Merge branch 'master' of github.com:nixos/nixpkgs into pleasant-ruby
Conflicts: pkgs/applications/version-management/redmine/default.nix pkgs/development/interpreters/ruby/gem.nix pkgs/development/interpreters/ruby/generated.nix pkgs/development/interpreters/ruby/patches.nix pkgs/development/tools/vagrant/default.nix pkgs/servers/consul/default.nix
This commit is contained in:
commit
145733c479
16
README.md
16
README.md
|
@ -1,10 +1,10 @@
|
||||||
Nixpkgs is a collection of packages for [Nix](http://nixos.org/nix/) package
|
Nixpkgs is a collection of packages for [Nix](https://nixos.org/nix/) package
|
||||||
manager. Nixpkgs also includes [NixOS](http://nixos.org/nixos/) linux distribution source code.
|
manager. Nixpkgs also includes [NixOS](https://nixos.org/nixos/) linux distribution source code.
|
||||||
|
|
||||||
* [NixOS installation instructions](http://nixos.org/nixos/manual/#ch-installation)
|
* [NixOS installation instructions](https://nixos.org/nixos/manual/#ch-installation)
|
||||||
* [Manual (How to write packages for Nix)](http://nixos.org/nixpkgs/manual/)
|
* [Manual (How to write packages for Nix)](https://nixos.org/nixpkgs/manual/)
|
||||||
* [Manual (NixOS)](http://nixos.org/nixos/manual/)
|
* [Manual (NixOS)](https://nixos.org/nixos/manual/)
|
||||||
* [Continuous build](http://hydra.nixos.org/jobset/nixos/trunk-combined)
|
* [Continuous build](https://hydra.nixos.org/jobset/nixos/trunk-combined)
|
||||||
* [Tests](http://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
|
* [Tests](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
|
||||||
* [Mailing list](http://lists.science.uu.nl/mailman/listinfo/nix-dev)
|
* [Mailing list](https://lists.science.uu.nl/mailman/listinfo/nix-dev)
|
||||||
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
|
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
|
||||||
|
|
|
@ -10,9 +10,7 @@
|
||||||
|
|
||||||
<listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
|
<listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
|
||||||
|
|
||||||
<listitem><para><command>$ cd nixpkgs/pkgs/top-level</command></para></listitem>
|
<listitem><para><command>$ nix-build -A manual nixpkgs/pkgs/top-level/release.nix</command></para></listitem>
|
||||||
|
|
||||||
<listitem><para><command>$ nix-build -A tarball release.nix</command></para></listitem>
|
|
||||||
|
|
||||||
<listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
|
<listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
|
||||||
|
|
||||||
|
|
|
@ -108,7 +108,7 @@ a <varname>preConfigure</varname> hook to generate a configuration
|
||||||
file used by <filename>Makefile.PL</filename>:
|
file used by <filename>Makefile.PL</filename>:
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{buildPerlPackage, fetchurl, db}:
|
{ buildPerlPackage, fetchurl, db }:
|
||||||
|
|
||||||
buildPerlPackage rec {
|
buildPerlPackage rec {
|
||||||
name = "BerkeleyDB-0.36";
|
name = "BerkeleyDB-0.36";
|
||||||
|
@ -191,45 +191,424 @@ you need it.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
<section><title>Python</title>
|
<section xml:id="python"><title>Python</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Currently supported interpreters are <varname>python26</varname>, <varname>python27</varname>,
|
||||||
|
<varname>python32</varname>, <varname>python33</varname>, <varname>python34</varname>
|
||||||
|
and <varname>pypy</varname>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
<varname>python</varname> is an alias of <varname>python27</varname> and <varname>python3</varname> is an alias of <varname>python34</varname>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
<varname>python26</varname> and <varname>python27</varname> do not include modules that require
|
||||||
|
external dependencies (to reduce dependency bloat). Following modules need to be added as
|
||||||
|
<varname>buildInput</varname> explicitly:
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem><para><varname>python.modules.bsddb</varname></para></listitem>
|
||||||
|
<listitem><para><varname>python.modules.curses</varname></para></listitem>
|
||||||
|
<listitem><para><varname>python.modules.curses_panel</varname></para></listitem>
|
||||||
|
<listitem><para><varname>python.modules.crypt</varname></para></listitem>
|
||||||
|
<listitem><para><varname>python.modules.gdbm</varname></para></listitem>
|
||||||
|
<listitem><para><varname>python.modules.sqlite3</varname></para></listitem>
|
||||||
|
<listitem><para><varname>python.modules.tkinter</varname></para></listitem>
|
||||||
|
<listitem><para><varname>python.modules.readline</varname></para></listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>For convenience <varname>python27Full</varname> and <varname>python26Full</varname>
|
||||||
|
are provided with all modules included.</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Python packages that
|
Python packages that
|
||||||
use <link xlink:href="http://pypi.python.org/pypi/setuptools/"><literal>setuptools</literal></link>,
|
use <link xlink:href="http://pypi.python.org/pypi/setuptools/"><literal>setuptools</literal></link> or <literal>distutils</literal>,
|
||||||
which many Python packages do nowadays, can be built very simply using
|
can be built using the <varname>buildPythonPackage</varname> function as documented below.
|
||||||
the <varname>buildPythonPackage</varname> function. This function is
|
|
||||||
implemented
|
|
||||||
in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/python-modules/generic/default.nix"><filename>pkgs/development/python-modules/generic/default.nix</filename></link>
|
|
||||||
and works similarly to <varname>buildPerlPackage</varname>. (See
|
|
||||||
<xref linkend="ssec-language-perl"/> for details.)
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Python packages that use <varname>buildPythonPackage</varname> are
|
All packages depending on any Python interpreter get appended <varname>$out/${python.libPrefix}/site-packages</varname>
|
||||||
defined
|
to <literal>$PYTHONPATH</literal> if such directory exists.
|
||||||
in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/python-packages.nix"><filename>pkgs/top-level/python-packages.nix</filename></link>.
|
|
||||||
Most of them are simple. For example:
|
|
||||||
|
|
||||||
<programlisting>
|
|
||||||
twisted = buildPythonPackage {
|
|
||||||
name = "twisted-8.1.0";
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
|
|
||||||
sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
|
|
||||||
};
|
|
||||||
|
|
||||||
propagatedBuildInputs = [ pkgs.ZopeInterface ];
|
|
||||||
|
|
||||||
meta = {
|
|
||||||
homepage = http://twistedmatrix.com/;
|
|
||||||
description = "Twisted, an event-driven networking engine written in Python";
|
|
||||||
license = "MIT";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
</programlisting>
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<title>
|
||||||
|
Useful attributes on interpreters packages:
|
||||||
|
</title>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>libPrefix</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Name of the folder in <literal>${python}/lib/</literal> for corresponding interpreter.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>interpreter</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Alias for <literal>${python}/bin/${executable}.</literal>
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>buildEnv</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Function to build python interpreter environments with extra packages bundled together.
|
||||||
|
See <xref linkend="python-build-env" /> for usage and documentation.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>sitePackages</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Alias for <literal>lib/${libPrefix}/site-packages</literal>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>executable</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Name of the interpreter executable, ie <literal>python3.4</literal>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
<section xml:id="build-python-package"><title><varname>buildPythonPackage</varname> function</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The function is implemented in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/python-modules/generic/default.nix">
|
||||||
|
<filename>pkgs/development/python-modules/generic/default.nix</filename></link>.
|
||||||
|
Example usage:
|
||||||
|
|
||||||
|
<programlisting language="nix">
|
||||||
|
twisted = buildPythonPackage {
|
||||||
|
name = "twisted-8.1.0";
|
||||||
|
|
||||||
|
src = pkgs.fetchurl {
|
||||||
|
url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
|
||||||
|
sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
|
||||||
|
};
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ self.ZopeInterface ];
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
homepage = http://twistedmatrix.com/;
|
||||||
|
description = "Twisted, an event-driven networking engine written in Python";
|
||||||
|
license = stdenv.lib.licenses.mit;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
Most of Python packages that use <varname>buildPythonPackage</varname> are defined
|
||||||
|
in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/python-packages.nix"><filename>pkgs/top-level/python-packages.nix</filename></link>
|
||||||
|
and generated for each python interpreter separately into attribute sets <varname>python26Packages</varname>,
|
||||||
|
<varname>python27Packages</varname>, <varname>python32Packages</varname>, <varname>python33Packages</varname>,
|
||||||
|
<varname>python34Packages</varname> and <varname>pypyPackages</varname>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
<function>buildPythonPackage</function> mainly does four things:
|
||||||
|
|
||||||
|
<orderedlist>
|
||||||
|
<listitem><para>
|
||||||
|
In the <varname>configurePhase</varname>, it patches
|
||||||
|
<literal>setup.py</literal> to always include setuptools before
|
||||||
|
distutils for monkeypatching machinery to take place.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
In the <varname>buildPhase</varname>, it calls
|
||||||
|
<literal>${python.interpreter} setup.py build ...</literal>
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
In the <varname>installPhase</varname>, it calls
|
||||||
|
<literal>${python.interpreter} setup.py install ...</literal>
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
In the <varname>postFixup</varname> phase, <literal>wrapPythonPrograms</literal>
|
||||||
|
bash function is called to wrap all programs in <filename>$out/bin/*</filename>
|
||||||
|
directory to include <literal>$PYTHONPATH</literal> and <literal>$PATH</literal>
|
||||||
|
environment variables.
|
||||||
|
</para></listitem>
|
||||||
|
</orderedlist>
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>By default <varname>doCheck = true</varname> is set and tests are run with
|
||||||
|
<literal>${python.interpreter} setup.py test</literal> command in <varname>checkPhase</varname>.</para>
|
||||||
|
|
||||||
|
<para><varname>propagatedBuildInputs</varname> packages are propagated to user environment.</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
By default <varname>meta.platforms</varname> is set to the same value
|
||||||
|
as the interpreter unless overriden otherwise.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<title>
|
||||||
|
<varname>buildPythonPackage</varname> parameters
|
||||||
|
(all parameters from <varname>mkDerivation</varname> function are still supported)
|
||||||
|
</title>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>namePrefix</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Prepended text to <varname>${name}</varname> parameter.
|
||||||
|
Defaults to <literal>"python3.3-"</literal> for Python 3.3, etc. Set it to
|
||||||
|
<literal>""</literal>
|
||||||
|
if you're packaging an application or a command line tool.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>disabled</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
If <varname>true</varname>, package is not build for
|
||||||
|
particular python interpreter version. Grep around
|
||||||
|
<filename>pkgs/top-level/python-packages.nix</filename>
|
||||||
|
for examples.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>setupPyInstallFlags</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
List of flags passed to <command>setup.py install</command> command.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>setupPyBuildFlags</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
List of flags passed to <command>setup.py build</command> command.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>pythonPath</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
List of packages to be added into <literal>$PYTHONPATH</literal>.
|
||||||
|
Packages in <varname>pythonPath</varname> are not propagated into user environment
|
||||||
|
(contrary to <varname>propagatedBuildInputs</varname>).
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>preShellHook</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Hook to execute commands before <varname>shellHook</varname>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>postShellHook</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Hook to execute commands after <varname>shellHook</varname>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>distutilsExtraCfg</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Extra lines passed to <varname>[easy_install]</varname> section of
|
||||||
|
<filename>distutils.cfg</filename> (acts as global setup.cfg
|
||||||
|
configuration).
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section xml:id="python-build-env"><title><function>python.buildEnv</function> function</title>
|
||||||
|
<para>
|
||||||
|
Create Python environments using low-level <function>pkgs.buildEnv</function> function. Example <filename>default.nix</filename>:
|
||||||
|
|
||||||
|
<programlisting language="nix">
|
||||||
|
<![CDATA[
|
||||||
|
with import <nixpkgs> {};
|
||||||
|
|
||||||
|
python.buildEnv.override {
|
||||||
|
extraLibs = [ pkgs.pythonPackages.pyramid ];
|
||||||
|
ignoreCollisions = true;
|
||||||
|
}
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
Running <command>nix-build</command> will create
|
||||||
|
<filename>/nix/store/cf1xhjwzmdki7fasgr4kz6di72ykicl5-python-2.7.8-env</filename>
|
||||||
|
with wrapped binaries in <filename>bin/</filename>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<title>
|
||||||
|
<function>python.buildEnv</function> arguments
|
||||||
|
</title>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>extraLibs</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
List of packages installed inside the environment.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>postBuild</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Shell command executed after the build of environment.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>ignoreCollisions</varname></term>
|
||||||
|
<listitem><para>
|
||||||
|
Ignore file collisions inside the environment (default is <varname>false</varname>).
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section xml:id="python-tools"><title>Tools</title>
|
||||||
|
|
||||||
|
<para>Packages inside nixpkgs are written by hand. However many tools
|
||||||
|
exist in community to help save time. No tool is preferred at the moment.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
<link xlink:href="https://github.com/proger/python2nix">python2nix</link>
|
||||||
|
by Vladimir Kirillov
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
<link xlink:href="https://github.com/garbas/pypi2nix">pypi2nix</link>
|
||||||
|
by Rok Garbas
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
<link xlink:href="https://github.com/offlinehacker/pypi2nix">pypi2nix</link>
|
||||||
|
by Jaka Hudoklin
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section xml:id="python-development"><title>Development</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
To develop Python packages <function>buildPythonPackage</function> has
|
||||||
|
additional logic inside <varname>shellPhase</varname> to run
|
||||||
|
<command>${python.interpreter} setup.py develop</command> for the package.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Given a <filename>default.nix</filename>:
|
||||||
|
|
||||||
|
<programlisting language="nix">
|
||||||
|
<![CDATA[
|
||||||
|
with import <nixpkgs> {};
|
||||||
|
|
||||||
|
buildPythonPackage {
|
||||||
|
name = "myproject";
|
||||||
|
|
||||||
|
buildInputs = with pkgs.pythonPackages; [ pyramid ];
|
||||||
|
|
||||||
|
src = ./.;
|
||||||
|
}
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
Running <command>nix-shell</command> with no arguments should give you
|
||||||
|
the environment in which the package would be build with
|
||||||
|
<command>nix-build</command>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Shortcut to setup environments with C headers/libraries and python packages:
|
||||||
|
|
||||||
|
<programlisting language="bash">$ nix-shell -p pythonPackages.pyramid zlib libjpeg git</programlisting>
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<note><para>
|
||||||
|
There is a boolean value <varname>lib.inNixShell</varname> set to
|
||||||
|
<varname>true</varname> if nix-shell is invoked.
|
||||||
|
</para></note>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section xml:id="python-faq"><title>FAQ</title>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>How to solve circular dependencies?</term>
|
||||||
|
<listitem><para>
|
||||||
|
If you have packages <varname>A</varname> and <varname>B</varname> that
|
||||||
|
depend on each other, when packaging <varname>B</varname> override package
|
||||||
|
<varname>A</varname> not to depend on <varname>B</varname> as input
|
||||||
|
(and also the other way around).
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>install_data / data_files</varname> problems resulting into <literal>error: could not create '/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8/etc': Permission denied</literal></term>
|
||||||
|
<listitem><para>
|
||||||
|
<link xlink:href="https://bitbucket.org/pypa/setuptools/issue/130/install_data-doesnt-respect-prefix">
|
||||||
|
Known bug in setuptools <varname>install_data</varname> does not respect --prefix</link>. Example of
|
||||||
|
such package using the feature is <filename>pkgs/tools/X11/xpra/default.nix</filename>. As workaround
|
||||||
|
install it as an extra <varname>preInstall</varname> step:
|
||||||
|
|
||||||
|
<programlisting>${python.interpreter} setup.py install_data --install-dir=$out --root=$out
|
||||||
|
sed -i '/ = data_files/d' setup.py</programlisting>
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>Rationale of non-existent global site-packages</term>
|
||||||
|
<listitem><para>
|
||||||
|
There is no need to have global site-packages in Nix. Each package has isolated
|
||||||
|
dependency tree and installing any python package will only populate <varname>$PATH</varname>
|
||||||
|
inside user environment. See <xref linkend="python-build-env" /> to create self-contained
|
||||||
|
interpreter with a set of packages.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
|
||||||
|
<section xml:id="python-contrib"><title>Contributing guidelines</title>
|
||||||
|
<para>
|
||||||
|
Following rules are desired to be respected:
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Make sure package builds for all python interpreters. Use <varname>disabled</varname> argument to
|
||||||
|
<function>buildPythonPackage</function> to set unsupported interpreters.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
If tests need to be disabled for a package, make sure you leave a comment about reasoning.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Packages in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/python-packages.nix"><filename>pkgs/top-level/python-packages.nix</filename></link>
|
||||||
|
are sorted quasi-alphabetically to avoid merge conflicts.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -184,10 +184,10 @@ if test "$noSysDirs" = "1"; then
|
||||||
if test "$noSysDirs" = "1"; then
|
if test "$noSysDirs" = "1"; then
|
||||||
# Figure out what extra flags to pass to the gcc compilers
|
# Figure out what extra flags to pass to the gcc compilers
|
||||||
# being generated to make sure that they use our glibc.
|
# being generated to make sure that they use our glibc.
|
||||||
if test -e $NIX_GCC/nix-support/orig-glibc; then
|
if test -e $NIX_CC/nix-support/orig-glibc; then
|
||||||
glibc=$(cat $NIX_GCC/nix-support/orig-glibc)
|
glibc=$(cat $NIX_CC/nix-support/orig-glibc)
|
||||||
# Ugh. Copied from gcc-wrapper/builder.sh. We can't just
|
# Ugh. Copied from gcc-wrapper/builder.sh. We can't just
|
||||||
# source in $NIX_GCC/nix-support/add-flags, since that
|
# source in $NIX_CC/nix-support/add-flags, since that
|
||||||
# would cause *this* GCC to be linked against the
|
# would cause *this* GCC to be linked against the
|
||||||
# *previous* GCC. Need some more modularity there.
|
# *previous* GCC. Need some more modularity there.
|
||||||
extraCFlags="-B$glibc/lib -isystem $glibc/include"
|
extraCFlags="-B$glibc/lib -isystem $glibc/include"
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
<?xml version="1.0"?>
|
|
||||||
|
|
||||||
<xsl:stylesheet
|
|
||||||
version="1.0"
|
|
||||||
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
|
||||||
xmlns:str="http://exslt.org/strings"
|
|
||||||
extension-element-prefixes="str">
|
|
||||||
|
|
||||||
<xsl:output method="xml"/>
|
|
||||||
|
|
||||||
<xsl:template match="function|command|literal|varname|filename|option|quote">`<xsl:apply-templates/>'</xsl:template>
|
|
||||||
|
|
||||||
<xsl:template match="token"><xsl:text> </xsl:text><xsl:apply-templates /><xsl:text>
|
|
||||||
</xsl:text></xsl:template>
|
|
||||||
|
|
||||||
<xsl:template match="screen|programlisting">
|
|
||||||
<screen><xsl:apply-templates select="str:split(., '
')" /></screen>
|
|
||||||
</xsl:template>
|
|
||||||
|
|
||||||
<xsl:template match="section[following::section]">
|
|
||||||
<section>
|
|
||||||
<xsl:apply-templates />
|
|
||||||
<screen><xsl:text>
|
|
||||||
</xsl:text></screen>
|
|
||||||
</section>
|
|
||||||
</xsl:template>
|
|
||||||
|
|
||||||
<xsl:template match="*">
|
|
||||||
<xsl:element name="{name(.)}" namespace="{namespace-uri(.)}">
|
|
||||||
<xsl:copy-of select="namespace::*" />
|
|
||||||
<xsl:for-each select="@*">
|
|
||||||
<xsl:attribute name="{name(.)}" namespace="{namespace-uri(.)}">
|
|
||||||
<xsl:value-of select="."/>
|
|
||||||
</xsl:attribute>
|
|
||||||
</xsl:for-each>
|
|
||||||
<xsl:apply-templates/>
|
|
||||||
</xsl:element>
|
|
||||||
</xsl:template>
|
|
||||||
|
|
||||||
<xsl:template match="text()">
|
|
||||||
<xsl:value-of select="translate(., '‘’“”—', concat("`'", '""-'))" />
|
|
||||||
</xsl:template>
|
|
||||||
|
|
||||||
</xsl:stylesheet>
|
|
|
@ -1120,12 +1120,9 @@ echo @foo@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>Python</term>
|
<term>Python</term>
|
||||||
<listitem><para>Adds the
|
<listitem><para>Adds the
|
||||||
<filename>lib/python2.5/site-packages</filename> subdirectory of
|
<filename>lib/${python.libPrefix}/site-packages</filename> subdirectory of
|
||||||
each build input to the <envar>PYTHONPATH</envar> environment
|
each build input to the <envar>PYTHONPATH</envar> environment
|
||||||
variable.</para>
|
variable.</para></listitem>
|
||||||
|
|
||||||
<note><para>This should be generalised: the Python version
|
|
||||||
shouldn’t be hard-coded.</para></note></listitem>
|
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
246
lib/licenses.nix
246
lib/licenses.nix
|
@ -1,314 +1,410 @@
|
||||||
let
|
let
|
||||||
|
|
||||||
|
lib = import ./default.nix;
|
||||||
|
|
||||||
spdx = lic: lic // {
|
spdx = lic: lic // {
|
||||||
url = "http://spdx.org/licenses/${lic.shortName}";
|
url = "http://spdx.org/licenses/${lic.spdxId}";
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
rec {
|
lib.mapAttrs (n: v: v // { shortName = n; }) rec {
|
||||||
/* License identifiers from spdx.org where possible.
|
/* License identifiers from spdx.org where possible.
|
||||||
* If you cannot find your license here, then look for a similar license or
|
* If you cannot find your license here, then look for a similar license or
|
||||||
* add it to this list. The URL mentioned above is a good source for inspiration.
|
* add it to this list. The URL mentioned above is a good source for inspiration.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
afl21 = spdx {
|
||||||
|
spdxId = "AFL-2.1";
|
||||||
|
fullName = "Academic Free License";
|
||||||
|
};
|
||||||
|
|
||||||
agpl3 = spdx {
|
agpl3 = spdx {
|
||||||
shortName = "AGPL-3.0";
|
spdxId = "AGPL-3.0";
|
||||||
fullName = "GNU Affero General Public License v3.0";
|
fullName = "GNU Affero General Public License v3.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
agpl3Plus = {
|
agpl3Plus = {
|
||||||
shortName = "AGPL-3.0+";
|
|
||||||
fullName = "GNU Affero General Public License v3.0 or later";
|
fullName = "GNU Affero General Public License v3.0 or later";
|
||||||
inherit (agpl3) url;
|
inherit (agpl3) url;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
amazonsl = {
|
||||||
|
fullName = "Amazon Software License";
|
||||||
|
url = http://aws.amazon.com/asl/;
|
||||||
|
free = false;
|
||||||
|
};
|
||||||
|
|
||||||
amd = {
|
amd = {
|
||||||
shortName = "amd";
|
|
||||||
fullName = "AMD License Agreement";
|
fullName = "AMD License Agreement";
|
||||||
url = http://developer.amd.com/amd-license-agreement/;
|
url = http://developer.amd.com/amd-license-agreement/;
|
||||||
};
|
};
|
||||||
|
|
||||||
apsl20 = spdx {
|
apsl20 = spdx {
|
||||||
shortName = "APSL-2.0";
|
spdxId = "APSL-2.0";
|
||||||
fullName = "Apple Public Source License 2.0";
|
fullName = "Apple Public Source License 2.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
artistic1 = spdx {
|
||||||
|
spdxId = "Artistic-1.0";
|
||||||
|
fullName = "Artistic License 1.0";
|
||||||
|
};
|
||||||
|
|
||||||
artistic2 = spdx {
|
artistic2 = spdx {
|
||||||
shortName = "Artistic-2.0";
|
spdxId = "Artistic-2.0";
|
||||||
fullName = "Artistic License 2.0";
|
fullName = "Artistic License 2.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
asl20 = spdx {
|
asl20 = spdx {
|
||||||
shortName = "Apache-2.0";
|
spdxId = "Apache-2.0";
|
||||||
fullName = "Apache License 2.0";
|
fullName = "Apache License 2.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
boost = spdx {
|
boost = spdx {
|
||||||
shortName = "BSL-1.0";
|
spdxId = "BSL-1.0";
|
||||||
fullName = "Boost Software License 1.0";
|
fullName = "Boost Software License 1.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
bsd2 = spdx {
|
bsd2 = spdx {
|
||||||
shortName = "BSD-2-Clause";
|
spdxId = "BSD-2-Clause";
|
||||||
fullName = ''BSD 2-clause "Simplified" License'';
|
fullName = ''BSD 2-clause "Simplified" License'';
|
||||||
};
|
};
|
||||||
|
|
||||||
bsd3 = spdx {
|
bsd3 = spdx {
|
||||||
shortName = "BSD-3-Clause";
|
spdxId = "BSD-3-Clause";
|
||||||
fullName = ''BSD 3-clause "New" or "Revised" License'';
|
fullName = ''BSD 3-clause "New" or "Revised" License'';
|
||||||
};
|
};
|
||||||
|
|
||||||
bsdOriginal = spdx {
|
bsdOriginal = spdx {
|
||||||
shortName = "BSD-4-Clause";
|
spdxId = "BSD-4-Clause";
|
||||||
fullName = ''BSD 4-clause "Original" or "Old" License'';
|
fullName = ''BSD 4-clause "Original" or "Old" License'';
|
||||||
};
|
};
|
||||||
|
|
||||||
cc0 = spdx {
|
cc0 = spdx {
|
||||||
shortName = "CC0-1.0";
|
spdxId = "CC0-1.0";
|
||||||
fullName = ''Creative Commons Zero v1.0 Universal'';
|
fullName = "Creative Commons Zero v1.0 Universal";
|
||||||
};
|
};
|
||||||
|
|
||||||
cc-by-30 = spdx {
|
cc-by-30 = spdx {
|
||||||
shortName = "CC-BY-3.0";
|
spdxId = "CC-BY-3.0";
|
||||||
fullName = "Creative Commons Attribution 3.0";
|
fullName = "Creative Commons Attribution 3.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
cc-by-sa-30 = spdx {
|
cc-by-sa-30 = spdx {
|
||||||
shortName = "CC-BY-SA-3.0";
|
spdxId = "CC-BY-SA-3.0";
|
||||||
fullName = "Creative Commons Attribution Share Alike 3.0";
|
fullName = "Creative Commons Attribution Share Alike 3.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
cc-by-40 = spdx {
|
cc-by-40 = spdx {
|
||||||
shortName = "CC-BY-4.0";
|
spdxId = "CC-BY-4.0";
|
||||||
fullName = "Creative Commons Attribution 4.0";
|
fullName = "Creative Commons Attribution 4.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
cddl = spdx {
|
cddl = spdx {
|
||||||
shortName = "CDDL-1.0";
|
spdxId = "CDDL-1.0";
|
||||||
fullName = "Common Development and Distribution License 1.0";
|
fullName = "Common Development and Distribution License 1.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
cecill20 = spdx {
|
||||||
|
spdxId = "CECILL-2.0";
|
||||||
|
fullName = "CeCILL Free Software License Agreement v2.0";
|
||||||
|
};
|
||||||
|
|
||||||
cecill-b = spdx {
|
cecill-b = spdx {
|
||||||
shortName = "CECILL-B";
|
spdxId = "CECILL-B";
|
||||||
fullName = "CeCILL-B Free Software License Agreement";
|
fullName = "CeCILL-B Free Software License Agreement";
|
||||||
};
|
};
|
||||||
|
|
||||||
cecill-c = spdx {
|
cecill-c = spdx {
|
||||||
shortName = "CECILL-C";
|
spdxId = "CECILL-C";
|
||||||
fullName = "CeCILL-C Free Software License Agreement";
|
fullName = "CeCILL-C Free Software License Agreement";
|
||||||
};
|
};
|
||||||
|
|
||||||
cpl10 = spdx {
|
cpl10 = spdx {
|
||||||
shortName = "CPL-1.0";
|
spdxId = "CPL-1.0";
|
||||||
fullName = "Common Public License 1.0";
|
fullName = "Common Public License 1.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
epl10 = spdx {
|
epl10 = spdx {
|
||||||
shortName = "EPL-1.0";
|
spdxId = "EPL-1.0";
|
||||||
fullName = "Eclipse Public License 1.0";
|
fullName = "Eclipse Public License 1.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
free = "free";
|
free = {
|
||||||
|
fullName = "Unspecified free software license";
|
||||||
|
};
|
||||||
|
|
||||||
|
gpl1 = spdx {
|
||||||
|
spdxId = "GPL-1.0";
|
||||||
|
fullName = "GNU General Public License v1.0 only";
|
||||||
|
};
|
||||||
|
|
||||||
|
gpl1Plus = spdx {
|
||||||
|
spdxId = "GPL-1.0+";
|
||||||
|
fullName = "GNU General Public License v1.0 or later";
|
||||||
|
};
|
||||||
|
|
||||||
gpl2 = spdx {
|
gpl2 = spdx {
|
||||||
shortName = "GPL-2.0";
|
spdxId = "GPL-2.0";
|
||||||
fullName = "GNU General Public License v2.0 only";
|
fullName = "GNU General Public License v2.0 only";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
gpl2ClasspathPlus = {
|
||||||
|
fullName = "GNU General Public License v2.0 or later (with Classpath exception)";
|
||||||
|
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
|
||||||
|
};
|
||||||
|
|
||||||
gpl2Oss = {
|
gpl2Oss = {
|
||||||
shortName = "GPL-2.0-with-OSS";
|
|
||||||
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
|
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
|
||||||
url = http://www.mysql.com/about/legal/licensing/foss-exception;
|
url = http://www.mysql.com/about/legal/licensing/foss-exception;
|
||||||
};
|
};
|
||||||
|
|
||||||
gpl2Plus = spdx {
|
gpl2Plus = spdx {
|
||||||
shortName = "GPL-2.0+";
|
spdxId = "GPL-2.0+";
|
||||||
fullName = "GNU General Public License v2.0 or later";
|
fullName = "GNU General Public License v2.0 or later";
|
||||||
};
|
};
|
||||||
|
|
||||||
gpl3 = spdx {
|
gpl3 = spdx {
|
||||||
shortName = "GPL-3.0";
|
spdxId = "GPL-3.0";
|
||||||
fullName = "GNU General Public License v3.0 only";
|
fullName = "GNU General Public License v3.0 only";
|
||||||
};
|
};
|
||||||
|
|
||||||
gpl3Plus = spdx {
|
gpl3Plus = spdx {
|
||||||
shortName = "GPL-3.0+";
|
spdxId = "GPL-3.0+";
|
||||||
fullName = "GNU General Public License v3.0 or later";
|
fullName = "GNU General Public License v3.0 or later";
|
||||||
};
|
};
|
||||||
|
|
||||||
gpl3ClasspathPlus = {
|
gpl3ClasspathPlus = {
|
||||||
shortName = "GPL-3.0+-with-classpath-exception";
|
|
||||||
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
|
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
|
||||||
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
|
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Intel's license, seems free
|
||||||
|
iasl = {
|
||||||
|
fullName = "iASL";
|
||||||
|
url = http://www.calculate-linux.org/packages/licenses/iASL;
|
||||||
|
};
|
||||||
|
|
||||||
inria = {
|
inria = {
|
||||||
shortName = "INRIA-NCLA";
|
|
||||||
fullName = "INRIA Non-Commercial License Agreement";
|
fullName = "INRIA Non-Commercial License Agreement";
|
||||||
url = "http://compcert.inria.fr/doc/LICENSE";
|
url = "http://compcert.inria.fr/doc/LICENSE";
|
||||||
};
|
};
|
||||||
|
|
||||||
ipa = spdx {
|
ipa = spdx {
|
||||||
shortName = "IPA";
|
spdxId = "IPA";
|
||||||
fullName = "IPA Font License";
|
fullName = "IPA Font License";
|
||||||
};
|
};
|
||||||
|
|
||||||
ipl10 = spdx {
|
ipl10 = spdx {
|
||||||
shortName = "IPL-1.0";
|
spdxId = "IPL-1.0";
|
||||||
fullName = "IBM Public License v1.0";
|
fullName = "IBM Public License v1.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
isc = spdx {
|
isc = spdx {
|
||||||
shortName = "ISC";
|
spdxId = "ISC";
|
||||||
fullName = "ISC License";
|
fullName = "ISC License";
|
||||||
};
|
};
|
||||||
|
|
||||||
lgpl2 = spdx {
|
lgpl2 = spdx {
|
||||||
shortName = "LGPL-2.0";
|
spdxId = "LGPL-2.0";
|
||||||
fullName = "GNU Library General Public License v2 only";
|
fullName = "GNU Library General Public License v2 only";
|
||||||
};
|
};
|
||||||
|
|
||||||
lgpl2Plus = spdx {
|
lgpl2Plus = spdx {
|
||||||
shortName = "LGPL-2.0+";
|
spdxId = "LGPL-2.0+";
|
||||||
fullName = "GNU Library General Public License v2 or later";
|
fullName = "GNU Library General Public License v2 or later";
|
||||||
};
|
};
|
||||||
|
|
||||||
lgpl21 = spdx {
|
lgpl21 = spdx {
|
||||||
shortName = "LGPL-2.1";
|
spdxId = "LGPL-2.1";
|
||||||
fullName = "GNU Library General Public License v2.1 only";
|
fullName = "GNU Library General Public License v2.1 only";
|
||||||
};
|
};
|
||||||
|
|
||||||
lgpl21Plus = spdx {
|
lgpl21Plus = spdx {
|
||||||
shortName = "LGPL-2.1+";
|
spdxId = "LGPL-2.1+";
|
||||||
fullName = "GNU Library General Public License v2.1 or later";
|
fullName = "GNU Library General Public License v2.1 or later";
|
||||||
};
|
};
|
||||||
|
|
||||||
lgpl3 = spdx {
|
lgpl3 = spdx {
|
||||||
shortName = "LGPL-3.0";
|
spdxId = "LGPL-3.0";
|
||||||
fullName = "GNU Lesser General Public License v3.0 only";
|
fullName = "GNU Lesser General Public License v3.0 only";
|
||||||
};
|
};
|
||||||
|
|
||||||
lgpl3Plus = spdx {
|
lgpl3Plus = spdx {
|
||||||
shortName = "LGPL-3.0+";
|
spdxId = "LGPL-3.0+";
|
||||||
fullName = "GNU Lesser General Public License v3.0 or later";
|
fullName = "GNU Lesser General Public License v3.0 or later";
|
||||||
};
|
};
|
||||||
|
|
||||||
libpng = spdx {
|
libpng = spdx {
|
||||||
shortName = "Libpng";
|
spdxId = "Libpng";
|
||||||
fullName = "libpng License";
|
fullName = "libpng License";
|
||||||
};
|
};
|
||||||
|
|
||||||
libtiff = {
|
libtiff = spdx {
|
||||||
shortName = "libtiff";
|
spdxId = "libtiff";
|
||||||
fullName = "libtiff license";
|
fullName = "libtiff License";
|
||||||
url = https://fedoraproject.org/wiki/Licensing/libtiff;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
llgpl21 = {
|
llgpl21 = {
|
||||||
shortName = "LLGPL-2.1";
|
|
||||||
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
|
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
|
||||||
url = http://opensource.franz.com/preamble.html;
|
url = http://opensource.franz.com/preamble.html;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
lppl12 = spdx {
|
||||||
|
spdxId = "LPPL-1.2";
|
||||||
|
fullName = "LaTeX Project Public License v1.2";
|
||||||
|
};
|
||||||
|
|
||||||
|
lppl13c = spdx {
|
||||||
|
spdxId = "LPPL-1.3c";
|
||||||
|
fullName = "LaTeX Project Public License v1.3c";
|
||||||
|
};
|
||||||
|
|
||||||
lpl-102 = spdx {
|
lpl-102 = spdx {
|
||||||
shortName = "LPL-1.02";
|
spdxId = "LPL-1.02";
|
||||||
fullName = "Lucent Public License v1.02";
|
fullName = "Lucent Public License v1.02";
|
||||||
};
|
};
|
||||||
|
|
||||||
# spdx.org does not (yet) differentiate between the X11 and Expat versions
|
# spdx.org does not (yet) differentiate between the X11 and Expat versions
|
||||||
# for details see http://en.wikipedia.org/wiki/MIT_License#Various_versions
|
# for details see http://en.wikipedia.org/wiki/MIT_License#Various_versions
|
||||||
mit = spdx {
|
mit = spdx {
|
||||||
shortName = "MIT";
|
spdxId = "MIT";
|
||||||
fullName = "MIT License";
|
fullName = "MIT License";
|
||||||
};
|
};
|
||||||
|
|
||||||
mpl11 = spdx {
|
mpl11 = spdx {
|
||||||
shortName = "MPL-1.1";
|
spdxId = "MPL-1.1";
|
||||||
fullName = "Mozilla Public License 1.1";
|
fullName = "Mozilla Public License 1.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
mpl20 = spdx {
|
mpl20 = spdx {
|
||||||
shortName = "MPL-2.0";
|
spdxId = "MPL-2.0";
|
||||||
fullName = "Mozilla Public License 2.0";
|
fullName = "Mozilla Public License 2.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
msrla = {
|
msrla = {
|
||||||
shortName = "MSR-LA";
|
|
||||||
fullName = "Microsoft Research License Agreement";
|
fullName = "Microsoft Research License Agreement";
|
||||||
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
|
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
|
||||||
};
|
};
|
||||||
|
|
||||||
ncsa = spdx {
|
ncsa = spdx {
|
||||||
shortName = "NCSA";
|
spdxId = "NCSA";
|
||||||
fullName = "University of Illinois/NCSA Open Source License";
|
fullName = "University of Illinois/NCSA Open Source License";
|
||||||
};
|
};
|
||||||
|
|
||||||
ofl = spdx {
|
ofl = spdx {
|
||||||
shortName = "OFL-1.1";
|
spdxId = "OFL-1.1";
|
||||||
fullName = "SIL Open Font License 1.1";
|
fullName = "SIL Open Font License 1.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
openssl = spdx {
|
openssl = spdx {
|
||||||
shortName = "OpenSSL";
|
spdxId = "OpenSSL";
|
||||||
fullName = "OpenSSL License";
|
fullName = "OpenSSL License";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
php301 = spdx {
|
||||||
|
spdxId = "PHP-3.01";
|
||||||
|
fullName = "PHP License v3.01";
|
||||||
|
};
|
||||||
|
|
||||||
postgresql = spdx {
|
postgresql = spdx {
|
||||||
shortName = "PostgreSQL";
|
spdxId = "PostgreSQL";
|
||||||
fullName = "PostgreSQL License";
|
fullName = "PostgreSQL License";
|
||||||
};
|
};
|
||||||
|
|
||||||
psfl = spdx {
|
psfl = spdx {
|
||||||
shortName = "Python-2.0";
|
spdxId = "Python-2.0";
|
||||||
fullName = "Python Software Foundation License version 2";
|
fullName = "Python Software Foundation License version 2";
|
||||||
#url = http://docs.python.org/license.html;
|
#url = http://docs.python.org/license.html;
|
||||||
};
|
};
|
||||||
|
|
||||||
publicDomain = {
|
publicDomain = {
|
||||||
shortName = "Public Domain";
|
fullName = "Public Domain";
|
||||||
fullname = "Public Domain";
|
};
|
||||||
|
|
||||||
|
qpl = spdx {
|
||||||
|
spdxId = "QPL-1.0";
|
||||||
|
fullName = "Q Public License 1.0";
|
||||||
|
};
|
||||||
|
|
||||||
|
qwt = {
|
||||||
|
fullName = "Qwt License, Version 1.0";
|
||||||
|
url = http://qwt.sourceforge.net/qwtlicense.html;
|
||||||
|
};
|
||||||
|
|
||||||
|
ruby = spdx {
|
||||||
|
spdxId = "Ruby";
|
||||||
|
fullName = "Ruby License";
|
||||||
|
};
|
||||||
|
|
||||||
|
sgi-b-20 = spdx {
|
||||||
|
spdxId = "SGI-B-2.0";
|
||||||
|
fullName = "SGI Free Software License B v2.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
sleepycat = spdx {
|
sleepycat = spdx {
|
||||||
shortName = "Sleepycat";
|
spdxId = "Sleepycat";
|
||||||
fullName = "Sleepycat License";
|
fullName = "Sleepycat License";
|
||||||
};
|
};
|
||||||
|
|
||||||
tcltk = {
|
tcltk = spdx {
|
||||||
shortName = "Tcl/Tk";
|
spdxId = "TCL";
|
||||||
fullName = "Tcl/Tk license";
|
fullName = "TCL/TK License";
|
||||||
url = http://www.tcl.tk/software/tcltk/license.html;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
unfree = "unfree";
|
unfree = {
|
||||||
|
fullName = "Unfree";
|
||||||
|
free = false;
|
||||||
|
};
|
||||||
|
|
||||||
unfreeRedistributable = "unfree-redistributable";
|
unfreeRedistributable = {
|
||||||
|
fullName = "Unfree redistributable";
|
||||||
|
free = false;
|
||||||
|
};
|
||||||
|
|
||||||
unfreeRedistributableFirmware = "unfree-redistributable-firmware";
|
unfreeRedistributableFirmware = {
|
||||||
|
fullName = "Unfree redistributable firmware";
