philipp
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

Merge remote-tracking branch 'origin/master' into gcc-9

gstqt5
Franz Pletz 2019-12-26 14:16:15 +01:00
parent 602bccd1a8 4d2dd15546
commit 77b6c3cd06
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
4311 changed files with 115681 additions and 107815 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/CODEOWNERS vendored
View File

@ -47,6 +47,9 @@
/nixos/doc/manual/man-nixos-option.xml @nbp
/nixos/modules/installer/tools/nixos-option.sh @nbp
# NixOS integration test driver
/nixos/lib/test-driver @tfc
# New NixOS modules
/nixos/modules/module-list.nix @Infinisil
@ -167,3 +170,8 @@
/nixos/modules/services/monitoring/prometheus/exporters.nix @WilliButz
/nixos/modules/services/monitoring/prometheus/exporters.xml @WilliButz
/nixos/tests/prometheus-exporters.nix @WilliButz
# PHP
/pkgs/development/interpreters/php @etu
/pkgs/top-level/php-packages.nix @etu
/pkgs/build-support/build-pecl.nix @etu

5
.github/CONTRIBUTING.md vendored
View File

@ -6,9 +6,8 @@ under the terms of [COPYING](../COPYING), which is an MIT-like license.
## Opening issues
* Make sure you have a [GitHub account](https://github.com/signup/free)
* [Submit an issue](https://github.com/NixOS/nixpkgs/issues) - assuming one does not already exist.
* Clearly describe the issue including steps to reproduce when it is a bug.
* Include information what version of nixpkgs and Nix are you using (nixos-version or git revision).
* Make sure there is no open issue on the topic
* [Submit a new issue](https://github.com/NixOS/nixpkgs/issues/new/choose) by choosing the kind of topic and fill out the template
## Submitting changes

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -12,7 +12,7 @@
- [ ] macOS
- [ ] other Linux distributions
- [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"`
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
- [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after)
- [ ] Ensured that relevant documentation is up to date

32
.github/stale.yml vendored Normal file
View File

@ -0,0 +1,32 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 180
# Number of days of inactivity before a stale issue is closed
daysUntilClose: false
# Issues with these labels will never be considered stale
exemptLabels:
- 1.severity: security
# Label to use when marking an issue as stale
staleLabel: 2.status: stale
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
Thank you for your contributions.
This has been automatically marked as stale because it has had no
activity for 180 days.
If this is still important to you, we ask that you leave a
comment below. Your comment can be as simple as "still important
to me". This lets people see that at least one person still cares
about this. Someone will have to do this at most twice a year if
there is no other activity.
Here are suggestions that might help resolve this more quickly:
1. Search for maintainers and people that previously touched the
related code and @ mention them in a comment.
2. Ask on the [NixOS Discourse](https://discourse.nixos.org/).
3. Ask on the [#nixos channel](irc://irc.freenode.net/#nixos) on
[irc.freenode.net](https://freenode.net).
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false

11
doc/builders/fetchers.xml
View File

@ -105,6 +105,17 @@ stdenv.mkDerivation {
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromGitiles</literal>
</term>
<listitem>
<para>
This is used with Gitiles repositories. The arguments expected
are similar to fetchgit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromBitbucket</literal>

6
doc/builders/images/dockertools.xml
View File

@ -8,12 +8,6 @@
<varname>pkgs.dockerTools</varname> is a set of functions for creating and manipulating Docker images according to the <link xlink:href="https://github.com/moby/moby/blob/master/image/spec/v1.2.md#docker-image-specification-v120"> Docker Image Specification v1.2.0 </link>. Docker itself is not used to perform any of the operations done by these functions.
</para>
<warning>
<para>
The <varname>dockerTools</varname> API is unstable and may be subject to backwards-incompatible changes in the future.
</para>
</warning>
<section xml:id="ssec-pkgs-dockerTools-buildImage">
<title>buildImage</title>

21
doc/builders/trivial-builders.xml
View File

@ -7,7 +7,7 @@
Nixpkgs provides a couple of functions that help with building derivations. The most important one, <function>stdenv.mkDerivation</function>, has already been documented above. The following functions wrap <function>stdenv.mkDerivation</function>, making it easier to use in certain cases.
</para>
<variablelist>
<varlistentry>
<varlistentry xml:id="trivial-builder-runCommand">
<term>
<literal>runCommand</literal>
</term>
@ -40,7 +40,7 @@
</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry xml:id="trivial-builder-runCommandCC">
<term>
<literal>runCommandCC</literal>
</term>
@ -50,7 +50,20 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry xml:id="trivial-builder-runCommandLocal">
<term>
<literal>runCommandLocal</literal>
</term>
<listitem>
<para>
Variant of <literal>runCommand</literal> that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (&lt;1s execution time). It saves on the network roundrip and can speed up a build.
</para>
<note><para>
This sets <link xlink:href="https://nixos.org/nix/manual/#adv-attr-allowSubstitutes"><literal>allowSubstitutes</literal> to <literal>false</literal></link>, so only use <literal>runCommandLocal</literal> if you are certain the user will always have a builder for the <literal>system</literal> of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the <literal>system</literal> is usually the same as <literal>builtins.currentSystem</literal>.
</para></note>
</listitem>
</varlistentry>
<varlistentry xml:id="trivial-builder-writeText">
<term>
<literal>writeTextFile</literal>, <literal>writeText</literal>, <literal>writeTextDir</literal>, <literal>writeScript</literal>, <literal>writeScriptBin</literal>
</term>
@ -63,7 +76,7 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry xml:id="trivial-builder-symlinkJoin">
<term>
<literal>symlinkJoin</literal>
</term>

21
doc/contributing/coding-conventions.xml
View File

@ -620,6 +620,16 @@ args.stdenv.mkDerivation (args // {
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
If its an <emphasis>icon theme</emphasis>:
</term>
<listitem>
<para>
<filename>data/icons</filename>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
If its related to <emphasis>SGML/XML processing</emphasis>:
@ -652,6 +662,17 @@ args.stdenv.mkDerivation (args // {
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term>
If its a <emphasis>theme</emphasis> for a <emphasis>desktop environment</emphasis>,
a <emphasis>window manager</emphasis> or a <emphasis>display manager</emphasis>:
</term>
<listitem>
<para>
<filename>data/themes</filename>
</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>

4
doc/contributing/reviewing-contributions.xml
View File

@ -141,10 +141,10 @@
</listitem>
<listitem>
<para>
The <link xlink:href="https://github.com/Mic92/nix-review">nix-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
The <link xlink:href="https://github.com/Mic92/nixpkgs-review">nixpkgs-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
</para>
<screen>
<prompt>$ </prompt>nix-shell -p nix-review --run "nix-review pr PRNUMBER"
<prompt>$ </prompt>nix-shell -p nixpkgs-review --run "nixpkgs-review pr PRNUMBER"
</screen>
</listitem>
</itemizedlist>

54
doc/contributing/submitting-changes.xml
View File

@ -228,6 +228,33 @@ Additional information.
</listitem>
</itemizedlist>
</section>
<section xml:id="submitting-changes-submitting-security-fixes">
<title>Submitting security fixes</title>
<para>
Security fixes are submitted in the same way as other changes and thus the same guidelines apply.
</para>
<para>
If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. <literal>CVE-2019-13636.patch</literal> in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.:
</para>
<programlisting>
(fetchpatch {
name = "CVE-2019-11068.patch";
url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
})
</programlisting>
<para>
If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch.
</para>
<para>
Critical security fixes may by-pass the staging branches and be delivered directly to release branches such as <literal>master</literal> and <literal>release-*</literal>.
</para>
</section>
<section xml:id="submitting-changes-pull-request-template">
<title>Pull Request Template</title>
@ -290,20 +317,25 @@ Additional information.
</section>
<section xml:id="submitting-changes-tested-compilation">
<title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title>
<title>Tested compilation of all pkgs that depend on this change using <command>nixpkgs-review</command></title>
<para>
If you are updating a package's version, you can use nix-review to make sure all packages that depend on the updated package still compile correctly. The <command>nix-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
If you are updating a package's version, you can use nixpkgs-review to make sure all packages that depend on the updated package still compile correctly. The <command>nixpkgs-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
</para>
<para>
review changes from pull request number 12345:
<screen>nix-shell -p nix-review --run "nix-review pr 12345"</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review pr 12345</screen>
</para>
<para>
review uncommitted changes:
<screen>nix-shell -p nix-review --run "nix-review wip"</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review wip</screen>
</para>
<para>
review changes from last commit:
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review rev HEAD</screen>
</para>
</section>
@ -376,7 +408,7 @@ Additional information.
<section xml:id="submitting-changes-master-branch">
<title>Master branch</title>
<para>
The <literal>master</literal> branch is the main development branch.
The <literal>master</literal> branch is the main development branch.
It should only see non-breaking commits that do not cause mass rebuilds.
</para>
</section>
@ -384,8 +416,8 @@ Additional information.
<section xml:id="submitting-changes-staging-branch">
<title>Staging branch</title>
<para>
The <literal>staging</literal> branch is a development branch where mass-rebuilds go.
It should only see non-breaking mass-rebuild commits.
The <literal>staging</literal> branch is a development branch where mass-rebuilds go.
It should only see non-breaking mass-rebuild commits.
That means it is not to be used for testing, and changes must have been well tested already.
If the branch is already in a broken state, please refrain from adding extra new breakages.
</para>
@ -394,10 +426,10 @@ Additional information.
<section xml:id="submitting-changes-staging-next-branch">
<title>Staging-next branch</title>
<para>
The <literal>staging-next</literal> branch is for stabilizing mass-rebuilds submitted to the <literal>staging</literal> branch prior to merging them into <literal>master</literal>.
Mass-rebuilds should go via the <literal>staging</literal> branch.
The <literal>staging-next</literal> branch is for stabilizing mass-rebuilds submitted to the <literal>staging</literal> branch prior to merging them into <literal>master</literal>.
Mass-rebuilds should go via the <literal>staging</literal> branch.
It should only see non-breaking commits that are fixing issues blocking it from being merged into the <literal>master </literal> branch.
</para>
</para>
<para>
If the branch is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days and then merge into master.
</para>
@ -409,7 +441,7 @@ Additional information.
<itemizedlist>
<listitem>
<para>
If you're cherry-picking a commit to a stable release branch, always use <command>git cherry-pick -xe</command> and ensure the message contains a clear description about why this needs to be included in the stable branch.
If you're cherry-picking a commit to a stable release branch (“backporting”), always use <command>git cherry-pick -xe</command> and ensure the message contains a clear description about why this needs to be included in the stable branch.
</para>
<para>
An example of a cherry-picked commit would look like this:

2
doc/languages-frameworks/android.section.md
View File

@ -95,7 +95,7 @@ $ nix-build
The Android SDK gets deployed with all desired plugin versions.
We can also deploy subsets of the Android SDK. For example, to only the the
We can also deploy subsets of the Android SDK. For example, to only the
`platform-tools` package, you can evaluate the following expression:
```nix

307
doc/languages-frameworks/beam.xml
View File

@ -26,7 +26,7 @@
</listitem>
<listitem>
<para>
<literal>packages</literal>: a set of package sets, each compiled with a specific Erlang/OTP version, e.g. <literal>beam.packages.erlangR19</literal>.
<literal>packages</literal>: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. <literal>beam.packages.erlangR19</literal>.
</para>
</listitem>
</itemizedlist>
@ -36,15 +36,11 @@
</para>
<para>
To create a package set built with a custom Erlang version, use the lambda, <literal>beam.packagesWith</literal>, which accepts an Erlang/OTP derivation and produces a package set similar to <literal>beam.packages.erlang</literal>.
To create a package builder built with a custom Erlang version, use the lambda, <literal>beam.packagesWith</literal>, which accepts an Erlang/OTP derivation and produces a package builder similar to <literal>beam.packages.erlang</literal>.
</para>
<para>
Many Erlang/OTP distributions available in <literal>beam.interpreters</literal> have versions with ODBC and/or Java enabled. For example, there's <literal>beam.interpreters.erlangR19_odbc_javac</literal>, which corresponds to <literal>beam.interpreters.erlangR19</literal>.
</para>
<para xml:id="erlang-call-package">
We also provide the lambda, <literal>beam.packages.erlang.callPackage</literal>, which simplifies writing BEAM package definitions by injecting all packages from <literal>beam.packages.erlang</literal> into the top-level context.
Many Erlang/OTP distributions available in <literal>beam.interpreters</literal> have versions with ODBC and/or Java enabled or without wx (no observer support). For example, there's <literal>beam.interpreters.erlangR22_odbc_javac</literal>, which corresponds to <literal>beam.interpreters.erlangR22</literal> and <literal>beam.interpreters.erlangR22_nox</literal>, which corresponds to <literal>beam.interpreters.erlangR22</literal>.
</para>
</section>
@ -55,7 +51,7 @@
<title>Rebar3</title>
<para>
We provide a version of Rebar3, which is the normal, unmodified Rebar3, under <literal>rebar3</literal>. We also provide a helper to fetch Rebar3 dependencies from a lockfile under <literal>fetchRebar3Deps</literal>.
We provide a version of Rebar3, under <literal>rebar3</literal>. We also provide a helper to fetch Rebar3 dependencies from a lockfile under <literal>fetchRebar3Deps</literal>.
</para>
</section>
@ -72,32 +68,14 @@
<title>How to Install BEAM Packages</title>
<para>
BEAM packages are not registered at the top level, simply because they are not relevant to the vast majority of Nix users. They are installable using the <literal>beam.packages.erlang</literal> attribute set (aliased as <literal>beamPackages</literal>), which points to packages built by the default Erlang/OTP version in Nixpkgs, as defined by <literal>beam.interpreters.erlang</literal>. To list the available packages in <literal>beamPackages</literal>, use the following command:
BEAM builders are not registered at the top level, simply because they are not relevant to the vast majority of Nix users.
To install any of those builders into your profile, refer to them by their attribute path <literal>beamPackages.rebar3</literal>:
</para>
<screen>
<prompt>$ </prompt>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A beamPackages
beamPackages.esqlite esqlite-0.2.1
beamPackages.goldrush goldrush-0.1.7
beamPackages.ibrowse ibrowse-4.2.2
beamPackages.jiffy jiffy-0.14.5
beamPackages.lager lager-3.0.2
beamPackages.meck meck-0.8.3
beamPackages.rebar3-pc pc-1.1.0
</screen>
<para>
To install any of those packages into your profile, refer to them by their attribute path (first column):
</para>
<screen>
<prompt>$ </prompt>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA beamPackages.ibrowse
</screen>
<para>
The attribute path of any BEAM package corresponds to the name of that particular package in <link xlink:href="https://hex.pm">Hex</link> or its OTP Application/Release name.
</para>
</section>
<screen>
<prompt>$ </prompt>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA beamPackages.rebar3
</screen>
</section>
<section xml:id="packaging-beam-applications">
<title>Packaging BEAM Applications</title>
@ -109,35 +87,7 @@ beamPackages.rebar3-pc pc-1.1.0
<title>Rebar3 Packages</title>
<para>
The Nix function, <literal>buildRebar3</literal>, defined in <literal>beam.packages.erlang.buildRebar3</literal> and aliased at the top level, can be used to build a derivation that understands how to build a Rebar3 project. For example, we can build <link
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link> as follows:
</para>
<programlisting>
{ stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 rec {
name = "hex2nix";
version = "0.0.1";
src = fetchFromGitHub {
owner = "ericbmerritt";
repo = "hex2nix";
rev = "${version}";
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
};
beamDeps = [ ibrowse jsx erlware_commons ];
}
</programlisting>
<para>
Such derivations are callable with <literal>beam.packages.erlang.callPackage</literal> (see <xref
linkend="erlang-call-package"/>). To call this package using the normal <literal>callPackage</literal>, refer to dependency packages via <literal>beamPackages</literal>, e.g. <literal>beamPackages.ibrowse</literal>.
</para>
<para>
Notably, <literal>buildRebar3</literal> includes <literal>beamDeps</literal>, while <literal>stdenv.mkDerivation</literal> does not. BEAM dependencies added there will be correctly handled by the system.
The Nix function, <literal>buildRebar3</literal>, defined in <literal>beam.packages.erlang.buildRebar3</literal> and aliased at the top level, can be used to build a derivation that understands how to build a Rebar3 project.
</para>
<para>
@ -152,30 +102,6 @@ buildRebar3 rec {
Erlang.mk functions similarly to Rebar3, except we use <literal>buildErlangMk</literal> instead of <literal>buildRebar3</literal>.
</para>
<programlisting>
{ buildErlangMk, fetchHex, cowlib, ranch }:
buildErlangMk {
name = "cowboy";
version = "1.0.4";
src = fetchHex {
pkg = "cowboy";
version = "1.0.4";
sha256 = "6a0edee96885fae3a8dd0ac1f333538a42e807db638a9453064ccfdaa6b9fdac";
};
beamDeps = [ cowlib ranch ];
meta = {
description = ''
Small, fast, modular HTTP server written in Erlang
'';
license = stdenv.lib.licenses.isc;
homepage = https://github.com/ninenines/cowboy;
};
}
</programlisting>
</section>
<section xml:id="mix-packages">
@ -185,57 +111,9 @@ buildErlangMk {
Mix functions similarly to Rebar3, except we use <literal>buildMix</literal> instead of <literal>buildRebar3</literal>.
</para>
<programlisting>
{ buildMix, fetchHex, plug, absinthe }:
buildMix {
name = "absinthe_plug";
version = "1.0.0";
src = fetchHex {
pkg = "absinthe_plug";
version = "1.0.0";
sha256 = "08459823fe1fd4f0325a8bf0c937a4520583a5a26d73b193040ab30a1dfc0b33";
};
beamDeps = [ plug absinthe ];
meta = {
description = ''
A plug for Absinthe, an experimental GraphQL toolkit
'';
license = stdenv.lib.licenses.bsd3;
homepage = https://github.com/CargoSense/absinthe_plug;
};
}
</programlisting>
<para>
Alternatively, we can use <literal>buildHex</literal> as a shortcut:
</para>
<programlisting>
{ buildHex, buildMix, plug, absinthe }:
buildHex {
name = "absinthe_plug";
version = "1.0.0";
sha256 = "08459823fe1fd4f0325a8bf0c937a4520583a5a26d73b193040ab30a1dfc0b33";
builder = buildMix;
beamDeps = [ plug absinthe ];
meta = {
description = ''
A plug for Absinthe, an experimental GraphQL toolkit
'';
license = stdenv.lib.licenses.bsd3;
homepage = https://github.com/CargoSense/absinthe_plug;
};
}
</programlisting>
</section>
</section>
</section>
@ -243,66 +121,13 @@ buildHex {
<section xml:id="how-to-develop">
<title>How to Develop</title>
<section xml:id="accessing-an-environment">
<title>Accessing an Environment</title>
<para>
Often, we simply want to access a valid environment that contains a specific package and its dependencies. We can accomplish that with the <literal>env</literal> attribute of a derivation. For example, let's say we want to access an Erlang REPL with <literal>ibrowse</literal> loaded up. We could do the following:
</para>
<screen>
<prompt>$ </prompt><userinput>nix-shell -A beamPackages.ibrowse.env --run "erl"</userinput>
<computeroutput>Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
Eshell V7.0 (abort with ^G)</computeroutput>
<prompt>1> </prompt><userinput>m(ibrowse).</userinput>
<computeroutput>Module: ibrowse
MD5: 3b3e0137d0cbb28070146978a3392945
Compiled: January 10 2016, 23:34
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
debug_info,debug_info,nowarn_shadow_vars,
warn_unused_import,warn_unused_vars,warnings_as_errors,
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
Exports:
add_config/1 send_req_direct/7
all_trace_off/0 set_dest/3
code_change/3 set_max_attempts/3
get_config_value/1 set_max_pipeline_size/3
get_config_value/2 set_max_sessions/3
get_metrics/0 show_dest_status/0
get_metrics/2 show_dest_status/1
handle_call/3 show_dest_status/2
handle_cast/2 spawn_link_worker_process/1
handle_info/2 spawn_link_worker_process/2
init/1 spawn_worker_process/1
module_info/0 spawn_worker_process/2
module_info/1 start/0
rescan_config/0 start_link/0
rescan_config/1 stop/0
send_req/3 stop_worker_process/1
send_req/4 stream_close/1
send_req/5 stream_next/1
send_req/6 terminate/2
send_req_direct/4 trace_off/0
send_req_direct/5 trace_off/2
send_req_direct/6 trace_on/0
trace_on/2
ok</computeroutput>
<prompt>2></prompt>
</screen>
<para>
Notice the <literal>-A beamPackages.ibrowse.env</literal>. That is the key to this functionality.
</para>
</section>
<section xml:id="creating-a-shell">
<title>Creating a Shell</title>
<para>
Getting access to an environment often isn't enough to do real development. Usually, we need to create a <literal>shell.nix</literal> file and do our development inside of the environment specified therein. This file looks a lot like the packaging described above, except that <literal>src</literal> points to the project root and we call the package directly.
</para>
<para>
Usually, we need to create a <literal>shell.nix</literal> file and do our development inside of the environment specified therein. Just install your version of erlang and other interpreter, and then user your normal build tools.
As an example with elixir:
</para>
<programlisting>
{ pkgs ? import &quot;&lt;nixpkgs&quot;&gt; {} }:
@ -311,114 +136,24 @@ with pkgs;
let
f = { buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 {
name = "hex2nix";
version = "0.1.0";
src = ./.;
beamDeps = [ ibrowse jsx erlware_commons ];
};
drv = beamPackages.callPackage f {};
elixir = beam.packages.erlangR22.elixir_1_9;
in
mkShell {
buildInputs = [ elixir ];
drv
ERL_INCLUDE_PATH="${erlang}/lib/erlang/usr/include";
}
</programlisting>
<section xml:id="building-in-a-shell">
<title>Building in a Shell (for Mix Projects)</title>
<para>
We can leverage the support of the derivation, irrespective of the build derivation, by calling the commands themselves.
</para>
<programlisting>
# =============================================================================
# Variables
# =============================================================================
NIX_TEMPLATES := "$(CURDIR)/nix-templates"
TARGET := "$(PREFIX)"
PROJECT_NAME := thorndyke
NIXPKGS=../nixpkgs
NIX_PATH=nixpkgs=$(NIXPKGS)
NIX_SHELL=nix-shell -I "$(NIX_PATH)" --pure
# =============================================================================
# Rules
# =============================================================================
.PHONY= all test clean repl shell build test analyze configure install \
test-nix-install publish plt analyze
all: build
guard-%:
@ if [ "${${*}}" == "" ]; then \
echo "Environment variable $* not set"; \
exit 1; \
fi
clean:
rm -rf _build
rm -rf .cache
repl:
$(NIX_SHELL) --run "iex -pa './_build/prod/lib/*/ebin'"
shell:
$(NIX_SHELL)
configure:
$(NIX_SHELL) --command 'eval "$$configurePhase"'
build: configure
$(NIX_SHELL) --command 'eval "$$buildPhase"'
install:
$(NIX_SHELL) --command 'eval "$$installPhase"'
test:
$(NIX_SHELL) --command 'mix test --no-start --no-deps-check'
plt:
$(NIX_SHELL) --run "mix dialyzer.plt --no-deps-check"
analyze: build plt
$(NIX_SHELL) --run "mix dialyzer --no-compile"
</programlisting>
<para>
Using a <literal>shell.nix</literal> as described (see <xref
linkend="creating-a-shell"/>) should just work. Aside from <literal>test</literal>, <literal>plt</literal>, and <literal>analyze</literal>, the Make targets work just fine for all of the build derivations.
linkend="creating-a-shell"/>) should just work.
</para>
</section>
</section>
</section>
<section xml:id="generating-packages-from-hex-with-hex2nix">
<title>Generating Packages from Hex with <literal>hex2nix</literal></title>
<para>
Updating the <link xlink:href="https://hex.pm">Hex</link> package set requires <link
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>. Given the path to the Erlang modules (usually <literal>pkgs/development/erlang-modules</literal>), it will dump a file called <literal>hex-packages.nix</literal>, containing all the packages that use a recognized build system in <link
xlink:href="https://hex.pm">Hex</link>. It can't be determined, however, whether every package is buildable.
</para>
<para>
To make life easier for our users, try to build every <link
xlink:href="https://hex.pm">Hex</link> package and remove those that fail. To do that, simply run the following command in the root of your <literal>nixpkgs</literal> repository:
</para>
<screen>
<prompt>$ </prompt>nix-build -A beamPackages
</screen>
<para>
That will attempt to build every package in <literal>beamPackages</literal>. Then manually remove those that fail. Hopefully, someone will improve <link
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link> in the future to automate the process.
</para>
</section>
</section>

16
doc/languages-frameworks/gnome.xml
View File

@ -74,7 +74,7 @@
preFixup = ''
for f in $(find $out/bin/ $out/libexec/ -type f -executable); do
wrapProgram "$f" \
--prefix GIO_EXTRA_MODULES : "${getLib gnome3.dconf}/lib/gio/modules" \
--prefix GIO_EXTRA_MODULES : "${getLib dconf}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "$out/share" \
--prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/${name}" \
--prefix XDG_DATA_DIRS : "${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}" \
@ -102,7 +102,7 @@ preFixup = ''
</listitem>
<listitem xml:id="ssec-gnome-hooks-dconf">
<para>
<package>gnome3.dconf.lib</package> is a dependency of <package>wrapGAppsHook</package>, which then also adds it to the <envar>GIO_EXTRA_MODULES</envar> variable.
<package>dconf.lib</package> is a dependency of <package>wrapGAppsHook</package>, which then also adds it to the <envar>GIO_EXTRA_MODULES</envar> variable.
</para>
</listitem>
<listitem xml:id="ssec-gnome-hooks-hicolor-icon-theme">
@ -199,9 +199,9 @@ python3.pkgs.buildPythonApplication {
dontWrapGApps = true;
# Arguments to be passed to `makeWrapper`, only used by buildPython*
makeWrapperArgs = [
"\${gappsWrapperArgs[@]}"
];
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
}
</programlisting>
And for a QT app like:
@ -219,9 +219,9 @@ mkDerivation {
dontWrapGApps = true;
# Arguments to be passed to `makeWrapper`, only used by qt5s mkDerivation
qtWrapperArgs = [
"\${gappsWrapperArgs[@]}"
];
preFixup = ''
qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
}
</programlisting>
</para>

4
doc/languages-frameworks/go.xml
View File

@ -26,7 +26,7 @@
<title>buildGoModule</title>
<programlisting>
pet = buildGoModule rec {
name = "pet-${version}";
pname = "pet";
version = "0.3.4";
src = fetchFromGitHub {
@ -79,7 +79,7 @@ pet = buildGoModule rec {
<title>buildGoPackage</title>
<programlisting>
deis = buildGoPackage rec {
name = "deis-${version}";
pname = "deis";
version = "1.13.0";
goPackagePath = "github.com/deis/deis"; <co xml:id='ex-buildGoPackage-1' />

48
doc/languages-frameworks/haskell.section.md
View File

@ -25,14 +25,14 @@ avoided that by keeping all Haskell-related packages in a separate attribute
set called `haskellPackages`, which the following command will list:
```
$ nix-env -f "<nixpkgs>" -qaP -A haskellPackages
haskellPackages.a50 a50-0.5
haskellPackages.abacate haskell-abacate-0.0.0.0
haskellPackages.abcBridge haskell-abcBridge-0.12
haskellPackages.afv afv-0.1.1
haskellPackages.alex alex-3.1.4
haskellPackages.Allure Allure-0.4.101.1
haskellPackages.alms alms-0.6.7
[... some 8000 entries omitted ...]
haskellPackages.a50 a50-0.5
haskellPackages.AAI AAI-0.2.0.1
haskellPackages.abacate abacate-0.0.0.0
haskellPackages.abc-puzzle abc-puzzle-0.2.1
haskellPackages.abcBridge abcBridge-0.15
haskellPackages.abcnotation abcnotation-1.9.0
haskellPackages.abeson abeson-0.1.0.1
[... some 14000 entries omitted ...]
```
To install any of those packages into your profile, refer to them by their
@ -101,19 +101,21 @@ to compile your Haskell packages with any GHC version you please. The following
command displays the complete list of available compilers:
```
$ nix-env -f "<nixpkgs>" -qaP -A haskell.compiler
haskell.compiler.ghc6104 ghc-6.10.4
haskell.compiler.ghc6123 ghc-6.12.3
haskell.compiler.ghc704 ghc-7.0.4
haskell.compiler.ghc722 ghc-7.2.2
haskell.compiler.ghc742 ghc-7.4.2
haskell.compiler.ghc763 ghc-7.6.3
haskell.compiler.ghc784 ghc-7.8.4
haskell.compiler.ghc7102 ghc-7.10.2
haskell.compiler.ghcHEAD ghc-7.11.20150402
haskell.compiler.ghcNokinds ghc-nokinds-7.11.20150704
haskell.compiler.ghcjs ghcjs-0.1.0
haskell.compiler.jhc jhc-0.8.2
haskell.compiler.uhc uhc-1.1.9.0
haskell.compiler.ghc822 ghc-8.2.2
haskell.compiler.integer-simple.ghc822 ghc-8.2.2
haskell.compiler.ghc822Binary ghc-8.2.2-binary
haskell.compiler.ghc844 ghc-8.4.4
haskell.compiler.ghc863Binary ghc-8.6.3-binary
haskell.compiler.ghc864 ghc-8.6.4
haskell.compiler.integer-simple.ghc864 ghc-8.6.4
haskell.compiler.ghc865 ghc-8.6.5
haskell.compiler.integer-simple.ghc865 ghc-8.6.5
haskell.compiler.ghc881 ghc-8.8.1
haskell.compiler.integer-simple.ghc881 ghc-8.8.1
haskell.compiler.ghcHEAD ghc-8.9.20190601
haskell.compiler.integer-simple.ghcHEAD ghc-8.9.20190601
haskell.compiler.ghcjs84 ghcjs-8.4.0.1
haskell.compiler.ghcjs ghcjs-8.6.0.1
```
We have no package sets for `jhc` or `uhc` yet, unfortunately, but for every
@ -398,7 +400,9 @@ nix:
For more on how to write a `shell.nix` file see the below section. You'll need
to express a derivation. Note that Nixpkgs ships with a convenience wrapper
function around `mkDerivation` called `haskell.lib.buildStackProject` to help you
create this derivation in exactly the way Stack expects. All of the same inputs
create this derivation in exactly the way Stack expects. However for this to work
you need to disable the sandbox, which you can do by using `--option sandbox relaxed`
or `--option sandbox false` to the Nix command. All of the same inputs
as `mkDerivation` can be provided. For example, to build a Stack project that
including packages that link against a version of the R library compiled with
special options turned on:

12
doc/languages-frameworks/ios.section.md
View File

@ -1,7 +1,7 @@
---
title: iOS
author: Sander van der Burg
date: 2018-11-18
date: 2019-11-10
---
# iOS
@ -217,3 +217,13 @@ xcode.simulateApp {
By providing the result of an `xcode.buildApp {}` function and configuring the
app bundle id, the app gets deployed automatically and started.
Troubleshooting
---------------
In some rare cases, it may happen that after a failure, changes are not picked
up. Most likely, this is caused by a derived data cache that Xcode maintains.
To wipe it you can run:
```bash
$ rm -rf ~/Library/Developer/Xcode/DerivedData
```

31
doc/languages-frameworks/python.section.md
View File

@ -144,6 +144,24 @@ What's happening here?
2. Then we create a Python 3.5 environment with the `withPackages` function.
3. The `withPackages` function expects us to provide a function as an argument that takes the set of all python packages and returns a list of packages to include in the environment. Here, we select the packages `numpy` and `toolz` from the package set.
To combine this with `mkShell` you can:
```nix
with import <nixpkgs> {};
let
pythonEnv = python35.withPackages (ps: [
ps.numpy
ps.toolz
]);
in mkShell {
buildInputs = [
pythonEnv
hello
];
}
```
##### Execute command with `--run`
A convenient option with `nix-shell` is the `--run`
option, with which you can execute a command in the `nix-shell`. We can
@ -1016,7 +1034,10 @@ Create this `default.nix` file, together with a `requirements.txt` and simply ex
```nix
with import <nixpkgs> {};
with python27Packages;
let
pythonPackages = python27Packages;
in
stdenv.mkDerivation {
name = "impurePythonEnv";
@ -1026,9 +1047,8 @@ stdenv.mkDerivation {
buildInputs = [
# these packages are required for virtualenv and pip to work:
#
python27Full
python27Packages.virtualenv
python27Packages.pip
pythonPackages.virtualenv
pythonPackages.pip
# the following packages are related to the dependencies of your python
# project.
# In this particular example the python modules listed in the
@ -1041,14 +1061,13 @@ stdenv.mkDerivation {
libxml2
libxslt
libzip
stdenv
zlib
];
shellHook = ''
# set SOURCE_DATE_EPOCH so that we can use python wheels
SOURCE_DATE_EPOCH=$(date +%s)
virtualenv --no-setuptools venv
virtualenv --python=${pythonPackages.python.interpreter} --no-setuptools venv
export PATH=$PWD/venv/bin:$PATH
pip install -r requirements.txt
'';

2
doc/languages-frameworks/rust.section.md
View File

@ -203,7 +203,7 @@ argument and returns a set that contains all attribute that should be
overwritten.
For more complicated cases, such as when parts of the crate's
derivation depend on the the crate's version, the `attrs` argument of
derivation depend on the crate's version, the `attrs` argument of
the override above can be read, as in the following example, which
patches the derivation:

91
doc/languages-frameworks/texlive.xml
View File

@ -59,6 +59,97 @@ nix-repl> texlive.collection-<TAB>
</itemizedlist>
</section>
<section xml:id="sec-language-texlive-custom-packages">
<title>Custom packages</title>
<para>
You may find that you need to use an external TeX package. A derivation for such package has to provide contents of the "texmf" directory in its output and provide the <varname>tlType</varname> attribute. Here is a (very verbose) example:
<programlisting><![CDATA[
with import <nixpkgs> {};
let
foiltex_run = stdenvNoCC.mkDerivation {
pname = "latex-foiltex";
version = "2.1.4b";
passthru.tlType = "run";
srcs = [
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.dtx";
sha256 = "07frz0krpz7kkcwlayrwrj2a2pixmv0icbngyw92srp9fp23cqpz";
})
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.ins";
sha256 = "09wkyidxk3n3zvqxfs61wlypmbhi1pxmjdi1kns9n2ky8ykbff99";
})
];
unpackPhase = ''
runHook preUnpack
for _src in $srcs; do
cp "$_src" $(stripHash "$_src")
done
runHook postUnpack
'';
nativeBuildInputs = [ texlive.combined.scheme-small ];
dontConfigure = true;
buildPhase = ''
runHook preBuild
# Generate the style files
latex foiltex.ins
runHook postBuild
'';
installPhase = ''
runHook preInstall
path="$out/tex/latex/foiltex"
mkdir -p "$path"
cp *.{cls,def,clo} "$path/"
runHook postInstall
'';
meta = with lib; {
description = "A LaTeX2e class for overhead transparencies";
license = licenses.unfreeRedistributable;
maintainers = with maintainers; [ veprbl ];
platforms = platforms.all;
};
};
foiltex = { pkgs = [ foiltex_run ]; };
latex_with_foiltex = texlive.combine {
inherit (texlive) scheme-small;
inherit foiltex;
};
in
runCommand "test.pdf" {
nativeBuildInputs = [ latex_with_foiltex ];
} ''
cat >test.tex <<EOF
\documentclass{foils}
\title{Presentation title}
\date{}
\begin{document}
\maketitle
\end{document}
EOF
pdflatex test.tex
cp test.pdf $out
''
]]></programlisting>
</para>
</section>
<section xml:id="sec-language-texlive-known-problems">
<title>Known problems</title>

6
doc/stdenv/cross-compilation.xml
View File

@ -244,7 +244,7 @@
</question>
<answer>
<para>
Many packages assume that an unprefixed <command>ar</command> is available, but Nix doesn't provide one. It only provides a prefixed one, just as it only does for all the other binutils programs. It may be necessary to patch the package to fix the build system to use a prefixed `ar`.
Many packages assume that an unprefixed <command>ar</command> is available, but Nix doesn't provide one. It only provides a prefixed one, just as it only does for all the other binutils programs. It may be necessary to patch the package to fix the build system to use a prefixed <command>ar</command>.
</para>
</answer>
</qandaentry>
@ -348,12 +348,12 @@ nix-build '&lt;nixpkgs&gt;' --arg crossSystem '{ config = "&lt;arch&gt;-&lt;os&g
</para>
</listitem>
</orderedlist>
In each stage, <varname>pkgsBuildHost</varname> refers the the previous stage, <varname>pkgsBuildBuild</varname> refers to the one before that, and <varname>pkgsHostTarget</varname> refers to the current one, and <varname>pkgsTargetTarget</varname> refers to the next one. When there is no previous or next stage, they instead refer to the current stage. Note how all the invariants regarding the mapping between dependency and depending packages' build host and target platforms are preserved. <varname>pkgsBuildTarget</varname> and <varname>pkgsHostHost</varname> are more complex in that the stage fitting the requirements isn't always a fixed chain of "prevs" and "nexts" away (modulo the "saturating" self-references at the ends). We just special case each instead. All the primary edges are implemented is in <filename>pkgs/stdenv/booter.nix</filename>, and secondarily aliases in <filename>pkgs/top-level/stage.nix</filename>.
In each stage, <varname>pkgsBuildHost</varname> refers to the previous stage, <varname>pkgsBuildBuild</varname> refers to the one before that, and <varname>pkgsHostTarget</varname> refers to the current one, and <varname>pkgsTargetTarget</varname> refers to the next one. When there is no previous or next stage, they instead refer to the current stage. Note how all the invariants regarding the mapping between dependency and depending packages' build host and target platforms are preserved. <varname>pkgsBuildTarget</varname> and <varname>pkgsHostHost</varname> are more complex in that the stage fitting the requirements isn't always a fixed chain of "prevs" and "nexts" away (modulo the "saturating" self-references at the ends). We just special case each instead. All the primary edges are implemented is in <filename>pkgs/stdenv/booter.nix</filename>, and secondarily aliases in <filename>pkgs/top-level/stage.nix</filename>.
</para>
<note>
<para>
Note the native stages are bootstrapped in legacy ways that predate the current cross implementation. This is why the the bootstrapping stages leading up to the final stages are ignored inthe previous paragraph.
Note the native stages are bootstrapped in legacy ways that predate the current cross implementation. This is why the bootstrapping stages leading up to the final stages are ignored inthe previous paragraph.
</para>
</note>

12
doc/stdenv/stdenv.xml
View File

@ -1123,6 +1123,16 @@ preBuild = ''
<variablelist>
<title>Variables controlling the install phase</title>
<varlistentry>
<term>
<varname>dontInstall</varname>
</term>
<listitem>
<para>
Set to true to skip the install phase.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>makeFlags</varname> / <varname>makeFlagsArray</varname> / <varname>makefile</varname>
@ -1717,7 +1727,7 @@ someVar=$(stripHash $name)
</para>
<para>
The most typical use of the setup hook is actually to add other hooks which are then run (i.e. after all the setup hooks) on each dependency. For example, the C compiler wrapper's setup hook feeds itself flags for each dependency that contains relevant libraries and headers. This is done by defining a bash function, and appending its name to one of <envar>envBuildBuildHooks</envar>`, <envar>envBuildHostHooks</envar>`, <envar>envBuildTargetHooks</envar>`, <envar>envHostHostHooks</envar>`, <envar>envHostTargetHooks</envar>`, or <envar>envTargetTargetHooks</envar>`. These 6 bash variables correspond to the 6 sorts of dependencies by platform (there's 12 total but we ignore the propagated/non-propagated axis).
The most typical use of the setup hook is actually to add other hooks which are then run (i.e. after all the setup hooks) on each dependency. For example, the C compiler wrapper's setup hook feeds itself flags for each dependency that contains relevant libraries and headers. This is done by defining a bash function, and appending its name to one of <envar>envBuildBuildHooks</envar>, <envar>envBuildHostHooks</envar>, <envar>envBuildTargetHooks</envar>, <envar>envHostHostHooks</envar>, <envar>envHostTargetHooks</envar>, or <envar>envTargetTargetHooks</envar>. These 6 bash variables correspond to the 6 sorts of dependencies by platform (there's 12 total but we ignore the propagated/non-propagated axis).
</para>
<para>

11
doc/using/configuration.xml
View File

@ -141,11 +141,10 @@
For a more useful example, try the following. This configuration only allows unfree packages named flash player and visual studio code:
<programlisting>
{
allowUnfreePredicate = (pkg: builtins.elem
(builtins.parseDrvName pkg.name).name [
"flashplayer"
"vscode"
]);
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"flashplayer"
"vscode"
];
}
</programlisting>
</para>
@ -217,7 +216,7 @@
The following configuration example only allows insecure packages with very short names:
<programlisting>
{
allowInsecurePredicate = (pkg: (builtins.stringLength (builtins.parseDrvName pkg.name).name) &lt;= 5);
allowInsecurePredicate = pkg: builtins.stringLength (lib.getName pkg) &lt;= 5;
}
</programlisting>
</para>

3
lib/default.nix
View File

@ -84,7 +84,8 @@ let
hasInfix hasPrefix hasSuffix stringToCharacters stringAsChars escape
escapeShellArg escapeShellArgs replaceChars lowerChars
upperChars toLower toUpper addContextFrom splitString
removePrefix removeSuffix versionOlder versionAtLeast getVersion
removePrefix removeSuffix versionOlder versionAtLeast
getName getVersion
nameFromURL enableFeature enableFeatureAs withFeature
withFeatureAs fixedWidthString fixedWidthNumber isStorePath
toInt readPathsFromFile fileContents;

17
lib/strings.nix
View File

@ -472,6 +472,23 @@ rec {
*/
versionAtLeast = v1: v2: !versionOlder v1 v2;
/* This function takes an argument that's either a derivation or a
derivation's "name" attribute and extracts the name part from that
argument.
Example:
getName "youtube-dl-2016.01.01"
=> "youtube-dl"
getName pkgs.youtube-dl
=> "youtube-dl"
*/
getName = x:
let
parse = drv: (builtins.parseDrvName drv).name;
in if isString x
then parse x
else x.pname or (parse x.name);
/* This function takes an argument that's either a derivation or a
derivation's "name" attribute and extracts the version part from that
argument.

2
lib/systems/default.nix
View File

@ -37,6 +37,7 @@ rec {
else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc"
else if final.isMsp430 then "newlib"
else if final.isVc4 then "newlib"
else if final.isAvr then "avrlibc"
else if final.isNetBSD then "nblibc"
# TODO(@Ericson2314) think more about other operating systems
@ -79,6 +80,7 @@ rec {
else if final.isAarch64 then "arm64"
else if final.isx86_32 then "x86"
else if final.isx86_64 then "ia64"
else if final.isMips then "mips"
else final.parsed.cpu.name;
qemuArch =

3
lib/systems/doubles.nix
View File

@ -26,7 +26,7 @@ let
"riscv32-linux" "riscv64-linux"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none" "vc4-none"
];
allParsed = map parse.mkSystemFromString all;
@ -45,6 +45,7 @@ in {
x86_64 = filterDoubles predicates.isx86_64;
mips = filterDoubles predicates.isMips;
riscv = filterDoubles predicates.isRiscV;
vc4 = filterDoubles predicates.isVc4;
cygwin = filterDoubles predicates.isCygwin;
darwin = filterDoubles predicates.isDarwin;

10
lib/systems/examples.nix
View File

@ -118,6 +118,12 @@ rec {
config = "avr";
};
vc4 = {
config = "vc4-elf";
libc = "newlib";
platform = {};
};
arm-embedded = {
config = "arm-none-eabi";
libc = "newlib";
@ -207,7 +213,7 @@ rec {
# 32 bit mingw-w64
mingw32 = {
config = "i686-pc-mingw32";
config = "i686-w64-mingw32";
libc = "msvcrt"; # This distinguishes the mingw (non posix) toolchain
platform = {};
};
@ -215,7 +221,7 @@ rec {
# 64 bit mingw-w64
mingwW64 = {
# That's the triplet they use in the mingw-w64 docs.
config = "x86_64-pc-mingw32";
config = "x86_64-w64-mingw32";
libc = "msvcrt"; # This distinguishes the mingw (non posix) toolchain
platform = {};
};

1
lib/systems/inspect.nix
View File

@ -21,6 +21,7 @@ rec {
isSparc = { cpu = { family = "sparc"; }; };
isWasm = { cpu = { family = "wasm"; }; };
isMsp430 = { cpu = { family = "msp430"; }; };
isVc4 = { cpu = { family = "vc4"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };
isJavaScript = { cpu = cpuTypes.js; };

6
lib/systems/parse.nix
View File

@ -112,6 +112,8 @@ rec {
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
vc4 = { bits = 32; significantByte = littleEndian; family = "vc4"; };
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};
@ -208,6 +210,9 @@ rec {
vendors = setTypes types.openVendor {
apple = {};
pc = {};
# Actually matters, unlocking some MinGW-w64-specific options in GCC. See
# bottom of https://sourceforge.net/p/mingw-w64/wiki2/Unicode%20apps/
w64 = {};
none = {};
unknown = {};
@ -327,6 +332,7 @@ rec {
}
];
};
gnuabi64 = { abi = "64"; };
musleabi = { float = "soft"; };
musleabihf = { float = "hard"; };

356
maintainers/maintainer-list.nix
View File

@ -189,6 +189,12 @@
githubId = 1250775;
name = "Adolfo E. García Castro";
};
adsr = {
email = "as@php.net";
github = "adsr";
githubId = 315003;
name = "Adam Saponara";
};
aepsil0n = {
email = "eduard.bopp@aepsil0n.de";
github = "aepsil0n";
@ -310,6 +316,7 @@
alexbakker = {
email = "ab@alexbakker.me";
github = "alexbakker";
githubId = 2387841;
name = "Alexander Bakker";
};
alexchapman = {
@ -563,6 +570,12 @@
githubId = 718812;
name = "Antoine R. Dumont";
};
arianvp = {
email = "arian.vanputten@gmail.com";
github = "arianvp";
githubId = 628387;
name = "Arian van Putten";
};
aristid = {
email = "aristidb@gmail.com";
github = "aristidb";
@ -719,6 +732,16 @@
githubId = 135230;
name = "Aycan iRiCAN";
};
b4dm4n = {
email = "fabianm88@gmail.com";
github = "B4dM4n";
githubId = 448169;
name = "Fabian Möller";
keys = [{
longkeyid = "rsa4096/0x754B5C0963C42C5";
fingerprint = "6309 E212 29D4 DA30 AF24 BDED 754B 5C09 63C4 2C50";
}];
};
babariviere = {
email = "babathriviere@gmail.com";
github = "babariviere";
@ -922,6 +945,12 @@
githubId = 5718007;
name = "Bastian Köcher";
};
blitz = {
email = "js@alien8.de";
github = "blitz";
githubId = 37907;
name = "Julian Stecklina";
};
bluescreen303 = {
email = "mathijs@bluescreen303.nl";
github = "bluescreen303";
@ -1082,6 +1111,12 @@
githubId = 5555066;
name = "Andrew Cann";
};
cap = {
name = "cap";
email = "nixos_xasenw9@digitalpostkasten.de";
github = "scaredmushroom";
githubId = 45340040;
};
carlosdagos = {
email = "m@cdagostino.io";
github = "carlosdagos";
@ -1377,6 +1412,12 @@
githubId = 1740337;
name = "Chris Ostrouchov";
};
contrun = {
email = "uuuuuu@protonmail.com";
github = "contrun";
githubId = 32609395;
name = "B YI";
};
couchemar = {
email = "couchemar@yandex.ru";
github = "couchemar";
@ -1389,6 +1430,12 @@
githubId = 411324;
name = "Carles Pagès";
};
craigem = {
email = "craige@mcwhirter.io";
github = "craigem";
githubId = 6470493;
name = "Craige McWhirter";
};
cransom = {
email = "cransom@hubns.net";
github = "cransom";
@ -1432,7 +1479,7 @@
};
cypherpunk2140 = {
email = "stefan.mihaila@pm.me";
github = "cypherpunk2140";
github = "stefan-mihaila";
githubId = 2217136;
name = "Ștefan D. Mihăilă";
keys = [
@ -1444,6 +1491,16 @@
}
];
};
d-goldin = {
email = "dgoldin+github@protonmail.ch";
github = "d-goldin";
githubId = 43349662;
name = "Dima";
keys = [{
longkeyid = "rsa4096/BAB1D15FB7B4D4CE";
fingerprint = "1C4E F4FE 7F8E D8B7 1E88 CCDF BAB1 D15F B7B4 D4CE";
}];
};
dadada = {
name = "dadada";
email = "dadada@dadada.li";
@ -1740,6 +1797,12 @@
githubId = 875324;
name = "David Johnson";
};
dmrauh = {
email = "dmrauh@posteo.de";
github = "dmrauh";
githubId = 37698547;
name = "Dominik Michael Rauh";
};
dmvianna = {
email = "dmlvianna@gmail.com";
github = "dmvianna";
@ -1942,7 +2005,7 @@
name = "Edward Tjörnhammar";
};
eelco = {
email = "eelco.dolstra@logicblox.com";
email = "edolstra+nixpkgs@gmail.com";
github = "edolstra";
githubId = 1148549;
name = "Eelco Dolstra";
@ -2025,6 +2088,12 @@
githubId = 1365692;
name = "Will Fancher";
};
elyhaka = {
email = "elyhaka@protonmail.com";
github = "Elyhaka";
githubId = 57923898;
name = "Elyhaka";
};
emmanuelrosa = {
email = "emmanuel_rosa@aol.com";
github = "emmanuelrosa";
@ -2064,6 +2133,12 @@
email = "mpcervin@uncg.edu";
name = "Mabry Cervin";
};
equirosa = {
email = "eduardo@eduardoquiros.com";
github = "equirosa";
githubId = 39096810;
name = "Eduardo Quiros";
};
eqyiel = {
email = "ruben@maher.fyi";
github = "eqyiel";
@ -2120,6 +2195,12 @@
githubId = 1583484;
name = "Andrey Golovizin";
};
ersin = {
email = "me@ersinakinci.com";
github = "earksiinni";
githubId = 5427394;
name = "Ersin Akinci";
};
ertes = {
email = "esz@posteo.de";
github = "ertes";
@ -2245,12 +2326,32 @@
githubId = 8182846;
name = "Francesco Gazzetta";
};
filalex77 = {
email = "brightone@protonmail.com";
github = "filalex77";
githubId = 12615679;
name = "Oleksii Filonenko";
keys = [{
longkeyid = "rsa3072/0xA1BC8428323ECFE8";
fingerprint = "F549 3B7F 9372 5578 FDD3 D0B8 A1BC 8428 323E CFE8";
}];
};
FireyFly = {
email = "nix@firefly.nu";
github = "FireyFly";
githubId = 415760;
name = "Jonas Höglund";
};
Flakebi = {
email = "flakebi@t-online.de";
github = "Flakebi";
githubId = 6499211;
name = "Sebastian Neubauer";
keys = [{
longkeyid = "rsa4096/0xECC755EE583C1672";
fingerprint = "2F93 661D AC17 EA98 A104 F780 ECC7 55EE 583C 1672";
}];
};
flexw = {
email = "felix.weilbach@t-online.de";
github = "FlexW";
@ -2408,6 +2509,12 @@
githubId = 40521440;
name = "Haruka Akiyama";
};
fuzen = {
email = "me@fuzen.cafe";
github = "fuzen-py";
githubId = 17859309;
name = "Fuzen";
};
fuzzy-id = {
email = "hacking+nixos@babibo.de";
name = "Thomas Bach";
@ -2430,6 +2537,12 @@
githubId = 7047019;
name = "Florent Becker";
};
gamb = {
email = "adam.gamble@pm.me";
github = "gamb";
githubId = 293586;
name = "Adam Gamble";
};
garbas = {
email = "rok@garbas.si";
github = "garbas";
@ -2449,6 +2562,7 @@
gazally = {
email = "gazally@runbox.com";
github = "gazally";
githubId = 16470252;
name = "Gemini Lasswell";
};
gebner = {
@ -2593,6 +2707,12 @@
githubId = 9705357;
name = "Guillaume Bouchard";
};
GuillaumeDesforges = {
email = "aceus02@gmail.com";
github = "GuillaumeDesforges";
githubId = 1882000;
name = "Guillaume Desforges";
};
guillaumekoenig = {
email = "guillaume.edward.koenig@gmail.com";
github = "guillaumekoenig";
@ -2767,6 +2887,12 @@
githubId = 69209;
name = "Ian Duncan";
};
ianmjones = {
email = "ian@ianmjones.com";
github = "ianmjones";
githubId = 4710;
name = "Ian M. Jones";
};
ianwookim = {
email = "ianwookim@gmail.com";
github = "wavewave";
@ -2856,6 +2982,15 @@
githubId = 137306;
name = "Michele Catalano";
};
isgy = {
email = "isgy@teiyg.com";
github = "isgy";
githubId = 13622947;
keys = [{
longkeyid = "rsa4096/0xD3E1B013B4631293";
fingerprint = "1412 816B A9FA F62F D051 1975 D3E1 B013 B463 1293";
}];
};
ivan = {
email = "ivan@ludios.org";
github = "ivan";
@ -2907,7 +3042,8 @@
jacg = {
name = "Jacek Generowicz";
email = "jacg@my-post-office.net";
githubId = "2570854";
github = "jacg";
githubId = 2570854;
};
jasoncarr = {
email = "jcarr250@gmail.com";
@ -3010,6 +3146,7 @@
jdanek = {
email = "jdanek@redhat.com";
github = "jdanekrh";
githubId = 17877663;
keys = [{
longkeyid = "ed25519/0x69275CADF15D872E";
fingerprint = "D4A6 F051 AD58 2E7C BCED 5439 6927 5CAD F15D 872E";
@ -3110,6 +3247,11 @@
githubId = 184898;
name = "Jirka Marsik";
};
jitwit = {
email = "jrn@bluefarm.ca";
github = "jitwit";
name = "jitwit";
};
jlesquembre = {
email = "jl@lafuente.me";
github = "jlesquembre";
@ -3122,6 +3264,12 @@
githubId = 2195834;
name = "Jaakko Luttinen";
};
jm2dev = {
email = "jomarcar@gmail.com";
github = "jm2dev";
githubId = 474643;
name = "José Miguel Martínez Carrasco";
};
jmagnusj = {
email = "jmagnusj@gmail.com";
github = "magnusjonsson";
@ -3169,6 +3317,7 @@
joesalisbury = {
email = "salisbury.joseph@gmail.com";
github = "JosephSalisbury";
githubId = 297653;
name = "Joe Salisbury";
};
johanot = {
@ -3322,6 +3471,12 @@
github = "juliendehos";
name = "Julien Dehos";
};
jumper149 = {
email = "felixspringer149@gmail.com";
github = "jumper149";
githubId = 39434424;
name = "Felix Springer";
};
justinwoo = {
email = "moomoowoo@gmail.com";
github = "justinwoo";
@ -3445,6 +3600,7 @@
kim0 = {
email = "email.ahmedkamal@googlemail.com";
github = "kim0";
githubId = 59667;
name = "Ahmed Kamal";
};
kimburgess = {
@ -3468,6 +3624,7 @@
kirikaza = {
email = "k@kirikaza.ru";
github = "kirikaza";
githubId = 804677;
name = "Kirill Kazakov";
};
kisonecat = {
@ -3502,6 +3659,12 @@
github = "klntsky";
githubId = 18447310;
};
kmcopper = {
email = "kmcopper@danwin1210.me";
name = "Kyle Copperfield";
github = "kmcopper";
githubId = 57132115;
};
kmeakin = {
email = "karlwfmeakin@gmail.com";
name = "Karl Meakin";
@ -3594,6 +3757,7 @@
ktor = {
email = "kruszewsky@gmail.com";
github = "ktor";
githubId = 99639;
name = "Pawel Kruszewski";
};
ktosiek = {
@ -3608,6 +3772,18 @@
githubId = 449813;
name = "Roman Kuznetsov";
};
kylesferrazza = {
name = "Kyle Sferrazza";
email = "kyle.sferrazza@gmail.com";
github = "kylesferrazza";
githubId = 6677292;
keys = [{
longkeyid = "rsa4096/81A1540948162372";
fingerprint = "5A9A 1C9B 2369 8049 3B48 CF5B 81A1 5409 4816 2372";
}];
};
kylewlacy = {
email = "kylelacy+nix@pm.me";
github = "kylewlacy";
@ -3638,8 +3814,15 @@
};
lattfein = {
email = "lattfein@gmail.com";
github = "lattfein";
githubId = 53550838;
# Their GitHub account was deleted.
#
# See: https://github.com/NixOS/nixpkgs/pull/69007 where this
# was added but is now owned by a ghost.
#
# Possibly the username lattfein (currently github ID 56827487) is
# owned by the same person, but we should confirm before adding
# the GitHub name or ID back.
# github = "lattfein";
name = "Koki Yasuno";
};
layus = {
@ -3745,6 +3928,7 @@
lightbulbjim = {
email = "chris@killred.net";
github = "lightbulbjim";
githubId = 4312404;
name = "Chris Rendle-Short";
};
lightdiscord = {
@ -3858,6 +4042,22 @@
github = "lovek323";
name = "Jason O'Conal";
};
lovesegfault = {
email = "meurerbernardo@gmail.com";
github = "lovesegfault";
githubId = 7243783;
name = "Bernardo Meurer";
keys = [
{
longkeyid = "rsa2048/0xE421C74191EA186C";
fingerprint = "5894 12CE 19DF 582A E10A 3320 E421 C741 91EA 186C";
}
{
longkeyid = "rsa2048/0x4A6D87A0E7475769";
fingerprint = "56A8 E164 E834 290C 4AC0 EE3E 4A6D 87A0 E747 5769";
}
];
};
lowfatcomputing = {
email = "andreas.wagner@lowfatcomputing.org";
github = "lowfatcomputing";
@ -4019,6 +4219,12 @@
github = "marcweber";
githubId = 34086;
name = "Marc Weber";
};
marcus7070 = {
email = "marcus@geosol.com.au";
github = "marcus7070";
githubId = 50230945;
name = "Marcus Boyd";
};
marenz = {
email = "marenz@arkom.men";
@ -4358,6 +4564,12 @@
githubId = 16974598;
name = "Mike Playle";
};
mkaito = {
email = "chris@mkaito.net";
github = "mkaito";
githubId = 20434;
name = "Christian Höppner";
};
mkazulak = {
email = "kazulakm@gmail.com";
github = "mulderr";
@ -4379,6 +4591,16 @@
githubId = 22477669;
name = "Mark K Gardner";
};
mkg20001 = {
email = "mkg20001+nix@gmail.com";
github = "mkg20001";
githubId = 7735145;
name = "Maciej Krüger";
keys = [{
longkeyid = "rsa4096/0x0D948CE19CF49C5F";
fingerprint = "E90C BA34 55B3 6236 740C 038F 0D94 8CE1 9CF4 9C5F";
}];
};
mlieberman85 = {
email = "mlieberman85@gmail.com";
github = "mlieberman85";
@ -4397,6 +4619,12 @@
githubId = 117842;
name = "Henri Bourcereau";
};
mmilata = {
email = "martin@martinmilata.cz";
github = "mmilata";
gitHubId = 85857;
name = "Martin Milata";
};
mmlb = {
email = "me.mmlb@mmlb.me";
github = "mmlb";
@ -4454,6 +4682,10 @@
github = "moredread";
githubId = 100848;
name = "André-Patrick Bubel";
keys = [{
longkeyid = "rsa8192/0x118CE7C424B45728";
fingerprint = "4412 38AD CAD3 228D 876C 5455 118C E7C4 24B4 5728";
}];
};
moretea = {
email = "maarten@moretea.nl";
@ -4507,6 +4739,12 @@
githubId = 2881922;
name = "Francis St-Amour";
};
mtrsk = {
email = "marcos.schonfinkel@protonmail.com";
github = "mtrsk";
githubId = 16356569;
name = "Marcos Benevides";
};
mredaelli = {
email = "massimo@typish.io";
github = "mredaelli";
@ -4544,6 +4782,12 @@
githubId = 437005;
name = "Mikkel Christiansen";
};
mschuwalow = {
github = "mschuwalow";
githubId = 16665913;
name = "Maxim Schuwalow";
email = "maxim.schuwalow@gmail.com";
};
msiedlarek = {
email = "mikolaj@siedlarek.pl";
github = "msiedlarek";
@ -4790,6 +5034,12 @@
githubId = 2946283;
name = "Brian Cohen";
};
novoxudonoser = {
email = "radnovox@gmail.com";
github = "novoxudonoser";
githubId = 6052922;
name = "Kirill Struokov";
};
np = {
email = "np.nix@nicolaspouillard.fr";
github = "np";
@ -5010,6 +5260,12 @@
githubId = 20792;
name = "Sebastian Galkin";
};
pashashocky = {
email = "pashashocky@gmail.com";
github = "pashashocky";
githubId = 673857;
name = "Pash Shocky";
};
pashev = {
email = "pashev.igor@gmail.com";
github = "ip1981";
@ -5950,6 +6206,16 @@
githubId = 307899;
name = "Gurkan Gur";
};
servalcatty = {
email = "servalcat@pm.me";
github = "servalcatty";
githubid = 51969817;
name = "Serval";
keys = [{
longkeyid = "rsa4096/0x4A2AAAA382F8294C";
fingerprint = "A317 37B3 693C 921B 480C C629 4A2A AAA3 82F8 294C";
}];
};
sfrijters = {
email = "sfrijters@gmail.com";
github = "sfrijters";
@ -5975,7 +6241,7 @@
name = "Shahrukh Khan";
};
shanemikel = {
email = "shanemikel1@gmail.com";
email = "shanepearlman@pm.me";
github = "shanemikel";
githubId = 6720672;
name = "Shane Pearlman";
@ -6164,6 +6430,12 @@
githubId = 1437166;
name = "Xia Bin";
};
softinio = {
email = "code@softinio.com";
github = "softinio";
githubId = 3371635;
name = "Salar Rahmanian";
};
solson = {
email = "scott@solson.me";
github = "solson";
@ -6491,6 +6763,12 @@
githubId = 506181;
name = "Peter Marheine";
};
tasmo = {
email = "tasmo@tasmo.de";
github = "tasmo";
githubId = 102685;
name = "Thomas Friese";
};
tavyc = {
email = "octavian.cerna@gmail.com";
github = "tavyc";
@ -6590,6 +6868,12 @@
githubId = 42933;
name = "Andrew Childs";
};
thefenriswolf = {
email = "stefan.rohrbacher97@gmail.com";
github = "thefenriswolf";
githubId = 8547242;
name = "Stefan Rohrbacher";
};
thesola10 = {
email = "thesola10@bobile.fr";
github = "thesola10";
@ -6677,6 +6961,16 @@
githubId = 13026;
name = "Jonathan Rudenberg";
};
tkerber = {
email = "tk@drwx.org";
github = "tkerber";
githubId = 5722198;
name = "Thomas Kerber";
keys = [ {
longkeyid = "rsa4096/0x8489B911F9ED617B";
fingerprint = "556A 403F B0A2 D423 F656 3424 8489 B911 F9ED 617B";
} ];
};
tmplt = {
email = "tmplt@dragons.rocks";
github = "tmplt";
@ -6760,6 +7054,12 @@
githubId = 1312290;
name = "Trevor Joynson";
};
tricktron = {
email = "tgagnaux@gmail.com";
github = "tricktron";
githubId = 16036882;
name = "Thibault Gagnaux";
};
trino = {
email = "muehlhans.hubert@ekodia.de";
github = "hmuehlhans";
@ -7093,6 +7393,12 @@
email = "kirill.wedens@gmail.com";
name = "wedens";
};
WhittlesJr = {
email = "alex.joseph.whitt@gmail.com";
github = "WhittlesJr";
githubId = 19174984;
name = "Alex Whitt";
};
willibutz = {
email = "willibutz@posteo.de";
github = "willibutz";
@ -7308,14 +7614,24 @@
githubId = 1866448;
name = "Eric Bailey";
};
Yumasi = {
email = "gpagnoux@gmail.com";
github = "Yumasi";
githubId = 24368641;
name = "Guillaume Pagnoux";
keys = [{
longkeyid = "rsa4096/0xEC5065899AEAAF4C";
fingerprint = "85F8 E850 F8F2 F823 F934 535B EC50 6589 9AEA AF4C";
}];
};
yvt = {
email = "i@yvt.jp";
github = "yvt";
githubId = 5253988;
name = "yvt";
};
z77z = {
email = "maggesi@math.unifi.it";
maggesi = {
email = "marco.maggesi@gmail.com";
github = "maggesi";
githubId = 1809783;
name = "Marco Maggesi";
@ -7359,6 +7675,12 @@
email = "zef@zef.me";
name = "Zef Hemel";
};
zfnmxt = {
name = "zfnmxt";
email = "zfnmxt@zfnmxt.com";
github = "zfnmxt";
githubId = 37446532;
};
zgrannan = {
email = "zgrannan@gmail.com";
github = "zgrannan";
@ -7431,6 +7753,12 @@
githubId = 1986844;
name = "Daniel Wheeler";
};
misuzu = {
email = "bakalolka@gmail.com";
github = "misuzu";
githubId = 248143;
name = "misuzu";
};
zokrezyl = {
email = "zokrezyl@gmail.com";
github = "zokrezyl";
@ -7443,4 +7771,16 @@
githubId = 50867187;
name = "Rakesh Gupta";
};
mlatus = {
email = "wqseleven@gmail.com";
github = "Ninlives";
githubId = 17873203;
name = "mlatus";
};
waiting-for-dev = {
email = "marc@lamarciana.com";
github = "waiting-for-dev";
githubId = 52650;
name = "Marc Busqué";
};
}

4
maintainers/scripts/update.nix
View File

@ -105,7 +105,7 @@ let
to run all update scripts for all packages that lists \`garbas\` as a maintainer
and have \`updateScript\` defined, or:
% nix-shell maintainers/scripts/update.nix --argstr package garbas
% nix-shell maintainers/scripts/update.nix --argstr package gnome3.nautilus
to run update script for specific package, or
@ -126,7 +126,7 @@ let
packageData = package: {
name = package.name;
pname = (builtins.parseDrvName package.name).name;
pname = pkgs.lib.getName package;
updateScript = map builtins.toString (pkgs.lib.toList package.updateScript);
};

135
nixos/doc/manual/configuration/abstractions.xml
View File

@ -11,50 +11,46 @@
<programlisting>
{
<xref linkend="opt-services.httpd.virtualHosts"/> =
[ { hostName = "example.org";
documentRoot = "/webroot";
{ "blog.example.org" = {
documentRoot = "/webroot/blog.example.org";
adminAddr = "alice@example.org";
enableUserDir = true;
}
{ hostName = "example.org";
documentRoot = "/webroot";
forceSSL = true;
enableACME = true;
enablePHP = true;
};
"wiki.example.org" = {
documentRoot = "/webroot/wiki.example.org";
adminAddr = "alice@example.org";
enableUserDir = true;
enableSSL = true;
sslServerCert = "/root/ssl-example-org.crt";
sslServerKey = "/root/ssl-example-org.key";
}
];
forceSSL = true;
enableACME = true;
enablePHP = true;
};
};
}
</programlisting>
It defines two virtual hosts with nearly identical configuration; the only
difference is that the second one has SSL enabled. To prevent this
difference is the document root directories. To prevent this
duplication, we can use a <literal>let</literal>:
<programlisting>
let
exampleOrgCommon =
{ hostName = "example.org";
documentRoot = "/webroot";
adminAddr = "alice@example.org";
enableUserDir = true;
commonConfig =
{ adminAddr = "alice@example.org";
forceSSL = true;
enableACME = true;
};
in
{
<xref linkend="opt-services.httpd.virtualHosts"/> =
[ exampleOrgCommon
(exampleOrgCommon // {
enableSSL = true;
sslServerCert = "/root/ssl-example-org.crt";
sslServerKey = "/root/ssl-example-org.key";
})
];
{ "blog.example.org" = (commonConfig // { documentRoot = "/webroot/blog.example.org"; });
"wiki.example.org" = (commonConfig // { documentRoot = "/webroot/wiki.example.com"; });
};
}
</programlisting>
The <literal>let exampleOrgCommon = <replaceable>...</replaceable></literal>
defines a variable named <literal>exampleOrgCommon</literal>. The
The <literal>let commonConfig = <replaceable>...</replaceable></literal>
defines a variable named <literal>commonConfig</literal>. The
<literal>//</literal> operator merges two attribute sets, so the
configuration of the second virtual host is the set
<literal>exampleOrgCommon</literal> extended with the SSL options.
<literal>commonConfig</literal> extended with the document root option.
</para>
<para>
@ -63,13 +59,13 @@ in
<programlisting>
{
<xref linkend="opt-services.httpd.virtualHosts"/> =
let exampleOrgCommon = <replaceable>...</replaceable>; in
[ exampleOrgCommon
(exampleOrgCommon // { <replaceable>...</replaceable> })
];
let commonConfig = <replaceable>...</replaceable>; in
{ "blog.example.org" = (commonConfig // { <replaceable>...</replaceable> })
"wiki.example.org" = (commonConfig // { <replaceable>...</replaceable> })
};
}
</programlisting>
but not <literal>{ let exampleOrgCommon = <replaceable>...</replaceable>; in
but not <literal>{ let commonConfig = <replaceable>...</replaceable>; in
<replaceable>...</replaceable>; }</literal> since attributes (as opposed to
attribute values) are not expressions.
</para>
@ -77,80 +73,29 @@ in
<para>
<emphasis>Functions</emphasis> provide another method of abstraction. For
instance, suppose that we want to generate lots of different virtual hosts,
all with identical configuration except for the host name. This can be done
all with identical configuration except for the document root. This can be done
as follows:
<programlisting>
{
<xref linkend="opt-services.httpd.virtualHosts"/> =
let
makeVirtualHost = name:
{ hostName = name;
documentRoot = "/webroot";
makeVirtualHost = webroot:
{ documentRoot = webroot;
adminAddr = "alice@example.org";
forceSSL = true;
enableACME = true;
};
in
[ (makeVirtualHost "example.org")
(makeVirtualHost "example.com")
(makeVirtualHost "example.gov")
(makeVirtualHost "example.nl")
];
{ "example.org" = (makeVirtualHost "/webroot/example.org");
"example.com" = (makeVirtualHost "/webroot/example.com");
"example.gov" = (makeVirtualHost "/webroot/example.gov");
"example.nl" = (makeVirtualHost "/webroot/example.nl");
};
}
</programlisting>
Here, <varname>makeVirtualHost</varname> is a function that takes a single
argument <literal>name</literal> and returns the configuration for a virtual
argument <literal>webroot</literal> and returns the configuration for a virtual
host. That function is then called for several names to produce the list of
virtual host configurations.
</para>
<para>
We can further improve on this by using the function <varname>map</varname>,
which applies another function to every element in a list:
<programlisting>
{
<xref linkend="opt-services.httpd.virtualHosts"/> =
let
makeVirtualHost = <replaceable>...</replaceable>;
in map makeVirtualHost
[ "example.org" "example.com" "example.gov" "example.nl" ];
}
</programlisting>
(The function <literal>map</literal> is called a <emphasis>higher-order
function</emphasis> because it takes another function as an argument.)
</para>
<para>
What if you need more than one argument, for instance, if we want to use a
different <literal>documentRoot</literal> for each virtual host? Then we can
make <varname>makeVirtualHost</varname> a function that takes a
<emphasis>set</emphasis> as its argument, like this:
<programlisting>
{
<xref linkend="opt-services.httpd.virtualHosts"/> =
let
makeVirtualHost = { name, root }:
{ hostName = name;
documentRoot = root;
adminAddr = "alice@example.org";
};
in map makeVirtualHost
[ { name = "example.org"; root = "/sites/example.org"; }
{ name = "example.com"; root = "/sites/example.com"; }
{ name = "example.gov"; root = "/sites/example.gov"; }
{ name = "example.nl"; root = "/sites/example.nl"; }
];
}
</programlisting>
But in this case (where every root is a subdirectory of
<filename>/sites</filename> named after the virtual host), it would have been
shorter to define <varname>makeVirtualHost</varname> as
<programlisting>
makeVirtualHost = name:
{ hostName = name;
documentRoot = "/sites/${name}";
adminAddr = "alice@example.org";
};
</programlisting>
Here, the construct <literal>${<replaceable>...</replaceable>}</literal>
allows the result of an expression to be spliced into a string.
</para>
</section>

8
nixos/doc/manual/configuration/config-file.xml
View File

@ -27,7 +27,7 @@
{ <xref linkend="opt-services.httpd.enable"/> = true;
<xref linkend="opt-services.httpd.adminAddr"/> = "alice@example.org";
<xref linkend="opt-services.httpd.documentRoot"/> = "/webroot";
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.localhost.documentRoot</link> = "/webroot";
}
</programlisting>
defines a configuration with three option definitions that together enable
@ -50,7 +50,11 @@
httpd = {
enable = true;
adminAddr = "alice@example.org";
documentRoot = "/webroot";
virtualHosts = {
localhost = {
documentRoot = "/webroot";
};
};
};
};
}

4
nixos/doc/manual/configuration/profiles/graphical.xml
View File

@ -13,9 +13,7 @@
<para>
It sets <xref linkend="opt-services.xserver.enable"/>,
<xref linkend="opt-services.xserver.displayManager.sddm.enable"/>,
<xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> (
<link linkend="opt-services.xserver.desktopManager.plasma5.enableQt4Support">
without Qt4 Support</link>), and
<xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/>, and
<xref linkend="opt-services.xserver.libinput.enable"/> to true. It also
includes glxinfo and firefox in the system packages list.
</para>

5
nixos/doc/manual/configuration/x-windows.xml
View File

@ -39,7 +39,7 @@
can select an alternative one by picking one of the following lines:
<programlisting>
<xref linkend="opt-services.xserver.displayManager.sddm.enable"/> = true;
<xref linkend="opt-services.xserver.displayManager.slim.enable"/> = true;
<xref linkend="opt-services.xserver.displayManager.gdm.enable"/> = true;
</programlisting>
</para>
<para>
@ -83,8 +83,7 @@
desktop environment. If you wanted no desktop environment and i3 as your your
window manager, you'd define:
<programlisting>
<xref linkend="opt-services.xserver.desktopManager.default"/> = "none";
<xref linkend="opt-services.xserver.windowManager.default"/> = "i3";
<xref linkend="opt-services.xserver.displayManager.defaultSession"/> = "none+i3";
</programlisting>
And, finally, to enable auto-login for a user <literal>johndoe</literal>:
<programlisting>

5
nixos/doc/manual/configuration/xfce.xml
View File

@ -7,9 +7,8 @@
<para>
To enable the Xfce Desktop Environment, set
<programlisting>
<link linkend="opt-services.xserver.desktopManager.default">services.xserver.desktopManager</link> = {
<link linkend="opt-services.xserver.desktopManager.xfce.enable">xfce.enable</link> = true;
<link linkend="opt-services.xserver.desktopManager.default">default</link> = "xfce";
<xref linkend="opt-services.xserver.desktopManager.xfce.enable" /> = true;
<xref linkend="opt-services.xserver.displayManager.defaultSession" /> = "xfce";
};
</programlisting>
</para>

10
nixos/doc/manual/development/option-declarations.xml
View File

@ -99,7 +99,7 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming">
<para>
As an example, we will take the case of display managers. There is a central
display manager module for generic display manager options and a module file
per display manager backend (slim, sddm, gdm ...).
per display manager backend (sddm, gdm ...).
</para>
<para>
@ -146,7 +146,7 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming">
/>), and to extend
it in each backend module
(<xref
linkend='ex-option-declaration-eot-backend-slim' />,
linkend='ex-option-declaration-eot-backend-gdm' />,
<xref
linkend='ex-option-declaration-eot-backend-sddm' />).
</para>
@ -167,11 +167,11 @@ services.xserver.displayManager.enable = mkOption {
};</screen>
</example>
<example xml:id='ex-option-declaration-eot-backend-slim'>
<title>Extending <literal>services.xserver.displayManager.enable</literal> in the <literal>slim</literal> module</title>
<example xml:id='ex-option-declaration-eot-backend-gdm'>
<title>Extending <literal>services.xserver.displayManager.enable</literal> in the <literal>gdm</literal> module</title>
<screen>
services.xserver.displayManager.enable = mkOption {
type = with types; nullOr (enum [ "slim" ]);
type = with types; nullOr (enum [ "gdm" ]);
};</screen>
</example>

21
nixos/doc/manual/development/releases.xml
View File

@ -45,12 +45,12 @@
<listitem>
<para>
<literal>git tag -a -s -m &quot;Release 17.09-beta&quot; 17.09-beta
&amp;&amp; git push --tags</literal>
&amp;&amp; git push origin 17.09-beta</literal>
</para>
</listitem>
<listitem>
<para>
From the master branch run <literal>git checkout -B
From the master branch run <literal>git checkout -b
release-17.09</literal>.
</para>
</listitem>
@ -157,7 +157,7 @@
<listitem>
<para>
Release Nix (currently only Eelco Dolstra can do that).
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/53710c752a85f00658882531bc90a23a3d1287e4">
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/tools/nix-fallback-paths.nix">
Make sure fallback is updated. </link>
</para>
</listitem>
@ -169,8 +169,8 @@
</listitem>
<listitem>
<para>
Change <literal>stableBranch</literal> to true and wait for channel to
update.
Change <literal>stableBranch</literal> to <literal>true</literal> in Hydra and wait for
the channel to update.
</para>
</listitem>
</itemizedlist>
@ -193,9 +193,11 @@
</listitem>
<listitem>
<para>
Update http://nixos.org/nixos/download.html and
http://nixos.org/nixos/manual in
https://github.com/NixOS/nixos-org-configurations
Update the
<link xlink:href="https://github.com/NixOS/nixos-homepage/commit/2a37975d5a617ecdfca94696242b6f32ffcba9f1"><code>NIXOS_SERIES</code></link>
in the
<link xlink:href="https://github.com/NixOS/nixos-homepage">nixos-homepage</link>
repository.
</para>
</listitem>
<listitem>
@ -212,7 +214,8 @@
</listitem>
<listitem>
<para>
Send an email to nix-dev to announce the release with above information.
Create a new topic on <link xlink:href="https://discourse.nixos.org/">the
Discourse instance</link> to announce the release with the above information.
Best to check how previous email was formulated to see what needs to be
included.
</para>

2
nixos/doc/manual/development/running-nixos-tests-interactively.xml
View File

@ -2,7 +2,7 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-running-nixos-tests">
xml:id="sec-running-nixos-tests-interactively">
<title>Running Tests interactively</title>
<para>

2
nixos/doc/manual/development/running-nixos-tests.xml
View File

@ -2,7 +2,7 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-running-nixos-tests-interactively">
xml:id="sec-running-nixos-tests">
<title>Running Tests</title>
<para>

19
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -419,4 +419,23 @@ machine.wait_for_unit("xautolock.service", "x-session-user")
<literal>wait_for_unit</literal>, <literal>start_job</literal> and
<literal>stop_job</literal>.
</para>
<para>
For faster dev cycles it's also possible to disable the code-linters (this shouldn't
be commited though):
<programlisting>
import ./make-test-python.nix {
skipLint = true;
machine =
{ config, pkgs, ... }:
{ <replaceable>configuration…</replaceable>
};
testScript =
''
<replaceable>Python code…</replaceable>
'';
}
</programlisting>
</para>
</section>

5
nixos/doc/manual/installation/installing-virtualbox-guest.xml
View File

@ -47,6 +47,11 @@
acceleration
</para>
</listitem>
<listitem>
<para>
Click on Settings / Display / Screen and select VBoxVGA as Graphics Controller
</para>
</listitem>
<listitem>
<para>
Save the settings, start the virtual machine, and continue installation

21
nixos/doc/manual/installation/installing.xml
View File

@ -380,7 +380,10 @@
</para>
<para>
If you need to configure networking for your machine the configuration
options are described in <xref linkend="sec-networking"/>.
options are described in <xref linkend="sec-networking"/>. In particular,
while wifi is supported on the installation image, it is not enabled by
default in the configuration generated by
<command>nixos-generate-config</command>.
</para>
<para>
Another critical option is <option>fileSystems</option>, specifying the
@ -392,11 +395,11 @@
<filename>hardware-configuration.nix</filename> is included from
<filename>configuration.nix</filename> and will be overwritten by future
invocations of <command>nixos-generate-config</command>; thus, you
generally should not modify it.) Additionally, you may want to look at
generally should not modify it.) Additionally, you may want to look at
<link xlink:href="https://github.com/NixOS/nixos-hardware">Hardware
configuration for known-hardware</link> at this point or after
installation.
</para>
<note>
<para>
@ -418,11 +421,11 @@
Do the installation:
<screen>
<prompt># </prompt>nixos-install</screen>
Cross fingers. If this fails due to a temporary problem (such as a network
issue while downloading binaries from the NixOS binary cache), you can
just re-run <command>nixos-install</command>. Otherwise, fix your
<filename>configuration.nix</filename> and then re-run
<command>nixos-install</command>.
This will install your system based on the configuration you provided.
If anything fails due to a configuration problem or any other issue
(such as a network outage while downloading binaries from the NixOS
binary cache), you can re-run <command>nixos-install</command> after
fixing your <filename>configuration.nix</filename>.
</para>
<para>
As the last step, <command>nixos-install</command> will ask you to set the
@ -475,7 +478,7 @@ Retype new UNIX password: ***</screen>
shows what packages are available, and
<screen>
<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -iA w3m</screen>
install the <literal>w3m</literal> browser.
installs the <literal>w3m</literal> browser.
</para>
</listitem>
</orderedlist>

9
nixos/doc/manual/man-nixos-option.xml
View File

@ -119,4 +119,13 @@ Defined by:
bug, please report to Nicolas Pierron.
</para>
</refsection>
<refsection>
<title>See also</title>
<para>
<citerefentry>
<refentrytitle>configuration.nix</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
</para>
</refsection>
</refentry>

14
nixos/doc/manual/man-nixos-rebuild.xml
View File

@ -494,6 +494,20 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--use-remote-sudo</option>
</term>
<listitem>
<para>
When set, nixos-rebuild prefixes remote commands that run on
the <option>--build-host</option> and <option>--target-host</option>
systems with <command>sudo</command>. Setting this option allows
deploying as a non-root user.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>

2
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -543,7 +543,7 @@
<listitem>
<para>
The <option>networking.useDHCP</option> option is unsupported in combination with
<option>networking.useNetworkd</option> in anticipation of defaulting to it by default.
<option>networking.useNetworkd</option> in anticipation of defaulting to it.
It has to be set to <literal>false</literal> and enabled per
interface with <option>networking.interfaces.&lt;name&gt;.useDHCP = true;</option>
</para>

258
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -55,6 +55,19 @@
and adding a <option>--all</option> option which prints all options and their values.
</para>
</listitem>
<listitem>
<para>
<option>services.xserver.desktopManager.default</option> and <option>services.xserver.windowManager.default</option> options were replaced by a single <xref linkend="opt-services.xserver.displayManager.defaultSession"/> option to improve support for upstream session files. If you used something like:
<programlisting>
services.xserver.desktopManager.default = "xfce";
services.xserver.windowManager.default = "icewm";
</programlisting>
you should change it to:
<programlisting>
services.xserver.displayManager.defaultSession = "xfce+icewm";
</programlisting>
</para>
</listitem>
</itemizedlist>
</section>
@ -71,7 +84,17 @@
<itemizedlist>
<listitem>
<para />
<para>
The kubernetes kube-proxy now supports a new hostname configuration
<literal>services.kubernetes.proxy.hostname</literal> which has to
be set if the hostname of the node should be non default.
</para>
</listitem>
<listitem>
<para>
UPower's configuration is now managed by NixOS and can be customized
via <option>services.upower</option>.
</para>
</listitem>
</itemizedlist>
@ -117,18 +140,213 @@
</listitem>
<listitem>
<para>
The <literal>99-main.network</literal> file was removed. Maching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
The <literal>99-main.network</literal> file was removed. Maching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
</para>
<para>
We already don't support the global <link linkend="opt-networking.useDHCP">networking.useDHCP</link>,
<link linkend="opt-networking.defaultGateway">networking.defaultGateway</link> and
<link linkend="opt-networking.defaultGateway6">networking.defaultGateway6</link> options
if <link linkend="opt-networking.useNetworkd">networking.useNetworkd</link> is enabled,
but direct users to configure the per-device
<link linkend="opt-networking.interfaces">networking.interfaces.&lt;name&gt;.…</link> options.
We already don't support the global <link linkend="opt-networking.useDHCP">networking.useDHCP</link>,
<link linkend="opt-networking.defaultGateway">networking.defaultGateway</link> and
<link linkend="opt-networking.defaultGateway6">networking.defaultGateway6</link> options
if <link linkend="opt-networking.useNetworkd">networking.useNetworkd</link> is enabled,
but direct users to configure the per-device
<link linkend="opt-networking.interfaces">networking.interfaces.&lt;name&gt;.…</link> options.
</para>
</listitem>
<listitem>
<para>
The stdenv now runs all bash with <literal>set -u</literal>, to catch the use of undefined variables.
Before, it itself used <literal>set -u</literal> but was careful to unset it so other packages' code ran as before.
Now, all bash code is held to the same high standard, and the rather complex stateful manipulation of the options can be discarded.
</para>
</listitem>
<listitem>
<para>
The SLIM Display Manager has been removed, as it has been unmaintained since 2013.
Consider migrating to a different display manager such as LightDM (current default in NixOS),
SDDM, GDM, or using the startx module which uses Xinitrc.
</para>
</listitem>
<listitem>
<para>
The BEAM package set has been deleted. You will only find there the different interpreters.
You should now use the different build tools coming with the languages with sandbox mode disabled.
</para>
</listitem>
<listitem>
<para>
There is now only one Xfce package-set and module. This means attributes, <literal>xfce4-14</literal>
<literal>xfce4-12</literal>, and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in future NixOS releases will be the latest released version of Xfce available at the
time during the releases development (if viable).
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.phpfpm.pools">phpfpm</link> module now sets
<literal>PrivateTmp=true</literal> in its systemd units for better process isolation.
If you rely on <literal>/tmp</literal> being shared with other services, explicitly override this by
setting <literal>serviceConfig.PrivateTmp</literal> to <literal>false</literal> for each phpfpm unit.
</para>
</listitem>
<listitem>
<para>
KDEs old multimedia framework Phonon no longer supports Qt 4. For that reason, Plasma desktop also does not have <option>enableQt4Support</option> option any more.
</para>
</listitem>
<listitem>
<para>
The BeeGFS module has been removed.
</para>
</listitem>
<listitem>
<para>
The osquery module has been removed.
</para>
</listitem>
<listitem>
<para>
Going forward, <literal>~/bin</literal> in the users home directory will no longer be in <literal>PATH</literal> by default.
If you depend on this you should set the option <literal>environment.homeBinInPath</literal> to <literal>true</literal>.
The aforementioned option was added this release.
</para>
</listitem>
<listitem>
<para>
The <literal>buildRustCrate</literal> infrastructure now produces <literal>lib</literal> outputs in addition to the <literal>out</literal> output.
This has led to drastically reduced closed sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
</para>
</listitem>
<listitem>
<para>
Pango was upgraded to 1.44, which no longer uses freetype for font loading. This means that type1
and bitmap fonts are no longer supported in applications relying on Pango for font rendering
(notably, GTK application). See <link xlink:href="https://gitlab.gnome.org/GNOME/pango/issues/386">
upstream issue</link> for more information.
</para>
</listitem>
<listitem>
<para>
The packages <literal>openobex</literal> and <literal>obexftp</literal>
are no longer installed when enabling Bluetooth via
<option>hardware.bluetooth.enable</option>.
</para>
</listitem>
<listitem>
<para>
The <literal>dump1090</literal> derivation has been changed to use FlightAware's dump1090
as its upstream. However, this version does not have an internal webserver anymore. The
assets in the <literal>share/dump1090</literal> directory of the derivation can be used
in conjunction with an external webserver to replace this functionality.
</para>
</listitem>
<listitem>
<para>
The fourStore and fourStoreEndpoint modules have been removed.
</para>
</listitem>
<listitem>
<para>
Polkit no longer has the user of uid 0 (root) as an admin identity.
We now follow the upstream default of only having every member of the wheel
group admin privileged. Before it was root and members of wheel.
The positive outcome of this is pkexec GUI popups or terminal prompts
will no longer require the user to choose between two essentially equivalent
choices (whether to perform the action as themselves with wheel permissions, or as the root user).
</para>
</listitem>
<listitem>
<para>
NixOS containers no longer build NixOS manual by default. This saves evaluation time,
especially if there are many declarative containers defined. Note that this is already done
when <literal>&lt;nixos/modules/profiles/minimal.nix&gt;</literal> module is included
in container config.
</para>
</listitem>
<listitem>
<para>
Virtual console options have been reorganized and can be found under
a single top-level attribute: <literal>console</literal>.
The full set of changes is as follows:
</para>
<itemizedlist>
<listitem>
<para>
<literal>i18n.consoleFont</literal> renamed to
<link linkend="opt-console.font">console.font</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleKeyMap</literal> renamed to
<link linkend="opt-console.keyMap">console.keyMap</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleColors</literal> renamed to
<link linkend="opt-console.colors">console.colors</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consolePackages</literal> renamed to
<link linkend="opt-console.packages">console.packages</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleUseXkbConfig</literal> renamed to
<link linkend="opt-console.useXkbConfig">console.useXkbConfig</link>
</para>
</listitem>
<listitem>
<para>
<literal>boot.earlyVconsoleSetup</literal> renamed to
<link linkend="opt-console.earlySetup">console.earlySetup</link>
</para>
</listitem>
<listitem>
<para>
<literal>boot.extraTTYs</literal> renamed to
<link linkend="opt-console.extraTTYs">console.extraTTYs</link>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.awstats.enable">awstats</link> module has been rewritten
to serve stats via static html pages, updated on a timer, over <link linkend="opt-services.nginx.virtualHosts">nginx</link>,
instead of dynamic cgi pages over <link linkend="opt-services.httpd.enable">apache</link>.
</para>
<para>
Minor changes will be required to migrate existing configurations. Details of the
required changes can seen by looking through the <link linkend="opt-services.awstats.enable">awstats</link>
module.
</para>
</listitem>
<listitem>
<para>
The httpd module no longer provides options to support serving web content without defining a virtual host. As a
result of this the <link linkend="opt-services.httpd.logPerVirtualHost">services.httpd.logPerVirtualHost</link>
option now defaults to <literal>true</literal> instead of <literal>false</literal>. Please update your
configuration to make use of <link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts</link>.
</para>
<para>
The <link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;</link>
option has changed type from a list of submodules to an attribute set of submodules, better matching
<link linkend="opt-services.nginx.virtualHosts">services.nginx.virtualHosts.&lt;name&gt;</link>.
</para>
<para>
This change comes with the addition of the following options which mimic the functionality of their <literal>nginx</literal> counterparts:
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;.addSSL</link>,
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;.forceSSL</link>,
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;.onlySSL</link>,
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;.enableACME</link>,
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;.acmeRoot</link>, and
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;.useACMEHost</link>.
</para>
</listitem>
</itemizedlist>
@ -145,6 +363,18 @@
<listitem>
<para>SD images are now compressed by default using <literal>bzip2</literal>.</para>
</listitem>
<listitem>
<para>
The nginx web server previously started its master process as root
privileged, then ran worker processes as a less privileged identity user.
This was changed to start all of nginx as a less privileged user (defined by
<literal>services.nginx.user</literal> and
<literal>services.nginx.group</literal>). As a consequence, all files that
are needed for nginx to run (included configuration fragments, SSL
certificates and keys, etc.) must now be readable by this less privileged
user/group.
</para>
</listitem>
<listitem>
<para>
OpenSSH has been upgraded from 7.9 to 8.1, improving security and adding features
@ -153,6 +383,12 @@
release announcement</link> for more information.
</para>
</listitem>
<listitem>
<para>
<literal>PRETTY_NAME</literal> in <literal>/etc/os-release</literal>
now uses the short rather than full version string.
</para>
</listitem>
</itemizedlist>
</section>
</section>

44
nixos/lib/make-ext4-fs.nix
View File

@ -4,8 +4,11 @@
# generated image is sized to only fit its contents, with the expectation
# that a script resizes the filesystem at boot time.
{ pkgs
, lib
# List of derivations to be included
, storePaths
# Whether or not to compress the resulting image with zstd
, compressImage ? false, zstd
# Shell commands to populate the ./files directory.
# All files in that directory are copied to the root of the FS.
, populateImageCommands ? ""
@ -20,18 +23,20 @@
let
sdClosureInfo = pkgs.buildPackages.closureInfo { rootPaths = storePaths; };
in
pkgs.stdenv.mkDerivation {
name = "ext4-fs.img";
name = "ext4-fs.img${lib.optionalString compressImage ".zst"}";
nativeBuildInputs = [e2fsprogs.bin libfaketime perl lkl];
nativeBuildInputs = [ e2fsprogs.bin libfaketime perl lkl ]
++ lib.optional compressImage zstd;
buildCommand =
''
${if compressImage then "img=temp.img" else "img=$out"}
(
mkdir -p ./files
${populateImageCommands}
)
# Add the closures of the top-level store objects.
storePaths=$(cat ${sdClosureInfo}/store-paths)
@ -42,28 +47,26 @@ pkgs.stdenv.mkDerivation {
bytes=$((2 * 4096 * $numInodes + 4096 * $numDataBlocks))
echo "Creating an EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks)"
truncate -s $bytes $out
faketime -f "1970-01-01 00:00:01" mkfs.ext4 -L ${volumeLabel} -U ${uuid} $out
truncate -s $bytes $img
faketime -f "1970-01-01 00:00:01" mkfs.ext4 -L ${volumeLabel} -U ${uuid} $img
# Also include a manifest of the closures in a format suitable for nix-store --load-db.
cp ${sdClosureInfo}/registration nix-path-registration
cptofs -t ext4 -i $out nix-path-registration /
cptofs -t ext4 -i $img nix-path-registration /
# Create nix/store before copying paths
faketime -f "1970-01-01 00:00:01" mkdir -p nix/store
cptofs -t ext4 -i $out nix /
cptofs -t ext4 -i $img nix /
echo "copying store paths to image..."
cptofs -t ext4 -i $out $storePaths /nix/store/
cptofs -t ext4 -i $img $storePaths /nix/store/
(
echo "copying files to image..."
cd ./files
cptofs -t ext4 -i $out ./* /
)
cptofs -t ext4 -i $img ./files/* /
# I have ended up with corrupted images sometimes, I suspect that happens when the build machine's disk gets full during the build.
if ! fsck.ext4 -n -f $out; then
if ! fsck.ext4 -n -f $img; then
echo "--- Fsck failed for EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks) ---"
cat errorlog
return 1
@ -71,9 +74,9 @@ pkgs.stdenv.mkDerivation {
(
# Resizes **snugly** to its actual limits (or closer to)
free=$(dumpe2fs $out | grep '^Free blocks:')
blocksize=$(dumpe2fs $out | grep '^Block size:')
blocks=$(dumpe2fs $out | grep '^Block count:')
free=$(dumpe2fs $img | grep '^Free blocks:')
blocksize=$(dumpe2fs $img | grep '^Block size:')
blocks=$(dumpe2fs $img | grep '^Block count:')
blocks=$((''${blocks##*:})) # format the number.
blocksize=$((''${blocksize##*:})) # format the number.
# System can't boot with 0 blocks free.
@ -82,10 +85,15 @@ pkgs.stdenv.mkDerivation {
size=$(( blocks - ''${free##*:} + fudge ))
echo "Resizing from $blocks blocks to $size blocks. (~ $((size*blocksize/1024/1024))MiB)"
EXT2FS_NO_MTAB_OK=yes resize2fs $out -f $size
EXT2FS_NO_MTAB_OK=yes resize2fs $img -f $size
)
# And a final fsck, because of the previous truncating.
fsck.ext4 -n -f $out
fsck.ext4 -n -f $img
if [ ${builtins.toString compressImage} ]; then
echo "Compressing image"
zstd -v --no-progress ./$img -o $out
fi
'';
}

2
nixos/lib/make-options-doc/default.nix
View File

@ -86,7 +86,7 @@ let
optionsList = lib.sort optionLess optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsXML = pkgs.writeText "options.xml" (builtins.toXML optionsList);
optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);

418
nixos/lib/test-driver/test-driver.py
View File

@ -1,12 +1,12 @@
#! /somewhere/python3
from contextlib import contextmanager
from contextlib import contextmanager, _GeneratorContextManager
from xml.sax.saxutils import XMLGenerator
import _thread
import atexit
import os
import ptpython.repl
import pty
import queue
from queue import Queue, Empty
import re
import shutil
import socket
@ -15,7 +15,9 @@ import sys
import tempfile
import time
import unicodedata
import ptpython.repl
from typing import Tuple, Any, Callable, Dict, Iterator, Optional, List
import shlex
import pathlib
CHAR_TO_KEY = {
"A": "shift-a",
@ -80,12 +82,22 @@ CHAR_TO_KEY = {
")": "shift-0x0B",
}
# Forward references
nr_tests: int
nr_succeeded: int
log: "Logger"
machines: "List[Machine]"
def eprint(*args, **kwargs):
def eprint(*args: object, **kwargs: Any) -> None:
print(*args, file=sys.stderr, **kwargs)
def create_vlan(vlan_nr):
def make_command(args: list) -> str:
return " ".join(map(shlex.quote, (map(str, args))))
def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]:
global log
log.log("starting VDE switch for network {}".format(vlan_nr))
vde_socket = os.path.abspath("./vde{}.ctl".format(vlan_nr))
@ -109,7 +121,7 @@ def create_vlan(vlan_nr):
return (vlan_nr, vde_socket, vde_process, fd)
def retry(fn):
def retry(fn: Callable) -> None:
"""Call the given function repeatedly, with 1 second intervals,
until it returns True or a timeout is reached.
"""
@ -124,52 +136,52 @@ def retry(fn):
class Logger:
def __init__(self):
def __init__(self) -> None:
self.logfile = os.environ.get("LOGFILE", "/dev/null")
self.logfile_handle = open(self.logfile, "wb")
self.xml = XMLGenerator(self.logfile_handle, encoding="utf-8")
self.queue = queue.Queue(1000)
self.queue: "Queue[Dict[str, str]]" = Queue(1000)
self.xml.startDocument()
self.xml.startElement("logfile", attrs={})
def close(self):
def close(self) -> None:
self.xml.endElement("logfile")
self.xml.endDocument()
self.logfile_handle.close()
def sanitise(self, message):
def sanitise(self, message: str) -> str:
return "".join(ch for ch in message if unicodedata.category(ch)[0] != "C")
def maybe_prefix(self, message, attributes):
def maybe_prefix(self, message: str, attributes: Dict[str, str]) -> str:
if "machine" in attributes:
return "{}: {}".format(attributes["machine"], message)
return message
def log_line(self, message, attributes):
def log_line(self, message: str, attributes: Dict[str, str]) -> None:
self.xml.startElement("line", attributes)
self.xml.characters(message)
self.xml.endElement("line")
def log(self, message, attributes={}):
def log(self, message: str, attributes: Dict[str, str] = {}) -> None:
eprint(self.maybe_prefix(message, attributes))
self.drain_log_queue()
self.log_line(message, attributes)
def enqueue(self, message):
def enqueue(self, message: Dict[str, str]) -> None:
self.queue.put(message)
def drain_log_queue(self):
def drain_log_queue(self) -> None:
try:
while True:
item = self.queue.get_nowait()
attributes = {"machine": item["machine"], "type": "serial"}
self.log_line(self.sanitise(item["msg"]), attributes)
except queue.Empty:
except Empty:
pass
@contextmanager
def nested(self, message, attributes={}):
def nested(self, message: str, attributes: Dict[str, str] = {}) -> Iterator[None]:
eprint(self.maybe_prefix(message, attributes))
self.xml.startElement("nest", attrs={})
@ -188,41 +200,39 @@ class Logger:
class Machine:
def __init__(self, args):
def __init__(self, args: Dict[str, Any]) -> None:
if "name" in args:
self.name = args["name"]
else:
self.name = "machine"
try:
cmd = args["startCommand"]
self.name = re.search("run-(.+)-vm$", cmd).group(1)
except KeyError:
pass
except AttributeError:
pass
cmd = args.get("startCommand", None)
if cmd:
match = re.search("run-(.+)-vm$", cmd)
if match:
self.name = match.group(1)
self.script = args.get("startCommand", self.create_startcommand(args))
tmp_dir = os.environ.get("TMPDIR", tempfile.gettempdir())
def create_dir(name):
def create_dir(name: str) -> str:
path = os.path.join(tmp_dir, name)
os.makedirs(path, mode=0o700, exist_ok=True)
return path
self.state_dir = create_dir("vm-state-{}".format(self.name))
self.shared_dir = create_dir("xchg-shared")
self.shared_dir = create_dir("{}/xchg".format(self.state_dir))
self.booted = False
self.connected = False
self.pid = None
self.pid: Optional[int] = None
self.socket = None
self.monitor = None
self.logger = args["log"]
self.monitor: Optional[socket.socket] = None
self.logger: Logger = args["log"]
self.allow_reboot = args.get("allowReboot", False)
@staticmethod
def create_startcommand(args):
def create_startcommand(args: Dict[str, str]) -> str:
net_backend = "-netdev user,id=net0"
net_frontend = "-device virtio-net-pci,netdev=net0"
@ -272,31 +282,43 @@ class Machine:
return start_command
def is_up(self):
def is_up(self) -> bool:
return self.booted and self.connected
def log(self, msg):
def log(self, msg: str) -> None:
self.logger.log(msg, {"machine": self.name})
def nested(self, msg, attrs={}):
def nested(self, msg: str, attrs: Dict[str, str] = {}) -> _GeneratorContextManager:
my_attrs = {"machine": self.name}
my_attrs.update(attrs)
return self.logger.nested(msg, my_attrs)
def wait_for_monitor_prompt(self):
def wait_for_monitor_prompt(self) -> str:
assert self.monitor is not None
answer = ""
while True:
answer = self.monitor.recv(1024).decode()
undecoded_answer = self.monitor.recv(1024)
if not undecoded_answer:
break
answer += undecoded_answer.decode()
if answer.endswith("(qemu) "):
return answer
break
return answer
def send_monitor_command(self, command):
def send_monitor_command(self, command: str) -> str:
message = ("{}\n".format(command)).encode()
self.log("sending monitor command: {}".format(command))
assert self.monitor is not None
self.monitor.send(message)
return self.wait_for_monitor_prompt()
def wait_for_unit(self, unit, user=None):
while True:
def wait_for_unit(self, unit: str, user: Optional[str] = None) -> None:
"""Wait for a systemd unit to get into "active" state.
Throws exceptions on "failed" and "inactive" states as well as
after timing out.
"""
def check_active(_: Any) -> bool:
info = self.get_unit_info(unit, user)
state = info["ActiveState"]
if state == "failed":
@ -305,25 +327,32 @@ class Machine:
if state == "inactive":
status, jobs = self.systemctl("list-jobs --full 2>&1", user)
if "No jobs" in jobs:
info = self.get_unit_info(unit)
info = self.get_unit_info(unit, user)
if info["ActiveState"] == state:
raise Exception(
(
'unit "{}" is inactive and there ' "are no pending jobs"
).format(unit)
)
if state == "active":
return True
def get_unit_info(self, unit, user=None):
return state == "active"
retry(check_active)
def get_unit_info(self, unit: str, user: Optional[str] = None) -> Dict[str, str]:
status, lines = self.systemctl('--no-pager show "{}"'.format(unit), user)
if status != 0:
return None
raise Exception(
'retrieving systemctl info for unit "{}" {} failed with exit code {}'.format(
unit, "" if user is None else 'under user "{}"'.format(user), status
)
)
line_pattern = re.compile(r"^([^=]+)=(.*)$")
def tuple_from_line(line):
def tuple_from_line(line: str) -> Tuple[str, str]:
match = line_pattern.match(line)
assert match is not None
return match[1], match[2]
return dict(
@ -332,7 +361,7 @@ class Machine:
if line_pattern.match(line)
)
def systemctl(self, q, user=None):
def systemctl(self, q: str, user: Optional[str] = None) -> Tuple[int, str]:
if user is not None:
q = q.replace("'", "\\'")
return self.execute(
@ -344,7 +373,19 @@ class Machine:
)
return self.execute("systemctl {}".format(q))
def execute(self, command):
def require_unit_state(self, unit: str, require_state: str = "active") -> None:
with self.nested(
"checking if unit {} has reached state '{}'".format(unit, require_state)
):
info = self.get_unit_info(unit)
state = info["ActiveState"]
if state != require_state:
raise Exception(
"Expected unit {} to to be in state ".format(unit)
+ "'active' but it is in state {}".format(state)
)
def execute(self, command: str) -> Tuple[int, str]:
self.connect()
out_command = "( {} ); echo '|!EOF' $?\n".format(command)
@ -362,19 +403,21 @@ class Machine:
return (status_code, output)
output += chunk
def succeed(self, *commands):
def succeed(self, *commands: str) -> str:
"""Execute each command and check that it succeeds."""
output = ""
for command in commands:
with self.nested("must succeed: {}".format(command)):
status, output = self.execute(command)
(status, out) = self.execute(command)
if status != 0:
self.log("output: {}".format(output))
self.log("output: {}".format(out))
raise Exception(
"command `{}` failed (exit code {})".format(command, status)
)
return output
output += out
return output
def fail(self, *commands):
def fail(self, *commands: str) -> None:
"""Execute each command and check that it fails."""
for command in commands:
with self.nested("must fail: {}".format(command)):
@ -384,21 +427,37 @@ class Machine:
"command `{}` unexpectedly succeeded".format(command)
)
def wait_until_succeeds(self, command):
def wait_until_succeeds(self, command: str) -> str:
"""Wait until a command returns success and return its output.
Throws an exception on timeout.
"""
output = ""
def check_success(_: Any) -> bool:
nonlocal output
status, output = self.execute(command)
return status == 0
with self.nested("waiting for success: {}".format(command)):
while True:
status, output = self.execute(command)
if status == 0:
return output
retry(check_success)
return output
def wait_until_fails(self, command: str) -> str:
"""Wait until a command returns failure.
Throws an exception on timeout.
"""
output = ""
def check_failure(_: Any) -> bool:
nonlocal output
status, output = self.execute(command)
return status != 0
def wait_until_fails(self, command):
with self.nested("waiting for failure: {}".format(command)):
while True:
status, output = self.execute(command)
if status != 0:
return output
retry(check_failure)
return output
def wait_for_shutdown(self):
def wait_for_shutdown(self) -> None:
if not self.booted:
return
@ -410,58 +469,71 @@ class Machine:
self.booted = False
self.connected = False
def get_tty_text(self, tty):
def get_tty_text(self, tty: str) -> str:
status, output = self.execute(
"fold -w$(stty -F /dev/tty{0} size | "
"awk '{{print $2}}') /dev/vcs{0}".format(tty)
)
return output
def wait_until_tty_matches(self, tty, regexp):
def wait_until_tty_matches(self, tty: str, regexp: str) -> None:
"""Wait until the visible output on the chosen TTY matches regular
expression. Throws an exception on timeout.
"""
matcher = re.compile(regexp)
with self.nested("waiting for {} to appear on tty {}".format(regexp, tty)):
while True:
text = self.get_tty_text(tty)
if len(matcher.findall(text)) > 0:
return True
def send_chars(self, chars):
def tty_matches(last: bool) -> bool:
text = self.get_tty_text(tty)
if last:
self.log(
f"Last chance to match /{regexp}/ on TTY{tty}, "
f"which currently contains: {text}"
)
return len(matcher.findall(text)) > 0
with self.nested("waiting for {} to appear on tty {}".format(regexp, tty)):
retry(tty_matches)
def send_chars(self, chars: List[str]) -> None:
with self.nested("sending keys {}".format(chars)):
for char in chars:
self.send_key(char)
def wait_for_file(self, filename):
with self.nested("waiting for file {}".format(filename)):
while True:
status, _ = self.execute("test -e {}".format(filename))
if status == 0:
return True
def wait_for_file(self, filename: str) -> None:
"""Waits until the file exists in machine's file system."""
def wait_for_open_port(self, port):
def port_is_open(_):
def check_file(_: Any) -> bool:
status, _ = self.execute("test -e {}".format(filename))
return status == 0
with self.nested("waiting for file {}".format(filename)):
retry(check_file)
def wait_for_open_port(self, port: int) -> None:
def port_is_open(_: Any) -> bool:
status, _ = self.execute("nc -z localhost {}".format(port))
return status == 0
with self.nested("waiting for TCP port {}".format(port)):
retry(port_is_open)
def wait_for_closed_port(self, port):
def port_is_closed(_):
def wait_for_closed_port(self, port: int) -> None:
def port_is_closed(_: Any) -> bool:
status, _ = self.execute("nc -z localhost {}".format(port))
return status != 0
retry(port_is_closed)
def start_job(self, jobname, user=None):
def start_job(self, jobname: str, user: Optional[str] = None) -> Tuple[int, str]:
return self.systemctl("start {}".format(jobname), user)
def stop_job(self, jobname, user=None):
def stop_job(self, jobname: str, user: Optional[str] = None) -> Tuple[int, str]:
return self.systemctl("stop {}".format(jobname), user)
def wait_for_job(self, jobname):
return self.wait_for_unit(jobname)
def wait_for_job(self, jobname: str) -> None:
self.wait_for_unit(jobname)
def connect(self):
def connect(self) -> None:
if self.connected:
return
@ -477,7 +549,7 @@ class Machine:
self.log("(connecting took {:.2f} seconds)".format(toc - tic))
self.connected = True
def screenshot(self, filename):
def screenshot(self, filename: str) -> None:
out_dir = os.environ.get("out", os.getcwd())
word_pattern = re.compile(r"^\w+$")
if word_pattern.match(filename):
@ -494,7 +566,39 @@ class Machine:
if ret.returncode != 0:
raise Exception("Cannot convert screenshot")
def get_screen_text(self):
def copy_from_vm(self, source: str, target_dir: str = "") -> None:
"""Copy a file from the VM (specified by an in-VM source path) to a path
relative to `$out`. The file is copied via the `shared_dir` shared among
all the VMs (using a temporary directory).
"""
# Compute the source, target, and intermediate shared file names
out_dir = pathlib.Path(os.environ.get("out", os.getcwd()))
vm_src = pathlib.Path(source)
with tempfile.TemporaryDirectory(dir=self.shared_dir) as shared_td:
shared_temp = pathlib.Path(shared_td)
vm_shared_temp = pathlib.Path("/tmp/xchg") / shared_temp.name
vm_intermediate = vm_shared_temp / vm_src.name
intermediate = shared_temp / vm_src.name
# Copy the file to the shared directory inside VM
self.succeed(make_command(["mkdir", "-p", vm_shared_temp]))
self.succeed(make_command(["cp", "-r", vm_src, vm_intermediate]))
self.succeed("sync")
abs_target = out_dir / target_dir / vm_src.name
abs_target.parent.mkdir(exist_ok=True, parents=True)
# Copy the file from the shared directory outside VM
if intermediate.is_dir():
shutil.copytree(intermediate, abs_target)
else:
shutil.copy(intermediate, abs_target)
# Make sure the cleanup is synced into VM
self.succeed("sync")
def dump_tty_contents(self, tty: str) -> None:
"""Debugging: Dump the contents of the TTY<n>
"""
self.execute("fold -w 80 /dev/vcs{} | systemd-cat".format(tty))
def get_screen_text(self) -> str:
if shutil.which("tesseract") is None:
raise Exception("get_screen_text used but enableOCR is false")
@ -522,30 +626,30 @@ class Machine:
return ret.stdout.decode("utf-8")
def wait_for_text(self, regex):
def screen_matches(last):
def wait_for_text(self, regex: str) -> None:
def screen_matches(last: bool) -> bool:
text = self.get_screen_text()
m = re.search(regex, text)
matches = re.search(regex, text) is not None
if last and not m:
if last and not matches:
self.log("Last OCR attempt failed. Text was: {}".format(text))
return m
return matches
with self.nested("waiting for {} to appear on screen".format(regex)):
retry(screen_matches)
def send_key(self, key):
def send_key(self, key: str) -> None:
key = CHAR_TO_KEY.get(key, key)
self.send_monitor_command("sendkey {}".format(key))
def start(self):
def start(self) -> None:
if self.booted:
return
self.log("starting vm")
def create_socket(path):
def create_socket(path: str) -> socket.socket:
if os.path.exists(path):
os.unlink(path)
s = socket.socket(family=socket.AF_UNIX, type=socket.SOCK_STREAM)
@ -575,12 +679,15 @@ class Machine:
+ os.environ.get("QEMU_OPTS", "")
)
environment = {
"QEMU_OPTS": qemu_options,
"SHARED_DIR": self.shared_dir,
"USE_TMPDIR": "1",
}
environment.update(dict(os.environ))
environment = dict(os.environ)
environment.update(
{
"TMPDIR": self.state_dir,
"SHARED_DIR": self.shared_dir,
"USE_TMPDIR": "1",
"QEMU_OPTS": qemu_options,
}
)
self.process = subprocess.Popen(
self.script,
@ -588,16 +695,16 @@ class Machine:
stdin=subprocess.DEVNULL,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
shell=False,
shell=True,
cwd=self.state_dir,
env=environment,
)
self.monitor, _ = self.monitor_socket.accept()
self.shell, _ = self.shell_socket.accept()
def process_serial_output():
for line in self.process.stdout:
line = line.decode().replace("\r", "").rstrip()
def process_serial_output() -> None:
for _line in self.process.stdout:
line = _line.decode("unicode_escape").replace("\r", "").rstrip()
eprint("{} # {}".format(self.name, line))
self.logger.enqueue({"msg": line, "machine": self.name})
@ -610,83 +717,117 @@ class Machine:
self.log("QEMU running (pid {})".format(self.pid))
def shutdown(self):
if self.booted:
def shutdown(self) -> None:
if not self.booted:
return
self.shell.send("poweroff\n".encode())
self.wait_for_shutdown()
def crash(self):
if self.booted:
def crash(self) -> None:
if not self.booted:
return
self.log("forced crash")
self.send_monitor_command("quit")
self.wait_for_shutdown()
def wait_for_x(self):
def wait_for_x(self) -> None:
"""Wait until it is possible to connect to the X server. Note that
testing the existence of /tmp/.X11-unix/X0 is insufficient.
"""
with self.nested("waiting for the X11 server"):
while True:
cmd = (
"journalctl -b SYSLOG_IDENTIFIER=systemd | "
+ 'grep "Reached target Current graphical"'
)
status, _ = self.execute(cmd)
if status != 0:
continue
status, _ = self.execute("[ -e /tmp/.X11-unix/X0 ]")
if status == 0:
return
def sleep(self, secs):
def check_x(_: Any) -> bool:
cmd = (
"journalctl -b SYSLOG_IDENTIFIER=systemd | "
+ 'grep "Reached target Current graphical"'
)
status, _ = self.execute(cmd)
if status != 0:
return False
status, _ = self.execute("[ -e /tmp/.X11-unix/X0 ]")
return status == 0
with self.nested("waiting for the X11 server"):
retry(check_x)
def get_window_names(self) -> List[str]:
return self.succeed(
r"xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d'"
).splitlines()
def wait_for_window(self, regexp: str) -> None:
pattern = re.compile(regexp)
def window_is_visible(last_try: bool) -> bool:
names = self.get_window_names()
if last_try:
self.log(
"Last chance to match {} on the window list,".format(regexp)
+ " which currently contains: "
+ ", ".join(names)
)
return any(pattern.search(name) for name in names)
with self.nested("Waiting for a window to appear"):
retry(window_is_visible)
def sleep(self, secs: int) -> None:
time.sleep(secs)
def block(self):
def forward_port(self, host_port: int = 8080, guest_port: int = 80) -> None:
"""Forward a TCP port on the host to a TCP port on the guest.
Useful during interactive testing.
"""
self.send_monitor_command(
"hostfwd_add tcp::{}-:{}".format(host_port, guest_port)
)
def block(self) -> None:
"""Make the machine unreachable by shutting down eth1 (the multicast
interface used to talk to the other VMs). We keep eth0 up so that
the test driver can continue to talk to the machine.
"""
self.send_monitor_command("set_link virtio-net-pci.1 off")
def unblock(self):
def unblock(self) -> None:
"""Make the machine reachable.
"""
self.send_monitor_command("set_link virtio-net-pci.1 on")
def create_machine(args):
def create_machine(args: Dict[str, Any]) -> Machine:
global log
args["log"] = log
args["redirectSerial"] = os.environ.get("USE_SERIAL", "0") == "1"
return Machine(args)
def start_all():
def start_all() -> None:
global machines
with log.nested("starting all VMs"):
for machine in machines:
machine.start()
def join_all():
def join_all() -> None:
global machines
with log.nested("waiting for all VMs to finish"):
for machine in machines:
machine.wait_for_shutdown()
def test_script():
def test_script() -> None:
exec(os.environ["testScript"])
def run_tests():
def run_tests() -> None:
global machines
tests = os.environ.get("tests", None)
if tests is not None:
with log.nested("running the VM test script"):
try:
exec(tests)
exec(tests, globals())
except Exception as e:
eprint("error: {}".format(str(e)))
sys.exit(1)
@ -700,11 +841,13 @@ def run_tests():
machine.execute("sync")
if nr_tests != 0:
log.log("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
eprint("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
if nr_tests > nr_succeeded:
sys.exit(1)
@contextmanager
def subtest(name):
def subtest(name: str) -> Iterator[None]:
global nr_tests
global nr_succeeded
@ -721,7 +864,6 @@ def subtest(name):
if __name__ == "__main__":
global log
log = Logger()
vlan_nrs = list(dict.fromkeys(os.environ["VLANS"].split()))
@ -740,7 +882,7 @@ if __name__ == "__main__":
nr_succeeded = 0
@atexit.register
def clean_up():
def clean_up() -> None:
with log.nested("cleaning up"):
for machine in machines:
if machine.pid is None:

19
nixos/lib/testing-python.nix
View File

@ -26,7 +26,7 @@ in rec {
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ (python3.withPackages (p: [ p.ptpython ])) ];
checkInputs = with python3Packages; [ pylint black ];
checkInputs = with python3Packages; [ pylint black mypy ];
dontUnpack = true;
@ -34,6 +34,9 @@ in rec {
doCheck = true;
checkPhase = ''
mypy --disallow-untyped-defs \
--no-implicit-optional \
--ignore-missing-imports ${testDriverScript}
pylint --errors-only ${testDriverScript}
black --check --diff ${testDriverScript}
'';
@ -92,6 +95,8 @@ in rec {
, makeCoverageReport ? false
, enableOCR ? false
, name ? "unnamed"
# Skip linting (mainly intended for faster dev cycles)
, skipLint ? false
, ...
} @ t:
@ -130,7 +135,7 @@ in rec {
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = runCommand testDriverName
driver = let warn = if skipLint then lib.warn "Linting is disabled!" else lib.id; in warn (runCommand testDriverName
{ buildInputs = [ makeWrapper];
testScript = testScript';
preferLocalBuild = true;
@ -140,7 +145,9 @@ in rec {
mkdir -p $out/bin
echo -n "$testScript" > $out/test-script
${python3Packages.black}/bin/black --check --diff $out/test-script
${lib.optionalString (!skipLint) ''
${python3Packages.black}/bin/black --check --diff $out/test-script
''}
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
@ -157,7 +164,7 @@ in rec {
--set tests 'start_all(); join_all();' \
--set VLANS '${toString vlans}' \
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
''; # "
''); # "
passMeta = drv: drv // lib.optionalAttrs (t ? meta) {
meta = (drv.meta or {}) // t.meta;
@ -258,11 +265,9 @@ in rec {
inherit require;
virtualisation.memorySize = 1024;
services.xserver.enable = true;
services.xserver.displayManager.slim.enable = false;
services.xserver.displayManager.auto.enable = true;
services.xserver.windowManager.default = "icewm";
services.xserver.displayManager.defaultSession = "none+icewm";
services.xserver.windowManager.icewm.enable = true;
services.xserver.desktopManager.default = "none";
};
in
runInMachine ({

4
nixos/lib/testing.nix
View File

@ -248,11 +248,9 @@ in rec {
inherit require;
virtualisation.memorySize = 1024;
services.xserver.enable = true;
services.xserver.displayManager.slim.enable = false;
services.xserver.displayManager.auto.enable = true;
services.xserver.windowManager.default = "icewm";
services.xserver.displayManager.defaultSession = "none+icewm";
services.xserver.windowManager.icewm.enable = true;
services.xserver.desktopManager.default = "none";
};
in
runInMachine ({

4
nixos/maintainers/scripts/ec2/create-amis.sh
View File

@ -211,11 +211,11 @@ upload_image() {
log "Registering snapshot $snapshot_id as AMI"
local block_device_mappings=(
"DeviceName=/dev/sda1,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp2}"
"DeviceName=/dev/xvda,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp2}"
)
local extra_flags=(
--root-device-name /dev/sda1
--root-device-name /dev/xvda
--sriov-net-support simple
--ena-support
--virtualization-type hvm

203
nixos/modules/config/console.nix Normal file
View File

@ -0,0 +1,203 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.console;
makeColor = i: concatMapStringsSep "," (x: "0x" + substring (2*i) 2 x);
isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale);
optimizedKeymap = pkgs.runCommand "keymap" {
nativeBuildInputs = [ pkgs.buildPackages.kbd ];
LOADKEYS_KEYMAP_PATH = "${consoleEnv}/share/keymaps/**";
preferLocalBuild = true;
} ''
loadkeys -b ${optionalString isUnicode "-u"} "${cfg.keyMap}" > $out
'';
# Sadly, systemd-vconsole-setup doesn't support binary keymaps.
vconsoleConf = pkgs.writeText "vconsole.conf" ''
KEYMAP=${cfg.keyMap}
FONT=${cfg.font}
'';
consoleEnv = pkgs.buildEnv {
name = "console-env";
paths = [ pkgs.kbd ] ++ cfg.packages;
pathsToLink = [
"/share/consolefonts"
"/share/consoletrans"
"/share/keymaps"
"/share/unimaps"
];
};
setVconsole = !config.boot.isContainer;
in
{
###### interface
options.console = {
font = mkOption {
type = types.str;
default = "Lat2-Terminus16";
example = "LatArCyrHeb-16";
description = ''
The font used for the virtual consoles. Leave empty to use
whatever the <command>setfont</command> program considers the
default font.
'';
};
keyMap = mkOption {
type = with types; either str path;
default = "us";
example = "fr";
description = ''
The keyboard mapping table for the virtual consoles.
'';
};
colors = mkOption {
type = types.listOf types.str;
default = [];
example = [
"002b36" "dc322f" "859900" "b58900"
"268bd2" "d33682" "2aa198" "eee8d5"
"002b36" "cb4b16" "586e75" "657b83"
"839496" "6c71c4" "93a1a1" "fdf6e3"
];
description = ''
The 16 colors palette used by the virtual consoles.
Leave empty to use the default colors.
Colors must be in hexadecimal format and listed in
order from color 0 to color 15.
'';
};
packages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
description = ''
List of additional packages that provide console fonts, keymaps and
other resources for virtual consoles use.
'';
};
extraTTYs = mkOption {
default = [];
type = types.listOf types.str;
example = ["tty8" "tty9"];
description = ''
TTY (virtual console) devices, in addition to the consoles on
which mingetty and syslogd run, that must be initialised.
Only useful if you have some program that you want to run on
some fixed console. For example, the NixOS installation CD
opens the manual in a web browser on console 7, so it sets
<option>console.extraTTYs</option> to <literal>["tty7"]</literal>.
'';
};
useXkbConfig = mkOption {
type = types.bool;
default = false;
description = ''
If set, configure the virtual console keymap from the xserver
keyboard settings.
'';
};
earlySetup = mkOption {
default = false;
type = types.bool;
description = ''
Enable setting virtual console options as early as possible (in initrd).
'';
};
};
###### implementation
config = mkMerge [
{ console.keyMap = with config.services.xserver;
mkIf cfg.useXkbConfig
(pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
'${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
'');
}
(mkIf (!setVconsole) {
systemd.services.systemd-vconsole-setup.enable = false;
})
(mkIf setVconsole (mkMerge [
{ environment.systemPackages = [ pkgs.kbd ];
# Let systemd-vconsole-setup.service do the work of setting up the
# virtual consoles.
environment.etc."vconsole.conf".source = vconsoleConf;
# Provide kbd with additional packages.
environment.etc.kbd.source = "${consoleEnv}/share";
boot.initrd.preLVMCommands = mkBefore ''
kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
loadkmap < ${optimizedKeymap}
${optionalString cfg.earlySetup ''
setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
''}
'';
systemd.services.systemd-vconsole-setup =
{ before = [ "display-manager.service" ];
after = [ "systemd-udev-settle.service" ];
restartTriggers = [ vconsoleConf consoleEnv ];
};
}
(mkIf (cfg.colors != []) {
boot.kernelParams = [
"vt.default_red=${makeColor 0 cfg.colors}"
"vt.default_grn=${makeColor 1 cfg.colors}"
"vt.default_blu=${makeColor 2 cfg.colors}"
];
})
(mkIf cfg.earlySetup {
boot.initrd.extraUtilsCommands = ''
mkdir -p $out/share/consolefonts
${if substring 0 1 cfg.font == "/" then ''
font="${cfg.font}"
'' else ''
font="$(echo ${consoleEnv}/share/consolefonts/${cfg.font}.*)"
''}
if [[ $font == *.gz ]]; then
gzip -cd $font > $out/share/consolefonts/font.psf
else
cp -L $font $out/share/consolefonts/font.psf
fi
'';
})
]))
];
imports = [
(mkRenamedOptionModule [ "i18n" "consoleFont" ] [ "console" "font" ])
(mkRenamedOptionModule [ "i18n" "consoleKeyMap" ] [ "console" "keyMap" ])
(mkRenamedOptionModule [ "i18n" "consoleColors" ] [ "console" "colors" ])
(mkRenamedOptionModule [ "i18n" "consolePackages" ] [ "console" "packages" ])
(mkRenamedOptionModule [ "i18n" "consoleUseXkbConfig" ] [ "console" "useXkbConfig" ])
(mkRenamedOptionModule [ "boot" "earlyVconsoleSetup" ] [ "console" "earlySetup" ])
(mkRenamedOptionModule [ "boot" "extraTTYs" ] [ "console" "extraTTYs" ])
];
}

36
nixos/modules/config/fonts/corefonts.nix
View File

@ -1,36 +0,0 @@
# This module is deprecated, since you can just say fonts.fonts = [
# pkgs.corefonts ]; instead.
{ config, lib, pkgs, ... }:
with lib;
{
options = {
fonts = {
enableCoreFonts = mkOption {
visible = false;
default = false;
description = ''
Whether to include Microsoft's proprietary Core Fonts. These fonts
are redistributable, but only verbatim, among other restrictions.
See <link xlink:href="http://corefonts.sourceforge.net/eula.htm"/>
for details.
'';
};
};
};
config = mkIf config.fonts.enableCoreFonts {
fonts.fonts = [ pkgs.corefonts ];
};
}

86
nixos/modules/config/fonts/fontconfig-ultimate.nix
View File

@ -1,86 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.fonts.fontconfig.ultimate;
latestVersion = pkgs.fontconfig.configVersion;
# The configuration to be included in /etc/font/
confPkg = pkgs.runCommand "font-ultimate-conf" { preferLocalBuild = true; } ''
support_folder=$out/etc/fonts/conf.d
latest_folder=$out/etc/fonts/${latestVersion}/conf.d
mkdir -p $support_folder
mkdir -p $latest_folder
# fontconfig ultimate substitutions
${optionalString (cfg.substitutions != "none") ''
ln -s ${pkgs.fontconfig-ultimate}/etc/fonts/presets/${cfg.substitutions}/*.conf \
$support_folder
ln -s ${pkgs.fontconfig-ultimate}/etc/fonts/presets/${cfg.substitutions}/*.conf \
$latest_folder
''}
# fontconfig ultimate various configuration files
ln -s ${pkgs.fontconfig-ultimate}/etc/fonts/conf.d/*.conf \
$support_folder
ln -s ${pkgs.fontconfig-ultimate}/etc/fonts/conf.d/*.conf \
$latest_folder
'';
in
{
options = {
fonts = {
fontconfig = {
ultimate = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable fontconfig-ultimate settings (formerly known as
Infinality). Besides the customizable settings in this NixOS
module, fontconfig-ultimate also provides many font-specific
rendering tweaks.
'';
};
substitutions = mkOption {
type = types.enum ["free" "combi" "ms" "none"];
default = "free";
description = ''
Font substitutions to replace common Type 1 fonts with nicer
TrueType fonts. <literal>free</literal> uses free fonts,
<literal>ms</literal> uses Microsoft fonts,
<literal>combi</literal> uses a combination, and
<literal>none</literal> disables the substitutions.
'';
};
preset = mkOption {
type = types.enum ["ultimate1" "ultimate2" "ultimate3" "ultimate4" "ultimate5" "osx" "windowsxp"];
default = "ultimate3";
description = ''
FreeType rendering settings preset. Any of the presets may be
customized by setting environment variables.
'';
};
};
};
};
};
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
fonts.fontconfig.confPackages = [ confPkg ];
environment.variables.INFINALITY_FT = cfg.preset;
};
}

10
nixos/modules/config/fonts/fontconfig.nix
View File

@ -264,6 +264,16 @@ let
};
in
{
imports = [
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "fonts" "fontconfig" "allowBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowType1" ] [ "fonts" "fontconfig" "allowType1" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "fonts" "fontconfig" "useEmbeddedBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "fonts" "fontconfig" "forceAutohint" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
(mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
];
options = {

3
nixos/modules/config/fonts/fonts.nix
View File

@ -3,6 +3,9 @@
with lib;
{
imports = [
(mkRemovedOptionModule [ "fonts" "enableCoreFonts" ] "Use fonts.fonts = [ pkgs.corefonts ]; instead.")
];
options = {

63
nixos/modules/config/i18n.nix
View File

@ -58,62 +58,6 @@ with lib;
'';
};
consolePackages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
description = ''
List of additional packages that provide console fonts, keymaps and
other resources.
'';
};
consoleFont = mkOption {
type = types.str;
default = "Lat2-Terminus16";
example = "LatArCyrHeb-16";
description = ''
The font used for the virtual consoles. Leave empty to use
whatever the <command>setfont</command> program considers the
default font.
'';
};
consoleUseXkbConfig = mkOption {
type = types.bool;
default = false;
description = ''
If set, configure the console keymap from the xserver keyboard
settings.
'';
};
consoleKeyMap = mkOption {
type = with types; either str path;
default = "us";
example = "fr";
description = ''
The keyboard mapping table for the virtual consoles.
'';
};
consoleColors = mkOption {
type = types.listOf types.str;
default = [];
example = [
"002b36" "dc322f" "859900" "b58900"
"268bd2" "d33682" "2aa198" "eee8d5"
"002b36" "cb4b16" "586e75" "657b83"
"839496" "6c71c4" "93a1a1" "fdf6e3"
];
description = ''
The 16 colors palette used by the virtual consoles.
Leave empty to use the default colors.
Colors must be in hexadecimal format and listed in
order from color 0 to color 15.
'';
};
};
};
@ -123,13 +67,6 @@ with lib;
config = {
i18n.consoleKeyMap = with config.services.xserver;
mkIf config.i18n.consoleUseXkbConfig
(pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
'${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
'');
environment.systemPackages =
optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales;

20
nixos/modules/config/networking.nix
View File

@ -16,6 +16,9 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "networking" "hostConf" ] "Use environment.etc.\"host.conf\" instead.")
];
options = {
@ -41,19 +44,6 @@ in
'';
};
networking.hostConf = lib.mkOption {
type = types.lines;
default = "multi on";
example = ''
multi on
reorder on
trim lan
'';
description = ''
The contents of <filename>/etc/host.conf</filename>. See also <citerefentry><refentrytitle>host.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
'';
};
networking.timeServers = mkOption {
default = [
"0.nixos.pool.ntp.org"
@ -186,7 +176,9 @@ in
'';
# /etc/host.conf: resolver configuration file
"host.conf".text = cfg.hostConf;
"host.conf".text = ''
multi on
'';
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
# /etc/rpc: RPC program numbers.

2
nixos/modules/config/qt5.nix
View File

@ -10,7 +10,7 @@ let
isQtStyle = cfg.platformTheme == "gtk2" && cfg.style != "adwaita";
packages = if isQGnome then [ pkgs.qgnomeplatform pkgs.adwaita-qt ]
else if isQtStyle then [ pkgs.qtstyleplugins ]
else if isQtStyle then [ pkgs.libsForQt5.qtstyleplugins ]
else throw "`qt5.platformTheme` ${cfg.platformTheme} and `qt5.style` ${cfg.style} are not compatible.";
in

6
nixos/modules/config/resolvconf.nix
View File

@ -33,6 +33,12 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "networking" "dnsSingleRequest" ] [ "networking" "resolvconf" "dnsSingleRequest" ])
(mkRenamedOptionModule [ "networking" "dnsExtensionMechanism" ] [ "networking" "resolvconf" "dnsExtensionMechanism" ])
(mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ])
(mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ])
];
options = {

2
nixos/modules/config/shells-environment.nix
View File

@ -122,7 +122,7 @@ in
description = ''
Include ~/bin/ in $PATH.
'';
default = true;
default = false;
type = types.bool;
};

4
nixos/modules/config/users-groups.nix
View File

@ -403,6 +403,10 @@ let
filter types.shellPackage.check shells;
in {
imports = [
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
(mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
];
###### interface

41
nixos/modules/config/vpnc.nix
View File

@ -1,41 +0,0 @@
{ config, lib, ... }:
with lib;
let
cfg = config.networking.vpnc;
mkServiceDef = name: value:
{
name = "vpnc/${name}.conf";
value = { text = value; };
};
in
{
options = {
networking.vpnc = {
services = mkOption {
type = types.attrsOf types.str;
default = {};
example = literalExample ''
{ test = '''
IPSec gateway 192.168.1.1
IPSec ID someID
IPSec secret secretKey
Xauth username name
Xauth password pass
''';
}
'';
description =
''
The names of cisco VPNs and their associated definitions
'';
};
};
};
config.environment.etc = mapAttrs' mkServiceDef cfg.services;
}

4
nixos/modules/config/xdg/portal.nix
View File

@ -3,6 +3,10 @@
with lib;
{
imports = [
(mkRenamedOptionModule [ "services" "flatpak" "extraPortals" ] [ "xdg" "portal" "extraPortals" ])
];
options.xdg.portal = {
enable =
mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>"//{

6
nixos/modules/config/xdg/sounds.nix
View File

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
with lib;
{
@ -14,6 +14,10 @@ with lib;
};
config = mkIf config.xdg.sounds.enable {
environment.systemPackages = [
pkgs.sound-theme-freedesktop
];
environment.pathsToLink = [
"/share/sounds"
];

8
nixos/modules/hardware/all-firmware.nix
View File

@ -6,6 +6,14 @@ let
cfg = config.hardware;
in {
imports = [
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
];
###### interface
options = {

5
nixos/modules/hardware/ckb-next.nix
View File

@ -7,6 +7,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
];
options.hardware.ckb-next = {
enable = mkEnableOption "the Corsair keyboard/mouse driver";

4
nixos/modules/hardware/ksm.nix
View File

@ -6,6 +6,10 @@ let
cfg = config.hardware.ksm;
in {
imports = [
(mkRenamedOptionModule [ "hardware" "enableKSM" ] [ "hardware" "ksm" "enable" ])
];
options.hardware.ksm = {
enable = mkEnableOption "Kernel Same-Page Merging";
sleep = mkOption {

5
nixos/modules/hardware/opengl.nix
View File

@ -31,6 +31,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
];
options = {
hardware.opengl = {

7
nixos/modules/hardware/video/nvidia.nix
View File

@ -75,7 +75,7 @@ in
Note that this configuration will only be successful when a display manager
for which the <option>services.xserver.displayManager.setupCommands</option>
option is supported is used; notably, SLiM is not supported.
option is supported is used.
'';
};
@ -111,9 +111,10 @@ in
config = mkIf enabled {
assertions = [
{
assertion = with config.services.xserver.displayManager; gdm.enable -> !gdm.wayland;
message = "NVIDIA drivers don't support wayland, set services.xserver.displayManager.gdm.wayland=false";
assertion = with config.services.xserver.displayManager; gdm.nvidiaWayland -> cfg.modesetting.enable;
message = "You cannot use wayland with GDM without modesetting enabled for NVIDIA drivers, set `hardware.nvidia.modesetting.enable = true`";
}
{
assertion = !optimusCfg.enable ||
(optimusCfg.nvidiaBusId != "" && optimusCfg.intelBusId != "");

14
nixos/modules/i18n/input-method/ibus.nix
View File

@ -27,6 +27,10 @@ let
};
in
{
imports = [
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
];
options = {
i18n.inputMethod.ibus = {
engines = mkOption {
@ -53,9 +57,15 @@ in
config = mkIf (config.i18n.inputMethod.enabled == "ibus") {
i18n.inputMethod.package = ibusPackage;
environment.systemPackages = [
ibusAutostart
];
# Without dconf enabled it is impossible to use IBus
environment.systemPackages = with pkgs; [
gnome3.dconf ibusAutostart
programs.dconf.enable = true;
services.dbus.packages = [
ibusAutostart
];
environment.variables = {

12
nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix
View File

@ -22,17 +22,7 @@ with lib;
});
'';
services.xserver = {
enable = true;
# Automatically login as nixos.
displayManager.slim = {
enable = true;
defaultUser = "nixos";
autoLogin = true;
};
};
services.xserver.enable = true;
# Provide networkmanager for easy wireless configuration.
networking.networkmanager.enable = true;

2
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View File

@ -10,8 +10,6 @@ with lib;
services.xserver.desktopManager.gnome3.enable = true;
services.xserver.displayManager.slim.enable = mkForce false;
# Auto-login as root.
services.xserver.displayManager.gdm.autoLogin = {
enable = true;

10
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

@ -11,7 +11,15 @@ with lib;
services.xserver = {
desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
};
# Automatically login as nixos.
displayManager.sddm = {
enable = true;
autoLogin = {
enable = true;
user = "nixos";
};
};
};

11
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -603,9 +603,6 @@ in
{ source = config.system.build.squashfsStore;
target = "/nix-store.squashfs";
}
{ source = config.isoImage.efiSplashImage;
target = "/EFI/boot/efi-background.png";
}
{ source = config.isoImage.splashImage;
target = "/isolinux/background.png";
}
@ -630,8 +627,8 @@ in
{ source = "${efiDir}/EFI";
target = "/EFI";
}
{ source = pkgs.writeText "loopback.cfg" "source /EFI/boot/grub.cfg";
target = "/boot/grub/loopback.cfg";
{ source = (pkgs.writeTextDir "grub/loopback.cfg" "source /EFI/boot/grub.cfg") + "/grub";
target = "/boot/grub";
}
] ++ optionals (config.boot.loader.grub.memtest86.enable && canx86BiosBoot) [
{ source = "${pkgs.memtest86plus}/memtest.bin";
@ -641,6 +638,10 @@ in
{ source = config.isoImage.grubTheme;
target = "/EFI/boot/grub-theme";
}
] ++ [
{ source = config.isoImage.efiSplashImage;
target = "/EFI/boot/efi-background.png";
}
];
boot.loader.timeout = 10;

19
nixos/modules/installer/cd-dvd/sd-image.nix
View File

@ -18,6 +18,7 @@ with lib;
let
rootfsImage = pkgs.callPackage ../../../lib/make-ext4-fs.nix ({
inherit (config.sdImage) storePaths;
compressImage = true;
populateImageCommands = config.sdImage.populateRootCommands;
volumeLabel = "NIXOS_SD";
} // optionalAttrs (config.sdImage.rootPartitionUUID != null) {
@ -128,10 +129,11 @@ in
sdImage.storePaths = [ config.system.build.toplevel ];
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs, mtools, libfaketime, utillinux, bzip2 }: stdenv.mkDerivation {
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
mtools, libfaketime, utillinux, bzip2, zstd }: stdenv.mkDerivation {
name = config.sdImage.imageName;
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux bzip2 ];
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux bzip2 zstd ];
inherit (config.sdImage) compressImage;
@ -140,13 +142,20 @@ in
export img=$out/sd-image/${config.sdImage.imageName}
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
if test -n "$compressImage"; then
echo "file sd-image $img.bz2" >> $out/nix-support/hydra-build-products
else
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
fi
echo "Decompressing rootfs image"
zstd -d --no-progress "${rootfsImage}" -o ./root-fs.img
# Gap in front of the first partition, in MiB
gap=8
# Create the image file sized to fit /boot/firmware and /, plus slack for the gap.
rootSizeBlocks=$(du -B 512 --apparent-size ${rootfsImage} | awk '{ print $1 }')
rootSizeBlocks=$(du -B 512 --apparent-size ./root-fs.img | awk '{ print $1 }')
firmwareSizeBlocks=$((${toString config.sdImage.firmwareSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + firmwareSizeBlocks * 512 + gap * 1024 * 1024))
truncate -s $imageSize $img
@ -164,7 +173,7 @@ in
# Copy the rootfs into the SD image
eval $(partx $img -o START,SECTORS --nr 2 --pairs)
dd conv=notrunc if=${rootfsImage} of=$img seek=$START count=$SECTORS
dd conv=notrunc if=./root-fs.img of=$img seek=$START count=$SECTORS
# Create a FAT32 /boot/firmware partition of suitable size into firmware_part.img
eval $(partx $img -o START,SECTORS --nr 1 --pairs)

5
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -335,6 +335,9 @@ if (@swaps) {
next unless -e $swapFilename;
my $dev = findStableDevPath $swapFilename;
if ($swapType =~ "partition") {
# zram devices are more likely created by configuration.nix, so
# ignore them here
next if ($swapFilename =~ /^\/dev\/zram/);
push @swapDevices, "{ device = \"$dev\"; }";
} elsif ($swapType =~ "file") {
# swap *files* are more likely specified in configuration.nix, so
@ -498,7 +501,7 @@ if (-f $fb_modes_file && -r $fb_modes_file) {
my $console_width = $1, my $console_height = $2;
if ($console_width > 1920) {
push @attrs, "# High-DPI console";
push @attrs, 'i18n.consoleFont = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";';
push @attrs, 'console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";';
}
}

9
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -90,6 +90,11 @@ while [ "$#" -gt 0 ]; do
targetHost="$1"
shift 1
;;
--use-remote-sudo)
# note the trailing space
maybeSudo="sudo "
shift 1
;;
*)
echo "$0: unknown option \`$i'"
exit 1
@ -97,10 +102,6 @@ while [ "$#" -gt 0 ]; do
esac
done
if [ -n "$SUDO_USER" ]; then
maybeSudo="sudo "
fi
if [ -z "$buildHost" -a -n "$targetHost" ]; then
buildHost="$targetHost"
fi

5
nixos/modules/misc/documentation.nix
View File

@ -67,6 +67,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ])
(mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ])
(mkRenamedOptionModule [ "services" "nixosManual" "enable" ] [ "documentation" "nixos" "enable" ])
];
options = {

13
nixos/modules/misc/ids.nix
View File

@ -11,6 +11,9 @@
{ lib, ... }:
let
inherit (lib) types;
in
{
options = {
@ -19,6 +22,7 @@
description = ''
The user IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
ids.gids = lib.mkOption {
@ -26,6 +30,7 @@
description = ''
The group IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
};
@ -75,8 +80,8 @@
#kdm = 39; # dropped in 17.03
#ghostone = 40; # dropped in 18.03
git = 41;
fourstore = 42;
fourstorehttp = 43;
#fourstore = 42; # dropped in 20.03
#fourstorehttp = 43; # dropped in 20.03
virtuoso = 44;
rtkit = 45;
dovecot2 = 46;
@ -128,7 +133,7 @@
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
firebird = 95;
#keys = 96; # unused
haproxy = 97;
#haproxy = 97; # DynamicUser as of 2019-11-08
mongodb = 98;
openldap = 99;
#users = 100; # unused
@ -443,7 +448,7 @@
#tcpcryptd = 93; # unused
firebird = 95;
keys = 96;
haproxy = 97;
#haproxy = 97; # DynamicUser as of 2019-11-08
#mongodb = 98; # unused
openldap = 99;
munin = 102;

5
nixos/modules/misc/locate.nix
View File

@ -7,6 +7,11 @@ let
isMLocate = hasPrefix "mlocate" cfg.locate.name;
isFindutils = hasPrefix "findutils" cfg.locate.name;
in {
imports = [
(mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ])
(mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths" )
];
options.services.locate = with types; {
enable = mkOption {
type = bool;

8
nixos/modules/misc/version.nix
View File

@ -10,6 +10,12 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "system" "nixosVersion" ] [ "system" "nixos" "version" ])
(mkRenamedOptionModule [ "system" "nixosVersionSuffix" ] [ "system" "nixos" "versionSuffix" ])
(mkRenamedOptionModule [ "system" "nixosRevision" ] [ "system" "nixos" "revision" ])
(mkRenamedOptionModule [ "system" "nixosLabel" ] [ "system" "nixos" "label" ])
];
options.system = {
@ -92,7 +98,7 @@ in
VERSION="${cfg.version} (${cfg.codeName})"
VERSION_CODENAME=${toLower cfg.codeName}
VERSION_ID="${cfg.version}"
PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})"
PRETTY_NAME="NixOS ${cfg.release} (${cfg.codeName})"
LOGO="nix-snowflake"
HOME_URL="https://nixos.org/"
DOCUMENTATION_URL="https://nixos.org/nixos/manual/index.html"

19
nixos/modules/module-list.nix
View File

@ -1,9 +1,7 @@
[
./config/debug-info.nix
./config/fonts/corefonts.nix
./config/fonts/fontconfig.nix
./config/fonts/fontconfig-penultimate.nix
./config/fonts/fontconfig-ultimate.nix
./config/fonts/fontdir.nix
./config/fonts/fonts.nix
./config/fonts/ghostscript.nix
@ -13,6 +11,7 @@
./config/xdg/mime.nix
./config/xdg/portal.nix
./config/appstream.nix
./config/console.nix
./config/xdg/sounds.nix
./config/gtk/gtk-icon-cache.nix
./config/gnu.nix
@ -37,7 +36,6 @@
./config/terminfo.nix
./config/unix-odbc-drivers.nix
./config/users-groups.nix
./config/vpnc.nix
./config/vte.nix
./config/zram.nix
./hardware/acpilight.nix
@ -257,8 +255,6 @@
./services/continuous-integration/jenkins/default.nix
./services/continuous-integration/jenkins/job-builder.nix
./services/continuous-integration/jenkins/slave.nix
./services/databases/4store-endpoint.nix
./services/databases/4store.nix
./services/databases/aerospike.nix
./services/databases/cassandra.nix
./services/databases/clickhouse.nix
@ -310,6 +306,7 @@
./services/desktops/gnome3/sushi.nix
./services/desktops/gnome3/tracker.nix
./services/desktops/gnome3/tracker-miners.nix
./services/desktops/neard.nix
./services/desktops/profile-sync-daemon.nix
./services/desktops/system-config-printer.nix
./services/desktops/telepathy.nix
@ -318,6 +315,7 @@
./services/development/bloop.nix
./services/development/hoogle.nix
./services/development/jupyter/default.nix
./services/development/lorri.nix
./services/editors/emacs.nix
./services/editors/infinoted.nix
./services/games/factorio.nix
@ -446,6 +444,7 @@
./services/misc/logkeys.nix
./services/misc/leaps.nix
./services/misc/lidarr.nix
./services/misc/mame.nix
./services/misc/mathics.nix
./services/misc/matrix-synapse.nix
./services/misc/mbpfan.nix
@ -520,7 +519,6 @@
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
./services/monitoring/netdata.nix
./services/monitoring/osquery.nix
./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/prometheus/exporters.nix
@ -540,7 +538,6 @@
./services/monitoring/zabbix-agent.nix
./services/monitoring/zabbix-proxy.nix
./services/monitoring/zabbix-server.nix
./services/network-filesystems/beegfs.nix
./services/network-filesystems/cachefilesd.nix
./services/network-filesystems/davfs2.nix
./services/network-filesystems/drbd.nix
@ -561,6 +558,7 @@
./services/network-filesystems/yandex-disk.nix
./services/network-filesystems/xtreemfs.nix
./services/network-filesystems/ceph.nix
./services/networking/3proxy.nix
./services/networking/amuled.nix
./services/networking/aria2.nix
./services/networking/asterisk.nix
@ -620,7 +618,6 @@
./services/networking/iodine.nix
./services/networking/iperf3.nix
./services/networking/ircd-hybrid/default.nix
./services/networking/jormungandr.nix
./services/networking/iwd.nix
./services/networking/keepalived/default.nix
./services/networking/keybase.nix
@ -698,6 +695,7 @@
./services/networking/sniproxy.nix
./services/networking/smokeping.nix
./services/networking/softether.nix
./services/networking/spacecookie.nix
./services/networking/spiped.nix
./services/networking/squid.nix
./services/networking/sslh.nix
@ -726,6 +724,7 @@
./services/networking/tvheadend.nix
./services/networking/unbound.nix
./services/networking/unifi.nix
./services/networking/v2ray.nix
./services/networking/vsftpd.nix
./services/networking/wakeonlan.nix
./services/networking/websockify.nix
@ -817,6 +816,7 @@
./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix
./services/web-apps/trilium.nix
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix
./services/web-apps/virtlyst.nix
@ -844,6 +844,7 @@
./services/web-servers/shellinabox.nix
./services/web-servers/tomcat.nix
./services/web-servers/traefik.nix
./services/web-servers/ttyd.nix
./services/web-servers/uwsgi.nix
./services/web-servers/varnish/default.nix
./services/web-servers/zope2.nix
@ -870,6 +871,7 @@
./services/x11/hardware/digimend.nix
./services/x11/hardware/cmt.nix
./services/x11/gdk-pixbuf.nix
./services/x11/imwheel.nix
./services/x11/redshift.nix
./services/x11/urxvtd.nix
./services/x11/window-managers/awesome.nix
@ -940,7 +942,6 @@
./tasks/filesystems/vfat.nix
./tasks/filesystems/xfs.nix
./tasks/filesystems/zfs.nix
./tasks/kbd.nix
./tasks/lvm.nix
./tasks/network-interfaces.nix
./tasks/network-interfaces-systemd.nix

2
nixos/modules/profiles/graphical.nix
View File

@ -9,14 +9,12 @@
displayManager.sddm.enable = true;
desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
};
libinput.enable = true; # for touchpad support on many laptops
};
# Enable sound in virtualbox appliances.
hardware.pulseaudio.enable = true;
hardware.pulseaudio.systemWide = true; # Needed since we run plasma as root.
environment.systemPackages = [ pkgs.glxinfo pkgs.firefox ];
}

3
nixos/modules/programs/adb.nix
View File

@ -23,7 +23,8 @@ with lib;
###### implementation
config = mkIf config.programs.adb.enable {
services.udev.packages = [ pkgs.android-udev-rules ];
environment.systemPackages = [ pkgs.androidenv.androidPkgs_9_0.platform-tools ];
# Give platform-tools lower priority so mke2fs+friends are taken from other packages first
environment.systemPackages = [ (lowPrio pkgs.androidenv.androidPkgs_9_0.platform-tools) ];
users.groups.adbusers = {};
};
}

4
nixos/modules/programs/bash/bash.nix
View File

@ -40,6 +40,10 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
];
options = {
programs.bash = {

6
nixos/modules/programs/dconf.nix
View File

@ -32,13 +32,13 @@ in
environment.etc = optionals (cfg.profiles != {})
(mapAttrsToList mkDconfProfile cfg.profiles);
services.dbus.packages = [ pkgs.gnome3.dconf ];
services.dbus.packages = [ pkgs.dconf ];
# For dconf executable
environment.systemPackages = [ pkgs.gnome3.dconf ];
environment.systemPackages = [ pkgs.dconf ];
# Needed for unwrapped applications
environment.variables.GIO_EXTRA_MODULES = mkIf cfg.enable [ "${pkgs.gnome3.dconf.lib}/lib/gio/modules" ];
environment.variables.GIO_EXTRA_MODULES = mkIf cfg.enable [ "${pkgs.dconf.lib}/lib/gio/modules" ];
};
}

2
nixos/modules/programs/nm-applet.nix
View File

@ -10,5 +10,7 @@
partOf = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${pkgs.networkmanagerapplet}/bin/nm-applet";
};
services.dbus.packages = [ pkgs.gcr ];
};
}

171
nixos/modules/programs/oblogout.nix
View File

@ -1,176 +1,11 @@
# Global configuration for oblogout.
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.programs.oblogout;
in
{
###### interface
options = {
imports = [
(mkRemovedOptionModule [ "programs" "oblogout" ] "programs.oblogout has been removed from NixOS. This is because the oblogout repository has been archived upstream.")
];
programs.oblogout = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to install OBLogout and create <filename>/etc/oblogout.conf</filename>.
See <filename>${pkgs.oblogout}/share/doc/README</filename>.
'';
};
opacity = mkOption {
type = types.int;
default = 70;
description = ''
Opacity percentage of Cairo rendered backgrounds.
'';
};
bgcolor = mkOption {
type = types.str;
default = "black";
description = ''
Colour name or hex code (#ffffff) of the background color.
'';
};
buttontheme = mkOption {
type = types.str;
default = "simplistic";
description = ''
Icon theme for the buttons, must be in the themes folder of
the package, or in
<filename>~/.themes/&lt;name&gt;/oblogout/</filename>.
'';
};
buttons = mkOption {
type = types.str;
default = "cancel, logout, restart, shutdown, suspend, hibernate";
description = ''
List and order of buttons to show.
'';
};
cancel = mkOption {
type = types.str;
default = "Escape";
description = ''
Cancel logout/shutdown shortcut.
'';
};
shutdown = mkOption {
type = types.str;
default = "S";
description = ''
Shutdown shortcut.
'';
};
restart = mkOption {
type = types.str;
default = "R";
description = ''
Restart shortcut.
'';
};
suspend = mkOption {
type = types.str;
default = "U";
description = ''
Suspend shortcut.
'';
};
logout = mkOption {
type = types.str;
default = "L";
description = ''
Logout shortcut.
'';
};
lock = mkOption {
type = types.str;
default = "K";
description = ''
Lock session shortcut.
'';
};
hibernate = mkOption {
type = types.str;
default = "H";
description = ''
Hibernate shortcut.
'';
};
clogout = mkOption {
type = types.str;
default = "openbox --exit";
description = ''
Command to logout.
'';
};
clock = mkOption {
type = types.str;
default = "";
description = ''
Command to lock screen.
'';
};
cswitchuser = mkOption {
type = types.str;
default = "";
description = ''
Command to switch user.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.oblogout ];
environment.etc."oblogout.conf".text = ''
[settings]
usehal = false
[looks]
opacity = ${toString cfg.opacity}
bgcolor = ${cfg.bgcolor}
buttontheme = ${cfg.buttontheme}
buttons = ${cfg.buttons}
[shortcuts]
cancel = ${cfg.cancel}
shutdown = ${cfg.shutdown}
restart = ${cfg.restart}
suspend = ${cfg.suspend}
logout = ${cfg.logout}
lock = ${cfg.lock}
hibernate = ${cfg.hibernate}
[commands]
shutdown = systemctl poweroff
restart = systemctl reboot
suspend = systemctl suspend
hibernate = systemctl hibernate
logout = ${cfg.clogout}
lock = ${cfg.clock}
switchuser = ${cfg.cswitchuser}
'';
};
}

2
nixos/modules/programs/ssh.nix
View File

@ -251,7 +251,7 @@ in
ExecStart =
"${cfg.package}/bin/ssh-agent " +
optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") +
optionalString (cfg.agentPKCS11Whitelist != null) ("-P ${cfg.agentPKCS11Whitelist} ")
optionalString (cfg.agentPKCS11Whitelist != null) ("-P ${cfg.agentPKCS11Whitelist} ") +
"-a %t/ssh-agent";
StandardOutput = "null";
Type = "forking";

19
nixos/modules/programs/ssmtp.nix
View File

@ -8,18 +8,21 @@
with lib;
let
cfg = config.networking.defaultMailServer;
cfg = config.services.ssmtp;
in
{
imports = [
(mkRenamedOptionModule [ "networking" "defaultMailServer" ] [ "services" "ssmtp" ])
(mkRenamedOptionModule [ "services" "ssmtp" "directDelivery" ] [ "services" "ssmtp" "enable" ])
];
options = {
networking.defaultMailServer = {
services.ssmtp = {
directDelivery = mkOption {
enable = mkOption {
type = types.bool;
default = false;
description = ''
@ -29,7 +32,7 @@ in
<command>sendmail</command> or <command>postfix</command> on
your machine, set this option to <literal>true</literal>, and
set the option
<option>networking.defaultMailServer.hostName</option> to the
<option>services.ssmtp.hostName</option> to the
host name of your preferred mail server.
'';
};
@ -129,9 +132,9 @@ in
};
config = mkIf cfg.directDelivery {
config = mkIf cfg.enable {
networking.defaultMailServer.authPassFile = mkIf (cfg.authPass != "")
services.ssmtp.authPassFile = mkIf (cfg.authPass != "")
(mkDefault (toString (pkgs.writeTextFile {
name = "ssmtp-authpass";
text = cfg.authPass;

66
nixos/modules/programs/sway.nix
View File

@ -4,26 +4,32 @@ with lib;
let
cfg = config.programs.sway;
swayPackage = pkgs.sway;
swayWrapped = pkgs.writeShellScriptBin "sway" ''
set -o errexit
wrapperOptions = types.submodule {
options =
let
mkWrapperFeature = default: description: mkOption {
type = types.bool;
inherit default;
example = !default;
description = "Whether to make use of the ${description}";
};
in {
base = mkWrapperFeature true ''
base wrapper to execute extra session commands and prepend a
dbus-run-session to the sway command.
'';
gtk = mkWrapperFeature false ''
wrapGAppsHook wrapper to execute sway with required environment
variables for GTK applications.
'';
};
};
if [ ! "$_SWAY_WRAPPER_ALREADY_EXECUTED" ]; then
export _SWAY_WRAPPER_ALREADY_EXECUTED=1
${cfg.extraSessionCommands}
fi
if [ "$DBUS_SESSION_BUS_ADDRESS" ]; then
export DBUS_SESSION_BUS_ADDRESS
exec ${swayPackage}/bin/sway "$@"
else
exec ${pkgs.dbus}/bin/dbus-run-session ${swayPackage}/bin/sway "$@"
fi
'';
swayJoined = pkgs.symlinkJoin {
name = "sway-joined";
paths = [ swayWrapped swayPackage ];
swayPackage = pkgs.sway.override {
extraSessionCommands = cfg.extraSessionCommands;
withBaseWrapper = cfg.wrapperFeatures.base;
withGtkWrapper = cfg.wrapperFeatures.gtk;
};
in {
options.programs.sway = {
@ -35,6 +41,15 @@ in {
Please have a look at the "extraSessionCommands" example for running
programs natively under Wayland'';
wrapperFeatures = mkOption {
type = wrapperOptions;
default = { };
example = { gtk = true; };
description = ''
Attribute set of features to enable in the wrapper.
'';
};
extraSessionCommands = mkOption {
type = types.lines;
default = "";
@ -55,7 +70,7 @@ in {
extraPackages = mkOption {
type = with types; listOf package;
default = with pkgs; [
swaylock swayidle swaybg
swaylock swayidle
xwayland rxvt_unicode dmenu
];
defaultText = literalExample ''
@ -75,8 +90,17 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.extraSessionCommands != "" -> cfg.wrapperFeatures.base;
message = ''
The extraSessionCommands for Sway will not be run if
wrapperFeatures.base is disabled.
'';
}
];
environment = {
systemPackages = [ swayJoined ] ++ cfg.extraPackages;
systemPackages = [ swayPackage ] ++ cfg.extraPackages;
etc = {
"sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config";
#"sway/security.d".source = mkOptionDefault "${swayPackage}/etc/sway/security.d/";
@ -87,6 +111,8 @@ in {
hardware.opengl.enable = mkDefault true;
fonts.enableDefaultFonts = mkDefault true;
programs.dconf.enable = mkDefault true;
# To make a Sway session available if a display manager like SDDM is enabled:
services.xserver.displayManager.sessionPackages = [ swayPackage ];
};
meta.maintainers = with lib.maintainers; [ gnidorah primeos colemickens ];

7
nixos/modules/programs/zsh/oh-my-zsh.nix
View File

@ -29,6 +29,13 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "enable" ] [ "programs" "zsh" "ohMyZsh" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "theme" ] [ "programs" "zsh" "ohMyZsh" "theme" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "custom" ] [ "programs" "zsh" "ohMyZsh" "custom" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "plugins" ] [ "programs" "zsh" "ohMyZsh" "plugins" ])
];
options = {
programs.zsh.ohMyZsh = {
enable = mkOption {

4
nixos/modules/programs/zsh/zsh-autosuggestions.nix
View File

@ -6,6 +6,10 @@ let
cfg = config.programs.zsh.autosuggestions;
in
{
imports = [
(mkRenamedOptionModule [ "programs" "zsh" "enableAutosuggestions" ] [ "programs" "zsh" "autosuggestions" "enable" ])
];
options.programs.zsh.autosuggestions = {
enable = mkEnableOption "zsh-autosuggestions";

11
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
View File

@ -6,6 +6,13 @@ let
cfg = config.programs.zsh.syntaxHighlighting;
in
{
imports = [
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "enable" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "highlighters" ] [ "programs" "zsh" "syntaxHighlighting" "highlighters" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "patterns" ] [ "programs" "zsh" "syntaxHighlighting" "patterns" ])
];
options = {
programs.zsh.syntaxHighlighting = {
enable = mkEnableOption "zsh-syntax-highlighting";
@ -81,7 +88,7 @@ in
];
programs.zsh.interactiveShellInit = with pkgs;
lib.concatStringsSep "\n" ([
lib.mkAfter (lib.concatStringsSep "\n" ([
"source ${zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
] ++ optional (length(cfg.highlighters) > 0)
"ZSH_HIGHLIGHT_HIGHLIGHTERS=(${concatStringsSep " " cfg.highlighters})"
@ -95,6 +102,6 @@ in
styles: design:
"ZSH_HIGHLIGHT_STYLES[${styles}]='${design}'"
) cfg.styles)
);
));
};
}

296
nixos/modules/rename.nix
View File

@ -4,292 +4,30 @@ with lib;
{
imports = [
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
(config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
in if enabled then [ pkgs.gutenprint ] else [ ]))
(mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ]
(config:
let value = getAttrFromPath [ "services" "ddclient" "domain" ] config;
in if value != "" then [ value ] else []))
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
(mkRenamedOptionModule [ "services" "flatpak" "extraPortals" ] [ "xdg" "portal" "extraPortals" ])
(mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "port" ] ["services" "kubernetes" "apiserver" "insecurePort"])
(mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "")
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
(mkRenamedOptionModule [ "services" "kubernetes" "controllerManager" "address" ] ["services" "kubernetes" "controllerManager" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "controllerManager" "port" ] ["services" "kubernetes" "controllerManager" "insecurePort"])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "servers" ] [ "services" "kubernetes" "apiserver" "etcd" "servers" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "keyFile" ] [ "services" "kubernetes" "apiserver" "etcd" "keyFile" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "certFile" ] [ "services" "kubernetes" "apiserver" "etcd" "certFile" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "caFile" ] [ "services" "kubernetes" "apiserver" "etcd" "caFile" ])
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "applyManifests" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "")
(mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"])
(mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ])
(mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ])
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "configFile" ] "The configuration of nzbget is now managed by users through the web interface.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "dataDir" ] "The data directory for nzbget is now /var/lib/nzbget.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "openFirewall" ] "The port used by nzbget is managed through the web interface so you should adjust your firewall rules accordingly.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanagerURL" ] ''
Due to incompatibility, the alertmanagerURL option has been removed,
please use 'services.prometheus2.alertmanagers' instead.
'')
(mkRenamedOptionModule [ "services" "prometheus2" ] [ "services" "prometheus" ])
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
/*
This file defines some renaming/removing options for backwards compatibility
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ] "")
(mkRenamedOptionModule [ "services" "clamav" "updater" "config" ] [ "services" "clamav" "updater" "extraConfig" ])
(mkRemovedOptionModule [ "services" "pykms" "verbose" ] "Use services.pykms.logLevel instead")
(mkRemovedOptionModule [ "security" "setuidOwners" ] "Use security.wrappers instead")
(mkRemovedOptionModule [ "security" "setuidPrograms" ] "Use security.wrappers instead")
(mkRenamedOptionModule [ "security" "virtualization" "flushL1DataCache" ] [ "security" "virtualisation" "flushL1DataCache" ])
# PAM
(mkRenamedOptionModule [ "security" "pam" "enableU2F" ] [ "security" "pam" "u2f" "enable" ])
# rmilter/rspamd
(mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service")
# Xsession script
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "xserver" "displayManager" "job" "logToFile" ])
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "xserver" "displayManager" "job" "logToJournal" ])
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "loader" "grub" "timeout" ] [ "boot" "loader" "timeout" ])
(mkRenamedOptionModule [ "boot" "loader" "gummiboot" "timeout" ] [ "boot" "loader" "timeout" ])
# OpenSSH
(mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
(mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
# libvirtd
(mkRemovedOptionModule [ "virtualisation" "libvirtd" "enableKVM" ]
"Set the option `virtualisation.libvirtd.qemuPackage' instead.")
# ibus
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
# sandboxing
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
It should ONLY be used when the relevant module can't define these imports
itself, such as when the module was removed completely.
See https://github.com/NixOS/nixpkgs/pull/61570 for explanation
*/
# This alias module can't be where _module.check is defined because it would
# be added to submodules as well there
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
# opendkim
(mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ])
# Enlightenment
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])
# Iodine
(mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ])
(mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ])
(mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ])
(mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ])
(mkRemovedOptionModule [ "services" "iodined" "client" ] "")
# Unity3D
(mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ])
# murmur
(mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ])
(mkRemovedOptionModule [ "services" "murmur" "pidfile" ] "Hardcoded to /run/murmur/murmurd.pid now")
# parsoid
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] "Use services.parsoid.wikis instead")
# plexpy / tautulli
(mkRenamedOptionModule [ "services" "plexpy" ] [ "services" "tautulli" ])
# piwik was renamed to matomo
(mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ])
(mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ])
(mkRemovedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools.<name>.settings")
(mkRemovedOptionModule [ "services" "matomo" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools.<name>.settings")
(mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ])
# tarsnap
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")
# alsa
(mkRenamedOptionModule [ "sound" "enableMediaKeys" ] [ "sound" "mediaKeys" "enable" ])
# postgrey
(mkMergedOptionModule [ [ "services" "postgrey" "inetAddr" ] [ "services" "postgrey" "inetPort" ] ] [ "services" "postgrey" "socket" ] (config: let
value = p: getAttrFromPath p config;
inetAddr = [ "services" "postgrey" "inetAddr" ];
inetPort = [ "services" "postgrey" "inetPort" ];
in
if value inetAddr == null
then { path = "/run/postgrey.sock"; }
else { addr = value inetAddr; port = value inetPort; }
))
# dhcpd
(mkRenamedOptionModule [ "services" "dhcpd" ] [ "services" "dhcpd4" ])
# locate
(mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ])
(mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths" )
# nfs
(mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ])
(mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ])
# KDE Plasma 5
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "kde5" ] [ "services" "xserver" "desktopManager" "plasma5" ])
# Fontconfig
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "fonts" "fontconfig" "allowBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowType1" ] [ "fonts" "fontconfig" "allowType1" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "fonts" "fontconfig" "useEmbeddedBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "fonts" "fontconfig" "forceAutohint" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
# postgresqlBackup
(mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] ''
A systemd timer is now used instead of cron.
The starting time can be configured via <literal>services.postgresqlBackup.startAt</literal>.
'')
# phpfpm
(mkRemovedOptionModule [ "services" "phpfpm" "poolConfigs" ] "Use services.phpfpm.pools instead.")
# zabbixServer
(mkRenamedOptionModule [ "services" "zabbixServer" "dbServer" ] [ "services" "zabbixServer" "database" "host" ])
# Profile splitting
(mkRenamedOptionModule [ "virtualisation" "growPartition" ] [ "boot" "growPartition" ])
# misc/version.nix
(mkRenamedOptionModule [ "system" "nixosVersion" ] [ "system" "nixos" "version" ])
(mkRenamedOptionModule [ "system" "nixosVersionSuffix" ] [ "system" "nixos" "versionSuffix" ])
(mkRenamedOptionModule [ "system" "nixosRevision" ] [ "system" "nixos" "revision" ])
(mkRenamedOptionModule [ "system" "nixosLabel" ] [ "system" "nixos" "label" ])
# Users
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
(mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
# Options that are obsolete and have no replacement.
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "")
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
(mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "")
(mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ] "")
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ] "")
(mkRemovedOptionModule [ "ec2" "metadata" ] "")
(mkRemovedOptionModule [ "services" "openvpn" "enable" ] "")
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ] "")
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ] "")
(mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.")
(mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.")
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]
"See the 16.09 release notes for more information.")
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "")
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
# Completely removed modules
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "")
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ]
"Set the option `services.xserver.displayManager.sddm.package' instead.")
(mkRemovedOptionModule [ "services" "xserver" "desktopManager" "xfce" "screenLock" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
(mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.")
(mkRemovedOptionModule [ "services" "logstash" "enableWeb" ] "The web interface was removed from logstash")
(mkRemovedOptionModule [ "boot" "zfs" "enableLegacyCrypto" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd")
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "enable" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "highlighters" ] [ "programs" "zsh" "syntaxHighlighting" "highlighters" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "patterns" ] [ "programs" "zsh" "syntaxHighlighting" "patterns" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "enable" ] [ "programs" "zsh" "ohMyZsh" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "theme" ] [ "programs" "zsh" "ohMyZsh" "theme" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "custom" ] [ "programs" "zsh" "ohMyZsh" "custom" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "plugins" ] [ "programs" "zsh" "ohMyZsh" "plugins" ])
(mkRenamedOptionModule [ "programs" "zsh" "enableAutosuggestions" ] [ "programs" "zsh" "autosuggestions" "enable" ])
# Xen
(mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ])
(mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ])
(mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ])
(mkRenamedOptionModule [ "services" "nixosManual" "enable" ] [ "documentation" "nixos" "enable" ])
# ckb
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
# ACME
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
# KSM
(mkRenamedOptionModule [ "hardware" "enableKSM" ] [ "hardware" "ksm" "enable" ])
# resolvconf
(mkRenamedOptionModule [ "networking" "dnsSingleRequest" ] [ "networking" "resolvconf" "dnsSingleRequest" ])
(mkRenamedOptionModule [ "networking" "dnsExtensionMechanism" ] [ "networking" "resolvconf" "dnsExtensionMechanism" ])
(mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ])
(mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ])
# BLCR
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "environment.blcr.enable" ] "The BLCR module has been removed")
(mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services.fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services.fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]
(opt: mkRemovedOptionModule [ "services" "prometheus" "${opt}" ] ''
The prometheus exporters are now configured using `services.prometheus.exporters'.
See the 18.03 release notes for more information.
'' ));
# Do NOT add any option renames here, see top of the file
];
}

13
nixos/modules/security/acme.nix
View File

@ -127,6 +127,9 @@ in
"https://acme-staging-v02.api.letsencrypt.org/directory".
''
)
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
];
options = {
security.acme = {
@ -224,6 +227,12 @@ in
environment.REQUESTS_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt";
serviceConfig = {
Type = "oneshot";
# With RemainAfterExit the service is considered active even
# after the main process having exited, which means when it
# gets changed, the activation phase restarts it, meaning
# the permissions of the StateDirectory get adjusted
# according to the specified group
RemainAfterExit = true;
SuccessExitStatus = [ "0" "1" ];
User = data.user;
Group = data.group;
@ -232,9 +241,9 @@ in
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
ExecStopPost =
ExecStartPost =
let
script = pkgs.writeScript "acme-post-stop" ''
script = pkgs.writeScript "acme-post-start" ''
#!${pkgs.runtimeShell} -e
${data.postRun}
'';

3
nixos/modules/security/apparmor-suid.nix
View File

@ -4,6 +4,9 @@ let
in
with lib;
{
imports = [
(mkRenamedOptionModule [ "security" "virtualization" "flushL1DataCache" ] [ "security" "virtualisation" "flushL1DataCache" ])
];
options.security.apparmor.confineSUIDApplications = mkOption {
default = true;

Some files were not shown because too many files have changed in this diff Show More