forked from mirrors/nixpkgs
Merge remote-tracking branch 'upstream/master' into HEAD
Conflicts: pkgs/development/tools/misc/binutils/default.nix
This commit is contained in:
commit
3c6e077301
|
@ -14,6 +14,8 @@ true:</para>
|
|||
its <literal>meta.broken</literal> set to
|
||||
<literal>true</literal>.</para></listitem>
|
||||
|
||||
<listitem><para>The package isn't intended to run on the given system, as none of its <literal>meta.platforms</literal> match the given system.</para></listitem>
|
||||
|
||||
<listitem><para>The package's <literal>meta.license</literal> is set
|
||||
to a license which is considered to be unfree.</para></listitem>
|
||||
|
||||
|
@ -88,6 +90,42 @@ distributing the software.</para>
|
|||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section xml:id="sec-allow-unsupported-system">
|
||||
<title>Installing packages on unsupported systems</title>
|
||||
|
||||
|
||||
<para>
|
||||
There are also two ways to try compiling a package which has been marked as unsuported for the given system.
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
|
||||
|
||||
<programlisting>$ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
For permanently allowing broken packages to be built, you may add <literal>allowUnsupportedSystem = true;</literal> to your user's configuration file, like this:
|
||||
|
||||
<programlisting>
|
||||
{
|
||||
allowUnsupportedSystem = true;
|
||||
}
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
The difference between an a package being unsupported on some system and being broken is admittedly a bit fuzzy.
|
||||
If a program <emphasis>ought</emphasis> to work on a certain platform, but doesn't, the platform should be included in <literal>meta.platforms</literal>, but marked as broken with e.g. <literal>meta.broken = !hostPlatform.isWindows</literal>.
|
||||
Of course, this begs the question of what "ought" means exactly.
|
||||
That is left to the package maintainer.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="sec-allow-unfree">
|
||||
<title>Installing unfree packages</title>
|
||||
|
||||
|
|
|
@ -374,7 +374,7 @@ and `CFLAGS`.
|
|||
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
|
||||
homepage = http://hgomersall.github.com/pyFFTW/;
|
||||
license = with licenses; [ bsd2 bsd3 ];
|
||||
maintainer = with maintainers; [ fridh ];
|
||||
maintainers = with maintainers; [ fridh ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -36,10 +36,16 @@
|
|||
<para>Here you find how to write a derivation that produces multiple outputs.</para>
|
||||
<para>In nixpkgs there is a framework supporting multiple-output derivations. It tries to cover most cases by default behavior. You can find the source separated in <<filename>nixpkgs/pkgs/build-support/setup-hooks/multiple-outputs.sh</filename>>; it's relatively well-readable. The whole machinery is triggered by defining the <varname>outputs</varname> attribute to contain the list of desired output names (strings).</para>
|
||||
<programlisting>outputs = [ "bin" "dev" "out" "doc" ];</programlisting>
|
||||
<para>Often such a single line is enough. For each output an equally named environment variable is passed to the builder and contains the path in nix store for that output. By convention, the first output should contain the executable programs provided by the package as that output is used by Nix in string conversions, allowing references to binaries like <literal>${pkgs.perl}/bin/perl</literal> to always work. Typically you also want to have the main <varname>out</varname> output, as it catches any files that didn't get elsewhere.</para>
|
||||
|
||||
<para>Often such a single line is enough. For each output an equally named environment variable is passed to the builder and contains the path in nix store for that output. Typically you also want to have the main <varname>out</varname> output, as it catches any files that didn't get elsewhere.</para>
|
||||
<note><para>There is a special handling of the <varname>debug</varname> output, described at <xref linkend="stdenv-separateDebugInfo" />.</para></note>
|
||||
|
||||
<section xml:id="multiple-output-file-binaries-first-convention">
|
||||
<title><quote>Binaries first</quote></title>
|
||||
<para>A commonly adopted convention in <literal>nixpkgs</literal> is that executables provided by the package are contained within its first output. This convention allows the dependent packages to reference the executables provided by packages in a uniform manner. For instance, provided with the knowledge that the <literal>perl</literal> package contains a <literal>perl</literal> executable it can be referenced as <literal>${pkgs.perl}/bin/perl</literal> within a Nix derivation that needs to execute a Perl script.</para>
|
||||
<para>The <literal>glibc</literal> package is a deliberate single exception to the <quote>binaries first</quote> convention. The <literal>glibc</literal> has <literal>libs</literal> as its first output allowing the libraries provided by <literal>glibc</literal> to be referenced directly (e.g. <literal>${stdenv.glibc}/lib/ld-linux-x86-64.so.2</literal>). The executables provided by <literal>glibc</literal> can be accessed via its <literal>bin</literal> attribute (e.g. <literal>${stdenv.glibc.bin}/bin/ldd</literal>).</para>
|
||||
<para>The reason for why <literal>glibc</literal> deviates from the convention is because referencing a library provided by <literal>glibc</literal> is a very common operation among Nix packages. For instance, third-party executables packaged by Nix are typically patched and relinked with the relevant version of <literal>glibc</literal> libraries from Nix packages (please see the documentation on <link xlink:href="https://nixos.org/patchelf.html">patchelf</link> for more details).</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="multiple-output-file-type-groups">
|
||||
<title>File type groups</title>
|
||||
<para>The support code currently recognizes some particular kinds of outputs and either instructs the build system of the package to put files into their desired outputs or it moves the files during the fixup phase. Each group of file types has an <varname>outputFoo</varname> variable specifying the output name where they should go. If that variable isn't defined by the derivation writer, it is guessed – a default output name is defined, falling back to other possibilities if the output isn't defined.</para>
|
||||
|
|
|
@ -44,6 +44,8 @@ rec {
|
|||
};
|
||||
# Misc boolean options
|
||||
useAndroidPrebuilt = false;
|
||||
useiOSPrebuilt = false;
|
||||
isiPhoneSimulator = false;
|
||||
} // mapAttrs (n: v: v final.parsed) inspect.predicates
|
||||
// args;
|
||||
in assert final.useAndroidPrebuilt -> final.isAndroid;
|
||||
|
|
|
@ -201,7 +201,7 @@ rec {
|
|||
|
||||
################################################################################
|
||||
|
||||
types.system = mkOptionType {
|
||||
types.parsedPlatform = mkOptionType {
|
||||
name = "system";
|
||||
description = "fully parsed representation of llvm- or nix-style platform tuple";
|
||||
merge = mergeOneOption;
|
||||
|
@ -215,7 +215,7 @@ rec {
|
|||
isSystem = isType "system";
|
||||
|
||||
mkSystem = components:
|
||||
assert types.system.check components;
|
||||
assert types.parsedPlatform.check components;
|
||||
setType "system" components;
|
||||
|
||||
mkSkeletonFromList = l: {
|
||||
|
|
|
@ -587,6 +587,11 @@
|
|||
github = "bergey";
|
||||
name = "Daniel Bergey";
|
||||
};
|
||||
bfortz = {
|
||||
email = "bernard.fortz@gmail.com";
|
||||
github = "bfortz";
|
||||
name = "Bernard Fortz";
|
||||
};
|
||||
bgamari = {
|
||||
email = "ben@smart-cactus.org";
|
||||
github = "bgamari";
|
||||
|
@ -1971,6 +1976,11 @@
|
|||
github = "kragniz";
|
||||
name = "Louis Taylor";
|
||||
};
|
||||
krav = {
|
||||
email = "kristoffer@microdisko.no";
|
||||
github = "krav";
|
||||
name = "Kristoffer Thømt Ravneberg";
|
||||
};
|
||||
kristoff3r = {
|
||||
email = "k.soeholm@gmail.com";
|
||||
github = "kristoff3r";
|
||||
|
@ -3461,6 +3471,11 @@
|
|||
github = "spwhitt";
|
||||
name = "Spencer Whitt";
|
||||
};
|
||||
srghma = {
|
||||
email = "srghma@gmail.com";
|
||||
github = "srghma";
|
||||
name = "Sergei Khoma";
|
||||
};
|
||||
srhb = {
|
||||
email = "sbrofeldt@gmail.com";
|
||||
github = "srhb";
|
||||
|
@ -3981,6 +3996,11 @@
|
|||
github = "womfoo";
|
||||
name = "Kranium Gikos Mendoza";
|
||||
};
|
||||
worldofpeace = {
|
||||
email = "worldofpeace@users.noreply.github.com";
|
||||
github = "worldofpeace";
|
||||
name = "Worldofpeace";
|
||||
};
|
||||
wscott = {
|
||||
email = "wsc9tt@gmail.com";
|
||||
github = "wscott";
|
||||
|
@ -4145,9 +4165,4 @@
|
|||
github = "zzamboni";
|
||||
name = "Diego Zamboni";
|
||||
};
|
||||
srghma = {
|
||||
email = "srghma@gmail.com";
|
||||
github = "srghma";
|
||||
name = "Sergei Khoma";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click
|
||||
#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'
|
||||
|
||||
# To use, just execute this script with --help to display help.
|
||||
|
||||
|
@ -16,7 +16,7 @@ maintainers_json = subprocess.check_output([
|
|||
'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
|
||||
])
|
||||
maintainers = json.loads(maintainers_json)
|
||||
MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
|
||||
MAINTAINERS = {v: k for k, v in maintainers.items()}
|
||||
|
||||
|
||||
def get_response_text(url):
|
||||
|
@ -45,6 +45,17 @@ def get_maintainers(attr_name):
|
|||
except:
|
||||
return []
|
||||
|
||||
def print_build(table_row):
|
||||
a = pq(table_row)('a')[1]
|
||||
print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True)
|
||||
|
||||
maintainers = get_maintainers(a.text)
|
||||
if maintainers:
|
||||
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
|
||||
# TODO: print last three persons that touched this file
|
||||
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
|
||||
|
||||
sys.stdout.flush()
|
||||
|
||||
@click.command()
|
||||
@click.option(
|
||||
|
@ -73,23 +84,17 @@ def cli(jobset):
|
|||
|
||||
# TODO: aborted evaluations
|
||||
# TODO: dependency failed without propagated builds
|
||||
print('\nFailures:')
|
||||
for tr in d('img[alt="Failed"]').parents('tr'):
|
||||
a = pq(tr)('a')[1]
|
||||
print("- [ ] [{}]({})".format(a.text, a.get('href')))
|
||||
print_build(tr)
|
||||
|
||||
sys.stdout.flush()
|
||||
|
||||
maintainers = get_maintainers(a.text)
|
||||
if maintainers:
|
||||
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
|
||||
# TODO: print last three persons that touched this file
|
||||
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
|
||||
|
||||
sys.stdout.flush()
|
||||
print('\nDependency failures:')
|
||||
for tr in d('img[alt="Dependency failed"]').parents('tr'):
|
||||
print_build(tr)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
try:
|
||||
cli()
|
||||
except:
|
||||
except Exception as e:
|
||||
import pdb;pdb.post_mortem()
|
||||
|
|
|
@ -115,23 +115,17 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
|
|||
<varlistentry><term>UEFI systems</term>
|
||||
<listitem><para>For creating boot partitions:
|
||||
<command>mkfs.fat</command>. Again it’s recommended to assign a
|
||||
label to the boot partition: <option>-L
|
||||
label to the boot partition: <option>-n
|
||||
<replaceable>label</replaceable></option>. For example:
|
||||
|
||||
<screen>
|
||||
# mkfs.fat -F 32 -L boot /dev/sda3</screen>
|
||||
# mkfs.fat -F 32 -n boot /dev/sda3</screen>
|
||||
|
||||
</para></listitem></varlistentry></variablelist></listitem>
|
||||
|
||||
<listitem><para>For creating LVM volumes, the LVM commands, e.g.,
|
||||
|
||||
<screen>
|
||||
# pvcreate /dev/sda1 /dev/sdb1
|
||||
# vgcreate MyVolGroup /dev/sda1 /dev/sdb1
|
||||
# lvcreate --size 2G --name bigdisk MyVolGroup
|
||||
# lvcreate --size 1G --name smalldisk MyVolGroup</screen>
|
||||
|
||||
</para></listitem>
|
||||
<command>pvcreate</command>, <command>vgcreate</command>, and
|
||||
<command>lvcreate</command>.</para></listitem>
|
||||
|
||||
<listitem><para>For creating software RAID devices, use
|
||||
<command>mdadm</command>.</para></listitem>
|
||||
|
@ -155,6 +149,7 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
|
|||
<listitem><para>Mount the boot file system on <filename>/mnt/boot</filename>, e.g.
|
||||
|
||||
<screen>
|
||||
# mkdir -p /mnt/boot
|
||||
# mount /dev/disk/by-label/boot /mnt/boot
|
||||
</screen>
|
||||
|
||||
|
@ -366,8 +361,9 @@ drive (here <filename>/dev/sda</filename>). <xref linkend="ex-config"
|
|||
# mkfs.ext4 -L nixos /dev/sda1
|
||||
# mkswap -L swap /dev/sda2
|
||||
# swapon /dev/sda2
|
||||
# mkfs.fat -F 32 -L boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
|
||||
# mkfs.fat -F 32 -n boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
|
||||
# mount /dev/disk/by-label/nixos /mnt
|
||||
# mkdir -p /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
|
||||
# mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
|
||||
# nixos-generate-config --root /mnt
|
||||
# nano /mnt/etc/nixos/configuration.nix
|
||||
|
|
|
@ -40,7 +40,7 @@ points to the generated virtual network.
|
|||
test1 = {pkgs, config, ...}:
|
||||
{
|
||||
services.openssh.enable = true;
|
||||
nixpkgs.system = "i686-linux";
|
||||
nixpkgs.localSystem.system = "i686-linux";
|
||||
deployment.targetHost = "test1.example.net";
|
||||
|
||||
# Other NixOS options
|
||||
|
@ -51,7 +51,7 @@ points to the generated virtual network.
|
|||
services.openssh.enable = true;
|
||||
services.httpd.enable = true;
|
||||
environment.systemPackages = [ pkgs.lynx ];
|
||||
nixpkgs.system = "x86_64-linux";
|
||||
nixpkgs.localSystem.system = "x86_64-linux";
|
||||
deployment.targetHost = "test2.example.net";
|
||||
|
||||
# Other NixOS options
|
||||
|
@ -66,7 +66,7 @@ In each NixOS configuration, two attributes have a special meaning.
|
|||
The <varname>deployment.targetHost</varname> specifies the address
|
||||
(domain name or IP address)
|
||||
of the system which is used by <command>ssh</command> to perform
|
||||
remote deployment operations. The <varname>nixpkgs.system</varname>
|
||||
remote deployment operations. The <varname>nixpkgs.localSystem.system</varname>
|
||||
attribute can be used to specify an architecture for the target machine,
|
||||
such as <varname>i686-linux</varname> which builds a 32-bit NixOS
|
||||
configuration. Omitting this property will build the configuration
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
, lib ? import ../../lib
|
||||
}:
|
||||
|
||||
let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system;
|
||||
let extraArgs_ = extraArgs; pkgs_ = pkgs;
|
||||
extraModules = let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH";
|
||||
in if e == "" then [] else [(import (builtins.toPath e))];
|
||||
in
|
||||
|
@ -36,7 +36,7 @@ let
|
|||
_file = ./eval-config.nix;
|
||||
key = _file;
|
||||
config = {
|
||||
nixpkgs.system = lib.mkDefault system_;
|
||||
nixpkgs.localSystem = lib.mkDefault { inherit system; };
|
||||
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
|
||||
};
|
||||
};
|
||||
|
|
|
@ -59,7 +59,7 @@ let
|
|||
INITRD /boot/${config.system.boot.loader.initrdFile}
|
||||
|
||||
# A variant to boot with verbose logging to the console
|
||||
LABEL boot-nomodeset
|
||||
LABEL boot-debug
|
||||
MENU LABEL NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (debug)
|
||||
LINUX /boot/${config.system.boot.loader.kernelFile}
|
||||
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} loglevel=7
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
x86_64-linux = "/nix/store/6p2gambjac7xdkd2a7w1dsxdk1q5cq4d-nix-2.0";
|
||||
i686-linux = "/nix/store/zznnaijjk3nwx0cmpczxsvngmqzhl7r4-nix-2.0";
|
||||
aarch64-linux = "/nix/store/ci96w9kxfkmlc7x2vwqiz4da0r6abxnq-nix-2.0";
|
||||
x86_64-darwin = "/nix/store/xmi4fylvx4qc79ji9v5q3zfy9vfdy4sv-nix-2.0";
|
||||
x86_64-linux = "/nix/store/2gk7rk2sx2dkmsjr59gignrfdmya8f6s-nix-2.0.1";
|
||||
i686-linux = "/nix/store/5160glkphiv13qggnivyidg8r0491pbl-nix-2.0.1";
|
||||
aarch64-linux = "/nix/store/jk29zz3ns9vdkkclcyzzkpzp8dhv1x3i-nix-2.0.1";
|
||||
x86_64-darwin = "/nix/store/4a9czmrpd4hf3r80zcmga2c2lm3hbbvv-nix-2.0.1";
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
#dialout = 27; # unused
|
||||
polkituser = 28;
|
||||
#utmp = 29; # unused
|
||||
ddclient = 30;
|
||||
# ddclient = 30; # converted to DynamicUser = true
|
||||
davfs2 = 31;
|
||||
#disnix = 33; # unused
|
||||
osgi = 34;
|
||||
|
@ -344,7 +344,7 @@
|
|||
dialout = 27;
|
||||
#polkituser = 28; # currently unused, polkitd doesn't need a group
|
||||
utmp = 29;
|
||||
ddclient = 30;
|
||||
# ddclient = 30; # converted to DynamicUser = true
|
||||
davfs2 = 31;
|
||||
disnix = 33;
|
||||
osgi = 34;
|
||||
|
|
|
@ -133,13 +133,26 @@ in {
|
|||
systemd.services.update-locatedb =
|
||||
{ description = "Update Locate Database";
|
||||
path = mkIf (!isMLocate) [ pkgs.su ];
|
||||
|
||||
# mlocate's updatedb takes flags via a configuration file or
|
||||
# on the command line, but not by environment variable.
|
||||
script =
|
||||
if isMLocate
|
||||
then let toFlags = x: optional (cfg.${x} != [])
|
||||
"--${lib.toLower x} '${concatStringsSep " " cfg.${x}}'";
|
||||
args = concatLists (map toFlags ["pruneFS" "pruneNames" "prunePaths"]);
|
||||
in ''
|
||||
exec ${cfg.locate}/bin/updatedb \
|
||||
--output ${toString cfg.output} ${concatStringsSep " " args} \
|
||||
--prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \
|
||||
${concatStringsSep " " cfg.extraFlags}
|
||||
''
|
||||
else ''
|
||||
exec ${cfg.locate}/bin/updatedb \
|
||||
${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \
|
||||
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
|
||||
'';
|
||||
environment = {
|
||||
environment = optionalAttrs (!isMLocate) {
|
||||
PRUNEFS = concatStringsSep " " cfg.pruneFS;
|
||||
PRUNEPATHS = concatStringsSep " " cfg.prunePaths;
|
||||
PRUNENAMES = concatStringsSep " " cfg.pruneNames;
|
||||
|
|
|
@ -58,10 +58,13 @@ in
|
|||
pkgs = mkOption {
|
||||
defaultText = literalExample
|
||||
''import "''${nixos}/.." {
|
||||
inherit (config.nixpkgs) config overlays system;
|
||||
inherit (config.nixpkgs) config overlays localSystem crossSystem;
|
||||
}
|
||||
'';
|
||||
default = import ../../.. { inherit (cfg) config overlays system crossSystem; };
|
||||
default = import ../../.. {
|
||||
localSystem = { inherit (cfg) system; } // cfg.localSystem;
|
||||
inherit (cfg) config overlays crossSystem;
|
||||
};
|
||||
type = pkgsType;
|
||||
example = literalExample ''import <nixpkgs> {}'';
|
||||
description = ''
|
||||
|
@ -73,8 +76,9 @@ in
|
|||
relative to the location of this NixOS module, because
|
||||
NixOS and Nixpkgs are distributed together for consistency,
|
||||
so the <code>nixos</code> in the default value is in fact a
|
||||
relative path. The <code>config</code>, <code>overlays</code>
|
||||
and <code>system</code> come from this option's siblings.
