy = [ "multi-user.target" ];
preStart = ''
${cfg.package}/bin/homeserver \
@ -709,6 +715,12 @@ in {
The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
as the behavior is now obsolete.
'')
(mkRemovedOptionModule [ "services" "matrix-synapse" "create_local_database" ] ''
Database configuration must be done manually. An exemplary setup is demonstrated in
<nixpkgs/nixos/tests/matrix-synapse.nix>
'')
];
meta.doc = ./matrix-synapse.xml;
}

97
nixos/doc/manual/configuration/matrix.xml → nixos/modules/services/misc/matrix-synapse.xml
View file

@ -40,26 +40,35 @@ let
in join config.networking.hostName config.networking.domain;
in {
networking = {
hostName = "myhostname";
domain = "example.org";
<link linkend="opt-networking.hostName">hostName</link> = "myhostname";
<link linkend="opt-networking.domain">domain</link> = "example.org";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
<link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ];
<link linkend="opt-services.postgresql.enable">services.postgresql.enable</link> = true;
<link linkend="opt-services.postgresql.initialScript">services.postgresql.initialScript</link> = ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.nginx = {
enable = true;
<link linkend="opt-services.nginx.enable">enable</link> = true;
# only recommendedProxySettings and recommendedGzipSettings are strictly required,
# but the rest make sense as well
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
<link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true;
<link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true;
<link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true;
<link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true;
virtualHosts = {
<link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = {
# This host section can be placed on a different host than the rest,
# i.e. to delegate from the host being accessible as ${config.networking.domain}
# to another host actually running the Matrix homeserver.
"${config.networking.domain}" = {
locations."= /.well-known/matrix/server".extraConfig =
<link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/server".extraConfig</link> =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
@ -68,7 +77,7 @@ in {
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
<link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/client".extraConfig</link> =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
@ -84,34 +93,37 @@ in {
# Reverse proxy for Matrix client-server and server-server communication
${fqdn} = {
enableACME = true;
forceSSL = true;
<link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
# Or do a redirect instead of the 404, or whatever is appropriate for you.
# But do not put a Matrix Web client here! See the Riot Web section below.
locations."/".extraConfig = ''
<link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."/".extraConfig</link> = ''
return 404;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
<link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">proxyPass</link> = "http://[::1]:8008"; # without a trailing /
};
};
};
};
services.matrix-synapse = {
enable = true;
server_name = config.networking.domain;
listeners = [
<link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
<link linkend="opt-services.matrix-synapse.server_name">server_name</link> = config.networking.domain;
<link linkend="opt-services.matrix-synapse.listeners">listeners</link> = [
{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{ names = [ "client" "federation" ]; compress = false; }
<link linkend="opt-services.matrix-synapse.listeners._.port">port</link> = 8008;
<link linkend="opt-services.matrix-synapse.listeners._.bind_address">bind_address</link> = "::1";
<link linkend="opt-services.matrix-synapse.listeners._.type">type</link> = "http";
<link linkend="opt-services.matrix-synapse.listeners._.tls">tls</link> = false;
<link linkend="opt-services.matrix-synapse.listeners._.x_forwarded">x_forwarded</link> = true;
<link linkend="opt-services.matrix-synapse.listeners._.resources">resources</link> = [
{
<link linkend="opt-services.matrix-synapse.listeners._.resources._.names">names</link> = [ "client" "federation" ];
<link linkend="opt-services.matrix-synapse.listeners._.resources._.compress">compress</link> = false;
}
];
}
];
@ -135,10 +147,10 @@ in {
<para>
If you want to run a server with public registration by anybody, you can
then enable <option>services.matrix-synapse.enable_registration =
true;</option>. Otherwise, or you can generate a registration secret with
then enable <literal><link linkend="opt-services.matrix-synapse.enable_registration">services.matrix-synapse.enable_registration</link> =
true;</literal>. Otherwise, or you can generate a registration secret with
<command>pwgen -s 64 1</command> and set it with
<option>services.matrix-synapse.registration_shared_secret</option>. To
<option><link linkend="opt-services.matrix-synapse.registration_shared_secret">services.matrix-synapse.registration_shared_secret</link></option>. To
create a new user or admin, run the following after you have set the secret
and have rebuilt NixOS:
<screen>
@ -154,8 +166,8 @@ Success!
<literal>@your-username:example.org</literal>. Note that the registration
secret ends up in the nix store and therefore is world-readable by any user
on your machine, so it makes sense to only temporarily activate the
<option>registration_shared_secret</option> option until a better solution
for NixOS is in place.
<link linkend="opt-services.matrix-synapse.registration_shared_secret">registration_shared_secret</link>
option until a better solution for NixOS is in place.
</para>
</section>
<section xml:id="module-services-matrix-riot-web">
@ -177,15 +189,24 @@ Success!
Matrix Now!</link> for a list of existing clients and their supported
featureset.
<programlisting>
services.nginx.virtualHosts."riot.${fqdn}" = {
enableACME = true;
forceSSL = true;
serverAliases = [
"riot.${config.networking.domain}"
];
{
services.nginx.virtualHosts."riot.${fqdn}" = {
<link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.serverAliases">serverAliases</link> = [
"riot.${config.networking.domain}"
];
root = pkgs.riot-web;
};
<link linkend="opt-services.nginx.virtualHosts._name_.root">root</link> = pkgs.riot-web.override {
conf = {
default_server_config."m.homeserver" = {
"base_url" = "${config.networking.domain}";
"server_name" = "${fqdn}";
};
};
};
};
}
</programlisting>
</para>

6
nixos/modules/services/misc/sssd.nix
View file

@ -88,9 +88,7 @@ in {
exec ${pkgs.sssd}/bin/sss_ssh_authorizedkeys "$@"
'';
};
services.openssh.extraConfig = ''
AuthorizedKeysCommand /etc/ssh/authorized_keys_command
AuthorizedKeysCommandUser nobody
'';
services.openssh.authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
services.openssh.authorizedKeysCommandUser = "nobody";
})];
}

17
nixos/modules/services/monitoring/netdata.nix
View file

@ -12,7 +12,7 @@ let
'';
plugins = [
"${pkgs.netdata}/libexec/netdata/plugins.d"
"${cfg.package}/libexec/netdata/plugins.d"
"${wrappedPlugins}/libexec/netdata/plugins.d"
] ++ cfg.extraPluginPaths;
@ -35,6 +35,13 @@ in {
services.netdata = {
enable = mkEnableOption "netdata";
package = mkOption {
type = types.package;
default = pkgs.netdata;
defaultText = "pkgs.netdata";
description = "Netdata package to use.";
};
user = mkOption {
type = types.str;
default = "netdata";
@ -141,8 +148,8 @@ in {
path = (with pkgs; [ curl gawk which ]) ++ lib.optional cfg.python.enable
(pkgs.python3.withPackages cfg.python.extraPackages);
serviceConfig = {
Environment="PYTHONPATH=${pkgs.netdata}/libexec/netdata/python.d/python_modules";
ExecStart = "${pkgs.netdata}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";
ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
ExecReload = "${pkgs.utillinux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
TimeoutStopSec = 60;
# User and group
@ -159,7 +166,7 @@ in {
systemd.enableCgroupAccounting = true;
security.wrappers."apps.plugin" = {
source = "${pkgs.netdata}/libexec/netdata/plugins.d/apps.plugin.org";
source = "${cfg.package}/libexec/netdata/plugins.d/apps.plugin.org";
capabilities = "cap_dac_read_search,cap_sys_ptrace+ep";
owner = cfg.user;
group = cfg.group;
@ -167,7 +174,7 @@ in {
};
security.wrappers."freeipmi.plugin" = {
source = "${pkgs.netdata}/libexec/netdata/plugins.d/freeipmi.plugin.org";
source = "${cfg.package}/libexec/netdata/plugins.d/freeipmi.plugin.org";
capabilities = "cap_dac_override,cap_fowner+ep";
owner = cfg.user;
group = cfg.group;

10
nixos/modules/services/networking/firewall.nix
View file

@ -546,9 +546,13 @@ in
options nf_conntrack nf_conntrack_helper=1
'';
assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter;
message = "This kernel does not support rpfilter"; }
];
assertions = [
# This is approximately "checkReversePath -> kernelHasRPFilter",
# but the checkReversePath option can include non-boolean
# values.
{ assertion = cfg.checkReversePath == false || kernelHasRPFilter;
message = "This kernel does not support rpfilter"; }
];
systemd.services.firewall = {
description = "Firewall";

157
nixos/modules/services/networking/iodine.nix
View file

@ -9,6 +9,8 @@ let
iodinedUser = "iodined";
/* is this path made unreadable by ProtectHome = true ? */
isProtected = x: hasPrefix "/root" x || hasPrefix "/home" x;
in
{
imports = [
@ -35,45 +37,48 @@ in
corresponding attribute name.
'';
example = literalExample ''
{
foo = {
server = "tunnel.mdomain.com";
relay = "8.8.8.8";
extraConfig = "-v";
{
foo = {
server = "tunnel.mdomain.com";
relay = "8.8.8.8";
extraConfig = "-v";
}
}
}
'';
type = types.attrsOf (types.submodule (
{
options = {
server = mkOption {
type = types.str;
default = "";
description = "Domain or Subdomain of server running iodined";
example = "tunnel.mydomain.com";
};
type = types.attrsOf (
types.submodule (
{
options = {
server = mkOption {
type = types.str;
default = "";
description = "Hostname of server running iodined";
example = "tunnel.mydomain.com";
};
relay = mkOption {
type = types.str;
default = "";
description = "DNS server to use as a intermediate relay to the iodined server";
example = "8.8.8.8";
};
relay = mkOption {
type = types.str;
default = "";
description = "DNS server to use as an intermediate relay to the iodined server";
example = "8.8.8.8";
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "Additional command line parameters";
example = "-l 192.168.1.10 -p 23";
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "Additional command line parameters";
example = "-l 192.168.1.10 -p 23";
};
passwordFile = mkOption {
type = types.str;
default = "";
description = "File that contains password";
};
};
}));
passwordFile = mkOption {
type = types.str;
default = "";
description = "Path to a file containing the password.";
};
};
}
)
);
};
server = {
@ -121,31 +126,67 @@ in
boot.kernelModules = [ "tun" ];
systemd.services =
let
createIodineClientService = name: cfg:
{
description = "iodine client - ${name}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}";
serviceConfig = {
RestartSec = "30s";
Restart = "always";
let
createIodineClientService = name: cfg:
{
description = "iodine client - ${name}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}";
serviceConfig = {
RestartSec = "30s";
Restart = "always";
# hardening :
# Filesystem access
ProtectSystem = "strict";
ProtectHome = if isProtected cfg.passwordFile then "read-only" else "true" ;
PrivateTmp = true;
ReadWritePaths = "/dev/net/tun";
PrivateDevices = false;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
# Caps
NoNewPrivileges = true;
# Misc.
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
MemoryDenyWriteExecute = true;
};
};
in
listToAttrs (
mapAttrsToList
(name: value: nameValuePair "iodine-${name}" (createIodineClientService name value))
cfg.clients
) // {
iodined = mkIf (cfg.server.enable) {
description = "iodine, ip over dns server daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}";
serviceConfig = {
# Filesystem access
ProtectSystem = "strict";
ProtectHome = if isProtected cfg.server.passwordFile then "read-only" else "true" ;
PrivateTmp = true;
ReadWritePaths = "/dev/net/tun";
PrivateDevices = false;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
# Caps
NoNewPrivileges = true;
# Misc.
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
MemoryDenyWriteExecute = true;
};
};
};
};
in
listToAttrs (
mapAttrsToList
(name: value: nameValuePair "iodine-${name}" (createIodineClientService name value))
cfg.clients
) // {
iodined = mkIf (cfg.server.enable) {
description = "iodine, ip over dns server daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}";
};
};
users.users.${iodinedUser} = {
uid = config.ids.uids.iodined;