|
||||||
|
# Note: we currently consider these "free" for inclusion in the
|
||||||
|
# channel and NixOS images.
|
||||||
|
};
|
||||||
|
|
||||||
unlicense = {
|
unlicense = spdx {
|
||||||
shortName = "Unlicense";
|
spdxId = "Unlicense";
|
||||||
fullName = "Unlicense";
|
fullName = "The Unlicense";
|
||||||
url = http://unlicense.org/;
|
};
|
||||||
|
|
||||||
|
vsl10 = spdx {
|
||||||
|
spdxId = "VSL-1.0";
|
||||||
|
fullName = "Vovida Software License v1.0";
|
||||||
|
};
|
||||||
|
|
||||||
|
w3c = spdx {
|
||||||
|
spdxId = "W3C";
|
||||||
|
fullName = "W3C Software Notice and License";
|
||||||
};
|
};
|
||||||
|
|
||||||
wadalab = {
|
wadalab = {
|
||||||
shortName = "wadalab";
|
|
||||||
fullName = "Wadalab Font License";
|
fullName = "Wadalab Font License";
|
||||||
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
|
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
wtfpl = spdx {
|
||||||
|
spdxId = "WTFPL";
|
||||||
|
fullName = "Do What The F*ck You Want To Public License";
|
||||||
|
};
|
||||||
|
|
||||||
zlib = spdx {
|
zlib = spdx {
|
||||||
shortName = "Zlib";
|
spdxId = "Zlib";
|
||||||
fullName = "zlib License";
|
fullName = "zlib License";
|
||||||
};
|
};
|
||||||
|
|
||||||
zpt20 = spdx { # FIXME: why zpt* instead of zpl*
|
zpt20 = spdx { # FIXME: why zpt* instead of zpl*
|
||||||
shortName = "ZPL-2.0";
|
spdxId = "ZPL-2.0";
|
||||||
fullName = "Zope Public License 2.0";
|
fullName = "Zope Public License 2.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
zpt21 = spdx {
|
zpt21 = spdx {
|
||||||
shortName = "ZPL-2.1";
|
spdxId = "ZPL-2.1";
|
||||||
fullName = "Zope Public License 2.1";
|
fullName = "Zope Public License 2.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -223,4 +223,14 @@ rec {
|
||||||
|
|
||||||
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];
|
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];
|
||||||
|
|
||||||
|
# Remove duplicate elements from the list
|
||||||
|
unique = list:
|
||||||
|
if list == [] then
|
||||||
|
[]
|
||||||
|
else
|
||||||
|
let
|
||||||
|
x = head list;
|
||||||
|
xs = unique (drop 1 list);
|
||||||
|
in [x] ++ remove x xs;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,12 +5,13 @@
|
||||||
alphabetically sorted. */
|
alphabetically sorted. */
|
||||||
|
|
||||||
_1126 = "Christian Lask <mail@elfsechsundzwanzig.de>";
|
_1126 = "Christian Lask <mail@elfsechsundzwanzig.de>";
|
||||||
|
abbradar = "Nikolay Amiantov <ab@fmap.me>";
|
||||||
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
|
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
|
||||||
|
aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
|
||||||
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
|
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
|
||||||
akc = "Anders Claesson <akc@akc.is>";
|
akc = "Anders Claesson <akc@akc.is>";
|
||||||
algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
|
algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
|
||||||
all = "Nix Committers <nix-commits@lists.science.uu.nl>";
|
all = "Nix Committers <nix-commits@lists.science.uu.nl>";
|
||||||
abbradar = "Nikolay Amiantov <ab@fmap.me>";
|
|
||||||
amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
|
amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
|
||||||
amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
|
amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
|
||||||
AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
|
AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
|
||||||
|
@ -23,7 +24,9 @@
|
||||||
aszlig = "aszlig <aszlig@redmoonstudios.org>";
|
aszlig = "aszlig <aszlig@redmoonstudios.org>";
|
||||||
auntie = "Jonathan Glines <auntieNeo@gmail.com>";
|
auntie = "Jonathan Glines <auntieNeo@gmail.com>";
|
||||||
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
|
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
|
||||||
|
balajisivaraman = "Balaji Sivaraman<sivaraman.balaji@gmail.com>";
|
||||||
bbenoist = "Baptist BENOIST <return_0@live.com>";
|
bbenoist = "Baptist BENOIST <return_0@live.com>";
|
||||||
|
bdimcheff = "Brandon Dimcheff <brandon@dimcheff.com>";
|
||||||
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
|
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
|
||||||
berdario = "Dario Bertini <berdario@gmail.com>";
|
berdario = "Dario Bertini <berdario@gmail.com>";
|
||||||
bergey = "Daniel Bergey <bergey@teallabs.org>";
|
bergey = "Daniel Bergey <bergey@teallabs.org>";
|
||||||
|
@ -45,26 +48,34 @@
|
||||||
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
|
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
|
||||||
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
|
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
|
||||||
DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
|
DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
|
||||||
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
|
davidrusu = "David Rusu <davidrusu.me@gmail.com>";
|
||||||
dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
|
dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
|
||||||
|
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
|
||||||
|
devhell = "devhell <\"^\"@regexmail.net>";
|
||||||
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
|
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
|
||||||
doublec = "Chris Double <chris.double@double.co.nz>";
|
doublec = "Chris Double <chris.double@double.co.nz>";
|
||||||
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
|
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
|
||||||
|
eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
|
||||||
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
|
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
|
||||||
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
|
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
|
||||||
|
eikek = "Eike Kettner <eike.kettner@posteo.de>";
|
||||||
ellis = "Ellis Whitehead <nixos@ellisw.net>";
|
ellis = "Ellis Whitehead <nixos@ellisw.net>";
|
||||||
emery = "Emery Hemingway <emery@vfemail.net>";
|
emery = "Emery Hemingway <emery@vfemail.net>";
|
||||||
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
|
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
|
||||||
|
exlevan = "Alexey Levan <exlevan@gmail.com>";
|
||||||
falsifian = "James Cook <james.cook@utoronto.ca>";
|
falsifian = "James Cook <james.cook@utoronto.ca>";
|
||||||
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
|
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
|
||||||
|
fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
|
||||||
fpletz = "Franz Pletz <fpletz@fnordicwalking.de>";
|
fpletz = "Franz Pletz <fpletz@fnordicwalking.de>";
|
||||||
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
|
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
|
||||||
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
|
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
|
||||||
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
|
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
|
||||||
gal_bolle = "Florent Becker <florent.becker@ens-lyon.org>";
|
gal_bolle = "Florent Becker <florent.becker@ens-lyon.org>";
|
||||||
garbas = "Rok Garbas <rok@garbas.si>";
|
garbas = "Rok Garbas <rok@garbas.si>";
|
||||||
|
gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
|
||||||
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
|
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
|
||||||
guibert = "David Guibert <david.guibert@gmail.com>";
|
guibert = "David Guibert <david.guibert@gmail.com>";
|
||||||
|
henrytill = "Henry Till <henrytill@gmail.com>";
|
||||||
hinton = "Tom Hinton <t@larkery.com>";
|
hinton = "Tom Hinton <t@larkery.com>";
|
||||||
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
|
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
|
||||||
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
|
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
|
||||||
|
@ -73,11 +84,16 @@
|
||||||
jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
|
jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
|
||||||
jcumming = "Jack Cummings <jack@mudshark.org>";
|
jcumming = "Jack Cummings <jack@mudshark.org>";
|
||||||
jgeerds = "Jascha Geerds <jg@ekby.de>";
|
jgeerds = "Jascha Geerds <jg@ekby.de>";
|
||||||
|
jirkamarsik = "Jirka Marsik <jiri.marsik89@gmail.com>";
|
||||||
|
joachifm = "Joachim Fasting <joachifm@fastmail.fm>";
|
||||||
joamaki = "Jussi Maki <joamaki@gmail.com>";
|
joamaki = "Jussi Maki <joamaki@gmail.com>";
|
||||||
joelteon = "Joel Taylor <me@joelt.io>";
|
joelteon = "Joel Taylor <me@joelt.io>";
|
||||||
|
jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
|
||||||
jwiegley = "John Wiegley <johnw@newartisans.com>";
|
jwiegley = "John Wiegley <johnw@newartisans.com>";
|
||||||
|
jzellner = "Jeff Zellner <jeffz@eml.cc>";
|
||||||
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
|
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
|
||||||
koral = "Koral <koral@mailoo.org>";
|
koral = "Koral <koral@mailoo.org>";
|
||||||
|
kovirobi = "Kovacsics Robert <kovirobi@gmail.com>";
|
||||||
kragniz = "Louis Taylor <kragniz@gmail.com>";
|
kragniz = "Louis Taylor <kragniz@gmail.com>";
|
||||||
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
|
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
|
||||||
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
|
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
|
||||||
|
@ -86,28 +102,37 @@
|
||||||
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
|
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
|
||||||
ludo = "Ludovic Courtès <ludo@gnu.org>";
|
ludo = "Ludovic Courtès <ludo@gnu.org>";
|
||||||
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
|
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
|
||||||
|
magnetophon = "Bart Brouns <bart@magnetophon.nl>";
|
||||||
manveru = "Michael Fellinger <m.fellinger@gmail.com>";
|
manveru = "Michael Fellinger <m.fellinger@gmail.com>";
|
||||||
marcweber = "Marc Weber <marco-oweber@gmx.de>";
|
marcweber = "Marc Weber <marco-oweber@gmx.de>";
|
||||||
matejc = "Matej Cotman <cotman.matej@gmail.com>";
|
matejc = "Matej Cotman <cotman.matej@gmail.com>";
|
||||||
|
meditans = "Carlo Nucera <meditans@gmail.com>";
|
||||||
meisternu = "Matt Miemiec <meister@krutt.org>";
|
meisternu = "Matt Miemiec <meister@krutt.org>";
|
||||||
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
|
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
|
||||||
modulistic = "Pablo Costa <modulistic@gmail.com>";
|
modulistic = "Pablo Costa <modulistic@gmail.com>";
|
||||||
mornfall = "Petr Ročkai <me@mornfall.net>";
|
mornfall = "Petr Ročkai <me@mornfall.net>";
|
||||||
MP2E = "Cray Elliott <MP2E@archlinux.us>";
|
MP2E = "Cray Elliott <MP2E@archlinux.us>";
|
||||||
msackman = "Matthew Sackman <matthew@wellquite.org>";
|
msackman = "Matthew Sackman <matthew@wellquite.org>";
|
||||||
|
mtreskin = "Max Treskin <zerthurd@gmail.com>";
|
||||||
|
muflax = "Stefan Dorn <mail@muflax.com>";
|
||||||
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
|
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
|
||||||
|
nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
|
||||||
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
|
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
|
||||||
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
|
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
|
||||||
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
|
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
|
||||||
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
|
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
|
||||||
|
olcai = "Erik Timan <dev@timan.info>";
|
||||||
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
|
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
|
||||||
page = "Carles Pagès <page@cubata.homelinux.net>";
|
page = "Carles Pagès <page@cubata.homelinux.net>";
|
||||||
|
pashev = "Igor Pashev <pashev.igor@gmail.com>";
|
||||||
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
|
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
|
||||||
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
|
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
|
||||||
piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
|
piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
|
||||||
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
|
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
|
||||||
plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
|
plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
|
||||||
|
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
|
||||||
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
|
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
|
||||||
|
puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
|
||||||
qknight = "Joachim Schiele <js@lastlog.de>";
|
qknight = "Joachim Schiele <js@lastlog.de>";
|
||||||
raskin = "Michael Raskin <7c6f434c@mail.ru>";
|
raskin = "Michael Raskin <7c6f434c@mail.ru>";
|
||||||
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
|
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
|
||||||
|
@ -122,21 +147,27 @@
|
||||||
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
|
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
|
||||||
rycee = "Robert Helgesson <robert@rycee.net>";
|
rycee = "Robert Helgesson <robert@rycee.net>";
|
||||||
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
|
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
|
||||||
|
schristo = "Scott Christopher <schristopher@konputa.com>";
|
||||||
sepi = "Raffael Mancini <raffael@mancini.lu>";
|
sepi = "Raffael Mancini <raffael@mancini.lu>";
|
||||||
shell = "Shell Turner <cam.turn@gmail.com>";
|
shell = "Shell Turner <cam.turn@gmail.com>";
|
||||||
shlevy = "Shea Levy <shea@shealevy.com>";
|
shlevy = "Shea Levy <shea@shealevy.com>";
|
||||||
simons = "Peter Simons <simons@cryp.to>";
|
simons = "Peter Simons <simons@cryp.to>";
|
||||||
|
sjmackenzie = "Stewart Mackenzie <setori88@gmail.com>";
|
||||||
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
|
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
|
||||||
smironov = "Sergey Mironov <ierton@gmail.com>";
|
smironov = "Sergey Mironov <ierton@gmail.com>";
|
||||||
sprock = "Roger Mason <rmason@mun.ca>";
|
sprock = "Roger Mason <rmason@mun.ca>";
|
||||||
|
spwhitt = "Spencer Whitt <sw@swhitt.me>";
|
||||||
|
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
|
||||||
tailhook = "Paul Colomiets <paul@colomiets.name>";
|
tailhook = "Paul Colomiets <paul@colomiets.name>";
|
||||||
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
|
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
|
||||||
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
|
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
|
||||||
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
|
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
|
||||||
|
titanous = "Jonathan Rudenberg <jonathan@titanous.com>";
|
||||||
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
|
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
|
||||||
tstrobel = "Thomas Strobel <ts468@cam.ac.uk>";
|
tstrobel = "Thomas Strobel <ts468@cam.ac.uk>";
|
||||||
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
|
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
|
||||||
tv = "Tomislav Viljetić <tv@shackspace.de>";
|
tv = "Tomislav Viljetić <tv@shackspace.de>";
|
||||||
|
twey = "James ‘Twey’ Kay <twey@twey.co.uk>";
|
||||||
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
|
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
|
||||||
vandenoever = "Jos van den Oever <jos@vandenoever.info>";
|
vandenoever = "Jos van den Oever <jos@vandenoever.info>";
|
||||||
vbgl = "Vincent Laporte <Vincent.Laporte@gmail.com>";
|
vbgl = "Vincent Laporte <Vincent.Laporte@gmail.com>";
|
||||||
|
@ -151,10 +182,12 @@
|
||||||
wjlroe = "William Roe <willroe@gmail.com>";
|
wjlroe = "William Roe <willroe@gmail.com>";
|
||||||
wkennington = "William A. Kennington III <william@wkennington.com>";
|
wkennington = "William A. Kennington III <william@wkennington.com>";
|
||||||
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
|
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
|
||||||
|
wscott = "Wayne Scott <wsc9tt@gmail.com>";
|
||||||
wyvie = "Elijah Rum <elijahrum@gmail.com>";
|
wyvie = "Elijah Rum <elijahrum@gmail.com>";
|
||||||
yarr = "Dmitry V. <savraz@gmail.com>";
|
yarr = "Dmitry V. <savraz@gmail.com>";
|
||||||
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
|
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
|
||||||
zef = "Zef Hemel <zef@zef.me>";
|
zef = "Zef Hemel <zef@zef.me>";
|
||||||
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
|
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
|
||||||
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
|
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
|
||||||
|
Gonzih = "Max Gonzih <gonzih@gmail.com>";
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,7 +58,7 @@ rec {
|
||||||
if m ? config || m ? options then
|
if m ? config || m ? options then
|
||||||
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in
|
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in
|
||||||
if badAttrs != {} then
|
if badAttrs != {} then
|
||||||
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'."
|
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by assignments to the top-level attributes `config' or `options'."
|
||||||
else
|
else
|
||||||
{ file = m._file or file;
|
{ file = m._file or file;
|
||||||
key = toString m.key or key;
|
key = toString m.key or key;
|
||||||
|
|
|
@ -31,6 +31,23 @@ rec {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# This option accept anything, but it does not produce any result. This
|
||||||
|
# is useful for sharing a module across different module sets without
|
||||||
|
# having to implement similar features as long as the value of the options
|
||||||
|
# are not expected.
|
||||||
|
mkSinkUndeclaredOptions = attrs: mkOption ({
|
||||||
|
internal = true;
|
||||||
|
visible = false;
|
||||||
|
default = false;
|
||||||
|
description = "Sink for option definitions.";
|
||||||
|
type = mkOptionType {
|
||||||
|
name = "sink";
|
||||||
|
check = x: true;
|
||||||
|
merge = loc: defs: false;
|
||||||
|
};
|
||||||
|
apply = x: throw "Option value is not readable because the option is not declared.";
|
||||||
|
} // attrs);
|
||||||
|
|
||||||
mergeDefaultOption = loc: defs:
|
mergeDefaultOption = loc: defs:
|
||||||
let list = getValues defs; in
|
let list = getValues defs; in
|
||||||
if length list == 1 then head list
|
if length list == 1 then head list
|
||||||
|
|
14
maintainers/docker/.dockerignore
Normal file
14
maintainers/docker/.dockerignore
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
*~
|
||||||
|
,*
|
||||||
|
.*.swp
|
||||||
|
.*.swo
|
||||||
|
result
|
||||||
|
result-*
|
||||||
|
/doc/NEWS.html
|
||||||
|
/doc/NEWS.txt
|
||||||
|
/doc/manual.html
|
||||||
|
/doc/manual.pdf
|
||||||
|
.version-suffix
|
||||||
|
|
||||||
|
.DS_Store
|
||||||
|
.git
|
12
maintainers/docker/Dockerfile
Normal file
12
maintainers/docker/Dockerfile
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
FROM busybox
|
||||||
|
|
||||||
|
RUN dir=`mktemp -d` && trap 'rm -rf "$dir"' EXIT && \
|
||||||
|
wget -O- https://nixos.org/releases/nix/nix-1.7/nix-1.7-x86_64-linux.tar.bz2 | bzcat | tar x -C $dir && \
|
||||||
|
mkdir -m 0755 /nix && USER=root sh $dir/*/install && \
|
||||||
|
echo ". /root/.nix-profile/etc/profile.d/nix.sh" >> /etc/profile
|
||||||
|
|
||||||
|
ADD . /root/nix/nixpkgs
|
||||||
|
ONBUILD ENV NIX_PATH nixpkgs=/root/nix/nixpkgs:nixos=/root/nix/nixpkgs/nixos
|
||||||
|
ONBUILD ENV PATH /root/.nix-profile/bin:/root/.nix-profile/sbin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||||
|
ONBUILD ENV ENV /etc/profile
|
||||||
|
ENV ENV /etc/profile
|
|
@ -3,7 +3,7 @@
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "nix-generate-from-cpan-1";
|
name = "nix-generate-from-cpan-1";
|
||||||
|
|
||||||
buildInputs = [ makeWrapper perl perlPackages.YAMLLibYAML perlPackages.JSON ];
|
buildInputs = [ makeWrapper perl perlPackages.YAMLLibYAML perlPackages.JSON perlPackages.CPANPLUS ];
|
||||||
|
|
||||||
unpackPhase = "true";
|
unpackPhase = "true";
|
||||||
buildPhase = "true";
|
buildPhase = "true";
|
||||||
|
@ -19,4 +19,4 @@ stdenv.mkDerivation {
|
||||||
maintainers = [ stdenv.lib.maintainers.eelco ];
|
maintainers = [ stdenv.lib.maintainers.eelco ];
|
||||||
description = "Utility to generate a Nix expression for a Perl package from CPAN";
|
description = "Utility to generate a Nix expression for a Perl package from CPAN";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -100,7 +100,7 @@ sub get_deps {
|
||||||
foreach my $n (keys %{$deps}) {
|
foreach my $n (keys %{$deps}) {
|
||||||
next if $n eq "perl";
|
next if $n eq "perl";
|
||||||
# Hacky way to figure out if this module is part of Perl.
|
# Hacky way to figure out if this module is part of Perl.
|
||||||
if ($n !~ /^JSON/ && $n !~ /^YAML/) {
|
if ($n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/) {
|
||||||
eval "use $n;";
|
eval "use $n;";
|
||||||
if (!$@) {
|
if (!$@) {
|
||||||
print STDERR "skipping Perl-builtin module $n\n";
|
print STDERR "skipping Perl-builtin module $n\n";
|
||||||
|
|
|
@ -62,7 +62,7 @@ for bin in $(find $binaryDist -executable -type f) :; do
|
||||||
)
|
)
|
||||||
|
|
||||||
if test "$names" = "glibc"; then names="stdenv.glibc"; fi
|
if test "$names" = "glibc"; then names="stdenv.glibc"; fi
|
||||||
if echo $names | grep -c "gcc" &> /dev/null; then names="stdenv.gcc.gcc"; fi
|
if echo $names | grep -c "gcc" &> /dev/null; then names="stdenv.cc.gcc"; fi
|
||||||
|
|
||||||
if test $lib != $libPath; then
|
if test $lib != $libPath; then
|
||||||
interpreter="--interpreter \${$names}/lib/$lib"
|
interpreter="--interpreter \${$names}/lib/$lib"
|
||||||
|
|
|
@ -32,9 +32,7 @@ elif [[ $1 == build ]]; then
|
||||||
nix-build pkgs/top-level/release.nix -A tarball
|
nix-build pkgs/top-level/release.nix -A tarball
|
||||||
else
|
else
|
||||||
echo "=== Checking PR"
|
echo "=== Checking PR"
|
||||||
# The current HEAD is the PR merged into origin/master, so we compare
|
nox-review pr ${TRAVIS_PULL_REQUEST}
|
||||||
# against origin/master
|
|
||||||
nox-review wip --against origin/master
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "$0: Unknown option $1" >&2
|
echo "$0: Unknown option $1" >&2
|
||||||
|
|
111
maintainers/scripts/update-channel-branches.sh
Executable file
111
maintainers/scripts/update-channel-branches.sh
Executable file
|
@ -0,0 +1,111 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
: ${NIXOS_CHANNELS:=https://nixos.org/channels/}
|
||||||
|
: ${CHANNELS_NAMESPACE:=refs/heads/channels/}
|
||||||
|
|
||||||
|
# List all channels which are currently in the repository which we would
|
||||||
|
# have to remove if they are not found again.
|
||||||
|
deadChannels=$(git for-each-ref --format="%(refname)" $CHANNELS_NAMESPACE)
|
||||||
|
|
||||||
|
function updateRef() {
|
||||||
|
local channelName=$1
|
||||||
|
local newRev=$2
|
||||||
|
|
||||||
|
# if the inputs are not valid, then we do not update any branch.
|
||||||
|
test -z "$newRev" -o -z "$channelName" && return;
|
||||||
|
|
||||||
|
# Update the local refs/heads/channels/* branches to be in-sync with the
|
||||||
|
# channel references.
|
||||||
|
local branch=$CHANNELS_NAMESPACE$channelName
|
||||||
|
oldRev=$(git rev-parse --short $branch 2>/dev/null || true)
|
||||||
|
if test "$oldRev" != "$newRev"; then
|
||||||
|
if git update-ref $branch $newRev 2>/dev/null; then
|
||||||
|
if test -z "$oldRev"; then
|
||||||
|
echo " * [new branch] $newRev -> ${branch#refs/heads/}"
|
||||||
|
else
|
||||||
|
echo " $oldRev..$newRev -> ${branch#refs/heads/}"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if test -z "$oldRev"; then
|
||||||
|
echo " * [missing rev] $newRev -> ${branch#refs/heads/}"
|
||||||
|
else
|
||||||
|
echo " [missing rev] $oldRev..$newRev -> ${branch#refs/heads/}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Filter out the current channel from the list of dead channels.
|
||||||
|
deadChannels=$(grep -v $CHANNELS_NAMESPACE$channelName <<EOF
|
||||||
|
$deadChannels
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
# Find the name of all channels which are listed in the directory.
|
||||||
|
echo "Fetching channels from $NIXOS_CHANNELS:"
|
||||||
|
for channelName in : $(curl -s $NIXOS_CHANNELS | sed -n '/folder/ { s,.*href=",,; s,/".*,,; p }'); do
|
||||||
|
test "$channelName" = : && continue;
|
||||||
|
|
||||||
|
# Do not follow redirections, such that we can extract the
|
||||||
|
# short-changeset from the name of the directory where we are
|
||||||
|
# redirected to.
|
||||||
|
sha1=$(curl -sI $NIXOS_CHANNELS$channelName | sed -n '/Location/ { s,.*\.\([a-f0-9]*\)[ \r]*$,\1,; p; }')
|
||||||
|
|
||||||
|
updateRef "remotes/$channelName" "$sha1"
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Fetching channels from nixos-version:"
|
||||||
|
if currentSystem=$(nixos-version 2>/dev/null); then
|
||||||
|
# If the system is entirely build from a custom nixpkgs version,
|
||||||
|
# then the version is not annotated in git version. This sed
|
||||||
|
# expression is basically matching that the expressions end with
|
||||||
|
# ".<sha1> (Name)" to extract the sha1.
|
||||||
|
sha1=$(echo $currentSystem | sed -n 's,^.*\.\([a-f0-9]*\) *(.*)$,\1,; T skip; p; :skip;')
|
||||||
|
|
||||||
|
updateRef current-system "$sha1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Fetching channels from ~/.nix-defexpr:"
|
||||||
|
for revFile in : $(find -L ~/.nix-defexpr/ -maxdepth 4 -name svn-revision); do
|
||||||
|
test "$revFile" = : && continue;
|
||||||
|
|
||||||
|
# Deconstruct a path such as, into:
|
||||||
|
#
|
||||||
|
# /home/luke/.nix-defexpr/channels_root/nixos/nixpkgs/svn-revision
|
||||||
|
# channelName = root/nixos
|
||||||
|
#
|
||||||
|
# /home/luke/.nix-defexpr/channels/nixpkgs/svn-revision
|
||||||
|
# channelName = nixpkgs
|
||||||
|
#
|
||||||
|
user=${revFile#*.nix-defexpr/channels}
|
||||||
|
repo=${user#*/}
|
||||||
|
repo=${repo%%/*}
|
||||||
|
user=${user%%/*}
|
||||||
|
user=${user#_}
|
||||||
|
test -z "$user" && user=$USER
|
||||||
|
channelName="$user${user:+/}$repo"
|
||||||
|
|
||||||
|
sha1=$(cat $revFile | sed -n 's,^.*\.\([a-f0-9]*\)$,\1,; T skip; p; :skip;')
|
||||||
|
|
||||||
|
updateRef "$channelName" "$sha1"
|
||||||
|
done
|
||||||
|
|
||||||
|
# Suggest to remove channel branches which are no longer found by this
|
||||||
|
# script. This is to handle the cases where a local/remote channel
|
||||||
|
# disappear. We should not attempt to remove manually any branches, as they
|
||||||
|
# might be user branches.
|
||||||
|
if test -n "$deadChannels"; then
|
||||||
|
|
||||||
|
echo "
|
||||||
|
Some old channel branches are still in your repository, if you
|
||||||
|
want to remove them, run the following command(s):
|
||||||
|
"
|
||||||
|
|
||||||
|
while read branch; do
|
||||||
|
echo " git update-ref -d $branch"
|
||||||
|
done <<EOF
|
||||||
|
$deadChannels
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo
|
||||||
|
fi
|
|
@ -4,26 +4,26 @@ export LANG=C LC_ALL=C LC_COLLATE=C
|
||||||
|
|
||||||
# Load git log
|
# Load git log
|
||||||
raw_git_log="$(git log)"
|
raw_git_log="$(git log)"
|
||||||
git_data="$(echo "$raw_git_log" | grep 'Author:' |
|
git_data="$(echo "$raw_git_log" | grep 'Author:' |
|
||||||
sed -e 's/^ *Author://; s/\\//g; s/^ *//; s/ *$//;
|
sed -e 's/^ *Author://; s/\\//g; s/^ *//; s/ *$//;
|
||||||
s/ @ .*//; s/ *[<]/\t/; s/[>]//')"
|
s/ @ .*//; s/ *[<]/\t/; s/[>]//')"
|
||||||
|
|
||||||
# Name - nick - email correspondence from log and from maintainer list
|
# Name - nick - email correspondence from log and from maintainer list
|
||||||
# Also there are a few manual entries
|
# Also there are a few manual entries
|
||||||
maintainers="$(cat "$(dirname "$0")/../../lib/maintainers.nix" |
|
maintainers="$(cat "$(dirname "$0")/../../lib/maintainers.nix" |
|
||||||
grep '=' | sed -re 's/\\"/''/g;
|
grep '=' | sed -re 's/\\"/''/g;
|
||||||
s/ *([^ =]*) *= *" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
|
s/ *([^ =]*) *= *" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
|
||||||
git_lines="$( ( echo "$git_data";
|
git_lines="$( ( echo "$git_data";
|
||||||
cat "$(dirname "$0")/vanity-manual-equalities.txt") | sort |uniq)"
|
cat "$(dirname "$0")/vanity-manual-equalities.txt") | sort |uniq)"
|
||||||
|
|
||||||
emails="$(
|
emails="$(
|
||||||
( echo "$maintainers" | cut -f 3; echo "$git_data" | cut -f 2 ) |
|
( echo "$maintainers" | cut -f 3; echo "$git_data" | cut -f 2 ) |
|
||||||
sort | uniq | grep -E ".+@.+[.].+"
|
sort | uniq | grep -E ".+@.+[.].+"
|
||||||
)"
|
)"
|
||||||
|
|
||||||
fetchGithubName () {
|
fetchGithubName () {
|
||||||
commitid="$(
|
commitid="$(
|
||||||
echo "$raw_git_log" | grep -B3 "Author: .*[<]$1[>]" | head -n 3 |
|
echo "$raw_git_log" | grep -B3 "Author: .*[<]$1[>]" | head -n 3 |
|
||||||
grep '^commit ' | tail -n 1 | sed -e 's/^commit //'
|
grep '^commit ' | tail -n 1 | sed -e 's/^commit //'
|
||||||
)"
|
)"
|
||||||
userid="$(
|
userid="$(
|
||||||
|
@ -36,7 +36,7 @@ fetchGithubName () {
|
||||||
}
|
}
|
||||||
|
|
||||||
[ -n "$NIXPKGS_GITHUB_NAME_CACHE" ] && {
|
[ -n "$NIXPKGS_GITHUB_NAME_CACHE" ] && {
|
||||||
echo "$emails" | while read email; do
|
echo "$emails" | while read email; do
|
||||||
line="$(grep "$email " "$NIXPKGS_GITHUB_NAME_CACHE")"
|
line="$(grep "$email " "$NIXPKGS_GITHUB_NAME_CACHE")"
|
||||||
[ -z "$line" ] && {
|
[ -z "$line" ] && {
|
||||||
echo "$email $(fetchGithubName "$email")" >> \
|
echo "$email $(fetchGithubName "$email")" >> \
|
||||||
|
@ -47,11 +47,11 @@ fetchGithubName () {
|
||||||
|
|
||||||
# For RDF
|
# For RDF
|
||||||
normalize_name () {
|
normalize_name () {
|
||||||
sed -e 's/%/%25/g; s/ /%20/g; s/'\''/%27/g; s/"/%22/g;'
|
sed -e 's/%/%25/g; s/ /%20/g; s/'\''/%27/g; s/"/%22/g; s/`/%60/g'
|
||||||
}
|
}
|
||||||
|
|
||||||
denormalize_name () {
|
denormalize_name () {
|
||||||
sed -e 's/%20/ /g; s/%27/'\''/g; s/%22/"/g; s/%25/%/g;';
|
sed -e 's/%20/ /g; s/%27/'\''/g; s/%22/"/g; s/%60/`/g; s/%25/%/g;';
|
||||||
}
|
}
|
||||||
|
|
||||||
n3="$(mktemp --suffix .n3)"
|
n3="$(mktemp --suffix .n3)"
|
||||||
|
@ -80,8 +80,8 @@ name_list="$(
|
||||||
?x <my://can-be>+ ?y.