|
||||
relative path. The <code>config</code>, <code>overlays</code>,
|
||||
<code>localSystem</code>, and <code>crossSystem</code> come
|
||||
from this option's siblings.
|
||||
|
||||
This option can be used by applications like NixOps to increase
|
||||
the performance of evaluation, or to create packages that depend
|
||||
|
@ -130,13 +134,40 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
crossSystem = mkOption {
|
||||
type = types.nullOr types.attrs;
|
||||
default = null;
|
||||
localSystem = mkOption {
|
||||
type = types.attrs; # TODO utilize lib.systems.parsedPlatform
|
||||
default = { system = builtins.currentSystem; };
|
||||
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
|
||||
defaultText = literalExample
|
||||
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
||||
description = ''
|
||||
The description of the system we're cross-compiling to, or null
|
||||
if this isn't a cross-compile. See the description of the
|
||||
crossSystem argument in the nixpkgs manual.
|
||||
Specifies the platform on which NixOS should be built. When
|
||||
<code>nixpkgs.crossSystem</code> is unset, it also specifies
|
||||
the platform <emphasis>for</emphasis> which NixOS should be
|
||||
built. If this option is unset, it defaults to the platform
|
||||
type of the machine where evaluation happens. Specifying this
|
||||
option is useful when doing distributed multi-platform
|
||||
deployment, or when building virtual machines. See its
|
||||
description in the Nixpkgs manual for more details.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> is set.
|
||||
'';
|
||||
};
|
||||
|
||||
crossSystem = mkOption {
|
||||
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
|
||||
default = null;
|
||||
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
|
||||
defaultText = literalExample
|
||||
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
||||
description = ''
|
||||
Specifies the platform for which NixOS should be
|
||||
built. Specify this only if it is different from
|
||||
<code>nixpkgs.localSystem</code>, the platform
|
||||
<emphasis>on</emphasis> which NixOS should be built. In other
|
||||
words, specify this to cross-compile NixOS. Otherwise it
|
||||
should be set as null, the default. See its description in the
|
||||
Nixpkgs manual for more details.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> is set.
|
||||
'';
|
||||
|
@ -146,10 +177,20 @@ in
|
|||
type = types.str;
|
||||
example = "i686-linux";
|
||||
description = ''
|
||||
Specifies the Nix platform type for which NixOS should be built.
|
||||
If unset, it defaults to the platform type of your host system.
|
||||
Specifying this option is useful when doing distributed
|
||||
multi-platform deployment, or when building virtual machines.
|
||||
Specifies the Nix platform type on which NixOS should be built.
|
||||
It is better to specify <code>nixpkgs.localSystem</code> instead.
|
||||
<programlisting>
|
||||
{
|
||||
nixpkgs.system = ..;
|
||||
}
|
||||
</programlisting>
|
||||
is the same as
|
||||
<programlisting>
|
||||
{
|
||||
nixpkgs.localSystem.system = ..;
|
||||
}
|
||||
</programlisting>
|
||||
See <code>nixpkgs.localSystem</code> for more information.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> is set.
|
||||
'';
|
||||
|
|
|
@ -16,21 +16,6 @@ in
|
|||
|
||||
options.system = {
|
||||
|
||||
# XXX: Reintroduce old options to make nixops before 1.6 able to evaluate configurations
|
||||
# XXX: Remove after nixops has been bumped to a compatible version
|
||||
nixosVersion = mkOption {
|
||||
readOnly = true;
|
||||
internal = true;
|
||||
type = types.str;
|
||||
default = config.system.nixos.version;
|
||||
};
|
||||
nixosVersionSuffix = mkOption {
|
||||
readOnly = true;
|
||||
internal = true;
|
||||
type = types.str;
|
||||
default = config.system.nixos.versionSuffix;
|
||||
};
|
||||
|
||||
nixos.version = mkOption {
|
||||
internal = true;
|
||||
type = types.str;
|
||||
|
|
|
@ -166,6 +166,7 @@
|
|||
./services/backup/crashplan-small-business.nix
|
||||
./services/backup/mysql-backup.nix
|
||||
./services/backup/postgresql-backup.nix
|
||||
./services/backup/restic.nix
|
||||
./services/backup/rsnapshot.nix
|
||||
./services/backup/tarsnap.nix
|
||||
./services/backup/znapzend.nix
|
||||
|
@ -533,7 +534,7 @@
|
|||
./services/networking/prayer.nix
|
||||
./services/networking/privoxy.nix
|
||||
./services/networking/prosody.nix
|
||||
# ./services/networking/quagga.nix
|
||||
./services/networking/quagga.nix
|
||||
./services/networking/quassel.nix
|
||||
./services/networking/racoon.nix
|
||||
./services/networking/radicale.nix
|
||||
|
@ -559,6 +560,7 @@
|
|||
./services/networking/ssh/lshd.nix
|
||||
./services/networking/ssh/sshd.nix
|
||||
./services/networking/strongswan.nix
|
||||
./services/networking/strongswan-swanctl/module.nix
|
||||
./services/networking/stunnel.nix
|
||||
./services/networking/supplicant.nix
|
||||
./services/networking/supybot.nix
|
||||
|
|
|
@ -23,6 +23,8 @@ with lib;
|
|||
(config:
|
||||
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
|
||||
in if enabled then [ pkgs.gutenprint ] else [ ]))
|
||||
(mkRenamedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ])
|
||||
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
|
||||
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
|
||||
|
@ -187,22 +189,20 @@ with lib;
|
|||
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "kde5" ] [ "services" "xserver" "desktopManager" "plasma5" ])
|
||||
|
||||
# Fontconfig
|
||||
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "config" "fonts" "fontconfig" "allowBitmaps" ])
|
||||
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowType1" ] [ "config" "fonts" "fontconfig" "allowType1" ])
|
||||
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "config" "fonts" "fontconfig" "useEmbeddedBitmaps" ])
|
||||
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "config" "fonts" "fontconfig" "forceAutohint" ])
|
||||
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "config" "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
|
||||
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "fonts" "fontconfig" "allowBitmaps" ])
|
||||
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowType1" ] [ "fonts" "fontconfig" "allowType1" ])
|
||||
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "fonts" "fontconfig" "useEmbeddedBitmaps" ])
|
||||
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "fonts" "fontconfig" "forceAutohint" ])
|
||||
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
|
||||
|
||||
# Profile splitting
|
||||
(mkRenamedOptionModule [ "virtualization" "growPartition" ] [ "boot" "growPartition" ])
|
||||
|
||||
# misc/version.nix
|
||||
#(mkRenamedOptionModule [ "config" "system" "nixosVersion" ] [ "config" "system" "nixos" "version" ])
|
||||
(mkRenamedOptionModule [ "config" "system" "nixosRelease" ] [ "config" "system" "nixos" "release" ])
|
||||
#(mkRenamedOptionModule [ "config" "system" "nixosVersionSuffix" ] [ "config" "system" "nixos" "versionSuffix" ])
|
||||
(mkRenamedOptionModule [ "config" "system" "nixosRevision" ] [ "config" "system" "nixos" "revision" ])
|
||||
(mkRenamedOptionModule [ "config" "system" "nixosCodeName" ] [ "config" "system" "nixos" "codeName" ])
|
||||
(mkRenamedOptionModule [ "config" "system" "nixosLabel" ] [ "config" "system" "nixos" "label" ])
|
||||
(mkRenamedOptionModule [ "system" "nixosVersion" ] [ "system" "nixos" "version" ])
|
||||
(mkRenamedOptionModule [ "system" "nixosVersionSuffix" ] [ "system" "nixos" "versionSuffix" ])
|
||||
(mkRenamedOptionModule [ "system" "nixosRevision" ] [ "system" "nixos" "revision" ])
|
||||
(mkRenamedOptionModule [ "system" "nixosLabel" ] [ "system" "nixos" "label" ])
|
||||
|
||||
# Users
|
||||
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
|
||||
|
|
|
@ -240,6 +240,7 @@ in
|
|||
};
|
||||
selfsignedService = {
|
||||
description = "Create preliminary self-signed certificate for ${cert}";
|
||||
path = [ pkgs.openssl ];
|
||||
preStart = ''
|
||||
if [ ! -d '${cpath}' ]
|
||||
then
|
||||
|
@ -250,37 +251,41 @@ in
|
|||
'';
|
||||
script =
|
||||
''
|
||||
# Create self-signed key
|
||||
workdir="/run/acme-selfsigned-${cert}"
|
||||
${pkgs.openssl.bin}/bin/openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
|
||||
${pkgs.openssl.bin}/bin/openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
|
||||
${pkgs.openssl.bin}/bin/openssl req -new -key $workdir/server.key -out $workdir/server.csr \
|
||||
workdir="$(mktemp -d)"
|
||||
|
||||
# Create CA
|
||||
openssl genrsa -des3 -passout pass:x -out $workdir/ca.pass.key 2048
|
||||
openssl rsa -passin pass:x -in $workdir/ca.pass.key -out $workdir/ca.key
|
||||
openssl req -new -key $workdir/ca.key -out $workdir/ca.csr \
|
||||
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=Security Department/CN=example.com"
|
||||
openssl x509 -req -days 1 -in $workdir/ca.csr -signkey $workdir/ca.key -out $workdir/ca.crt
|
||||
|
||||
# Create key
|
||||
openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
|
||||
openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
|
||||
openssl req -new -key $workdir/server.key -out $workdir/server.csr \
|
||||
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
|
||||
${pkgs.openssl.bin}/bin/openssl x509 -req -days 1 -in $workdir/server.csr -signkey $workdir/server.key -out $workdir/server.crt
|
||||
openssl x509 -req -days 1 -in $workdir/server.csr -CA $workdir/ca.crt \
|
||||
-CAkey $workdir/ca.key -CAserial $workdir/ca.srl -CAcreateserial \
|
||||
-out $workdir/server.crt
|
||||
|
||||
# Move key to destination
|
||||
mv $workdir/server.key ${cpath}/key.pem
|
||||
mv $workdir/server.crt ${cpath}/fullchain.pem
|
||||
# Copy key to destination
|
||||
cp $workdir/server.key ${cpath}/key.pem
|
||||
|
||||
# Create full.pem for e.g. lighttpd (same format as "simp_le ... -f full.pem" creates)
|
||||
cat "${cpath}/key.pem" "${cpath}/fullchain.pem" > "${cpath}/full.pem"
|
||||
# Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates)
|
||||
cat $workdir/{server.crt,ca.crt} > "${cpath}/fullchain.pem"
|
||||
|
||||
# Clean up working directory
|
||||
rm $workdir/server.csr
|
||||
rm $workdir/server.pass.key
|
||||
# Create full.pem for e.g. lighttpd
|
||||
cat $workdir/{server.key,server.crt,ca.crt} > "${cpath}/full.pem"
|
||||
|
||||
# Give key acme permissions
|
||||
chmod ${rights} '${cpath}/key.pem'
|
||||
chown '${data.user}:${data.group}' '${cpath}/key.pem'
|
||||
chmod ${rights} '${cpath}/fullchain.pem'
|
||||
chown '${data.user}:${data.group}' '${cpath}/fullchain.pem'
|
||||
chmod ${rights} '${cpath}/full.pem'
|
||||
chown '${data.user}:${data.group}' '${cpath}/full.pem'
|
||||
chown '${data.user}:${data.group}' "${cpath}/"{key,fullchain,full}.pem
|
||||
chmod ${rights} "${cpath}/"{key,fullchain,full}.pem
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RuntimeDirectory = "acme-selfsigned-${cert}";
|
||||
PermissionsStartOnly = true;
|
||||
PrivateTmp = true;
|
||||
User = data.user;
|
||||
Group = data.group;
|
||||
};
|
||||
|
|
|
@ -234,6 +234,11 @@ let
|
|||
password, KDE will prompt separately after login.
|
||||
'';
|
||||
};
|
||||
sssdStrictAccess = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = "enforce sssd access control";
|
||||
};
|
||||
|
||||
enableGnomeKeyring = mkOption {
|
||||
default = false;
|
||||
|
@ -264,11 +269,13 @@ let
|
|||
text = mkDefault
|
||||
(''
|
||||
# Account management.
|
||||
account sufficient pam_unix.so
|
||||
account ${if cfg.sssdStrictAccess then "required" else "sufficient"} pam_unix.so
|
||||
${optionalString use_ldap
|
||||
"account sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
|
||||
${optionalString config.services.sssd.enable
|
||||
${optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false)
|
||||
"account sufficient ${pkgs.sssd}/lib/security/pam_sss.so"}
|
||||
${optionalString (config.services.sssd.enable && cfg.sssdStrictAccess)
|
||||
"account [default=bad success=ok user_unknown=ignore] ${pkgs.sssd}/lib/security/pam_sss.so"}
|
||||
${optionalString config.krb5.enable
|
||||
"account sufficient ${pam_krb5}/lib/security/pam_krb5.so"}
|
||||
|
||||
|
|
150
nixos/modules/services/backup/restic.nix
Normal file
150
nixos/modules/services/backup/restic.nix
Normal file
|
@ -0,0 +1,150 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
options.services.restic.backups = mkOption {
|
||||
description = ''
|
||||
Periodic backups to create with Restic.
|
||||
'';
|
||||
type = types.attrsOf (types.submodule ({ name, config, ... }: {
|
||||
options = {
|
||||
passwordFile = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Read the repository password from a file.
|
||||
'';
|
||||
example = "/etc/nixos/restic-password";
|
||||
|
||||
};
|
||||
|
||||
repository = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
repository to backup to.
|
||||
'';
|
||||
example = "sftp:backup@192.168.1.100:/backups/${name}";
|
||||
};
|
||||
|
||||
paths = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Which paths to backup.
|
||||
'';
|
||||
example = [
|
||||
"/var/lib/postgresql"
|
||||
"/home/user/backup"
|
||||
];
|
||||
};
|
||||
|
||||
timerConfig = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {
|
||||
OnCalendar = "daily";
|
||||
};
|
||||
description = ''
|
||||
When to run the backup. See man systemd.timer for details.
|
||||
'';
|
||||
example = {
|
||||
OnCalendar = "00:05";
|
||||
RandomizedDelaySec = "5h";
|
||||
};
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "root";
|
||||
description = ''
|
||||
As which user the backup should run.
|
||||
'';
|
||||
example = "postgresql";
|
||||
};
|
||||
|
||||
extraBackupArgs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra arguments passed to restic backup.
|
||||
'';
|
||||
example = [
|
||||
"--exclude-file=/etc/nixos/restic-ignore"
|
||||
];
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra extended options to be passed to the restic --option flag.
|
||||
'';
|
||||
example = [
|
||||
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'"
|
||||
];
|
||||
};
|
||||
|
||||
initialize = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Create the repository if it doesn't exist.
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
example = {
|
||||
localbackup = {
|
||||
paths = [ "/home" ];
|
||||
repository = "/mnt/backup-hdd";
|
||||
passwordFile = "/etc/nixos/secrets/restic-password";
|
||||
initialize = true;
|
||||
};
|
||||
remotebackup = {
|
||||
paths = [ "/home" ];
|
||||
repository = "sftp:backup@host:/backups/home";
|
||||
passwordFile = "/etc/nixos/secrets/restic-password";
|
||||
extraOptions = [
|
||||
"sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "00:05";
|
||||
RandomizedDelaySec = "5h";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
systemd.services =
|
||||
mapAttrs' (name: backup:
|
||||
let
|
||||
extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions;
|
||||
connectTo = elemAt (splitString ":" backup.repository) 1;
|
||||
resticCmd = "${pkgs.restic}/bin/restic${extraOptions}";
|
||||
in nameValuePair "restic-backups-${name}" ({
|
||||
environment = {
|
||||
RESTIC_PASSWORD_FILE = backup.passwordFile;
|
||||
RESTIC_REPOSITORY = backup.repository;
|
||||
};
|
||||
path = with pkgs; [
|
||||
openssh
|
||||
];
|
||||
restartIfChanged = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${concatStringsSep " " backup.paths}";
|
||||
User = backup.user;
|
||||
};
|
||||
} // optionalAttrs backup.initialize {
|
||||
preStart = ''
|
||||
${resticCmd} snapshots || ${resticCmd} init
|
||||
'';
|
||||
})
|
||||
) config.services.restic.backups;
|
||||
systemd.timers =
|
||||
mapAttrs' (name: backup: nameValuePair "restic-backups-${name}" {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = backup.timerConfig;
|
||||
}) config.services.restic.backups;
|
||||
};
|
||||
}
|
|
@ -6,6 +6,13 @@ let
|
|||
cfg = config.services.boinc;
|
||||
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
|
||||
|
||||
fhsEnv = pkgs.buildFHSUserEnv {
|
||||
name = "boinc-fhs-env";
|
||||
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
|
||||
runScript = "/bin/boinc_client";
|
||||
};
|
||||
fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}";
|
||||
|
||||
in
|
||||
{
|
||||
options.services.boinc = {
|
||||
|
@ -49,6 +56,43 @@ in
|
|||
See also: <link xlink:href="http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access"/>
|
||||
'';
|
||||
};
|
||||
|
||||
extraEnvPackages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
example = "[ pkgs.virtualbox ]";
|
||||
description = ''
|
||||
Additional packages to make available in the environment in which
|
||||
BOINC will run. Common choices are:
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><varname>pkgs.virtualbox</varname></term>
|
||||
<listitem><para>
|
||||
The VirtualBox virtual machine framework. Required by some BOINC
|
||||
projects, such as ATLAS@home.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>pkgs.ocl-icd</varname></term>
|
||||
<listitem><para>
|
||||
OpenCL infrastructure library. Required by BOINC projects that
|
||||
use OpenCL, in addition to a device-specific OpenCL driver.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>pkgs.linuxPackages.nvidia_x11</varname></term>
|
||||
<listitem><para>
|
||||
Provides CUDA libraries. Required by BOINC projects that use
|
||||
CUDA. Note that this requires an NVIDIA graphics device to be
|
||||
present on the system.
