colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into syncserver

Browse Source
This commit is contained in:
Nicolas B. Pierron 2014-12-11 23:49:19 +01:00
commit 0570a08b83
506 changed files with 22978 additions and 15431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.version
View File

@ -1 +1 @@
14.11
15.05

2
lib/licenses.nix
View File

@ -135,7 +135,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
};
gpl1 = spdx {
shortName = "GPL-1.0";
spdxId = "GPL-1.0";
fullName = "GNU General Public License v1.0 only";
};

3
lib/maintainers.nix
View File

@ -115,6 +115,7 @@
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
olcai = "Erik Timan <dev@timan.info>";
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
page = "Carles Pagès <page@cubata.homelinux.net>";
pashev = "Igor Pashev <pashev.igor@gmail.com>";
@ -123,6 +124,7 @@
piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
qknight = "Joachim Schiele <js@lastlog.de>";
@ -180,4 +182,5 @@
zef = "Zef Hemel <zef@zef.me>";
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
Gonzih = "Max Gonzih <gonzih@gmail.com>";
}

4
maintainers/scripts/nix-generate-from-cpan.nix
View File

@ -3,7 +3,7 @@
stdenv.mkDerivation {
name = "nix-generate-from-cpan-1";
buildInputs = [ makeWrapper perl perlPackages.YAMLLibYAML perlPackages.JSON ];
buildInputs = [ makeWrapper perl perlPackages.YAMLLibYAML perlPackages.JSON perlPackages.CPANPLUS ];
unpackPhase = "true";
buildPhase = "true";
@ -19,4 +19,4 @@ stdenv.mkDerivation {
maintainers = [ stdenv.lib.maintainers.eelco ];
description = "Utility to generate a Nix expression for a Perl package from CPAN";
};
}
}

2
maintainers/scripts/nix-generate-from-cpan.pl
View File

@ -100,7 +100,7 @@ sub get_deps {
foreach my $n (keys %{$deps}) {
next if $n eq "perl";
# Hacky way to figure out if this module is part of Perl.
if ($n !~ /^JSON/ && $n !~ /^YAML/) {
if ($n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/) {
eval "use $n;";
if (!$@) {
print STDERR "skipping Perl-builtin module $n\n";

8
nixos/doc/manual/administration/network-problems.xml
View File

@ -12,9 +12,9 @@ pre-built binary. That is, whenever a command like
<command>nixos-rebuild</command> needs a path in the Nix store, Nix
will try to download that path from the Internet rather than build it
from source. The default binary cache is
<uri>http://cache.nixos.org/</uri>. If this cache is unreachable, Nix
operations may take a long time due to HTTP connection timeouts. You
can disable the use of the binary cache by adding <option>--option
<uri>https://cache.nixos.org/</uri>. If this cache is unreachable,
Nix operations may take a long time due to HTTP connection timeouts.
You can disable the use of the binary cache by adding <option>--option
use-binary-caches false</option>, e.g.
<screen>
@ -30,4 +30,4 @@ $ nixos-rebuild switch --option binary-caches http://my-cache.example.org/
</para>
</section>
</section>

11
nixos/doc/manual/installation/obtaining.xml
View File

@ -8,9 +8,14 @@
<para>NixOS ISO images can be downloaded from the <link
xlink:href="http://nixos.org/nixos/download.html">NixOS
homepage</link>. These can be burned onto a CD. It is also possible
to copy them onto a USB stick and install NixOS from there. For
details, see the <link
homepage</link>. There are a number of installation options. If
you happen to have an optical drive and a spare CD, burning the
image to CD and booting from that is probably the easiest option.
Most people will need to prepare a USB stick to boot from.
Unetbootin is recommended and the process is described in brief below.
Note that systems which use UEFI require some additional manual steps.
If you run into difficulty a number of alternative methods are presented
in the <link
xlink:href="https://nixos.org/wiki/Installing_NixOS_from_a_USB_stick">NixOS
Wiki</link>.</para>

2
nixos/doc/manual/release-notes/release-notes.xml
View File

@ -10,7 +10,7 @@
<para>This section lists the release notes for each stable version of NixOS.</para>
</partintro>
<xi:include href="rl-1411.xml" />
<xi:include href="rl-1412.xml" />
<xi:include href="rl-1404.xml" />
<xi:include href="rl-1310.xml" />

9
nixos/doc/manual/release-notes/rl-1411.xml → nixos/doc/manual/release-notes/rl-1412.xml
View File

@ -2,9 +2,9 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-14.11">
xml:id="sec-release-14.12">
<title>Release 14.11 (“Caterpillar”, 2014/11/??)</title>
<title>Release 14.12 (“Caterpillar”, 2014/12/??)</title>
<para>When upgrading from a previous release, please be aware of the
following incompatible changes:
@ -24,6 +24,11 @@ services.httpd.package = pkgs.apacheHttpd_2_2;
</para></listitem>
<listitem><para>PHP 5.3 has been removed because it is no longer
supported by the PHP project. A <link
xlink:href="http://php.net/migration54">migration guide</link> is
available.</para></listitem>
<listitem><para>The host side of a container virtual Ethernet pair
is now called <literal>ve-<replaceable>container-name</replaceable></literal>
rather than <literal>c-<replaceable>container-name</replaceable></literal>.</para></listitem>

5
nixos/lib/make-system-tarball.nix
View File

@ -16,6 +16,9 @@
# symlink to `object' that will be added to the tarball.
storeContents ? []
# Extra commands to be executed before archiving files
, extraCommands ? ""
# Extra tar arguments
, extraArgs ? ""
}:
@ -25,7 +28,7 @@ stdenv.mkDerivation {
builder = ./make-system-tarball.sh;
buildInputs = [perl xz];
inherit fileName pathsFromGraph extraArgs;
inherit fileName pathsFromGraph extraArgs extraCommands;
# !!! should use XML.
sources = map (x: x.source) contents;

4
nixos/lib/make-system-tarball.sh
View File

@ -33,7 +33,7 @@ for i in $storePaths; do
done
# TODO tar ruxo
# TODO tar ruxo
# Also include a manifest of the closures in a format suitable for
# nix-store --load-db.
printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration
@ -48,6 +48,8 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
fi
done
$extraCommands
mkdir -p $out/tarball
tar cvJf $out/tarball/$fileName.tar.xz * $extraArgs

193
nixos/modules/config/fonts/fontconfig-ultimate.nix Normal file
View File

@ -0,0 +1,193 @@
{ config, pkgs, ... }:
with pkgs.lib;
let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>";
in
{
options = {
fonts = {
fontconfig = {
ultimate = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Enable fontconfig-ultimate settings (formerly known as
Infinality). Besides the customizable settings in this NixOS
module, fontconfig-ultimate also provides many font-specific
rendering tweaks.
'';
};
allowBitmaps = mkOption {
type = types.bool;
default = true;
description = ''
Allow bitmap fonts. Set to <literal>false</literal> to ban all
bitmap fonts.
'';
};
allowType1 = mkOption {
type = types.bool;
default = false;
description = ''
Allow Type-1 fonts. Default is <literal>false</literal> because of
poor rendering.
'';
};
useEmbeddedBitmaps = mkOption {
type = types.bool;
default = false;
description = ''Use embedded bitmaps in fonts like Calibri.'';
};
forceAutohint = mkOption {
type = types.bool;
default = false;
description = ''
Force use of the TrueType Autohinter. Useful for debugging or
free-software purists.
'';
};
renderMonoTTFAsBitmap = mkOption {
type = types.bool;
default = false;
description = ''Render some monospace TTF fonts as bitmaps.'';
};
substitutions = mkOption {
type = types.str // {
check = flip elem ["none" "free" "combi" "ms"];
};
default = "free";
description = ''
Font substitutions to replace common Type 1 fonts with nicer
TrueType fonts. <literal>free</literal> uses free fonts,
<literal>ms</literal> uses Microsoft fonts,
<literal>combi</literal> uses a combination, and
<literal>none</literal> disables the substitutions.
'';
};
rendering = mkOption {
type = types.attrs;
default = pkgs.fontconfig-ultimate.rendering.ultimate;
description = ''
FreeType rendering settings presets. The default is
<literal>pkgs.fontconfig-ultimate.rendering.ultimate</literal>.
The other available styles are:
<literal>ultimate-lighter</literal>,
<literal>ultimate-darker</literal>,
<literal>ultimate-lightest</literal>,
<literal>ultimate-darkest</literal>,
<literal>default</literal> (the original Infinality default),
<literal>osx</literal>,
<literal>ipad</literal>,
<literal>ubuntu</literal>,
<literal>linux</literal>,
<literal>winxplight</literal>,
<literal>win7light</literal>,
<literal>winxp</literal>,
<literal>win7</literal>,
<literal>vanilla</literal>,
<literal>classic</literal>,
<literal>nudge</literal>,
<literal>push</literal>,
<literal>shove</literal>,
<literal>sharpened</literal>,
<literal>infinality</literal>. Any of the presets may be
customized by editing the attributes. To disable, set this option
to the empty attribute set <literal>{}</literal>.
'';
};
};
};
};
};
config =
let ultimate = config.fonts.fontconfig.ultimate;
fontconfigUltimateConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
${optionalString ultimate.allowBitmaps ''
<!-- Reject bitmap fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="scalable"><bool>false</bool></patelt>
</pattern>
</rejectfont>
</selectfont>
''}
${optionalString ultimate.allowType1 ''
<!-- Reject Type 1 fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="fontformat">
<string>Type 1</string>
</patelt>
</pattern>
</rejectfont>
</selectfont>
''}
<!-- Use embedded bitmaps in fonts like Calibri? -->
<match target="font">
<edit name="embeddedbitmap" mode="assign">
${fcBool ultimate.useEmbeddedBitmaps}
</edit>
</match>
<!-- Force autohint always -->
<match target="font">
<edit name="force_autohint" mode="assign">
${fcBool ultimate.forceAutohint}
</edit>
</match>
<!-- Render some monospace TTF fonts as bitmaps -->
<match target="pattern">
<edit name="bitmap_monospace" mode="assign">
${fcBool ultimate.renderMonoTTFAsBitmap}
</edit>
</match>
${optionalString (ultimate.substitutions != "none") ''
<!-- Type 1 font substitutions -->
<include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${ultimate.substitutions}</include>
''}
<include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d</include>
</fontconfig>
'';
in mkIf (config.fonts.fontconfig.enable && ultimate.enable) {
environment.etc."fonts/conf.d/52-fontconfig-ultimate.conf" = {
text = fontconfigUltimateConf;
};
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/52-fontconfig-ultimate.conf" = {
text = fontconfigUltimateConf;
};
environment.variables = ultimate.rendering;
};
}

276
nixos/modules/config/fonts/fontconfig.nix
View File

@ -8,72 +8,250 @@ with lib;
fonts = {
enableFontConfig = mkOption { # !!! should be enableFontconfig
type = types.bool;
default = true;
description = ''
If enabled, a Fontconfig configuration file will be built
pointing to a set of default fonts. If you don't care about
running X11 applications or any other program that uses
Fontconfig, you can turn this option off and prevent a
dependency on all those fonts.
'';
fontconfig = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
If enabled, a Fontconfig configuration file will be built
pointing to a set of default fonts. If you don't care about
running X11 applications or any other program that uses
Fontconfig, you can turn this option off and prevent a
dependency on all those fonts.
'';
};
antialias = mkOption {
type = types.bool;
default = true;
description = "Enable font antialiasing.";
};
dpi = mkOption {
type = types.int;
default = 0;
description = ''
Force DPI setting. Setting to <literal>0</literal> disables DPI
forcing; the DPI detected for the display will be used.
'';
};
defaultFonts = {
monospace = mkOption {
type = types.listOf types.str;
default = ["DejaVu Sans Mono"];
description = ''
System-wide default monospace font(s). Multiple fonts may be
listed in case multiple languages must be supported.
'';
};
sansSerif = mkOption {
type = types.listOf types.str;
default = ["DejaVu Sans"];
description = ''
System-wide default sans serif font(s). Multiple fonts may be
listed in case multiple languages must be supported.
'';
};
serif = mkOption {
type = types.listOf types.str;
default = ["DejaVu Serif"];
description = ''
System-wide default serif font(s). Multiple fonts may be listed
in case multiple languages must be supported.
'';
};
};
hinting = {
enable = mkOption {
type = types.bool;
default = true;
description = "Enable TrueType hinting.";
};
autohint = mkOption {
type = types.bool;
default = true;
description = ''
Enable the autohinter, which provides hinting for otherwise
un-hinted fonts. The results are usually lower quality than
correctly-hinted fonts.
'';
};
style = mkOption {
type = types.str // {
check = flip elem ["none" "slight" "medium" "full"];
};
default = "full";
description = ''
TrueType hinting style, one of <literal>none</literal>,
<literal>slight</literal>, <literal>medium</literal>, or
<literal>full</literal>.
'';
};
};
includeUserConf = mkOption {
type = types.bool;
default = true;
description = ''
Include the user configuration from
<filename>~/.config/fontconfig/fonts.conf</filename> or
<filename>~/.config/fontconfig/conf.d</filename>.
'';
};
subpixel = {
rgba = mkOption {
type = types.string // {
check = flip elem ["rgb" "bgr" "vrgb" "vbgr" "none"];
};
default = "rgb";
description = ''
Subpixel order, one of <literal>none</literal>,
<literal>rgb</literal>, <literal>bgr</literal>,
<literal>vrgb</literal>, or <literal>vbgr</literal>.
'';
};
lcdfilter = mkOption {
type = types.str // {
check = flip elem ["none" "default" "light" "legacy"];
};
default = "default";
description = ''
FreeType LCD filter, one of <literal>none</literal>,
<literal>default</literal>, <literal>light</literal>, or
<literal>legacy</literal>.
'';
};
};
};
};
};
config =
let fontconfig = config.fonts.fontconfig;
fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
nixosConf = ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
config = mkIf config.fonts.enableFontConfig {
<!-- Default rendering settings -->
<match target="font">
<edit mode="assign" name="hinting">
${fcBool fontconfig.hinting.enable}
</edit>
<edit mode="assign" name="autohint">
${fcBool fontconfig.hinting.autohint}
</edit>
<edit mode="assign" name="hintstyle">
<const>hint${fontconfig.hinting.style}</const>
</edit>
<edit mode="assign" name="antialias">
${fcBool fontconfig.antialias}
</edit>
<edit mode="assign" name="rgba">
<const>${fontconfig.subpixel.rgba}</const>
</edit>
<edit mode="assign" name="lcdfilter">
<const>lcd${fontconfig.subpixel.lcdfilter}</const>
</edit>
</match>
# Fontconfig 2.10 backward compatibility
<!-- Default fonts -->
${optionalString (fontconfig.defaultFonts.sansSerif != []) ''
<alias>
<family>sans-serif</family>
<prefer>
${concatStringsSep "\n"
(map (font: "<family>${font}</family>")
fontconfig.defaultFonts.sansSerif)}
</prefer>
</alias>
''}
${optionalString (fontconfig.defaultFonts.serif != []) ''
<alias>
<family>serif</family>
<prefer>
${concatStringsSep "\n"
(map (font: "<family>${font}</family>")
fontconfig.defaultFonts.serif)}
</prefer>
</alias>
''}
${optionalString (fontconfig.defaultFonts.monospace != []) ''
<alias>
<family>monospace</family>
<prefer>
${concatStringsSep "\n"
(map (font: "<family>${font}</family>")
fontconfig.defaultFonts.monospace)}
</prefer>
</alias>
''}
# Bring in the default (upstream) fontconfig configuration, only for fontconfig 2.10
environment.etc."fonts/fonts.conf".source =
pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
${optionalString (fontconfig.dpi != 0) ''
<match target="pattern">
<edit name="dpi" mode="assign">
<double>${fontconfig.dpi}</double>
</edit>
</match>
''}
environment.etc."fonts/conf.d/00-nixos.conf".text =
''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
</fontconfig>
'';
in mkIf fontconfig.enable {
<!-- Set the default hinting style to "slight". -->
<match target="font">
<edit mode="assign" name="hintstyle">
<const>hintslight</const>
</edit>
</match>
# Fontconfig 2.10 backward compatibility
</fontconfig>
'';
# Bring in the default (upstream) fontconfig configuration, only for fontconfig 2.10
environment.etc."fonts/fonts.conf".source =
pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
# Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig.
# Otherwise specify only font directories.
environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source =
"${pkgs.fontconfig}/etc/fonts/fonts.conf";
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
environment.etc."fonts/conf.d/98-nixos.conf".text = nixosConf;
<!-- Set the default hinting style to "slight". -->
<match target="font">
<edit mode="assign" name="hintstyle">
<const>hintslight</const>
</edit>
</match>
# Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig.
# Otherwise specify only font directories.
environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source =
"${pkgs.fontconfig}/etc/fonts/fonts.conf";
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
</fontconfig>
'';
</fontconfig>
'';
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/98-nixos.conf".text = nixosConf;
environment.systemPackages = [ pkgs.fontconfig ];
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/99-user.conf" = {
enable = fontconfig.includeUserConf;
text = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
<include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
</fontconfig>
'';
};
};
environment.systemPackages = [ pkgs.fontconfig ];
};
}

