mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 22:50:49 +00:00
Code Issues Wiki Activity

Fix conflict, Merge branch 'master' of github.com:NixOS/nixpkgs into redis-3.0.2

Browse source
This commit is contained in:
Dario Bertini 2015-06-22 12:20:02 +01:00
parent 0ed91e1c4d 88f4b75a00
commit 1e40c2347a
No known key found for this signature in database
GPG key ID: B002EFE5F9B7F7F4
732 changed files with 31546 additions and 16327 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,69 @@
# How to contribute
## Opening issues
* Make sure you have a [GitHub account](https://github.com/signup/free)
* [Submit an issue](https://github.com/NixOS/nixpkgs/issues) - assuming one does not already exist.
* Clearly describe the issue including steps to reproduce when it is a bug.
* Include information what version of nixpkgs and Nix are you using (nixos-version or git revision).
## Making patches
* Read [Manual (How to write packages for Nix)](https://nixos.org/nixpkgs/manual/).
* Fork the repository on GitHub.
* Create a branch for your future fix.
* You can make branch from a commit of your local `nixos-version`. That will help you to avoid additional local compilations. Because you will recieve packages from binary cache.
* For example: `nixos-version` returns `15.05.git.0998212 (Dingo)`. So you can do:
```bash
git checkout 0998212
git checkout -b 'fix/pkg-name-update'
```
* Please avoid working directly on the `master` branch.
* Make commits of logical units.
* If you removed pkgs, made some major NixOS changes etc., write about them in `nixos/doc/manual/release-notes/rl-unstable.xml`.
* Check for unnecessary whitespace with `git diff --check` before committing.
* Format the commit in a following way:
```
(pkg-name | service-name): (from -> to | init at version | refactor | etc)
Additional information.
```
* Examples:
* `nginx: init at 2.0.1`
* `firefox: 3.0 -> 3.1.1`
* `hydra service: add bazBaz option`
* `nginx service: refactor config generation`
* Test your changes. If you work with
* nixpkgs:
* update pkg ->
* `nix-env -i pkg-name -f <path to your local nixpkgs folder>`
* add pkg ->
* Make sure it's in `pkgs/top-level/all-packages.nix`
* `nix-env -i pkg-name -f <path to your local nixpkgs folder>`
* _If you don't want to install pkg in you profile_.
* `nix-build -A pkg-attribute-name <path to your local nixpkgs folder>/default.nix` and check results in the folder `result`. It will appear in the same directory where you did `nix-build`.
* If you did `nix-env -i pkg-name` you can do `nix-env -e pkg-name` to uninstall it from your system.
* NixOS and its modules:
* You can add new module to your NixOS configuration file (usually it's `/etc/nixos/configuration.nix`).
And do `sudo nixos-rebuild test -I nixpkgs=<path to your local nixpkgs folder> --fast`.
* If you have commits `pkg-name: oh, forgot to insert whitespace`: squash commits in this case. Use `git rebase -i`.
* Rebase you branch against current `master`.
## Submitting changes
* Push your changes to your fork of nixpkgs.
* Create pull request:
* Write the title in format `(pkg-name | service): improvement`.
* If you update the pkg, write versions `from -> to`.
* Write in comment if you have tested your patch. Do not rely much on `TravisCI`.
* If you make an improvement, write about your motivation.
* Notify maintainers of the package. For example add to the message: `cc @jagajaga @domenkozar`.
## Hotfixing pull requests
* Make the appropriate changes in you branch.
* Don't create additional commits, do
* `git rebase -i`
* `git push --force` to your branch.

3
README.md
View file

@ -40,6 +40,3 @@ Communication:
* [Mailing list](http://lists.science.uu.nl/mailman/listinfo/nix-dev)
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
---
[![Throughput Graph](https://graphs.waffle.io/nixos/nixpkgs/throughput.svg)](https://waffle.io/nixos/nixpkgs/metrics)

9
doc/coding-conventions.xml
View file

@ -451,12 +451,17 @@ splitting up an existing category.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>If its a <emphasis>desktop environment</emphasis>
(including <emphasis>window managers</emphasis>):</term>
<term>If its a <emphasis>desktop environment</emphasis>:</term>
<listitem>
<para><filename>desktops</filename> (e.g. <filename>kde</filename>, <filename>gnome</filename>, <filename>enlightenment</filename>)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>If its a <emphasis>window manager</emphasis>:</term>
<listitem>
<para><filename>applications/window-managers</filename> (e.g. <filename>awesome</filename>, <filename>compiz</filename>, <filename>stumpwm</filename>)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>If its an <emphasis>application</emphasis>:</term>
<listitem>

757
doc/haskell-users-guide.xml Normal file
View file

@ -0,0 +1,757 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="users-guide-to-the-haskell-infrastructure">
<title>User's Guide to the Haskell Infrastructure</title>
<section xml:id="how-to-install-haskell-packages">
<title>How to install Haskell packages</title>
<para>
Nixpkgs distributes build instructions for all Haskell packages
registered on
<link xlink:href="http://hackage.haskell.org/">Hackage</link>, but
strangely enough normal Nix package lookups don't seem to discover
any of them:
</para>
<programlisting>
$ nix-env -qa cabal-install
error: selector cabal-install matches no derivations
$ nix-env -i ghc
error: selector ghc matches no derivations
</programlisting>
<para>
The Haskell package set is not registered in the top-level namespace
because it is <emphasis>huge</emphasis>. If all Haskell packages
were visible to these commands, then name-based search/install
operations would be much slower than they are now. We avoided that
by keeping all Haskell-related packages in a separate attribute set
called <literal>haskellPackages</literal>, which the following
command will list:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskellPackages
haskellPackages.a50 a50-0.5
haskellPackages.abacate haskell-abacate-0.0.0.0
haskellPackages.abcBridge haskell-abcBridge-0.12
haskellPackages.afv afv-0.1.1
haskellPackages.alex alex-3.1.4
haskellPackages.Allure Allure-0.4.101.1
haskellPackages.alms alms-0.6.7
[... some 8000 entries omitted ...]
</programlisting>
<para>
To install any of those packages into your profile, refer to them by
their attribute path (first column):
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.Allure ...
</programlisting>
<para>
The attribute path of any Haskell packages corresponds to the name
of that particular package on Hackage: the package
<literal>cabal-install</literal> has the attribute
<literal>haskellPackages.cabal-install</literal>, and so on.
(Actually, this convention causes trouble with packages like
<literal>3dmodels</literal> and <literal>4Blocks</literal>, because
these names are invalid identifiers in the Nix language. The issue
of how to deal with these rare corner cases is currently
unresolved.)
</para>
<para>
Haskell packages who's Nix name (second column) begins with a
<literal>haskell-</literal> prefix are packages that provide a
library whereas packages without that prefix provide just
executables. Libraries may provide executables too, though: the
package <literal>haskell-pandoc</literal>, for example, installs
both a library and an application. You can install and use Haskell
executables just like any other program in Nixpkgs, but using
Haskell libraries for development is a bit trickier and we'll
address that subject in great detail in section
<link linkend="how-to-create-a-development-environment">How to
create a development environment</link>.
</para>
<para>
Attribute paths are deterministic inside of Nixpkgs, but the path
necessary to reach Nixpkgs varies from system to system. We dodged
that problem by giving <literal>nix-env</literal> an explicit
<literal>-f &quot;&lt;nixpkgs&gt;&quot;</literal> parameter, but if
you call <literal>nix-env</literal> without that flag, then chances
are the invocation fails:
</para>
<programlisting>
$ nix-env -iA haskellPackages.cabal-install
error: attribute haskellPackages in selection path
haskellPackages.cabal-install not found
</programlisting>
<para>
On NixOS, for example, Nixpkgs does <emphasis>not</emphasis> exist
in the top-level namespace by default. To figure out the proper
attribute path, it's easiest to query for the path of a well-known
Nixpkgs package, i.e.:
</para>
<programlisting>
$ nix-env -qaP coreutils
nixos.pkgs.coreutils coreutils-8.23
</programlisting>
<para>
If your system responds like that (most NixOS installatios will),
then the attribute path to <literal>haskellPackages</literal> is
<literal>nixos.pkgs.haskellPackages</literal>. Thus, if you want to
use <literal>nix-env</literal> without giving an explicit
<literal>-f</literal> flag, then that's the way to do it:
</para>
<programlisting>
$ nix-env -qaP -A nixos.pkgs.haskellPackages
$ nix-env -iA nixos.pkgs.haskellPackages.cabal-install
</programlisting>
<para>
Our current default compiler is GHC 7.10.x and the
<literal>haskellPackages</literal> set contains packages built with
that particular version. Nixpkgs contains the latest major release
of every GHC since 6.10.4, however, and there is a whole family of
package sets available that defines Hackage packages built with each
of those compilers, too:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskell.packages.ghc6123
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskell.packages.ghc763
</programlisting>
<para>
The name <literal>haskellPackages</literal> is really just a synonym
for <literal>haskell.packages.ghc7101</literal>, because we prefer
that package set internally and recommend it to our users as their
default choice, but ultimately you are free to compile your Haskell
packages with any GHC version you please. The following command
displays the complete list of available compilers:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskell.compiler
haskell.compiler.ghc6104 ghc-6.10.4
haskell.compiler.ghc6123 ghc-6.12.3
haskell.compiler.ghc704 ghc-7.0.4
haskell.compiler.ghc722 ghc-7.2.2
haskell.compiler.ghc742 ghc-7.4.2
haskell.compiler.ghc763 ghc-7.6.3
haskell.compiler.ghc784 ghc-7.8.4
haskell.compiler.ghc7101 ghc-7.10.1
haskell.compiler.ghcHEAD ghc-7.11.20150402
haskell.compiler.ghcjs ghcjs-0.1.0
haskell.compiler.jhc jhc-0.8.2
haskell.compiler.uhc uhc-1.1.9.0
</programlisting>
<para>
We have no package sets for <literal>jhc</literal> or
<literal>uhc</literal> yet, unfortunately, but for every version of
GHC listed above, there exists a package set based on that compiler.
Also, the attributes <literal>haskell.compiler.ghcXYC</literal> and
<literal>haskell.packages.ghcXYC.ghc</literal> are synonymous for
the sake of convenience.
</para>
</section>
<section xml:id="how-to-create-a-development-environment">
<title>How to create a development environment</title>
<section xml:id="how-to-install-a-compiler">
<title>How to install a compiler</title>
<para>
A simple development environment consists of a Haskell compiler
and the tool <literal>cabal-install</literal>, and we saw in
section <link linkend="how-to-install-haskell-packages">How to
install Haskell packages</link> how you can install those programs
into your user profile:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.ghc haskellPackages.cabal-install
</programlisting>
<para>
Instead of the default package set
<literal>haskellPackages</literal>, you can also use the more
precise name <literal>haskell.compiler.ghc7101</literal>, which
has the advantage that it refers to the same GHC version
regardless of what Nixpkgs considers &quot;default&quot; at any
given time.
</para>
<para>
Once you've made those tools available in
<literal>$PATH</literal>, it's possible to build Hackage packages
the same way people without access to Nix do it all the time:
</para>
<programlisting>
$ cabal get lens-4.11 &amp;&amp; cd lens-4.11
$ cabal install -j --dependencies-only
$ cabal configure
$ cabal build
</programlisting>
<para>
If you enjoy working with Cabal sandboxes, then that's entirely
possible too: just execute the command
</para>
<programlisting>
$ cabal sandbox init
</programlisting>
<para>
before installing the required dependencies.
</para>
<para>
The <literal>nix-shell</literal> utility makes it easy to switch
to a different compiler version; just enter the Nix shell
environment with the command
</para>
<programlisting>
$ nix-shell -p haskell.compiler.ghc784
</programlisting>
<para>
to bring GHC 7.8.4 into <literal>$PATH</literal>. Re-running
<literal>cabal configure</literal> switches your build to use that
compiler instead. If you're working on a project that doesn't
depend on any additional system libraries outside of GHC, then
it's sufficient even to run the <literal>cabal configure</literal>
command inside of the shell:
</para>
<programlisting>
$ nix-shell -p haskell.compiler.ghc784 --command &quot;cabal configure&quot;
</programlisting>
<para>
Afterwards, all other commands like <literal>cabal build</literal>
work just fine in any shell environment, because the configure
phase recorded the absolute paths to all required tools like GHC
in its build configuration inside of the <literal>dist/</literal>
directory. Please note, however, that
<literal>nix-collect-garbage</literal> can break such an
environment because the Nix store paths created by
<literal>nix-shell</literal> aren't &quot;alive&quot; anymore once
<literal>nix-shell</literal> has terminated. If you find that your
Haskell builds no longer work after garbage collection, then
you'll have to re-run <literal>cabal configure</literal> inside of
a new <literal>nix-shell</literal> environment.
</para>
</section>
<section xml:id="how-to-install-a-compiler-with-libraries">
<title>How to install a compiler with libraries</title>
<para>
GHC expects to find all installed libraries inside of its own
<literal>lib</literal> directory. This approach works fine on
traditional Unix systems, but it doesn't work for Nix, because
GHC's store path is immutable once it's built. We cannot install
additional libraries into that location. As a consequence, our
copies of GHC don't know any packages except their own core
libraries, like <literal>base</literal>,
<literal>containers</literal>, <literal>Cabal</literal>, etc.
</para>
<para>
We can register additional libraries to GHC, however, using a
special build function called <literal>ghcWithPackages</literal>.
That function expects one argument: a function that maps from an
attribute set of Haskell packages to a list of packages, which
determines the libraries known to that particular version of GHC.
For example, the Nix expression
<literal>ghcWithPackages (pkgs: [pkgs.mtl])</literal> generates a
copy of GHC that has the <literal>mtl</literal> library registered
in addition to its normal core packages:
</para>
<programlisting>
$ nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: [pkgs.mtl])&quot;
[nix-shell:~]$ ghc-pkg list mtl
/nix/store/zy79...-ghc-7.10.1/lib/ghc-7.10.1/package.conf.d:
mtl-2.2.1
</programlisting>
<para>
This function allows users to define their own development
environment by means of an override. After adding the following
snippet to <literal>~/.nixpkgs/config.nix</literal>,
</para>
<programlisting>
{
packageOverrides = super: let self = super.pkgs; in
{
myHaskellEnv = self.haskell.packages.ghc7101.ghcWithPackages
(haskellPackages: with haskellPackages; [
# libraries
arrows async cgi criterion
# tools
cabal-install haskintex
]);
};
}
</programlisting>
<para>
it's possible to install that compiler with
<literal>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA myHaskellEnv</literal>.
If you'd like to switch that development environment to a
different version of GHC, just replace the
<literal>ghc7101</literal> bit in the previous definition with the
appropriate name. Of course, it's also possible to define any
number of these development environments! (You can't install two
of them into the same profile at the same time, though, because
that would result in file conflicts.)
</para>
<para>
The generated <literal>ghc</literal> program is a wrapper script
that re-directs the real GHC executable to use a new
<literal>lib</literal> directory --- one that we specifically
constructed to contain all those packages the user requested:
</para>
<programlisting>
$ cat $(type -p ghc)
#! /nix/store/xlxj...-bash-4.3-p33/bin/bash -e
export NIX_GHC=/nix/store/19sm...-ghc-7.10.1/bin/ghc
export NIX_GHCPKG=/nix/store/19sm...-ghc-7.10.1/bin/ghc-pkg
export NIX_GHC_DOCDIR=/nix/store/19sm...-ghc-7.10.1/share/doc/ghc/html
export NIX_GHC_LIBDIR=/nix/store/19sm...-ghc-7.10.1/lib/ghc-7.10.1
exec /nix/store/j50p...-ghc-7.10.1/bin/ghc &quot;-B$NIX_GHC_LIBDIR&quot; &quot;$@&quot;
</programlisting>
<para>
The variables <literal>$NIX_GHC</literal>,
<literal>$NIX_GHCPKG</literal>, etc. point to the
<emphasis>new</emphasis> store path
<literal>ghcWithPackages</literal> constructed specifically for
this environment. The last line of the wrapper script then
executes the real <literal>ghc</literal>, but passes the path to
the new <literal>lib</literal> directory using GHC's
<literal>-B</literal> flag.
</para>
<para>
The purpose of those environment variables is to work around an
impurity in the popular
<link xlink:href="http://hackage.haskell.org/package/ghc-paths">ghc-paths</link>
library. That library promises to give its users access to GHC's
installation paths. Only, the library can't possible know that
path when it's compiled, because the path GHC considers its own is
determined only much later, when the user configures it through
<literal>ghcWithPackages</literal>. So we
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/ghc-paths-nix.patch">patched
ghc-paths</link> to return the paths found in those environment
variables at run-time rather than trying to guess them at
compile-time.
</para>
<para>
To make sure that mechanism works properly all the time, we
recommend that you set those variables to meaningful values in
your shell environment, too, i.e. by adding the following code to
your <literal>~/.bashrc</literal>:
</para>
<programlisting>
if type &gt;/dev/null 2&gt;&amp;1 -p ghc; then
eval &quot;$(egrep ^export &quot;$(type -p ghc)&quot;)&quot;
fi
</programlisting>
<para>
If you are certain that you'll use only one GHC environment which
is located in your user profile, then you can use the following
code, too, which has the advantage that it doesn't contain any
paths from the Nix store, i.e. those settings always remain valid
even if a <literal>nix-env -u</literal> operation updates the GHC
environment in your profile:
</para>
<programlisting>
if [ -e ~/.nix-profile/bin/ghc ]; then
export NIX_GHC=&quot;$HOME/.nix-profile/bin/ghc&quot;
export NIX_GHCPKG=&quot;$HOME/.nix-profile/bin/ghc-pkg&quot;
export NIX_GHC_DOCDIR=&quot;$HOME/.nix-profile/share/doc/ghc/html&quot;
export NIX_GHC_LIBDIR=&quot;$HOME/.nix-profile/lib/ghc-$($NIX_GHC --numeric-version)&quot;
fi
</programlisting>
</section>
<section xml:id="how-to-create-ad-hoc-environments-for-nix-shell">
<title>How to create ad hoc environments for
<literal>nix-shell</literal></title>
<para>
The easiest way to create an ad hoc development environment is to
run <literal>nix-shell</literal> with the appropriate GHC
environment given on the command-line:
</para>
<programlisting>
nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: with pkgs; [mtl pandoc])&quot;
</programlisting>
<para>
For more sophisticated use-cases, however, it's more convenient to
save the desired configuration in a file called
<literal>shell.nix</literal> that looks like this:
</para>
<programlisting>
{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7101&quot; }:
let
inherit (nixpkgs) pkgs;
ghc = pkgs.haskell.packages.${compiler}.ghcWithPackages (ps: with ps; [
monad-par mtl
]);
in
pkgs.stdenv.mkDerivation {
name = &quot;my-haskell-env-0&quot;;
buildInputs = [ ghc ];
shellHook = &quot;eval $(egrep ^export ${ghc}/bin/ghc)&quot;;
}
</programlisting>
<para>
Now run <literal>nix-shell</literal> --- or even
<literal>nix-shell --pure</literal> --- to enter a shell
environment that has the appropriate compiler in
<literal>$PATH</literal>. If you use <literal>--pure</literal>,
then add all other packages that your development environment
needs into the <literal>buildInputs</literal> attribute. If you'd
like to switch to a different compiler version, then pass an
appropriate <literal>compiler</literal> argument to the
expression, i.e.
<literal>nix-shell --argstr compiler ghc784</literal>.
</para>
<para>
If you need such an environment because you'd like to compile a
Hackage package outside of Nix --- i.e. because you're hacking on
the latest version from Git ---, then the package set provides
suitable nix-shell environments for you already! Every Haskell
package has an <literal>env</literal> attribute that provides a
shell environment suitable for compiling that particular package.
If you'd like to hack the <literal>lens</literal> library, for
example, then you just have to check out the source code and enter
the appropriate environment:
</para>
<programlisting>
$ cabal get lens-4.11 &amp;&amp; cd lens-4.11
Downloading lens-4.11...
Unpacking to lens-4.11/
$ nix-shell &quot;&lt;nixpkgs&gt;&quot; -A haskellPackages.lens.env
[nix-shell:/tmp/lens-4.11]$
</programlisting>
<para>
At point, you can run <literal>cabal configure</literal>,
<literal>cabal build</literal>, and all the other development
commands. Note that you need <literal>cabal-install</literal>
installed in your <literal>$PATH</literal> already to use it here
--- the <literal>nix-shell</literal> environment does not provide
it.
</para>
</section>
</section>
<section xml:id="how-to-create-nix-builds-for-your-own-private-haskell-packages">
<title>How to create Nix builds for your own private Haskell
packages</title>
<para>
If your own Haskell packages have build instructions for Cabal, then
you can convert those automatically into build instructions for Nix
using the <literal>cabal2nix</literal> utility, which you can
install into your profile by running
<literal>nix-env -i cabal2nix</literal>.
</para>
<section xml:id="how-to-build-a-stand-alone-project">
<title>How to build a stand-alone project</title>
<para>
For example, let's assume that you're working on a private project
called <literal>foo</literal>. To generate a Nix build expression
for it, change into the project's top-level directory and run the
command:
</para>
<programlisting>
$ cabal2nix . &gt;foo.nix
</programlisting>
<para>
Then write the following snippet into a file called
<literal>default.nix</literal>:
</para>
<programlisting>
{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7101&quot; }:
nixpkgs.pkgs.haskell.packages.${compiler}.callPackage ./foo.nix { }
</programlisting>
<para>
Finally, store the following code in a file called
<literal>shell.nix</literal>:
</para>
<programlisting>
{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7101&quot; }:
(import ./default.nix { inherit nixpkgs compiler; }).env
</programlisting>
<para>
At this point, you can run <literal>nix-build</literal> to have
Nix compile your project and install it into a Nix store path. The
local directory will contain a symlink called
<literal>result</literal> after <literal>nix-build</literal>
returns that points into that location. Of course, passing the
flag <literal>--argstr compiler ghc763</literal> allows switching
the build to any version of GHC currently supported.
</para>
<para>
Furthermore, you can call <literal>nix-shell</literal> to enter an
interactive development environment in which you can use
<literal>cabal configure</literal> and
<literal>cabal build</literal> to develop your code. That
environment will automatically contain a proper GHC derivation
with all the required libraries registered as well as all the
system-level libraries your package might need.
</para>
<para>
If your package does not depend on any system-level libraries,
then it's sufficient to run
</para>
<programlisting>
$ nix-shell --command &quot;cabal configure&quot;
</programlisting>
<para>
once to set up your build. <literal>cabal-install</literal>
determines the absolute paths to all resources required for the
build and writes them into a config file in the
<literal>dist/</literal> directory. Once that's done, you can run
<literal>cabal build</literal> and any other command for that
project even outside of the <literal>nix-shell</literal>
environment. This feature is particularly nice for those of us who
like to edit their code with an IDE, like Emacs'
<literal>haskell-mode</literal>, because it's not necessary to
start Emacs inside of nix-shell just to make it find out the
necessary settings for building the project;
<literal>cabal-install</literal> has already done that for us.
</para>
<para>
If you want to do some quick-and-dirty hacking and don't want to
bother setting up a <literal>default.nix</literal> and
<literal>shell.nix</literal> file manually, then you can use the
<literal>--shell</literal> flag offered by
<literal>cabal2nix</literal> to have it generate a stand-alone
<literal>nix-shell</literal> environment for you. With that
feature, running
</para>
<programlisting>
$ cabal2nix --shell . &gt;shell.nix
$ nix-shell --command &quot;cabal configure&quot;
</programlisting>
<para>
is usually enough to set up a build environment for any given
Haskell package. You can even use that generated file to run
<literal>nix-build</literal>, too:
</para>
<programlisting>
$ nix-build shell.nix
</programlisting>
</section>
<section xml:id="how-to-build-projects-that-depend-on-each-other">
<title>How to build projects that depend on each other</title>
<para>
If you have multiple private Haskell packages that depend on each
other, then you'll have to register those packages in the Nixpkgs
set to make them visible for the dependency resolution performed
by <literal>callPackage</literal>. First of all, change into each
of your projects top-level directories and generate a
<literal>default.nix</literal> file with
<literal>cabal2nix</literal>:
</para>
<programlisting>
$ cd ~/src/foo &amp;&amp; cabal2nix . &gt;default.nix
$ cd ~/src/bar &amp;&amp; cabal2nix . &gt;default.nix
</programlisting>
<para>
Then edit your <literal>~/.nixpkgs/config.nix</literal> file to
register those builds in the default Haskell package set:
</para>
<programlisting>
{
packageOverrides = super: let self = super.pkgs; in
{
haskellPackages = super.haskellPackages.override {
overrides = self: super: {
foo = self.callPackage ../src/foo {};
bar = self.callPackage ../src/bar {};
};
};
};
}
</programlisting>
<para>
Once that's accomplished,
<literal>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qA haskellPackages</literal>
will show your packages like any other package from Hackage, and
you can build them
</para>
<programlisting>
$ nix-build &quot;&lt;nixpkgs&gt;&quot; -A haskellPackages.foo
</programlisting>
<para>
or enter an interactive shell environment suitable for building
them:
</para>
<programlisting>
$ nix-shell &quot;&lt;nixpkgs&gt;&quot; -A haskellPackages.bar.env
</programlisting>
</section>
</section>
<section xml:id="miscellaneous-topics">
<title>Miscellaneous Topics</title>
<section xml:id="how-to-build-with-profiling-enabled">
<title>How to build with profiling enabled</title>
<para>
Every Haskell package set takes a function called
<literal>overrides</literal> that you can use to manipulate the
package as much as you please. One useful application of this
feature is to replace the default <literal>mkDerivation</literal>
function with one that enables library profiling for all packages.
To accomplish that, add configure the following snippet in your
<literal>~/.nixpkgs/config.nix</literal> file:
</para>
<programlisting>
{
packageOverrides = super: let self = super.pkgs; in
{
profiledHaskellPackages = self.haskellPackages.override {
overrides = self: super: {
mkDerivation = args: super.mkDerivation (args // {
enableLibraryProfiling = true;
});
};
};
};
}
</programlisting>
</section>
<section xml:id="how-to-override-package-versions-in-a-compiler-specific-package-set">
<title>How to override package versions in a compiler-specific
package set</title>
<para>
Nixpkgs provides the latest version of
<link xlink:href="http://hackage.haskell.org/package/ghc-events"><literal>ghc-events</literal></link>,
which is 0.4.4.0 at the time of this writing. This is fine for
users of GHC 7.10.x, but GHC 7.8.4 cannot compile that binary.
Now, one way to solve that problem is to register an older version
of <literal>ghc-events</literal> in the 7.8.x-specific package
set. The first step is to generate Nix build instructions with
<literal>cabal2nix</literal>:
</para>
<programlisting>
$ cabal2nix cabal://ghc-events-0.4.3.0 &gt;~/.nixpkgs/ghc-events-0.4.3.0.nix
</programlisting>
<para>
Then add the override in <literal>~/.nixpkgs/config.nix</literal>:
</para>
<programlisting>
{
packageOverrides = super: let self = super.pkgs; in
{
haskell = super.haskell // {
packages = super.haskell.packages // {
ghc784 = super.haskell.packages.ghc784.override {
overrides = self: super: {
ghc-events = self.callPackage ./ghc-events-0.4.3.0.nix {};
};
};
};
};
};
}
</programlisting>
<para>
This code is a little crazy, no doubt, but it's necessary because
the intuitive version
</para>
<programlisting>
haskell.packages.ghc784 = super.haskell.packages.ghc784.override {
overrides = self: super: {
ghc-events = self.callPackage ./ghc-events-0.4.3.0.nix {};
};
};
</programlisting>
<para>
doesn't do what we want it to: that code replaces the
<literal>haskell</literal> package set in Nixpkgs with one that
contains only one entry,<literal>packages</literal>, which
contains only one entry <literal>ghc784</literal>. This override
loses the <literal>haskell.compiler</literal> set, and it loses
the <literal>haskell.packages.ghcXYZ</literal> sets for all
compilers but GHC 7.8.4. To avoid that problem, we have to perform
the convoluted little dance from above, iterating over each step
in hierarchy.
</para>
<para>
Once it's accomplished, however, we can install a variant of
<literal>ghc-events</literal> that's compiled with GHC 7.8.4:
</para>
<programlisting>
nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskell.packages.ghc784.ghc-events
</programlisting>
<para>
Unfortunately, it turns out that this build fails again while
executing the test suite! Apparently, the release archive on
Hackage is missing some data files that the test suite requires,
so we cannot run it. We accomplish that by re-generating the Nix
expression with the <literal>--no-check</literal> flag:
</para>
<programlisting>
$ cabal2nix --no-check cabal://ghc-events-0.4.3.0 &gt;~/.nixpkgs/ghc-events-0.4.3.0.nix
</programlisting>
<para>
Now the builds succeeds.
</para>
<para>
Of course, in the concrete example of
<literal>ghc-events</literal> this whole exercise is not an ideal
solution, because <literal>ghc-events</literal> can analyze the
output emitted by any version of GHC later than 6.12 regardless of
the compiler version that was used to build the `ghc-events'
executable, so strictly speaking there's no reason to prefer one
built with GHC 7.8.x in the first place. However, for users who
cannot use GHC 7.10.x at all for some reason, the approach of
downgrading to an older version might be useful.
</para>
</section>
<section xml:id="how-to-recover-from-ghcs-infamous-non-deterministic-library-id-bug">
<title>How to recover from GHC's infamous non-deterministic library
ID bug</title>
<para>
GHC and distributed build farms don't get along well:
</para>
<programlisting>
https://ghc.haskell.org/trac/ghc/ticket/4012
</programlisting>
<para>
When you see an error like this one
</para>
<programlisting>
package foo-0.7.1.0 is broken due to missing package
text-1.2.0.4-98506efb1b9ada233bb5c2b2db516d91
</programlisting>
<para>
then you have to download and re-install <literal>foo</literal>
and all its dependents from scratch:
</para>
<programlisting>
# nix-store -q --referrers /nix/store/*-haskell-text-1.2.0.4 \
| nix-store --repair-path --option binary-caches http://hydra.nixos.org
</programlisting>
<para>
If you're using additional Hydra servers other than
<literal>hydra.nixos.org</literal>, then it might be necessary to
purge the local caches that store data from those machines to
disable these binary channels for the duration of the previous
command, i.e. by running:
</para>
<programlisting>
rm /nix/var/nix/binary-cache-v3.sqlite
rm /nix/var/nix/manifests/*
rm /nix/var/nix/channel-cache/*
</programlisting>
</section>
<section xml:id="builds-on-darwin-fail-with-math.h-not-found">
<title>Builds on Darwin fail with <literal>math.h</literal> not
found</title>
<para>
Users of GHC on Darwin have occasionally reported that builds
fail, because the compiler complains about a missing include file:
</para>
<programlisting>
fatal error: 'math.h' file not found
</programlisting>
<para>
The issue has been discussed at length in
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/6390">ticket
6390</link>, and so far no good solution has been proposed. As a
work-around, users who run into this problem can configure the
environment variables
</para>
<programlisting>
export NIX_CFLAGS_COMPILE=&quot;-idirafter /usr/include&quot;
export NIX_CFLAGS_LINK=&quot;-L/usr/lib&quot;
</programlisting>
<para>
in their <literal>~/.bashrc</literal> file to avoid the compiler
error.
</para>
</section>
</section>
</chapter>

1
doc/manual.xml
View file

@ -18,5 +18,6 @@
<xi:include href="package-notes.xml" />
<xi:include href="coding-conventions.xml" />
<xi:include href="contributing.xml" />
<xi:include href="haskell-users-guide.xml" />
</book>

15
lib/maintainers.nix
View file

@ -1,11 +1,15 @@
/* -*- coding: utf-8; -*- */
{
/* Add your name and email address here. Keep the list
alphabetically sorted. */
/* Add your name and email address here.
Keep the list alphabetically sorted.
Prefer the same attrname as your github username, please,
so it's easy to ping a package @maintainer.
*/
abaldeau = "Andreas Baldeau <andreas@baldeau.net>";
abbradar = "Nikolay Amiantov <ab@fmap.me>";
adev = "Adrien Devresse <adev@adev.name>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
aflatter = "Alexander Flatter <flatter@fastmail.fm>";
aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
@ -16,7 +20,9 @@
amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
anderspapitto = "Anders Papitto <anderspapitto@gmail.com>";
andres = "Andres Loeh <ksnixos@andres-loeh.de>";
andrewrk = "Andrew Kelley <superjoe30@gmail.com>";
antono = "Antono Vasiljev <self@antono.info>";
ardumont = "Antoine R. Dumont <eniotna.t@gmail.com>";
aristid = "Aristid Breitkreuz <aristidb@gmail.com>";
@ -79,6 +85,7 @@
fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
forkk = "Andrew Okin <forkk@forkk.net>";
fpletz = "Franz Pletz <fpletz@fnordicwalking.de>";
fro_ozen = "fro_ozen <fro_ozen@gmx.de>";
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
@ -125,8 +132,10 @@
lassulus = "Lassulus <lassulus@gmail.com>";
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
lhvwb = "Nathaniel Baxter <nathaniel.baxter@gmail.com>";
lihop = "Leroy Hopson <nixos@leroy.geek.nz>";
linquize = "Linquize <linquize@yahoo.com.hk>";
linus = "Linus Arver <linusarver@gmail.com>";
lnl7 = "Daiderd Jordan <daiderd@gmail.com>";
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
ludo = "Ludovic Courtès <ludo@gnu.org>";
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
@ -136,6 +145,7 @@
marcweber = "Marc Weber <marco-oweber@gmx.de>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
matthiasbeyer = "Matthias Beyer <mail@beyermatthias.de>";
mbakke = "Marius Bakke <ymse@tuta.io>";
meditans = "Carlo Nucera <meditans@gmail.com>";
meisternu = "Matt Miemiec <meister@krutt.org>";
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
@ -186,6 +196,7 @@
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
rob = "Rob Vermaas <rob.vermaas@gmail.com>";
robberer = "Longrin Wischnewski <robberer@freakmail.de>";
robbinch = "Robbin C. <robbinch33@gmail.com>";
roconnor = "Russell O'Connor <roconnor@theorem.ca>";
roelof = "Roelof Wobben <rwobben@hotmail.com>";
romildo = "José Romildo Malaquias <malaquias@gmail.com>";

10
lib/modules.nix
View file

@ -17,6 +17,10 @@ rec {
evalModules) and the less declarative the module set is. */
evalModules = { modules
, prefix ? []
, # This should only be used for special arguments that need to be evaluated
# when resolving module structure (like in imports). For everything else,
# there's _module.args.
specialArgs ? {}
, # This would be remove in the future, Prefer _module.args option instead.
args ? {}
, # This would be remove in the future, Prefer _module.check option instead.
@ -39,7 +43,7 @@ rec {
};
_module.check = mkOption {
type = types.uniq types.bool;
type = types.bool;
internal = true;
default = check;
description = "Whether to check whether all option definitions have matching declarations.";
@ -51,7 +55,7 @@ rec {
};
};
closed = closeModules (modules ++ [ internalModule ]) { inherit config options; lib = import ./.; };
closed = closeModules (modules ++ [ internalModule ]) (specialArgs // { inherit config options; lib = import ./.; });
# Note: the list of modules is reversed to maintain backward
# compatibility with the old module system. Not sure if this is
@ -118,7 +122,7 @@ rec {
config = removeAttrs m ["key" "_file" "require" "imports"];
};
applyIfFunction = f: arg@{ config, options, lib }: if isFunction f then
applyIfFunction = f: arg@{ config, options, lib, ... }: if isFunction f then
let
# Module arguments are resolved in a strict manner when attribute set
# deconstruction is used. As the arguments are now defined with the

23
lib/options.nix
View file

@ -59,26 +59,21 @@ rec {
else if all isInt list && all (x: x == head list) list then head list
else throw "Cannot merge definitions of `${showOption loc}' given in ${showFiles (getFiles defs)}.";
/* Obsolete, will remove soon. Specify an option type or apply
function instead. */
mergeTypedOption = typeName: predicate: merge: loc: list:
let list' = map (x: x.value) list; in
if all predicate list then merge list'
else throw "Expected a ${typeName}.";
mergeEnableOption = mergeTypedOption "boolean"
(x: true == x || false == x) (fold lib.or false);
mergeListOption = mergeTypedOption "list" isList concatLists;
mergeStringOption = mergeTypedOption "string" isString lib.concatStrings;
mergeOneOption = loc: defs:
if defs == [] then abort "This case should never happen."
else if length defs != 1 then
throw "The unique option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
else (head defs).value;
/* "Merge" option definitions by checking that they all have the same value. */
mergeEqualOption = loc: defs:
if defs == [] then abort "This case should never happen."
else fold (def: val:
if def.value != val then
throw "The option `${showOption loc}' has conflicting definitions, in ${showFiles (getFiles defs)}."
else
val) (head defs).value defs;
getValues = map (x: x.value);
getFiles = map (x: x.file);

2
lib/types.nix
View file

@ -54,7 +54,7 @@ rec {
bool = mkOptionType {
name = "boolean";
check = isBool;
merge = loc: fold (x: y: x.value || y) false;
merge = mergeEqualOption;
};
int = mkOptionType {

2
maintainers/scripts/gnome-latest.sh
View file

@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env bash
GNOME_FTP="ftp.gnome.org/pub/GNOME/sources"

10
maintainers/scripts/travis-nox-review-pr.sh
View file

@ -31,7 +31,15 @@ elif [[ $1 == build ]]; then
echo "=== Not a pull request"
else
echo "=== Checking PR"
nox-review pr ${TRAVIS_PULL_REQUEST}
if ! nox-review pr ${TRAVIS_PULL_REQUEST}; then
if sudo dmesg | egrep 'Out of memory|Killed process' > /tmp/oom-log; then
echo "=== The build failed due to running out of memory:"
cat /tmp/oom-log
echo "=== Please disregard the result of this Travis build."
fi
exit 1
fi
fi
# echo "=== Checking tarball creation"
# nix-build pkgs/top-level/release.nix -A tarball

4
nixos/doc/manual/installation/installing-uefi.xml
View file

@ -41,10 +41,6 @@ changes:
<option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>
as well.</para>
</listitem>
<listitem>
<para>To see console messages during early boot, add <literal>"fbcon"</literal>
to your <option>boot.initrd.kernelModules</option>.</para>
</listitem>
</itemizedlist>
</para>

13
nixos/doc/manual/release-notes/rl-unstable.xml
View file

@ -153,6 +153,19 @@ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.cabal-install
</para>
</listitem>
<listitem>
<para>
The OpenBLAS library has been updated to version
<literal>0.2.14</literal>. Support for the
<literal>x86_64-darwin</literal> platform was added. Dynamic
architecture detection was enabled; OpenBLAS now selects
microarchitecture-optimized routines at runtime, so optimal
performance is achieved without the need to rebuild OpenBLAS
locally. OpenBLAS has replaced ATLAS in most packages which use an
optimized BLAS or LAPACK implementation.
</para>
</listitem>
</itemizedlist>
</para>

1
nixos/lib/eval-config.nix
View file

@ -47,6 +47,7 @@ in rec {
inherit prefix check;
modules = modules ++ extraModules ++ baseModules ++ [ pkgsModule ];
args = extraArgs;
specialArgs = { modulesPath = ../modules; };
}) config options;
# These are the extra arguments passed to every module. In

31
nixos/lib/make-channel.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, nixpkgs, version, versionSuffix }:
pkgs.releaseTools.makeSourceTarball {
name = "nixos-channel";
src = nixpkgs;
officialRelease = false; # FIXME: fix this in makeSourceTarball
inherit version versionSuffix;
buildInputs = [ pkgs.nixUnstable ];
expr = builtins.readFile ./channel-expr.nix;
distPhase = ''
rm -rf .git
echo -n $VERSION_SUFFIX > .version-suffix
echo -n ${nixpkgs.rev or nixpkgs.shortRev} > .git-revision
releaseName=nixos-$VERSION$VERSION_SUFFIX
mkdir -p $out/tarballs
mkdir ../$releaseName
cp -prd . ../$releaseName/nixpkgs
chmod -R u+w ../$releaseName
ln -s nixpkgs/nixos ../$releaseName/nixos
echo "$expr" > ../$releaseName/default.nix
NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --xml \* > /dev/null
cd ..
chmod -R u+w $releaseName
tar cfJ $out/tarballs/$releaseName.tar.xz $releaseName
'';
}

18
nixos/lib/test-driver/Machine.pm
View file

@ -21,7 +21,7 @@ sub new {
my ($class, $args) = @_;
my $startCommand = $args->{startCommand};
my $name = $args->{name};
if (!$name) {
$startCommand =~ /run-(.*)-vm$/ if defined $startCommand;
@ -34,7 +34,7 @@ sub new {
"qemu-kvm -m 384 " .
"-net nic,model=virtio \$QEMU_OPTS ";
my $iface = $args->{hdaInterface} || "virtio";
$startCommand .= "-drive file=" . Cwd::abs_path($args->{hda}) . ",if=$iface,boot=on,werror=report "
$startCommand .= "-drive file=" . Cwd::abs_path($args->{hda}) . ",if=$iface,werror=report "
if defined $args->{hda};
$startCommand .= "-cdrom $args->{cdrom} "
if defined $args->{cdrom};
@ -43,8 +43,6 @@ sub new {
$startCommand .= "-bios $args->{bios} "
if defined $args->{bios};
$startCommand .= $args->{qemuFlags} || "";
} else {
$startCommand = Cwd::abs_path $startCommand;
}
my $tmpDir = $ENV{'TMPDIR'} || "/tmp";
@ -171,7 +169,7 @@ sub start {
eval {
local $SIG{CHLD} = sub { die "QEMU died prematurely\n"; };
# Wait until QEMU connects to the monitor.
accept($self->{monitor}, $monitorS) or die;
@ -182,11 +180,11 @@ sub start {
$self->{socket}->autoflush(1);
};
die "$@" if $@;
$self->waitForMonitorPrompt;
$self->log("QEMU running (pid $pid)");
$self->{pid} = $pid;
$self->{booted} = 1;
}
@ -241,7 +239,7 @@ sub connect {
alarm 300;
readline $self->{socket} or die "the VM quit before connecting\n";
alarm 0;
$self->log("connected to guest root shell");
$self->{connected} = 1;
@ -270,7 +268,7 @@ sub isUp {
sub execute_ {
my ($self, $command) = @_;
$self->connect;
print { $self->{socket} } ("( $command ); echo '|!=EOF' \$?\n");
@ -453,7 +451,7 @@ sub shutdown {
sub crash {
my ($self) = @_;
return unless $self->{booted};
$self->log("forced crash");
$self->sendMonitorCommand("quit");

2
nixos/maintainers/scripts/ec2/amazon-base-config.nix
View file

@ -1,5 +1,5 @@
{ modulesPath, ...}:
{
imports = [ "${modulesPath}/virtualisation/amazon-config.nix" ];
imports = [ "${modulesPath}/virtualisation/amazon-init.nix" ];
services.journald.rateLimitBurst = 0;
}

2
nixos/modules/config/i18n.nix
View file

@ -43,7 +43,7 @@ in
consoleFont = mkOption {
type = types.str;
default = "lat9w-16";
default = "Lat2-Terminus16";
example = "LatArCyrHeb-16";
description = ''
The font used for the virtual consoles. Leave empty to use

11
nixos/modules/config/pulseaudio.nix
View file

@ -12,7 +12,7 @@ let
# Forces 32bit pulseaudio and alsaPlugins to be built/supported for apps
# using 32bit alsa on 64bit linux.
enable32BitAlsaPlugins = stdenv.isx86_64 && (pkgs_i686.alsaLib != null && pkgs_i686.libpulseaudio != null);
enable32BitAlsaPlugins = cfg.support32Bit && stdenv.isx86_64 && (pkgs_i686.alsaLib != null && pkgs_i686.libpulseaudio != null);
ids = config.ids;
@ -78,6 +78,15 @@ in {
'';
};
support32Bit = mkOption {
type = types.bool;
default = false;
description = ''
Whether to include the 32-bit pulseaudio libraries in the systemn or not.
This is only useful on 64-bit systems and currently limited to x86_64-linux.
'';
};
configFile = mkOption {
type = types.path;
description = ''

2
nixos/modules/config/shells-environment.nix
View file

@ -63,7 +63,7 @@ in
description = ''
A list of profiles used to setup the global environment.
'';
type = types.listOf types.string;
type = types.listOf types.str;
};
environment.profileRelativeEnvVars = mkOption {

2
nixos/modules/hardware/video/bumblebee.nix
View file

@ -26,7 +26,7 @@ in
hardware.bumblebee.group = mkOption {
default = "wheel";
example = "video";
type = types.uniq types.str;
type = types.str;
description = ''Group for bumblebee socket'';
};
hardware.bumblebee.connectDisplay = mkOption {

18
nixos/modules/installer/cd-dvd/installation-cd-base.nix
View file

@ -7,8 +7,7 @@ with lib;
{
imports =
[ ./channel.nix
./iso-image.nix
[ ./iso-image.nix
# Profiles of this basic installation CD.
../../profiles/all-hardware.nix
@ -21,18 +20,6 @@ with lib;
isoImage.volumeID = substring 0 11 "NIXOS_ISO";
# Make the installer more likely to succeed in low memory
# environments. The kernel's overcommit heustistics bite us
# fairly often, preventing processes such as nix-worker or
# download-using-manifests.pl from forking even if there is
# plenty of free memory.
boot.kernel.sysctl."vm.overcommit_memory" = "1";
# To speed up installation a little bit, include the complete stdenv
# in the Nix store on the CD. Archive::Cpio is needed for the
# initrd builder.
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio ];
# EFI booting
isoImage.makeEfiBootable = true;
@ -42,9 +29,6 @@ with lib;
# Add Memtest86+ to the CD.
boot.loader.grub.memtest86.enable = true;
# Get a console as soon as the initrd loads fbcon on EFI boot.
boot.initrd.kernelModules = [ "fbcon" ];
# Allow the user to log in as root without a password.
users.extraUsers.root.initialHashedPassword = "";
}

5
nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
View file

@ -1,14 +1,11 @@
# This module defines a small NixOS installation CD. It does not
# contain any graphical stuff.
{ config, pkgs, lib, ... }:
{ config, lib, ... }:
{
imports =
[ ./installation-cd-base.nix
../../profiles/minimal.nix
];
# Enable in installer, even if minimal profile disables it
services.nixosManual.enable = lib.mkOverride 999 true;
}

2
nixos/modules/installer/tools/nixos-generate-config.pl
View file

@ -495,7 +495,7 @@ $bootLoaderConfig
# Select internationalisation properties.
# i18n = {
# consoleFont = "lat9w-16";
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };

2
nixos/modules/misc/assertions.nix
View file

@ -21,7 +21,7 @@ with lib;
warnings = mkOption {
internal = true;
default = [];
type = types.listOf types.string;
type = types.listOf types.str;
example = [ "The `foo' service is deprecated and will go away soon!" ];
description = ''
This option allows modules to show warnings to users during

2
nixos/modules/misc/extra-arguments.nix
View file

@ -2,8 +2,6 @@
{
_module.args = {
modulesPath = ../.;
pkgs_i686 = import ../../lib/nixpkgs.nix {
system = "i686-linux";
config.allowUnfree = true;

8
nixos/modules/misc/ids.nix
View file

@ -217,6 +217,10 @@
asterisk = 192;
plex = 193;
bird = 195;
grafana = 196;
skydns = 197;
ripple-rest = 198;
nix-serve = 199;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -412,6 +416,10 @@
plex = 193;
sabnzbd = 194;
bird = 195;
#grafana = 196; #unused
#skydns = 197; #unused
#ripple-rest = 198; #unused
#nix-serve = 199; #unused
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

2
nixos/modules/misc/nixpkgs.nix
View file

@ -59,7 +59,7 @@ in
};
nixpkgs.system = mkOption {
type = types.uniq types.str;
type = types.str;
example = "i686-linux";
description = ''
Specifies the Nix platform type for which NixOS should be built.

3
nixos/modules/module-list.nix
View file

@ -212,6 +212,7 @@
./services/misc/plex.nix
./services/misc/redmine.nix
./services/misc/rippled.nix
./services/misc/ripple-rest.nix
./services/misc/ripple-data-api.nix
./services/misc/rogue.nix
./services/misc/siproxd.nix
@ -225,6 +226,7 @@
./services/monitoring/collectd.nix
./services/monitoring/das_watchdog.nix
./services/monitoring/dd-agent.nix
./services/monitoring/grafana.nix
./services/monitoring/graphite.nix
./services/monitoring/monit.nix
./services/monitoring/munin.nix
@ -317,6 +319,7 @@
./services/networking/sabnzbd.nix
./services/networking/searx.nix
./services/networking/seeks.nix
./services/networking/skydns.nix
./services/networking/spiped.nix
./services/networking/sslh.nix
./services/networking/ssh/lshd.nix

2
nixos/modules/profiles/all-hardware.nix
View file

@ -40,7 +40,7 @@
"ohci1394" "sbp2"
# Virtio (QEMU, KVM etc.) support.
"virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon" "virtio_console"
"virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "virtio_balloon" "virtio_console"
# Keyboards
"usbhid" "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat"

23
nixos/modules/profiles/installation-device.nix
View file

@ -1,5 +1,5 @@
# Provide a basic configuration for installation devices like CDs.
{ config, lib, ... }:
{ config, pkgs, lib, ... }:
with lib;
@ -13,10 +13,17 @@ with lib;
# Allow "nixos-rebuild" to work properly by providing
# /etc/nixos/configuration.nix.
./clone-config.nix
# Include a copy of Nixpkgs so that nixos-install works out of
# the box.
../installer/cd-dvd/channel.nix
];
config = {
# Enable in installer, even if the minimal profile disables it.
services.nixosManual.enable = mkForce true;
# Show the manual.
services.nixosManual.showManual = true;
@ -43,7 +50,7 @@ with lib;
systemd.services.sshd.wantedBy = mkOverride 50 [];
# Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = true;
networking.wireless.enable = mkDefault true;
jobs.wpa_supplicant.startOn = mkOverride 50 "";
# Tell the Nix evaluator to garbage collect more aggressively.
@ -51,5 +58,17 @@ with lib;
# (yet) have swap set up.
environment.variables.GC_INITIAL_HEAP_SIZE = "100000";
# Make the installer more likely to succeed in low memory
# environments. The kernel's overcommit heustistics bite us
# fairly often, preventing processes such as nix-worker or
# download-using-manifests.pl from forking even if there is
# plenty of free memory.
boot.kernel.sysctl."vm.overcommit_memory" = "1";
# To speed up installation a little bit, include the complete
# stdenv in the Nix store on the CD. Archive::Cpio is needed for
# the initrd builder.
system.extraDependencies = [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio ];
};
}

2
nixos/modules/profiles/qemu-guest.nix
View file

@ -4,7 +4,7 @@
{ config, pkgs, ... }:
{
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_blk" "9p" "9pnet_virtio" ];
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
boot.initrd.postDeviceCommands =

4
nixos/modules/programs/ssh.nix
View file

@ -27,7 +27,7 @@ in
programs.ssh = {
askPassword = mkOption {
type = types.string;
type = types.str;
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
description = ''Program used by SSH to ask for passwords.'';
};
@ -77,7 +77,7 @@ in
};
agentTimeout = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "1h";
description = ''

6
nixos/modules/security/ca.nix
View file

@ -22,7 +22,7 @@ in
security.pki.certificateFiles = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ \"\${pkgs.cacert}/ca-bundle.crt\" ]";
example = literalExample "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]";
description = ''
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
@ -33,7 +33,7 @@ in
};
security.pki.certificates = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = singleton ''
NixOS.org
@ -53,7 +53,7 @@ in
config = {
security.pki.certificateFiles = [ "${pkgs.cacert}/ca-bundle.crt" ];
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;

2
nixos/modules/services/audio/mpd.nix
View file

@ -118,7 +118,7 @@ in {
preStart = "mkdir -p ${cfg.dataDir} && chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}";
script = "exec mpd --no-daemon ${mpdConf}";
serviceConfig = {
User = "mpd";
User = "${cfg.user}";
PermissionsStartOnly = true;
};
};

2
nixos/modules/services/backup/almir.nix
View file

@ -95,7 +95,7 @@ in {
port = mkOption {
default = 35000;
type = types.uniq types.int;
type = types.int;
description = ''
Port for Almir web server to listen on.
'';

6
nixos/modules/services/backup/bacula.nix
View file

@ -182,7 +182,7 @@ in {
port = mkOption {
default = 9102;
type = types.uniq types.int;
type = types.int;
description = ''
This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. The default is 9102.
'';
@ -237,7 +237,7 @@ in {
port = mkOption {
default = 9103;
type = types.uniq types.int;
type = types.int;
description = ''
Specifies port number on which the Storage daemon listens for Director connections. The default is 9103.
'';
@ -302,7 +302,7 @@ in {
port = mkOption {
default = 9101;
type = types.uniq types.int;
type = types.int;
description = ''
Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
'';

106
nixos/modules/services/cluster/kubernetes.nix
View file

@ -286,7 +286,7 @@ in {
clusterDomain = mkOption {
description = "Use alternative domain.";
default = "";
default = "kubernetes.io";
type = types.str;
};
@ -322,13 +322,35 @@ in {
type = types.str;
};
};
kube2sky = {
enable = mkEnableOption "kube2sky dns service";
domain = mkOption {
description = "Kuberntes kube2sky domain under which all DNS names will be hosted.";
default = cfg.kubelet.clusterDomain;
type = types.str;
};
master = mkOption {
description = "Kubernetes apiserver address";
default = "${cfg.apiserver.address}:${toString cfg.apiserver.port}";
type = types.str;
};
extraOpts = mkOption {
description = "Kubernetes kube2sky extra command line options.";
default = "";
type = types.str;
};
};
};
###### implementation
config = mkMerge [
(mkIf cfg.apiserver.enable {
systemd.services.kubernetes-apiserver = {
systemd.services.kube-apiserver = {
description = "Kubernetes Api Server";
wantedBy = [ "multi-user.target" ];
requires = ["kubernetes-setup.service"];
@ -343,26 +365,25 @@ in {
(concatImapStringsSep "\n" (i: v: v + "," + (toString i))
(mapAttrsToList (name: token: token + "," + name) cfg.apiserver.tokenAuth));
in ''${cfg.package}/bin/kube-apiserver \
--etcd_servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \
--address=${cfg.apiserver.address} \
--port=${toString cfg.apiserver.port} \
--read_only_port=${toString cfg.apiserver.readOnlyPort} \
--public_address_override=${cfg.apiserver.publicAddress} \
--allow_privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \
--etcd-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \
--insecure-bind-address=${cfg.apiserver.address} \
--insecure-port=${toString cfg.apiserver.port} \
--read-only-port=${toString cfg.apiserver.readOnlyPort} \
--bind-address=${cfg.apiserver.publicAddress} \
--allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \
${optionalString (cfg.apiserver.tlsCertFile!="")
"--tls_cert_file=${cfg.apiserver.tlsCertFile}"} \
"--tls-cert-file=${cfg.apiserver.tlsCertFile}"} \
${optionalString (cfg.apiserver.tlsPrivateKeyFile!="")
"--tls_private_key_file=${cfg.apiserver.tlsPrivateKeyFile}"} \
"--tls-private-key-file=${cfg.apiserver.tlsPrivateKeyFile}"} \
${optionalString (cfg.apiserver.tokenAuth!=[])
"--token_auth_file=${tokenAuthFile}"} \
--authorization_mode=${cfg.apiserver.authorizationMode} \
"--token-auth-file=${tokenAuthFile}"} \
--authorization-mode=${cfg.apiserver.authorizationMode} \
${optionalString (cfg.apiserver.authorizationMode == "ABAC")
"--authorization_policy_file=${authorizationPolicyFile}"} \
--secure_port=${toString cfg.apiserver.securePort} \
--portal_net=${cfg.apiserver.portalNet} \
"--authorization-policy-file=${authorizationPolicyFile}"} \
--secure-port=${toString cfg.apiserver.securePort} \
--service-cluster-ip-range=${cfg.apiserver.portalNet} \
--logtostderr=true \
--runtime_config=api/v1beta3 \
${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
${cfg.apiserver.extraOpts}
'';
User = "kubernetes";
@ -376,7 +397,7 @@ in {
})
(mkIf cfg.scheduler.enable {
systemd.services.kubernetes-scheduler = {
systemd.services.kube-scheduler = {
description = "Kubernetes Scheduler Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "kubernetes-apiserver.service" ];
@ -386,7 +407,7 @@ in {
--port=${toString cfg.scheduler.port} \
--master=${cfg.scheduler.master} \
--logtostderr=true \
${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
${cfg.scheduler.extraOpts}
'';
User = "kubernetes";
@ -395,7 +416,7 @@ in {
})
(mkIf cfg.controllerManager.enable {
systemd.services.kubernetes-controller-manager = {
systemd.services.kube-controller-manager = {
description = "Kubernetes Controller Manager Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "kubernetes-apiserver.service" ];
@ -406,7 +427,7 @@ in {
--master=${cfg.controllerManager.master} \
--machines=${concatStringsSep "," cfg.controllerManager.machines} \
--logtostderr=true \
${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
${cfg.controllerManager.extraOpts}
'';
User = "kubernetes";
@ -415,7 +436,7 @@ in {
})
(mkIf cfg.kubelet.enable {
systemd.services.kubernetes-kubelet = {
systemd.services.kubelet = {
description = "Kubernetes Kubelet Service";
wantedBy = [ "multi-user.target" ];
requires = ["kubernetes-setup.service"];
@ -423,17 +444,17 @@ in {
script = ''
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:$PATH"
exec ${cfg.package}/bin/kubelet \
--api_servers=${concatMapStringsSep "," (f: "http://${f}") cfg.kubelet.apiServers} \
--api-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.kubelet.apiServers} \
--address=${cfg.kubelet.address} \
--port=${toString cfg.kubelet.port} \
--hostname_override=${cfg.kubelet.hostname} \
--allow_privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \
--root_dir=${cfg.dataDir} \
--hostname-override=${cfg.kubelet.hostname} \
--allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \
--root-dir=${cfg.dataDir} \
--cadvisor_port=${toString cfg.kubelet.cadvisorPort} \
${optionalString (cfg.kubelet.clusterDns != "")
''--cluster_dns=${cfg.kubelet.clusterDns}''} \
''--cluster-dns=${cfg.kubelet.clusterDns}''} \
${optionalString (cfg.kubelet.clusterDomain != "")
''--cluster_domain=${cfg.kubelet.clusterDomain}''} \
''--cluster-domain=${cfg.kubelet.clusterDomain}''} \
--logtostderr=true \
${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \
${cfg.kubelet.extraOpts}
@ -443,26 +464,49 @@ in {
})
(mkIf cfg.proxy.enable {
systemd.services.kubernetes-proxy = {
systemd.services.kube-proxy = {
description = "Kubernetes Proxy Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "etcd.service" ];
serviceConfig = {
ExecStart = ''${cfg.package}/bin/kube-proxy \
--master=${cfg.proxy.master} \
--bind_address=${cfg.proxy.address} \
--bind-address=${cfg.proxy.address} \
--logtostderr=true \
${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
${cfg.proxy.extraOpts}
'';
};
};
})
(mkIf cfg.kube2sky.enable {
systemd.services.kube2sky = {
description = "Kubernetes Dns Bridge Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "skydns.service" "etcd.service" "kubernetes-apiserver.service" ];
serviceConfig = {
ExecStart = ''${cfg.package}/bin/kube2sky \
-etcd-server=http://${head cfg.etcdServers} \
-domain=${cfg.kube2sky.domain} \
-kube_master_url=http://${cfg.kube2sky.master} \
-logtostderr=true \
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
${cfg.kube2sky.extraOpts}
'';
User = "kubernetes";
};
};
services.skydns.enable = mkDefault true;
services.skydns.domain = mkDefault cfg.kubelet.clusterDomain;
})
(mkIf (any (el: el == "master") cfg.roles) {
services.kubernetes.apiserver.enable = mkDefault true;
services.kubernetes.scheduler.enable = mkDefault true;
services.kubernetes.controllerManager.enable = mkDefault true;
services.kubernetes.kube2sky.enable = mkDefault true;
})
(mkIf (any (el: el == "node") cfg.roles) {

2
nixos/modules/services/continuous-integration/jenkins/default.nix
View file

@ -50,7 +50,7 @@ in {
port = mkOption {
default = 8080;
type = types.uniq types.int;
type = types.int;
description = ''
Specifies port number on which the jenkins HTTP interface listens. The default is 8080.
'';

2
nixos/modules/services/databases/influxdb.nix
View file

@ -55,7 +55,7 @@ in
enable = mkOption {
default = false;
description = "Whether to enable the influxdb server";
type = types.uniq types.bool;
type = types.bool;
};
package = mkOption {

3
nixos/modules/services/databases/mysql.nix
View file

@ -180,7 +180,8 @@ in
chown -R ${cfg.user} ${cfg.pidDir}
# Make the socket directory
mkdir -m 0755 -p /run/mysqld
mkdir -p /run/mysqld
chmod 0755 /run/mysqld
chown -R ${cfg.user} /run/mysqld
'';

2
nixos/modules/services/databases/neo4j.nix
View file

@ -43,7 +43,7 @@ in {
enable = mkOption {
description = "Whether to enable neo4j.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
package = mkOption {

2
nixos/modules/services/logging/logcheck.nix
View file

@ -192,7 +192,7 @@ in
extraGroups = mkOption {
default = [];
type = types.listOf types.string;
type = types.listOf types.str;
example = [ "postdrop" "mongodb" ];
description = ''
Extra groups for the logcheck user, for example to be able to use sendmail,

2
nixos/modules/services/logging/rsyslogd.nix
View file

@ -66,7 +66,7 @@ in
};
extraParams = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ ];
example = [ "-m 0" ];
description = ''

2
nixos/modules/services/logging/syslogd.nix
View file

@ -83,7 +83,7 @@ in
};
extraParams = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ ];
example = [ "-m 0" ];
description = ''

1
nixos/modules/services/mail/mlmmj.nix
View file

@ -88,7 +88,6 @@ in
services.postfix = {
enable = true;
recipientDelimiter= "+";
extraMasterConf = ''
mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L ${spoolDir}/$nextHop
'';

2
nixos/modules/services/mail/opensmtpd.nix
View file

@ -24,7 +24,7 @@ in {
};
extraServerArgs = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = [ "-v" "-P mta" ];
description = ''

48
nixos/modules/services/mail/postfix.nix
View file

@ -77,8 +77,6 @@ let
smtpd_tls_key_file = ${cfg.sslKey}
smtpd_use_tls = yes
recipientDelimiter = ${cfg.recipientDelimiter}
''
+ optionalString (cfg.virtual != "") ''
virtual_alias_maps = hash:/etc/postfix/virtual
@ -291,14 +289,6 @@ in
description = "SSL key to use.";
};
recipientDelimiter = mkOption {
default = "";
example = "+";
description = "
Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
";
};
virtual = mkOption {
default = "";
description = "
@ -369,30 +359,30 @@ in
daemonType = "fork";
preStart =
''
if ! [ -d /var/spool/postfix ]; then
${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue
fi
preStart = ''
if ! [ -d /var/spool/postfix ]; then
${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue
fi
${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/postfix
${pkgs.coreutils}/bin/chown -R ${user}:${setgidGroup} /var/postfix/queue
${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue
${pkgs.coreutils}/bin/chown root:root /var/spool/mail
${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/postfix
${pkgs.coreutils}/bin/chown -R ${user}:${setgidGroup} /var/postfix/queue
${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue
${pkgs.coreutils}/bin/chown root:root /var/spool/mail
${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
${pkgs.coreutils}/bin/ln -sf /var/spool/mail /var/mail
ln -sf "${pkgs.postfix}/share/postfix/conf/"* /var/postfix/conf
ln -sf "${pkgs.postfix}/etc/postfix/"* /var/postfix/conf
ln -sf ${aliasesFile} /var/postfix/conf/aliases
ln -sf ${virtualFile} /var/postfix/conf/virtual
ln -sf ${mainCfFile} /var/postfix/conf/main.cf
ln -sf ${masterCfFile} /var/postfix/conf/master.cf
ln -sf ${aliasesFile} /var/postfix/conf/aliases
ln -sf ${virtualFile} /var/postfix/conf/virtual
ln -sf ${mainCfFile} /var/postfix/conf/main.cf
ln -sf ${masterCfFile} /var/postfix/conf/master.cf
${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases
${pkgs.postfix}/sbin/postmap -c /var/postfix/conf /var/postfix/conf/virtual
${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases
${pkgs.postfix}/sbin/postmap -c /var/postfix/conf /var/postfix/conf/virtual
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start
'';
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start
'';
preStop = ''
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf stop

16
nixos/modules/services/misc/apache-kafka.nix
View file

@ -33,7 +33,7 @@ in {
enable = mkOption {
description = "Whether to enable Apache Kafka.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
brokerId = mkOption {
@ -108,7 +108,7 @@ in {
"-Djava.awt.headless=true"
"-Djava.net.preferIPv4Stack=true"
];
type = types.listOf types.string;
type = types.listOf types.str;
example = [
"-Djava.net.preferIPv4Stack=true"
"-Dcom.sun.management.jmxremote"
@ -116,11 +116,19 @@ in {
];
};
package = mkOption {
description = "The kafka package to use";
default = pkgs.apacheKafka;
type = types.package;
};
};
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.apacheKafka];
environment.systemPackages = [cfg.package];
users.extraUsers = singleton {
name = "apache-kafka";
@ -136,7 +144,7 @@ in {
serviceConfig = {
ExecStart = ''
${pkgs.jre}/bin/java \
-cp "${pkgs.apacheKafka}/libs/*:${configDir}" \
-cp "${cfg.package}/libs/*:${configDir}" \
${toString cfg.jvmOptions} \
kafka.Kafka \
${configDir}/server.properties

2
nixos/modules/services/misc/confd.nix
View file

@ -17,7 +17,7 @@ let
in {
options.services.confd = {
enable = mkEnableOption "Whether to enable confd service.";
enable = mkEnableOption "confd service";
backend = mkOption {
description = "Confd config storage backend to use.";

2
nixos/modules/services/misc/disnix.nix
View file

@ -67,7 +67,7 @@ in
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService;
environment.systemPackages = [ pkgs.disnix pkgs.dysnomia ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService;
services.dbus.enable = true;
services.dbus.packages = [ pkgs.disnix ];

15
nixos/modules/services/misc/docker-registry.nix
View file

@ -29,7 +29,7 @@ in {
storagePath = mkOption {
type = types.path;
default = "/var/lib/docker/registry";
default = "/var/lib/docker-registry";
description = "Docker registry storage path.";
};
@ -61,14 +61,9 @@ in {
User = "docker-registry";
Group = "docker";
PermissionsStartOnly = true;
WorkingDirectory = cfg.storagePath;
};
preStart = ''
mkdir -p ${cfg.storagePath}
if [ "$(id -u)" = 0 ]; then
chown -R docker-registry:docker ${cfg.storagePath}
fi
'';
postStart = ''
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/'; do
sleep 1;
@ -77,6 +72,10 @@ in {
};
users.extraGroups.docker.gid = mkDefault config.ids.gids.docker;
users.extraUsers.docker-registry.uid = config.ids.uids.docker-registry;
users.extraUsers.docker-registry = {
createHome = true;
home = cfg.storagePath;
uid = config.ids.uids.docker-registry;
};
};
}

4
nixos/modules/services/misc/gpsd.nix
View file

@ -54,7 +54,7 @@ in
};
port = mkOption {
type = types.uniq types.int;
type = types.int;
default = 2947;
description = ''
The port where to listen for TCP connections.
@ -62,7 +62,7 @@ in
};
debugLevel = mkOption {
type = types.uniq types.int;
type = types.int;
default = 0;
description = ''
The debugging level.

15
nixos/modules/services/misc/mediatomb.nix
View file

@ -49,10 +49,10 @@ let
</server>
<import hidden-files="no">
<scripting script-charset="UTF-8">
<common-script>/nix/store/cngbzn39vidd6jm4wgzxfafqll74ybfa-mediatomb-0.12.1/share/mediatomb/js/common.js</common-script>
<playlist-script>/nix/store/cngbzn39vidd6jm4wgzxfafqll74ybfa-mediatomb-0.12.1/share/mediatomb/js/playlists.js</playlist-script>
<common-script>${pkgs.mediatomb}/share/mediatomb/js/common.js</common-script>
<playlist-script>${pkgs.mediatomb}/share/mediatomb/js/playlists.js</playlist-script>
<virtual-layout type="builtin">
<import-script>/nix/store/cngbzn39vidd6jm4wgzxfafqll74ybfa-mediatomb-0.12.1/share/mediatomb/js/import.js</import-script>
<import-script>${pkgs.mediatomb}/share/mediatomb/js/import.js</import-script>
</virtual-layout>
</scripting>
<mappings>
@ -230,6 +230,13 @@ in {
'';
};
interface = mkOption {
default = "";
description = ''
A specific interface to bind to.
'';
};
uuid = mkOption {
default = "fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687";
description = ''
@ -256,7 +263,7 @@ in {
after = [ "local-fs.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.mediatomb ];
serviceConfig.ExecStart = "${pkgs.mediatomb}/bin/mediatomb -p ${toString cfg.port} ${if cfg.customCfg then "" else "-c ${mtConf}"} -m ${cfg.dataDir}";
serviceConfig.ExecStart = "${pkgs.mediatomb}/bin/mediatomb -p ${toString cfg.port} ${if cfg.interface!="" then "-e ${cfg.interface}" else ""} ${if cfg.customCfg then "" else "-c ${mtConf}"} -m ${cfg.dataDir}";
serviceConfig.User = "${cfg.user}";
};

4
nixos/modules/services/misc/mesos-master.nix
View file

@ -13,7 +13,7 @@ in {
enable = mkOption {
description = "Whether to enable the Mesos Master.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
port = mkOption {
@ -45,7 +45,7 @@ in {
See https://mesos.apache.org/documentation/latest/configuration/
'';
default = [ "" ];
type = types.listOf types.string;
type = types.listOf types.str;
example = [ "--credentials=VALUE" ];
};

4
nixos/modules/services/misc/mesos-slave.nix
View file

@ -21,7 +21,7 @@ in {
enable = mkOption {
description = "Whether to enable the Mesos Slave.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
ip = mkOption {
@ -70,7 +70,7 @@ in {
See https://mesos.apache.org/documentation/latest/configuration/
'';
default = [ "" ];
type = types.listOf types.string;
type = types.listOf types.str;
example = [ "--gc_delay=3days" ];
};

2
nixos/modules/services/misc/mwlib.nix
View file

@ -226,7 +226,7 @@ in
chmod -Rc u=rwX,go= '${cfg.nslave.cachedir}'
'';
path = with pkgs; [ imagemagick ];
path = with pkgs; [ imagemagick pdftk ];
environment = {
PYTHONPATH = concatMapStringsSep ":"
(m: "${pypkgs.${m}}/lib/${python.libPrefix}/site-packages")

2
nixos/modules/services/misc/nix-daemon.nix
View file

@ -63,7 +63,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.nixUnstable;
default = pkgs.nix;
description = ''
This option specifies the Nix package instance to use throughout the system.
'';

2
nixos/modules/services/misc/plex.nix
View file

@ -9,7 +9,7 @@ in
{
options = {
services.plex = {
enable = mkEnableOption "Enable Plex Media Server";
enable = mkEnableOption "Plex Media Server";
# FIXME: In order for this config option to work, symlinks in the Plex
# package in the Nix store have to be changed to point to this directory.

2
nixos/modules/services/misc/ripple-data-api.nix
View file

@ -35,7 +35,7 @@ let
in {
options = {
services.rippleDataApi = {
enable = mkEnableOption "Whether to enable ripple data api.";
enable = mkEnableOption "ripple data api";
port = mkOption {
description = "Ripple data api port";

110
nixos/modules/services/misc/ripple-rest.nix Normal file
View file

@ -0,0 +1,110 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.rippleRest;
configFile = pkgs.writeText "ripple-rest-config.json" (builtins.toJSON {
config_version = "2.0.3";
debug = cfg.debug;
port = cfg.port;
host = cfg.host;
ssl_enabled = cfg.ssl.enable;
ssl = {
key_path = cfg.ssl.keyPath;
cert_path = cfg.ssl.certPath;
reject_unathorized = cfg.ssl.rejectUnathorized;
};
db_path = cfg.dbPath;
max_transaction_fee = cfg.maxTransactionFee;
rippled_servers = cfg.rippleds;
});
in {
options.services.rippleRest = {
enable = mkEnableOption "ripple rest";
debug = mkEnableOption "debug for ripple-rest";
host = mkOption {
description = "Ripple rest host.";
default = "localhost";
type = types.str;
};
port = mkOption {
description = "Ripple rest port.";
default = 5990;
type = types.int;
};
ssl = {
enable = mkEnableOption "ssl";
keyPath = mkOption {
description = "Path to the ripple rest key file.";
default = null;
type = types.nullOr types.path;
};
certPath = mkOption {
description = "Path to the ripple rest cert file.";
default = null;
type = types.nullOr types.path;
};
rejectUnathorized = mkOption {
description = "Whether to reject unatohroized.";
default = true;
type = types.bool;
};
};
dbPath = mkOption {
description = "Ripple rest database path.";
default = "${cfg.dataDir}/ripple-rest.db";
type = types.path;
};
maxTransactionFee = mkOption {
description = "Ripple rest max transaction fee.";
default = 1000000;
type = types.int;
};
rippleds = mkOption {
description = "List of rippled servers.";
default = [
"wss://s1.ripple.com:443"
];
type = types.listOf types.str;
};
dataDir = mkOption {
description = "Ripple rest data directory.";
default = "/var/lib/ripple-rest";
type = types.path;
};
};
config = mkIf (cfg.enable) {
systemd.services.ripple-rest = {
wantedBy = [ "multi-user.target"];
after = ["network.target" ];
environment.NODE_PATH="${pkgs.ripple-rest}/lib/node_modules/ripple-rest/node_modules";
serviceConfig = {
ExecStart = "${pkgs.nodejs}/bin/node ${pkgs.ripple-rest}/lib/node_modules/ripple-rest/server/server.js --config ${configFile}";
User = "ripple-rest";
};
};
users.extraUsers.postgres = {
name = "ripple-rest";
uid = config.ids.uids.ripple-rest;
createHome = true;
home = cfg.dataDir;
};
};
}

16
nixos/modules/services/misc/rippled.nix
View file

@ -27,7 +27,7 @@ let
protocol=${concatStringsSep "," p.protocol}
${optionalString (p.user != "") "user=${p.user}"}
${optionalString (p.password != "") "user=${p.password}"}
admin=${if p.admin then "allow" else "no"}
admin=${concatStringsSep "," p.admin}
${optionalString (p.ssl.key != null) "ssl_key=${p.ssl.key}"}
${optionalString (p.ssl.cert != null) "ssl_cert=${p.ssl.cert}"}
${optionalString (p.ssl.chain != null) "ssl_chain=${p.ssl.chain}"}
@ -118,9 +118,9 @@ let
};
admin = mkOption {
description = "Controls whether or not administrative commands are allowed.";
type = types.bool;
default = false;
description = "A comma-separated list of admin IP addresses.";
type = types.listOf types.str;
default = ["127.0.0.1"];
};
ssl = {
@ -156,7 +156,7 @@ let
dbOptions = {
type = mkOption {
description = "Rippled database type.";
type = types.enum ["rocksdb" "nudb" "sqlite" "hyperleveldb"];
type = types.enum ["rocksdb" "nudb"];
default = "rocksdb";
};
@ -202,7 +202,7 @@ in
options = {
services.rippled = {
enable = mkEnableOption "Whether to enable rippled";
enable = mkEnableOption "rippled";
package = mkOption {
description = "Which rippled package to use.";
@ -217,7 +217,7 @@ in
default = {
rpc = {
port = 5005;
admin = true;
admin = ["127.0.0.1"];
protocol = ["http"];
};
@ -373,7 +373,7 @@ in
};
statsd = {
enable = mkEnableOption "Whether enable statsd monitoring for rippled";
enable = mkEnableOption "statsd monitoring for rippled";
address = mkOption {
description = "The UDP address and port of the listening StatsD server.";

4
nixos/modules/services/misc/zookeeper.nix
View file

@ -27,7 +27,7 @@ in {
enable = mkOption {
description = "Whether to enable Zookeeper.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
port = mkOption {
@ -94,7 +94,7 @@ in {
extraCmdLineOptions = mkOption {
description = "Extra command line options for the Zookeeper launcher.";
default = [ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ];
type = types.listOf types.string;
type = types.listOf types.str;
example = [ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ];
};

2
nixos/modules/services/monitoring/apcupsd.nix
View file

@ -74,7 +74,7 @@ in
enable = mkOption {
default = false;
type = types.uniq types.bool;
type = types.bool;
description = ''
Whether to enable the APC UPS daemon. apcupsd monitors your UPS and
permits orderly shutdown of your computer in the event of a power

2
nixos/modules/services/monitoring/das_watchdog.nix
View file

@ -12,7 +12,7 @@ in {
###### interface
options = {
services.das_watchdog.enable = mkEnableOption "Whether to enable realtime watchdog";
services.das_watchdog.enable = mkEnableOption "realtime watchdog";
};
###### implementation

8
nixos/modules/services/monitoring/dd-agent.nix
View file

@ -23,6 +23,7 @@ let
# proxy_password: password
# tags: mytag0, mytag1
${optionalString (cfg.tags != null ) "tags: ${concatStringsSep "," cfg.tags }"}
# collect_ec2_tags: no
# recent_point_threshold: 30
@ -80,6 +81,13 @@ in {
type = types.str;
};
tags = mkOption {
description = "The tags to mark this Datadog agent";
example = [ "test" "service" ];
default = null;
type = types.nullOr (types.listOf types.str);
};
hostname = mkOption {
description = "The hostname to show in the Datadog dashboard (optional)";
default = null;

335
nixos/modules/services/monitoring/grafana.nix Normal file
View file

@ -0,0 +1,335 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.grafana;
b2s = val: if val then "true" else "false";
cfgFile = pkgs.writeText "grafana.ini" ''
app_name = grafana
app_mode = production
[server]
; protocol (http or https)
protocol = ${cfg.protocol}
; the ip address to bind to, empty will bind to all interfaces
http_addr = ${cfg.addr}
; the http port to use
http_port = ${toString cfg.port}
; The public facing domain name used to access grafana from a browser
domain = ${cfg.domain}
; the full public facing url
root_url = ${cfg.rootUrl}
router_logging = false
; the path relative to the binary where the static (html/js/css) files are placed
static_root_path = ${cfg.staticRootPath}
; enable gzip
enable_gzip = false
; https certs & key file
cert_file = ${cfg.certFile}
cert_key = ${cfg.certKey}
[analytics]
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
# No ip addresses are being tracked, only simple counters to track
# running instances, dashboard and error counts. It is very helpful to us.
# Change this option to false to disable reporting.
reporting_enabled = true
; Google Analytics universal tracking code, only enabled if you specify an id here
google_analytics_ua_id =
[database]
; Either "mysql", "postgres" or "sqlite3", it's your choice
type = ${cfg.database.type}
host = ${cfg.database.host}
name = ${cfg.database.name}
user = ${cfg.database.user}
password = ${cfg.database.password}
; For "postgres" only, either "disable", "require" or "verify-full"
ssl_mode = disable
; For "sqlite3" only
path = ${cfg.database.path}
[session]
; Either "memory", "file", "redis", "mysql", default is "memory"
provider = file
; Provider config options
; memory: not have any config yet
; file: session file path, e.g. `data/sessions`
; redis: config like redis server addr, poolSize, password, e.g. `127.0.0.1:6379,100,grafana`
; mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1)/database_name`
provider_config = data/sessions
; Session cookie name
cookie_name = grafana_sess
; If you use session in https only, default is false
cookie_secure = false
; Session life time, default is 86400
session_life_time = 86400
; session id hash func, Either "sha1", "sha256" or "md5" default is sha1
session_id_hashfunc = sha1
; Session hash key, default is use random string
session_id_hashkey =
[security]
; default admin user, created on startup
admin_user = ${cfg.security.adminUser}
; default admin password, can be changed before first start of grafana, or in profile settings
admin_password = ${cfg.security.adminPassword}
; used for signing
secret_key = ${cfg.security.secretKey}
; Auto-login remember days
login_remember_days = 7
cookie_username = grafana_user
cookie_remember_name = grafana_remember
[users]
; disable user signup / registration
allow_sign_up = ${b2s cfg.users.allowSignUp}
; Allow non admin users to create organizations
allow_org_create = ${b2s cfg.users.allowOrgCreate}
# Set to true to automatically assign new users to the default organization (id 1)
auto_assign_org = ${b2s cfg.users.autoAssignOrg}
; Default role new users will be automatically assigned (if disabled above is set to true)
auto_assign_org_role = ${cfg.users.autoAssignOrgRole}
[auth.anonymous]
; enable anonymous access
enabled = ${b2s cfg.auth.anonymous.enable}
; specify organization name that should be used for unauthenticated users
org_name = Main Org.
; specify role for unauthenticated users
org_role = Viewer
[auth.github]
enabled = false
client_id = some_id
client_secret = some_secret
scopes = user:email
auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token
[auth.google]
enabled = false
client_id = some_client_id
client_secret = some_client_secret
scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token
[log]
root_path = data/log
; Either "console", "file", default is "console"
; Use comma to separate multiple modes, e.g. "console, file"
mode = console
; Buffer length of channel, keep it as it is if you don't know what it is.
buffer_len = 10000
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
level = Info
; For "console" mode only
[log.console]
level =
; For "file" mode only
[log.file]
level =
; This enables automated log rotate(switch of following options), default is true
log_rotate = true
; Max line number of single file, default is 1000000
max_lines = 1000000
; Max size shift of single file, default is 28 means 1 << 28, 256MB
max_lines_shift = 28
; Segment log daily, default is true
daily_rotate = true
; Expired days of log file(delete after max days), default is 7
max_days = 7
[event_publisher]
enabled = false
rabbitmq_url = amqp://localhost/
exchange = grafana_events
'';
in {
options.services.grafana = {
enable = mkEnableOption "grafana";
protocol = mkOption {
description = "Which protocol to listen.";
default = "http";
type = types.enum ["http" "https"];
};
addr = mkOption {
description = "Listening address.";
default = "127.0.0.1";
type = types.str;
};
port = mkOption {
description = "Listening port.";
default = 3000;
type = types.int;
};
domain = mkOption {
description = "The public facing domain name used to access grafana from a browser.";
default = "localhost";
type = types.str;
};
rootUrl = mkOption {
description = "Full public facing url.";
default = "%(protocol)s://%(domain)s:%(http_port)s/";
type = types.str;
};
certFile = mkOption {
description = "Cert file for ssl.";
default = "";
type = types.str;
};
certKey = mkOption {
description = "Cert key for ssl.";
default = "";
type = types.str;
};
staticRootPath = mkOption {
description = "Root path for static assets.";
default = "${cfg.package}/share/go/src/github.com/grafana/grafana/public";
type = types.str;
};
package = mkOption {
description = "Package to use.";
default = pkgs.goPackages.grafana;
type = types.package;
};
dataDir = mkOption {
description = "Data directory.";
default = "/var/lib/grafana";
type = types.path;
};
database = {
type = mkOption {
description = "Database type.";
default = "sqlite3";
type = types.enum ["mysql" "sqlite3" "postgresql"];
};
host = mkOption {
description = "Database host.";
default = "127.0.0.1:3306";
type = types.str;
};
name = mkOption {
description = "Database name.";
default = "grafana";
type = types.str;
};
user = mkOption {
description = "Database user.";
default = "root";
type = types.str;
};
password = mkOption {
description = "Database password.";
default = "";
type = types.str;
};
path = mkOption {
description = "Database path.";
default = "${cfg.dataDir}/data/grafana.db";
type = types.path;
};
};
security = {
adminUser = mkOption {
description = "Default admin username.";
default = "admin";
type = types.str;
};
adminPassword = mkOption {
description = "Default admin password.";
default = "admin";
type = types.str;
};
secretKey = mkOption {
description = "Secret key used for signing.";
default = "SW2YcwTIb9zpOOhoPsMm";
type = types.str;
};
};
users = {
allowSignUp = mkOption {
description = "Disable user signup / registration";
default = false;
type = types.bool;
};
allowOrgCreate = mkOption {
description = "Whether user is allowed to create organizations.";
default = false;
type = types.bool;
};
autoAssignOrg = mkOption {
description = "Whether to automatically assign new users to default org.";
default = true;
type = types.bool;
};
autoAssignOrgRole = mkOption {
description = "Default role new users will be auto assigned.";
default = "Viewer";
type = types.enum ["Viewer" "Editor"];
};
};
auth.anonymous = {
enable = mkOption {
description = "Whether to allow anonymous access";
default = false;
type = types.bool;
};
};
};
config = mkIf cfg.enable {
warnings = [
"Grafana passwords will be stored as plaintext in nix store!"
];
systemd.services.grafana = {
description = "Grafana Service Daemon";
wantedBy = ["multi-user.target"];
after = ["networking.target"];
serviceConfig = {
ExecStart = "${cfg.package}/bin/grafana --config ${cfgFile} web";
WorkingDirectory = cfg.dataDir;
User = "grafana";
};
};
users.extraUsers.grafana = {
uid = config.ids.uids.grafana;
description = "Grafana user";
home = cfg.dataDir;
createHome = true;
};
};
}

41
nixos/modules/services/monitoring/graphite.nix
View file

@ -67,7 +67,7 @@ in {
enable = mkOption {
description = "Whether to enable graphite web frontend.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
host = mkOption {
@ -95,7 +95,7 @@ in {
<link xlink:href="http://graphite-api.readthedocs.org/en/latest/"/>
'';
default = false;
type = types.uniq types.bool;
type = types.bool;
};
finders = mkOption {
@ -177,7 +177,7 @@ in {
enableCache = mkOption {
description = "Whether to enable carbon cache, the graphite storage daemon.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
storageAggregation = mkOption {
@ -234,7 +234,7 @@ in {
enableRelay = mkOption {
description = "Whether to enable carbon relay, the carbon replication and sharding service.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
relayRules = mkOption {
@ -251,7 +251,7 @@ in {
enableAggregator = mkOption {
description = "Whether to enable carbon agregator, the carbon buffering service.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
aggregationRules = mkOption {
@ -269,7 +269,7 @@ in {
enable = mkOption {
description = "Whether to enable seyren service.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
port = mkOption {
@ -319,7 +319,7 @@ in {
<link xlink:href="https://github.com/seatgeek/graphite-pager"/>
'';
default = false;
type = types.uniq types.bool;
type = types.bool;
};
redisUrl = mkOption {
@ -354,6 +354,16 @@ in {
type = types.lines;
};
};
beacon = {
enable = mkEnableOption "graphite beacon";
config = mkOption {
description = "Graphite beacon configuration.";
default = {};
type = types.attrs;
};
};
};
###### implementation
@ -535,10 +545,25 @@ in {
environment.systemPackages = [ pkgs.pythonPackages.graphite_pager ];
})
(mkIf cfg.beacon.enable {
systemd.services.graphite-beacon = {
description = "Grpahite Beacon Alerting Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.pythonPackages.graphite_beacon}/bin/graphite-beacon \
--config ${pkgs.writeText "graphite-beacon.json" (builtins.toJSON cfg.beacon.config)}
'';
User = "graphite";
Group = "graphite";
};
};
})
(mkIf (
cfg.carbon.enableCache || cfg.carbon.enableAggregator || cfg.carbon.enableRelay ||
cfg.web.enable || cfg.api.enable ||
cfg.seyren.enable || cfg.pager.enable
cfg.seyren.enable || cfg.pager.enable || cfg.beacon.enable
) {
users.extraUsers = singleton {
name = "graphite";

2
nixos/modules/services/monitoring/scollector.nix
View file

@ -73,7 +73,7 @@ in {
};
collectors = mkOption {
type = types.attrs;
type = with types; attrsOf (listOf path);
default = {};
example = literalExample "{ 0 = [ \"\${postgresStats}/bin/collect-stats\" ]; }";
description = ''

6
nixos/modules/services/monitoring/statsd.nix
View file

@ -37,7 +37,7 @@ in
enable = mkOption {
description = "Whether to enable statsd stats aggregation service";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
host = mkOption {
@ -49,7 +49,7 @@ in
port = mkOption {
description = "Port that stats listens for messages on over UDP";
default = 8125;
type = types.uniq types.int;
type = types.int;
};
mgmt_address = mkOption {
@ -61,7 +61,7 @@ in
mgmt_port = mkOption {
description = "Port to run the management TCP interface on";
default = 8126;
type = types.uniq types.int;
type = types.int;
};
backends = mkOption {

6
nixos/modules/services/monitoring/ups.nix
View file

@ -32,7 +32,7 @@ let
shutdownOrder = mkOption {
default = 0;
type = types.uniq types.int;
type = types.int;
description = ''
When you have multiple UPSes on your system, you usually need to
turn them off in a certain order. upsdrvctl shuts down all the
@ -63,7 +63,7 @@ let
directives = mkOption {
default = [];
type = types.listOf types.string;
type = types.listOf types.str;
description = ''
List of configuration directives for this UPS.
'';
@ -151,7 +151,7 @@ in
maxStartDelay = mkOption {
default = 45;
type = types.uniq types.int;
type = types.int;
description = ''
This can be set as a global variable above your first UPS
definition and it can also be set in a UPS section. This value

2
nixos/modules/services/network-filesystems/samba.nix
View file

@ -137,7 +137,7 @@ in
nsswins = mkOption {
default = false;
type = types.uniq types.bool;
type = types.bool;
description = ''
Whether to enable the WINS NSS (Name Service Switch) plug-in.
Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a.

4
nixos/modules/services/networking/atftpd.nix
View file

@ -18,7 +18,7 @@ in
enable = mkOption {
default = false;
type = types.uniq types.bool;
type = types.bool;
description = ''
Whenever to enable the atftpd TFTP server.
'';
@ -26,7 +26,7 @@ in
root = mkOption {
default = "/var/empty";
type = types.uniq types.string;
type = types.str;
description = ''
Document root directory for the atftpd.
'';

4
nixos/modules/services/networking/btsync.nix
View file

@ -208,8 +208,8 @@ in
storagePath = mkOption {
type = types.path;
default = "/var/lib/btsync";
example = "/var/lib/btsync";
default = "/var/lib/btsync/";
example = "/var/lib/btsync/";
description = ''
Where to store the bittorrent sync files.
'';

191
nixos/modules/services/networking/consul.nix
View file

@ -104,7 +104,13 @@ in
};
alerts = {
enable = mkEnableOption "Whether to enable consul-alerts";
enable = mkEnableOption "consul-alerts";
package = mkOption {
description = "Package to use for consul-alerts.";
default = pkgs.consul-alerts;
type = types.package;
};
listenAddr = mkOption {
description = "Api listening address.";
@ -135,96 +141,101 @@ in
};
config = mkIf cfg.enable {
config = mkIf cfg.enable (
mkMerge [{
users.extraUsers."consul" = {
description = "Consul agent daemon user";
uid = config.ids.uids.consul;
# The shell is needed for health checks
shell = "/run/current-system/sw/bin/bash";
};
environment = {
etc."consul.json".text = builtins.toJSON configOptions;
# We need consul.d to exist for consul to start
etc."consul.d/dummy.json".text = "{ }";
systemPackages = with pkgs; [ consul ];
};
systemd.services.consul = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ] ++ systemdDevices;
bindsTo = systemdDevices;
restartTriggers = [ config.environment.etc."consul.json".source ]
++ mapAttrsToList (_: d: d.source)
(filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
serviceConfig = {
ExecStart = "@${pkgs.consul}/bin/consul consul agent -config-dir /etc/consul.d"
+ concatMapStrings (n: " -config-file ${n}") configFiles;
ExecReload = "${pkgs.consul}/bin/consul reload";
PermissionsStartOnly = true;
User = if cfg.dropPrivileges then "consul" else null;
TimeoutStartSec = "0";
} // (optionalAttrs (cfg.leaveOnStop) {
ExecStop = "${pkgs.consul}/bin/consul leave";
});
path = with pkgs; [ iproute gnugrep gawk consul ];
preStart = ''
mkdir -m 0700 -p ${dataDir}
chown -R consul ${dataDir}
# Determine interface addresses
getAddrOnce () {
ip addr show dev "$1" \
| grep 'inet${optionalString (cfg.forceIpv4) " "}.*scope global' \
| awk -F '[ /\t]*' '{print $3}' | head -n 1
}
getAddr () {
ADDR="$(getAddrOnce $1)"
LEFT=60 # Die after 1 minute
while [ -z "$ADDR" ]; do
sleep 1
LEFT=$(expr $LEFT - 1)
if [ "$LEFT" -eq "0" ]; then
echo "Address lookup timed out"
exit 1
fi
ADDR="$(getAddrOnce $1)"
done
echo "$ADDR"
}
echo "{" > /etc/consul-addrs.json
delim=" "
''
+ concatStrings (flip mapAttrsToList cfg.interface (name: i:
optionalString (i != null) ''
echo "$delim \"${name}_addr\": \"$(getAddr "${i}")\"" >> /etc/consul-addrs.json
delim=","
''))
+ ''
echo "}" >> /etc/consul-addrs.json
'';
};
systemd.services.consul-alerts = mkIf (cfg.alerts.enable) {
wantedBy = [ "multi-user.target" ];
after = [ "consul.service" ];
path = [ pkgs.consul ];
serviceConfig = {
ExecStart = ''
${pkgs.consul-alerts}/bin/consul-alerts start \
--alert-addr=${cfg.alerts.listenAddr} \
--consul-addr=${cfg.alerts.consulAddr} \
${optionalString cfg.alerts.watchChecks "--watch-checks"} \
${optionalString cfg.alerts.watchEvents "--watch-events"}
'';
User = if cfg.dropPrivileges then "consul" else null;
users.extraUsers."consul" = {
description = "Consul agent daemon user";
uid = config.ids.uids.consul;
# The shell is needed for health checks
shell = "/run/current-system/sw/bin/bash";
};
};
};
environment = {
etc."consul.json".text = builtins.toJSON configOptions;
# We need consul.d to exist for consul to start
etc."consul.d/dummy.json".text = "{ }";
systemPackages = with pkgs; [ consul ];
};
systemd.services.consul = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ] ++ systemdDevices;
bindsTo = systemdDevices;
restartTriggers = [ config.environment.etc."consul.json".source ]
++ mapAttrsToList (_: d: d.source)
(filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
serviceConfig = {
ExecStart = "@${pkgs.consul}/bin/consul consul agent -config-dir /etc/consul.d"
+ concatMapStrings (n: " -config-file ${n}") configFiles;
ExecReload = "${pkgs.consul}/bin/consul reload";
PermissionsStartOnly = true;
User = if cfg.dropPrivileges then "consul" else null;
TimeoutStartSec = "0";
} // (optionalAttrs (cfg.leaveOnStop) {
ExecStop = "${pkgs.consul}/bin/consul leave";
});
path = with pkgs; [ iproute gnugrep gawk consul ];
preStart = ''
mkdir -m 0700 -p ${dataDir}
chown -R consul ${dataDir}
# Determine interface addresses
getAddrOnce () {
ip addr show dev "$1" \
| grep 'inet${optionalString (cfg.forceIpv4) " "}.*scope global' \
| awk -F '[ /\t]*' '{print $3}' | head -n 1
}
getAddr () {
ADDR="$(getAddrOnce $1)"
LEFT=60 # Die after 1 minute
while [ -z "$ADDR" ]; do
sleep 1
LEFT=$(expr $LEFT - 1)
if [ "$LEFT" -eq "0" ]; then
echo "Address lookup timed out"
exit 1
fi
ADDR="$(getAddrOnce $1)"
done
echo "$ADDR"
}
echo "{" > /etc/consul-addrs.json
delim=" "
''
+ concatStrings (flip mapAttrsToList cfg.interface (name: i:
optionalString (i != null) ''
echo "$delim \"${name}_addr\": \"$(getAddr "${i}")\"" >> /etc/consul-addrs.json
delim=","
''))
+ ''
echo "}" >> /etc/consul-addrs.json
'';
};
}
(mkIf (cfg.alerts.enable) {
systemd.services.consul-alerts = {
wantedBy = [ "multi-user.target" ];
after = [ "consul.service" ];
path = [ pkgs.consul ];
serviceConfig = {
ExecStart = ''
${cfg.alerts.package}/bin/consul-alerts start \
--alert-addr=${cfg.alerts.listenAddr} \
--consul-addr=${cfg.alerts.consulAddr} \
${optionalString cfg.alerts.watchChecks "--watch-checks"} \
${optionalString cfg.alerts.watchEvents "--watch-events"}
'';
User = if cfg.dropPrivileges then "consul" else null;
Restart = "on-failure";
};
};
})
]);
}

2
nixos/modules/services/networking/dnsmasq.nix
View file

@ -45,7 +45,7 @@ in
};
servers = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = [ "8.8.8.8" "8.8.4.4" ];
description = ''

2
nixos/modules/services/networking/docker-registry-server.nix
View file

@ -7,7 +7,7 @@ let
in {
options.services.nodeDockerRegistry = {
enable = mkEnableOption "Whether to enable docker registry service.";
enable = mkEnableOption "docker registry service";
port = mkOption {
description = "Docker registry listening port.";

4
nixos/modules/services/networking/firewall.nix
View file

@ -287,7 +287,7 @@ in
};
networking.firewall.trustedInterfaces = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
description =
''
Traffic coming in from these interfaces will be accepted
@ -379,7 +379,7 @@ in
networking.firewall.connectionTrackingModules = mkOption {
default = [ "ftp" ];
example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ];
type = types.listOf types.string;
type = types.listOf types.str;
description =
''
List of connection-tracking helpers that are auto-loaded.

4
nixos/modules/services/networking/freenet.nix
View file

@ -20,13 +20,13 @@ in
services.freenet = {
enable = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = "Enable the Freenet daemon";
};
nice = mkOption {
type = types.uniq types.int;
type = types.int;
default = 10;
description = "Set the nice level for the Freenet daemon";
};

4
nixos/modules/services/networking/iodined.nix
View file

@ -20,13 +20,13 @@ in
services.iodined = {
enable = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = "Enable iodine, ip over dns daemon";
};
client = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = "Start iodine in client mode";
};

4
nixos/modules/services/networking/kippo.nix
View file

@ -16,12 +16,12 @@ rec {
services.kippo = {
enable = mkOption {
default = false;
type = types.uniq types.bool;
type = types.bool;
description = ''Enable the kippo honeypot ssh server.'';
};
port = mkOption {
default = 2222;
type = types.uniq types.int;
type = types.int;
description = ''TCP port number for kippo to bind to.'';
};
hostname = mkOption {

2
nixos/modules/services/networking/minidlna.nix
View file

@ -30,7 +30,7 @@ in
};
services.minidlna.mediaDirs = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = [ "/data/media" "V,/home/alice/video" ];
description =

4
nixos/modules/services/networking/networkmanager.nix
View file

@ -118,7 +118,7 @@ in {
};
appendNameservers = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
description = ''
A list of name servers that should be appended
@ -127,7 +127,7 @@ in {
};
insertNameservers = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
description = ''
A list of name servers that should be inserted before

16
nixos/modules/services/networking/nix-serve.nix
View file

@ -26,6 +26,14 @@ in
'';
};
secretKeyFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The path to the file used for signing derivation data.
'';
};
extraParams = mkOption {
type = types.string;
default = "";
@ -44,13 +52,19 @@ in
path = [ config.nix.package pkgs.bzip2 ];
environment.NIX_REMOTE = "daemon";
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
serviceConfig = {
ExecStart = "${pkgs.nix-serve}/bin/nix-serve " +
"--port ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
User = "nobody";
User = "nix-serve";
Group = "nogroup";
};
};
users.extraUsers.nix-serve = {
description = "Nix-serve user";
uid = config.ids.uids.nix-serve;
};
};
}

12
nixos/modules/services/networking/notbit.nix
View file

@ -31,7 +31,7 @@ with lib;
services.notbit = {
enable = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = ''
Enables the notbit daemon and provides a sendmail binary named `notbit-system-sendmail` for sending mail over the system instance of notbit. Users must be in the notbit group in order to send mail over the system notbit instance. Currently mail recipt is not supported.
@ -39,13 +39,13 @@ with lib;
};
port = mkOption {
type = types.uniq types.int;
type = types.int;
default = 8444;
description = "The port which the daemon listens for other bitmessage clients";
};
nice = mkOption {
type = types.uniq types.int;
type = types.int;
default = 10;
description = "Set the nice level for the notbit daemon";
};
@ -65,19 +65,19 @@ with lib;
};
specifiedPeersOnly = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = "If true, notbit will only connect to peers specified by the peers option.";
};
allowPrivateAddresses = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = "If true, notbit will allow connections to to RFC 1918 addresses.";
};
noBootstrap = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = "If true, notbit will not bootstrap an initial peerlist from bitmessage.org servers";
};

2
nixos/modules/services/networking/ntopng.nix
View file

@ -57,7 +57,7 @@ in
http-port = mkOption {
default = 3000;
type = types.uniq types.int;
type = types.int;
description = ''
Sets the HTTP port of the embedded web server.
'';

2
nixos/modules/services/networking/polipo.nix
View file

@ -42,7 +42,7 @@ in
};
allowedClients = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ "127.0.0.1" "::1" ];
example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ];
description = ''

2
nixos/modules/services/networking/quassel.nix
View file

@ -3,7 +3,7 @@
with lib;
let
quassel = pkgs.kde4.quasselDaemon;
quassel = pkgs.quasselDaemon_qt5;
cfg = config.services.quassel;
user = if cfg.user != null then cfg.user else "quassel";
in

2
nixos/modules/services/networking/racoon.nix
View file

@ -6,7 +6,7 @@ let
cfg = config.services.racoon;
in {
options.services.racoon = {
enable = mkEnableOption "Whether to enable racoon.";
enable = mkEnableOption "racoon";
config = mkOption {
description = "Contents of racoon configuration file.";

91
nixos/modules/services/networking/skydns.nix Normal file
View file

@ -0,0 +1,91 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.skydns;
in {
options.services.skydns = {
enable = mkEnableOption "skydns service";
etcd = {
machines = mkOption {
default = [ "http://localhost:4001" ];
type = types.listOf types.str;
description = "Skydns list of etcd endpoints to connect to.";
};
tlsKey = mkOption {
default = null;
type = types.nullOr types.path;
description = "Skydns path of TLS client certificate - private key.";
};
tlsPem = mkOption {
default = null;
type = types.nullOr types.path;
description = "Skydns path of TLS client certificate - public key.";
};
caCert = mkOption {
default = null;
type = types.nullOr types.path;
description = "Skydns path of TLS certificate authority public key.";
};
};
address = mkOption {
default = "0.0.0.0:53";
type = types.str;
description = "Skydns address to bind to.";
};
domain = mkOption {
default = "skydns.local.";
type = types.str;
description = "Skydns default domain if not specified by etcd config.";
};
nameservers = mkOption {
default = map (n: n + ":53") config.networking.nameservers;
type = types.listOf types.str;
description = "Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.";
example = ["8.8.8.8:53" "8.8.4.4:53"];
};
package = mkOption {
default = pkgs.goPackages.skydns;
type = types.package;
description = "Skydns package to use.";
};
extraConfig = mkOption {
default = {};
type = types.attrsOf types.str;
description = "Skydns attribute set of extra config options passed as environemnt variables.";
};
};
config = mkIf (cfg.enable) {
systemd.services.skydns = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "etcd.service" ];
description = "Skydns Service";
environment = {
ETCD_MACHINES = concatStringsSep "," cfg.etcd.machines;
ETCD_TLSKEY = cfg.etcd.tlsKey;
ETCD_TLSPEM = cfg.etcd.tlsPem;
ETCD_CACERT = cfg.etcd.caCert;
SKYDNS_ADDR = cfg.address;
SKYDNS_DOMAIN = cfg.domain;
SKYDNS_NAMESERVER = concatStringsSep "," cfg.nameservers;
};
serviceConfig = {
ExecStart = "${cfg.package}/bin/skydns";
};
};
environment.systemPackages = [ cfg.package ];
};
}

2
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -234,7 +234,7 @@ in
];
options = {
hostNames = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
description = ''
A list of host names and/or IP numbers used for accessing

2
nixos/modules/services/networking/unifi.nix
View file

@ -25,7 +25,7 @@ in
options = {
services.unifi.enable = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = ''
Whether or not to enable the unifi controller service.

2
nixos/modules/services/networking/wpa_supplicant.nix
View file

@ -43,7 +43,7 @@ in
};
interfaces = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = [ "wlan0" "wlan1" ];
description = ''

4
nixos/modules/services/networking/znc.nix
View file

@ -144,7 +144,7 @@ in
*/
confOptions = {
modules = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ "partyline" "webadmin" "adminlog" "log" ];
example = [ "partyline" "webadmin" "adminlog" "log" ];
description = ''
@ -153,7 +153,7 @@ in
};
userModules = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ ];
example = [ "fish" "push" ];
description = ''

2
nixos/modules/services/scheduling/chronos.nix
View file

@ -13,7 +13,7 @@ in {
enable = mkOption {
description = "Whether to enable graphite web frontend.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
httpPort = mkOption {

2
nixos/modules/services/scheduling/marathon.nix
View file

@ -12,7 +12,7 @@ in {
options.services.marathon = {
enable = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = ''
Whether to enable the marathon mesos framework.

4
nixos/modules/services/search/elasticsearch.nix
View file

@ -34,7 +34,7 @@ in {
enable = mkOption {
description = "Whether to enable elasticsearch.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
host = mkOption {
@ -102,7 +102,7 @@ in {
extraCmdLineOptions = mkOption {
description = "Extra command line options for the elasticsearch launcher.";
default = [];
type = types.listOf types.string;
type = types.listOf types.str;
example = [ "-Djava.net.preferIPv4Stack=true" ];
};

2
nixos/modules/services/torrent/peerflix.nix
View file

@ -20,7 +20,7 @@ in {
enable = mkOption {
description = "Whether to enable peerflix service.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
stateDir = mkOption {

4
nixos/modules/services/torrent/transmission.nix
View file

@ -27,7 +27,7 @@ in
options = {
services.transmission = {
enable = mkOption {
type = types.uniq types.bool;
type = types.bool;
default = false;
description = ''
Whether or not to enable the headless Transmission BitTorrent daemon.
@ -66,7 +66,7 @@ in
};
port = mkOption {
type = types.uniq types.int;
type = types.int;
default = 9091;
description = "TCP port number to run the RPC/web interface.";
};

2
nixos/modules/services/web-servers/lighttpd/cgit.nix
View file

@ -15,7 +15,7 @@ in
enable = mkOption {
default = false;
type = types.uniq types.bool;
type = types.bool;
description = ''
If true, enable cgit (fast web interface for git repositories) as a
sub-service in lighttpd. cgit will be accessible at

Some files were not shown because too many files have changed in this diff Show more