|
||||
</para><para>
|
||||
Also provides OpenCL drivers for NVIDIA GPUs;
|
||||
<varname>pkgs.ocl-icd</varname> is also needed in this case.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -70,7 +114,7 @@ in
|
|||
chown boinc ${cfg.dataDir}
|
||||
'';
|
||||
script = ''
|
||||
${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
|
||||
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
|
||||
'';
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true; # preStart must be run as root
|
||||
|
|
|
@ -22,7 +22,7 @@ let
|
|||
|
||||
web_root = ${cfg.package}/etc/pgmanage/web_root
|
||||
|
||||
data_root = ${cfg.dataRoot}
|
||||
sql_root = ${cfg.sqlRoot}
|
||||
|
||||
${optionalString (!isNull cfg.tls) ''
|
||||
tls_cert = ${cfg.tls.cert}
|
||||
|
@ -130,7 +130,7 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
dataRoot = mkOption {
|
||||
sqlRoot = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/pgmanage";
|
||||
description = ''
|
||||
|
@ -210,7 +210,7 @@ in {
|
|||
users."${pgmanage}" = {
|
||||
name = pgmanage;
|
||||
group = pgmanage;
|
||||
home = cfg.dataRoot;
|
||||
home = cfg.sqlRoot;
|
||||
createHome = true;
|
||||
};
|
||||
groups."${pgmanage}" = {
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
with lib;
|
||||
|
||||
let
|
||||
bluez-bluetooth = pkgs.bluez;
|
||||
cfg = config.hardware.bluetooth;
|
||||
bluez-bluetooth = cfg.package;
|
||||
|
||||
in {
|
||||
|
||||
|
@ -21,6 +21,16 @@ in {
|
|||
description = "Whether to power up the default Bluetooth controller on boot.";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.bluez;
|
||||
defaultText = "pkgs.bluez";
|
||||
example = "pkgs.bluez.override { enableMidi = true; }";
|
||||
description = ''
|
||||
Which BlueZ package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
|
|
|
@ -158,7 +158,7 @@ in
|
|||
|
||||
services.dysnomia.properties = {
|
||||
hostname = config.networking.hostName;
|
||||
system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system;
|
||||
inherit (config.nixpkgs.localSystem) system;
|
||||
|
||||
supportedTypes = (import "${pkgs.stdenv.mkDerivation {
|
||||
name = "supportedtypes";
|
||||
|
|
|
@ -32,6 +32,14 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
gitwebTheme = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Use an alternative theme for gitweb, strongly inspired by GitHub.
|
||||
'';
|
||||
};
|
||||
|
||||
gitwebConfigFile = mkOption {
|
||||
default = pkgs.writeText "gitweb.conf" ''
|
||||
# path to git projects (<project>.git)
|
||||
|
|
|
@ -213,7 +213,7 @@ in {
|
|||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
mkdir -m 0700 -p ${cfg.workDir}
|
||||
mkdir -m 0701 -p ${cfg.workDir}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -23,7 +23,7 @@ let
|
|||
options =
|
||||
let
|
||||
scrubbedEval = evalModules {
|
||||
modules = [ { nixpkgs.system = config.nixpkgs.system; } ] ++ baseModules;
|
||||
modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
|
||||
args = (config._module.args) // { modules = [ ]; };
|
||||
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
|
||||
};
|
||||
|
|
|
@ -20,6 +20,7 @@ let
|
|||
exporterOpts = {
|
||||
blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; };
|
||||
collectd = import ./exporters/collectd.nix { inherit config lib pkgs; };
|
||||
dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; };
|
||||
fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; };
|
||||
json = import ./exporters/json.nix { inherit config lib pkgs; };
|
||||
minio = import ./exporters/minio.nix { inherit config lib pkgs; };
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
{ config, lib, pkgs }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.dovecot;
|
||||
in
|
||||
{
|
||||
port = 9166;
|
||||
extraOpts = {
|
||||
telemetryPath = mkOption {
|
||||
type = types.str;
|
||||
default = "/metrics";
|
||||
description = ''
|
||||
Path under which to expose metrics.
|
||||
'';
|
||||
};
|
||||
socketPath = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/run/dovecot/stats";
|
||||
example = "/var/run/dovecot2/stats";
|
||||
description = ''
|
||||
Path under which the stats socket is placed.
|
||||
The user/group under which the exporter runs,
|
||||
should be able to access the socket in order
|
||||
to scrape the metrics successfully.
|
||||
'';
|
||||
};
|
||||
scopes = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "user" ];
|
||||
example = [ "user" "global" ];
|
||||
description = ''
|
||||
Stats scopes to query.
|
||||
'';
|
||||
};
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--web.telemetry-path ${cfg.telemetryPath} \
|
||||
--dovecot.socket-path ${cfg.socketPath} \
|
||||
--dovecot.scopes ${concatStringsSep "," cfg.scopes} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -32,6 +32,33 @@ in
|
|||
Path where Postfix places it's showq socket.
|
||||
'';
|
||||
};
|
||||
systemd = {
|
||||
enable = mkEnableOption ''
|
||||
reading metrics from the systemd-journal instead of from a logfile
|
||||
'';
|
||||
unit = mkOption {
|
||||
type = types.str;
|
||||
default = "postfix.service";
|
||||
description = ''
|
||||
Name of the postfix systemd unit.
|
||||
'';
|
||||
};
|
||||
slice = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Name of the postfix systemd slice.
|
||||
This overrides the <option>systemd.unit</option>.
|
||||
'';
|
||||
};
|
||||
journalPath = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
Path to the systemd journal.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
|
@ -39,7 +66,15 @@ in
|
|||
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--web.telemetry-path ${cfg.telemetryPath} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
--postfix.showq_path ${cfg.showqPath} \
|
||||
${concatStringsSep " \\\n " (cfg.extraFlags
|
||||
++ optional cfg.systemd.enable "--systemd.enable"
|
||||
++ optional cfg.systemd.enable (if cfg.systemd.slice != null
|
||||
then "--systemd.slice ${cfg.systemd.slice}"
|
||||
else "--systemd.unit ${cfg.systemd.unit}")
|
||||
++ optional (cfg.systemd.enable && (cfg.systemd.journalPath != null))
|
||||
"--systemd.jounal_path ${cfg.systemd.journalPath}"
|
||||
++ optional (!cfg.systemd.enable) "--postfix.logfile_path ${cfg.logfilePath}")}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -3,24 +3,24 @@
|
|||
let
|
||||
cfg = config.services.ddclient;
|
||||
boolToStr = bool: if bool then "yes" else "no";
|
||||
dataDir = "/var/lib/ddclient";
|
||||
|
||||
configText = ''
|
||||
# This file can be used as a template for configFile or is automatically generated by Nix options.
|
||||
daemon=${toString cfg.interval}
|
||||
cache=${cfg.homeDir}/ddclient.cache
|
||||
pid=/run/ddclient/ddclient.pid
|
||||
foreground=NO
|
||||
cache=${dataDir}/ddclient.cache
|
||||
foreground=YES
|
||||
use=${cfg.use}
|
||||
login=${cfg.username}
|
||||
password=${cfg.password}
|
||||
protocol=${cfg.protocol}
|
||||
${let server = cfg.server; in
|
||||
lib.optionalString (server != "") "server=${server}"}
|
||||
${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
|
||||
${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
|
||||
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
|
||||
ssl=${boolToStr cfg.ssl}
|
||||
wildcard=YES
|
||||
quiet=${boolToStr cfg.quiet}
|
||||
verbose=${boolToStr cfg.verbose}
|
||||
${cfg.domain}
|
||||
${lib.concatStringsSep "," cfg.domains}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
|
@ -44,17 +44,11 @@ with lib;
|
|||
'';
|
||||
};
|
||||
|
||||
homeDir = mkOption {
|
||||
default = "/var/lib/ddclient";
|
||||
type = str;
|
||||
description = "Home directory for the daemon user.";
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
default = "";
|
||||
type = str;
|
||||
domains = mkOption {
|
||||
default = [ "" ];
|
||||
type = listOf str;
|
||||
description = ''
|
||||
Domain name to synchronize.
|
||||
Domain name(s) to synchronize.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -75,9 +69,12 @@ with lib;
|
|||
};
|
||||
|
||||
interval = mkOption {
|
||||
default = 600;
|
||||
type = int;
|
||||
description = "The interval at which to run the check and update.";
|
||||
default = "10min";
|
||||
type = str;
|
||||
description = ''
|
||||
The interval at which to run the check and update.
|
||||
See <command>man 7 systemd.time</command> for the format.
|
||||
'';
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
|
@ -95,7 +92,7 @@ with lib;
|
|||
default = "dyndns2";
|
||||
type = str;
|
||||
description = ''
|
||||
Protocol to use with dynamic DNS provider (see http://sourceforge.net/apps/trac/ddclient/wiki/Protocols).
|
||||
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -115,11 +112,20 @@ with lib;
|
|||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
type = lines;
|
||||
|
||||
quiet = mkOption {
|
||||
default = false;
|
||||
type = bool;
|
||||
description = ''
|
||||
Extra configuration. Contents will be added verbatim to the configuration file.
|
||||
Print no messages for unnecessary updates.
|
||||
'';
|
||||
};
|
||||
|
||||
script = mkOption {
|
||||
default = "";
|
||||
type = str;
|
||||
description = ''
|
||||
script as required by some providers.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -139,11 +145,19 @@ with lib;
|
|||
'';
|
||||
};
|
||||
|
||||
quiet = mkOption {
|
||||
default = false;
|
||||
type = bool;
|
||||
zone = mkOption {
|
||||
default = "";
|
||||
type = str;
|
||||
description = ''
|
||||
Print no messages for unnecessary updates.
|
||||
zone as required by some providers.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
type = lines;
|
||||
description = ''
|
||||
Extra configuration. Contents will be added verbatim to the configuration file.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -153,23 +167,8 @@ with lib;
|
|||
###### implementation
|
||||
|
||||
config = mkIf config.services.ddclient.enable {
|
||||
|
||||
users = {
|
||||
extraGroups.ddclient.gid = config.ids.gids.ddclient;
|
||||
|
||||
extraUsers.ddclient = {
|
||||
uid = config.ids.uids.ddclient;
|
||||
description = "ddclient daemon user";
|
||||
group = "ddclient";
|
||||
home = cfg.homeDir;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."ddclient.conf" = {
|
||||
enable = cfg.configFile == "/etc/ddclient.conf";
|
||||
uid = config.ids.uids.ddclient;
|
||||
gid = config.ids.gids.ddclient;
|
||||
mode = "0600";
|
||||
text = configText;
|
||||
};
|
||||
|
@ -180,15 +179,22 @@ with lib;
|
|||
after = [ "network.target" ];
|
||||
restartTriggers = [ config.environment.etc."ddclient.conf".source ];
|
||||
|
||||
serviceConfig = {
|
||||
RuntimeDirectory = "ddclient";
|
||||
# we cannot run in forking mode as it swallows all the program output
|
||||
Type = "simple";
|
||||
User = "ddclient";
|
||||
Group = "ddclient";
|
||||
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -foreground -file ${cfg.configFile}";
|
||||
ProtectSystem = "full";
|
||||
PrivateTmp = true;
|
||||
serviceConfig = rec {
|
||||
DynamicUser = true;
|
||||
RuntimeDirectory = StateDirectory;
|
||||
StateDirectory = builtins.baseNameOf dataDir;
|
||||
Type = "oneshot";
|
||||
ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m666 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf";
|
||||
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.ddclient = {
|
||||
description = "Run ddclient";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = cfg.interval;
|
||||
OnUnitInactiveSec = cfg.interval;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -26,7 +26,7 @@ in {
|
|||
wants = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig.ExecStart = "${pkgs.iwd}/bin/iwd";
|
||||
serviceConfig.ExecStart = "${pkgs.iwd}/libexec/iwd";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ in
|
|||
|
||||
pidfile = mkOption {
|
||||
type = types.path;
|
||||
default = "/tmp/murmurd.pid";
|
||||
default = "/run/murmur/murmurd.pid";
|
||||
description = "Path to PID file for Murmur daemon.";
|
||||
};
|
||||
|
||||
|
@ -252,6 +252,7 @@ in
|
|||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
RuntimeDirectory = "murmur";
|
||||
PIDFile = cfg.pidfile;
|
||||
Restart = "always";
|
||||
User = "murmur";
|
||||
|
|
|
@ -251,6 +251,46 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
dnssec = mkEnableOption "DNSSEC";
|
||||
|
||||
dnssecPolicy = {
|
||||
algorithm = mkOption {
|
||||
type = types.str;
|
||||
default = "RSASHA256";
|
||||
description = "Which algorithm to use for DNSSEC";
|
||||
};
|
||||
keyttl = mkOption {
|
||||
type = types.str;
|
||||
default = "1h";
|
||||
description = "TTL for dnssec records";
|
||||
};
|
||||
coverage = mkOption {
|
||||
type = types.str;
|
||||
default = "1y";
|
||||
description = ''
|
||||
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
||||
'';
|
||||
};
|
||||
zsk = mkOption {
|
||||
type = keyPolicy;
|
||||
default = { keySize = 2048;
|
||||
prePublish = "1w";
|
||||
postPublish = "1w";
|
||||
rollPeriod = "1mo";
|
||||
};
|
||||
description = "Key policy for zone signing keys";
|
||||
};
|
||||
ksk = mkOption {
|
||||
type = keyPolicy;
|
||||
default = { keySize = 4096;
|
||||
prePublish = "1mo";
|
||||
postPublish = "1mo";
|
||||
rollPeriod = "0";
|
||||
};
|
||||
description = "Key policy for key signing keys";
|
||||
};
|
||||
};
|
||||
|
||||
maxRefreshSecs = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
|
@ -367,10 +407,61 @@ let
|
|||
and stats_noreset.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
keyPolicy = types.submodule {
|
||||
options = {
|
||||
keySize = mkOption {
|
||||
type = types.int;
|
||||
description = "Key size in bits";
|
||||
};
|
||||
prePublish = mkOption {
|
||||
type = types.str;
|
||||
description = "How long in advance to publish new keys";
|
||||
};
|
||||
postPublish = mkOption {
|
||||
type = types.str;
|
||||
description = "How long after deactivation to keep a key in the zone";
|
||||
};
|
||||
rollPeriod = mkOption {
|
||||
type = types.str;
|
||||
description = "How frequently to change keys";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs);
|
||||
|
||||
dnssec = length (attrNames dnssecZones) != 0;
|
||||
|
||||
signZones = optionalString dnssec ''
|
||||
mkdir -p ${stateDir}/dnssec
|
||||
chown ${username}:${username} ${stateDir}/dnssec
|
||||
chmod 0600 ${stateDir}/dnssec
|
||||
|
||||
${concatStrings (mapAttrsToList signZone dnssecZones)}
|
||||
'';
|
||||
signZone = name: zone: ''
|
||||
${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name}
|
||||
${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
|
||||
${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
|
||||
'';
|
||||
policyFile = name: policy: pkgs.writeText "${name}.policy" ''
|
||||
zone ${name} {
|
||||
algorithm ${policy.algorithm};
|
||||
key-size zsk ${toString policy.zsk.keySize};
|
||||
key-size ksk ${toString policy.ksk.keySize};
|
||||
keyttl ${policy.keyttl};
|
||||
pre-publish zsk ${policy.zsk.prePublish};
|
||||
pre-publish ksk ${policy.ksk.prePublish};
|
||||
post-publish zsk ${policy.zsk.postPublish};
|
||||
post-publish ksk ${policy.ksk.postPublish};
|
||||
roll-period zsk ${policy.zsk.rollPeriod};
|
||||
roll-period ksk ${policy.ksk.rollPeriod};
|
||||
coverage ${policy.coverage};
|
||||
};
|
||||
'';
|
||||
in
|
||||
{
|
||||
# options are ordered alphanumerically
|
||||
|
@ -380,6 +471,14 @@ in
|
|||
|
||||
bind8Stats = mkEnableOption "BIND8 like statistics";
|
||||
|
||||
dnssecInterval = mkOption {
|
||||
type = types.str;
|
||||
default = "1h";
|
||||
description = ''
|
||||
How often to check whether dnssec key rollover is required
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
|
@ -741,7 +840,6 @@ in
|
|||
|
||||
};
|
||||
|
||||
|
||||
zones = mkOption {
|
||||
type = types.attrsOf zoneOptions;
|
||||
default = {};
|
||||
|
@ -785,7 +883,6 @@ in
|
|||
serverGroup1.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -832,9 +929,9 @@ in
|
|||
mkdir -m 0700 -p "${stateDir}/var"
|
||||
|
||||
cat > "${stateDir}/don't touch anything in here" << EOF
|
||||
Everything in this directory except NSD's state in var is
|
||||
automatically generated and will be purged and redeployed
|
||||
by the nsd.service pre-start script.
|
||||
Everything in this directory except NSD's state in var and dnssec
|
||||
is automatically generated and will be purged and redeployed by
|
||||
the nsd.service pre-start script.
|
||||
EOF
|
||||
|
||||
chown ${username}:${username} -R "${stateDir}/private"
|
||||
|
@ -848,6 +945,34 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
nixpkgs.config = mkIf dnssec {
|
||||
bind.enablePython = true;
|
||||
};
|
||||
|
||||
systemd.timers."nsd-dnssec" = mkIf dnssec {
|
||||
description = "Automatic DNSSEC key rollover";
|
||||
|
||||
wantedBy = [ "nsd.service" ];
|
||||
|
||||
timerConfig = {
|
||||
OnActiveSec = cfg.dnssecInterval;
|
||||
OnUnitActiveSec = cfg.dnssecInterval;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."nsd-dnssec" = mkIf dnssec {
|
||||
description = "DNSSEC key rollover";
|
||||
|
||||
wantedBy = [ "nsd.service" ];
|
||||
before = [ "nsd.service" ];
|
||||
|
||||
script = signZones;
|
||||
|
||||
postStop = ''
|
||||
${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ hrdinka ];
|
||||
|
|
|
@ -65,7 +65,7 @@ let
|
|||
|
||||
path = [ pkgs.iptables pkgs.iproute pkgs.nettools ];
|
||||
|
||||
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}";
|
||||
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --suppress-timestamps --config ${configFile}";
|
||||
serviceConfig.Restart = "always";
|
||||
serviceConfig.Type = "notify";
|
||||
};
|
||||
|
|
|
@ -133,7 +133,7 @@ in
|
|||
users.groups = {
|
||||
quagga = {};
|
||||
# Members of the quaggavty group can use vtysh to inspect the Quagga daemons
|
||||
quaggavty = {};
|
||||
quaggavty = { members = [ "quagga" ]; };
|
||||
};
|
||||
|
||||
systemd.services =
|
||||
|
|
|
@ -213,6 +213,65 @@ in
|
|||
description = "Files from which authorized keys are read.";
|
||||
};
|
||||
|
||||
kexAlgorithms = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
description = ''
|
||||
Allowed key exchange algorithms
|
||||
</para>
|
||||
<para>
|
||||
Defaults to recommended settings from both
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
|
||||
and
|
||||
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
|
||||
'';
|
||||
};
|
||||
|
||||
ciphers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"chacha20-poly1305@openssh.com"
|
||||
"aes256-gcm@openssh.com"
|
||||
"aes128-gcm@openssh.com"
|
||||
"aes256-ctr"
|
||||
"aes192-ctr"
|
||||
"aes128-ctr"
|
||||
];
|
||||
description = ''
|
||||
Allowed ciphers
|
||||
</para>
|
||||
<para>
|
||||
Defaults to recommended settings from both
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
|
||||
and
|
||||
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
|
||||
'';
|
||||
};
|
||||
|
||||
macs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
"umac-128-etm@openssh.com"
|
||||
"hmac-sha2-512"
|
||||
"hmac-sha2-256"
|
||||
"umac-128@openssh.com"
|
||||
];
|
||||
description = ''
|
||||
Allowed MACs
|
||||
</para>
|
||||
<para>
|
||||
Defaults to recommended settings from both
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
|
||||
and
|
||||
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
|
@ -363,14 +422,9 @@ in
|
|||
HostKey ${k.path}
|
||||
'')}
|
||||
|
||||
### Recommended settings from both:
|
||||
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
|
||||
# and
|
||||
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
|
||||
|
||||
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
|
||||
Ciphers ${concatStringsSep "," cfg.ciphers}
|
||||
MACs ${concatStringsSep "," cfg.macs}
|
||||
|
||||
# LogLevel VERBOSE logs user's key fingerprint on login.
|
||||
# Needed to have a clear audit track of which key was used to log in.
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with (import ./param-lib.nix lib);
|
||||
|
||||
let
|
||||
cfg = config.services.strongswan-swanctl;
|
||||
swanctlParams = import ./swanctl-params.nix lib;
|
||||
in {
|
||||
options.services.strongswan-swanctl = {
|
||||
enable = mkEnableOption "strongswan-swanctl service";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.strongswan;
|
||||
defaultText = "pkgs.strongswan";
|
||||
description = ''
|
||||
The strongswan derivation to use.