|
?x <my://can-be>+ ?y.
|
||||||
?x <my://is-name> ?g.
|
?x <my://is-name> ?g.
|
||||||
}
|
}
|
||||||
" | tail -n +2 |
|
" | tail -n +2 |
|
||||||
sed -re 's@<my://name/@@g; s@<my://@@g; s@>@@g;' |
|
sed -re 's@<my://name/@@g; s@<my://@@g; s@>@@g;' |
|
||||||
sort -k 2,3 -t ' '
|
sort -k 2,3 -t ' '
|
||||||
)"
|
)"
|
||||||
github_name_list="$(
|
github_name_list="$(
|
||||||
|
@ -89,14 +89,14 @@ github_name_list="$(
|
||||||
select ?x ?y where {
|
select ?x ?y where {
|
||||||
?x (<my://can-be>+ / <my://at-github>) ?y.
|
?x (<my://can-be>+ / <my://at-github>) ?y.
|
||||||
}
|
}
|
||||||
" | tail -n +2 |
|
" | tail -n +2 |
|
||||||
sed -re 's@<my://(name|github)/@@g; s@<my://@@g; s@>@@g;'
|
sed -re 's@<my://(name|github)/@@g; s@<my://@@g; s@>@@g;'
|
||||||
)"
|
)"
|
||||||
|
|
||||||
# Take first spelling option for every person
|
# Take first spelling option for every person
|
||||||
name_list_canonical="$(echo "$name_list" | cut -f 1,2 | uniq -f1)"
|
name_list_canonical="$(echo "$name_list" | cut -f 1,2 | uniq -f1)"
|
||||||
|
|
||||||
cleaner_script="$(echo "$name_list_canonical" | denormalize_name |
|
cleaner_script="$(echo "$name_list_canonical" | denormalize_name |
|
||||||
sed -re 's/(.*)\t(.*)/s#^\2$#\1#g/g')"
|
sed -re 's/(.*)\t(.*)/s#^\2$#\1#g/g')"
|
||||||
|
|
||||||
# Add github usernames
|
# Add github usernames
|
||||||
|
@ -104,9 +104,9 @@ if [ -n "$NIXPKGS_GITHUB_NAME_CACHE" ]; then
|
||||||
github_adder_script="$(echo "$github_name_list" |
|
github_adder_script="$(echo "$github_name_list" |
|
||||||
grep -E "$(echo "$name_list_canonical" | cut -f 2 |
|
grep -E "$(echo "$name_list_canonical" | cut -f 2 |
|
||||||
tr '\n' '|' )" |
|
tr '\n' '|' )" |
|
||||||
sort | uniq |
|
sort | uniq |
|
||||||
sed -re 's/(.*)\t(.*)/s| \1$| \1\t\2|g;/' |
|
sed -re 's/(.*)\t(.*)/s| \1$| \1\t\2|g;/' |
|
||||||
denormalize_name
|
denormalize_name
|
||||||
)"
|
)"
|
||||||
else
|
else
|
||||||
github_adder_script=''
|
github_adder_script=''
|
||||||
|
@ -117,6 +117,6 @@ echo "$name_list" | denormalize_name
|
||||||
echo
|
echo
|
||||||
|
|
||||||
echo "$git_data" | cut -f 1 |
|
echo "$git_data" | cut -f 1 |
|
||||||
sed -re "$cleaner_script" |
|
sed -e "$cleaner_script" |
|
||||||
sort | uniq -c | sort -k1n | sed -re "$github_adder_script" |
|
sort | uniq -c | sort -k1n | sed -re "$github_adder_script" |
|
||||||
sed -re 's/^ *([0-9]+) /\1\t/'
|
sed -re 's/^ *([0-9]+) /\1\t/'
|
||||||
|
|
|
@ -12,9 +12,9 @@ pre-built binary. That is, whenever a command like
|
||||||
<command>nixos-rebuild</command> needs a path in the Nix store, Nix
|
<command>nixos-rebuild</command> needs a path in the Nix store, Nix
|
||||||
will try to download that path from the Internet rather than build it
|
will try to download that path from the Internet rather than build it
|
||||||
from source. The default binary cache is
|
from source. The default binary cache is
|
||||||
<uri>http://cache.nixos.org/</uri>. If this cache is unreachable, Nix
|
<uri>https://cache.nixos.org/</uri>. If this cache is unreachable,
|
||||||
operations may take a long time due to HTTP connection timeouts. You
|
Nix operations may take a long time due to HTTP connection timeouts.
|
||||||
can disable the use of the binary cache by adding <option>--option
|
You can disable the use of the binary cache by adding <option>--option
|
||||||
use-binary-caches false</option>, e.g.
|
use-binary-caches false</option>, e.g.
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
|
@ -30,4 +30,4 @@ $ nixos-rebuild switch --option binary-caches http://my-cache.example.org/
|
||||||
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
|
@ -56,7 +56,7 @@ root file system), you can use
|
||||||
boot.initrd.extraKernelModules = [ "cifs" ];
|
boot.initrd.extraKernelModules = [ "cifs" ];
|
||||||
</programlisting>
|
</programlisting>
|
||||||
This causes the specified modules and their dependencies to be added
|
This causes the specified modules and their dependencies to be added
|
||||||
to the initial ramdark.</para>
|
to the initial ramdisk.</para>
|
||||||
|
|
||||||
<para>Kernel runtime parameters can be set through
|
<para>Kernel runtime parameters can be set through
|
||||||
<option>boot.kernel.sysctl</option>, e.g.
|
<option>boot.kernel.sysctl</option>, e.g.
|
||||||
|
|
|
@ -13,7 +13,7 @@ use NetworkManager. You can enable NetworkManager by setting:
|
||||||
services.networkmanager.enable = true;
|
services.networkmanager.enable = true;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
Some desktop managers (e.g., GNOME) enable NetworkManager
|
some desktop managers (e.g., GNOME) enable NetworkManager
|
||||||
automatically for you.</para>
|
automatically for you.</para>
|
||||||
|
|
||||||
<para>All users that should have permission to change network settings
|
<para>All users that should have permission to change network settings
|
||||||
|
|
|
@ -30,34 +30,13 @@ let
|
||||||
else
|
else
|
||||||
fn;
|
fn;
|
||||||
|
|
||||||
# Convert the list of options into an XML file and a JSON file. The builtin
|
# Convert the list of options into an XML file. The builtin
|
||||||
# unsafeDiscardStringContext is used to prevent the realisation of the store
|
# unsafeDiscardStringContext is used to prevent the realisation of
|
||||||
# paths which are used in options definitions.
|
# the store paths which are used in options definitions.
|
||||||
optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML optionsList'));
|
optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML optionsList'));
|
||||||
optionsJSON = builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsList'));
|
|
||||||
|
|
||||||
# Tools-friendly version of the list of NixOS options.
|
|
||||||
options' = stdenv.mkDerivation {
|
|
||||||
name = "options";
|
|
||||||
|
|
||||||
buildCommand = ''
|
|
||||||
# Export list of options in different format.
|
|
||||||
dst=$out/share/doc/nixos
|
|
||||||
mkdir -p $dst
|
|
||||||
|
|
||||||
cp ${optionsJSON} $dst/options.json
|
|
||||||
cp ${optionsXML} $dst/options.xml
|
|
||||||
|
|
||||||
mkdir -p $out/nix-support
|
|
||||||
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
|
|
||||||
echo "file xml $dst/options.xml" >> $out/nix-support/hydra-build-products
|
|
||||||
''; # */
|
|
||||||
|
|
||||||
meta.description = "List of NixOS options in various formats.";
|
|
||||||
};
|
|
||||||
|
|
||||||
optionsDocBook = runCommand "options-db.xml" {} ''
|
optionsDocBook = runCommand "options-db.xml" {} ''
|
||||||
optionsXML=${options'}/share/doc/nixos/options.xml
|
optionsXML=${optionsXML}
|
||||||
if grep /nixpkgs/nixos/modules $optionsXML; then
|
if grep /nixpkgs/nixos/modules $optionsXML; then
|
||||||
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
|
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
|
||||||
echo "since this prevents sharing via the NixOS channel. This is typically"
|
echo "since this prevents sharing via the NixOS channel. This is typically"
|
||||||
|
@ -83,8 +62,25 @@ let
|
||||||
|
|
||||||
in rec {
|
in rec {
|
||||||
|
|
||||||
# Tools-friendly version of the list of NixOS options.
|
# The NixOS options in JSON format.
|
||||||
options = options';
|
optionsJSON = stdenv.mkDerivation {
|
||||||
|
name = "options-json";
|
||||||
|
|
||||||
|
buildCommand = ''
|
||||||
|
# Export list of options in different format.
|
||||||
|
dst=$out/share/doc/nixos
|
||||||
|
mkdir -p $dst
|
||||||
|
|
||||||
|
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON
|
||||||
|
(listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList'))))
|
||||||
|
} $dst/options.json
|
||||||
|
|
||||||
|
mkdir -p $out/nix-support
|
||||||
|
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
|
||||||
|
''; # */
|
||||||
|
|
||||||
|
meta.description = "List of NixOS options in JSON format";
|
||||||
|
};
|
||||||
|
|
||||||
# Generate the NixOS manual.
|
# Generate the NixOS manual.
|
||||||
manual = stdenv.mkDerivation {
|
manual = stdenv.mkDerivation {
|
||||||
|
|
|
@ -39,24 +39,13 @@ $ firefox result/log.html
|
||||||
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>It is also possible to run the test environment interactively,
|
<title>Running Tests interactively</title>
|
||||||
allowing you to experiment with the VMs. For example:
|
|
||||||
|
|
||||||
<screen>
|
<para>The test itself can be run interactively. This is
|
||||||
$ nix-build login.nix -A driver
|
|
||||||
$ ./result/bin/nixos-run-vms
|
|
||||||
</screen>
|
|
||||||
|
|
||||||
The script <command>nixos-run-vms</command> starts the virtual
|
|
||||||
machines defined by test. The root file system of the VMs is created
|
|
||||||
on the fly and kept across VM restarts in
|
|
||||||
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
|
|
||||||
|
|
||||||
<para>Finally, the test itself can be run interactively. This is
|
|
||||||
particularly useful when developing or debugging a test:
|
particularly useful when developing or debugging a test:
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ nix-build tests/ -A nfs.driver
|
$ nix-build nixos/tests/login.nix -A driver
|
||||||
$ ./result/bin/nixos-test-driver
|
$ ./result/bin/nixos-test-driver
|
||||||
starting VDE switch for network 1
|
starting VDE switch for network 1
|
||||||
>
|
>
|
||||||
|
@ -66,6 +55,7 @@ You can then take any Perl statement, e.g.
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
> startAll
|
> startAll
|
||||||
|
> testScript
|
||||||
> $machine->succeed("touch /tmp/foo")
|
> $machine->succeed("touch /tmp/foo")
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
|
@ -74,4 +64,16 @@ script and drops you back into the test driver command line upon its
|
||||||
completion. This allows you to inspect the state of the VMs after the
|
completion. This allows you to inspect the state of the VMs after the
|
||||||
test (e.g. to debug the test script).</para>
|
test (e.g. to debug the test script).</para>
|
||||||
|
|
||||||
</section>
|
<para>To just start and experiment with the VMs, run:
|
||||||
|
|
||||||
|
<screen>
|
||||||
|
$ nix-build nixos/tests/login.nix -A driver
|
||||||
|
$ ./result/bin/nixos-run-vms
|
||||||
|
</screen>
|
||||||
|
|
||||||
|
The script <command>nixos-run-vms</command> starts the virtual
|
||||||
|
machines defined by test. The root file system of the VMs is created
|
||||||
|
on the fly and kept across VM restarts in
|
||||||
|
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
|
@ -40,20 +40,22 @@ rebuild everything from source. So you may want to create a local
|
||||||
branch based on your current NixOS version:
|
branch based on your current NixOS version:
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ nixos-version
|
$ <replaceable>/my/sources</replaceable>/nixpkgs/maintainers/scripts/update-channel-branches.sh
|
||||||
14.04.273.ea1952b (Baboon)
|
Fetching channels from https://nixos.org/channels:
|
||||||
|
* [new branch] cbe467e -> channels/remotes/nixos-unstable
|
||||||
$ git checkout -b local ea1952b
|
Fetching channels from nixos-version:
|
||||||
|
* [new branch] 9ff4738 -> channels/current-system
|
||||||
|
Fetching channels from ~/.nix-defexpr:
|
||||||
|
* [new branch] 0d4acad -> channels/root/nixos
|
||||||
|
$ git checkout -b local channels/current-system
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
Or, to base your local branch on the latest version available in the
|
Or, to base your local branch on the latest version available in the
|
||||||
NixOS channel:
|
NixOS channel:
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ curl -sI http://nixos.org/channels/nixos-unstable/ | grep Location
|
$ <replaceable>/my/sources</replaceable>/nixpkgs/maintainers/scripts/update-channel-branches.sh
|
||||||
Location: http://releases.nixos.org/nixos/unstable/nixos-14.10pre43986.acaf4a6/
|
$ git checkout -b local channels/remotes/nixos-unstable
|
||||||
|
|
||||||
$ git checkout -b local acaf4a6
|
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
You can then use <command>git rebase</command> to sync your local
|
You can then use <command>git rebase</command> to sync your local
|
||||||
|
@ -92,4 +94,4 @@ to <command>nix-env</command>, as it will break after interpreting expressions
|
||||||
in <filename>nixos/</filename> as packages.</para>
|
in <filename>nixos/</filename> as packages.</para>
|
||||||
-->
|
-->
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -11,14 +11,9 @@
|
||||||
<listitem><para>Boot from the CD.</para></listitem>
|
<listitem><para>Boot from the CD.</para></listitem>
|
||||||
|
|
||||||
<listitem><para>The CD contains a basic NixOS installation. (It
|
<listitem><para>The CD contains a basic NixOS installation. (It
|
||||||
also contains Memtest86+, useful if you want to test new hardware.)
|
also contains Memtest86+, useful if you want to test new hardware).
|
||||||
When it’s finished booting, it should have detected most of your
|
When it’s finished booting, it should have detected most of your
|
||||||
hardware and brought up networking (check
|
hardware.</para></listitem>
|
||||||
<command>ifconfig</command>). Networking is necessary for the
|
|
||||||
installer, since it will download lots of stuff (such as source
|
|
||||||
tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP
|
|
||||||
server on your network. Otherwise configure networking manually
|
|
||||||
using <command>ifconfig</command>.</para></listitem>
|
|
||||||
|
|
||||||
<listitem><para>The NixOS manual is available on virtual console 8
|
<listitem><para>The NixOS manual is available on virtual console 8
|
||||||
(press Alt+F8 to access).</para></listitem>
|
(press Alt+F8 to access).</para></listitem>
|
||||||
|
@ -29,6 +24,16 @@
|
||||||
<listitem><para>If you downloaded the graphical ISO image, you can
|
<listitem><para>If you downloaded the graphical ISO image, you can
|
||||||
run <command>start display-manager</command> to start KDE.</para></listitem>
|
run <command>start display-manager</command> to start KDE.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>The boot process should have brought up networking (check
|
||||||
|
<command>ip a</command>). Networking is necessary for the
|
||||||
|
installer, since it will download lots of stuff (such as source
|
||||||
|
tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP
|
||||||
|
server on your network. Otherwise configure networking manually
|
||||||
|
using <command>ifconfig</command>.</para>
|
||||||
|
<para>To manually configure the network on the graphical installer,
|
||||||
|
first disable network-manager with
|
||||||
|
<command>systemctl stop network-manager</command>.</para></listitem>
|
||||||
|
|
||||||
<listitem><para>The NixOS installer doesn’t do any partitioning or
|
<listitem><para>The NixOS installer doesn’t do any partitioning or
|
||||||
formatting yet, so you need to that yourself. Use the following
|
formatting yet, so you need to that yourself. Use the following
|
||||||
commands:
|
commands:
|
||||||
|
|
|
@ -8,9 +8,14 @@
|
||||||
|
|
||||||
<para>NixOS ISO images can be downloaded from the <link
|
<para>NixOS ISO images can be downloaded from the <link
|
||||||
xlink:href="http://nixos.org/nixos/download.html">NixOS
|
xlink:href="http://nixos.org/nixos/download.html">NixOS
|
||||||
homepage</link>. These can be burned onto a CD. It is also possible
|
homepage</link>. There are a number of installation options. If
|
||||||
to copy them onto a USB stick and install NixOS from there. For
|
you happen to have an optical drive and a spare CD, burning the
|
||||||
details, see the <link
|
image to CD and booting from that is probably the easiest option.
|
||||||
|
Most people will need to prepare a USB stick to boot from.
|
||||||
|
Unetbootin is recommended and the process is described in brief below.
|
||||||
|
Note that systems which use UEFI require some additional manual steps.
|
||||||
|
If you run into difficulty a number of alternative methods are presented
|
||||||
|
in the <link
|
||||||
xlink:href="https://nixos.org/wiki/Installing_NixOS_from_a_USB_stick">NixOS
|
xlink:href="https://nixos.org/wiki/Installing_NixOS_from_a_USB_stick">NixOS
|
||||||
Wiki</link>.</para>
|
Wiki</link>.</para>
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,7 @@ been built. These channels are:
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Stable channels, such as <literal
|
<para>Stable channels, such as <literal
|
||||||
xlink:href="http://nixos.org/channels/nixos-14.04">nixos-14.04</literal>.
|
xlink:href="https://nixos.org/channels/nixos-14.04">nixos-14.04</literal>.
|
||||||
These only get conservative bug fixes and package upgrades. For
|
These only get conservative bug fixes and package upgrades. For
|
||||||
instance, a channel update may cause the Linux kernel on your
|
instance, a channel update may cause the Linux kernel on your
|
||||||
system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
|
system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
|
||||||
|
@ -26,7 +26,7 @@ been built. These channels are:
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The unstable channel, <literal
|
<para>The unstable channel, <literal
|
||||||
xlink:href="http://nixos.org/channels/nixos-unstable">nixos-unstable</literal>.
|
xlink:href="https://nixos.org/channels/nixos-unstable">nixos-unstable</literal>.
|
||||||
This corresponds to NixOS’s main development branch, and may thus
|
This corresponds to NixOS’s main development branch, and may thus
|
||||||
see radical changes between channel updates. It’s not recommended
|
see radical changes between channel updates. It’s not recommended
|
||||||
for production systems.</para>
|
for production systems.</para>
|
||||||
|
@ -34,7 +34,7 @@ been built. These channels are:
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
To see what channels are available, go to <link
|
To see what channels are available, go to <link
|
||||||
xlink:href="http://nixos.org/channels"/>. (Note that the URIs of the
|
xlink:href="https://nixos.org/channels"/>. (Note that the URIs of the
|
||||||
various channels redirect to a directory that contains the channel’s
|
various channels redirect to a directory that contains the channel’s
|
||||||
latest version and includes ISO images and VirtualBox
|
latest version and includes ISO images and VirtualBox
|
||||||
appliances.)</para>
|
appliances.)</para>
|
||||||
|
@ -53,20 +53,20 @@ nixos https://nixos.org/channels/nixos-unstable
|
||||||
To switch to a different NixOS channel, do
|
To switch to a different NixOS channel, do
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ nix-channel --add http://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
|
$ nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
(Be sure to include the <literal>nixos</literal> parameter at the
|
(Be sure to include the <literal>nixos</literal> parameter at the
|
||||||
end.) For instance, to use the NixOS 14.04 stable channel:
|
end.) For instance, to use the NixOS 14.04 stable channel:
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ nix-channel --add http://nixos.org/channels/nixos-14.04 nixos
|
$ nix-channel --add https://nixos.org/channels/nixos-14.04 nixos
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
But it you want to live on the bleeding edge:
|
But if you want to live on the bleeding edge:
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ nix-channel --add http://nixos.org/channels/nixos-unstable nixos
|
$ nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
</para>
|
</para>
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
<para>This section lists the release notes for each stable version of NixOS.</para>
|
<para>This section lists the release notes for each stable version of NixOS.</para>
|
||||||
</partintro>
|
</partintro>
|
||||||
|
|
||||||
<xi:include href="rl-1411.xml" />
|
<xi:include href="rl-1412.xml" />
|
||||||
<xi:include href="rl-1404.xml" />
|
<xi:include href="rl-1404.xml" />
|
||||||
<xi:include href="rl-1310.xml" />
|
<xi:include href="rl-1310.xml" />
|
||||||
|
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
||||||
version="5.0"
|
|
||||||
xml:id="sec-release-14.11">
|
|
||||||
|
|
||||||
<title>Release 14.11 (“Caterpillar”, 2014/11/??)</title>
|
|
||||||
|
|
||||||
<para>When upgrading from a previous release, please be aware of the
|
|
||||||
following incompatible changes:
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
|
|
||||||
<listitem><para>The host side of a container virtual Ethernet pair
|
|
||||||
is now called <literal>ve-<replaceable>container-name</replaceable></literal>
|
|
||||||
rather than <literal>c-<replaceable>container-name</replaceable></literal>.</para></listitem>
|
|
||||||
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
</para>
|
|
||||||
|
|
||||||
</chapter>
|
|
167
nixos/doc/manual/release-notes/rl-1412.xml
Normal file
167
nixos/doc/manual/release-notes/rl-1412.xml
Normal file
|
@ -0,0 +1,167 @@
|
||||||
|
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||||
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||||
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
|
version="5.0"
|
||||||
|
xml:id="sec-release-14.12">
|
||||||
|
|
||||||
|
<title>Release 14.12 (“Caterpillar”, 2014/12/??)</title>
|
||||||
|
|
||||||
|
<para>In addition to numerous new and upgraded packages, this release has the following highlights:
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem><para>Systemd has been updated to version 217, which has numerous
|
||||||
|
<link xlink:href="http://lists.freedesktop.org/archives/systemd-devel/2014-October/024662.html">improvements
|
||||||
|
.</link></para></listitem>
|
||||||
|
|
||||||
|
<listitem><para><link xlink:href="http://thread.gmane.org/gmane.linux.distributions.nixos/15165">
|
||||||
|
Nix has been updated to 1.8.</link></para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>NixOS is now based on Glibc 2.20.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>KDE has been updated to 4.14.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>The default Linux kernel has been updated to 3.14.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para><option>users.mutableUsers</option> set to <literal>true</literal> now respect any changes
|
||||||
|
made after initial creation of a user or a group.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
</itemizedlist></para>
|
||||||
|
|
||||||
|
<para>Following new services were added since the last release:
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem><para>parallels-guest</para></listitem>
|
||||||
|
<listitem><para>docker</para></listitem>
|
||||||
|
<listitem><para>lxc</para></listitem>
|
||||||
|
<listitem><para>openvswitch</para></listitem>
|
||||||
|
<listitem><para>fluxbox</para></listitem>
|
||||||
|
<listitem><para>bspwm</para></listitem>
|
||||||
|
<listitem><para>gdm</para></listitem>
|
||||||
|
<listitem><para>fcgiwrap</para></listitem>
|
||||||
|
<listitem><para>peerflix</para></listitem>
|
||||||
|
<listitem><para>fail2ban</para></listitem>
|
||||||
|
<listitem><para>chronos</para></listitem>
|
||||||
|
<listitem><para>znc</para></listitem>
|
||||||
|
<listitem><para>unifi</para></listitem>
|
||||||
|
<listitem><para>teamspeak3</para></listitem>
|
||||||
|
<listitem><para>strongswan</para></listitem>
|
||||||
|
<listitem><para>seeks</para></listitem>
|
||||||
|
<listitem><para>radicale</para></listitem>
|
||||||
|
<listitem><para>prosody</para></listitem>
|
||||||
|
<listitem><para>polipo</para></listitem>
|
||||||
|
<listitem><para>openntpd</para></listitem>
|
||||||
|
<listitem><para>nsd</para></listitem>
|
||||||
|
<listitem><para>mailpile</para></listitem>
|
||||||
|
<listitem><para>i2pd</para></listitem>
|
||||||
|
<listitem><para>dnscrypt-proxy</para></listitem>
|
||||||
|
<listitem><para>consul</para></listitem>
|
||||||
|
<listitem><para>atftpd</para></listitem>
|
||||||
|
<listitem><para>scollector</para></listitem>
|
||||||
|
<listitem><para>collectd</para></listitem>
|
||||||
|
<listitem><para>bosun</para></listitem>
|
||||||
|
<listitem><para>riemann</para></listitem>
|
||||||
|
<listitem><para>zookeeper</para></listitem>
|
||||||
|
<listitem><para>uhub</para></listitem>
|
||||||
|
<listitem><para>siproxd</para></listitem>
|
||||||
|
<listitem><para>redmine</para></listitem>
|
||||||
|
<listitem><para>phd</para></listitem>
|
||||||
|
<listitem><para>mesos</para></listitem>
|
||||||
|
<listitem><para>gitlab</para></listitem>
|
||||||
|
<listitem><para>gitolite</para></listitem>
|
||||||
|
<listitem><para>etcd</para></listitem>
|
||||||
|
<listitem><para>docker-registry</para></listitem>
|
||||||
|
<listitem><para>cpuminer-cryptonight</para></listitem>
|
||||||
|
<listitem><para>thermald</para></listitem>
|
||||||
|
<listitem><para>mlmmj</para></listitem>
|
||||||
|
<listitem><para>tcsd</para></listitem>
|
||||||
|
<listitem><para>gnome3.seahorse</para></listitem>
|
||||||
|
<listitem><para>gnome3.gvfs</para></listitem>
|
||||||
|
<listitem><para>gnome3.gnome-online-miners</para></listitem>
|
||||||
|
<listitem><para>gnome3.gnome-documents</para></listitem>
|
||||||
|
<listitem><para>geoclue2</para></listitem>
|
||||||
|
<listitem><para>opentsdb</para></listitem>
|
||||||
|
<listitem><para>neo4j</para></listitem>
|
||||||
|
<listitem><para>monetdb</para></listitem>
|
||||||
|
<listitem><para>influxdb</para></listitem>
|
||||||
|
<listitem><para>hbase</para></listitem>
|
||||||
|
<listitem><para>torque/mrom</para></listitem>
|
||||||
|
<listitem><para>torque/server</para></listitem>
|
||||||
|
<listitem><para>kubernetes</para></listitem>
|
||||||
|
<listitem><para>fleet</para></listitem>
|
||||||
|
<listitem><para>crashplan</para></listitem>
|
||||||
|
<listitem><para>mopidy</para></listitem>
|
||||||
|
<listitem><para>liquidsoap</para></listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>When upgrading from a previous release, please be aware of the
|
||||||
|
following incompatible changes:
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem><para>The default version of Apache httpd is now 2.4. If
|
||||||
|
you use the <option>extraConfig</option> option to pass literal
|
||||||
|
Apache configuration text, you may need to update it — see <link
|
||||||
|
xlink:href="http://httpd.apache.org/docs/2.4/upgrading.html">Apache’s
|
||||||
|
documentation</link> for details. If you wish to continue to use
|
||||||
|
httpd 2.2, add the following line to your NixOS configuration:
|
||||||
|
|
||||||
|
rogramlisting>
|
||||||
|
rvices.httpd.package = pkgs.apacheHttpd_2_2;
|
||||||
|
programlisting>
|
||||||
|
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>PHP 5.3 has been removed because it is no longer
|
||||||
|
supported by the PHP project. A <link
|
||||||
|
xlink:href="http://php.net/migration54">migration guide</link> is
|
||||||
|
available.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>The host side of a container virtual Ethernet pair
|
||||||
|
is now called <literal>ve-<replaceable>container-name</replaceable></literal>
|
||||||
|
rather than <literal>c-<replaceable>container-name</replaceable></literal>.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>GNOME 3.10 support has been dropped. The default GNOME version is now 3.12.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>VirtualBox has been upgraded to 4.3.20 release. Users may be required to run
|
||||||
|
<command>rm -rf /tmp.vbox*</command>. <literal>imports = [ <nixpkgs/nixos/modules/programs/virtualbox.nix> ]</literal>
|
||||||
|
is no longer necessary, use <literal>services.virtualboxHost.enable = true</literal> instead.
|
||||||
|
</para>
|
||||||
|
<para>Also, hardening mode is now enabled by default, which means that unless you want to use
|
||||||
|
USB support, you no longer need to be a member of the <literal>vboxusers</literal> group.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>Chromium has been updated to 39.0.2171.65. <option>enablePepperPDF</option> is now enabled by default.
|
||||||
|
<literal>chromium*Wrapper</literal> packages no longer exist, because upstream removed NSAPI support.
|
||||||
|
<literal>chromium-stable</literal> has been renamed to <literal>chromium</literal>.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>Python packaging documentation is now part of nixpkgs manual. To override
|
||||||
|
the python packages available to a custom python you now use <literal>pkgs.pythonFull.buildEnv.override</literal>
|
||||||
|
instead of <literal>pkgs.pythonFull.override</literal>.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para><literal>boot.resumeDevice = "8:6"</literal> is no longer supported. Most users will
|
||||||
|
want to leave it undefined, which takes the swap partitions automatically. There is an evaluation
|
||||||
|
assertion to ensure that the string starts with a slash.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>The system-wide default timezone for NixOS installations
|
||||||
|
changed from <literal>CET</literal> to <literal>UTC</literal>. To choose
|
||||||
|
a different timezone for your system, configure
|
||||||
|
<literal>time.timeZone</literal> in
|
||||||
|
<literal>configuration.nix</literal>. A fairly complete list of possible
|
||||||
|
values for that setting is available at <link
|
||||||
|
xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"/>.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>GNU screen has been updated to 4.2.1, which breaks
|
||||||
|
the ability to connect to sessions created by older versions of
|
||||||
|
screen.</para></listitem>
|
||||||
|
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</chapter>
|
|
@ -11,15 +11,16 @@
|
||||||
, prefix ? []
|
, prefix ? []
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system; in
|
let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system;
|
||||||
|
extraModules = let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH";
|
||||||
rec {
|
in if e == "" then [] else [(import (builtins.toPath e))];
|
||||||
|
in rec {
|
||||||
|
|
||||||
# Merge the option definitions in all modules, forming the full
|
# Merge the option definitions in all modules, forming the full
|
||||||
# system configuration.
|
# system configuration.
|
||||||
inherit (pkgs.lib.evalModules {
|
inherit (pkgs.lib.evalModules {
|
||||||
inherit prefix;
|
inherit prefix;
|
||||||
modules = modules ++ baseModules;
|
modules = modules ++ extraModules ++ baseModules;
|
||||||
args = extraArgs;
|
args = extraArgs;
|
||||||
check = check && options.environment.checkConfigurationOptions.value;
|
check = check && options.environment.checkConfigurationOptions.value;
|
||||||
}) config options;
|
}) config options;
|
||||||
|
|
|
@ -16,6 +16,9 @@
|
||||||
# symlink to `object' that will be added to the tarball.
|
# symlink to `object' that will be added to the tarball.
|
||||||
storeContents ? []
|
storeContents ? []
|
||||||
|
|
||||||
|
# Extra commands to be executed before archiving files
|
||||||
|
, extraCommands ? ""
|
||||||
|
|
||||||
# Extra tar arguments
|
# Extra tar arguments
|
||||||
, extraArgs ? ""
|
, extraArgs ? ""
|
||||||
}:
|
}:
|
||||||
|
@ -25,7 +28,7 @@ stdenv.mkDerivation {
|
||||||
builder = ./make-system-tarball.sh;
|
builder = ./make-system-tarball.sh;
|
||||||
buildInputs = [perl xz];
|
buildInputs = [perl xz];
|
||||||
|
|
||||||
inherit fileName pathsFromGraph extraArgs;
|
inherit fileName pathsFromGraph extraArgs extraCommands;
|
||||||
|
|
||||||
# !!! should use XML.
|
# !!! should use XML.
|
||||||
sources = map (x: x.source) contents;
|
sources = map (x: x.source) contents;
|
||||||
|
|
|
@ -33,7 +33,7 @@ for i in $storePaths; do
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
# TODO tar ruxo
|
# TODO tar ruxo
|
||||||
# Also include a manifest of the closures in a format suitable for
|
# Also include a manifest of the closures in a format suitable for
|
||||||
# nix-store --load-db.
|
# nix-store --load-db.
|
||||||
printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration
|
printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration
|
||||||
|
@ -48,6 +48,8 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
$extraCommands
|
||||||
|
|
||||||
mkdir -p $out/tarball
|
mkdir -p $out/tarball
|
||||||
|
|
||||||
tar cvJf $out/tarball/$fileName.tar.xz * $extraArgs
|
tar cvJf $out/tarball/$fileName.tar.xz * $extraArgs
|
||||||
|
|
|
@ -19,7 +19,8 @@ in
|
||||||
{
|
{
|
||||||
imports = [ ./amazon-base-config.nix ];
|
imports = [ ./amazon-base-config.nix ];
|
||||||
ec2.hvm = true;
|
ec2.hvm = true;
|
||||||
boot.loader.grub.device = lib.mkOverride 0 "nodev";
|
boot.loader.grub.device = lib.mkOverride 0 "/dev/xvdg";
|
||||||
|
boot.kernelParams = [ "console=ttyS0" ];
|
||||||
|
|
||||||
boot.initrd.extraUtilsCommands = ''
|
boot.initrd.extraUtilsCommands = ''
|
||||||
cp -v ${pkgs.gawk}/bin/gawk $out/bin/gawk
|
cp -v ${pkgs.gawk}/bin/gawk $out/bin/gawk
|
||||||
|
|
|
@ -19,8 +19,17 @@ parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
instance_type = "m3.medium" if args.hvm else "m1.small"
|
instance_type = "m3.medium" if args.hvm else "m1.small"
|
||||||
ebs_size = 8 if args.hvm else 20
|
|
||||||
|
|
||||||
|
if args.hvm:
|
||||||
|
virtualization_type = "hvm"
|
||||||
|
root_block = "/dev/sda1"
|
||||||
|
image_type = 'hvm'
|
||||||
|
else:
|
||||||
|
virtualization_type = "paravirtual"
|
||||||
|
root_block = "/dev/sda"
|
||||||
|
image_type = 'ebs'