2
nixos/modules/services/networking/resilio.nix
View file

@ -244,7 +244,7 @@ in
group = "rslsync";
};
users.groups = [ { name = "rslsync"; } ];
users.groups.rslsync = {};
systemd.services.resilio = with pkgs; {
description = "Resilio Sync Service";

61
nixos/modules/services/networking/smartdns.nix Normal file
View file

@ -0,0 +1,61 @@
{ lib, pkgs, config, ... }:
with lib;
let
inherit (lib.types) attrsOf coercedTo listOf oneOf str int bool;
cfg = config.services.smartdns;
confFile = pkgs.writeText "smartdns.conf" (with generators;
toKeyValue {
mkKeyValue = mkKeyValueDefault {
mkValueString = v:
if isBool v then
if v then "yes" else "no"
else
mkValueStringDefault { } v;
} " ";
listsAsDuplicateKeys =
true; # Allowing duplications because we need to deal with multiple entries with the same key.
} cfg.settings);
in {
options.services.smartdns = {
enable = mkEnableOption "SmartDNS DNS server";
bindPort = mkOption {
type = types.port;
default = 53;
description = "DNS listening port number.";
};
settings = mkOption {
type =
let atom = oneOf [ str int bool ];
in attrsOf (coercedTo atom toList (listOf atom));
example = literalExample ''
{
bind = ":5353 -no-rule -group example";
cache-size = 4096;
server-tls = [ "8.8.8.8:853" "1.1.1.1:853" ];
server-https = "https://cloudflare-dns.com/dns-query -exclude-default-group";
prefetch-domain = true;
speed-check-mode = "ping,tcp:80";
};
'';
description = ''
A set that will be generated into configuration file, see the <link xlink:href="https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter">SmartDNS README</link> for details of configuration parameters.
You could override the options here like <option>services.smartdns.bindPort</option> by writing <literal>settings.bind = ":5353 -no-rule -group example";</literal>.
'';
};
};
config = lib.mkIf cfg.enable {
services.smartdns.settings.bind = mkDefault ":${toString cfg.bindPort}";
systemd.packages = [ pkgs.smartdns ];
systemd.services.smartdns.wantedBy = [ "multi-user.target" ];
environment.etc."smartdns/smartdns.conf".source = confFile;
environment.etc."default/smartdns".source =
"${pkgs.smartdns}/etc/default/smartdns";
};
}

26
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -17,7 +17,7 @@ let
${cfg.extraConfig}
EOL
ssh-keygen -f mock-hostkey -N ""
ssh-keygen -q -f mock-hostkey -N ""
sshd -t -f $out -h mock-hostkey
'';
@ -238,6 +238,26 @@ in
description = "Files from which authorized keys are read.";
};
authorizedKeysCommand = mkOption {
type = types.str;
default = "none";
description = ''
Specifies a program to be used to look up the user's public
keys. The program must be owned by root, not writable by group
or others and specified by an absolute path.
'';
};
authorizedKeysCommandUser = mkOption {
type = types.str;
default = "nobody";
description = ''
Specifies the user under whose account the AuthorizedKeysCommand
is run. It is recommended to use a dedicated user that has no
other role on the host than running authorized keys commands.
'';
};
kexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
@ -485,6 +505,10 @@ in
PrintMotd no # handled by pam_motd
AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
${optionalString (cfg.authorizedKeysCommand != "none") ''
AuthorizedKeysCommand ${cfg.authorizedKeysCommand}
AuthorizedKeysCommandUser ${cfg.authorizedKeysCommandUser}
''}
${flip concatMapStrings cfg.hostKeys (k: ''
HostKey ${k.path}

1
nixos/modules/services/networking/stubby.nix
View file

@ -205,6 +205,7 @@ in
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "notify";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
ExecStart = "${pkgs.stubby}/bin/stubby -C ${confFile} ${optionalString cfg.debugLogging "-l"}";

2
nixos/modules/services/networking/supplicant.nix
View file

@ -39,8 +39,6 @@ let
bindsTo = deps;
after = deps;
before = [ "network.target" ];
# Receive restart event after resume
partOf = [ "post-resume.target" ];
path = [ pkgs.coreutils ];

109
nixos/modules/services/networking/supybot.nix
View file

@ -3,32 +3,35 @@
with lib;
let
cfg = config.services.supybot;
isStateDirHome = hasPrefix "/home/" cfg.stateDir;
isStateDirVar = cfg.stateDir == "/var/lib/supybot";
pyEnv = pkgs.python3.withPackages (p: [ p.limnoria ] ++ (cfg.extraPackages p));
in
{
options = {
services.supybot = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable Supybot, an IRC bot";
description = "Enable Supybot, an IRC bot (also known as Limnoria).";
};
stateDir = mkOption {
# Setting this to /var/lib/supybot caused useradd to fail
default = "/home/supybot";
type = types.path;
default = if versionAtLeast config.system.stateVersion "20.09"
then "/var/lib/supybot"
else "/home/supybot";
defaultText = "/var/lib/supybot";
description = "The root directory, logs and plugins are stored here";
};
configFile = mkOption {
type = types.path;
description = ''
Path to a supybot config file. This can be generated by
Path to initial supybot config file. This can be generated by
running supybot-wizard.
Note: all paths should include the full path to the stateDir
@ -36,21 +39,54 @@ in
'';
};
plugins = mkOption {
type = types.attrsOf types.path;
default = {};
description = ''
Attribute set of additional plugins that will be symlinked to the
<filename>plugin</filename> subdirectory.
Please note that you still need to add the plugins to the config
file (or with <literal>!load</literal>) using their attribute name.
'';
example = literalExample ''
let
plugins = pkgs.fetchzip {
url = "https://github.com/ProgVal/Supybot-plugins/archive/57c2450c.zip";
sha256 = "077snf84ibnva3sbpzdfpfma6hcdw7dflwnhg6pw7mgnf0nd84qd";
};
in
{
Wikipedia = "''${plugins}/Wikipedia";
Decide = ./supy-decide;
}
'';
};
extraPackages = mkOption {
default = p: [];
description = ''
Extra Python packages available to supybot plugins. The
value must be a function which receives the attrset defined
in <varname>python3Packages</varname> as the sole argument.
'';
example = literalExample ''p: [ p.lxml p.requests ]'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.pythonPackages.limnoria ];
environment.systemPackages = [ pkgs.python3Packages.limnoria ];
users.users.supybot = {
uid = config.ids.uids.supybot;
group = "supybot";
description = "Supybot IRC bot user";
home = cfg.stateDir;
createHome = true;
isSystemUser = true;
};
users.groups.supybot = {
@ -59,19 +95,16 @@ in
systemd.services.supybot = {
description = "Supybot, an IRC bot";
documentation = [ "https://limnoria.readthedocs.io/" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.pythonPackages.limnoria ];
preStart = ''
cd ${cfg.stateDir}
mkdir -p backup conf data plugins logs/plugins tmp web
ln -sf ${cfg.configFile} supybot.cfg
# This needs to be created afresh every time
rm -f supybot.cfg.bak
rm -f '${cfg.stateDir}/supybot.cfg.bak'
'';
serviceConfig = {
ExecStart = "${pkgs.pythonPackages.limnoria}/bin/supybot ${cfg.stateDir}/supybot.cfg";
ExecStart = "${pyEnv}/bin/supybot ${cfg.stateDir}/supybot.cfg";
PIDFile = "/run/supybot.pid";
User = "supybot";
Group = "supybot";
@ -79,8 +112,50 @@ in
Restart = "on-abort";
StartLimitInterval = "5m";
StartLimitBurst = "1";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
RestrictNamespaces = true;
RestrictRealtime = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RemoveIPC = true;
ProtectHostname = true;
CapabilityBoundingSet = "";
ProtectSystem = "full";
}
// optionalAttrs isStateDirVar {
StateDirectory = "supybot";
ProtectSystem = "strict";
}
// optionalAttrs (!isStateDirHome) {
ProtectHome = true;
};
};
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 supybot supybot - -"
"d '${cfg.stateDir}/backup' 0750 supybot supybot - -"
"d '${cfg.stateDir}/conf' 0750 supybot supybot - -"
"d '${cfg.stateDir}/data' 0750 supybot supybot - -"
"d '${cfg.stateDir}/plugins' 0750 supybot supybot - -"
"d '${cfg.stateDir}/logs' 0750 supybot supybot - -"
"d '${cfg.stateDir}/logs/plugins' 0750 supybot supybot - -"
"d '${cfg.stateDir}/tmp' 0750 supybot supybot - -"
"d '${cfg.stateDir}/web' 0750 supybot supybot - -"
"L '${cfg.stateDir}/supybot.cfg' - - - - ${cfg.configFile}"
]
++ (flip mapAttrsToList cfg.plugins (name: dest:
"L+ '${cfg.stateDir}/plugins/${name}' - - - - ${dest}"
));
};
}

46
nixos/modules/services/networking/tailscale.nix Normal file
View file

@ -0,0 +1,46 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.services.tailscale;
in {
meta.maintainers = with maintainers; [ danderson mbaillie ];
options.services.tailscale = {
enable = mkEnableOption "Tailscale client daemon";
port = mkOption {
type = types.port;
default = 41641;
description = "The port to listen on for tunnel traffic (0=autoselect).";
};
};
config = mkIf cfg.enable {
systemd.services.tailscale = {
description = "Tailscale client daemon";
after = [ "network-pre.target" ];
wants = [ "network-pre.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig = {
StartLimitIntervalSec = 0;
StartLimitBurst = 0;
};
serviceConfig = {
ExecStart =
"${pkgs.tailscale}/bin/tailscaled --port ${toString cfg.port}";
RuntimeDirectory = "tailscale";
RuntimeDirectoryMode = 755;
StateDirectory = "tailscale";
StateDirectoryMode = 700;
Restart = "on-failure";
};
};
};
}

17
nixos/modules/services/networking/zerotierone.nix
View file

@ -69,13 +69,14 @@ in
environment.systemPackages = [ cfg.package ];
# Prevent systemd from potentially changing the MAC address
environment.etc."systemd/network/50-zerotier.link".text = ''
[Match]
OriginalName=zt*
[Link]
AutoNegotiation=false
MACAddressPolicy=none
'';
systemd.network.links."50-zerotier" = {
matchConfig = {
OriginalName = "zt*";
};
linkConfig = {
AutoNegotiation = false;
MACAddressPolicy = "none";
};
};
};
}

4
nixos/modules/services/security/fail2ban.nix
View file

@ -216,6 +216,10 @@ in
config = mkIf cfg.enable {
warnings = mkIf (config.networking.firewall.enable == false && config.networking.nftables.enable == false) [
"fail2ban can not be used without a firewall"
];
environment.systemPackages = [ cfg.package ];
environment.etc = {

2
nixos/modules/services/x11/desktop-managers/kodi.nix
View file

@ -20,7 +20,7 @@ in
services.xserver.desktopManager.session = [{
name = "kodi";
start = ''
${pkgs.kodi}/bin/kodi --lircdev /run/lirc/lircd --standalone &
LIRC_SOCKET_PATH=/run/lirc/lircd ${pkgs.kodi}/bin/kodi --standalone &
waitPID=$!
'';
}];

2
nixos/modules/system/activation/top-level.nix
View file

@ -75,7 +75,7 @@ let
echo -n "$configurationName" > $out/configuration-name
echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version
echo -n "$nixosLabel" > $out/nixos-version
echo -n "${pkgs.stdenv.hostPlatform.system}" > $out/system
echo -n "${config.boot.kernelPackages.stdenv.hostPlatform.system}" > $out/system
mkdir $out/fine-tune
childCount=0

227
nixos/modules/system/boot/kernel.nix
View file

@ -192,139 +192,144 @@ in
###### implementation
config = mkIf (!config.boot.isContainer) {
config = mkMerge
[ (mkIf config.boot.initrd.enable {
boot.initrd.availableKernelModules =
[ # Note: most of these (especially the SATA/PATA modules)
# shouldn't be included by default since nixos-generate-config
# detects them, but I'm keeping them for now for backwards
# compatibility.
system.build = { inherit kernel; };
# Some SATA/PATA stuff.
"ahci"
"sata_nv"
"sata_via"
"sata_sis"
"sata_uli"
"ata_piix"
"pata_marvell"
system.modulesTree = [ kernel ] ++ config.boot.extraModulePackages;
# Standard SCSI stuff.
"sd_mod"
"sr_mod"
# Implement consoleLogLevel both in early boot and using sysctl
# (so you don't need to reboot to have changes take effect).
boot.kernelParams =
[ "loglevel=${toString config.boot.consoleLogLevel}" ] ++
optionals config.boot.vesa [ "vga=0x317" "nomodeset" ];
# SD cards and internal eMMC drives.
"mmc_block"
boot.kernel.sysctl."kernel.printk" = mkDefault config.boot.consoleLogLevel;
# Support USB keyboards, in case the boot fails and we only have
# a USB keyboard, or for LUKS passphrase prompt.
"uhci_hcd"
"ehci_hcd"
"ehci_pci"
"ohci_hcd"
"ohci_pci"
"xhci_hcd"
"xhci_pci"
"usbhid"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
"hid_logitech_hidpp" "hid_logitech_dj"
boot.kernelModules = [ "loop" "atkbd" ];
] ++ optionals (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
# Misc. x86 keyboard stuff.
"pcips2" "atkbd" "i8042"
boot.initrd.availableKernelModules =
[ # Note: most of these (especially the SATA/PATA modules)
# shouldn't be included by default since nixos-generate-config
# detects them, but I'm keeping them for now for backwards
# compatibility.
# x86 RTC needed by the stage 2 init script.
"rtc_cmos"
];
# Some SATA/PATA stuff.
"ahci"
"sata_nv"
"sata_via"
"sata_sis"
"sata_uli"
"ata_piix"
"pata_marvell"
boot.initrd.kernelModules =
[ # For LVM.
"dm_mod"
];
})
# Standard SCSI stuff.
"sd_mod"
"sr_mod"
(mkIf (!config.boot.isContainer) {
system.build = { inherit kernel; };
# SD cards and internal eMMC drives.
"mmc_block"
system.modulesTree = [ kernel ] ++ config.boot.extraModulePackages;
# Support USB keyboards, in case the boot fails and we only have
# a USB keyboard, or for LUKS passphrase prompt.
"uhci_hcd"
"ehci_hcd"
"ehci_pci"
"ohci_hcd"
"ohci_pci"
"xhci_hcd"
"xhci_pci"
"usbhid"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
"hid_logitech_hidpp" "hid_logitech_dj"
# Implement consoleLogLevel both in early boot and using sysctl
# (so you don't need to reboot to have changes take effect).
boot.kernelParams =
[ "loglevel=${toString config.boot.consoleLogLevel}" ] ++
optionals config.boot.vesa [ "vga=0x317" "nomodeset" ];
] ++ optionals (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
# Misc. x86 keyboard stuff.
"pcips2" "atkbd" "i8042"
boot.kernel.sysctl."kernel.printk" = mkDefault config.boot.consoleLogLevel;
# x86 RTC needed by the stage 2 init script.
"rtc_cmos"
];
boot.kernelModules = [ "loop" "atkbd" ];
boot.initrd.kernelModules =
[ # For LVM.
"dm_mod"
];
# The Linux kernel >= 2.6.27 provides firmware.
hardware.firmware = [ kernel ];
# The Linux kernel >= 2.6.27 provides firmware.
hardware.firmware = [ kernel ];
# Create /etc/modules-load.d/nixos.conf, which is read by
# systemd-modules-load.service to load required kernel modules.
environment.etc =
{ "modules-load.d/nixos.conf".source = kernelModulesConf;
};
systemd.services.systemd-modules-load =
{ wantedBy = [ "multi-user.target" ];
restartTriggers = [ kernelModulesConf ];
serviceConfig =
{ # Ignore failed module loads. Typically some of the
# modules in boot.kernelModules are "nice to have but
# not required" (e.g. acpi-cpufreq), so we don't want to
# barf on those.
SuccessExitStatus = "0 1";
# Create /etc/modules-load.d/nixos.conf, which is read by
# systemd-modules-load.service to load required kernel modules.
environment.etc =
{ "modules-load.d/nixos.conf".source = kernelModulesConf;
};
};
lib.kernelConfig = {
isYes = option: {
assertion = config: config.isYes option;
message = "CONFIG_${option} is not yes!";
configLine = "CONFIG_${option}=y";
};
systemd.services.systemd-modules-load =
{ wantedBy = [ "multi-user.target" ];
restartTriggers = [ kernelModulesConf ];
serviceConfig =
{ # Ignore failed module loads. Typically some of the
# modules in boot.kernelModules are "nice to have but
# not required" (e.g. acpi-cpufreq), so we don't want to
# barf on those.
SuccessExitStatus = "0 1";
};
};
isNo = option: {
assertion = config: config.isNo option;
message = "CONFIG_${option} is not no!";
configLine = "CONFIG_${option}=n";
};
lib.kernelConfig = {
isYes = option: {
assertion = config: config.isYes option;
message = "CONFIG_${option} is not yes!";
configLine = "CONFIG_${option}=y";
};
isModule = option: {
assertion = config: config.isModule option;
message = "CONFIG_${option} is not built as a module!";
configLine = "CONFIG_${option}=m";
};
isNo = option: {
assertion = config: config.isNo option;
message = "CONFIG_${option} is not no!";
configLine = "CONFIG_${option}=n";
};
### Usually you will just want to use these two
# True if yes or module
isEnabled = option: {
assertion = config: config.isEnabled option;
message = "CONFIG_${option} is not enabled!";
configLine = "CONFIG_${option}=y";
};
isModule = option: {
assertion = config: config.isModule option;
message = "CONFIG_${option} is not built as a module!";
configLine = "CONFIG_${option}=m";
};
# True if no or omitted
isDisabled = option: {
assertion = config: config.isDisabled option;
message = "CONFIG_${option} is not disabled!";
configLine = "CONFIG_${option}=n";
};
};
### Usually you will just want to use these two
# True if yes or module
isEnabled = option: {
assertion = config: config.isEnabled option;
message = "CONFIG_${option} is not enabled!";
configLine = "CONFIG_${option}=y";
};
# The config options that all modules can depend upon
system.requiredKernelConfig = with config.lib.kernelConfig; [
# !!! Should this really be needed?
(isYes "MODULES")
(isYes "BINFMT_ELF")
] ++ (optional (randstructSeed != "") (isYes "GCC_PLUGIN_RANDSTRUCT"));
# True if no or omitted
isDisabled = option: {
assertion = config: config.isDisabled option;
message = "CONFIG_${option} is not disabled!";
configLine = "CONFIG_${option}=n";
};
};
# nixpkgs kernels are assumed to have all required features
assertions = if config.boot.kernelPackages.kernel ? features then [] else
let cfg = config.boot.kernelPackages.kernel.config; in map (attrs:
{ assertion = attrs.assertion cfg; inherit (attrs) message; }
) config.system.requiredKernelConfig;
# The config options that all modules can depend upon
system.requiredKernelConfig = with config.lib.kernelConfig;
[
# !!! Should this really be needed?
(isYes "MODULES")
(isYes "BINFMT_ELF")
] ++ (optional (randstructSeed != "") (isYes "GCC_PLUGIN_RANDSTRUCT"));
};
# nixpkgs kernels are assumed to have all required features
assertions = if config.boot.kernelPackages.kernel ? features then [] else
let cfg = config.boot.kernelPackages.kernel.config; in map (attrs:
{ assertion = attrs.assertion cfg; inherit (attrs) message; }
) config.system.requiredKernelConfig;
})
];
}

79
nixos/modules/system/boot/networkd.nix
View file

@ -355,6 +355,14 @@ let
};
linkOptions = commonNetworkOptions // {
# overwrite enable option from above
enable = mkOption {
default = true;
type = types.bool;
description = ''
Whether to enable this .link unit. It's handled by udev no matter if <command>systemd-networkd</command> is enabled or not
'';
};
linkConfig = mkOption {
default = {};
@ -1045,44 +1053,49 @@ in
};
config = mkIf config.systemd.network.enable {
config = mkMerge [
# .link units are honored by udev, no matter if systemd-networkd is enabled or not.
{
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links;
environment.etc = unitFiles;
}
users.users.systemd-network.group = "systemd-network";
(mkIf config.systemd.network.enable {
systemd.additionalUpstreamSystemUnits = [
"systemd-networkd.service" "systemd-networkd-wait-online.service"
];
users.users.systemd-network.group = "systemd-network";
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links
// mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
systemd.additionalUpstreamSystemUnits = [
"systemd-networkd.service" "systemd-networkd-wait-online.service"
];
environment.etc = unitFiles;
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
restartTriggers = attrNames unitFiles;
# prevent race condition with interface renaming (#39069)
requires = [ "systemd-udev-settle.service" ];
after = [ "systemd-udev-settle.service" ];
};
systemd.services.systemd-networkd-wait-online = {
wantedBy = [ "network-online.target" ];
};
systemd.services."systemd-network-wait-online@" = {
description = "Wait for Network Interface %I to be Configured";
conflicts = [ "shutdown.target" ];
requisite = [ "systemd-networkd.service" ];
after = [ "systemd-networkd.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I";
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
restartTriggers = attrNames unitFiles;
# prevent race condition with interface renaming (#39069)
requires = [ "systemd-udev-settle.service" ];
after = [ "systemd-udev-settle.service" ];
};
};
services.resolved.enable = mkDefault true;
};
systemd.services.systemd-networkd-wait-online = {
wantedBy = [ "network-online.target" ];
};
systemd.services."systemd-network-wait-online@" = {
description = "Wait for Network Interface %I to be Configured";
conflicts = [ "shutdown.target" ];
requisite = [ "systemd-networkd.service" ];
after = [ "systemd-networkd.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I";
};
};
services.resolved.enable = mkDefault true;
})
];
}

13
nixos/modules/system/boot/stage-1.nix
View file

@ -390,6 +390,17 @@ in
'';
};
boot.initrd.enable = mkOption {
type = types.bool;
default = !config.boot.isContainer;
defaultText = "!config.boot.isContainer";
description = ''
Whether to enable the NixOS initial RAM disk (initrd). This may be
needed to perform some initialisation tasks (like mounting
network/encrypted file systems) before continuing the boot process.
'';
};
boot.initrd.prepend = mkOption {
default = [ ];
type = types.listOf types.str;
@ -555,7 +566,7 @@ in
};
config = mkIf (!config.boot.isContainer) {
config = mkIf config.boot.initrd.enable {
assertions = [
{ assertion = any (fs: fs.mountPoint == "/") fileSystems;
message = "The fileSystems option does not specify your root file system.";

1
nixos/tests/all-tests.nix
View file

@ -135,6 +135,7 @@ in
initrd-network-ssh = handleTest ./initrd-network-ssh {};
initrdNetwork = handleTest ./initrd-network.nix {};
installer = handleTest ./installer.nix {};
iodine = handleTest ./iodine.nix {};
ipv6 = handleTest ./ipv6.nix {};
jackett = handleTest ./jackett.nix {};
jellyfin = handleTest ./jellyfin.nix {};

50
nixos/tests/fenics.nix Normal file
View file

@ -0,0 +1,50 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
fenicsScript = pkgs.writeScript "poisson.py" ''
#!/usr/bin/env python
from dolfin import *
mesh = UnitSquareMesh(4, 4)
V = FunctionSpace(mesh, "Lagrange", 1)
def boundary(x):
return x[0] < DOLFIN_EPS or x[0] > 1.0 - DOLFIN_EPS
u0 = Constant(0.0)
bc = DirichletBC(V, u0, boundary)
u = TrialFunction(V)
v = TestFunction(V)
f = Expression("10*exp(-(pow(x[0] - 0.5, 2) + pow(x[1] - 0.5, 2)) / 0.02)", degree=2)
g = Expression("sin(5*x[0])", degree=2)
a = inner(grad(u), grad(v))*dx
L = f*v*dx + g*v*ds
u = Function(V)
solve(a == L, u, bc)
print(u)
'';
in
{
name = "fenics";
meta = {
maintainers = with pkgs.stdenv.lib.maintainers; [ knedlsepp ];
};
nodes = {
fenicsnode = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
gcc
(python3.withPackages (ps: with ps; [ fenics ]))
];
virtualisation.memorySize = 512;
};
};
testScript =
{ nodes, ... }:
''
start_all()
node1.succeed("${fenicsScript}")
'';
})

63
nixos/tests/iodine.nix Normal file
View file

@ -0,0 +1,63 @@
import ./make-test-python.nix (
{ pkgs, ... }: let
domain = "whatever.example.com";
in
{
name = "iodine";
nodes = {
server =
{ ... }:
{
networking.firewall = {
allowedUDPPorts = [ 53 ];
trustedInterfaces = [ "dns0" ];
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.ip_forward" = 1;
};
services.iodine.server = {
enable = true;
ip = "10.53.53.1/24";
passwordFile = "${builtins.toFile "password" "foo"}";
inherit domain;
};
# test resource: accessible only via tunnel
services.openssh = {
enable = true;
openFirewall = false;
};
};
client =
{ ... }: {
services.iodine.clients.testClient = {
# test that ProtectHome is "read-only"
passwordFile = "/root/pw";
relay = "server";
server = domain;
};
systemd.tmpfiles.rules = [
"f /root/pw 0666 root root - foo"
];
environment.systemPackages = [
pkgs.nagiosPluginsOfficial
];
};
};
testScript = ''
start_all()
server.wait_for_unit("sshd")
server.wait_for_unit("iodined")
client.wait_for_unit("iodine-testClient")
client.succeed("check_ssh -H 10.53.53.1")
'';
}
)

21
nixos/tests/matrix-synapse.nix
View file

@ -35,12 +35,31 @@ in {
nodes = {
# Since 0.33.0, matrix-synapse doesn't allow underscores in server names
serverpostgres = args: {
serverpostgres = { pkgs, ... }: {
services.matrix-synapse = {
enable = true;
database_type = "psycopg2";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
database_args = {
password = "synapse";
};
};
services.postgresql = {
enable = true;
# The database name and user are configured by the following options:
# - services.matrix-synapse.database_name
# - services.matrix-synapse.database_user
#
# The values used here represent the default values of the module.
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
};

25
nixos/tests/networking.nix
View file

@ -655,6 +655,31 @@ let
), "The IPv6 routing table has not been properly cleaned:\n{}".format(ipv6Residue)
'';
};
# even with disabled networkd, systemd.network.links should work
# (as it's handled by udev, not networkd)
link = {
name = "Link";
nodes.client = { pkgs, ... }: {
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = networkd;
useDHCP = false;
};
systemd.network.links."50-foo" = {
matchConfig = {
Name = "foo";
Driver = "dummy";
};
linkConfig.MTUBytes = "1442";
};
};
testScript = ''
print(client.succeed("ip l add name foo type dummy"))
print(client.succeed("stat /etc/systemd/network/50-foo.link"))
client.succeed("udevadm settle")
assert "mtu 1442" in client.succeed("ip l show dummy0")
'';
};
};
in mapAttrs (const (attrs: makeTest (attrs // {

8
pkgs/applications/audio/ardour/default.nix
View file

@ -1,8 +1,8 @@
{ stdenv, fetchgit, alsaLib, aubio, boost, cairomm, curl, doxygen
, fftwSinglePrec, flac, glibc, glibmm, graphviz, gtkmm2, libjack2
, libgnomecanvas, libgnomecanvasmm, liblo, libmad, libogg, librdf
, libgnomecanvas, libgnomecanvasmm, liblo, libmad, libogg
, librdf_raptor, librdf_rasqal, libsamplerate, libsigcxx, libsndfile
, libusb, libuuid, libxml2, libxslt, lilv, lv2, makeWrapper
, libusb, libuuid, libxml2, libxslt, lilv, lrdf, lv2, makeWrapper
, perl, pkgconfig, python2, rubberband, serd, sord, sratom
, taglib, vampSDK, dbus, fftw, pango, suil, libarchive
, wafHook }:
@ -34,8 +34,8 @@ stdenv.mkDerivation rec {
buildInputs =
[ alsaLib aubio boost cairomm curl doxygen dbus fftw fftwSinglePrec flac
glibmm graphviz gtkmm2 libjack2 libgnomecanvas libgnomecanvasmm liblo
libmad libogg librdf librdf_raptor librdf_rasqal libsamplerate
libsigcxx libsndfile libusb libuuid libxml2 libxslt lilv lv2
libmad libogg librdf_raptor librdf_rasqal libsamplerate
libsigcxx libsndfile libusb libuuid libxml2 libxslt lilv lrdf lv2
makeWrapper pango perl pkgconfig python2 rubberband serd sord
sratom suil taglib vampSDK libarchive
];

37
pkgs/applications/audio/aucatctl/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ stdenv, fetchurl, sndio, libbsd }:
stdenv.mkDerivation rec {
pname = "aucatctl";
version = "0.1";
src = fetchurl {
url = "http://www.sndio.org/${pname}-${version}.tar.gz";
sha256 = "524f2fae47db785234f166551520d9605b9a27551ca438bd807e3509ce246cf0";
};
buildInputs = [ sndio ]
++ stdenv.lib.optional (!stdenv.isDarwin && !stdenv.targetPlatform.isBSD)
libbsd;
outputs = [ "out" "man" ];
preBuild = ''
makeFlagsArray+=("PREFIX=$out")
'' + stdenv.lib.optionalString
(!stdenv.isDarwin && !stdenv.targetPlatform.isBSD) ''
makeFlagsArray+=(LDADD="-lsndio -lbsd")
# Fix warning about implicit declaration of function 'strlcpy'
substituteInPlace aucatctl.c \
--replace '#include <string.h>' '#include <bsd/string.h>'
'';
meta = with stdenv.lib; {
description =
"The aucatctl utility sends MIDI messages to control sndiod and/or aucat volumes";
homepage = "http://www.sndio.org";
license = licenses.isc;
maintainers = with maintainers; [ sna ];
platforms = platforms.unix;
};
}

41
pkgs/applications/audio/cadence/default.nix
View file

@ -1,15 +1,23 @@
{ stdenv
, mkDerivation
, a2jmidid
, coreutils
, lib
, libjack2
, fetchpatch
, fetchzip
, jack_capture
, pkgconfig
, pulseaudioFull
, qtbase
, makeWrapper
, python3Packages
, mkDerivation
, python3
}:
#ladish missing, claudia can't work.
#pulseaudio needs fixes (patchShebangs .pa ...)
#desktop needs icons and exec fixing.
mkDerivation rec {
mkDerivation rec {
version = "0.9.1";
pname = "cadence";
@ -26,12 +34,26 @@
})
];
postPatch = ''
libjackso=$(realpath ${lib.makeLibraryPath [libjack2]}/libjack.so.0);
substituteInPlace ./src/jacklib.py --replace libjack.so.0 $libjackso
substituteInPlace ./src/cadence.py --replace "/usr/bin/pulseaudio" \
"${lib.makeBinPath[pulseaudioFull]}/pulseaudio"
substituteInPlace ./c++/jackbridge/JackBridge.cpp --replace libjack.so.0 $libjackso
'';
nativeBuildInputs = [
pkgconfig
];
buildInputs = [
qtbase
jack_capture
pulseaudioFull
((python3.withPackages (ps: with ps; [
pyqt5
dbus-python
])))
];
makeFlags = [
@ -39,10 +61,6 @@
"SYSCONFDIR=${placeholder "out"}/etc"
];
propagatedBuildInputs = with python3Packages; [
pyqt5_with_qtwebkit
];
dontWrapQtApps = true;
# Replace with our own wrappers. They need to be changed manually since it wouldn't work otherwise.
@ -65,10 +83,11 @@
};
in lib.mapAttrsToList (script: source: ''
rm -f ${script}
makeWrapper ${python3Packages.python.interpreter} ${script} \
--set PYTHONPATH "$PYTHONPATH:${outRef}/share/cadence" \
''${qtWrapperArgs[@]} \
--add-flags "-O ${source}"
makeQtWrapper ${source} ${script} \
--prefix PATH : "${lib.makeBinPath [
jack_capture # cadence-render
pulseaudioFull # cadence, cadence-session-start
]}"
'') scriptAndSource;
meta = {

2
pkgs/applications/audio/clementine/default.nix
View file

@ -125,7 +125,7 @@ let
mkdir -p $out/share
for dir in applications icons kde4; do
ln -s "$free/share/$dir" "$out/share/$dir"
ln -s "${free}/share/$dir" "$out/share/$dir"
done
'';
enableParallelBuilding = true;

33
pkgs/applications/audio/cmt/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ stdenv
, fetchurl
, ladspaH
}:
stdenv.mkDerivation rec {
name = "cmt";
version = "1.17";
src = fetchurl {
url = "http://www.ladspa.org/download/${name}_${version}.tgz";
sha256 = "07xd0xmwpa0j12813jpf87fr9hwzihii5l35mp8ady7xxfmxfmpb";
};
buildInputs = [ ladspaH ];
preBuild = ''
cd src
'';
installFlags = [ "INSTALL_PLUGINS_DIR=${placeholder "out"}/lib/ladspa" ];
preInstall = ''
mkdir -p $out/lib/ladspa
'';
meta = with stdenv.lib; {
description = "Computer Music Toolkit";
homepage = "https://www.ladspa.org/cmt";
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = with maintainers; [ sjfloat ];
};
}

30
pkgs/applications/audio/ft2-clone/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ stdenv
, fetchFromGitHub
, cmake
, alsaLib
, SDL2
}:
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.09";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "18my7fywaf66rq8phsly8lglxzpglran8rj27fvwgpni8098ic7d";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ SDL2 ] ++ stdenv.lib.optional stdenv.isLinux alsaLib;
meta = with stdenv.lib; {
description = "A highly accurate clone of the classic Fasttracker II software for MS-DOS";
homepage = "https://16-bits.org/ft2.php";
license = licenses.bsd3;
maintainers = with maintainers; [ fgaz ];
platforms = platforms.all;
};
}

6
pkgs/applications/audio/guitarix/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv, fetchurl, gettext, intltool, pkgconfig, python2
, avahi, bluez, boost, eigen, fftw, glib, glib-networking
, glibmm, gsettings-desktop-schemas, gtkmm2, libjack2
, ladspaH, libav, librdf, libsndfile, lilv, lv2, serd, sord, sratom
, ladspaH, libav, libsndfile, lilv, lrdf, lv2, serd, sord, sratom
, wrapGAppsHook, zita-convolver, zita-resampler, curl, wafHook
, optimizationSupport ? false # Enable support for native CPU extensions
}:
@ -23,8 +23,8 @@ stdenv.mkDerivation rec {
buildInputs = [
avahi bluez boost eigen fftw glib glibmm glib-networking.out
gsettings-desktop-schemas gtkmm2 libjack2 ladspaH libav librdf
libsndfile lilv lv2 serd sord sratom zita-convolver
gsettings-desktop-schemas gtkmm2 libjack2 ladspaH libav
libsndfile lilv lrdf lv2 serd sord sratom zita-convolver
zita-resampler curl
];

9
pkgs/applications/audio/hydrogen/default.nix
View file

@ -1,5 +1,6 @@
{ stdenv, fetchurl, alsaLib, boost, cmake, glib, lash, libjack2, libarchive
, liblrdf, libsndfile, pkgconfig, qt4 }:
{ stdenv, fetchurl, pkgconfig, cmake
, alsaLib, boost, glib, lash, libjack2, libarchive, libsndfile, lrdf, qt4
}:
stdenv.mkDerivation rec {
version = "0.9.7";
@ -10,9 +11,9 @@ stdenv.mkDerivation rec {
sha256 = "1dy2jfkdw0nchars4xi4isrz66fqn53a9qk13bqza7lhmsg3s3qy";
};
nativeBuildInputs = [ pkgconfig ];
nativeBuildInputs = [ pkgconfig cmake ];
buildInputs = [
alsaLib boost cmake glib lash libjack2 libarchive liblrdf libsndfile qt4
alsaLib boost glib lash libjack2 libarchive libsndfile lrdf qt4
];
meta = with stdenv.lib; {

4
pkgs/applications/audio/jack-rack/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, libjack2, ladspaH, gtk2, alsaLib, libxml2, librdf }:
{ stdenv, fetchurl, pkgconfig, libjack2, ladspaH, gtk2, alsaLib, libxml2, lrdf }:
stdenv.mkDerivation rec {
name = "jack-rack-1.4.7";
src = fetchurl {
@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
sha256 = "1lmibx9gicagcpcisacj6qhq6i08lkl5x8szysjqvbgpxl9qg045";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ libjack2 ladspaH gtk2 alsaLib libxml2 librdf ];
buildInputs = [ libjack2 ladspaH gtk2 alsaLib libxml2 lrdf ];
NIX_LDFLAGS = "-ldl -lm -lpthread";
meta = {

4
pkgs/applications/audio/mopidy/iris.nix
View file

@ -2,11 +2,11 @@
python3Packages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.45.1";
version = "3.46.0";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "02jmylz76wlwxlv8drndprb7r9l8kqqgjkp17mjx5ngnl545pc2w";
sha256 = "0c7b6zbcj4bq5qsxvhjwqclrl1k2hs3wb50pfjbw7gs7m3gm2b7d";
};
propagatedBuildInputs = [

24
pkgs/applications/audio/mopidy/mpd.nix Normal file
View file

@ -0,0 +1,24 @@
{ stdenv, python3Packages, mopidy }:
python3Packages.buildPythonApplication rec {
pname = "Mopidy-MPD";
version = "3.0.0";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "0prjli4352521igcsfcgmk97jmzgbfy4ik8hnli37wgvv252wiac";
};
propagatedBuildInputs = [mopidy];
# no tests implemented
doCheck = false;
pythonImportsCheck = [ "mopidy_mpd" ];
meta = with stdenv.lib; {
homepage = "https://github.com/mopidy/mopidy-mpd";
description = "Mopidy extension for controlling playback from MPD clients";
license = licenses.asl20;
maintainers = [ maintainers.tomahna ];
};
}

41
pkgs/applications/audio/mup/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ stdenv, fetchurl, autoreconfHook, bison, flex, ghostscript, groff, netpbm
, fltk, libXinerama, libXpm, libjpeg
}:
stdenv.mkDerivation rec {
pname = "mup";
version = "6.7";
src = fetchurl {
url = "http://www.arkkra.com/ftp/pub/unix/mup${builtins.replaceStrings ["."] [""] version}src.tar.gz";
sha256 = "1y1qknhib1isdjsbv833w3nxzyfljkfgp1gmjwly60l55q60frpk";
};
nativeBuildInputs = [ autoreconfHook bison flex ghostscript groff netpbm ];
buildInputs = [ fltk libXinerama libXpm libjpeg ];
patches = [ ./ghostscript-permit-file-write.patch ];
postPatch = ''
for f in Makefile.am doc/Makefile.am doc/htmldocs/Makefile.am src/mupmate/Preferences.C; do
substituteInPlace $f --replace doc/packages doc
done
substituteInPlace src/mupprnt/mupprnt --replace 'mup ' $out/bin/mup' '
substituteInPlace src/mupdisp/genfile.c --replace '"mup"' '"'$out/bin/mup'"'
substituteInPlace src/mupmate/Preferences.C \
--replace '"mup"' '"'$out/bin/mup'"' \
--replace '"gv"' '"xdg-open"' \
--replace /usr/share/doc $out/share/doc
'';
enableParallelBuilding = false; # Undeclared dependencies + https://stackoverflow.com/a/19822767/1687334 for prolog.ps.
meta = with stdenv.lib; {
homepage = http://www.arkkra.com/;
description = "Music typesetting program (ASCII to PostScript and MIDI)";
license = licenses.bsd3;
maintainers = with maintainers; [ orivej ];
platforms = platforms.linux;
};
}

5
pkgs/applications/audio/mup/ghostscript-permit-file-write.patch Normal file
View file

@ -0,0 +1,5 @@
--- a/src/mup/Makefile.am
+++ b/src/mup/Makefile.am
@@ -39 +39 @@ fontdata.c: prolog.ps ../../tools/mup/getfontinfo.ps ../../LICENSE
- $(GS) -sDEVICE=nullpage -sOutputFile=/dev/null -dQUIET - < ../../tools/mup/getfontinfo.ps | $(SED) -e "/Warning:/d" >> fontdata.c
+ $(GS) -sDEVICE=nullpage -sOutputFile=/dev/null -dQUIET --permit-file-write=charnames:fontinit - < ../../tools/mup/getfontinfo.ps | $(SED) -e "/Warning:/d" >> fontdata.c

4
pkgs/applications/audio/musescore/default.nix
View file

@ -6,11 +6,11 @@
mkDerivation rec {
pname = "musescore";
version = "3.2.3";
version = "3.4.2";
src = fetchzip {
url = "https://github.com/musescore/MuseScore/releases/download/v${version}/MuseScore-${version}.zip";
sha256 = "17mr0c8whw6vz86lp1j36rams4h8virc4z68fld0q3rpq6g05szs";
sha256 = "1laskvp40dncs12brkgvk7wl0qrvzy52rn7nf3b67ps1vmd130gp";
stripRoot = false;
};

16
pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch
View file

@ -1,12 +1,9 @@
--- a/mscore/CMakeLists.txt
+++ b/mscore/CMakeLists.txt
@@ -660,22 +660,6 @@ if (MINGW)
else (MINGW)
if ( NOT MSVC )
-## install qwebengine core
--- a/main/CMakeLists.txt
+++ b/main/CMakeLists.txt
@@ -220,16 +219,0 @@ else (MINGW)
- ## install qwebengine core
- if (NOT APPLE AND USE_WEBENGINE)
- install(FILES
- install(PROGRAMS
- ${QT_INSTALL_LIBEXECS}/QtWebEngineProcess
- DESTINATION bin
- )
@ -20,6 +17,3 @@
- )
- endif(NOT APPLE AND USE_WEBENGINE)
-
target_link_libraries(mscore
${ALSA_LIB}
${QT_LIBRARIES}

1
pkgs/applications/audio/netease-cloud-music/default.nix
View file

@ -68,7 +68,6 @@ in stdenv.mkDerivation rec {
wrapProgram $out/bin/netease-cloud-music \
--prefix LD_LIBRARY_PATH : "${runtimeLibs}" \
--set QT_AUTO_SCREEN_SCALE_FACTOR 1 \
--set QCEF_INSTALL_PATH "${deepin.qcef}/lib/qcef"
'';

4
pkgs/applications/audio/non/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, pkgconfig, python2, cairo, libjpeg, ntk, libjack2
, libsndfile, ladspaH, liblrdf, liblo, libsigcxx, wafHook
, libsndfile, ladspaH, liblo, libsigcxx, lrdf, wafHook
}:
stdenv.mkDerivation {
@ -14,7 +14,7 @@ stdenv.mkDerivation {
nativeBuildInputs = [ pkgconfig wafHook ];
buildInputs = [ python2 cairo libjpeg ntk libjack2 libsndfile
ladspaH liblrdf liblo libsigcxx
ladspaH liblo libsigcxx lrdf
];
meta = {

6
pkgs/applications/audio/parlatype/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "parlatype";
version = "1.6.2";
version = "2.0";
src = fetchFromGitHub {
owner = "gkarsay";
repo = pname;
rev = "v${version}";
sha256 = "157423f40l8nd5da6y0qjmg4l3125zailp98w2hda3mxxn1j5ix3";
sha256 = "026i19vkdq35rldbjp1wglamr22a1330iv736mmgbd8fs7vz22nx";
};
nativeBuildInputs = [
@ -61,7 +61,7 @@ stdenv.mkDerivation rec {
It plays audio sources to transcribe them in your favourite text application.
Its intended to be useful for journalists, students, scientists and whoever needs to transcribe audio files.
'';
homepage = https://gkarsay.github.io/parlatype/;
homepage = "https://gkarsay.github.io/parlatype/";
license = licenses.gpl3Plus;
maintainers = [ maintainers.melchips ];
platforms = platforms.linux;

30
pkgs/applications/audio/pt2-clone/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ stdenv
, fetchFromGitHub
, cmake
, alsaLib
, SDL2
}:
stdenv.mkDerivation rec {
pname = "pt2-clone";
version = "1.06";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "pt2-clone";
rev = "v${version}";
sha256 = "00zifwiprd3i60z4pf4471jxbc33vh9p30ib0lnzwpgjz5pnxqnr";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ SDL2 ] ++ stdenv.lib.optional stdenv.isLinux alsaLib;
meta = with stdenv.lib; {
description = "A highly accurate clone of the classic ProTracker 2.3D software for Amiga";
homepage = "https://16-bits.org/pt2.php";
license = licenses.bsd3;
maintainers = with maintainers; [ fgaz ];
platforms = platforms.all;
};
}

4
pkgs/applications/audio/rosegarden/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, cmake, makedepend, perl, pkgconfig, qttools, wrapQtAppsHook
, dssi, fftwSinglePrec, ladspaH, ladspaPlugins, libjack2, alsaLib
, liblo, liblrdf, libsamplerate, libsndfile, lirc ? null, qtbase }:
, liblo, libsamplerate, libsndfile, lirc ? null, lrdf, qtbase }:
stdenv.mkDerivation (rec {
version = "19.12";
@ -25,10 +25,10 @@ stdenv.mkDerivation (rec {
ladspaPlugins
libjack2
liblo
liblrdf
libsamplerate
libsndfile
lirc
lrdf
qtbase
alsaLib
];

8
pkgs/applications/audio/sonic-lineup/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, alsaLib, boost, bzip2, fftw, fftwFloat, libfishsound
, libid3tag, liblo, liblrdf, libmad, liboggz, libpulseaudio, libsamplerate
, libsndfile, opusfile, portaudio, rubberband, serd, sord, vampSDK, capnproto
, libid3tag, liblo, libmad, liboggz, libpulseaudio, libsamplerate
, libsndfile, lrdf, opusfile, portaudio, rubberband, serd, sord, vampSDK, capnproto
, wrapQtAppsHook, pkgconfig
}:
@ -14,8 +14,8 @@ stdenv.mkDerivation rec {
};
buildInputs =
[ alsaLib boost bzip2 fftw fftwFloat libfishsound libid3tag liblo liblrdf
libmad liboggz libpulseaudio libsamplerate libsndfile opusfile pkgconfig
[ alsaLib boost bzip2 fftw fftwFloat libfishsound libid3tag liblo
libmad liboggz libpulseaudio libsamplerate libsndfile lrdf opusfile
portaudio rubberband serd sord capnproto
];

4
pkgs/applications/audio/sonic-visualiser/default.nix
View file

@ -1,7 +1,7 @@
# TODO add plugins having various licenses, see http://www.vamp-plugins.org/download.html
{ stdenv, fetchurl, alsaLib, bzip2, fftw, libjack2, libX11, liblo
, libmad, libogg, librdf, librdf_raptor, librdf_rasqal, libsamplerate
, libmad, libogg, lrdf, librdf_raptor, librdf_rasqal, libsamplerate
, libsndfile, pkgconfig, libpulseaudio, qtbase, qtsvg, redland
, rubberband, serd, sord, vampSDK, fftwFloat
, capnproto, liboggz, libfishsound, libid3tag, opusfile
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
};
buildInputs =
[ libsndfile qtbase qtsvg fftw fftwFloat bzip2 librdf rubberband
[ libsndfile qtbase qtsvg fftw fftwFloat bzip2 lrdf rubberband
libsamplerate vampSDK alsaLib librdf_raptor librdf_rasqal redland
serd
sord

51
pkgs/applications/audio/soundtracker/default.nix Normal file
View file

@ -0,0 +1,51 @@
{ stdenv
, fetchurl
, pkg-config
, autoconf
, gtk2
, alsaLib
, SDL
, jack2
, goocanvas # graphical envelope editing
}:
stdenv.mkDerivation rec {
pname = "soundtracker";
version = "1.0.0.1";
src = fetchurl {
# Past releases get moved to the "old releases" directory.
# Only the latest release (currently a prerelease) is at the top level.
url = "mirror://sourceforge/soundtracker/old%20releases/soundtracker-${version}.tar.bz2";
sha256 = "1ggliswz5ngmlnrnyhv3x1arh5w77an0ww9p53cddp9aas5q11jm";
};
nativeBuildInputs = [
pkg-config
autoconf
];
buildInputs = [
gtk2
SDL
jack2
goocanvas
] ++ stdenv.lib.optional stdenv.isLinux alsaLib;
meta = with stdenv.lib; {
description = "A music tracking tool similar in design to the DOS program FastTracker and the Amiga legend ProTracker";
longDescription = ''
SoundTracker is a pattern-oriented music editor (similar to the DOS
program 'FastTracker'). Samples are lined up on tracks and patterns
which are then arranged to a song. Supported module formats are XM and
MOD; the player code is the one from OpenCP. A basic sample recorder
and editor is also included.
'';
homepage = "http://www.soundtracker.org/";
downloadPage = "https://sourceforge.net/projects/soundtracker/files/";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ fgaz ];
platforms = platforms.all;
# gdk/gdkx.h not found
broken = stdenv.isDarwin;
};
}

6
pkgs/applications/audio/spotify-tui/default.nix
View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "spotify-tui";
version = "0.16.0";
version = "0.17.0";
src = fetchFromGitHub {
owner = "Rigellute";
repo = "spotify-tui";
rev = "v${version}";
sha256 = "0fmj25zjg12v0kyanic343lrdhxkh290v88qiz6ac47g8bdy3c83";
sha256 = "1jx2qyshqg84l3fm682h8262da0hy68qjjg3dm2i53dxqxrm5ji9";
};
cargoSha256 = "1n8aacy0hapjm10hmgqm07rb5c0ngmzr1s116pspsl7cdszza6xi";
cargoSha256 = "12qwp59gshc9d6nz0s3w03zc8sxqri12vrav94vi54fqagiikinm";
nativeBuildInputs = [ pkgconfig ] ++ stdenv.lib.optionals stdenv.isLinux [ python3 ];
buildInputs = [ openssl ]

4
pkgs/applications/audio/vorbis-tools/default.nix
View file

@ -3,8 +3,8 @@
let
debPatch = fetchzip {
url = "mirror://debian/pool/main/v/vorbis-tools/vorbis-tools_1.4.0-6.debian.tar.xz";
sha256 = "1xmmpdvxyr84lazlg23c6ck5ic97ga2rkiqabb1d98ix2zdzyqz5";
url = "mirror://debian/pool/main/v/vorbis-tools/vorbis-tools_1.4.0-11.debian.tar.xz";
sha256 = "0kvmd5nslyqplkdb7pnmqj47ir3y5lmaxd12wmrnqh679a8jhcyi";
};
in
stdenv.mkDerivation {

10
pkgs/applications/blockchains/go-ethereum.nix
View file

@ -1,17 +1,17 @@
{ stdenv, buildGoModule, fetchFromGitHub, libobjc, IOKit }:
{ stdenv, buildGoModule, fetchFromGitHub, libobjc, IOKit, CoreServices }:
buildGoModule rec {
pname = "go-ethereum";
version = "1.9.10";
version = "1.9.11";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "0pm8gfr4g7rbax6vzxv6lklpx83mxghah7fyvpk3jqvm1mq299ln";
sha256 = "0xhkdxn5ajzi05252is5whqank81xy94jp1l5z2a44rajv8rh9vs";
};
modSha256 = "0zar9nvx2nk6kyijp8df3y2rzxvg0mccj6b3skhzf8y9c27hvrsg";
modSha256 = "0jcj0knkhyndndyv1j9xhgbg5psagvyd27ailna3x9ikjlb8f7gg";
subPackages = [
"cmd/abigen"
@ -30,6 +30,8 @@ buildGoModule rec {
"cmd/wnode"
];
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ CoreServices ];
# Fix for usb-related segmentation faults on darwin
propagatedBuildInputs =
stdenv.lib.optionals stdenv.isDarwin [ libobjc IOKit ];

8
pkgs/applications/blockchains/lnd.nix
View file

@ -1,4 +1,4 @@
{ buildGoModule, fetchFromGitHub, lib }:
{ buildGoModule, fetchFromGitHub, stdenv, Security }:
buildGoModule rec {
pname = "lnd";
@ -13,10 +13,12 @@ buildGoModule rec {
modSha256 = "1pvcvpiz6ck8xkgpypchrq9kgkik0jxd7f3jhihbgldsh4zaqiaq";
meta = with lib; {
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ];
meta = with stdenv.lib; {
description = "Lightning Network Daemon";
homepage = "https://github.com/lightningnetwork/lnd";
license = lib.licenses.mit;
license = licenses.mit;
maintainers = with maintainers; [ cypherpunk2140 ];
};
}

29
pkgs/applications/blockchains/monero-gui/default.nix
View file

@ -1,36 +1,35 @@
{ stdenv, wrapQtAppsHook, makeDesktopItem, fetchFromGitHub
, qtbase, qmake, qtmultimedia, qttools
, qtgraphicaleffects, qtdeclarative
, qtlocation, qtquickcontrols, qtquickcontrols2
, qtwebchannel, qtwebengine, qtx11extras, qtxmlpatterns
{ stdenv, wrapQtAppsHook, makeDesktopItem
, fetchFromGitHub, qmake, qttools, pkgconfig
, qtbase, qtdeclarative, qtgraphicaleffects
, qtmultimedia, qtxmlpatterns
, qtquickcontrols, qtquickcontrols2
, monero, unbound, readline, boost, libunwind
, libsodium, pcsclite, zeromq, cppzmq, pkgconfig
, hidapi, randomx
, libsodium, pcsclite, zeromq, cppzmq
, hidapi, libusb, protobuf, randomx
}:
with stdenv.lib;
stdenv.mkDerivation rec {
pname = "monero-gui";
version = "0.15.0.1";
version = "0.15.0.4";
src = fetchFromGitHub {
owner = "monero-project";
repo = "monero-gui";
rev = "v${version}";
sha256 = "08j8kkncdn57xql0bhmlzjpjkdfhqbpda1p07r797q8qi0nl4w8n";
sha256 = "12m5fgnxkr11q2arx1m5ccpxqm5ljcvm6l547dwqn297zs5jim4z";
};
nativeBuildInputs = [ qmake pkgconfig wrapQtAppsHook ];
buildInputs = [
qtbase qtmultimedia qtgraphicaleffects
qtdeclarative qtlocation
qtquickcontrols qtquickcontrols2
qtwebchannel qtwebengine qtx11extras
qtxmlpatterns monero unbound readline
qtbase qtdeclarative qtgraphicaleffects
qtmultimedia qtquickcontrols qtquickcontrols2
qtxmlpatterns
monero unbound readline
boost libunwind libsodium pcsclite zeromq
cppzmq hidapi randomx
cppzmq hidapi libusb protobuf randomx
];
NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ];

17
pkgs/applications/blockchains/monero-gui/move-log-file.patch
View file

@ -1,15 +1,14 @@
diff --git a/main.cpp b/main.cpp
index a51568d..5a9f683 100644
--- a/main.cpp
+++ b/main.cpp
@@ -152,7 +152,9 @@ int main(int argc, char *argv[])
diff --git a/src/main/main.cpp b/src/main/main.cpp
index c5210e5f..45794d72 100644
--- a/src/main/main.cpp
+++ b/src/main/main.cpp
@@ -220,6 +220,9 @@ int main(int argc, char *argv[])
QCommandLineOption logPathOption(QStringList() << "l" << "log-file",
QCoreApplication::translate("main", "Log to specified file"),
QCoreApplication::translate("main", "file"));
-
+ logPathOption.setDefaultValue(
+ QStandardPaths::writableLocation(QStandardPaths::CacheLocation)
+ + "/monero-wallet-gui.log");
parser.addOption(logPathOption);
parser.addHelpOption();
parser.process(app);
QCommandLineOption testQmlOption("test-qml");
testQmlOption.setFlags(QCommandLineOption::HiddenFromHelp);

4
pkgs/applications/blockchains/monero/default.nix
View file

@ -2,7 +2,7 @@
, cmake, pkgconfig
, boost, miniupnpc, openssl, unbound, cppzmq
, zeromq, pcsclite, readline, libsodium, hidapi
, python3Packages, randomx, rapidjson
, pythonProtobuf, randomx, rapidjson, libusb
, CoreData, IOKit, PCSC
}:
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
boost miniupnpc openssl unbound
cppzmq zeromq pcsclite readline
libsodium hidapi randomx rapidjson
python3Packages.protobuf
pythonProtobuf libusb
] ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit CoreData PCSC ];
cmakeFlags = [

35
pkgs/applications/blockchains/quorum.nix Normal file
View file

@ -0,0 +1,35 @@
{ stdenv, fetchFromGitHub, buildGoPackage, git, which }:
buildGoPackage rec {
pname = "quorum";
version = "2.5.0";
goPackagePath = "github.com/jpmorganchase/quorum";
src = fetchFromGitHub {
owner = "jpmorganchase";
repo = pname;
rev = "v${version}";
sha256 = "0xfdaqp9bj5dkw12gy19lxj73zh7w80j051xclsvnd41sfah86ll";
};
buildInputs = [ git which ];
buildPhase = ''
cd "go/src/$goPackagePath"
make geth bootnode swarm
'';
installPhase = ''
mkdir -pv $bin/bin
cp -v build/bin/geth build/bin/bootnode build/bin/swarm $bin/bin
'';
meta = with stdenv.lib; {
description = "A permissioned implementation of Ethereum supporting data privacy";
homepage = "https://www.goquorum.com/";
license = licenses.lgpl3;
maintainers = with maintainers; [ mmahut ];
platforms = subtractLists ["aarch64-linux"] platforms.linux;
};
}

16
pkgs/applications/blockchains/zcash/default.nix
View file

@ -7,15 +7,19 @@ with stdenv.lib;
stdenv.mkDerivation rec {
pname = "zcash";
version = "2.1.0-1";
version = "2.1.1-1";
src = fetchFromGitHub {
owner = "zcash";
repo = "zcash";
rev = "v${version}";
sha256 = "05bnn4lxrrcv1ha3jdfrgwg4ar576161n3j9d4gpc14ww3zgf9vz";
sha256 = "1g5zlfzfp31my8w8nlg5fncpr2y95iv9fm04x57sjb93rgmjdh5n";
};
patchPhase = ''
sed -i"" 's,-fvisibility=hidden,,g' src/Makefile.am
'';
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ gtest gmock gmp openssl wget db62 boost17x zlib
protobuf libevent libsodium librustzcash ]
@ -23,17 +27,15 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-boost-libdir=${boost17x.out}/lib" ];
patchPhase = ''
sed -i"" 's,-fvisibility=hidden,,g' src/Makefile.am
'';
postInstall = ''
cp zcutil/fetch-params.sh $out/bin/zcash-fetch-params
'';
enableParallelBuilding = true;
meta = {
description = "Peer-to-peer, anonymous electronic cash system";
homepage = https://z.cash/;
homepage = "https://z.cash/";
maintainers = with maintainers; [ rht tkerber ];
license = licenses.mit;
platforms = platforms.linux;

16
pkgs/applications/blockchains/zcash/librustzcash/default.nix
View file

@ -1,20 +1,17 @@
{ stdenv, fetchFromGitHub, rustPlatform }:
rustPlatform.buildRustPackage rec {
pname = "librustzcash-unstable";
version = "2018-10-27";
pname = "librustzcash";
version = "0.1.0";
src = fetchFromGitHub {
owner = "zcash";
repo = "librustzcash";
rev = "06da3b9ac8f278e5d4ae13088cf0a4c03d2c13f5";
sha256 = "0md0pp3k97iv7kfjpfkg14pjanhrql4vafa8ggbxpkajv1j4xldv";
rev = version;
sha256 = "0d28k29sgzrg9clynz29kpw50kbkp0a4dfdayqhmpjmsh05y6261";
};
# Delete this on next update; see #79975 for details
legacyCargoFetcher = true;
cargoSha256 = "166v8cxlpfslbs5gljbh7wp0lxqakayw47ikxm9r9a39n7j36mq1";
cargoSha256 = "1wzyrcmcbrna6rjzw19c4lq30didzk4w6fs6wmvxp0xfg4qqdlax";
installPhase = ''
mkdir -p $out/lib
@ -23,11 +20,12 @@ rustPlatform.buildRustPackage rec {
cp librustzcash/include/librustzcash.h $out/include/
'';
# The tests do pass, but they take an extremely long time to run.
doCheck = false;
meta = with stdenv.lib; {
description = "Rust-language assets for Zcash";
homepage = https://github.com/zcash/librustzcash;
homepage = "https://github.com/zcash/librustzcash";
maintainers = with maintainers; [ rht tkerber ];
license = with licenses; [ mit asl20 ];
platforms = platforms.unix;

12
pkgs/applications/editors/android-studio/default.nix
View file

@ -13,14 +13,14 @@ let
sha256Hash = "1mwzk18224bl8hbw9cdxwzgj5cfain4y70q64cpj4p0snffxqm77";
};
betaVersion = {
version = "4.0.0.10"; # "Android Studio 4.0 Beta 1"
build = "193.6220182";
sha256Hash = "0ibp54wcss4ihm454hbavv1bhar6cd4alp5b0z248ryjr5w9mixf";
version = "4.0.0.12"; # "Android Studio 4.0 Beta 3"
build = "193.6296804";
sha256Hash = "072rvh20xkn7izh6f2r2bspy06jrvcibj2hc12hz76m8cwzf4v0m";
};
latestVersion = { # canary & dev
version = "4.1.0.2"; # "Android Studio 4.1 Canary 2"
build = "193.6264773";
sha256Hash = "0m09q4jp653i9jlqsjplx3d64xkdm27c35781yz6h5rw0a1sq6kz";
version = "4.1.0.3"; # "Android Studio 4.1 Canary 3"
build = "193.6297379";
sha256Hash = "0sb8ll9bkkdglq18wvy5hikimhjbpfadjdygx9cd8q545h8dy137";
};
in {
# Attributes are named by their corresponding release channels

21
pkgs/applications/editors/emacs-modes/elpa-generated.nix generated
View file

@ -1070,10 +1070,10 @@
elpaBuild {
pname = "elisp-benchmarks";
ename = "elisp-benchmarks";
version = "1.2";
version = "1.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/elisp-benchmarks-1.2.tar";
sha256 = "0grm4qw3aaf3hzrfg0vdgb5q67haappbc77qjgsy4jip85z7njmj";
url = "https://elpa.gnu.org/packages/elisp-benchmarks-1.3.tar";
sha256 = "05a891mwbz50q3a44irbf2w4wlp5dm2yxwcvxqrckvpjm1amndmf";
};
packageRequires = [];
meta = {
@ -3365,6 +3365,21 @@
license = lib.licenses.free;
};
}) {};
vcard = callPackage ({ elpaBuild, emacs, fetchurl, lib }:
elpaBuild {
pname = "vcard";
ename = "vcard";
version = "0.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/vcard-0.1.tar";
sha256 = "1awcm2s292r2nkyz5bwjaga46jsh5rn92469wrg1ag843mlyxbd0";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://elpa.gnu.org/packages/vcard.html";
license = lib.licenses.free;
};
}) {};
vcl-mode = callPackage ({ elpaBuild, fetchurl, lib }:
elpaBuild {
pname = "vcl-mode";

1181
pkgs/applications/editors/emacs-modes/recipes-archive-melpa.json
View file

File diff suppressed because it is too large Load diff

6
pkgs/applications/editors/emacs/default.nix
View file

@ -7,7 +7,7 @@
, withNS ? stdenv.isDarwin
, withGTK2 ? false, gtk2-x11 ? null
, withGTK3 ? true, gtk3-x11 ? null, gsettings-desktop-schemas ? null
, withXwidgets ? false, webkitgtk ? null, wrapGAppsHook ? null
, withXwidgets ? false, webkitgtk ? null, wrapGAppsHook ? null, glib-networking ? null
, withCsrc ? true
, srcRepo ? false, autoconf ? null, automake ? null, texinfo ? null
, siteStart ? ./site-start.el
@ -67,7 +67,7 @@ stdenv.mkDerivation rec {
++ lib.optional (withX && withGTK2) gtk2-x11
++ lib.optionals (withX && withGTK3) [ gtk3-x11 gsettings-desktop-schemas ]
++ lib.optional (stdenv.isDarwin && withX) cairo
++ lib.optionals (withX && withXwidgets) [ webkitgtk ]
++ lib.optionals (withX && withXwidgets) [ webkitgtk glib-networking ]
++ lib.optionals withNS [ AppKit GSS ImageIO ];
hardeningDisable = [ "format" ];
@ -134,7 +134,7 @@ stdenv.mkDerivation rec {
description = "The extensible, customizable GNU text editor";
homepage = https://www.gnu.org/software/emacs/;
license = licenses.gpl3Plus;
maintainers = with maintainers; [ lovek323 peti the-kenny jwiegley ];
maintainers = with maintainers; [ lovek323 peti the-kenny jwiegley adisbladis ];
platforms = platforms.all;
longDescription = ''

6
pkgs/applications/editors/glow/default.nix
View file

@ -1,4 +1,4 @@
{ lib, buildGoModule, fetchFromGitHub }:
{ stdenv, buildGoModule, fetchFromGitHub, Security }:
buildGoModule rec {
pname = "glow";
@ -13,9 +13,11 @@ buildGoModule rec {
modSha256 = "0r0yq7kgz7i1wf4gxxihdrn1c8mi4wcyhadncxbln24s9c5apxsf";
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ];
buildFlagsArray = [ "-ldflags=" "-X=main.Version=${version}" ];
meta = with lib; {
meta = with stdenv.lib; {
description = "Render markdown on the CLI";
homepage = "https://github.com/charmbracelet/glow";
license = licenses.mit;

32
pkgs/applications/editors/jetbrains/default.nix
View file

@ -250,12 +250,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2019.3.4"; /* updated by script */
version = "2019.3.5"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "0whd379ck79vhz14yh5g6vpl4cvgw4z9ag4mwgizmd8kbcfnvdxd"; /* updated by script */
sha256 = "0qmhp0sqcknwgsirnbi6461lzr7mxgrgjsd0q5cxnhscbbczl7pk"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -263,12 +263,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2019.3.3"; /* updated by script */
version = "2019.3.4"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0zbyiw60gqcqi5bbazmsbs4qzmmxx1q034hs36k1dryf2y02jyih"; /* updated by script */
sha256 = "1ygbi212sga6mdkassi51idh7ppchr77ifq3vi5bbm4ibgnsf2b4"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE";
@ -289,12 +289,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2019.3.3"; /* updated by script */
version = "2019.3.4"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "15rs866fp4lrsqdk13fnbg7ncdfrhky1m5sl90p32v45j90hagrg"; /* updated by script */
sha256 = "1kspj5a9z6smcgrfxdylvc0y53s7y6jv7ckfhmbkvplmrj0h0wd7"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -302,12 +302,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2019.3.3"; /* updated by script */
version = "2019.3.4"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "034aq5lf64apc152xr0889hg2xak2if9n5xl6zvd3f9q9srhivxn"; /* updated by script */
sha256 = "1i34kcd2j1xwx3l2sqc6jh3b69wqbxwwlq5yb7kf2ms9x4144bn0"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -315,12 +315,12 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "2019.3.3"; /* updated by script */
version = "2019.3.4"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "03ag1a40l1k8sqlywcs7kjn02c65xm3l9riyimg4hx23yi17w18h"; /* updated by script */
sha256 = "1bxi2i6vxpw8x4mvb4d5plqy4r938xjf8nkimfg0sspramcc4r5m"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
update-channel = "PhpStorm RELEASE";
@ -328,12 +328,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2019.3.3"; /* updated by script */
version = "2019.3.4"; /* updated by script */
description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0ly3cdzm4hp4qchdadjmbd39jnqpmpnlk6vgp8s4amsv35b6hydd"; /* updated by script */
sha256 = "0k917si1d28fnmjyvi0fs7rkdyvi2vr0d138436lh300a6y0z6wr"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm RELEASE";
@ -341,12 +341,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2019.3.3"; /* updated by script */
version = "2019.3.4"; /* updated by script */
description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "1305zvb5n2zqnny4l50qfv7jd1sj4ffhrig4rpfiqg65ncfpypwb"; /* updated by script */
sha256 = "1hdwzkh6qzad2pqskqw9m8glj15x9d2g4csl0dxk6an82ps52naz"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm RELEASE";
@ -380,12 +380,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2019.3.3"; /* updated by script */
version = "2019.3.4"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "1b7hwqpk96g4il5rbxb8cpqsizgc9k5kb8vkvkcc9xh7qqz02i85"; /* updated by script */
sha256 = "0q3595r4m22wf5r5zyncr1zv7yap5przbzjnyf75y51mqwl1g61i"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

10
pkgs/applications/editors/neovim/wrapper.nix
View file

@ -95,6 +95,16 @@ let
'' + optionalString (configure != {}) ''
echo "Generating remote plugin manifest"
export NVIM_RPLUGIN_MANIFEST=$out/rplugin.vim
# Some plugins assume that the home directory is accessible for
# initializing caches, temporary files, etc. Even if the plugin isn't
# actively used, it may throw an error as soon as Neovim is launched
# (e.g., inside an autoload script), causing manifest generation to
# fail. Therefore, let's create a fake home directory before generating
# the manifest, just to satisfy the needs of these plugins.
#
# See https://github.com/Yggdroot/LeaderF/blob/v1.21/autoload/lfMru.vim#L10
# for an example of this behavior.
export HOME="$(mktemp -d)"
# Launch neovim with a vimrc file containing only the generated plugin
# code. Pass various flags to disable temp file generation
# (swap/viminfo) and redirect errors to stderr.

18
pkgs/applications/editors/texworks/default.nix
View file

@ -1,30 +1,30 @@
{ stdenv, lib, fetchFromGitHub, cmake, pkgconfig
, qt5, libsForQt5, hunspell
{ mkDerivation, lib, fetchFromGitHub, cmake, pkg-config
, qtscript, poppler, hunspell
, withLua ? true, lua
, withPython ? true, python3 }:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "texworks";
version = "0.6.3";
version = "0.6.4";
src = fetchFromGitHub {
owner = "TeXworks";
repo = "texworks";
rev = "release-${version}";
sha256 = "1ljfl784z7dmh6f1qacqhc6qhcaqdzw033yswbvpvkkck0lsk2mr";
sha256 = "0d7f23c6c1wj4aii4h5w9piv01qfb69zrd79dvxwydrk99i8gnl4";
};
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ qt5.qtscript libsForQt5.poppler hunspell ]
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ qtscript poppler hunspell ]
++ lib.optional withLua lua
++ lib.optional withPython python3;
cmakeFlags = lib.optional withLua "-DWITH_LUA=ON"
++ lib.optional withPython "-DWITH_PYTHON=ON";
meta = with stdenv.lib; {
meta = with lib; {
description = "Simple TeX front-end program inspired by TeXShop";
homepage = http://www.tug.org/texworks/;
homepage = "http://www.tug.org/texworks/";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ dotlambda ];
platforms = with platforms; linux;

6
pkgs/applications/gis/openorienteering-mapper/default.nix
View file

@ -4,7 +4,7 @@
stdenv.mkDerivation rec {
pname = "OpenOrienteering-Mapper";
version = "0.9.1";
version = "0.9.2";
buildInputs = [ gdal qtbase qttools qtlocation qtimageformats
qtsensors clipper zlib proj doxygen cups];
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
owner = "OpenOrienteering";
repo = "mapper";
rev = "v${version}";
sha256 = "1fyhvf2y89hj7wj89kxccx3dqcja6ndy3w4rx1vmzrp246jpz7wb";
sha256 = "1787f2agjzcyizk2m60icb44yv9dlwv6irw3k53fqfmwkhkd2h5p";
};
cmakeFlags =
@ -54,7 +54,7 @@ stdenv.mkDerivation rec {
OpenOrienteering Mapper is an orienteering mapmaking program
and provides a free alternative to the existing proprietary solution.
'';
homepage = https://www.openorienteering.org/apps/mapper/;
homepage = "https://www.openorienteering.org/apps/mapper/";
license = licenses.gpl3;
platforms = with platforms; linux ++ darwin;
maintainers = with maintainers; [ mpickering sikmir ];

8
pkgs/applications/gis/saga/default.nix
View file

@ -4,7 +4,7 @@
stdenv.mkDerivation {
pname = "saga";
version = "7.5.0";
version = "7.6.1";
# See https://groups.google.com/forum/#!topic/nix-devel/h_vSzEJAPXs
# for why the have additional buildInputs on darwin
@ -18,13 +18,13 @@ stdenv.mkDerivation {
CXXFLAGS = stdenv.lib.optionalString stdenv.cc.isClang "-std=c++11 -Wno-narrowing";
src = fetchurl {
url = "https://sourceforge.net/projects/saga-gis/files/SAGA%20-%207/SAGA%20-%207.5.0/saga-7.5.0.tar.gz";
sha256 = "0s5195802xwlkb2w4i4vd9ys95d7fnzn5cnnixh1csaqc2x1qp6r";
url = "https://sourceforge.net/projects/saga-gis/files/SAGA%20-%207/SAGA%20-%207.6.1/saga-7.6.1.tar.gz";
sha256 = "1i0cp1lms6cmjl7f5vgr9pl3qc02fmappn4kq21y0dn2gy7j2mkn";
};
meta = with stdenv.lib; {
description = "System for Automated Geoscientific Analyses";
homepage = http://www.saga-gis.org;
homepage = "http://www.saga-gis.org";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ michelk mpickering ];
platforms = with platforms; unix;

2
pkgs/applications/graphics/cq-editor/default.nix
View file

@ -21,7 +21,7 @@ mkDerivationWith python3Packages.buildPythonApplication rec {
pyqt5
pyparsing
pyqtgraph
spyder
spyder_3
pathpy
qtconsole
requests

6
pkgs/applications/graphics/darktable/default.nix
View file

@ -7,12 +7,12 @@
}:
stdenv.mkDerivation rec {
version = "3.0.0";
version = "3.0.1";
pname = "darktable";
src = fetchurl {
url = "https://github.com/darktable-org/darktable/releases/download/release-${version}/darktable-${version}.tar.xz";
sha256 = "7195a5ff7ee95ab7c5a57e4e84f8c90cc4728b2c917359203c21293ab754c0db";
sha256 = "1dvwmgnlfvi1lvdhgyddcp5apwlc8v5gwy9gmfcpra8lv8hkjjy5";
};
nativeBuildInputs = [ cmake ninja llvm pkgconfig intltool perl desktop-file-utils wrapGAppsHook ];
@ -50,7 +50,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Virtual lighttable and darkroom for photographers";
homepage = https://www.darktable.org;
homepage = "https://www.darktable.org";
license = licenses.gpl3Plus;
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ goibhniu flosse mrVanDalo ];

42
pkgs/applications/graphics/jbrout/default.nix
View file

@ -1,42 +0,0 @@
{ stdenv, fetchsvn, pythonPackages, makeWrapper, fbida, which }:
let
inherit (pythonPackages) python;
in pythonPackages.buildPythonApplication rec {
pname = "jbrout";
version = "338";
src = fetchsvn {
url = "http://jbrout.googlecode.com/svn/trunk";
rev = version;
sha256 = "0257ni4vkxgd0qhs73fw5ppw1qpf11j8fgwsqc03b1k1yv3hk4hf";
};
doCheck = false;
# XXX: patchPhase to avoid this
# File "/nix/store/vnyjxn6h3rbrn49m25yyw7i1chlxglhw-python-2.7.1/lib/python2.7/zipfile.py", line 348, in FileHeader
# len(filename), len(extra))
#struct.error: ushort format requires 0 <= number <= USHRT_MAX
patchPhase = ''
find | xargs touch
substituteInPlace setup.py --replace "version=__version__" "version=baseVersion"
'';
postInstall = ''
mkdir $out/bin
echo "python $out/${python.sitePackages}/jbrout/jbrout.py" > $out/bin/jbrout
chmod +x $out/bin/jbrout
'';
buildInputs = [ python makeWrapper which ];
propagatedBuildInputs = with pythonPackages; [ pillow lxml pyGtkGlade pyexiv2 fbida ];
meta = {
homepage = https://manatlan.com/jbrout/;
description = "Photo manager";
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.gpl2Plus;
};
}

Some files were not shown because too many files have changed in this diff Show more