|
||||
'';
|
||||
};
|
||||
|
||||
strongswan.extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Contents of the <literal>strongswan.conf</literal> file.
|
||||
'';
|
||||
};
|
||||
|
||||
swanctl = paramsToOptions swanctlParams;
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = !config.services.strongswan.enable;
|
||||
message = "cannot enable both services.strongswan and services.strongswan-swanctl. Choose either one.";
|
||||
}
|
||||
];
|
||||
|
||||
environment.etc."swanctl/swanctl.conf".text =
|
||||
paramsToConf cfg.swanctl swanctlParams;
|
||||
|
||||
# The swanctl command complains when the following directories don't exist:
|
||||
# See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctldirectory
|
||||
system.activationScripts.strongswan-swanctl-etc = stringAfter ["etc"] ''
|
||||
mkdir -p '/etc/swanctl/x509' # Trusted X.509 end entity certificates
|
||||
mkdir -p '/etc/swanctl/x509ca' # Trusted X.509 Certificate Authority certificates
|
||||
mkdir -p '/etc/swanctl/x509ocsp'
|
||||
mkdir -p '/etc/swanctl/x509aa' # Trusted X.509 Attribute Authority certificates
|
||||
mkdir -p '/etc/swanctl/x509ac' # Attribute Certificates
|
||||
mkdir -p '/etc/swanctl/x509crl' # Certificate Revocation Lists
|
||||
mkdir -p '/etc/swanctl/pubkey' # Raw public keys
|
||||
mkdir -p '/etc/swanctl/private' # Private keys in any format
|
||||
mkdir -p '/etc/swanctl/rsa' # PKCS#1 encoded RSA private keys
|
||||
mkdir -p '/etc/swanctl/ecdsa' # Plain ECDSA private keys
|
||||
mkdir -p '/etc/swanctl/bliss'
|
||||
mkdir -p '/etc/swanctl/pkcs8' # PKCS#8 encoded private keys of any type
|
||||
mkdir -p '/etc/swanctl/pkcs12' # PKCS#12 containers
|
||||
'';
|
||||
|
||||
systemd.services.strongswan-swanctl = {
|
||||
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" "keys.target" ];
|
||||
wants = [ "keys.target" ];
|
||||
path = with pkgs; [ kmod iproute iptables utillinux ];
|
||||
environment.STRONGSWAN_CONF = pkgs.writeTextFile {
|
||||
name = "strongswan.conf";
|
||||
text = cfg.strongswan.extraConfig;
|
||||
};
|
||||
restartTriggers = [ config.environment.etc."swanctl/swanctl.conf".source ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/sbin/charon-systemd";
|
||||
Type = "notify";
|
||||
ExecStartPost = "${cfg.package}/sbin/swanctl --load-all --noprompt";
|
||||
ExecReload = "${cfg.package}/sbin/swanctl --reload";
|
||||
Restart = "on-abnormal";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,162 @@
|
|||
# In the following context a parameter is an attribute set that
|
||||
# contains a NixOS option and a render function. It also contains the
|
||||
# attribute: '_type = "param"' so we can distinguish it from other
|
||||
# sets.
|
||||
#
|
||||
# The render function is used to convert the value of the option to a
|
||||
# snippet of strongswan.conf. Most parameters simply render their
|
||||
# value to a string. For example, take the following parameter:
|
||||
#
|
||||
# threads = mkIntParam 10 "Threads to use for request handling.";
|
||||
#
|
||||
# When a users defines the corresponding option as for example:
|
||||
#
|
||||
# services.strongswan-swanctl.strongswan.threads = 32;
|
||||
#
|
||||
# It will get rendered to the following snippet in strongswan.conf:
|
||||
#
|
||||
# threads = 32
|
||||
#
|
||||
# Some parameters however need to be able to change the attribute
|
||||
# name. For example, take the following parameter:
|
||||
#
|
||||
# id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") "...";
|
||||
#
|
||||
# A user can define the corresponding option as for example:
|
||||
#
|
||||
# id = {
|
||||
# "foo" = "bar";
|
||||
# "baz" = "qux";
|
||||
# };
|
||||
#
|
||||
# This will get rendered to the following snippet:
|
||||
#
|
||||
# foo-id = bar
|
||||
# baz-id = qux
|
||||
#
|
||||
# For this reason the render function is not simply a function from
|
||||
# value -> string but a function from a value to an attribute set:
|
||||
# { "${name}" = string }. This allows parameters to change the attribute
|
||||
# name like in the previous example.
|
||||
|
||||
lib :
|
||||
|
||||
with lib;
|
||||
with (import ./param-lib.nix lib);
|
||||
|
||||
rec {
|
||||
mkParamOfType = type : strongswanDefault : description : {
|
||||
_type = "param";
|
||||
option = mkOption {
|
||||
type = types.nullOr type;
|
||||
default = null;
|
||||
description = documentDefault description strongswanDefault;
|
||||
};
|
||||
render = single toString;
|
||||
};
|
||||
|
||||
documentDefault = description : strongswanDefault :
|
||||
if isNull strongswanDefault
|
||||
then description
|
||||
else description + ''
|
||||
</para><para>
|
||||
StrongSwan default: <literal><![CDATA[${builtins.toJSON strongswanDefault}]]></literal>
|
||||
'';
|
||||
|
||||
single = f: name: value: { "${name}" = f value; };
|
||||
|
||||
mkStrParam = mkParamOfType types.str;
|
||||
mkOptionalStrParam = mkStrParam null;
|
||||
|
||||
mkEnumParam = values : mkParamOfType (types.enum values);
|
||||
|
||||
mkIntParam = mkParamOfType types.int;
|
||||
mkOptionalIntParam = mkIntParam null;
|
||||
|
||||
# We should have floats in Nix...
|
||||
mkFloatParam = mkStrParam;
|
||||
|
||||
# TODO: Check for hex format:
|
||||
mkHexParam = mkStrParam;
|
||||
mkOptionalHexParam = mkOptionalStrParam;
|
||||
|
||||
# TODO: Check for duration format:
|
||||
mkDurationParam = mkStrParam;
|
||||
mkOptionalDurationParam = mkOptionalStrParam;
|
||||
|
||||
mkYesNoParam = strongswanDefault : description : {
|
||||
_type = "param";
|
||||
option = mkOption {
|
||||
type = types.nullOr types.bool;
|
||||
default = null;
|
||||
description = documentDefault description strongswanDefault;
|
||||
};
|
||||
render = single (b: if b then "yes" else "no");
|
||||
};
|
||||
yes = true;
|
||||
no = false;
|
||||
|
||||
mkSpaceSepListParam = mkSepListParam " ";
|
||||
mkCommaSepListParam = mkSepListParam ",";
|
||||
|
||||
mkSepListParam = sep : strongswanDefault : description : {
|
||||
_type = "param";
|
||||
option = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
description = documentDefault description strongswanDefault;
|
||||
};
|
||||
render = single (value: concatStringsSep sep value);
|
||||
};
|
||||
|
||||
mkAttrsOfParams = params :
|
||||
mkAttrsOf params (types.submodule {options = paramsToOptions params;});
|
||||
|
||||
mkAttrsOfParam = param :
|
||||
mkAttrsOf param param.option.type;
|
||||
|
||||
mkAttrsOf = param : option : description : {
|
||||
_type = "param";
|
||||
option = mkOption {
|
||||
type = types.attrsOf option;
|
||||
default = {};
|
||||
inherit description;
|
||||
};
|
||||
render = single (attrs:
|
||||
(paramsToRenderedStrings attrs
|
||||
(mapAttrs (_n: _v: param) attrs)));
|
||||
};
|
||||
|
||||
mkPrefixedAttrsOfParams = params :
|
||||
mkPrefixedAttrsOf params (types.submodule {options = paramsToOptions params;});
|
||||
|
||||
mkPrefixedAttrsOfParam = param :
|
||||
mkPrefixedAttrsOf param param.option.type;
|
||||
|
||||
mkPrefixedAttrsOf = p : option : description : {
|
||||
_type = "param";
|
||||
option = mkOption {
|
||||
type = types.attrsOf option;
|
||||
default = {};
|
||||
inherit description;
|
||||
};
|
||||
render = prefix: attrs:
|
||||
let prefixedAttrs = mapAttrs' (name: nameValuePair "${prefix}-${name}") attrs;
|
||||
in paramsToRenderedStrings prefixedAttrs
|
||||
(mapAttrs (_n: _v: p) prefixedAttrs);
|
||||
};
|
||||
|
||||
mkPostfixedAttrsOfParams = params : description : {
|
||||
_type = "param";
|
||||
option = mkOption {
|
||||
type = types.attrsOf (types.submodule {options = paramsToOptions params;});
|
||||
default = {};
|
||||
inherit description;
|
||||
};
|
||||
render = postfix: attrs:
|
||||
let postfixedAttrs = mapAttrs' (name: nameValuePair "${name}-${postfix}") attrs;
|
||||
in paramsToRenderedStrings postfixedAttrs
|
||||
(mapAttrs (_n: _v: params) postfixedAttrs);
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,82 @@
|
|||
lib :
|
||||
|
||||
with lib;
|
||||
|
||||
rec {
|
||||
paramsToConf = cfg : ps : mkConf 0 (paramsToRenderedStrings cfg ps);
|
||||
|
||||
# mkConf takes an indentation level (which usually starts at 0) and a nested
|
||||
# attribute set of strings and will render that set to a strongswan.conf style
|
||||
# configuration format. For example:
|
||||
#
|
||||
# mkConf 0 {a = "1"; b = { c = { "foo" = "2"; "bar" = "3"; }; d = "4";};} => ''
|
||||
# a = 1
|
||||
# b {
|
||||
# c {
|
||||
# foo = 2
|
||||
# bar = 3
|
||||
# }
|
||||
# d = 4
|
||||
# }''
|
||||
mkConf = indent : ps :
|
||||
concatMapStringsSep "\n"
|
||||
(name:
|
||||
let value = ps."${name}";
|
||||
indentation = replicate indent " ";
|
||||
in
|
||||
indentation + (
|
||||
if isAttrs value
|
||||
then "${name} {\n" +
|
||||
mkConf (indent + 2) value + "\n" +
|
||||
indentation + "}"
|
||||
else "${name} = ${value}"
|
||||
)
|
||||
)
|
||||
(attrNames ps);
|
||||
|
||||
replicate = n : c : concatStrings (builtins.genList (_x : c) n);
|
||||
|
||||
# `paramsToRenderedStrings cfg ps` converts the NixOS configuration `cfg`
|
||||
# (typically the "config" argument of a NixOS module) and the set of
|
||||
# parameters `ps` (an attribute set where the values are constructed using the
|
||||
# parameter constructors in ./param-constructors.nix) to a nested attribute
|
||||
# set of strings (rendered parameters).
|
||||
paramsToRenderedStrings = cfg : ps :
|
||||
filterEmptySets (
|
||||
(mapParamsRecursive (path: name: param:
|
||||
let value = attrByPath path null cfg;
|
||||
in optionalAttrs (!isNull value) (param.render name value)
|
||||
) ps));
|
||||
|
||||
filterEmptySets = set : filterAttrs (n: v: !(isNull v)) (mapAttrs (name: value:
|
||||
if isAttrs value
|
||||
then let value' = filterEmptySets value;
|
||||
in if value' == {}
|
||||
then null
|
||||
else value'
|
||||
else value
|
||||
) set);
|
||||
|
||||
# Recursively map over every parameter in the given attribute set.
|
||||
mapParamsRecursive = mapAttrsRecursiveCond' (as: (!(as ? "_type" && as._type == "param")));
|
||||
|
||||
mapAttrsRecursiveCond' = cond: f: set:
|
||||
let
|
||||
recurse = path: set:
|
||||
let
|
||||
g =
|
||||
name: value:
|
||||
if isAttrs value && cond value
|
||||
then { "${name}" = recurse (path ++ [name]) value; }
|
||||
else f (path ++ [name]) name value;
|
||||
in mapAttrs'' g set;
|
||||
in recurse [] set;
|
||||
|
||||
mapAttrs'' = f: set:
|
||||
foldl' (a: b: a // b) {} (map (attr: f attr set.${attr}) (attrNames set));
|
||||
|
||||
# Extract the options from the given set of parameters.
|
||||
paramsToOptions = ps :
|
||||
mapParamsRecursive (_path: name: param: { "${name}" = param.option; }) ps;
|
||||
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -53,30 +53,30 @@ let
|
|||
};
|
||||
|
||||
preSetup = mkOption {
|
||||
example = literalExample [''
|
||||
example = literalExample ''
|
||||
${pkgs.iproute}/bin/ip netns add foo
|
||||
''];
|
||||
default = [];
|
||||
type = with types; listOf str;
|
||||
'';
|
||||
default = "";
|
||||
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
|
||||
description = ''
|
||||
A list of commands called at the start of the interface setup.
|
||||
Commands called at the start of the interface setup.
|
||||
'';
|
||||
};
|
||||
|
||||
postSetup = mkOption {
|
||||
example = literalExample [''
|
||||
${pkgs.bash} -c 'printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0'
|
||||
''];
|
||||
default = [];
|
||||
type = with types; listOf str;
|
||||
description = "A list of commands called at the end of the interface setup.";
|
||||
example = literalExample ''
|
||||
printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
|
||||
'';
|
||||
default = "";
|
||||
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
|
||||
description = "Commands called at the end of the interface setup.";
|
||||
};
|
||||
|
||||
postShutdown = mkOption {
|
||||
example = literalExample ["${pkgs.openresolv}/bin/resolvconf -d wg0"];
|
||||
default = [];
|
||||
type = with types; listOf str;
|
||||
description = "A list of commands called after shutting down the interface.";
|
||||
example = literalExample "${pkgs.openresolv}/bin/resolvconf -d wg0";
|
||||
default = "";
|
||||
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
|
||||
description = "Commands called after shutting down the interface.";
|
||||
};
|
||||
|
||||
table = mkOption {
|
||||
|
@ -182,9 +182,6 @@ let
|
|||
|
||||
};
|
||||
|
||||
ipCommand = "${pkgs.iproute}/bin/ip";
|
||||
wgCommand = "${pkgs.wireguard}/bin/wg";
|
||||
|
||||
generateUnit = name: values:
|
||||
# exactly one way to specify the private key must be set
|
||||
assert (values.privateKey != null) != (values.privateKeyFile != null);
|
||||
|
@ -196,49 +193,53 @@ let
|
|||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment.DEVICE = name;
|
||||
path = with pkgs; [ kmod iproute wireguard ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = flatten([
|
||||
values.preSetup
|
||||
};
|
||||
|
||||
"-${ipCommand} link del dev ${name}"
|
||||
"${ipCommand} link add dev ${name} type wireguard"
|
||||
script = ''
|
||||
modprobe wireguard
|
||||
|
||||
(map (ip:
|
||||
"${ipCommand} address add ${ip} dev ${name}"
|
||||
) values.ips)
|
||||
${values.preSetup}
|
||||
|
||||
("${wgCommand} set ${name} private-key ${privKey}" +
|
||||
optionalString (values.listenPort != null) " listen-port ${toString values.listenPort}")
|
||||
ip link add dev ${name} type wireguard
|
||||
|
||||
(map (peer:
|
||||
${concatMapStringsSep "\n" (ip:
|
||||
"ip address add ${ip} dev ${name}"
|
||||
) values.ips}
|
||||
|
||||
wg set ${name} private-key ${privKey} ${
|
||||
optionalString (values.listenPort != null) " listen-port ${toString values.listenPort}"}
|
||||
|
||||
${concatMapStringsSep "\n" (peer:
|
||||
assert (peer.presharedKeyFile == null) || (peer.presharedKey == null); # at most one of the two must be set
|
||||
let psk = if peer.presharedKey != null then pkgs.writeText "wg-psk" peer.presharedKey else peer.presharedKeyFile;
|
||||
in
|
||||
"${wgCommand} set ${name} peer ${peer.publicKey}" +
|
||||
"wg set ${name} peer ${peer.publicKey}" +
|
||||
optionalString (psk != null) " preshared-key ${psk}" +
|
||||
optionalString (peer.endpoint != null) " endpoint ${peer.endpoint}" +
|
||||
optionalString (peer.persistentKeepalive != null) " persistent-keepalive ${toString peer.persistentKeepalive}" +
|
||||
optionalString (peer.allowedIPs != []) " allowed-ips ${concatStringsSep "," peer.allowedIPs}"
|
||||
) values.peers)
|
||||
) values.peers}
|
||||
|
||||
"${ipCommand} link set up dev ${name}"
|
||||
ip link set up dev ${name}
|
||||
|
||||
(optionals (values.allowedIPsAsRoutes != false) (map (peer:
|
||||
${optionalString (values.allowedIPsAsRoutes != false) (concatStringsSep "\n" (concatMap (peer:
|
||||
(map (allowedIP:
|
||||
"${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}"
|
||||
"ip route replace ${allowedIP} dev ${name} table ${values.table}"
|
||||
) peer.allowedIPs)
|
||||
) values.peers))
|
||||
) values.peers))}
|
||||
|
||||
values.postSetup
|
||||
]);
|
||||
ExecStop = flatten([
|
||||
"${ipCommand} link del dev ${name}"
|
||||
values.postShutdown
|
||||
]);
|
||||
};
|
||||
${values.postSetup}
|
||||
'';
|
||||
|
||||
preStop = ''
|
||||
ip link del dev ${name}
|
||||
${values.postShutdown}
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
|
|
|
@ -32,8 +32,11 @@ let
|
|||
(if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging)
|
||||
else (pkgs.writeTextDir "logging.yml" cfg.logging))
|
||||
];
|
||||
postBuild = concatStringsSep "\n" (concatLists [
|
||||
# Elasticsearch 5.x won't start when the scripts directory does not exist
|
||||
postBuild = if es5 then "${pkgs.coreutils}/bin/mkdir -p $out/scripts" else "";
|
||||
(optional es5 "${pkgs.coreutils}/bin/mkdir -p $out/scripts")
|
||||
(optional es6 "ln -s ${cfg.package}/config/jvm.options $out/jvm.options")
|
||||
]);
|
||||
};
|
||||
|
||||
esPlugins = pkgs.buildEnv {
|
||||
|
|
|
@ -703,14 +703,10 @@ in
|
|||
after = [ "network.target" ];
|
||||
restartTriggers = [ torRcFile ];
|
||||
|
||||
# Translated from the upstream contrib/dist/tor.service.in
|
||||
preStart = ''
|
||||
install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
|
||||
${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
|
||||
'';
|
||||
|
||||
serviceConfig =
|
||||
{ Type = "simple";
|
||||
# Translated from the upstream contrib/dist/tor.service.in
|
||||
ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
|
||||
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
KillSignal = "SIGINT";