|
||||||
|
|
||||||
|
ebs_size = 20
|
||||||
|
|
||||||
# Start a NixOS machine in the given region.
|
# Start a NixOS machine in the given region.
|
||||||
f = open("ebs-creator-config.nix", "w")
|
f = open("ebs-creator-config.nix", "w")
|
||||||
|
@ -66,7 +75,7 @@ m.run_command("mount {0} /mnt".format(device))
|
||||||
m.run_command("touch /mnt/.ebs")
|
m.run_command("touch /mnt/.ebs")
|
||||||
m.run_command("mkdir -p /mnt/etc/nixos")
|
m.run_command("mkdir -p /mnt/etc/nixos")
|
||||||
|
|
||||||
m.run_command("nix-channel --add http://nixos.org/channels/nixos-{} nixos".format(args.channel))
|
m.run_command("nix-channel --add https://nixos.org/channels/nixos-{} nixos".format(args.channel))
|
||||||
m.run_command("nix-channel --update")
|
m.run_command("nix-channel --update")
|
||||||
|
|
||||||
version = m.run_command("nix-instantiate --eval-only -A lib.nixpkgsVersion '<nixpkgs>'", capture_stdout=True).split(' ')[0].replace('"','').strip()
|
version = m.run_command("nix-instantiate --eval-only -A lib.nixpkgsVersion '<nixpkgs>'", capture_stdout=True).split(' ')[0].replace('"','').strip()
|
||||||
|
@ -76,10 +85,6 @@ if args.hvm:
|
||||||
m.upload_file("./amazon-hvm-config.nix", "/mnt/etc/nixos/configuration.nix")
|
m.upload_file("./amazon-hvm-config.nix", "/mnt/etc/nixos/configuration.nix")
|
||||||
m.upload_file("./amazon-hvm-install-config.nix", "/mnt/etc/nixos/amazon-hvm-install-config.nix")
|
m.upload_file("./amazon-hvm-install-config.nix", "/mnt/etc/nixos/amazon-hvm-install-config.nix")
|
||||||
m.run_command("NIXOS_CONFIG=/etc/nixos/amazon-hvm-install-config.nix nixos-install")
|
m.run_command("NIXOS_CONFIG=/etc/nixos/amazon-hvm-install-config.nix nixos-install")
|
||||||
m.run_command('nix-env -iA nixos.pkgs.grub')
|
|
||||||
m.run_command('cp /nix/store/*-grub-0.97*/lib/grub/i386-pc/* /mnt/boot/grub')
|
|
||||||
m.run_command('echo "(hd1) /dev/xvdg" > device.map')
|
|
||||||
m.run_command('echo -e "root (hd1,0)\nsetup (hd1)" | grub --device-map=device.map --batch')
|
|
||||||
else:
|
else:
|
||||||
m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
|
m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
|
||||||
m.run_command("nixos-install")
|
m.run_command("nixos-install")
|
||||||
|
@ -87,7 +92,7 @@ else:
|
||||||
m.run_command("umount /mnt")
|
m.run_command("umount /mnt")
|
||||||
|
|
||||||
if args.hvm:
|
if args.hvm:
|
||||||
ami_name = "nixos-{0}-x86_64-ebs-hvm".format(version)
|
ami_name = "nixos-{0}-x86_64-hvm".format(version)
|
||||||
description = "NixOS {0} (x86_64; EBS root; hvm)".format(version)
|
description = "NixOS {0} (x86_64; EBS root; hvm)".format(version)
|
||||||
else:
|
else:
|
||||||
ami_name = "nixos-{0}-x86_64-ebs".format(version)
|
ami_name = "nixos-{0}-x86_64-ebs".format(version)
|
||||||
|
@ -102,58 +107,40 @@ def check():
|
||||||
|
|
||||||
m.connect()
|
m.connect()
|
||||||
volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': m.resource_id, 'attachment.device': "/dev/sdg"})[0]
|
volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': m.resource_id, 'attachment.device': "/dev/sdg"})[0]
|
||||||
if args.hvm:
|
|
||||||
instance = m._conn.run_instances( image_id="ami-5f491f36"
|
|
||||||
, instance_type=instance_type
|
|
||||||
, key_name=args.key_name
|
|
||||||
, placement=m.zone
|
|
||||||
, security_groups=["eelco-test"]).instances[0]
|
|
||||||
nixops.util.check_wait(lambda: instance.update() == 'running', max_tries=120)
|
|
||||||
instance.stop()
|
|
||||||
nixops.util.check_wait(lambda: instance.update() == 'stopped', max_tries=120)
|
|
||||||
old_root_volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': instance.id, 'attachment.device': "/dev/sda1"})[0]
|
|
||||||
old_root_volume.detach()
|
|
||||||
volume.detach()
|
|
||||||
nixops.util.check_wait(lambda: volume.update() == 'available', max_tries=120)
|
|
||||||
nixops.util.check_wait(lambda: old_root_volume.update() == 'available', max_tries=120)
|
|
||||||
volume.attach(instance.id, '/dev/sda1')
|
|
||||||
nixops.util.check_wait(lambda: volume.update() == 'in-use', max_tries=120)
|
|
||||||
|
|
||||||
ami_id = m._conn.create_image(instance.id, ami_name, description)
|
# Create a snapshot.
|
||||||
time.sleep(5)
|
snapshot = volume.create_snapshot(description=description)
|
||||||
image = m._conn.get_all_images([ami_id])[0]
|
print >> sys.stderr, "created snapshot {0}".format(snapshot.id)
|
||||||
nixops.util.check_wait(lambda: image.update() == 'available', max_tries=120)
|
|
||||||
instance.terminate()
|
|
||||||
|
|
||||||
else:
|
nixops.util.check_wait(check, max_tries=120)
|
||||||
# Create a snapshot.
|
|
||||||
snapshot = volume.create_snapshot(description=description)
|
|
||||||
print >> sys.stderr, "created snapshot {0}".format(snapshot.id)
|
|
||||||
|
|
||||||
nixops.util.check_wait(check, max_tries=120)
|
m._conn.create_tags([snapshot.id], {'Name': ami_name})
|
||||||
|
|
||||||
m._conn.create_tags([snapshot.id], {'Name': ami_name})
|
if not args.keep: depl.destroy_resources()
|
||||||
|
|
||||||
if not args.keep: depl.destroy_resources()
|
# Register the image.
|
||||||
|
aki = m._conn.get_all_images(filters={'manifest-location': 'ec2*pv-grub-hd0_1.03-x86_64*'})[0]
|
||||||
|
print >> sys.stderr, "using kernel image {0} - {1}".format(aki.id, aki.location)
|
||||||
|
|
||||||
# Register the image.
|
block_map = BlockDeviceMapping()
|
||||||
aki = m._conn.get_all_images(filters={'manifest-location': '*pv-grub-hd0_1.03-x86_64*'})[0]
|
block_map[root_block] = BlockDeviceType(snapshot_id=snapshot.id, delete_on_termination=True, size=ebs_size, volume_type="gp2")
|
||||||
print >> sys.stderr, "using kernel image {0} - {1}".format(aki.id, aki.location)
|
block_map['/dev/sdb'] = BlockDeviceType(ephemeral_name="ephemeral0")
|
||||||
|
block_map['/dev/sdc'] = BlockDeviceType(ephemeral_name="ephemeral1")
|
||||||
|
block_map['/dev/sdd'] = BlockDeviceType(ephemeral_name="ephemeral2")
|
||||||
|
block_map['/dev/sde'] = BlockDeviceType(ephemeral_name="ephemeral3")
|
||||||
|
|
||||||
block_map = BlockDeviceMapping()
|
common_args = dict(
|
||||||
block_map['/dev/sda'] = BlockDeviceType(snapshot_id=snapshot.id, delete_on_termination=True)
|
|
||||||
block_map['/dev/sdb'] = BlockDeviceType(ephemeral_name="ephemeral0")
|
|
||||||
block_map['/dev/sdc'] = BlockDeviceType(ephemeral_name="ephemeral1")
|
|
||||||
block_map['/dev/sdd'] = BlockDeviceType(ephemeral_name="ephemeral2")
|
|
||||||
block_map['/dev/sde'] = BlockDeviceType(ephemeral_name="ephemeral3")
|
|
||||||
|
|
||||||
ami_id = m._conn.register_image(
|
|
||||||
name=ami_name,
|
name=ami_name,
|
||||||
description=description,
|
description=description,
|
||||||
architecture="x86_64",
|
architecture="x86_64",
|
||||||
root_device_name="/dev/sda",
|
root_device_name=root_block,
|
||||||
kernel_id=aki.id,
|
block_device_map=block_map,
|
||||||
block_device_map=block_map)
|
virtualization_type=virtualization_type,
|
||||||
|
delete_root_volume_on_termination=True
|
||||||
|
)
|
||||||
|
if not args.hvm:
|
||||||
|
common_args['kernel_id']=aki.id
|
||||||
|
ami_id = m._conn.register_image(**common_args)
|
||||||
|
|
||||||
print >> sys.stderr, "registered AMI {0}".format(ami_id)
|
print >> sys.stderr, "registered AMI {0}".format(ami_id)
|
||||||
|
|
||||||
|
@ -197,17 +184,12 @@ test_depl.nix_exprs = [os.path.abspath("./ebs-test.nix")]
|
||||||
test_depl.deploy(create_only=True)
|
test_depl.deploy(create_only=True)
|
||||||
test_depl.machines['machine'].run_command("nixos-version")
|
test_depl.machines['machine'].run_command("nixos-version")
|
||||||
|
|
||||||
if args.hvm:
|
|
||||||
image_type = 'hvm'
|
|
||||||
else:
|
|
||||||
image_type = 'ebs'
|
|
||||||
|
|
||||||
# Log the AMI ID.
|
# Log the AMI ID.
|
||||||
f = open("{0}.{1}.ami-id".format(args.region, image_type), "w")
|
f = open("{0}.{1}.ami-id".format(args.region, image_type), "w")
|
||||||
f.write("{0}".format(ami_id))
|
f.write("{0}".format(ami_id))
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
|
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'eu-central-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
|
||||||
if args.region != dest:
|
if args.region != dest:
|
||||||
print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
|
print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
|
||||||
conn = boto.ec2.connect_to_region(dest)
|
conn = boto.ec2.connect_to_region(dest)
|
||||||
|
|
193
nixos/modules/config/fonts/fontconfig-ultimate.nix
Normal file
193
nixos/modules/config/fonts/fontconfig-ultimate.nix
Normal file
|
@ -0,0 +1,193 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
|
let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
options = {
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
|
||||||
|
fontconfig = {
|
||||||
|
|
||||||
|
ultimate = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Enable fontconfig-ultimate settings (formerly known as
|
||||||
|
Infinality). Besides the customizable settings in this NixOS
|
||||||
|
module, fontconfig-ultimate also provides many font-specific
|
||||||
|
rendering tweaks.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
allowBitmaps = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Allow bitmap fonts. Set to <literal>false</literal> to ban all
|
||||||
|
bitmap fonts.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
allowType1 = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Allow Type-1 fonts. Default is <literal>false</literal> because of
|
||||||
|
poor rendering.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
useEmbeddedBitmaps = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''Use embedded bitmaps in fonts like Calibri.'';
|
||||||
|
};
|
||||||
|
|
||||||
|
forceAutohint = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Force use of the TrueType Autohinter. Useful for debugging or
|
||||||
|
free-software purists.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
renderMonoTTFAsBitmap = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''Render some monospace TTF fonts as bitmaps.'';
|
||||||
|
};
|
||||||
|
|
||||||
|
substitutions = mkOption {
|
||||||
|
type = types.str // {
|
||||||
|
check = flip elem ["none" "free" "combi" "ms"];
|
||||||
|
};
|
||||||
|
default = "free";
|
||||||
|
description = ''
|
||||||
|
Font substitutions to replace common Type 1 fonts with nicer
|
||||||
|
TrueType fonts. <literal>free</literal> uses free fonts,
|
||||||
|
<literal>ms</literal> uses Microsoft fonts,
|
||||||
|
<literal>combi</literal> uses a combination, and
|
||||||
|
<literal>none</literal> disables the substitutions.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
rendering = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
default = pkgs.fontconfig-ultimate.rendering.ultimate;
|
||||||
|
description = ''
|
||||||
|
FreeType rendering settings presets. The default is
|
||||||
|
<literal>pkgs.fontconfig-ultimate.rendering.ultimate</literal>.
|
||||||
|
The other available styles are:
|
||||||
|
<literal>ultimate-lighter</literal>,
|
||||||
|
<literal>ultimate-darker</literal>,
|
||||||
|
<literal>ultimate-lightest</literal>,
|
||||||
|
<literal>ultimate-darkest</literal>,
|
||||||
|
<literal>default</literal> (the original Infinality default),
|
||||||
|
<literal>osx</literal>,
|
||||||
|
<literal>ipad</literal>,
|
||||||
|
<literal>ubuntu</literal>,
|
||||||
|
<literal>linux</literal>,
|
||||||
|
<literal>winxplight</literal>,
|
||||||
|
<literal>win7light</literal>,
|
||||||
|
<literal>winxp</literal>,
|
||||||
|
<literal>win7</literal>,
|
||||||
|
<literal>vanilla</literal>,
|
||||||
|
<literal>classic</literal>,
|
||||||
|
<literal>nudge</literal>,
|
||||||
|
<literal>push</literal>,
|
||||||
|
<literal>shove</literal>,
|
||||||
|
<literal>sharpened</literal>,
|
||||||
|
<literal>infinality</literal>. Any of the presets may be
|
||||||
|
customized by editing the attributes. To disable, set this option
|
||||||
|
to the empty attribute set <literal>{}</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
config =
|
||||||
|
let ultimate = config.fonts.fontconfig.ultimate;
|
||||||
|
fontconfigUltimateConf = ''
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
|
||||||
|
<fontconfig>
|
||||||
|
|
||||||
|
${optionalString (!ultimate.allowBitmaps) ''
|
||||||
|
<!-- Reject bitmap fonts -->
|
||||||
|
<selectfont>
|
||||||
|
<rejectfont>
|
||||||
|
<pattern>
|
||||||
|
<patelt name="scalable"><bool>false</bool></patelt>
|
||||||
|
</pattern>
|
||||||
|
</rejectfont>
|
||||||
|
</selectfont>
|
||||||
|
''}
|
||||||
|
|
||||||
|
${optionalString ultimate.allowType1 ''
|
||||||
|
<!-- Reject Type 1 fonts -->
|
||||||
|
<selectfont>
|
||||||
|
<rejectfont>
|
||||||
|
<pattern>
|
||||||
|
<patelt name="fontformat">
|
||||||
|
<string>Type 1</string>
|
||||||
|
</patelt>
|
||||||
|
</pattern>
|
||||||
|
</rejectfont>
|
||||||
|
</selectfont>
|
||||||
|
''}
|
||||||
|
|
||||||
|
<!-- Use embedded bitmaps in fonts like Calibri? -->
|
||||||
|
<match target="font">
|
||||||
|
<edit name="embeddedbitmap" mode="assign">
|
||||||
|
${fcBool ultimate.useEmbeddedBitmaps}
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
|
||||||
|
<!-- Force autohint always -->
|
||||||
|
<match target="font">
|
||||||
|
<edit name="force_autohint" mode="assign">
|
||||||
|
${fcBool ultimate.forceAutohint}
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
|
||||||
|
<!-- Render some monospace TTF fonts as bitmaps -->
|
||||||
|
<match target="pattern">
|
||||||
|
<edit name="bitmap_monospace" mode="assign">
|
||||||
|
${fcBool ultimate.renderMonoTTFAsBitmap}
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
|
||||||
|
${optionalString (ultimate.substitutions != "none") ''
|
||||||
|
<!-- Type 1 font substitutions -->
|
||||||
|
<include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${ultimate.substitutions}</include>
|
||||||
|
''}
|
||||||
|
|
||||||
|
<include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d</include>
|
||||||
|
|
||||||
|
</fontconfig>
|
||||||
|
'';
|
||||||
|
in mkIf (config.fonts.fontconfig.enable && ultimate.enable) {
|
||||||
|
|
||||||
|
environment.etc."fonts/conf.d/52-fontconfig-ultimate.conf" = {
|
||||||
|
text = fontconfigUltimateConf;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/52-fontconfig-ultimate.conf" = {
|
||||||
|
text = fontconfigUltimateConf;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.variables = ultimate.rendering;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -8,47 +8,250 @@ with lib;
|
||||||
|
|
||||||
fonts = {
|
fonts = {
|
||||||
|
|
||||||
enableFontConfig = mkOption { # !!! should be enableFontconfig
|
fontconfig = {
|
||||||
type = types.bool;
|
enable = mkOption {
|
||||||
default = true;
|
type = types.bool;
|
||||||
description = ''
|
default = true;
|
||||||
If enabled, a Fontconfig configuration file will be built
|
description = ''
|
||||||
pointing to a set of default fonts. If you don't care about
|
If enabled, a Fontconfig configuration file will be built
|
||||||
running X11 applications or any other program that uses
|
pointing to a set of default fonts. If you don't care about
|
||||||
Fontconfig, you can turn this option off and prevent a
|
running X11 applications or any other program that uses
|
||||||
dependency on all those fonts.
|
Fontconfig, you can turn this option off and prevent a
|
||||||
'';
|
dependency on all those fonts.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
antialias = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = "Enable font antialiasing.";
|
||||||
|
};
|
||||||
|
|
||||||
|
dpi = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 0;
|
||||||
|
description = ''
|
||||||
|
Force DPI setting. Setting to <literal>0</literal> disables DPI
|
||||||
|
forcing; the DPI detected for the display will be used.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
defaultFonts = {
|
||||||
|
monospace = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = ["DejaVu Sans Mono"];
|
||||||
|
description = ''
|
||||||
|
System-wide default monospace font(s). Multiple fonts may be
|
||||||
|
listed in case multiple languages must be supported.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
sansSerif = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = ["DejaVu Sans"];
|
||||||
|
description = ''
|
||||||
|
System-wide default sans serif font(s). Multiple fonts may be
|
||||||
|
listed in case multiple languages must be supported.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
serif = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = ["DejaVu Serif"];
|
||||||
|
description = ''
|
||||||
|
System-wide default serif font(s). Multiple fonts may be listed
|
||||||
|
in case multiple languages must be supported.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hinting = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = "Enable TrueType hinting.";
|
||||||
|
};
|
||||||
|
|
||||||
|
autohint = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Enable the autohinter, which provides hinting for otherwise
|
||||||
|
un-hinted fonts. The results are usually lower quality than
|
||||||
|
correctly-hinted fonts.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
style = mkOption {
|
||||||
|
type = types.str // {
|
||||||
|
check = flip elem ["none" "slight" "medium" "full"];
|
||||||
|
};
|
||||||
|
default = "full";
|
||||||
|
description = ''
|
||||||
|
TrueType hinting style, one of <literal>none</literal>,
|
||||||
|
<literal>slight</literal>, <literal>medium</literal>, or
|
||||||
|
<literal>full</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
includeUserConf = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Include the user configuration from
|
||||||
|
<filename>~/.config/fontconfig/fonts.conf</filename> or
|
||||||
|
<filename>~/.config/fontconfig/conf.d</filename>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
subpixel = {
|
||||||
|
|
||||||
|
rgba = mkOption {
|
||||||
|
type = types.string // {
|
||||||
|
check = flip elem ["rgb" "bgr" "vrgb" "vbgr" "none"];
|
||||||
|
};
|
||||||
|
default = "rgb";
|
||||||
|
description = ''
|
||||||
|
Subpixel order, one of <literal>none</literal>,
|
||||||
|
<literal>rgb</literal>, <literal>bgr</literal>,
|
||||||
|
<literal>vrgb</literal>, or <literal>vbgr</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
lcdfilter = mkOption {
|
||||||
|
type = types.str // {
|
||||||
|
check = flip elem ["none" "default" "light" "legacy"];
|
||||||
|
};
|
||||||
|
default = "default";
|
||||||
|
description = ''
|
||||||
|
FreeType LCD filter, one of <literal>none</literal>,
|
||||||
|
<literal>default</literal>, <literal>light</literal>, or
|
||||||
|
<literal>legacy</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
config =
|
||||||
|
let fontconfig = config.fonts.fontconfig;
|
||||||
|
fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
|
||||||
|
nixosConf = ''
|
||||||
|
<?xml version='1.0'?>
|
||||||
|
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
|
||||||
|
<fontconfig>
|
||||||
|
|
||||||
config = mkIf config.fonts.enableFontConfig {
|
<!-- Default rendering settings -->
|
||||||
|
<match target="font">
|
||||||
|
<edit mode="assign" name="hinting">
|
||||||
|
${fcBool fontconfig.hinting.enable}
|
||||||
|
</edit>
|
||||||
|
<edit mode="assign" name="autohint">
|
||||||
|
${fcBool fontconfig.hinting.autohint}
|
||||||
|
</edit>
|
||||||
|
<edit mode="assign" name="hintstyle">
|
||||||
|
<const>hint${fontconfig.hinting.style}</const>
|
||||||
|
</edit>
|
||||||
|
<edit mode="assign" name="antialias">
|
||||||
|
${fcBool fontconfig.antialias}
|
||||||
|
</edit>
|
||||||
|
<edit mode="assign" name="rgba">
|
||||||
|
<const>${fontconfig.subpixel.rgba}</const>
|
||||||
|
</edit>
|
||||||
|
<edit mode="assign" name="lcdfilter">
|
||||||
|
<const>lcd${fontconfig.subpixel.lcdfilter}</const>
|
||||||
|
</edit>
|
||||||
|
</match>
|
||||||
|
|
||||||
# Bring in the default (upstream) fontconfig configuration.
|
<!-- Default fonts -->
|
||||||
environment.etc."fonts/fonts.conf".source =
|
${optionalString (fontconfig.defaultFonts.sansSerif != []) ''
|
||||||
pkgs.makeFontsConf { fontDirectories = config.fonts.fonts; };
|
<alias>
|
||||||
|
<family>sans-serif</family>
|
||||||
|
<prefer>
|
||||||
|
${concatStringsSep "\n"
|
||||||
|
(map (font: "<family>${font}</family>")
|
||||||
|
fontconfig.defaultFonts.sansSerif)}
|
||||||
|
</prefer>
|
||||||
|
</alias>
|
||||||
|
''}
|
||||||
|
${optionalString (fontconfig.defaultFonts.serif != []) ''
|
||||||
|
<alias>
|
||||||
|
<family>serif</family>
|
||||||
|
<prefer>
|
||||||
|
${concatStringsSep "\n"
|
||||||
|
(map (font: "<family>${font}</family>")
|
||||||
|
fontconfig.defaultFonts.serif)}
|
||||||
|
</prefer>
|
||||||
|
</alias>
|
||||||
|
''}
|
||||||
|
${optionalString (fontconfig.defaultFonts.monospace != []) ''
|
||||||
|
<alias>
|
||||||
|
<family>monospace</family>
|
||||||
|
<prefer>
|
||||||
|
${concatStringsSep "\n"
|
||||||
|
(map (font: "<family>${font}</family>")
|
||||||
|
fontconfig.defaultFonts.monospace)}
|
||||||
|
</prefer>
|
||||||
|
</alias>
|
||||||
|
''}
|
||||||
|
|
||||||
environment.etc."fonts/conf.d/00-nixos.conf".text =
|
${optionalString (fontconfig.dpi != 0) ''
|
||||||
''
|
<match target="pattern">
|
||||||
<?xml version='1.0'?>
|
<edit name="dpi" mode="assign">
|
||||||
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
|
<double>${fontconfig.dpi}</double>
|
||||||
<fontconfig>
|
</edit>
|
||||||
|
</match>
|
||||||
|
''}
|
||||||
|
|
||||||
<!-- Set the default hinting style to "slight". -->
|
</fontconfig>
|
||||||
<match target="font">
|
'';
|
||||||
<edit mode="assign" name="hintstyle">
|
in mkIf fontconfig.enable {
|
||||||
<const>hintslight</const>
|
|
||||||
</edit>
|
|
||||||
</match>
|
|
||||||
|
|
||||||
</fontconfig>
|
# Fontconfig 2.10 backward compatibility
|
||||||
'';
|
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.fontconfig ];
|
# Bring in the default (upstream) fontconfig configuration, only for fontconfig 2.10
|
||||||
|
environment.etc."fonts/fonts.conf".source =
|
||||||
|
pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
|
||||||
|
|
||||||
};
|
environment.etc."fonts/conf.d/98-nixos.conf".text = nixosConf;
|
||||||
|
|
||||||
|
# Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig.
|
||||||
|
# Otherwise specify only font directories.
|
||||||
|
environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source =
|
||||||
|
"${pkgs.fontconfig}/etc/fonts/fonts.conf";
|
||||||
|
|
||||||
|
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
|
||||||
|
''
|
||||||
|
<?xml version='1.0'?>
|
||||||
|
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
|
||||||
|
<fontconfig>
|
||||||
|
<!-- Font directories -->
|
||||||
|
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
|
||||||
|
</fontconfig>
|
||||||
|
'';
|
||||||
|
|
||||||
|
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/98-nixos.conf".text = nixosConf;
|
||||||
|
|
||||||
|
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/99-user.conf" = {
|
||||||
|
enable = fontconfig.includeUserConf;
|
||||||
|
text = ''
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
|
||||||
|
<fontconfig>
|
||||||
|
<include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
|
||||||
|
<include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
|
||||||
|
</fontconfig>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.fontconfig ];
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,14 +13,6 @@ with lib;
|
||||||
type = types.listOf types.path;
|
type = types.listOf types.path;
|
||||||
example = literalExample "[ pkgs.dejavu_fonts ]";
|
example = literalExample "[ pkgs.dejavu_fonts ]";
|
||||||
description = "List of primary font paths.";
|
description = "List of primary font paths.";
|
||||||
apply = list: list ++
|
|
||||||
[ # - the user's current profile
|
|
||||||
"~/.nix-profile/lib/X11/fonts"
|
|
||||||
"~/.nix-profile/share/fonts"
|
|
||||||
# - the default profile
|
|
||||||
"/nix/var/nix/profiles/default/lib/X11/fonts"
|
|
||||||
"/nix/var/nix/profiles/default/share/fonts"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -33,7 +25,7 @@ with lib;
|
||||||
[ pkgs.xorg.fontbhttf
|
[ pkgs.xorg.fontbhttf
|
||||||
pkgs.xorg.fontbhlucidatypewriter100dpi
|
pkgs.xorg.fontbhlucidatypewriter100dpi
|
||||||
pkgs.xorg.fontbhlucidatypewriter75dpi
|
pkgs.xorg.fontbhlucidatypewriter75dpi
|
||||||
pkgs.ttf_bitstream_vera
|
pkgs.dejavu_fonts
|
||||||
pkgs.freefont_ttf
|
pkgs.freefont_ttf
|
||||||
pkgs.liberation_ttf
|
pkgs.liberation_ttf
|
||||||
pkgs.xorg.fontbh100dpi
|
pkgs.xorg.fontbh100dpi
|
||||||
|
|
|
@ -39,6 +39,73 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.proxy = {
|
||||||
|
|
||||||
|
default = lib.mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
|
||||||
|
'';
|
||||||
|
example = "http://127.0.0.1:3128";
|
||||||
|
};
|
||||||
|
|
||||||
|
httpProxy = lib.mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = cfg.proxy.default;
|
||||||
|
description = ''
|
||||||
|
This option specifies the http_proxy environment variable.
|
||||||
|
'';
|
||||||
|
example = "http://127.0.0.1:3128";
|
||||||
|
};
|
||||||
|
|
||||||
|
httpsProxy = lib.mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = cfg.proxy.default;
|
||||||
|
description = ''
|
||||||
|
This option specifies the https_proxy environment variable.
|
||||||
|
'';
|
||||||
|
example = "http://127.0.0.1:3128";
|
||||||
|
};
|
||||||
|
|
||||||
|
ftpProxy = lib.mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = cfg.proxy.default;
|
||||||
|
description = ''
|
||||||
|
This option specifies the ftp_proxy environment variable.
|
||||||
|
'';
|
||||||
|
example = "http://127.0.0.1:3128";
|
||||||
|
};
|
||||||
|
|
||||||
|
rsyncProxy = lib.mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = cfg.proxy.default;
|
||||||
|
description = ''
|
||||||
|
This option specifies the rsync_proxy environment variable.
|
||||||
|
'';
|
||||||
|
example = "http://127.0.0.1:3128";
|
||||||
|
};
|
||||||
|
|
||||||
|
noProxy = lib.mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
This option specifies the no_proxy environment variable.
|
||||||
|
If a default proxy is used and noProxy is null,
|
||||||
|
then noProxy will be set to 127.0.0.1,localhost.
|
||||||
|
'';
|
||||||
|
example = "127.0.0.1,localhost,.localdomain";
|
||||||
|
};
|
||||||
|
|
||||||
|
envVars = lib.mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
internal = true;
|
||||||
|
default = {};
|
||||||
|
description = ''
|
||||||
|
Environment variables used for the network proxy.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
@ -73,7 +140,7 @@ in
|
||||||
'' + optionalString config.services.nscd.enable ''
|
'' + optionalString config.services.nscd.enable ''
|
||||||
# Invalidate the nscd cache whenever resolv.conf is
|
# Invalidate the nscd cache whenever resolv.conf is
|
||||||
# regenerated.
|
# regenerated.
|
||||||
libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service'
|
libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
|
||||||
'' + optionalString cfg.dnsSingleRequest ''
|
'' + optionalString cfg.dnsSingleRequest ''
|
||||||
# only send one DNS request at a time
|
# only send one DNS request at a time
|
||||||
resolv_conf_options='single-request'
|
resolv_conf_options='single-request'
|
||||||
|
@ -84,13 +151,59 @@ in
|
||||||
dnsmasq_conf=/etc/dnsmasq-conf.conf
|
dnsmasq_conf=/etc/dnsmasq-conf.conf
|
||||||
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
|
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
|
||||||
'';
|
'';
|
||||||
};
|
|
||||||
|
} // (optionalAttrs config.services.resolved.enable (
|
||||||
|
if dnsmasqResolve then {
|
||||||
|
"dnsmasq-resolv.conf".source = "/run/systemd/resolve/resolv.conf";
|
||||||
|
} else {
|
||||||
|
"resolv.conf".source = "/run/systemd/resolve/resolv.conf";
|
||||||
|
}
|
||||||
|
));
|
||||||
|
|
||||||
|
networking.proxy.envVars =
|
||||||
|
optionalAttrs (cfg.proxy.default != null) {
|
||||||
|
# other options already fallback to proxy.default
|
||||||
|
no_proxy = "127.0.0.1,localhost";
|
||||||
|
} // optionalAttrs (cfg.proxy.httpProxy != null) {
|
||||||
|
http_proxy = cfg.proxy.httpProxy;
|
||||||
|
} // optionalAttrs (cfg.proxy.httpsProxy != null) {
|
||||||
|
https_proxy = cfg.proxy.httpsProxy;
|
||||||
|
} // optionalAttrs (cfg.proxy.rsyncProxy != null) {
|
||||||
|
rsync_proxy = cfg.proxy.rsyncProxy;
|
||||||
|
} // optionalAttrs (cfg.proxy.ftpProxy != null) {
|
||||||
|
ftp_proxy = cfg.proxy.ftpProxy;
|
||||||
|
} // optionalAttrs (cfg.proxy.noProxy != null) {
|
||||||
|
no_proxy = cfg.proxy.noProxy;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Install the proxy environment variables
|
||||||
|
environment.sessionVariables = cfg.proxy.envVars;
|
||||||
|
|
||||||
# The ‘ip-up’ target is started when we have IP connectivity. So
|
# The ‘ip-up’ target is started when we have IP connectivity. So
|
||||||
# services that depend on IP connectivity (like ntpd) should be
|
# services that depend on IP connectivity (like ntpd) should be
|
||||||
# pulled in by this target.
|
# pulled in by this target.
|
||||||
systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
|
systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
|
||||||
|
|
||||||
|
# This is needed when /etc/resolv.conf is being overriden by networkd
|
||||||
|
# and other configurations. If the file is destroyed by an environment
|
||||||
|
# activation then it must be rebuilt so that applications which interface
|
||||||
|
# with /etc/resolv.conf directly don't break.
|
||||||
|
system.activationScripts.resolvconf = stringAfter [ "etc" "tmpfs" "var" ]
|
||||||
|
''
|
||||||
|
# Systemd resolved controls its own resolv.conf
|
||||||
|
rm -f /run/resolvconf/interfaces/systemd
|
||||||
|
${optionalString config.services.resolved.enable ''
|
||||||
|
rm -rf /run/resolvconf/interfaces
|
||||||
|
mkdir -p /run/resolvconf/interfaces
|
||||||
|
ln -s /run/systemd/resolve/resolv.conf /run/resolvconf/interfaces/systemd
|
||||||
|
''}
|
||||||
|
|
||||||
|
# Make sure resolv.conf is up to date if not managed by systemd
|
||||||
|
${optionalString (!config.services.resolved.enable) ''
|
||||||
|
${pkgs.openresolv}/bin/resolvconf -u
|
||||||
|
''}
|
||||||
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ with lib;
|
||||||
programs.ssh.setXAuthLocation = false;
|
programs.ssh.setXAuthLocation = false;
|
||||||
security.pam.services.su.forwardXAuth = lib.mkForce false;
|
security.pam.services.su.forwardXAuth = lib.mkForce false;
|
||||||
|
|
||||||
fonts.enableFontConfig = false;
|
fonts.fontconfig.enable = false;
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs:
|
nixpkgs.config.packageOverrides = pkgs:
|
||||||
{ dbus = pkgs.dbus.override { useX11 = false; }; };
|
{ dbus = pkgs.dbus.override { useX11 = false; }; };
|
||||||
|
|
|
@ -35,29 +35,27 @@ in
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
environment.etc =
|
# Name Service Switch configuration file. Required by the C
|
||||||
[ # Name Service Switch configuration file. Required by the C library.
|
# library. !!! Factor out the mdns stuff. The avahi module
|
||||||
# !!! Factor out the mdns stuff. The avahi module should define
|
# should define an option used by this module.
|
||||||
# an option used by this module.
|
environment.etc."nsswitch.conf".text =
|
||||||
{ source = pkgs.writeText "nsswitch.conf"
|
''
|
||||||
''
|
passwd: files ldap
|
||||||
passwd: files ldap
|
group: files ldap
|
||||||
group: files ldap
|
shadow: files ldap
|
||||||
shadow: files ldap
|
hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname mymachines
|
||||||
hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname
|
networks: files dns
|
||||||
networks: files dns
|
ethers: files
|
||||||
ethers: files
|
services: files
|
||||||
services: files
|
protocols: files
|
||||||
protocols: files
|
'';
|
||||||
'';
|
|
||||||
target = "nsswitch.conf";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
# Use nss-myhostname to ensure that our hostname always resolves to
|
# Systemd provides nss-myhostname to ensure that our hostname
|
||||||
# a valid IP address. It returns all locally configured IP
|
# always resolves to a valid IP address. It returns all locally
|
||||||
# addresses, or ::1 and 127.0.0.2 as fallbacks.
|
# configured IP addresses, or ::1 and 127.0.0.2 as
|
||||||
system.nssModules = [ pkgs.systemd ];
|
# fallbacks. Systemd also provides nss-mymachines to return IP
|
||||||
|
# addresses of local containers.
|
||||||
|
system.nssModules = [ config.systemd.package ];
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,10 +14,14 @@ in
|
||||||
time = {
|
time = {
|
||||||
|
|
||||||
timeZone = mkOption {
|
timeZone = mkOption {
|
||||||
default = "CET";
|
default = "UTC";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "America/New_York";
|
example = "America/New_York";
|
||||||
description = "The time zone used when displaying times and dates.";
|
description = ''
|
||||||
|
The time zone used when displaying times and dates. See <link
|
||||||
|
xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"/>
|
||||||
|
for a comprehensive list of possible values for this setting.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
hardwareClockInLocalTime = mkOption {
|
hardwareClockInLocalTime = mkOption {
|
||||||
|
|
|
@ -6,6 +6,15 @@ use JSON;
|
||||||
make_path("/var/lib/nixos", { mode => 0755 });
|
make_path("/var/lib/nixos", { mode => 0755 });
|
||||||
|
|
||||||
|
|
||||||
|
sub hashPassword {
|
||||||
|
my ($password) = @_;
|
||||||
|
my $salt = "";
|
||||||
|
my @chars = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
|
||||||
|
$salt .= $chars[rand 64] for (1..8);
|
||||||
|
return crypt($password, '$6$' . $salt . '$');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
|
# Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
|
||||||
# /etc/login.defs.
|
# /etc/login.defs.
|
||||||
sub allocId {
|
sub allocId {
|
||||||
|
@ -114,7 +123,7 @@ foreach my $g (@{$spec->{groups}}) {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Update the persistent list of declarative groups.
