colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into hardened-stdenv

Browse Source
This commit is contained in:
Robin Gloster 2016-05-02 22:58:02 +00:00
commit c92bca56f8
867 changed files with 75282 additions and 27025 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,6 +1,9 @@
###### Things done
- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS)
- [ ] Tested using sandboxing
([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS,
or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
on non-NixOS)
- Built on platform(s)
- [ ] NixOS
- [ ] OS X

376
doc/beam-users-guide.xml Normal file
View File

@ -0,0 +1,376 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="users-guide-to-the-erlang-infrastructure">
<title>User's Guide to the Beam Infrastructure</title>
<section xml:id="beam-introduction">
<title>Beam Languages (Erlang &amp; Elixir) on Nix</title>
<para>
In this document and related Nix expressions we use the term
<emphasis>Beam</emphasis> to describe the environment. Beam is
the name of the Erlang Virtial Machine and, as far as we know,
from a packaging perspective all languages that run on Beam are
interchangable. The things that do change, like the build
system, are transperant to the users of the package. So we make
no distinction.
</para>
</section>
<section xml:id="build-tools">
<title>Build Tools</title>
<section xml:id="build-tools-rebar3">
<title>Rebar3</title>
<para>
By default Rebar3 wants to manage it's own dependencies. In the
normal non-Nix, this is perfectly acceptable. In the Nix world it
is not. To support this we have created two versions of rebar3,
<literal>rebar3</literal> and <literal>rebar3-open</literal>. The
<literal>rebar3</literal> version has been patched to remove the
ability to download anything from it. If you are not running it a
nix-shell or a nix-build then its probably not going to work for
you. <literal>rebar3-open</literal> is the normal, un-modified
rebar3. It should work exactly as would any other version of
rebar3. Any Erlang package should rely on
<literal>rebar3</literal> and thats really what you should be
using too.
</para>
</section>
<section xml:id="build-tools-other">
<title>Mix &amp; Erlang.mk</title>
<para>
Both Mix and Erlang.mk work exactly as you would expect. There
is a bootstrap process that needs to be run for both of
them. However, that is supported by the
<literal>buildMix</literal> and <literal>buildErlangMk</literal> derivations.
</para>
</section>
</section>
<section xml:id="how-to-install-beam-packages">
<title>How to install Beam packages</title>
<para>
Beam packages are not registered in the top level simply because
they are not relevant to the vast majority of Nix users. They are
installable using the <literal>beamPackages</literal> attribute
set.
You can list the avialable packages in the
<literal>beamPackages</literal> with the following command:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A beamPackages
beamPackages.esqlite esqlite-0.2.1
beamPackages.goldrush goldrush-0.1.7
beamPackages.ibrowse ibrowse-4.2.2
beamPackages.jiffy jiffy-0.14.5
beamPackages.lager lager-3.0.2
beamPackages.meck meck-0.8.3
beamPackages.rebar3-pc pc-1.1.0
</programlisting>
<para>
To install any of those packages into your profile, refer to them by
their attribute path (first column):
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA beamPackages.ibrowse
</programlisting>
<para>
The attribute path of any Beam packages corresponds to the name
of that particular package in Hex or its OTP Application/Release name.
</para>
</section>
<section xml:id="packaging-beam-applications">
<title>Packaging Beam Applications</title>
<section xml:id="packaging-erlang-applications">
<title>Erlang Applications</title>
<section xml:id="rebar3-packages">
<title>Rebar3 Packages</title>
<para>
There is a Nix functional called
<literal>buildRebar3</literal>. We use this function to make a
derivation that understands how to build the rebar3 project. For
example, the epression we use to build the <link
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>
project follows.
</para>
<programlisting>
{stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 rec {
name = "hex2nix";
version = "0.0.1";
src = fetchFromGitHub {
owner = "ericbmerritt";
repo = "hex2nix";
rev = "${version}";
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
};
beamDeps = [ ibrowse jsx erlware_commons ];
}
</programlisting>
<para>
The only visible difference between this derivation and
something like <literal>stdenv.mkDerivation</literal> is that we
have added <literal>erlangDeps</literal> to the derivation. If
you add your Beam dependencies here they will be correctly
handled by the system.
</para>
<para>
If your package needs to compile native code via Rebar's port
compilation mechenism. You should add <literal>compilePort =
true;</literal> to the derivation.
</para>
</section>
<section xml:id="erlang-mk-packages">
<title>Erlang.mk Packages</title>
<para>
Erlang.mk functions almost identically to Rebar. The only real
difference is that <literal>buildErlangMk</literal> is called
instead of <literal>buildRebar3</literal>
</para>
<programlisting>
{ buildErlangMk, fetchHex, cowlib, ranch }:
buildErlangMk {
name = "cowboy";
version = "1.0.4";
src = fetchHex {
pkg = "cowboy";
version = "1.0.4";
sha256 =
"6a0edee96885fae3a8dd0ac1f333538a42e807db638a9453064ccfdaa6b9fdac";
};
beamDeps = [ cowlib ranch ];
meta = {
description = ''Small, fast, modular HTTP server written in
Erlang.'';
license = stdenv.lib.licenses.isc;
homepage = "https://github.com/ninenines/cowboy";
};
}
</programlisting>
</section>
<section xml:id="mix-packages">
<title>Mix Packages</title>
<para>
Mix functions almost identically to Rebar. The only real
difference is that <literal>buildMix</literal> is called
instead of <literal>buildRebar3</literal>
</para>
<programlisting>
{ buildMix, fetchHex, plug, absinthe }:
buildMix {
name = "absinthe_plug";
version = "1.0.0";
src = fetchHex {
pkg = "absinthe_plug";
version = "1.0.0";
sha256 =
"08459823fe1fd4f0325a8bf0c937a4520583a5a26d73b193040ab30a1dfc0b33";
};
beamDeps = [ plug absinthe];
meta = {
description = ''A plug for Absinthe, an experimental GraphQL
toolkit'';
license = stdenv.lib.licenses.bsd3;
homepage = "https://github.com/CargoSense/absinthe_plug";
};
}
</programlisting>
</section>
</section>
</section>
<section xml:id="how-to-develop">
<title>How to develop</title>
<section xml:id="accessing-an-environment">
<title>Accessing an Environment</title>
<para>
Often, all you want to do is be able to access a valid
environment that contains a specific package and its
dependencies. we can do that with the <literal>env</literal>
part of a derivation. For example, lets say we want to access an
erlang repl with ibrowse loaded up. We could do the following.
</para>
<programlisting>
~/w/nixpkgs nix-shell -A beamPackages.ibrowse.env --run "erl"
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
Eshell V7.0 (abort with ^G)
1> m(ibrowse).
Module: ibrowse
MD5: 3b3e0137d0cbb28070146978a3392945
Compiled: January 10 2016, 23:34
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
debug_info,debug_info,nowarn_shadow_vars,
warn_unused_import,warn_unused_vars,warnings_as_errors,
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
Exports:
add_config/1 send_req_direct/7
all_trace_off/0 set_dest/3
code_change/3 set_max_attempts/3
get_config_value/1 set_max_pipeline_size/3
get_config_value/2 set_max_sessions/3
get_metrics/0 show_dest_status/0
get_metrics/2 show_dest_status/1
handle_call/3 show_dest_status/2
handle_cast/2 spawn_link_worker_process/1
handle_info/2 spawn_link_worker_process/2
init/1 spawn_worker_process/1
module_info/0 spawn_worker_process/2
module_info/1 start/0
rescan_config/0 start_link/0
rescan_config/1 stop/0
send_req/3 stop_worker_process/1
send_req/4 stream_close/1
send_req/5 stream_next/1
send_req/6 terminate/2
send_req_direct/4 trace_off/0
send_req_direct/5 trace_off/2
send_req_direct/6 trace_on/0
trace_on/2
ok
2>
</programlisting>
<para>
Notice the <literal>-A beamPackages.ibrowse.env</literal>.That
is the key to this functionality.
</para>
</section>
<section xml:id="creating-a-shell">
<title>Creating a Shell</title>
<para>
Getting access to an environment often isn't enough to do real
development. Many times we need to create a
<literal>shell.nix</literal> file and do our development inside
of the environment specified by that file. This file looks a lot
like the packageing described above. The main difference is that
<literal>src</literal> points to project root and we call the
package directly.
</para>
<programlisting>
{ pkgs ? import &quot;&lt;nixpkgs&quot;&gt; {} }:
with pkgs;
let
f = { buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 {
name = "hex2nix";
version = "0.1.0";
src = ./.;
erlangDeps = [ ibrowse jsx erlware_commons ];
};
drv = beamPackages.callPackage f {};
in
drv
</programlisting>
<section xml:id="building-in-a-shell">
<title>Building in a shell</title>
<para>
We can leveral the support of the Derivation, regardless of
which build Derivation is called by calling the commands themselv.s
</para>
<programlisting>
# =============================================================================
# Variables
# =============================================================================
NIX_TEMPLATES := "$(CURDIR)/nix-templates"
TARGET := "$(PREFIX)"
PROJECT_NAME := thorndyke
NIXPKGS=../nixpkgs
NIX_PATH=nixpkgs=$(NIXPKGS)
NIX_SHELL=nix-shell -I "$(NIX_PATH)" --pure
# =============================================================================
# Rules
# =============================================================================
.PHONY= all test clean repl shell build test analyze configure install \
test-nix-install publish plt analyze
all: build
guard-%:
@ if [ "${${*}}" == "" ]; then \
echo "Environment variable $* not set"; \
exit 1; \
fi
clean:
rm -rf _build
rm -rf .cache
repl:
$(NIX_SHELL) --run "iex -pa './_build/prod/lib/*/ebin'"
shell:
$(NIX_SHELL)
configure:
$(NIX_SHELL) --command 'eval "$$configurePhase"'
build: configure
$(NIX_SHELL) --command 'eval "$$buildPhase"'
install:
$(NIX_SHELL) --command 'eval "$$installPhase"'
test:
$(NIX_SHELL) --command 'mix test --no-start --no-deps-check'
plt:
$(NIX_SHELL) --run "mix dialyzer.plt --no-deps-check"
analyze: build plt
$(NIX_SHELL) --run "mix dialyzer --no-compile"
</programlisting>
<para>
If you add the <literal>shell.nix</literal> as described and
user rebar as follows things should simply work. Aside from the
<literal>test</literal>, <literal>plt</literal>, and
<literal>analyze</literal> the talks work just fine for all of
the build Derivations.
</para>
</section>
</section>
</section>
<section xml:id="generating-packages-from-hex-with-hex2nix">
<title>Generating Packages from Hex with Hex2Nix</title>
<para>
Updating the Hex packages requires the use of the
<literal>hex2nix</literal> tool. Given the path to the Erlang
modules (usually
<literal>pkgs/development/erlang-modules</literal>). It will
happily dump a file called
<literal>hex-packages.nix</literal>. That file will contain all
the packages that use a recognized build system in Hex. However,
it can't know whether or not all those packages are buildable.
</para>
<para>
To make life easier for our users, it makes good sense to go
ahead and attempt to build all those packages and remove the
ones that don't build. To do that, simply run the command (in
the root of your <literal>nixpkgs</literal> repository). that follows.
</para>
<programlisting>
$ nix-build -A beamPackages
</programlisting>
<para>
That will build every package in
<literal>beamPackages</literal>. Then you can go through and
manually remove the ones that fail. Hopefully, someone will
improve <literal>hex2nix</literal> in the future to automate
that.
</para>
</section>
</chapter>

305
doc/erlang-users-guide.xml
View File

@ -1,305 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="users-guide-to-the-erlang-infrastructure">
<title>User's Guide to the Erlang Infrastructure</title>
<section xml:id="build-tools">
<title>Build Tools</title>
<para>
By default Rebar3 wants to manage it's own dependencies. In the
normal non-Nix, this is perfectly acceptable. In the Nix world it
is not. To support this we have created two versions of rebar3,
<literal>rebar3</literal> and <literal>rebar3-open</literal>. The
<literal>rebar3</literal> version has been patched to remove the
ability to download anything from it. If you are not running it a
nix-shell or a nix-build then its probably not going to work for
you. <literal>rebar3-open</literal> is the normal, un-modified
rebar3. It should work exactly as would any other version of
rebar3. Any Erlang package should rely on
<literal>rebar3</literal> and thats really what you should be
using too.
</para>
</section>
<section xml:id="how-to-install-erlang-packages">
<title>How to install Erlang packages</title>
<para>
Erlang packages are not registered in the top level simply because
they are not relevant to the vast majority of Nix users. They are
installable using the <literal>erlangPackages</literal> attribute set.
You can list the avialable packages in the
<literal>erlangPackages</literal> with the following command:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A erlangPackages
erlangPackages.esqlite esqlite-0.2.1
erlangPackages.goldrush goldrush-0.1.7
erlangPackages.ibrowse ibrowse-4.2.2
erlangPackages.jiffy jiffy-0.14.5
erlangPackages.lager lager-3.0.2
erlangPackages.meck meck-0.8.3
erlangPackages.rebar3-pc pc-1.1.0
</programlisting>
<para>
To install any of those packages into your profile, refer to them by
their attribute path (first column):
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA erlangPackages.ibrowse
</programlisting>
<para>
The attribute path of any Erlang packages corresponds to the name
of that particular package in Hex or its OTP Application/Release name.
</para>
</section>
<section xml:id="packaging-erlang-applications">
<title>Packaging Erlang Applications</title>
<section xml:id="rebar3-packages">
<title>Rebar3 Packages</title>
<para>
There is a Nix functional called
<literal>buildRebar3</literal>. We use this function to make a
derivation that understands how to build the rebar3 project. For
example, the epression we use to build the <link
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>
project follows.
</para>
<programlisting>
{stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 rec {
name = "hex2nix";
version = "0.0.1";
src = fetchFromGitHub {
owner = "ericbmerritt";
repo = "hex2nix";
rev = "${version}";
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
};
erlangDeps = [ ibrowse jsx erlware_commons ];
}
</programlisting>
<para>
The only visible difference between this derivation and
something like <literal>stdenv.mkDerivation</literal> is that we
have added <literal>erlangDeps</literal> to the derivation. If
you add your Erlang dependencies here they will be correctly
handled by the system.
</para>
<para>
If your package needs to compile native code via Rebar's port
compilation mechenism. You should add <literal>compilePort =
true;</literal> to the derivation.
</para>
</section>
<section xml:id="hex-packages">
<title>Hex Packages</title>
<para>
Hex packages are based on Rebar packages. In fact, at the moment
we can only compile Hex packages that are buildable with
Rebar3. Packages that use Mix and other build systems are not
supported. That being said, we know a lot more about Hex and can
do more for you.
</para>
<programlisting>
{ buildHex }:
buildHex {
name = "esqlite";
version = "0.2.1";
sha256 = "1296fn1lz4lz4zqzn4dwc3flgkh0i6n4sydg501faabfbv8d3wkr";
compilePort = true;
}
</programlisting>
<para>
For Hex packages you need to provide the name, the version, and
the Sha 256 digest of the package and use
<literal>buildHex</literal> to build it. Obviously, the package
needs to have already been published to Hex.
</para>
</section>
</section>
<section xml:id="how-to-develop">
<title>How to develop</title>
<section xml:id="accessing-an-environment">
<title>Accessing an Environment</title>
<para>
Often, all you want to do is be able to access a valid
environment that contains a specific package and its
dependencies. we can do that with the <literal>env</literal>
part of a derivation. For example, lets say we want to access an
erlang repl with ibrowse loaded up. We could do the following.
</para>
<programlisting>
~/w/nixpkgs nix-shell -A erlangPackages.ibrowse.env --run "erl"
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
Eshell V7.0 (abort with ^G)
1> m(ibrowse).
Module: ibrowse
MD5: 3b3e0137d0cbb28070146978a3392945
Compiled: January 10 2016, 23:34
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
debug_info,debug_info,nowarn_shadow_vars,
warn_unused_import,warn_unused_vars,warnings_as_errors,
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
Exports:
add_config/1 send_req_direct/7
all_trace_off/0 set_dest/3
code_change/3 set_max_attempts/3
get_config_value/1 set_max_pipeline_size/3
get_config_value/2 set_max_sessions/3
get_metrics/0 show_dest_status/0
get_metrics/2 show_dest_status/1
handle_call/3 show_dest_status/2
handle_cast/2 spawn_link_worker_process/1
handle_info/2 spawn_link_worker_process/2
init/1 spawn_worker_process/1
module_info/0 spawn_worker_process/2
module_info/1 start/0
rescan_config/0 start_link/0
rescan_config/1 stop/0
send_req/3 stop_worker_process/1
send_req/4 stream_close/1
send_req/5 stream_next/1
send_req/6 terminate/2
send_req_direct/4 trace_off/0
send_req_direct/5 trace_off/2
send_req_direct/6 trace_on/0
trace_on/2
ok
2>
</programlisting>
<para>
Notice the <literal>-A erlangPackages.ibrowse.env</literal>.That
is the key to this functionality.
</para>
</section>
<section xml:id="creating-a-shell">
<title>Creating a Shell</title>
<para>
Getting access to an environment often isn't enough to do real
development. Many times we need to create a
<literal>shell.nix</literal> file and do our development inside
of the environment specified by that file. This file looks a lot
like the packageing described above. The main difference is that
<literal>src</literal> points to project root and we call the
package directly.
</para>
<programlisting>
{ pkgs ? import &quot;&lt;nixpkgs&quot;&gt; {} }:
with pkgs;
let
f = { buildHex, ibrowse, jsx, erlware_commons }:
buildHex {
name = "hex2nix";
version = "0.1.0";
src = ./.;
erlangDeps = [ ibrowse jsx erlware_commons ];
};
drv = erlangPackages.callPackage f {};
in
drv
</programlisting>
<section xml:id="building-in-a-shell">
<title>Building in a shell</title>
<para>
Unfortunatly for us users of Nix, Rebar isn't very cooperative
with us from the standpoint of building a hermetic
environment. When building the rebar3 support we had to do some
sneaky things to get it not to go out and pull packages on its
own. Also unfortunately, you have to do some of the same things
when building a project inside of a Nix shell.
<orderedlist numeration="arabic">
<listitem>
<para>Run <literal>rebar3-nix-bootstrap</literal> every time
dependencies change</para>
</listitem>
<listitem>
<para>Set Home to the current directory.</para>
</listitem>
</orderedlist>
If you do these two things then Rebar will be happy with you. I
codify these into a makefile. Forunately, rebar3-nix-bootstrap
is idempotent and fairly quick. so you can run it as often as
you like.
</para>
<programlisting>
# =============================================================================
# Rules
# =============================================================================
.PHONY= all test clean repl shell build test analyze bootstrap
all: test
clean:
rm -rf _build
rm -rf .cache
repl:
nix-shell --run "erl"
shell:
nix-shell --run "bash"
bootstrap:
nix-shell --pure --run "rebar3-nix-bootstrap"
build: bootstrap
nix-shell --pure --run "HOME=$(CURDIR) rebar3 compile"
analyze: bootstrap
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer"
test: bootstrap
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer,eunit"
</programlisting>
<para>
If you add the <literal>shell.nix</literal> as described and
user rebar as follows things should simply work.
</para>
</section>
</section>
</section>
<section xml:id="generating-packages-from-hex-with-hex2nix">
<title>Generating Packages from Hex with Hex2Nix</title>
<para>
Updating the Hex packages requires the use of the
<literal>hex2nix</literal> tool. Given the path to the Erlang
modules (usually
<literal>pkgs/development/erlang-modules</literal>). It will
happily dump a file called
<literal>hex-packages.nix</literal>. That file will contain all
the packages that use a recognized build system in Hex. However,
it can't know whether or not all those packages are buildable.
</para>
<para>
To make life easier for our users, it makes good sense to go
ahead and attempt to build all those packages and remove the
ones that don't build. To do that, simply run the command (in
the root of your <literal>nixpkgs</literal> repository). that follows.
</para>
<programlisting>
$ nix-build -A erlangPackages
</programlisting>
<para>
That will build every package in
<literal>erlangPackages</literal>. Then you can go through and
manually remove the ones that fail. Hopefully, someone will
improve <literal>hex2nix</literal> in the future to automate
that.
</para>
</section>
</chapter>

2
doc/languages-frameworks/go.xml
View File

@ -119,6 +119,6 @@ done
</screen>
</para>
<para>To extract dependency information from a Go package in automated way use <link xlink:href="https://github.com/cstrahan/go2nix">go2nix</link>.</para>
<para>To extract dependency information from a Go package in automated way use <link xlink:href="https://github.com/kamilchm/go2nix">go2nix</link>.</para>
</section>

14
doc/languages-frameworks/python.md
View File

@ -108,7 +108,7 @@ toolz = buildPythonPackage rec{
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
@ -146,7 +146,7 @@ pkgs.python35Packages.buildPythonPackage rec {
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
@ -175,7 +175,7 @@ with import <nixpkgs> {};
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
@ -220,7 +220,7 @@ datashape = buildPythonPackage rec {
version = "0.4.7";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/D/DataShape/${name}.tar.gz";
url = "mirror://pypi/D/DataShape/${name}.tar.gz";
sha256 = "14b2ef766d4c9652ab813182e866f493475e65e558bed0822e38bf07bba1a278";
};
@ -251,7 +251,7 @@ lxml = buildPythonPackage rec {
name = "lxml-3.4.4";
src = pkgs.fetchurl {
url = "http://pypi.python.org/packages/source/l/lxml/${name}.tar.gz";
url = "mirror://pypi/l/lxml/${name}.tar.gz";
sha256 = "16a0fa97hym9ysdk3rmqz32xdjqmy4w34ld3rm3jf5viqjx65lxk";
};
@ -282,7 +282,7 @@ pyfftw = buildPythonPackage rec {
version = "0.9.2";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/p/pyFFTW/pyFFTW-${version}.tar.gz";
url = "mirror://pypi/p/pyFFTW/pyFFTW-${version}.tar.gz";
sha256 = "f6bbb6afa93085409ab24885a1a3cdb8909f095a142f4d49e346f2bd1b789074";
};
@ -373,7 +373,7 @@ buildPythonPackage rec {
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};

2
doc/manual.xml
View File

@ -21,7 +21,7 @@
<xi:include href="coding-conventions.xml" />
<xi:include href="submitting-changes.xml" />
<xi:include href="haskell-users-guide.xml" />
<xi:include href="erlang-users-guide.xml" />
<xi:include href="beam-users-guide.xml" />
<xi:include href="contributing.xml" />
</book>

12
lib/maintainers.nix
View File

@ -14,6 +14,7 @@
adev = "Adrien Devresse <adev@adev.name>";
Adjective-Object = "Maxwell Huang-Hobbs <mhuan13@gmail.com>";
aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";
adnelson = "Allen Nelson <ithinkican@gmail.com>";
aflatter = "Alexander Flatter <flatter@fastmail.fm>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";
@ -72,6 +73,7 @@
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
chattered = "Phil Scott <me@philscotted.com>";
choochootrain = "Hurshal Patel <hurshal@imap.cc>";
christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
@ -101,6 +103,7 @@
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
dochang = "Desmond O. Chang <dochang@gmail.com>";
doublec = "Chris Double <chris.double@double.co.nz>";
drewkett = "Andrew Burkett <burkett.andrew@gmail.com>";
ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
@ -140,6 +143,7 @@
garrison = "Jim Garrison <jim@garrison.cc>";
gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
gebner = "Gabriel Ebner <gebner@gebner.org>";
gilligan = "Tobias Pflug <tobias.pflug@gmail.com>";
giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
gleber = "Gleb Peregud <gleber.p@gmail.com>";
globin = "Robin Gloster <mail@glob.in>";
@ -233,6 +237,7 @@
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mog = "Matthew O'Gorman <mog-lists@rldn.net>";
moosingin3space = "Nathan Moos <moosingin3space@gmail.com>";
moretea = "Maarten Hoogendoorn <maarten@moretea.nl>";
mornfall = "Petr Ročkai <me@mornfall.net>";
MostAwesomeDude = "Corbin Simpson <cds@corbinsimpson.com>";
@ -252,7 +257,7 @@
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
obadz = "obadz <dav-nixos@odav.org>";
obadz = "obadz <nixos@obadz.com>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
odi = "Oliver Dunkl <oliver.dunkl@gmail.com>";
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
@ -289,11 +294,14 @@
pxc = "Patrick Callahan <patrick.callahan@latitudeengineering.com>";
qknight = "Joachim Schiele <js@lastlog.de>";
ragge = "Ragnar Dahlen <r.dahlen@gmail.com>";
rardiol = "Ricardo Ardissone <ricardo.ardissone@gmail.com>";
rasendubi = "Alexey Shmalko <rasen.dubi@gmail.com>";
raskin = "Michael Raskin <7c6f434c@mail.ru>";
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
refnil = "Martin Lavoie <broemartino@gmail.com>";
relrod = "Ricky Elrod <ricky@elrod.me>";
renzo = "Renzo Carbonara <renzocarbonara@gmail.com>";
retrry = "Tadas Barzdžius <retrry@gmail.com>";
rick68 = "Wei-Ming Yang <rick68@gmail.com>";
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
rnhmjoj = "Michele Guerini Rocco <micheleguerinirocco@me.com>";
@ -310,6 +318,7 @@
ryanartecona = "Ryan Artecona <ryanartecona@gmail.com>";
ryantm = "Ryan Mulligan <ryan@ryantm.com>";
rycee = "Robert Helgesson <robert@rycee.net>";
ryneeverett = "Ryne Everett <ryneeverett@gmail.com>";
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
@ -336,6 +345,7 @@
spwhitt = "Spencer Whitt <sw@swhitt.me>";
stephenmw = "Stephen Weinberg <stephen@q5comm.com>";
steveej = "Stefan Junker <mail@stefanjunker.de>";
swistak35 = "Rafał Łasocha <me@swistak35.com>";
szczyp = "Szczyp <qb@szczyp.com>";
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
taeer = "Taeer Bar-Yam <taeer@necsi.edu>";

39
maintainers/scripts/copy-tarballs.pl
View File

@ -22,6 +22,9 @@ use JSON;
use Net::Amazon::S3;
use Nix::Store;
isValidPath("/nix/store/foo"); # FIXME: forces Nix::Store initialisation
# S3 setup.
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die;
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die;
@ -127,6 +130,7 @@ elsif ($op eq "--expr") {
my $url = $fetch->{url};
my $algo = $fetch->{type};
my $hash = $fetch->{hash};
my $name = $fetch->{name};
if (defined $ENV{DEBUG}) {
print "$url $algo $hash\n";
@ -143,21 +147,34 @@ elsif ($op eq "--expr") {
next;
}
print STDERR "mirroring $url...\n";
my $storePath = makeFixedOutputPath(0, $algo, $hash, $name);
print STDERR "mirroring $url ($storePath)...\n";
next if $ENV{DRY_RUN};
# Download the file using nix-prefetch-url.
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
waitpid($pid, 0) or die;
if ($? != 0) {
print STDERR "failed to fetch $url: $?\n";
next;
# Substitute the output.
if (!isValidPath($storePath)) {
system("nix-store", "-r", $storePath);
}
# Otherwise download the file using nix-prefetch-url.
if (!isValidPath($storePath)) {
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
waitpid($pid, 0) or die;
if ($? != 0) {
print STDERR "failed to fetch $url: $?\n";
next;
}
<$fh>; my $storePath2 = <$fh>; chomp $storePath2;
if ($storePath ne $storePath2) {
warn "strange: $storePath != $storePath2\n";
next;
}
}
<$fh>; my $storePath = <$fh>; chomp $storePath;
uploadFile($storePath, $url);
$mirrored++;

2
maintainers/scripts/find-tarballs.nix
View File

@ -14,7 +14,7 @@ let
operator = const [ ];
});
urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies;
fetchurlDependencies =
filter

22
maintainers/scripts/map-files.pl
View File

@ -1,22 +0,0 @@
#! /usr/bin/perl -w
use strict;
my %map;
open LIST1, "<$ARGV[0]" or die;
while (<LIST1>) {
/^(\S+)\s+(.*)$/;
$map{$1} = $2;
}
open LIST1, "<$ARGV[1]" or die;
while (<LIST1>) {
/^(\S+)\s+(.*)$/;
if (!defined $map{$1}) {
print STDERR "missing file: $2\n";
next;
}
print "$2\n";
print "$map{$1}\n";
}

2
nixos/default.nix
View File

@ -39,5 +39,5 @@ in
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
# The following are used by nixos-rebuild.
nixFallback = pkgs.nixUnstable;
nixFallback = pkgs.nixUnstable.out;
}

10
nixos/doc/manual/configuration/config-file.xml
View File

@ -106,11 +106,15 @@ networking.extraHosts =
'';
</programlisting>
The main difference is that preceding whitespace is
automatically stripped from each line, and that characters like
The main difference is that it strips from each line
a number of spaces equal to the minimal indentation of
the string as a whole (disregarding the indentation of
empty lines), and that characters like
<literal>"</literal> and <literal>\</literal> are not special
(making it more convenient for including things like shell
code).</para>
code).
See more info about this in the Nix manual <link
xlink:href="https://nixos.org/nix/manual/#ssec-values">here</link>.</para>
</listitem>
</varlistentry>

75
nixos/doc/manual/default.nix
View File

@ -74,6 +74,63 @@ let
</toc>
'';
manualXsltprocOptions = toString [
"--param section.autolabel 1"
"--param section.label.includes.component.label 1"
"--stringparam html.stylesheet style.css"
"--param xref.with.number.and.title 1"
"--param toc.section.depth 3"
"--stringparam admon.style ''"
"--stringparam callout.graphics.extension .gif"
"--stringparam current.docid manual"
"--param chunk.section.depth 0"
"--param chunk.first.sections 1"
"--param use.id.as.filename 1"
"--stringparam generate.toc 'book toc appendix toc'"
"--stringparam chunk.toc ${toc}"
];
olinkDB = stdenv.mkDerivation {
name = "manual-olinkdb";
inherit sources;
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
${copySources}
xsltproc \
${manualXsltprocOptions} \
--stringparam collect.xref.targets only \
--stringparam targets.filename "$out/manual.db" \
--nonet --xinclude \
${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl \
./manual.xml
# Check the validity of the man pages sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
./man-pages.xml
cat > "$out/olinkdb.xml" <<EOF
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE targetset SYSTEM
"file://${docbook5_xsl}/xml/xsl/docbook/common/targetdatabase.dtd" [
<!ENTITY manualtargets SYSTEM "file://$out/manual.db">
]>
<targetset>
<targetsetinfo>
Allows for cross-referencing olinks between the manpages
and the HTML/PDF manuals.
</targetsetinfo>
<document targetdoc="manual">&manualtargets;</document>
</targetset>
EOF
'';
};
in rec {
# The NixOS options in JSON format.
@ -116,18 +173,8 @@ in rec {
dst=$out/share/doc/nixos
mkdir -p $dst
xsltproc \
--param section.autolabel 1 \
--param section.label.includes.component.label 1 \
--stringparam html.stylesheet style.css \
--param xref.with.number.and.title 1 \
--param toc.section.depth 3 \
--stringparam admon.style "" \
--stringparam callout.graphics.extension .gif \
--param chunk.section.depth 0 \
--param chunk.first.sections 1 \
--param use.id.as.filename 1 \
--stringparam generate.toc "book toc appendix toc" \
--stringparam chunk.toc ${toc} \
${manualXsltprocOptions} \
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
--nonet --xinclude --output $dst/ \
${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl ./manual.xml
@ -159,6 +206,7 @@ in rec {
dst=$out/share/doc/nixos
mkdir -p $dst
xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
-P target.database.document="${olinkDB}/olinkdb.xml" \
-P doc.collab.show=0 \
-P latex.output.revhistory=0
@ -178,7 +226,7 @@ in rec {
buildCommand = ''
${copySources}
# Check the validity of the manual sources.
# Check the validity of the man pages sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
./man-pages.xml
@ -190,6 +238,7 @@ in rec {
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
--param man.break.after.slash 1 \
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
./man-pages.xml
'';

32
nixos/doc/manual/development/sources.xml
View File

@ -11,35 +11,25 @@ uses the NixOS and Nixpkgs sources provided by the
<literal>nixos-unstable</literal> channel (kept in
<filename>/nix/var/nix/profiles/per-user/root/channels/nixos</filename>).
To modify NixOS, however, you should check out the latest sources from
Git. This is done using the following command:
Git. This is as follows:
<screen>
$ nixos-checkout <replaceable>/my/sources</replaceable>
</screen>
or
<screen>
$ mkdir -p <replaceable>/my/sources</replaceable>
$ cd <replaceable>/my/sources</replaceable>
$ nix-env -i git
$ git clone git://github.com/NixOS/nixpkgs.git
$ cd nixpkgs
$ git remote add channels git://github.com/NixOS/nixpkgs-channels.git
$ git remote update channels
</screen>
This will check out the latest NixOS sources to
<filename><replaceable>/my/sources</replaceable>/nixpkgs/nixos</filename>
and the Nixpkgs sources to
<filename><replaceable>/my/sources</replaceable>/nixpkgs</filename>.
(The NixOS source tree lives in a subdirectory of the Nixpkgs
repository.) The remote <literal>channels</literal> refers to a
read-only repository that tracks the Nixpkgs/NixOS channels (see <xref
linkend="sec-upgrading"/> for more information about channels). Thus,
the Git branch <literal>channels/nixos-14.12</literal> will contain
the latest built and tested version available in the
<literal>nixos-14.12</literal> channel.</para>
This will check out the latest Nixpkgs sources to
<filename>./nixpkgs</filename> the NixOS sources to
<filename>./nixpkgs/nixos</filename>. (The NixOS source tree lives in
a subdirectory of the Nixpkgs repository.) The remote
<literal>channels</literal> refers to a read-only repository that
tracks the Nixpkgs/NixOS channels (see <xref linkend="sec-upgrading"/>
for more information about channels). Thus, the Git branch
<literal>channels/nixos-14.12</literal> will contain the latest built
and tested version available in the <literal>nixos-14.12</literal>
channel.</para>
<para>Its often inconvenient to develop directly on the master
branch, since if somebody has just committed (say) a change to GCC,

48
nixos/doc/manual/installation/installing-pxe.xml Normal file
View File

@ -0,0 +1,48 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-booting-from-pxe">
<title>Booting from the <quote>netboot</quote> media (PXE)</title>
<para>
Advanced users may wish to install NixOS using an existing PXE or
iPXE setup.
</para>
<para>
These instructions assume that you have an existing PXE or iPXE
infrastructure and simply want to add the NixOS installer as another
option. To build the necessary files from a recent version of
nixpkgs, you can run:
</para>
<programlisting>
nix-build -A netboot nixos/release.nix
</programlisting>
<para>
This will create a <literal>result</literal> directory containing: *
<literal>bzImage</literal> the Linux kernel *
<literal>initrd</literal> the initrd file *
<literal>netboot.ipxe</literal> an example ipxe script
demonstrating the appropriate kernel command line arguments for this
image
</para>
<para>
If youre using plain PXE, configure your boot loader to use the
<literal>bzImage</literal> and <literal>initrd</literal> files and
have it provide the same kernel command line arguments found in
<literal>netboot.ipxe</literal>.
</para>
<para>
If youre using iPXE, depending on how your HTTP/FTP/etc. server is
configured you may be able to use <literal>netboot.ipxe</literal>
unmodified, or you may need to update the paths to the files to
match your servers directory layout
</para>
<para>
In the future we may begin making these files available as build
products from hydra at which point we will update this documentation
with instructions on how to obtain them either for placing on a
dedicated TFTP server or to boot them directly over the internet.
</para>
</section>

1
nixos/doc/manual/installation/installing.xml
View File

@ -270,5 +270,6 @@ $ reboot</screen>
<xi:include href="installing-uefi.xml" />
<xi:include href="installing-usb.xml" />
<xi:include href="installing-pxe.xml" />
</chapter>

1
nixos/doc/manual/release-notes/release-notes.xml
View File

@ -9,6 +9,7 @@
<para>This section lists the release notes for each stable version of NixOS
and current unstable revision.</para>
<xi:include href="rl-1609.xml" />
<xi:include href="rl-1603.xml" />
<xi:include href="rl-1509.xml" />
<xi:include href="rl-1412.xml" />

48
nixos/doc/manual/release-notes/rl-1609.xml Normal file
View File

@ -0,0 +1,48 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-16.09">
<title>Release 16.09 (“Flounder”, 2016/09/??)</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights: </para>
<itemizedlist>
<listitem>
<para>PXE "netboot" media has landed in <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14740" />.
See <xref linkend="sec-booting-from-pxe" /> for documentation.</para>
</listitem>
</itemizedlist>
<para>The following new services were added since the last release:</para>
<itemizedlist>
<listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
</itemizedlist>
<para>When upgrading from a previous release, please be aware of the
following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>todo</para>
</listitem>
</itemizedlist>
<para>Other notable improvements:</para>
<itemizedlist>
<listitem>
<para>todo</para>
</listitem>
</itemizedlist>
</section>

6
nixos/lib/make-disk-image.nix
View File

@ -81,14 +81,14 @@ pkgs.vmTools.runInLinuxVM (
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
# Add missing size/hash fields to the database. FIXME:
# exportReferencesGraph should provide these directly.
chroot /mnt ${config.nix.package}/bin/nix-store --verify --check-contents
chroot /mnt ${config.nix.package.out}/bin/nix-store --verify --check-contents
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
chroot /mnt ${config.nix.package.out}/bin/nix-env --option build-users-group "" \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
# `nixos-rebuild' requires an /etc/NIXOS.

10
nixos/modules/config/pulseaudio.nix
View File

@ -98,9 +98,9 @@ in {
package = mkOption {
type = types.package;
default = pulseaudioLight;
defaultText = "pkgs.pulseaudioLight";
example = literalExample "pkgs.pulseaudioFull";
default = pulseaudioLight.out;
defaultText = "pkgs.pulseaudioLight.out";
example = literalExample "pkgs.pulseaudioFull.out";
description = ''
The PulseAudio derivation to use. This can be used to enable
features (such as JACK support, Bluetooth) via the
@ -134,7 +134,7 @@ in {
}
(mkIf cfg.enable {
environment.systemPackages = [ cfg.package.out ];
environment.systemPackages = [ cfg.package ];
environment.etc = singleton {
target = "asound.conf";
@ -158,7 +158,7 @@ in {
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "notify";
ExecStart = "${cfg.package}/bin/pulseaudio --daemonize=no";
ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no";
Restart = "on-failure";
};
};

6
nixos/modules/hardware/all-firmware.nix
View File

@ -22,7 +22,11 @@ with lib;
###### implementation
config = mkIf config.hardware.enableAllFirmware {
hardware.firmware = [ pkgs.firmwareLinuxNonfree pkgs.intel2200BGFirmware ];
hardware.firmware = with pkgs; [
firmwareLinuxNonfree
intel2200BGFirmware
rtl8723bs-firmware
];
};
}

4
nixos/modules/hardware/video/webcam/facetimehd.nix
View File

@ -31,13 +31,13 @@ in
# unload module during suspend/hibernate as it crashes the whole system
powerManagement.powerDownCommands = ''
${pkgs.module_init_tools}/bin/rmmod -f facetimehd
${pkgs.kmod}/bin/lsmod | ${pkgs.gnugrep}/bin/grep -q "^facetimehd" && ${pkgs.kmod}/bin/rmmod -f -v facetimehd
'';
# and load it back on resume
powerManagement.resumeCommands = ''
export MODULE_DIR=/run/current-system/kernel-modules/lib/modules
${pkgs.module_init_tools}/bin/modprobe -v facetimehd
${pkgs.kmod}/bin/modprobe -v facetimehd
'';
};

2
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -34,7 +34,7 @@ in
if ! [ -e /var/lib/nixos/did-channel-init ]; then
echo "unpacking the NixOS/Nixpkgs sources..."
mkdir -p /nix/var/nix/profiles/per-user/root
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
-i ${channelSources} --quiet --option build-use-substitutes false
mkdir -m 0700 -p /root/.nix-defexpr
ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels

4
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -364,12 +364,12 @@ in
''
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
${config.nix.package.out}/bin/nix-store --load-db < /nix/store/nix-path-registration
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# Add vfat support to the initrd to enable people to copy the

4
nixos/modules/installer/cd-dvd/sd-image.nix
View File

@ -113,11 +113,11 @@ in
${pkgs.e2fsprogs}/bin/resize2fs $rootPart
# Register the contents of the initial Nix store
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Prevents this from running on later boots.
rm -f /nix-path-registration

3
nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
View File

@ -52,8 +52,7 @@ in
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages =
[ pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
[ pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs
pkgs.parted

3
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -49,8 +49,7 @@ in
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages =
[ pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
[ pkgs.w3m # needed for the manual anyway
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes

4
nixos/modules/installer/cd-dvd/system-tarball.nix
View File

@ -78,14 +78,14 @@ in
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
if [ -f /nix-path-registration ]; then
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
};

20
nixos/modules/installer/netboot/netboot-base.nix Normal file
View File

@ -0,0 +1,20 @@
# This module contains the basic configuration for building netboot
# images
{ config, lib, pkgs, ... }:
with lib;
{
imports =
[ ./netboot.nix
# Profiles of this basic netboot media
../../profiles/all-hardware.nix
../../profiles/base.nix
../../profiles/installation-device.nix
];
# Allow the user to log in as root without a password.
users.extraUsers.root.initialHashedPassword = "";
}

10
nixos/modules/installer/netboot/netboot-minimal.nix Normal file
View File

@ -0,0 +1,10 @@
# This module defines a small netboot environment.
{ config, lib, ... }:
{
imports =
[ ./netboot-base.nix
../../profiles/minimal.nix
];
}

91
nixos/modules/installer/netboot/netboot.nix Normal file
View File

@ -0,0 +1,91 @@
# This module creates netboot media containing the given NixOS
# configuration.
{ config, lib, pkgs, ... }:
with lib;
{
options = {
netboot.storeContents = mkOption {
example = literalExample "[ pkgs.stdenv ]";
description = ''
This option lists additional derivations to be included in the
Nix store in the generated netboot image.
'';
};
};
config = {
boot.loader.grub.version = 2;
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;
boot.initrd.postMountCommands = ''
mkdir -p /mnt-root/nix/store
mount -t squashfs /nix-store.squashfs /mnt-root/nix/store
'';
# !!! Hack - attributes expected by other modules.
system.boot.loader.kernelFile = "bzImage";
environment.systemPackages = [ pkgs.grub2 pkgs.grub2_efi pkgs.syslinux ];
boot.consoleLogLevel = mkDefault 7;
fileSystems."/" =
{ fsType = "tmpfs";
options = [ "mode=0755" ];
};
boot.initrd.availableKernelModules = [ "squashfs" ];
boot.initrd.kernelModules = [ "loop" ];
# Closures to be copied to the Nix store, namely the init
# script and the top-level system configuration directory.
netboot.storeContents =
[ config.system.build.toplevel ];
# Create the squashfs image that contains the Nix store.
system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
storeContents = config.netboot.storeContents;
};
# Create the initrd
system.build.netbootRamdisk = pkgs.makeInitrd {
inherit (config.boot.initrd) compressor;
prepend = [ "${config.system.build.initialRamdisk}/initrd" ];
contents =
[ { object = config.system.build.squashfsStore;
symlink = "/nix-store.squashfs";
}
];
};
system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" "#!ipxe\nkernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}\ninitrd initrd\nboot";
boot.loader.timeout = 10;
boot.postBootCommands =
''
# After booting, register the contents of the Nix store
# in the Nix database in the tmpfs.
${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
};
}

2
nixos/modules/installer/tools/auto-upgrade.nix
View File

@ -78,7 +78,7 @@ let cfg = config.system.autoUpgrade; in
HOME = "/root";
};
path = [ pkgs.gnutar pkgs.xz.bin config.nix.package ];
path = [ pkgs.gnutar pkgs.xz.bin config.nix.package.out ];
script = ''
${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags}

60
nixos/modules/installer/tools/nixos-checkout.nix
View File

@ -1,60 +0,0 @@
# This module generates the nixos-checkout script, which performs a
# checkout of the Nixpkgs Git repository.
{ config, lib, pkgs, ... }:
with lib;
let
nixosCheckout = pkgs.substituteAll {
name = "nixos-checkout";
dir = "bin";
isExecutable = true;
src = pkgs.writeScript "nixos-checkout"
''
#! ${pkgs.stdenv.shell} -e
if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
echo "Usage: `basename $0` [PREFIX]. See NixOS Manual for more info."
exit 0
fi
prefix="$1"
if [ -z "$prefix" ]; then prefix=/etc/nixos; fi
mkdir -p "$prefix"
cd "$prefix"
if [ -z "$(type -P git)" ]; then
echo "installing Git..."
nix-env -iA nixos.git
fi
# Move any old nixpkgs directories out of the way.
backupTimestamp=$(date "+%Y%m%d%H%M%S")
if [ -e nixpkgs -a ! -e nixpkgs/.git ]; then
mv nixpkgs nixpkgs-$backupTimestamp
fi
# Check out the Nixpkgs sources.
if ! [ -e nixpkgs/.git ]; then
echo "Creating repository in $prefix/nixpkgs..."
git init --quiet nixpkgs
else
echo "Updating repository in $prefix/nixpkgs..."
fi
cd nixpkgs
git remote add origin git://github.com/NixOS/nixpkgs.git || true
git remote add channels git://github.com/NixOS/nixpkgs-channels.git || true
git remote set-url origin --push git@github.com:NixOS/nixpkgs.git
git remote update
git checkout master
'';
};
in
{
environment.systemPackages = [ nixosCheckout ];
}

2
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -271,7 +271,7 @@ remotePATH=
if [ -n "$buildNix" ]; then
echo "building Nix..." >&2
nixDrv=
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then
nixStorePath="$(prebuiltNix "$(uname -m)")"

6
nixos/modules/installer/tools/tools.nix
View File

@ -22,17 +22,17 @@ let
src = ./nixos-install.sh;
inherit (pkgs) perl pathsFromGraph;
nix = config.nix.package;
nix = config.nix.package.out;
nixClosure = pkgs.runCommand "closure"
{ exportReferencesGraph = ["refs" config.nix.package]; }
{ exportReferencesGraph = ["refs" config.nix.package.out]; }
"cp refs $out";
};
nixos-rebuild = makeProg {
name = "nixos-rebuild";
src = ./nixos-rebuild.sh;
nix = config.nix.package;
nix = config.nix.package.out;
};
nixos-generate-config = makeProg {

3
nixos/modules/misc/ids.nix
View File

@ -263,6 +263,8 @@
caddy = 239;
taskd = 240;
factorio = 241;
emby = 242;
graylog = 243;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -497,6 +499,7 @@
caddy = 239;
taskd = 240;
factorio = 241;
emby = 242;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

7
nixos/modules/module-list.nix
View File

@ -47,7 +47,6 @@
./i18n/input-method/nabi.nix
./i18n/input-method/uim.nix
./installer/tools/auto-upgrade.nix
./installer/tools/nixos-checkout.nix
./installer/tools/tools.nix
./misc/assertions.nix
./misc/crashdump.nix
@ -71,6 +70,7 @@
./programs/kbdlight.nix
./programs/light.nix
./programs/man.nix
./programs/mosh.nix
./programs/nano.nix
./programs/screen.nix
./programs/shadow.nix
@ -158,6 +158,7 @@
./services/desktops/gnome3/tracker.nix
./services/desktops/profile-sync-daemon.nix
./services/desktops/telepathy.nix
./services/development/hoogle.nix
./services/games/factorio.nix
./services/games/ghost-one.nix
./services/games/minecraft-server.nix
@ -182,6 +183,7 @@
./services/hardware/thermald.nix
./services/logging/awstats.nix
./services/logging/fluentd.nix
./services/logging/graylog.nix
./services/logging/klogd.nix
./services/logging/logcheck.nix
./services/logging/logrotate.nix
@ -215,6 +217,7 @@
./services/misc/dictd.nix
./services/misc/disnix.nix
./services/misc/docker-registry.nix
./services/misc/emby.nix
./services/misc/etcd.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
@ -336,6 +339,7 @@
./services/networking/kippo.nix
./services/networking/lambdabot.nix
./services/networking/libreswan.nix
./services/networking/logmein-hamachi.nix
./services/networking/mailpile.nix
./services/networking/mfi.nix
./services/networking/mjpg-streamer.nix
@ -398,6 +402,7 @@
./services/networking/wicd.nix
./services/networking/wpa_supplicant.nix
./services/networking/xinetd.nix
./services/networking/zerobin.nix
./services/networking/zerotierone.nix
./services/networking/znc.nix
./services/printing/cupsd.nix

4
nixos/modules/profiles/docker-container.nix
View File

@ -37,12 +37,12 @@ in {
# After booting, register the contents of the Nix store in the Nix
# database.
if [ -f /nix-path-registration ]; then
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# Install new init script

26
nixos/modules/programs/mosh.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.mosh;
in
{
options.programs.mosh = {
enable = mkOption {
description = ''
Whether to enable mosh. Note, this will open ports in your firewall!
'';
default = false;
example = true;
type = lib.types.bool;
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ mosh ];
networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
};
}

4
nixos/modules/rename.nix
View File

@ -68,6 +68,10 @@ with lib;
# proxy
(mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
# sandboxing
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
# KDE
(mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ])
(mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ])

3
nixos/modules/security/grsecurity.nix
View File

@ -234,7 +234,8 @@ in
systemd.services.grsec-lock = mkIf cfg.config.sysctl {
description = "grsecurity sysctl-lock Service";
requires = [ "systemd-sysctl.service" ];
wants = [ "systemd-sysctl.service" ];
after = [ "systemd-sysctl.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = "yes";

7
nixos/modules/services/backup/crashplan.nix
View File

@ -50,11 +50,8 @@ with lib;
ensureDir ${crashplan.vardir}/log 777
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do
if [ -e ${crashplan.vardir}/$x ]; then
true;
else
ln -s ${crashplan}/$x ${crashplan.vardir}/$x;
fi;
rm -f ${crashplan.vardir}/$x;
ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
done
'';

2
nixos/modules/services/databases/postgresql.nix
View File

@ -242,7 +242,7 @@ in
if test -e "${cfg.dataDir}/.first_startup"; then
${optionalString (cfg.initialScript != null) ''
cat "${cfg.initialScript}" | psql --port=${toString cfg.port} postgres
psql -f "${cfg.initialScript}" --port=${toString cfg.port} postgres
''}
rm -f "${cfg.dataDir}/.first_startup"
fi

70
nixos/modules/services/development/hoogle.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.hoogle;
hoogleEnv = pkgs.buildEnv {
name = "hoogle";
paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
};
in {
options.services.hoogle = {
enable = mkEnableOption "Haskell documentation server";
port = mkOption {
type = types.int;
default = 8080;
description = ''
Port number Hoogle will be listening to.
'';
};
packages = mkOption {
default = hp: [];
defaultText = "hp: []";
example = "hp: with hp; [ text lens ]";
description = ''
The Haskell packages to generate documentation for.
The option value is a function that takes the package set specified in
the <varname>haskellPackages</varname> option as its sole parameter and
returns a list of packages.
'';
};
haskellPackages = mkOption {
description = "Which haskell package set to use.";
default = pkgs.haskellPackages;
defaultText = "pkgs.haskellPackages";
};
};
config = mkIf cfg.enable {
systemd.services.hoogle = {
description = "Haskell documentation server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}'';
User = "nobody";
Group = "nogroup";
PrivateTmp = true;
ProtectHome = true;
RuntimeDirectory = "hoogle";
WorkingDirectory = "%t/hoogle";
};
};
};
}

116
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix Normal file
View File

@ -0,0 +1,116 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.sane.brscan4;
netDeviceList = attrValues cfg.netDevices;
etcFiles = pkgs.callPackage ./brscan4_etc_files.nix { netDevices = netDeviceList; };
netDeviceOpts = { name, config, ... }: {
options = {
name = mkOption {
type = types.str;
description = ''
The friendly name you give to the network device. If undefined,
the name of attribute will be used.
'';
example = literalExample "office1";
};
model = mkOption {
type = types.str;
description = ''
The model of the network device.
'';
example = literalExample "MFC-7860DW";
};
ip = mkOption {
type = with types; nullOr str;
default = null;
description = ''
The ip address of the device. If undefined, you will have to
provide a nodename.
'';
example = literalExample "192.168.1.2";
};
nodename = mkOption {
type = with types; nullOr str;
default = null;
description = ''
The node name of the device. If undefined, you will have to
provide an ip.
'';
example = literalExample "BRW0080927AFBCE";
};
};
config =
{ name = mkDefault name;
};
};
in
{
options = {
hardware.sane.brscan4.enable =
mkEnableOption "Brother's brscan4 scan backend" // {
description = ''
When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location.
'';
};
hardware.sane.brscan4.netDevices = mkOption {
default = {};
example =
{ office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; };
office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; };
};
type = types.loaOf types.optionSet;
description = ''
The list of network devices that will be registered against the brscan4
sane backend.
'';
options = [ netDeviceOpts ];
};
};
config = mkIf (config.hardware.sane.enable && cfg.enable) {
hardware.sane.extraBackends = [
pkgs.brscan4
];
environment.etc = singleton {
target = "opt/brother/scanner/brscan4";
source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
};
assertions = [
{ assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
message = ''
When describing a network device as part of the attribute list
`hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`
attribute should be specified, not both!
'';
}
];
};
}

71
nixos/modules/services/hardware/sane_extra_backends/brscan4_etc_files.nix Normal file
View File

@ -0,0 +1,71 @@
{ stdenv, lib, brscan4, netDevices ? [] }:
/*
Testing
-------
No net devices:
~~~
nix-shell -E 'with import <nixpkgs> { }; brscan4-etc-files'
~~~
Two net devices:
~~~
nix-shell -E 'with import <nixpkgs> { }; brscan4-etc-files.override{netDevices=[{name="a"; model="MFC-7860DW"; nodename="BRW0080927AFBCE";} {name="b"; model="MFC-7860DW"; ip="192.168.1.2";}];}'
~~~
*/
with lib;
let
addNetDev = nd: ''
brsaneconfig4 -a \
name="${nd.name}" \
model="${nd.model}" \
${if (hasAttr "nodename" nd && nd.nodename != null) then
''nodename="${nd.nodename}"'' else
''ip="${nd.ip}"''}'';
addAllNetDev = xs: concatStringsSep "\n" (map addNetDev xs);
in
stdenv.mkDerivation rec {
name = "brscan4-etc-files-0.4.3-3";
src = "${brscan4}/opt/brother/scanner/brscan4";
nativeBuildInputs = [ brscan4 ];
configurePhase = ":";
buildPhase = ''
TARGET_DIR="$out/etc/opt/brother/scanner/brscan4"
mkdir -p "$TARGET_DIR"
cp -rp "./models4" "$TARGET_DIR"
cp -rp "./Brsane4.ini" "$TARGET_DIR"
cp -rp "./brsanenetdevice4.cfg" "$TARGET_DIR"
export BRSANENETDEVICE4_CFG_FILENAME="$TARGET_DIR/brsanenetdevice4.cfg"
printf '${addAllNetDev netDevices}\n'
${addAllNetDev netDevices}
'';
installPhase = ":";
dontStrip = true;
dontPatchELF = true;
meta = {
description = "Brother brscan4 sane backend driver etc files";
homepage = http://www.brother.com;
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.unfree;
maintainers = with stdenv.lib.maintainers; [ jraygauthier ];
};
}

161
nixos/modules/services/logging/graylog.nix Normal file
View File

@ -0,0 +1,161 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.graylog;
configBool = b: if b then "true" else "false";
confFile = pkgs.writeText "graylog.conf" ''
is_master = ${configBool cfg.isMaster}
node_id_file = ${cfg.nodeIdFile}
password_secret = ${cfg.passwordSecret}
root_username = ${cfg.rootUsername}
root_password_sha2 = ${cfg.rootPasswordSha2}
elasticsearch_cluster_name = ${cfg.elasticsearchClusterName}
elasticsearch_discovery_zen_ping_multicast_enabled = ${configBool cfg.elasticsearchDiscoveryZenPingMulticastEnabled}
elasticsearch_discovery_zen_ping_unicast_hosts = ${cfg.elasticsearchDiscoveryZenPingUnicastHosts}
message_journal_dir = ${cfg.messageJournalDir}
mongodb_uri = ${cfg.mongodbUri}
${cfg.extraConfig}
'';
in
{
###### interface
options = {
services.graylog = {
enable = mkEnableOption "Graylog";
package = mkOption {
type = types.package;
default = pkgs.graylog;
defaultText = "pkgs.graylog";
example = literalExample "pkgs.graylog";
description = "Graylog package to use.";
};
user = mkOption {
type = types.str;
default = "graylog";
example = literalExample "graylog";
description = "User account under which graylog runs";
};
isMaster = mkOption {
type = types.bool;
default = true;
description = "Whether this is the master instance of your Graylog cluster";
};
nodeIdFile = mkOption {
type = types.str;
default = "/var/lib/graylog/server/node-id";
description = "Path of the file containing the graylog node-id";
};
passwordSecret = mkOption {
type = types.str;
description = ''
You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
Generate one by using for example: pwgen -N 1 -s 96
'';
};
rootUsername = mkOption {
type = types.str;
default = "admin";
description = "Name of the default administrator user";
};
rootPasswordSha2 = mkOption {
type = types.str;
example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952";
description = ''
You MUST specify a hash password for the root user (which you only need to initially set up the
system and in case you lose connectivity to your authentication backend)
This password cannot be changed using the API or via the web interface. If you need to change it,
modify it here.
Create one by using for example: echo -n yourpassword | shasum -a 256
and use the resulting hash value as string for the option
'';
};
elasticsearchClusterName = mkOption {
type = types.str;
example = "graylog";
description = "This must be the same as for your Elasticsearch cluster";
};
elasticsearchDiscoveryZenPingMulticastEnabled = mkOption {
type = types.bool;
default = false;
description = "Whether to use elasticsearch multicast discovery";
};
elasticsearchDiscoveryZenPingUnicastHosts = mkOption {
type = types.str;
default = "127.0.0.1:9300";
description = "Tells Graylogs Elasticsearch client how to find other cluster members. See Elasticsearch documentation for details";
};
messageJournalDir = mkOption {
type = types.str;
default = "/var/lib/graylog/data/journal";
description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself";
};
mongodbUri = mkOption {
type = types.str;
default = "mongodb://localhost/graylog";
description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details";
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "Any other configuration options you might want to add";
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = mkIf (cfg.user == "graylog") {
graylog = {
uid = config.ids.uids.graylog;
description = "Graylog server daemon user";
};
};
systemd.services.graylog = with pkgs; {
description = "Graylog Server";
wantedBy = [ "multi-user.target" ];
environment = {
JAVA_HOME = jre;
GRAYLOG_CONF = "${confFile}";
};
path = [ pkgs.openjdk8 pkgs.which pkgs.procps ];
preStart = ''
mkdir -p /var/lib/graylog -m 755
chown -R ${cfg.user} /var/lib/graylog
mkdir -p ${cfg.messageJournalDir} -m 755
chown -R ${cfg.user} ${cfg.messageJournalDir}
'';
serviceConfig = {
User="${cfg.user}";
PermissionsStartOnly=true;
ExecStart = "${cfg.package}/bin/graylogctl run";
};
};
};
}

5
nixos/modules/services/logging/logcheck.nix
View File

@ -11,7 +11,10 @@ let
rm $out/logcheck.*
'';
rulesDir = pkgs.symlinkJoin "logcheck-rules-dir" ([ defaultRules ] ++ cfg.extraRulesDirs);
rulesDir = pkgs.symlinkJoin
{ name = "logcheck-rules-dir";
paths = ([ defaultRules ] ++ cfg.extraRulesDirs);
};
configFile = pkgs.writeText "logcheck.conf" cfg.config;

6
nixos/modules/services/mail/dovecot.nix
View File

@ -63,8 +63,10 @@ let
cfg.extraConfig
];
modulesDir = pkgs.symlinkJoin "dovecot-modules"
(map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules));
modulesDir = pkgs.symlinkJoin {
name = "dovecot-modules";
paths = map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules);
};
in
{

69
nixos/modules/services/mail/rmilter.nix
View File

@ -7,9 +7,14 @@ let
rspamdCfg = config.services.rspamd;
cfg = config.services.rmilter;
inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets;
unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets;
allSockets = unixSockets ++ inetSockets;
rmilterConf = ''
pidfile = /run/rmilter/rmilter.pid;
bind_socket = ${cfg.bindSocket};
bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets};
tempdir = /tmp;
'' + (with cfg.rspamd; if enable then ''
@ -68,14 +73,37 @@ in
'';
};
bindSocket = mkOption {
type = types.string;
default = "unix:/run/rmilter/rmilter.sock";
description = "Socket to listed for MTA requests";
bindUnixSockets = mkOption {
type = types.listOf types.str;
default = ["/run/rmilter.sock"];
description = ''
Unix domain sockets to listen for MTA requests.
'';
example = ''
"unix:/run/rmilter/rmilter.sock" or
"inet:11990@127.0.0.1"
'';
[ "/run/rmilter.sock"]
'';
};
bindInetSockets = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Inet addresses to listen (in format accepted by systemd.socket)
'';
example = ''
["127.0.0.1:11990"]
'';
};
socketActivation = mkOption {
type = types.bool;
default = true;
description = ''
Enable systemd socket activation for rmilter.
(disabling socket activation not recommended
when unix socket used, and follow to wrong
permissions on unix domain socket.)
'';
};
rspamd = {
@ -86,7 +114,7 @@ in
servers = mkOption {
type = types.listOf types.str;
default = ["r:0.0.0.0:11333"];
default = ["r:/run/rspamd.sock"];
description = ''
Spamd socket definitions.
Is server name is prefixed with r: it is rspamd server.
@ -129,7 +157,7 @@ in
type = types.str;
description = "Addon to postfix configuration";
default = ''
smtpd_milters = ${cfg.bindSocket}
smtpd_milters = ${head allSockets}
# or for TCP socket
# # smtpd_milters = inet:localhost:9900
milter_protocol = 6
@ -169,21 +197,30 @@ milter_default_action = accept
serviceConfig = {
ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}";
ExecReload = "/bin/kill -USR1 $MAINPID";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
Restart = "always";
RuntimeDirectory = "rmilter";
RuntimeDirectoryPermissions="0755";
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -p /run/rmilter
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter
'';
};
services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
systemd.sockets.rmilter = mkIf cfg.socketActivation {
description = "Rmilter service socket";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets;
SocketUser = cfg.user;
SocketGroup = cfg.group;
SocketMode = "0660";
};
};
services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
users.users.postfix.extraGroups = [ cfg.group ];
};
}

59
nixos/modules/services/mail/rspamd.nix
View File

@ -6,6 +6,35 @@ let
cfg = config.services.rspamd;
mkBindSockets = socks: concatStringsSep "\n" (map (each: " bind_socket = \"${each}\"") socks);
rspamdConf =
''
.include "$CONFDIR/common.conf"
options {
pidfile = "$RUNDIR/rspamd.pid";
.include "$CONFDIR/options.inc"
}
logging {
type = "file";
filename = "$LOGDIR/rspamd.log";
.include "$CONFDIR/logging.inc"
}
worker {
${mkBindSockets cfg.bindSocket}
.include "$CONFDIR/worker-normal.inc"
}
worker {
${mkBindSockets cfg.bindUISocket}
.include "$CONFDIR/worker-controller.inc"
}
'';
rspamdConfFile = pkgs.writeText "rspamd.conf" rspamdConf;
in
{
@ -26,6 +55,32 @@ in
description = "Whether to run the rspamd daemon in debug mode.";
};
bindSocket = mkOption {
type = types.listOf types.str;
default = [
"/run/rspamd.sock mode=0666 owner=${cfg.user}"
];
description = ''
List of sockets to listen, in format acceptable by rspamd
'';
example = ''
bindSocket = [
"/run/rspamd.sock mode=0666 owner=rspamd"
"*:11333"
];
'';
};
bindUISocket = mkOption {
type = types.listOf types.str;
default = [
"localhost:11334"
];
description = ''
List of sockets for web interface, in format acceptable by rspamd
'';
};
user = mkOption {
type = types.string;
default = "rspamd";
@ -62,7 +117,7 @@ in
users.extraGroups = singleton {
name = cfg.group;
gid = config.ids.gids.spamd;
gid = config.ids.gids.rspamd;
};
systemd.services.rspamd = {
@ -72,7 +127,7 @@ in
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f";
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
RuntimeDirectory = "/var/lib/rspamd";
PermissionsStartOnly = true;
Restart = "always";

64
nixos/modules/services/misc/emby.nix Normal file
View File

@ -0,0 +1,64 @@
{ config, pkgs, lib, mono, ... }:
with lib;
let
cfg = config.services.emby;
emby = pkgs.emby;
in
{
options = {
services.emby = {
enable = mkEnableOption "Emby Media Server";
user = mkOption {
type = types.str;
default = "emby";
description = "User account under which Emby runs.";
};
group = mkOption {
type = types.str;
default = "emby";
description = "Group under which emby runs.";
};
};
};
config = mkIf cfg.enable {
systemd.services.emby = {
description = "Emby Media Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
test -d /var/lib/emby/ProgramData-Server || {
echo "Creating initial Emby data directory in /var/lib/emby/ProgramData-Server"
mkdir -p /var/lib/emby/ProgramData-Server
chown -R ${cfg.user}:${cfg.group} /var/lib/emby/ProgramData-Server
}
'';
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = "true";
ExecStart = "${pkgs.mono}/bin/mono ${pkgs.emby}/bin/MediaBrowser.Server.Mono.exe";
Restart = "on-failure";
};
};
users.extraUsers = mkIf (cfg.user == "emby") {
emby = {
group = cfg.group;
uid = config.ids.uids.emby;
};
};
users.extraGroups = mkIf (cfg.group == "emby") {
emby = {
gid = config.ids.gids.emby;
};
};
};
}

18
nixos/modules/services/misc/nix-daemon.nix
View File

@ -6,7 +6,7 @@ let
cfg = config.nix;
nix = cfg.package;
nix = cfg.package.out;
makeNixBuildUser = nr:
{ name = "nixbld${toString nr}";
@ -24,8 +24,8 @@ let
nixConf =
let
# If we're using a chroot for builds, then provide /bin/sh in
# the chroot as a bind-mount to bash. This means we also need to
# If we're using sandbox for builds, then provide /bin/sh in
# the sandbox as a bind-mount to bash. This means we also need to
# include the entire closure of bash.
sh = pkgs.stdenv.shell;
binshDeps = pkgs.writeReferencesToFile sh;
@ -39,8 +39,8 @@ let
build-users-group = nixbld
build-max-jobs = ${toString (cfg.maxJobs)}
build-cores = ${toString (cfg.buildCores)}
build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot}
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox}
build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths)
binary-caches = ${toString cfg.binaryCaches}
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys}
@ -98,25 +98,25 @@ in
'';
};
useChroot = mkOption {
useSandbox = mkOption {
type = types.either types.bool (types.enum ["relaxed"]);
default = false;
description = "
If set, Nix will perform builds in a chroot-environment that it
If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents
impurities in builds by disallowing access to dependencies
outside of the Nix store.
";
};
chrootDirs = mkOption {
sandboxPaths = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev" "/proc" ];
description =
''
Directories from the host filesystem to be included
in the chroot.
in the sandbox.
'';
};

2
nixos/modules/services/misc/nix-gc.nix
View File

@ -52,7 +52,7 @@ in
systemd.services.nix-gc =
{ description = "Nix Garbage Collector";
script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}";
script = "exec ${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}";
startAt = optionalString cfg.automatic cfg.dates;
};

2
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@ -41,7 +41,7 @@ with lib;
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand ${config.nix.package}/bin/nix-store --serve
ForceCommand ${config.nix.package.out}/bin/nix-store --serve
Match All
'';

4
nixos/modules/services/misc/taskserver/default.nix
View File

@ -449,7 +449,7 @@ in {
};
};
})
(mkIf needToCreateCA {
(mkIf (cfg.enable && needToCreateCA) {
systemd.services.taskserver-ca = {
wantedBy = [ "taskserver.service" ];
after = [ "taskserver-init.service" ];
@ -533,7 +533,7 @@ in {
'';
};
})
(mkIf (cfg.listenHost != "localhost") {
(mkIf (cfg.enable && cfg.listenHost != "localhost") {
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
})
{ meta.doc = ./taskserver.xml; }

4
nixos/modules/services/network-filesystems/openafs-client/default.nix
View File

@ -80,7 +80,7 @@ in
preStart = ''
mkdir -p -m 0755 /afs
mkdir -m 0700 -p ${cfg.cacheDirectory}
${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
${pkgs.kmod}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb
${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"}
'';
@ -92,7 +92,7 @@ in
preStop = ''
${pkgs.utillinux}/bin/umount /afs
${openafsPkgs}/sbin/afsd -shutdown
${pkgs.module_init_tools}/sbin/rmmod libafs
${pkgs.kmod}/sbin/rmmod libafs
'';
};
};

54
nixos/modules/services/networking/copy-com.nix
View File

@ -1,54 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.copy-com;
in
{
options = {
services.copy-com = {
enable = mkOption {
default = false;
description = "
Enable the Copy.com client.
NOTE: before enabling the client for the first time, it must be
configured by first running CopyConsole (command line) or CopyAgent
(graphical) as the appropriate user.
";
};
user = mkOption {
description = "The user for which the Copy.com client should be run.";
};
debug = mkOption {
default = false;
description = "Output more (debugging) messages to the console.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.postfix ];
systemd.services."copy-com-${cfg.user}" = {
description = "Copy.com client";
wants = [ "network-online.target" ];
after = [ "network-online.target" "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.copy-com}/bin/CopyConsole ${if cfg.debug then "-consoleOutput -debugToConsole=dirwatch,path-watch,csm_path,csm -debug -console" else ""}";
User = "${cfg.user}";
};
};
};
}

50
nixos/modules/services/networking/logmein-hamachi.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.logmein-hamachi;
in
{
###### interface
options = {
services.logmein-hamachi.enable = mkOption {
type = types.bool;
default = false;
description =
''
Whether to enable LogMeIn Hamachi, a proprietary
(closed source) commercial VPN software.
'';
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.logmein-hamachi = {
description = "LogMeIn Hamachi Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${pkgs.logmein-hamachi}/bin/hamachid";
};
};
environment.systemPackages = [ pkgs.logmein-hamachi ];
};
}

10
nixos/modules/services/networking/mfi.nix
View File

@ -10,6 +10,7 @@ let
{ what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; }
{ what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; }
{ what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; }
{ what = "${cfg.dataDir}"; where = "${stateDir}/data"; }
];
systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
ports = [ 6080 6880 6443 6843 ];
@ -23,6 +24,15 @@ in
default = true;
description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services.";
};
dataDir = mkOption {
type = types.str;
default = "${stateDir}/data";
description = ''
Where to store the database and other data.
This directory will be bind-mounted to ${stateDir}/data as part of the service startup.
'';
};
};
};

2
nixos/modules/services/networking/nix-serve.nix
View File

@ -50,7 +50,7 @@ in
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ config.nix.package pkgs.bzip2.bin ];
path = [ config.nix.package.out pkgs.bzip2.bin ];
environment.NIX_REMOTE = "daemon";
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;

2
nixos/modules/services/networking/quassel.nix
View File

@ -3,7 +3,7 @@
with lib;
let
quassel = pkgs.quasselDaemon_qt5;
quassel = pkgs.kde4.quasselDaemon;
cfg = config.services.quassel;
user = if cfg.user != null then cfg.user else "quassel";
in

16
nixos/modules/services/networking/unifi.nix
View File

@ -17,6 +17,10 @@ let
what = "${pkgs.mongodb}/bin";
where = "${stateDir}/bin";
}
{
what = "${cfg.dataDir}";
where = "${stateDir}/data";
}
];
systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
in
@ -32,6 +36,16 @@ in
'';
};
services.unifi.dataDir = mkOption {
type = types.str;
default = "${stateDir}/data";
description = ''
Where to store the database and other data.
This directory will be bind-mounted to ${stateDir}/data as part of the service startup.
'';
};
};
config = mkIf cfg.enable {
@ -62,7 +76,7 @@ in
bindsTo = systemdMountPoints;
unitConfig.RequiresMountsFor = stateDir;
# This a HACK to fix missing dependencies of dynamic libs extracted from jars
environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc}/lib";
environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib";
preStart = ''
# Ensure privacy of state

102
nixos/modules/services/networking/zerobin.nix Normal file
View File

@ -0,0 +1,102 @@
{ config, pkgs, lib, nodes, ... }:
with lib;
let
cfg = config.services.zerobin;
zerobin_config = pkgs.writeText "zerobin-config.py" ''
PASTE_FILES_ROOT = "${cfg.dataDir}"
${cfg.extraConfig}
'';
in
{
options = {
services.zerobin = {
enable = mkEnableOption "0bin";
dataDir = mkOption {
type = types.str;
default = "/var/lib/zerobin";
description = ''
Path to the 0bin data directory
'';
};
user = mkOption {
type = types.str;
default = "zerobin";
description = ''
The user 0bin should run as
'';
};
group = mkOption {
type = types.str;
default = "zerobin";
description = ''
The group 0bin should run as
'';
};
listenPort = mkOption {
type = types.int;
default = 8000;
example = 1357;
description = ''
The port zerobin should listen on
'';
};
listenAddress = mkOption {
type = types.str;
default = "localhost";
example = "127.0.0.1";
description = ''
The address zerobin should listen to
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
MENU = (
('Home', '/'),
)
COMPRESSED_STATIC_FILE = True
'';
description = ''
Extra configuration to be appended to the 0bin config file
(see https://0bin.readthedocs.org/en/latest/en/options.html)
'';
};
};
};
config = mkIf (cfg.enable) {
users.users."${cfg.user}" =
if cfg.user == "zerobin" then {
isSystemUser = true;
group = cfg.group;
home = cfg.dataDir;
createHome = true;
}
else {};
users.groups."${cfg.group}" = {};
systemd.services.zerobin = {
enable = true;
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.pythonPackages.zerobin}/bin/zerobin ${cfg.listenAddress} ${toString cfg.listenPort} false ${cfg.user} ${cfg.group} ${zerobin_config}";
serviceConfig.PrivateTmp="yes";
serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group;
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${cfg.user} ${cfg.dataDir}
'';
};
};
}

1
nixos/modules/services/search/elasticsearch.nix
View File

@ -145,6 +145,7 @@ in {
# Install plugins
ln -sfT ${esPlugins}/plugins ${cfg.dataDir}/plugins
ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib
ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules
if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi
'';
postStart = mkBefore ''

28
nixos/modules/services/security/fail2ban.nix
View File

@ -99,34 +99,32 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
partOf = optional config.networking.firewall.enable "firewall.service";
restartTriggers = [ fail2banConf jailConf ];
path = [ pkgs.fail2ban pkgs.iptables ];
preStart =
''
mkdir -p /run/fail2ban -m 0755
mkdir -p /var/lib/fail2ban
'';
unitConfig.Documentation = "man:fail2ban(1)";
serviceConfig =
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
{ Type = "forking";
ExecStart = "${pkgs.fail2ban}/bin/fail2ban-client -x start";
ExecStop = "${pkgs.fail2ban}/bin/fail2ban-client stop";
ExecReload = "${pkgs.fail2ban}/bin/fail2ban-client reload";
PIDFile = "/run/fail2ban/fail2ban.pid";
Restart = "always";
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/run /var/tmp /var/lib";
ReadWriteDirectories = "/run/fail2ban /var/tmp /var/lib";
PrivateTmp = "true";
RuntimeDirectory = "fail2ban";
CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW";
};
postStart =
''
# Wait for the server to start listening.
for ((n = 0; n < 20; n++)); do
if fail2ban-client ping; then break; fi
sleep 0.5
done
# Reload its configuration.
fail2ban-client reload
'';
};
# Add some reasonable default jails. The special "DEFAULT" jail

2
nixos/modules/services/system/dbus.nix
View File

@ -121,7 +121,7 @@ in
security.setuidOwners = singleton
{ program = "dbus-daemon-launch-helper";
source = "${pkgs.dbus_daemon.lib}/libexec/dbus-daemon-launch-helper";
source = "${pkgs.dbus_daemon.out}/libexec/dbus-daemon-launch-helper";
owner = "root";
group = "messagebus";
setuid = true;

10
nixos/modules/services/system/kerberos.nix
View File

@ -4,7 +4,7 @@ let
inherit (lib) mkOption mkIf singleton;
inherit (pkgs) heimdal;
inherit (pkgs) heimdalFull;
stateDir = "/var/heimdal";
in
@ -33,7 +33,7 @@ in
config = mkIf config.services.kerberos_server.enable {
environment.systemPackages = [ heimdal ];
environment.systemPackages = [ heimdalFull ];
services.xinetd.enable = true;
services.xinetd.services = lib.singleton
@ -42,7 +42,7 @@ in
protocol = "tcp";
user = "root";
server = "${pkgs.tcp_wrappers}/sbin/tcpd";
serverArgs = "${pkgs.heimdal}/sbin/kadmind";
serverArgs = "${pkgs.heimdalFull}/sbin/kadmind";
};
systemd.services.kdc = {
@ -51,13 +51,13 @@ in
preStart = ''
mkdir -m 0755 -p ${stateDir}
'';
script = "${heimdal}/sbin/kdc";
script = "${heimdalFull}/sbin/kdc";
};
systemd.services.kpasswdd = {
description = "Kerberos Password Changing daemon";
wantedBy = [ "multi-user.target" ];
script = "${heimdal}/sbin/kpasswdd";
script = "${heimdalFull}/sbin/kpasswdd";
};
};

2
nixos/modules/services/torrent/transmission.nix
View File

@ -124,7 +124,7 @@ in
${pkgs.xz.out}/lib/liblzma*.so* mr,
${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr,
${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr,
${pkgs.libnghttp2.out}/lib/libnghttp2*.so* mr,
${pkgs.nghttp2.lib}/lib/libnghttp2*.so* mr,
${pkgs.c-ares.out}/lib/libcares*.so* mr,
${pkgs.libcap.out}/lib/libcap*.so* mr,
${pkgs.attr.out}/lib/libattr*.so* mr,

2
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -165,6 +165,8 @@ in {
'';
};
services.xserver.updateDbusEnvironment = true;
environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules"
"${gnome3.glib_networking.out}/lib/gio/modules"
"${gnome3.gvfs}/lib/gio/modules" ];

24
nixos/modules/services/x11/desktop-managers/kde5.nix
View File

@ -62,17 +62,25 @@ in
${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
''}
exec startkde
exec "${kde5.startkde}"
'';
};
security.setuidOwners = singleton {
program = "kcheckpass";
source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass";
owner = "root";
group = "root";
setuid = true;
};
security.setuidOwners = [
{
program = "kcheckpass";
source = "${kde5.plasma-workspace}/lib/libexec/kcheckpass";
owner = "root";
setuid = true;
}
{
program = "start_kdeinit_wrapper";
source = "${kde5.plasma-workspace}/lib/libexec/kf5/start_kdeinit_wrapper";
owner = "root";
setuid = true;
}
];
environment.systemPackages =
[

5
nixos/modules/services/x11/desktop-managers/xfce.nix
View File

@ -42,10 +42,13 @@ in
# Set GTK_DATA_PREFIX so that GTK+ can find the Xfce themes.
export GTK_DATA_PREFIX=${config.system.path}
exec ${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc}
${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc} &
waitPID=$!
'';
};
services.xserver.updateDbusEnvironment = true;
environment.systemPackages =
[ pkgs.gtk # To get GTK+'s themes.
pkgs.hicolor_icon_theme

8
nixos/modules/services/x11/display-managers/default.nix
View File

@ -126,6 +126,14 @@ let
(*) echo "$0: Desktop manager '$desktopManager' not found.";;
esac
${optionalString (cfg.startDbusSession && cfg.updateDbusEnvironment) ''
${pkgs.glib}/bin/gdbus call --session \
--dest org.freedesktop.DBus --object-path /org/freedesktop/DBus \
--method org.freedesktop.DBus.UpdateActivationEnvironment \
"{$(env | ${pkgs.gnused}/bin/sed "s/'/\\\\'/g; s/\([^=]*\)=\(.*\)/'\1':'\2'/" \
| ${pkgs.coreutils}/bin/paste -sd,)}"
''}
test -n "$waitPID" && wait "$waitPID"
exit 0
'';

10
nixos/modules/services/x11/redshift.nix
View File

@ -94,11 +94,9 @@ in {
};
config = mkIf cfg.enable {
systemd.services.redshift = {
systemd.user.services.redshift = {
description = "Redshift colour temperature adjuster";
requires = [ "display-manager.service" ];
after = [ "display-manager.service" ];
wantedBy = [ "graphical.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/redshift \
@ -107,10 +105,10 @@ in {
-b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \
${lib.strings.concatStringsSep " " cfg.extraOptions}
'';
RestartSec = 3;
RestartSec = 3;
Restart = "always";
};
environment = { DISPLAY = ":0"; };
serviceConfig.Restart = "always";
};
};

9
nixos/modules/services/x11/xserver.nix
View File

@ -233,6 +233,15 @@ in
'';
};
updateDbusEnvironment = mkOption {
type = types.bool;
default = false;
description = ''
Whether to update the DBus activation environment after launching the
desktop manager.
'';
};
layout = mkOption {
type = types.str;
default = "us";

2
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -499,7 +499,7 @@ in
}
] ++ flip map args.devices (device: {
assertion = device == "nodev" || hasPrefix "/" device;
message = "GRUB devices must be absolute paths, not ${dev} in ${args.path}";
message = "GRUB devices must be absolute paths, not ${device} in ${args.path}";
}));
})

2
nixos/modules/system/boot/loader/gummiboot/gummiboot.nix
View File

@ -14,7 +14,7 @@ let
inherit (pkgs) python gummiboot;
nix = config.nix.package;
nix = config.nix.package.out;
timeout = if cfg.timeout != null then cfg.timeout else "";

2
nixos/modules/system/etc/etc.nix
View File

@ -36,7 +36,7 @@ in
type = types.loaOf types.optionSet;
default = {};
example = literalExample ''
{ hosts =
{ example-configuration-file =
{ source = "/nix/store/.../etc/dir/file.conf.example";
mode = "0440";
};

10
nixos/modules/tasks/network-interfaces.nix
View File

@ -523,7 +523,7 @@ in
networking.bonds = mkOption {
default = { };
example = {
example = literalExample {
bond0 = {
interfaces = [ "eth0" "wlan0" ];
miimon = 100;
@ -598,7 +598,7 @@ in
networking.macvlans = mkOption {
type = types.attrsOf types.optionSet;
default = { };
example = {
example = literalExample {
wan = {
interface = "enp2s0";
mode = "vepa";
@ -629,7 +629,7 @@ in
networking.sits = mkOption {
type = types.attrsOf types.optionSet;
default = { };
example = {
example = literalExample {
hurricane = {
remote = "10.0.0.1";
local = "10.0.0.22";
@ -688,7 +688,7 @@ in
networking.vlans = mkOption {
default = { };
example = {
example = literalExample {
vlan0 = {
id = 3;
interface = "enp3s0";
@ -727,7 +727,7 @@ in
networking.wlanInterfaces = mkOption {
default = { };
example = {
example = literalExample {
"wlan-station0" = {
device = "wlp6s0";
};

2
nixos/modules/virtualisation/amazon-init.nix
View File

@ -8,7 +8,7 @@ let
echo "attempting to fetch configuration from EC2 user data..."
export PATH=${config.nix.package}/bin:${pkgs.systemd}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${config.system.build.nixos-rebuild}/bin:$PATH
export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild]}:$PATH
export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
userData=/etc/ec2-metadata/user-data

4
nixos/modules/virtualisation/azure-image.nix
View File

@ -62,10 +62,10 @@ in
echo Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
echo Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group ""
echo nixos-rebuild requires an /etc/NIXOS.

4
nixos/modules/virtualisation/brightbox-image.nix
View File

@ -62,10 +62,10 @@ in
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
--option build-users-group ""

343
nixos/modules/virtualisation/containers.nix
View File

@ -28,14 +28,23 @@ let
# Initialise the container side of the veth pair.
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link set host0 name eth0
ip link set dev eth0 up
if [ -n "$LOCAL_ADDRESS" ]; then
ip addr add $LOCAL_ADDRESS dev eth0
fi
if [ -n "$LOCAL_ADDRESS6" ]; then
ip -6 addr add $LOCAL_ADDRESS6 dev eth0
fi
if [ -n "$HOST_ADDRESS" ]; then
ip route add $HOST_ADDRESS dev eth0
ip route add default via $HOST_ADDRESS
fi
if [ -n "$LOCAL_ADDRESS" ]; then
ip addr add $LOCAL_ADDRESS dev eth0
if [ -n "$HOST_ADDRESS6" ]; then
ip -6 route add $HOST_ADDRESS6 dev eth0
ip -6 route add default via $HOST_ADDRESS6
fi
fi
@ -48,7 +57,7 @@ let
system = config.nixpkgs.system;
bindMountOpts = { name, config, ... }: {
options = {
mountPoint = mkOption {
example = "/mnt/usb";
@ -68,13 +77,13 @@ let
description = "Determine whether the mounted path will be accessed in read-only mode.";
};
};
config = {
mountPoint = mkDefault name;
};
};
mkBindFlag = d:
let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}";
@ -142,12 +151,33 @@ in
'';
};
hostBridge = mkOption {
type = types.nullOr types.string;
default = null;
example = "br0";
description = ''
Put the host-side of the veth-pair into the named bridge.
Only one of hostAddress* or hostBridge can be given.
'';
};
hostAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "10.231.136.1";
description = ''
The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
'';
};
hostAddress6 = mkOption {
type = types.nullOr types.string;
default = null;
example = "fc00::1";
description = ''
The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
'';
};
@ -161,6 +191,16 @@ in
'';
};
localAddress6 = mkOption {
type = types.nullOr types.string;
default = null;
example = "fc00::2";
description = ''
The IPv6 address assigned to <literal>eth0</literal>
in the container.
'';
};
interfaces = mkOption {
type = types.listOf types.string;
default = [];
@ -185,7 +225,7 @@ in
example = { "/home" = { hostPath = "/home/alice";
isReadOnly = false; };
};
description =
''
An extra list of directories that is bound to the container.
@ -238,154 +278,180 @@ in
};
config = mkIf (config.boot.enableContainers) {
config = mkIf (config.boot.enableContainers) (let
systemd.services."container@" =
{ description = "Container '%i'";
unit = {
description = "Container '%i'";
unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
path = [ pkgs.iproute ];
path = [ pkgs.iproute ];
environment.INSTANCE = "%i";
environment.root = "/var/lib/containers/%i";
environment.INSTANCE = "%i";
environment.root = "/var/lib/containers/%i";
preStart =
''
# Clean up existing machined registration and interfaces.
machinectl terminate "$INSTANCE" 2> /dev/null || true
preStart =
''
# Clean up existing machined registration and interfaces.
machinectl terminate "$INSTANCE" 2> /dev/null || true
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
ip link del dev "vb-$INSTANCE" 2> /dev/null || true
fi
'';
script =
''
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers
if ! [ -e "$root/etc/os-release" ]; then
touch "$root/etc/os-release"
fi
mkdir -p -m 0755 \
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf"
if [ "$PRIVATE_NETWORK" = 1 ]; then
extraFlags+=" --network-veth"
if [ -n "$HOST_BRIDGE" ]; then
extraFlags+=" --network-bridge=$HOST_BRIDGE"
fi
fi
for iface in $INTERFACES; do
extraFlags+=" --network-interface=$iface"
done
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
for iface in $MACVLANS; do
extraFlags+=" --network-macvlan=$iface"
done
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
'';
script =
''
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers
if ! [ -e "$root/etc/os-release" ]; then
touch "$root/etc/os-release"
fi
mkdir -p -m 0755 \
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf"
if [ "$PRIVATE_NETWORK" = 1 ]; then
extraFlags+=" --network-veth"
fi
for iface in $INTERFACES; do
extraFlags+=" --network-interface=$iface"
done
for iface in $MACVLANS; do
extraFlags+=" --network-macvlan=$iface"
done
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
''}
''}
# Run systemd-nspawn without startup notification (we'll
# wait for the container systemd to signal readiness).
EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
exec ${config.systemd.package}/bin/systemd-nspawn \
--keep-unit \
-M "$INSTANCE" -D "$root" $extraFlags \
$EXTRA_NSPAWN_FLAGS \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind=/run/systemd/notify:/var/lib/private/host-notify \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
--setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
--setenv HOST_ADDRESS="$HOST_ADDRESS" \
--setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \
--setenv PATH="$PATH" \
${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
'';
# Run systemd-nspawn without startup notification (we'll
# wait for the container systemd to signal readiness).
EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
exec ${config.systemd.package}/bin/systemd-nspawn \
--keep-unit \
-M "$INSTANCE" -D "$root" $extraFlags \
$EXTRA_NSPAWN_FLAGS \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind=/run/systemd/notify:/var/lib/private/host-notify \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
--setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
--setenv HOST_BRIDGE="$HOST_BRIDGE" \
--setenv HOST_ADDRESS="$HOST_ADDRESS" \
--setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \
--setenv HOST_ADDRESS6="$HOST_ADDRESS6" \
--setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \
--setenv PATH="$PATH" \
${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
'';
postStart =
''
if [ "$PRIVATE_NETWORK" = 1 ]; then
postStart =
''
if [ "$PRIVATE_NETWORK" = 1 ]; then
if [ -z "$HOST_BRIDGE" ]; then
ifaceHost=ve-$INSTANCE
ip link set dev $ifaceHost up
if [ -n "$HOST_ADDRESS" ]; then
ip addr add $HOST_ADDRESS dev $ifaceHost
fi
if [ -n "$HOST_ADDRESS6" ]; then
ip -6 addr add $HOST_ADDRESS6 dev $ifaceHost
fi
if [ -n "$LOCAL_ADDRESS" ]; then
ip route add $LOCAL_ADDRESS dev $ifaceHost
fi
if [ -n "$LOCAL_ADDRESS6" ]; then
ip -6 route add $LOCAL_ADDRESS6 dev $ifaceHost
fi
fi
fi
# Get the leader PID so that we can signal it in
# preStop. We can't use machinectl there because D-Bus
# might be shutting down. FIXME: in systemd 219 we can
# just signal systemd-nspawn to do a clean shutdown.
machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid"
'';
# Get the leader PID so that we can signal it in
# preStop. We can't use machinectl there because D-Bus
# might be shutting down. FIXME: in systemd 219 we can
# just signal systemd-nspawn to do a clean shutdown.
machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid"
'';
preStop =
preStop =
''
pid="$(cat /run/containers/$INSTANCE.pid)"
if [ -n "$pid" ]; then
kill -RTMIN+4 "$pid"
fi
rm -f "/run/containers/$INSTANCE.pid"
'';
restartIfChanged = false;
serviceConfig = {
ExecReload = pkgs.writeScript "reload-container"
''
pid="$(cat /run/containers/$INSTANCE.pid)"
if [ -n "$pid" ]; then
kill -RTMIN+4 "$pid"
fi
rm -f "/run/containers/$INSTANCE.pid"
#! ${pkgs.stdenv.shell} -e
${nixos-container}/bin/nixos-container run "$INSTANCE" -- \
bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
'';
restartIfChanged = false;
#reloadIfChanged = true; # FIXME
SyslogIdentifier = "container %i";
serviceConfig = {
ExecReload = pkgs.writeScript "reload-container"
''
#! ${pkgs.stdenv.shell} -e
${nixos-container}/bin/nixos-container run "$INSTANCE" -- \
bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
'';
EnvironmentFile = "-/etc/containers/%i.conf";
SyslogIdentifier = "container %i";
Type = "notify";
EnvironmentFile = "-/etc/containers/%i.conf";
NotifyAccess = "all";
Type = "notify";
# Note that on reboot, systemd-nspawn returns 133, so this
# unit will be restarted. On poweroff, it returns 0, so the
# unit won't be restarted.
RestartForceExitStatus = "133";
SuccessExitStatus = "133";
NotifyAccess = "all";
Restart = "on-failure";
# Note that on reboot, systemd-nspawn returns 133, so this
# unit will be restarted. On poweroff, it returns 0, so the
# unit won't be restarted.
RestartForceExitStatus = "133";
SuccessExitStatus = "133";
Restart = "on-failure";
# Hack: we don't want to kill systemd-nspawn, since we call
# "machinectl poweroff" in preStop to shut down the
# container cleanly. But systemd requires sending a signal
# (at least if we want remaining processes to be killed
# after the timeout). So send an ignored signal.
KillMode = "mixed";
KillSignal = "WINCH";
};
# Hack: we don't want to kill systemd-nspawn, since we call
# "machinectl poweroff" in preStop to shut down the
# container cleanly. But systemd requires sending a signal
# (at least if we want remaining processes to be killed
# after the timeout). So send an ignored signal.
KillMode = "mixed";
KillSignal = "WINCH";
};
};
in {
systemd.services = listToAttrs (filter (x: x.value != null) (
# The generic container template used by imperative containers
[{ name = "container@"; value = unit; }]
# declarative containers
++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" (
if cfg.autoStart then
unit // {
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
after = [ "network.target" ];
restartTriggers = [ cfg.path ];
reloadIfChanged = true;
}
else null
)) config.containers)
));
# Generate a configuration file in /etc/containers for each
# container so that container@.target can get the container
@ -396,12 +462,21 @@ in
SYSTEM_PATH=${cfg.path}
${optionalString cfg.privateNetwork ''
PRIVATE_NETWORK=1
${optionalString (cfg.hostBridge != null) ''
HOST_BRIDGE=${cfg.hostBridge}
''}
${optionalString (cfg.hostAddress != null) ''
HOST_ADDRESS=${cfg.hostAddress}
''}
${optionalString (cfg.hostAddress6 != null) ''
HOST_ADDRESS6=${cfg.hostAddress6}
''}
${optionalString (cfg.localAddress != null) ''
LOCAL_ADDRESS=${cfg.localAddress}
''}
${optionalString (cfg.localAddress6 != null) ''
LOCAL_ADDRESS6=${cfg.localAddress6}
''}
''}
INTERFACES="${toString cfg.interfaces}"
${optionalString cfg.autoStart ''
@ -420,31 +495,5 @@ in
networking.dhcpcd.denyInterfaces = [ "ve-*" ];
environment.systemPackages = [ nixos-container ];
# Start containers at boot time.
systemd.services.all-containers =
{ description = "All Containers";
wantedBy = [ "multi-user.target" ];
unitConfig.ConditionDirectoryNotEmpty = "/etc/containers";
serviceConfig.Type = "oneshot";
script =
''
res=0
shopt -s nullglob
for i in /etc/containers/*.conf; do
AUTO_START=
source "$i"
if [ "$AUTO_START" = 1 ]; then
systemctl start "container@$(basename "$i" .conf).service" || res=1
fi
done
exit $res
''; # */
};
};
});
}

72
nixos/modules/virtualisation/ec2-amis.nix
View File

@ -90,40 +90,40 @@
"15.09".us-west-2.pv-ebs = "ami-005fb160";
"15.09".us-west-2.pv-s3 = "ami-cd55bbad";
"16.03".ap-northeast-1.hvm-ebs = "ami-885040e6";
"16.03".ap-northeast-1.hvm-s3 = "ami-d15a4abf";
"16.03".ap-northeast-1.pv-ebs = "ami-7f455511";
"16.03".ap-northeast-1.pv-s3 = "ami-6d7d6d03";
"16.03".ap-southeast-1.hvm-ebs = "ami-478a5f24";
"16.03".ap-southeast-1.hvm-s3 = "ami-b2885dd1";
"16.03".ap-southeast-1.pv-ebs = "ami-55b46136";
"16.03".ap-southeast-1.pv-s3 = "ami-92b762f1";
"16.03".ap-southeast-2.hvm-ebs = "ami-26b09345";
"16.03".ap-southeast-2.hvm-s3 = "ami-52ac8f31";
"16.03".ap-southeast-2.pv-ebs = "ami-1fb3907c";
"16.03".ap-southeast-2.pv-s3 = "ami-49b1922a";
"16.03".eu-central-1.hvm-ebs = "ami-2bd63744";
"16.03".eu-central-1.hvm-s3 = "ami-82d435ed";
"16.03".eu-central-1.pv-ebs = "ami-b729c8d8";
"16.03".eu-central-1.pv-s3 = "ami-a12dccce";
"16.03".eu-west-1.hvm-ebs = "ami-87c242f4";
"16.03".eu-west-1.hvm-s3 = "ami-b6c343c5";
"16.03".eu-west-1.pv-ebs = "ami-6bc94918";
"16.03".eu-west-1.pv-s3 = "ami-00cb4b73";
"16.03".sa-east-1.hvm-ebs = "ami-845cd3e8";
"16.03".sa-east-1.hvm-s3 = "ami-8142cded";
"16.03".sa-east-1.pv-ebs = "ami-1643cc7a";
"16.03".sa-east-1.pv-s3 = "ami-1646c97a";
"16.03".us-east-1.hvm-ebs = "ami-2cc4d046";
"16.03".us-east-1.hvm-s3 = "ami-9bc9ddf1";
"16.03".us-east-1.pv-ebs = "ami-7df4e017";
"16.03".us-east-1.pv-s3 = "ami-90f2e6fa";
"16.03".us-west-1.hvm-ebs = "ami-d8116db8";
"16.03".us-west-1.hvm-s3 = "ami-a7166ac7";
"16.03".us-west-1.pv-ebs = "ami-e90c7089";
"16.03".us-west-1.pv-s3 = "ami-5b0c703b";
"16.03".us-west-2.hvm-ebs = "ami-b339ccd3";
"16.03".us-west-2.hvm-s3 = "ami-2c3bce4c";
"16.03".us-west-2.pv-ebs = "ami-0625d066";
"16.03".us-west-2.pv-s3 = "ami-7414e114";
"16.03".ap-northeast-1.hvm-ebs = "ami-b6edf5d8";
"16.03".ap-northeast-1.hvm-s3 = "ami-b1e3fbdf";
"16.03".ap-northeast-1.pv-ebs = "ami-6190880f";
"16.03".ap-northeast-1.pv-s3 = "ami-908d95fe";
"16.03".ap-southeast-1.hvm-ebs = "ami-35b16656";
"16.03".ap-southeast-1.hvm-s3 = "ami-41be6922";
"16.03".ap-southeast-1.pv-ebs = "ami-4cb96e2f";
"16.03".ap-southeast-1.pv-s3 = "ami-3bb96e58";
"16.03".ap-southeast-2.hvm-ebs = "ami-debc91bd";
"16.03".ap-southeast-2.hvm-s3 = "ami-55bc9136";
"16.03".ap-southeast-2.pv-ebs = "ami-b38ba6d0";
"16.03".ap-southeast-2.pv-s3 = "ami-9e8ba6fd";
"16.03".eu-central-1.hvm-ebs = "ami-7c967413";
"16.03".eu-central-1.hvm-s3 = "ami-b29072dd";
"16.03".eu-central-1.pv-ebs = "ami-7a947615";
"16.03".eu-central-1.pv-s3 = "ami-729b791d";
"16.03".eu-west-1.hvm-ebs = "ami-ff27a98c";
"16.03".eu-west-1.hvm-s3 = "ami-6c21af1f";
"16.03".eu-west-1.pv-ebs = "ami-a33cb2d0";
"16.03".eu-west-1.pv-s3 = "ami-ec38b69f";
"16.03".sa-east-1.hvm-ebs = "ami-5bef6637";
"16.03".sa-east-1.hvm-s3 = "ami-55f87139";
"16.03".sa-east-1.pv-ebs = "ami-76e56c1a";
"16.03".sa-east-1.pv-s3 = "ami-e1f8718d";
"16.03".us-east-1.hvm-ebs = "ami-4bfd1926";
"16.03".us-east-1.hvm-s3 = "ami-60c5210d";
"16.03".us-east-1.pv-ebs = "ami-c0c92dad";
"16.03".us-east-1.pv-s3 = "ami-f9d63294";
"16.03".us-west-1.hvm-ebs = "ami-13aad473";
"16.03".us-west-1.hvm-s3 = "ami-e1a8d681";
"16.03".us-west-1.pv-ebs = "ami-c0a6d8a0";
"16.03".us-west-1.pv-s3 = "ami-6aa9d70a";
"16.03".us-west-2.hvm-ebs = "ami-265dad46";
"16.03".us-west-2.hvm-s3 = "ami-cd40b0ad";
"16.03".us-west-2.pv-ebs = "ami-7b4aba1b";
"16.03".us-west-2.pv-s3 = "ami-0849b968";
}

4
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -66,10 +66,10 @@ in
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
--option build-users-group ""

12
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -149,11 +149,11 @@ let
${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot
# Mount /boot; load necessary modules first.
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true
mkdir /boot
mount /dev/vda2 /boot
@ -403,7 +403,7 @@ in
boot.postBootCommands =
''
if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
${config.nix.package}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
${config.nix.package.out}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
fi
'';

5
nixos/release-combined.nix
View File

@ -48,7 +48,7 @@ in rec {
nixos.ova.x86_64-linux
#(all nixos.tests.containers)
#(all nixos.tests.chromium.stable)
(all nixos.tests.chromium.stable)
(all nixos.tests.firefox)
(all nixos.tests.firewall)
nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux
@ -64,6 +64,9 @@ in rec {
(all nixos.tests.installer.btrfsSubvols)
(all nixos.tests.installer.btrfsSubvolDefault)
(all nixos.tests.boot.biosCdrom)
(all nixos.tests.boot.biosUsb)
(all nixos.tests.boot.uefiCdrom)
(all nixos.tests.boot.uefiUsb)
(all nixos.tests.ipv6)
(all nixos.tests.kde4)
#(all nixos.tests.lightdm)

3
nixos/release-small.nix
View File

@ -31,7 +31,8 @@ in rec {
inherit (nixos') channel manual iso_minimal dummy;
tests = {
inherit (nixos'.tests)
containers
containers-imperative
containers-ipv4
firewall
ipv6
login

18
nixos/release.nix
View File

@ -103,6 +103,19 @@ in rec {
# Build the initial ramdisk so Hydra can keep track of its size over time.
initialRamdisk = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.initialRamdisk);
netboot.x86_64-linux = let build = (import lib/eval-config.nix {
system = "x86_64-linux";
modules = [
./modules/installer/netboot/netboot-minimal.nix
versionModule
];
}).config.system.build;
in
pkgs.symlinkJoin {name="netboot"; paths=[
build.netbootRamdisk
build.kernel
build.netbootIpxeScript
];};
iso_minimal = forAllSystems (system: makeIso {
module = ./modules/installer/cd-dvd/installation-cd-minimal.nix;
@ -199,7 +212,10 @@ in rec {
tests.cadvisor = hydraJob (import tests/cadvisor.nix { system = "x86_64-linux"; });
tests.chromium = callSubTests tests/chromium.nix {};
tests.cjdns = callTest tests/cjdns.nix {};
tests.containers = callTest tests/containers.nix {};
tests.containers-ipv4 = callTest tests/containers-ipv4.nix {};
tests.containers-ipv6 = callTest tests/containers-ipv6.nix {};
tests.containers-bridge = callTest tests/containers-bridge.nix {};
tests.containers-imperative = callTest tests/containers-imperative.nix {};
tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; });
tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; });
tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; };

40
nixos/tests/boot.nix
View File

@ -44,5 +44,41 @@ in {
usb => glob("${iso}/iso/*.iso"),
bios => '${pkgs.OVMF}/FV/OVMF.fd'
'';
}
netboot = let
config = (import ../lib/eval-config.nix {
inherit system;
modules =
[ ../modules/installer/netboot/netboot.nix
../modules/testing/test-instrumentation.nix
{ key = "serial"; }
];
}).config;
ipxeScriptDir = pkgs.writeTextFile {
name = "ipxeScriptDir";
text = ''
#!ipxe
dhcp
kernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} console=ttyS0
initrd initrd
boot
'';
destination = "/boot.ipxe";
};
ipxeBootDir = pkgs.symlinkJoin "ipxeBootDir" [
config.system.build.netbootRamdisk
config.system.build.kernel
ipxeScriptDir
];
in
makeTest {
name = "boot-netboot";
nodes = { };
testScript =
''
my $machine = createMachine({ qemuFlags => '-boot order=n -net nic,model=e1000 -net user,tftp=${ipxeBootDir}/,bootfile=boot.ipxe -m 2000M' });
$machine->start;
$machine->waitForUnit("multi-user.target");
$machine->shutdown;
'';
};
}

81
nixos/tests/containers-bridge.nix Normal file
View File

@ -0,0 +1,81 @@
# Test for NixOS' container support.
let
hostIp = "192.168.0.1";
containerIp = "192.168.0.100/24";
hostIp6 = "fc00::1";
containerIp6 = "fc00::2/7";
in
import ./make-test.nix ({ pkgs, ...} : {
name = "containers-bridge";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
networking.bridges = {
br0 = {
interfaces = [];
};
};
networking.interfaces = {
br0 = {
ip4 = [{ address = hostIp; prefixLength = 24; }];
ip6 = [{ address = hostIp6; prefixLength = 7; }];
};
};
containers.webserver =
{
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
localAddress = containerIp;
localAddress6 = containerIp6;
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->waitForUnit("default.target");
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container status webserver") =~ /up/ or die;
"${containerIp}" =~ /([^\/]+)\/([0-9+])/;
my $ip = $1;
chomp $ip;
$machine->succeed("ping -n -c 1 $ip");
$machine->succeed("curl --fail http://$ip/ > /dev/null");
"${containerIp6}" =~ /([^\/]+)\/([0-9+])/;
my $ip6 = $1;
chomp $ip6;
$machine->succeed("ping6 -n -c 1 $ip6");
$machine->succeed("curl --fail http://[$ip6]/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
$machine->fail("curl --fail --connect-timeout 2 http://[$ip6]/ > /dev/null");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

34
nixos/tests/containers.nix → nixos/tests/containers-imperative.nix
View File

@ -1,7 +1,7 @@
# Test for NixOS' container support.
import ./make-test.nix ({ pkgs, ...} : {
name = "containers";
name = "containers-imperative";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
@ -11,40 +11,11 @@ import ./make-test.nix ({ pkgs, ...} : {
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = $machine->succeed("nixos-container show-ip webserver");
chomp $ip;
#$machine->succeed("ping -c1 $ip"); # FIXME
$machine->succeed("curl --fail http://$ip/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
# Make sure we have a NixOS tree (required by nixos-container create).
$machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2");
@ -111,9 +82,6 @@ import ./make-test.nix ({ pkgs, ...} : {
# Ensure that the container path is gone
"test ! -e /var/lib/containers/$id1"
);
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

55
nixos/tests/containers-ipv4.nix Normal file
View File

@ -0,0 +1,55 @@
# Test for NixOS' container support.
import ./make-test.nix ({ pkgs, ...} : {
name = "containers-ipv4";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# wait two seconds for the container to start and the network to be up
sleep 2;
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = $machine->succeed("nixos-container show-ip webserver");
chomp $ip;
$machine->succeed("ping -n -c1 $ip");
$machine->succeed("curl --fail http://$ip/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

61
nixos/tests/containers-ipv6.nix Normal file
View File

@ -0,0 +1,61 @@
# Test for NixOS' container support.
let
hostIp = "fc00::2";
localIp = "fc00::1";
in
import ./make-test.nix ({ pkgs, ...} : {
name = "containers-ipv6";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress6 = hostIp;
localAddress6 = localIp;
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->waitForUnit("default.target");
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# wait two seconds for the container to start and the network to be up
sleep 2;
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = "${localIp}";
chomp $ip;
$machine->succeed("ping6 -n -c 1 $ip");
$machine->succeed("curl --fail http://[$ip]/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://[$ip]/ > /dev/null");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

2
nixos/tests/printing.nix
View File

@ -62,7 +62,7 @@ import ./make-test.nix ({pkgs, ... }: {
# Test printing various file types.
foreach my $file ("${pkgs.groff.doc}/share/doc/*/examples/mom/penguin.pdf",
"${pkgs.groff.doc}/share/doc/*/meref.ps",
"${pkgs.cups}/share/doc/cups/images/cups.png",
"${pkgs.cups.out}/share/doc/cups/images/cups.png",
"${pkgs.pcre.doc}/share/doc/pcre/pcre.txt")
{
$file =~ /([^\/]*)$/; my $fn = $1;

6
pkgs/applications/altcoins/memorycoin.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, openssl, db48, boost
, zlib, miniupnpc, qt4, utillinux, protobuf, qrencode
, zlib, miniupnpc, qt4, qmake4Hook, utillinux, protobuf, qrencode
, withGui }:
with stdenv.lib;
@ -15,13 +15,11 @@ stdenv.mkDerivation rec{
buildInputs = [ pkgconfig openssl db48 boost zlib
miniupnpc utillinux protobuf ]
++ optionals withGui [ qt4 qrencode ];
++ optionals withGui [ qt4 qmake4Hook qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.lib}/lib" ]
++ optionals withGui [ "--with-gui=qt4" ];
configurePhase = optional withGui "qmake";
preBuild = optional (!withGui) "cd src; cp makefile.unix Makefile";
installPhase =

12
pkgs/applications/altcoins/namecoin.nix
View File

@ -1,4 +1,4 @@
{ stdenv, db4, boost, openssl, qt4, miniupnpc, unzip, namecoind }:
{ stdenv, db4, boost, openssl, qt4, qmake4Hook, miniupnpc, unzip, namecoind }:
with stdenv.lib;
stdenv.mkDerivation rec {
@ -7,15 +7,9 @@ stdenv.mkDerivation rec {
version = namecoind.version;
src = namecoind.src;
buildInputs = [ db4 boost openssl unzip qt4 miniupnpc ];
buildInputs = [ db4 boost openssl unzip qt4 qmake4Hook miniupnpc ];
configurePhase = ''
qmake USE_UPNP=-
'';
buildPhase = ''
make
'';
qmakeFlags = [ "USE_UPNP=-" ];
installPhase = ''
mkdir -p $out/bin

6
pkgs/applications/altcoins/primecoin.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, openssl, db48, boost
, zlib, miniupnpc, qt4, utillinux, protobuf, qrencode
, zlib, miniupnpc, qt4, qmake4Hook, utillinux, protobuf, qrencode
, withGui }:
with stdenv.lib;
@ -15,13 +15,11 @@ stdenv.mkDerivation rec{
buildInputs = [ pkgconfig openssl db48 boost zlib
miniupnpc utillinux protobuf ]
++ optionals withGui [ qt4 qrencode ];
++ optionals withGui [ qt4 qmake4Hook qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.lib}/lib" ]
++ optionals withGui [ "--with-gui=qt4" ];
configurePhase = optional withGui "qmake";
preBuild = optional (!withGui) "cd src; cp makefile.unix Makefile";
installPhase =

68
pkgs/applications/audio/MMA/default.nix Normal file
View File

@ -0,0 +1,68 @@
{ stdenv, fetchurl, makeWrapper, python, alsaUtils, timidity }:
stdenv.mkDerivation rec {
version = "15.12";
name = "mma-${version}";
src = fetchurl {
url = "http://www.mellowood.ca/mma/mma-bin-${version}.tar.gz";
sha256 = "0k37kcrfaxmwjb8xb1cbqinrkx3g50dbvwqbvwl3l762j4vr8jgx";
};
buildInputs = [ makeWrapper python alsaUtils timidity ];
patchPhase = ''
sed -i 's@/usr/bin/aplaymidi@/${alsaUtils}/bin/aplaymidi@g' mma-splitrec
sed -i 's@/usr/bin/aplaymidi@/${alsaUtils}/bin/aplaymidi@g' util/mma-splitrec.py
sed -i 's@/usr/bin/arecord@/${alsaUtils}/bin/arecord@g' mma-splitrec
sed -i 's@/usr/bin/arecord@/${alsaUtils}/bin/arecord@g' util/mma-splitrec.py
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' mma-splitrec
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' util/mma-splitrec.py
find . -type f | xargs sed -i 's@/usr/bin/env python@${python}/bin/python@g'
'';
installPhase = ''
mkdir -p $out/{bin,share/mma,share/man/man1,share/man/man8}
mkdir -p $out/etc
cp mma.py $out/bin/mma
cp mma-gb $out/bin/mma-gb
cp mma-libdoc $out/bin/mma-libdoc
cp mma-renum $out/bin/mma-renum
cp mma-splitrec $out/bin/mma-splitrec
cp util/mma-mnx.py $out/bin/mma-mnx
cp util/mma-rm2std.py $out/bin/mma-rm2std
cp util/mmatabs.py $out/bin/mmatabs
cp util/mup2mma.py $out/bin/mup2mma
cp util/pg2mma.py $out/bin/pg2mma
cp util/synthsplit.py $out/bin/mma-synthsplit
cp -r {docs,egs,includes,lib,MMA,text} $out/share/mma
rmdir $out/share/mma/includes/aria
cp util/README.* $out/share/mma/docs
mv $out/share/mma/docs/man/mma-libdoc.8 $out/share/man/man8
mv $out/share/mma/docs/man/mma-renum.1 $out/share/man/man1
mv $out/share/mma/docs/man/mma.1 $out/share/man/man1
mv $out/share/mma/docs/man/mma-gb.1 $out/share/man/man1
rm -rf $out/share/mma/docs/man
find $out -type f | xargs sed -i "s@/usr/share/mma@$out/share/mma@g"
'';
preFixup = ''
PYTHONPATH=$out/share/mma/:$PYTHONPATH
for f in $out/bin/*; do
wrapProgram $f \
--prefix PYTHONPATH : $PYTHONPATH
done
cd $out/share/mma/
$out/bin/mma -G
'';
meta = {
description = "Creates MIDI tracks for a soloist to perform over from a user supplied file containing chords";
homepage = http://www.mellowood.ca/mma/index.html;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.magnetophon ];
platforms = stdenv.lib.platforms.linux;
};
}

6
pkgs/applications/audio/abcde/default.nix
View File

@ -3,13 +3,13 @@
, perl, DigestSHA, MusicBrainz, MusicBrainzDiscID
, makeWrapper }:
let version = "2.7";
let version = "2.7.2";
in
stdenv.mkDerivation {
name = "abcde-${version}";
src = fetchurl {
url = "http://abcde.einval.com/download/abcde-${version}.tar.gz";
sha256 = "0ikpffzvacadh6vj9qlary8126j1zrd2knp9gvivmp7y1656jj01";
sha256 = "1pakpi41k8yd780mfp0snhia6mmwjwxk9lcrq6gynimch8b8hfda";
};
# FIXME: This package does not support `distmp3', `eject', etc.
@ -39,6 +39,8 @@ in
buildInputs = [ makeWrapper ];
installFlags = [ "sysconfdir=$(out)/etc" ];
postInstall = ''
# substituteInPlace "$out/bin/cddb-tool" \
# --replace '#!/bin/sh' '#!${bash}/bin/sh'

Some files were not shown because too many files have changed in this diff Show More