|
||||
|
@ -725,6 +721,8 @@ in
|
|||
# DeviceAllow /dev/urandom r
|
||||
# .. but we can't specify DeviceAllow multiple times. 'closed'
|
||||
# is close enough.
|
||||
RuntimeDirectory = "tor";
|
||||
StateDirectory = [ "tor" "tor/onion" ];
|
||||
PrivateTmp = "yes";
|
||||
DevicePolicy = "closed";
|
||||
InaccessibleDirectories = "/home";
|
||||
|
|
|
@ -155,7 +155,7 @@ in
|
|||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
|
||||
path = [ cfg.jrePackage ];
|
||||
path = [ cfg.jrePackage pkgs.bash ];
|
||||
|
||||
environment = {
|
||||
JIRA_USER = cfg.user;
|
||||
|
|
|
@ -466,10 +466,10 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
# NOTE: No configuration is done if not using virtual host
|
||||
virtualHosts = mkIf (cfg.virtualHost != null) {
|
||||
services.nginx = mkIf (cfg.virtualHost != null) {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"${cfg.virtualHost}" = {
|
||||
root = "${cfg.root}";
|
||||
|
||||
|
|
|
@ -4,6 +4,9 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.gitweb;
|
||||
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
|
||||
gitwebTheme = true;
|
||||
});
|
||||
|
||||
in
|
||||
{
|
||||
|
@ -34,8 +37,8 @@ in
|
|||
"^/gitweb$" => "/gitweb/"
|
||||
)
|
||||
alias.url = (
|
||||
"/gitweb/static/" => "${pkgs.git}/share/gitweb/static/",
|
||||
"/gitweb/" => "${pkgs.git}/share/gitweb/gitweb.cgi"
|
||||
"/gitweb/static/" => "${package}/static/",
|
||||
"/gitweb/" => "${package}/gitweb.cgi"
|
||||
)
|
||||
setenv.add-environment = (
|
||||
"GITWEB_CONFIG" => "${cfg.gitwebConfigFile}",
|
||||
|
|
|
@ -4,6 +4,9 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.gitweb;
|
||||
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
|
||||
gitwebTheme = true;
|
||||
});
|
||||
|
||||
in
|
||||
{
|
||||
|
@ -24,7 +27,7 @@ in
|
|||
|
||||
systemd.services.gitweb = {
|
||||
description = "GitWeb service";
|
||||
script = "${pkgs.git}/share/gitweb/gitweb.cgi --fastcgi --nproc=1";
|
||||
script = "${package}/gitweb.cgi --fastcgi --nproc=1";
|
||||
environment = {
|
||||
FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock";
|
||||
};
|
||||
|
@ -38,11 +41,10 @@ in
|
|||
|
||||
services.nginx = {
|
||||
virtualHosts.default = {
|
||||
locations."/gitweb/" = {
|
||||
root = "${pkgs.git}/share";
|
||||
tryFiles = "$uri @gitweb";
|
||||
locations."/gitweb/static/" = {
|
||||
alias = "${package}/static/";
|
||||
};
|
||||
locations."@gitweb" = {
|
||||
locations."/gitweb/" = {
|
||||
extraConfig = ''
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile};
|
||||
|
|
|
@ -32,8 +32,15 @@ with lib;
|
|||
rootDevice="${config.fileSystems."/".device}"
|
||||
if [ -e "$rootDevice" ]; then
|
||||
rootDevice="$(readlink -f "$rootDevice")"
|
||||
parentDevice="$(lsblk -npo PKNAME "$rootDevice")"
|
||||
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "''${rootDevice#$parentDevice}"
|
||||
parentDevice="$rootDevice"
|
||||
while [ "''${parentDevice%[0-9]}" != "''${parentDevice}" ]; do
|
||||
parentDevice="''${parentDevice%[0-9]}";
|
||||
done
|
||||
partNum="''${rootDevice#''${parentDevice}}"
|
||||
if [ "''${parentDevice%[0-9]p}" != "''${parentDevice}" ] && [ -b "''${parentDevice%p}" ]; then
|
||||
parentDevice="''${parentDevice%p}"
|
||||
fi
|
||||
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "$partNum"
|
||||
udevadm settle
|
||||
fi
|
||||
'';
|
||||
|
|
|
@ -77,8 +77,8 @@ in
|
|||
type = types.int;
|
||||
default = 4;
|
||||
description = ''
|
||||
The kernel console log level. Log messages with a priority
|
||||
numerically less than this will not appear on the console.
|
||||
The kernel console <literal>loglevel</literal>. All Kernel Messages with a log level smaller
|
||||
than this setting will be printed to the console.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -109,11 +109,15 @@ copyForced $fwdir/bootcode.bin /boot/bootcode.bin
|
|||
copyForced $fwdir/fixup.dat /boot/fixup.dat
|
||||
copyForced $fwdir/fixup_cd.dat /boot/fixup_cd.dat
|
||||
copyForced $fwdir/fixup_db.dat /boot/fixup_db.dat
|
||||
copyForced $fwdir/fixup_x.dat /boot/fixup_x.dat
|
||||
copyForced $fwdir/start.elf /boot/start.elf
|
||||
copyForced $fwdir/start_cd.elf /boot/start_cd.elf
|
||||
copyForced $fwdir/start_db.elf /boot/start_db.elf
|
||||
copyForced $fwdir/start_x.elf /boot/start_x.elf
|
||||
|
||||
# Add the config.txt
|
||||
copyForced @configTxt@ /boot/config.txt
|
||||
|
||||
# Remove obsolete files from /boot and /boot/old.
|
||||
for fn in /boot/old/*linux* /boot/old/*initrd-initrd* /boot/bcm*.dtb; do
|
||||
if ! test "${filesCopied[$fn]}" = 1; then
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
{ config, pkgs, configTxt }:
|
||||
|
||||
let
|
||||
cfg = config.boot.loader.raspberryPi;
|
||||
isAarch64 = pkgs.stdenv.isAarch64;
|
||||
|
||||
uboot =
|
||||
if cfg.version == 1 then
|
||||
pkgs.ubootRaspberryPi
|
||||
else if cfg.version == 2 then
|
||||
pkgs.ubootRaspberryPi2
|
||||
else
|
||||
if isAarch64 then
|
||||
pkgs.ubootRaspberryPi3_64bit
|
||||
else
|
||||
pkgs.ubootRaspberryPi3_32bit;
|
||||
|
||||
extlinuxConfBuilder =
|
||||
import ../generic-extlinux-compatible/extlinux-conf-builder.nix {
|
||||
inherit pkgs;
|
||||
};
|
||||
in
|
||||
pkgs.substituteAll {
|
||||
src = ./builder_uboot.sh;
|
||||
isExecutable = true;
|
||||
inherit (pkgs) bash;
|
||||
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
|
||||
firmware = pkgs.raspberrypifw;
|
||||
inherit uboot;
|
||||
inherit configTxt;
|
||||
inherit extlinuxConfBuilder;
|
||||
version = cfg.version;
|
||||
}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
#! @bash@/bin/sh -e
|
||||
|
||||
copyForced() {
|
||||
local src="$1"
|
||||
local dst="$2"
|
||||
cp $src $dst.tmp
|
||||
mv $dst.tmp $dst
|
||||
}
|
||||
|
||||
# Call the extlinux builder
|
||||
"@extlinuxConfBuilder@" "$@"
|
||||
|
||||
# Add the firmware files
|
||||
fwdir=@firmware@/share/raspberrypi/boot/
|
||||
copyForced $fwdir/bootcode.bin /boot/bootcode.bin
|
||||
copyForced $fwdir/fixup.dat /boot/fixup.dat
|
||||
copyForced $fwdir/fixup_cd.dat /boot/fixup_cd.dat
|
||||
copyForced $fwdir/fixup_db.dat /boot/fixup_db.dat
|
||||
copyForced $fwdir/fixup_x.dat /boot/fixup_x.dat
|
||||
copyForced $fwdir/start.elf /boot/start.elf
|
||||
copyForced $fwdir/start_cd.elf /boot/start_cd.elf
|
||||
copyForced $fwdir/start_db.elf /boot/start_db.elf
|
||||
copyForced $fwdir/start_x.elf /boot/start_x.elf
|
||||
|
||||
# Add the uboot file
|
||||
copyForced @uboot@/u-boot.bin /boot/u-boot-rpi.bin
|
||||
|
||||
# Add the config.txt
|
||||
copyForced @configTxt@ /boot/config.txt
|
|
@ -5,23 +5,55 @@ with lib;
|
|||
let
|
||||
cfg = config.boot.loader.raspberryPi;
|
||||
|
||||
builder = pkgs.substituteAll {
|
||||
builderGeneric = pkgs.substituteAll {
|
||||
src = ./builder.sh;
|
||||
isExecutable = true;
|
||||
inherit (pkgs) bash;
|
||||
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
|
||||
firmware = pkgs.raspberrypifw;
|
||||
version = cfg.version;
|
||||
inherit configTxt;
|
||||
};
|
||||
|
||||
platform = pkgs.stdenv.platform;
|
||||
|
||||
builderUboot = import ./builder_uboot.nix { inherit config; inherit pkgs; inherit configTxt; };
|
||||
|
||||
builder =
|
||||
if cfg.uboot.enable then
|
||||
"${builderUboot} -g ${toString cfg.uboot.configurationLimit} -t ${timeoutStr} -c"
|
||||
else
|
||||
builderGeneric;
|
||||
|
||||
blCfg = config.boot.loader;
|
||||
timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
|
||||
|
||||
isAarch64 = pkgs.stdenv.isAarch64;
|
||||
optional = pkgs.stdenv.lib.optionalString;
|
||||
|
||||
configTxt =
|
||||
pkgs.writeText "config.txt" (''
|
||||
# U-Boot used to need this to work, regardless of whether UART is actually used or not.
|
||||
# TODO: check when/if this can be removed.
|
||||
enable_uart=1
|
||||
|
||||
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
|
||||
# when attempting to show low-voltage or overtemperature warnings.
|
||||
avoid_warnings=1
|
||||
'' + optional isAarch64 ''
|
||||
# Boot in 64-bit mode.
|
||||
arm_control=0x200
|
||||
'' + optional cfg.uboot.enable ''
|
||||
kernel=u-boot-rpi.bin
|
||||
'' + optional (cfg.firmwareConfig != null) cfg.firmwareConfig);
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
boot.loader.raspberryPi.enable = mkOption {
|
||||
boot.loader.raspberryPi = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
|
@ -31,16 +63,50 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
boot.loader.raspberryPi.version = mkOption {
|
||||
version = mkOption {
|
||||
default = 2;
|
||||
type = types.enum [ 1 2 3 ];
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
|
||||
uboot = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enable using uboot as bootmanager for the raspberry pi.
|
||||
'';
|
||||
};
|
||||
|
||||
configurationLimit = mkOption {
|
||||
default = 20;
|
||||
example = 10;
|
||||
type = types.int;
|
||||
description = ''
|
||||
Maximum number of configurations in the boot menu.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
firmwareConfig = mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.string;
|
||||
description = ''
|
||||
Extra options that will be appended to <literal>/boot/config.txt</literal> file.
|
||||
For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = singleton {
|
||||
assertion = !pkgs.stdenv.isAarch64 || cfg.version == 3;
|
||||
message = "Only Raspberry Pi 3 supports aarch64.";
|
||||
};
|
||||
|
||||
config = mkIf config.boot.loader.raspberryPi.enable {
|
||||
system.build.installBootLoader = builder;
|
||||
system.boot.loader.id = "raspberrypi";
|
||||
system.boot.loader.kernelFile = platform.kernelTarget;
|
||||
|
|
|
@ -110,7 +110,7 @@ in {
|
|||
|
||||
config =
|
||||
let
|
||||
units = mapAttrs' (n: v: nameValuePair "${n}.nspawn" (instanceToUnit n v)) cfg;
|
||||
units = mapAttrs' (n: v: let nspawnFile = "${n}.nspawn"; in nameValuePair nspawnFile (instanceToUnit nspawnFile v)) cfg;
|
||||
in mkIf (cfg != {}) {
|
||||
|
||||
environment.etc."systemd/nspawn".source = generateUnits "nspawn" units [] [];
|
||||
|
|
|
@ -217,7 +217,7 @@ in rec {
|
|||
|
||||
environment = mkOption {
|
||||
default = {};
|
||||
type = types.attrs; # FIXME
|
||||
type = with types; attrsOf (nullOr (either str package));
|
||||
example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
|
||||
description = "Environment variables passed to the service's processes.";
|
||||
};
|
||||
|
|
|
@ -515,7 +515,7 @@ in
|
|||
};
|
||||
|
||||
systemd.globalEnvironment = mkOption {
|
||||
type = types.attrs;
|
||||
type = with types; attrsOf (nullOr (either str package));
|
||||
default = {};
|
||||
example = { TZ = "CET"; };
|
||||
description = ''
|
||||
|
|
|
@ -66,6 +66,10 @@ in
|
|||
default = false;
|
||||
description = "Whether to enable verbose logging.";
|
||||
};
|
||||
mountResourceDisk = mkOption {
|
||||
default = true;
|
||||
description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
@ -112,7 +116,7 @@ in
|
|||
Provisioning.ExecuteCustomData=n
|
||||
|
||||
# Format if unformatted. If 'n', resource disk will not be mounted.
|
||||
ResourceDisk.Format=y
|
||||
ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}
|
||||
|
||||
# File system on the resource disk
|
||||
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
|
||||
|
@ -181,7 +185,7 @@ in
|
|||
after = [ "network-online.target" "sshd.service" ];
|
||||
wants = [ "network-online.target" ];
|
||||
|
||||
path = [ pkgs.e2fsprogs ];
|
||||
path = [ pkgs.e2fsprogs pkgs.bash ];
|
||||
description = "Windows Azure Agent Service";
|
||||
unitConfig.ConditionPathExists = "/etc/waagent.conf";
|
||||
serviceConfig = {
|
||||
|
|
|
@ -112,7 +112,7 @@ let
|
|||
|
||||
# If the host is 64-bit and the container is 32-bit, add a
|
||||
# --personality flag.
|
||||
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
|
||||
${optionalString (config.nixpkgs.localSystem.system == "x86_64-linux") ''
|
||||
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
|
||||
extraFlags+=" --personality=x86"
|
||||
fi
|
||||
|
@ -255,7 +255,7 @@ let
|
|||
};
|
||||
|
||||
|
||||
system = config.nixpkgs.system;
|
||||
system = config.nixpkgs.localSystem.system;
|
||||
|
||||
bindMountOpts = { name, config, ... }: {
|
||||
|
||||
|
@ -575,6 +575,16 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
extraFlags = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "--drop-capability=CAP_SYS_CHROOT" ];
|
||||
description = ''
|
||||
Extra flags passed to the systemd-nspawn command.
|
||||
See systemd-nspawn(1) for details.
|
||||
'';
|
||||
};
|
||||
|
||||
} // networkOptions;
|
||||
|
||||
config = mkMerge
|
||||
|
@ -714,7 +724,9 @@ in
|
|||
${optionalString cfg.autoStart ''
|
||||
AUTO_START=1
|
||||
''}
|
||||
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts}"
|
||||
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts +
|
||||
optionalString (cfg.extraFlags != [])
|
||||
(" " + concatStringsSep " " cfg.extraFlags)}"
|
||||
'';
|
||||
}) config.containers;
|
||||
|
||||
|
|
|
@ -370,7 +370,7 @@ in rec {
|
|||
tests.prometheus = callTest tests/prometheus.nix {};
|
||||
tests.prosody = callTest tests/prosody.nix {};
|
||||
tests.proxy = callTest tests/proxy.nix {};
|
||||
# tests.quagga = callTest tests/quagga.nix {};
|
||||
tests.quagga = callTest tests/quagga.nix {};
|
||||
tests.quake3 = callTest tests/quake3.nix {};
|
||||
tests.rabbitmq = callTest tests/rabbitmq.nix {};
|
||||
tests.radicale = callTest tests/radicale.nix {};
|
||||
|
@ -384,6 +384,7 @@ in rec {
|
|||
tests.smokeping = callTest tests/smokeping.nix {};
|
||||
tests.snapper = callTest tests/snapper.nix {};
|
||||
tests.statsd = callTest tests/statsd.nix {};
|
||||
tests.strongswan-swanctl = callTest tests/strongswan-swanctl.nix {};
|
||||
tests.sudo = callTest tests/sudo.nix {};
|
||||
tests.systemd = callTest tests/systemd.nix {};
|
||||
tests.switchTest = callTest tests/switch-test.nix {};
|
||||
|
|
|
@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
# container available within the VM, because we don't have network access.
|
||||
virtualisation.pathsInNixDB = let
|
||||
emptyContainer = import ../lib/eval-config.nix {
|
||||
inherit (config.nixpkgs) system;
|
||||
inherit (config.nixpkgs.localSystem) system;
|
||||
modules = lib.singleton {
|
||||
containers.foo.config = {};
|
||||
};
|
||||
|
|
|
@ -18,6 +18,18 @@ import ./make-test.nix {
|
|||
MAIL
|
||||
'';
|
||||
|
||||
sendTestMailViaDeliveryAgent = pkgs.writeScriptBin "send-lda" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
|
||||
exec ${pkgs.dovecot}/libexec/dovecot/deliver -d bob <<MAIL
|
||||
From: root@localhost
|
||||
To: bob@localhost
|
||||
Subject: Something else...
|
||||
|
||||
I'm running short of ideas!
|
||||
MAIL
|
||||
'';
|
||||
|
||||
testImap = pkgs.writeScriptBin "test-imap" ''
|
||||
#!${pkgs.python3.interpreter}
|
||||
import imaplib
|
||||
|
@ -39,24 +51,25 @@ import ./make-test.nix {
|
|||
|
||||
pop = poplib.POP3('localhost')
|
||||
try:
|
||||
pop.user('alice')
|
||||
pop.user('bob')
|
||||
pop.pass_('foobar')
|
||||
assert len(pop.list()[1]) == 1
|
||||
status, fullmail, size = pop.retr(1)
|
||||
assert status.startswith(b'+OK ')
|
||||
body = b"".join(fullmail[fullmail.index(b""):]).strip()
|
||||
assert body == b'Hello world!'
|
||||
assert body == b"I'm running short of ideas!"