|
# Update the persistent list of declarative groups.
|
||||||
write_file($declGroupsFile, join(" ", sort(keys %groupsOut)));
|
write_file($declGroupsFile, { binmode => ':utf8' }, join(" ", sort(keys %groupsOut)));
|
||||||
|
|
||||||
# Merge in the existing /etc/group.
|
# Merge in the existing /etc/group.
|
||||||
foreach my $name (keys %groupsCur) {
|
foreach my $name (keys %groupsCur) {
|
||||||
|
@ -131,7 +140,7 @@ foreach my $name (keys %groupsCur) {
|
||||||
# Rewrite /etc/group. FIXME: acquire lock.
|
# Rewrite /etc/group. FIXME: acquire lock.
|
||||||
my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
|
my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
|
||||||
(sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
|
(sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
|
||||||
write_file("/etc/group.tmp", @lines);
|
write_file("/etc/group.tmp", { binmode => ':utf8' }, @lines);
|
||||||
rename("/etc/group.tmp", "/etc/group") or die;
|
rename("/etc/group.tmp", "/etc/group") or die;
|
||||||
system("nscd --invalidate group");
|
system("nscd --invalidate group");
|
||||||
|
|
||||||
|
@ -160,6 +169,12 @@ foreach my $u (@{$spec->{users}}) {
|
||||||
} else {
|
} else {
|
||||||
$u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid};
|
$u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid};
|
||||||
|
|
||||||
|
if (defined $u->{initialPassword}) {
|
||||||
|
$u->{hashedPassword} = hashPassword($u->{initialPassword});
|
||||||
|
} elsif (defined $u->{initialHashedPassword}) {
|
||||||
|
$u->{hashedPassword} = $u->{initialHashedPassword};
|
||||||
|
}
|
||||||
|
|
||||||
# Create a home directory.
|
# Create a home directory.
|
||||||
if ($u->{createHome}) {
|
if ($u->{createHome}) {
|
||||||
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
|
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
|
||||||
|
@ -174,6 +189,8 @@ foreach my $u (@{$spec->{users}}) {
|
||||||
} else {
|
} else {
|
||||||
warn "warning: password file ‘$u->{passwordFile}’ does not exist\n";
|
warn "warning: password file ‘$u->{passwordFile}’ does not exist\n";
|
||||||
}
|
}
|
||||||
|
} elsif (defined $u->{password}) {
|
||||||
|
$u->{hashedPassword} = hashPassword($u->{password});
|
||||||
}
|
}
|
||||||
|
|
||||||
$u->{fakePassword} = $existing->{fakePassword} // "x";
|
$u->{fakePassword} = $existing->{fakePassword} // "x";
|
||||||
|
@ -181,7 +198,7 @@ foreach my $u (@{$spec->{users}}) {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Update the persistent list of declarative users.
|
# Update the persistent list of declarative users.
|
||||||
write_file($declUsersFile, join(" ", sort(keys %usersOut)));
|
write_file($declUsersFile, { binmode => ':utf8' }, join(" ", sort(keys %usersOut)));
|
||||||
|
|
||||||
# Merge in the existing /etc/passwd.
|
# Merge in the existing /etc/passwd.
|
||||||
foreach my $name (keys %usersCur) {
|
foreach my $name (keys %usersCur) {
|
||||||
|
@ -197,7 +214,7 @@ foreach my $name (keys %usersCur) {
|
||||||
# Rewrite /etc/passwd. FIXME: acquire lock.
|
# Rewrite /etc/passwd. FIXME: acquire lock.
|
||||||
@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
|
@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
|
||||||
(sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
|
(sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
|
||||||
write_file("/etc/passwd.tmp", @lines);
|
write_file("/etc/passwd.tmp", { binmode => ':utf8' }, @lines);
|
||||||
rename("/etc/passwd.tmp", "/etc/passwd") or die;
|
rename("/etc/passwd.tmp", "/etc/passwd") or die;
|
||||||
system("nscd --invalidate passwd");
|
system("nscd --invalidate passwd");
|
||||||
|
|
||||||
|
@ -208,32 +225,22 @@ my %shadowSeen;
|
||||||
|
|
||||||
foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) {
|
foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) {
|
||||||
chomp $line;
|
chomp $line;
|
||||||
my ($name, $password, @rest) = split(':', $line, -9);
|
my ($name, $hashedPassword, @rest) = split(':', $line, -9);
|
||||||
my $u = $usersOut{$name};;
|
my $u = $usersOut{$name};;
|
||||||
next if !defined $u;
|
next if !defined $u;
|
||||||
$password = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
|
$hashedPassword = "!" if !$spec->{mutableUsers};
|
||||||
push @shadowNew, join(":", $name, $password, @rest) . "\n";
|
$hashedPassword = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
|
||||||
|
push @shadowNew, join(":", $name, $hashedPassword, @rest) . "\n";
|
||||||
$shadowSeen{$name} = 1;
|
$shadowSeen{$name} = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach my $u (values %usersOut) {
|
foreach my $u (values %usersOut) {
|
||||||
next if defined $shadowSeen{$u->{name}};
|
next if defined $shadowSeen{$u->{name}};
|
||||||
my $password = "!";
|
my $hashedPassword = "!";
|
||||||
$password = $u->{hashedPassword} if defined $u->{hashedPassword};
|
$hashedPassword = $u->{hashedPassword} if defined $u->{hashedPassword};
|
||||||
# FIXME: set correct value for sp_lstchg.
|
# FIXME: set correct value for sp_lstchg.
|
||||||
push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n";
|
push @shadowNew, join(":", $u->{name}, $hashedPassword, "1::::::") . "\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew);
|
write_file("/etc/shadow.tmp", { binmode => ':utf8', perms => 0600 }, @shadowNew);
|
||||||
rename("/etc/shadow.tmp", "/etc/shadow") or die;
|
rename("/etc/shadow.tmp", "/etc/shadow") or die;
|
||||||
|
|
||||||
|
|
||||||
# Call chpasswd to apply password. FIXME: generate the hashes directly
|
|
||||||
# and merge into the /etc/shadow updating above.
|
|
||||||
foreach my $u (@{$spec->{users}}) {
|
|
||||||
if (defined $u->{password}) {
|
|
||||||
my $pid = open(PW, "| chpasswd") or die;
|
|
||||||
print PW "$u->{name}:$u->{password}\n";
|
|
||||||
close PW or die "unable to change password of user ‘$u->{name}’: $?\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -8,19 +8,19 @@ let
|
||||||
cfg = config.users;
|
cfg = config.users;
|
||||||
|
|
||||||
passwordDescription = ''
|
passwordDescription = ''
|
||||||
The options <literal>hashedPassword</literal>,
|
The options <option>hashedPassword</option>,
|
||||||
<literal>password</literal> and <literal>passwordFile</literal>
|
<option>password</option> and <option>passwordFile</option>
|
||||||
controls what password is set for the user.
|
controls what password is set for the user.
|
||||||
<literal>hashedPassword</literal> overrides both
|
<option>hashedPassword</option> overrides both
|
||||||
<literal>password</literal> and <literal>passwordFile</literal>.
|
<option>password</option> and <option>passwordFile</option>.
|
||||||
<literal>password</literal> overrides <literal>passwordFile</literal>.
|
<option>password</option> overrides <option>passwordFile</option>.
|
||||||
If none of these three options are set, no password is assigned to
|
If none of these three options are set, no password is assigned to
|
||||||
the user, and the user will not be able to do password logins.
|
the user, and the user will not be able to do password logins.
|
||||||
If the option <literal>users.mutableUsers</literal> is true, the
|
If the option <option>users.mutableUsers</option> is true, the
|
||||||
password defined in one of the three options will only be set when
|
password defined in one of the three options will only be set when
|
||||||
the user is created for the first time. After that, you are free to
|
the user is created for the first time. After that, you are free to
|
||||||
change the password with the ordinary user management commands. If
|
change the password with the ordinary user management commands. If
|
||||||
<literal>users.mutableUsers</literal> is false, you cannot change
|
<option>users.mutableUsers</option> is false, you cannot change
|
||||||
user passwords, they will always be set according to the password
|
user passwords, they will always be set according to the password
|
||||||
options.
|
options.
|
||||||
'';
|
'';
|
||||||
|
@ -155,7 +155,7 @@ let
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
If true, the user's shell will be set to
|
If true, the user's shell will be set to
|
||||||
<literal>cfg.defaultUserShell</literal>.
|
<option>users.defaultUserShell</option>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -163,7 +163,7 @@ let
|
||||||
type = with types; uniq (nullOr str);
|
type = with types; uniq (nullOr str);
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
Specifies the (hashed) password for the user.
|
Specifies the hashed password for the user.
|
||||||
${passwordDescription}
|
${passwordDescription}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -191,6 +191,37 @@ let
|
||||||
${passwordDescription}
|
${passwordDescription}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
initialHashedPassword = mkOption {
|
||||||
|
type = with types; uniq (nullOr str);
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Specifies the initial hashed password for the user, i.e. the
|
||||||
|
hashed password assigned if the user does not already
|
||||||
|
exist. If <option>users.mutableUsers</option> is true, the
|
||||||
|
password can be changed subsequently using the
|
||||||
|
<command>passwd</command> command. Otherwise, it's
|
||||||
|
equivalent to setting the <option>password</option> option.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
initialPassword = mkOption {
|
||||||
|
type = with types; uniq (nullOr str);
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Specifies the initial password for the user, i.e. the
|
||||||
|
password assigned if the user does not already exist. If
|
||||||
|
<option>users.mutableUsers</option> is true, the password
|
||||||
|
can be changed subsequently using the
|
||||||
|
<command>passwd</command> command. Otherwise, it's
|
||||||
|
equivalent to setting the <option>password</option>
|
||||||
|
option. The same caveat applies: the password specified here
|
||||||
|
is world-readable in the Nix store, so it should only be
|
||||||
|
used for guest accounts or passwords that will be changed
|
||||||
|
promptly.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkMerge
|
config = mkMerge
|
||||||
|
@ -204,6 +235,14 @@ let
|
||||||
useDefaultShell = mkDefault true;
|
useDefaultShell = mkDefault true;
|
||||||
isSystemUser = mkDefault false;
|
isSystemUser = mkDefault false;
|
||||||
})
|
})
|
||||||
|
# If !mutableUsers, setting ‘initialPassword’ is equivalent to
|
||||||
|
# setting ‘password’ (and similarly for hashed passwords).
|
||||||
|
(mkIf (!cfg.mutableUsers && config.initialPassword != null) {
|
||||||
|
password = mkDefault config.initialPassword;
|
||||||
|
})
|
||||||
|
(mkIf (!cfg.mutableUsers && config.initialHashedPassword != null) {
|
||||||
|
hashedPassword = mkDefault config.initialHashedPassword;
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -306,7 +345,8 @@ let
|
||||||
users = mapAttrsToList (n: u:
|
users = mapAttrsToList (n: u:
|
||||||
{ inherit (u)
|
{ inherit (u)
|
||||||
name uid group description home shell createHome isSystemUser
|
name uid group description home shell createHome isSystemUser
|
||||||
password passwordFile hashedPassword;
|
password passwordFile hashedPassword
|
||||||
|
initialPassword initialHashedPassword;
|
||||||
}) cfg.extraUsers;
|
}) cfg.extraUsers;
|
||||||
groups = mapAttrsToList (n: g:
|
groups = mapAttrsToList (n: g:
|
||||||
{ inherit (g) name gid;
|
{ inherit (g) name gid;
|
||||||
|
@ -386,24 +426,12 @@ in {
|
||||||
options = [ groupOpts ];
|
options = [ groupOpts ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# FIXME: obsolete - will remove.
|
||||||
security.initialRootPassword = mkOption {
|
security.initialRootPassword = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "!";
|
default = "!";
|
||||||
example = "";
|
example = "";
|
||||||
description = ''
|
visible = false;
|
||||||
The (hashed) password for the root account set on initial
|
|
||||||
installation. The empty string denotes that root can login
|
|
||||||
locally without a password (but not via remote services such
|
|
||||||
as SSH, or indirectly via <command>su</command> or
|
|
||||||
<command>sudo</command>). The string <literal>!</literal>
|
|
||||||
prevents root from logging in using a password.
|
|
||||||
Note that setting this option sets
|
|
||||||
<literal>users.extraUsers.root.hashedPassword</literal>.
|
|
||||||
Also, if <literal>users.mutableUsers</literal> is false
|
|
||||||
you cannot change the root password manually, so in that case
|
|
||||||
the name of this option is a bit misleading, since it will define
|
|
||||||
the root password beyond the user initialisation phase.
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -421,7 +449,7 @@ in {
|
||||||
shell = mkDefault cfg.defaultUserShell;
|
shell = mkDefault cfg.defaultUserShell;
|
||||||
group = "root";
|
group = "root";
|
||||||
extraGroups = [ "grsecurity" ];
|
extraGroups = [ "grsecurity" ];
|
||||||
hashedPassword = mkDefault config.security.initialRootPassword;
|
initialHashedPassword = mkDefault config.security.initialRootPassword;
|
||||||
};
|
};
|
||||||
nobody = {
|
nobody = {
|
||||||
uid = ids.uids.nobody;
|
uid = ids.uids.nobody;
|
||||||
|
|
|
@ -12,7 +12,8 @@ with lib;
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
description = ''
|
description = ''
|
||||||
Turn on this option if you want to enable all the firmware shipped with Debian/Ubuntu.
|
Turn on this option if you want to enable all the firmware shipped with Debian/Ubuntu
|
||||||
|
and iwlwifi.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -22,7 +23,11 @@ with lib;
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf config.hardware.enableAllFirmware {
|
config = mkIf config.hardware.enableAllFirmware {
|
||||||
hardware.firmware = [ "${pkgs.firmwareLinuxNonfree}/lib/firmware" ];
|
hardware.firmware = [
|
||||||
|
"${pkgs.firmwareLinuxNonfree}/lib/firmware"
|
||||||
|
"${pkgs.iwlegacy}/lib/firmware"
|
||||||
|
"${pkgs.iwlwifi}/lib/firmware"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,6 @@ let
|
||||||
[ p.mesa_drivers
|
[ p.mesa_drivers
|
||||||
p.mesa_noglu # mainly for libGL
|
p.mesa_noglu # mainly for libGL
|
||||||
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
|
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
|
||||||
p.udev
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ with lib;
|
||||||
boot.kernelModules = [ "bbswitch" ];
|
boot.kernelModules = [ "bbswitch" ];
|
||||||
boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ];
|
boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ];
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.bumblebee ];
|
environment.systemPackages = [ pkgs.bumblebee pkgs.primus ];
|
||||||
|
|
||||||
systemd.services.bumblebeed = {
|
systemd.services.bumblebeed = {
|
||||||
description = "Bumblebee Hybrid Graphics Switcher";
|
description = "Bumblebee Hybrid Graphics Switcher";
|
||||||
|
|
|
@ -11,7 +11,8 @@ let
|
||||||
# FIXME: should introduce an option like
|
# FIXME: should introduce an option like
|
||||||
# ‘hardware.video.nvidia.package’ for overriding the default NVIDIA
|
# ‘hardware.video.nvidia.package’ for overriding the default NVIDIA
|
||||||
# driver.
|
# driver.
|
||||||
enabled = elem "nvidia" drivers || elem "nvidiaLegacy173" drivers || elem "nvidiaLegacy304" drivers;
|
enabled = elem "nvidia" drivers || elem "nvidiaLegacy173" drivers
|
||||||
|
|| elem "nvidiaLegacy304" drivers || elem "nvidiaLegacy340" drivers;
|
||||||
|
|
||||||
nvidia_x11 =
|
nvidia_x11 =
|
||||||
if elem "nvidia" drivers then
|
if elem "nvidia" drivers then
|
||||||
|
@ -20,6 +21,8 @@ let
|
||||||
config.boot.kernelPackages.nvidia_x11_legacy173
|
config.boot.kernelPackages.nvidia_x11_legacy173
|
||||||
else if elem "nvidiaLegacy304" drivers then
|
else if elem "nvidiaLegacy304" drivers then
|
||||||
config.boot.kernelPackages.nvidia_x11_legacy304
|
config.boot.kernelPackages.nvidia_x11_legacy304
|
||||||
|
else if elem "nvidiaLegacy340" drivers then
|
||||||
|
config.boot.kernelPackages.nvidia_x11_legacy340
|
||||||
else throw "impossible";
|
else throw "impossible";
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
|
@ -45,6 +45,9 @@ with lib;
|
||||||
# Add support for cow filesystems and their utilities
|
# Add support for cow filesystems and their utilities
|
||||||
boot.supportedFilesystems = [ "zfs" "btrfs" ];
|
boot.supportedFilesystems = [ "zfs" "btrfs" ];
|
||||||
|
|
||||||
|
# Configure host id for ZFS to work
|
||||||
|
networking.hostId = "8425e349";
|
||||||
|
|
||||||
# Allow the user to log in as root without a password.
|
# Allow the user to log in as root without a password.
|
||||||
security.initialRootPassword = "";
|
users.extraUsers.root.initialHashedPassword = "";
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,10 @@ with lib;
|
||||||
# Include gparted for partitioning disks
|
# Include gparted for partitioning disks
|
||||||
environment.systemPackages = [ pkgs.gparted ];
|
environment.systemPackages = [ pkgs.gparted ];
|
||||||
|
|
||||||
|
# Provide networkmanager for easy wireless configuration.
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
networking.wireless.enable = mkForce false;
|
||||||
|
|
||||||
# KDE complains if power management is disabled (to be precise, if
|
# KDE complains if power management is disabled (to be precise, if
|
||||||
# there is no power management backend such as upower).
|
# there is no power management backend such as upower).
|
||||||
powerManagement.enable = true;
|
powerManagement.enable = true;
|
||||||
|
|
|
@ -176,7 +176,10 @@ in
|
||||||
# UUID of the USB stick. It would be nicer to write
|
# UUID of the USB stick. It would be nicer to write
|
||||||
# `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
|
# `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
|
||||||
# recognise that.
|
# recognise that.
|
||||||
boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
|
boot.kernelParams =
|
||||||
|
[ "root=LABEL=${config.isoImage.volumeID}"
|
||||||
|
"boot.shell_on_fail"
|
||||||
|
];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
{ fsType = "tmpfs";
|
{ fsType = "tmpfs";
|
||||||
|
|
|
@ -76,7 +76,6 @@ in
|
||||||
pkgs.ntfsprogs # for resizing NTFS partitions
|
pkgs.ntfsprogs # for resizing NTFS partitions
|
||||||
pkgs.btrfsProgs
|
pkgs.btrfsProgs
|
||||||
pkgs.jfsutils
|
pkgs.jfsutils
|
||||||
pkgs.jfsrec
|
|
||||||
|
|
||||||
# Some compression/archiver tools.
|
# Some compression/archiver tools.
|
||||||
pkgs.unzip
|
pkgs.unzip
|
||||||
|
|
|
@ -80,7 +80,7 @@ had booted this nixos. Run:
|
||||||
* `grep local-cmds run/current-system/init`
|
* `grep local-cmds run/current-system/init`
|
||||||
|
|
||||||
Then you can proceed normally subscribing to a nixos channel:
|
Then you can proceed normally subscribing to a nixos channel:
|
||||||
nix-channel --add http://nixos.org/channels/nixos-unstable
|
nix-channel --add https://nixos.org/channels/nixos-unstable
|
||||||
nix-channel --update
|
nix-channel --update
|
||||||
|
|
||||||
Testing:
|
Testing:
|
||||||
|
|
|
@ -235,7 +235,7 @@ chomp $virt;
|
||||||
# Check if we're a VirtualBox guest. If so, enable the guest
|
# Check if we're a VirtualBox guest. If so, enable the guest
|
||||||
# additions.
|
# additions.
|
||||||
if ($virt eq "oracle") {
|
if ($virt eq "oracle") {
|
||||||
push @attrs, "services.virtualbox.enable = true;"
|
push @attrs, "services.virtualboxGuest.enable = true;"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -430,7 +430,7 @@ my $hwConfig = <<EOF;
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =${\multiLineList(" ", @imports)};
|
imports =${\multiLineList(" ", @imports)};
|
||||||
|
@ -491,7 +491,7 @@ EOF
|
||||||
|
|
||||||
$bootLoaderConfig
|
$bootLoaderConfig
|
||||||
# networking.hostName = "nixos"; # Define your hostname.
|
# networking.hostName = "nixos"; # Define your hostname.
|
||||||
# networking.wireless.enable = true; # Enables wireless.
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
# i18n = {
|
# i18n = {
|
||||||
|
@ -500,6 +500,9 @@ $bootLoaderConfig
|
||||||
# defaultLocale = "en_US.UTF-8";
|
# defaultLocale = "en_US.UTF-8";
|
||||||
# };
|
# };
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
# time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
# List packages installed in system profile. To search by name, run:
|
# List packages installed in system profile. To search by name, run:
|
||||||
# \$ nix-env -qaP | grep wget
|
# \$ nix-env -qaP | grep wget
|
||||||
# environment.systemPackages = with pkgs; [
|
# environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -30,8 +30,7 @@ while [ "$#" -gt 0 ]; do
|
||||||
case "$i" in
|
case "$i" in
|
||||||
-I)
|
-I)
|
||||||
given_path="$1"; shift 1
|
given_path="$1"; shift 1
|
||||||
absolute_path=$(readlink -m $given_path)
|
extraBuildFlags+=("$i" "$given_path")
|
||||||
extraBuildFlags+=("$i" "/mnt$absolute_path")
|
|
||||||
;;
|
;;
|
||||||
--root)
|
--root)
|
||||||
mountPoint="$1"; shift 1
|
mountPoint="$1"; shift 1
|
||||||
|
@ -89,6 +88,12 @@ ln -s /run $mountPoint/var/run
|
||||||
rm -f $mountPoint/etc/{resolv.conf,hosts}
|
rm -f $mountPoint/etc/{resolv.conf,hosts}
|
||||||
cp -Lf /etc/resolv.conf /etc/hosts $mountPoint/etc/
|
cp -Lf /etc/resolv.conf /etc/hosts $mountPoint/etc/
|
||||||
|
|
||||||
|
if [ -e "$SSL_CERT_FILE" ]; then
|
||||||
|
cp -Lf "$SSL_CERT_FILE" "$mountPoint/tmp/ca-cert.crt"
|
||||||
|
export SSL_CERT_FILE=/tmp/ca-cert.crt
|
||||||
|
# For Nix 1.7
|
||||||
|
export CURL_CA_BUNDLE=/tmp/ca-cert.crt
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "$runChroot" ]; then
|
if [ -n "$runChroot" ]; then
|
||||||
if ! [ -L $mountPoint/nix/var/nix/profiles/system ]; then
|
if ! [ -L $mountPoint/nix/var/nix/profiles/system ]; then
|
||||||
|
@ -244,7 +249,7 @@ chroot $mountPoint /nix/var/nix/profiles/system/activate
|
||||||
|
|
||||||
|
|
||||||
# Ask the user to set a root password.
|
# Ask the user to set a root password.
|
||||||
if [ -t 0 ] ; then
|
if [ "$(chroot $mountPoint nix-instantiate --eval '<nixos>' -A config.users.mutableUsers)" = true ] && [ -t 0 ] ; then
|
||||||
echo "setting root password..."
|
echo "setting root password..."
|
||||||
chroot $mountPoint /var/setuid-wrappers/passwd
|
chroot $mountPoint /var/setuid-wrappers/passwd
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -13,6 +13,7 @@ usage () {
|
||||||
|
|
||||||
xml=false
|
xml=false
|
||||||
verbose=false
|
verbose=false
|
||||||
|
nixPath=""
|
||||||
|
|
||||||
option=""
|
option=""
|
||||||
|
|
||||||
|
@ -26,6 +27,7 @@ for arg; do
|
||||||
while test "$sarg" != "-"; do
|
while test "$sarg" != "-"; do
|
||||||
case $sarg in
|
case $sarg in
|
||||||
--*) longarg=$arg; sarg="--";;
|
--*) longarg=$arg; sarg="--";;
|
||||||
|
-I) argfun="include_nixpath";;
|
||||||
-*) usage;;
|
-*) usage;;
|
||||||
esac
|
esac
|
||||||
# remove the first letter option
|
# remove the first letter option
|
||||||
|
@ -53,6 +55,9 @@ for arg; do
|
||||||
var=$(echo $argfun | sed 's,^set_,,')
|
var=$(echo $argfun | sed 's,^set_,,')
|
||||||
eval $var=$arg
|
eval $var=$arg
|
||||||
;;
|
;;
|
||||||
|
include_nixpath)
|
||||||
|
nixPath="-I $arg $nixPath"
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
argfun=""
|
argfun=""
|
||||||
fi
|
fi
|
||||||
|
@ -69,18 +74,114 @@ fi
|
||||||
#############################
|
#############################
|
||||||
|
|
||||||
evalNix(){
|
evalNix(){
|
||||||
nix-instantiate - --eval-only "$@"
|
result=$(nix-instantiate ${nixPath:+$nixPath} - --eval-only "$@" 2>&1)
|
||||||
|
if test $? -eq 0; then
|
||||||
|
cat <<EOF
|
||||||
|
$result
|
||||||
|
EOF
|
||||||
|
return 0;
|
||||||
|
else
|
||||||
|
sed -n '
|
||||||
|
/^error/ { s/, at (string):[0-9]*:[0-9]*//; p; };
|
||||||
|
/^warning: Nix search path/ { p; };
|
||||||
|
' <<EOF
|
||||||
|
$result
|
||||||
|
EOF
|
||||||
|
return 1;
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
header="let
|
||||||
|
nixos = import <nixpkgs/nixos> {};
|
||||||
|
nixpkgs = import <nixpkgs> {};
|
||||||
|
in with nixpkgs.lib;
|
||||||
|
"
|
||||||
|
|
||||||
|
# This function is used for converting the option definition path given by
|
||||||
|
# the user into accessors for reaching the definition and the declaration
|
||||||
|
# corresponding to this option.
|
||||||
|
generateAccessors(){
|
||||||
|
if result=$(evalNix --strict --show-trace <<EOF
|
||||||
|
$header
|
||||||
|
|
||||||
|
let
|
||||||
|
path = "${option:+$option}";
|
||||||
|
pathList = splitString "." path;
|
||||||
|
|
||||||
|
walkOptions = attrsNames: result:
|
||||||
|
if attrsNames == [] then
|
||||||
|
result
|
||||||
|
else
|
||||||
|
let name = head attrsNames; rest = tail attrsNames; in
|
||||||
|
if isOption result.options then
|
||||||
|
walkOptions rest {
|
||||||
|
options = result.options.type.getSubOptions "";
|
||||||
|
opt = ''(\${result.opt}.type.getSubOptions "")'';
|
||||||
|
cfg = ''\${result.cfg}."\${name}"'';
|
||||||
|
}
|
||||||
|
else
|
||||||
|
walkOptions rest {
|
||||||
|
options = result.options.\${name};
|
||||||
|
opt = ''\${result.opt}."\${name}"'';
|
||||||
|
cfg = ''\${result.cfg}."\${name}"'';
|
||||||
|
}
|
||||||
|
;
|
||||||
|
|
||||||
|
walkResult = (if path == "" then x: x else walkOptions pathList) {
|
||||||
|
options = nixos.options;
|
||||||
|
opt = ''nixos.options'';
|
||||||
|
cfg = ''nixos.config'';
|
||||||
|
};
|
||||||
|
|
||||||
|
in
|
||||||
|
''let option = \${walkResult.opt}; config = \${walkResult.cfg}; in''
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
then
|
||||||
|
echo $result
|
||||||
|
else
|
||||||
|
# In case of error we want to ignore the error message roduced by the
|
||||||
|
# script above, as it is iterating over each attribute, which does not
|
||||||
|
# produce a nice error message. The following code is a fallback
|
||||||
|
# solution which is cause a nicer error message in the next
|
||||||
|
# evaluation.
|
||||||
|
echo "\"let option = nixos.options${option:+.$option}; config = nixos.config${option:+.$option}; in\""
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
header="$header
|
||||||
|
$(eval echo $(generateAccessors))
|
||||||
|
"
|
||||||
|
|
||||||
evalAttr(){
|
evalAttr(){
|
||||||
local prefix="$1"
|
local prefix="$1"
|
||||||
local strict="$2"
|
local strict="$2"
|
||||||
local suffix="$3"
|
local suffix="$3"
|
||||||
echo "(import <nixos> {}).$prefix${option:+.$option}${suffix:+.$suffix}" | evalNix ${strict:+--strict}
|
|
||||||
|
# If strict is set, then set it to "true".
|
||||||
|
test -n "$strict" && strict=true
|
||||||
|
|
||||||
|
evalNix ${strict:+--strict} <<EOF
|
||||||
|
$header
|
||||||
|
|
||||||
|
let
|
||||||
|
value = $prefix${suffix:+.$suffix};
|
||||||
|
strict = ${strict:-false};
|
||||||
|
cleanOutput = x: with nixpkgs.lib;
|
||||||
|
if isDerivation x then x.outPath
|
||||||
|
else if isFunction x then "<CODE>"
|
||||||
|
else if strict then
|
||||||
|
if isAttrs x then mapAttrs (n: cleanOutput) x
|
||||||
|
else if isList x then map cleanOutput x
|
||||||
|
else x
|
||||||
|
else x;
|
||||||
|
in
|
||||||
|
cleanOutput value
|
||||||
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
evalOpt(){
|
evalOpt(){
|
||||||
evalAttr "options" "" "$@"
|
evalAttr "option" "" "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
evalCfg(){
|
evalCfg(){
|
||||||
|
@ -90,8 +191,11 @@ evalCfg(){
|
||||||
|
|
||||||
findSources(){
|
findSources(){
|
||||||
local suffix=$1
|
local suffix=$1
|
||||||
echo "(import <nixos> {}).options${option:+.$option}.$suffix" |
|
evalNix --strict <<EOF
|
||||||
evalNix --strict
|
$header
|
||||||
|
|
||||||
|
option.$suffix
|
||||||
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
# Given a result from nix-instantiate, recover the list of attributes it
|
# Given a result from nix-instantiate, recover the list of attributes it
|
||||||
|
@ -121,13 +225,12 @@ nixMap() {
|
||||||
# the output of nixos-option with other tools such as nixos-gui.
|
# the output of nixos-option with other tools such as nixos-gui.
|
||||||
if $xml; then
|
if $xml; then
|
||||||
evalNix --xml --no-location <<EOF
|
evalNix --xml --no-location <<EOF
|
||||||
|
$header
|
||||||
|
|
||||||
let
|
let
|
||||||
reach = attrs: attrs${option:+.$option};
|
|
||||||
nixos = import <nixos> {};
|
|
||||||
nixpkgs = import <nixpkgs> {};
|
|
||||||
sources = builtins.map (f: f.source);
|
sources = builtins.map (f: f.source);
|
||||||
opt = reach nixos.options;
|
opt = option;
|
||||||
cfg = reach nixos.config;
|
cfg = config;
|
||||||
in
|
in
|
||||||
|
|
||||||
with nixpkgs.lib;
|
with nixpkgs.lib;
|
||||||
|
|
|
@ -156,7 +156,7 @@ if [ -n "$buildNix" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
|
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
|
||||||
--option extra-binary-caches http://cache.nixos.org/; then
|
--option extra-binary-caches https://cache.nixos.org/; then
|
||||||
echo "warning: don't know how to get latest Nix" >&2
|
echo "warning: don't know how to get latest Nix" >&2
|
||||||
fi
|
fi
|
||||||
# Older version of nix-store -r don't support --add-root.
|
# Older version of nix-store -r don't support --add-root.
|
||||||
|
|
|
@ -157,6 +157,23 @@
|
||||||
redmine = 147;
|
redmine = 147;
|
||||||
seeks = 148;
|
seeks = 148;
|
||||||
prosody = 149;
|
prosody = 149;
|
||||||
|
i2pd = 150;
|
||||||
|
dnscrypt-proxy = 151;
|
||||||
|
systemd-network = 152;
|
||||||
|
systemd-resolve = 153;
|
||||||
|
systemd-timesync = 154;
|
||||||
|
liquidsoap = 155;
|
||||||
|
etcd = 156;
|
||||||
|
docker-registry = 157;
|
||||||
|
hbase = 158;
|
||||||
|
opentsdb = 159;
|
||||||
|
scollector = 160;
|
||||||
|
bosun = 161;
|
||||||
|
kubernetes = 162;
|
||||||
|
peerflix = 163;
|
||||||
|
chronos = 164;
|
||||||
|
gitlab = 165;
|
||||||
|
tox-bootstrapd = 166;
|
||||||
|
|
||||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||||
|
|
||||||
|
@ -197,6 +214,7 @@
|
||||||
privoxy = 32;
|
privoxy = 32;
|
||||||
disnix = 33;
|
disnix = 33;
|
||||||
osgi = 34;
|
osgi = 34;
|
||||||
|
tor = 35;
|
||||||
ghostOne = 40;
|
ghostOne = 40;
|
||||||
git = 41;
|
git = 41;
|
||||||
fourstore = 42;
|
fourstore = 42;
|
||||||
|
@ -276,11 +294,23 @@
|
||||||
mlmmj = 135;
|
mlmmj = 135;
|
||||||
riemann = 137;
|
riemann = 137;
|
||||||
riemanndash = 138;
|
riemanndash = 138;
|
||||||
|
hbase = 139;
|
||||||
|
opentsdb = 140;
|
||||||
uhub = 142;
|
uhub = 142;
|
||||||
mailpile = 146;
|
mailpile = 146;
|
||||||
redmine = 147;
|
redmine = 147;
|
||||||
seeks = 148;
|
seeks = 148;
|
||||||
prosody = 149;
|
prosody = 149;
|
||||||
|
i2pd = 150;
|
||||||
|
systemd-network = 152;
|
||||||
|
systemd-resolve = 153;
|
||||||
|
systemd-timesync = 154;
|
||||||
|
liquidsoap = 155;
|
||||||
|
scollector = 156;
|
||||||
|
bosun = 157;
|
||||||
|
kubernetes = 158;
|
||||||
|
fleet = 159;
|
||||||
|
gitlab = 160;
|
||||||
|
|
||||||
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!
