colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into staging-next

Browse Source
This commit is contained in:
Jan Tojnar 2019-12-25 05:15:06 +01:00
commit ca39dd3a8a
No known key found for this signature in database
GPG Key ID: 7FAB2A15F7A607A4
492 changed files with 22222 additions and 7240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -12,7 +12,7 @@
- [ ] macOS
- [ ] other Linux distributions
- [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"`
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
- [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after)
- [ ] Ensured that relevant documentation is up to date

4
doc/contributing/reviewing-contributions.xml
View File

@ -141,10 +141,10 @@
</listitem>
<listitem>
<para>
The <link xlink:href="https://github.com/Mic92/nix-review">nix-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
The <link xlink:href="https://github.com/Mic92/nixpkgs-review">nixpkgs-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
</para>
<screen>
<prompt>$ </prompt>nix-shell -p nix-review --run "nix-review pr PRNUMBER"
<prompt>$ </prompt>nix-shell -p nixpkgs-review --run "nixpkgs-review pr PRNUMBER"
</screen>
</listitem>
</itemizedlist>

22
doc/contributing/submitting-changes.xml
View File

@ -317,25 +317,25 @@ Additional information.
</section>
<section xml:id="submitting-changes-tested-compilation">
<title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title>
<title>Tested compilation of all pkgs that depend on this change using <command>nixpkgs-review</command></title>
<para>
If you are updating a package's version, you can use nix-review to make sure all packages that depend on the updated package still compile correctly. The <command>nix-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
If you are updating a package's version, you can use nixpkgs-review to make sure all packages that depend on the updated package still compile correctly. The <command>nixpkgs-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
</para>
<para>
review changes from pull request number 12345:
<screen>nix run nixpkgs.nix-review -c nix-review pr 12345</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review pr 12345</screen>
</para>
<para>
review uncommitted changes:
<screen>nix run nixpkgs.nix-review -c nix-review wip</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review wip</screen>
</para>
<para>
review changes from last commit:
<screen>nix run nixpkgs.nix-review -c nix-review rev HEAD</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review rev HEAD</screen>
</para>
</section>
@ -408,7 +408,7 @@ Additional information.
<section xml:id="submitting-changes-master-branch">
<title>Master branch</title>
<para>
The <literal>master</literal> branch is the main development branch.
The <literal>master</literal> branch is the main development branch.
It should only see non-breaking commits that do not cause mass rebuilds.
</para>
</section>
@ -416,8 +416,8 @@ Additional information.
<section xml:id="submitting-changes-staging-branch">
<title>Staging branch</title>
<para>
The <literal>staging</literal> branch is a development branch where mass-rebuilds go.
It should only see non-breaking mass-rebuild commits.
The <literal>staging</literal> branch is a development branch where mass-rebuilds go.
It should only see non-breaking mass-rebuild commits.
That means it is not to be used for testing, and changes must have been well tested already.
If the branch is already in a broken state, please refrain from adding extra new breakages.
</para>
@ -426,10 +426,10 @@ Additional information.
<section xml:id="submitting-changes-staging-next-branch">
<title>Staging-next branch</title>
<para>
The <literal>staging-next</literal> branch is for stabilizing mass-rebuilds submitted to the <literal>staging</literal> branch prior to merging them into <literal>master</literal>.
Mass-rebuilds should go via the <literal>staging</literal> branch.
The <literal>staging-next</literal> branch is for stabilizing mass-rebuilds submitted to the <literal>staging</literal> branch prior to merging them into <literal>master</literal>.
Mass-rebuilds should go via the <literal>staging</literal> branch.
It should only see non-breaking commits that are fixing issues blocking it from being merged into the <literal>master </literal> branch.
</para>
</para>
<para>
If the branch is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days and then merge into master.
</para>

91
doc/languages-frameworks/texlive.xml
View File

@ -59,6 +59,97 @@ nix-repl> texlive.collection-<TAB>
</itemizedlist>
</section>
<section xml:id="sec-language-texlive-custom-packages">
<title>Custom packages</title>
<para>
You may find that you need to use an external TeX package. A derivation for such package has to provide contents of the "texmf" directory in its output and provide the <varname>tlType</varname> attribute. Here is a (very verbose) example:
<programlisting><![CDATA[
with import <nixpkgs> {};
let
foiltex_run = stdenvNoCC.mkDerivation {
pname = "latex-foiltex";
version = "2.1.4b";
passthru.tlType = "run";
srcs = [
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.dtx";
sha256 = "07frz0krpz7kkcwlayrwrj2a2pixmv0icbngyw92srp9fp23cqpz";
})
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.ins";
sha256 = "09wkyidxk3n3zvqxfs61wlypmbhi1pxmjdi1kns9n2ky8ykbff99";
})
];
unpackPhase = ''
runHook preUnpack
for _src in $srcs; do
cp "$_src" $(stripHash "$_src")
done
runHook postUnpack
'';
nativeBuildInputs = [ texlive.combined.scheme-small ];
dontConfigure = true;
buildPhase = ''
runHook preBuild
# Generate the style files
latex foiltex.ins
runHook postBuild
'';
installPhase = ''
runHook preInstall
path="$out/tex/latex/foiltex"
mkdir -p "$path"
cp *.{cls,def,clo} "$path/"
runHook postInstall
'';
meta = with lib; {
description = "A LaTeX2e class for overhead transparencies";
license = licenses.unfreeRedistributable;
maintainers = with maintainers; [ veprbl ];
platforms = platforms.all;
};
};
foiltex = { pkgs = [ foiltex_run ]; };
latex_with_foiltex = texlive.combine {
inherit (texlive) scheme-small;
inherit foiltex;
};
in
runCommand "test.pdf" {
nativeBuildInputs = [ latex_with_foiltex ];
} ''
cat >test.tex <<EOF
\documentclass{foils}
\title{Presentation title}
\date{}
\begin{document}
\maketitle
\end{document}
EOF
pdflatex test.tex
cp test.pdf $out
''
]]></programlisting>
</para>
</section>
<section xml:id="sec-language-texlive-known-problems">
<title>Known problems</title>

41
maintainers/maintainer-list.nix
View File

@ -316,6 +316,7 @@
alexbakker = {
email = "ab@alexbakker.me";
github = "alexbakker";
githubId = 2387841;
name = "Alexander Bakker";
};
alexchapman = {
@ -1432,7 +1433,7 @@
craigem = {
email = "craige@mcwhirter.io";
github = "craigem";
githubId = "6470493";
githubId = 6470493;
name = "Craige McWhirter";
};
cransom = {
@ -1478,7 +1479,7 @@
};
cypherpunk2140 = {
email = "stefan.mihaila@pm.me";
github = "cypherpunk2140";
github = "stefan-mihaila";
githubId = 2217136;
name = "Ștefan D. Mihăilă";
keys = [
@ -2087,6 +2088,12 @@
githubId = 1365692;
name = "Will Fancher";
};
elyhaka = {
email = "elyhaka@protonmail.com";
github = "Elyhaka";
githubId = 57923898;
name = "Elyhaka";
};
emmanuelrosa = {
email = "emmanuel_rosa@aol.com";
github = "emmanuelrosa";
@ -2338,7 +2345,7 @@
Flakebi = {
email = "flakebi@t-online.de";
github = "Flakebi";
githubId = "Flakebi";
githubId = 6499211;
name = "Sebastian Neubauer";
keys = [{
longkeyid = "rsa4096/0xECC755EE583C1672";
@ -3035,7 +3042,8 @@
jacg = {
name = "Jacek Generowicz";
email = "jacg@my-post-office.net";
githubId = "2570854";
github = "jacg";
githubId = 2570854;
};
jasoncarr = {
email = "jcarr250@gmail.com";
@ -3138,6 +3146,7 @@
jdanek = {
email = "jdanek@redhat.com";
github = "jdanekrh";
githubId = 17877663;
keys = [{
longkeyid = "ed25519/0x69275CADF15D872E";
fingerprint = "D4A6 F051 AD58 2E7C BCED 5439 6927 5CAD F15D 872E";
@ -3308,6 +3317,7 @@
joesalisbury = {
email = "salisbury.joseph@gmail.com";
github = "JosephSalisbury";
githubId = 297653;
name = "Joe Salisbury";
};
johanot = {
@ -3590,6 +3600,7 @@
kim0 = {
email = "email.ahmedkamal@googlemail.com";
github = "kim0";
githubId = 59667;
name = "Ahmed Kamal";
};
kimburgess = {
@ -3613,6 +3624,7 @@
kirikaza = {
email = "k@kirikaza.ru";
github = "kirikaza";
githubId = 804677;
name = "Kirill Kazakov";
};
kisonecat = {
@ -3745,6 +3757,7 @@
ktor = {
email = "kruszewsky@gmail.com";
github = "ktor";
githubId = 99639;
name = "Pawel Kruszewski";
};
ktosiek = {
@ -3801,8 +3814,15 @@
};
lattfein = {
email = "lattfein@gmail.com";
github = "lattfein";
githubId = 53550838;
# Their GitHub account was deleted.
#
# See: https://github.com/NixOS/nixpkgs/pull/69007 where this
# was added but is now owned by a ghost.
#
# Possibly the username lattfein (currently github ID 56827487) is
# owned by the same person, but we should confirm before adding
# the GitHub name or ID back.
# github = "lattfein";
name = "Koki Yasuno";
};
layus = {
@ -3908,6 +3928,7 @@
lightbulbjim = {
email = "chris@killred.net";
github = "lightbulbjim";
githubId = 4312404;
name = "Chris Rendle-Short";
};
lightdiscord = {
@ -6850,7 +6871,7 @@
thefenriswolf = {
email = "stefan.rohrbacher97@gmail.com";
github = "thefenriswolf";
githubId = "8547242";
githubId = 8547242;
name = "Stefan Rohrbacher";
};
thesola10 = {
@ -7732,6 +7753,12 @@
githubId = 1986844;
name = "Daniel Wheeler";
};
misuzu = {
email = "bakalolka@gmail.com";
github = "misuzu";
githubId = 248143;
name = "misuzu";
};
zokrezyl = {
email = "zokrezyl@gmail.com";
github = "zokrezyl";

2
maintainers/scripts/update.nix
View File

@ -105,7 +105,7 @@ let
to run all update scripts for all packages that lists \`garbas\` as a maintainer
and have \`updateScript\` defined, or:
% nix-shell maintainers/scripts/update.nix --argstr package garbas
% nix-shell maintainers/scripts/update.nix --argstr package gnome3.nautilus
to run update script for specific package, or

19
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -419,4 +419,23 @@ machine.wait_for_unit("xautolock.service", "x-session-user")
<literal>wait_for_unit</literal>, <literal>start_job</literal> and
<literal>stop_job</literal>.
</para>
<para>
For faster dev cycles it's also possible to disable the code-linters (this shouldn't
be commited though):
<programlisting>
import ./make-test-python.nix {
skipLint = true;
machine =
{ config, pkgs, ... }:
{ <replaceable>configuration…</replaceable>
};
testScript =
''
<replaceable>Python code…</replaceable>
'';
}
</programlisting>
</para>
</section>

95
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -140,18 +140,18 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</listitem>
<listitem>
<para>
The <literal>99-main.network</literal> file was removed. Maching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
The <literal>99-main.network</literal> file was removed. Maching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
</para>
<para>
We already don't support the global <link linkend="opt-networking.useDHCP">networking.useDHCP</link>,
<link linkend="opt-networking.defaultGateway">networking.defaultGateway</link> and
<link linkend="opt-networking.defaultGateway6">networking.defaultGateway6</link> options
if <link linkend="opt-networking.useNetworkd">networking.useNetworkd</link> is enabled,
but direct users to configure the per-device
<link linkend="opt-networking.interfaces">networking.interfaces.&lt;name&gt;.…</link> options.
We already don't support the global <link linkend="opt-networking.useDHCP">networking.useDHCP</link>,
<link linkend="opt-networking.defaultGateway">networking.defaultGateway</link> and
<link linkend="opt-networking.defaultGateway6">networking.defaultGateway6</link> options
if <link linkend="opt-networking.useNetworkd">networking.useNetworkd</link> is enabled,
but direct users to configure the per-device
<link linkend="opt-networking.interfaces">networking.interfaces.&lt;name&gt;.…</link> options.
</para>
</listitem>
<listitem>
@ -264,6 +264,69 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
in container config.
</para>
</listitem>
<listitem>
<para>
Virtual console options have been reorganized and can be found under
a single top-level attribute: <literal>console</literal>.
The full set of changes is as follows:
</para>
<itemizedlist>
<listitem>
<para>
<literal>i18n.consoleFont</literal> renamed to
<link linkend="opt-console.font">console.font</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleKeyMap</literal> renamed to
<link linkend="opt-console.keyMap">console.keyMap</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleColors</literal> renamed to
<link linkend="opt-console.colors">console.colors</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consolePackages</literal> renamed to
<link linkend="opt-console.packages">console.packages</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleUseXkbConfig</literal> renamed to
<link linkend="opt-console.useXkbConfig">console.useXkbConfig</link>
</para>
</listitem>
<listitem>
<para>
<literal>boot.earlyVconsoleSetup</literal> renamed to
<link linkend="opt-console.earlySetup">console.earlySetup</link>
</para>
</listitem>
<listitem>
<para>
<literal>boot.extraTTYs</literal> renamed to
<link linkend="opt-console.extraTTYs">console.extraTTYs</link>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.awstats">awstats</link> module has been rewritten
to serve stats via static html pages, updated on a timer, over <link linkend="opt-services.nginx.virtualHosts">nginx</link>,
instead of dynamic cgi pages over <link linkend="opt-services.httpd">apache</link>.
</para>
<para>
Minor changes will be required to migrate existing configurations. Details of the
required changes can seen by looking through the <link linkend="opt-services.awstats">awstats</link>
module.
</para>
</listitem>
</itemizedlist>
</section>
@ -278,6 +341,18 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
<listitem>
<para>SD images are now compressed by default using <literal>bzip2</literal>.</para>
</listitem>
<listitem>
<para>
The nginx web server previously started its master process as root
privileged, then ran worker processes as a less privileged identity user.
This was changed to start all of nginx as a less privileged user (defined by
<literal>services.nginx.user</literal> and
<literal>services.nginx.group</literal>). As a consequence, all files that
are needed for nginx to run (included configuration fragments, SSL
certificates and keys, etc.) must now be readable by this less privileged
user/group.
</para>
</listitem>
<listitem>
<para>
OpenSSH has been upgraded from 7.9 to 8.1, improving security and adding features

10
nixos/lib/testing-python.nix
View File

@ -95,6 +95,8 @@ in rec {
, makeCoverageReport ? false
, enableOCR ? false
, name ? "unnamed"
# Skip linting (mainly intended for faster dev cycles)
, skipLint ? false
, ...
} @ t:
@ -133,7 +135,7 @@ in rec {
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = runCommand testDriverName
driver = let warn = if skipLint then lib.warn "Linting is disabled!" else lib.id; in warn (runCommand testDriverName
{ buildInputs = [ makeWrapper];
testScript = testScript';
preferLocalBuild = true;
@ -143,7 +145,9 @@ in rec {
mkdir -p $out/bin
echo -n "$testScript" > $out/test-script
${python3Packages.black}/bin/black --check --diff $out/test-script
${lib.optionalString (!skipLint) ''
${python3Packages.black}/bin/black --check --diff $out/test-script
''}
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
@ -160,7 +164,7 @@ in rec {
--set tests 'start_all(); join_all();' \
--set VLANS '${toString vlans}' \
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
''; # "
''); # "
passMeta = drv: drv // lib.optionalAttrs (t ? meta) {
meta = (drv.meta or {}) // t.meta;

203
nixos/modules/config/console.nix Normal file
View File

@ -0,0 +1,203 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.console;
makeColor = i: concatMapStringsSep "," (x: "0x" + substring (2*i) 2 x);
isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale);
optimizedKeymap = pkgs.runCommand "keymap" {
nativeBuildInputs = [ pkgs.buildPackages.kbd ];
LOADKEYS_KEYMAP_PATH = "${consoleEnv}/share/keymaps/**";
preferLocalBuild = true;
} ''
loadkeys -b ${optionalString isUnicode "-u"} "${cfg.keyMap}" > $out
'';
# Sadly, systemd-vconsole-setup doesn't support binary keymaps.
vconsoleConf = pkgs.writeText "vconsole.conf" ''
KEYMAP=${cfg.keyMap}
FONT=${cfg.font}
'';
consoleEnv = pkgs.buildEnv {
name = "console-env";
paths = [ pkgs.kbd ] ++ cfg.packages;
pathsToLink = [
"/share/consolefonts"
"/share/consoletrans"
"/share/keymaps"
"/share/unimaps"
];
};
setVconsole = !config.boot.isContainer;
in
{
###### interface
options.console = {
font = mkOption {
type = types.str;
default = "Lat2-Terminus16";
example = "LatArCyrHeb-16";
description = ''
The font used for the virtual consoles. Leave empty to use
whatever the <command>setfont</command> program considers the
default font.
'';
};
keyMap = mkOption {
type = with types; either str path;
default = "us";
example = "fr";
description = ''
The keyboard mapping table for the virtual consoles.
'';
};
colors = mkOption {
type = types.listOf types.str;
default = [];
example = [
"002b36" "dc322f" "859900" "b58900"
"268bd2" "d33682" "2aa198" "eee8d5"
"002b36" "cb4b16" "586e75" "657b83"
"839496" "6c71c4" "93a1a1" "fdf6e3"
];
description = ''
The 16 colors palette used by the virtual consoles.
Leave empty to use the default colors.
Colors must be in hexadecimal format and listed in
order from color 0 to color 15.
'';
};
packages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
description = ''
List of additional packages that provide console fonts, keymaps and
other resources for virtual consoles use.
'';
};
extraTTYs = mkOption {
default = [];
type = types.listOf types.str;
example = ["tty8" "tty9"];
description = ''
TTY (virtual console) devices, in addition to the consoles on
which mingetty and syslogd run, that must be initialised.
Only useful if you have some program that you want to run on
some fixed console. For example, the NixOS installation CD
opens the manual in a web browser on console 7, so it sets
<option>console.extraTTYs</option> to <literal>["tty7"]</literal>.
'';
};
useXkbConfig = mkOption {
type = types.bool;
default = false;
description = ''
If set, configure the virtual console keymap from the xserver
keyboard settings.
'';
};
earlySetup = mkOption {
default = false;
type = types.bool;
description = ''
Enable setting virtual console options as early as possible (in initrd).
'';
};
};
###### implementation
config = mkMerge [
{ console.keyMap = with config.services.xserver;
mkIf cfg.useXkbConfig
(pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
'${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
'');
}
(mkIf (!setVconsole) {
systemd.services.systemd-vconsole-setup.enable = false;
})
(mkIf setVconsole (mkMerge [
{ environment.systemPackages = [ pkgs.kbd ];
# Let systemd-vconsole-setup.service do the work of setting up the
# virtual consoles.
environment.etc."vconsole.conf".source = vconsoleConf;
# Provide kbd with additional packages.
environment.etc.kbd.source = "${consoleEnv}/share";
boot.initrd.preLVMCommands = mkBefore ''
kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
loadkmap < ${optimizedKeymap}
${optionalString cfg.earlySetup ''
setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
''}
'';
systemd.services.systemd-vconsole-setup =
{ before = [ "display-manager.service" ];
after = [ "systemd-udev-settle.service" ];
restartTriggers = [ vconsoleConf consoleEnv ];
};
}
(mkIf (cfg.colors != []) {
boot.kernelParams = [
"vt.default_red=${makeColor 0 cfg.colors}"
"vt.default_grn=${makeColor 1 cfg.colors}"
"vt.default_blu=${makeColor 2 cfg.colors}"
];
})
(mkIf cfg.earlySetup {
boot.initrd.extraUtilsCommands = ''
mkdir -p $out/share/consolefonts
${if substring 0 1 cfg.font == "/" then ''
font="${cfg.font}"
'' else ''
font="$(echo ${consoleEnv}/share/consolefonts/${cfg.font}.*)"
''}
if [[ $font == *.gz ]]; then
gzip -cd $font > $out/share/consolefonts/font.psf
else
cp -L $font $out/share/consolefonts/font.psf
fi
'';
})
]))
];
imports = [
(mkRenamedOptionModule [ "i18n" "consoleFont" ] [ "console" "font" ])
(mkRenamedOptionModule [ "i18n" "consoleKeyMap" ] [ "console" "keyMap" ])
(mkRenamedOptionModule [ "i18n" "consoleColors" ] [ "console" "colors" ])
(mkRenamedOptionModule [ "i18n" "consolePackages" ] [ "console" "packages" ])
(mkRenamedOptionModule [ "i18n" "consoleUseXkbConfig" ] [ "console" "useXkbConfig" ])
(mkRenamedOptionModule [ "boot" "earlyVconsoleSetup" ] [ "console" "earlySetup" ])
(mkRenamedOptionModule [ "boot" "extraTTYs" ] [ "console" "extraTTYs" ])
];
}

63
nixos/modules/config/i18n.nix
View File

@ -58,62 +58,6 @@ with lib;
'';
};
consolePackages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
description = ''
List of additional packages that provide console fonts, keymaps and
other resources.
'';
};
consoleFont = mkOption {
type = types.str;
default = "Lat2-Terminus16";
example = "LatArCyrHeb-16";
description = ''
The font used for the virtual consoles. Leave empty to use
whatever the <command>setfont</command> program considers the
default font.
'';
};
consoleUseXkbConfig = mkOption {
type = types.bool;
default = false;
description = ''
If set, configure the console keymap from the xserver keyboard
settings.
'';
};
consoleKeyMap = mkOption {
type = with types; either str path;
default = "us";
example = "fr";
description = ''
The keyboard mapping table for the virtual consoles.
'';
};
consoleColors = mkOption {
type = types.listOf types.str;
default = [];
example = [
"002b36" "dc322f" "859900" "b58900"
"268bd2" "d33682" "2aa198" "eee8d5"
"002b36" "cb4b16" "586e75" "657b83"
"839496" "6c71c4" "93a1a1" "fdf6e3"
];
description = ''
The 16 colors palette used by the virtual consoles.
Leave empty to use the default colors.
Colors must be in hexadecimal format and listed in
order from color 0 to color 15.
'';
};
};
};
@ -123,13 +67,6 @@ with lib;
config = {
i18n.consoleKeyMap = with config.services.xserver;
mkIf config.i18n.consoleUseXkbConfig
(pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
'${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
'');
environment.systemPackages =
optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales;

3
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -335,6 +335,9 @@ if (@swaps) {
next unless -e $swapFilename;
my $dev = findStableDevPath $swapFilename;
if ($swapType =~ "partition") {
# zram devices are more likely created by configuration.nix, so
# ignore them here
next if ($swapFilename =~ /^\/dev\/zram/);
push @swapDevices, "{ device = \"$dev\"; }";
} elsif ($swapType =~ "file") {
# swap *files* are more likely specified in configuration.nix, so

5
nixos/modules/module-list.nix
View File

@ -11,6 +11,7 @@
./config/xdg/mime.nix
./config/xdg/portal.nix
./config/appstream.nix
./config/console.nix
./config/xdg/sounds.nix
./config/gtk/gtk-icon-cache.nix
./config/gnu.nix
@ -557,6 +558,7 @@
./services/network-filesystems/yandex-disk.nix
./services/network-filesystems/xtreemfs.nix
./services/network-filesystems/ceph.nix
./services/networking/3proxy.nix
./services/networking/amuled.nix
./services/networking/aria2.nix
./services/networking/asterisk.nix
@ -693,6 +695,7 @@
./services/networking/sniproxy.nix
./services/networking/smokeping.nix
./services/networking/softether.nix
./services/networking/spacecookie.nix
./services/networking/spiped.nix
./services/networking/squid.nix
./services/networking/sslh.nix
@ -813,6 +816,7 @@
./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix
./services/web-apps/trilium.nix
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix
./services/web-apps/virtlyst.nix
@ -938,7 +942,6 @@
./tasks/filesystems/vfat.nix
./tasks/filesystems/xfs.nix
./tasks/filesystems/zfs.nix
./tasks/kbd.nix
./tasks/lvm.nix
./tasks/network-interfaces.nix
./tasks/network-interfaces-systemd.nix

2
nixos/modules/programs/nm-applet.nix
View File

@ -10,5 +10,7 @@
partOf = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${pkgs.networkmanagerapplet}/bin/nm-applet";
};
services.dbus.packages = [ pkgs.gcr ];
};
}

67
nixos/modules/programs/sway.nix
View File

@ -4,27 +4,32 @@ with lib;
let
cfg = config.programs.sway;
swayPackage = pkgs.sway;
swayWrapped = pkgs.writeShellScriptBin "sway" ''
set -o errexit
wrapperOptions = types.submodule {
options =
let
mkWrapperFeature = default: description: mkOption {
type = types.bool;
inherit default;
example = !default;
description = "Whether to make use of the ${description}";
};
in {
base = mkWrapperFeature true ''
base wrapper to execute extra session commands and prepend a
dbus-run-session to the sway command.
'';
gtk = mkWrapperFeature false ''
wrapGAppsHook wrapper to execute sway with required environment
variables for GTK applications.
'';
};
};
if [ ! "$_SWAY_WRAPPER_ALREADY_EXECUTED" ]; then
export _SWAY_WRAPPER_ALREADY_EXECUTED=1
${cfg.extraSessionCommands}
fi
if [ "$DBUS_SESSION_BUS_ADDRESS" ]; then
export DBUS_SESSION_BUS_ADDRESS
exec ${swayPackage}/bin/sway "$@"
else
exec ${pkgs.dbus}/bin/dbus-run-session ${swayPackage}/bin/sway "$@"
fi
'';
swayJoined = pkgs.symlinkJoin {
name = "sway-joined";
paths = [ swayWrapped swayPackage ];
passthru.providedSessions = [ "sway" ];
swayPackage = pkgs.sway.override {
extraSessionCommands = cfg.extraSessionCommands;
withBaseWrapper = cfg.wrapperFeatures.base;
withGtkWrapper = cfg.wrapperFeatures.gtk;
};
in {
options.programs.sway = {
@ -36,6 +41,15 @@ in {
Please have a look at the "extraSessionCommands" example for running
programs natively under Wayland'';
wrapperFeatures = mkOption {
type = wrapperOptions;
default = { };
example = { gtk = true; };
description = ''
Attribute set of features to enable in the wrapper.
'';
};
extraSessionCommands = mkOption {
type = types.lines;
default = "";
@ -56,7 +70,7 @@ in {
extraPackages = mkOption {
type = with types; listOf package;
default = with pkgs; [
swaylock swayidle swaybg
swaylock swayidle
xwayland rxvt_unicode dmenu
];
defaultText = literalExample ''
@ -76,8 +90,17 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.extraSessionCommands != "" -> cfg.wrapperFeatures.base;
message = ''
The extraSessionCommands for Sway will not be run if
wrapperFeatures.base is disabled.
'';
}
];
environment = {
systemPackages = [ swayJoined ] ++ cfg.extraPackages;
systemPackages = [ swayPackage ] ++ cfg.extraPackages;
etc = {
"sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config";
#"sway/security.d".source = mkOptionDefault "${swayPackage}/etc/sway/security.d/";
@ -89,7 +112,7 @@ in {
fonts.enableDefaultFonts = mkDefault true;
programs.dconf.enable = mkDefault true;
# To make a Sway session available if a display manager like SDDM is enabled:
services.xserver.displayManager.sessionPackages = [ swayJoined ];
services.xserver.displayManager.sessionPackages = [ swayPackage ];
};
meta.maintainers = with lib.maintainers; [ gnidorah primeos colemickens ];

2
nixos/modules/rename.nix
View File

@ -25,6 +25,8 @@ with lib;
(mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services.fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services.fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
# Do NOT add any option renames here, see top of the file
];

4
nixos/modules/security/acme.nix
View File

@ -241,9 +241,9 @@ in
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
ExecStopPost =
ExecStartPost =
let
script = pkgs.writeScript "acme-post-stop" ''
script = pkgs.writeScript "acme-post-start" ''
#!${pkgs.runtimeShell} -e
${data.postRun}
'';

25
nixos/modules/services/desktops/pantheon/contractor.nix
View File

@ -6,35 +6,12 @@ with lib;
{
meta.maintainers = pkgs.pantheon.maintainers;
###### interface
options = {
services.pantheon.contractor = {
enable = mkEnableOption "contractor, a desktop-wide extension service used by pantheon";
};
};
###### implementation
config = mkIf config.services.pantheon.contractor.enable {
environment.systemPackages = with pkgs.pantheon; [
contractor
extra-elementary-contracts
];
services.dbus.packages = [ pkgs.pantheon.contractor ];
environment.pathsToLink = [
"/share/contractor"
];
};

31
nixos/modules/services/desktops/pantheon/files.nix
View File

@ -6,33 +6,8 @@ with lib;
{
meta.maintainers = pkgs.pantheon.maintainers;
###### interface
options = {
services.pantheon.files = {
enable = mkEnableOption "pantheon files daemon";
};
};
###### implementation
config = mkIf config.services.pantheon.files.enable {
environment.systemPackages = [
pkgs.pantheon.elementary-files
];
services.dbus.packages = [
pkgs.pantheon.elementary-files
];
};
imports = [
(mkRemovedOptionModule [ "services" "pantheon" "files" "enable" ] "Use `environment.systemPackages [ pkgs.pantheon.elementary-files ];`")
];
}

299
nixos/modules/services/logging/awstats.nix
View File

@ -4,31 +4,116 @@ with lib;
let
cfg = config.services.awstats;
httpd = config.services.httpd;
package = pkgs.awstats;
in
configOpts = {name, config, ...}: {
options = {
type = mkOption{
type = types.enum [ "mail" "web" ];
default = "web";
example = "mail";
description = ''
The type of log being collected.
'';
};
domain = mkOption {
type = types.str;
default = name;
description = "The domain name to collect stats for.";
example = "example.com";
};
{
options.services.awstats = {
enable = mkOption {
type = types.bool;
default = cfg.service.enable;
description = ''
Enable the awstats program (but not service).
Currently only simple httpd (Apache) configs are supported,
and awstats plugins may not work correctly.
'';
logFile = mkOption {
type = types.str;
example = "/var/spool/nginx/logs/access.log";
description = ''
The log file to be scanned.
For mail, set this to
<literal>
journalctl $OLD_CURSOR -u postfix.service | ''${pkgs.perl}/bin/perl ''${pkgs.awstats.out}/share/awstats/tools/maillogconvert.pl standard |
</literal>
'';
};
logFormat = mkOption {
type = types.str;
default = "1";
description = ''
The log format being used.
For mail, set this to
<literal>
%time2 %email %email_r %host %host_r %method %url %code %bytesd
</literal>
'';
};
hostAliases = mkOption {
type = types.listOf types.str;
default = [];
example = "[ \"www.example.org\" ]";
description = ''
List of aliases the site has.
'';
};
extraConfig = mkOption {
type = types.attrsOf types.str;
default = {};
example = literalExample ''
{
"ValidHTTPCodes" = "404";
}
'';
};
webService = {
enable = mkEnableOption "awstats web service";
hostname = mkOption {
type = types.str;
default = config.domain;
description = "The hostname the web service appears under.";
};
urlPrefix = mkOption {
type = types.str;
default = "/awstats";
description = "The URL prefix under which the awstats pages appear.";
};
};
};
vardir = mkOption {
};
webServices = filterAttrs (name: value: value.webService.enable) cfg.configs;
in
{
imports = [
(mkRemovedOptionModule [ "services" "awstats" "service" "enable" ] "Please enable per domain with `services.awstats.configs.<name>.webService.enable`")
(mkRemovedOptionModule [ "services" "awstats" "service" "urlPrefix" ] "Please set per domain with `services.awstats.configs.<name>.webService.urlPrefix`")
(mkRenamedOptionModule [ "services" "awstats" "vardir" ] [ "services" "awstats" "dataDir" ])
];
options.services.awstats = {
enable = mkEnableOption "awstats";
dataDir = mkOption {
type = types.path;
default = "/var/lib/awstats";
description = "The directory where variable awstats data will be stored.";
description = "The directory where awstats data will be stored.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra configuration to be appendend to awstats.conf.";
configs = mkOption {
type = types.attrsOf (types.submodule configOpts);
default = {};
example = literalExample ''
{
"mysite" = {
domain = "example.com";
logFile = "/var/spool/nginx/logs/access.log";
};
}
'';
description = "Attribute set of domains to collect stats for.";
};
updateAt = mkOption {
@ -42,75 +127,129 @@ in
<manvolnum>7</manvolnum></citerefentry>)
'';
};
service = {
enable = mkOption {
type = types.bool;
default = false;
description = ''Enable the awstats web service. This switches on httpd.'';
};
urlPrefix = mkOption {
type = types.str;
default = "/awstats";
description = "The URL prefix under which the awstats service appears.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ package.bin ];
/* TODO:
- heed config.services.httpd.logPerVirtualHost, etc.
- Can't AllowToUpdateStatsFromBrowser, as CGI scripts don't have permission
to read the logs, and our httpd config apparently doesn't an option for that.
*/
environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf"
environment.etc = mapAttrs' (name: opts:
nameValuePair "awstats/awstats.${name}.conf" {
source = pkgs.runCommand "awstats.${name}.conf"
{ preferLocalBuild = true; }
( let
logFormat =
if httpd.logFormat == "combined" then "1" else
if httpd.logFormat == "common" then "4" else
throw "awstats service doesn't support Apache log format `${httpd.logFormat}`";
in
(''
sed \
''
# set up mail stats
+ optionalString (opts.type == "mail")
''
-e 's|^\(LogType\)=.*$|\1=M|' \
-e 's|^\(LevelForBrowsersDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForOSDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForRefererAnalyze\)=.*$|\1=0|' \
-e 's|^\(LevelForRobotsDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForSearchEnginesDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForFileTypesDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForWormsDetection\)=.*$|\1=0|' \
-e 's|^\(ShowMenu\)=.*$|\1=1|' \
-e 's|^\(ShowSummary\)=.*$|\1=HB|' \
-e 's|^\(ShowMonthStats\)=.*$|\1=HB|' \
-e 's|^\(ShowDaysOfMonthStats\)=.*$|\1=HB|' \
-e 's|^\(ShowDaysOfWeekStats\)=.*$|\1=HB|' \
-e 's|^\(ShowHoursStats\)=.*$|\1=HB|' \
-e 's|^\(ShowDomainsStats\)=.*$|\1=0|' \
-e 's|^\(ShowHostsStats\)=.*$|\1=HB|' \
-e 's|^\(ShowAuthenticatedUsers\)=.*$|\1=0|' \
-e 's|^\(ShowRobotsStats\)=.*$|\1=0|' \
-e 's|^\(ShowEMailSenders\)=.*$|\1=HBML|' \
-e 's|^\(ShowEMailReceivers\)=.*$|\1=HBML|' \
-e 's|^\(ShowSessionsStats\)=.*$|\1=0|' \
-e 's|^\(ShowPagesStats\)=.*$|\1=0|' \
-e 's|^\(ShowFileTypesStats\)=.*$|\1=0|' \
-e 's|^\(ShowFileSizesStats\)=.*$|\1=0|' \
-e 's|^\(ShowBrowsersStats\)=.*$|\1=0|' \
-e 's|^\(ShowOSStats\)=.*$|\1=0|' \
-e 's|^\(ShowOriginStats\)=.*$|\1=0|' \
-e 's|^\(ShowKeyphrasesStats\)=.*$|\1=0|' \
-e 's|^\(ShowKeywordsStats\)=.*$|\1=0|' \
-e 's|^\(ShowMiscStats\)=.*$|\1=0|' \
-e 's|^\(ShowHTTPErrorsStats\)=.*$|\1=0|' \
-e 's|^\(ShowSMTPErrorsStats\)=.*$|\1=1|' \
''
+
# common options
''
-e 's|^\(DirData\)=.*$|\1="${cfg.dataDir}/${name}"|' \
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
-e 's|^\(SiteDomain\)=.*$|\1="${name}"|' \
-e 's|^\(LogFile\)=.*$|\1="${opts.logFile}"|' \
-e 's|^\(LogFormat\)=.*$|\1="${opts.logFormat}"|' \
''
+
# extra config
concatStringsSep "\n" (mapAttrsToList (n: v: ''
-e 's|^\(${n}\)=.*$|\1="${v}"|' \
'') opts.extraConfig)
+
''
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
'');
}) cfg.configs;
# create data directory with the correct permissions
systemd.tmpfiles.rules =
[ "d '${cfg.dataDir}' 755 root root - -" ] ++
mapAttrsToList (name: opts: "d '${cfg.dataDir}/${name}' 755 root root - -") cfg.configs ++
[ "Z '${cfg.dataDir}' 755 root root - -" ];
# nginx options
services.nginx.virtualHosts = mapAttrs'(name: opts: {
name = opts.webService.hostname;
value = {
locations = {
"${opts.webService.urlPrefix}/css/" = {
alias = "${package.out}/wwwroot/css/";
};
"${opts.webService.urlPrefix}/icons/" = {
alias = "${package.out}/wwwroot/icon/";
};
"${opts.webService.urlPrefix}/" = {
alias = "${cfg.dataDir}/${name}/";
extraConfig = ''
autoindex on;
'';
};
};
};
}) webServices;
# update awstats
systemd.services = mkIf (cfg.updateAt != null) (mapAttrs' (name: opts:
nameValuePair "awstats-${name}-update" {
description = "update awstats for ${name}";
script = optionalString (opts.type == "mail")
''
sed \
-e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
-e 's|^\(SiteDomain\)=.*$|\1="${httpd.hostName}"|' \
-e 's|^\(LogFile\)=.*$|\1="${httpd.logDir}/access_log"|' \
-e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
echo '${cfg.extraConfig}' >> "$out"
'');
systemd.tmpfiles.rules = optionals cfg.service.enable [
"d '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
"Z '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
];
# The httpd sub-service showing awstats.
services.httpd = optionalAttrs cfg.service.enable {
enable = true;
extraConfig = ''
Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/"
Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/"
Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/"
ScriptAlias ${cfg.service.urlPrefix}/ "${package.out}/wwwroot/cgi-bin/"
<Directory "${package.out}/wwwroot">
Options None
Require all granted
</Directory>
'';
};
systemd.services.awstats-update = mkIf (cfg.updateAt != null) {
description = "awstats log collector";
script = "exec '${package.bin}/bin/awstats' -update -config=awstats.conf";
startAt = cfg.updateAt;
};
if [[ -f "${cfg.dataDir}/${name}-cursor" ]]; then
CURSOR="$(cat "${cfg.dataDir}/${name}-cursor" | tr -d '\n')"
if [[ -n "$CURSOR" ]]; then
echo "Using cursor: $CURSOR"
export OLD_CURSOR="--cursor $CURSOR"
fi
fi
NEW_CURSOR="$(journalctl $OLD_CURSOR -u postfix.service --show-cursor | tail -n 1 | tr -d '\n' | sed -e 's#^-- cursor: \(.*\)#\1#')"
echo "New cursor: $NEW_CURSOR"
${package.bin}/bin/awstats -update -config=${name}
if [ -n "$NEW_CURSOR" ]; then
echo -n "$NEW_CURSOR" > ${cfg.dataDir}/${name}-cursor
fi
'' + ''
${package.out}/share/awstats/tools/awstats_buildstaticpages.pl \
-config=${name} -update -dir=${cfg.dataDir}/${name} \
-awstatsprog=${package.bin}/bin/awstats
'';
startAt = cfg.updateAt;
}) cfg.configs);
};
}

424
nixos/modules/services/networking/3proxy.nix Normal file
View File

@ -0,0 +1,424 @@
{ config, lib, pkgs, ... }:
with lib;
let
pkg = pkgs._3proxy;
cfg = config.services._3proxy;
optionalList = list: if list == [ ] then "*" else concatMapStringsSep "," toString list;
in {
options.services._3proxy = {
enable = mkEnableOption "3proxy";
confFile = mkOption {
type = types.path;
example = "/var/lib/3proxy/3proxy.conf";
description = ''
Ignore all other 3proxy options and load configuration from this file.
'';
};
usersFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/lib/3proxy/3proxy.passwd";
description = ''
Load users and passwords from this file.
Example users file with plain-text passwords:
<literal>
test1:CL:password1
test2:CL:password2
</literal>
Example users file with md5-crypted passwords:
<literal>
test1:CR:$1$tFkisVd2$1GA8JXkRmTXdLDytM/i3a1
test2:CR:$1$rkpibm5J$Aq1.9VtYAn0JrqZ8M.1ME.
</literal>
You can generate md5-crypted passwords via https://unix4lyfe.org/crypt/
Note that htpasswd tool generates incompatible md5-crypted passwords.
Consult <link xlink:href="https://github.com/z3APA3A/3proxy/wiki/How-To-(incomplete)#USERS">documentation</link> for more information.
'';
};
services = mkOption {
type = types.listOf (types.submodule {
options = {
type = mkOption {
type = types.enum [
"proxy"
"socks"
"pop3p"
"ftppr"
"admin"
"dnspr"
"tcppm"
"udppm"
];
example = "proxy";
description = ''
Service type. The following values are valid:
<itemizedlist>
<listitem><para>
<literal>"proxy"</literal>: HTTP/HTTPS proxy (default port 3128).
</para></listitem>
<listitem><para>
<literal>"socks"</literal>: SOCKS 4/4.5/5 proxy (default port 1080).
</para></listitem>
<listitem><para>
<literal>"pop3p"</literal>: POP3 proxy (default port 110).
</para></listitem>
<listitem><para>
<literal>"ftppr"</literal>: FTP proxy (default port 21).
</para></listitem>
<listitem><para>
<literal>"admin"</literal>: Web interface (default port 80).
</para></listitem>
<listitem><para>
<literal>"dnspr"</literal>: Caching DNS proxy (default port 53).
</para></listitem>
<listitem><para>
<literal>"tcppm"</literal>: TCP portmapper.
</para></listitem>
<listitem><para>
<literal>"udppm"</literal>: UDP portmapper.
</para></listitem>
</itemizedlist>
'';
};
bindAddress = mkOption {
type = types.str;
default = "[::]";
example = "127.0.0.1";
description = ''
Address used for service.
'';
};
bindPort = mkOption {
type = types.nullOr types.int;
default = null;
example = 3128;
description = ''
Override default port used for service.
'';
};
maxConnections = mkOption {
type = types.int;
default = 100;
example = 1000;
description = ''
Maximum number of simulationeous connections to this service.
'';
};
auth = mkOption {
type = types.listOf (types.enum [ "none" "iponly" "strong" ]);
example = [ "iponly" "strong" ];
description = ''
Authentication type. The following values are valid:
<itemizedlist>
<listitem><para>
<literal>"none"</literal>: disables both authentication and authorization. You can not use ACLs.
</para></listitem>
<listitem><para>
<literal>"iponly"</literal>: specifies no authentication. ACLs authorization is used.
</para></listitem>
<listitem><para>
<literal>"strong"</literal>: authentication by username/password. If user is not registered his access is denied regardless of ACLs.
</para></listitem>
</itemizedlist>
Double authentication is possible, e.g.
<literal>
{
auth = [ "iponly" "strong" ];
acl = [
{
rule = "allow";
targets = [ "192.168.0.0/16" ];
}
{
rule = "allow"
users = [ "user1" "user2" ];
}
];
}
</literal>
In this example strong username authentication is not required to access 192.168.0.0/16.
'';
};
acl = mkOption {
type = types.listOf (types.submodule {
options = {
rule = mkOption {
type = types.enum [ "allow" "deny" ];
example = "allow";
description = ''
ACL rule. The following values are valid:
<itemizedlist>
<listitem><para>
<literal>"allow"</literal>: connections allowed.
</para></listitem>
<listitem><para>
<literal>"deny"</literal>: connections not allowed.
</para></listitem>
</itemizedlist>
'';
};
users = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "user1" "user2" "user3" ];
description = ''
List of users, use empty list for any.
'';
};
sources = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "127.0.0.1" "192.168.1.0/24" ];
description = ''
List of source IP range, use empty list for any.
'';
};
targets = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "127.0.0.1" "192.168.1.0/24" ];
description = ''
List of target IP ranges, use empty list for any.
May also contain host names instead of addresses.
It's possible to use wildmask in the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.
Hostname is only checked if hostname presents in request.
'';
};
targetPorts = mkOption {
type = types.listOf types.int;
default = [ ];
example = [ 80 443 ];
description = ''
List of target ports, use empty list for any.
'';
};
};
});
default = [ ];
example = literalExample ''
[
{
rule = "allow";
users = [ "user1" ];
}
{
rule = "allow";
sources = [ "192.168.1.0/24" ];
}
{
rule = "deny";
}
]
'';
description = ''
Use this option to limit user access to resources.
'';
};
extraArguments = mkOption {
type = types.nullOr types.str;
default = null;
example = "-46";
description = ''
Extra arguments for service.
Consult "Options" section in <link xlink:href="https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg">documentation</link> for available arguments.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
description = ''
Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection.
Consult <link xlink:href="https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg">documentation</link> for available options.
'';
};
};
});
default = [ ];
example = literalExample ''
[
{
type = "proxy";
bindAddress = "192.168.1.24";
bindPort = 3128;
auth = [ "none" ];
}
{
type = "proxy";
bindAddress = "10.10.1.20";
bindPort = 3128;
auth = [ "iponly" ];
}
{
type = "socks";
bindAddress = "172.17.0.1";
bindPort = 1080;
auth = [ "strong" ];
}
]
'';
description = ''
Use this option to define 3proxy services.
'';
};
denyPrivate = mkOption {
type = types.bool;
default = true;
description = ''
Whether to deny access to private IP ranges including loopback.
'';
};
privateRanges = mkOption {
type = types.listOf types.str;
default = [
"0.0.0.0/8"
"127.0.0.0/8"
"10.0.0.0/8"
"100.64.0.0/10"
"172.16.0.0/12"
"192.168.0.0/16"
"::"
"::1"
"fc00::/7"
];
example = [
"0.0.0.0/8"
"127.0.0.0/8"
"10.0.0.0/8"
"100.64.0.0/10"
"172.16.0.0/12"
"192.168.0.0/16"
"::"
"::1"
"fc00::/7"
];
description = ''
What IP ranges to deny access when denyPrivate is set tu true.
'';
};
resolution = mkOption {
type = types.submodule {
options = {
nserver = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "127.0.0.53" "192.168.1.3:5353/tcp" ];
description = ''
List of nameservers to use.
Up to 5 nservers may be specified. If no nserver is configured,
default system name resolution functions are used.
'';
};
nscache = mkOption {
type = types.int;
default = 65535;
example = 65535;
description = "Set name cache size for IPv4.";
};
nscache6 = mkOption {
type = types.int;
default = 65535;
example = 65535;
description = "Set name cache size for IPv6.";
};
nsrecord = mkOption {
type = types.attrsOf types.str;
default = { };
example = {
"files.local" = "192.168.1.12";
"site.local" = "192.168.1.43";
};
description = "Adds static nsrecords.";
};
};
};
default = { };
description = ''
Use this option to configure name resolution and DNS caching.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
description = ''
Extra configuration, appended to the 3proxy configuration file.
Consult <link xlink:href="https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg">documentation</link> for available options.
'';
};
};
config = mkIf cfg.enable {
services._3proxy.confFile = mkDefault (pkgs.writeText "3proxy.conf" ''
# log to stdout
log
${concatMapStringsSep "\n" (x: "nserver " + x) cfg.resolution.nserver}
nscache ${toString cfg.resolution.nscache}
nscache6 ${toString cfg.resolution.nscache6}
${concatMapStringsSep "\n" (x: "nsrecord " + x)
(mapAttrsToList (name: value: "${name} ${value}")
cfg.resolution.nsrecord)}
${optionalString (cfg.usersFile != null)
''users $"${cfg.usersFile}"''
}
${concatMapStringsSep "\n" (service: ''
auth ${concatStringsSep " " service.auth}
${optionalString (cfg.denyPrivate)
"deny * * ${optionalList cfg.privateRanges}"}
${concatMapStringsSep "\n" (acl:
"${acl.rule} ${
concatMapStringsSep " " optionalList [
acl.users
acl.sources
acl.targets
acl.targetPorts
]
}") service.acl}
maxconn ${toString service.maxConnections}
${optionalString (service.extraConfig != null) service.extraConfig}
${service.type} -i${toString service.bindAddress} ${
optionalString (service.bindPort != null)
"-p${toString service.bindPort}"
} ${
optionalString (service.extraArguments != null) service.extraArguments
}
flush
'') cfg.services}
${optionalString (cfg.extraConfig != null) cfg.extraConfig}
'');
systemd.services."3proxy" = {
description = "Tiny free proxy server";
documentation = [ "https://github.com/z3APA3A/3proxy/wiki" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = "3proxy";
ExecStart = "${pkg}/bin/3proxy ${cfg.confFile}";
Restart = "on-failure";
};
};
};
meta.maintainers = with maintainers; [ misuzu ];
}

83
nixos/modules/services/networking/spacecookie.nix Normal file
View File

@ -0,0 +1,83 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.spacecookie;
configFile = pkgs.writeText "spacecookie.json" (lib.generators.toJSON {} {
inherit (cfg) hostname port root;
});
in {
options = {
services.spacecookie = {
enable = mkEnableOption "spacecookie";
hostname = mkOption {
type = types.str;
default = "localhost";
description = "The hostname the service is reachable via. Clients will use this hostname for further requests after loading the initial gopher menu.";
};
port = mkOption {
type = types.port;
default = 70;
description = "Port the gopher service should be exposed on.";
};
root = mkOption {
type = types.path;
default = "/srv/gopher";
description = "The root directory spacecookie serves via gopher.";
};
};
};
config = mkIf cfg.enable {
systemd.sockets.spacecookie = {
description = "Socket for the Spacecookie Gopher Server";
wantedBy = [ "sockets.target" ];
listenStreams = [ "[::]:${toString cfg.port}" ];
socketConfig = {
BindIPv6Only = "both";
};
};
systemd.services.spacecookie = {
description = "Spacecookie Gopher Server";
wantedBy = [ "multi-user.target" ];
requires = [ "spacecookie.socket" ];
serviceConfig = {
Type = "notify";
ExecStart = "${pkgs.haskellPackages.spacecookie}/bin/spacecookie ${configFile}";
FileDescriptorStoreMax = 1;
DynamicUser = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateUsers = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
CapabilityBoundingSet = "";
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
# AF_UNIX for communication with systemd
# AF_INET replaced by BindIPv6Only=both
RestrictAddressFamilies = "AF_UNIX AF_INET6";
};
};
};
}

4
nixos/modules/services/web-apps/restya-board.nix
View File

@ -116,7 +116,7 @@ in
};
passwordFile = mkOption {
type = types.nullOr types.str;
type = types.nullOr types.path;
default = null;
description = ''
The database user's password. 'null' if no password is set.
@ -285,7 +285,7 @@ in
sed -i "s/^.*'R_DB_PASSWORD'.*$/define('R_DB_PASSWORD', 'restya');/g" "${runDir}/server/php/config.inc.php"
'' else ''
sed -i "s/^.*'R_DB_HOST'.*$/define('R_DB_HOST', '${cfg.database.host}');/g" "${runDir}/server/php/config.inc.php"
sed -i "s/^.*'R_DB_PASSWORD'.*$/define('R_DB_PASSWORD', '$(<${cfg.database.dbPassFile})');/g" "${runDir}/server/php/config.inc.php"
sed -i "s/^.*'R_DB_PASSWORD'.*$/define('R_DB_PASSWORD', ${if cfg.database.passwordFile == null then "''" else "'file_get_contents(${cfg.database.passwordFile})'"});/g" "${runDir}/server/php/config.inc.php
''}
sed -i "s/^.*'R_DB_PORT'.*$/define('R_DB_PORT', '${toString cfg.database.port}');/g" "${runDir}/server/php/config.inc.php"
sed -i "s/^.*'R_DB_NAME'.*$/define('R_DB_NAME', '${cfg.database.name}');/g" "${runDir}/server/php/config.inc.php"

137
nixos/modules/services/web-apps/trilium.nix Normal file
View File

@ -0,0 +1,137 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.trilium-server;
configIni = pkgs.writeText "trilium-config.ini" ''
[General]
# Instance name can be used to distinguish between different instances
instanceName=${cfg.instanceName}
# Disable automatically generating desktop icon
noDesktopIcon=true
[Network]
# host setting is relevant only for web deployments - set the host on which the server will listen
host=${cfg.host}
# port setting is relevant only for web deployments, desktop builds run on random free port
port=${toString cfg.port}
# true for TLS/SSL/HTTPS (secure), false for HTTP (unsecure).
https=false
'';
in
{
options.services.trilium-server = with lib; {
enable = mkEnableOption "trilium-server";
dataDir = mkOption {
type = types.str;
default = "/var/lib/trilium";
description = ''
The directory storing the nodes database and the configuration.
'';
};
instanceName = mkOption {
type = types.str;
default = "Trilium";
description = ''
Instance name used to distinguish between different instances
'';
};
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
The host address to bind to (defaults to localhost).
'';
};
port = mkOption {
type = types.int;
default = 8080;
description = ''
The port number to bind to.
'';
};
nginx = mkOption {
default = {};
description = ''
Configuration for nginx reverse proxy.
'';
type = types.submodule {
options = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Configure the nginx reverse proxy settings.
'';
};
hostName = mkOption {
type = types.str;
description = ''
The hostname use to setup the virtualhost configuration
'';
};
};
};
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
meta.maintainers = with lib.maintainers; [ kampka ];
users.groups.trilium = {};
users.users.trilium = {
description = "Trilium User";
group = "trilium";
home = cfg.dataDir;
isSystemUser = true;
};
systemd.services.trilium-server = {
wantedBy = [ "multi-user.target" ];
environment.TRILIUM_DATA_DIR = cfg.dataDir;
serviceConfig = {
ExecStart = "${pkgs.trilium-server}/bin/trilium-server";
User = "trilium";
Group = "trilium";
PrivateTmp = "true";
};
};
systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0750 trilium trilium - -"
"L+ ${cfg.dataDir}/config.ini - - - - ${configIni}"
];
}
(lib.mkIf cfg.nginx.enable {
services.nginx = {
enable = true;
virtualHosts."${cfg.nginx.hostName}" = {
locations."/" = {
proxyPass = "http://${cfg.host}:${toString cfg.port}/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
'';
};
extraConfig = ''
client_max_body_size 0;
'';
};
};
})
]);
}

31
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -47,7 +47,7 @@ let
''));
configFile = pkgs.writers.writeNginxConfig "nginx.conf" ''
user ${cfg.user} ${cfg.group};
pid /run/nginx/nginx.pid;
error_log ${cfg.logError};
daemon off;
@ -366,12 +366,7 @@ in
preStart = mkOption {
type = types.lines;
default = ''
test -d ${cfg.stateDir}/logs || mkdir -m 750 -p ${cfg.stateDir}/logs
test `stat -c %a ${cfg.stateDir}` = "750" || chmod 750 ${cfg.stateDir}
test `stat -c %a ${cfg.stateDir}/logs` = "750" || chmod 750 ${cfg.stateDir}/logs
chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
'';
default = "";
description = "
Shell commands executed before the service's nginx is started.
";
@ -673,23 +668,35 @@ in
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.services.nginx = {
description = "Nginx Web Server";
wantedBy = [ "multi-user.target" ];
wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts);
after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts;
stopIfChanged = false;
preStart =
''
preStart = ''
${cfg.preStart}
${cfg.package}/bin/nginx -c ${configPath} -p ${cfg.stateDir} -t
'';
${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}' -t
'';
serviceConfig = {
ExecStart = "${cfg.package}/bin/nginx -c ${configPath} -p ${cfg.stateDir}";
ExecStart = "${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}'";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always";
RestartSec = "10s";
StartLimitInterval = "1min";
# User and group
User = cfg.user;
Group = cfg.group;
# Runtime directory and mode
RuntimeDirectory = "nginx";
RuntimeDirectoryMode = "0750";
# Capabilities
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SYS_RESOURCE" ];
};
};

2
nixos/modules/services/web-servers/nginx/location-options.nix
View File

@ -67,7 +67,7 @@ with lib;
return = mkOption {
type = types.nullOr types.str;
default = null;
example = "301 http://example.com$request_uri;";
example = "301 http://example.com$request_uri";
description = ''
Adds a return directive, for e.g. redirections.
'';

55
nixos/modules/services/x11/desktop-managers/cde.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
with lib;
let
xcfg = config.services.xserver;
cfg = xcfg.desktopManager.cde;
in {
options.services.xserver.desktopManager.cde = {
enable = mkEnableOption "Common Desktop Environment";
};
config = mkIf (xcfg.enable && cfg.enable) {
services.rpcbind.enable = true;
services.xinetd.enable = true;
services.xinetd.services = [
{
name = "cmsd";
protocol = "udp";
user = "root";
server = "${pkgs.cdesktopenv}/opt/dt/bin/rpc.cmsd";
extraConfig = ''
type = RPC UNLISTED
rpc_number = 100068
rpc_version = 2-5
only_from = 127.0.0.1/0
'';
}
];
users.groups.mail = {};
security.wrappers = {
dtmail = {
source = "${pkgs.cdesktopenv}/bin/dtmail";
group = "mail";
setgid = true;
};
};
system.activationScripts.setup-cde = ''
mkdir -p /var/dt/{tmp,appconfig/appmanager}
chmod a+w+t /var/dt/{tmp,appconfig/appmanager}
'';
services.xserver.desktopManager.session = [
{ name = "CDE";
start = ''
exec ${pkgs.cdesktopenv}/opt/dt/bin/Xsession
'';
}];
};
meta.maintainers = [ maintainers.gnidorah ];
}

2
nixos/modules/services/x11/desktop-managers/default.nix
View File

@ -20,7 +20,7 @@ in
imports = [
./none.nix ./xterm.nix ./xfce.nix ./plasma5.nix ./lumina.nix
./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix ./maxx.nix
./mate.nix ./pantheon.nix ./surf-display.nix
./mate.nix ./pantheon.nix ./surf-display.nix ./cde.nix
];
options = {

1
nixos/modules/services/x11/desktop-managers/mate.nix
View File

@ -98,7 +98,6 @@ in
services.gnome3.at-spi2-core.enable = true;
services.gnome3.gnome-keyring.enable = true;
services.gnome3.gnome-settings-daemon.enable = true;
services.udev.packages = [ pkgs.mate.mate-settings-daemon ];
services.gvfs.enable = true;
services.upower.enable = config.powerManagement.enable;

321
nixos/modules/services/x11/desktop-managers/pantheon.nix
View File

@ -5,6 +5,7 @@ with lib;
let
cfg = config.services.xserver.desktopManager.pantheon;
serviceCfg = config.services.pantheon;
nixos-gsettings-desktop-schemas = pkgs.pantheon.elementary-gsettings-schemas.override {
extraGSettingsOverridePackages = cfg.extraGSettingsOverridePackages;
@ -19,6 +20,16 @@ in
options = {
services.pantheon = {
contractor = {
enable = mkEnableOption "contractor, a desktop-wide extension service used by Pantheon";
};
apps.enable = mkEnableOption "Pantheon default applications";
};
services.xserver.desktopManager.pantheon = {
enable = mkOption {
type = types.bool;
@ -41,6 +52,18 @@ in
];
};
extraWingpanelIndicators = mkOption {
default = null;
type = with types; nullOr (listOf package);
description = "Indicators to add to Wingpanel.";
};
extraSwitchboardPlugs = mkOption {
default = null;
type = with types; nullOr (listOf package);
description = "Plugs to add to Switchboard.";
};
extraGSettingsOverrides = mkOption {
default = "";
type = types.lines;
@ -67,124 +90,88 @@ in
};
config = mkIf cfg.enable {
config = mkMerge [
(mkIf cfg.enable {
services.xserver.displayManager.sessionPackages = [ pkgs.pantheon.elementary-session-settings ];
services.xserver.displayManager.sessionPackages = [ pkgs.pantheon.elementary-session-settings ];
# Ensure lightdm is used when Pantheon is enabled
# Without it screen locking will be nonfunctional because of the use of lightlocker
# Ensure lightdm is used when Pantheon is enabled
# Without it screen locking will be nonfunctional because of the use of lightlocker
warnings = optional (config.services.xserver.displayManager.lightdm.enable != true)
''
Using Pantheon without LightDM as a displayManager will break screenlocking from the UI.
'';
warnings = optional (config.services.xserver.displayManager.lightdm.enable != true)
''
Using Pantheon without LightDM as a displayManager will break screenlocking from the UI.
services.xserver.displayManager.lightdm.greeters.pantheon.enable = mkDefault true;
# Without this, elementary LightDM greeter will pre-select non-existent `default` session
# https://github.com/elementary/greeter/issues/368
services.xserver.displayManager.defaultSession = "pantheon";
services.xserver.displayManager.sessionCommands = ''
if test "$XDG_CURRENT_DESKTOP" = "Pantheon"; then
${concatMapStrings (p: ''
if [ -d "${p}/share/gsettings-schemas/${p.name}" ]; then
export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${p}/share/gsettings-schemas/${p.name}
fi
if [ -d "${p}/lib/girepository-1.0" ]; then
export GI_TYPELIB_PATH=$GI_TYPELIB_PATH''${GI_TYPELIB_PATH:+:}${p}/lib/girepository-1.0
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${p}/lib
fi
'') cfg.sessionPath}
fi
'';
services.xserver.displayManager.lightdm.greeters.pantheon.enable = mkDefault true;
# Default services
hardware.bluetooth.enable = mkDefault true;
hardware.pulseaudio.enable = mkDefault true;
security.polkit.enable = true;
services.accounts-daemon.enable = true;
services.bamf.enable = true;
services.colord.enable = mkDefault true;
services.tumbler.enable = mkDefault true;
services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true));
services.dbus.packages = with pkgs.pantheon; [
switchboard-plug-power
elementary-default-settings # accountsservice extensions
];
services.pantheon.apps.enable = mkDefault true;
services.pantheon.contractor.enable = mkDefault true;
services.gnome3.at-spi2-core.enable = true;
services.gnome3.evolution-data-server.enable = true;
services.gnome3.glib-networking.enable = true;
services.gnome3.gnome-keyring.enable = true;
services.gvfs.enable = true;
services.gnome3.rygel.enable = mkDefault true;
services.gsignond.enable = mkDefault true;
services.gsignond.plugins = with pkgs.gsignondPlugins; [ lastfm mail oauth ];
services.udisks2.enable = true;
services.upower.enable = config.powerManagement.enable;
services.xserver.libinput.enable = mkDefault true;
services.xserver.updateDbusEnvironment = true;
services.zeitgeist.enable = mkDefault true;
services.geoclue2.enable = mkDefault true;
# pantheon has pantheon-agent-geoclue2
services.geoclue2.enableDemoAgent = false;
services.geoclue2.appConfig."io.elementary.desktop.agent-geoclue2" = {
isAllowed = true;
isSystem = true;
};
# Use gnome-settings-daemon fork
services.udev.packages = [
pkgs.pantheon.elementary-settings-daemon
];
systemd.packages = [
pkgs.pantheon.elementary-settings-daemon
];
programs.dconf.enable = true;
networking.networkmanager.enable = mkDefault true;
# Without this, Elementary LightDM greeter will pre-select non-existent `default` session
# https://github.com/elementary/greeter/issues/368
services.xserver.displayManager.defaultSession = "pantheon";
services.xserver.displayManager.sessionCommands = ''
if test "$XDG_CURRENT_DESKTOP" = "Pantheon"; then
${concatMapStrings (p: ''
if [ -d "${p}/share/gsettings-schemas/${p.name}" ]; then
export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${p}/share/gsettings-schemas/${p.name}
fi
if [ -d "${p}/lib/girepository-1.0" ]; then
export GI_TYPELIB_PATH=$GI_TYPELIB_PATH''${GI_TYPELIB_PATH:+:}${p}/lib/girepository-1.0
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${p}/lib
fi
'') cfg.sessionPath}
fi
'';
hardware.bluetooth.enable = mkDefault true;
hardware.pulseaudio.enable = mkDefault true;
security.polkit.enable = true;
services.accounts-daemon.enable = true;
services.bamf.enable = true;
services.colord.enable = mkDefault true;
services.pantheon.files.enable = mkDefault true;
services.tumbler.enable = mkDefault true;
services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true));
services.dbus.packages = with pkgs.pantheon; [
switchboard-plug-power
elementary-default-settings
];
services.pantheon.contractor.enable = mkDefault true;
services.gnome3.at-spi2-core.enable = true;
services.gnome3.evolution-data-server.enable = true;
services.gnome3.glib-networking.enable = true;
# TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully
services.gnome3.gnome-keyring.enable = true;
services.gnome3.gnome-settings-daemon.enable = true;
services.udev.packages = [ pkgs.pantheon.elementary-settings-daemon ];
services.gvfs.enable = true;
services.gnome3.rygel.enable = mkDefault true;
services.gsignond.enable = mkDefault true;
services.gsignond.plugins = with pkgs.gsignondPlugins; [ lastfm mail oauth ];
services.udisks2.enable = true;
services.upower.enable = config.powerManagement.enable;
services.xserver.libinput.enable = mkDefault true;
services.xserver.updateDbusEnvironment = true;
services.zeitgeist.enable = mkDefault true;
services.geoclue2.enable = mkDefault true;
# pantheon has pantheon-agent-geoclue2
services.geoclue2.enableDemoAgent = false;
services.geoclue2.appConfig."io.elementary.desktop.agent-geoclue2" = {
isAllowed = true;
isSystem = true;
};
programs.dconf.enable = true;
programs.evince.enable = mkDefault true;
programs.file-roller.enable = mkDefault true;
# Otherwise you can't store NetworkManager Secrets with
# "Store the password only for this user"
programs.nm-applet.enable = true;
# Shell integration for VTE terminals
programs.bash.vteIntegration = mkDefault true;
programs.zsh.vteIntegration = mkDefault true;
# Harmonize Qt5 applications under Pantheon
qt5.enable = true;
qt5.platformTheme = "gnome";
qt5.style = "adwaita";
networking.networkmanager.enable = mkDefault true;
# Override GSettings schemas
environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas";
environment.sessionVariables.GNOME_SESSION_DEBUG = mkIf cfg.debug "1";
# Settings from elementary-default-settings
environment.sessionVariables.GTK_CSD = "1";
environment.sessionVariables.GTK3_MODULES = [ "pantheon-filechooser-module" ];
environment.etc."gtk-3.0/settings.ini".source = "${pkgs.pantheon.elementary-default-settings}/etc/gtk-3.0/settings.ini";
environment.pathsToLink = [
# FIXME: modules should link subdirs of `/share` rather than relying on this
"/share"
];
environment.systemPackages =
pkgs.pantheon.artwork ++ pkgs.pantheon.desktop ++ pkgs.pantheon.services ++ cfg.sessionPath
++ (with pkgs; gnome3.removePackagesByName
([
gnome3.geary
gnome3.epiphany
gnome3.gnome-font-viewer
] ++ pantheon.apps) config.environment.pantheon.excludePackages)
++ (with pkgs;
[
adwaita-qt
# Global environment
environment.systemPackages = with pkgs; [
desktop-file-utils
glib
glib-networking
gnome-menus
gnome3.adwaita-icon-theme
gtk3.out
@ -196,19 +183,111 @@ in
shared-mime-info
sound-theme-freedesktop
xdg-user-dirs
]);
] ++ (with pkgs.pantheon; [
# Artwork
elementary-gtk-theme
elementary-icon-theme
elementary-sound-theme
elementary-wallpapers
fonts.fonts = with pkgs; [
open-sans
roboto-mono
pantheon.elementary-redacted-script # needed by screenshot-tool
];
# Desktop
elementary-default-settings
elementary-session-settings
elementary-shortcut-overlay
gala
(switchboard-with-plugs.override {
plugs = cfg.extraSwitchboardPlugs;
})
(wingpanel-with-indicators.override {
indicators = cfg.extraWingpanelIndicators;
})
fonts.fontconfig.defaultFonts = {
monospace = [ "Roboto Mono" ];
sansSerif = [ "Open Sans" ];
};
# Services
cerbere
elementary-capnet-assist
elementary-dpms-helper
elementary-settings-daemon
pantheon-agent-geoclue2
pantheon-agent-polkit
]) ++ (gnome3.removePackagesByName [
gnome3.geary
gnome3.epiphany
gnome3.gnome-font-viewer
] config.environment.pantheon.excludePackages);
};
programs.evince.enable = mkDefault true;
programs.file-roller.enable = mkDefault true;
# Settings from elementary-default-settings
environment.sessionVariables.GTK_CSD = "1";
environment.sessionVariables.GTK3_MODULES = [ "pantheon-filechooser-module" ];
environment.etc."gtk-3.0/settings.ini".source = "${pkgs.pantheon.elementary-default-settings}/etc/gtk-3.0/settings.ini";
# Override GSettings schemas
environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas";
environment.sessionVariables.GNOME_SESSION_DEBUG = mkIf cfg.debug "1";
environment.pathsToLink = [
# FIXME: modules should link subdirs of `/share` rather than relying on this
"/share"
];
# Otherwise you can't store NetworkManager Secrets with
# "Store the password only for this user"
programs.nm-applet.enable = true;
# Shell integration for VTE terminals
programs.bash.vteIntegration = mkDefault true;
programs.zsh.vteIntegration = mkDefault true;
# Harmonize Qt5 applications under Pantheon
qt5.enable = true;
qt5.platformTheme = "gnome";
qt5.style = "adwaita";
# Default Fonts
fonts.fonts = with pkgs; [
open-sans
roboto-mono
];
fonts.fontconfig.defaultFonts = {
monospace = [ "Roboto Mono" ];
sansSerif = [ "Open Sans" ];
};
})
(mkIf serviceCfg.apps.enable {
environment.systemPackages = (with pkgs.pantheon; pkgs.gnome3.removePackagesByName [
elementary-calculator
elementary-calendar
elementary-camera
elementary-code
elementary-files
elementary-music
elementary-photos
elementary-screenshot-tool
elementary-terminal
elementary-videos
] config.environment.pantheon.excludePackages);
# needed by screenshot-tool
fonts.fonts = [
pkgs.pantheon.elementary-redacted-script
];
})
(mkIf serviceCfg.contractor.enable {
environment.systemPackages = with pkgs.pantheon; [
contractor
extra-elementary-contracts
];
environment.pathsToLink = [
"/share/contractor"
];
})
];
}

2
nixos/modules/services/x11/imwheel.nix
View File

@ -10,7 +10,7 @@ in
extraOptions = mkOption {
type = types.listOf types.str;
default = [ "--buttons 45" ];
default = [ "--buttons=45" ];
example = [ "--debug" ];
description = ''
Additional command-line arguments to pass to

2
nixos/modules/system/boot/systemd-nspawn.nix
View File

@ -126,7 +126,7 @@ in {
systemd.services."systemd-nspawn@".serviceConfig.ExecStart = [
"" # deliberately empty. signals systemd to override the ExecStart
# Only difference between upstream is that we do not pass the -U flag
"${pkgs.systemd}/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%i"
"${config.systemd.package}/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%i"
];
}
];

127
nixos/modules/tasks/kbd.nix
View File

@ -1,127 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
makeColor = n: value: "COLOR_${toString n}=${value}";
makeColorCS =
let positions = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "A" "B" "C" "D" "E" "F" ];
in n: value: "\\033]P${elemAt positions (n - 1)}${value}";
colors = concatImapStringsSep "\n" makeColor config.i18n.consoleColors;
isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale);
optimizedKeymap = pkgs.runCommand "keymap" {
nativeBuildInputs = [ pkgs.buildPackages.kbd ];
LOADKEYS_KEYMAP_PATH = "${kbdEnv}/share/keymaps/**";
preferLocalBuild = true;
} ''
loadkeys -b ${optionalString isUnicode "-u"} "${config.i18n.consoleKeyMap}" > $out
'';
# Sadly, systemd-vconsole-setup doesn't support binary keymaps.
vconsoleConf = pkgs.writeText "vconsole.conf" ''
KEYMAP=${config.i18n.consoleKeyMap}
FONT=${config.i18n.consoleFont}
${colors}
'';
kbdEnv = pkgs.buildEnv {
name = "kbd-env";
paths = [ pkgs.kbd ] ++ config.i18n.consolePackages;
pathsToLink = [ "/share/consolefonts" "/share/consoletrans" "/share/keymaps" "/share/unimaps" ];
};
setVconsole = !config.boot.isContainer;
in
{
###### interface
options = {
# most options are defined in i18n.nix
# FIXME: still needed?
boot.extraTTYs = mkOption {
default = [];
type = types.listOf types.str;
example = ["tty8" "tty9"];
description = ''
Tty (virtual console) devices, in addition to the consoles on
which mingetty and syslogd run, that must be initialised.
Only useful if you have some program that you want to run on
some fixed console. For example, the NixOS installation CD
opens the manual in a web browser on console 7, so it sets
<option>boot.extraTTYs</option> to <literal>["tty7"]</literal>.
'';
};
boot.earlyVconsoleSetup = mkOption {
default = false;
type = types.bool;
description = ''
Enable setting font as early as possible (in initrd).
'';
};
};
###### implementation
config = mkMerge [
(mkIf (!setVconsole) {
systemd.services.systemd-vconsole-setup.enable = false;
})
(mkIf setVconsole (mkMerge [
{ environment.systemPackages = [ pkgs.kbd ];
# Let systemd-vconsole-setup.service do the work of setting up the
# virtual consoles.
environment.etc."vconsole.conf".source = vconsoleConf;
# Provide kbd with additional packages.
environment.etc.kbd.source = "${kbdEnv}/share";
boot.initrd.preLVMCommands = mkBefore ''
kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
loadkmap < ${optimizedKeymap}
${optionalString config.boot.earlyVconsoleSetup ''
setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
''}
${concatImapStringsSep "\n" (n: color: ''
printf "${makeColorCS n color}" >> /dev/console
'') config.i18n.consoleColors}
'';
systemd.services.systemd-vconsole-setup =
{ before = [ "display-manager.service" ];
after = [ "systemd-udev-settle.service" ];
restartTriggers = [ vconsoleConf kbdEnv ];
};
}
(mkIf config.boot.earlyVconsoleSetup {
boot.initrd.extraUtilsCommands = ''
mkdir -p $out/share/consolefonts
${if substring 0 1 config.i18n.consoleFont == "/" then ''
font="${config.i18n.consoleFont}"
'' else ''
font="$(echo ${kbdEnv}/share/consolefonts/${config.i18n.consoleFont}.*)"
''}
if [[ $font == *.gz ]]; then
gzip -cd $font > $out/share/consolefonts/font.psf
else
cp -L $font $out/share/consolefonts/font.psf
fi
'';
})
]))
];
}

2
nixos/modules/virtualisation/lxc.nix
View File

@ -58,7 +58,7 @@ in
''
This is the config file for managing unprivileged user network
administration access in LXC. See <citerefentry>
<refentrytitle>lxc-user-net</refentrytitle><manvolnum>5</manvolnum>
<refentrytitle>lxc-usernet</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
'';
};

162
nixos/tests/3proxy.nix Normal file
View File

@ -0,0 +1,162 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "3proxy";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ misuzu ];
};
nodes = {
peer0 = { lib, ... }: {
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = [
{
address = "192.168.0.1";
prefixLength = 24;
}
{
address = "216.58.211.111";
prefixLength = 24;
}
];
};
};
peer1 = { lib, ... }: {
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = [
{
address = "192.168.0.2";
prefixLength = 24;
}
{
address = "216.58.211.112";
prefixLength = 24;
}
];
};
# test that binding to [::] is working when ipv6 is disabled
networking.enableIPv6 = false;
services._3proxy = {
enable = true;
services = [
{
type = "admin";
bindPort = 9999;
auth = [ "none" ];
}
{
type = "proxy";
bindPort = 3128;
auth = [ "none" ];
}
];
};
networking.firewall.allowedTCPPorts = [ 3128 9999 ];
};
peer2 = { lib, ... }: {
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = [
{
address = "192.168.0.3";
prefixLength = 24;
}
{
address = "216.58.211.113";
prefixLength = 24;
}
];
};
services._3proxy = {
enable = true;
services = [
{
type = "admin";
bindPort = 9999;
auth = [ "none" ];
}
{
type = "proxy";
bindPort = 3128;
auth = [ "iponly" ];
acl = [
{
rule = "allow";
}
];
}
];
};
networking.firewall.allowedTCPPorts = [ 3128 9999 ];
};
peer3 = { lib, ... }: {
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = [
{
address = "192.168.0.4";
prefixLength = 24;
}
{
address = "216.58.211.114";
prefixLength = 24;
}
];
};
services._3proxy = {
enable = true;
usersFile = pkgs.writeText "3proxy.passwd" ''
admin:CR:$1$.GUV4Wvk$WnEVQtaqutD9.beO5ar1W/
'';
services = [
{
type = "admin";
bindPort = 9999;
auth = [ "none" ];
}
{
type = "proxy";
bindPort = 3128;
auth = [ "strong" ];
acl = [
{
rule = "allow";
}
];
}
];
};
networking.firewall.allowedTCPPorts = [ 3128 9999 ];
};
};
testScript = ''
startAll;
$peer1->waitForUnit("3proxy.service");
# test none auth
$peer0->succeed("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://216.58.211.112:9999");
$peer0->succeed("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://192.168.0.2:9999");
$peer0->succeed("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://127.0.0.1:9999");
$peer2->waitForUnit("3proxy.service");
# test iponly auth
$peer0->succeed("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://216.58.211.113:9999");
$peer0->fail("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://192.168.0.3:9999");
$peer0->fail("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://127.0.0.1:9999");
$peer3->waitForUnit("3proxy.service");
# test strong auth
$peer0->succeed("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999");
$peer0->fail("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999");
$peer0->fail("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999");
$peer0->fail("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999");
$peer0->fail("${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999");
'';
})

3
nixos/tests/all-tests.nix
View File

@ -21,6 +21,7 @@ let
else {};
in
{
_3proxy = handleTest ./3proxy.nix {};
acme = handleTestOn ["x86_64-linux"] ./acme.nix {};
atd = handleTest ./atd.nix {};
automysqlbackup = handleTest ./automysqlbackup.nix {};
@ -256,6 +257,7 @@ in
smokeping = handleTest ./smokeping.nix {};
snapper = handleTest ./snapper.nix {};
solr = handleTest ./solr.nix {};
spacecookie = handleTest ./spacecookie.nix {};
sonarr = handleTest ./sonarr.nix {};
strongswan-swanctl = handleTest ./strongswan-swanctl.nix {};
sudo = handleTest ./sudo.nix {};
@ -277,6 +279,7 @@ in
tor = handleTest ./tor.nix {};
transmission = handleTest ./transmission.nix {};
trac = handleTest ./trac.nix {};
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
udisks2 = handleTest ./udisks2.nix {};

28
nixos/tests/hydra/default.nix
View File

@ -34,7 +34,7 @@ let
};
tests = pkgs.lib.flip pkgs.lib.mapAttrs hydraPkgs (name: nix:
callTest (import ../make-test.nix ({ pkgs, lib, ... }:
callTest (import ../make-test-python.nix ({ pkgs, lib, ... }:
{
name = "hydra-with-${name}";
meta = with pkgs.stdenv.lib.maintainers; {
@ -73,26 +73,30 @@ let
testScript = ''
# let the system boot up
$machine->waitForUnit("multi-user.target");
machine.wait_for_unit("multi-user.target")
# test whether the database is running
$machine->waitForUnit("postgresql.service");
machine.wait_for_unit("postgresql.service")
# test whether the actual hydra daemons are running
$machine->waitForUnit("hydra-init.service");
$machine->requireActiveUnit("hydra-queue-runner.service");
$machine->requireActiveUnit("hydra-evaluator.service");
$machine->requireActiveUnit("hydra-notify.service");
machine.wait_for_unit("hydra-init.service")
machine.require_unit_state("hydra-queue-runner.service")
machine.require_unit_state("hydra-evaluator.service")
machine.require_unit_state("hydra-notify.service")
$machine->succeed("hydra-create-user admin --role admin --password admin");
machine.succeed("hydra-create-user admin --role admin --password admin")
# create a project with a trivial job
$machine->waitForOpenPort(3000);
machine.wait_for_open_port(3000)
# make sure the build as been successfully built
$machine->succeed("create-trivial-project.sh");
machine.succeed("create-trivial-project.sh")
$machine->waitUntilSucceeds('curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq');
machine.wait_until_succeeds(
'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'
)
$machine->waitUntilSucceeds('journalctl -eu hydra-notify.service -o cat | grep -q "sending mail notification to hydra@localhost"');
machine.wait_until_succeeds(
'journalctl -eu hydra-notify.service -o cat | grep -q "sending mail notification to hydra@localhost"'
)
'';
})));

28
nixos/tests/mutable-users.nix
View File

@ -1,6 +1,6 @@
# Mutable users tests.
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "mutable-users";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ gleber ];
@ -19,21 +19,27 @@ import ./make-test.nix ({ pkgs, ...} : {
immutableSystem = nodes.machine.config.system.build.toplevel;
mutableSystem = nodes.mutable.config.system.build.toplevel;
in ''
$machine->start();
$machine->waitForUnit("default.target");
machine.start()
machine.wait_for_unit("default.target")
# Machine starts in immutable mode. Add a user and test if reactivating
# configuration removes the user.
$machine->fail("cat /etc/passwd | grep ^foobar:");
$machine->succeed("sudo useradd foobar");
$machine->succeed("cat /etc/passwd | grep ^foobar:");
$machine->succeed("${immutableSystem}/bin/switch-to-configuration test");
$machine->fail("cat /etc/passwd | grep ^foobar:");
with subtest("Machine in immutable mode"):
assert "foobar" not in machine.succeed("cat /etc/passwd")
machine.succeed("sudo useradd foobar")
assert "foobar" in machine.succeed("cat /etc/passwd")
machine.succeed(
"${immutableSystem}/bin/switch-to-configuration test"
)
assert "foobar" not in machine.succeed("cat /etc/passwd")
# In immutable mode passwd is not wrapped, while in mutable mode it is
# wrapped.
$machine->succeed('which passwd | grep /run/current-system/');
$machine->succeed("${mutableSystem}/bin/switch-to-configuration test");
$machine->succeed('which passwd | grep /run/wrappers/');
with subtest("Password is wrapped in mutable mode"):
assert "/run/current-system/" in machine.succeed("which passwd")
machine.succeed(
"${mutableSystem}/bin/switch-to-configuration test"
)
assert "/run/wrappers/" in machine.succeed("which passwd")
'';
})

17
nixos/tests/mxisd.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "mxisd";
meta = with pkgs.stdenv.lib.maintainers; {
@ -19,13 +19,12 @@ import ./make-test.nix ({ pkgs, ... } : {
};
testScript = ''
startAll;
$server_mxisd->waitForUnit("mxisd.service");
$server_mxisd->waitForOpenPort(8090);
$server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"");
$server_ma1sd->waitForUnit("mxisd.service");
$server_ma1sd->waitForOpenPort(8090);
$server_ma1sd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"")
start_all()
server_mxisd.wait_for_unit("mxisd.service")
server_mxisd.wait_for_open_port(8090)
server_mxisd.succeed("curl -Ssf 'http://127.0.0.1:8090/_matrix/identity/api/v1'")
server_ma1sd.wait_for_unit("mxisd.service")
server_ma1sd.wait_for_open_port(8090)
server_ma1sd.succeed("curl -Ssf 'http://127.0.0.1:8090/_matrix/identity/api/v1'")
'';
})

36
nixos/tests/nesting.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix {
import ./make-test-python.nix {
name = "nesting";
nodes = {
clone = { pkgs, ... }: {
@ -19,24 +19,26 @@ import ./make-test.nix {
};
};
testScript = ''
$clone->waitForUnit("default.target");
$clone->succeed("cowsay hey");
$clone->fail("hello");
clone.wait_for_unit("default.target")
clone.succeed("cowsay hey")
clone.fail("hello")
# Nested clones do inherit from parent
$clone->succeed("/run/current-system/fine-tune/child-1/bin/switch-to-configuration test");
$clone->succeed("cowsay hey");
$clone->succeed("hello");
with subtest("Nested clones do inherit from parent"):
clone.succeed(
"/run/current-system/fine-tune/child-1/bin/switch-to-configuration test"
)
clone.succeed("cowsay hey")
clone.succeed("hello")
children.wait_for_unit("default.target")
children.succeed("cowsay hey")
children.fail("hello")
$children->waitForUnit("default.target");
$children->succeed("cowsay hey");
$children->fail("hello");
# Nested children do not inherit from parent
$children->succeed("/run/current-system/fine-tune/child-1/bin/switch-to-configuration test");
$children->fail("cowsay hey");
$children->succeed("hello");
with subtest("Nested children do not inherit from parent"):
children.succeed(
"/run/current-system/fine-tune/child-1/bin/switch-to-configuration test"
)
children.fail("cowsay hey")
children.succeed("hello")
'';
}

429
nixos/tests/networking.nix
View File

@ -4,7 +4,7 @@
# bool: whether to use networkd in the tests
, networkd }:
with import ../lib/testing.nix { inherit system pkgs; };
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
let
@ -75,10 +75,11 @@ let
machine.networking.useDHCP = false;
machine.networking.useNetworkd = networkd;
testScript = ''
startAll;
$machine->waitForUnit("network.target");
$machine->succeed("ip addr show lo | grep -q 'inet 127.0.0.1/8 '");
$machine->succeed("ip addr show lo | grep -q 'inet6 ::1/128 '");
start_all()
machine.wait_for_unit("network.target")
loopback_addresses = machine.succeed("ip addr show lo")
assert "inet 127.0.0.1/8" in loopback_addresses
assert "inet6 ::1/128" in loopback_addresses
'';
};
static = {
@ -102,35 +103,35 @@ let
};
testScript = { ... }:
''
startAll;
start_all()
$client->waitForUnit("network.target");
$router->waitForUnit("network-online.target");
client.wait_for_unit("network.target")
router.wait_for_unit("network-online.target")
# Make sure dhcpcd is not started
$client->fail("systemctl status dhcpcd.service");
with subtest("Make sure dhcpcd is not started"):
client.fail("systemctl status dhcpcd.service")
# Test vlan 1
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client->waitUntilSucceeds("ping -c 1 192.168.1.3");
$client->waitUntilSucceeds("ping -c 1 192.168.1.10");
with subtest("Test vlan 1"):
client.wait_until_succeeds("ping -c 1 192.168.1.1")
client.wait_until_succeeds("ping -c 1 192.168.1.2")
client.wait_until_succeeds("ping -c 1 192.168.1.3")
client.wait_until_succeeds("ping -c 1 192.168.1.10")
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
$router->waitUntilSucceeds("ping -c 1 192.168.1.10");
router.wait_until_succeeds("ping -c 1 192.168.1.1")
router.wait_until_succeeds("ping -c 1 192.168.1.2")
router.wait_until_succeeds("ping -c 1 192.168.1.3")
router.wait_until_succeeds("ping -c 1 192.168.1.10")
# Test vlan 2
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
$client->waitUntilSucceeds("ping -c 1 192.168.2.2");
with subtest("Test vlan 2"):
client.wait_until_succeeds("ping -c 1 192.168.2.1")
client.wait_until_succeeds("ping -c 1 192.168.2.2")
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
$router->waitUntilSucceeds("ping -c 1 192.168.2.2");
router.wait_until_succeeds("ping -c 1 192.168.2.1")
router.wait_until_succeeds("ping -c 1 192.168.2.2")
# Test default gateway
$router->waitUntilSucceeds("ping -c 1 192.168.3.1");
$client->waitUntilSucceeds("ping -c 1 192.168.3.1");
with subtest("Test default gateway"):
router.wait_until_succeeds("ping -c 1 192.168.3.1")
client.wait_until_succeeds("ping -c 1 192.168.3.1")
'';
};
dhcpSimple = {
@ -155,38 +156,38 @@ let
};
testScript = { ... }:
''
startAll;
start_all()
$client->waitForUnit("network.target");
$router->waitForUnit("network-online.target");
client.wait_for_unit("network.target")
router.wait_for_unit("network-online.target")
# Wait until we have an ip address on each interface
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'");
$client->waitUntilSucceeds("ip addr show dev eth2 | grep -q '192.168.2'");
$client->waitUntilSucceeds("ip addr show dev eth2 | grep -q 'fd00:1234:5678:2:'");
with subtest("Wait until we have an ip address on each interface"):
client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'")
client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'")
client.wait_until_succeeds("ip addr show dev eth2 | grep -q '192.168.2'")
client.wait_until_succeeds("ip addr show dev eth2 | grep -q 'fd00:1234:5678:2:'")
# Test vlan 1
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::2");
with subtest("Test vlan 1"):
client.wait_until_succeeds("ping -c 1 192.168.1.1")
client.wait_until_succeeds("ping -c 1 192.168.1.2")
client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1")
client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::2")
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::2");
router.wait_until_succeeds("ping -c 1 192.168.1.1")
router.wait_until_succeeds("ping -c 1 192.168.1.2")
router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1")
router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::2")
# Test vlan 2
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
$client->waitUntilSucceeds("ping -c 1 192.168.2.2");
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::1");
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::2");
with subtest("Test vlan 2"):
client.wait_until_succeeds("ping -c 1 192.168.2.1")
client.wait_until_succeeds("ping -c 1 192.168.2.2")
client.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::1")
client.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::2")
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
$router->waitUntilSucceeds("ping -c 1 192.168.2.2");
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::1");
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::2");
router.wait_until_succeeds("ping -c 1 192.168.2.1")
router.wait_until_succeeds("ping -c 1 192.168.2.2")
router.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::1")
router.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::2")
'';
};
dhcpOneIf = {
@ -206,28 +207,28 @@ let
};
testScript = { ... }:
''
startAll;
start_all()
# Wait for networking to come up
$client->waitForUnit("network.target");
$router->waitForUnit("network.target");
with subtest("Wait for networking to come up"):
client.wait_for_unit("network.target")
router.wait_for_unit("network.target")
# Wait until we have an ip address on each interface
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
with subtest("Wait until we have an ip address on each interface"):
client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'")
# Test vlan 1
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
with subtest("Test vlan 1"):
client.wait_until_succeeds("ping -c 1 192.168.1.1")
client.wait_until_succeeds("ping -c 1 192.168.1.2")
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
router.wait_until_succeeds("ping -c 1 192.168.1.1")
router.wait_until_succeeds("ping -c 1 192.168.1.2")
# Test vlan 2
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
$client->fail("ping -c 1 192.168.2.2");
with subtest("Test vlan 2"):
client.wait_until_succeeds("ping -c 1 192.168.2.1")
client.fail("ping -c 1 192.168.2.2")
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
$router->fail("ping -c 1 192.168.2.2");
router.wait_until_succeeds("ping -c 1 192.168.2.1")
router.fail("ping -c 1 192.168.2.2")
'';
};
bond = let
@ -252,18 +253,18 @@ let
nodes.client2 = node "192.168.1.2";
testScript = { ... }:
''
startAll;
start_all()
# Wait for networking to come up
$client1->waitForUnit("network.target");
$client2->waitForUnit("network.target");
with subtest("Wait for networking to come up"):
client1.wait_for_unit("network.target")
client2.wait_for_unit("network.target")
# Test bonding
$client1->waitUntilSucceeds("ping -c 2 192.168.1.1");
$client1->waitUntilSucceeds("ping -c 2 192.168.1.2");
with subtest("Test bonding"):
client1.wait_until_succeeds("ping -c 2 192.168.1.1")
client1.wait_until_succeeds("ping -c 2 192.168.1.2")
$client2->waitUntilSucceeds("ping -c 2 192.168.1.1");
$client2->waitUntilSucceeds("ping -c 2 192.168.1.2");
client2.wait_until_succeeds("ping -c 2 192.168.1.1")
client2.wait_until_succeeds("ping -c 2 192.168.1.2")
'';
};
bridge = let
@ -294,25 +295,24 @@ let
};
testScript = { ... }:
''
startAll;
start_all()
# Wait for networking to come up
$client1->waitForUnit("network.target");
$client2->waitForUnit("network.target");
$router->waitForUnit("network.target");
with subtest("Wait for networking to come up"):
for machine in client1, client2, router:
machine.wait_for_unit("network.target")
# Test bridging
$client1->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client1->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client1->waitUntilSucceeds("ping -c 1 192.168.1.3");
with subtest("Test bridging"):
client1.wait_until_succeeds("ping -c 1 192.168.1.1")
client1.wait_until_succeeds("ping -c 1 192.168.1.2")
client1.wait_until_succeeds("ping -c 1 192.168.1.3")
$client2->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client2->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client2->waitUntilSucceeds("ping -c 1 192.168.1.3");
client2.wait_until_succeeds("ping -c 1 192.168.1.1")
client2.wait_until_succeeds("ping -c 1 192.168.1.2")
client2.wait_until_succeeds("ping -c 1 192.168.1.3")
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
router.wait_until_succeeds("ping -c 1 192.168.1.1")
router.wait_until_succeeds("ping -c 1 192.168.1.2")
router.wait_until_succeeds("ping -c 1 192.168.1.3")
'';
};
macvlan = {
@ -340,35 +340,35 @@ let
};
testScript = { ... }:
''
startAll;
start_all()
# Wait for networking to come up
$client->waitForUnit("network.target");
$router->waitForUnit("network.target");
with subtest("Wait for networking to come up"):
client.wait_for_unit("network.target")
router.wait_for_unit("network.target")
# Wait until we have an ip address on each interface
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
$client->waitUntilSucceeds("ip addr show dev macvlan | grep -q '192.168.1'");
with subtest("Wait until we have an ip address on each interface"):
client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'")
client.wait_until_succeeds("ip addr show dev macvlan | grep -q '192.168.1'")
# Print lots of diagnostic information
$router->log('**********************************************');
$router->succeed("ip addr >&2");
$router->succeed("ip route >&2");
$router->execute("iptables-save >&2");
$client->log('==============================================');
$client->succeed("ip addr >&2");
$client->succeed("ip route >&2");
$client->execute("iptables-save >&2");
$client->log('##############################################');
with subtest("Print lots of diagnostic information"):
router.log("**********************************************")
router.succeed("ip addr >&2")
router.succeed("ip route >&2")
router.execute("iptables-save >&2")
client.log("==============================================")
client.succeed("ip addr >&2")
client.succeed("ip route >&2")
client.execute("iptables-save >&2")
client.log("##############################################")
# Test macvlan creates routable ips
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client->waitUntilSucceeds("ping -c 1 192.168.1.3");
with subtest("Test macvlan creates routable ips"):
client.wait_until_succeeds("ping -c 1 192.168.1.1")
client.wait_until_succeeds("ping -c 1 192.168.1.2")
client.wait_until_succeeds("ping -c 1 192.168.1.3")
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
router.wait_until_succeeds("ping -c 1 192.168.1.1")
router.wait_until_succeeds("ping -c 1 192.168.1.2")
router.wait_until_succeeds("ping -c 1 192.168.1.3")
'';
};
sit = let
@ -395,22 +395,22 @@ let
nodes.client2 = node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; };
testScript = { ... }:
''
startAll;
start_all()
# Wait for networking to be configured
$client1->waitForUnit("network.target");
$client2->waitForUnit("network.target");
with subtest("Wait for networking to be configured"):
client1.wait_for_unit("network.target")
client2.wait_for_unit("network.target")
# Print diagnostic information
$client1->succeed("ip addr >&2");
$client2->succeed("ip addr >&2");
# Print diagnostic information
client1.succeed("ip addr >&2")
client2.succeed("ip addr >&2")
# Test ipv6
$client1->waitUntilSucceeds("ping -c 1 fc00::1");
$client1->waitUntilSucceeds("ping -c 1 fc00::2");
with subtest("Test ipv6"):
client1.wait_until_succeeds("ping -c 1 fc00::1")
client1.wait_until_succeeds("ping -c 1 fc00::2")
$client2->waitUntilSucceeds("ping -c 1 fc00::1");
$client2->waitUntilSucceeds("ping -c 1 fc00::2");
client2.wait_until_succeeds("ping -c 1 fc00::1")
client2.wait_until_succeeds("ping -c 1 fc00::2")
'';
};
vlan = let
@ -435,15 +435,15 @@ let
nodes.client2 = node "192.168.1.2";
testScript = { ... }:
''
startAll;
start_all()
# Wait for networking to be configured
$client1->waitForUnit("network.target");
$client2->waitForUnit("network.target");
with subtest("Wait for networking to be configured"):
client1.wait_for_unit("network.target")
client2.wait_for_unit("network.target")
# Test vlan is setup
$client1->succeed("ip addr show dev vlan >&2");
$client2->succeed("ip addr show dev vlan >&2");
with subtest("Test vlan is setup"):
client1.succeed("ip addr show dev vlan >&2")
client2.succeed("ip addr show dev vlan >&2")
'';
};
virtual = {
@ -464,33 +464,38 @@ let
};
testScript = ''
my $targetList = <<'END';
targetList = """
tap0: tap persist user 0
tun0: tun persist user 0
END
""".strip()
# Wait for networking to come up
$machine->start;
$machine->waitForUnit("network-online.target");
with subtest("Wait for networking to come up"):
machine.start()
machine.wait_for_unit("network-online.target")
# Test interfaces set up
my $list = $machine->succeed("ip tuntap list | sort");
"$list" eq "$targetList" or die(
"The list of virtual interfaces does not match the expected one:\n",
"Result:\n", "$list\n",
"Expected:\n", "$targetList\n"
);
with subtest("Test interfaces set up"):
list = machine.succeed("ip tuntap list | sort").strip()
assert (
list == targetList
), """
The list of virtual interfaces does not match the expected one:
Result:
{}
Expected:
{}
""".format(
list, targetList
)
# Test interfaces clean up
$machine->succeed("systemctl stop network-addresses-tap0");
$machine->sleep(10);
$machine->succeed("systemctl stop network-addresses-tun0");
$machine->sleep(10);
my $residue = $machine->succeed("ip tuntap list");
$residue eq "" or die(
"Some virtual interface has not been properly cleaned:\n",
"$residue\n"
);
with subtest("Test interfaces clean up"):
machine.succeed("systemctl stop network-addresses-tap0")
machine.sleep(10)
machine.succeed("systemctl stop network-addresses-tun0")
machine.sleep(10)
residue = machine.succeed("ip tuntap list")
assert (
residue is ""
), "Some virtual interface has not been properly cleaned:\n{}".format(residue)
'';
};
privacy = {
@ -522,7 +527,7 @@ let
'';
};
};
nodes.clientWithPrivacy = { pkgs, ... }: with pkgs.lib; {
nodes.client_with_privacy = { pkgs, ... }: with pkgs.lib; {
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = networkd;
@ -550,25 +555,31 @@ let
};
testScript = { ... }:
''
startAll;
start_all()
$client->waitForUnit("network.target");
$clientWithPrivacy->waitForUnit("network.target");
$router->waitForUnit("network-online.target");
client.wait_for_unit("network.target")
client_with_privacy.wait_for_unit("network.target")
router.wait_for_unit("network-online.target")
# Wait until we have an ip address
$clientWithPrivacy->waitUntilSucceeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'");
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'");
with subtest("Wait until we have an ip address"):
client_with_privacy.wait_until_succeeds(
"ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'"
)
client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'")
# Test vlan 1
$clientWithPrivacy->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
with subtest("Test vlan 1"):
client_with_privacy.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1")
client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1")
# Test address used is temporary
$clientWithPrivacy->waitUntilSucceeds("! ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'");
with subtest("Test address used is temporary"):
client_with_privacy.wait_until_succeeds(
"! ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'"
)
# Test address used is EUI-64
$client->waitUntilSucceeds("ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'");
with subtest("Test address used is EUI-64"):
client.wait_until_succeeds(
"ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'"
)
'';
};
routes = {
@ -591,47 +602,57 @@ let
};
testScript = ''
my $targetIPv4Table = <<'END';
targetIPv4Table = """
10.0.0.0/16 proto static scope link mtu 1500
192.168.1.0/24 proto kernel scope link src 192.168.1.2
192.168.2.0/24 via 192.168.1.1 proto static
END
""".strip()
my $targetIPv6Table = <<'END';
targetIPv6Table = """
2001:1470:fffd:2097::/64 proto kernel metric 256 pref medium
2001:1470:fffd:2098::/64 via fdfd:b3f0::1 proto static metric 1024 pref medium
fdfd:b3f0::/48 proto static metric 1024 pref medium
END
""".strip()
$machine->start;
$machine->waitForUnit("network.target");
machine.start()
machine.wait_for_unit("network.target")
# test routing tables
my $ipv4Table = $machine->succeed("ip -4 route list dev eth0 | head -n3");
my $ipv6Table = $machine->succeed("ip -6 route list dev eth0 | head -n3");
"$ipv4Table" eq "$targetIPv4Table" or die(
"The IPv4 routing table does not match the expected one:\n",
"Result:\n", "$ipv4Table\n",
"Expected:\n", "$targetIPv4Table\n"
);
"$ipv6Table" eq "$targetIPv6Table" or die(
"The IPv6 routing table does not match the expected one:\n",
"Result:\n", "$ipv6Table\n",
"Expected:\n", "$targetIPv6Table\n"
);
with subtest("test routing tables"):
ipv4Table = machine.succeed("ip -4 route list dev eth0 | head -n3").strip()
ipv6Table = machine.succeed("ip -6 route list dev eth0 | head -n3").strip()
assert (
ipv4Table == targetIPv4Table
), """
The IPv4 routing table does not match the expected one:
Result:
{}
Expected:
{}
""".format(
ipv4Table, targetIPv4Table
)
assert (
ipv6Table == targetIPv6Table
), """
The IPv6 routing table does not match the expected one:
Result:
{}
Expected:
{}
""".format(
ipv6Table, targetIPv6Table
)
# test clean-up of the tables
$machine->succeed("systemctl stop network-addresses-eth0");
my $ipv4Residue = $machine->succeed("ip -4 route list dev eth0 | head -n-3");
my $ipv6Residue = $machine->succeed("ip -6 route list dev eth0 | head -n-3");
$ipv4Residue eq "" or die(
"The IPv4 routing table has not been properly cleaned:\n",
"$ipv4Residue\n"
);
$ipv6Residue eq "" or die(
"The IPv6 routing table has not been properly cleaned:\n",
"$ipv6Residue\n"
);
with subtest("test clean-up of the tables"):
machine.succeed("systemctl stop network-addresses-eth0")
ipv4Residue = machine.succeed("ip -4 route list dev eth0 | head -n-3").strip()
ipv6Residue = machine.succeed("ip -6 route list dev eth0 | head -n-3").strip()
assert (
ipv4Residue is ""
), "The IPv4 routing table has not been properly cleaned:\n{}".format(ipv4Residue)
assert (
ipv6Residue is ""
), "The IPv6 routing table has not been properly cleaned:\n{}".format(ipv6Residue)
'';
};
};

10
nixos/tests/nghttpx.nix
View File

@ -1,7 +1,7 @@
let
nginxRoot = "/run/nginx";
in
import ./make-test.nix ({...}: {
import ./make-test-python.nix ({...}: {
name = "nghttpx";
nodes = {
webserver = {
@ -52,10 +52,10 @@ in
};
testScript = ''
startAll;
start_all()
$webserver->waitForOpenPort("80");
$proxy->waitForOpenPort("80");
$client->waitUntilSucceeds("curl -s --fail http://proxy/hello-world.txt");
webserver.wait_for_open_port("80")
proxy.wait_for_open_port("80")
client.wait_until_succeeds("curl -s --fail http://proxy/hello-world.txt")
'';
})

32
nixos/tests/novacomd.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "novacomd";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ dtzWill ];
@ -9,26 +9,20 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
$machine->waitForUnit("multi-user.target");
machine.wait_for_unit("novacomd.service")
# multi-user.target wants novacomd.service, but let's make sure
$machine->waitForUnit("novacomd.service");
with subtest("Make sure the daemon is really listening"):
machine.wait_for_open_port(6968)
machine.succeed("novacom -l")
# Check status and try connecting with novacom
$machine->succeed("systemctl status novacomd.service >&2");
# to prevent non-deterministic failure,
# make sure the daemon is really listening
$machine->waitForOpenPort(6968);
$machine->succeed("novacom -l");
with subtest("Stop the daemon, double-check novacom fails if daemon isn't working"):
machine.stop_job("novacomd")
machine.fail("novacom -l")
# Stop the daemon, double-check novacom fails if daemon isn't working
$machine->stopJob("novacomd");
$machine->fail("novacom -l");
# And back again for good measure
$machine->startJob("novacomd");
# make sure the daemon is really listening
$machine->waitForOpenPort(6968);
$machine->succeed("novacom -l");
with subtest("Make sure the daemon starts back up again"):
machine.start_job("novacomd")
# make sure the daemon is really listening
machine.wait_for_open_port(6968)
machine.succeed("novacom -l")
'';
})

18
nixos/tests/nzbget.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "nzbget";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aanderse flokli ];
@ -15,12 +15,16 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
startAll;
start_all()
$server->waitForUnit("nzbget.service");
$server->waitForUnit("network.target");
$server->waitForOpenPort(6789);
$server->succeed("curl -s -u nzbget:tegbzn6789 http://127.0.0.1:6789 | grep -q 'This file is part of nzbget'");
$server->succeed("${pkgs.nzbget}/bin/nzbget -n -o ControlIP=127.0.0.1 -o ControlPort=6789 -o ControlPassword=tegbzn6789 -V");
server.wait_for_unit("nzbget.service")
server.wait_for_unit("network.target")
server.wait_for_open_port(6789)
assert "This file is part of nzbget" in server.succeed(
"curl -s -u nzbget:tegbzn6789 http://127.0.0.1:6789"
)
server.succeed(
"${pkgs.nzbget}/bin/nzbget -n -o Control_iP=127.0.0.1 -o Control_port=6789 -o Control_password=tegbzn6789 -V"
)
'';
})

52
nixos/tests/orangefs.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ ... } :
import ./make-test-python.nix ({ ... } :
let
server = { pkgs, ... } : {
@ -52,37 +52,31 @@ in {
testScript = ''
# format storage
foreach my $server (($server1,$server2))
{
$server->start();
$server->waitForUnit("multi-user.target");
$server->succeed("mkdir -p /data/storage /data/meta");
$server->succeed("chown orangefs:orangefs /data/storage /data/meta");
$server->succeed("chmod 0770 /data/storage /data/meta");
$server->succeed("sudo -g orangefs -u orangefs pvfs2-server -f /etc/orangefs/server.conf");
}
for server in server1, server2:
server.start()
server.wait_for_unit("multi-user.target")
server.succeed("mkdir -p /data/storage /data/meta")
server.succeed("chown orangefs:orangefs /data/storage /data/meta")
server.succeed("chmod 0770 /data/storage /data/meta")
server.succeed(
"sudo -g orangefs -u orangefs pvfs2-server -f /etc/orangefs/server.conf"
)
# start services after storage is formated on all machines
foreach my $server (($server1,$server2))
{
$server->succeed("systemctl start orangefs-server.service");
}
for server in server1, server2:
server.succeed("systemctl start orangefs-server.service")
# Check if clients can reach and mount the FS
foreach my $client (($client1,$client2))
{
$client->start();
$client->waitForUnit("orangefs-client.service");
# Both servers need to be reachable
$client->succeed("pvfs2-check-server -h server1 -f orangefs -n tcp -p 3334");
$client->succeed("pvfs2-check-server -h server2 -f orangefs -n tcp -p 3334");
$client->waitForUnit("orangefs.mount");
}
# R/W test between clients
$client1->succeed("echo test > /orangefs/file1");
$client2->succeed("grep test /orangefs/file1");
with subtest("clients can reach and mount the FS"):
for client in client1, client2:
client.start()
client.wait_for_unit("orangefs-client.service")
# Both servers need to be reachable
client.succeed("pvfs2-check-server -h server1 -f orangefs -n tcp -p 3334")
client.succeed("pvfs2-check-server -h server2 -f orangefs -n tcp -p 3334")
client.wait_for_unit("orangefs.mount")
with subtest("R/W test between clients"):
client1.succeed("echo test > /orangefs/file1")
client2.succeed("grep test /orangefs/file1")
'';
})

14
nixos/tests/osrm-backend.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
port = 5000;
in {
@ -45,9 +45,13 @@ in {
testScript = let
query = "http://localhost:${toString port}/route/v1/driving/7.41720,43.73304;7.42463,43.73886?steps=true";
in ''
$machine->waitForUnit("osrm.service");
$machine->waitForOpenPort(${toString port});
$machine->succeed("curl --silent '${query}' | jq .waypoints[0].name | grep -F 'Boulevard Rainier III'");
$machine->succeed("curl --silent '${query}' | jq .waypoints[1].name | grep -F 'Avenue de la Costa'");
machine.wait_for_unit("osrm.service")
machine.wait_for_open_port(${toString port})
assert "Boulevard Rainier III" in machine.succeed(
"curl --silent '${query}' | jq .waypoints[0].name"
)
assert "Avenue de la Costa" in machine.succeed(
"curl --silent '${query}' | jq .waypoints[1].name"
)
'';
})

77
nixos/tests/overlayfs.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "overlayfs";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ bachp ];
@ -9,49 +9,42 @@ import ./make-test.nix ({ pkgs, ... }: {
};
testScript = ''
$machine->succeed("ls /dev");
machine.succeed("ls /dev")
$machine->succeed("mkdir -p /tmp/mnt");
machine.succeed("mkdir -p /tmp/mnt")
# Test ext4 + overlayfs
$machine->succeed(
"mkfs.ext4 -F -L overlay-ext4 /dev/vdb",
"mount -t ext4 /dev/vdb /tmp/mnt",
"mkdir -p /tmp/mnt/upper /tmp/mnt/lower /tmp/mnt/work /tmp/mnt/merged",
# Setup some existing files
"echo 'Replace' > /tmp/mnt/lower/replace.txt",
"echo 'Append' > /tmp/mnt/lower/append.txt",
"echo 'Overwrite' > /tmp/mnt/lower/overwrite.txt",
"mount -t overlay overlay -o lowerdir=/tmp/mnt/lower,upperdir=/tmp/mnt/upper,workdir=/tmp/mnt/work /tmp/mnt/merged",
# Test new
"echo 'New' > /tmp/mnt/merged/new.txt",
"[[ \"\$(cat /tmp/mnt/merged/new.txt)\" == \"New\" ]]",
# Test replace
"[[ \"\$(cat /tmp/mnt/merged/replace.txt)\" == \"Replace\" ]]",
"echo 'Replaced' > /tmp/mnt/merged/replace-tmp.txt",
"mv /tmp/mnt/merged/replace-tmp.txt /tmp/mnt/merged/replace.txt",
"[[ \"\$(cat /tmp/mnt/merged/replace.txt)\" == \"Replaced\" ]]",
# Overwrite
"[[ \"\$(cat /tmp/mnt/merged/overwrite.txt)\" == \"Overwrite\" ]]",
"echo 'Overwritten' > /tmp/mnt/merged/overwrite.txt",
"[[ \"\$(cat /tmp/mnt/merged/overwrite.txt)\" == \"Overwritten\" ]]",
# Test append
"[[ \"\$(cat /tmp/mnt/merged/append.txt)\" == \"Append\" ]]",
"echo 'ed' >> /tmp/mnt/merged/append.txt",
#"cat /tmp/mnt/merged/append.txt && exit 1",
"[[ \"\$(cat /tmp/mnt/merged/append.txt)\" == \"Append\ned\" ]]",
"umount /tmp/mnt/merged",
"umount /tmp/mnt",
"udevadm settle"
);
machine.succeed(
"""
mkfs.ext4 -F -L overlay-ext4 /dev/vdb
mount -t ext4 /dev/vdb /tmp/mnt
mkdir -p /tmp/mnt/upper /tmp/mnt/lower /tmp/mnt/work /tmp/mnt/merged
# Setup some existing files
echo 'Replace' > /tmp/mnt/lower/replace.txt
echo 'Append' > /tmp/mnt/lower/append.txt
echo 'Overwrite' > /tmp/mnt/lower/overwrite.txt
mount -t overlay overlay -o lowerdir=/tmp/mnt/lower,upperdir=/tmp/mnt/upper,workdir=/tmp/mnt/work /tmp/mnt/merged
# Test new
echo 'New' > /tmp/mnt/merged/new.txt
[[ "\$(cat /tmp/mnt/merged/new.txt)" == "New" ]]
# Test replace
[[ "\$(cat /tmp/mnt/merged/replace.txt)" == "Replace" ]]
echo 'Replaced' > /tmp/mnt/merged/replace-tmp.txt
mv /tmp/mnt/merged/replace-tmp.txt /tmp/mnt/merged/replace.txt
[[ "\$(cat /tmp/mnt/merged/replace.txt)" == "Replaced" ]]
# Overwrite
[[ "\$(cat /tmp/mnt/merged/overwrite.txt)" == "Overwrite" ]]
echo 'Overwritten' > /tmp/mnt/merged/overwrite.txt
[[ "\$(cat /tmp/mnt/merged/overwrite.txt)" == "Overwritten" ]]
# Test append
[[ "\$(cat /tmp/mnt/merged/append.txt)" == "Append" ]]
echo 'ed' >> /tmp/mnt/merged/append.txt
#"cat /tmp/mnt/merged/append.txt && exit 1
[[ "\$(cat /tmp/mnt/merged/append.txt)" == "Append\ned" ]]
umount /tmp/mnt/merged
umount /tmp/mnt
udevadm settle
"""
)
'';
})

159
nixos/tests/rspamd.nix
View File

@ -3,20 +3,20 @@
pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing.nix { inherit system pkgs; };
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
let
initMachine = ''
startAll
$machine->waitForUnit("rspamd.service");
$machine->succeed("id \"rspamd\" >/dev/null");
start_all()
machine.wait_for_unit("rspamd.service")
machine.succeed("id rspamd >/dev/null")
'';
checkSocket = socket: user: group: mode: ''
$machine->succeed("ls ${socket} >/dev/null");
$machine->succeed("[[ \"\$(stat -c %U ${socket})\" == \"${user}\" ]]");
$machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
$machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
machine.succeed("ls ${socket} >/dev/null")
machine.succeed('[[ "$(stat -c %U ${socket})" == "${user}" ]]')
machine.succeed('[[ "$(stat -c %G ${socket})" == "${group}" ]]')
machine.succeed('[[ "$(stat -c %a ${socket})" == "${mode}" ]]')
'';
simple = name: enableIPv6: makeTest {
name = "rspamd-${name}";
@ -25,22 +25,23 @@ let
networking.enableIPv6 = enableIPv6;
};
testScript = ''
startAll
$machine->waitForUnit("multi-user.target");
$machine->waitForOpenPort(11334);
$machine->waitForUnit("rspamd.service");
$machine->succeed("id \"rspamd\" >/dev/null");
start_all()
machine.wait_for_unit("multi-user.target")
machine.wait_for_open_port(11334)
machine.wait_for_unit("rspamd.service")
machine.succeed("id rspamd >/dev/null")
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
sleep 10;
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd.service"));
$machine->log($machine->succeed("curl http://localhost:11334/auth"));
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
${optionalString enableIPv6 ''
$machine->log($machine->succeed("curl http://[::1]:11334/auth"));
''}
machine.sleep(10)
machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf"))
machine.log(
machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")
)
machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"))
machine.log(machine.succeed("systemctl cat rspamd.service"))
machine.log(machine.succeed("curl http://localhost:11334/auth"))
machine.log(machine.succeed("curl http://127.0.0.1:11334/auth"))
${optionalString enableIPv6 ''machine.log(machine.succeed("curl http://[::1]:11334/auth"))''}
# would not reformat
'';
};
in
@ -69,14 +70,18 @@ in
testScript = ''
${initMachine}
$machine->waitForFile("/run/rspamd.sock");
machine.wait_for_file("/run/rspamd.sock")
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf"))
machine.log(
machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")
)
machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"))
machine.log(machine.succeed("rspamc -h /run/rspamd-worker.sock stat"))
machine.log(
machine.succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")
)
'';
};
@ -111,18 +116,32 @@ in
testScript = ''
${initMachine}
$machine->waitForFile("/run/rspamd.sock");
machine.wait_for_file("/run/rspamd.sock")
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'LOCAL_CONFDIR/override.d/worker-controller2.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/override.d/worker-controller2.inc"));
$machine->waitUntilSucceeds("journalctl -u rspamd | grep -i 'starting controller process' >&2");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
$machine->log($machine->succeed("curl http://localhost:11335/ping"));
machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf"))
machine.log(
machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")
)
machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"))
machine.log(
machine.succeed(
"grep 'LOCAL_CONFDIR/override.d/worker-controller2.inc' /etc/rspamd/rspamd.conf"
)
)
machine.log(
machine.succeed(
"grep 'verysecretpassword' /etc/rspamd/override.d/worker-controller2.inc"
)
)
machine.wait_until_succeeds(
"journalctl -u rspamd | grep -i 'starting controller process' >&2"
)
machine.log(machine.succeed("rspamc -h /run/rspamd-worker.sock stat"))
machine.log(
machine.succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")
)
machine.log(machine.succeed("curl http://localhost:11335/ping"))
'';
};
customLuaRules = makeTest {
@ -199,22 +218,34 @@ in
};
testScript = ''
${initMachine}
$machine->waitForOpenPort(11334);
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.local.lua"));
$machine->log($machine->succeed("cat /etc/rspamd/local.d/groups.conf"));
machine.wait_for_open_port(11334)
machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf"))
machine.log(machine.succeed("cat /etc/rspamd/rspamd.local.lua"))
machine.log(machine.succeed("cat /etc/rspamd/local.d/groups.conf"))
# Verify that redis.conf was not written
$machine->fail("cat /etc/rspamd/local.d/redis.conf >&2");
machine.fail("cat /etc/rspamd/local.d/redis.conf >&2")
# Verify that antivirus.conf was not written
$machine->fail("cat /etc/rspamd/local.d/antivirus.conf >&2");
machine.fail("cat /etc/rspamd/local.d/antivirus.conf >&2")
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
$machine->log($machine->succeed("curl --unix-socket /run/rspamd/rspamd.sock http://localhost/ping"));
$machine->log($machine->succeed("rspamc -h 127.0.0.1:11334 stat"));
$machine->log($machine->succeed("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334"));
$machine->log($machine->succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols"));
$machine->waitUntilSucceeds("journalctl -u rspamd | grep -i muh >&2");
$machine->log($machine->fail("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH"));
$machine->log($machine->succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH"));
machine.log(
machine.succeed("curl --unix-socket /run/rspamd/rspamd.sock http://localhost/ping")
)
machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat"))
machine.log(machine.succeed("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334"))
machine.log(
machine.succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols")
)
machine.wait_until_succeeds("journalctl -u rspamd | grep -i muh >&2")
machine.log(
machine.fail(
"cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH"
)
)
machine.log(
machine.succeed(
"cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH"
)
)
'';
};
postfixIntegration = makeTest {
@ -250,16 +281,24 @@ in
};
testScript = ''
${initMachine}
$machine->waitForOpenPort(11334);
$machine->waitForOpenPort(25);
machine.wait_for_open_port(11334)
machine.wait_for_open_port(25)
${checkSocket "/run/rspamd/rspamd-milter.sock" "rspamd" "postfix" "660" }
$machine->log($machine->succeed("rspamc -h 127.0.0.1:11334 stat"));
$machine->log($machine->succeed("msmtp --host=localhost -t --read-envelope-from < /etc/tests/example.eml"));
$machine->log($machine->fail("msmtp --host=localhost -t --read-envelope-from < /etc/tests/gtube.eml"));
machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat"))
machine.log(
machine.succeed(
"msmtp --host=localhost -t --read-envelope-from < /etc/tests/example.eml"
)
)
machine.log(
machine.fail(
"msmtp --host=localhost -t --read-envelope-from < /etc/tests/gtube.eml"
)
)
$machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
$machine->fail("journalctl -u postfix | grep -i error >&2");
$machine->fail("journalctl -u postfix | grep -i warning >&2");
machine.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
machine.fail("journalctl -u postfix | grep -i error >&2")
machine.fail("journalctl -u postfix | grep -i warning >&2")
'';
};
}

2
nixos/tests/slurm.nix
View File

@ -119,7 +119,7 @@ in {
with subtest("can_start_slurmctld"):
control.succeed("systemctl restart slurmctld")
control.waitForUnit("slurmctld.service")
control.wait_for_unit("slurmctld.service")
with subtest("can_start_slurmd"):
for node in [node1, node2, node3]:

51
nixos/tests/spacecookie.nix Normal file
View File

@ -0,0 +1,51 @@
let
gopherRoot = "/tmp/gopher";
gopherHost = "gopherd";
fileContent = "Hello Gopher!";
fileName = "file.txt";
in
import ./make-test-python.nix ({...}: {
name = "spacecookie";
nodes = {
${gopherHost} = {
networking.firewall.allowedTCPPorts = [ 70 ];
systemd.services.spacecookie = {
preStart = ''
mkdir -p ${gopherRoot}/directory
echo "${fileContent}" > ${gopherRoot}/${fileName}
'';
};
services.spacecookie = {
enable = true;
root = gopherRoot;
hostname = gopherHost;
};
};
client = {};
};
testScript = ''
start_all()
${gopherHost}.wait_for_open_port(70)
${gopherHost}.wait_for_unit("spacecookie.service")
client.wait_for_unit("network.target")
fileResponse = client.succeed("curl -s gopher://${gopherHost}//${fileName}")
# the file response should return our created file exactly
if not (fileResponse == "${fileContent}\n"):
raise Exception("Unexpected file response")
# sanity check on the directory listing: we serve a directory and a file
# via gopher, so the directory listing should have exactly two entries,
# one with gopher file type 0 (file) and one with file type 1 (directory).
dirResponse = client.succeed("curl -s gopher://${gopherHost}")
dirEntries = [l[0] for l in dirResponse.split("\n") if len(l) > 0]
dirEntries.sort()
if not (["0", "1"] == dirEntries):
raise Exception("Unexpected directory response")
'';
})

53
nixos/tests/trilium-server.nix Normal file
View File

@ -0,0 +1,53 @@
import ./make-test-python.nix ({ ... }: {
name = "trilium-server";
nodes = {
default = {
services.trilium-server.enable = true;
};
configured = {
services.trilium-server = {
enable = true;
dataDir = "/data/trilium";
};
};
nginx = {
services.trilium-server = {
enable = true;
nginx.enable = true;
nginx.hostName = "trilium.example.com";
};
};
};
testScript =
''
start_all()
with subtest("by default works without configuration"):
default.wait_for_unit("trilium-server.service")
with subtest("by default available on port 8080"):
default.wait_for_unit("trilium-server.service")
default.wait_for_open_port(8080)
# we output to /dev/null here to avoid a python UTF-8 decode error
# but the check will still fail if the service doesn't respond
default.succeed("curl --fail -o /dev/null 127.0.0.1:8080")
with subtest("by default creates empty document"):
default.wait_for_unit("trilium-server.service")
default.succeed("test -f /var/lib/trilium/document.db")
with subtest("configured with custom data store"):
configured.wait_for_unit("trilium-server.service")
configured.succeed("test -f /data/trilium/document.db")
with subtest("nginx with custom host name"):
nginx.wait_for_unit("trilium-server.service")
nginx.wait_for_unit("nginx.service")
nginx.succeed(
"curl --resolve 'trilium.example.com:80:127.0.0.1' http://trilium.example.com/"
)
'';
})

28
pkgs/applications/audio/lsp-plugins/default.nix
View File

@ -1,40 +1,28 @@
{ stdenv, fetchFromGitHub, pkgconfig, makeWrapper
, libsndfile, jack2Full
, libGLU, libGL, lv2, cairo
, ladspaH, php, expat }:
, ladspaH, php }:
stdenv.mkDerivation rec {
pname = "lsp-plugins";
version = "1.1.10";
version = "1.1.13";
src = fetchFromGitHub {
owner = "sadko4u";
repo = pname;
rev = "${pname}-${version}";
sha256 = "09gmwzh1gq1q2lxn8fc1bpdh02h8vr7r0i040c1nx256wgfsarqb";
sha256 = "00mhrr873kgcnqy3q0yi1r5zacfcvz7fqpzsmfhw5d095jm970al";
};
nativeBuildInputs = [ pkgconfig php expat ];
buildInputs = [ jack2Full libsndfile libGLU libGL lv2 cairo ladspaH makeWrapper ];
nativeBuildInputs = [ pkgconfig php makeWrapper ];
buildInputs = [ jack2Full libsndfile libGLU libGL lv2 cairo ladspaH ];
makeFlags = [
"BIN_PATH=$(out)/bin"
"LIB_PATH=$(out)/lib"
"DOC_PATH=$(out)/share/doc"
"PREFIX=${placeholder ''out''}"
];
NIX_CFLAGS_COMPILE = [ "-DLSP_NO_EXPERIMENTAL" ];
patchPhase = ''
runHook prePatch
substituteInPlace Makefile --replace "/usr/lib" "$out/lib"
substituteInPlace ./include/container/jack/main.h --replace "/usr/lib" "$out/lib"
substituteInPlace ./include/container/vst/main.h --replace "/usr/lib" "$out/lib"
# for https://github.com/sadko4u/lsp-plugins/issues/7#issuecomment-426561549 :
sed -i '/X11__NET_WM_WINDOW_TYPE_DOCK;/d' ./src/ui/ws/x11/X11Window.cpp
runHook postPatch
'';
doCheck = true;
checkPhase = ''
@ -45,7 +33,7 @@ stdenv.mkDerivation rec {
runHook postCheck
'';
buildFlags = "release";
buildFlags = [ "release" ];
meta = with stdenv.lib;
{ description = "Collection of open-source audio plugins";
@ -154,6 +142,6 @@ stdenv.mkDerivation rec {
homepage = https://lsp-plug.in;
maintainers = with maintainers; [ magnetophon ];
license = licenses.gpl2;
platforms = [ "x86_64-linux" ];
platforms = platforms.linux;
};
}

4
pkgs/applications/audio/mixxx/default.nix
View File

@ -8,13 +8,13 @@
mkDerivation rec {
pname = "mixxx";
version = "2.2.2";
version = "2.2.3";
src = fetchFromGitHub {
owner = "mixxxdj";
repo = "mixxx";
rev = "release-${version}";
sha256 = "0dmkvcsgq7abxqd4wms8c4w0mr5c53z7n5r8jgzp4swz9nmfjpfg";
sha256 = "1h7q25fv62c5m74d4cn1m6mpanmqpbl2wqbch4qvn488jb2jw1dv";
};
buildInputs = [

4
pkgs/applications/audio/openmpt123/default.nix
View File

@ -2,14 +2,14 @@
, usePulseAudio ? config.pulseaudio or false, libpulseaudio }:
let
version = "0.4.9";
version = "0.4.10";
in stdenv.mkDerivation {
pname = "openmpt123";
inherit version;
src = fetchurl {
url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz";
sha256 = "02kjwwh9d9i4rnfzqzr18pvcklc46yrs9mvdmjqx7kxg3c28hkqm";
sha256 = "12i5iwxb5g27amqgqr6iiy63w49nwil5vyypnbj91ahy97ah8a3a";
};
enableParallelBuilding = true;

4
pkgs/applications/audio/qmmp/default.nix
View File

@ -29,11 +29,11 @@
# handle that.
mkDerivation rec {
name = "qmmp-1.3.4";
name = "qmmp-1.3.5";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "0j9vgm6216w7arwl919p9rps0a9r6s4415spl3qkpifhwlk90zg0";
sha256 = "0h7kcqzhfvk610937pwrhizcdgd4n7ncl1vayv6sj3va1x7pv6xm";
};
nativeBuildInputs = [ cmake pkgconfig ];

8
pkgs/applications/audio/spotify-tui/default.nix
View File

@ -2,18 +2,18 @@
rustPlatform.buildRustPackage rec {
pname = "spotify-tui";
version = "0.10.0";
version = "0.11.0";
src = fetchFromGitHub {
owner = "Rigellute";
repo = "spotify-tui";
rev = "v${version}";
sha256 = "10wrlfi50lsf6qjsi9qklw2mk2fbf0jib7f841v842l9k9zw0hrg";
sha256 = "1pshwn486msn418dilk57rl9471aas0dif765nx1p9xgkrjpb7wa";
};
cargoSha256 = "140m3pryvbc96xvl5ymz68msrx93rmvvy0y8skvc40yxwl401inc";
cargoSha256 = "0020igycgikkbd649hv6xlpn13dij4g7yc43fic9z710p6nsxqaq";
nativeBuildInputs = [ pkgconfig python3 ];
nativeBuildInputs = [ pkgconfig ] ++ stdenv.lib.optionals stdenv.isLinux [ python3 ];
buildInputs = [ openssl ]
++ stdenv.lib.optional stdenv.isLinux libxcb
++ stdenv.lib.optionals stdenv.isDarwin [ AppKit Security ];

7
pkgs/applications/audio/vocal/default.nix
View File

@ -58,6 +58,13 @@ stdenv.mkDerivation rec {
webkitgtk
];
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "The podcast client for the modern free desktop";
longDescription = ''

4
pkgs/applications/backup/deja-dup/default.nix
View File

@ -33,14 +33,14 @@
stdenv.mkDerivation rec {
pname = "deja-dup";
version = "40.4";
version = "40.6";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = pname;
rev = version;
sha256 = "0x9z8z1mh1sxi28ilml3pvbc0g6ghcbyiy002rziwwlarxnbwkky";
sha256 = "1d4g34g660wv42a4k2511bxrh90z0vdl3v7ahg0m45phijg9n2n1";
};
patches = [

4
pkgs/applications/blockchains/bitcoin-abc.nix
View File

@ -7,13 +7,13 @@ with stdenv.lib;
mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
version = "0.20.7";
version = "0.20.8";
src = fetchFromGitHub {
owner = "bitcoin-ABC";
repo = "bitcoin-abc";
rev = "v${version}";
sha256 = "1d17ry9906zmwj2n3mh77b6rqmdg0dgm7b7ybh8d7q2ml0196ilj";
sha256 = "0srjc11i7azqn3flipjwzm67w20ji24yslkmchy1a834fyb1gmx1";
};
patches = [ ./fix-bitcoin-qt-build.patch ];

4
pkgs/applications/blockchains/clightning.nix
View File

@ -4,11 +4,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
pname = "clightning";
version = "0.7.3";
version = "0.8.0";
src = fetchurl {
url = "https://github.com/ElementsProject/lightning/releases/download/v${version}/clightning-v${version}.zip";
sha256 = "ef2193940146d1b8ff0cc03602842c4d81db9ca6a5e73927e4f8932715e931a4";
sha256 = "053e43bbe71564e9be8b2b56346a88986646ef6849a0af67cece01858b93306a";
};
enableParallelBuilding = true;

4
pkgs/applications/blockchains/ledger-live-desktop/default.nix
View File

@ -2,12 +2,12 @@
let
pname = "ledger-live-desktop";
version = "1.18.2";
version = "1.19.2";
name = "${pname}-${version}";
src = fetchurl {
url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage";
sha256 = "1giy8xg1yfv7b7gh98dmfc05wh54xqpd53nanacwcc7lakzizqnn";
sha256 = "1qgk0gwn7ijz00zfwf9rfl755lhgsig9xa6c3icj6l6wyzybz0z6";
};
appimageContents = appimageTools.extractType2 {

2
pkgs/applications/blockchains/polkadot/default.nix
View File

@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "0v7g03rbml2afw0splmyjh9nqpjg0ldjw09hyc0jqd3qlhgxiiyj";
};
cargoSha256 = "19xcxpbkrbygghz9qi52vzviksxg28m7ibvl359vlhqv1cjxmpsq";
cargoSha256 = "0gc3w0cwdyk8f7cgpp9sfawczk3n6wd7q0nhfvk87sry71b8vvwq";
buildInputs = [ pkgconfig openssl openssl.dev ];

6
pkgs/applications/display-managers/lightdm/default.nix
View File

@ -85,6 +85,12 @@ stdenv.mkDerivation rec {
sha256 = "1zyx1qqajrmqcf9hbsapd39gmdanswd9l78rq7q6rdy4692il3yn";
})
# https://github.com/canonical/lightdm/pull/104
(fetchpatch {
url = "https://github.com/canonical/lightdm/commit/03f218981733e50d810767f9d04e42ee156f7feb.patch";
sha256 = "07w18m2gpk29z6ym4y3lzsmg5dk3ffn39sq6lac26ap7narf4ma7";
})
# Hardcode plymouth to fix transitions.
# For some reason it can't find `plymouth`
# even when it's in PATH in environment.systemPackages.

2
pkgs/applications/editors/android-studio/common.nix
View File

@ -22,6 +22,7 @@
, freetype
, libpulseaudio
, libGL
, libuuid
, libX11
, libxcb
, libXcomposite
@ -115,6 +116,7 @@ let
dbus
expat
libpulseaudio
libuuid
libX11
libxcb
libXcomposite

19
pkgs/applications/editors/eclipse/default.nix
View File

@ -13,11 +13,10 @@ assert stdenv ? glibc;
let
platform_major = "4";
platform_minor = "13";
platform_minor = "14";
year = "2019";
month = "09";
timestamp = "201909161045";
month = "12";
timestamp = "201912100610";
in rec {
buildEclipse = import ./build-eclipse.nix {
@ -30,11 +29,11 @@ in rec {
eclipse-cpp = buildEclipse {
name = "eclipse-cpp-${platform_major}.${platform_minor}";
description = "Eclipse IDE for C/C++ Developers, Oxygen release";
description = "Eclipse IDE for C/C++ Developers";
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-cpp-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "0s9wvxd1bahlcdw7l6cyfi59p78j6gym3a3mn1z6dm6swxgyb2wjjl7hx8bkg0zs8x31bwllpdq22y2vcm6j57h40v53l3xkhy73m8v";
sha512 = "28h8z45j7zlcbvvabzsniwqls1lns21isx69y6l207a869rknp9vzg6506q6zalj9b49j8c7ynkn379xgbzp07i6zw3dzk3pqp2rgam";
};
};
@ -46,7 +45,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-modeling-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "09nc7ipv67h0gr7lkxsbxrgj9gn48348asn03ylcvflyrcxghqs8n11a75rwvdj98igdzpw922saicx5lqq5g2flfqiga97lwwhfiz5";
sha512 = "1g1zsz3c2kx4vs1mjpcisbk81lk4hsr1z2fw46lih825c53vwf59snp8d97c8yw2i25y0ml48nc1nskib6qnif8m2h6rpah7kgmi8ay";
};
};
@ -58,7 +57,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-platform-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "2c40wwrc2ip32n0m5cs8ds0g7cs7018acw8gjkd23msa4pr9x9511c3dj6rbnn1hwzf9yjq6vnjmib5qarxd3vly76jwxhf867l1f7v";
sha512 = "05nsldw937l1g9fj964njivgkf2ipk1rh1jg5w8svdhpp3v1pp3iinfm2mz9kk8namwfkx8krsvsxcgvqyzgrkhf42wqh53vqrjf70h";
};
};
@ -88,7 +87,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-SDK-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "2vm646d1crzzzysll3p5pjfljfjzxx4qd37dqcp6xjm91zg8iskli688h0lgla0rmbwz5kj509jp22m4rxkp3cbgd006dd0jr3icdls";
sha512 = "0dcbxzjqc27v1faz16yxqcm6zrbna4kkd32xy7paadiwn125y6ijx8zvda4kc7bih6v5b9ch2i0z5ndra1lcjcc88z6cklh0vngjkh1";
};
};
@ -100,7 +99,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-java-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "3zyxqd8iwrfgjjg91dfi4bda61rd2717hy53swmbygi48zaaam70swx997yp5qzxwjp3macdslfk6sqhq2qlcdwcdl6dmkry018jh7b";
sha512 = "21lhgv3z23mn8q0gffgxlfwhyxb348zjnzv716zsys7h7kj5vigl45q9mz0qrl11524rxx7jwi901jjd4l258w9kp7wzlq0d5n1r39m";
};
};

12
pkgs/applications/editors/eclipse/plugins.nix
View File

@ -254,12 +254,12 @@ rec {
cdt = buildEclipseUpdateSite rec {
name = "cdt-${version}";
version = "9.9.0";
version = "9.10.0";
src = fetchzip {
stripRoot = false;
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/9.9/${name}/${name}.zip";
sha256 = "1vgx7ggilfwmx0bjrhk7mwlwg1c8lb141ilj3vzwxivlffihy054";
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/9.10/${name}/${name}.zip";
sha256 = "0rjm91j0h1aq9lq4sdwgp9b2yp4w9lr13n82z32dw3gz3nby1mvi";
};
meta = with stdenv.lib; {
@ -474,12 +474,12 @@ rec {
jdt = buildEclipseUpdateSite rec {
name = "jdt-${version}";
version = "4.13";
version = "4.14";
src = fetchzip {
stripRoot = false;
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.13-201909161045/org.eclipse.jdt-4.13.zip;
sha256 = "0sfpxph0cszcx1cihzzjn60qid8sxgl2xyr9x46fld4ian5a7vbr";
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.14-201912100610/org.eclipse.jdt-4.14.zip;
sha256 = "16c5v59mkb0cyfhf2475ds1ajma65bhqfxjr6v59hianqxq9h9la";
};
meta = with stdenv.lib; {

2
pkgs/applications/editors/emacs-modes/manual-packages.nix
View File

@ -117,6 +117,8 @@
structured-haskell-mode = self.shm;
sv-kalender = callPackage ./sv-kalender { };
thingatpt-plus = callPackage ./thingatpt-plus { };
tramp = callPackage ./tramp { };

22
pkgs/applications/editors/emacs-modes/sv-kalender/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ fetchurl, stdenv, trivialBuild }:
trivialBuild {
pname = "sv-kalender";
version = "1.9";
src = fetchurl {
url = "http://bigwalter.net/daniel/elisp/sv-kalender.el";
sha256 = "0kilp0nyhj67qscy13s0g07kygz2qwmddklhan020sk7z7jv3lpi";
postFetch = ''
echo "(provide 'sv-kalender)" >> $out
'';
};
meta = with stdenv.lib; {
description = "Swedish calendar for Emacs";
homepage = "http://bigwalter.net/daniel/elisp/sv-kalender.el";
platforms = platforms.all;
license = licenses.gpl3Plus;
maintainers = [ maintainer.rycee ];
};
}

10
pkgs/applications/editors/quilter/default.nix
View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "quilter";
version = "2.0.3";
version = "2.0.4";
src = fetchFromGitHub {
owner = "lainsce";
repo = pname;
rev = version;
sha256 = "13l8z3bchha4ax14s48pcqdxh8gnj4mlvv06lk9dwk9fplc93821";
sha256 = "1vbckx4c2bklzxpqz332sjcyrx1xl1j0cp8778fvpl7x7mlnz460";
};
nativeBuildInputs = [
@ -39,6 +39,12 @@ stdenv.mkDerivation rec {
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "Focus on your writing - designed for elementary OS";
homepage = https://github.com/lainsce/quilter;

4
pkgs/applications/editors/thonny/default.nix
View File

@ -4,13 +4,13 @@ with python3.pkgs;
buildPythonApplication rec {
pname = "thonny";
version = "3.2.3";
version = "3.2.4";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "0wgjwjh6296vs8awl4rylb5nshj9q9kzxv7j4vlmiabll06mx6gi";
sha256 = "1hfpjw4fac0kq3n9jqwfzbys6h35qjbh5rpc4jzhlln200h6zvwj";
};
propagatedBuildInputs = with python3.pkgs; [

4
pkgs/applications/gis/openorienteering-mapper/default.nix
View File

@ -4,7 +4,7 @@
stdenv.mkDerivation rec {
pname = "OpenOrienteering-Mapper";
version = "0.9.0";
version = "0.9.1";
buildInputs = [ gdal qtbase qttools qtlocation qtimageformats
qtsensors clipper zlib proj doxygen cups];
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
owner = "OpenOrienteering";
repo = "mapper";
rev = "v${version}";
sha256 = "0wnxj2xf529941dwss6ygb1krfx18lzl6rf67060b0zndc7n6l8f";
sha256 = "1fyhvf2y89hj7wj89kxccx3dqcja6ndy3w4rx1vmzrp246jpz7wb";
};
cmakeFlags =

4
pkgs/applications/gis/qgis/unwrapped.nix
View File

@ -10,7 +10,7 @@ let
[ qscintilla-qt5 gdal jinja2 numpy psycopg2
chardet dateutil pyyaml pytz requests urllib3 pygments pyqt5 sip owslib six ];
in mkDerivation rec {
version = "3.10.0";
version = "3.10.1";
pname = "qgis";
name = "${pname}-unwrapped-${version}";
@ -18,7 +18,7 @@ in mkDerivation rec {
owner = "qgis";
repo = "QGIS";
rev = "final-${lib.replaceStrings ["."] ["_"] version}";
sha256 = "0qq4dznxxbpj8b4ypkz7dixc0b0v6rmf3c5hs4m3ka3rzck8jsqc";
sha256 = "0xq0nnp7zdqaihqvh5rsi1129g23vnk5ijkpxfzaggafgmhf5hgz";
};
passthru = {

4
pkgs/applications/graphics/avocode/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "avocode";
version = "4.0.1";
version = "4.2.1";
src = fetchurl {
url = "https://media.avocode.com/download/avocode-app/${version}/avocode-${version}-linux.zip";
sha256 = "13jwxwvwb9nnjxcnh9vfi22n4c00bhdypl84wrpdg5xw9325zhvy";
sha256 = "06g12gqri1sgfklla6jfpi7wm2qjazakcjs2w2rhrphnl50r6ca7";
};
libPath = stdenv.lib.makeLibraryPath (with xorg; [

4
pkgs/applications/graphics/drawio/default.nix
View File

@ -11,11 +11,11 @@
stdenv.mkDerivation rec {
pname = "drawio";
version = "12.3.2";
version = "12.4.2";
src = fetchurl {
url = "https://github.com/jgraph/drawio-desktop/releases/download/v${version}/draw.io-x86_64-${version}.rpm";
sha256 = "1hh4616dbq0fqldlph7vyl8vkibwc3xpcv9r1m2v949kn84yi2j3";
sha256 = "1mngn90cn9hixa0xkhk7mb02gjp480wnipjy2jzkq8kwpai1gm1m";
};
nativeBuildInputs = [

7
pkgs/applications/graphics/fondo/default.nix
View File

@ -63,6 +63,13 @@ stdenv.mkDerivation rec {
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "Find the most beautiful wallpapers for your desktop";
homepage = https://github.com/calo001/fondo;

6
pkgs/applications/graphics/ideogram/default.nix
View File

@ -50,6 +50,12 @@ stdenv.mkDerivation rec {
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "Insert emoji anywhere, even in non-native apps - designed for elementary OS";
homepage = https://github.com/cassidyjames/ideogram;

4
pkgs/applications/graphics/k3d/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchFromGitHub, fetchpatch, ftgl, glew, asciidoc
, cmake, ninja, libGLU, libGL, zlib, python, expat, libxml2, libsigcxx, libuuid, freetype
, libpng, boost, doxygen, cairomm, pkgconfig, libjpeg, libtiff
, gettext, intltool, perl, gtkmm2, glibmm, gtkglext, pangox_compat, libXmu }:
, gettext, intltool, perl, gtkmm2, glibmm, gtkglext, libXmu }:
stdenv.mkDerivation rec {
version = "0.8.0.6";
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
buildInputs = [
libGLU libGL zlib python expat libxml2 libsigcxx libuuid freetype libpng
boost cairomm libjpeg libtiff
ftgl glew gtkmm2 glibmm gtkglext pangox_compat libXmu
ftgl glew gtkmm2 glibmm gtkglext libXmu
];
#doCheck = false;

4
pkgs/applications/graphics/runwayml/default.nix
View File

@ -6,12 +6,12 @@
let
pname = "runwayml";
version = "0.9.0";
version = "0.10.11";
name = "${pname}-${version}";
src = fetchurl {
url = "https://runway-releases.s3.amazonaws.com/Runway%20${version}.AppImage";
sha256 = "0rg7ipp7kx0l4qgcymfg5d3saz0c6d2j0c6rf28rwqgbm92gbjjq";
sha256 = "0f3icgpwj1sk9bkycqw65c8bhrzzpw5yzacw52siv4j1gl4casnl";
name="${pname}-${version}.AppImage";
};

2
pkgs/applications/misc/alacritty/default.nix
View File

@ -101,7 +101,7 @@ in buildRustPackage rec {
gzip -c extra/alacritty.man > "$out/share/man/man1/alacritty.1.gz"
install -dm 755 "$terminfo/share/terminfo/a/"
tic -x -o "$terminfo/share/terminfo" extra/alacritty.info
tic -xe alacritty,alacritty-direct -o "$terminfo/share/terminfo" extra/alacritty.info
mkdir -p $out/nix-support
echo "$terminfo" >> $out/nix-support/propagated-user-env-packages

6
pkgs/applications/misc/appeditor/default.nix
View File

@ -50,6 +50,12 @@ stdenv.mkDerivation rec {
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "Edit the Pantheon desktop application menu";
homepage = https://github.com/donadigo/appeditor;

4
pkgs/applications/misc/blender/default.nix
View File

@ -16,11 +16,11 @@ let python = python3Packages.python; in
stdenv.mkDerivation rec {
pname = "blender";
version = "2.81";
version = "2.81a";
src = fetchurl {
url = "https://download.blender.org/source/${pname}-${version}.tar.xz";
sha256 = "1prp0f2152f1sz23jlc86vndfvmplb7qhllikkirq7hgpykrshna";
sha256 = "1zl0ar95qkxsrbqw9miz2hrjijlqjl06vg3clfk9rm7krr2l3b2j";
};
nativeBuildInputs = [ cmake ] ++ optional cudaSupport addOpenGLRunpath;

19
pkgs/applications/misc/cipher/default.nix
View File

@ -10,18 +10,17 @@
, glib
, gtk3
, libgee
, xdg_utils
, wrapGAppsHook }:
stdenv.mkDerivation rec {
pname = "cipher";
version = "2.0.0";
version = "2.5.0";
src = fetchFromGitHub {
owner = "arshubham";
repo = "cipher";
rev = version;
sha256 = "0n5aigcyxnl4k52mdmavbxx6afc1ixymn3k3l2ryhyzi5q31x0x3";
sha256 = "00azc5ck17zkdypfza6x1viknwhimd9fqgk2ybff3mx6aphmla7a";
};
nativeBuildInputs = [
@ -42,12 +41,18 @@ stdenv.mkDerivation rec {
];
postPatch = ''
substituteInPlace data/com.github.arshubham.cipher.desktop.in \
--replace xdg-open ${xdg_utils}/bin/xdg-open
chmod +x post_install.py
patchShebangs post_install.py
substituteInPlace data/com.github.arshubham.cipher.desktop.in \
--replace "gio" "${glib.bin}/bin/gio"
chmod +x meson/post_install.py
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "A simple application for encoding and decoding text, designed for elementary OS";
homepage = "https://github.com/arshubham/cipher";

4
pkgs/applications/misc/coursera-dl/default.nix
View File

@ -5,13 +5,13 @@ let
in pythonPackages.buildPythonApplication rec {
pname = "coursera-dl";
version = "0.11.4";
version = "0.11.5";
src = fetchFromGitHub {
owner = "coursera-dl";
repo = "coursera-dl";
rev = version;
sha256 = "0dn7a6s98dwba62r0dyabq8pryzga4b2wpx88i9bmp7ja1b1f92f";
sha256 = "0akgwzrsx094jj30n4bd2ilwgva4qxx38v3bgm69iqfxi8c2bqbk";
};
nativeBuildInputs = with pythonPackages; [ pandoc ];

4
pkgs/applications/misc/dbeaver/default.nix
View File

@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
pname = "dbeaver-ce";
version = "6.3.0";
version = "6.3.1";
desktopItem = makeDesktopItem {
name = "dbeaver";
@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://dbeaver.io/files/${version}/dbeaver-ce-${version}-linux.gtk.x86_64.tar.gz";
sha256 = "07j2r2kfjhfv8zzzzp5qj3ppx4vv7llpx4lwip6bnjfkh80ny22a";
sha256 = "0w7nsxm66gbwwql1zk7zh6zvvsjcn78qm0miv0w8nj1qk24zr494";
};
installPhase = ''

4
pkgs/applications/misc/diffpdf/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, fetchpatch, qmake, qttools, qtbase, poppler }:
{ stdenv, mkDerivation, fetchurl, fetchpatch, qmake, qttools, qtbase, poppler }:
stdenv.mkDerivation rec {
mkDerivation rec {
version = "2.1.3";
pname = "diffpdf";

6
pkgs/applications/misc/formatter/default.nix
View File

@ -61,6 +61,12 @@ stdenv.mkDerivation rec {
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "A simple formatter designed for elementary OS";
homepage = "https://github.com/Djaler/Formatter";

4
pkgs/applications/misc/gallery-dl/default.nix
View File

@ -2,11 +2,11 @@
python3Packages.buildPythonApplication rec {
pname = "gallery_dl";
version = "1.11.1";
version = "1.12.1";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "08py1f48ylw83712h8313rxz55igbszxcwr2yxkchpr4233avzph";
sha256 = "0y1bzqcacik030zjchgmzrwpfb49mi68wdivli9ydb64w1zql9im";
};
doCheck = false;

6
pkgs/applications/misc/gollum/Gemfile.lock
View File

@ -29,17 +29,17 @@ GEM
sanitize (~> 2.1.1, >= 2.1.1)
stringex (~> 2.6)
twitter-text (= 1.14.7)
json (2.2.0)
json (2.3.0)
kramdown (1.9.0)
mime-types (3.3)
mime-types-data (~> 3.2015)
mime-types-data (3.2019.1009)
mini_portile2 (2.4.0)
mustache (0.99.8)
nokogiri (1.10.5)
nokogiri (1.10.7)
mini_portile2 (~> 2.4.0)
posix-spawn (0.3.13)
rack (1.6.11)
rack (1.6.12)
rack-protection (1.5.5)
rack
rouge (2.2.1)

12
pkgs/applications/misc/gollum/gemset.nix
View File

@ -89,10 +89,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0sx97bm9by389rbzv8r1f43h06xcz8vwi3h5jv074gvparql7lcx";
sha256 = "0nrmw2r4nfxlfgprfgki3hjifgrcrs3l5zvm3ca3gb4743yr25mn";
type = "gem";
};
version = "2.2.0";
version = "2.3.0";
};
kramdown = {
groups = ["default"];
@ -151,10 +151,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "185g3dwba73jqxjr94bd2zk6fil6n9hmcfnfyzh3p1w47vm296r7";
sha256 = "0r0qpgf80h764k176yr63gqbs2z0xbsp8vlvs2a79d5r9vs83kln";
type = "gem";
};
version = "1.10.5";
version = "1.10.7";
};
posix-spawn = {
groups = ["default"];
@ -171,10 +171,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1g9926ln2lw12lfxm4ylq1h6nl0rafl10za3xvjzc87qvnqic87f";
sha256 = "1riq0z408dwvqcqrpq05bp2w879l4sjxzb4cbrbx55kpi6h2g1cj";
type = "gem";
};
version = "1.6.11";
version = "1.6.12";
};
rack-protection = {
dependencies = ["rack"];

4
pkgs/applications/misc/hstr/default.nix
View File

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
pname = "hstr";
version = "2.0";
version = "2.2";
src = fetchFromGitHub {
owner = "dvorka";
repo = "hstr";
rev = version;
sha256 = "1y9vsfbg07gbic0daqy569d9pb9i1d07fym3q7a0a99hbng85s20";
sha256 = "07fkilqlkpygvf9kvxyvl58g3lfq0bwwdp3wczy4hk8qlbhmgihn";
};
nativeBuildInputs = [ autoreconfHook pkgconfig ];

4
pkgs/applications/misc/kitty/default.nix
View File

@ -21,14 +21,14 @@
with python3Packages;
buildPythonApplication rec {
pname = "kitty";
version = "0.15.0";
version = "0.15.1";
format = "other";
src = fetchFromGitHub {
owner = "kovidgoyal";
repo = "kitty";
rev = "v${version}";
sha256 = "1gh8lcyqpkwvmjxwiq5d43sd43bg3c49fyy2x8drqdzj34gc49qg";
sha256 = "0y25w8123rjd6f5875mk8yv7mdr75mgswl3sh6zixm7b9r771s9p";
};
buildInputs = [

4
pkgs/applications/misc/kitty/no-werror.patch
View File

@ -3,9 +3,9 @@
@@ -217,7 +217,7 @@ def init_env(
cflags = os.environ.get(
'OVERRIDE_CFLAGS', (
'-Wextra {} -Wno-missing-field-initializers -Wall -Wstrict-prototypes -std={}11'
'-Wextra {} -Wno-missing-field-initializers -Wall -Wstrict-prototypes -std=c11'
- ' -pedantic-errors -Werror {} {} -fwrapv {} {} -pipe {} -fvisibility=hidden'
+ ' {} {} -fwrapv {} {} -pipe {} -fvisibility=hidden'
).format(
float_conversion, std,
float_conversion,
optimize,

6
pkgs/applications/misc/lutris/chrootenv.nix
View File

@ -5,7 +5,7 @@
let
qt5Deps = pkgs: with pkgs.qt5; [ qtbase qtmultimedia ];
gnome3Deps = pkgs: with pkgs.gnome3; [ zenity gtksourceview gnome-desktop libgnome-keyring webkitgtk ];
gnome3Deps = pkgs: with pkgs; [ gnome3.zenity gtksourceview gnome3.gnome-desktop gnome3.libgnome-keyring webkitgtk ];
xorgDeps = pkgs: with pkgs.xorg; [
libX11 libXrender libXrandr libxcb libXmu libpthreadstubs libXext libXdmcp
libXxf86vm libXinerama libSM libXv libXaw libXi libXcursor libXcomposite
@ -23,7 +23,7 @@ in buildFHSUserEnv {
allegro dumb
# Desmume
lua agg soundtouch openal desktop-file-utils pangox_compat atk
lua agg soundtouch openal desktop-file-utils atk
# DGen // TODO: libarchive is broken
@ -92,7 +92,7 @@ in buildFHSUserEnv {
multiPkgs = pkgs: with pkgs; [
# Common
libsndfile libtheora libogg libvorbis libopus libGLU libpcap libpulseaudio
libao libusb libevdev libudev libgcrypt libxml2 libusb libpng libmpeg2 libv4l
libao libusb libevdev udev libgcrypt libxml2 libusb libpng libmpeg2 libv4l
libjpeg libxkbcommon libass libcdio libjack2 libsamplerate libzip libmad libaio
libcap libtiff libva libgphoto2 libxslt libtxc_dxtn libsndfile giflib zlib glib
alsaLib zziplib bash dbus keyutils zip cabextract freetype unzip coreutils

6
pkgs/applications/misc/notejot/default.nix
View File

@ -34,6 +34,12 @@ stdenv.mkDerivation rec {
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "Stupidly-simple sticky notes applet";
homepage = https://github.com/lainsce/notejot;

11
pkgs/applications/misc/qtpass/default.nix
View File

@ -1,5 +1,6 @@
{ lib, mkDerivation, fetchFromGitHub
, git, gnupg, pass, pwgen, qrencode
, fetchpatch
, qtbase, qtsvg, qttools, qmake
}:
@ -25,6 +26,16 @@ mkDerivation rec {
enableParallelBuilding = true;
patches = [
# Fix path to pass-otp plugin `/usr/lib/password-store/extensions/otp.bash` being hardcoded.
# TODO: Remove when https://github.com/IJHack/QtPass/pull/499 is merged and available.
(fetchpatch {
name = "qtpass-Dont-hardcode-pass-otp-usr-lib-path.patch";
url = "https://github.com/IJHack/QtPass/commit/2ca9f0ec5a8d709c97a2433c5cd814040c82d4f3.patch";
sha256 = "0ljlvqxvarrz2a4j71i66aflrxi84zirb6cg9kvygnvhvm1zbc7d";
})
];
qmakeFlags = [
# setup hook only sets QMAKE_LRELEASE, set QMAKE_LUPDATE too:
"QMAKE_LUPDATE=${qttools.dev}/bin/lupdate"

2
pkgs/applications/misc/rsclock/default.nix
View File

@ -11,7 +11,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "1i93qkz6d8sbk78i4rvx099hnn4lklp4cjvanpm9ssv8na4rqvh2";
};
cargoSha256 = "0zg5q2p9snpfyxl0gx87ix1f46afrfm5jq0m6c7s8qw2x9hpvxzr";
cargoSha256 = "03mhlp5hi3nlybb9dkwf1gxgsg056mjq2zsxnb5qh8pdxw7fmdxk";
meta = with stdenv.lib; {
description = "A simple terminal clock written in Rust";

6
pkgs/applications/misc/sequeler/default.nix
View File

@ -29,6 +29,12 @@ in stdenv.mkDerivation rec {
patchShebangs build-aux/meson_post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "Friendly SQL Client";
longDescription = ''

6
pkgs/applications/misc/tootle/default.nix
View File

@ -62,6 +62,12 @@ stdenv.mkDerivation rec {
patchShebangs meson/post_install.py
'';
passthru = {
updateScript = pantheon.updateScript {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "Simple Mastodon client designed for elementary OS";
homepage = https://github.com/bleakgrey/tootle;

17
pkgs/applications/misc/wofi/default.nix
View File

@ -1,25 +1,18 @@
{ stdenv, lib, fetchhg, pkg-config, wayland, gtk3 }:
{ stdenv, lib, fetchhg, pkg-config, meson, ninja, wayland, gtk3 }:
stdenv.mkDerivation rec {
pname = "wofi";
version = "2019-10-28";
version = "1.0";
src = fetchhg {
url = "https://hg.sr.ht/~scoopta/wofi";
rev = "3fac708b2b541bb9927ec1b2389c4eb294e1b35b";
sha256 = "0sp9hqm1lv9wyxj8z7vazs25nvl6yznd5vfhmwb51axwkr79s2ym";
rev = "v${version}";
sha256 = "147yarm26nl0zc0a2rs7qi4jd7bz48vvyaygsif1qsv8fx0xiqqf";
};
nativeBuildInputs = [ pkg-config ];
nativeBuildInputs = [ pkg-config meson ninja ];
buildInputs = [ wayland gtk3 ];
sourceRoot = "hg-archive/Release";
installPhase = ''
mkdir -p $out/bin
cp wofi $out/bin/
'';
meta = with lib; {
description = "A launcher/menu program for wlroots based wayland compositors such as sway";
homepage = "https://hg.sr.ht/~scoopta/wofi";

26
pkgs/applications/networking/3proxy/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ stdenv, fetchFromGitHub, coreutils }:
stdenv.mkDerivation rec {
pname = "3proxy";
version = "0.8.13";
src = fetchFromGitHub {
owner = "z3APA3A";
repo = pname;
rev = version;
sha256 = "1k5rqldiyakhwhplazlhswkgy3psdkpxhn85605ncwaqx49qy8vk";
};
makeFlags = [
"INSTALL=${coreutils}/bin/install"
"prefix=$(out)"
];
preConfigure = ''
ln -s Makefile.Linux Makefile
'';
meta = with stdenv.lib; {
description = "Tiny free proxy server";
homepage = "https://github.com/z3APA3A/3proxy";
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = [ maintainers.misuzu ];
};
}

Some files were not shown because too many files have changed in this diff Show More