|
||||
finally:
|
||||
pop.quit()
|
||||
'';
|
||||
|
||||
in [ sendTestMail testImap testPop ];
|
||||
in [ sendTestMail sendTestMailViaDeliveryAgent testImap testPop ];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
$machine->waitForUnit('postfix.service');
|
||||
$machine->waitForUnit('dovecot2.service');
|
||||
$machine->succeed('send-testmail');
|
||||
$machine->succeed('send-lda');
|
||||
$machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
|
||||
$machine->succeed('test-imap');
|
||||
$machine->succeed('test-pop');
|
||||
|
|
|
@ -26,15 +26,22 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
|
||||
testScript =
|
||||
''
|
||||
# wait for gdm to start and bring up X
|
||||
$machine->waitForUnit("display-manager.service");
|
||||
$machine->waitForX;
|
||||
$machine->sleep(15);
|
||||
|
||||
# wait for alice to be logged in
|
||||
$machine->waitForUnit("default.target","alice");
|
||||
|
||||
# Check that logging in has given the user ownership of devices.
|
||||
$machine->succeed("getfacl /dev/snd/timer | grep -q alice");
|
||||
|
||||
$machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
|
||||
$machine->succeed("xauth merge ~alice/.Xauthority");
|
||||
# open a terminal and check it's there
|
||||
$machine->succeed("su - alice -c 'DISPLAY=:0.0 XAUTHORITY=/run/user/\$UID/gdm/Xauthority gnome-terminal'");
|
||||
$machine->succeed("xauth merge /run/user/1000/gdm/Xauthority");
|
||||
$machine->waitForWindow(qr/Terminal/);
|
||||
|
||||
# wait to get a nice screenshot
|
||||
$machine->sleep(20);
|
||||
$machine->screenshot("screen");
|
||||
'';
|
||||
|
|
148
nixos/tests/strongswan-swanctl.nix
Normal file
148
nixos/tests/strongswan-swanctl.nix
Normal file
|
@ -0,0 +1,148 @@
|
|||
# This strongswan-swanctl test is based on:
|
||||
# https://www.strongswan.org/testing/testresults/swanctl/rw-psk-ipv4/index.html
|
||||
# https://github.com/strongswan/strongswan/tree/master/testing/tests/swanctl/rw-psk-ipv4
|
||||
#
|
||||
# The roadwarrior carol sets up a connection to gateway moon. The authentication
|
||||
# is based on pre-shared keys and IPv4 addresses. Upon the successful
|
||||
# establishment of the IPsec tunnels, the specified updown script automatically
|
||||
# inserts iptables-based firewall rules that let pass the tunneled traffic. In
|
||||
# order to test both tunnel and firewall, carol pings the client alice behind
|
||||
# the gateway moon.
|
||||
#
|
||||
# alice moon carol
|
||||
# eth1------vlan_0------eth1 eth2------vlan_1------eth1
|
||||
# 192.168.0.1 192.168.0.3 192.168.1.3 192.168.1.2
|
||||
#
|
||||
# See the NixOS manual for how to run this test:
|
||||
# https://nixos.org/nixos/manual/index.html#sec-running-nixos-tests-interactively
|
||||
|
||||
import ./make-test.nix ({ pkgs, ...} :
|
||||
|
||||
let
|
||||
allowESP = "iptables --insert INPUT --protocol ESP --jump ACCEPT";
|
||||
|
||||
# Shared VPN settings:
|
||||
vlan0 = "192.168.0.0/24";
|
||||
carolIp = "192.168.1.2";
|
||||
moonIp = "192.168.1.3";
|
||||
version = 2;
|
||||
secret = "0sFpZAZqEN6Ti9sqt4ZP5EWcqx";
|
||||
esp_proposals = [ "aes128gcm128-x25519" ];
|
||||
proposals = [ "aes128-sha256-x25519" ];
|
||||
in {
|
||||
name = "strongswan-swanctl";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ basvandijk ];
|
||||
nodes = {
|
||||
|
||||
alice = { nodes, ... } : {
|
||||
virtualisation.vlans = [ 0 ];
|
||||
networking = {
|
||||
dhcpcd.enable = false;
|
||||
defaultGateway = "192.168.0.3";
|
||||
};
|
||||
};
|
||||
|
||||
moon = {pkgs, config, nodes, ...} :
|
||||
let strongswan = config.services.strongswan-swanctl.package;
|
||||
in {
|
||||
virtualisation.vlans = [ 0 1 ];
|
||||
networking = {
|
||||
dhcpcd.enable = false;
|
||||
firewall = {
|
||||
allowedUDPPorts = [ 4500 500 ];
|
||||
extraCommands = allowESP;
|
||||
};
|
||||
nat = {
|
||||
enable = true;
|
||||
internalIPs = [ vlan0 ];
|
||||
internalInterfaces = [ "eth1" ];
|
||||
externalIP = moonIp;
|
||||
externalInterface = "eth2";
|
||||
};
|
||||
};
|
||||
environment.systemPackages = [ strongswan ];
|
||||
services.strongswan-swanctl = {
|
||||
enable = true;
|
||||
swanctl = {
|
||||
connections = {
|
||||
"rw" = {
|
||||
local_addrs = [ moonIp ];
|
||||
local."main" = {
|
||||
auth = "psk";
|
||||
};
|
||||
remote."main" = {
|
||||
auth = "psk";
|
||||
};
|
||||
children = {
|
||||
"net" = {
|
||||
local_ts = [ vlan0 ];
|
||||
updown = "${strongswan}/libexec/ipsec/_updown iptables";
|
||||
inherit esp_proposals;
|
||||
};
|
||||
};
|
||||
inherit version;
|
||||
inherit proposals;
|
||||
};
|
||||
};
|
||||
secrets = {
|
||||
ike."carol" = {
|
||||
id."main" = carolIp;
|
||||
inherit secret;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
carol = {pkgs, config, nodes, ...} :
|
||||
let strongswan = config.services.strongswan-swanctl.package;
|
||||
in {
|
||||
virtualisation.vlans = [ 1 ];
|
||||
networking = {
|
||||
dhcpcd.enable = false;
|
||||
firewall.extraCommands = allowESP;
|
||||
};
|
||||
environment.systemPackages = [ strongswan ];
|
||||
services.strongswan-swanctl = {
|
||||
enable = true;
|
||||
swanctl = {
|
||||
connections = {
|
||||
"home" = {
|
||||
local_addrs = [ carolIp ];
|
||||
remote_addrs = [ moonIp ];
|
||||
local."main" = {
|
||||
auth = "psk";
|
||||
id = carolIp;
|
||||
};
|
||||
remote."main" = {
|
||||
auth = "psk";
|
||||
id = moonIp;
|
||||
};
|
||||
children = {
|
||||
"home" = {
|
||||
remote_ts = [ vlan0 ];
|
||||
start_action = "trap";
|
||||
updown = "${strongswan}/libexec/ipsec/_updown iptables";
|
||||
inherit esp_proposals;
|
||||
};
|
||||
};
|
||||
inherit version;
|
||||
inherit proposals;
|
||||
};
|
||||
};
|
||||
secrets = {
|
||||
ike."moon" = {
|
||||
id."main" = moonIp;
|
||||
inherit secret;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
testScript = ''
|
||||
startAll();
|
||||
$carol->waitUntilSucceeds("ping -c 1 alice");
|
||||
'';
|
||||
})
|
|
@ -46,6 +46,8 @@ import ./make-test.nix {
|
|||
|
||||
testScript = ''
|
||||
$machine->waitForX;
|
||||
# wait for user services
|
||||
$machine->waitForUnit("default.target","alice");
|
||||
|
||||
# Regression test for https://github.com/NixOS/nixpkgs/issues/35415
|
||||
subtest "configuration files are recognized by systemd", sub {
|
||||
|
|
|
@ -7,13 +7,13 @@ with stdenv.lib;
|
|||
stdenv.mkDerivation rec {
|
||||
|
||||
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
|
||||
version = "0.16.2";
|
||||
version = "0.17.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bitcoin-ABC";
|
||||
repo = "bitcoin-abc";
|
||||
rev = "v${version}";
|
||||
sha256 = "0d5npn4p321jqsbqjxkbv0ncvs2hp9vdp30np6n8n53f896cxl92";
|
||||
sha256 = "1s2y29h2q4fnbrfg2ig1cd3h7g3kdcdyrfq7znq1ndnh8xj1j489";
|
||||
};
|
||||
|
||||
patches = [ ./fix-bitcoin-qt-build.patch ];
|
||||
|
|
|
@ -29,5 +29,6 @@ buildGoPackage rec {
|
|||
homepage = "https://decred.org";
|
||||
description = "Decred daemon in Go (golang)";
|
||||
license = with lib.licenses; [ isc ];
|
||||
broken = stdenv.isLinux; # 2018-04-10
|
||||
};
|
||||
}
|
||||
|
|
|
@ -38,5 +38,6 @@ buildGoPackage rec {
|
|||
homepage = "https://decred.org";
|
||||
description = "Decred daemon in Go (golang)";
|
||||
license = with lib.licenses; [ isc ];
|
||||
broken = stdenv.isLinux; # 2018-04-10
|
||||
};
|
||||
}
|
||||
|
|
|
@ -51,6 +51,8 @@ rec {
|
|||
memorycoin = callPackage ./memorycoin.nix { boost = boost165; withGui = true; };
|
||||
memorycoind = callPackage ./memorycoin.nix { boost = boost165; withGui = false; };
|
||||
|
||||
mist = callPackage ./mist.nix { };
|
||||
|
||||
namecoin = callPackage ./namecoin.nix { withGui = true; };
|
||||
namecoind = callPackage ./namecoin.nix { withGui = false; };
|
||||
|
||||
|
|
|
@ -55,6 +55,7 @@ lib.overrideDerivation (mkDerivation rec {
|
|||
description = "Ethereum virtual machine evaluator";
|
||||
license = stdenv.lib.licenses.agpl3;
|
||||
maintainers = [stdenv.lib.maintainers.dbrock];
|
||||
broken = true; # 2018-04-10
|
||||
}) (attrs: {
|
||||
buildInputs = attrs.buildInputs ++ [solc];
|
||||
nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper];
|
||||
|
|
|
@ -51,6 +51,6 @@ stdenv.mkDerivation rec{
|
|||
homepage = http://www.bitcoin.org/;
|
||||
maintainers = with maintainers; [ AndersonTorres ];
|
||||
license = licenses.mit;
|
||||
platforms = subtractLists [ "aarch64-linux" ] platforms.unix;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
||||
|
|
71
pkgs/applications/altcoins/mist.nix
Normal file
71
pkgs/applications/altcoins/mist.nix
Normal file
|
@ -0,0 +1,71 @@
|
|||
{ stdenv, lib, makeWrapper, fetchurl, unzip, atomEnv, makeDesktopItem, buildFHSUserEnv }:
|
||||
|
||||
let
|
||||
version = "0.10.0";
|
||||
name = "mist-${version}";
|
||||
|
||||
throwSystem = throw "Unsupported system: ${stdenv.system}";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Browse and use Ðapps on the Ethereum network";
|
||||
homepage = https://github.com/ethereum/mist;
|
||||
license = licenses.gpl3;
|
||||
maintainers = with maintainers; [];
|
||||
platforms = [ "x86_64-linux" "i686-linux" ];
|
||||
};
|
||||
|
||||
urlVersion = builtins.replaceStrings ["."] ["-"] version;
|
||||
|
||||
desktopItem = makeDesktopItem rec {
|
||||
name = "Mist";
|
||||
exec = "mist";
|
||||
icon = "mist";
|
||||
desktopName = name;
|
||||
genericName = "Mist Browser";
|
||||
categories = "Network;";
|
||||
};
|
||||
|
||||
mist = stdenv.mkDerivation {
|
||||
inherit name version;
|
||||
|
||||
src = {
|
||||
i686-linux = fetchurl {
|
||||
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux32-${urlVersion}.zip";
|
||||
sha256 = "01hvxlm9w522pwvsjdy18gsrapkfjr7d1jjl4bqjjysxnjaaj2lk";
|
||||
};
|
||||
x86_64-linux = fetchurl {
|
||||
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux64-${urlVersion}.zip";
|
||||
sha256 = "01k17j7fdfhxfd26njdsiwap0xnka2536k9ydk32czd8db7ya9zi";
|
||||
};
|
||||
}.${stdenv.system} or throwSystem;
|
||||
|
||||
buildInputs = [ unzip makeWrapper ];
|
||||
|
||||
buildCommand = ''
|
||||
mkdir -p $out/lib/mist $out/bin
|
||||
unzip -d $out/lib/mist $src
|
||||
ln -s $out/lib/mist/mist $out/bin
|
||||
fixupPhase
|
||||
mkdir -p $out/share/applications
|
||||
ln -s ${desktopItem}/share/applications/* $out/share/applications
|
||||
patchelf \
|
||||
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
|
||||
--set-rpath "${atomEnv.libPath}:$out/lib/mist" \
|
||||
$out/lib/mist/mist
|
||||
'';
|
||||
};
|
||||
in
|
||||
buildFHSUserEnv {
|
||||
name = "mist";
|
||||
|
||||
targetPkgs = pkgs: with pkgs; [
|
||||
mist
|
||||
];
|
||||
|
||||
extraInstallCommands = ''
|
||||
mkdir -p "$out/share/applications"
|
||||
cp "${desktopItem}/share/applications/"* $out/share/applications
|
||||
'';
|
||||
|
||||
runScript = "mist";
|
||||
}
|
|
@ -3,11 +3,11 @@
|
|||
|
||||
bitwig-studio1.overrideAttrs (oldAttrs: rec {
|
||||
name = "bitwig-studio-${version}";
|
||||
version = "2.2.2";
|
||||
version = "2.3.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
|
||||
sha256 = "1x4wka32xlygmhdh9rb15s37zh5qjrgap2qk35y34c52lf5aak22";
|
||||
sha256 = "10ji4jqnnlhv4bgvhqwysprax6jcjk4759jskr9imwj6qjnj3vzn";
|
||||
};
|
||||
|
||||
buildInputs = bitwig-studio1.buildInputs ++ [ ffmpeg ];
|
||||
|
|
|
@ -49,7 +49,7 @@ let
|
|||
# faust.wrapWithBuildEnv.
|
||||
postInstall = ''
|
||||
# syntax error when eval'd directly
|
||||
pattern="faust2!(svg)"
|
||||
pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
|
||||
(shopt -s extglob; rm "$out"/bin/$pattern)
|
||||
'';
|
||||
|
||||
|
|
|
@ -78,7 +78,7 @@ let
|
|||
# faust.wrapWithBuildEnv.
|
||||
postInstall = ''
|
||||
# syntax error when eval'd directly
|
||||
pattern="faust2!(svg)"
|
||||
pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
|
||||
(shopt -s extglob; rm "$out"/bin/$pattern)
|
||||
'';
|
||||
|
||||
|
|
|
@ -5,13 +5,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "flacon-${version}";
|
||||
version = "4.0.0";
|
||||
version = "4.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "flacon";
|
||||
repo = "flacon";
|
||||
rev = "v${version}";
|
||||
sha256 = "0l0xbzpy4nnr08z7gqvb4ngrjwzpspa382cbcrpkya3nd40987kr";
|
||||
sha256 = "1sw2v2w3s79lbzhkf96m8lwvag824am7rwfzzsi8bz6sa6krmj0m";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];
|
||||
|
|
|
@ -36,5 +36,6 @@ stdenv.mkDerivation {
|
|||
license = stdenv.lib.licenses.gpl2Plus ;
|
||||
maintainers = [stdenv.lib.maintainers.raskin];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
broken = true; # 2018-04-11
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
pythonPackages.buildPythonApplication rec {
|
||||
pname = "Mopidy-Iris";
|
||||
version = "3.14.2";
|
||||
version = "3.17.1";
|
||||
|
||||
src = pythonPackages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "19affzk45wby50gwxwzqgwa7h7618lcs48ngdsa06sd66s8x2fza";
|
||||
sha256 = "02k1br077v9c5x6nn0391vh28pvn1zjbkjv8h508vy7k6ch2xjyq";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -17,8 +17,11 @@ pythonPackages.buildPythonApplication rec {
|
|||
pylast
|
||||
spotipy
|
||||
raven
|
||||
tornado
|
||||
]);
|
||||
|
||||
postPatch = "sed -i /tornado/d setup.py";
|
||||
|
||||
# no tests implemented
|
||||
doCheck = false;