|
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ with lib;
|
||||||
mkDefault (if pathExists fn then readFile fn else "master");
|
mkDefault (if pathExists fn then readFile fn else "master");
|
||||||
|
|
||||||
# Note: code names must only increase in alphabetical order.
|
# Note: code names must only increase in alphabetical order.
|
||||||
system.nixosCodeName = "Caterpillar";
|
system.nixosCodeName = "Dingo";
|
||||||
|
|
||||||
# Generate /etc/os-release. See
|
# Generate /etc/os-release. See
|
||||||
# http://0pointer.de/public/systemd-man/os-release.html for the
|
# http://0pointer.de/public/systemd-man/os-release.html for the
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
[
|
[
|
||||||
./config/fonts/corefonts.nix
|
./config/fonts/corefonts.nix
|
||||||
./config/fonts/fontconfig.nix
|
./config/fonts/fontconfig.nix
|
||||||
|
./config/fonts/fontconfig-ultimate.nix
|
||||||
./config/fonts/fontdir.nix
|
./config/fonts/fontdir.nix
|
||||||
./config/fonts/fonts.nix
|
./config/fonts/fonts.nix
|
||||||
./config/fonts/ghostscript.nix
|
./config/fonts/ghostscript.nix
|
||||||
|
@ -58,6 +59,7 @@
|
||||||
./programs/dconf.nix
|
./programs/dconf.nix
|
||||||
./programs/environment.nix
|
./programs/environment.nix
|
||||||
./programs/info.nix
|
./programs/info.nix
|
||||||
|
./programs/light.nix
|
||||||
./programs/nano.nix
|
./programs/nano.nix
|
||||||
./programs/screen.nix
|
./programs/screen.nix
|
||||||
./programs/shadow.nix
|
./programs/shadow.nix
|
||||||
|
@ -66,6 +68,7 @@
|
||||||
./programs/ssmtp.nix
|
./programs/ssmtp.nix
|
||||||
./programs/uim.nix
|
./programs/uim.nix
|
||||||
./programs/venus.nix
|
./programs/venus.nix
|
||||||
|
./programs/virtualbox-host.nix
|
||||||
./programs/wvdial.nix
|
./programs/wvdial.nix
|
||||||
./programs/freetds.nix
|
./programs/freetds.nix
|
||||||
./programs/zsh/zsh.nix
|
./programs/zsh/zsh.nix
|
||||||
|
@ -88,15 +91,19 @@
|
||||||
./services/audio/alsa.nix
|
./services/audio/alsa.nix
|
||||||
# Disabled as fuppes it does no longer builds.
|
# Disabled as fuppes it does no longer builds.
|
||||||
# ./services/audio/fuppes.nix
|
# ./services/audio/fuppes.nix
|
||||||
|
./services/audio/liquidsoap.nix
|
||||||
./services/audio/mpd.nix
|
./services/audio/mpd.nix
|
||||||
./services/audio/mopidy.nix
|
./services/audio/mopidy.nix
|
||||||
./services/backup/almir.nix
|
./services/backup/almir.nix
|
||||||
./services/backup/bacula.nix
|
./services/backup/bacula.nix
|
||||||
|
./services/backup/crashplan.nix
|
||||||
./services/backup/mysql-backup.nix
|
./services/backup/mysql-backup.nix
|
||||||
./services/backup/postgresql-backup.nix
|
./services/backup/postgresql-backup.nix
|
||||||
./services/backup/rsnapshot.nix
|
./services/backup/rsnapshot.nix
|
||||||
./services/backup/sitecopy-backup.nix
|
./services/backup/sitecopy-backup.nix
|
||||||
./services/backup/tarsnap.nix
|
./services/backup/tarsnap.nix
|
||||||
|
./services/cluster/fleet.nix
|
||||||
|
./services/cluster/kubernetes.nix
|
||||||
./services/computing/torque/server.nix
|
./services/computing/torque/server.nix
|
||||||
./services/computing/torque/mom.nix
|
./services/computing/torque/mom.nix
|
||||||
./services/continuous-integration/jenkins/default.nix
|
./services/continuous-integration/jenkins/default.nix
|
||||||
|
@ -105,13 +112,15 @@
|
||||||
./services/databases/4store.nix
|
./services/databases/4store.nix
|
||||||
./services/databases/couchdb.nix
|
./services/databases/couchdb.nix
|
||||||
./services/databases/firebird.nix
|
./services/databases/firebird.nix
|
||||||
|
./services/databases/hbase.nix
|
||||||
./services/databases/influxdb.nix
|
./services/databases/influxdb.nix
|
||||||
./services/databases/memcached.nix
|
./services/databases/memcached.nix
|
||||||
./services/databases/monetdb.nix
|
./services/databases/monetdb.nix
|
||||||
./services/databases/mongodb.nix
|
./services/databases/mongodb.nix
|
||||||
./services/databases/mysql.nix
|
./services/databases/mysql.nix
|
||||||
./services/databases/neo4j.nix
|
./services/databases/neo4j.nix
|
||||||
./services/databases/openldap.nix
|
./services/databases/openldap.nix
|
||||||
|
./services/databases/opentsdb.nix
|
||||||
./services/databases/postgresql.nix
|
./services/databases/postgresql.nix
|
||||||
./services/databases/redis.nix
|
./services/databases/redis.nix
|
||||||
./services/databases/virtuoso.nix
|
./services/databases/virtuoso.nix
|
||||||
|
@ -128,6 +137,7 @@
|
||||||
./services/desktops/gnome3/seahorse.nix
|
./services/desktops/gnome3/seahorse.nix
|
||||||
./services/desktops/gnome3/sushi.nix
|
./services/desktops/gnome3/sushi.nix
|
||||||
./services/desktops/gnome3/tracker.nix
|
./services/desktops/gnome3/tracker.nix
|
||||||
|
./services/desktops/profile-sync-daemon.nix
|
||||||
./services/desktops/telepathy.nix
|
./services/desktops/telepathy.nix
|
||||||
./services/games/ghost-one.nix
|
./services/games/ghost-one.nix
|
||||||
./services/games/minecraft-server.nix
|
./services/games/minecraft-server.nix
|
||||||
|
@ -163,8 +173,11 @@
|
||||||
./services/misc/cgminer.nix
|
./services/misc/cgminer.nix
|
||||||
./services/misc/dictd.nix
|
./services/misc/dictd.nix
|
||||||
./services/misc/disnix.nix
|
./services/misc/disnix.nix
|
||||||
|
./services/misc/docker-registry.nix
|
||||||
|
./services/misc/etcd.nix
|
||||||
./services/misc/felix.nix
|
./services/misc/felix.nix
|
||||||
./services/misc/folding-at-home.nix
|
./services/misc/folding-at-home.nix
|
||||||
|
./services/misc/gitlab.nix
|
||||||
./services/misc/gitolite.nix
|
./services/misc/gitolite.nix
|
||||||
./services/misc/gpsd.nix
|
./services/misc/gpsd.nix
|
||||||
./services/misc/mesos-master.nix
|
./services/misc/mesos-master.nix
|
||||||
|
@ -183,6 +196,7 @@
|
||||||
./services/misc/uhub.nix
|
./services/misc/uhub.nix
|
||||||
./services/misc/zookeeper.nix
|
./services/misc/zookeeper.nix
|
||||||
./services/monitoring/apcupsd.nix
|
./services/monitoring/apcupsd.nix
|
||||||
|
./services/monitoring/bosun.nix
|
||||||
./services/monitoring/collectd.nix
|
./services/monitoring/collectd.nix
|
||||||
./services/monitoring/dd-agent.nix
|
./services/monitoring/dd-agent.nix
|
||||||
./services/monitoring/graphite.nix
|
./services/monitoring/graphite.nix
|
||||||
|
@ -191,6 +205,7 @@
|
||||||
./services/monitoring/nagios.nix
|
./services/monitoring/nagios.nix
|
||||||
./services/monitoring/riemann.nix
|
./services/monitoring/riemann.nix
|
||||||
./services/monitoring/riemann-dash.nix
|
./services/monitoring/riemann-dash.nix
|
||||||
|
./services/monitoring/scollector.nix
|
||||||
./services/monitoring/smartd.nix
|
./services/monitoring/smartd.nix
|
||||||
./services/monitoring/statsd.nix
|
./services/monitoring/statsd.nix
|
||||||
./services/monitoring/systemhealth.nix
|
./services/monitoring/systemhealth.nix
|
||||||
|
@ -219,6 +234,7 @@
|
||||||
./services/networking/ddclient.nix
|
./services/networking/ddclient.nix
|
||||||
./services/networking/dhcpcd.nix
|
./services/networking/dhcpcd.nix
|
||||||
./services/networking/dhcpd.nix
|
./services/networking/dhcpd.nix
|
||||||
|
./services/networking/dnscrypt-proxy.nix
|
||||||
./services/networking/dnsmasq.nix
|
./services/networking/dnsmasq.nix
|
||||||
./services/networking/ejabberd.nix
|
./services/networking/ejabberd.nix
|
||||||
./services/networking/firewall.nix
|
./services/networking/firewall.nix
|
||||||
|
@ -230,6 +246,7 @@
|
||||||
./services/networking/gvpe.nix
|
./services/networking/gvpe.nix
|
||||||
./services/networking/haproxy.nix
|
./services/networking/haproxy.nix
|
||||||
./services/networking/hostapd.nix
|
./services/networking/hostapd.nix
|
||||||
|
./services/networking/i2pd.nix
|
||||||
./services/networking/ifplugd.nix
|
./services/networking/ifplugd.nix
|
||||||
./services/networking/iodined.nix
|
./services/networking/iodined.nix
|
||||||
./services/networking/ircd-hybrid/default.nix
|
./services/networking/ircd-hybrid/default.nix
|
||||||
|
@ -263,11 +280,13 @@
|
||||||
./services/networking/spiped.nix
|
./services/networking/spiped.nix
|
||||||
./services/networking/ssh/lshd.nix
|
./services/networking/ssh/lshd.nix
|
||||||
./services/networking/ssh/sshd.nix
|
./services/networking/ssh/sshd.nix
|
||||||
|
./services/networking/strongswan.nix
|
||||||
./services/networking/supybot.nix
|
./services/networking/supybot.nix
|
||||||
./services/networking/syncthing.nix
|
./services/networking/syncthing.nix
|
||||||
./services/networking/tcpcrypt.nix
|
./services/networking/tcpcrypt.nix
|
||||||
./services/networking/teamspeak3.nix
|
./services/networking/teamspeak3.nix
|
||||||
./services/networking/tftpd.nix
|
./services/networking/tftpd.nix
|
||||||
|
./services/networking/tox-bootstrapd.nix
|
||||||
./services/networking/unbound.nix
|
./services/networking/unbound.nix
|
||||||
./services/networking/unifi.nix
|
./services/networking/unifi.nix
|
||||||
./services/networking/vsftpd.nix
|
./services/networking/vsftpd.nix
|
||||||
|
@ -279,6 +298,7 @@
|
||||||
./services/networking/znc.nix
|
./services/networking/znc.nix
|
||||||
./services/printing/cupsd.nix
|
./services/printing/cupsd.nix
|
||||||
./services/scheduling/atd.nix
|
./services/scheduling/atd.nix
|
||||||
|
./services/scheduling/chronos.nix
|
||||||
./services/scheduling/cron.nix
|
./services/scheduling/cron.nix
|
||||||
./services/scheduling/fcron.nix
|
./services/scheduling/fcron.nix
|
||||||
./services/search/elasticsearch.nix
|
./services/search/elasticsearch.nix
|
||||||
|
@ -291,11 +311,13 @@
|
||||||
./services/security/torify.nix
|
./services/security/torify.nix
|
||||||
./services/security/tor.nix
|
./services/security/tor.nix
|
||||||
./services/security/torsocks.nix
|
./services/security/torsocks.nix
|
||||||
|
./services/system/cloud-init.nix
|
||||||
./services/system/dbus.nix
|
./services/system/dbus.nix
|
||||||
./services/system/kerberos.nix
|
./services/system/kerberos.nix
|
||||||
./services/system/nscd.nix
|
./services/system/nscd.nix
|
||||||
./services/system/uptimed.nix
|
./services/system/uptimed.nix
|
||||||
./services/torrent/deluge.nix
|
./services/torrent/deluge.nix
|
||||||
|
./services/torrent/peerflix.nix
|
||||||
./services/torrent/transmission.nix
|
./services/torrent/transmission.nix
|
||||||
./services/ttys/agetty.nix
|
./services/ttys/agetty.nix
|
||||||
./services/ttys/gpm.nix
|
./services/ttys/gpm.nix
|
||||||
|
@ -344,6 +366,7 @@
|
||||||
./system/boot/loader/efi.nix
|
./system/boot/loader/efi.nix
|
||||||
./system/boot/loader/generations-dir/generations-dir.nix
|
./system/boot/loader/generations-dir/generations-dir.nix
|
||||||
./system/boot/loader/grub/grub.nix
|
./system/boot/loader/grub/grub.nix
|
||||||
|
./system/boot/loader/grub/ipxe.nix
|
||||||
./system/boot/loader/grub/memtest.nix
|
./system/boot/loader/grub/memtest.nix
|
||||||
./system/boot/loader/gummiboot/gummiboot.nix
|
./system/boot/loader/gummiboot/gummiboot.nix
|
||||||
./system/boot/loader/init-script/init-script.nix
|
./system/boot/loader/init-script/init-script.nix
|
||||||
|
@ -357,6 +380,7 @@
|
||||||
./system/boot/tmp.nix
|
./system/boot/tmp.nix
|
||||||
./system/etc/etc.nix
|
./system/etc/etc.nix
|
||||||
./system/upstart/upstart.nix
|
./system/upstart/upstart.nix
|
||||||
|
./tasks/bcache.nix
|
||||||
./tasks/cpu-freq.nix
|
./tasks/cpu-freq.nix
|
||||||
./tasks/encrypted-devices.nix
|
./tasks/encrypted-devices.nix
|
||||||
./tasks/filesystems.nix
|
./tasks/filesystems.nix
|
||||||
|
@ -374,6 +398,8 @@
|
||||||
./tasks/kbd.nix
|
./tasks/kbd.nix
|
||||||
./tasks/lvm.nix
|
./tasks/lvm.nix
|
||||||
./tasks/network-interfaces.nix
|
./tasks/network-interfaces.nix
|
||||||
|
./tasks/network-interfaces-systemd.nix
|
||||||
|
./tasks/network-interfaces-scripted.nix
|
||||||
./tasks/scsi-link-power-management.nix
|
./tasks/scsi-link-power-management.nix
|
||||||
./tasks/swraid.nix
|
./tasks/swraid.nix
|
||||||
./tasks/trackpoint.nix
|
./tasks/trackpoint.nix
|
||||||
|
@ -382,8 +408,10 @@
|
||||||
./virtualisation/containers.nix
|
./virtualisation/containers.nix
|
||||||
./virtualisation/docker.nix
|
./virtualisation/docker.nix
|
||||||
./virtualisation/libvirtd.nix
|
./virtualisation/libvirtd.nix
|
||||||
|
./virtualisation/lxc.nix
|
||||||
#./virtualisation/nova.nix
|
#./virtualisation/nova.nix
|
||||||
./virtualisation/openvswitch.nix
|
./virtualisation/openvswitch.nix
|
||||||
|
./virtualisation/parallels-guest.nix
|
||||||
./virtualisation/virtualbox-guest.nix
|
./virtualisation/virtualbox-guest.nix
|
||||||
#./virtualisation/xen-dom0.nix
|
#./virtualisation/xen-dom0.nix
|
||||||
]
|
]
|
||||||
|
|
|
@ -34,7 +34,6 @@
|
||||||
pkgs.xfsprogs
|
pkgs.xfsprogs
|
||||||
pkgs.jfsutils
|
pkgs.jfsutils
|
||||||
pkgs.f2fs-tools
|
pkgs.f2fs-tools
|
||||||
#pkgs.jfsrec # disabled because of Boost dependency
|
|
||||||
|
|
||||||
# Some compression/archiver tools.
|
# Some compression/archiver tools.
|
||||||
pkgs.unzip
|
pkgs.unzip
|
||||||
|
|
56
nixos/modules/profiles/container.nix
Normal file
56
nixos/modules/profiles/container.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
|
||||||
|
|
||||||
|
in {
|
||||||
|
# Docker image config.
|
||||||
|
imports = [
|
||||||
|
../installer/cd-dvd/channel.nix
|
||||||
|
./minimal.nix
|
||||||
|
./clone-config.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Create the tarball
|
||||||
|
system.build.tarball = import ../../lib/make-system-tarball.nix {
|
||||||
|
inherit (pkgs) stdenv perl xz pathsFromGraph;
|
||||||
|
|
||||||
|
contents = [];
|
||||||
|
extraArgs = "--owner=0";
|
||||||
|
|
||||||
|
# Add init script to image
|
||||||
|
storeContents = [
|
||||||
|
{ object = config.system.build.toplevel + "/init";
|
||||||
|
symlink = "/init";
|
||||||
|
}
|
||||||
|
] ++ (pkgs2storeContents [ pkgs.stdenv ]);
|
||||||
|
|
||||||
|
# Some container managers like lxc need these
|
||||||
|
extraCommands = "mkdir -p proc sys dev";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.isContainer = true;
|
||||||
|
boot.postBootCommands =
|
||||||
|
''
|
||||||
|
# After booting, register the contents of the Nix store in the Nix
|
||||||
|
# database.
|
||||||
|
if [ -f /nix-path-registration ]; then
|
||||||
|
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
|
||||||
|
rm /nix-path-registration
|
||||||
|
fi
|
||||||
|
|
||||||
|
# nixos-rebuild also requires a "system" profile
|
||||||
|
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Disable some features that are not useful in a container.
|
||||||
|
sound.enable = mkDefault false;
|
||||||
|
services.udisks2.enable = mkDefault false;
|
||||||
|
|
||||||
|
# Install new init script
|
||||||
|
system.activationScripts.installInitScript = ''
|
||||||
|
ln -fs $systemConfig/init /init
|
||||||
|
'';
|
||||||
|
}
|
|
@ -40,7 +40,6 @@ in
|
||||||
# TODO: move most of these elsewhere
|
# TODO: move most of these elsewhere
|
||||||
environment.profileRelativeEnvVars =
|
environment.profileRelativeEnvVars =
|
||||||
{ PATH = [ "/bin" "/sbin" "/lib/kde4/libexec" ];
|
{ PATH = [ "/bin" "/sbin" "/lib/kde4/libexec" ];
|
||||||
MANPATH = [ "/man" "/share/man" ];
|
|
||||||
INFOPATH = [ "/info" "/share/info" ];
|
INFOPATH = [ "/info" "/share/info" ];
|
||||||
PKG_CONFIG_PATH = [ "/lib/pkgconfig" ];
|
PKG_CONFIG_PATH = [ "/lib/pkgconfig" ];
|
||||||
TERMINFO_DIRS = [ "/share/terminfo" ];
|
TERMINFO_DIRS = [ "/share/terminfo" ];
|
||||||
|
|
26
nixos/modules/programs/light.nix
Normal file
26
nixos/modules/programs/light.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.programs.light;
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
programs.light = {
|
||||||
|
enable = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
Whether to install Light backlight control with setuid wrapper.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ pkgs.light ];
|
||||||
|
security.setuidPrograms = [ "light" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -59,6 +59,15 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
agentTimeout = mkOption {
|
||||||
|
type = types.nullOr types.string;
|
||||||
|
default = null;
|
||||||
|
example = "1h";
|
||||||
|
description = ''
|
||||||
|
How long to keep the private keys in memory. Use null to keep them forever.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
default = pkgs.openssh;
|
default = pkgs.openssh;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -99,7 +108,10 @@ in
|
||||||
wantedBy = [ "default.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
serviceConfig =
|
serviceConfig =
|
||||||
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
|
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
|
||||||
ExecStart = "${cfg.package}/bin/ssh-agent -a %t/ssh-agent";
|
ExecStart =
|
||||||
|
"${cfg.package}/bin/ssh-agent " +
|
||||||
|
optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") +
|
||||||
|
"-a %t/ssh-agent";
|
||||||
StandardOutput = "null";
|
StandardOutput = "null";
|
||||||
Type = "forking";
|
Type = "forking";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
|
@ -20,6 +20,7 @@ in
|
||||||
networking.defaultMailServer = {
|
networking.defaultMailServer = {
|
||||||
|
|
||||||
directDelivery = mkOption {
|
directDelivery = mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
example = true;
|
example = true;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -35,6 +36,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
hostName = mkOption {
|
hostName = mkOption {
|
||||||
|
type = types.str;
|
||||||
example = "mail.example.org";
|
example = "mail.example.org";
|
||||||
description = ''
|
description = ''
|
||||||
The host name of the default mail server to use to deliver
|
The host name of the default mail server to use to deliver
|
||||||
|
@ -42,7 +44,17 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
root = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
example = "root@example.org";
|
||||||
|
description = ''
|
||||||
|
The e-mail to which mail for users with UID < 1000 is forwarded.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
domain = mkOption {
|
domain = mkOption {
|
||||||
|
type = types.str;
|
||||||
default = "";
|
default = "";
|
||||||
example = "example.org";
|
example = "example.org";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -51,6 +63,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
useTLS = mkOption {
|
useTLS = mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
example = true;
|
example = true;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -60,6 +73,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
useSTARTTLS = mkOption {
|
useSTARTTLS = mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
example = true;
|
example = true;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -70,6 +84,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
authUser = mkOption {
|
authUser = mkOption {
|
||||||
|
type = types.str;
|
||||||
default = "";
|
default = "";
|
||||||
example = "foo@example.org";
|
example = "foo@example.org";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -78,6 +93,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
authPass = mkOption {
|
authPass = mkOption {
|
||||||
|
type = types.str;
|
||||||
default = "";
|
default = "";
|
||||||
example = "correctHorseBatteryStaple";
|
example = "correctHorseBatteryStaple";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -96,6 +112,7 @@ in
|
||||||
''
|
''
|
||||||
MailHub=${cfg.hostName}
|
MailHub=${cfg.hostName}
|
||||||
FromLineOverride=YES
|
FromLineOverride=YES
|
||||||
|
${if cfg.root != "" then "root=${cfg.root}" else ""}
|
||||||
${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
|
${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
|
||||||
UseTLS=${if cfg.useTLS then "YES" else "NO"}
|
UseTLS=${if cfg.useTLS then "YES" else "NO"}
|
||||||
UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
|
UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
|
||||||
|
|
115
nixos/modules/programs/virtualbox-host.nix
Normal file
115
nixos/modules/programs/virtualbox-host.nix
Normal file
|
@ -0,0 +1,115 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.virtualboxHost;
|
||||||
|
virtualbox = config.boot.kernelPackages.virtualbox.override {
|
||||||
|
inherit (cfg) enableHardening;
|
||||||
|
};
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.services.virtualboxHost = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to enable host-side support for VirtualBox.
|
||||||
|
|
||||||
|
<note><para>
|
||||||
|
In order to pass USB devices from the host to the guests, the user
|
||||||
|
needs to be in the <literal>vboxusers</literal> group.
|
||||||
|
</para></note>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
addNetworkInterface = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Automatically set up a vboxnet0 host-only network interface.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
enableHardening = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Enable hardened VirtualBox, which ensures that only the binaries in the
|
||||||
|
system path get access to the devices exposed by the kernel modules
|
||||||
|
instead of all users in the vboxusers group.
|
||||||
|
|
||||||
|
<important><para>
|
||||||
|
Disabling this can put your system's security at risk, as local users
|
||||||
|
in the vboxusers group can tamper with the VirtualBox device files.
|
||||||
|
</para></important>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable (mkMerge [{
|
||||||
|
boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];
|
||||||
|
boot.extraModulePackages = [ virtualbox ];
|
||||||
|
environment.systemPackages = [ virtualbox ];
|
||||||
|
|
||||||
|
security.setuidOwners = let
|
||||||
|
mkSuid = program: {
|
||||||
|
inherit program;
|
||||||
|
source = "${virtualbox}/libexec/virtualbox/${program}";
|
||||||
|
owner = "root";
|
||||||
|
group = "vboxusers";
|
||||||
|
setuid = true;
|
||||||
|
};
|
||||||
|
in mkIf cfg.enableHardening (map mkSuid [
|
||||||
|
"VBoxHeadless"
|
||||||
|
"VBoxNetAdpCtl"
|
||||||
|
"VBoxNetDHCP"
|
||||||
|
"VBoxNetNAT"
|
||||||
|
"VBoxSDL"
|
||||||
|
"VBoxVolInfo"
|
||||||
|
"VirtualBox"
|
||||||
|
]);
|
||||||
|
|
||||||
|
users.extraGroups.vboxusers.gid = config.ids.gids.vboxusers;
|
||||||
|
|
||||||
|
services.udev.extraRules =
|
||||||
|
''
|
||||||
|
KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
||||||
|
KERNEL=="vboxdrvu", OWNER="root", GROUP="root", MODE="0666", TAG+="systemd"
|
||||||
|
KERNEL=="vboxnetctl", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
||||||
|
SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||||
|
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||||
|
SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
||||||
|
SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Since we lack the right setuid binaries, set up a host-only network by default.
|
||||||
|
} (mkIf cfg.addNetworkInterface {
|
||||||
|
systemd.services."vboxnet0" =
|
||||||
|
{ description = "VirtualBox vboxnet0 Interface";
|
||||||
|
requires = [ "dev-vboxnetctl.device" ];
|
||||||
|
after = [ "dev-vboxnetctl.device" ];
|
||||||
|
wantedBy = [ "network.target" "sys-subsystem-net-devices-vboxnet0.device" ];
|
||||||
|
path = [ virtualbox ];
|
||||||
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
serviceConfig.PrivateTmp = true;
|
||||||
|
environment.VBOX_USER_HOME = "/tmp";
|
||||||
|
script =
|
||||||
|
''
|
||||||
|
if ! [ -e /sys/class/net/vboxnet0 ]; then
|
||||||
|
VBoxManage hostonlyif create
|
||||||
|
cat /tmp/VBoxSVC.log >&2
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
postStop =
|
||||||
|
''
|
||||||
|
VBoxManage hostonlyif remove vboxnet0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.interfaces.vboxnet0.ip4 = [ { address = "192.168.56.1"; prefixLength = 24; } ];
|
||||||
|
})]);
|
||||||
|
}
|
|
@ -1,48 +1,8 @@
|
||||||
{ config, lib, pkgs, ... }:
|
let
|
||||||
|
msg = "Importing <nixpkgs/nixos/modules/programs/virtualbox.nix> is "
|
||||||
with lib;
|
+ "deprecated, please use `services.virtualboxHost.enable = true' "
|
||||||
|
+ "instead.";
|
||||||
let virtualbox = config.boot.kernelPackages.virtualbox; in
|
in {
|
||||||
|
config.warnings = [ msg ];
|
||||||
{
|
config.services.virtualboxHost.enable = true;
|
||||||
boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];
|
|
||||||
boot.extraModulePackages = [ virtualbox ];
|
|
||||||
environment.systemPackages = [ virtualbox ];
|
|
||||||
|
|
||||||
users.extraGroups.vboxusers.gid = config.ids.gids.vboxusers;
|
|
||||||
|
|
||||||
services.udev.extraRules =
|
|
||||||
''
|
|
||||||
KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
|
||||||
KERNEL=="vboxdrvu", OWNER="root", GROUP="root", MODE="0666", TAG+="systemd"
|
|
||||||
KERNEL=="vboxnetctl", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
|
||||||
SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
|
||||||
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
|
||||||
SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
|
||||||
SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Since we lack the right setuid binaries, set up a host-only network by default.
|
|
||||||
|
|
||||||
systemd.services."vboxnet0" =
|
|
||||||
{ description = "VirtualBox vboxnet0 Interface";
|
|
||||||
requires = [ "dev-vboxnetctl.device" ];
|
|
||||||
after = [ "dev-vboxnetctl.device" ];
|
|
||||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-vboxnet0.device" ];
|
|
||||||
path = [ virtualbox ];
|
|
||||||
serviceConfig.RemainAfterExit = true;
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
script =
|
|
||||||
''
|
|
||||||
if ! [ -e /sys/class/net/vboxnet0 ]; then
|
|
||||||
VBoxManage hostonlyif create
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
postStop =
|
|
||||||
''
|
|
||||||
VBoxManage hostonlyif remove vboxnet0
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.interfaces.vboxnet0.ip4 = [ { address = "192.168.56.1"; prefixLength = 24; } ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,6 +74,7 @@ in zipModules ([]
|
||||||
++ obsolete [ "environment" "x11Packages" ] [ "environment" "systemPackages" ]
|
++ obsolete [ "environment" "x11Packages" ] [ "environment" "systemPackages" ]
|
||||||
++ obsolete [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]
|
++ obsolete [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]
|
||||||
++ obsolete [ "environment" "nix" ] [ "nix" "package" ]
|
++ obsolete [ "environment" "nix" ] [ "nix" "package" ]
|
||||||
|
++ obsolete [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ]
|
||||||
++ obsolete [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]
|
++ obsolete [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]
|
||||||
|
|
||||||
++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]
|
++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]
|
||||||
|
@ -107,6 +108,12 @@ in zipModules ([]
|
||||||
++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
|
++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
|
||||||
++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ]
|
++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ]
|
||||||
|
|
||||||
|
# VirtualBox
|
||||||
|
++ obsolete [ "services" "virtualbox" "enable" ] [ "services" "virtualboxGuest" "enable" ]
|
||||||
|
|
||||||
|
# proxy
|
||||||
|
++ obsolete [ "nix" "proxy" ] [ "networking" "proxy" "default" ]
|
||||||
|
|
||||||
# KDE
|
# KDE
|
||||||
++ deprecated [ "kde" "extraPackages" ] [ "environment" "kdePackages" ]
|
++ deprecated [ "kde" "extraPackages" ] [ "environment" "kdePackages" ]
|
||||||
# ++ obsolete [ "environment" "kdePackages" ] [ "environment" "systemPackages" ] # !!! doesn't work!
|
# ++ obsolete [ "environment" "kdePackages" ] [ "environment" "systemPackages" ] # !!! doesn't work!
|
||||||
|
@ -131,5 +138,6 @@ in zipModules ([]
|
||||||
++ obsolete' [ "programs" "bash" "enable" ]
|
++ obsolete' [ "programs" "bash" "enable" ]
|
||||||
++ obsolete' [ "services" "samba" "defaultShare" ]
|
++ obsolete' [ "services" "samba" "defaultShare" ]
|
||||||
++ obsolete' [ "services" "syslog-ng" "serviceName" ]
|
++ obsolete' [ "services" "syslog-ng" "serviceName" ]
|
||||||
|
++ obsolete' [ "services" "syslog-ng" "listenToJournal" ]
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
|
@ -16,6 +16,7 @@ with lib;
|
||||||
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||||
# FIXME: unneeded - remove eventually.
|
# FIXME: unneeded - remove eventually.
|
||||||
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
# FIXME: unneeded - remove eventually.
|
||||||
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
|
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -226,8 +226,8 @@ in
|
||||||
[ { assertion = cfg.stable || cfg.testing;
|
[ { assertion = cfg.stable || cfg.testing;
|
||||||
message = ''
|
message = ''
|
||||||
If grsecurity is enabled, you must select either the
|
If grsecurity is enabled, you must select either the
|
||||||
stable patch (with kernel 3.2), or the testing patch (with
|
stable patch (with kernel 3.14), or the testing patch (with
|
||||||
kernel 3.13) to continue.
|
kernel 3.17) to continue.
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
{ assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable);
|
{ assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable);
|
||||||
|
|
|
@ -46,6 +46,14 @@ in
|
||||||
<filename>sudoers</filename> file.
|
<filename>sudoers</filename> file.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.sudo.extraConfig = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
Extra configuration text appended to <filename>sudoers</filename>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -55,7 +63,8 @@ in
|
||||||
|
|
||||||
security.sudo.configFile =
|
security.sudo.configFile =
|
||||||
''
|
''
|
||||||
# Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.
|
# Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
|
||||||
|
# or ‘security.sudo.extraConfig’ instead.
|
||||||
|
|
||||||
# Environment variables to keep for root and %wheel.
|
# Environment variables to keep for root and %wheel.
|
||||||
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
|
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
|
||||||
|
@ -69,6 +78,7 @@ in
|
||||||
|
|
||||||
# Users in the "wheel" group can do anything.
|
# Users in the "wheel" group can do anything.
|
||||||
%wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
|
%wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
|
||||||
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
security.setuidPrograms = [ "sudo" "sudoedit" ];
|
security.setuidPrograms = [ "sudo" "sudoedit" ];
|
||||||
|
@ -80,11 +90,10 @@ in
|
||||||
environment.etc = singleton
|
environment.etc = singleton
|
||||||
{ source =
|
{ source =
|
||||||
pkgs.runCommand "sudoers"
|
pkgs.runCommand "sudoers"
|
||||||
{src = pkgs.writeText "sudoers-in" cfg.configFile; }
|
{ src = pkgs.writeText "sudoers-in" cfg.configFile; }
|
||||||
# Make sure that the sudoers file is syntactically valid.
|
# Make sure that the sudoers file is syntactically valid.
|
||||||
# (currently disabled - NIXOS-66)
|
# (currently disabled - NIXOS-66)
|
||||||
"${pkgs.sudo}/sbin/visudo -f $src -c &&
|
"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
|
||||||
cp $src $out";
|
|
||||||
target = "sudoers";
|
target = "sudoers";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
};
|
};
|
||||||
|
|
74
nixos/modules/services/audio/liquidsoap.nix
Normal file
74
nixos/modules/services/audio/liquidsoap.nix
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
streams = builtins.attrNames config.services.liquidsoap.streams;
|
||||||
|
|
||||||
|
streamService =
|
||||||
|
name:
|
||||||
|
let stream = builtins.getAttr name config.services.liquidsoap.streams; in
|
||||||
|
{ inherit name;
|
||||||
|
value = {
|
||||||
|
after = [ "network-online.target" "sound.target" ];
|
||||||
|
description = "${name} liquidsoap stream";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
path = [ pkgs.wget ];
|
||||||
|
preStart =
|
||||||
|
''
|
||||||
|
mkdir -p /var/log/liquidsoap
|
||||||
|
chown liquidsoap -R /var/log/liquidsoap
|
||||||
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
PermissionsStartOnly="true";
|
||||||
|
ExecStart = "${pkgs.liquidsoap}/bin/liquidsoap ${stream}";
|
||||||
|
User = "liquidsoap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
##### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
|
||||||
|
services.liquidsoap.streams = mkOption {
|
||||||
|
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
Set of Liquidsoap streams to start,
|
||||||
|
one systemd service per stream.
|
||||||
|
'';
|
||||||
|
|
||||||
|
default = {};
|
||||||
|
|
||||||
|
example = {
|
||||||
|
myStream1 = literalExample "\"/etc/liquidsoap/myStream1.liq\"";
|
||||||
|
myStream2 = literalExample "./myStream2.liq";
|
||||||
|
myStream3 = literalExample "\"out(playlist(\"/srv/music/\"))\"";
|
||||||
|
};
|
||||||
|
|
||||||
|
type = types.attrsOf (types.either types.path types.str);
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
##### implementation
|
||||||
|
|
||||||
|
config = mkIf (builtins.length streams != 0) {
|
||||||
|
|
||||||
|
users.extraUsers.liquidsoap = {
|
||||||
|
uid = config.ids.uids.liquidsoap;
|
||||||
|
group = "liquidsoap";
|
||||||
|
extraGroups = [ "audio" ];
|
||||||
|
description = "Liquidsoap streaming user";
|
||||||
|
home = "/var/lib/liquidsoap";
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.liquidsoap.gid = config.ids.gids.liquidsoap;
|
||||||
|
|
||||||
|
systemd.services = builtins.listToAttrs ( map streamService streams );
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -15,7 +15,6 @@ let
|
||||||
state_file "${cfg.dataDir}/state"
|
state_file "${cfg.dataDir}/state"
|
||||||
sticker_file "${cfg.dataDir}/sticker.sql"
|
sticker_file "${cfg.dataDir}/sticker.sql"
|
||||||
log_file "syslog"
|
log_file "syslog"
|
||||||
user "mpd"
|
|
||||||
${if cfg.network.host != "any" then
|
${if cfg.network.host != "any" then
|
||||||
"bind_to_address ${cfg.network.host}" else ""}
|
"bind_to_address ${cfg.network.host}" else ""}
|
||||||
${if cfg.network.port != 6600 then
|
${if cfg.network.port != 6600 then
|
||||||
|
@ -99,6 +98,9 @@ in {
|
||||||
path = [ pkgs.mpd ];
|
path = [ pkgs.mpd ];
|
||||||
preStart = "mkdir -p ${cfg.dataDir} && chown -R mpd:mpd ${cfg.dataDir}";
|
preStart = "mkdir -p ${cfg.dataDir} && chown -R mpd:mpd ${cfg.dataDir}";
|
||||||
script = "exec mpd --no-daemon ${mpdConf}";
|
script = "exec mpd --no-daemon ${mpdConf}";
|
||||||
|
serviceConfig = {
|
||||||
|
User = "mpd";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers.mpd = {
|
users.extraUsers.mpd = {
|
||||||
|
|
|
@ -109,6 +109,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
sqlalchemy_engine_url = mkOption {
|
sqlalchemy_engine_url = mkOption {
|
||||||
|
default = "postgresql:///bacula";
|
||||||
example = ''
|
example = ''
|
||||||
postgresql://bacula:bacula@localhost:5432/bacula
|
postgresql://bacula:bacula@localhost:5432/bacula
|
||||||
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
|
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
|
||||||
|
|
63
nixos/modules/services/backup/crashplan.nix
Normal file
63
nixos/modules/services/backup/crashplan.nix
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.crashplan;
|
||||||
|
crashplan = pkgs.crashplan;
|
||||||
|
varDir = "/var/lib/crashplan";
|
||||||
|
in
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.crashplan = {
|
||||||
|
enable = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
Starts crashplan background service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ crashplan ];
|
||||||
|
|
||||||
|
systemd.services.crashplan = {
|
||||||
|
description = "CrashPlan Backup Engine";
|
||||||
|
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
preStart = ''
|
||||||
|
ensureDir() {
|
||||||
|
dir=$1
|
||||||
|
mode=$2
|
||||||
|
|
||||||
|
if ! test -e $dir; then
|
||||||
|
${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
|
||||||
|
elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
|
||||||
|
${pkgs.coreutils}/bin/chmod $mode $dir
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
ensureDir ${crashplan.vardir} 755
|
||||||
|
ensureDir ${crashplan.vardir}/conf 700
|
||||||
|
ensureDir ${crashplan.manifestdir} 700
|
||||||
|
ensureDir ${crashplan.vardir}/cache 700
|
||||||
|
ensureDir ${crashplan.vardir}/backupArchives 700
|
||||||
|
ensureDir ${crashplan.vardir}/log 777
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "forking";
|
||||||
|
EnvironmentFile = "${crashplan}/bin/run.conf";
|
||||||
|
ExecStart = "${crashplan}/bin/CrashPlanEngine start";
|
||||||
|
ExecStop = "${crashplan}/bin/CrashPlanEngine stop";
|
||||||
|
PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid";
|
||||||
|
WorkingDirectory = crashplan;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -39,11 +39,20 @@ in
|
||||||
as retain options.
|
as retain options.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.rsnapshot;
|
||||||
|
example = literalExample "pkgs.rsnapshotGit";
|
||||||
|
description = ''
|
||||||
|
RSnapshot package to use.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable (let
|
config = mkIf cfg.enable (let
|
||||||
myRsnapshot = pkgs.rsnapshot.override { configFile = rsnapshotCfg; };
|
myRsnapshot = cfg.package.override { configFile = rsnapshotCfg; };
|
||||||
rsnapshotCfg = with pkgs; writeText "gen-rsnapshot.conf" (''
|
rsnapshotCfg = with pkgs; writeText "gen-rsnapshot.conf" (''
|
||||||
config_version 1.2
|
config_version 1.2
|
||||||
cmd_cp ${coreutils}/bin/cp
|
cmd_cp ${coreutils}/bin/cp
|
||||||
|
|
150
nixos/modules/services/cluster/fleet.nix
Normal file
150
nixos/modules/services/cluster/fleet.nix
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.fleet;
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
##### Interface
|
||||||
|
options.services.fleet = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to enable fleet service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
listen = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [ "/var/run/fleet.sock" ];
|
||||||
|
example = [ "/var/run/fleet.sock" "127.0.0.1:49153" ];
|
||||||
|
description = ''
|
||||||
|
Fleet listening addresses.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
etcdServers = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [ "http://127.0.0.1:4001" ];
|
||||||
|
description = ''
|
||||||
|
Fleet list of etcd endpoints to use.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
publicIp = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
Fleet IP address that should be published with the local Machine's
|
||||||
|
state and any socket information. If not set, fleetd will attempt
|
||||||
|
to detect the IP it should publish based on the machine's IP
|
||||||
|
routing information.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
etcdCafile = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Fleet TLS ca file when SSL certificate authentication is enabled
|
||||||
|
in etcd endpoints.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
etcdKeyfile = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Fleet TLS key file when SSL certificate authentication is enabled
|
||||||
|
in etcd endpoints.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
etcdCertfile = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Fleet TLS cert file when SSL certificate authentication is enabled
|
||||||
|
in etcd endpoints.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
metadata = mkOption {
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
default = {};
|
||||||
|
apply = attrs: concatMapStringsSep "," (n: "${n}=${attrs."${n}"}") (attrNames attrs);
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
region = "us-west";
|
||||||
|
az = "us-west-1";
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
Key/value pairs that are published with the local to the fleet registry.
|
||||||
|
This data can be used directly by a client of fleet to make scheduling decisions.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
apply = mapAttrs' (n: v: nameValuePair ("ETCD_" + n) v);
|
||||||
|
default = {};
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
VERBOSITY = 1;
|
||||||
|
ETCD_REQUEST_TIMEOUT = "2.0";
|
||||||
|
AGENT_TTL = "40s";
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
Fleet extra config. See
|
||||||
|
<link xlink:href="https://github.com/coreos/fleet/blob/master/Documentation/deployment-and-configuration.md"/>
|
||||||
|
for configuration options.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
##### Implementation
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.fleet = {
|
||||||
|
description = "Fleet Init System Daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" "fleet.socket" "etcd.service" "docker.service" ];
|
||||||
|
requires = [ "fleet.socket" ];
|
||||||
|
environment = {
|
||||||
|
FLEET_ETCD_SERVERS = concatStringsSep "," cfg.etcdServers;
|
||||||
|
FLEET_PUBLIC_IP = cfg.publicIp;
|
||||||
|
FLEET_ETCD_CAFILE = cfg.etcdCafile;
|
||||||
|
FLEET_ETCD_KEYFILE = cfg.etcdKeyfile;
|
||||||
|
FEELT_ETCD_CERTFILE = cfg.etcdCertfile;
|
||||||
|
FLEET_METADATA = cfg.metadata;
|
||||||
|
} // cfg.extraConfig;
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.fleet}/bin/fleetd";
|
||||||
|
Group = "fleet";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.sockets.fleet = {
|
||||||
|
description = "Fleet Socket for the API";
|
||||||
|
wantedBy = [ "sockets.target" ];
|
||||||
|
listenStreams = cfg.listen;
|
||||||
|
socketConfig = {
|
||||||
|
ListenStream = "/var/run/fleet.sock";
|
||||||
|
SocketMode = "0660";
|
||||||
|
SocketUser = "root";
|
||||||
|
SocketGroup = "fleet";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.etcd.enable = mkDefault true;
|
||||||
|
virtualisation.docker.enable = mkDefault true;
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.fleet ];
|
||||||
|
users.extraGroups.fleet.gid = config.ids.gids.fleet;
|
||||||
|
};
|
||||||
|
}
|
462
nixos/modules/services/cluster/kubernetes.nix
Normal file
462
nixos/modules/services/cluster/kubernetes.nix
Normal file
|
@ -0,0 +1,462 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.kubernetes;
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options.services.kubernetes = {
|
||||||
|
package = mkOption {
|
||||||
|
description = "Kubernetes package to use.";
|
||||||
|
type = types.package;
|
||||||
|
};
|
||||||
|
|
||||||
|
verbose = mkOption {
|
||||||
|
description = "Kubernetes enable verbose mode for debugging";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
etcdServers = mkOption {
|
||||||
|
description = "Kubernetes list of etcd servers to watch.";
|
||||||
|
default = [ "127.0.0.1:4001" ];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
roles = mkOption {
|
||||||
|
description = ''
|
||||||
|
Kubernetes role that this machine should take.
|
||||||
|
|
||||||
|
Master role will enable etcd, apiserver, scheduler and controller manager
|
||||||
|
services. Node role will enable etcd, docker, kubelet and proxy services.
|
||||||
|
'';
|
||||||
|
default = [];
|
||||||
|
type = types.listOf (types.enum ["master" "node"]);
|
||||||
|
};
|
||||||
|
|
||||||
|
dataDir = mkOption {
|
||||||
|
description = "Kubernetes root directory for managing kubelet files.";
|
||||||
|
default = "/var/lib/kubernetes";
|
||||||
|
type = types.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
apiserver = {
|
||||||
|
enable = mkOption {
|
||||||
|
description = "Whether to enable kubernetes apiserver.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
description = "Kubernetes apiserver listening address.";
|
||||||
|
default = "127.0.0.1";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
publicAddress = mkOption {
|
||||||
|
description = ''
|
||||||
|
Kubernetes apiserver public listening address used for read only and
|
||||||
|
secure port.
|
||||||
|
'';
|
||||||
|
default = cfg.apiserver.address;
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
description = "Kubernets apiserver listening port.";
|
||||||
|
default = 8080;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
readOnlyPort = mkOption {
|
||||||
|
description = "Kubernets apiserver read-only port.";
|
||||||
|
default = 7080;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
securePort = mkOption {
|
||||||
|
description = "Kubernetes apiserver secure port.";
|
||||||
|
default = 6443;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
tlsCertFile = mkOption {
|
||||||
|
description = "Kubernetes apiserver certificate file.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
tlsPrivateKeyFile = mkOption {
|
||||||
|
description = "Kubernetes apiserver private key file.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
tokenAuth = mkOption {
|
||||||
|
description = ''
|
||||||
|
Kubernetes apiserver token authentication file. See
|
||||||
|
<link xlink:href="https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authentication.md"/>
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
alice = "abc123";
|
||||||
|
bob = "xyz987";
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
authorizationMode = mkOption {
|
||||||
|
description = ''
|
||||||
|
Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC). See
|
||||||
|
<link xlink:href="https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authorization.md"/>
|
||||||
|
'';
|
||||||
|
default = "AlwaysAllow";
|
||||||
|
type = types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC"];
|
||||||
|
};
|
||||||
|
|
||||||
|
authorizationPolicy = mkOption {
|
||||||
|
description = ''
|
||||||
|
Kubernetes apiserver authorization policy file. See
|
||||||
|
<link xlink:href="https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authorization.md"/>
|
||||||
|
'';
|
||||||
|
default = [];
|
||||||
|
example = literalExample ''
|
||||||
|
[
|
||||||
|
{user = "admin";}
|
||||||
|
{user = "scheduler"; readonly = true; kind= "pods";}
|
||||||
|
{user = "scheduler"; kind = "bindings";}
|
||||||
|
{user = "kubelet"; readonly = true; kind = "bindings";}
|
||||||
|
{user = "kubelet"; kind = "events";}
|
||||||
|
{user= "alice"; ns = "projectCaribou";}
|
||||||
|
{user = "bob"; readonly = true; ns = "projectCaribou";}
|
||||||
|
]
|
||||||
|
'';
|
||||||
|
type = types.listOf types.attrs;
|
||||||
|
};
|
||||||
|
|
||||||
|
allowPrivileged = mkOption {
|
||||||
|
description = "Whether to allow privileged containers on kubernetes.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
portalNet = mkOption {
|
||||||
|
description = "Kubernetes CIDR notation IP range from which to assign portal IPs";
|
||||||
|
default = "10.10.10.10/16";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOpts = mkOption {
|
||||||
|
description = "Kubernetes apiserver extra command line options.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
scheduler = {
|
||||||
|
enable = mkOption {
|
||||||
|
description = "Whether to enable kubernetes scheduler.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
description = "Kubernetes scheduler listening address.";
|
||||||
|
default = "127.0.0.1";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
description = "Kubernets scheduler listening port.";
|
||||||
|
default = 10251;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
master = mkOption {
|
||||||
|
description = "Kubernetes apiserver address";
|
||||||
|
default = "${cfg.apiserver.address}:${toString cfg.apiserver.port}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOpts = mkOption {
|
||||||
|
description = "Kubernetes scheduler extra command line options.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
controllerManager = {
|
||||||
|
enable = mkOption {
|
||||||
|
description = "Whether to enable kubernetes controller manager.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
description = "Kubernetes controller manager listening address.";
|
||||||
|
default = "127.0.0.1";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
description = "Kubernets controller manager listening port.";
|
||||||
|
default = 10252;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
master = mkOption {
|
||||||
|
description = "Kubernetes apiserver address";
|
||||||
|
default = "${cfg.apiserver.address}:${toString cfg.apiserver.port}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
machines = mkOption {
|
||||||
|
description = "Kubernetes apiserver list of machines to schedule to schedule onto";
|
||||||
|
default = [];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOpts = mkOption {
|
||||||
|
description = "Kubernetes scheduler extra command line options.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
kubelet = {
|
||||||
|
enable = mkOption {
|
||||||
|
description = "Whether to enable kubernetes kubelet.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
description = "Kubernetes kubelet info server listening address.";
|
||||||
|
default = "0.0.0.0";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
description = "Kubernets kubelet info server listening port.";
|
||||||
|
default = 10250;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
hostname = mkOption {
|
||||||
|
description = "Kubernetes kubelet hostname override";
|
||||||
|
default = config.networking.hostName;
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
allowPrivileged = mkOption {
|
||||||
|
description = "Whether to allow kubernetes containers to request privileged mode.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOpts = mkOption {
|
||||||
|
description = "Kubernetes kubelet extra command line options.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
proxy = {
|
||||||
|
enable = mkOption {
|
||||||
|
description = "Whether to enable kubernetes proxy.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
description = "Kubernetes proxy listening address.";
|
||||||
|
default = "0.0.0.0";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOpts = mkOption {
|
||||||
|
description = "Kubernetes proxy extra command line options.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkMerge [
|
||||||
|
(mkIf cfg.apiserver.enable {
|
||||||
|
systemd.services.kubernetes-apiserver = {
|
||||||
|
description = "Kubernetes Api Server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-interfaces.target" "etcd.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = let
|
||||||
|
authorizationPolicyFile =
|
||||||
|
pkgs.writeText "kubernetes-policy"
|
||||||
|
(builtins.toJSON cfg.apiserver.authorizationPolicy);
|
||||||
|
tokenAuthFile =
|
||||||
|
pkgs.writeText "kubernetes-auth"
|
||||||
|
(concatImapStringsSep "\n" (i: v: v + "," + (toString i))
|
||||||
|
(mapAttrsToList (name: token: token + "," + name) cfg.apiserver.tokenAuth));
|
||||||
|
in ''${cfg.package}/bin/kube-apiserver \
|
||||||
|
-etcd_servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \
|
||||||
|
-address=${cfg.apiserver.address} \
|
||||||
|
-port=${toString cfg.apiserver.port} \
|
||||||
|
-read_only_port=${toString cfg.apiserver.readOnlyPort} \
|
||||||
|
-public_address_override=${cfg.apiserver.publicAddress} \
|
||||||
|
-allow_privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \
|
||||||
|
${optionalString (cfg.apiserver.tlsCertFile!="")
|
||||||
|
"-tls_cert_file=${cfg.apiserver.tlsCertFile}"} \
|
||||||
|
${optionalString (cfg.apiserver.tlsPrivateKeyFile!="")
|
||||||
|
"-tls_private_key_file=${cfg.apiserver.tlsPrivateKeyFile}"} \
|
||||||
|
${optionalString (cfg.apiserver.tokenAuth!=[])
|
||||||
|
"-token_auth_file=${tokenAuthFile}"} \
|
||||||
|
-authorization_mode=${cfg.apiserver.authorizationMode} \
|
||||||
|
${optionalString (cfg.apiserver.authorizationMode == "ABAC")
|
||||||
|
"-authorization_policy_file=${authorizationPolicyFile}"} \
|
||||||
|
${optionalString (cfg.apiserver.tlsCertFile!="" && cfg.apiserver.tlsCertFile!="")
|
||||||
|
"-secure_port=${toString cfg.apiserver.securePort}"} \
|
||||||
|
-portal_net=${cfg.apiserver.portalNet} \
|
||||||
|
-logtostderr=true \
|
||||||
|
${optionalString cfg.verbose "-v=6 -log_flush_frequency=1s"} \
|
||||||
|
${cfg.apiserver.extraOpts}
|
||||||
|
'';
|
||||||
|
User = "kubernetes";
|
||||||
|
};
|
||||||
|
postStart = ''
|
||||||
|
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.apiserver.address}:${toString cfg.apiserver.port}/'; do
|
||||||
|
sleep 1;
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf cfg.scheduler.enable {
|
||||||
|
systemd.services.kubernetes-scheduler = {
|
||||||
|
description = "Kubernetes Scheduler Service";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-interfaces.target" "kubernetes-apiserver.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''${cfg.package}/bin/kube-scheduler \
|
||||||
|
-address=${cfg.scheduler.address} \
|
||||||
|
-port=${toString cfg.scheduler.port} \
|
||||||
|
-master=${cfg.scheduler.master} \
|
||||||
|
-logtostderr=true \
|
||||||
|
${optionalString cfg.verbose "-v=6 -log_flush_frequency=1s"} \
|
||||||
|
${cfg.scheduler.extraOpts}
|
||||||
|
'';
|
||||||
|
User = "kubernetes";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf cfg.controllerManager.enable {
|
||||||
|
systemd.services.kubernetes-controller-manager = {
|
||||||
|
description = "Kubernetes Controller Manager Service";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-interfaces.target" "kubernetes-apiserver.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''${cfg.package}/bin/kube-controller-manager \
|
||||||
|
-address=${cfg.controllerManager.address} \
|
||||||
|
-port=${toString cfg.controllerManager.port} \
|
||||||
|
-master=${cfg.controllerManager.master} \
|
||||||
|
${optionalString (cfg.controllerManager.machines != [])
|
||||||
|
"-machines=${concatStringsSep "," cfg.controllerManager.machines}"} \
|
||||||
|
-logtostderr=true \
|
||||||
|
${optionalString cfg.verbose "-v=6 -log_flush_frequency=1s"} \
|
||||||
|
${cfg.controllerManager.extraOpts}
|
||||||
|
'';
|
||||||
|
User = "kubernetes";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf cfg.kubelet.enable {
|
||||||
|
systemd.services.kubernetes-kubelet = {
|
||||||
|
description = "Kubernetes Kubelet Service";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-interfaces.target" "etcd.service" "docker.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''${cfg.package}/bin/kubelet \
|
||||||
|
-etcd_servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \
|
||||||
|
-address=${cfg.kubelet.address} \
|
||||||
|
-port=${toString cfg.kubelet.port} \
|
||||||
|
-hostname_override=${cfg.kubelet.hostname} \
|
||||||
|
-allow_privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \
|
||||||
|
-root_dir=${cfg.dataDir} \
|
||||||
|
-logtostderr=true \
|
||||||
|
${optionalString cfg.verbose "-v=6 -log_flush_frequency=1s"} \
|
||||||
|
${cfg.kubelet.extraOpts}
|
||||||
|
'';
|
||||||
|
User = "kubernetes";
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
WorkingDirectory = cfg.dataDir;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf cfg.proxy.enable {
|
||||||
|
systemd.services.kubernetes-proxy = {
|
||||||
|
description = "Kubernetes Proxy Service";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-interfaces.target" "etcd.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''${cfg.package}/bin/kube-proxy \
|
||||||
|
-etcd_servers=${concatMapStringsSep "," (s: "http://${s}") cfg.etcdServers} \
|
||||||
|
-bind_address=${cfg.proxy.address} \
|
||||||
|
-logtostderr=true \
|
||||||
|
${optionalString cfg.verbose "-v=6 -log_flush_frequency=1s"} \
|
||||||
|
${cfg.proxy.extraOpts}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf (any (el: el == "master") cfg.roles) {
|
||||||
|
services.kubernetes.apiserver.enable = mkDefault true;
|
||||||
|
services.kubernetes.scheduler.enable = mkDefault true;
|
||||||
|
services.kubernetes.controllerManager.enable = mkDefault true;
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf (any (el: el == "node") cfg.roles) {
|
||||||
|
virtualisation.docker.enable = mkDefault true;
|
||||||
|
services.kubernetes.kubelet.enable = mkDefault true;
|
||||||
|
services.kubernetes.proxy.enable = mkDefault true;
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf (any (el: el == "node" || el == "master") cfg.roles) {
|
||||||
|
services.etcd.enable = mkDefault true;
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf (
|
||||||
|
cfg.apiserver.enable ||
|
||||||
|
cfg.scheduler.enable ||
|
||||||
|
cfg.controllerManager.enable ||
|
||||||
|
cfg.kubelet.enable ||
|
||||||
|
cfg.proxy.enable
|
||||||
|
) {
|
||||||
|
services.kubernetes.package = mkDefault pkgs.kubernetes;
|
||||||
|
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
users.extraUsers = singleton {
|
||||||
|
name = "kubernetes";
|
||||||
|
uid = config.ids.uids.kubernetes;
|
||||||
|
description = "Kubernetes user";
|
||||||
|
extraGroups = [ "docker" ];
|
||||||
|
group = "kubernetes";
|
||||||
|
home = cfg.dataDir;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
users.extraGroups.kubernetes.gid = config.ids.gids.kubernetes;
|
||||||
|
})
|
||||||
|
|
||||||
|
];
|
||||||
|
}
|
|
@ -56,14 +56,13 @@ with lib;
|
||||||
{ name = endpointUser;
|
{ name = endpointUser;
|
||||||
uid = config.ids.uids.fourstorehttp;
|
uid = config.ids.uids.fourstorehttp;
|
||||||
description = "4Store SPARQL endpoint user";
|
description = "4Store SPARQL endpoint user";
|
||||||
# home = stateDir;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.avahi.enable = true;
|
services.avahi.enable = true;
|
||||||
|
|
||||||
jobs.fourStoreEndpoint = {
|
jobs.fourStoreEndpoint = {
|
||||||
name = "4store-endpoint";
|
name = "4store-endpoint";
|
||||||
startOn = "filesystem";
|
startOn = "ip-up";
|
||||||
|
|
||||||
exec = ''
|
exec = ''
|
||||||
${run} '${pkgs.rdf4store}/bin/4s-httpd -D ${cfg.options} ${if cfg.listenAddress!=null then "-H ${cfg.listenAddress}" else "" } -p ${toString cfg.port} ${cfg.database}'
|
${run} '${pkgs.rdf4store}/bin/4s-httpd -D ${cfg.options} ${if cfg.listenAddress!=null then "-H ${cfg.listenAddress}" else "" } -p ${toString cfg.port} ${cfg.database}'
|
||||||
|
|
|
@ -54,7 +54,7 @@ with lib;
|
||||||
|
|
||||||
jobs.fourStore = {
|
jobs.fourStore = {
|
||||||
name = "4store";
|
name = "4store";
|
||||||
startOn = "filesystem";
|
startOn = "ip-up";
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p ${stateDir}/
|
mkdir -p ${stateDir}/
|
||||||
|
|
133
nixos/modules/services/databases/hbase.nix
Normal file
133
nixos/modules/services/databases/hbase.nix
Normal file
|
@ -0,0 +1,133 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.hbase;
|
||||||
|
|
||||||
|
configFile = pkgs.writeText "hbase-site.xml" ''
|
||||||
|
<configuration>
|
||||||
|
<property>
|
||||||
|
<name>hbase.rootdir</name>
|
||||||
|
<value>file://${cfg.dataDir}/hbase</value>
|
||||||
|
</property>
|
||||||
|
<property>
|
||||||
|
<name>hbase.zookeeper.property.dataDir</name>
|
||||||
|
<value>${cfg.dataDir}/zookeeper</value>
|
||||||
|
</property>
|
||||||
|
</configuration>
|
||||||
|
'';
|
||||||
|
|
||||||
|
configDir = pkgs.runCommand "hbase-config-dir" {} ''
|
||||||
|
mkdir -p $out
|
||||||
|
cp ${cfg.package}/conf/* $out/
|
||||||
|
rm $out/hbase-site.xml
|
||||||
|
ln -s ${configFile} $out/hbase-site.xml
|
||||||
|
'' ;
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
|
||||||
|
services.hbase = {
|
||||||
|
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to run HBase.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.hbase;
|
||||||
|
example = literalExample "pkgs.hbase";
|
||||||
|
description = ''
|
||||||
|
HBase package to use.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "hbase";
|
||||||
|
description = ''
|
||||||
|
User account under which HBase runs.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "hbase";
|
||||||
|
description = ''
|
||||||
|
Group account under which HBase runs.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
dataDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/lib/hbase";
|
||||||
|
description = ''
|
||||||
|
Specifies location of HBase database files. This location should be
|
||||||
|
writable and readable for the user the HBase service runs as
|
||||||
|
(hbase by default).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
logDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/log/hbase";
|
||||||
|
description = ''
|
||||||
|
Specifies the location of HBase log files.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkIf config.services.hbase.enable {
|
||||||
|
|
||||||
|
systemd.services.hbase = {
|
||||||
|
description = "HBase Server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
JAVA_HOME = "${pkgs.jre}";
|
||||||
|
HBASE_LOG_DIR = cfg.logDir;
|
||||||
|
};
|
||||||
|
|
||||||
|
preStart =
|
||||||
|
''
|
||||||
|
mkdir -p ${cfg.dataDir};
|
||||||
|
mkdir -p ${cfg.logDir};
|
||||||
|
|
||||||
|
if [ "$(id -u)" = 0 ]; then
|
||||||
|
chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
|
||||||
|
chown ${cfg.user}:${cfg.group} ${cfg.logDir}
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
|
ExecStart = "${cfg.package}/bin/hbase --config ${configDir} master start";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraUsers.hbase = {
|
||||||
|
description = "HBase Server user";
|
||||||
|
group = "hbase";
|
||||||
|
uid = config.ids.uids.hbase;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.hbase.gid = config.ids.gids.hbase;
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
100
nixos/modules/services/databases/opentsdb.nix
Normal file
100
nixos/modules/services/databases/opentsdb.nix
Normal file
|
@ -0,0 +1,100 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.opentsdb;
|
||||||
|
|
||||||
|
configFile = pkgs.writeText "opentsdb.conf" ''
|
||||||
|
tsd.core.auto_create_metrics = true
|
||||||
|
tsd.http.request.enable_chunked = true
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
|
||||||
|
services.opentsdb = {
|
||||||
|
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to run OpenTSDB.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.opentsdb;
|
||||||
|
example = literalExample "pkgs.opentsdb";
|
||||||
|
description = ''
|
||||||
|
OpenTSDB package to use.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "opentsdb";
|
||||||
|
description = ''
|
||||||
|
User account under which OpenTSDB runs.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "opentsdb";
|
||||||
|
description = ''
|
||||||
|
Group account under which OpenTSDB runs.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 4242;
|
||||||
|
description = ''
|
||||||
|
Which port OpenTSDB listens on.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkIf config.services.opentsdb.enable {
|
||||||
|
|
||||||
|
systemd.services.opentsdb = {
|
||||||
|
description = "OpenTSDB Server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
requires = [ "hbase.service" ];
|
||||||
|
|
||||||
|
environment.JAVA_HOME = "${pkgs.jre}";
|
||||||
|
path = [ pkgs.gnuplot ];
|
||||||
|
|
||||||
|
preStart =
|
||||||
|
''
|
||||||
|
COMPRESSION=NONE HBASE_HOME=${config.services.hbase.package} ${cfg.package}/share/opentsdb/tools/create_table.sh
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
|
ExecStart = "${cfg.package}/bin/tsdb tsd --staticroot=${cfg.package}/share/opentsdb/static --cachedir=/tmp/opentsdb --port=${toString cfg.port} --config=${configFile}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraUsers.opentsdb = {
|
||||||
|
description = "OpenTSDB Server user";
|
||||||
|
group = "opentsdb";
|
||||||
|
uid = config.ids.uids.opentsdb;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.opentsdb.gid = config.ids.gids.opentsdb;
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -63,7 +63,7 @@ with lib;
|
||||||
|
|
||||||
jobs.virtuoso = {
|
jobs.virtuoso = {
|
||||||
name = "virtuoso";
|
name = "virtuoso";
|
||||||
startOn = "filesystem";
|
startOn = "ip-up";
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p ${stateDir}
|
mkdir -p ${stateDir}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# gvfs backends
|
# gvfs backends
|
||||||
|
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
|
@ -37,6 +37,8 @@ in
|
||||||
|
|
||||||
services.dbus.packages = [ gnome3.gvfs ];
|
services.dbus.packages = [ gnome3.gvfs ];
|
||||||
|
|
||||||
|
services.udev.packages = [ pkgs.libmtp ];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
139
nixos/modules/services/desktops/profile-sync-daemon.nix
Normal file
139
nixos/modules/services/desktops/profile-sync-daemon.nix
Normal file
|
@ -0,0 +1,139 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.psd;
|
||||||
|
|
||||||
|
configFile = ''
|
||||||
|
${optionalString (cfg.users != [ ]) ''
|
||||||
|
USERS="${concatStringsSep " " cfg.users}"
|
||||||
|
''}
|
||||||
|
|
||||||
|
${optionalString (cfg.browsers != [ ]) ''
|
||||||
|
BROWSERS="${concatStringsSep " " cfg.browsers}"
|
||||||
|
''}
|
||||||
|
|
||||||
|
${optionalString (cfg.volatile != "") "VOLATILE=${cfg.volatile}"}
|
||||||
|
${optionalString (cfg.daemonFile != "") "DAEMON_FILE=${cfg.daemonFile}"}
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
options.services.psd = with types; {
|
||||||
|
enable = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to enable the Profile Sync daemon.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
users = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default = [ ];
|
||||||
|
example = [ "demo" ];
|
||||||
|
description = ''
|
||||||
|
A list of users whose browser profiles should be sync'd to tmpfs.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
browsers = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default = [ ];
|
||||||
|
example = [ "chromium" "firefox" ];
|
||||||
|
description = ''
|
||||||
|
A list of browsers to sync. Available choices are:
|
||||||
|
|
||||||
|
chromium chromium-dev conkeror.mozdev.org epiphany firefox
|
||||||
|
firefox-trunk google-chrome google-chrome-beta google-chrome-unstable
|
||||||
|
heftig-aurora icecat luakit midori opera opera-developer opera-beta
|
||||||
|
qupzilla palemoon rekonq seamonkey
|
||||||
|
|
||||||
|
An empty list will enable all browsers.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
resyncTimer = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "1h";
|
||||||
|
example = "1h 30min";
|
||||||
|
description = ''
|
||||||
|
The amount of time to wait before syncing browser profiles back to the
|
||||||
|
disk.
|
||||||
|
|
||||||
|
Takes a systemd.unit time span. The time unit defaults to seconds if
|
||||||
|
omitted.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
volatile = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "/run/psd-profiles";
|
||||||
|
description = ''
|
||||||
|
The directory where browser profiles should reside(this should be
|
||||||
|
mounted as a tmpfs). Do not include a trailing backslash.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
daemonFile = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "/run/psd";
|
||||||
|
description = ''
|
||||||
|
Where the pid and backup configuration files will be stored.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd = {
|
||||||
|
services = {
|
||||||
|
psd = {
|
||||||
|
description = "Profile Sync daemon";
|
||||||
|
wants = [ "psd-resync.service" "local-fs.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
preStart = "mkdir -p ${cfg.volatile}";
|
||||||
|
|
||||||
|
path = with pkgs; [ glibc rsync gawk ];
|
||||||
|
|
||||||
|
unitConfig = {
|
||||||
|
RequiresMountsFor = [ "/home/" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = "yes";
|
||||||
|
ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon sync";
|
||||||
|
ExecStop = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon unsync";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
psd-resync = {
|
||||||
|
description = "Timed profile resync";
|
||||||
|
after = [ "psd.service" ];
|
||||||
|
wants = [ "psd-resync.timer" ];
|
||||||
|
partOf = [ "psd.service" ];
|
||||||
|
|
||||||
|
path = with pkgs; [ glibc rsync gawk ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
timers.psd-resync = {
|
||||||
|
description = "Timer for profile sync daemon - ${cfg.resyncTimer}";
|
||||||
|
partOf = [ "psd-resync.service" "psd.service" ];
|
||||||
|
|
||||||
|
timerConfig = {
|
||||||
|
OnUnitActiveSec = "${cfg.resyncTimer}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc."psd.conf".text = configFile;
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -19,6 +19,8 @@ in {
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
services.dbus.packages = [ pkgs.thermald ];
|
||||||
|
|
||||||
systemd.services.thermald = {
|
systemd.services.thermald = {
|
||||||
description = "Thermal Daemon Service";
|
description = "Thermal Daemon Service";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
|
@ -31,6 +31,7 @@ let
|
||||||
buildCommand = ''
|
buildCommand = ''
|
||||||
mkdir -p $out
|
mkdir -p $out
|
||||||
shopt -s nullglob
|
shopt -s nullglob
|
||||||
|
set +o pipefail
|
||||||
|
|
||||||
# Set a reasonable $PATH for programs called by udev rules.
|
# Set a reasonable $PATH for programs called by udev rules.
|
||||||
echo 'ENV{PATH}="${udevPath}/bin:${udevPath}/sbin"' > $out/00-path.rules
|
echo 'ENV{PATH}="${udevPath}/bin:${udevPath}/sbin"' > $out/00-path.rules
|
||||||
|
@ -87,7 +88,7 @@ let
|
||||||
done
|
done
|
||||||
|
|
||||||
${optionalString config.networking.usePredictableInterfaceNames ''
|
${optionalString config.networking.usePredictableInterfaceNames ''
|
||||||
cp ${./80-net-name-slot.rules} $out/80-net-name-slot.rules
|
cp ${./80-net-setup-link.rules} $out/80-net-setup-link.rules
|
||||||
''}
|
''}
|
||||||
|
|
||||||
# If auto-configuration is disabled, then remove
|
# If auto-configuration is disabled, then remove
|
||||||
|
|
|
@ -7,6 +7,13 @@ let
|
||||||
pluginPath = lib.concatStringsSep ":" cfg.plugins;
|
pluginPath = lib.concatStringsSep ":" cfg.plugins;
|
||||||
havePluginPath = lib.length cfg.plugins > 0;
|
havePluginPath = lib.length cfg.plugins > 0;
|
||||||
ops = lib.optionalString;
|
ops = lib.optionalString;
|
||||||
|
verbosityFlag = {
|
||||||
|
debug = "--debug";
|
||||||
|
info = "--verbose";
|
||||||
|
warn = ""; # intentionally empty
|
||||||
|
error = "--quiet";
|
||||||
|
fatal = "--silent";
|
||||||
|
}."${cfg.logLevel}";
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
|
@ -37,6 +44,12 @@ in
|
||||||
description = "The paths to find other logstash plugins in.";
|
description = "The paths to find other logstash plugins in.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
logLevel = mkOption {
|
||||||
|
type = types.enum [ "debug" "info" "warn" "error" "fatal" ];
|
||||||
|
default = "warn";
|
||||||
|
description = "Logging verbosity level.";
|
||||||
|
};
|
||||||
|
|
||||||
watchdogTimeout = mkOption {
|
watchdogTimeout = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 10;
|
default = 10;
|
||||||
|
@ -124,6 +137,7 @@ in
|
||||||
"${cfg.package}/bin/logstash agent " +
|
"${cfg.package}/bin/logstash agent " +
|
||||||
"-w ${toString cfg.filterWorkers} " +
|
"-w ${toString cfg.filterWorkers} " +
|
||||||
ops havePluginPath "--pluginpath ${pluginPath} " +
|
ops havePluginPath "--pluginpath ${pluginPath} " +
|
||||||
|
"${verbosityFlag} " +
|
||||||
"--watchdog-timeout ${toString cfg.watchdogTimeout} " +
|
"--watchdog-timeout ${toString cfg.watchdogTimeout} " +
|
||||||
"-f ${writeText "logstash.conf" ''
|
"-f ${writeText "logstash.conf" ''
|
||||||
input {
|
input {
|
||||||
|
|
|
@ -43,15 +43,6 @@ in {
|
||||||
The package providing syslog-ng binaries.
|
The package providing syslog-ng binaries.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
listenToJournal = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = true;
|
|
||||||
description = ''
|
|
||||||
Whether syslog-ng should listen to the syslog socket used
|
|
||||||
by journald, and therefore receive all logs that journald
|
|
||||||
produces.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
extraModulePaths = mkOption {
|
extraModulePaths = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [];
|
default = [];
|
||||||
|
@ -74,7 +65,7 @@ in {
|
||||||
configHeader = mkOption {
|
configHeader = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = ''
|
default = ''
|
||||||
@version: 3.5
|
@version: 3.6
|
||||||
@include "scl.conf"
|
@include "scl.conf"
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -86,18 +77,13 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.sockets.syslog = mkIf cfg.listenToJournal {
|
|
||||||
wantedBy = [ "sockets.target" ];
|
|
||||||
socketConfig.Service = "syslog-ng.service";
|
|
||||||
};
|
|
||||||
systemd.services.syslog-ng = {
|
systemd.services.syslog-ng = {
|
||||||
description = "syslog-ng daemon";
|
description = "syslog-ng daemon";
|
||||||
preStart = "mkdir -p /{var,run}/syslog-ng";
|
preStart = "mkdir -p /{var,run}/syslog-ng";
|
||||||
wantedBy = optional (!cfg.listenToJournal) "multi-user.target";
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "multi-user.target" ]; # makes sure hostname etc is set
|
after = [ "multi-user.target" ]; # makes sure hostname etc is set
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
Sockets = if cfg.listenToJournal then "syslog.socket" else null;
|
|
||||||
StandardOutput = "null";
|
StandardOutput = "null";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
ExecStart = "${cfg.package}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}";
|
ExecStart = "${cfg.package}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}";
|
||||||
|
|
|
@ -84,7 +84,7 @@ in
|
||||||
startOn = "started network-interfaces";
|
startOn = "started network-interfaces";
|
||||||
stopOn = "stopping network-interfaces";
|
stopOn = "stopping network-interfaces";
|
||||||
|
|
||||||
path = [ pkgs.nfsUtils pkgs.sshfsFuse ];
|
path = [ pkgs.nfs-utils pkgs.sshfsFuse ];
|
||||||
|
|
||||||
preStop =
|
preStop =
|
||||||
''
|
''
|
||||||
|
|
206
nixos/modules/services/misc/defaultUnicornConfig.rb
Normal file
206
nixos/modules/services/misc/defaultUnicornConfig.rb
Normal file
|
@ -0,0 +1,206 @@
|
||||||
|
# The following was taken from github.com/crohr/syslogger and is BSD
|
||||||
|
# licensed.
|
||||||
|
require 'syslog'
|
||||||
|
require 'logger'
|
||||||
|
require 'thread'
|
||||||
|
|
||||||
|
class Syslogger
|
||||||
|
|
||||||
|
VERSION = "1.6.0"
|
||||||
|
|
||||||
|
attr_reader :level, :ident, :options, :facility, :max_octets
|
||||||
|
attr_accessor :formatter
|
||||||
|
|
||||||
|
MAPPING = {
|
||||||
|
Logger::DEBUG => Syslog::LOG_DEBUG,
|
||||||
|
Logger::INFO => Syslog::LOG_INFO,
|
||||||
|
Logger::WARN => Syslog::LOG_WARNING,
|
||||||
|
Logger::ERROR => Syslog::LOG_ERR,
|
||||||
|
Logger::FATAL => Syslog::LOG_CRIT,
|
||||||
|
Logger::UNKNOWN => Syslog::LOG_ALERT
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Initializes default options for the logger
|
||||||
|
# <tt>ident</tt>:: the name of your program [default=$0].
|
||||||
|
# <tt>options</tt>:: syslog options [default=<tt>Syslog::LOG_PID | Syslog::LOG_CONS</tt>].
|
||||||
|
# Correct values are:
|
||||||
|
# LOG_CONS : writes the message on the console if an error occurs when sending the message;
|
||||||
|
# LOG_NDELAY : no delay before sending the message;
|
||||||
|
# LOG_PERROR : messages will also be written on STDERR;
|
||||||
|
# LOG_PID : adds the process number to the message (just after the program name)
|
||||||
|
# <tt>facility</tt>:: the syslog facility [default=nil] Correct values include:
|
||||||
|
# Syslog::LOG_DAEMON
|
||||||
|
# Syslog::LOG_USER
|
||||||
|
# Syslog::LOG_SYSLOG
|
||||||
|
# Syslog::LOG_LOCAL2
|
||||||
|
# Syslog::LOG_NEWS
|
||||||
|
# etc.
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
# logger = Syslogger.new("my_app", Syslog::LOG_PID | Syslog::LOG_CONS, Syslog::LOG_LOCAL0)
|
||||||
|
# logger.level = Logger::INFO # use Logger levels
|
||||||
|
# logger.warn "warning message"
|
||||||
|
# logger.debug "debug message"
|
||||||
|
#
|
||||||
|
def initialize(ident = $0, options = Syslog::LOG_PID | Syslog::LOG_CONS, facility = nil)
|
||||||
|
@ident = ident
|
||||||
|
@options = options || (Syslog::LOG_PID | Syslog::LOG_CONS)
|
||||||
|
@facility = facility
|
||||||
|
@level = Logger::INFO
|
||||||
|
@mutex = Mutex.new
|
||||||
|
@formatter = Logger::Formatter.new
|
||||||
|
end
|
||||||
|
|
||||||
|
%w{debug info warn error fatal unknown}.each do |logger_method|
|
||||||
|
# Accepting *args as message could be nil.
|
||||||
|
# Default params not supported in ruby 1.8.7
|
||||||
|
define_method logger_method.to_sym do |*args, &block|
|
||||||
|
return true if @level > Logger.const_get(logger_method.upcase)
|
||||||
|
message = args.first || block && block.call
|
||||||
|
add(Logger.const_get(logger_method.upcase), message)
|
||||||
|
end
|
||||||
|
|
||||||
|
unless logger_method == 'unknown'
|
||||||
|
define_method "#{logger_method}?".to_sym do
|
||||||
|
@level <= Logger.const_get(logger_method.upcase)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Log a message at the Logger::INFO level. Useful for use with Rack::CommonLogger
|
||||||
|
def write(msg)
|
||||||
|
add(Logger::INFO, msg)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Logs a message at the Logger::INFO level.
|
||||||
|
def <<(msg)
|
||||||
|
add(Logger::INFO, msg)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Low level method to add a message.
|
||||||
|
# +severity+:: the level of the message. One of Logger::DEBUG, Logger::INFO, Logger::WARN, Logger::ERROR, Logger::FATAL, Logger::UNKNOWN
|
||||||
|
# +message+:: the message string.
|
||||||
|
# If nil, the method will call the block and use the result as the message string.
|
||||||
|
# If both are nil or no block is given, it will use the progname as per the behaviour of both the standard Ruby logger, and the Rails BufferedLogger.
|
||||||
|
# +progname+:: optionally, overwrite the program name that appears in the log message.
|
||||||
|
def add(severity, message = nil, progname = nil, &block)
|
||||||
|
if message.nil? && block.nil? && !progname.nil?
|
||||||
|
message, progname = progname, nil
|
||||||
|
end
|
||||||
|
progname ||= @ident
|
||||||
|
|
||||||
|
@mutex.synchronize do
|
||||||
|
Syslog.open(progname, @options, @facility) do |s|
|
||||||
|
s.mask = Syslog::LOG_UPTO(MAPPING[@level])
|
||||||
|
communication = clean(message || block && block.call)
|
||||||
|
if self.max_octets
|
||||||
|
buffer = "#{tags_text}"
|
||||||
|
communication.bytes do |byte|
|
||||||
|
buffer.concat(byte)
|
||||||
|
# if the last byte we added is potentially part of an escape, we'll go ahead and add another byte
|
||||||
|
if buffer.bytesize >= self.max_octets && !['%'.ord,'\\'.ord].include?(byte)
|
||||||
|
s.log(MAPPING[severity],buffer)
|
||||||
|
buffer = ""
|
||||||
|
end
|
||||||
|
end
|
||||||
|
s.log(MAPPING[severity],buffer) unless buffer.empty?
|
||||||
|
else
|
||||||
|
s.log(MAPPING[severity],"#{tags_text}#{communication}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Set the max octets of the messages written to the log
|
||||||
|
def max_octets=(max_octets)
|
||||||
|
@max_octets = max_octets
|
||||||
|
end
|
||||||
|
|
||||||
|
# Sets the minimum level for messages to be written in the log.
|
||||||
|
# +level+:: one of <tt>Logger::DEBUG</tt>, <tt>Logger::INFO</tt>, <tt>Logger::WARN</tt>, <tt>Logger::ERROR</tt>, <tt>Logger::FATAL</tt>, <tt>Logger::UNKNOWN</tt>
|
||||||
|
def level=(level)
|
||||||
|
level = Logger.const_get(level.to_s.upcase) if level.is_a?(Symbol)
|
||||||
|
|
||||||
|
unless level.is_a?(Fixnum)
|
||||||
|
raise ArgumentError.new("Invalid logger level `#{level.inspect}`")
|
||||||
|
end
|
||||||
|
|
||||||
|
@level = level
|
||||||
|
end
|
||||||
|
|
||||||
|
# Sets the ident string passed along to Syslog
|
||||||
|
def ident=(ident)
|
||||||
|
@ident = ident
|
||||||
|
end
|
||||||
|
|
||||||
|
# Tagging code borrowed from ActiveSupport gem
|
||||||
|
def tagged(*tags)
|
||||||
|
new_tags = push_tags(*tags)
|
||||||
|
yield self
|
||||||
|
ensure
|
||||||
|
pop_tags(new_tags.size)
|
||||||
|
end
|
||||||
|
|
||||||
|
def push_tags(*tags)
|
||||||
|
tags.flatten.reject{ |i| i.respond_to?(:empty?) ? i.empty? : !i }.tap do |new_tags|
|
||||||
|
current_tags.concat new_tags
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def pop_tags(size = 1)
|
||||||
|
current_tags.pop size
|
||||||
|
end
|
||||||
|
|
||||||
|
def clear_tags!
|
||||||
|
current_tags.clear
|
||||||
|
end
|
||||||
|
|
||||||
|
protected
|
||||||
|
|
||||||
|
# Borrowed from SyslogLogger.
|
||||||
|
def clean(message)
|
||||||
|
message = message.to_s.dup
|
||||||
|
message.strip! # remove whitespace
|
||||||
|
message.gsub!(/\n/, '\\n') # escape newlines
|
||||||
|
message.gsub!(/%/, '%%') # syslog(3) freaks on % (printf)
|
||||||
|
message.gsub!(/\e\[[^m]*m/, '') # remove useless ansi color codes
|
||||||
|
message
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def tags_text
|
||||||
|
tags = current_tags
|
||||||
|
if tags.any?
|
||||||
|
tags.collect { |tag| "[#{tag}] " }.join
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def current_tags
|
||||||
|
Thread.current[:syslogger_tagged_logging_tags] ||= []
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
worker_processes 2
|
||||||
|
working_directory ENV["GITLAB_PATH"]
|
||||||
|
pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid"
|
||||||
|
|
||||||
|
listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024
|
||||||
|
listen "127.0.0.1:8080", :tcp_nopush => true
|
||||||
|
|
||||||
|
timeout 60
|
||||||
|
|
||||||
|
logger Syslogger.new
|
||||||
|
|
||||||
|
preload_app true
|
||||||
|
|
||||||
|
GC.respond_to?(:copy_on_write_friendly=) and
|
||||||
|
GC.copy_on_write_friendly = true
|
||||||
|
|
||||||
|
check_client_connection false
|
||||||
|
|
||||||
|
after_fork do |server, worker|
|
||||||
|
defined?(ActiveRecord::Base) and
|
||||||
|
ActiveRecord::Base.establish_connection
|
||||||
|
end
|
82
nixos/modules/services/misc/docker-registry.nix
Normal file
82
nixos/modules/services/misc/docker-registry.nix
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.dockerRegistry;
|
||||||
|
|
||||||
|
in {
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options.services.dockerRegistry = {
|
||||||
|
enable = mkOption {
|
||||||
|
description = "Whether to enable docker registry server.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
host = mkOption {
|
||||||
|
description = "Docker registry host or ip to bind to.";
|
||||||
|
default = "127.0.0.1";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
description = "Docker registry port to bind to.";
|
||||||
|
default = 5000;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
storagePath = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/lib/docker/registry";
|
||||||
|
description = "Docker registry strorage path.";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
description = ''
|
||||||
|
Docker extra registry configuration. See
|
||||||
|
<link xlink:href="https://github.com/docker/docker-registry/blob/master/config/config_sample.yml"/>
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.docker-registry = {
|
||||||
|
description = "Docker Container Registry";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
REGISTRY_HOST = cfg.host;
|
||||||
|
REGISTRY_PORT = toString cfg.port;
|
||||||
|
GUNICORN_OPTS = "[--preload]"; # see https://github.com/docker/docker-registry#sqlalchemy
|
||||||
|
STORAGE_PATH = cfg.storagePath;
|
||||||
|
} // cfg.extraConfig;
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.pythonPackages.docker_registry}/bin/docker-registry";
|
||||||
|
User = "docker-registry";
|
||||||
|
Group = "docker";
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
preStart = ''
|
||||||
|
mkdir -p ${cfg.storagePath}
|
||||||
|
if [ "$(id -u)" = 0 ]; then
|
||||||
|
chown -R docker-registry:docker ${cfg.storagePath}
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
postStart = ''
|
||||||
|
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/'; do
|
||||||
|
sleep 1;
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.docker.gid = mkDefault config.ids.gids.docker;
|
||||||
|
users.extraUsers.docker-registry.uid = config.ids.uids.docker-registry;
|
||||||
|
};
|
||||||
|
}
|
144
nixos/modules/services/misc/etcd.nix
Normal file
144
nixos/modules/services/misc/etcd.nix
Normal file
|
@ -0,0 +1,144 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.etcd;
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
options.services.etcd = {
|
||||||
|
enable = mkOption {
|
||||||
|
description = "Whether to enable etcd.";
|
||||||
|
default = false;
|
||||||
|
type = types.uniq types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
name = mkOption {
|
||||||
|
description = "Etcd unique node name.";
|
||||||
|
default = config.networking.hostName;
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
advertiseClientUrls = mkOption {
|
||||||
|
description = "Etcd list of this member's client URLs to advertise to the rest of the cluster.";
|
||||||
|
default = cfg.listenClientUrls;
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
listenClientUrls = mkOption {
|
||||||
|
description = "Etcd list of URLs to listen on for client traffic.";
|
||||||
|
default = ["http://localhost:4001"];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
listenPeerUrls = mkOption {
|
||||||
|
description = "Etcd list of URLs to listen on for peer traffic.";
|
||||||
|
default = ["http://localhost:7001"];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
initialAdvertisePeerUrls = mkOption {
|
||||||
|
description = "Etcd list of this member's peer URLs to advertise to rest of the cluster.";
|
||||||
|
default = cfg.listenPeerUrls;
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
initialCluster = mkOption {
|
||||||
|
description = "Etcd initial cluster configuration for bootstrapping.";
|
||||||
|
default = ["${cfg.name}=http://localhost:7001"];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
initialClusterState = mkOption {
|
||||||
|
description = "Etcd initial cluster configuration for bootstrapping.";
|
||||||
|
default = "new";
|
||||||
|
type = types.enum ["new" "existing"];
|
||||||
|
};
|
||||||
|
|
||||||
|
initialClusterToken = mkOption {
|
||||||
|
description = "Etcd initial cluster token for etcd cluster during bootstrap.";
|
||||||
|
default = "etcd-cluster";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
discovery = mkOption {
|
||||||
|
description = "Etcd discovery url";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConf = mkOption {
|
||||||
|
description = ''
|
||||||
|
Etcd extra configuration. See
|
||||||
|
<link xlink:href='https://github.com/coreos/etcd/blob/master/Documentation/configuration.md#environment-variables' />
|
||||||
|
'';
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
default = {};
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
"CORS": "*",
|
||||||
|
"NAME": "default-name",
|
||||||
|
"MAX_RESULT_BUFFER": "1024",
|
||||||
|
"MAX_CLUSTER_SIZE": "9",
|
||||||
|
"MAX_RETRY_ATTEMPTS": "3"
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
dataDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/lib/etcd";
|
||||||
|
description = "Etcd data directory.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.etcd = {
|
||||||
|
description = "Etcd Daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-interfaces.target" ];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
ETCD_NAME = cfg.name;
|
||||||
|
ETCD_DISCOVERY = cfg.discovery;
|
||||||
|
ETCD_DATA_DIR = cfg.dataDir;
|
||||||
|
ETCD_ADVERTISE_CLIENT_URLS = concatStringsSep "," cfg.advertiseClientUrls;
|
||||||
|
ETCD_LISTEN_CLIENT_URLS = concatStringsSep "," cfg.listenClientUrls;
|
||||||
|
ETCD_LISTEN_PEER_URLS = concatStringsSep "," cfg.listenPeerUrls;
|
||||||
|
ETCD_INITIAL_ADVERTISE_PEER_URLS = concatStringsSep "," cfg.initialAdvertisePeerUrls;
|
||||||
|
} // (optionalAttrs (cfg.discovery == ""){
|
||||||
|
ETCD_INITIAL_CLUSTER = concatStringsSep "," cfg.initialCluster;
|
||||||
|
ETCD_INITIAL_CLUSTER_STATE = cfg.initialClusterState;
|
||||||
|
ETCD_INITIAL_CLUSTER_TOKEN = cfg.initialClusterToken;
|
||||||
|
}) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf);
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.etcd}/bin/etcd";
|
||||||
|
User = "etcd";
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
};
|
||||||
|
preStart = ''
|
||||||
|
mkdir -m 0700 -p ${cfg.dataDir}
|
||||||
|
if [ "$(id -u)" = 0 ]; then chown etcd ${cfg.dataDir}; fi
|
||||||
|
'';
|
||||||
|
postStart = ''
|
||||||
|
until ${pkgs.etcdctl}/bin/etcdctl set /nixos/state 'up'; do
|
||||||
|
sleep 1;
|
||||||
|
done
|
||||||
|
until ${pkgs.etcdctl}/bin/etcdctl get /nixos/state | grep up; do
|
||||||
|
sleep 1;
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.etcdctl ];
|
||||||
|
|
||||||
|
users.extraUsers = singleton {
|
||||||
|
name = "etcd";
|
||||||
|
uid = config.ids.uids.etcd;
|
||||||
|
description = "Etcd daemon user";
|
||||||
|
home = cfg.dataDir;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
295
nixos/modules/services/misc/gitlab.nix
Normal file
295
nixos/modules/services/misc/gitlab.nix
Normal file
|
@ -0,0 +1,295 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
# TODO: support non-postgresql
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.gitlab;
|
||||||
|
|
||||||
|
ruby = pkgs.ruby;
|
||||||
|
rubyLibs = pkgs.rubyLibs;
|
||||||
|
|
||||||
|
databaseYml = ''
|
||||||
|
production:
|
||||||
|
adapter: postgresql
|
||||||
|
database: ${cfg.databaseName}
|
||||||
|
host: ${cfg.databaseHost}
|
||||||
|
password: ${cfg.databasePassword}
|
||||||
|
username: ${cfg.databaseUsername}
|
||||||
|
encoding: utf8
|
||||||
|
'';
|
||||||
|
gitlabShellYml = ''
|
||||||
|
user: gitlab
|
||||||
|
gitlab_url: "http://${cfg.host}:${toString cfg.port}/"
|
||||||
|
http_settings:
|
||||||
|
self_signed_cert: false
|
||||||
|
repos_path: "${cfg.stateDir}/repositories"
|
||||||
|
log_file: "${cfg.stateDir}/log/gitlab-shell.log"
|
||||||
|
redis:
|
||||||
|
bin: ${pkgs.redis}/bin/redis-cli
|
||||||
|
host: 127.0.0.1
|
||||||
|
port: 6379
|
||||||
|
database: 0
|
||||||
|
namespace: resque:gitlab
|
||||||
|
'';
|
||||||
|
|
||||||
|
unicornConfig = builtins.readFile ./defaultUnicornConfig.rb;
|
||||||
|
|
||||||
|
gitlab-runner = pkgs.stdenv.mkDerivation rec {
|
||||||
|
name = "gitlab-runner";
|
||||||
|
buildInputs = [ pkgs.gitlab pkgs.rubyLibs.bundler pkgs.makeWrapper ];
|
||||||
|
phases = "installPhase fixupPhase";
|
||||||
|
buildPhase = "";
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
makeWrapper ${rubyLibs.bundler}/bin/bundle $out/bin/gitlab-runner\
|
||||||
|
--set RAKEOPT '"-f ${pkgs.gitlab}/share/gitlab/Rakefile"'\
|
||||||
|
--set UNICORN_PATH "${cfg.stateDir}/"\
|
||||||
|
--set GITLAB_PATH "${pkgs.gitlab}/share/gitlab/"\
|
||||||
|
--set GITLAB_APPLICATION_LOG_PATH "${cfg.stateDir}/log/application.log"\
|
||||||
|
--set GITLAB_SATELLITES_PATH "${cfg.stateDir}/satellites"\
|
||||||
|
--set GITLAB_SHELL_PATH "${pkgs.gitlab-shell}"\
|
||||||
|
--set GITLAB_REPOSITORIES_PATH "${cfg.stateDir}/repositories"\
|
||||||
|
--set GITLAB_SHELL_HOOKS_PATH "${cfg.stateDir}/shell/hooks"\
|
||||||
|
--set BUNDLE_GEMFILE "${pkgs.gitlab}/share/gitlab/Gemfile"\
|
||||||
|
--set GITLAB_EMAIL_FROM "${cfg.emailFrom}"\
|
||||||
|
--set GITLAB_SHELL_CONFIG_PATH "${cfg.stateDir}/shell/config.yml"\
|
||||||
|
--set GITLAB_SHELL_SECRET_PATH "${cfg.stateDir}/config/gitlab_shell_secret"\
|
||||||
|
--set GITLAB_HOST "${cfg.host}"\
|
||||||
|
--set GITLAB_PORT "${toString cfg.port}"\
|
||||||
|
--set GITLAB_BACKUP_PATH"${cfg.backupPath}"\
|
||||||
|
--set RAILS_ENV "production"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
options = {
|
||||||
|
services.gitlab = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Enable the gitlab service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
satelliteDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/gitlab/git-satellites";
|
||||||
|
description = "Gitlab directory to store checked out git trees requires for operation.";
|
||||||
|
};
|
||||||
|
|
||||||
|
stateDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/gitlab/state";
|
||||||
|
description = "Gitlab state directory, logs are stored here.";
|
||||||
|
};
|
||||||
|
|
||||||
|
backupPath = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = cfg.stateDir + "/backup";
|
||||||
|
description = "Gitlab path for backups.";
|
||||||
|
};
|
||||||
|
|
||||||
|
databaseHost = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "127.0.0.1";
|
||||||
|
description = "Gitlab database hostname.";
|
||||||
|
};
|
||||||
|
|
||||||
|
databasePassword = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
description = "Gitlab database user password.";
|
||||||
|
};
|
||||||
|
|
||||||
|
databaseName = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "gitlab";
|
||||||
|
description = "Gitlab database name.";
|
||||||
|
};
|
||||||
|
|
||||||
|
databaseUsername = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "gitlab";
|
||||||
|
description = "Gitlab database user.";
|
||||||
|
};
|
||||||
|
|
||||||
|
emailFrom = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "example@example.org";
|
||||||
|
description = "The source address for emails sent by gitlab.";
|
||||||
|
};
|
||||||
|
|
||||||
|
host = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = config.networking.hostName;
|
||||||
|
description = "Gitlab host name. Used e.g. for copy-paste URLs.";
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 8080;
|
||||||
|
description = "Gitlab server listening port.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
environment.systemPackages = [ gitlab-runner pkgs.gitlab-shell ];
|
||||||
|
|
||||||
|
assertions = [
|
||||||
|
{ assertion = cfg.databasePassword != "";
|
||||||
|
message = "databasePassword must be set";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# Redis is required for the sidekiq queue runner.
|
||||||
|
services.redis.enable = mkDefault true;
|
||||||
|
# We use postgres as the main data store.
|
||||||
|
services.postgresql.enable = mkDefault true;
|
||||||
|
services.postgresql.package = mkDefault pkgs.postgresql;
|
||||||
|
# Use postfix to send out mails.
|
||||||
|
services.postfix.enable = mkDefault true;
|
||||||
|
|
||||||
|
users.extraUsers = [
|
||||||
|
{ name = "gitlab";
|
||||||
|
group = "gitlab";
|
||||||
|
home = "${cfg.stateDir}/home";
|
||||||
|
shell = "${pkgs.bash}/bin/bash";
|
||||||
|
uid = config.ids.uids.gitlab;
|
||||||
|
} ];
|
||||||
|
|
||||||
|
users.extraGroups = [
|
||||||
|
{ name = "gitlab";
|
||||||
|
gid = config.ids.gids.gitlab;
|
||||||
|
} ];
|
||||||
|
|
||||||
|
systemd.services.gitlab-sidekiq = {
|
||||||
|
after = [ "network.target" "redis.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment.HOME = "${cfg.stateDir}/home";
|
||||||
|
environment.UNICORN_PATH = "${cfg.stateDir}/";
|
||||||
|
environment.GITLAB_PATH = "${pkgs.gitlab}/share/gitlab/";
|
||||||
|
environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
|
||||||
|
environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
|
||||||
|
environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
|
||||||
|
environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
|
||||||
|
environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
|
||||||
|
environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
|
||||||
|
environment.GITLAB_EMAIL_FROM = "${cfg.emailFrom}";
|
||||||
|
environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml";
|
||||||
|
environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret";
|
||||||
|
environment.GITLAB_HOST = "${cfg.host}";
|
||||||
|
environment.GITLAB_PORT = "${toString cfg.port}";
|
||||||
|
environment.GITLAB_DATABASE_HOST = "${cfg.databaseHost}";
|
||||||
|
environment.GITLAB_DATABASE_PASSWORD = "${cfg.databasePassword}";
|
||||||
|
environment.RAILS_ENV = "production";
|
||||||
|
path = with pkgs; [
|
||||||
|
config.services.postgresql.package
|
||||||
|
gitAndTools.git
|
||||||
|
ruby
|
||||||
|
openssh
|
||||||
|
nodejs
|
||||||
|
];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
User = "gitlab";
|
||||||
|
Group = "gitlab";
|
||||||
|
TimeoutSec = "300";
|
||||||
|
WorkingDirectory = "${pkgs.gitlab}/share/gitlab";
|
||||||
|
ExecStart="${rubyLibs.bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.stateDir}/tmp/sidekiq.pid\"";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.gitlab = {
|
||||||
|
after = [ "network.target" "postgresql.service" "redis.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment.HOME = "${cfg.stateDir}/home";
|
||||||
|
environment.UNICORN_PATH = "${cfg.stateDir}/";
|
||||||
|
environment.GITLAB_PATH = "${pkgs.gitlab}/share/gitlab/";
|
||||||
|
environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
|
||||||
|
environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
|
||||||
|
environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
|
||||||
|
environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
|
||||||
|
environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
|
||||||
|
environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
|
||||||
|
environment.GITLAB_EMAIL_FROM = "${cfg.emailFrom}";
|
||||||
|
environment.GITLAB_HOST = "${cfg.host}";
|
||||||
|
environment.GITLAB_PORT = "${toString cfg.port}";
|
||||||
|
environment.GITLAB_DATABASE_HOST = "${cfg.databaseHost}";
|
||||||
|
environment.GITLAB_DATABASE_PASSWORD = "${cfg.databasePassword}";
|
||||||
|
environment.RAILS_ENV = "production";
|
||||||
|
path = with pkgs; [
|
||||||
|
config.services.postgresql.package
|
||||||
|
gitAndTools.git
|
||||||
|
ruby
|
||||||
|
openssh
|
||||||
|
nodejs
|
||||||
|
];
|
||||||
|
preStart = ''
|
||||||
|
# TODO: use env vars
|
||||||
|
mkdir -p ${cfg.stateDir}
|
||||||
|
mkdir -p ${cfg.stateDir}/log
|
||||||
|
mkdir -p ${cfg.stateDir}/satellites
|
||||||
|
mkdir -p ${cfg.stateDir}/repositories
|
||||||
|
mkdir -p ${cfg.stateDir}/shell/hooks
|
||||||
|
mkdir -p ${cfg.stateDir}/tmp/pids
|
||||||
|
mkdir -p ${cfg.stateDir}/tmp/sockets
|
||||||
|
rm -rf ${cfg.stateDir}/config
|
||||||
|
mkdir -p ${cfg.stateDir}/config
|
||||||
|
# TODO: What exactly is gitlab-shell doing with the secret?
|
||||||
|
head -c 20 /dev/urandom > ${cfg.stateDir}/config/gitlab_shell_secret
|
||||||
|
mkdir -p ${cfg.stateDir}/home/.ssh
|
||||||
|
touch ${cfg.stateDir}/home/.ssh/authorized_keys
|
||||||
|
|
||||||
|
cp -rf ${pkgs.gitlab}/share/gitlab/config ${cfg.stateDir}/
|
||||||
|
cp ${pkgs.gitlab}/share/gitlab/VERSION ${cfg.stateDir}/VERSION
|
||||||
|
|
||||||
|
ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.stateDir}/config/database.yml
|
||||||
|
ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.stateDir}/config/unicorn.rb
|
||||||
|
|
||||||
|
chown -R gitlab:gitlab ${cfg.stateDir}/
|
||||||
|
chmod -R 755 ${cfg.stateDir}/
|
||||||
|
|
||||||
|
if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then
|
||||||
|
if ! test -e "${cfg.stateDir}/db-created"; then
|
||||||
|
psql postgres -c "CREATE ROLE gitlab WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER ENCRYPTED PASSWORD '${cfg.databasePassword}'"
|
||||||
|
${config.services.postgresql.package}/bin/createdb --owner gitlab gitlab || true
|
||||||
|
touch "${cfg.stateDir}/db-created"
|
||||||
|
|
||||||
|
# force=yes disables the manual-interaction yes/no prompt
|
||||||
|
# which breaks without an stdin.
|
||||||
|
force=yes ${rubyLibs.bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile gitlab:setup RAILS_ENV=production
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Install the shell required to push repositories
|
||||||
|
ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} ${cfg.stateDir}/shell/config.yml
|
||||||
|
export GITLAB_SHELL_CONFIG_PATH=""${cfg.stateDir}/shell/config.yml
|
||||||
|
${pkgs.gitlab-shell}/bin/install
|
||||||
|
|
||||||
|
# Change permissions in the last step because some of the
|
||||||
|
# intermediary scripts like to create directories as root.
|
||||||
|
chown -R gitlab:gitlab ${cfg.stateDir}/
|
||||||
|
chmod -R 755 ${cfg.stateDir}/
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
PermissionsStartOnly = true; # preStart must be run as root
|
||||||
|
Type = "simple";
|
||||||
|
User = "gitlab";
|
||||||
|
Group = "gitlab";
|
||||||
|
TimeoutSec = "300";
|
||||||
|
WorkingDirectory = "${pkgs.gitlab}/share/gitlab";
|
||||||
|
ExecStart="${rubyLibs.bundler}/bin/bundle exec \"unicorn -c ${cfg.stateDir}/config/unicorn.rb -E production\"";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -15,14 +15,21 @@ in
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Enable gitolite management under the
|
Enable gitolite management under the
|
||||||
<literal>gitolite</literal> user. The Gitolite home
|
<literal>gitolite</literal> user. After
|
||||||
directory is <literal>/var/lib/gitolite</literal>. After
|
|
||||||
switching to a configuration with Gitolite enabled, you can
|
switching to a configuration with Gitolite enabled, you can
|
||||||
then run <literal>git clone
|
then run <literal>git clone
|
||||||
gitolite@host:gitolite-admin.git</literal> to manage it further.
|
gitolite@host:gitolite-admin.git</literal> to manage it further.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dataDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/lib/gitolite";
|
||||||
|
description = ''
|
||||||
|
Gitolite home directory (used to store all the repositories).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
adminPubkey = mkOption {
|
adminPubkey = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -39,13 +46,21 @@ in
|
||||||
A list of custom git hooks that get copied to <literal>~/.gitolite/hooks/common</literal>.
|
A list of custom git hooks that get copied to <literal>~/.gitolite/hooks/common</literal>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "gitolite";
|
||||||
|
description = ''
|
||||||
|
Gitolite user account. This is the username of the gitolite endpoint.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
users.extraUsers.gitolite = {
|
users.extraUsers.${cfg.user} = {
|
||||||
description = "Gitolite user";
|
description = "Gitolite user";
|
||||||
home = "/var/lib/gitolite";
|
home = cfg.dataDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
uid = config.ids.uids.gitolite;
|
uid = config.ids.uids.gitolite;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
|
@ -55,13 +70,13 @@ in
|
||||||
description = "Gitolite initialization";
|
description = "Gitolite initialization";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
serviceConfig.User = "gitolite";
|
serviceConfig.User = "${cfg.user}";
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.RemainAfterExit = true;
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
|
||||||
path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ];
|
path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ];
|
||||||
script = ''
|
script = ''
|
||||||
cd /var/lib/gitolite
|
cd ${cfg.dataDir}
|
||||||
mkdir -p .gitolite/logs
|
mkdir -p .gitolite/logs
|
||||||
if [ ! -d repositories ]; then
|
if [ ! -d repositories ]; then
|
||||||
gitolite setup -pk ${pubkeyFile}
|
gitolite setup -pk ${pubkeyFile}
|
||||||
|
|
|
@ -4,11 +4,11 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.mesos.master;
|
cfg = config.services.mesos.master;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
options.services.mesos = {
|
options.services.mesos = {
|
||||||
|
|
||||||
master = {
|
master = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
description = "Whether to enable the Mesos Master.";
|
description = "Whether to enable the Mesos Master.";
|
||||||
|
@ -31,36 +31,36 @@ in {
|
||||||
'';
|
'';
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
workDir = mkOption {
|
workDir = mkOption {
|
||||||
description = "The Mesos work directory.";
|
description = "The Mesos work directory.";
|
||||||
default = "/var/lib/mesos/master";
|
default = "/var/lib/mesos/master";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
extraCmdLineOptions = mkOption {
|
extraCmdLineOptions = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Extra command line options for Mesos Master.
|
Extra command line options for Mesos Master.
|
||||||
|
|
||||||
See https://mesos.apache.org/documentation/latest/configuration/
|
See https://mesos.apache.org/documentation/latest/configuration/
|
||||||
'';
|
'';
|
||||||
default = [ "" ];
|
default = [ "" ];
|
||||||
type = types.listOf types.string;
|
type = types.listOf types.string;
|
||||||
example = [ "--credentials=VALUE" ];
|
example = [ "--credentials=VALUE" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
quorum = mkOption {
|
quorum = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The size of the quorum of replicas when using 'replicated_log' based
|
The size of the quorum of replicas when using 'replicated_log' based
|
||||||
registry. It is imperative to set this value to be a majority of
|
registry. It is imperative to set this value to be a majority of
|
||||||
masters i.e., quorum > (number of masters)/2.
|
masters i.e., quorum > (number of masters)/2.
|
||||||
|
|
||||||
If 0 will fall back to --registry=in_memory.
|
If 0 will fall back to --registry=in_memory.
|
||||||
'';
|
'';
|
||||||
default = 0;
|
default = 0;
|
||||||
type = types.int;
|
type = types.int;
|
||||||
};
|
};
|
||||||
|
|
||||||
logLevel = mkOption {
|
logLevel = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The logging level used. Possible values:
|
The logging level used. Possible values:
|
||||||
|
@ -86,11 +86,12 @@ in {
|
||||||
${pkgs.mesos}/bin/mesos-master \
|
${pkgs.mesos}/bin/mesos-master \
|
||||||
--port=${toString cfg.port} \
|
--port=${toString cfg.port} \
|
||||||
--zk=${cfg.zk} \
|
--zk=${cfg.zk} \
|
||||||
${if cfg.quorum == 0 then "--registry=in_memory" else "--registry=replicated_log --quorum=${cfg.quorum}"} \
|
${if cfg.quorum == 0 then "--registry=in_memory" else "--registry=replicated_log --quorum=${toString cfg.quorum}"} \
|
||||||
--work_dir=${cfg.workDir} \
|
--work_dir=${cfg.workDir} \
|
||||||
--logging_level=${cfg.logLevel} \
|
--logging_level=${cfg.logLevel} \
|
||||||
${toString cfg.extraCmdLineOptions}
|
${toString cfg.extraCmdLineOptions}
|
||||||
'';
|
'';
|
||||||
|
Restart = "on-failure";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
};
|
};
|
||||||
preStart = ''
|
preStart = ''
|
||||||
|
@ -98,6 +99,6 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue