diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 0f8a7ba79044..911f0434e1b8 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -349,6 +349,7 @@
./services/editors/emacs.nix
./services/editors/infinoted.nix
./services/games/factorio.nix
+ ./services/games/freeciv.nix
./services/games/minecraft-server.nix
./services/games/minetest-server.nix
./services/games/openarena.nix
diff --git a/nixos/modules/services/games/freeciv.nix b/nixos/modules/services/games/freeciv.nix
new file mode 100644
index 000000000000..4923891a6179
--- /dev/null
+++ b/nixos/modules/services/games/freeciv.nix
@@ -0,0 +1,187 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+ cfg = config.services.freeciv;
+ inherit (config.users) groups;
+ rootDir = "/run/freeciv";
+ argsFormat = {
+ type = with lib.types; let
+ valueType = nullOr (oneOf [
+ bool int float str
+ (listOf valueType)
+ ]) // {
+ description = "freeciv-server params";
+ };
+ in valueType;
+ generate = name: value:
+ let mkParam = k: v:
+ if v == null then []
+ else if isBool v then if v then [("--"+k)] else []
+ else [("--"+k) v];
+ mkParams = k: v: map (mkParam k) (if isList v then v else [v]);
+ in escapeShellArgs (concatLists (concatLists (mapAttrsToList mkParams value)));
+ };
+in
+{
+ options = {
+ services.freeciv = {
+ enable = mkEnableOption ''freeciv'';
+ settings = mkOption {
+ description = ''
+ Parameters of freeciv-server.
+ '';
+ default = {};
+ type = types.submodule {
+ freeformType = argsFormat.type;
+ options.Announce = mkOption {
+ type = types.enum ["IPv4" "IPv6" "none"];
+ default = "none";
+ description = "Announce game in LAN using given protocol.";
+ };
+ options.auth = mkEnableOption "server authentication";
+ options.Database = mkOption {
+ type = types.nullOr types.str;
+ apply = pkgs.writeText "auth.conf";
+ default = ''
+ [fcdb]
+ backend="sqlite"
+ database="/var/lib/freeciv/auth.sqlite"
+ '';
+ description = "Enable database connection with given configuration.";
+ };
+ options.debug = mkOption {
+ type = types.ints.between 0 3;
+ default = 0;
+ description = "Set debug log level.";
+ };
+ options.exit-on-end = mkEnableOption "exit instead of restarting when a game ends.";
+ options.Guests = mkEnableOption "guests to login if auth is enabled";
+ options.Newusers = mkEnableOption "new users to login if auth is enabled";
+ options.port = mkOption {
+ type = types.port;
+ default = 5556;
+ description = "Listen for clients on given port";
+ };
+ options.quitidle = mkOption {
+ type = types.nullOr types.int;
+ default = null;
+ description = "Quit if no players for given time in seconds.";
+ };
+ options.read = mkOption {
+ type = types.lines;
+ apply = v: pkgs.writeTextDir "read.serv" v + "/read";
+ default = ''
+ /fcdb lua sqlite_createdb()
+ '';
+ description = "Startup script.";
+ };
+ options.saves = mkOption {
+ type = types.nullOr types.str;
+ default = "/var/lib/freeciv/saves/";
+ description = ''
+ Save games to given directory,
+ a sub-directory named after the starting date of the service
+ will me inserted to preserve older saves.
+ '';
+ };
+ };
+ };
+ openFirewall = mkEnableOption "opening the firewall for the port listening for clients";
+ };
+ };
+ config = mkIf cfg.enable {
+ users.groups.freeciv = {};
+ # Use with:
+ # journalctl -u freeciv.service -f -o cat &
+ # cat >/run/freeciv.stdin
+ # load saves/2020-11-14_05-22-27/freeciv-T0005-Y-3750-interrupted.sav.bz2
+ systemd.sockets.freeciv = {
+ wantedBy = [ "sockets.target" ];
+ socketConfig = {
+ ListenFIFO = "/run/freeciv.stdin";
+ SocketGroup = groups.freeciv.name;
+ SocketMode = "660";
+ RemoveOnStop = true;
+ };
+ };
+ systemd.services.freeciv = {
+ description = "Freeciv Service";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ environment.HOME = "/var/lib/freeciv";
+ serviceConfig = {
+ Restart = "on-failure";
+ RestartSec = "5s";
+ StandardInput = "fd:freeciv.socket";
+ StandardOutput = "journal";
+ StandardError = "journal";
+ ExecStart = pkgs.writeShellScript "freeciv-server" (''
+ set -eux
+ savedir=$(date +%Y-%m-%d_%H-%M-%S)
+ '' + "${pkgs.freeciv}/bin/freeciv-server"
+ + " " + optionalString (cfg.settings.saves != null)
+ (concatStringsSep " " [ "--saves" "${escapeShellArg cfg.settings.saves}/$savedir" ])
+ + " " + argsFormat.generate "freeciv-server" (cfg.settings // { saves = null; }));
+ DynamicUser = true;
+ # Create rootDir in the host's mount namespace.
+ RuntimeDirectory = [(baseNameOf rootDir)];
+ RuntimeDirectoryMode = "755";
+ StateDirectory = [ "freeciv" ];
+ WorkingDirectory = "/var/lib/freeciv";
+ # Avoid mounting rootDir in the own rootDir of ExecStart='s mount namespace.
+ InaccessiblePaths = ["-+${rootDir}"];
+ # This is for BindPaths= and BindReadOnlyPaths=
+ # to allow traversal of directories they create in RootDirectory=.
+ UMask = "0066";
+ RootDirectory = rootDir;
+ RootDirectoryStartOnly = true;
+ MountAPIVFS = true;
+ BindReadOnlyPaths = [
+ builtins.storeDir
+ "/etc"
+ "/run"
+ ];
+ # The following options are only for optimizing:
+ # systemd-analyze security freeciv
+ AmbientCapabilities = "";
+ CapabilityBoundingSet = "";
+ # ProtectClock= adds DeviceAllow=char-rtc r
+ DeviceAllow = "";
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ PrivateMounts = true;
+ PrivateNetwork = mkDefault false;
+ PrivateTmp = true;
+ PrivateUsers = true;
+ ProtectClock = true;
+ ProtectControlGroups = true;
+ ProtectHome = true;
+ ProtectHostname = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectSystem = "strict";
+ RemoveIPC = true;
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ RestrictSUIDSGID = true;
+ SystemCallFilter = [
+ "@system-service"
+ # Groups in @system-service which do not contain a syscall listed by:
+ # perf stat -x, 2>perf.log -e 'syscalls:sys_enter_*' freeciv-server
+ # in tests, and seem likely not necessary for freeciv-server.
+ "~@aio" "~@chown" "~@ipc" "~@keyring" "~@memlock"
+ "~@resources" "~@setuid" "~@sync" "~@timer"
+ ];
+ SystemCallArchitectures = "native";
+ SystemCallErrorNumber = "EPERM";
+ };
+ };
+ networking.firewall = mkIf cfg.openFirewall
+ { allowedTCPPorts = [ cfg.settings.port ]; };
+ };
+ meta.maintainers = with lib.maintainers; [ julm ];
+}
diff --git a/nixos/modules/services/misc/cgminer.nix b/nixos/modules/services/misc/cgminer.nix
index b80a4746fd1e..662570f9451f 100644
--- a/nixos/modules/services/misc/cgminer.nix
+++ b/nixos/modules/services/misc/cgminer.nix
@@ -41,12 +41,14 @@ in
};
user = mkOption {
+ type = types.str;
default = "cgminer";
description = "User account under which cgminer runs";
};
pools = mkOption {
default = []; # Run benchmark
+ type = types.listOf (types.attrsOf types.str);
description = "List of pools where to mine";
example = [{
url = "http://p2pool.org:9332";
@@ -57,6 +59,7 @@ in
hardware = mkOption {
default = []; # Run without options
+ type = types.listOf (types.attrsOf (types.either types.str types.int));
description= "List of config options for every GPU";
example = [
{
@@ -83,6 +86,7 @@ in
config = mkOption {
default = {};
+ type = (types.either types.bool types.int);
description = "Additional config";
example = {
auto-fan = true;
diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix
index e960a2455282..48a3ebb32dfe 100644
--- a/pkgs/build-support/bintools-wrapper/default.nix
+++ b/pkgs/build-support/bintools-wrapper/default.nix
@@ -57,6 +57,7 @@ let
else if targetPlatform.libc == "nblibc" then "${libc_lib}/libexec/ld.elf_so"
else if targetPlatform.system == "i686-linux" then "${libc_lib}/lib/ld-linux.so.2"
else if targetPlatform.system == "x86_64-linux" then "${libc_lib}/lib/ld-linux-x86-64.so.2"
+ else if targetPlatform.system == "powerpc64le-linux" then "${libc_lib}/lib/ld64.so.2"
# ARM with a wildcard, which can be "" or "-armhf".
else if (with targetPlatform; isAarch32 && isLinux) then "${libc_lib}/lib/ld-linux*.so.3"
else if targetPlatform.system == "aarch64-linux" then "${libc_lib}/lib/ld-linux-aarch64.so.1"
diff --git a/pkgs/development/compilers/llvm/rocm/clang.nix b/pkgs/development/compilers/llvm/rocm/clang.nix
index 789d4c055eb0..6ab0f894ca9c 100644
--- a/pkgs/development/compilers/llvm/rocm/clang.nix
+++ b/pkgs/development/compilers/llvm/rocm/clang.nix
@@ -56,6 +56,11 @@ stdenv.mkDerivation rec {
echo "$VCSVersion" > lib/Basic/VCSVersion.inc
'';
+ passthru = {
+ isClang = true;
+ inherit llvm;
+ };
+
meta = with lib; {
description = "ROCm fork of the clang C/C++/Objective-C/Objective-C++ LLVM compiler frontend";
homepage = "https://llvm.org/";
diff --git a/pkgs/development/libraries/spglib/default.nix b/pkgs/development/libraries/spglib/default.nix
new file mode 100644
index 000000000000..f4667acd5793
--- /dev/null
+++ b/pkgs/development/libraries/spglib/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, lib, fetchFromGitHub, cmake } :
+
+stdenv.mkDerivation rec {
+ pname = "spglib";
+ version = "1.16.0";
+
+ src = fetchFromGitHub {
+ owner = "atztogo";
+ repo = "spglib";
+ rev = "v${version}";
+ sha256 = "1kzc956m1pnazhz52vspqridlw72wd8x5l3dsilpdxl491aa2nws";
+ };
+
+ nativeBuildInputs = [ cmake ];
+
+ checkTarget = "check";
+ doCheck = true;
+
+ meta = with lib; {
+ description = "C library for finding and handling crystal symmetries";
+ homepage = "https://atztogo.github.io/spglib/";
+ license = licenses.bsd3;
+ maintainers = [ maintainers.markuskowa ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/development/tools/ocaml/opam/installer.nix b/pkgs/development/tools/ocaml/opam/installer.nix
new file mode 100644
index 000000000000..4501ddd63f04
--- /dev/null
+++ b/pkgs/development/tools/ocaml/opam/installer.nix
@@ -0,0 +1,17 @@
+{ lib, unzip, opam, ocamlPackages }:
+
+ocamlPackages.buildDunePackage {
+ pname = "opam-installer";
+
+ useDune2 = true;
+
+ inherit (opam) version src;
+ nativeBuildInputs = [ unzip ];
+
+ configureFlags = [ "--disable-checks" "--prefix=$out" ];
+ buildInputs = with ocamlPackages; [ opam-format cmdliner ];
+
+ meta = opam.meta // {
+ description = "Handle (un)installation from opam install files";
+ };
+}
diff --git a/pkgs/games/freeciv/default.nix b/pkgs/games/freeciv/default.nix
index de5f2751fd19..f9938eaca313 100644
--- a/pkgs/games/freeciv/default.nix
+++ b/pkgs/games/freeciv/default.nix
@@ -28,7 +28,8 @@ in stdenv.mkDerivation rec {
done
'';
- nativeBuildInputs = [ autoreconfHook pkg-config ];
+ nativeBuildInputs = [ autoreconfHook pkg-config ]
+ ++ optional qtClient [ qt5.wrapQtAppsHook ];
buildInputs = [ lua5_3 zlib bzip2 curl lzma gettext libiconv ]
++ optionals sdlClient [ SDL SDL_mixer SDL_image SDL_ttf SDL_gfx freetype fluidsynth ]
diff --git a/pkgs/os-specific/linux/erofs-utils/default.nix b/pkgs/os-specific/linux/erofs-utils/default.nix
index e1ff63bce773..73e50c5740bc 100644
--- a/pkgs/os-specific/linux/erofs-utils/default.nix
+++ b/pkgs/os-specific/linux/erofs-utils/default.nix
@@ -2,14 +2,14 @@
stdenv.mkDerivation rec {
pname = "erofs-utils";
- version = "1.2";
+ version = "1.2.1";
outputs = [ "out" "man" ];
src = fetchgit {
url =
"https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git";
rev = "v" + version;
- sha256 = "07hvijq2hsn3gg1kb8abrfk23n83j57yx8kyv4wqgwhhvd30myjc";
+ sha256 = "1vb4mxsb59g29x7l22cffsqa8x743sra4j5zbmx89hjwpwm9vvcg";
};
buildInputs = [ autoreconfHook pkg-config fuse libuuid lz4 ];
diff --git a/pkgs/stdenv/linux/make-bootstrap-tools.nix b/pkgs/stdenv/linux/make-bootstrap-tools.nix
index 25cde589a923..e4db92b7717c 100644
--- a/pkgs/stdenv/linux/make-bootstrap-tools.nix
+++ b/pkgs/stdenv/linux/make-bootstrap-tools.nix
@@ -258,7 +258,7 @@ in with pkgs; rec {
gcc --version
'' + lib.optionalString (stdenv.hostPlatform.libc == "glibc") ''
- ldlinux=$(echo ${bootstrapTools}/lib/ld-linux*.so.?)
+ ldlinux=$(echo ${bootstrapTools}/lib/${builtins.baseNameOf binutils.dynamicLinker})
export CPP="cpp -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools}"
export CC="gcc -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools} -Wl,-dynamic-linker,$ldlinux -Wl,-rpath,${bootstrapTools}/lib"
export CXX="g++ -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools} -Wl,-dynamic-linker,$ldlinux -Wl,-rpath,${bootstrapTools}/lib"
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 6fa7b4b201de..76bf49b63fa2 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7869,6 +7869,8 @@ in
soapui = callPackage ../applications/networking/soapui { };
+ spglib = callPackage ../development/libraries/spglib { };
+
ssh-askpass-fullscreen = callPackage ../tools/networking/ssh-askpass-fullscreen { };
sshguard = callPackage ../tools/security/sshguard {};
@@ -10567,6 +10569,8 @@ in
inherit (ocaml-ng.ocamlPackages_4_05) ocaml;
};
+ opam-installer = callPackage ../development/tools/ocaml/opam/installer.nix { };
+
open-watcom-bin = callPackage ../development/compilers/open-watcom-bin { };
pforth = callPackage ../development/compilers/pforth {};
@@ -19663,6 +19667,7 @@ in
prototool = callPackage ../development/tools/prototool { };
qemu_kvm = lowPrio (qemu.override { hostCpuOnly = true; });
+ qemu_full = lowPrio (qemu.override { smbdSupport = true; cephSupport = true; });
# See `xenPackages` source for explanations.
# Building with `xen` instead of `xen-slim` is possible, but makes no sense.