2
nixos/modules/config/fonts/fonts.nix
View File

@ -25,7 +25,7 @@ with lib;
[ pkgs.xorg.fontbhttf
pkgs.xorg.fontbhlucidatypewriter100dpi
pkgs.xorg.fontbhlucidatypewriter75dpi
pkgs.ttf_bitstream_vera
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.liberation_ttf
pkgs.xorg.fontbh100dpi

2
nixos/modules/config/no-x-libs.nix
View File

@ -24,7 +24,7 @@ with lib;
programs.ssh.setXAuthLocation = false;
security.pam.services.su.forwardXAuth = lib.mkForce false;
fonts.enableFontConfig = false;
fonts.fontconfig.enable = false;
nixpkgs.config.packageOverrides = pkgs:
{ dbus = pkgs.dbus.override { useX11 = false; }; };

9
nixos/modules/hardware/all-firmware.nix
View File

@ -12,7 +12,8 @@ with lib;
default = false;
type = types.bool;
description = ''
Turn on this option if you want to enable all the firmware shipped with Debian/Ubuntu.
Turn on this option if you want to enable all the firmware shipped with Debian/Ubuntu
and iwlwifi.
'';
};
@ -22,7 +23,11 @@ with lib;
###### implementation
config = mkIf config.hardware.enableAllFirmware {
hardware.firmware = [ "${pkgs.firmwareLinuxNonfree}/lib/firmware" ];
hardware.firmware = [
"${pkgs.firmwareLinuxNonfree}/lib/firmware"
"${pkgs.iwlegacy}/lib/firmware"
"${pkgs.iwlwifi}/lib/firmware"
];
};
}

2
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -156,7 +156,7 @@ if [ -n "$buildNix" ]; then
exit 1
fi
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
--option extra-binary-caches http://cache.nixos.org/; then
--option extra-binary-caches https://cache.nixos.org/; then
echo "warning: don't know how to get latest Nix" >&2
fi
# Older version of nix-store -r don't support --add-root.

4
nixos/modules/misc/ids.nix
View File

@ -170,6 +170,8 @@
scollector = 160;
bosun = 161;
kubernetes = 162;
peerflix = 163;
chronos = 164;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -210,6 +212,7 @@
privoxy = 32;
disnix = 33;
osgi = 34;
tor = 35;
ghostOne = 40;
git = 41;
fourstore = 42;
@ -304,6 +307,7 @@
scollector = 156;
bosun = 157;
kubernetes = 158;
fleet = 159;
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!

8
nixos/modules/module-list.nix
View File

@ -1,6 +1,7 @@
[
./config/fonts/corefonts.nix
./config/fonts/fontconfig.nix
./config/fonts/fontconfig-ultimate.nix
./config/fonts/fontdir.nix
./config/fonts/fonts.nix
./config/fonts/ghostscript.nix
@ -101,6 +102,8 @@
./services/backup/rsnapshot.nix
./services/backup/sitecopy-backup.nix
./services/backup/tarsnap.nix
./services/cluster/fleet.nix
./services/cluster/kubernetes.nix
./services/computing/torque/server.nix
./services/computing/torque/mom.nix
./services/continuous-integration/jenkins/default.nix
@ -293,6 +296,7 @@
./services/networking/znc.nix
./services/printing/cupsd.nix
./services/scheduling/atd.nix
./services/scheduling/chronos.nix
./services/scheduling/cron.nix
./services/scheduling/fcron.nix
./services/search/elasticsearch.nix
@ -302,7 +306,6 @@
./services/security/fprot.nix
./services/security/frandom.nix
./services/security/haveged.nix
./services/security/torify.nix
./services/security/tor.nix
./services/security/torsocks.nix
./services/system/dbus.nix
@ -310,6 +313,7 @@
./services/system/nscd.nix
./services/system/uptimed.nix
./services/torrent/deluge.nix
./services/torrent/peerflix.nix
./services/torrent/transmission.nix
./services/ttys/agetty.nix
./services/ttys/gpm.nix
@ -358,6 +362,7 @@
./system/boot/loader/efi.nix
./system/boot/loader/generations-dir/generations-dir.nix
./system/boot/loader/grub/grub.nix
./system/boot/loader/grub/ipxe.nix
./system/boot/loader/grub/memtest.nix
./system/boot/loader/gummiboot/gummiboot.nix
./system/boot/loader/init-script/init-script.nix
@ -398,7 +403,6 @@
./virtualisation/container-config.nix
./virtualisation/containers.nix
./virtualisation/docker.nix
./virtualisation/kubernetes.nix
./virtualisation/libvirtd.nix
./virtualisation/lxc.nix
#./virtualisation/nova.nix

57
nixos/modules/profiles/container.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, lib, pkgs, ... }:
with lib;
let
pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
in {
# Docker image config.
imports = [
../installer/cd-dvd/channel.nix
./minimal.nix
./clone-config.nix
];
# Create the tarball
system.build.tarball = import ../../lib/make-system-tarball.nix {
inherit (pkgs) stdenv perl xz pathsFromGraph;
contents = [];
extraArgs = "--owner=0";
# Some container managers like lxc need these
extraCommands = "mkdir -p proc sys dev";
# Add init script to image
storeContents = [
{ object = config.system.build.toplevel + "/init";
symlink = "/init";
}
] ++ (pkgs2storeContents [ pkgs.stdenv ]);
};
boot.postBootCommands =
''
# After booting, register the contents of the Nix store in the Nix
# database.
if [ -f /nix-path-registration ]; then
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
boot.isContainer = true;
# Disable some features that are not useful in a container.
sound.enable = mkDefault false;
services.udisks2.enable = mkDefault false;
# Shut up warnings about not having a boot loader.
system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
}

2
nixos/modules/programs/bash/bash.nix
View File

@ -105,7 +105,7 @@ in
};
enableCompletion = mkOption {
default = false;
default = true;
description = ''
Enable Bash completion for all interactive bash shells.
'';

1
nixos/modules/rename.nix
View File

@ -74,6 +74,7 @@ in zipModules ([]
++ obsolete [ "environment" "x11Packages" ] [ "environment" "systemPackages" ]
++ obsolete [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]
++ obsolete [ "environment" "nix" ] [ "nix" "package" ]
++ obsolete [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ]
++ obsolete [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]
++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]

2
nixos/modules/security/ca.nix
View File

@ -16,6 +16,8 @@ with lib;
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
# FIXME: unneeded - remove eventually.
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
# FIXME: unneeded - remove eventually.
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
};
};

1
nixos/modules/services/backup/almir.nix
View File

@ -109,6 +109,7 @@ in {
};
sqlalchemy_engine_url = mkOption {
default = "postgresql:///bacula";
example = ''
postgresql://bacula:bacula@localhost:5432/bacula
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'

150
nixos/modules/services/cluster/fleet.nix Normal file
View File

@ -0,0 +1,150 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.fleet;
in {
##### Interface
options.services.fleet = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable fleet service.
'';
};
listen = mkOption {
type = types.listOf types.str;
default = [ "/var/run/fleet.sock" ];
example = [ "/var/run/fleet.sock" "127.0.0.1:49153" ];
description = ''
Fleet listening addresses.
'';
};
etcdServers = mkOption {
type = types.listOf types.str;
default = [ "http://127.0.0.1:4001" ];
description = ''
Fleet list of etcd endpoints to use.
'';
};
publicIp = mkOption {
type = types.nullOr types.str;
default = "";
description = ''
Fleet IP address that should be published with the local Machine's
state and any socket information. If not set, fleetd will attempt
to detect the IP it should publish based on the machine's IP
routing information.
'';
};
etcdCafile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Fleet TLS ca file when SSL certificate authentication is enabled
in etcd endpoints.
'';
};
etcdKeyfile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Fleet TLS key file when SSL certificate authentication is enabled
in etcd endpoints.
'';
};
etcdCertfile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Fleet TLS cert file when SSL certificate authentication is enabled
in etcd endpoints.
'';
};
metadata = mkOption {
type = types.attrsOf types.str;
default = {};
apply = attrs: concatMapStringsSep "," (n: "${n}=${attrs."${n}"}") (attrNames attrs);
example = literalExample ''
{
region = "us-west";
az = "us-west-1";
}
'';
description = ''
Key/value pairs that are published with the local to the fleet registry.
This data can be used directly by a client of fleet to make scheduling decisions.
'';
};
extraConfig = mkOption {
type = types.attrsOf types.str;
apply = mapAttrs' (n: v: nameValuePair ("ETCD_" + n) v);
default = {};
example = literalExample ''
{
VERBOSITY = 1;
ETCD_REQUEST_TIMEOUT = "2.0";
AGENT_TTL = "40s";
}
'';
description = ''
Fleet extra config. See
<link xlink:href="https://github.com/coreos/fleet/blob/master/Documentation/deployment-and-configuration.md"/>
for configuration options.
'';
};
};
##### Implementation
config = mkIf cfg.enable {
systemd.services.fleet = {
description = "Fleet Init System Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "fleet.socket" "etcd.service" "docker.service" ];
requires = [ "fleet.socket" ];
environment = {
FLEET_ETCD_SERVERS = concatStringsSep "," cfg.etcdServers;
FLEET_PUBLIC_IP = cfg.publicIp;
FLEET_ETCD_CAFILE = cfg.etcdCafile;
FLEET_ETCD_KEYFILE = cfg.etcdKeyfile;
FEELT_ETCD_CERTFILE = cfg.etcdCertfile;
FLEET_METADATA = cfg.metadata;
} // cfg.extraConfig;
serviceConfig = {
ExecStart = "${pkgs.fleet}/bin/fleetd";
Group = "fleet";
};
};
systemd.sockets.fleet = {
description = "Fleet Socket for the API";
wantedBy = [ "sockets.target" ];
listenStreams = cfg.listen;
socketConfig = {
ListenStream = "/var/run/fleet.sock";
SocketMode = "0660";
SocketUser = "root";
SocketGroup = "fleet";
};
};
services.etcd.enable = mkDefault true;
virtualisation.docker.enable = mkDefault true;
environment.systemPackages = [ pkgs.fleet ];
users.extraGroups.fleet.gid = config.ids.gids.fleet;
};
}

17
nixos/modules/virtualisation/kubernetes.nix → nixos/modules/services/cluster/kubernetes.nix
View File

@ -3,16 +3,15 @@
with lib;
let
cfg = config.virtualisation.kubernetes;
cfg = config.services.kubernetes;
in {
###### interface
options.virtualisation.kubernetes = {
options.services.kubernetes = {
package = mkOption {
description = "Kubernetes package to use.";
default = pkgs.kubernetes;
type = types.package;
};
@ -421,15 +420,15 @@ in {
})
(mkIf (any (el: el == "master") cfg.roles) {
virtualisation.kubernetes.apiserver.enable = mkDefault true;
virtualisation.kubernetes.scheduler.enable = mkDefault true;
virtualisation.kubernetes.controllerManager.enable = mkDefault true;
services.kubernetes.apiserver.enable = mkDefault true;
services.kubernetes.scheduler.enable = mkDefault true;
services.kubernetes.controllerManager.enable = mkDefault true;
})
(mkIf (any (el: el == "node") cfg.roles) {
virtualisation.docker.enable = mkDefault true;
virtualisation.kubernetes.kubelet.enable = mkDefault true;
virtualisation.kubernetes.proxy.enable = mkDefault true;
services.kubernetes.kubelet.enable = mkDefault true;
services.kubernetes.proxy.enable = mkDefault true;
})
(mkIf (any (el: el == "node" || el == "master") cfg.roles) {
@ -443,6 +442,8 @@ in {
cfg.kubelet.enable ||
cfg.proxy.enable
) {
services.kubernetes.package = mkDefault pkgs.kubernetes;
environment.systemPackages = [ cfg.package ];
users.extraUsers = singleton {

4
nixos/modules/services/desktops/gnome3/gvfs.nix
View File

@ -1,6 +1,6 @@
# gvfs backends
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
with lib;
@ -37,6 +37,8 @@ in
services.dbus.packages = [ gnome3.gvfs ];
services.udev.packages = [ pkgs.libmtp ];
};
}

0
nixos/modules/services/hardware/80-net-name-slot.rules → nixos/modules/services/hardware/80-net-setup-link.rules
View File

2
nixos/modules/services/hardware/udev.nix
View File

@ -88,7 +88,7 @@ let
done
${optionalString config.networking.usePredictableInterfaceNames ''
cp ${./80-net-name-slot.rules} $out/80-net-name-slot.rules
cp ${./80-net-setup-link.rules} $out/80-net-setup-link.rules
''}
# If auto-configuration is disabled, then remove

2
nixos/modules/services/misc/autofs.nix
View File

@ -84,7 +84,7 @@ in
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
path = [ pkgs.nfsUtils pkgs.sshfsFuse ];
path = [ pkgs.nfs-utils pkgs.sshfsFuse ];
preStop =
''

21
nixos/modules/services/misc/mesos-master.nix
View File

@ -4,11 +4,11 @@ with lib;
let
cfg = config.services.mesos.master;
in {
options.services.mesos = {
master = {
enable = mkOption {
description = "Whether to enable the Mesos Master.";
@ -31,36 +31,36 @@ in {
'';
type = types.str;
};
workDir = mkOption {
description = "The Mesos work directory.";
default = "/var/lib/mesos/master";
type = types.str;
};
extraCmdLineOptions = mkOption {
description = ''
Extra command line options for Mesos Master.
See https://mesos.apache.org/documentation/latest/configuration/
'';
default = [ "" ];
type = types.listOf types.string;
example = [ "--credentials=VALUE" ];
};
quorum = mkOption {
description = ''
The size of the quorum of replicas when using 'replicated_log' based
registry. It is imperative to set this value to be a majority of
masters i.e., quorum > (number of masters)/2.
If 0 will fall back to --registry=in_memory.
'';
default = 0;
type = types.int;
};
logLevel = mkOption {
description = ''
The logging level used. Possible values:
@ -86,11 +86,12 @@ in {
${pkgs.mesos}/bin/mesos-master \
--port=${toString cfg.port} \
--zk=${cfg.zk} \
${if cfg.quorum == 0 then "--registry=in_memory" else "--registry=replicated_log --quorum=${cfg.quorum}"} \
${if cfg.quorum == 0 then "--registry=in_memory" else "--registry=replicated_log --quorum=${toString cfg.quorum}"} \
--work_dir=${cfg.workDir} \
--logging_level=${cfg.logLevel} \
${toString cfg.extraCmdLineOptions}
'';
Restart = "on-failure";
PermissionsStartOnly = true;
};
preStart = ''
@ -98,6 +99,6 @@ in {
'';
};
};
}

18
nixos/modules/services/misc/mesos-slave.nix
View File

@ -4,7 +4,7 @@ with lib;
let
cfg = config.services.mesos.slave;
in {
options.services.mesos = {
@ -29,30 +29,30 @@ in {
'';
type = types.str;
};
withHadoop = mkOption {
description = "Add the HADOOP_HOME to the slave.";
default = false;
type = types.bool;
};
workDir = mkOption {
description = "The Mesos work directory.";
default = "/var/lib/mesos/slave";
type = types.str;
};
extraCmdLineOptions = mkOption {
description = ''
Extra command line options for Mesos Slave.
See https://mesos.apache.org/documentation/latest/configuration/
'';
default = [ "" ];
type = types.listOf types.string;
example = [ "--gc_delay=3days" ];
};
logLevel = mkOption {
description = ''
The logging level used. Possible values:
@ -72,6 +72,7 @@ in {
description = "Mesos Slave";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
environment.MESOS_CONTAINERIZERS = "docker,mesos";
serviceConfig = {
ExecStart = ''
${pkgs.mesos}/bin/mesos-slave \
@ -80,6 +81,7 @@ in {
${optionalString cfg.withHadoop "--hadoop-home=${pkgs.hadoop}"} \
--work_dir=${cfg.workDir} \
--logging_level=${cfg.logLevel} \
--docker=${pkgs.docker}/libexec/docker/docker \
${toString cfg.extraCmdLineOptions}
'';
PermissionsStartOnly = true;
@ -89,5 +91,5 @@ in {
'';
};
};
}
}

2
nixos/modules/services/misc/nix-daemon.nix
View File

@ -225,7 +225,7 @@ in
binaryCaches = mkOption {
type = types.listOf types.str;
default = [ http://cache.nixos.org/ ];
default = [ https://cache.nixos.org/ ];
description = ''
List of binary cache URLs used to obtain pre-built binaries
of Nix packages.

41
nixos/modules/services/misc/synergy.nix
View File

@ -81,27 +81,26 @@ in
###### implementation
config = {
systemd.services."synergy-client" = {
enable = cfgC.enable;
after = [ "network.target" ];
description = "Synergy client";
wantedBy = optional cfgC.autoStart "multi-user.target";
path = [ pkgs.synergy ];
serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergyc -f ${optionalString (cfgC.screenName != "") "-n ${cfgC.screenName}"} ${cfgC.serverAddress}'';
};
systemd.services."synergy-server" = {
enable = cfgS.enable;
after = [ "network.target" ];
description = "Synergy server";
wantedBy = optional cfgS.autoStart "multi-user.target";
path = [ pkgs.synergy ];
serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergys -c ${cfgS.configFile} -f ${optionalString (cfgS.address != "") "-a ${cfgS.address}"} ${optionalString (cfgS.screenName != "") "-n ${cfgS.screenName}" }'';
};
};
config = mkMerge [
(mkIf cfgC.enable {
systemd.services."synergy-client" = {
after = [ "network.target" ];
description = "Synergy client";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.synergy ];
serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergyc -f ${optionalString (cfgC.screenName != "") "-n ${cfgC.screenName}"} ${cfgC.serverAddress}'';
};
})
(mkIf cfgS.enable {
systemd.services."synergy-server" = {
after = [ "network.target" ];
description = "Synergy server";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.synergy ];
serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergys -c ${cfgS.configFile} -f ${optionalString (cfgS.address != "") "-a ${cfgS.address}"} ${optionalString (cfgS.screenName != "") "-n ${cfgS.screenName}" }'';
};
})
];
}

6
nixos/modules/services/monitoring/bosun.nix
View File

@ -30,7 +30,6 @@ in {
package = mkOption {
type = types.package;
default = pkgs.bosun;
example = literalExample "pkgs.bosun";
description = ''
bosun binary to use.
@ -94,8 +93,9 @@ in {
};
config = mkIf config.services.bosun.enable {
config = mkIf cfg.enable {
services.bosun.package = mkDefault pkgs.bosun;
systemd.services.bosun = {
description = "bosun metrics collector (part of Bosun)";

8
nixos/modules/services/network-filesystems/nfsd.nix
View File

@ -86,7 +86,7 @@ in
boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd
environment.systemPackages = [ pkgs.nfsUtils ];
environment.systemPackages = [ pkgs.nfs-utils ];
environment.etc = singleton
{ source = exports;
@ -104,7 +104,7 @@ in
after = [ "rpcbind.service" "mountd.service" "idmapd.service" ];
before = [ "statd.service" ];
path = [ pkgs.nfsUtils ];
path = [ pkgs.nfs-utils ];
script =
''
@ -131,7 +131,7 @@ in
requires = [ "rpcbind.service" ];
after = [ "rpcbind.service" ];
path = [ pkgs.nfsUtils pkgs.sysvtools pkgs.utillinux ];
path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ];
preStart =
''
@ -157,7 +157,7 @@ in
serviceConfig.Type = "forking";
serviceConfig.ExecStart = ''
@${pkgs.nfsUtils}/sbin/rpc.mountd rpc.mountd \
@${pkgs.nfs-utils}/sbin/rpc.mountd rpc.mountd \
${if cfg.mountdPort != null then "-p ${toString cfg.mountdPort}" else ""}
'';
serviceConfig.Restart = "always";

49
nixos/modules/services/networking/consul.nix
View File

@ -8,7 +8,6 @@ let
configOptions = {
data_dir = dataDir;
rejoin_after_leave = true;
}
// (if cfg.webUi then { ui_dir = "${pkgs.consul.ui}"; } else { })
// cfg.extraConfig;
@ -41,6 +40,35 @@ in
'';
};
leaveOnStop = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, causes a leave action to be sent when closing consul.
This allows a clean termination of the node, but permanently removes
it from the cluster. You probably don't want this option unless you
are running a node which going offline in a permanent / semi-permanent
fashion.
'';
};
joinNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
A list of addresses of nodes which should be joined at startup if the
current node is in a left state.
'';
};
joinRetries = mkOption {
type = types.int;
default = 10;
description = ''
The number of times to retry connecting to the join nodes.
'';
};
interface = {
advertise = mkOption {
@ -119,13 +147,14 @@ in
serviceConfig = {
ExecStart = "@${pkgs.consul}/bin/consul consul agent"
+ concatMapStrings (n: " -config-file ${n}") configFiles;
ExecStop = "${pkgs.consul}/bin/consul leave";
ExecReload = "${pkgs.consul}/bin/consul reload";
PermissionsStartOnly = true;
User = if cfg.dropPrivileges then "consul" else null;
};
} // (optionalAttrs (cfg.leaveOnStop) {
ExecStop = "${pkgs.consul}/bin/consul leave";
});
path = with pkgs; [ iproute gnugrep gawk ];
path = with pkgs; [ iproute gnugrep gawk consul ];
preStart = ''
mkdir -m 0700 -p ${dataDir}
chown -R consul ${dataDir}
@ -160,6 +189,18 @@ in
echo " \"\": \"\"" >> /etc/consul-addrs.json
echo "}" >> /etc/consul-addrs.json
'';
postStart = ''
# Issues joins to nodes which we statically connect to
${flip concatMapStrings cfg.joinNodes (addr: ''
for i in {0..${toString cfg.joinRetries}}; do
# Try to join the other nodes ${toString cfg.joinRetries} times before failing
consul join "${addr}" && break
sleep 1
done &
'')}
wait
exit 0
'';
};
};

5
nixos/modules/services/networking/firewall.nix
View File

@ -458,8 +458,9 @@ in
systemd.services.firewall = {
description = "Firewall";
wantedBy = [ "network.target" ];
after = [ "network-interfaces.target" "systemd-modules-load.service" ];
wantedBy = [ "network-pre.target" ];
before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
path = [ pkgs.iptables ];

2
nixos/modules/services/networking/tcpcrypt.nix
View File

@ -44,6 +44,8 @@ in
path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ];
preStart = ''
mkdir -p /var/run/tcpcryptd
chown tcpcryptd /var/run/tcpcryptd
sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state
sysctl -w net.ipv4.tcp_ecn=0

2
nixos/modules/services/networking/unifi.nix
View File

@ -48,6 +48,7 @@ in
systemd.mounts = map ({ what, where }: {
bindsTo = [ "unifi.service" ];
partOf = [ "unifi.service" ];
unitConfig.RequiresMountsFor = stateDir;
options = "bind";
what = what;
where = where;
@ -59,6 +60,7 @@ in
after = [ "network.target" ] ++ systemdMountPoints;
partOf = systemdMountPoints;
bindsTo = systemdMountPoints;
unitConfig.RequiresMountsFor = stateDir;
preStart = ''
# Ensure privacy of state

54
nixos/modules/services/scheduling/chronos.nix Normal file
View File

@ -0,0 +1,54 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.chronos;
in {
###### interface
options.services.chronos = {
enable = mkOption {
description = "Whether to enable graphite web frontend.";
default = false;
type = types.uniq types.bool;
};
httpPort = mkOption {
description = "Chronos listening port";
default = 8080;
type = types.int;
};
master = mkOption {
description = "Chronos mesos master zookeeper address";
default = "zk://${head cfg.zookeeperHosts}/mesos";
type = types.str;
};
zookeeperHosts = mkOption {
description = "Chronos mesos zookepper addresses";
default = [ "localhost:2181" ];
type = types.listOf types.str;
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.chronos = {
description = "Chronos Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "zookeeper.service" ];
serviceConfig = {
ExecStart = "${pkgs.chronos}/bin/chronos --master ${cfg.master} --zk_hosts ${concatStringsSep "," cfg.zookeeperHosts} --http_port ${toString cfg.httpPort}";
User = "chronos";
};
};
users.extraUsers.chronos.uid = config.ids.uids.chronos;
};
}

393
nixos/modules/services/security/tor.nix
View File

@ -3,120 +3,116 @@
with lib;
let
inherit (pkgs) tor privoxy;
stateDir = "/var/lib/tor";
privoxyDir = stateDir+"/privoxy";
cfg = config.services.tor;
torDirectory = "/var/lib/tor";
torUser = "tor";
opt = name: value: optionalString (value != null) "${name} ${value}";
optint = name: value: optionalString (value != 0) "${name} ${toString value}";
opt = name: value: if value != "" then "${name} ${value}" else "";
optint = name: value: if value != 0 then "${name} ${toString value}" else "";
torRc = ''
User tor
DataDirectory ${torDirectory}
${optint "ControlPort" cfg.controlPort}
''
# Client connection config
+ optionalString cfg.client.enable ''
SOCKSPort ${cfg.client.socksListenAddress}
${opt "SocksPolicy" cfg.client.socksPolicy}
''
# Relay config
+ optionalString cfg.relay.enable ''
ORPort ${cfg.relay.portSpec}
${opt "Nickname" cfg.relay.nickname}
${opt "ContactInfo" cfg.relay.contactInfo}
${optint "RelayBandwidthRate" cfg.relay.bandwidthRate}
${optint "RelayBandwidthBurst" cfg.relay.bandwidthBurst}
${opt "AccountingMax" cfg.relay.accountingMax}
${opt "AccountingStart" cfg.relay.accountingStart}
${if cfg.relay.isExit then
opt "ExitPolicy" cfg.relay.exitPolicy
else
"ExitPolicy reject *:*"}
${optionalString cfg.relay.isBridge ''
BridgeRelay 1
ServerTransportPlugin obfs2,obfs3 exec ${pkgs.pythonPackages.obfsproxy}/bin/obfsproxy managed
''}
''
+ cfg.extraConfig;
torRcFile = pkgs.writeText "torrc" torRc;
in
{
###### interface
options = {
services.tor = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the Tor daemon. By default, the daemon is run without
relay, exit, bridge or client connectivity.
'';
};
config = mkOption {
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra configuration. Contents will be added verbatim to the
configuration file.
configuration file at the end.
'';
};
controlPort = mkOption {
type = types.int;
default = 0;
example = 9051;
description = ''
If set, Tor will accept connections on the specified port
and allow them to control the tor process.
'';
};
client = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Tor daemon to route application connections.
You might want to disable this if you plan running a dedicated Tor relay.
Whether to enable Tor daemon to route application
connections. You might want to disable this if you plan
running a dedicated Tor relay.
'';
};
socksListenAddress = mkOption {
type = types.str;
default = "127.0.0.1:9050";
example = "192.168.0.1:9100";
description = ''
Bind to this address to listen for connections from Socks-speaking
applications.
'';
};
socksListenAddressFaster = mkOption {
default = "127.0.0.1:9063";
description = ''
Same as socksListenAddress but uses weaker circuit isolation to provide
performance suitable for a web browser.
Bind to this address to listen for connections from
Socks-speaking applications.
'';
};
socksPolicy = mkOption {
default = "";
type = types.nullOr types.str;
default = null;
example = "accept 192.168.0.0/16, reject *";
description = ''
Entry policies to allow/deny SOCKS requests based on IP address.
First entry that matches wins. If no SocksPolicy is set, we accept
all (and only) requests from SocksListenAddress.
Entry policies to allow/deny SOCKS requests based on IP
address. First entry that matches wins. If no SocksPolicy
is set, we accept all (and only) requests from
SocksListenAddress.
'';
};
privoxy = {
enable = mkOption {
default = true;
description = ''
Whether to enable a special instance of privoxy dedicated to Tor.
To have anonymity, protocols need to be scrubbed of identifying
information.
Most people using Tor want to anonymize their web traffic, so by
default we enable an special instance of privoxy specifically for
Tor.
However, if you are only going to use Tor only for other kinds of
traffic then you can disable this option.
'';
};
listenAddress = mkOption {
default = "127.0.0.1:8118";
description = ''
Address that Tor's instance of privoxy is listening to.
*This does not configure the standard NixOS instance of privoxy.*
This is for Tor connections only!
See services.privoxy.listenAddress to configure the standard NixOS
instace of privoxy.
'';
};
config = mkOption {
default = "";
description = ''
Extra configuration for Tor's instance of privoxy. Contents will be
added verbatim to the configuration file.
*This does not configure the standard NixOS instance of privoxy.*
This is for Tor connections only!
See services.privoxy.extraConfig to configure the standard NixOS
instace of privoxy.
'';
};
};
};
relay = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable relaying TOR traffic for others.
@ -126,16 +122,19 @@ in
};
isBridge = mkOption {
type = types.bool;
default = false;
description = ''
Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
main directory. Since there is no complete public list of them, even if an
ISP is filtering connections to all the known Tor relays, they probably
Bridge relays (or "bridges") are Tor relays that aren't
listed in the main directory. Since there is no complete
public list of them, even if an ISP is filtering
connections to all the known Tor relays, they probably
won't be able to block all the bridges.
A bridge relay can't be an exit relay.
You need to set relay.enable to true for this option to take effect.
You need to set relay.enable to true for this option to
take effect.
The bridge is set up with an obfuscated transport proxy.
@ -144,25 +143,72 @@ in
};
isExit = mkOption {
type = types.bool;
default = false;
description = ''
An exit relay allows Tor users to access regular Internet services.
An exit relay allows Tor users to access regular Internet
services.
Unlike running a non-exit relay, running an exit relay may expose
you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info.
Unlike running a non-exit relay, running an exit relay may
expose you to abuse complaints. See
https://www.torproject.org/faq.html.en#ExitPolicies for
more info.
You can specify which services Tor users may access via your exit relay using exitPolicy option.
You can specify which services Tor users may access via
your exit relay using exitPolicy option.
'';
};
nickname = mkOption {
type = types.str;
default = "anonymous";
description = ''
A unique handle for your TOR relay.
'';
};
contactInfo = mkOption {
type = types.nullOr types.str;
default = null;
example = "admin@relay.com";
description = ''
Contact information for the relay owner (e.g. a mail
address and GPG key ID).
'';
};
accountingMax = mkOption {
type = types.nullOr types.str;
default = null;
example = "450 GBytes";
description = ''
Specify maximum bandwidth allowed during an accounting
period. This allows you to limit overall tor bandwidth
over some time period. See the
<literal>AccountingMax</literal> option by looking at the
tor manual (<literal>man tor</literal>) for more.
Note this limit applies individually to upload and
download; if you specify <literal>"500 GBytes"</literal>
here, then you may transfer up to 1 TBytes of overall
bandwidth (500 GB upload, 500 GB download).
'';
};
accountingStart = mkOption {
type = types.nullOr types.str;
default = null;
example = "month 1 1:00";
description = ''
Specify length of an accounting period. This allows you to
limit overall tor bandwidth over some time period. See the
<literal>AccountingStart</literal> option by looking at
the tor manual (<literal>man tor</literal>) for more.
'';
};
bandwidthRate = mkOption {
type = types.int;
default = 0;
example = 100;
description = ''
@ -172,6 +218,7 @@ in
};
bandwidthBurst = mkOption {
type = types.int;
default = cfg.relay.bandwidthRate;
example = 200;
description = ''
@ -181,143 +228,99 @@ in
'';
};
port = mkOption {
default = 9001;
portSpec = mkOption {
type = types.str;
example = "143";
description = ''
What port to advertise for Tor connections.
'';
};
What port to advertise for Tor connections. This corresponds
to the <literal>ORPort</literal> section in the Tor manual; see
<literal>man tor</literal> for more details.
listenAddress = mkOption {
default = "";
example = "0.0.0.0:9090";
description = ''
Set this if you need to listen on a port other than the one advertised
in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do
ipchains or other port forwsarding yourself to make this work.
At a minimum, you should just specify the port for the
relay to listen on; a common one like 143, 22, 80, or 443
to help Tor users who may have very restrictive port-based
firewalls.
'';
};
exitPolicy = mkOption {
default = "";
type = types.nullOr types.str;
default = null;
example = "accept *:6660-6667,reject *:*";
description = ''
A comma-separated list of exit policies. They're considered first
to last, and the first match wins. If you want to _replace_
the default exit policy, end this with either a reject *:* or an
accept *:*. Otherwise, you're _augmenting_ (prepending to) the
default exit policy. Leave commented to just use the default, which is
available in the man page or at https://www.torproject.org/documentation.html
A comma-separated list of exit policies. They're
considered first to last, and the first match wins. If you
want to _replace_ the default exit policy, end this with
either a reject *:* or an accept *:*. Otherwise, you're
_augmenting_ (prepending to) the default exit
policy. Leave commented to just use the default, which is
available in the man page or at
https://www.torproject.org/documentation.html
Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
for issues you might encounter if you use the default exit policy.
If certain IPs and ports are blocked externally, e.g. by your firewall,
you should update your exit policy to reflect this -- otherwise Tor
users will be told that those destinations are down.
If certain IPs and ports are blocked externally, e.g. by
your firewall, you should update your exit policy to
reflect this -- otherwise Tor users will be told that
those destinations are down.
'';
};
};
};
};
###### implementation
config = mkIf (cfg.client.enable || cfg.relay.enable) {
config = mkIf cfg.enable {
assertions = singleton
{ assertion = cfg.relay.enable -> !(cfg.relay.isBridge && cfg.relay.isExit);
message = "Can't be both an exit and a bridge relay at the same time";
{ message = "Can't be both an exit and a bridge relay at the same time";
assertion =
cfg.relay.enable -> !(cfg.relay.isBridge && cfg.relay.isExit);
};
users.extraUsers = singleton
{ name = torUser;
uid = config.ids.uids.tor;
description = "Tor daemon user";
home = stateDir;
users.extraGroups.tor.gid = config.ids.gids.tor;
users.extraUsers.tor =
{ description = "Tor Daemon User";
createHome = true;
home = torDirectory;
group = "tor";
uid = config.ids.uids.tor;
};
jobs = {
tor = { name = "tor";
systemd.services.tor =
{ description = "Tor Daemon";
path = [ pkgs.tor ];
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartTriggers = [ torRcFile ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${torUser} ${stateDir}
'';
exec = "${tor}/bin/tor -f ${pkgs.writeText "torrc" cfg.config}";
}; }
// optionalAttrs (cfg.client.privoxy.enable && cfg.client.enable) {
torPrivoxy = { name = "tor-privoxy";
# Translated from the upstream contrib/dist/tor.service.in
serviceConfig =
{ Type = "simple";
ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillSignal = "SIGINT";
TimeoutSec = 30;
Restart = "on-failure";
LimitNOFILE = 32768;
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
preStart = ''
mkdir -m 0755 -p ${privoxyDir}
chown ${torUser} ${privoxyDir}
'';
exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.client.privoxy.config}";
}; };
services.tor.config = ''
DataDirectory ${stateDir}
User ${torUser}
''
+ optionalString cfg.client.enable ''
SOCKSPort ${cfg.client.socksListenAddress} IsolateDestAddr
SOCKSPort ${cfg.client.socksListenAddressFaster}
${opt "SocksPolicy" cfg.client.socksPolicy}
''
+ optionalString cfg.relay.enable ''
ORPort ${toString cfg.relay.port}
${opt "ORListenAddress" cfg.relay.listenAddress }
${opt "Nickname" cfg.relay.nickname}
${optint "RelayBandwidthRate" cfg.relay.bandwidthRate}
${optint "RelayBandwidthBurst" cfg.relay.bandwidthBurst}
${if cfg.relay.isExit then opt "ExitPolicy" cfg.relay.exitPolicy else "ExitPolicy reject *:*"}
${if cfg.relay.isBridge then ''
BridgeRelay 1
ServerTransportPlugin obfs2,obfs3 exec ${pkgs.pythonPackages.obfsproxy}/bin/obfsproxy managed
'' else ""}
'';
services.tor.client.privoxy.config = ''
# Generally, this file goes in /etc/privoxy/config
#
# Tor listens as a SOCKS4a proxy here:
forward-socks4a / ${cfg.client.socksListenAddressFaster} .
confdir ${privoxy}/etc
logdir ${privoxyDir}
# actionsfile standard # Internal purpose, recommended
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
# Don't log interesting things, only startup messages, warnings and errors
logfile logfile
#jarfile jarfile
#debug 0 # show each GET/POST/CONNECT request
debug 4096 # Startup banner and warnings
debug 8192 # Errors - *we highly recommended enabling this*
user-manual ${privoxy}/doc/privoxy/user-manual
listen-address ${cfg.client.privoxy.listenAddress}
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
buffer-limit 4096
# Extra config goes here
'';
# Hardening
# Note: DevicePolicy is set to 'closed', although the
# minimal permissions are really:
# DeviceAllow /dev/null rw
# DeviceAllow /dev/urandom r
# .. but we can't specify DeviceAllow multiple times. 'closed'
# is close enough.
PrivateTmp = "yes";
DevicePolicy = "closed";
InaccessibleDirectories = "/home";
ReadOnlyDirectories = "/";
ReadWriteDirectories = torDirectory;
NoNewPrivileges = "yes";
};
};
environment.systemPackages = [ pkgs.tor ];
};
}

69
nixos/modules/services/security/torify.nix
View File

@ -1,69 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tor;
torify = pkgs.writeTextFile {
name = "torify";
text = ''
#!${pkgs.stdenv.shell}
TSOCKS_CONF_FILE=${pkgs.writeText "tsocks.conf" cfg.torify.config} LD_PRELOAD="${pkgs.tsocks}/lib/libtsocks.so $LD_PRELOAD" "$@"
'';
executable = true;
destination = "/bin/torify";
};
in
{
###### interface
options = {
services.tor.torify = {
enable = mkOption {
default = cfg.client.enable;
description = ''
Whether to build torify scipt to relay application traffic via TOR.
'';
};
server = mkOption {
default = "localhost:9050";
example = "192.168.0.20";
description = ''
IP address of TOR client to use.
'';
};
config = mkOption {
default = "";
description = ''
Extra configuration. Contents will be added verbatim to TSocks
configuration file.
'';
};
};
};
###### implementation
config = mkIf cfg.torify.enable {
environment.systemPackages = [ torify ]; # expose it to the users
services.tor.torify.config = ''
server = ${toString(head (splitString ":" cfg.torify.server))}
server_port = ${toString(tail (splitString ":" cfg.torify.server))}
local = 127.0.0.0/255.128.0.0
local = 127.128.0.0/255.192.0.0
'';
};
}

115
nixos/modules/services/security/torsocks.nix
View File

@ -1,85 +1,100 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tor.torsocks;
optionalNullStr = b: v: optionalString (b != null) v;
cfg = config.services.tor;
configFile = ''
TorAddress ${toString (head (splitString ":" cfg.server))}
TorPort ${toString (tail (splitString ":" cfg.server))}
makeConfig = server: ''
server = ${toString(head (splitString ":" server))}
server_port = ${toString(tail (splitString ":" server))}
OnionAddrRange ${cfg.onionAddrRange}
local = 127.0.0.0/255.128.0.0
local = 127.128.0.0/255.192.0.0
local = 169.254.0.0/255.255.0.0
local = 172.16.0.0/255.240.0.0
local = 192.168.0.0/255.255.0.0
${optionalNullStr cfg.socks5Username
"SOCKS5Username ${cfg.socks5Username}"}
${optionalNullStr cfg.socks5Password
"SOCKS5Password ${cfg.socks5Password}"}
${cfg.torsocks.config}
'';
makeTorsocks = name: server: pkgs.writeTextFile {
name = name;
text = ''
#!${pkgs.stdenv.shell}
TORSOCKS_CONF_FILE=${pkgs.writeText "torsocks.conf" (makeConfig server)} LD_PRELOAD="${pkgs.torsocks}/lib/torsocks/libtorsocks.so $LD_PRELOAD" "$@"
'';
executable = true;
destination = "/bin/${name}";
};
torsocks = makeTorsocks "torsocks" cfg.torsocks.server;
torsocksFaster = makeTorsocks "torsocks-faster" cfg.torsocks.serverFaster;
AllowInbound ${if cfg.allowInbound then "1" else "0"}
'';
in
{
###### interface
options = {
services.tor.torsocks = {
enable = mkOption {
default = cfg.client.enable;
type = types.bool;
default = false;
description = ''
Whether to build torsocks scipt to relay application traffic via TOR.
Whether to build <literal>/etc/tor/torsocks.conf</literal>
containing the specified global torsocks configuration.
'';
};
server = mkOption {
default = cfg.client.socksListenAddress;
example = "192.168.0.20:9050";
type = types.str;
default = "127.0.0.1:9050";
example = "192.168.0.20:1234";
description = ''
IP address of TOR client to use.
IP/Port of the Tor SOCKS server. Currently, hostnames are
NOT supported by torsocks.
'';
};
serverFaster = mkOption {
default = cfg.client.socksListenAddressFaster;
example = "192.168.0.20:9063";
onionAddrRange = mkOption {
type = types.str;
default = "127.42.42.0/24";
description = ''
IP address of TOR client to use for applications like web browsers which
need less circuit isolation to achive satisfactory performance.
Tor hidden sites do not have real IP addresses. This
specifies what range of IP addresses will be handed to the
application as "cookies" for .onion names. Of course, you
should pick a block of addresses which you aren't going to
ever need to actually connect to. This is similar to the
MapAddress feature of the main tor daemon.
'';
};
config = mkOption {
default = "";
socks5Username = mkOption {
type = types.nullOr types.str;
default = null;
example = "bob";
description = ''
Extra configuration. Contents will be added verbatim to torsocks
configuration file.
SOCKS5 username. The <literal>TORSOCKS_USERNAME</literal>
environment variable overrides this option if it is set.
'';
};
socks5Password = mkOption {
type = types.nullOr types.str;
default = null;
example = "sekret";
description = ''
SOCKS5 password. The <literal>TORSOCKS_PASSWORD</literal>
environment variable overrides this option if it is set.
'';
};
allowInbound = mkOption {
type = types.bool;
default = false;
description = ''
Set Torsocks to accept inbound connections. If set to
<literal>true</literal>, listen() and accept() will be
allowed to be used with non localhost address.
'';
};
};
};
###### implementation
config = mkIf cfg.torsocks.enable {
environment.systemPackages = [ torsocks torsocksFaster ]; # expose it to the users
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.torsocks ];
environment.etc =
[ { source = pkgs.writeText "torsocks.conf" configFile;
target = "tor/torsocks.conf";
}
];
};
}

63
nixos/modules/services/torrent/peerflix.nix Normal file
View File

@ -0,0 +1,63 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.peerflix;
configFile = pkgs.writeText "peerflix-config.json" ''
{
"connections": 50,
"tmp": "${cfg.downloadDir}"
}
'';
in {
###### interface
options.services.peerflix = {
enable = mkOption {
description = "Whether to enable peerflix service.";
default = false;
type = types.uniq types.bool;
};
stateDir = mkOption {
description = "Peerflix state directory.";
default = "/var/lib/peerflix";
type = types.path;
};
downloadDir = mkOption {
description = "Peerflix temporary download directory.";
default = "${cfg.stateDir}/torrents";
type = types.path;
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.peerflix = {
description = "Peerflix Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
environment.HOME = cfg.stateDir;
preStart = ''
mkdir -p "${cfg.stateDir}"/{torrents,.config/peerflix-server}
if [ "$(id -u)" = 0 ]; then chown -R peerflix "${cfg.stateDir}"; fi
ln -fs "${configFile}" "${cfg.stateDir}/.config/peerflix-server/config.json"
'';
serviceConfig = {
ExecStart = "${pkgs.nodePackages.peerflix-server}/bin/peerflix-server";
PermissionsStartOnly = true;
User = "peerflix";
};
};
users.extraUsers.peerflix.uid = config.ids.uids.peerflix;
};
}

3
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -23,6 +23,7 @@ in
services.nginx = {
enable = mkOption {
default = false;
type = types.bool;
description = "
Enable the nginx Web Server.
";
@ -70,11 +71,13 @@ in
};
user = mkOption {
type = types.str;
default = "nginx";
description = "User account under which nginx runs.";
};
group = mkOption {
type = types.str;
default = "nginx";
description = "Group account under which nginx runs.";
};

12
nixos/modules/services/x11/display-managers/default.nix
View File

@ -23,6 +23,17 @@ let
pathsToLink = [ "/" ];
};
fontconfig = config.fonts.fontconfig;
xresourcesXft = pkgs.writeText "Xresources-Xft" ''
${optionalString (fontconfig.dpi != 0) ''Xft.dpi: ${fontconfig.dpi}''}
Xft.antialias: ${if fontconfig.antialias then "1" else "0"}
Xft.rgba: ${fontconfig.subpixel.rgba}
Xft.lcdfilter: lcd${fontconfig.subpixel.lcdfilter}
Xft.hinting: ${if fontconfig.hinting.enable then "1" else "0"}
Xft.autohint: ${if fontconfig.hinting.autohint then "1" else "0"}
Xft.hintstyle: hint${fontconfig.hinting.style}
'';
# file provided by services.xserver.displayManager.session.script
xsession = wm: dm: pkgs.writeScript "xsession"
''
@ -79,6 +90,7 @@ let
''}
# Load X defaults.
${xorg.xrdb}/bin/xrdb -merge ${xresourcesXft}
if test -e ~/.Xresources; then
${xorg.xrdb}/bin/xrdb -merge ~/.Xresources
elif test -e ~/.Xdefaults; then

3
nixos/modules/system/boot/loader/grub/install-grub.pl
View File

@ -341,8 +341,9 @@ addEntry("NixOS - Default", $defaultConfig);
$conf .= "$extraEntries\n" unless $extraEntriesBeforeNixOS;
my $grubBootPath = $grubBoot->path;
# extraEntries could refer to @bootRoot@, which we have to substitute
$conf =~ s/\@bootRoot\@/$grubBoot->path/g;
$conf =~ s/\@bootRoot\@/$grubBootPath/g;
# Emit submenus for all system profiles.
sub addProfile {

64
nixos/modules/system/boot/loader/grub/ipxe.nix Normal file
View File

@ -0,0 +1,64 @@
# This module adds a scripted iPXE entry to the GRUB boot menu.
{ config, lib, pkgs, ... }:
with lib;
let
scripts = builtins.attrNames config.boot.loader.grub.ipxe;
grubEntry = name:
''
menuentry "iPXE - ${name}" {
linux16 @bootRoot@/ipxe.lkrn
initrd16 @bootRoot@/${name}.ipxe
}
'';
scriptFile = name:
let
value = builtins.getAttr name config.boot.loader.grub.ipxe;
in
if builtins.typeOf value == "path" then value
else builtins.toFile "${name}.ipxe" value;
in
{
options =
{ boot.loader.grub.ipxe = mkOption {
type = types.attrsOf (types.either types.path types.str);
description =
''
Set of iPXE scripts available for
booting from the GRUB boot menu.
'';
default = { };
example = literalExample ''
{ demo = '''
#!ipxe
dhcp
chain http://boot.ipxe.org/demo/boot.php
''';
};
'';
};
};
config = mkIf (builtins.length scripts != 0) {
boot.loader.grub.extraEntries =
if config.boot.loader.grub.version == 2 then
toString (map grubEntry scripts)
else
throw "iPXE is not supported with GRUB 1.";
boot.loader.grub.extraFiles =
{ "ipxe.lkrn" = "${pkgs.ipxe}/ipxe.lkrn"; }
//
builtins.listToAttrs ( map
(name: { name = name+".ipxe"; value = scriptFile name; })
scripts
);
};
}

32
nixos/modules/system/boot/systemd.nix
View File

@ -36,6 +36,7 @@ let
"graphical.target"
"multi-user.target"
"network.target"
"network-pre.target"
"network-online.target"
"nss-lookup.target"
"nss-user-lookup.target"
@ -347,7 +348,8 @@ let
[Service]
${let env = cfg.globalEnvironment // def.environment;
in concatMapStrings (n:
let s = "Environment=\"${n}=${env.${n}}\"\n";
let s = optionalString (env."${n}" != null)
"Environment=\"${n}=${env.${n}}\"\n";
in if stringLength s >= 2048 then throw "The value of the environment variable ${n} in systemd service ${name}.service is too long." else s) (attrNames env)}
${if def.reloadIfChanged then ''
X-ReloadIfChanged=true
@ -947,6 +949,16 @@ in
systemd.targets.network-online.after = [ "ip-up.target" ];
systemd.targets.network-pre = {
wantedBy = [ "network.target" ];
before = [ "network.target" ];
};
systemd.targets.remote-fs-pre = {
wantedBy = [ "remote-fs.target" ];
before = [ "remote-fs.target" ];
};
systemd.units =
mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets
// mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services
@ -986,6 +998,15 @@ in
users.extraUsers.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
users.extraGroups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
users.extraUsers.systemd-network.uid = config.ids.uids.systemd-network;
users.extraGroups.systemd-network.gid = config.ids.gids.systemd-network;
users.extraUsers.systemd-resolve.uid = config.ids.uids.systemd-resolve;
users.extraGroups.systemd-resolve.gid = config.ids.gids.systemd-resolve;
users.extraUsers.systemd-timesync.uid = config.ids.uids.systemd-timesync;
users.extraGroups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
# Generate timer units for all services that have a startAt value.
systemd.timers =
mapAttrs (name: service:
@ -1021,9 +1042,6 @@ in
}
(mkIf config.systemd.network.enable {
users.extraUsers.systemd-network.uid = config.ids.uids.systemd-network;
users.extraGroups.systemd-network.gid = config.ids.gids.systemd-network;
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
before = [ "network-interfaces.target" ];
@ -1051,9 +1069,6 @@ in
services.timesyncd.enable = mkDefault config.services.ntp.enable;
})
(mkIf config.services.resolved.enable {
users.extraUsers.systemd-resolve.uid = config.ids.uids.systemd-resolve;
users.extraGroups.systemd-resolve.gid = config.ids.gids.systemd-resolve;
systemd.services.systemd-resolved = {
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ];
@ -1065,9 +1080,6 @@ in
'';
})
(mkIf config.services.timesyncd.enable {
users.extraUsers.systemd-timesync.uid = config.ids.uids.systemd-timesync;
users.extraGroups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
systemd.services.systemd-timesyncd = {
wantedBy = [ "sysinit.target" ];
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];

16
nixos/modules/tasks/filesystems/nfs.nix
View File

@ -58,7 +58,7 @@ in
services.rpcbind.enable = true;
system.fsPackages = [ pkgs.nfsUtils ];
system.fsPackages = [ pkgs.nfs-utils ];
boot.extraModprobeConfig = mkIf (cfg.lockdPort != null) ''
options lockd nlm_udpport=${toString cfg.lockdPort} nlm_tcpport=${toString cfg.lockdPort}
@ -71,11 +71,12 @@ in
systemd.services.statd =
{ description = "NFSv3 Network Status Monitor";
path = [ pkgs.nfsUtils pkgs.sysvtools pkgs.utillinux ];
path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ];
wantedBy = [ "multi-user.target" ];
wantedBy = [ "remote-fs-pre.target" ];
before = [ "remote-fs-pre.target" ];
requires = [ "basic.target" "rpcbind.service" ];
after = [ "basic.target" "rpcbind.service" "network.target" ];
after = [ "basic.target" "rpcbind.service" ];
unitConfig.DefaultDependencies = false; # don't stop during shutdown
@ -88,7 +89,7 @@ in
serviceConfig.Type = "forking";
serviceConfig.ExecStart = ''
@${pkgs.nfsUtils}/sbin/rpc.statd rpc.statd --no-notify \
@${pkgs.nfs-utils}/sbin/rpc.statd rpc.statd --no-notify \
${if cfg.statdPort != null then "-p ${toString statdPort}" else ""}
'';
serviceConfig.Restart = "always";
@ -99,7 +100,8 @@ in
path = [ pkgs.sysvtools pkgs.utillinux ];
wantedBy = [ "multi-user.target" ];
wantedBy = [ "remote-fs-pre.target" ];
before = [ "remote-fs-pre.target" ];
requires = [ "rpcbind.service" ];
after = [ "rpcbind.service" ];
@ -115,7 +117,7 @@ in
'';
serviceConfig.Type = "forking";
serviceConfig.ExecStart = "@${pkgs.nfsUtils}/sbin/rpc.idmapd rpc.idmapd -c ${idmapdConfFile}";
serviceConfig.ExecStart = "@${pkgs.nfs-utils}/sbin/rpc.idmapd rpc.idmapd -c ${idmapdConfFile}";
serviceConfig.Restart = "always";
};

26
nixos/modules/tasks/network-interfaces-scripted.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, utils, ... }:
with lib;
with utils;
with lib;
let
@ -54,7 +54,7 @@ in
networkSetup =
{ description = "Networking Setup";
after = [ "network-interfaces.target" ];
after = [ "network-interfaces.target" "network-pre.target" ];
before = [ "network.target" ];
wantedBy = [ "network.target" ];
@ -66,7 +66,7 @@ in
serviceConfig.RemainAfterExit = true;
script =
(optionalString (!config.services.resolved.enable) ''
''
# Set the static DNS configuration, if given.
${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF
${optionalString (cfg.nameservers != [] && cfg.domain != null) ''
@ -77,9 +77,9 @@ in
nameserver ${ns}
'')}
EOF
'') + ''
# Set the default gateway.
${optionalString (cfg.defaultGateway != null) ''
${optionalString (cfg.defaultGateway != null && cfg.defaultGateway != "") ''
# FIXME: get rid of "|| true" (necessary to make it idempotent).
ip route add default via "${cfg.defaultGateway}" ${
optionalString (cfg.defaultGatewayWindowSize != null)
@ -105,7 +105,7 @@ in
wantedBy = [ "network-interfaces.target" ];
before = [ "network-interfaces.target" ];
bindsTo = [ (subsystemDevice i.name) ];
after = [ (subsystemDevice i.name) ];
after = [ (subsystemDevice i.name) "network-pre.target" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.iproute ];
@ -155,7 +155,7 @@ in
createTunDevice = i: nameValuePair "${i.name}-netdev"
{ description = "Virtual Network Interface ${i.name}";
requires = [ "dev-net-tun.device" ];
after = [ "dev-net-tun.device" ];
after = [ "dev-net-tun.device" "network-pre.target" ];
wantedBy = [ "network.target" (subsystemDevice i.name) ];
before = [ "network-interfaces.target" (subsystemDevice i.name) ];
path = [ pkgs.iproute ];
@ -180,7 +180,8 @@ in
{ description = "Bridge Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps;
after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
after = [ "network-pre.target" ] ++ deps
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
@ -214,7 +215,8 @@ in
{ description = "Bond Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps;
after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
after = [ "network-pre.target" ] ++ deps
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
@ -250,7 +252,7 @@ in
{ description = "Vlan Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps;
after = deps;
after = [ "network-pre.target" ] ++ deps;
before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
@ -274,7 +276,7 @@ in
{ description = "6-to-4 Tunnel Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps;
after = deps;
after = [ "network-pre.target" ] ++ deps;
before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
@ -301,7 +303,7 @@ in
{ description = "Vlan Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps;
after = deps;
after = [ "network-pre.target" ] ++ deps;
before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;

2
nixos/modules/tasks/network-interfaces-systemd.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, utils, ... }:
with lib;
with utils;
with lib;
let

4
nixos/modules/tasks/network-interfaces.nix
View File

@ -669,6 +669,7 @@ in
{ description = "All Network Interfaces";
wantedBy = [ "network.target" ];
before = [ "network.target" ];
after = [ "network-pre.target" ];
unitConfig.X-StopOnReconfiguration = true;
};
@ -677,6 +678,7 @@ in
description = "Extra networking commands.";
before = [ "network.target" ];
wantedBy = [ "network.target" ];
after = [ "network-pre.target" ];
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
path = [ pkgs.iproute ];
serviceConfig.Type = "oneshot";
@ -692,7 +694,7 @@ in
wantedBy = [ "network-interfaces.target" ];
before = [ "network-interfaces.target" ];
bindsTo = [ (subsystemDevice i.name) ];
after = [ (subsystemDevice i.name) ];
after = [ (subsystemDevice i.name) "network-pre.target" ];
path = [ pkgs.iproute ];
serviceConfig = {
Type = "oneshot";

60
nixos/modules/virtualisation/docker-image.nix
View File

@ -1,67 +1,19 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
with lib;
let
pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
in {
# Create the tarball
system.build.dockerImage = import ../../lib/make-system-tarball.nix {
inherit (pkgs) stdenv perl xz pathsFromGraph;
contents = [];
extraArgs = "--owner=0";
storeContents = [
{ object = config.system.build.toplevel + "/init";
symlink = "/bin/init";
}
] ++ (pkgs2storeContents [ pkgs.stdenv ]);
};
{
imports = [
../profiles/container.nix
];
boot.postBootCommands =
''
# After booting, register the contents of the Nix store in the Nix
# database.
if [ -f /nix-path-registration ]; then
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Set virtualisation to docker
echo "docker" > /run/systemd/container
echo "docker" > /run/systemd/container
'';
# Docker image config.
imports = [
../installer/cd-dvd/channel.nix
../profiles/minimal.nix
../profiles/clone-config.nix
];
boot.isContainer = true;
# Iptables do not work in Docker.
networking.firewall.enable = false;
services.openssh.enable = true;
# Socket activated ssh presents problem in Docker.
services.openssh.startWhenNeeded = false;
# Allow the user to login as root without password.
users.extraUsers.root.initialHashedPassword = mkOverride 150 "";
# Some more help text.
services.mingetty.helpLine =
''
Log in as "root" with an empty password.
'';
}

4
nixos/modules/virtualisation/docker.nix
View File

@ -7,8 +7,8 @@ with lib;
let
cfg = config.virtualisation.docker;
pro = config.nix.proxy;
proxy_env = optionalAttrs (pro != "") { Environment = "\"http_proxy=${pro}\""; };
pro = config.networking.proxy.default;
proxy_env = optionalAttrs (pro != null) { Environment = "\"http_proxy=${pro}\""; };
in

26
nixos/modules/virtualisation/lxc-container.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
with lib;
{
imports = [
../profiles/container.nix
];
# Allow the user to login as root without password.
users.extraUsers.root.initialHashedPassword = mkOverride 150 "";
# Some more help text.
services.mingetty.helpLine =
''
Log in as "root" with an empty password.
'';
# Containers should be light-weight, so start sshd on demand.
services.openssh.enable = mkDefault true;
services.openssh.startWhenNeeded = mkDefault true;
# Allow ssh connections
networking.firewall.allowedTCPPorts = [ 22 ];
}

9
nixos/release.nix
View File

@ -213,6 +213,12 @@ in rec {
inherit system;
});
# Provide container tarball for lxc, libvirt-lxc, docker-lxc, ...
container_tarball = forAllSystems (system: makeSystemTarball {
module = ./modules/virtualisation/lxc-container.nix;
inherit system;
});
/*
system_tarball_fuloong2f =
assert builtins.currentSystem == "mips64-linux";
@ -239,10 +245,12 @@ in rec {
tests.chromium = callTest tests/chromium.nix {};
tests.cjdns = callTest tests/cjdns.nix {};
tests.containers = callTest tests/containers.nix {};
tests.docker = scrubDrv (import tests/docker.nix { system = "x86_64-linux"; });
tests.dockerRegistry = scrubDrv (import tests/docker-registry.nix { system = "x86_64-linux"; });
tests.etcd = scrubDrv (import tests/etcd.nix { system = "x86_64-linux"; });
tests.firefox = callTest tests/firefox.nix {};
tests.firewall = callTest tests/firewall.nix {};
tests.fleet = scrubDrv (import tests/fleet.nix { system = "x86_64-linux"; });
tests.gnome3 = callTest tests/gnome3.nix {};
tests.installer.grub1 = forAllSystems (system: scrubDrv (import tests/installer.nix { inherit system; }).grub1.test);
tests.installer.lvm = forAllSystems (system: scrubDrv (import tests/installer.nix { inherit system; }).lvm.test);
@ -290,6 +298,7 @@ in rec {
tests.nfs3 = callTest tests/nfs.nix { version = 3; };
tests.nsd = callTest tests/nsd.nix {};
tests.openssh = callTest tests/openssh.nix {};
tests.peerflix = callTest tests/peerflix.nix {};
tests.printing = callTest tests/printing.nix {};
tests.proxy = callTest tests/proxy.nix {};
tests.quake3 = callTest tests/quake3.nix {};

2
nixos/tests/bittorrent.nix
View File

@ -81,7 +81,7 @@ in
# Create the torrent.
$tracker->succeed("mkdir /tmp/data");
$tracker->succeed("cp ${file} /tmp/data/test.tar.bz2");
$tracker->succeed("transmission-create /tmp/data/test.tar.bz2 -t http://${(pkgs.lib.head nodes.tracker.config.networking.interfaces.eth1.ip4).address}:6969/announce -o /tmp/test.torrent");
$tracker->succeed("transmission-create /tmp/data/test.tar.bz2 -p -t http://${(pkgs.lib.head nodes.tracker.config.networking.interfaces.eth1.ip4).address}:6969/announce -o /tmp/test.torrent");
$tracker->succeed("chmod 644 /tmp/test.torrent");
# Start the tracker. !!! use a less crappy tracker

24
nixos/tests/docker.nix Normal file
View File

@ -0,0 +1,24 @@
# This test runs docker and checks if simple container starts
import ./make-test.nix {
name = "docker";
nodes = {
docker =
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
};
};
testScript = ''
startAll;
$docker->waitForUnit("docker.service");
$docker->succeed("tar cv --files-from /dev/null | docker import - scratch");
$docker->succeed("docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratch /bin/sleep 10");
$docker->succeed("docker ps | grep sleeping");
$docker->succeed("docker stop sleeping");
'';
}

73
nixos/tests/fleet.nix Normal file
View File

@ -0,0 +1,73 @@
import ./make-test.nix rec {
name = "simple";
nodes = {
node1 =
{ config, pkgs, ... }:
{
services = {
etcd = {
enable = true;
listenPeerUrls = ["http://0.0.0.0:7001"];
initialAdvertisePeerUrls = ["http://node1:7001"];
initialCluster = ["node1=http://node1:7001" "node2=http://node2:7001"];
};
};
services.fleet = {
enable = true;
metadata.name = "node1";
};
networking.firewall.allowedTCPPorts = [ 7001 ];
};
node2 =
{ config, pkgs, ... }:
{
services = {
etcd = {
enable = true;
listenPeerUrls = ["http://0.0.0.0:7001"];
initialAdvertisePeerUrls = ["http://node2:7001"];
initialCluster = ["node1=http://node1:7001" "node2=http://node2:7001"];
};
};
services.fleet = {
enable = true;
metadata.name = "node2";
};
networking.firewall.allowedTCPPorts = [ 7001 ];
};
};
service = builtins.toFile "hello.service" ''
[Unit]
Description=Hello World
[Service]
ExecStart=/bin/sh -c "while true; do echo \"Hello, world\"; /var/run/current-system/sw/bin/sleep 1; done"
[X-Fleet]
MachineMetadata=name=node2
'';
testScript =
''
startAll;
$node1->waitForUnit("fleet.service");
$node2->waitForUnit("fleet.service");
$node2->waitUntilSucceeds("fleetctl list-machines | grep node1");
$node1->waitUntilSucceeds("fleetctl list-machines | grep node2");
$node1->succeed("cp ${service} hello.service && fleetctl submit hello.service");
$node1->succeed("fleetctl list-unit-files | grep hello");
$node1->succeed("fleetctl start hello.service");
$node1->waitUntilSucceeds("fleetctl list-units | grep running");
$node1->succeed("fleetctl stop hello.service");
$node1->succeed("fleetctl destroy hello.service");
'';
}

15
nixos/tests/installer.nix
View File

@ -29,6 +29,10 @@ let
pkgs.unionfs-fuse
pkgs.gummiboot
];
# Don't use https://cache.nixos.org since the fake
# cache.nixos.org doesn't do https.
nix.binaryCaches = [ http://cache.nixos.org/ ];
}
];
}).config.system.build.isoImage;
@ -38,7 +42,7 @@ let
makeConfig = { testChannel, grubVersion, grubDevice, grubIdentifier
, readOnly ? true, forceGrubReinstallCount ? 0 }:
pkgs.writeText "configuration.nix" ''
{ config, pkgs, modulesPath, ... }:
{ config, lib, pkgs, modulesPath, ... }:
{ imports =
[ ./hardware-configuration.nix
@ -59,6 +63,8 @@ let
${optionalString (!readOnly) "nix.readOnlyStore = false;"}
environment.systemPackages = [ ${optionalString testChannel "pkgs.rlwrap"} ];
nix.binaryCaches = [ http://cache.nixos.org/ ];
}
'';
@ -66,7 +72,7 @@ let
# Configuration of a web server that simulates the Nixpkgs channel
# distribution server.
webserver =
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
@ -185,8 +191,9 @@ let
$machine->succeed("test -e /boot/grub");
# Did the swap device get activated?
$machine->waitForUnit("swap.target");
$machine->succeed("cat /proc/swaps | grep -q /dev");
# uncomment once https://bugs.freedesktop.org/show_bug.cgi?id=86930 is resolved
#$machine->waitForUnit("swap.target");
$machine->waitUntilSucceeds("cat /proc/swaps | grep -q /dev");
# Check whether the channel works.
$machine->succeed("nix-env -i coreutils >&2");

5
nixos/tests/kde4.nix
View File

@ -41,8 +41,7 @@ import ./make-test.nix ({ pkgs, ... }: {
];
};
testScript =
''
testScript = ''
$machine->waitUntilSucceeds("pgrep plasma-desktop");
$machine->waitForWindow(qr/plasma-desktop/);
@ -60,7 +59,7 @@ import ./make-test.nix ({ pkgs, ... }: {
$machine->sleep(10);
$machine->screenshot("screen");
$machine->screenshot("screen");
'';
})

10
nixos/tests/kubernetes.nix
View File

@ -45,10 +45,10 @@ import ./make-test.nix rec {
nodes = {
master =
{ config, pkgs, nodes, ... }:
{ config, pkgs, lib, nodes, ... }:
{
virtualisation.memorySize = 512;
virtualisation.kubernetes = {
services.kubernetes = {
roles = ["master" "node"];
controllerManager.machines = ["master" "node"];
kubelet.extraOpts = "-network_container_image=master:5000/pause";
@ -75,6 +75,7 @@ import ./make-test.nix rec {
ipAddress = "10.10.0.1";
prefixLength = 24;
};
eth2.ip4 = lib.mkOverride 0 [ ];
};
networking.localCommands = ''
ip route add 10.10.0.0/16 dev cbr0
@ -89,9 +90,9 @@ import ./make-test.nix rec {
};
node =
{ config, pkgs, nodes, ... }:
{ config, pkgs, lib, nodes, ... }:
{
virtualisation.kubernetes = {
services.kubernetes = {
roles = ["node"];
kubelet.extraOpts = "-network_container_image=master:5000/pause";
verbose = true;
@ -112,6 +113,7 @@ import ./make-test.nix rec {
ipAddress = "10.10.1.1";
prefixLength = 24;
};
eth2.ip4 = lib.mkOverride 0 [ ];
};
networking.localCommands = ''
ip route add 10.10.0.0/16 dev cbr0

25
nixos/tests/mesos.nix Normal file
View File

@ -0,0 +1,25 @@
import ./make-test.nix {
name = "simple";
machine = { config, pkgs, ... }: {
services.zookeeper.enable = true;
virtualisation.docker.enable = true;
services.mesos = {
slave = {
enable = true;
master = "zk://localhost:2181/mesos";
};
master = {
enable = true;
zk = "zk://localhost:2181/mesos";
};
};
};
testScript =
''
startAll;
$machine->waitForUnit("mesos-master.service");
$machine->waitForUnit("mesos-slave.service");
'';
}

3
nixos/tests/nfs.nix
View File

@ -38,7 +38,8 @@ in
testScript =
''
$server->waitForUnit("nfsd");
$server->waitForUnit("network.target");
$server->succeed("systemctl start network-online.target");
$server->waitForUnit("network-online.target");
startAll;

21
nixos/tests/peerflix.nix Normal file
View File

@ -0,0 +1,21 @@
# This test runs peerflix and checks if peerflix starts
import ./make-test.nix {
name = "peerflix";
nodes = {
peerflix =
{ config, pkgs, ... }:
{
services.peerflix.enable = true;
};
};
testScript = ''
startAll;
$peerflix->waitForUnit("peerflix.service");
$peerflix->waitUntilSucceeds("curl localhost:9000");
'';
}

10
pkgs/applications/audio/cantata/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, cmake
, withQt4 ? true, qt4
, withQt5 ? false, qt5
, withQt4 ? false, qt4
, withQt5 ? true, qt5
# I'm unable to make KDE work here, crashes at runtime so I simply
# make Qt4 the default until someone who wants KDE can figure it out.
@ -39,7 +39,7 @@ assert withOnlineServices -> withTaglib;
assert withReplaygain -> withTaglib;
let
version = "1.5.0";
version = "1.5.1";
pname = "cantata";
fstat = x: fn: "-DENABLE_" + fn + "=" + (if x then "ON" else "OFF");
fstats = x: map (fstat x);
@ -50,8 +50,8 @@ stdenv.mkDerivation rec {
src = fetchurl {
inherit name;
url = "https://drive.google.com/uc?export=download&id=0Bzghs6gQWi60c0pFbEtldEk1UnM";
sha256 = "0gnqfp3ps79d500hrivxj2xkkia042knhg86md6w8ycl3945611p";
url = "https://drive.google.com/uc?export=download&id=0Bzghs6gQWi60UktwaTRMTjRIUW8";
sha256 = "0y7y3nbiqgh1ghb47n4lfyp163wvazvhavlshb1c18ik03fkn5sp";
};
buildInputs =

4
pkgs/applications/audio/easytag/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
name = "easytag-${version}";
version = "2.3.1";
version = "2.3.2";
src = fetchurl {
url = "mirror://gnome/sources/easytag/2.3/${name}.tar.xz";
sha256 = "19cdx4hma4nl38m1zrc3mq9cjg6knw970abk5anhg7cvpc1371s7";
sha256 = "0bj3sj4yzlnhan38j84acs7qv27fl3xy4rdrfq6dnpz4q6qccm84";
};
preFixup = ''

4
pkgs/applications/audio/flac/default.nix
View File

@ -1,11 +1,11 @@
{ stdenv, fetchurl, libogg }:
stdenv.mkDerivation rec {
name = "flac-1.3.0";
name = "flac-1.3.1";
src = fetchurl {
url = "http://downloads.xiph.org/releases/flac/${name}.tar.xz";
sha256 = "1p0hh190kqvpkbk1bbajd81jfbmkyl4fn2i7pggk2zppq6m68bgs";
sha256 = "4773c0099dba767d963fd92143263be338c48702172e8754b9bc5103efe1c56c";
};
buildInputs = [ libogg ];

1
pkgs/applications/audio/gmpc/default.nix
View File

@ -13,6 +13,7 @@ stdenv.mkDerivation rec {
url = http://download.sarine.nl/Programs/gmpc/11.8/libmpd-11.8.17.tar.gz;
sha256 = "10vspwsgr8pwf3qp2bviw6b2l8prgdiswgv7qiqiyr0h1mmk487y";
};
patches = [ ./libmpd-11.8.17-remove-strndup.patch ];
buildInputs = [ pkgconfig glib ];
};

15
pkgs/applications/audio/gmpc/libmpd-11.8.17-remove-strndup.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/src/libmpd-internal.h b/src/libmpd-internal.h
index c84c3a4..51be441 100644
--- a/src/libmpd-internal.h
+++ b/src/libmpd-internal.h
@@ -206,10 +206,6 @@ int mpd_unlock_conn(MpdObj *mi);
MpdData * mpd_misc_sort_tag_list(MpdData *data);
-#ifndef HAVE_STRNDUP
-char * strndup (const char *s, size_t n);
-#endif
-
int mpd_server_get_allowed_commands(MpdObj *mi);
typedef enum _MpdSearchType {
MPD_SEARCH_TYPE_NONE,

4
pkgs/applications/audio/guitarix/default.nix
View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec {
name = "guitarix-${version}";
version = "0.32.0";
version = "0.32.1";
src = fetchurl {
url = "mirror://sourceforge/guitarix/guitarix2-${version}.tar.bz2";
sha256 = "06qxydcba1ga1l19kyqy0mk141mv6pa4wbkyh75xbwhyr65bwkc4";
sha256 = "1sl7ca1lj0wchh3xq7qw3zqrbyyh4r8cwljb9i3yplpsn90d1i3k";
};
buildInputs = [

22
pkgs/applications/audio/ingen/default.nix
View File

@ -1,27 +1,37 @@
{ stdenv, fetchsvn, boost, ganv, glibmm, gtk, gtkmm, jack2, lilv
, lv2, pkgconfig, python, raul, serd, sord, sratom, suil
, lv2, makeWrapper, pkgconfig, python, raul, rdflib, serd, sord, sratom
, suil
}:
stdenv.mkDerivation rec {
name = "ingen-svn-${rev}";
rev = "5464";
rev = "5490";
src = fetchsvn {
url = "http://svn.drobilla.net/lad/trunk/ingen";
rev = rev;
sha256 = "1p5rsxwanpj3kj5yai7zqbharj2ldvn78x3p739vkgpr3dinp506";
sha256 = "09h2mrkzpwzhhyqy21xr7jhfbl82gmqfyj0lzhnjsrab8z56yzk6";
};
buildInputs = [
boost ganv glibmm gtk gtkmm jack2 lilv lv2 pkgconfig python
raul serd sord sratom suil
boost ganv glibmm gtk gtkmm jack2 lilv lv2 makeWrapper pkgconfig
python raul serd sord sratom suil
];
configurePhase = "python waf configure --prefix=$out";
propagatedBuildInputs = [ rdflib ];
buildPhase = "python waf";
installPhase = "python waf install";
installPhase = ''
python waf install
for program in ingenams ingenish
do
wrapProgram $out/bin/$program \
--prefix PYTHONPATH : $out/lib/python${python.majorVersion}/site-packages:$PYTHONPATH
done
'';
meta = with stdenv.lib; {
description = "A modular audio processing system using JACK and LV2 or LADSPA plugins";

47
pkgs/applications/audio/meters_lv2/default.nix Normal file
View File

@ -0,0 +1,47 @@
{ stdenv, fetchurl, pkgconfig
, lv2, mesa, gtk2, cairo, pango, fftw }:
let
version = "0.8.1";
name = "meters.lv2-${version}";
# robtk submodule is pegged to this version
robtkVersion = "0.3.0";
robtkName = "robtk-${robtkVersion}";
src = fetchurl {
name = "${name}.tar.gz";
url = "https://github.com/x42/meters.lv2/archive/v${version}.tar.gz";
sha256 = "142dg0j34mv5b0agajj2x1n9kgsmkfh08n1cjzk0j8n4xk2wb6ri";
};
robtkSrc = fetchurl {
name = "${robtkName}.tar.gz";
url = "https://github.com/x42/robtk/archive/v${robtkVersion}.tar.gz";
sha256 = "1ny89i2sgga56k7fxskp9y8sb7pfhp6wgw5mni842p19z6q7h8rq";
};
in
stdenv.mkDerivation {
inherit name;
buildInputs = [ pkgconfig lv2 mesa gtk2 cairo pango fftw ];
srcs = [ src robtkSrc ];
sourceRoot = name;
postUnpack = "mv ${robtkName}/* ${name}/robtk"; # */
postPatch = "sed -i 's/fftw3f/fftw3/' Makefile";
preConfigure = "makeFlagsArray=( PREFIX=$out )";
meter_VERSION = version;
meta = with stdenv.lib;
{ description = "Collection of audio level meters with GUI in LV2 plugin format";
homepage = http://x42.github.io/meters.lv2/;
maintainers = with maintainers; [ emery ];
license = licenses.gpl2;
platforms = platforms.linux;
};
}

23
pkgs/applications/audio/mopidy-mopify/default.nix Normal file
View File

@ -0,0 +1,23 @@
{ stdenv, fetchurl, pythonPackages, mopidy }:
pythonPackages.buildPythonPackage rec {
name = "mopidy-mopify-${version}";
version = "0.1.6";
src = fetchurl {
url = "https://github.com/dirkgroenen/mopidy-mopify/archive/${version}.tar.gz";
sha256 = "3581de6b0b42d2ece63bc153dcdba0594fbbeaacf695f2cd1e5d199670d83775";
};
propagatedBuildInputs = [ mopidy ];
doCheck = false;
meta = with stdenv.lib; {
homepage = https://github.com/dirkgroenen/mopidy-mopify;
description = "A mopidy webclient based on the Spotify webbased interface.";
license = licenses.gpl3;
maintainers = [ maintainers.Gonzih ];
};
}

4
pkgs/applications/audio/qmmp/default.nix
View File

@ -28,11 +28,11 @@
# handle that.
stdenv.mkDerivation rec {
name = "qmmp-0.7.6";
name = "qmmp-0.8.2";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "1hq08ii06lyfg516jrvxdfcjj509gvglvdlsr96aqi1fh8v4k5p9";
sha256 = "1vwjy3bv1gj6k5kqkhw2q7aspashw6x4lxccl28iydjfzk7d7cd4";
};
buildInputs =

23
pkgs/applications/audio/schismtracker/default.nix Normal file
View File

@ -0,0 +1,23 @@
{ stdenv, fetchurl, alsaLib, python, SDL }:
stdenv.mkDerivation rec {
version = "20120105";
name = "schismtracker-${version}";
src = fetchurl {
url = "http://schismtracker.org/dl/${name}.tar.bz2";
sha256 = "1ny7wv2wxm1av299wvpskall6438wjjpadphmqc7c0h6d0zg5kii";
};
configureFlags = "--enable-dependency-tracking";
buildInputs = [ alsaLib python SDL ];
meta = {
description = "Music tracker application, free reimplementation of Impulse Tracker";
homepage = "http://schismtracker.org/";
license = stdenv.lib.licenses.gpl2;
platforms = [ "x86_64-linux" "i686-linux" ];
maintainers = [ stdenv.lib.maintainers.ftrvxmtrx ];
};
}

22
pkgs/applications/audio/tomahawk/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, cmake, pkgconfig, attica, boost, gnutls, libechonest
, liblastfm, lucenepp, phonon, phonon_backend_vlc, qca2, qjson, qt4, qtkeychain
, quazip, sparsehash, taglib, websocketpp
, liblastfm, lucenepp, phonon, phonon_backend_vlc, qca2, qca2_ossl, qjson, qt4
, qtkeychain, quazip, sparsehash, taglib, websocketpp, makeWrapper
, enableXMPP ? true, libjreen ? null
, enableKDE ? false, kdelibs ? null
@ -15,11 +15,11 @@ let
quazipQt4 = quazip.override { qt = qt4; };
in stdenv.mkDerivation rec {
name = "tomahawk-${version}";
version = "0.8.1";
version = "0.8.2";
src = fetchurl {
url = "http://download.tomahawk-player.org/tomahawk-0.8.1.tar.bz2";
sha256 = "0ca6fah30a2s8nnlryav95wyzhwys1ikjfwakrqf2hb0y5aczdpw";
url = "http://download.tomahawk-player.org/${name}.tar.bz2";
sha256 = "1bmkkpqhflpm42sn6zf7hxv3936h3p0kdiqzmj88jm7qfgw2wbaj";
};
cmakeFlags = [
@ -30,11 +30,21 @@ in stdenv.mkDerivation rec {
buildInputs = [
cmake pkgconfig attica boost gnutls libechonest liblastfm lucenepp phonon
qca2 qjson qt4 qtkeychain quazipQt4 sparsehash taglib websocketpp
makeWrapper
] ++ stdenv.lib.optional enableXMPP libjreen
++ stdenv.lib.optional enableKDE kdelibs
++ stdenv.lib.optional enableTelepathy telepathy_qt;
propagatedBuildInputs = [ phonon_backend_vlc ];
postInstall = let
pluginPath = stdenv.lib.concatStringsSep ":" [
"${phonon_backend_vlc}/lib/kde4/plugins"
"${qca2_ossl}/lib/qt4/plugins"
];
in ''
for i in "$out"/bin/*; do
wrapProgram "$i" --prefix QT_PLUGIN_PATH : "${pluginPath}"
done
'';
enableParallelBuilding = true;

1
pkgs/applications/audio/vimus/default.nix
View File

@ -25,5 +25,6 @@ cabal.mkDerivation (self: {
license = self.stdenv.lib.licenses.mit;
platforms = self.ghc.meta.platforms;
maintainers = with self.stdenv.lib.maintainers; [ jzellner ];
broken = self.stdenv.isLinux && self.stdenv.isi686;
};
})

8
pkgs/applications/audio/yoshimi/default.nix
View File

@ -1,20 +1,20 @@
{ stdenv, fetchurl, alsaLib, boost, cairo, cmake, fftwSinglePrec, fltk
, jack2, libsndfile, mesa, minixml, pkgconfig, zlib, xorg
, jack2, libsndfile, lv2, mesa, minixml, pkgconfig, zlib, xorg
}:
assert stdenv ? glibc;
stdenv.mkDerivation rec {
name = "yoshimi-${version}";
version = "1.2.5";
version = "1.3.0";
src = fetchurl {
url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
sha256 = "0lixrxv0wds3p50kmy9k166qhavdjkhlxs432s248hk43k7n6c1h";
sha256 = "1zxblcl6ffwwzxh3d17hw1mp398b73wk5bsagdmx5gph038gdh7y";
};
buildInputs = [
alsaLib boost cairo fftwSinglePrec fltk jack2 libsndfile mesa
alsaLib boost cairo fftwSinglePrec fltk jack2 libsndfile lv2 mesa
minixml zlib xorg.libpthreadstubs
];

17
pkgs/applications/editors/idea/default.nix
View File

@ -179,6 +179,7 @@ let
buildPycharm = { name, version, build, src, license, description }:
(mkIdeaProduct rec {
inherit name version build src;
patchSnappy = false;
product = "PyCharm";
meta = with stdenv.lib; {
homepage = "https://www.jetbrains.com/pycharm/";
@ -270,25 +271,25 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "3.4.1";
build = "135.1057";
description = "PyCharm 3.4 Community Edition";
version = "4.0.1";
build = "139.574";
description = "PyCharm 4.0 Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "http://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "96427b1e842e7c09141ec4d3ede627c5ca7d821c0d6c98169b56a34f9035ef64";
sha256 = "0jh0sxi5dpgpw7ga018fby7zvb4i9k49vwl8422lfcrgckdz9nv2";
};
};
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "3.4.1";
build = "135.1057";
description = "PyCharm 3.4 Professional Edition";
version = "4.0.1";
build = "139.574";
description = "PyCharm 4.0 Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "http://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "e4f85f3248e8985ac9f8c326543f979b47ba1d7ac6b128a2cf2b3eb8ec545d2b";
sha256 = "04yjhg6vi2kz00sy8zg4wkz26ai90vbp0cnd850ynsab0jsy24w4";
};
};

4
pkgs/applications/graphics/ImageMagick/default.nix
View File

@ -20,7 +20,7 @@
let
version = "6.8.9-8";
version = "6.9.0-0";
arch =
if stdenv.system == "i686-linux" then "i686"
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "mirror://imagemagick/releases/${name}.tar.xz";
sha256 = "1c792hbwi308lm9xkml319xaa4w3bz6hwy6i92jwrm7kqr4h8di7";
sha256 = "1dmrl5x63msdnxsf4cmhz5v4ard2z3jrgp2zhqlb27399j81qcqj";
};
enableParallelBuilding = true;

10
pkgs/applications/graphics/darktable/default.nix
View File

@ -9,12 +9,12 @@
assert stdenv ? glibc;
stdenv.mkDerivation rec {
version = "1.4.2";
version = "1.6.0";
name = "darktable-${version}";
src = fetchurl {
url = "mirror://sourceforge/darktable/darktable/1.2/darktable-${version}.tar.xz";
sha256 = "02875rnabw5m9aqfls59901889iyxkmm4xk445fvh1v06dp1lcf1";
url = "https://github.com/darktable-org/darktable/releases/download/release-${version}/darktable-${version}.tar.xz";
sha256 = "0zjrcd9a73ikn9g8yx9lixz1ifwbmy2vg2ipc24lnkpqhrbb1y1b";
};
buildInputs =
@ -46,9 +46,9 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Virtual lighttable and darkroom for photographers";
homepage = http://darktable.sourceforge.net;
homepage = http://www.darktable.org;
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = [ maintainers.goibhniu maintainers.rickynils ];
maintainers = [ maintainers.goibhniu maintainers.rickynils maintainers.flosse ];
};
}

9
pkgs/applications/graphics/luminance-hdr/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, cmake, fetchurl, pkgconfig, qt5, boost, exiv2, fftwFloat, gsl
{ stdenv, cmake, fetchurl, fetchpatch, pkgconfig, qt5, boost, exiv2, fftwFloat, gsl
, ilmbase, lcms2, libraw, libtiff, openexr
}:
@ -10,6 +10,13 @@ stdenv.mkDerivation rec {
sha256 = "00fldbcizrx8jcnjgq74n3zmbm27dxzl96fxa7q49689mfnlw08l";
};
patches = [(fetchpatch {
name = "fix-qt53-build.diff";
url = "http://anonscm.debian.org/cgit/pkg-phototools/luminance-hdr.git/"
+ "plain/debian/patches/51_qt5_printsupport.diff?id=00c869a860062dac181303f2c03a3513c0e210bc";
sha256 = "0nzvfxd3ybxx61rj6vxcaaxfrsxrl9af3h8jj7pr3rncisnl9gkl";
})];
NIX_CFLAGS_COMPILE = "-I${ilmbase}/include/OpenEXR";
buildInputs = [ qt5 boost exiv2 fftwFloat gsl ilmbase lcms2 libraw libtiff openexr ];

4
pkgs/applications/graphics/sxiv/default.nix
View File

@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = "https://github.com/muennich/sxiv.git";
rev = "54af451b4a81b5b1072f27de0981a2d39cabc2d6";
sha256 = "1b0fb6bd8d36af4c7f1160fcc12b5b7382546c7da35b4924d259f7efaa4c97d0";
rev = "6216bf6c2d42be63025d29550831d9f4447f4066";
sha256 = "e25e19cf073cc2621656e50d2c31cc59cc0fc200716f96c765374568a26977f1";
};
postUnpack = ''

55
pkgs/applications/misc/bitcoin/altcoins.nix
View File

@ -1,6 +1,6 @@
{ fetchurl, stdenv, pkgconfig
, openssl, db48, boost, zlib, miniupnpc, qt4, qrencode, glib, protobuf
, utillinux, autogen, autoconf, autobuild, automake, db }:
, utillinux, autogen, autoconf, autobuild, automake, autoreconfHook, db }:
with stdenv.lib;
@ -8,7 +8,7 @@ let
buildAltcoin = makeOverridable ({walletName, gui ? true, ...}@a:
stdenv.mkDerivation ({
name = "${walletName}${toString (optional (!gui) "d")}-${a.version}";
buildInputs = [ openssl db48 boost zlib miniupnpc ]
buildInputs = [ pkgconfig openssl db48 boost zlib miniupnpc ]
++ optionals gui [ qt4 qrencode ] ++ a.extraBuildInputs or [];
configurePhase = optional gui "qmake";
@ -27,7 +27,7 @@ let
meta = {
platforms = platforms.unix;
license = license.mit;
maintainers = [ maintainers.offline ];
maintainers = [ maintainers.offline ] ++ a.extraMaintainers;
};
} // a)
);
@ -35,31 +35,6 @@ let
in rec {
inherit buildAltcoin;
litecoin = buildAltcoin rec {
walletName = "litecoin";
version = "0.8.5.3-rc3";
src = fetchurl {
url = "https://github.com/litecoin-project/litecoin/archive/v${version}.tar.gz";
sha256 = "1z4a7bm3z9kd7n0s38kln31z8shsd32d5d5v3br5p0jlnr5g3lk7";
};
meta = {
description = "A lite version of Bitcoin using scrypt as a proof-of-work algorithm";
longDescription= ''
Litecoin is a peer-to-peer Internet currency that enables instant payments
to anyone in the world. It is based on the Bitcoin protocol but differs
from Bitcoin in that it can be efficiently mined with consumer-grade hardware.
Litecoin provides faster transaction confirmations (2.5 minutes on average)
and uses a memory-hard, scrypt-based mining proof-of-work algorithm to target
the regular computers and GPUs most people already have.
The Litecoin network is scheduled to produce 84 million currency units.
'';
homepage = https://litecoin.org/;
};
};
litecoind = litecoin.override { gui = false; };
namecoin = buildAltcoin rec {
walletName = "namecoin";
version = "0.3.51.00";
@ -80,4 +55,28 @@ in rec {
};
};
darkcoin = buildAltcoin rec {
walletName = "darkcoin";
version = "0.9.13.15";
src = fetchurl {
url = "https://github.com/darkcoin/darkcoin/archive/v${version}.tar.gz";
sha256 = "1kly2y3g4dr1jwwf81smqvc7k662x6rvg4ggmxva1yaifb67bgjb";
};
extraBuildInputs = [ glib ];
meta = {
description = "A decentralized key/value registration and transfer system";
longDescription = ''
Darkcoin (DRK) is an open sourced, privacy-centric digital
currency. It allows you keep your finances private as you make
transactions, similar to cash.
'';
homepage = http://darkcoin.io;
extraMaintainers = [ maintainers.AndersonTorres ];
};
};
darkcoind = darkcoin.override { gui = false; };
}

60
pkgs/applications/misc/bitcoin/litecoin.nix Normal file
View File

@ -0,0 +1,60 @@
{ stdenv, fetchurl, pkgconfig
, openssl, db48, boost, zlib, miniupnpc, qt4, qrencode, glib, protobuf
, utillinux, autogen, autoreconfHook }:
with stdenv.lib;
let
mkAutoreconfCoin =
{ name, version, withGui, src, meta }:
stdenv.mkDerivation {
inherit src meta;
name = name + (toString (optional (!withGui) "d")) + "-" + version;
buildInputs = [ autogen autoreconfHook pkgconfig openssl
boost zlib miniupnpc db48 glib utillinux protobuf ]
++ optionals withGui [ qt4 qrencode protobuf ];
configureFlags = [ "--with-boost-libdir=${boost.lib}/lib" ] ++ optionals withGui [ "--with-gui=qt4" ];
};
mkLitecoin = { withGui }:
mkAutoreconfCoin rec {
name = "litecoin";
version = "0.9.3-preview5";
inherit withGui;
src = fetchurl {
url = "https://github.com/litecoin-project/litecoin/archive/v${version}.tar.gz";
sha256 = "0nnfz4s2g28jb5fqy6cabsryp3h2amzlyslr6g6k8r1vmzvx5ym6";
};
meta = with stdenv.lib; {
description = "A lite version of Bitcoin using scrypt as a proof-of-work algorithm";
longDescription= ''
Litecoin is a peer-to-peer Internet currency that enables instant payments
to anyone in the world. It is based on the Bitcoin protocol but differs
from Bitcoin in that it can be efficiently mined with consumer-grade hardware.
Litecoin provides faster transaction confirmations (2.5 minutes on average)
and uses a memory-hard, scrypt-based mining proof-of-work algorithm to target
the regular computers and GPUs most people already have.
The Litecoin network is scheduled to produce 84 million currency units.
'';
homepage = https://litecoin.org/;
platforms = platforms.unix;
license = licenses.mit;
maintainers = [ maintainers.offline maintainers.AndersonTorres ];
};
};
in {
litecoin = mkLitecoin { withGui = true; };
litecoind = mkLitecoin { withGui = false; };
}

6
pkgs/applications/misc/cool-old-term/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, qt53 }:
{ stdenv, fetchFromGitHub, qt5 }:
stdenv.mkDerivation rec {
version = "0.9";
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
sha256 = "8462f3eded7b2219acc143258544b0dfac32d81e10cac61ff14276d426704c93";
};
buildInputs = [ qt53 ];
buildInputs = [ qt5 ];
buildPhase = ''
pushd ./konsole-qml-plugin
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
cat > $out/bin/cool-old-term <<EOF
#!${stdenv.shell}
${qt53}/bin/qmlscene -I $out/lib/cool-old-term/imports $out/share/cool-old-term/app/main.qml
${qt5}/bin/qmlscene -I $out/lib/cool-old-term/imports $out/share/cool-old-term/app/main.qml
EOF
chmod a+x $out/bin/cool-old-term
'';

2
pkgs/applications/misc/eaglemode/default.nix
View File

@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
# http://sourceforge.net/projects/eaglemode/forums/forum/808824/topic/5115261
buildPhase = ''
export NIX_LDFLAGS="$NIX_LDFLAGS -lXxf86vm -lXext"
yes y | perl make.pl build
perl make.pl build
'';
dontPatchELF = true;

6
pkgs/applications/misc/evtest/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchgit, autoconf, automake, pkgconfig, libxml2 }:
stdenv.mkDerivation rec {
name = "evtest-1.31";
name = "evtest-1.32";
preConfigure = "autoreconf -iv";
@ -9,8 +9,8 @@ stdenv.mkDerivation rec {
src = fetchgit {
url = "git://anongit.freedesktop.org/evtest";
rev = "871371806017301373b8b0e5b7e8f168ce1ea13f";
sha256 = "1hxldlldlrb9lnnybn839a97fpqd1cixbmci2wzgr0rzhjbwhcgp";
rev = "refs/tags/evtest-1.32";
sha256 = "150lb7d2gnkcqgfw1hcnb8lcvdb52fpig9j9qxjizp6irhlw2a31";
};
meta = with stdenv.lib; {

4
pkgs/applications/misc/gnuradio-osmosdr/default.nix
View File

@ -7,12 +7,12 @@ assert pythonSupport -> python != null && swig != null;
stdenv.mkDerivation rec {
name = "gnuradio-osmosdr-${version}";
version = "0.1.0";
version = "0.1.4";
src = fetchgit {
url = "git://git.osmocom.org/gr-osmosdr";
rev = "refs/tags/v${version}";
sha256 = "112zfvnr6fjvhdc06ihi2sb0dp441qy7jq8rvr81nbyv3r8jspj4";
sha256 = "0vyzr4fhkblf2v3d7m0ch5hws4c493jw3ydl4y6b2dfbfzchhsz8";
};
buildInputs = [

4
pkgs/applications/misc/gnuradio/default.nix
View File

@ -23,11 +23,11 @@
stdenv.mkDerivation rec {
name = "gnuradio-${version}";
version = "3.7.5";
version = "3.7.5.1";
src = fetchurl {
url = "http://gnuradio.org/releases/gnuradio/${name}.tar.gz";
sha256 = "0hv2nyz2hp1mjinin2q7jimh9mr81rjqvghqmaglz8w70qcn4zs6";
sha256 = "0gg4i8s1z5pcfk8d7n7baxv3lx2cjcizimvbziraj27lcbvpmwar";
};
buildInputs = [

2
pkgs/applications/misc/gosmore/default.nix
View File

@ -7,7 +7,7 @@ stdenv.mkDerivation {
name = "gosmore-r${version}";
src = fetchsvn {
url = http://svn.openstreetmap.org/applications/rendering/gosmore;
sha256 = "0qyvrb4xgy4msc7f65widzkvjzc8mlddc4dyr1i76b7wd3gpk0xj";
sha256 = "0d8ddfa0nhz51ambwj9y5jjbizl9y9w44sviisk3ysqvn8q0phds";
rev = "${version}";
};

14
pkgs/applications/misc/gqrx/default.nix
View File

@ -8,11 +8,11 @@ assert pulseaudioSupport -> pulseaudio != null;
stdenv.mkDerivation rec {
name = "gqrx-${version}";
version = "2.2.0";
version = "2.3.0";
src = fetchurl {
url = "mirror://sourceforge/project/gqrx/${version}/${name}-src.tar.gz";
sha256 = "15ncx2shh43skph7sj3jvmkls9cbbbysld49c8xd23fhdsxanj9x";
url = "mirror://sourceforge/project/gqrx/${version}/${name}.tar.xz";
sha256 = "0fyfkdd2ailg54ppv1y2fy2c692jmlmsyl1lxr20lyn6bvd9gpyn";
};
buildInputs = [
@ -21,6 +21,14 @@ stdenv.mkDerivation rec {
configurePhase = ''qmake PREFIX="$out"'';
postInstall = ''
mkdir -p "$out/share/applications"
mkdir -p "$out/share/icons"
cp gqrx.desktop "$out/share/applications/"
cp icons/gqrx.svg "$out/share/icons/"
'';
meta = with stdenv.lib; {
description = "Software defined radio (SDR) receiver";
longDescription = ''

57
pkgs/applications/misc/gramps/default.nix Normal file
View File

@ -0,0 +1,57 @@
{ stdenv, fetchurl, gtk3, pythonPackages, python, pycairo, pygobject3, intltool,
pango, gsettings_desktop_schemas }:
pythonPackages.buildPythonPackage rec {
version = "4.1.1";
name = "gramps-${version}";
namePrefix = "";
buildInputs = [ intltool gtk3 ];
# Currently broken
doCheck = false;
src = fetchurl {
url = "mirror://sourceforge/gramps/Stable/${version}/${name}.tar.gz";
sha256 = "0jdps7yx2mlma1hdj64wssvnqd824xdvw0bmn2dnal5fn3h7h060";
};
pythonPath = [ pygobject3 pango pycairo pythonPackages.bsddb ];
# Same installPhase as in buildPythonPackage but without --old-and-unmanageble
# install flag.
installPhase = ''
runHook preInstall
mkdir -p "$out/lib/${python.libPrefix}/site-packages"
export PYTHONPATH="$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
${python}/bin/${python.executable} setup.py install \
--install-lib=$out/lib/${python.libPrefix}/site-packages \
--prefix="$out"
eapth="$out/lib/${python.libPrefix}"/site-packages/easy-install.pth
if [ -e "$eapth" ]; then
# move colliding easy_install.pth to specifically named one
mv "$eapth" $(dirname "$eapth")/${name}.pth
fi
rm -f "$out/lib/${python.libPrefix}"/site-packages/site.py*
runHook postInstall
'';
# gobjectIntrospection package, wrap accordingly
preFixup = ''
wrapProgram $out/bin/gramps \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH:$out/share"
'';
meta = with stdenv.lib; {
description = "Genealogy software";
homepage = http://gramps-project.org;
license = licenses.gpl2;
};
}

7
pkgs/applications/misc/k2pdfopt/default.nix
View File

@ -20,10 +20,11 @@ let
};
in stdenv.mkDerivation rec {
name = "k2pdfopt";
name = "k2pdfopt-${version}";
version = "2.30";
src = fetchzip {
url = http://www.willus.com/k2pdfopt/src/k2pdfopt_v2.21_src.zip;
sha256 = "1vy0yw41z6p95gmivjk4r534zbg0kqap4lr9ps56kvjw51q8r54j";
url = "http://www.willus.com/k2pdfopt/src/k2pdfopt_v${version}_src.zip";
sha256 = "1fjjznkplrbyrg48wbij4kqgkz9i5icq7savl6brsf9haahdz6q5";
};
buildInputs = [ libX11 libXext autoconf automake libtool leptonica libpng libtiff zlib

3
pkgs/applications/misc/monero/default.nix
View File

@ -16,6 +16,9 @@ stdenv.mkDerivation {
# these tests take a long time and don't
# always complete in the build environment
postPatch = "sed -i '/add_subdirectory(tests)/d' CMakeLists.txt";
NIX_CFLAGS_COMPILE = "-Wno-error=cpp";
doCheck = false;
checkTarget = "test-release"; # this would be the target

44
pkgs/applications/misc/rescuetime/default.nix Normal file
View File

@ -0,0 +1,44 @@
{ stdenv, lib, fetchurl, dpkg, patchelf, qt4, libXtst, libXext, libX11, makeWrapper, libXScrnSaver }:
let
src =
if stdenv.system == "i686-linux" then fetchurl {
name = "rescuetime-installer.deb";
url = "https://www.rescuetime.com/installers/rescuetime_current_i386.deb";
sha256 = "03dj0ivavxlcvx7dv7y6zllwqkclfyxkfax691zv2qclmk5gf8wz";
} else fetchurl {
name = "rescuetime-installer.deb";
url = "https://www.rescuetime.com/installers/rescuetime_current_amd64.deb";
sha256 = "11by4lkij1ryv8h3mz55hj3ssrikl697rs5b7mlg3g058gr2v3wl";
};
in
stdenv.mkDerivation {
name = "rescuetime-2.8.6.1015";
inherit src;
buildInputs = [ dpkg makeWrapper ];
unpackPhase = ''
mkdir pkg
dpkg-deb -x $src pkg
sourceRoot=pkg
'';
installPhase = ''
mkdir -p $out/bin
cp usr/bin/rescuetime $out/bin
${patchelf}/bin/patchelf \
--interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
$out/bin/rescuetime
wrapProgram $out/bin/rescuetime \
--prefix LD_PRELOAD : ${qt4}/lib/libQtGui.so.4:${qt4}/lib/libQtCore.so.4:${libXtst}/lib/libXtst.so.6:${libXext}/lib/libXext.so.6:${libX11}/lib/libX11.so.6:${libXScrnSaver}/lib/libXss.so.1
'';
meta = with lib; {
description = "Helps you understand your daily habits so you can focus and be more productive";
homepage = "https://www.rescuetime.com";
maintainers = with maintainers; [ cstrahan ];
license = licenses.unfree;
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

1
pkgs/applications/misc/slic3r/default.nix
View File

@ -69,5 +69,6 @@ stdenv.mkDerivation rec {
license = licenses.agpl3;
platforms = platforms.linux;
maintainers = with maintainers; [ bjornfor the-kenny ];
broken = true; # requires Perl 5.14
};
}

Some files were not shown because too many files have changed in this diff Show More