3
0
Fork 0
forked from mirrors/nixpkgs

Merge remote-tracking branch 'upstream/master' into HEAD

Conflicts:
	pkgs/development/tools/misc/binutils/default.nix
This commit is contained in:
Tuomas Tynkkynen 2018-04-22 22:31:30 +03:00
commit 3c6e077301
583 changed files with 11763 additions and 4269 deletions

View file

@ -14,6 +14,8 @@ true:</para>
its <literal>meta.broken</literal> set to
<literal>true</literal>.</para></listitem>
<listitem><para>The package isn't intended to run on the given system, as none of its <literal>meta.platforms</literal> match the given system.</para></listitem>
<listitem><para>The package's <literal>meta.license</literal> is set
to a license which is considered to be unfree.</para></listitem>
@ -88,6 +90,42 @@ distributing the software.</para>
</itemizedlist>
</section>
<section xml:id="sec-allow-unsupported-system">
<title>Installing packages on unsupported systems</title>
<para>
There are also two ways to try compiling a package which has been marked as unsuported for the given system.
</para>
<itemizedlist>
<listitem><para>
For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
<programlisting>$ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1</programlisting>
</para></listitem>
<listitem>
<para>
For permanently allowing broken packages to be built, you may add <literal>allowUnsupportedSystem = true;</literal> to your user's configuration file, like this:
<programlisting>
{
allowUnsupportedSystem = true;
}
</programlisting>
</para>
</listitem>
</itemizedlist>
<para>
The difference between an a package being unsupported on some system and being broken is admittedly a bit fuzzy.
If a program <emphasis>ought</emphasis> to work on a certain platform, but doesn't, the platform should be included in <literal>meta.platforms</literal>, but marked as broken with e.g. <literal>meta.broken = !hostPlatform.isWindows</literal>.
Of course, this begs the question of what "ought" means exactly.
That is left to the package maintainer.
</para>
</section>
<section xml:id="sec-allow-unfree">
<title>Installing unfree packages</title>

View file

@ -374,7 +374,7 @@ and `CFLAGS`.
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = http://hgomersall.github.com/pyFFTW/;
license = with licenses; [ bsd2 bsd3 ];
maintainer = with maintainers; [ fridh ];
maintainers = with maintainers; [ fridh ];
};
};
}

View file

@ -36,10 +36,16 @@
<para>Here you find how to write a derivation that produces multiple outputs.</para>
<para>In nixpkgs there is a framework supporting multiple-output derivations. It tries to cover most cases by default behavior. You can find the source separated in &lt;<filename>nixpkgs/pkgs/build-support/setup-hooks/multiple-outputs.sh</filename>&gt;; it's relatively well-readable. The whole machinery is triggered by defining the <varname>outputs</varname> attribute to contain the list of desired output names (strings).</para>
<programlisting>outputs = [ "bin" "dev" "out" "doc" ];</programlisting>
<para>Often such a single line is enough. For each output an equally named environment variable is passed to the builder and contains the path in nix store for that output. By convention, the first output should contain the executable programs provided by the package as that output is used by Nix in string conversions, allowing references to binaries like <literal>${pkgs.perl}/bin/perl</literal> to always work. Typically you also want to have the main <varname>out</varname> output, as it catches any files that didn't get elsewhere.</para>
<para>Often such a single line is enough. For each output an equally named environment variable is passed to the builder and contains the path in nix store for that output. Typically you also want to have the main <varname>out</varname> output, as it catches any files that didn't get elsewhere.</para>
<note><para>There is a special handling of the <varname>debug</varname> output, described at <xref linkend="stdenv-separateDebugInfo" />.</para></note>
<section xml:id="multiple-output-file-binaries-first-convention">
<title><quote>Binaries first</quote></title>
<para>A commonly adopted convention in <literal>nixpkgs</literal> is that executables provided by the package are contained within its first output. This convention allows the dependent packages to reference the executables provided by packages in a uniform manner. For instance, provided with the knowledge that the <literal>perl</literal> package contains a <literal>perl</literal> executable it can be referenced as <literal>${pkgs.perl}/bin/perl</literal> within a Nix derivation that needs to execute a Perl script.</para>
<para>The <literal>glibc</literal> package is a deliberate single exception to the <quote>binaries first</quote> convention. The <literal>glibc</literal> has <literal>libs</literal> as its first output allowing the libraries provided by <literal>glibc</literal> to be referenced directly (e.g. <literal>${stdenv.glibc}/lib/ld-linux-x86-64.so.2</literal>). The executables provided by <literal>glibc</literal> can be accessed via its <literal>bin</literal> attribute (e.g. <literal>${stdenv.glibc.bin}/bin/ldd</literal>).</para>
<para>The reason for why <literal>glibc</literal> deviates from the convention is because referencing a library provided by <literal>glibc</literal> is a very common operation among Nix packages. For instance, third-party executables packaged by Nix are typically patched and relinked with the relevant version of <literal>glibc</literal> libraries from Nix packages (please see the documentation on <link xlink:href="https://nixos.org/patchelf.html">patchelf</link> for more details).</para>
</section>
<section xml:id="multiple-output-file-type-groups">
<title>File type groups</title>
<para>The support code currently recognizes some particular kinds of outputs and either instructs the build system of the package to put files into their desired outputs or it moves the files during the fixup phase. Each group of file types has an <varname>outputFoo</varname> variable specifying the output name where they should go. If that variable isn't defined by the derivation writer, it is guessed &ndash; a default output name is defined, falling back to other possibilities if the output isn't defined.</para>

View file

@ -44,6 +44,8 @@ rec {
};
# Misc boolean options
useAndroidPrebuilt = false;
useiOSPrebuilt = false;
isiPhoneSimulator = false;
} // mapAttrs (n: v: v final.parsed) inspect.predicates
// args;
in assert final.useAndroidPrebuilt -> final.isAndroid;

View file

@ -201,7 +201,7 @@ rec {
################################################################################
types.system = mkOptionType {
types.parsedPlatform = mkOptionType {
name = "system";
description = "fully parsed representation of llvm- or nix-style platform tuple";
merge = mergeOneOption;
@ -215,7 +215,7 @@ rec {
isSystem = isType "system";
mkSystem = components:
assert types.system.check components;
assert types.parsedPlatform.check components;
setType "system" components;
mkSkeletonFromList = l: {

View file

@ -587,6 +587,11 @@
github = "bergey";
name = "Daniel Bergey";
};
bfortz = {
email = "bernard.fortz@gmail.com";
github = "bfortz";
name = "Bernard Fortz";
};
bgamari = {
email = "ben@smart-cactus.org";
github = "bgamari";
@ -1971,6 +1976,11 @@
github = "kragniz";
name = "Louis Taylor";
};
krav = {
email = "kristoffer@microdisko.no";
github = "krav";
name = "Kristoffer Thømt Ravneberg";
};
kristoff3r = {
email = "k.soeholm@gmail.com";
github = "kristoff3r";
@ -3461,6 +3471,11 @@
github = "spwhitt";
name = "Spencer Whitt";
};
srghma = {
email = "srghma@gmail.com";
github = "srghma";
name = "Sergei Khoma";
};
srhb = {
email = "sbrofeldt@gmail.com";
github = "srhb";
@ -3981,6 +3996,11 @@
github = "womfoo";
name = "Kranium Gikos Mendoza";
};
worldofpeace = {
email = "worldofpeace@users.noreply.github.com";
github = "worldofpeace";
name = "Worldofpeace";
};
wscott = {
email = "wsc9tt@gmail.com";
github = "wscott";
@ -4145,9 +4165,4 @@
github = "zzamboni";
name = "Diego Zamboni";
};
srghma = {
email = "srghma@gmail.com";
github = "srghma";
name = "Sergei Khoma";
};
}

View file

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click
#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'
# To use, just execute this script with --help to display help.
@ -16,7 +16,7 @@ maintainers_json = subprocess.check_output([
'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
])
maintainers = json.loads(maintainers_json)
MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
MAINTAINERS = {v: k for k, v in maintainers.items()}
def get_response_text(url):
@ -45,6 +45,17 @@ def get_maintainers(attr_name):
except:
return []
def print_build(table_row):
a = pq(table_row)('a')[1]
print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True)
maintainers = get_maintainers(a.text)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
sys.stdout.flush()
@click.command()
@click.option(
@ -73,23 +84,17 @@ def cli(jobset):
# TODO: aborted evaluations
# TODO: dependency failed without propagated builds
print('\nFailures:')
for tr in d('img[alt="Failed"]').parents('tr'):
a = pq(tr)('a')[1]
print("- [ ] [{}]({})".format(a.text, a.get('href')))
print_build(tr)
sys.stdout.flush()
maintainers = get_maintainers(a.text)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
sys.stdout.flush()
print('\nDependency failures:')
for tr in d('img[alt="Dependency failed"]').parents('tr'):
print_build(tr)
if __name__ == "__main__":
try:
cli()
except:
except Exception as e:
import pdb;pdb.post_mortem()

View file

@ -115,23 +115,17 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<varlistentry><term>UEFI systems</term>
<listitem><para>For creating boot partitions:
<command>mkfs.fat</command>. Again its recommended to assign a
label to the boot partition: <option>-L
label to the boot partition: <option>-n
<replaceable>label</replaceable></option>. For example:
<screen>
# mkfs.fat -F 32 -L boot /dev/sda3</screen>
# mkfs.fat -F 32 -n boot /dev/sda3</screen>
</para></listitem></varlistentry></variablelist></listitem>
<listitem><para>For creating LVM volumes, the LVM commands, e.g.,
<screen>
# pvcreate /dev/sda1 /dev/sdb1
# vgcreate MyVolGroup /dev/sda1 /dev/sdb1
# lvcreate --size 2G --name bigdisk MyVolGroup
# lvcreate --size 1G --name smalldisk MyVolGroup</screen>
</para></listitem>
<command>pvcreate</command>, <command>vgcreate</command>, and
<command>lvcreate</command>.</para></listitem>
<listitem><para>For creating software RAID devices, use
<command>mdadm</command>.</para></listitem>
@ -155,6 +149,7 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<listitem><para>Mount the boot file system on <filename>/mnt/boot</filename>, e.g.
<screen>
# mkdir -p /mnt/boot
# mount /dev/disk/by-label/boot /mnt/boot
</screen>
@ -366,8 +361,9 @@ drive (here <filename>/dev/sda</filename>). <xref linkend="ex-config"
# mkfs.ext4 -L nixos /dev/sda1
# mkswap -L swap /dev/sda2
# swapon /dev/sda2
# mkfs.fat -F 32 -L boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
# mkfs.fat -F 32 -n boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/nixos /mnt
# mkdir -p /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# nixos-generate-config --root /mnt
# nano /mnt/etc/nixos/configuration.nix

View file

@ -40,7 +40,7 @@ points to the generated virtual network.
test1 = {pkgs, config, ...}:
{
services.openssh.enable = true;
nixpkgs.system = "i686-linux";
nixpkgs.localSystem.system = "i686-linux";
deployment.targetHost = "test1.example.net";
# Other NixOS options
@ -51,7 +51,7 @@ points to the generated virtual network.
services.openssh.enable = true;
services.httpd.enable = true;
environment.systemPackages = [ pkgs.lynx ];
nixpkgs.system = "x86_64-linux";
nixpkgs.localSystem.system = "x86_64-linux";
deployment.targetHost = "test2.example.net";
# Other NixOS options
@ -66,7 +66,7 @@ In each NixOS configuration, two attributes have a special meaning.
The <varname>deployment.targetHost</varname> specifies the address
(domain name or IP address)
of the system which is used by <command>ssh</command> to perform
remote deployment operations. The <varname>nixpkgs.system</varname>
remote deployment operations. The <varname>nixpkgs.localSystem.system</varname>
attribute can be used to specify an architecture for the target machine,
such as <varname>i686-linux</varname> which builds a 32-bit NixOS
configuration. Omitting this property will build the configuration

View file

@ -26,7 +26,7 @@
, lib ? import ../../lib
}:
let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system;
let extraArgs_ = extraArgs; pkgs_ = pkgs;
extraModules = let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH";
in if e == "" then [] else [(import (builtins.toPath e))];
in
@ -36,7 +36,7 @@ let
_file = ./eval-config.nix;
key = _file;
config = {
nixpkgs.system = lib.mkDefault system_;
nixpkgs.localSystem = lib.mkDefault { inherit system; };
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
};
};

View file

@ -59,7 +59,7 @@ let
INITRD /boot/${config.system.boot.loader.initrdFile}
# A variant to boot with verbose logging to the console
LABEL boot-nomodeset
LABEL boot-debug
MENU LABEL NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (debug)
LINUX /boot/${config.system.boot.loader.kernelFile}
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} loglevel=7

View file

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/6p2gambjac7xdkd2a7w1dsxdk1q5cq4d-nix-2.0";
i686-linux = "/nix/store/zznnaijjk3nwx0cmpczxsvngmqzhl7r4-nix-2.0";
aarch64-linux = "/nix/store/ci96w9kxfkmlc7x2vwqiz4da0r6abxnq-nix-2.0";
x86_64-darwin = "/nix/store/xmi4fylvx4qc79ji9v5q3zfy9vfdy4sv-nix-2.0";
x86_64-linux = "/nix/store/2gk7rk2sx2dkmsjr59gignrfdmya8f6s-nix-2.0.1";
i686-linux = "/nix/store/5160glkphiv13qggnivyidg8r0491pbl-nix-2.0.1";
aarch64-linux = "/nix/store/jk29zz3ns9vdkkclcyzzkpzp8dhv1x3i-nix-2.0.1";
x86_64-darwin = "/nix/store/4a9czmrpd4hf3r80zcmga2c2lm3hbbvv-nix-2.0.1";
}

View file

@ -56,7 +56,7 @@
#dialout = 27; # unused
polkituser = 28;
#utmp = 29; # unused
ddclient = 30;
# ddclient = 30; # converted to DynamicUser = true
davfs2 = 31;
#disnix = 33; # unused
osgi = 34;
@ -344,7 +344,7 @@
dialout = 27;
#polkituser = 28; # currently unused, polkitd doesn't need a group
utmp = 29;
ddclient = 30;
# ddclient = 30; # converted to DynamicUser = true
davfs2 = 31;
disnix = 33;
osgi = 34;

View file

@ -133,13 +133,26 @@ in {
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = mkIf (!isMLocate) [ pkgs.su ];
# mlocate's updatedb takes flags via a configuration file or
# on the command line, but not by environment variable.
script =
if isMLocate
then let toFlags = x: optional (cfg.${x} != [])
"--${lib.toLower x} '${concatStringsSep " " cfg.${x}}'";
args = concatLists (map toFlags ["pruneFS" "pruneNames" "prunePaths"]);
in ''
exec ${cfg.locate}/bin/updatedb \
--output ${toString cfg.output} ${concatStringsSep " " args} \
--prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \
${concatStringsSep " " cfg.extraFlags}
''
else ''
exec ${cfg.locate}/bin/updatedb \
${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
environment = {
environment = optionalAttrs (!isMLocate) {
PRUNEFS = concatStringsSep " " cfg.pruneFS;
PRUNEPATHS = concatStringsSep " " cfg.prunePaths;
PRUNENAMES = concatStringsSep " " cfg.pruneNames;

View file

@ -58,10 +58,13 @@ in
pkgs = mkOption {
defaultText = literalExample
''import "''${nixos}/.." {
inherit (config.nixpkgs) config overlays system;
inherit (config.nixpkgs) config overlays localSystem crossSystem;
}
'';
default = import ../../.. { inherit (cfg) config overlays system crossSystem; };
default = import ../../.. {
localSystem = { inherit (cfg) system; } // cfg.localSystem;
inherit (cfg) config overlays crossSystem;
};
type = pkgsType;
example = literalExample ''import <nixpkgs> {}'';
description = ''
@ -73,8 +76,9 @@ in
relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency,
so the <code>nixos</code> in the default value is in fact a
relative path. The <code>config</code>, <code>overlays</code>
and <code>system</code> come from this option's siblings.
relative path. The <code>config</code>, <code>overlays</code>,
<code>localSystem</code>, and <code>crossSystem</code> come
from this option's siblings.
This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend
@ -130,13 +134,40 @@ in
'';
};
crossSystem = mkOption {
type = types.nullOr types.attrs;
default = null;
localSystem = mkOption {
type = types.attrs; # TODO utilize lib.systems.parsedPlatform
default = { system = builtins.currentSystem; };
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
defaultText = literalExample
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = ''
The description of the system we're cross-compiling to, or null
if this isn't a cross-compile. See the description of the
crossSystem argument in the nixpkgs manual.
Specifies the platform on which NixOS should be built. When
<code>nixpkgs.crossSystem</code> is unset, it also specifies
the platform <emphasis>for</emphasis> which NixOS should be
built. If this option is unset, it defaults to the platform
type of the machine where evaluation happens. Specifying this
option is useful when doing distributed multi-platform
deployment, or when building virtual machines. See its
description in the Nixpkgs manual for more details.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
crossSystem = mkOption {
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
default = null;
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
defaultText = literalExample
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = ''
Specifies the platform for which NixOS should be
built. Specify this only if it is different from
<code>nixpkgs.localSystem</code>, the platform
<emphasis>on</emphasis> which NixOS should be built. In other
words, specify this to cross-compile NixOS. Otherwise it
should be set as null, the default. See its description in the
Nixpkgs manual for more details.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
@ -146,10 +177,20 @@ in
type = types.str;
example = "i686-linux";
description = ''
Specifies the Nix platform type for which NixOS should be built.
If unset, it defaults to the platform type of your host system.
Specifying this option is useful when doing distributed
multi-platform deployment, or when building virtual machines.
Specifies the Nix platform type on which NixOS should be built.
It is better to specify <code>nixpkgs.localSystem</code> instead.
<programlisting>
{
nixpkgs.system = ..;
}
</programlisting>
is the same as
<programlisting>
{
nixpkgs.localSystem.system = ..;
}
</programlisting>
See <code>nixpkgs.localSystem</code> for more information.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';

View file

@ -16,21 +16,6 @@ in
options.system = {
# XXX: Reintroduce old options to make nixops before 1.6 able to evaluate configurations
# XXX: Remove after nixops has been bumped to a compatible version
nixosVersion = mkOption {
readOnly = true;
internal = true;
type = types.str;
default = config.system.nixos.version;
};
nixosVersionSuffix = mkOption {
readOnly = true;
internal = true;
type = types.str;
default = config.system.nixos.versionSuffix;
};
nixos.version = mkOption {
internal = true;
type = types.str;

View file

@ -166,6 +166,7 @@
./services/backup/crashplan-small-business.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
./services/backup/restic.nix
./services/backup/rsnapshot.nix
./services/backup/tarsnap.nix
./services/backup/znapzend.nix
@ -533,7 +534,7 @@
./services/networking/prayer.nix
./services/networking/privoxy.nix
./services/networking/prosody.nix
# ./services/networking/quagga.nix
./services/networking/quagga.nix
./services/networking/quassel.nix
./services/networking/racoon.nix
./services/networking/radicale.nix
@ -559,6 +560,7 @@
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix
./services/networking/strongswan.nix
./services/networking/strongswan-swanctl/module.nix
./services/networking/stunnel.nix
./services/networking/supplicant.nix
./services/networking/supybot.nix

View file

@ -23,6 +23,8 @@ with lib;
(config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
in if enabled then [ pkgs.gutenprint ] else [ ]))
(mkRenamedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ])
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
@ -187,22 +189,20 @@ with lib;
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "kde5" ] [ "services" "xserver" "desktopManager" "plasma5" ])
# Fontconfig
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "config" "fonts" "fontconfig" "allowBitmaps" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowType1" ] [ "config" "fonts" "fontconfig" "allowType1" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "config" "fonts" "fontconfig" "useEmbeddedBitmaps" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "config" "fonts" "fontconfig" "forceAutohint" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "config" "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "fonts" "fontconfig" "allowBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowType1" ] [ "fonts" "fontconfig" "allowType1" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "fonts" "fontconfig" "useEmbeddedBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "fonts" "fontconfig" "forceAutohint" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
# Profile splitting
(mkRenamedOptionModule [ "virtualization" "growPartition" ] [ "boot" "growPartition" ])
# misc/version.nix
#(mkRenamedOptionModule [ "config" "system" "nixosVersion" ] [ "config" "system" "nixos" "version" ])
(mkRenamedOptionModule [ "config" "system" "nixosRelease" ] [ "config" "system" "nixos" "release" ])
#(mkRenamedOptionModule [ "config" "system" "nixosVersionSuffix" ] [ "config" "system" "nixos" "versionSuffix" ])
(mkRenamedOptionModule [ "config" "system" "nixosRevision" ] [ "config" "system" "nixos" "revision" ])
(mkRenamedOptionModule [ "config" "system" "nixosCodeName" ] [ "config" "system" "nixos" "codeName" ])
(mkRenamedOptionModule [ "config" "system" "nixosLabel" ] [ "config" "system" "nixos" "label" ])
(mkRenamedOptionModule [ "system" "nixosVersion" ] [ "system" "nixos" "version" ])
(mkRenamedOptionModule [ "system" "nixosVersionSuffix" ] [ "system" "nixos" "versionSuffix" ])
(mkRenamedOptionModule [ "system" "nixosRevision" ] [ "system" "nixos" "revision" ])
(mkRenamedOptionModule [ "system" "nixosLabel" ] [ "system" "nixos" "label" ])
# Users
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])

View file

@ -240,6 +240,7 @@ in
};
selfsignedService = {
description = "Create preliminary self-signed certificate for ${cert}";
path = [ pkgs.openssl ];
preStart = ''
if [ ! -d '${cpath}' ]
then
@ -250,37 +251,41 @@ in
'';
script =
''
# Create self-signed key
workdir="/run/acme-selfsigned-${cert}"
${pkgs.openssl.bin}/bin/openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
${pkgs.openssl.bin}/bin/openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
${pkgs.openssl.bin}/bin/openssl req -new -key $workdir/server.key -out $workdir/server.csr \
workdir="$(mktemp -d)"
# Create CA
openssl genrsa -des3 -passout pass:x -out $workdir/ca.pass.key 2048
openssl rsa -passin pass:x -in $workdir/ca.pass.key -out $workdir/ca.key
openssl req -new -key $workdir/ca.key -out $workdir/ca.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=Security Department/CN=example.com"
openssl x509 -req -days 1 -in $workdir/ca.csr -signkey $workdir/ca.key -out $workdir/ca.crt
# Create key
openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
openssl req -new -key $workdir/server.key -out $workdir/server.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
${pkgs.openssl.bin}/bin/openssl x509 -req -days 1 -in $workdir/server.csr -signkey $workdir/server.key -out $workdir/server.crt
openssl x509 -req -days 1 -in $workdir/server.csr -CA $workdir/ca.crt \
-CAkey $workdir/ca.key -CAserial $workdir/ca.srl -CAcreateserial \
-out $workdir/server.crt
# Move key to destination
mv $workdir/server.key ${cpath}/key.pem
mv $workdir/server.crt ${cpath}/fullchain.pem
# Copy key to destination
cp $workdir/server.key ${cpath}/key.pem
# Create full.pem for e.g. lighttpd (same format as "simp_le ... -f full.pem" creates)
cat "${cpath}/key.pem" "${cpath}/fullchain.pem" > "${cpath}/full.pem"
# Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates)
cat $workdir/{server.crt,ca.crt} > "${cpath}/fullchain.pem"
# Clean up working directory
rm $workdir/server.csr
rm $workdir/server.pass.key
# Create full.pem for e.g. lighttpd
cat $workdir/{server.key,server.crt,ca.crt} > "${cpath}/full.pem"
# Give key acme permissions
chmod ${rights} '${cpath}/key.pem'
chown '${data.user}:${data.group}' '${cpath}/key.pem'
chmod ${rights} '${cpath}/fullchain.pem'
chown '${data.user}:${data.group}' '${cpath}/fullchain.pem'
chmod ${rights} '${cpath}/full.pem'
chown '${data.user}:${data.group}' '${cpath}/full.pem'
chown '${data.user}:${data.group}' "${cpath}/"{key,fullchain,full}.pem
chmod ${rights} "${cpath}/"{key,fullchain,full}.pem
'';
serviceConfig = {
Type = "oneshot";
RuntimeDirectory = "acme-selfsigned-${cert}";
PermissionsStartOnly = true;
PrivateTmp = true;
User = data.user;
Group = data.group;
};

View file

@ -234,6 +234,11 @@ let
password, KDE will prompt separately after login.
'';
};
sssdStrictAccess = mkOption {
default = false;
type = types.bool;
description = "enforce sssd access control";
};
enableGnomeKeyring = mkOption {
default = false;
@ -264,11 +269,13 @@ let
text = mkDefault
(''
# Account management.
account sufficient pam_unix.so
account ${if cfg.sssdStrictAccess then "required" else "sufficient"} pam_unix.so
${optionalString use_ldap
"account sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
${optionalString config.services.sssd.enable
${optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false)
"account sufficient ${pkgs.sssd}/lib/security/pam_sss.so"}
${optionalString (config.services.sssd.enable && cfg.sssdStrictAccess)
"account [default=bad success=ok user_unknown=ignore] ${pkgs.sssd}/lib/security/pam_sss.so"}
${optionalString config.krb5.enable
"account sufficient ${pam_krb5}/lib/security/pam_krb5.so"}

View file

@ -0,0 +1,150 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.services.restic.backups = mkOption {
description = ''
Periodic backups to create with Restic.
'';
type = types.attrsOf (types.submodule ({ name, config, ... }: {
options = {
passwordFile = mkOption {
type = types.str;
description = ''
Read the repository password from a file.
'';
example = "/etc/nixos/restic-password";
};
repository = mkOption {
type = types.str;
description = ''
repository to backup to.
'';
example = "sftp:backup@192.168.1.100:/backups/${name}";
};
paths = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Which paths to backup.
'';
example = [
"/var/lib/postgresql"
"/home/user/backup"
];
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = {
OnCalendar = "daily";
};
description = ''
When to run the backup. See man systemd.timer for details.
'';
example = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
user = mkOption {
type = types.str;
default = "root";
description = ''
As which user the backup should run.
'';
example = "postgresql";
};
extraBackupArgs = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra arguments passed to restic backup.
'';
example = [
"--exclude-file=/etc/nixos/restic-ignore"
];
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra extended options to be passed to the restic --option flag.
'';
example = [
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'"
];
};
initialize = mkOption {
type = types.bool;
default = false;
description = ''
Create the repository if it doesn't exist.
'';
};
};
}));
default = {};
example = {
localbackup = {
paths = [ "/home" ];
repository = "/mnt/backup-hdd";
passwordFile = "/etc/nixos/secrets/restic-password";
initialize = true;
};
remotebackup = {
paths = [ "/home" ];
repository = "sftp:backup@host:/backups/home";
passwordFile = "/etc/nixos/secrets/restic-password";
extraOptions = [
"sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'"
];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
};
};
config = {
systemd.services =
mapAttrs' (name: backup:
let
extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions;
connectTo = elemAt (splitString ":" backup.repository) 1;
resticCmd = "${pkgs.restic}/bin/restic${extraOptions}";
in nameValuePair "restic-backups-${name}" ({
environment = {
RESTIC_PASSWORD_FILE = backup.passwordFile;
RESTIC_REPOSITORY = backup.repository;
};
path = with pkgs; [
openssh
];
restartIfChanged = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${concatStringsSep " " backup.paths}";
User = backup.user;
};
} // optionalAttrs backup.initialize {
preStart = ''
${resticCmd} snapshots || ${resticCmd} init
'';
})
) config.services.restic.backups;
systemd.timers =
mapAttrs' (name: backup: nameValuePair "restic-backups-${name}" {
wantedBy = [ "timers.target" ];
timerConfig = backup.timerConfig;
}) config.services.restic.backups;
};
}

View file

@ -6,6 +6,13 @@ let
cfg = config.services.boinc;
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
fhsEnv = pkgs.buildFHSUserEnv {
name = "boinc-fhs-env";
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
runScript = "/bin/boinc_client";
};
fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}";
in
{
options.services.boinc = {
@ -49,6 +56,43 @@ in
See also: <link xlink:href="http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access"/>
'';
};
extraEnvPackages = mkOption {
type = types.listOf types.package;
default = [];
example = "[ pkgs.virtualbox ]";
description = ''
Additional packages to make available in the environment in which
BOINC will run. Common choices are:
<variablelist>
<varlistentry>
<term><varname>pkgs.virtualbox</varname></term>
<listitem><para>
The VirtualBox virtual machine framework. Required by some BOINC
projects, such as ATLAS@home.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.ocl-icd</varname></term>
<listitem><para>
OpenCL infrastructure library. Required by BOINC projects that
use OpenCL, in addition to a device-specific OpenCL driver.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.linuxPackages.nvidia_x11</varname></term>
<listitem><para>
Provides CUDA libraries. Required by BOINC projects that use
CUDA. Note that this requires an NVIDIA graphics device to be
present on the system.
</para><para>
Also provides OpenCL drivers for NVIDIA GPUs;
<varname>pkgs.ocl-icd</varname> is also needed in this case.
</para></listitem>
</varlistentry>
</variablelist>
'';
};
};
config = mkIf cfg.enable {
@ -70,7 +114,7 @@ in
chown boinc ${cfg.dataDir}
'';
script = ''
${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root

View file

@ -22,7 +22,7 @@ let
web_root = ${cfg.package}/etc/pgmanage/web_root
data_root = ${cfg.dataRoot}
sql_root = ${cfg.sqlRoot}
${optionalString (!isNull cfg.tls) ''
tls_cert = ${cfg.tls.cert}
@ -130,7 +130,7 @@ let
'';
};
dataRoot = mkOption {
sqlRoot = mkOption {
type = types.str;
default = "/var/lib/pgmanage";
description = ''
@ -210,7 +210,7 @@ in {
users."${pgmanage}" = {
name = pgmanage;
group = pgmanage;
home = cfg.dataRoot;
home = cfg.sqlRoot;
createHome = true;
};
groups."${pgmanage}" = {

View file

@ -3,8 +3,8 @@
with lib;
let
bluez-bluetooth = pkgs.bluez;
cfg = config.hardware.bluetooth;
bluez-bluetooth = cfg.package;
in {
@ -21,6 +21,16 @@ in {
description = "Whether to power up the default Bluetooth controller on boot.";
};
package = mkOption {
type = types.package;
default = pkgs.bluez;
defaultText = "pkgs.bluez";
example = "pkgs.bluez.override { enableMidi = true; }";
description = ''
Which BlueZ package to use.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";

View file

@ -158,7 +158,7 @@ in
services.dysnomia.properties = {
hostname = config.networking.hostName;
system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system;
inherit (config.nixpkgs.localSystem) system;
supportedTypes = (import "${pkgs.stdenv.mkDerivation {
name = "supportedtypes";

View file

@ -32,6 +32,14 @@ in
'';
};
gitwebTheme = mkOption {
default = false;
type = types.bool;
description = ''
Use an alternative theme for gitweb, strongly inspired by GitHub.
'';
};
gitwebConfigFile = mkOption {
default = pkgs.writeText "gitweb.conf" ''
# path to git projects (<project>.git)

View file

@ -213,7 +213,7 @@ in {
PermissionsStartOnly = true;
};
preStart = ''
mkdir -m 0700 -p ${cfg.workDir}
mkdir -m 0701 -p ${cfg.workDir}
'';
};
};

View file

@ -23,7 +23,7 @@ let
options =
let
scrubbedEval = evalModules {
modules = [ { nixpkgs.system = config.nixpkgs.system; } ] ++ baseModules;
modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
};

View file

@ -20,6 +20,7 @@ let
exporterOpts = {
blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; };
collectd = import ./exporters/collectd.nix { inherit config lib pkgs; };
dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; };
fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; };
json = import ./exporters/json.nix { inherit config lib pkgs; };
minio = import ./exporters/minio.nix { inherit config lib pkgs; };

View file

@ -0,0 +1,50 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.dovecot;
in
{
port = 9166;
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
socketPath = mkOption {
type = types.path;
default = "/var/run/dovecot/stats";
example = "/var/run/dovecot2/stats";
description = ''
Path under which the stats socket is placed.
The user/group under which the exporter runs,
should be able to access the socket in order
to scrape the metrics successfully.
'';
};
scopes = mkOption {
type = types.listOf types.str;
default = [ "user" ];
example = [ "user" "global" ];
description = ''
Stats scopes to query.
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
--dovecot.socket-path ${cfg.socketPath} \
--dovecot.scopes ${concatStringsSep "," cfg.scopes} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

View file

@ -32,6 +32,33 @@ in
Path where Postfix places it's showq socket.
'';
};
systemd = {
enable = mkEnableOption ''
reading metrics from the systemd-journal instead of from a logfile
'';
unit = mkOption {
type = types.str;
default = "postfix.service";
description = ''
Name of the postfix systemd unit.
'';
};
slice = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Name of the postfix systemd slice.
This overrides the <option>systemd.unit</option>.
'';
};
journalPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to the systemd journal.
'';
};
};
};
serviceOpts = {
serviceConfig = {
@ -39,7 +66,15 @@ in
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${concatStringsSep " \\\n " cfg.extraFlags}
--postfix.showq_path ${cfg.showqPath} \
${concatStringsSep " \\\n " (cfg.extraFlags
++ optional cfg.systemd.enable "--systemd.enable"
++ optional cfg.systemd.enable (if cfg.systemd.slice != null
then "--systemd.slice ${cfg.systemd.slice}"
else "--systemd.unit ${cfg.systemd.unit}")
++ optional (cfg.systemd.enable && (cfg.systemd.journalPath != null))
"--systemd.jounal_path ${cfg.systemd.journalPath}"
++ optional (!cfg.systemd.enable) "--postfix.logfile_path ${cfg.logfilePath}")}
'';
};
};

View file

@ -3,24 +3,24 @@
let
cfg = config.services.ddclient;
boolToStr = bool: if bool then "yes" else "no";
dataDir = "/var/lib/ddclient";
configText = ''
# This file can be used as a template for configFile or is automatically generated by Nix options.
daemon=${toString cfg.interval}
cache=${cfg.homeDir}/ddclient.cache
pid=/run/ddclient/ddclient.pid
foreground=NO
cache=${dataDir}/ddclient.cache
foreground=YES
use=${cfg.use}
login=${cfg.username}
password=${cfg.password}
protocol=${cfg.protocol}
${let server = cfg.server; in
lib.optionalString (server != "") "server=${server}"}
${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
ssl=${boolToStr cfg.ssl}
wildcard=YES
quiet=${boolToStr cfg.quiet}
verbose=${boolToStr cfg.verbose}
${cfg.domain}
${lib.concatStringsSep "," cfg.domains}
${cfg.extraConfig}
'';
@ -44,17 +44,11 @@ with lib;
'';
};
homeDir = mkOption {
default = "/var/lib/ddclient";
type = str;
description = "Home directory for the daemon user.";
};
domain = mkOption {
default = "";
type = str;
domains = mkOption {
default = [ "" ];
type = listOf str;
description = ''
Domain name to synchronize.
Domain name(s) to synchronize.
'';
};
@ -75,9 +69,12 @@ with lib;
};
interval = mkOption {
default = 600;
type = int;
description = "The interval at which to run the check and update.";
default = "10min";
type = str;
description = ''
The interval at which to run the check and update.
See <command>man 7 systemd.time</command> for the format.
'';
};
configFile = mkOption {
@ -95,7 +92,7 @@ with lib;
default = "dyndns2";
type = str;
description = ''
Protocol to use with dynamic DNS provider (see http://sourceforge.net/apps/trac/ddclient/wiki/Protocols).
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
'';
};
@ -115,11 +112,20 @@ with lib;
'';
};
extraConfig = mkOption {
default = "";
type = lines;
quiet = mkOption {
default = false;
type = bool;
description = ''
Extra configuration. Contents will be added verbatim to the configuration file.
Print no messages for unnecessary updates.
'';
};
script = mkOption {
default = "";
type = str;
description = ''
script as required by some providers.
'';
};
@ -139,11 +145,19 @@ with lib;
'';
};
quiet = mkOption {
default = false;
type = bool;
zone = mkOption {
default = "";
type = str;
description = ''
Print no messages for unnecessary updates.
zone as required by some providers.
'';
};
extraConfig = mkOption {
default = "";
type = lines;
description = ''
Extra configuration. Contents will be added verbatim to the configuration file.
'';
};
};
@ -153,23 +167,8 @@ with lib;
###### implementation
config = mkIf config.services.ddclient.enable {
users = {
extraGroups.ddclient.gid = config.ids.gids.ddclient;
extraUsers.ddclient = {
uid = config.ids.uids.ddclient;
description = "ddclient daemon user";
group = "ddclient";
home = cfg.homeDir;
createHome = true;
};
};
environment.etc."ddclient.conf" = {
enable = cfg.configFile == "/etc/ddclient.conf";
uid = config.ids.uids.ddclient;
gid = config.ids.gids.ddclient;
mode = "0600";
text = configText;
};
@ -180,15 +179,22 @@ with lib;
after = [ "network.target" ];
restartTriggers = [ config.environment.etc."ddclient.conf".source ];
serviceConfig = {
RuntimeDirectory = "ddclient";
# we cannot run in forking mode as it swallows all the program output
Type = "simple";
User = "ddclient";
Group = "ddclient";
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -foreground -file ${cfg.configFile}";
ProtectSystem = "full";
PrivateTmp = true;
serviceConfig = rec {
DynamicUser = true;
RuntimeDirectory = StateDirectory;
StateDirectory = builtins.baseNameOf dataDir;
Type = "oneshot";
ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m666 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf";
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
};
};
systemd.timers.ddclient = {
description = "Run ddclient";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = cfg.interval;
OnUnitInactiveSec = cfg.interval;
};
};
};

View file

@ -26,7 +26,7 @@ in {
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.iwd}/bin/iwd";
serviceConfig.ExecStart = "${pkgs.iwd}/libexec/iwd";
};
};

View file

@ -80,7 +80,7 @@ in
pidfile = mkOption {
type = types.path;
default = "/tmp/murmurd.pid";
default = "/run/murmur/murmurd.pid";
description = "Path to PID file for Murmur daemon.";
};
@ -252,6 +252,7 @@ in
serviceConfig = {
Type = "forking";
RuntimeDirectory = "murmur";
PIDFile = cfg.pidfile;
Restart = "always";
User = "murmur";

View file

@ -251,6 +251,46 @@ let
'';
};
dnssec = mkEnableOption "DNSSEC";
dnssecPolicy = {
algorithm = mkOption {
type = types.str;
default = "RSASHA256";
description = "Which algorithm to use for DNSSEC";
};
keyttl = mkOption {
type = types.str;
default = "1h";
description = "TTL for dnssec records";
};
coverage = mkOption {
type = types.str;
default = "1y";
description = ''
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
'';
};
zsk = mkOption {
type = keyPolicy;
default = { keySize = 2048;
prePublish = "1w";
postPublish = "1w";
rollPeriod = "1mo";
};
description = "Key policy for zone signing keys";
};
ksk = mkOption {
type = keyPolicy;
default = { keySize = 4096;
prePublish = "1mo";
postPublish = "1mo";
rollPeriod = "0";
};
description = "Key policy for key signing keys";
};
};
maxRefreshSecs = mkOption {
type = types.nullOr types.int;
default = null;
@ -367,10 +407,61 @@ let
and stats_noreset.
'';
};
};
};
keyPolicy = types.submodule {
options = {
keySize = mkOption {
type = types.int;
description = "Key size in bits";
};
prePublish = mkOption {
type = types.str;
description = "How long in advance to publish new keys";
};
postPublish = mkOption {
type = types.str;
description = "How long after deactivation to keep a key in the zone";
};
rollPeriod = mkOption {
type = types.str;
description = "How frequently to change keys";
};
};
};
dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs);
dnssec = length (attrNames dnssecZones) != 0;
signZones = optionalString dnssec ''
mkdir -p ${stateDir}/dnssec
chown ${username}:${username} ${stateDir}/dnssec
chmod 0600 ${stateDir}/dnssec
${concatStrings (mapAttrsToList signZone dnssecZones)}
'';
signZone = name: zone: ''
${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name}
${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
'';
policyFile = name: policy: pkgs.writeText "${name}.policy" ''
zone ${name} {
algorithm ${policy.algorithm};
key-size zsk ${toString policy.zsk.keySize};
key-size ksk ${toString policy.ksk.keySize};
keyttl ${policy.keyttl};
pre-publish zsk ${policy.zsk.prePublish};
pre-publish ksk ${policy.ksk.prePublish};
post-publish zsk ${policy.zsk.postPublish};
post-publish ksk ${policy.ksk.postPublish};
roll-period zsk ${policy.zsk.rollPeriod};
roll-period ksk ${policy.ksk.rollPeriod};
coverage ${policy.coverage};
};
'';
in
{
# options are ordered alphanumerically
@ -380,6 +471,14 @@ in
bind8Stats = mkEnableOption "BIND8 like statistics";
dnssecInterval = mkOption {
type = types.str;
default = "1h";
description = ''
How often to check whether dnssec key rollover is required
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
@ -741,7 +840,6 @@ in
};
zones = mkOption {
type = types.attrsOf zoneOptions;
default = {};
@ -785,7 +883,6 @@ in
serverGroup1.
'';
};
};
config = mkIf cfg.enable {
@ -832,9 +929,9 @@ in
mkdir -m 0700 -p "${stateDir}/var"
cat > "${stateDir}/don't touch anything in here" << EOF
Everything in this directory except NSD's state in var is
automatically generated and will be purged and redeployed
by the nsd.service pre-start script.
Everything in this directory except NSD's state in var and dnssec
is automatically generated and will be purged and redeployed by
the nsd.service pre-start script.
EOF
chown ${username}:${username} -R "${stateDir}/private"
@ -848,6 +945,34 @@ in
'';
};
nixpkgs.config = mkIf dnssec {
bind.enablePython = true;
};
systemd.timers."nsd-dnssec" = mkIf dnssec {
description = "Automatic DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
timerConfig = {
OnActiveSec = cfg.dnssecInterval;
OnUnitActiveSec = cfg.dnssecInterval;
};
};
systemd.services."nsd-dnssec" = mkIf dnssec {
description = "DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
before = [ "nsd.service" ];
script = signZones;
postStop = ''
${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service
'';
};
};
meta.maintainers = with lib.maintainers; [ hrdinka ];

View file

@ -65,7 +65,7 @@ let
path = [ pkgs.iptables pkgs.iproute pkgs.nettools ];
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}";
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --suppress-timestamps --config ${configFile}";
serviceConfig.Restart = "always";
serviceConfig.Type = "notify";
};

View file

@ -133,7 +133,7 @@ in
users.groups = {
quagga = {};
# Members of the quaggavty group can use vtysh to inspect the Quagga daemons
quaggavty = {};
quaggavty = { members = [ "quagga" ]; };
};
systemd.services =

View file

@ -213,6 +213,65 @@ in
description = "Files from which authorized keys are read.";
};
kexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
description = ''
Allowed key exchange algorithms
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
ciphers = mkOption {
type = types.listOf types.str;
default = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
description = ''
Allowed ciphers
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
macs = mkOption {
type = types.listOf types.str;
default = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = ''
Allowed MACs
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
@ -363,14 +422,9 @@ in
HostKey ${k.path}
'')}
### Recommended settings from both:
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
# and
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
Ciphers ${concatStringsSep "," cfg.ciphers}
MACs ${concatStringsSep "," cfg.macs}
# LogLevel VERBOSE logs user's key fingerprint on login.
# Needed to have a clear audit track of which key was used to log in.

View file

@ -0,0 +1,82 @@
{ config, lib, pkgs, ... }:
with lib;
with (import ./param-lib.nix lib);
let
cfg = config.services.strongswan-swanctl;
swanctlParams = import ./swanctl-params.nix lib;
in {
options.services.strongswan-swanctl = {
enable = mkEnableOption "strongswan-swanctl service";
package = mkOption {
type = types.package;
default = pkgs.strongswan;
defaultText = "pkgs.strongswan";
description = ''
The strongswan derivation to use.
'';
};
strongswan.extraConfig = mkOption {
type = types.str;
default = "";
description = ''
Contents of the <literal>strongswan.conf</literal> file.
'';
};
swanctl = paramsToOptions swanctlParams;
};
config = mkIf cfg.enable {
assertions = [
{ assertion = !config.services.strongswan.enable;
message = "cannot enable both services.strongswan and services.strongswan-swanctl. Choose either one.";
}
];
environment.etc."swanctl/swanctl.conf".text =
paramsToConf cfg.swanctl swanctlParams;
# The swanctl command complains when the following directories don't exist:
# See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctldirectory
system.activationScripts.strongswan-swanctl-etc = stringAfter ["etc"] ''
mkdir -p '/etc/swanctl/x509' # Trusted X.509 end entity certificates
mkdir -p '/etc/swanctl/x509ca' # Trusted X.509 Certificate Authority certificates
mkdir -p '/etc/swanctl/x509ocsp'
mkdir -p '/etc/swanctl/x509aa' # Trusted X.509 Attribute Authority certificates
mkdir -p '/etc/swanctl/x509ac' # Attribute Certificates
mkdir -p '/etc/swanctl/x509crl' # Certificate Revocation Lists
mkdir -p '/etc/swanctl/pubkey' # Raw public keys
mkdir -p '/etc/swanctl/private' # Private keys in any format
mkdir -p '/etc/swanctl/rsa' # PKCS#1 encoded RSA private keys
mkdir -p '/etc/swanctl/ecdsa' # Plain ECDSA private keys
mkdir -p '/etc/swanctl/bliss'
mkdir -p '/etc/swanctl/pkcs8' # PKCS#8 encoded private keys of any type
mkdir -p '/etc/swanctl/pkcs12' # PKCS#12 containers
'';
systemd.services.strongswan-swanctl = {
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "keys.target" ];
wants = [ "keys.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ];
environment.STRONGSWAN_CONF = pkgs.writeTextFile {
name = "strongswan.conf";
text = cfg.strongswan.extraConfig;
};
restartTriggers = [ config.environment.etc."swanctl/swanctl.conf".source ];
serviceConfig = {
ExecStart = "${cfg.package}/sbin/charon-systemd";
Type = "notify";
ExecStartPost = "${cfg.package}/sbin/swanctl --load-all --noprompt";
ExecReload = "${cfg.package}/sbin/swanctl --reload";
Restart = "on-abnormal";
};
};
};
}

View file

@ -0,0 +1,162 @@
# In the following context a parameter is an attribute set that
# contains a NixOS option and a render function. It also contains the
# attribute: '_type = "param"' so we can distinguish it from other
# sets.
#
# The render function is used to convert the value of the option to a
# snippet of strongswan.conf. Most parameters simply render their
# value to a string. For example, take the following parameter:
#
# threads = mkIntParam 10 "Threads to use for request handling.";
#
# When a users defines the corresponding option as for example:
#
# services.strongswan-swanctl.strongswan.threads = 32;
#
# It will get rendered to the following snippet in strongswan.conf:
#
# threads = 32
#
# Some parameters however need to be able to change the attribute
# name. For example, take the following parameter:
#
# id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") "...";
#
# A user can define the corresponding option as for example:
#
# id = {
# "foo" = "bar";
# "baz" = "qux";
# };
#
# This will get rendered to the following snippet:
#
# foo-id = bar
# baz-id = qux
#
# For this reason the render function is not simply a function from
# value -> string but a function from a value to an attribute set:
# { "${name}" = string }. This allows parameters to change the attribute
# name like in the previous example.
lib :
with lib;
with (import ./param-lib.nix lib);
rec {
mkParamOfType = type : strongswanDefault : description : {
_type = "param";
option = mkOption {
type = types.nullOr type;
default = null;
description = documentDefault description strongswanDefault;
};
render = single toString;
};
documentDefault = description : strongswanDefault :
if isNull strongswanDefault
then description
else description + ''
</para><para>
StrongSwan default: <literal><![CDATA[${builtins.toJSON strongswanDefault}]]></literal>
'';
single = f: name: value: { "${name}" = f value; };
mkStrParam = mkParamOfType types.str;
mkOptionalStrParam = mkStrParam null;
mkEnumParam = values : mkParamOfType (types.enum values);
mkIntParam = mkParamOfType types.int;
mkOptionalIntParam = mkIntParam null;
# We should have floats in Nix...
mkFloatParam = mkStrParam;
# TODO: Check for hex format:
mkHexParam = mkStrParam;
mkOptionalHexParam = mkOptionalStrParam;
# TODO: Check for duration format:
mkDurationParam = mkStrParam;
mkOptionalDurationParam = mkOptionalStrParam;
mkYesNoParam = strongswanDefault : description : {
_type = "param";
option = mkOption {
type = types.nullOr types.bool;
default = null;
description = documentDefault description strongswanDefault;
};
render = single (b: if b then "yes" else "no");
};
yes = true;
no = false;
mkSpaceSepListParam = mkSepListParam " ";
mkCommaSepListParam = mkSepListParam ",";
mkSepListParam = sep : strongswanDefault : description : {
_type = "param";
option = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = documentDefault description strongswanDefault;
};
render = single (value: concatStringsSep sep value);
};
mkAttrsOfParams = params :
mkAttrsOf params (types.submodule {options = paramsToOptions params;});
mkAttrsOfParam = param :
mkAttrsOf param param.option.type;
mkAttrsOf = param : option : description : {
_type = "param";
option = mkOption {
type = types.attrsOf option;
default = {};
inherit description;
};
render = single (attrs:
(paramsToRenderedStrings attrs
(mapAttrs (_n: _v: param) attrs)));
};
mkPrefixedAttrsOfParams = params :
mkPrefixedAttrsOf params (types.submodule {options = paramsToOptions params;});
mkPrefixedAttrsOfParam = param :
mkPrefixedAttrsOf param param.option.type;
mkPrefixedAttrsOf = p : option : description : {
_type = "param";
option = mkOption {
type = types.attrsOf option;
default = {};
inherit description;
};
render = prefix: attrs:
let prefixedAttrs = mapAttrs' (name: nameValuePair "${prefix}-${name}") attrs;
in paramsToRenderedStrings prefixedAttrs
(mapAttrs (_n: _v: p) prefixedAttrs);
};
mkPostfixedAttrsOfParams = params : description : {
_type = "param";
option = mkOption {
type = types.attrsOf (types.submodule {options = paramsToOptions params;});
default = {};
inherit description;
};
render = postfix: attrs:
let postfixedAttrs = mapAttrs' (name: nameValuePair "${name}-${postfix}") attrs;
in paramsToRenderedStrings postfixedAttrs
(mapAttrs (_n: _v: params) postfixedAttrs);
};
}

View file

@ -0,0 +1,82 @@
lib :
with lib;
rec {
paramsToConf = cfg : ps : mkConf 0 (paramsToRenderedStrings cfg ps);
# mkConf takes an indentation level (which usually starts at 0) and a nested
# attribute set of strings and will render that set to a strongswan.conf style
# configuration format. For example:
#
# mkConf 0 {a = "1"; b = { c = { "foo" = "2"; "bar" = "3"; }; d = "4";};} => ''
# a = 1
# b {
# c {
# foo = 2
# bar = 3
# }
# d = 4
# }''
mkConf = indent : ps :
concatMapStringsSep "\n"
(name:
let value = ps."${name}";
indentation = replicate indent " ";
in
indentation + (
if isAttrs value
then "${name} {\n" +
mkConf (indent + 2) value + "\n" +
indentation + "}"
else "${name} = ${value}"
)
)
(attrNames ps);
replicate = n : c : concatStrings (builtins.genList (_x : c) n);
# `paramsToRenderedStrings cfg ps` converts the NixOS configuration `cfg`
# (typically the "config" argument of a NixOS module) and the set of
# parameters `ps` (an attribute set where the values are constructed using the
# parameter constructors in ./param-constructors.nix) to a nested attribute
# set of strings (rendered parameters).
paramsToRenderedStrings = cfg : ps :
filterEmptySets (
(mapParamsRecursive (path: name: param:
let value = attrByPath path null cfg;
in optionalAttrs (!isNull value) (param.render name value)
) ps));
filterEmptySets = set : filterAttrs (n: v: !(isNull v)) (mapAttrs (name: value:
if isAttrs value
then let value' = filterEmptySets value;
in if value' == {}
then null
else value'
else value
) set);
# Recursively map over every parameter in the given attribute set.
mapParamsRecursive = mapAttrsRecursiveCond' (as: (!(as ? "_type" && as._type == "param")));
mapAttrsRecursiveCond' = cond: f: set:
let
recurse = path: set:
let
g =
name: value:
if isAttrs value && cond value
then { "${name}" = recurse (path ++ [name]) value; }
else f (path ++ [name]) name value;
in mapAttrs'' g set;
in recurse [] set;
mapAttrs'' = f: set:
foldl' (a: b: a // b) {} (map (attr: f attr set.${attr}) (attrNames set));
# Extract the options from the given set of parameters.
paramsToOptions = ps :
mapParamsRecursive (_path: name: param: { "${name}" = param.option; }) ps;
}

File diff suppressed because it is too large Load diff

View file

@ -53,30 +53,30 @@ let
};
preSetup = mkOption {
example = literalExample [''
example = literalExample ''
${pkgs.iproute}/bin/ip netns add foo
''];
default = [];
type = with types; listOf str;
'';
default = "";
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
description = ''
A list of commands called at the start of the interface setup.
Commands called at the start of the interface setup.
'';
};
postSetup = mkOption {
example = literalExample [''
${pkgs.bash} -c 'printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0'
''];
default = [];
type = with types; listOf str;
description = "A list of commands called at the end of the interface setup.";
example = literalExample ''
printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
'';
default = "";
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
description = "Commands called at the end of the interface setup.";
};
postShutdown = mkOption {
example = literalExample ["${pkgs.openresolv}/bin/resolvconf -d wg0"];
default = [];
type = with types; listOf str;
description = "A list of commands called after shutting down the interface.";
example = literalExample "${pkgs.openresolv}/bin/resolvconf -d wg0";
default = "";
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
description = "Commands called after shutting down the interface.";
};
table = mkOption {
@ -182,9 +182,6 @@ let
};
ipCommand = "${pkgs.iproute}/bin/ip";
wgCommand = "${pkgs.wireguard}/bin/wg";
generateUnit = name: values:
# exactly one way to specify the private key must be set
assert (values.privateKey != null) != (values.privateKeyFile != null);
@ -196,49 +193,53 @@ let
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.DEVICE = name;
path = with pkgs; [ kmod iproute wireguard ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = flatten([
values.preSetup
};
"-${ipCommand} link del dev ${name}"
"${ipCommand} link add dev ${name} type wireguard"
script = ''
modprobe wireguard
(map (ip:
"${ipCommand} address add ${ip} dev ${name}"
) values.ips)
${values.preSetup}
("${wgCommand} set ${name} private-key ${privKey}" +
optionalString (values.listenPort != null) " listen-port ${toString values.listenPort}")
ip link add dev ${name} type wireguard
(map (peer:
${concatMapStringsSep "\n" (ip:
"ip address add ${ip} dev ${name}"
) values.ips}
wg set ${name} private-key ${privKey} ${
optionalString (values.listenPort != null) " listen-port ${toString values.listenPort}"}
${concatMapStringsSep "\n" (peer:
assert (peer.presharedKeyFile == null) || (peer.presharedKey == null); # at most one of the two must be set
let psk = if peer.presharedKey != null then pkgs.writeText "wg-psk" peer.presharedKey else peer.presharedKeyFile;
in
"${wgCommand} set ${name} peer ${peer.publicKey}" +
"wg set ${name} peer ${peer.publicKey}" +
optionalString (psk != null) " preshared-key ${psk}" +
optionalString (peer.endpoint != null) " endpoint ${peer.endpoint}" +
optionalString (peer.persistentKeepalive != null) " persistent-keepalive ${toString peer.persistentKeepalive}" +
optionalString (peer.allowedIPs != []) " allowed-ips ${concatStringsSep "," peer.allowedIPs}"
) values.peers)
) values.peers}
"${ipCommand} link set up dev ${name}"
ip link set up dev ${name}
(optionals (values.allowedIPsAsRoutes != false) (map (peer:
${optionalString (values.allowedIPsAsRoutes != false) (concatStringsSep "\n" (concatMap (peer:
(map (allowedIP:
"${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}"
"ip route replace ${allowedIP} dev ${name} table ${values.table}"
) peer.allowedIPs)
) values.peers))
) values.peers))}
values.postSetup
]);
ExecStop = flatten([
"${ipCommand} link del dev ${name}"
values.postShutdown
]);
};
${values.postSetup}
'';
preStop = ''
ip link del dev ${name}
${values.postShutdown}
'';
};
in

View file

@ -32,8 +32,11 @@ let
(if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging)
else (pkgs.writeTextDir "logging.yml" cfg.logging))
];
postBuild = concatStringsSep "\n" (concatLists [
# Elasticsearch 5.x won't start when the scripts directory does not exist
postBuild = if es5 then "${pkgs.coreutils}/bin/mkdir -p $out/scripts" else "";
(optional es5 "${pkgs.coreutils}/bin/mkdir -p $out/scripts")
(optional es6 "ln -s ${cfg.package}/config/jvm.options $out/jvm.options")
]);
};
esPlugins = pkgs.buildEnv {

View file

@ -703,14 +703,10 @@ in
after = [ "network.target" ];
restartTriggers = [ torRcFile ];
# Translated from the upstream contrib/dist/tor.service.in
preStart = ''
install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
'';
serviceConfig =
{ Type = "simple";
# Translated from the upstream contrib/dist/tor.service.in
ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillSignal = "SIGINT";
@ -725,6 +721,8 @@ in
# DeviceAllow /dev/urandom r
# .. but we can't specify DeviceAllow multiple times. 'closed'
# is close enough.
RuntimeDirectory = "tor";
StateDirectory = [ "tor" "tor/onion" ];
PrivateTmp = "yes";
DevicePolicy = "closed";
InaccessibleDirectories = "/home";

View file

@ -155,7 +155,7 @@ in
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
path = [ cfg.jrePackage ];
path = [ cfg.jrePackage pkgs.bash ];
environment = {
JIRA_USER = cfg.user;

View file

@ -466,10 +466,10 @@ let
'';
};
services.nginx = {
enable = true;
# NOTE: No configuration is done if not using virtual host
virtualHosts = mkIf (cfg.virtualHost != null) {
services.nginx = mkIf (cfg.virtualHost != null) {
enable = true;
virtualHosts = {
"${cfg.virtualHost}" = {
root = "${cfg.root}";

View file

@ -4,6 +4,9 @@ with lib;
let
cfg = config.services.gitweb;
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
gitwebTheme = true;
});
in
{
@ -34,8 +37,8 @@ in
"^/gitweb$" => "/gitweb/"
)
alias.url = (
"/gitweb/static/" => "${pkgs.git}/share/gitweb/static/",
"/gitweb/" => "${pkgs.git}/share/gitweb/gitweb.cgi"
"/gitweb/static/" => "${package}/static/",
"/gitweb/" => "${package}/gitweb.cgi"
)
setenv.add-environment = (
"GITWEB_CONFIG" => "${cfg.gitwebConfigFile}",

View file

@ -4,6 +4,9 @@ with lib;
let
cfg = config.services.gitweb;
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
gitwebTheme = true;
});
in
{
@ -24,7 +27,7 @@ in
systemd.services.gitweb = {
description = "GitWeb service";
script = "${pkgs.git}/share/gitweb/gitweb.cgi --fastcgi --nproc=1";
script = "${package}/gitweb.cgi --fastcgi --nproc=1";
environment = {
FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock";
};
@ -38,11 +41,10 @@ in
services.nginx = {
virtualHosts.default = {
locations."/gitweb/" = {
root = "${pkgs.git}/share";
tryFiles = "$uri @gitweb";
locations."/gitweb/static/" = {
alias = "${package}/static/";
};
locations."@gitweb" = {
locations."/gitweb/" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile};

View file

@ -32,8 +32,15 @@ with lib;
rootDevice="${config.fileSystems."/".device}"
if [ -e "$rootDevice" ]; then
rootDevice="$(readlink -f "$rootDevice")"
parentDevice="$(lsblk -npo PKNAME "$rootDevice")"
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "''${rootDevice#$parentDevice}"
parentDevice="$rootDevice"
while [ "''${parentDevice%[0-9]}" != "''${parentDevice}" ]; do
parentDevice="''${parentDevice%[0-9]}";
done
partNum="''${rootDevice#''${parentDevice}}"
if [ "''${parentDevice%[0-9]p}" != "''${parentDevice}" ] && [ -b "''${parentDevice%p}" ]; then
parentDevice="''${parentDevice%p}"
fi
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "$partNum"
udevadm settle
fi
'';

View file

@ -77,8 +77,8 @@ in
type = types.int;
default = 4;
description = ''
The kernel console log level. Log messages with a priority
numerically less than this will not appear on the console.
The kernel console <literal>loglevel</literal>. All Kernel Messages with a log level smaller
than this setting will be printed to the console.
'';
};

View file

@ -109,11 +109,15 @@ copyForced $fwdir/bootcode.bin /boot/bootcode.bin
copyForced $fwdir/fixup.dat /boot/fixup.dat
copyForced $fwdir/fixup_cd.dat /boot/fixup_cd.dat
copyForced $fwdir/fixup_db.dat /boot/fixup_db.dat
copyForced $fwdir/fixup_x.dat /boot/fixup_x.dat
copyForced $fwdir/start.elf /boot/start.elf
copyForced $fwdir/start_cd.elf /boot/start_cd.elf
copyForced $fwdir/start_db.elf /boot/start_db.elf
copyForced $fwdir/start_x.elf /boot/start_x.elf
# Add the config.txt
copyForced @configTxt@ /boot/config.txt
# Remove obsolete files from /boot and /boot/old.
for fn in /boot/old/*linux* /boot/old/*initrd-initrd* /boot/bcm*.dtb; do
if ! test "${filesCopied[$fn]}" = 1; then

View file

@ -0,0 +1,34 @@
{ config, pkgs, configTxt }:
let
cfg = config.boot.loader.raspberryPi;
isAarch64 = pkgs.stdenv.isAarch64;
uboot =
if cfg.version == 1 then
pkgs.ubootRaspberryPi
else if cfg.version == 2 then
pkgs.ubootRaspberryPi2
else
if isAarch64 then
pkgs.ubootRaspberryPi3_64bit
else
pkgs.ubootRaspberryPi3_32bit;
extlinuxConfBuilder =
import ../generic-extlinux-compatible/extlinux-conf-builder.nix {
inherit pkgs;
};
in
pkgs.substituteAll {
src = ./builder_uboot.sh;
isExecutable = true;
inherit (pkgs) bash;
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
firmware = pkgs.raspberrypifw;
inherit uboot;
inherit configTxt;
inherit extlinuxConfBuilder;
version = cfg.version;
}

View file

@ -0,0 +1,29 @@
#! @bash@/bin/sh -e
copyForced() {
local src="$1"
local dst="$2"
cp $src $dst.tmp
mv $dst.tmp $dst
}
# Call the extlinux builder
"@extlinuxConfBuilder@" "$@"
# Add the firmware files
fwdir=@firmware@/share/raspberrypi/boot/
copyForced $fwdir/bootcode.bin /boot/bootcode.bin
copyForced $fwdir/fixup.dat /boot/fixup.dat
copyForced $fwdir/fixup_cd.dat /boot/fixup_cd.dat
copyForced $fwdir/fixup_db.dat /boot/fixup_db.dat
copyForced $fwdir/fixup_x.dat /boot/fixup_x.dat
copyForced $fwdir/start.elf /boot/start.elf
copyForced $fwdir/start_cd.elf /boot/start_cd.elf
copyForced $fwdir/start_db.elf /boot/start_db.elf
copyForced $fwdir/start_x.elf /boot/start_x.elf
# Add the uboot file
copyForced @uboot@/u-boot.bin /boot/u-boot-rpi.bin
# Add the config.txt
copyForced @configTxt@ /boot/config.txt

View file

@ -5,23 +5,55 @@ with lib;
let
cfg = config.boot.loader.raspberryPi;
builder = pkgs.substituteAll {
builderGeneric = pkgs.substituteAll {
src = ./builder.sh;
isExecutable = true;
inherit (pkgs) bash;
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
firmware = pkgs.raspberrypifw;
version = cfg.version;
inherit configTxt;
};
platform = pkgs.stdenv.platform;
builderUboot = import ./builder_uboot.nix { inherit config; inherit pkgs; inherit configTxt; };
builder =
if cfg.uboot.enable then
"${builderUboot} -g ${toString cfg.uboot.configurationLimit} -t ${timeoutStr} -c"
else
builderGeneric;
blCfg = config.boot.loader;
timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
isAarch64 = pkgs.stdenv.isAarch64;
optional = pkgs.stdenv.lib.optionalString;
configTxt =
pkgs.writeText "config.txt" (''
# U-Boot used to need this to work, regardless of whether UART is actually used or not.
# TODO: check when/if this can be removed.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'' + optional isAarch64 ''
# Boot in 64-bit mode.
arm_control=0x200
'' + optional cfg.uboot.enable ''
kernel=u-boot-rpi.bin
'' + optional (cfg.firmwareConfig != null) cfg.firmwareConfig);
in
{
options = {
boot.loader.raspberryPi.enable = mkOption {
boot.loader.raspberryPi = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
@ -31,16 +63,50 @@ in
'';
};
boot.loader.raspberryPi.version = mkOption {
version = mkOption {
default = 2;
type = types.enum [ 1 2 3 ];
description = ''
'';
};
uboot = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enable using uboot as bootmanager for the raspberry pi.
'';
};
configurationLimit = mkOption {
default = 20;
example = 10;
type = types.int;
description = ''
Maximum number of configurations in the boot menu.
'';
};
};
firmwareConfig = mkOption {
default = null;
type = types.nullOr types.string;
description = ''
Extra options that will be appended to <literal>/boot/config.txt</literal> file.
For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/
'';
};
};
};
config = mkIf cfg.enable {
assertions = singleton {
assertion = !pkgs.stdenv.isAarch64 || cfg.version == 3;
message = "Only Raspberry Pi 3 supports aarch64.";
};
config = mkIf config.boot.loader.raspberryPi.enable {
system.build.installBootLoader = builder;
system.boot.loader.id = "raspberrypi";
system.boot.loader.kernelFile = platform.kernelTarget;

View file

@ -110,7 +110,7 @@ in {
config =
let
units = mapAttrs' (n: v: nameValuePair "${n}.nspawn" (instanceToUnit n v)) cfg;
units = mapAttrs' (n: v: let nspawnFile = "${n}.nspawn"; in nameValuePair nspawnFile (instanceToUnit nspawnFile v)) cfg;
in mkIf (cfg != {}) {
environment.etc."systemd/nspawn".source = generateUnits "nspawn" units [] [];

View file

@ -217,7 +217,7 @@ in rec {
environment = mkOption {
default = {};
type = types.attrs; # FIXME
type = with types; attrsOf (nullOr (either str package));
example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
description = "Environment variables passed to the service's processes.";
};

View file

@ -515,7 +515,7 @@ in
};
systemd.globalEnvironment = mkOption {
type = types.attrs;
type = with types; attrsOf (nullOr (either str package));
default = {};
example = { TZ = "CET"; };
description = ''

View file

@ -66,6 +66,10 @@ in
default = false;
description = "Whether to enable verbose logging.";
};
mountResourceDisk = mkOption {
default = true;
description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";
};
};
###### implementation
@ -112,7 +116,7 @@ in
Provisioning.ExecuteCustomData=n
# Format if unformatted. If 'n', resource disk will not be mounted.
ResourceDisk.Format=y
ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}
# File system on the resource disk
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
@ -181,7 +185,7 @@ in
after = [ "network-online.target" "sshd.service" ];
wants = [ "network-online.target" ];
path = [ pkgs.e2fsprogs ];
path = [ pkgs.e2fsprogs pkgs.bash ];
description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf";
serviceConfig = {

View file

@ -112,7 +112,7 @@ let
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
${optionalString (config.nixpkgs.localSystem.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
@ -255,7 +255,7 @@ let
};
system = config.nixpkgs.system;
system = config.nixpkgs.localSystem.system;
bindMountOpts = { name, config, ... }: {
@ -575,6 +575,16 @@ in
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--drop-capability=CAP_SYS_CHROOT" ];
description = ''
Extra flags passed to the systemd-nspawn command.
See systemd-nspawn(1) for details.
'';
};
} // networkOptions;
config = mkMerge
@ -714,7 +724,9 @@ in
${optionalString cfg.autoStart ''
AUTO_START=1
''}
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts}"
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts +
optionalString (cfg.extraFlags != [])
(" " + concatStringsSep " " cfg.extraFlags)}"
'';
}) config.containers;

View file

@ -370,7 +370,7 @@ in rec {
tests.prometheus = callTest tests/prometheus.nix {};
tests.prosody = callTest tests/prosody.nix {};
tests.proxy = callTest tests/proxy.nix {};
# tests.quagga = callTest tests/quagga.nix {};
tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.rabbitmq = callTest tests/rabbitmq.nix {};
tests.radicale = callTest tests/radicale.nix {};
@ -384,6 +384,7 @@ in rec {
tests.smokeping = callTest tests/smokeping.nix {};
tests.snapper = callTest tests/snapper.nix {};
tests.statsd = callTest tests/statsd.nix {};
tests.strongswan-swanctl = callTest tests/strongswan-swanctl.nix {};
tests.sudo = callTest tests/sudo.nix {};
tests.systemd = callTest tests/systemd.nix {};
tests.switchTest = callTest tests/switch-test.nix {};

View file

@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : {
# container available within the VM, because we don't have network access.
virtualisation.pathsInNixDB = let
emptyContainer = import ../lib/eval-config.nix {
inherit (config.nixpkgs) system;
inherit (config.nixpkgs.localSystem) system;
modules = lib.singleton {
containers.foo.config = {};
};

View file

@ -18,6 +18,18 @@ import ./make-test.nix {
MAIL
'';
sendTestMailViaDeliveryAgent = pkgs.writeScriptBin "send-lda" ''
#!${pkgs.stdenv.shell}
exec ${pkgs.dovecot}/libexec/dovecot/deliver -d bob <<MAIL
From: root@localhost
To: bob@localhost
Subject: Something else...
I'm running short of ideas!
MAIL
'';
testImap = pkgs.writeScriptBin "test-imap" ''
#!${pkgs.python3.interpreter}
import imaplib
@ -39,24 +51,25 @@ import ./make-test.nix {
pop = poplib.POP3('localhost')
try:
pop.user('alice')
pop.user('bob')
pop.pass_('foobar')
assert len(pop.list()[1]) == 1
status, fullmail, size = pop.retr(1)
assert status.startswith(b'+OK ')
body = b"".join(fullmail[fullmail.index(b""):]).strip()
assert body == b'Hello world!'
assert body == b"I'm running short of ideas!"
finally:
pop.quit()
'';
in [ sendTestMail testImap testPop ];
in [ sendTestMail sendTestMailViaDeliveryAgent testImap testPop ];
};
testScript = ''
$machine->waitForUnit('postfix.service');
$machine->waitForUnit('dovecot2.service');
$machine->succeed('send-testmail');
$machine->succeed('send-lda');
$machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
$machine->succeed('test-imap');
$machine->succeed('test-pop');

View file

@ -26,15 +26,22 @@ import ./make-test.nix ({ pkgs, ...} : {
testScript =
''
# wait for gdm to start and bring up X
$machine->waitForUnit("display-manager.service");
$machine->waitForX;
$machine->sleep(15);
# wait for alice to be logged in
$machine->waitForUnit("default.target","alice");
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl /dev/snd/timer | grep -q alice");
$machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
$machine->succeed("xauth merge ~alice/.Xauthority");
# open a terminal and check it's there
$machine->succeed("su - alice -c 'DISPLAY=:0.0 XAUTHORITY=/run/user/\$UID/gdm/Xauthority gnome-terminal'");
$machine->succeed("xauth merge /run/user/1000/gdm/Xauthority");
$machine->waitForWindow(qr/Terminal/);
# wait to get a nice screenshot
$machine->sleep(20);
$machine->screenshot("screen");
'';

View file

@ -0,0 +1,148 @@
# This strongswan-swanctl test is based on:
# https://www.strongswan.org/testing/testresults/swanctl/rw-psk-ipv4/index.html
# https://github.com/strongswan/strongswan/tree/master/testing/tests/swanctl/rw-psk-ipv4
#
# The roadwarrior carol sets up a connection to gateway moon. The authentication
# is based on pre-shared keys and IPv4 addresses. Upon the successful
# establishment of the IPsec tunnels, the specified updown script automatically
# inserts iptables-based firewall rules that let pass the tunneled traffic. In
# order to test both tunnel and firewall, carol pings the client alice behind
# the gateway moon.
#
# alice moon carol
# eth1------vlan_0------eth1 eth2------vlan_1------eth1
# 192.168.0.1 192.168.0.3 192.168.1.3 192.168.1.2
#
# See the NixOS manual for how to run this test:
# https://nixos.org/nixos/manual/index.html#sec-running-nixos-tests-interactively
import ./make-test.nix ({ pkgs, ...} :
let
allowESP = "iptables --insert INPUT --protocol ESP --jump ACCEPT";
# Shared VPN settings:
vlan0 = "192.168.0.0/24";
carolIp = "192.168.1.2";
moonIp = "192.168.1.3";
version = 2;
secret = "0sFpZAZqEN6Ti9sqt4ZP5EWcqx";
esp_proposals = [ "aes128gcm128-x25519" ];
proposals = [ "aes128-sha256-x25519" ];
in {
name = "strongswan-swanctl";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ basvandijk ];
nodes = {
alice = { nodes, ... } : {
virtualisation.vlans = [ 0 ];
networking = {
dhcpcd.enable = false;
defaultGateway = "192.168.0.3";
};
};
moon = {pkgs, config, nodes, ...} :
let strongswan = config.services.strongswan-swanctl.package;
in {
virtualisation.vlans = [ 0 1 ];
networking = {
dhcpcd.enable = false;
firewall = {
allowedUDPPorts = [ 4500 500 ];
extraCommands = allowESP;
};
nat = {
enable = true;
internalIPs = [ vlan0 ];
internalInterfaces = [ "eth1" ];
externalIP = moonIp;
externalInterface = "eth2";
};
};
environment.systemPackages = [ strongswan ];
services.strongswan-swanctl = {
enable = true;
swanctl = {
connections = {
"rw" = {
local_addrs = [ moonIp ];
local."main" = {
auth = "psk";
};
remote."main" = {
auth = "psk";
};
children = {
"net" = {
local_ts = [ vlan0 ];
updown = "${strongswan}/libexec/ipsec/_updown iptables";
inherit esp_proposals;
};
};
inherit version;
inherit proposals;
};
};
secrets = {
ike."carol" = {
id."main" = carolIp;
inherit secret;
};
};
};
};
};
carol = {pkgs, config, nodes, ...} :
let strongswan = config.services.strongswan-swanctl.package;
in {
virtualisation.vlans = [ 1 ];
networking = {
dhcpcd.enable = false;
firewall.extraCommands = allowESP;
};
environment.systemPackages = [ strongswan ];
services.strongswan-swanctl = {
enable = true;
swanctl = {
connections = {
"home" = {
local_addrs = [ carolIp ];
remote_addrs = [ moonIp ];
local."main" = {
auth = "psk";
id = carolIp;
};
remote."main" = {
auth = "psk";
id = moonIp;
};
children = {
"home" = {
remote_ts = [ vlan0 ];
start_action = "trap";
updown = "${strongswan}/libexec/ipsec/_updown iptables";
inherit esp_proposals;
};
};
inherit version;
inherit proposals;
};
};
secrets = {
ike."moon" = {
id."main" = moonIp;
inherit secret;
};
};
};
};
};
};
testScript = ''
startAll();
$carol->waitUntilSucceeds("ping -c 1 alice");
'';
})

View file

@ -46,6 +46,8 @@ import ./make-test.nix {
testScript = ''
$machine->waitForX;
# wait for user services
$machine->waitForUnit("default.target","alice");
# Regression test for https://github.com/NixOS/nixpkgs/issues/35415
subtest "configuration files are recognized by systemd", sub {

View file

@ -7,13 +7,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
version = "0.16.2";
version = "0.17.0";
src = fetchFromGitHub {
owner = "bitcoin-ABC";
repo = "bitcoin-abc";
rev = "v${version}";
sha256 = "0d5npn4p321jqsbqjxkbv0ncvs2hp9vdp30np6n8n53f896cxl92";
sha256 = "1s2y29h2q4fnbrfg2ig1cd3h7g3kdcdyrfq7znq1ndnh8xj1j489";
};
patches = [ ./fix-bitcoin-qt-build.patch ];

View file

@ -29,5 +29,6 @@ buildGoPackage rec {
homepage = "https://decred.org";
description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
};
}

View file

@ -38,5 +38,6 @@ buildGoPackage rec {
homepage = "https://decred.org";
description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
};
}

View file

@ -51,6 +51,8 @@ rec {
memorycoin = callPackage ./memorycoin.nix { boost = boost165; withGui = true; };
memorycoind = callPackage ./memorycoin.nix { boost = boost165; withGui = false; };
mist = callPackage ./mist.nix { };
namecoin = callPackage ./namecoin.nix { withGui = true; };
namecoind = callPackage ./namecoin.nix { withGui = false; };

View file

@ -55,6 +55,7 @@ lib.overrideDerivation (mkDerivation rec {
description = "Ethereum virtual machine evaluator";
license = stdenv.lib.licenses.agpl3;
maintainers = [stdenv.lib.maintainers.dbrock];
broken = true; # 2018-04-10
}) (attrs: {
buildInputs = attrs.buildInputs ++ [solc];
nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper];

View file

@ -51,6 +51,6 @@ stdenv.mkDerivation rec{
homepage = http://www.bitcoin.org/;
maintainers = with maintainers; [ AndersonTorres ];
license = licenses.mit;
platforms = subtractLists [ "aarch64-linux" ] platforms.unix;
platforms = [ "x86_64-linux" ];
};
}

View file

@ -0,0 +1,71 @@
{ stdenv, lib, makeWrapper, fetchurl, unzip, atomEnv, makeDesktopItem, buildFHSUserEnv }:
let
version = "0.10.0";
name = "mist-${version}";
throwSystem = throw "Unsupported system: ${stdenv.system}";
meta = with stdenv.lib; {
description = "Browse and use Ðapps on the Ethereum network";
homepage = https://github.com/ethereum/mist;
license = licenses.gpl3;
maintainers = with maintainers; [];
platforms = [ "x86_64-linux" "i686-linux" ];
};
urlVersion = builtins.replaceStrings ["."] ["-"] version;
desktopItem = makeDesktopItem rec {
name = "Mist";
exec = "mist";
icon = "mist";
desktopName = name;
genericName = "Mist Browser";
categories = "Network;";
};
mist = stdenv.mkDerivation {
inherit name version;
src = {
i686-linux = fetchurl {
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux32-${urlVersion}.zip";
sha256 = "01hvxlm9w522pwvsjdy18gsrapkfjr7d1jjl4bqjjysxnjaaj2lk";
};
x86_64-linux = fetchurl {
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux64-${urlVersion}.zip";
sha256 = "01k17j7fdfhxfd26njdsiwap0xnka2536k9ydk32czd8db7ya9zi";
};
}.${stdenv.system} or throwSystem;
buildInputs = [ unzip makeWrapper ];
buildCommand = ''
mkdir -p $out/lib/mist $out/bin
unzip -d $out/lib/mist $src
ln -s $out/lib/mist/mist $out/bin
fixupPhase
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${atomEnv.libPath}:$out/lib/mist" \
$out/lib/mist/mist
'';
};
in
buildFHSUserEnv {
name = "mist";
targetPkgs = pkgs: with pkgs; [
mist
];
extraInstallCommands = ''
mkdir -p "$out/share/applications"
cp "${desktopItem}/share/applications/"* $out/share/applications
'';
runScript = "mist";
}

View file

@ -3,11 +3,11 @@
bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}";
version = "2.2.2";
version = "2.3.2";
src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
sha256 = "1x4wka32xlygmhdh9rb15s37zh5qjrgap2qk35y34c52lf5aak22";
sha256 = "10ji4jqnnlhv4bgvhqwysprax6jcjk4759jskr9imwj6qjnj3vzn";
};
buildInputs = bitwig-studio1.buildInputs ++ [ ffmpeg ];

View file

@ -49,7 +49,7 @@ let
# faust.wrapWithBuildEnv.
postInstall = ''
# syntax error when eval'd directly
pattern="faust2!(svg)"
pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
(shopt -s extglob; rm "$out"/bin/$pattern)
'';

View file

@ -78,7 +78,7 @@ let
# faust.wrapWithBuildEnv.
postInstall = ''
# syntax error when eval'd directly
pattern="faust2!(svg)"
pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
(shopt -s extglob; rm "$out"/bin/$pattern)
'';

View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "flacon-${version}";
version = "4.0.0";
version = "4.1.0";
src = fetchFromGitHub {
owner = "flacon";
repo = "flacon";
rev = "v${version}";
sha256 = "0l0xbzpy4nnr08z7gqvb4ngrjwzpspa382cbcrpkya3nd40987kr";
sha256 = "1sw2v2w3s79lbzhkf96m8lwvag824am7rwfzzsi8bz6sa6krmj0m";
};
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

View file

@ -36,5 +36,6 @@ stdenv.mkDerivation {
license = stdenv.lib.licenses.gpl2Plus ;
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux;
broken = true; # 2018-04-11
};
}

View file

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.14.2";
version = "3.17.1";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "19affzk45wby50gwxwzqgwa7h7618lcs48ngdsa06sd66s8x2fza";
sha256 = "02k1br077v9c5x6nn0391vh28pvn1zjbkjv8h508vy7k6ch2xjyq";
};
propagatedBuildInputs = [
@ -17,8 +17,11 @@ pythonPackages.buildPythonApplication rec {
pylast
spotipy
raven
tornado
]);
postPatch = "sed -i /tornado/d setup.py";
# no tests implemented
doCheck = false;

View file

@ -29,11 +29,11 @@
# handle that.
stdenv.mkDerivation rec {
name = "qmmp-1.2.0";
name = "qmmp-1.2.1";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "17kci7srgbkk62dgxlmg3lv2y7z04jsinpgx6jmxjpnpblpcj840";
sha256 = "1ag8wh11dq394zjqdyz5g1srjnm4fnq4cwlhpb9k89gpmlk42cdr";
};
buildInputs =

View file

@ -13,9 +13,9 @@ let
sha256Hash = "0xn02miq2hz7666mziza56pfqw9sjflgvn88ds7j5yd4rlcr0lq8";
};
latestVersion = {
version = "3.2.0.9"; # "Android Studio 3.2 Canary 10"
build = "181.4705630";
sha256Hash = "07xf00f0wvrk576iaqn7qpcpgar432n6q3jlgpslhm4m1cww3sww";
version = "3.2.0.10"; # "Android Studio 3.2 Canary 11"
build = "181.4720098";
sha256Hash = "00cd7qdznspi69cgs1a13a3fnkvsc7zjfl517jgp32vdygkb0qxw";
};
in rec {
# Old alias

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "atom-${version}";
version = "1.25.1";
version = "1.26.0";
src = fetchurl {
url = "https://github.com/atom/atom/releases/download/v${version}/atom-amd64.deb";
sha256 = "0h0kr4w26c6i89rb9y4aw4l8f63al42i2cy3ddk16m1irzij9fk4";
sha256 = "1gyxys3mwwizc88vlb6j769b6r4ibjnqs6pg5iv336b13f9acyvr";
name = "${name}.deb";
};

View file

@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
name = "edbrowse-${version}";
version = "3.7.2";
version = "3.7.3";
buildInputs = [ curl pcre readline openssl duktape perl html-tidy ];
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
owner = "CMB";
repo = "edbrowse";
rev = "v${version}";
sha256 = "00wi0m91zf8p8wk4ixlz99dndgv4xqy93m2vsiwdr3khw3jwipp2";
sha256 = "19qdxigp0qv5vyy0hpn0czcc8papvivsjrxx7p367ihizm39yzla";
};
meta = with stdenv.lib; {
description = "Command Line Editor Browser";

View file

@ -1507,10 +1507,10 @@
nhexl-mode = callPackage ({ cl-lib ? null, elpaBuild, emacs, fetchurl, lib }:
elpaBuild {
pname = "nhexl-mode";
version = "0.2";
version = "0.5";
src = fetchurl {
url = "https://elpa.gnu.org/packages/nhexl-mode-0.2.el";
sha256 = "0qrzpkxxdwi2b3136yj5agvaxwr9g2c58kpmjmjpfhpc6yyyx5x0";
url = "https://elpa.gnu.org/packages/nhexl-mode-0.5.el";
sha256 = "02z2mx39m96s7v5d8sh6hxb5p70qzbagjfa3lavfw10zjim8g9wl";
};
packageRequires = [ cl-lib emacs ];
meta = {
@ -1612,10 +1612,10 @@
}) {};
org = callPackage ({ elpaBuild, fetchurl, lib }: elpaBuild {
pname = "org";
version = "9.1.9";
version = "9.1.10";
src = fetchurl {
url = "https://elpa.gnu.org/packages/org-9.1.9.tar";
sha256 = "16yr0srfzsrzv2b1f2wjk8gb2pyhsgj2hxbscixirkxqz674c5cl";
url = "https://elpa.gnu.org/packages/org-9.1.10.tar";
sha256 = "01vvq6m7r2ifyflvq5ga241qvl4j62smz0zr6jljk56b6nqi20lm";
};
packageRequires = [];
meta = {

View file

@ -2,25 +2,25 @@
let
modules = [
{ name = "icicles.el"; sha256 = "10w1lghh9jqxxm5cszi2qyk24vnvazfywmyyz1v7zf6cyiwbndrz"; }
{ name = "icicles-chg.el"; sha256 = "020yg4hv120mcy7qvn76j85q6hl7mfcfv66w55c6izc9lbrvvnv8"; }
{ name = "icicles-cmd1.el"; sha256 = "1715x1vkiax93890gfjbzslxsn4swsv37spvyx7chy4s1mym9kfw"; }
{ name = "icicles-cmd2.el"; sha256 = "187k0gmn34fn6w1dw9hjf4i788y01vk47z7ac11ar4bddwh97ddx"; }
{ name = "icicles-doc1.el"; sha256 = "1bw5dkymn2xdrfrp80am0gqi0szs0xihny4qmgzgx6hfbng351qh"; }
{ name = "icicles-doc2.el"; sha256 = "0zd94m1a8mwwbrbcrahxxx8q34w8cg5lna4yww4m1gliyklww86s"; }
{ name = "icicles-face.el"; sha256 = "1mlz8dq7bgzp2cf5j37i25yw90ry657d2m8r93rdj67h7l4wyxhj"; }
{ name = "icicles-fn.el"; sha256 = "1cdghvgsr0b7pdq4lmnfm6kwwcqbk4wqf168kf2sjajbpa24ix96"; }
{ name = "icicles-mac.el"; sha256 = "1w5sgzbp8hyjzrmqd8bwivszaayzh8dkyqa0d751adiwjfs9sq9m"; }
{ name = "icicles-mcmd.el"; sha256 = "1lf2galn3g52hfz61avlr4ifyn5b42dfbmyq78cpzlq7hzc928v2"; }
{ name = "icicles-mode.el"; sha256 = "0gci04j6vx0vqsh4skarznklam1xibj7pjvy67kaip8b6a4zx9ip"; }
{ name = "icicles-opt.el"; sha256 = "17g35ancml0mvywagzhjrgmlr4rhm1wgb5wg3fsqhhldib9qlz56"; }
{ name = "icicles-var.el"; sha256 = "0ydixg41h09yncp8g2nv8zsyv8avg1hj2f3mgrmd2kf0n27bw2nv"; }
{ name = "icicles.el"; sha256 = "0wxak7wh0rrb3h77ay2vypbb53skcfbrv71xkajhax0w12q6zpaj"; }
{ name = "icicles-chg.el"; sha256 = "1kqlhisg5g9ycylzqiwxrmmgfw2jw599wisz26wvi48lac2icgg7"; }
{ name = "icicles-cmd1.el"; sha256 = "17cpw798bl6p77cmjl7lwdnxa1qpw4z1wacjq2mdc8fh81cyw3am"; }
{ name = "icicles-cmd2.el"; sha256 = "15swxk7fr7wsqpf26xzbvyk12ikkvfcyh9w8wmnpc38dmpyq79rb"; }
{ name = "icicles-doc1.el"; sha256 = "04j5qvj7pqnjh8h2y2sdgi7x55czdp9xn7yysr3bzcmr1rq5p4bz"; }
{ name = "icicles-doc2.el"; sha256 = "1k8vfhi3fa4bzsxr074bw5q6srvq6z6hi61rzlxdw7pah6qf7hcz"; }
{ name = "icicles-face.el"; sha256 = "1pvygqzmh6ag0zhfjn1vhdvlhxybwxzj22ah2pc0ls80dlywhi4l"; }
{ name = "icicles-fn.el"; sha256 = "1sn56z5rjsvqsy3vs7af7yai0c0qdjvcxvwwc59rhswrbi6zlxz5"; }
{ name = "icicles-mac.el"; sha256 = "1wyvqzlpq5n70mggqijb8f5r5q9y1hxxngp64sixy0xszy5d12dk"; }
{ name = "icicles-mcmd.el"; sha256 = "05dniz6337v9r15w8r2zad0n2h6jlygzjp7vw75vvq8mds0acmia"; }
{ name = "icicles-mode.el"; sha256 = "1xfv8nryf5y2gygg02naawzm5qhrkba3h84g43518r1xc6rgbpp6"; }
{ name = "icicles-opt.el"; sha256 = "10n4p999ylkapirs75y5fh33lpiyx42i3ajzl2zjfwyr1zksg1iz"; }
{ name = "icicles-var.el"; sha256 = "1r5gb01zg8nf2qryq9saxfpnzlymmppsk7w1g09lac35c87vh8yl"; }
];
forAll = f: map f modules;
in
stdenv.mkDerivation rec {
version = "2017-10-28";
version = "2018-04-16";
name = "icicles-${version}";
srcs = forAll ({name, sha256}: fetchurl { url = "http://www.emacswiki.org/emacs/download/${name}"; inherit sha256; });

File diff suppressed because it is too large Load diff

View file

@ -94,6 +94,9 @@ self:
# Expects bash to be at /bin/bash
flycheck-rtags = markBroken super.flycheck-rtags;
# upstream issue: missing dependency
fold-dwim-org = markBroken super.fold-dwim-org;
# build timeout
graphene = markBroken super.graphene;
@ -103,9 +106,6 @@ self:
# Expects bash to be at /bin/bash
helm-rtags = markBroken super.helm-rtags;
# upstream issue: missing file header
helm-words = markBroken super.helm-words;
# upstream issue: missing file header
ido-complete-space-or-hyphen = markBroken super.ido-complete-space-or-hyphen;
@ -149,9 +149,6 @@ self:
# upstream issue: missing dependency
org-readme = markBroken super.org-readme;
# upstream issue: missing file header
perl-completion = markBroken super.perl-completion;
# upstream issue: truncated file
powershell = markBroken super.powershell;
@ -161,9 +158,6 @@ self:
# upstream issue: missing file header
qiita = markBroken super.qiita;
# upstream issue: missing file header
railgun = markBroken super.railgun;
# upstream issue: missing file footer
seoul256-theme = markBroken super.seoul256-theme;
@ -198,9 +192,6 @@ self:
# upstream issue: missing file header
window-numbering = markBroken super.window-numbering;
# upstream issue: missing file header
zeitgeist = markBroken super.zeitgeist;
w3m = super.w3m.override (args: {
melpaBuild = drv: args.melpaBuild (drv // {
prePatch =

View file

@ -2597,22 +2597,22 @@
license = lib.licenses.free;
};
}) {};
beeminder = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
beeminder = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild, org }:
melpaBuild {
pname = "beeminder";
version = "1.0.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = "Sodaware";
repo = "beeminder.el";
rev = "54cc1277f2a7667a7b0d999dc49ceffcf2862b44";
sha256 = "01d10algmi9a4xd7mzf7n3zxfs2qf5as66wx17mff5cd8dahxj1q";
rev = "3e95a669474e27cd51a16caea030456377f83062";
sha256 = "1bj9yzjvglnb0f4glh8fg478xlm5nqmd9jqm1casdj5m30i4kafn";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/7fabdb05de9b8ec18a3a566f99688b50443b6b44/recipes/beeminder";
sha256 = "1cb8xmgsv23b464hpchm9f9i64p3fyf7aillrwk1aa2l1008kyww";
name = "beeminder";
};
packageRequires = [];
packageRequires = [ org ];
meta = {
homepage = "https://melpa.org/#/beeminder";
license = lib.licenses.free;
@ -6501,12 +6501,12 @@
cython-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "cython-mode";
version = "0.28.1";
version = "0.28.2";
src = fetchFromGitHub {
owner = "cython";
repo = "cython";
rev = "89cfbb4a3a0540abeec1703fd3ee31eba9293936";
sha256 = "1ndabmdzqfhkg3z9zaavp5bz8l86n4g9lwi0ji0vs7q7rpsykqdw";
rev = "93e3bb9b7558d597d10c4cb8aa1dd887ed37dc2b";
sha256 = "1cywxcfrb2j33ncldylimqhj7r7yzlb6ghy5i8c9784vfvxd56yh";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/be9bfabe3f79153cb859efc7c3051db244a63879/recipes/cython-mode";
@ -6611,7 +6611,7 @@
owner = "fommil";
repo = "emacs-darcula-theme";
rev = "2ecd466ffa7a3157b9ddcd7545b6fb8ad308c976";
sha256 = "1h5lssnc1am54hkprnp61bsj5fnm8j556q2gbhljfjgrdwnqv8ky";
sha256 = "1y8rsc63nl4n43pvn283f1vcpqyjnv6xl60fwyscwrqaz19bsnl1";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/23c8f10205187babb17e3abc3dc40eb1938e6640/recipes/darcula-theme";
@ -6669,12 +6669,12 @@
dash = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "dash";
version = "2.13.0";
version = "2.14.1";
src = fetchFromGitHub {
owner = "magnars";
repo = "dash.el";
rev = "4ae329aa2160411c8b47794de067fcf29bc38a22";
sha256 = "12gvpn0a07kgbj2lrzw1vv4njp1w4gl38rl68yh0jp3rhvacbsg0";
rev = "a74f4cfcdc8d0642a9f602ad494f0354f27dacc9";
sha256 = "1kzijmjxjxgr7p8clphzvmm47vczckbs8mza9an77c25bn627ywl";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/57eed8767c3e98614259c408dc0b5c54d3473883/recipes/dash";
@ -6690,12 +6690,12 @@
dash-functional = callPackage ({ dash, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "dash-functional";
version = "2.13.0";
version = "2.14.1";
src = fetchFromGitHub {
owner = "magnars";
repo = "dash.el";
rev = "4ae329aa2160411c8b47794de067fcf29bc38a22";
sha256 = "12gvpn0a07kgbj2lrzw1vv4njp1w4gl38rl68yh0jp3rhvacbsg0";
rev = "a74f4cfcdc8d0642a9f602ad494f0354f27dacc9";
sha256 = "1kzijmjxjxgr7p8clphzvmm47vczckbs8mza9an77c25bn627ywl";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/57eed8767c3e98614259c408dc0b5c54d3473883/recipes/dash-functional";
@ -7325,7 +7325,7 @@
owner = "xuhdev";
repo = "dired-icon";
rev = "dbace8d2250f84487d31b39050fcdc260fcde804";
sha256 = "1d9105ibaw858gqp19rx2m6xm3hl57vzsmdqir883cy46qpvwhki";
sha256 = "0r9qmr2l5kjwh1frp0k87nyaf13f7f9fjjf9yf9z92djqapfm9dd";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/8a96249947cba52cd75515b3dc83b0842fedf624/recipes/dired-icon";
@ -7388,7 +7388,7 @@
owner = "xuhdev";
repo = "dired-quick-sort";
rev = "fe39cfb2d4a7ba6b30f98134548b4e4bac67c469";
sha256 = "1a9r1kz5irpvb2byabbf27sy7rjzaygfpqimpag41sj955wlgy9a";
sha256 = "014frvpszixn8cx7rdx704glmjbslv3py3kw0pb0xqf50k4scynf";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/4d278178128deb03a7b1d2e586dc38da2c7af857/recipes/dired-quick-sort";
@ -8836,12 +8836,12 @@
ein = callPackage ({ auto-complete, cl-generic, dash, deferred, fetchFromGitHub, fetchurl, lib, melpaBuild, request, request-deferred, s, skewer-mode, websocket }:
melpaBuild {
pname = "ein";
version = "0.13.0";
version = "0.14.1";
src = fetchFromGitHub {
owner = "millejoh";
repo = "emacs-ipython-notebook";
rev = "213cea559e7a8fb50e303ea25e1626fefddaf4bd";
sha256 = "18ysd78pfyymqd0f6ipma9p9x61pw21f0jwk118r5yi00wnry9za";
rev = "fcf9bff0af071f5e2020ac77d9a9473325e4c5bb";
sha256 = "1xk7k4av9hy0i7zqwpzis0rjp5myvxs52k45ah00zg8wi5hybq1x";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/215e163755fe391ce1f049622e7b9bf9a8aea95a/recipes/ein";
@ -10298,12 +10298,12 @@
erc-hl-nicks = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "erc-hl-nicks";
version = "1.3.2";
version = "1.3.3";
src = fetchFromGitHub {
owner = "leathekd";
repo = "erc-hl-nicks";
rev = "be181920ce6af0ab5d00d1c638e4e598b3998643";
sha256 = "1k0g3bwp3w0dd6zwdv6k2wpqs2krjayilrzsr1hli649ljcx55d7";
rev = "756c4438a8245ccd3e389bf6c9850ee8453783ec";
sha256 = "0c82rxpl5v7bbxirf1ksg06xv5xcddh8nkrpj7i6nvfarwdfnk4f";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/erc-hl-nicks";
@ -11389,12 +11389,12 @@
evil-nerd-commenter = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "evil-nerd-commenter";
version = "3.2.2";
version = "3.2.3";
src = fetchFromGitHub {
owner = "redguardtoo";
repo = "evil-nerd-commenter";
rev = "8f6fafcce901a7a588f946b26d2e21c65e36e843";
sha256 = "0pldzwvkic9ikrgzrvmcaq6y0yjplxinvyh61iqlgw2k7k8jld1f";
rev = "34d411715ead5829d6d8969511047feb703b067e";
sha256 = "0ax846dy2hbrbvkj7nzfkcl5i1x9rga8bvg0ln55ivhq0iiy1lkv";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/a3e1ff69e7cc95a5b5d628524ad836833f4ee736/recipes/evil-nerd-commenter";
@ -13502,12 +13502,12 @@
flycheck-swift3 = callPackage ({ emacs, fetchFromGitHub, fetchurl, flycheck, lib, melpaBuild }:
melpaBuild {
pname = "flycheck-swift3";
version = "2.0.1";
version = "2.0.2";
src = fetchFromGitHub {
owner = "GyazSquare";
repo = "flycheck-swift3";
rev = "34973cd28ca5e63f8f6328a17fd7b78cc913b93d";
sha256 = "1iy6j05dzpi7pi87y6rpjzmlnl2s9izqpbzknis2kx9072qddm3q";
rev = "06a6f98d7e498860b345bbd03e96bfe59608f508";
sha256 = "0h1n4x0fvqfb6jcapbab1ck6bj4d7irbn9zz2hxv2rlrkqxfsmh3";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/f1fb8c731c118327dc0bbb726e046fec46bcfb82/recipes/flycheck-swift3";
@ -14129,6 +14129,27 @@
license = lib.licenses.free;
};
}) {};
fold-dwim-org = callPackage ({ fetchFromGitHub, fetchurl, fold-dwim, lib, melpaBuild }:
melpaBuild {
pname = "fold-dwim-org";
version = "0.6";
src = fetchFromGitHub {
owner = "mattfidler";
repo = "fold-dwim-org";
rev = "c09bb2b46d65afbd1d0febc6fded7495be7a3037";
sha256 = "14jvbkahwvv4wb0s9vp8gqmlpv1d4269j5rsjxn79q5pawjzslxw";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/97d22d9feaf521ce576b80d2933ecbc166c1dbe7/recipes/fold-dwim-org";
sha256 = "0812p351rzvqcfn00k92nfhlg3y772y4z4b9f0xqnpa935y6harn";
name = "fold-dwim-org";
};
packageRequires = [ fold-dwim ];
meta = {
homepage = "https://melpa.org/#/fold-dwim-org";
license = lib.licenses.free;
};
}) {};
fold-this = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "fold-this";
@ -14518,12 +14539,12 @@
futhark-mode = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "futhark-mode";
version = "0.4.0";
version = "0.4.1";
src = fetchFromGitHub {
owner = "HIPERFIT";
repo = "futhark";
rev = "7b3af8ea3d4985682464bfeb174376da8f90c5da";
sha256 = "02q6gc7wj02vmxnhh58a6yy5wdjhd2fmk935dh70dl3fs0yqr52p";
rev = "784e3147196bfe82ea9499628467335ea1d036f9";
sha256 = "07dqqpacvap034jzvdvnpjyryzicbvjx2imnsghsxw9m52jsb9wn";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/0607f01aad7e77d53595ad8db95d32acfd29b148/recipes/futhark-mode";
@ -14641,22 +14662,22 @@
license = lib.licenses.free;
};
}) {};
gams-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
gams-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "gams-mode";
version = "6.4";
version = "6.5";
src = fetchFromGitHub {
owner = "ShiroTakeda";
repo = "gams-mode";
rev = "2d6b5c29d84a42421ddc2f7f1e9c3a141d81c31c";
sha256 = "0cri329g0b7ywqarg4jlmry574z7v15gdd9j7jnikq1s2jjgnb85";
rev = "3022e9f8411628e6a210fb5843d858b15a7513f5";
sha256 = "06hc8yy1g2vyvib8yrhwzs8fvgxnrxlw6iyzi7phjp9fgr3cp504";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c895a716636b00c2a158d33aab18f664a8601833/recipes/gams-mode";
sha256 = "0hx9mv4sqskz4nn7aks64hqd4vn3m7b34abzhy9bnmyw6d5zzfci";
name = "gams-mode";
};
packageRequires = [];
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/gams-mode";
license = lib.licenses.free;
@ -15103,7 +15124,7 @@
license = lib.licenses.free;
};
}) {};
git-commit-insert-issue = callPackage ({ bitbucket, fetchFromGitLab, fetchurl, github-issues, gitlab, helm, lib, melpaBuild, projectile, s }:
git-commit-insert-issue = callPackage ({ bitbucket, fetchFromGitLab, fetchurl, github-issues, gitlab, lib, melpaBuild, projectile, s }:
melpaBuild {
pname = "git-commit-insert-issue";
version = "0.3.1";
@ -15111,14 +15132,14 @@
owner = "emacs-stuff";
repo = "git-commit-insert-issue";
rev = "5f08c17bf93b17915415d435ee41923d924fe20b";
sha256 = "11my5apnyhdqh0pmq9wdjd1iah415a5nw87sk586cb3vxnbn5qas";
sha256 = "1gffjf6byasisa9jdcv9n4n5zqalvzfsxv7z75zl0g3ph7wc7bbm";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/git-commit-insert-issue";
sha256 = "0xhlchr7dbm0hp4cjba3x1fdf7lnfc97id327i2fqgkdc4yn9fax";
name = "git-commit-insert-issue";
};
packageRequires = [ bitbucket github-issues gitlab helm projectile s ];
packageRequires = [ bitbucket github-issues gitlab projectile s ];
meta = {
homepage = "https://melpa.org/#/git-commit-insert-issue";
license = lib.licenses.free;
@ -15552,7 +15573,7 @@
owner = "joewreschnig";
repo = "gitlab-ci-mode";
rev = "313431fa5b8b5ce4512909dfc15675bb99395f6f";
sha256 = "0zdj3f0a5fg4vwhbv851jv4fs1dqfz2w4jsxqbri2zhzdjxc97vn";
sha256 = "0wjz87nhcwzp201jxv3qlj88hn7p8nvq20924y06gra2d656znar";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d7915ddcf21fdec539a86bb86c209cf0bbd378cb/recipes/gitlab-ci-mode";
@ -15573,7 +15594,7 @@
owner = "joewreschnig";
repo = "gitlab-ci-mode-flycheck";
rev = "388fd05f3ea88ed3ebafb09868fc021f6ecc7625";
sha256 = "0idpg4265rfx5i0i8cgfs6w3gncc766mbg81ldxqjhzvq3n28z39";
sha256 = "111clb37329c7v0lv1lwypb8bv7qb9f495f2cy45j2n711vymdna";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d7915ddcf21fdec539a86bb86c209cf0bbd378cb/recipes/gitlab-ci-mode-flycheck";
@ -16668,6 +16689,27 @@
license = lib.licenses.free;
};
}) {};
grep-context = callPackage ({ cl-lib ? null, dash, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "grep-context";
version = "0.1.0";
src = fetchFromGitHub {
owner = "mkcms";
repo = "grep-context";
rev = "4c63d0f2654dee1e249c2054d118d674a757bd45";
sha256 = "0n2bc9q6bvbfpaqivp3ajy9ad1wr7hfdd98qhnspsap67p73kfn4";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/41dbaf627ae4ef86c222d2b6b5d3523fdb9a4637/recipes/grep-context";
sha256 = "175s9asbnk2wlgpzc5izcd3vlfvdj064n38myy9qf4awn12c2y1g";
name = "grep-context";
};
packageRequires = [ cl-lib dash emacs ];
meta = {
homepage = "https://melpa.org/#/grep-context";
license = lib.licenses.free;
};
}) {};
grin = callPackage ({ fetchhg, fetchurl, lib, melpaBuild }: melpaBuild {
pname = "grin";
version = "1.0";
@ -17010,7 +17052,7 @@
owner = "iain";
repo = "hamburger-menu-mode";
rev = "fd37f013c2f2619a88d3ed5311a9d1308cc82614";
sha256 = "196ydb57h4mjagjaiflvb20my561i6mdc6v6694ibdik2yns2inm";
sha256 = "1nykpp8afa0c0wiax1qn8wf5hfjaixk5kn4yhcw40z00pb8i2z5f";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/e8017730403cc0e613e3939017f85074753c3778/recipes/hamburger-menu";
@ -18306,12 +18348,12 @@
helm-org-rifle = callPackage ({ dash, emacs, f, fetchFromGitHub, fetchurl, helm, lib, melpaBuild, s }:
melpaBuild {
pname = "helm-org-rifle";
version = "1.5.0";
version = "1.5.1";
src = fetchFromGitHub {
owner = "alphapapa";
repo = "helm-org-rifle";
rev = "68f01726795ca3054cfc6327dcdb22c9c83dfdfa";
sha256 = "0vak9phqgxz5dk1zj3i4cs94y797h77qadirsf33gl073cg95l8a";
rev = "ecf5ad53bef572e38d8c8d93b516f8eab8c4dfe5";
sha256 = "14020ws87m64bfxqw30c9hc88zb7w4kxs5svd2a10y00lgrg2m93";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/f39cc94dde5aaf0d6cfea5c98dd52cdb0bcb1615/recipes/helm-org-rifle";
@ -19962,27 +20004,6 @@
license = lib.licenses.free;
};
}) {};
ido-ubiquitous = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, ido-completing-read-plus, lib, melpaBuild }:
melpaBuild {
pname = "ido-ubiquitous";
version = "4.7";
src = fetchFromGitHub {
owner = "DarwinAwardWinner";
repo = "ido-completing-read-plus";
rev = "51861afe385f59f3262ee40acbe772ccb3dd52e7";
sha256 = "0hspgk8m4acyhpcldwg3xqla9xp3fjrhf37cnjp45j1b3h94x3iy";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/6104efc035bcf469d133ab9a2caf42c9d4482334/recipes/ido-ubiquitous";
sha256 = "11sdk0ymsqnsw1gycvq2wj4j0g502fp23qk6q9d95lm98nz68frz";
name = "ido-ubiquitous";
};
packageRequires = [ cl-lib ido-completing-read-plus ];
meta = {
homepage = "https://melpa.org/#/ido-ubiquitous";
license = lib.licenses.free;
};
}) {};
ido-vertical-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "ido-vertical-mode";
@ -22440,12 +22461,12 @@
langtool = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "langtool";
version = "1.6.0";
version = "2.0.0";
src = fetchFromGitHub {
owner = "mhayashi1120";
repo = "Emacs-langtool";
rev = "d976e4f0cadb2309b798540429558936f8f45889";
sha256 = "1qlgd5i8jngsq754jm44gb46p5y6j2cccacg72aklvwajay0adyh";
rev = "d93286722cff3fecf8641a4a6c3b0691f30362fe";
sha256 = "17xa055705n4jb7nafqvqgl0a6fdaxp3b3q8q0gsv5vzycsc74ga";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/503845e79e67c921f1fde31447f3dd4da2b6f993/recipes/langtool";
@ -22487,7 +22508,7 @@
owner = "latex-math-preview";
repo = "latex-math-preview";
rev = "c1c87c4c5501f98b97af19f7e3454a2369265edc";
sha256 = "118xrgrnwsmsysmframf6bmb0gkrdrm3jbkgivzxs41cw92fhbzw";
sha256 = "1mp6bpl8992pi40vs6b86q922h4z8879mrjalldv5dyz57ym5fsq";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/9e413b7684e9199510b00035825aa861d670e072/recipes/latex-math-preview";
@ -23610,12 +23631,12 @@
magit-org-todos = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, magit, melpaBuild }:
melpaBuild {
pname = "magit-org-todos";
version = "0.1.1";
version = "0.1.2";
src = fetchFromGitHub {
owner = "danielma";
repo = "magit-org-todos.el";
rev = "d772f5220037cb7ad049250df2671e488c65da94";
sha256 = "19m1p8z016mqxj2b29961rnbjclxcpspx5bkmqhrwhfysyvcjqg5";
rev = "0bfa36bbc50e62de0a3406031cb93e2f57dcdc55";
sha256 = "07r5x256k1fjjxs1yfg41kc94nwvnjlk2vvknkra3j8v9p0j88m7";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/84480cad490cab2f087a484ed7b9d3d3064bbd29/recipes/magit-org-todos";
@ -26056,7 +26077,7 @@
owner = "esessoms";
repo = "nofrils-theme";
rev = "7825f88cb881a84eaa5cd1689772819a18eb2943";
sha256 = "009did3i3i8yi0virq606l02w1mw0gdyiqablqg7m368gx0gfvh5";
sha256 = "1aslhxk5mp6khf66ac4c441vywhiqpb4kyajagb8b1p10z8hrqva";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c59ddaa5e41d3c25c446b1ed1905d7f88b448e0a/recipes/nofrils-acme-theme";
@ -27318,12 +27339,12 @@
org-index = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "org-index";
version = "5.8.7";
version = "5.8.8";
src = fetchFromGitHub {
owner = "marcihm";
repo = "org-index";
rev = "2cbd9da2c7a6e4039e32665675370ae4e2b8e6cb";
sha256 = "10gm329bnbzjr8d0syw90iniann46mb5mirviy9r2q9w6xqjkbd0";
rev = "0dfe0a67979279345378ca006ab4f727df378aca";
sha256 = "16wjzskq000grkanaw9zca2qbw9yzpndhfd2g0b0if2mf1g31mkv";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/54946e733901986304f7a7a5139b2818ebf97eb3/recipes/org-index";
@ -31061,7 +31082,7 @@
owner = "elzair";
repo = "punctuality-logger";
rev = "708cae8e67dbae293c7c4be0ca5e49d76fac6714";
sha256 = "1v48i37iqrrwbyy3bscicfq66vbbml4sg0f0n950bnk0qagjx8py";
sha256 = "1bkkgs2agy00wivilljkj3a9fsb2ba935icjmhbk46zjc6yf3y6q";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/76ac7178ee5381e08ae881f3fc6061106eeb1c1d/recipes/punctuality-logger";
@ -31418,7 +31439,7 @@
owner = "python-mode-devs";
repo = "python-mode";
rev = "a0a534639bc6142c2c2f44bd7ca5878ad5f79518";
sha256 = "0sj2hfjwpcdg9djsgl3y5aa3gnvl4s87477x6a9d14m11db3p7ml";
sha256 = "173i3k0nvjri1g1mkgkc2i9c9mpnsvxf1ldmm12yhadl5gl2ah07";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/82861e1ab114451af5e1106d53195afd3605448a/recipes/python-mode";
@ -31543,6 +31564,27 @@
license = lib.licenses.free;
};
}) {};
ql = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "ql";
version = "1.0";
src = fetchFromGitHub {
owner = "ieure";
repo = "ql-el";
rev = "c885d125d8972374b408f6eddf031e44dc6fa0c6";
sha256 = "1l1jdvz1913m03ikcf9g3dsraaajqac1kzfy9c9xhzx8w7bbl80c";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/475bd8fd66c6d5b5c7e74aa2c4e094d313cc8303/recipes/ql";
sha256 = "0wxjblqacs5nx2hyh7r6rlv1yngbhn6phn5rni4dw2dms98zj34z";
name = "ql";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/ql";
license = lib.licenses.free;
};
}) {};
qml-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "qml-mode";
@ -32539,12 +32581,12 @@
rg = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, s }:
melpaBuild {
pname = "rg";
version = "1.4.3";
version = "1.5.0";
src = fetchFromGitHub {
owner = "dajva";
repo = "rg.el";
rev = "63226e8c93e55538855c9b24bfa03c86dc23b79d";
sha256 = "1zzh2cf6lsrsh6nzlcfxqs4il9dw5fc70x5apvrvp08mpqdzcj1r";
rev = "d50bd106275f3ef7f77d0147857412fb065eef47";
sha256 = "0zjhak534j1n03z6p9wjmgc48yy40icrp2x8y9vbvg4hgx8xh9lm";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/9ce1f721867383a841957370946f283f996fa76f/recipes/rg";
@ -33941,7 +33983,7 @@
license = lib.licenses.free;
};
}) {};
shrink-path = callPackage ({ dash, f, fetchFromGitLab, fetchurl, lib, melpaBuild, s }:
shrink-path = callPackage ({ dash, emacs, f, fetchFromGitLab, fetchurl, lib, melpaBuild, s }:
melpaBuild {
pname = "shrink-path";
version = "0.3.1";
@ -33949,14 +33991,14 @@
owner = "bennya";
repo = "shrink-path.el";
rev = "9b8cfb59a2dcee8b39b680ab9adad5ecb1f53c0b";
sha256 = "0kx0c4syd7k6ff9j463bib32pz4wq0rzjlg6b0yqnymlzfr1mbki";
sha256 = "021bpgpzysag1s11m9pyq2bk6a0mf9ayx10yxhf5cw56x3d0jj1b";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/86b0d105e8a57d5f0bcde779441dc80b85e170ea/recipes/shrink-path";
sha256 = "0fq13c6g7qbq6f2ry9dzdyg1f6p41wimkjcdaj177rnilz77alzb";
name = "shrink-path";
};
packageRequires = [ dash f s ];
packageRequires = [ dash emacs f s ];
meta = {
homepage = "https://melpa.org/#/shrink-path";
license = lib.licenses.free;
@ -35327,6 +35369,27 @@
license = lib.licenses.free;
};
}) {};
srcery-theme = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "srcery-theme";
version = "0.1.0";
src = fetchFromGitHub {
owner = "roosta";
repo = "emacs-srcery";
rev = "385809e78a2494ee617782430415048d91a11444";
sha256 = "1r6k042jipqz04nlr9gfpq6p80k33k4aqxsn03p1sicnpakzpixg";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/1df48441ecf6abd272ff154722b9ce0e2546c284/recipes/srcery-theme";
sha256 = "1r8srxhznli3sskwppk7fyapyx0qixagkwm0fllgsbm4nwkzq9pn";
name = "srcery-theme";
};
packageRequires = [];
meta = {
homepage = "https://melpa.org/#/srcery-theme";
license = lib.licenses.free;
};
}) {};
srefactor = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "srefactor";
@ -36861,12 +36924,12 @@
tidal = callPackage ({ emacs, fetchFromGitHub, fetchurl, haskell-mode, lib, melpaBuild }:
melpaBuild {
pname = "tidal";
version = "0.9.7";
version = "0.9.8";
src = fetchFromGitHub {
owner = "tidalcycles";
repo = "Tidal";
rev = "ef658d3df0604f3dec955a150509ec1cc68fbd98";
sha256 = "1ild1gnbcrw830b8d3byvqlmgm27609dgailmxgin6z7g1pg4r7z";
rev = "f8af7bdbda547ebd12cf5c0ee1327f33cd9aa93f";
sha256 = "0y7a4bxsgpbg1sbsi4xdp4k9x3l0vh7acm5i3k87acpcpfb9aq5y";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/16a26659a16199b5bb066be6e5c4a40419bda018/recipes/tidal";
@ -37769,12 +37832,12 @@
uptimes = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "uptimes";
version = "3.5";
version = "3.6";
src = fetchFromGitHub {
owner = "davep";
repo = "uptimes.el";
rev = "07bcd6517243c9c9f61172202d33718bd9b2a850";
sha256 = "0n416p47j4cl84lq8wcgmkagkws7a9n4g9307v1s91s2gqmfia3n";
rev = "5e81f8bb419836602819045e7d5a74b76ad3e69c";
sha256 = "04l452k249s3ilfj0da0k7rrfyjnxxdsipa2al46xqjds8l3h2rn";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/72099e35ce3e34ec6afc6a3f87a4da07ec91499a/recipes/uptimes";
@ -38173,7 +38236,7 @@
owner = "iankelling";
repo = "visible-mark";
rev = "c1852e13b6b61982738b56977a452ec9026faf1b";
sha256 = "15zdbvv6c114mv6hdq375l7ax70sss06p9d7m86hgssc3kiv9vsv";
sha256 = "1rsi9irv9i03627cmfaqz03f9cvpm7555ga8n2gs622lzp6bb3jf";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/76ac7178ee5381e08ae881f3fc6061106eeb1c1d/recipes/visible-mark";
@ -40217,7 +40280,7 @@
owner = "egh";
repo = "zotxt-emacs";
rev = "43c0c6d23b31126bac6b14bb85608180fd9c866f";
sha256 = "0qksa67aazs9vx7v14nlakr34z6l0h6mhfzi2c0vhrr0c210r6hp";
sha256 = "1hz1m4190yi6knz3y088ql8wy3pmsl8lsznqby2vpnn9p74fvl37";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/b633453e77a719f6b6b6564e66c1c1260db38aa6/recipes/zotxt";

View file

@ -96,6 +96,9 @@ self:
# Expects bash to be at /bin/bash
flycheck-rtags = markBroken super.flycheck-rtags;
# upstream issue: missing dependency
fold-dwim-org = markBroken super.fold-dwim-org;
# build timeout
graphene = markBroken super.graphene;

Some files were not shown because too many files have changed in this diff Show more