|
||||
|
|
@ -29,11 +29,11 @@
|
|||
# handle that.
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "qmmp-1.2.0";
|
||||
name = "qmmp-1.2.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
|
||||
sha256 = "17kci7srgbkk62dgxlmg3lv2y7z04jsinpgx6jmxjpnpblpcj840";
|
||||
sha256 = "1ag8wh11dq394zjqdyz5g1srjnm4fnq4cwlhpb9k89gpmlk42cdr";
|
||||
};
|
||||
|
||||
buildInputs =
|
||||
|
|
|
@ -13,9 +13,9 @@ let
|
|||
sha256Hash = "0xn02miq2hz7666mziza56pfqw9sjflgvn88ds7j5yd4rlcr0lq8";
|
||||
};
|
||||
latestVersion = {
|
||||
version = "3.2.0.9"; # "Android Studio 3.2 Canary 10"
|
||||
build = "181.4705630";
|
||||
sha256Hash = "07xf00f0wvrk576iaqn7qpcpgar432n6q3jlgpslhm4m1cww3sww";
|
||||
version = "3.2.0.10"; # "Android Studio 3.2 Canary 11"
|
||||
build = "181.4720098";
|
||||
sha256Hash = "00cd7qdznspi69cgs1a13a3fnkvsc7zjfl517jgp32vdygkb0qxw";
|
||||
};
|
||||
in rec {
|
||||
# Old alias
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "atom-${version}";
|
||||
version = "1.25.1";
|
||||
version = "1.26.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/atom/atom/releases/download/v${version}/atom-amd64.deb";
|
||||
sha256 = "0h0kr4w26c6i89rb9y4aw4l8f63al42i2cy3ddk16m1irzij9fk4";
|
||||
sha256 = "1gyxys3mwwizc88vlb6j769b6r4ibjnqs6pg5iv336b13f9acyvr";
|
||||
name = "${name}.deb";
|
||||
};
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "edbrowse-${version}";
|
||||
version = "3.7.2";
|
||||
version = "3.7.3";
|
||||
|
||||
buildInputs = [ curl pcre readline openssl duktape perl html-tidy ];
|
||||
|
||||
|
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
|
|||
owner = "CMB";
|
||||
repo = "edbrowse";
|
||||
rev = "v${version}";
|
||||
sha256 = "00wi0m91zf8p8wk4ixlz99dndgv4xqy93m2vsiwdr3khw3jwipp2";
|
||||
sha256 = "19qdxigp0qv5vyy0hpn0czcc8papvivsjrxx7p367ihizm39yzla";
|
||||
};
|
||||
meta = with stdenv.lib; {
|
||||
description = "Command Line Editor Browser";
|
||||
|
|
|
@ -1507,10 +1507,10 @@
|
|||
nhexl-mode = callPackage ({ cl-lib ? null, elpaBuild, emacs, fetchurl, lib }:
|
||||
elpaBuild {
|
||||
pname = "nhexl-mode";
|
||||
version = "0.2";
|
||||
version = "0.5";
|
||||
src = fetchurl {
|
||||
url = "https://elpa.gnu.org/packages/nhexl-mode-0.2.el";
|
||||
sha256 = "0qrzpkxxdwi2b3136yj5agvaxwr9g2c58kpmjmjpfhpc6yyyx5x0";
|
||||
url = "https://elpa.gnu.org/packages/nhexl-mode-0.5.el";
|
||||
sha256 = "02z2mx39m96s7v5d8sh6hxb5p70qzbagjfa3lavfw10zjim8g9wl";
|
||||
};
|
||||
packageRequires = [ cl-lib emacs ];
|
||||
meta = {
|
||||
|
@ -1612,10 +1612,10 @@
|
|||
}) {};
|
||||
org = callPackage ({ elpaBuild, fetchurl, lib }: elpaBuild {
|
||||
pname = "org";
|
||||
version = "9.1.9";
|
||||
version = "9.1.10";
|
||||
src = fetchurl {
|
||||
url = "https://elpa.gnu.org/packages/org-9.1.9.tar";
|
||||
sha256 = "16yr0srfzsrzv2b1f2wjk8gb2pyhsgj2hxbscixirkxqz674c5cl";
|
||||
url = "https://elpa.gnu.org/packages/org-9.1.10.tar";
|
||||
sha256 = "01vvq6m7r2ifyflvq5ga241qvl4j62smz0zr6jljk56b6nqi20lm";
|
||||
};
|
||||
packageRequires = [];
|
||||
meta = {
|
||||
|
|
|
@ -2,25 +2,25 @@
|
|||
|
||||
let
|
||||
modules = [
|
||||
{ name = "icicles.el"; sha256 = "10w1lghh9jqxxm5cszi2qyk24vnvazfywmyyz1v7zf6cyiwbndrz"; }
|
||||
{ name = "icicles-chg.el"; sha256 = "020yg4hv120mcy7qvn76j85q6hl7mfcfv66w55c6izc9lbrvvnv8"; }
|
||||
{ name = "icicles-cmd1.el"; sha256 = "1715x1vkiax93890gfjbzslxsn4swsv37spvyx7chy4s1mym9kfw"; }
|
||||
{ name = "icicles-cmd2.el"; sha256 = "187k0gmn34fn6w1dw9hjf4i788y01vk47z7ac11ar4bddwh97ddx"; }
|
||||
{ name = "icicles-doc1.el"; sha256 = "1bw5dkymn2xdrfrp80am0gqi0szs0xihny4qmgzgx6hfbng351qh"; }
|
||||
{ name = "icicles-doc2.el"; sha256 = "0zd94m1a8mwwbrbcrahxxx8q34w8cg5lna4yww4m1gliyklww86s"; }
|
||||
{ name = "icicles-face.el"; sha256 = "1mlz8dq7bgzp2cf5j37i25yw90ry657d2m8r93rdj67h7l4wyxhj"; }
|
||||
{ name = "icicles-fn.el"; sha256 = "1cdghvgsr0b7pdq4lmnfm6kwwcqbk4wqf168kf2sjajbpa24ix96"; }
|
||||
{ name = "icicles-mac.el"; sha256 = "1w5sgzbp8hyjzrmqd8bwivszaayzh8dkyqa0d751adiwjfs9sq9m"; }
|
||||
{ name = "icicles-mcmd.el"; sha256 = "1lf2galn3g52hfz61avlr4ifyn5b42dfbmyq78cpzlq7hzc928v2"; }
|
||||
{ name = "icicles-mode.el"; sha256 = "0gci04j6vx0vqsh4skarznklam1xibj7pjvy67kaip8b6a4zx9ip"; }
|
||||
{ name = "icicles-opt.el"; sha256 = "17g35ancml0mvywagzhjrgmlr4rhm1wgb5wg3fsqhhldib9qlz56"; }
|
||||
{ name = "icicles-var.el"; sha256 = "0ydixg41h09yncp8g2nv8zsyv8avg1hj2f3mgrmd2kf0n27bw2nv"; }
|
||||
{ name = "icicles.el"; sha256 = "0wxak7wh0rrb3h77ay2vypbb53skcfbrv71xkajhax0w12q6zpaj"; }
|
||||
{ name = "icicles-chg.el"; sha256 = "1kqlhisg5g9ycylzqiwxrmmgfw2jw599wisz26wvi48lac2icgg7"; }
|
||||
{ name = "icicles-cmd1.el"; sha256 = "17cpw798bl6p77cmjl7lwdnxa1qpw4z1wacjq2mdc8fh81cyw3am"; }
|
||||
{ name = "icicles-cmd2.el"; sha256 = "15swxk7fr7wsqpf26xzbvyk12ikkvfcyh9w8wmnpc38dmpyq79rb"; }
|
||||
{ name = "icicles-doc1.el"; sha256 = "04j5qvj7pqnjh8h2y2sdgi7x55czdp9xn7yysr3bzcmr1rq5p4bz"; }
|
||||
{ name = "icicles-doc2.el"; sha256 = "1k8vfhi3fa4bzsxr074bw5q6srvq6z6hi61rzlxdw7pah6qf7hcz"; }
|
||||
{ name = "icicles-face.el"; sha256 = "1pvygqzmh6ag0zhfjn1vhdvlhxybwxzj22ah2pc0ls80dlywhi4l"; }
|
||||
{ name = "icicles-fn.el"; sha256 = "1sn56z5rjsvqsy3vs7af7yai0c0qdjvcxvwwc59rhswrbi6zlxz5"; }
|
||||
{ name = "icicles-mac.el"; sha256 = "1wyvqzlpq5n70mggqijb8f5r5q9y1hxxngp64sixy0xszy5d12dk"; }
|
||||
{ name = "icicles-mcmd.el"; sha256 = "05dniz6337v9r15w8r2zad0n2h6jlygzjp7vw75vvq8mds0acmia"; }
|
||||
{ name = "icicles-mode.el"; sha256 = "1xfv8nryf5y2gygg02naawzm5qhrkba3h84g43518r1xc6rgbpp6"; }
|
||||
{ name = "icicles-opt.el"; sha256 = "10n4p999ylkapirs75y5fh33lpiyx42i3ajzl2zjfwyr1zksg1iz"; }
|
||||
{ name = "icicles-var.el"; sha256 = "1r5gb01zg8nf2qryq9saxfpnzlymmppsk7w1g09lac35c87vh8yl"; }
|
||||
];
|
||||
|
||||
forAll = f: map f modules;
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2017-10-28";
|
||||
version = "2018-04-16";
|
||||
name = "icicles-${version}";
|
||||
|
||||
srcs = forAll ({name, sha256}: fetchurl { url = "http://www.emacswiki.org/emacs/download/${name}"; inherit sha256; });
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -94,6 +94,9 @@ self:
|
|||
# Expects bash to be at /bin/bash
|
||||
flycheck-rtags = markBroken super.flycheck-rtags;
|
||||
|
||||
# upstream issue: missing dependency
|
||||
fold-dwim-org = markBroken super.fold-dwim-org;
|
||||
|
||||
# build timeout
|
||||
graphene = markBroken super.graphene;
|
||||
|
||||
|
@ -103,9 +106,6 @@ self:
|
|||
# Expects bash to be at /bin/bash
|
||||
helm-rtags = markBroken super.helm-rtags;
|
||||
|
||||
# upstream issue: missing file header
|
||||
helm-words = markBroken super.helm-words;
|
||||
|
||||
# upstream issue: missing file header
|
||||
ido-complete-space-or-hyphen = markBroken super.ido-complete-space-or-hyphen;
|
||||
|
||||
|
@ -149,9 +149,6 @@ self:
|
|||
# upstream issue: missing dependency
|
||||
org-readme = markBroken super.org-readme;
|
||||
|
||||
# upstream issue: missing file header
|
||||
perl-completion = markBroken super.perl-completion;
|
||||
|
||||
# upstream issue: truncated file
|
||||
powershell = markBroken super.powershell;
|
||||
|
||||
|
@ -161,9 +158,6 @@ self:
|
|||
# upstream issue: missing file header
|
||||
qiita = markBroken super.qiita;
|
||||
|
||||
# upstream issue: missing file header
|
||||
railgun = markBroken super.railgun;
|
||||
|
||||
# upstream issue: missing file footer
|
||||
seoul256-theme = markBroken super.seoul256-theme;
|
||||
|
||||
|
@ -198,9 +192,6 @@ self:
|
|||
# upstream issue: missing file header
|
||||
window-numbering = markBroken super.window-numbering;
|
||||
|
||||
# upstream issue: missing file header
|
||||
zeitgeist = markBroken super.zeitgeist;
|
||||
|
||||
w3m = super.w3m.override (args: {
|
||||
melpaBuild = drv: args.melpaBuild (drv // {
|
||||
prePatch =
|
||||
|
|
|
@ -2597,22 +2597,22 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
beeminder = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
beeminder = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild, org }:
|
||||
melpaBuild {
|
||||
pname = "beeminder";
|
||||
version = "1.0.0";
|
||||
version = "1.1.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "Sodaware";
|
||||
repo = "beeminder.el";
|
||||
rev = "54cc1277f2a7667a7b0d999dc49ceffcf2862b44";
|
||||
sha256 = "01d10algmi9a4xd7mzf7n3zxfs2qf5as66wx17mff5cd8dahxj1q";
|
||||
rev = "3e95a669474e27cd51a16caea030456377f83062";
|
||||
sha256 = "1bj9yzjvglnb0f4glh8fg478xlm5nqmd9jqm1casdj5m30i4kafn";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/7fabdb05de9b8ec18a3a566f99688b50443b6b44/recipes/beeminder";
|
||||
sha256 = "1cb8xmgsv23b464hpchm9f9i64p3fyf7aillrwk1aa2l1008kyww";
|
||||
name = "beeminder";
|
||||
};
|
||||
packageRequires = [];
|
||||
packageRequires = [ org ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/beeminder";
|
||||
license = lib.licenses.free;
|
||||
|
@ -6501,12 +6501,12 @@
|
|||
cython-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "cython-mode";
|
||||
version = "0.28.1";
|
||||
version = "0.28.2";
|
||||
src = fetchFromGitHub {
|
||||
owner = "cython";
|
||||
repo = "cython";
|
||||
rev = "89cfbb4a3a0540abeec1703fd3ee31eba9293936";
|
||||
sha256 = "1ndabmdzqfhkg3z9zaavp5bz8l86n4g9lwi0ji0vs7q7rpsykqdw";
|
||||
rev = "93e3bb9b7558d597d10c4cb8aa1dd887ed37dc2b";
|
||||
sha256 = "1cywxcfrb2j33ncldylimqhj7r7yzlb6ghy5i8c9784vfvxd56yh";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/be9bfabe3f79153cb859efc7c3051db244a63879/recipes/cython-mode";
|
||||
|
@ -6611,7 +6611,7 @@
|
|||
owner = "fommil";
|
||||
repo = "emacs-darcula-theme";
|
||||
rev = "2ecd466ffa7a3157b9ddcd7545b6fb8ad308c976";
|
||||
sha256 = "1h5lssnc1am54hkprnp61bsj5fnm8j556q2gbhljfjgrdwnqv8ky";
|
||||
sha256 = "1y8rsc63nl4n43pvn283f1vcpqyjnv6xl60fwyscwrqaz19bsnl1";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/23c8f10205187babb17e3abc3dc40eb1938e6640/recipes/darcula-theme";
|
||||
|
@ -6669,12 +6669,12 @@
|
|||
dash = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "dash";
|
||||
version = "2.13.0";
|
||||
version = "2.14.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "magnars";
|
||||
repo = "dash.el";
|
||||
rev = "4ae329aa2160411c8b47794de067fcf29bc38a22";
|
||||
sha256 = "12gvpn0a07kgbj2lrzw1vv4njp1w4gl38rl68yh0jp3rhvacbsg0";
|
||||
rev = "a74f4cfcdc8d0642a9f602ad494f0354f27dacc9";
|
||||
sha256 = "1kzijmjxjxgr7p8clphzvmm47vczckbs8mza9an77c25bn627ywl";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/57eed8767c3e98614259c408dc0b5c54d3473883/recipes/dash";
|
||||
|
@ -6690,12 +6690,12 @@
|
|||
dash-functional = callPackage ({ dash, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "dash-functional";
|
||||
version = "2.13.0";
|
||||
version = "2.14.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "magnars";
|
||||
repo = "dash.el";
|
||||
rev = "4ae329aa2160411c8b47794de067fcf29bc38a22";
|
||||
sha256 = "12gvpn0a07kgbj2lrzw1vv4njp1w4gl38rl68yh0jp3rhvacbsg0";
|
||||
rev = "a74f4cfcdc8d0642a9f602ad494f0354f27dacc9";
|
||||
sha256 = "1kzijmjxjxgr7p8clphzvmm47vczckbs8mza9an77c25bn627ywl";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/57eed8767c3e98614259c408dc0b5c54d3473883/recipes/dash-functional";
|
||||
|
@ -7325,7 +7325,7 @@
|
|||
owner = "xuhdev";
|
||||
repo = "dired-icon";
|
||||
rev = "dbace8d2250f84487d31b39050fcdc260fcde804";
|
||||
sha256 = "1d9105ibaw858gqp19rx2m6xm3hl57vzsmdqir883cy46qpvwhki";
|
||||
sha256 = "0r9qmr2l5kjwh1frp0k87nyaf13f7f9fjjf9yf9z92djqapfm9dd";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/8a96249947cba52cd75515b3dc83b0842fedf624/recipes/dired-icon";
|
||||
|
@ -7388,7 +7388,7 @@
|
|||
owner = "xuhdev";
|
||||
repo = "dired-quick-sort";
|
||||
rev = "fe39cfb2d4a7ba6b30f98134548b4e4bac67c469";
|
||||
sha256 = "1a9r1kz5irpvb2byabbf27sy7rjzaygfpqimpag41sj955wlgy9a";
|
||||
sha256 = "014frvpszixn8cx7rdx704glmjbslv3py3kw0pb0xqf50k4scynf";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/4d278178128deb03a7b1d2e586dc38da2c7af857/recipes/dired-quick-sort";
|
||||
|
@ -8836,12 +8836,12 @@
|
|||
ein = callPackage ({ auto-complete, cl-generic, dash, deferred, fetchFromGitHub, fetchurl, lib, melpaBuild, request, request-deferred, s, skewer-mode, websocket }:
|
||||
melpaBuild {
|
||||
pname = "ein";
|
||||
version = "0.13.0";
|
||||
version = "0.14.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "millejoh";
|
||||
repo = "emacs-ipython-notebook";
|
||||
rev = "213cea559e7a8fb50e303ea25e1626fefddaf4bd";
|
||||
sha256 = "18ysd78pfyymqd0f6ipma9p9x61pw21f0jwk118r5yi00wnry9za";
|
||||
rev = "fcf9bff0af071f5e2020ac77d9a9473325e4c5bb";
|
||||
sha256 = "1xk7k4av9hy0i7zqwpzis0rjp5myvxs52k45ah00zg8wi5hybq1x";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/215e163755fe391ce1f049622e7b9bf9a8aea95a/recipes/ein";
|
||||
|
@ -10298,12 +10298,12 @@
|
|||
erc-hl-nicks = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "erc-hl-nicks";
|
||||
version = "1.3.2";
|
||||
version = "1.3.3";
|
||||
src = fetchFromGitHub {
|
||||
owner = "leathekd";
|
||||
repo = "erc-hl-nicks";
|
||||
rev = "be181920ce6af0ab5d00d1c638e4e598b3998643";
|
||||
sha256 = "1k0g3bwp3w0dd6zwdv6k2wpqs2krjayilrzsr1hli649ljcx55d7";
|
||||
rev = "756c4438a8245ccd3e389bf6c9850ee8453783ec";
|
||||
sha256 = "0c82rxpl5v7bbxirf1ksg06xv5xcddh8nkrpj7i6nvfarwdfnk4f";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/erc-hl-nicks";
|
||||
|
@ -11389,12 +11389,12 @@
|
|||
evil-nerd-commenter = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "evil-nerd-commenter";
|
||||
version = "3.2.2";
|
||||
version = "3.2.3";
|
||||
src = fetchFromGitHub {
|
||||
owner = "redguardtoo";
|
||||
repo = "evil-nerd-commenter";
|
||||
rev = "8f6fafcce901a7a588f946b26d2e21c65e36e843";
|
||||
sha256 = "0pldzwvkic9ikrgzrvmcaq6y0yjplxinvyh61iqlgw2k7k8jld1f";
|
||||
rev = "34d411715ead5829d6d8969511047feb703b067e";
|
||||
sha256 = "0ax846dy2hbrbvkj7nzfkcl5i1x9rga8bvg0ln55ivhq0iiy1lkv";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/a3e1ff69e7cc95a5b5d628524ad836833f4ee736/recipes/evil-nerd-commenter";
|
||||
|
@ -13502,12 +13502,12 @@
|
|||
flycheck-swift3 = callPackage ({ emacs, fetchFromGitHub, fetchurl, flycheck, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "flycheck-swift3";
|
||||
version = "2.0.1";
|
||||
version = "2.0.2";
|
||||
src = fetchFromGitHub {
|
||||
owner = "GyazSquare";
|
||||
repo = "flycheck-swift3";
|
||||
rev = "34973cd28ca5e63f8f6328a17fd7b78cc913b93d";
|
||||
sha256 = "1iy6j05dzpi7pi87y6rpjzmlnl2s9izqpbzknis2kx9072qddm3q";
|
||||
rev = "06a6f98d7e498860b345bbd03e96bfe59608f508";
|
||||
sha256 = "0h1n4x0fvqfb6jcapbab1ck6bj4d7irbn9zz2hxv2rlrkqxfsmh3";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/f1fb8c731c118327dc0bbb726e046fec46bcfb82/recipes/flycheck-swift3";
|
||||
|
@ -14129,6 +14129,27 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
fold-dwim-org = callPackage ({ fetchFromGitHub, fetchurl, fold-dwim, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "fold-dwim-org";
|
||||
version = "0.6";
|
||||
src = fetchFromGitHub {
|
||||
owner = "mattfidler";
|
||||
repo = "fold-dwim-org";
|
||||
rev = "c09bb2b46d65afbd1d0febc6fded7495be7a3037";
|
||||
sha256 = "14jvbkahwvv4wb0s9vp8gqmlpv1d4269j5rsjxn79q5pawjzslxw";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/97d22d9feaf521ce576b80d2933ecbc166c1dbe7/recipes/fold-dwim-org";
|
||||
sha256 = "0812p351rzvqcfn00k92nfhlg3y772y4z4b9f0xqnpa935y6harn";
|
||||
name = "fold-dwim-org";
|
||||
};
|
||||
packageRequires = [ fold-dwim ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/fold-dwim-org";
|
||||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
fold-this = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "fold-this";
|
||||
|
@ -14518,12 +14539,12 @@
|
|||
futhark-mode = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "futhark-mode";
|
||||
version = "0.4.0";
|
||||
version = "0.4.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "HIPERFIT";
|
||||
repo = "futhark";
|
||||
rev = "7b3af8ea3d4985682464bfeb174376da8f90c5da";
|
||||
sha256 = "02q6gc7wj02vmxnhh58a6yy5wdjhd2fmk935dh70dl3fs0yqr52p";
|
||||
rev = "784e3147196bfe82ea9499628467335ea1d036f9";
|
||||
sha256 = "07dqqpacvap034jzvdvnpjyryzicbvjx2imnsghsxw9m52jsb9wn";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/0607f01aad7e77d53595ad8db95d32acfd29b148/recipes/futhark-mode";
|
||||
|
@ -14641,22 +14662,22 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
gams-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
gams-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "gams-mode";
|
||||
version = "6.4";
|
||||
version = "6.5";
|
||||
src = fetchFromGitHub {
|
||||
owner = "ShiroTakeda";
|
||||
repo = "gams-mode";
|
||||
rev = "2d6b5c29d84a42421ddc2f7f1e9c3a141d81c31c";
|
||||
sha256 = "0cri329g0b7ywqarg4jlmry574z7v15gdd9j7jnikq1s2jjgnb85";
|
||||
rev = "3022e9f8411628e6a210fb5843d858b15a7513f5";
|
||||
sha256 = "06hc8yy1g2vyvib8yrhwzs8fvgxnrxlw6iyzi7phjp9fgr3cp504";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/c895a716636b00c2a158d33aab18f664a8601833/recipes/gams-mode";
|
||||
sha256 = "0hx9mv4sqskz4nn7aks64hqd4vn3m7b34abzhy9bnmyw6d5zzfci";
|
||||
name = "gams-mode";
|
||||
};
|
||||
packageRequires = [];
|
||||
packageRequires = [ emacs ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/gams-mode";
|
||||
license = lib.licenses.free;
|
||||
|
@ -15103,7 +15124,7 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
git-commit-insert-issue = callPackage ({ bitbucket, fetchFromGitLab, fetchurl, github-issues, gitlab, helm, lib, melpaBuild, projectile, s }:
|
||||
git-commit-insert-issue = callPackage ({ bitbucket, fetchFromGitLab, fetchurl, github-issues, gitlab, lib, melpaBuild, projectile, s }:
|
||||
melpaBuild {
|
||||
pname = "git-commit-insert-issue";
|
||||
version = "0.3.1";
|
||||
|
@ -15111,14 +15132,14 @@
|
|||
owner = "emacs-stuff";
|
||||
repo = "git-commit-insert-issue";
|
||||
rev = "5f08c17bf93b17915415d435ee41923d924fe20b";
|
||||
sha256 = "11my5apnyhdqh0pmq9wdjd1iah415a5nw87sk586cb3vxnbn5qas";
|
||||
sha256 = "1gffjf6byasisa9jdcv9n4n5zqalvzfsxv7z75zl0g3ph7wc7bbm";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/git-commit-insert-issue";
|
||||
sha256 = "0xhlchr7dbm0hp4cjba3x1fdf7lnfc97id327i2fqgkdc4yn9fax";
|
||||
name = "git-commit-insert-issue";
|
||||
};
|
||||
packageRequires = [ bitbucket github-issues gitlab helm projectile s ];
|
||||
packageRequires = [ bitbucket github-issues gitlab projectile s ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/git-commit-insert-issue";
|
||||
license = lib.licenses.free;
|
||||
|
@ -15552,7 +15573,7 @@
|
|||
owner = "joewreschnig";
|
||||
repo = "gitlab-ci-mode";
|
||||
rev = "313431fa5b8b5ce4512909dfc15675bb99395f6f";
|
||||
sha256 = "0zdj3f0a5fg4vwhbv851jv4fs1dqfz2w4jsxqbri2zhzdjxc97vn";
|
||||
sha256 = "0wjz87nhcwzp201jxv3qlj88hn7p8nvq20924y06gra2d656znar";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/d7915ddcf21fdec539a86bb86c209cf0bbd378cb/recipes/gitlab-ci-mode";
|
||||
|
@ -15573,7 +15594,7 @@
|
|||
owner = "joewreschnig";
|
||||
repo = "gitlab-ci-mode-flycheck";
|
||||
rev = "388fd05f3ea88ed3ebafb09868fc021f6ecc7625";
|
||||
sha256 = "0idpg4265rfx5i0i8cgfs6w3gncc766mbg81ldxqjhzvq3n28z39";
|
||||
sha256 = "111clb37329c7v0lv1lwypb8bv7qb9f495f2cy45j2n711vymdna";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/d7915ddcf21fdec539a86bb86c209cf0bbd378cb/recipes/gitlab-ci-mode-flycheck";
|
||||
|
@ -16668,6 +16689,27 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
grep-context = callPackage ({ cl-lib ? null, dash, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "grep-context";
|
||||
version = "0.1.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "mkcms";
|
||||
repo = "grep-context";
|
||||
rev = "4c63d0f2654dee1e249c2054d118d674a757bd45";
|
||||
sha256 = "0n2bc9q6bvbfpaqivp3ajy9ad1wr7hfdd98qhnspsap67p73kfn4";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/41dbaf627ae4ef86c222d2b6b5d3523fdb9a4637/recipes/grep-context";
|
||||
sha256 = "175s9asbnk2wlgpzc5izcd3vlfvdj064n38myy9qf4awn12c2y1g";
|
||||
name = "grep-context";
|
||||
};
|
||||
packageRequires = [ cl-lib dash emacs ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/grep-context";
|
||||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
grin = callPackage ({ fetchhg, fetchurl, lib, melpaBuild }: melpaBuild {
|
||||
pname = "grin";
|
||||
version = "1.0";
|
||||
|
@ -17010,7 +17052,7 @@
|
|||
owner = "iain";
|
||||
repo = "hamburger-menu-mode";
|
||||
rev = "fd37f013c2f2619a88d3ed5311a9d1308cc82614";
|
||||
sha256 = "196ydb57h4mjagjaiflvb20my561i6mdc6v6694ibdik2yns2inm";
|
||||
sha256 = "1nykpp8afa0c0wiax1qn8wf5hfjaixk5kn4yhcw40z00pb8i2z5f";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/e8017730403cc0e613e3939017f85074753c3778/recipes/hamburger-menu";
|
||||
|
@ -18306,12 +18348,12 @@
|
|||
helm-org-rifle = callPackage ({ dash, emacs, f, fetchFromGitHub, fetchurl, helm, lib, melpaBuild, s }:
|
||||
melpaBuild {
|
||||
pname = "helm-org-rifle";
|
||||
version = "1.5.0";
|
||||
version = "1.5.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "alphapapa";
|
||||
repo = "helm-org-rifle";
|
||||
rev = "68f01726795ca3054cfc6327dcdb22c9c83dfdfa";
|
||||
sha256 = "0vak9phqgxz5dk1zj3i4cs94y797h77qadirsf33gl073cg95l8a";
|
||||
rev = "ecf5ad53bef572e38d8c8d93b516f8eab8c4dfe5";
|
||||
sha256 = "14020ws87m64bfxqw30c9hc88zb7w4kxs5svd2a10y00lgrg2m93";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/f39cc94dde5aaf0d6cfea5c98dd52cdb0bcb1615/recipes/helm-org-rifle";
|
||||
|
@ -19962,27 +20004,6 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
ido-ubiquitous = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, ido-completing-read-plus, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "ido-ubiquitous";
|
||||
version = "4.7";
|
||||
src = fetchFromGitHub {
|
||||
owner = "DarwinAwardWinner";
|
||||
repo = "ido-completing-read-plus";
|
||||
rev = "51861afe385f59f3262ee40acbe772ccb3dd52e7";
|
||||
sha256 = "0hspgk8m4acyhpcldwg3xqla9xp3fjrhf37cnjp45j1b3h94x3iy";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/6104efc035bcf469d133ab9a2caf42c9d4482334/recipes/ido-ubiquitous";
|
||||
sha256 = "11sdk0ymsqnsw1gycvq2wj4j0g502fp23qk6q9d95lm98nz68frz";
|
||||
name = "ido-ubiquitous";
|
||||
};
|
||||
packageRequires = [ cl-lib ido-completing-read-plus ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/ido-ubiquitous";
|
||||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
ido-vertical-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "ido-vertical-mode";
|
||||
|
@ -22440,12 +22461,12 @@
|
|||
langtool = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "langtool";
|
||||
version = "1.6.0";
|
||||
version = "2.0.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "mhayashi1120";
|
||||
repo = "Emacs-langtool";
|
||||
rev = "d976e4f0cadb2309b798540429558936f8f45889";
|
||||
sha256 = "1qlgd5i8jngsq754jm44gb46p5y6j2cccacg72aklvwajay0adyh";
|
||||
rev = "d93286722cff3fecf8641a4a6c3b0691f30362fe";
|
||||
sha256 = "17xa055705n4jb7nafqvqgl0a6fdaxp3b3q8q0gsv5vzycsc74ga";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/503845e79e67c921f1fde31447f3dd4da2b6f993/recipes/langtool";
|
||||
|
@ -22487,7 +22508,7 @@
|
|||
owner = "latex-math-preview";
|
||||
repo = "latex-math-preview";
|
||||
rev = "c1c87c4c5501f98b97af19f7e3454a2369265edc";
|
||||
sha256 = "118xrgrnwsmsysmframf6bmb0gkrdrm3jbkgivzxs41cw92fhbzw";
|
||||
sha256 = "1mp6bpl8992pi40vs6b86q922h4z8879mrjalldv5dyz57ym5fsq";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/9e413b7684e9199510b00035825aa861d670e072/recipes/latex-math-preview";
|
||||
|
@ -23610,12 +23631,12 @@
|
|||
magit-org-todos = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, magit, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "magit-org-todos";
|
||||
version = "0.1.1";
|
||||
version = "0.1.2";
|
||||
src = fetchFromGitHub {
|
||||
owner = "danielma";
|
||||
repo = "magit-org-todos.el";
|
||||
rev = "d772f5220037cb7ad049250df2671e488c65da94";
|
||||
sha256 = "19m1p8z016mqxj2b29961rnbjclxcpspx5bkmqhrwhfysyvcjqg5";
|
||||
rev = "0bfa36bbc50e62de0a3406031cb93e2f57dcdc55";
|
||||
sha256 = "07r5x256k1fjjxs1yfg41kc94nwvnjlk2vvknkra3j8v9p0j88m7";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/84480cad490cab2f087a484ed7b9d3d3064bbd29/recipes/magit-org-todos";
|
||||
|
@ -26056,7 +26077,7 @@
|
|||
owner = "esessoms";
|
||||
repo = "nofrils-theme";
|
||||
rev = "7825f88cb881a84eaa5cd1689772819a18eb2943";
|
||||
sha256 = "009did3i3i8yi0virq606l02w1mw0gdyiqablqg7m368gx0gfvh5";
|
||||
sha256 = "1aslhxk5mp6khf66ac4c441vywhiqpb4kyajagb8b1p10z8hrqva";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/c59ddaa5e41d3c25c446b1ed1905d7f88b448e0a/recipes/nofrils-acme-theme";
|
||||
|
@ -27318,12 +27339,12 @@
|
|||
org-index = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "org-index";
|
||||
version = "5.8.7";
|
||||
version = "5.8.8";
|
||||
src = fetchFromGitHub {
|
||||
owner = "marcihm";
|
||||
repo = "org-index";
|
||||
rev = "2cbd9da2c7a6e4039e32665675370ae4e2b8e6cb";
|
||||
sha256 = "10gm329bnbzjr8d0syw90iniann46mb5mirviy9r2q9w6xqjkbd0";
|
||||
rev = "0dfe0a67979279345378ca006ab4f727df378aca";
|
||||
sha256 = "16wjzskq000grkanaw9zca2qbw9yzpndhfd2g0b0if2mf1g31mkv";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/54946e733901986304f7a7a5139b2818ebf97eb3/recipes/org-index";
|
||||
|
@ -31061,7 +31082,7 @@
|
|||
owner = "elzair";
|
||||
repo = "punctuality-logger";
|
||||
rev = "708cae8e67dbae293c7c4be0ca5e49d76fac6714";
|
||||
sha256 = "1v48i37iqrrwbyy3bscicfq66vbbml4sg0f0n950bnk0qagjx8py";
|
||||
sha256 = "1bkkgs2agy00wivilljkj3a9fsb2ba935icjmhbk46zjc6yf3y6q";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/76ac7178ee5381e08ae881f3fc6061106eeb1c1d/recipes/punctuality-logger";
|
||||
|
@ -31418,7 +31439,7 @@
|
|||
owner = "python-mode-devs";
|
||||
repo = "python-mode";
|
||||
rev = "a0a534639bc6142c2c2f44bd7ca5878ad5f79518";
|
||||
sha256 = "0sj2hfjwpcdg9djsgl3y5aa3gnvl4s87477x6a9d14m11db3p7ml";
|
||||
sha256 = "173i3k0nvjri1g1mkgkc2i9c9mpnsvxf1ldmm12yhadl5gl2ah07";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/82861e1ab114451af5e1106d53195afd3605448a/recipes/python-mode";
|
||||
|
@ -31543,6 +31564,27 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
ql = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "ql";
|
||||
version = "1.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "ieure";
|
||||
repo = "ql-el";
|
||||
rev = "c885d125d8972374b408f6eddf031e44dc6fa0c6";
|
||||
sha256 = "1l1jdvz1913m03ikcf9g3dsraaajqac1kzfy9c9xhzx8w7bbl80c";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/475bd8fd66c6d5b5c7e74aa2c4e094d313cc8303/recipes/ql";
|
||||
sha256 = "0wxjblqacs5nx2hyh7r6rlv1yngbhn6phn5rni4dw2dms98zj34z";
|
||||
name = "ql";
|
||||
};
|
||||
packageRequires = [ emacs ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/ql";
|
||||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
qml-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "qml-mode";
|
||||
|
@ -32539,12 +32581,12 @@
|
|||
rg = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, s }:
|
||||
melpaBuild {
|
||||
pname = "rg";
|
||||
version = "1.4.3";
|
||||
version = "1.5.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "dajva";
|
||||
repo = "rg.el";
|
||||
rev = "63226e8c93e55538855c9b24bfa03c86dc23b79d";
|
||||
sha256 = "1zzh2cf6lsrsh6nzlcfxqs4il9dw5fc70x5apvrvp08mpqdzcj1r";
|
||||
rev = "d50bd106275f3ef7f77d0147857412fb065eef47";
|
||||
sha256 = "0zjhak534j1n03z6p9wjmgc48yy40icrp2x8y9vbvg4hgx8xh9lm";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/9ce1f721867383a841957370946f283f996fa76f/recipes/rg";
|
||||
|
@ -33941,7 +33983,7 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
shrink-path = callPackage ({ dash, f, fetchFromGitLab, fetchurl, lib, melpaBuild, s }:
|
||||
shrink-path = callPackage ({ dash, emacs, f, fetchFromGitLab, fetchurl, lib, melpaBuild, s }:
|
||||
melpaBuild {
|
||||
pname = "shrink-path";
|
||||
version = "0.3.1";
|
||||
|
@ -33949,14 +33991,14 @@
|
|||
owner = "bennya";
|
||||
repo = "shrink-path.el";
|
||||
rev = "9b8cfb59a2dcee8b39b680ab9adad5ecb1f53c0b";
|
||||
sha256 = "0kx0c4syd7k6ff9j463bib32pz4wq0rzjlg6b0yqnymlzfr1mbki";
|
||||
sha256 = "021bpgpzysag1s11m9pyq2bk6a0mf9ayx10yxhf5cw56x3d0jj1b";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/86b0d105e8a57d5f0bcde779441dc80b85e170ea/recipes/shrink-path";
|
||||
sha256 = "0fq13c6g7qbq6f2ry9dzdyg1f6p41wimkjcdaj177rnilz77alzb";
|
||||
name = "shrink-path";
|
||||
};
|
||||
packageRequires = [ dash f s ];
|
||||
packageRequires = [ dash emacs f s ];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/shrink-path";
|
||||
license = lib.licenses.free;
|
||||
|
@ -35327,6 +35369,27 @@
|
|||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
srcery-theme = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "srcery-theme";
|
||||
version = "0.1.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "roosta";
|
||||
repo = "emacs-srcery";
|
||||
rev = "385809e78a2494ee617782430415048d91a11444";
|
||||
sha256 = "1r6k042jipqz04nlr9gfpq6p80k33k4aqxsn03p1sicnpakzpixg";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/1df48441ecf6abd272ff154722b9ce0e2546c284/recipes/srcery-theme";
|
||||
sha256 = "1r8srxhznli3sskwppk7fyapyx0qixagkwm0fllgsbm4nwkzq9pn";
|
||||
name = "srcery-theme";
|
||||
};
|
||||
packageRequires = [];
|
||||
meta = {
|
||||
homepage = "https://melpa.org/#/srcery-theme";
|
||||
license = lib.licenses.free;
|
||||
};
|
||||
}) {};
|
||||
srefactor = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "srefactor";
|
||||
|
@ -36861,12 +36924,12 @@
|
|||
tidal = callPackage ({ emacs, fetchFromGitHub, fetchurl, haskell-mode, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "tidal";
|
||||
version = "0.9.7";
|
||||
version = "0.9.8";
|
||||
src = fetchFromGitHub {
|
||||
owner = "tidalcycles";
|
||||
repo = "Tidal";
|
||||
rev = "ef658d3df0604f3dec955a150509ec1cc68fbd98";
|
||||
sha256 = "1ild1gnbcrw830b8d3byvqlmgm27609dgailmxgin6z7g1pg4r7z";
|
||||
rev = "f8af7bdbda547ebd12cf5c0ee1327f33cd9aa93f";
|
||||
sha256 = "0y7a4bxsgpbg1sbsi4xdp4k9x3l0vh7acm5i3k87acpcpfb9aq5y";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/16a26659a16199b5bb066be6e5c4a40419bda018/recipes/tidal";
|
||||
|
@ -37769,12 +37832,12 @@
|
|||
uptimes = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
|
||||
melpaBuild {
|
||||
pname = "uptimes";
|
||||
version = "3.5";
|
||||
version = "3.6";
|
||||
src = fetchFromGitHub {
|
||||
owner = "davep";
|
||||
repo = "uptimes.el";
|
||||
rev = "07bcd6517243c9c9f61172202d33718bd9b2a850";
|
||||
sha256 = "0n416p47j4cl84lq8wcgmkagkws7a9n4g9307v1s91s2gqmfia3n";
|
||||
rev = "5e81f8bb419836602819045e7d5a74b76ad3e69c";
|
||||
sha256 = "04l452k249s3ilfj0da0k7rrfyjnxxdsipa2al46xqjds8l3h2rn";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/72099e35ce3e34ec6afc6a3f87a4da07ec91499a/recipes/uptimes";
|
||||
|
@ -38173,7 +38236,7 @@
|
|||
owner = "iankelling";
|
||||
repo = "visible-mark";
|
||||
rev = "c1852e13b6b61982738b56977a452ec9026faf1b";
|
||||
sha256 = "15zdbvv6c114mv6hdq375l7ax70sss06p9d7m86hgssc3kiv9vsv";
|
||||
sha256 = "1rsi9irv9i03627cmfaqz03f9cvpm7555ga8n2gs622lzp6bb3jf";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/76ac7178ee5381e08ae881f3fc6061106eeb1c1d/recipes/visible-mark";
|
||||
|
@ -40217,7 +40280,7 @@
|
|||
owner = "egh";
|
||||
repo = "zotxt-emacs";
|
||||
rev = "43c0c6d23b31126bac6b14bb85608180fd9c866f";
|
||||
sha256 = "0qksa67aazs9vx7v14nlakr34z6l0h6mhfzi2c0vhrr0c210r6hp";
|
||||
sha256 = "1hz1m4190yi6knz3y088ql8wy3pmsl8lsznqby2vpnn9p74fvl37";
|
||||
};
|
||||
recipeFile = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/milkypostman/melpa/b633453e77a719f6b6b6564e66c1c1260db38aa6/recipes/zotxt";
|
||||
|
|
|
@ -96,6 +96,9 @@ self:
|
|||
# Expects bash to be at /bin/bash
|
||||
flycheck-rtags = markBroken super.flycheck-rtags;
|
||||
|
||||
# upstream issue: missing dependency
|
||||
fold-dwim-org = markBroken super.fold-dwim-org;
|
||||
|
||||
# build timeout
|
||||
graphene = markBroken super.graphene;
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue