b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge 'master' into staging

Browse source 
(relatively simple conflicts)
This commit is contained in:
Vladimír Čunát 2015-04-26 22:52:08 +02:00
parent c1cc2348e4 2cb3dc6812
commit 30f31c9afc
508 changed files with 26127 additions and 13733 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
doc/language-support.xml
View file

@ -670,7 +670,12 @@ net = buildGoPackage rec {
url = "https://${goPackagePath}";
sha256 = "1lkz4c9pyz3yz2yz18hiycvlfhgy3jxp68bs7mv7bcfpaj729qav";
};
propagatedBuildInputs = [ goPackages.text ]; <co xml:id='ex-buildGoPackage-3' />
renameImports = [ <co xml:id='ex-buildGoPackage-3' />
"code.google.com/p/go.crypto golang.org/x/crypto"
"code.google.com/p/goprotobuf github.com/golang/protobuf"
];
propagatedBuildInputs = [ goPackages.text ]; <co xml:id='ex-buildGoPackage-4' />
buildFlags = "--tags release"; <co xml:id='ex-buildGoPackage-5' />
};
</programlisting>
</example>
@ -698,7 +703,21 @@ the following arguments are of special significance to the function:
</para>
</callout>
<callout arearefs='ex-buildGoPackage-3'>
<callout arearefs='ex-buildGoPackage-4'>
<para>
<varname>renameImports</varname> is a list of import paths to be renamed before
building the package. The path to be renamed can be a regular expression.
</para>
<para>
In this example imports will be renamed from
<literal>code.google.com/p/go.crypto</literal> to
<literal>golang.org/x/crypto</literal> and from
<literal>code.google.com/p/goprotobuf</literal> to
<literal>github.com/golang/protobuf</literal>.
</para>
</callout>
<callout arearefs='ex-buildGoPackage-4'>
<para>
<varname>propagatedBuildInputs</varname> is where the dependencies of a Go library are
listed. Only libraries should list <varname>propagatedBuildInputs</varname>. If a standalone
@ -707,6 +726,12 @@ the following arguments are of special significance to the function:
</para>
</callout>
<callout arearefs='ex-buildGoPackage-5'>
<para>
<varname>buildFlags</varname> is a list of flags passed to the go build command.
</para>
</callout>
</calloutlist>
</para>

107
doc/packageconfig.xml
View file

@ -1,6 +1,6 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-packageconfig">
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-packageconfig">
<title><filename>~/.nixpkgs/config.nix</filename>: global configuration</title>
@ -9,62 +9,79 @@
</para>
<para>
To apply the configuration edit <filename>~/.nixpkgs/config.nix</filename>
and set it like
To apply the configuration edit <filename>~/.nixpkgs/config.nix</filename>
and set it like
<programlisting>{
allowUnfree = true;
}</programlisting>
and will allow the Nix package manager to install unfree licensed packages.
and will allow the Nix package manager to install unfree licensed packages.
The configuration as listed also applies to NixOS under <option>nixpkgs.config</option> set.
The configuration as listed also applies to NixOS under <option>nixpkgs.config</option> set.
</para>
<itemizedlist>
<listitem>
<para>
Allow installing of packages that are distributed under unfree license by setting
<programlisting>allowUnfree = true;</programlisting>
or deny them by setting it to <literal>false</literal>.
</para>
<para>
Same can be achieved by setting the environment variable:
<programlisting>$ export NIXPKGS_ALLOW_UNFREE=1</programlisting>
</para>
</listitem>
<listitem>
<para>
Allow installing of packages that are distributed under unfree license by setting
<programlisting>allowUnfree = true;</programlisting>
or deny them by setting it to <literal>false</literal>.
</para>
<para>
Same can be achieved by setting the environment variable:
<programlisting>$ export NIXPKGS_ALLOW_UNFREE=1</programlisting>
</para>
</listitem>
<listitem>
<para>
Whenever unfree packages are not allowed, single packages can
still be allowed by a predicate function that accepts package
as an argument and should return a boolean:
<programlisting>allowUnfreePredicate = (pkg: ...);</programlisting>
<listitem>
<para>
Whenever unfree packages are not allowed, single packages can
still be allowed by a predicate function that accepts package
as an argument and should return a boolean:
<programlisting>allowUnfreePredicate = (pkg: ...);</programlisting>
Example to allow flash player only:
<programlisting>allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "flashplayer-" pkg.name);</programlisting>
</para>
</listitem>
Example to allow flash player only:
<programlisting>allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "flashplayer-" pkg.name);</programlisting>
</para>
</listitem>
<listitem>
<para>
Whenever unfree packages are not allowed, packages can still be
whitelisted by their license:
<programlisting>whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];</programlisting>
</para>
</listitem>
<listitem>
<para>
Whenever unfree packages are not allowed, packages can still be
whitelisted by their license:
<programlisting>whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];</programlisting>
</para>
</listitem>
<listitem>
<para>
In addition to whitelisting licenses which are denied by the
<literal>allowUnfree</literal> setting, you can also explicitely
deny installation of packages which have a certain license:
<programlisting>blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];</programlisting>
</para>
</listitem>
<listitem>
<para>
In addition to whitelisting licenses which are denied by the
<literal>allowUnfree</literal> setting, you can also explicitely
deny installation of packages which have a certain license:
<programlisting>blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];</programlisting>
</para>
</listitem>
</itemizedlist>
<para>
A complete list of licenses can be found in the file
<filename>lib/licenses.nix</filename> of the nix package tree.
A complete list of licenses can be found in the file
<filename>lib/licenses.nix</filename> of the nix package tree.
</para>
</chapter>
<section><title>Modify packages via <literal>packageOverrides</literal></title>
<para>
You can define a function called <varname>packageOverrides</varname>
in your local <filename>~/.nixpkgs/config</filename> to overide nix
packages. It must be a function that takes pkgs as an argument and
return modified set of packages.
<programlisting>{
packageOverrides = pkgs: rec {
foo = pkgs.foo.override { ... };
};
}</programlisting>
</para>
</section>
</chapter>

5
lib/maintainers.nix
View file

@ -49,7 +49,6 @@
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
cocreature = "Moritz Kiefer <moritz.kiefer@purelyfunctional.org>";
codyopel = "Cody Opel <codyopel@gmail.com>";
copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
@ -60,6 +59,7 @@
dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
devhell = "devhell <\"^\"@regexmail.net>";
dezgeg = "Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>";
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
doublec = "Chris Double <chris.double@double.co.nz>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
@ -74,6 +74,7 @@
falsifian = "James Cook <james.cook@utoronto.ca>";
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
forkk = "Andrew Okin <forkk@forkk.net>";
fpletz = "Franz Pletz <fpletz@fnordicwalking.de>";
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
@ -88,6 +89,7 @@
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
gridaphobe = "Eric Seidel <eric@seidel.io>";
guibert = "David Guibert <david.guibert@gmail.com>";
hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>";
henrytill = "Henry Till <henrytill@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
@ -190,6 +192,7 @@
spwhitt = "Spencer Whitt <sw@swhitt.me>";
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
tailhook = "Paul Colomiets <paul@colomiets.name>";
taktoa = "Remy Goldschmidt <taktoa@gmail.com>";
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
theuni = "Christian Theune <ct@flyingcircus.io>";

4
lib/platforms.nix
View file

@ -13,4 +13,8 @@ rec {
none = [];
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
x86_64 = ["x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin"];
i686 = ["i686-linux" "i686-freebsd" "i686-netbsd" "i686-cygwin"];
arm = ["armv5tel-linux" "armv6l-linux" "armv7l-linux" ];
mips = [ "mips64el-linux" ];
}

1
nixos/doc/manual/development/development.xml
View file

@ -15,6 +15,7 @@ NixOS.</para>
<xi:include href="writing-modules.xml" />
<xi:include href="building-parts.xml" />
<xi:include href="building-nixos.xml" />
<xi:include href="nixos-tests.xml" />
<xi:include href="testing-installer.xml" />
</part>

3
nixos/doc/manual/development/nixos-tests.xml
View file

@ -15,5 +15,6 @@ required for the test.</para>
<xi:include href="writing-nixos-tests.xml" />
<xi:include href="running-nixos-tests.xml" />
<xi:include href="running-nixos-tests-interactively.xml" />
</chapter>
</chapter>

43
nixos/doc/manual/development/running-nixos-tests-interactively.xml Normal file
View file

@ -0,0 +1,43 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-running-nixos-tests">
<title>Running Tests interactively</title>
<para>The test itself can be run interactively. This is
particularly useful when developing or debugging a test:
<screen>
$ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-test-driver
starting VDE switch for network 1
&gt;
</screen>
You can then take any Perl statement, e.g.
<screen>
&gt; startAll
&gt; testScript
&gt; $machine->succeed("touch /tmp/foo")
</screen>
The function <command>testScript</command> executes the entire test
script and drops you back into the test driver command line upon its
completion. This allows you to inspect the state of the VMs after the
test (e.g. to debug the test script).</para>
<para>To just start and experiment with the VMs, run:
<screen>
$ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-run-vms
</screen>
The script <command>nixos-run-vms</command> starts the virtual
machines defined by test. The root file system of the VMs is created
on the fly and kept across VM restarts in
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
</section>

40
nixos/doc/manual/development/running-nixos-tests.xml
View file

@ -2,7 +2,7 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-running-nixos-tests">
xml:id="sec-running-nixos-tests-interactively">
<title>Running Tests</title>
@ -38,42 +38,4 @@ $ firefox result/log.html
</screen>
</para>
<title>Running Tests interactively</title>
<para>The test itself can be run interactively. This is
particularly useful when developing or debugging a test:
<screen>
$ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-test-driver
starting VDE switch for network 1
&gt;
</screen>
You can then take any Perl statement, e.g.
<screen>
&gt; startAll
&gt; testScript
&gt; $machine->succeed("touch /tmp/foo")
</screen>
The function <command>testScript</command> executes the entire test
script and drops you back into the test driver command line upon its
completion. This allows you to inspect the state of the VMs after the
test (e.g. to debug the test script).</para>
<para>To just start and experiment with the VMs, run:
<screen>
$ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-run-vms
</screen>
The script <command>nixos-run-vms</command> starts the virtual
machines defined by test. The root file system of the VMs is created
on the fly and kept across VM restarts in
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
</section>

14
nixos/doc/manual/release-notes/rl-unstable.xml
View file

@ -35,6 +35,20 @@ and old <literal>steam</literal> package -- to <literal>steamOriginal</literal>.
was accordingly renamed to <literal>bomi</literal>
</para></listitem>
<listitem>
<para>
The default <literal>NIX_PATH</literal> for NixOS now includes
<literal>/nix/var/nix/profiles/per-user/root/channels</literal>, so it's
easy to add custom channels.
</para>
<para>
Moreover, whenever a <command>nixos-rebuild &lt;action&gt;
--upgrade</command> is issued, every channel that includes a file
called <filename>.update-on-nixos-rebuild</filename> will be upgraded
alongside of the <literal>nixos</literal> channel.
</para>
</listitem>
</itemizedlist>
</para>

7
nixos/modules/config/i18n.nix
View file

@ -74,14 +74,17 @@ in
config = {
environment.systemPackages = [ glibcLocales ];
environment.systemPackages =
optional (config.i18n.supportedLocales != []) glibcLocales;
environment.sessionVariables =
{ LANG = config.i18n.defaultLocale;
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
systemd.globalEnvironment.LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
systemd.globalEnvironment = mkIf (config.i18n.supportedLocales != []) {
LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
};
# /etc/locale.conf is used by systemd.
environment.etc = singleton

4
nixos/modules/config/system-path.nix
View file

@ -23,7 +23,6 @@ let
pkgs.cpio
pkgs.curl
pkgs.diffutils
pkgs.eject # HAL depends on it anyway
pkgs.findutils
pkgs.gawk
pkgs.glibc # for ldd, getent
@ -40,15 +39,12 @@ let
pkgs.ncurses
pkgs.netcat
pkgs.openssh
pkgs.pciutils
pkgs.perl
pkgs.procps
pkgs.rsync
pkgs.strace
pkgs.sysvtools
pkgs.su
pkgs.time
pkgs.usbutils
pkgs.utillinux
extraManpages
];

3
nixos/modules/installer/cd-dvd/installation-cd-base.nix
View file

@ -45,9 +45,6 @@ with lib;
# Get a console as soon as the initrd loads fbcon on EFI boot.
boot.initrd.kernelModules = [ "fbcon" ];
# Add support for cow filesystems and their utilities
boot.supportedFilesystems = [ "zfs" "btrfs" ];
# Configure host id for ZFS to work
networking.hostId = "8425e349";

8
nixos/modules/installer/tools/nixos-rebuild.sh
View file

@ -96,6 +96,14 @@ fi
# If --upgrade is given, run nix-channel --update nixos.
if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then
nix-channel --update nixos
# If there are other channels that contain a file called
# ".update-on-nixos-rebuild", update them as well.
for channelpath in /nix/var/nix/profiles/per-user/root/channels/*; do
if [ -e "$channelpath/.update-on-nixos-rebuild" ]; then
nix-channel --update "$(basename "$channelpath")"
fi
done
fi
# Make sure that we use the Nix package we depend on, not something

14
nixos/modules/misc/ids.nix
View file

@ -203,17 +203,20 @@
sddm = 175;
tss = 176;
memcached = 177;
nscd = 178;
ntp = 179;
zabbix = 180;
redis = 181;
sshd = 182;
unifi = 183;
uptimed = 184;
zope2 = 185;
ripple-data-api = 186;
mediatomb = 187;
rdnssd = 188;
ihaskell = 189;
i2p = 190;
lambdabot = 191;
asterisk = 192;
plex = 193;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -394,17 +397,20 @@
sddm = 175;
tss = 176;
#memcached = 177; # unused
#nscd = 178; # unused
#ntp = 179; # unused
#zabbix = 180; # unused
#redis = 181; # unused
#sshd = 182; # unused
#unifi = 183; # unused
#uptimed = 184; # unused
#zope2 = 185; # unused
#ripple-data-api = 186; #unused
mediatomb = 187;
#rdnssd = 188; # unused
ihaskell = 189;
i2p = 190;
lambdabot = 191;
#asterisk = 192; # unused
plex = 193;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

9
nixos/modules/module-list.nix
View file

@ -193,6 +193,7 @@
./services/misc/gitlab.nix
./services/misc/gitolite.nix
./services/misc/gpsd.nix
./services/misc/ihaskell.nix
./services/misc/mediatomb.nix
./services/misc/mesos-master.nix
./services/misc/mesos-slave.nix
@ -202,6 +203,7 @@
./services/misc/nix-ssh-serve.nix
./services/misc/parsoid.nix
./services/misc/phd.nix
./services/misc/plex.nix
./services/misc/redmine.nix
./services/misc/rippled.nix
./services/misc/ripple-data-api.nix
@ -241,6 +243,7 @@
./services/network-filesystems/yandex-disk.nix
./services/networking/aiccu.nix
./services/networking/amuled.nix
./services/networking/asterisk.nix
./services/networking/atftpd.nix
./services/networking/avahi-daemon.nix
./services/networking/bind.nix
@ -272,6 +275,7 @@
./services/networking/iodined.nix
./services/networking/ircd-hybrid/default.nix
./services/networking/kippo.nix
./services/networking/lambdabot.nix
./services/networking/mailpile.nix
./services/networking/minidlna.nix
./services/networking/mstpd.nix
@ -336,6 +340,7 @@
./services/security/fprot.nix
./services/security/frandom.nix
./services/security/haveged.nix
./services/security/hologram.nix
./services/security/munge.nix
./services/security/torify.nix
./services/security/tor.nix
@ -410,6 +415,9 @@
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/boot/networkd.nix
./system/boot/resolved.nix
./system/boot/timesyncd.nix
./system/boot/tmp.nix
./system/etc/etc.nix
./system/upstart/upstart.nix
@ -423,6 +431,7 @@
./tasks/filesystems/f2fs.nix
./tasks/filesystems/jfs.nix
./tasks/filesystems/nfs.nix
./tasks/filesystems/ntfs.nix
./tasks/filesystems/reiserfs.nix
./tasks/filesystems/unionfs-fuse.nix
./tasks/filesystems/vfat.nix

4
nixos/modules/profiles/base.nix
View file

@ -29,6 +29,8 @@
pkgs.hdparm
pkgs.dmraid
pkgs.smartmontools # for diagnosing hard disks
pkgs.pciutils
pkgs.usbutils
# Tools to create / manipulate filesystems.
pkgs.ntfsprogs # for resizing NTFS partitions
@ -50,6 +52,6 @@
];
# Include support for various filesystems.
boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" ];
boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" "zfs" "ntfs" "cifs" ];
}

4
nixos/modules/profiles/container.nix → nixos/modules/profiles/docker-container.nix
View file

@ -45,10 +45,6 @@ in {
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# Disable some features that are not useful in a container.
sound.enable = mkDefault false;
services.udisks2.enable = mkDefault false;
# Install new init script
system.activationScripts.installInitScript = ''
ln -fs $systemConfig/init /init

5
nixos/modules/profiles/installation-device.nix
View file

@ -30,11 +30,14 @@ with lib;
# the full glibcLocales package.
i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"];
# Automatically log in at the virtual consoles.
services.mingetty.autologinUser = "root";
# Some more help text.
services.mingetty.helpLine =
''
Log in as "root" with an empty password. ${
The "root" account has an empty password. ${
optionalString config.services.xserver.enable
"Type `start display-manager' to\nstart the graphical user interface."}
'';

5
nixos/modules/profiles/minimal.nix
View file

@ -3,6 +3,9 @@
{ config, lib, pkgs, ... }:
with lib;
{
environment.noXlibs = true;
environment.noXlibs = mkDefault true;
i18n.supportedLocales = [ config.i18n.defaultLocale ];
}

1
nixos/modules/programs/environment.nix
View file

@ -28,6 +28,7 @@ in
[ "/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixpkgs=/etc/nixos/nixpkgs"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
};

6
nixos/modules/programs/shadow.nix
View file

@ -100,8 +100,10 @@ in
chgpasswd = { rootOK = true; };
};
security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp"
"newuidmap" "newgidmap" # new in shadow 4.2.x
security.setuidPrograms = [ "su" "chfn" ]
++ lib.optionals config.users.mutableUsers
[ "passwd" "sg" "newgrp"
"newuidmap" "newgidmap" # new in shadow 4.2.x
];
};

2
nixos/modules/programs/shell.nix
View file

@ -53,7 +53,7 @@ in
# Set up a default Nix expression from which to install stuff.
if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
rm -f $HOME/.nix-defexpr
mkdir $HOME/.nix-defexpr
mkdir -p $HOME/.nix-defexpr
if [ "$USER" != root ]; then
ln -s /nix/var/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root
fi

2
nixos/modules/rename.nix
View file

@ -135,7 +135,7 @@ in zipModules ([]
++ obsolete [ "services" "mysql55" ] [ "services" "mysql" ]
++ obsolete [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]
++ alias [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]
# XBMC
++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]

35
nixos/modules/security/grsecurity.nix
View file

@ -112,9 +112,6 @@ in
<literal>kernel.grsecurity.grsec_lock</literal> to
non-zero as soon as all sysctl options are set. *THIS IS
EXTREMELY IMPORTANT*!
If disabled, this also turns off the
<literal>systemd-sysctl</literal> service.
'';
};
@ -229,11 +226,8 @@ in
kernel 3.19) to continue.
'';
}
{ assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable);
message = ''
You must select either the stable or testing patch, not
both.
'';
{ assertion = !(cfg.stable && cfg.testing);
message = "Select either one of the stable or testing patch";
}
{ assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
(cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);
@ -282,22 +276,21 @@ in
# };
# };
system.activationScripts.grsec =
''
mkdir -p /etc/grsec
if [ ! -f /etc/grsec/learn_config ]; then
cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec
fi
if [ ! -f /etc/grsec/policy ]; then
cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec
fi
chmod -R 0600 /etc/grsec
'';
system.activationScripts = lib.optionalAttrs (!cfg.config.disableRBAC) { grsec = ''
mkdir -p /etc/grsec
if [ ! -f /etc/grsec/learn_config ]; then
cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec
fi
if [ ! -f /etc/grsec/policy ]; then
cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec
fi
chmod -R 0600 /etc/grsec
''; };
# Enable AppArmor, gradm udev rules, and utilities
security.apparmor.enable = true;
boot.kernelPackages = customGrsecPkg;
services.udev.packages = [ pkgs.gradm ];
environment.systemPackages = [ pkgs.gradm pkgs.paxctl pkgs.pax-utils ];
services.udev.packages = lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
environment.systemPackages = [ pkgs.paxctl pkgs.pax-utils ] ++ lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
};
}

10
nixos/modules/services/audio/mpd.nix
View file

@ -11,7 +11,7 @@ let
mpdConf = pkgs.writeText "mpd.conf" ''
music_directory "${cfg.musicDirectory}"
playlist_directory "${cfg.dataDir}/playlists"
db_file "${cfg.dataDir}/tag_cache"
db_file "${cfg.dbFile}"
state_file "${cfg.dataDir}/state"
sticker_file "${cfg.dataDir}/sticker.sql"
log_file "syslog"
@ -93,6 +93,14 @@ in {
};
};
dbFile = mkOption {
type = types.str;
default = "${cfg.dataDir}/tag_cache";
description = ''
The path to MPD's database.
'';
};
};
};

34
nixos/modules/services/backup/tarsnap.nix
View file

@ -5,20 +5,21 @@ with lib;
let
cfg = config.services.tarsnap;
optionalNullStr = e: v: if e == null then "" else v;
configFile = cfg: ''
cachedir ${config.services.tarsnap.cachedir}
keyfile ${config.services.tarsnap.keyfile}
${optionalString cfg.nodump "nodump"}
${optionalString cfg.printStats "print-stats"}
${optionalString cfg.printStats "humanize-numbers"}
${optionalNullStr cfg.checkpointBytes "checkpoint-bytes "+cfg.checkpointBytes}
${optionalString (cfg.checkpointBytes != null) ("checkpoint-bytes "+cfg.checkpointBytes)}
${optionalString cfg.aggressiveNetworking "aggressive-networking"}
${concatStringsSep "\n" (map (v: "exclude "+v) cfg.excludes)}
${concatStringsSep "\n" (map (v: "include "+v) cfg.includes)}
${optionalString cfg.lowmem "lowmem"}
${optionalString cfg.verylowmem "verylowmem"}
${optionalString (cfg.maxbw != null) ("maxbw "+toString cfg.maxbw)}
${optionalString (cfg.maxbwRateUp != null) ("maxbw-rate-up "+toString cfg.maxbwRateUp)}
${optionalString (cfg.maxbwRateDown != null) ("maxbw-rate-down "+toString cfg.maxbwRateDown)}
'';
in
{
@ -166,6 +167,33 @@ in
slowing down the archiving process.
'';
};
maxbw = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
Abort archival if upstream bandwidth usage in bytes
exceeds this threshold.
'';
};
maxbwRateUp = mkOption {
type = types.nullOr types.int;
default = null;
example = literalExample "25 * 1000";
description = ''
Upload bandwidth rate limit in bytes.
'';
};
maxbwRateDown = mkOption {
type = types.nullOr types.int;
default = null;
example = literalExample "50 * 1000";
description = ''
Download bandwidth rate limit in bytes.
'';
};
};
}
));

1
nixos/modules/services/logging/fluentd.nix
View file

@ -33,6 +33,7 @@ in {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.fluentd}/bin/fluentd -c ${pkgs.writeText "fluentd.conf" cfg.config}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
};

2
nixos/modules/services/misc/etcd.nix
View file

@ -11,7 +11,7 @@ in {
enable = mkOption {
description = "Whether to enable etcd.";
default = false;
type = types.uniq types.bool;
type = types.bool;
};
name = mkOption {

76
nixos/modules/services/misc/ihaskell.nix Normal file
View file

@ -0,0 +1,76 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.services.ihaskell;
ihaskell = pkgs.ihaskell.override {
inherit (cfg.haskellPackages) ihaskell ghcWithPackages;
packages = self: cfg.extraPackages self;
};
in
{
options = {
services.ihaskell = {
enable = mkOption {
default = false;
example = true;
description = "Autostart an IHaskell notebook service.";
};
haskellPackages = mkOption {
default = pkgs.haskellngPackages;
defaultText = "pkgs.haskellngPackages";
example = literalExample "pkgs.haskell-ng.packages.ghc784";
description = ''
haskellPackages used to build IHaskell and other packages.
This can be used to change the GHC version used to build
IHaskell and the packages listed in
<varname>extraPackages</varname>.
'';
};
extraPackages = mkOption {
default = self: [];
example = literalExample ''
haskellPackages: [
haskellPackages.wreq
haskellPackages.lens
]
'';
description = ''
Extra packages available to ghc when running ihaskell. The
value must be a function which receives the attrset defined
in <varname>haskellPackages</varname> as the sole argument.
'';
};
};
};
config = mkIf cfg.enable {
users.extraUsers.ihaskell = {
group = config.users.extraGroups.ihaskell.name;
description = "IHaskell user";
home = "/var/lib/ihaskell";
createHome = true;
uid = config.ids.uids.ihaskell;
};
users.extraGroups.ihaskell.gid = config.ids.gids.ihaskell;
systemd.services.ihaskell = {
description = "IHaskell notebook instance";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = config.users.extraUsers.ihaskell.name;
Group = config.users.extraGroups.ihaskell.name;
ExecStart = "${pkgs.stdenv.shell} -c \"cd $HOME;${ihaskell}/bin/ihaskell-notebook\"";
};
};
};
}

87
nixos/modules/services/misc/plex.nix Normal file
View file

@ -0,0 +1,87 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.plex;
plex = pkgs.plex;
in
{
options = {
services.plex = {
enable = mkEnableOption "Enable Plex Media Server";
# FIXME: In order for this config option to work, symlinks in the Plex
# package in the Nix store have to be changed to point to this directory.
dataDir = mkOption {
type = types.str;
default = "/var/lib/plex";
description = "The directory where Plex stores its data files.";
};
user = mkOption {
type = types.str;
default = "plex";
description = "User account under which Plex runs.";
};
group = mkOption {
type = types.str;
default = "plex";
description = "Group under which Plex runs.";
};
};
};
config = mkIf cfg.enable {
# Most of this is just copied from the RPM package's systemd service file.
systemd.services.plex = {
description = "Plex Media Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
test -d "${cfg.dataDir}" || {
echo "Creating initial Plex data directory in \"${cfg.dataDir}\"."
mkdir -p "${cfg.dataDir}"
chown -R ${cfg.user}:${cfg.group} "${cfg.dataDir}"
}
# Copy the database skeleton files to /var/lib/plex/.skeleton
test -d "${cfg.dataDir}/.skeleton" || mkdir "${cfg.dataDir}/.skeleton"
for db in "com.plexapp.plugins.library.db"; do
cp "${plex}/usr/lib/plexmediaserver/Resources/base_$db" "${cfg.dataDir}/.skeleton/$db"
chmod u+w "${cfg.dataDir}/.skeleton/$db"
chown ${cfg.user}:${cfg.group} "${cfg.dataDir}/.skeleton/$db"
done
'';
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = "true";
ExecStart = "/bin/sh -c '${plex}/usr/lib/plexmediaserver/Plex\\ Media\\ Server'";
};
environment = {
PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=cfg.dataDir;
PLEX_MEDIA_SERVER_HOME="${plex}/usr/lib/plexmediaserver";
PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6";
PLEX_MEDIA_SERVER_TMPDIR="/tmp";
LD_LIBRARY_PATH="${plex}/usr/lib/plexmediaserver";
LC_ALL="en_US.UTF-8";
LANG="en_US.UTF-8";
};
};
users.extraUsers = mkIf (cfg.user == "plex") {
plex = {
group = cfg.group;
uid = config.ids.uids.plex;
};
};
users.extraGroups = mkIf (cfg.group == "plex") {
plex = {
gid = config.ids.gids.plex;
};
};
};
}

32
nixos/modules/services/misc/rippled.nix
View file

@ -12,7 +12,7 @@ let
path=${db.path}
${optionalString (db.compression != null) ("compression=${b2i db.compression}") }
${optionalString (db.onlineDelete != null) ("online_delete=${toString db.onlineDelete}")}
${optionalString (db.advisoryDelete != null) ("advisory_delete=${toString db.advisoryDelete}")}
${optionalString (db.advisoryDelete != null) ("advisory_delete=${b2i db.advisoryDelete}")}
${db.extraOpts}
'';
@ -71,6 +71,13 @@ let
[sntp_servers]
${concatStringsSep "\n" cfg.sntpServers}
${optionalString cfg.statsd.enable ''
[insight]
server=statsd
address=${cfg.statsd.address}
prefix=${cfg.statsd.prefix}
''}
[rpc_startup]
{ "command": "log_level", "severity": "${cfg.logLevel}" }
'' + cfg.extraConfig;
@ -142,7 +149,6 @@ let
default = null;
type = types.nullOr types.path;
};
};
};
};
@ -150,7 +156,7 @@ let
dbOptions = {
type = mkOption {
description = "Rippled database type.";
type = types.enum ["rocksdb" "nudb" "sqlite"];
type = types.enum ["rocksdb" "nudb" "sqlite" "hyperleveldb"];
default = "rocksdb";
};
@ -317,7 +323,7 @@ in
Path to the ripple database.
'';
type = types.path;
default = "/var/lib/rippled/db";
default = "/var/lib/rippled";
};
validationQuorum = mkOption {
@ -366,6 +372,22 @@ in
default = "error";
};
statsd = {
enable = mkEnableOption "Whether enable statsd monitoring for rippled";
address = mkOption {
description = "The UDP address and port of the listening StatsD server.";
default = "127.0.0.1:8125";
type = types.str;
};
prefix = mkOption {
description = "A string prepended to each collected metric.";
default = "";
type = types.str;
};
};
extraConfig = mkOption {
default = "";
description = ''
@ -400,6 +422,8 @@ in
serviceConfig = {
ExecStart = "${cfg.package}/bin/rippled --fg --conf ${cfg.config}";
User = "rippled";
Restart = "on-failure";
LimitNOFILE=10000;
};
};

18
nixos/modules/services/network-filesystems/samba.nix
View file

@ -4,6 +4,10 @@ with lib;
let
smbToString = x: if builtins.typeOf x == "bool"
then (if x then "true" else "false")
else toString x;
cfg = config.services.samba;
samba = cfg.package;
@ -15,9 +19,9 @@ let
shareConfig = name:
let share = getAttr name cfg.shares; in
"[${name}]\n " + (toString (
"[${name}]\n " + (smbToString (
map
(key: "${key} = ${toString (getAttr key share)}\n")
(key: "${key} = ${smbToString (getAttr key share)}\n")
(attrNames share)
));
@ -27,12 +31,12 @@ let
[ global ]
security = ${cfg.securityType}
passwd program = /var/setuid-wrappers/passwd %u
pam password change = ${if cfg.syncPasswordsByPam then "yes" else "no"}
invalid users = ${toString cfg.invalidUsers}
pam password change = ${smbToString cfg.syncPasswordsByPam}
invalid users = ${smbToString cfg.invalidUsers}
${cfg.extraConfig}
${toString (map shareConfig (attrNames cfg.shares))}
${smbToString (map shareConfig (attrNames cfg.shares))}
'');
# This may include nss_ldap, needed for samba if it has to use ldap.
@ -151,7 +155,7 @@ in
example =
{ srv =
{ path = "/srv";
"read only" = "yes";
"read only" = true;
comment = "Public samba share.";
};
};
@ -193,7 +197,7 @@ in
"samba-setup" = {
description = "Samba Setup Task";
script = setupScript;
unitConfig.RequiresMountsFor = "/var/samba /var/log/samba";
unitConfig.RequiresMountsFor = "/var/lib/samba";
};
};
};

223
nixos/modules/services/networking/asterisk.nix Normal file
View file

@ -0,0 +1,223 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.asterisk;
asteriskUser = "asterisk";
varlibdir = "/var/lib/asterisk";
spooldir = "/var/spool/asterisk";
logdir = "/var/log/asterisk";
asteriskEtc = pkgs.stdenv.mkDerivation
((mapAttrs' (name: value: nameValuePair
# Fudge the names to make bash happy
((replaceChars ["."] ["_"] name) + "_")
(value)
) cfg.confFiles) //
{
confFilesString = concatStringsSep " " (
attrNames cfg.confFiles
);
name = "asterisk.etc";
# Default asterisk.conf file
# (Notice that astetcdir will be set to the path of this derivation)
asteriskConf = ''
[directories]
astetcdir => @out@
astmoddir => ${pkgs.asterisk}/lib/asterisk/modules
astvarlibdir => /var/lib/asterisk
astdbdir => /var/lib/asterisk
astkeydir => /var/lib/asterisk
astdatadir => /var/lib/asterisk
astagidir => /var/lib/asterisk/agi-bin
astspooldir => /var/spool/asterisk
astrundir => /var/run/asterisk
astlogdir => /var/log/asterisk
astsbindir => ${pkgs.asterisk}/sbin
'';
extraConf = cfg.extraConfig;
# Loading all modules by default is considered sensible by the authors of
# "Asterisk: The Definitive Guide". Secure sites will likely want to
# specify their own "modules.conf" in the confFiles option.
modulesConf = ''
[modules]
autoload=yes
'';
# Use syslog for logging so logs can be viewed with journalctl
loggerConf = ''
[general]
[logfiles]
syslog.local0 => notice,warning,error
'';
buildCommand = ''
mkdir -p "$out"
# Create asterisk.conf, pointing astetcdir to the path of this derivation
echo "$asteriskConf" | sed "s|@out@|$out|g" > "$out"/asterisk.conf
echo "$extraConf" >> "$out"/asterisk.conf
echo "$modulesConf" > "$out"/modules.conf
echo "$loggerConf" > "$out"/logger.conf
# Config files specified in confFiles option override all other files
for i in $confFilesString; do
conf=$(echo "$i"_ | sed 's/\./_/g')
echo "''${!conf}" > "$out"/"$i"
done
'';
});
in
{
options = {
services.asterisk = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Asterisk PBX server.
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
example = ''
[options]
verbose=3
debug=3
'';
description = ''
Extra configuration options appended to the default
<literal>asterisk.conf</literal> file.
'';
};
confFiles = mkOption {
default = {};
type = types.attrsOf types.str;
example = literalExample
''
{
"extensions.conf" = '''
[tests]
; Dial 100 for "hello, world"
exten => 100,1,Answer()
same => n,Wait(1)
same => n,Playback(hello-world)
same => n,Hangup()
[softphones]
include => tests
[unauthorized]
''';
"sip.conf" = '''
[general]
allowguest=no ; Require authentication
context=unauthorized ; Send unauthorized users to /dev/null
srvlookup=no ; Don't do DNS lookup
udpbindaddr=0.0.0.0 ; Listen on all interfaces
nat=force_rport,comedia ; Assume device is behind NAT
[softphone](!)
type=friend ; Match on username first, IP second
context=softphones ; Send to softphones context in
; extensions.conf file
host=dynamic ; Device will register with asterisk
disallow=all ; Manually specify codecs to allow
allow=g722
allow=ulaw
allow=alaw
[myphone](softphone)
secret=GhoshevFew ; Change this password!
''';
"logger.conf" = '''
[general]
[logfiles]
; Add debug output to log
syslog.local0 => notice,warning,error,debug
''';
}
'';
description = ''
Sets the content of config files (typically ending with
<literal>.conf</literal>) in the Asterisk configuration directory.
Note that if you want to change <literal>asterisk.conf</literal>, it
is preferable to use the <option>services.asterisk.extraConfig</option>
option over this option. If <literal>"asterisk.conf"</literal> is
specified with the <option>confFiles</option> option (not recommended),
you must be prepared to set your own <literal>astetcdir</literal>
path.
See
<link xlink:href="http://www.asterisk.org/community/documentation"/>
for more examples of what is possible here.
'';
};
extraArguments = mkOption {
default = [];
type = types.listOf types.str;
example =
[ "-vvvddd" "-e" "1024" ];
description = ''
Additional command line arguments to pass to Asterisk.
'';
};
};
};
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = asteriskUser;
uid = config.ids.uids.asterisk;
description = "Asterisk daemon user";
home = varlibdir;
};
systemd.services.asterisk = {
description = ''
Asterisk PBX server
'';
wantedBy = [ "multi-user.target" ];
preStart = ''
# Copy skeleton directory tree to /var
for d in '${varlibdir}' '${spooldir}' '${logdir}'; do
# TODO: Make exceptions for /var directories that likely should be updated
if [ ! -e "$d" ]; then
cp --recursive ${pkgs.asterisk}/"$d" "$d"
chown --recursive ${asteriskUser} "$d"
find "$d" -type d | xargs chmod 0755
fi
done
'';
serviceConfig = {
ExecStart =
let
# FIXME: This doesn't account for arguments with spaces
argString = concatStringsSep " " cfg.extraArguments;
in
"${pkgs.asterisk}/bin/asterisk -U ${asteriskUser} -C ${asteriskEtc}/asterisk.conf ${argString} -F";
Type = "forking";
PIDFile = "/var/run/asterisk/asterisk.pid";
};
};
};
}

4
nixos/modules/services/networking/btsync.nix
View file

@ -293,7 +293,7 @@ in
systemd.services.btsync = with pkgs; {
description = "Bittorrent Sync Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network.target" "local-fs.target" ];
serviceConfig = {
Restart = "on-abort";
UMask = "0002";
@ -305,7 +305,7 @@ in
systemd.services."btsync@" = with pkgs; {
description = "Bittorrent Sync Service for %i";
after = [ "network.target" ];
after = [ "network.target" "local-fs.target" ];
serviceConfig = {
Restart = "on-abort";
User = "%i";

21
nixos/modules/services/networking/cjdns.nix
View file

@ -44,6 +44,9 @@ let
})
else "";
parseModules = x:
x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; };
# would be nice to merge 'cfg' with a //,
# but the json nesting is wacky.
cjdrouteConf = builtins.toJSON ( {
@ -53,8 +56,8 @@ let
};
authorizedPasswords = map (p: { password = p; }) cfg.authorizedPasswords;
interfaces = {
ETHInterface = if (cfg.ETHInterface.bind != "") then [ cfg.ETHInterface ] else [ ];
UDPInterface = if (cfg.UDPInterface.bind != "") then [ cfg.UDPInterface ] else [ ];
ETHInterface = if (cfg.ETHInterface.bind != "") then [ (parseModules cfg.ETHInterface) ] else [ ];
UDPInterface = if (cfg.UDPInterface.bind != "") then [ (parseModules cfg.UDPInterface) ] else [ ];
};
privateKey = "@CJDNS_PRIVATE_KEY@";
@ -151,12 +154,14 @@ in
ETHInterface = {
bind = mkOption {
default = "";
example = "eth0";
description = ''
Bind to this device for native ethernet operation.
'';
};
default = "";
example = "eth0";
description =
''
Bind to this device for native ethernet operation.
<literal>all</literal> is a pseudo-name which will try to connect to all devices.
'';
};
beacon = mkOption {
type = types.int;

4
nixos/modules/services/networking/ddclient.nix
View file

@ -127,8 +127,8 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
# This may change back to forking if too many problems occur:
type = "simple";
# Uncomment this if too many problems occur:
# Type = "forking";
User = ddclientUser;
Group = "nogroup"; #TODO get this to work
PermissionsStartOnly = "true";

11
nixos/modules/services/networking/dnsmasq.nix
View file

@ -28,6 +28,7 @@ in
services.dnsmasq = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run dnsmasq.
@ -35,14 +36,16 @@ in
};
resolveLocalQueries = mkOption {
type = types.bool;
default = true;
description = ''
Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to
/etc/resolv.conf)
/etc/resolv.conf).
'';
};
servers = mkOption {
type = types.listOf types.string;
default = [];
example = [ "8.8.8.8" "8.8.4.4" ];
description = ''
@ -51,11 +54,11 @@ in
};
extraConfig = mkOption {
type = types.string;
type = types.lines;
default = "";
description = ''
Extra configuration directives that should be added to
<literal>dnsmasq.conf</literal>
<literal>dnsmasq.conf</literal>.
'';
};
@ -81,7 +84,7 @@ in
};
systemd.services.dnsmasq = {
description = "dnsmasq daemon";
description = "Dnsmasq Daemon";
after = [ "network.target" "systemd-resolved.service" ];
wantedBy = [ "multi-user.target" ];
path = [ dnsmasq ];

42
nixos/modules/services/networking/i2p.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.i2p;
homeDir = "/var/lib/i2p";
in {
###### interface
options.services.i2p = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enables i2p as a running service upon activation.
'';
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers.i2p = {
group = "i2p";
description = "i2p User";
home = homeDir;
createHome = true;
uid = config.ids.uids.i2p;
};
users.extraGroups.i2p.gid = config.ids.gids.i2p;
systemd.services.i2p = {
description = "I2P router with administration interface for hidden services";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "i2p";
WorkingDirectory = homeDir;
Restart = "on-abort";
ExecStart = "${pkgs.i2p}/bin/i2prouter-plain";
};
};
};
}

81
nixos/modules/services/networking/lambdabot.nix Normal file
View file

@ -0,0 +1,81 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.lambdabot;
rc = builtins.toFile "script.rc" cfg.script;
in
{
### configuration
options = {
services.lambdabot = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable the Lambdabot IRC bot";
};
package = mkOption {
type = types.package;
default = pkgs.lambdabot;
description = "Used lambdabot package";
};
script = mkOption {
type = types.str;
default = "";
description = "Lambdabot script";
};
};
};
### implementation
config = mkIf cfg.enable {
systemd.services.lambdabot = {
description = "Lambdabot daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
# Workaround for https://github.com/lambdabot/lambdabot/issues/117
script = ''
mkdir -p ~/.lambdabot
cd ~/.lambdabot
mkfifo /run/lambdabot/offline
(
echo 'rc ${rc}'
while true; do
cat /run/lambdabot/offline
done
) | ${cfg.package}/bin/lambdabot
'';
serviceConfig = {
User = "lambdabot";
RuntimeDirectory = [ "lambdabot" ];
};
};
users.extraUsers.lambdabot = {
group = "lambdabot";
description = "Lambdabot daemon user";
home = "/var/lib/lambdabot";
createHome = true;
uid = config.ids.uids.lambdabot;
};
users.extraGroups.lambdabot.gid = config.ids.gids.lambdabot;
};
}

10
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -281,10 +281,8 @@ in
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = "sshd";
uid = config.ids.uids.sshd;
description = "SSH privilege separation user";
users.extraUsers.sshd =
{ description = "SSH privilege separation user";
home = "/var/empty";
};
@ -379,7 +377,7 @@ in
Port ${toString port}
'') cfg.ports}
${concatMapStrings ({ port, addr }: ''
${concatMapStrings ({ port, addr, ... }: ''
ListenAddress ${addr}${if port != null then ":" + toString port else ""}
'') cfg.listenAddresses}
@ -418,7 +416,7 @@ in
(data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
})
++ flip map cfg.listenAddresses ({ addr, port }: {
++ flip map cfg.listenAddresses ({ addr, port, ... }: {
assertion = addr != null;
message = "addr must be specified in each listenAddresses entry";
});

2
nixos/modules/services/networking/sslh.nix
View file

@ -81,7 +81,7 @@ in
description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F ${configFile}";
serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F${configFile}";
serviceConfig.KillMode = "process";
serviceConfig.PIDFile = "${cfg.pidfile}";
};

102
nixos/modules/services/security/hologram.nix Normal file
View file

@ -0,0 +1,102 @@
{pkgs, config, lib, ...}:
with lib;
let
cfg = config.services.hologram-server;
cfgFile = pkgs.writeText "hologram-server.json" (builtins.toJSON {
ldap = {
host = cfg.ldapHost;
bind = {
dn = cfg.ldapBindDN;
password = cfg.ldapBindPassword;
};
insecureldap = cfg.ldapInsecure;
userattr = cfg.ldapUserAttr;
baseDN = cfg.ldapBaseDN;
};
aws = {
account = cfg.awsAccount;
defaultrole = cfg.awsDefaultRole;
};
stats = cfg.statsAddress;
listen = cfg.listenAddress;
});
in {
options = {
services.hologram-server = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Hologram server for AWS instance credentials";
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0:3100";
description = "Address and port to listen on";
};
ldapHost = mkOption {
type = types.str;
description = "Address of the LDAP server to use";
};
ldapInsecure = mkOption {
type = types.bool;
default = false;
description = "Whether to connect to LDAP over SSL or not";
};
ldapUserAttr = mkOption {
type = types.str;
default = "cn";
description = "The LDAP attribute for usernames";
};
ldapBaseDN = mkOption {
type = types.str;
description = "The base DN for your Hologram users";
};
ldapBindDN = mkOption {
type = types.str;
description = "DN of account to use to query the LDAP server";
};
ldapBindPassword = mkOption {
type = types.str;
description = "Password of account to use to query the LDAP server";
};
awsAccount = mkOption {
type = types.str;
description = "AWS account number";
};
awsDefaultRole = mkOption {
type = types.str;
description = "AWS default role";
};
statsAddress = mkOption {
type = types.str;
default = "";
description = "Address of statsd server";
};
};
};
config = mkIf cfg.enable {
systemd.services.hologram-server = {
description = "Provide EC2 instance credentials to machines outside of EC2";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.goPackages.hologram}/bin/hologram-server --debug --conf ${cfgFile}";
};
};
};
}

2
nixos/modules/services/system/dbus.nix
View file

@ -133,6 +133,8 @@ in
# Don't restart dbus-daemon. Bad things tend to happen if we do.
systemd.services.dbus.reloadIfChanged = true;
systemd.services.dbus.restartTriggers = [ configDir ];
environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ];
};

6
nixos/modules/services/system/nscd.nix
View file

@ -42,11 +42,7 @@ in
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = "nscd";
uid = config.ids.uids.nscd;
description = "Name service cache daemon user";
};
users.extraUsers.nscd.description = "Name service cache daemon user";
systemd.services.nscd =
{ description = "Name Service Cache Daemon";

23
nixos/modules/services/ttys/agetty.nix
View file

@ -10,6 +10,15 @@ with lib;
services.mingetty = {
autologinUser = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Username of the account that will be automatically logged in at the console.
If unspecified, a login prompt is shown as usual.
'';
};
greetingLine = mkOption {
type = types.str;
default = ''<<< Welcome to NixOS ${config.system.nixosVersion} (\m) - \l >>>'';
@ -46,28 +55,30 @@ with lib;
###### implementation
config = {
config = let
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
gettyCmd = extraArgs: "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
in {
systemd.services."getty@" =
{ serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM";
{ serviceConfig.ExecStart = gettyCmd "--noclear --keep-baud %I 115200,38400,9600 $TERM";
restartIfChanged = false;
};
systemd.services."serial-getty@" =
{ serviceConfig.ExecStart =
let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed);
in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds} $TERM";
in gettyCmd "%I ${speeds} $TERM";
restartIfChanged = false;
};
systemd.services."container-getty@" =
{ unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits.
serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud pts/%I 115200,38400,9600 $TERM";
serviceConfig.ExecStart = gettyCmd "--noclear --keep-baud pts/%I 115200,38400,9600 $TERM";
restartIfChanged = false;
};
systemd.services."console-getty" =
{ serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud console 115200,38400,9600 $TERM";
{ serviceConfig.ExecStart = gettyCmd "--noclear --keep-baud console 115200,38400,9600 $TERM";
serviceConfig.Restart = "always";
restartIfChanged = false;
enable = mkDefault config.boot.isContainer;

3
nixos/modules/services/web-servers/apache-httpd/default.nix
View file

@ -231,6 +231,9 @@ let
${if cfg.sslServerCert != null then ''
SSLCertificateFile ${cfg.sslServerCert}
SSLCertificateKeyFile ${cfg.sslServerKey}
${if cfg.sslServerChain != null then ''
SSLCertificateChainFile ${cfg.sslServerChain}
'' else ""}
'' else ""}
${if cfg.enableSSL then ''

193
nixos/modules/services/web-servers/apache-httpd/moodle.nix Normal file
View file

@ -0,0 +1,193 @@
{ config, lib, pkgs, serverInfo, php, ... }:
with lib;
let
httpd = serverInfo.serverConfig.package;
version24 = !versionOlder httpd.version "2.4";
allGranted = if version24 then ''
Require all granted
'' else ''
Order allow,deny
Allow from all
'';
moodleConfig = pkgs.writeText "config.php"
''
<?php
unset($CFG);
global $CFG;
$CFG = new stdClass();
$CFG->dbtype = '${config.dbType}';
$CFG->dblibrary = 'native';
$CFG->dbhost = '${config.dbHost}';
$CFG->dbname = '${config.dbName}';
$CFG->dbuser = '${config.dbUser}';
$CFG->dbpass = '${config.dbPassword}';
$CFG->prefix = '${config.dbPrefix}';
$CFG->dboptions = array(
'dbpersist' => false,
'dbsocket' => false,
'dbport' => "${config.dbPort}",
);
$CFG->wwwroot = '${config.wwwRoot}';
$CFG->dataroot = '${config.dataRoot}';
$CFG->directorypermissions = 02777;
$CFG->admin = 'admin';
${optionalString (config.debug.noEmailEver == true) ''
$CFG->noemailever = true;
''}
${config.extraConfig}
require_once(dirname(__FILE__) . '/lib/setup.php'); // Do not edit
'';
# Unpack Moodle and put the config file in its root directory.
moodleRoot = pkgs.stdenv.mkDerivation rec {
name= "moodle-2.8.5";
src = pkgs.fetchurl {
url = "https://download.moodle.org/stable28/${name}.tgz";
sha256 = "1a159a193010cddedce10ee009184502e6f732e4d7c85167d8597fe5dff9e190";
};
buildPhase =
''
'';
installPhase =
''
mkdir -p $out
cp -r * $out
cp ${moodleConfig} $out/config.php
'';
};
in
{
extraConfig =
''
# this should be config.urlPrefix instead of /
Alias / ${moodleRoot}/
<Directory ${moodleRoot}>
DirectoryIndex index.php
</Directory>
'';
documentRoot = moodleRoot; # TODO: fix this, should be config.urlPrefix
enablePHP = true;
options = {
id = mkOption {
default = "main";
description = ''
A unique identifier necessary to keep multiple Moodle server
instances on the same machine apart.
'';
};
dbType = mkOption {
default = "postgres";
example = "mysql";
description = "Database type.";
};
dbName = mkOption {
default = "moodle";
description = "Name of the database that holds the Moodle data.";
};
dbHost = mkOption {
default = "localhost";
example = "10.0.2.2";
description = ''
The location of the database server.
'';
};
dbPort = mkOption {
default = ""; # use the default port
example = "12345";
description = ''
The port that is used to connect to the database server.
'';
};
dbUser = mkOption {
default = "moodle";
description = "The user name for accessing the database.";
};
dbPassword = mkOption {
default = "";
example = "password";
description = ''
The password of the database user. Warning: this is stored in
cleartext in the Nix store!
'';
};
dbPrefix = mkOption {
default = "mdl_";
example = "my_other_mdl_";
description = ''
A prefix for each table, if multiple moodles should run in a single database.
'';
};
wwwRoot = mkOption {
type = types.string;
example = "http://my.machine.com/my-moodle";
description = ''
The full web address where moodle has been installed.
'';
};
dataRoot = mkOption {
default = "/var/lib/moodledata";
example = "/var/lib/moodledata";
description = ''
The data directory for moodle. Needs to be writable!
'';
type = types.path;
};
extraConfig = mkOption {
default = "";
example =
''
'';
description = ''
Any additional text to be appended to Moodle's
configuration file. This is a PHP script.
'';
};
debug = {
noEmailEver = mkOption {
default = false;
example = "true";
description = ''
Set this to true to prevent Moodle from ever sending any email.
'';
};
};
};
startupScript = pkgs.writeScript "moodle_startup.sh" ''
echo "Checking for existence of ${config.dataRoot}"
if [ ! -e "${config.dataRoot}" ]
then
mkdir -p "${config.dataRoot}"
chown ${serverInfo.serverConfig.user}.${serverInfo.serverConfig.group} "${config.dataRoot}"
fi
'';
}

6
nixos/modules/services/web-servers/apache-httpd/per-server-options.nix
View file

@ -56,6 +56,12 @@ with lib;
description = "Path to server SSL certificate key.";
};
sslServerChain = mkOption {
type = types.path;
example = "/var/ca.pem";
description = "Path to server SSL chain file.";
};
adminAddr = mkOption ({
type = types.nullOr types.str;
example = "admin@example.org";

209
nixos/modules/services/web-servers/apache-httpd/wordpress.nix Normal file
View file

@ -0,0 +1,209 @@
{ config, lib, pkgs, serverInfo, php, ... }:
with lib;
let
# https://wordpress.org/plugins/postgresql-for-wordpress/
# Wordpress plugin 'postgresql-for-wordpress' installation example
postgresqlForWordpressPlugin = pkgs.stdenv.mkDerivation {
name = "postgresql-for-wordpress-plugin";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = https://downloads.wordpress.org/plugin/postgresql-for-wordpress.1.3.1.zip;
sha256 = "f11a5d76af884c7bec2bc653ed5bd29d3ede9a8657bd67ab7824e329e5d809e8";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# Our bare-bones wp-config.php file using the above settings
wordpressConfig = pkgs.writeText "wp-config.php" ''
<?php
define('DB_NAME', '${config.dbName}');
define('DB_USER', '${config.dbUser}');
define('DB_PASSWORD', '${config.dbPassword}');
define('DB_HOST', '${config.dbHost}');
define('DB_CHARSET', 'utf8');
$table_prefix = '${config.tablePrefix}';
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
${config.extraConfig}
'';
# .htaccess to support pretty URLs
htaccess = pkgs.writeText "htaccess" ''
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
'';
# The wordpress package itself
wordpressRoot = pkgs.stdenv.mkDerivation rec {
name = "wordpress";
# Fetch directly from the wordpress site, want to upgrade?
# Just change the version URL and update the hash
src = pkgs.fetchurl {
url = http://wordpress.org/wordpress-4.1.1.tar.gz;
sha256 = "1s9y0i9ms3m6dswb9gqrr95plnx6imahc07fyhvrp5g35f6c12k1";
};
installPhase = ''
mkdir -p $out
# Copy all the wordpress files we downloaded
cp -R * $out/
# We'll symlink the wordpress config
ln -s ${wordpressConfig} $out/wp-config.php
# As well as our custom .htaccess
ln -s ${htaccess} $out/.htaccess
# And the uploads directory
ln -s ${config.wordpressUploads} $out/wp-content/uploads
# And the theme(s)
${concatMapStrings (theme: "ln -s ${theme} $out/wp-content/themes/${theme.name}\n") config.themes}
# And the plugin(s)
# remove bundled plugin(s) coming with wordpress
rm -Rf $out/wp-content/plugins/akismet
# install plugins
${concatMapStrings (plugin: "ln -s ${plugin} $out/wp-content/plugins/${plugin.name}\n") (config.plugins ++ [ postgresqlForWordpressPlugin]) }
'';
};
in
{
# And some httpd extraConfig to make things work nicely
extraConfig = ''
<Directory ${wordpressRoot}>
DirectoryIndex index.php
Allow from *
Options FollowSymLinks
AllowOverride All
</Directory>
'';
enablePHP = true;
options = {
dbHost = mkOption {
default = "localhost";
description = "The location of the database server.";
example = "localhost";
};
dbName = mkOption {
default = "wordpress";
description = "Name of the database that holds the Wordpress data.";
example = "localhost";
};
dbUser = mkOption {
default = "wordpress";
description = "The dbUser, read the username, for the database.";
example = "wordpress";
};
dbPassword = mkOption {
default = "wordpress";
description = "The password to the respective dbUser.";
example = "wordpress";
};
tablePrefix = mkOption {
default = "wp_";
description = ''
The $table_prefix is the value placed in the front of your database tables. Change the value if you want to use something other than wp_ for your database prefix. Typically this is changed if you are installing multiple WordPress blogs in the same database. See <link xlink:href='http://codex.wordpress.org/Editing_wp-config.php#table_prefix'/>.
'';
};
wordpressUploads = mkOption {
default = "/data/uploads";
description = ''
This directory is used for uploads of pictures and must be accessible (read: owned) by the httpd running user. The directory passed here is automatically created and permissions are given to the httpd running user.
'';
};
plugins = mkOption {
default = [];
type = types.listOf types.path;
description =
''
List of path(s) to respective plugin(s) which are symlinked from the 'plugins' directory. Note: These plugins need to be packaged before use.
'';
example = ''
# Wordpress plugin 'akismet' installation example
akismetPlugin = pkgs.stdenv.mkDerivation {
name = "akismet-plugin";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = https://downloads.wordpress.org/plugin/akismet.3.1.zip;
sha256 = "1i4k7qyzna08822ncaz5l00wwxkwcdg4j9h3z2g0ay23q640pclg";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
And then pass this theme to the themes list like this:
plugins = [ akismetPlugin ];
'';
};
themes = mkOption {
default = [];
type = types.listOf types.path;
description =
''
List of path(s) to respective theme(s) which are symlinked from the 'theme' directory. Note: These themes need to be packaged before use.
'';
example = ''
# For shits and giggles, let's package the responsive theme
responsiveTheme = pkgs.stdenv.mkDerivation {
name = "responsive-theme";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = http://wordpress.org/themes/download/responsive.1.9.7.6.zip;
sha256 = "06i26xlc5kdnx903b1gfvnysx49fb4kh4pixn89qii3a30fgd8r8";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
And then pass this theme to the themes list like this:
themes = [ responsiveTheme ];
'';
};
extraConfig = mkOption {
default = "";
example =
''
define( 'AUTOSAVE_INTERVAL', 60 ); // Seconds
'';
description = ''
Any additional text to be appended to Wordpress's wp-config.php
configuration file. This is a PHP script. For configuration
settings, see <link xlink:href='http://codex.wordpress.org/Editing_wp-config.php'/>.
'';
};
};
documentRoot = wordpressRoot;
startupScript = pkgs.writeScript "init-wordpress.sh" ''
#!/bin/sh
mkdir -p ${config.wordpressUploads}
chown ${serverInfo.serverConfig.user} ${config.wordpressUploads}
# we should use systemd dependencies here
#waitForUnit("network-interfaces.target");
if [ ! -d ${serverInfo.fullConfig.services.mysql.dataDir}/${config.dbName} ]; then
# Wait until MySQL is up
while [ ! -e /var/run/mysql/mysqld.pid ]; do
sleep 1
done
${pkgs.mysql}/bin/mysql -e 'CREATE DATABASE ${config.dbName};'
${pkgs.mysql}/bin/mysql -e 'GRANT ALL ON ${config.dbName}.* TO ${config.dbUser}@localhost IDENTIFIED BY "${config.dbPassword}";'
fi
'';
}

10
nixos/modules/services/x11/display-managers/lightdm.nix
View file

@ -69,6 +69,7 @@ let
xserver-command = ${xserverWrapper}
session-wrapper = ${dmcfg.session.script}
greeter-session = ${cfg.greeter.name}
${cfg.extraSeatDefaults}
'';
gtkGreeterConf = writeText "lightdm-gtk-greeter.conf"
@ -109,6 +110,15 @@ in
'';
};
extraSeatDefaults = mkOption {
type = types.lines;
default = "";
example = ''
greeter-show-manual-login=true
'';
description = "Extra lines to append to SeatDefaults section.";
};
};
};

42
nixos/modules/services/x11/xserver.nix
View file

@ -41,16 +41,24 @@ let
};
in imap mkHead cfg.xrandrHeads;
xrandrDeviceSection = flip concatMapStrings xrandrHeads (h: ''
Option "monitor-${h.output}" "${h.name}"
'');
xrandrDeviceSection = let
monitors = flip map xrandrHeads (h: ''
Option "monitor-${h.output}" "${h.name}"
'');
# First option is indented through the space in the config but any
# subsequent options aren't so we need to apply indentation to
# them here
monitorsIndented = if length monitors > 1
then singleton (head monitors) ++ map (m: " " + m) (tail monitors)
else monitors;
in concatStrings monitorsIndented;
# Here we chain every monitor from the left to right, so we have:
# m4 right of m3 right of m2 right of m1 .----.----.----.----.
# Which will end up in reverse ----------> | m1 | m2 | m3 | m4 |
# `----^----^----^----'
xrandrMonitorSections = let
mkMonitor = previous: current: previous ++ singleton {
mkMonitor = previous: current: singleton {
inherit (current) name;
value = ''
Section "Monitor"
@ -60,8 +68,8 @@ let
''}
EndSection
'';
};
monitors = foldl mkMonitor [] xrandrHeads;
} ++ previous;
monitors = reverseList (foldl mkMonitor [] xrandrHeads);
in concatMapStrings (getAttr "value") monitors;
configFile = pkgs.stdenv.mkDerivation {
@ -147,6 +155,19 @@ in
'';
};
inputClassSections = mkOption {
type = types.listOf types.lines;
default = [];
example = [ ''
Identifier "Trackpoint Wheel Emulation"
MatchProduct "ThinkPad USB Keyboard with TrackPoint"
Option "EmulateWheel" "true
Option "EmulateWheelButton" "2"
Option "Emulate3Buttons" "false"
'' ];
description = "Content of additional InputClass sections of the X server configuration file.";
};
modules = mkOption {
type = types.listOf types.path;
default = [];
@ -522,6 +543,14 @@ in
Option "XkbVariant" "${cfg.xkbVariant}"
EndSection
# Additional "InputClass" sections
${flip concatMapStrings cfg.inputClassSections (inputClassSection: ''
Section "InputClass"
${inputClassSection}
EndSection
'')}
Section "ServerLayout"
Identifier "Layout[all]"
${cfg.serverLayoutSection}
@ -593,4 +622,3 @@ in
};
}

4
nixos/modules/system/activation/switch-to-configuration.pl
View file

@ -322,7 +322,9 @@ foreach my $device (keys %$prevSwaps) {
# Should we have systemd re-exec itself?
my $restartSystemd = abs_path("/proc/1/exe") ne abs_path("@systemd@/lib/systemd/systemd");
my $prevSystemd = abs_path("/proc/1/exe") or die;
my $newSystemd = abs_path("@systemd@/lib/systemd/systemd") or die;
my $restartSystemd = $prevSystemd ne $newSystemd;
sub filterUnits {

4
nixos/modules/system/boot/loader/grub/install-grub.pl
View file

@ -468,8 +468,8 @@ sub getEfiTarget {
if ($grubTargetEfi eq "") { die }
else {return "only" }
} else {
# at least one grub target has to be given
die
# prevent an installation if neither grub nor grubEfi is given
return "neither"
}
}

670
nixos/modules/system/boot/networkd.nix Normal file
View file

@ -0,0 +1,670 @@
{ config, lib, pkgs, ... }:
with lib;
with import ./systemd-unit-options.nix { inherit config lib; };
with import ./systemd-lib.nix { inherit config lib pkgs; };
let
cfg = config.systemd.network;
checkLink = checkUnitConfig "Link" [
(assertOnlyFields [
"Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "Name"
"MTUBytes" "BitsPerSecond" "Duplex" "WakeOnLan"
])
(assertValueOneOf "MACAddressPolicy" ["persistent" "random"])
(assertMacAddress "MACAddress")
(assertValueOneOf "NamePolicy" [
"kernel" "database" "onboard" "slot" "path" "mac"
])
(assertByteFormat "MTUBytes")
(assertByteFormat "BitsPerSecond")
(assertValueOneOf "Duplex" ["half" "full"])
(assertValueOneOf "WakeOnLan" ["phy" "magic" "off"])
];
checkNetdev = checkUnitConfig "Netdev" [
(assertOnlyFields [
"Description" "Name" "Kind" "MTUBytes" "MACAddress"
])
(assertHasField "Name")
(assertHasField "Kind")
(assertValueOneOf "Kind" [
"bridge" "bond" "vlan" "macvlan" "vxlan" "ipip"
"gre" "sit" "vti" "veth" "tun" "tap" "dummy"
])
(assertByteFormat "MTUBytes")
(assertMacAddress "MACAddress")
];
checkVlan = checkUnitConfig "VLAN" [
(assertOnlyFields ["Id"])
(assertRange "Id" 0 4094)
];
checkMacvlan = checkUnitConfig "MACVLAN" [
(assertOnlyFields ["Mode"])
(assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])
];
checkVxlan = checkUnitConfig "VXLAN" [
(assertOnlyFields ["Id" "Group" "TOS" "TTL" "MacLearning"])
(assertRange "TTL" 0 255)
(assertValueOneOf "MacLearning" boolValues)
];
checkTunnel = checkUnitConfig "Tunnel" [
(assertOnlyFields ["Local" "Remote" "TOS" "TTL" "DiscoverPathMTU"])
(assertRange "TTL" 0 255)
(assertValueOneOf "DiscoverPathMTU" boolValues)
];
checkPeer = checkUnitConfig "Peer" [
(assertOnlyFields ["Name" "MACAddress"])
(assertMacAddress "MACAddress")
];
tunTapChecks = [
(assertOnlyFields ["OneQueue" "MultiQueue" "PacketInfo" "User" "Group"])
(assertValueOneOf "OneQueue" boolValues)
(assertValueOneOf "MultiQueue" boolValues)
(assertValueOneOf "PacketInfo" boolValues)
];
checkTun = checkUnitConfig "Tun" tunTapChecks;
checkTap = checkUnitConfig "Tap" tunTapChecks;
checkBond = checkUnitConfig "Bond" [
(assertOnlyFields [
"Mode" "TransmitHashPolicy" "LACPTransmitRate" "MIIMonitorSec"
"UpDelaySec" "DownDelaySec"
])
(assertValueOneOf "Mode" [
"balance-rr" "active-backup" "balance-xor"
"broadcast" "802.3ad" "balance-tlb" "balance-alb"
])
(assertValueOneOf "TransmitHashPolicy" [
"layer2" "layer3+4" "layer2+3" "encap2+3" "802.3ad" "encap3+4"
])
(assertValueOneOf "LACPTransmitRate" ["slow" "fast"])
];
checkNetwork = checkUnitConfig "Network" [
(assertOnlyFields [
"Description" "DHCP" "DHCPServer" "IPv4LL" "IPv4LLRoute"
"LLMNR" "Domains" "Bridge" "Bond"
])
(assertValueOneOf "DHCP" ["both" "none" "v4" "v6"])
(assertValueOneOf "DHCPServer" boolValues)
(assertValueOneOf "IPv4LL" boolValues)
(assertValueOneOf "IPv4LLRoute" boolValues)
(assertValueOneOf "LLMNR" boolValues)
];
checkAddress = checkUnitConfig "Address" [
(assertOnlyFields ["Address" "Peer" "Broadcast" "Label"])
(assertHasField "Address")
];
checkRoute = checkUnitConfig "Route" [
(assertOnlyFields ["Gateway" "Destination" "Metric"])
(assertHasField "Gateway")
];
checkDhcp = checkUnitConfig "DHCP" [
(assertOnlyFields [
"UseDNS" "UseMTU" "SendHostname" "UseHostname" "UseDomains" "UseRoutes"
"CriticalConnections" "VendorClassIdentifier" "RequestBroadcast"
"RouteMetric"
])
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseMTU" boolValues)
(assertValueOneOf "SendHostname" boolValues)
(assertValueOneOf "UseHostname" boolValues)
(assertValueOneOf "UseDomains" boolValues)
(assertValueOneOf "UseRoutes" boolValues)
(assertValueOneOf "CriticalConnections" boolValues)
(assertValueOneOf "RequestBroadcast" boolValues)
];
commonNetworkOptions = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to manage network configuration using <command>systemd-network</command>.
'';
};
matchConfig = mkOption {
default = {};
example = { Name = "eth0"; };
type = types.attrsOf unitOption;
description = ''
Each attribute in this set specifies an option in the
<literal>[Match]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details.
'';
};
};
linkOptions = commonNetworkOptions // {
linkConfig = mkOption {
default = {};
example = { MACAddress = "00:ff:ee:aa:cc:dd"; };
type = types.addCheck (types.attrsOf unitOption) checkLink;
description = ''
Each attribute in this set specifies an option in the
<literal>[Link]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.link</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
netdevOptions = commonNetworkOptions // {
netdevConfig = mkOption {
default = {};
example = { Name = "mybridge"; Kind = "bridge"; };
type = types.addCheck (types.attrsOf unitOption) checkNetdev;
description = ''
Each attribute in this set specifies an option in the
<literal>[Netdev]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vlanConfig = mkOption {
default = {};
example = { Id = "4"; };
type = types.addCheck (types.attrsOf unitOption) checkVlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[VLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
macvlanConfig = mkOption {
default = {};
example = { Mode = "private"; };
type = types.addCheck (types.attrsOf unitOption) checkMacvlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[MACVLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vxlanConfig = mkOption {
default = {};
example = { Id = "4"; };
type = types.addCheck (types.attrsOf unitOption) checkVxlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[VXLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunnelConfig = mkOption {
default = {};
example = { Remote = "192.168.1.1"; };
type = types.addCheck (types.attrsOf unitOption) checkTunnel;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tunnel]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
peerConfig = mkOption {
default = {};
example = { Name = "veth2"; };
type = types.addCheck (types.attrsOf unitOption) checkPeer;
description = ''
Each attribute in this set specifies an option in the
<literal>[Peer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) checkTun;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tun]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tapConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) checkTap;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tap]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
bondConfig = mkOption {
default = {};
example = { Mode = "802.3ad"; };
type = types.addCheck (types.attrsOf unitOption) checkBond;
description = ''
Each attribute in this set specifies an option in the
<literal>[Bond]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
addressOptions = {
addressConfig = mkOption {
default = {};
example = { Address = "192.168.0.100/24"; };
type = types.addCheck (types.attrsOf unitOption) checkAddress;
description = ''
Each attribute in this set specifies an option in the
<literal>[Address]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
routeOptions = {
routeConfig = mkOption {
default = {};
example = { Gateway = "192.168.0.1"; };
type = types.addCheck (types.attrsOf unitOption) checkRoute;
description = ''
Each attribute in this set specifies an option in the
<literal>[Route]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
networkOptions = commonNetworkOptions // {
networkConfig = mkOption {
default = {};
example = { Description = "My Network"; };
type = types.addCheck (types.attrsOf unitOption) checkNetwork;
description = ''
Each attribute in this set specifies an option in the
<literal>[Network]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
dhcpConfig = mkOption {
default = {};
example = { UseDNS = true; UseRoutes = true; };
type = types.addCheck (types.attrsOf unitOption) checkDhcp;
description = ''
Each attribute in this set specifies an option in the
<literal>[DHCP]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
name = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The name of the network interface to match against.
'';
};
DHCP = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Whether to enable DHCP on the interfaces matched.
'';
};
domains = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
A list of domains to pass to the network config.
'';
};
address = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of addresses to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
gateway = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of gateways to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
dns = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of dns servers to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
ntp = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of ntp servers to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vlan = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of vlan interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
macvlan = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of macvlan interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vxlan = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of vxlan interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunnel = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of tunnel interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
addresses = mkOption {
default = [ ];
type = types.listOf types.optionSet;
options = [ addressOptions ];
description = ''
A list of address sections to be added to the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
routes = mkOption {
default = [ ];
type = types.listOf types.optionSet;
options = [ routeOptions ];
description = ''
A list of route sections to be added to the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
networkConfig = { name, config, ... }: {
config = {
matchConfig = optionalAttrs (config.name != null) {
Name = config.name;
};
networkConfig = optionalAttrs (config.DHCP != null) {
DHCP = config.DHCP;
} // optionalAttrs (config.domains != null) {
Domains = concatStringsSep " " config.domains;
};
};
};
linkToUnit = name: def:
{ inherit (def) enable;
text = commonMatchText def +
''
[Link]
${attrsToSection def.linkConfig}
'';
};
netdevToUnit = name: def:
{ inherit (def) enable;
text = commonMatchText def +
''
[NetDev]
${attrsToSection def.netdevConfig}
${optionalString (def.vlanConfig != { }) ''
[VLAN]
${attrsToSection def.vlanConfig}
''}
${optionalString (def.macvlanConfig != { }) ''
[MACVLAN]
${attrsToSection def.macvlanConfig}
''}
${optionalString (def.vxlanConfig != { }) ''
[VXLAN]
${attrsToSection def.vxlanConfig}
''}
${optionalString (def.tunnelConfig != { }) ''
[Tunnel]
${attrsToSection def.tunnelConfig}
''}
${optionalString (def.peerConfig != { }) ''
[Peer]
${attrsToSection def.peerConfig}
''}
${optionalString (def.tunConfig != { }) ''
[Tun]
${attrsToSection def.tunConfig}
''}
${optionalString (def.tapConfig != { }) ''
[Tap]
${attrsToSection def.tapConfig}
''}
${optionalString (def.bondConfig != { }) ''
[Bond]
${attrsToSection def.bondConfig}
''}
'';
};
networkToUnit = name: def:
{ inherit (def) enable;
text = commonMatchText def +
''
[Network]
${attrsToSection def.networkConfig}
${concatStringsSep "\n" (map (s: "Address=${s}") def.address)}
${concatStringsSep "\n" (map (s: "Gateway=${s}") def.gateway)}
${concatStringsSep "\n" (map (s: "DNS=${s}") def.dns)}
${concatStringsSep "\n" (map (s: "NTP=${s}") def.ntp)}
${concatStringsSep "\n" (map (s: "VLAN=${s}") def.vlan)}
${concatStringsSep "\n" (map (s: "MACVLAN=${s}") def.macvlan)}
${concatStringsSep "\n" (map (s: "VXLAN=${s}") def.vxlan)}
${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)}
${optionalString (def.dhcpConfig != { }) ''
[DHCP]
${attrsToSection def.dhcpConfig}
''}
${flip concatMapStrings def.addresses (x: ''
[Address]
${attrsToSection x.addressConfig}
'')}
${flip concatMapStrings def.routes (x: ''
[Route]
${attrsToSection x.routeConfig}
'')}
'';
};
in
{
options = {
systemd.network.enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable networkd or not.
'';
};
systemd.network.links = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ linkOptions ];
description = "Definition of systemd network links.";
};
systemd.network.netdevs = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ netdevOptions ];
description = "Definition of systemd network devices.";
};
systemd.network.networks = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ networkOptions networkConfig ];
description = "Definition of systemd networks.";
};
systemd.network.units = mkOption {
description = "Definition of networkd units.";
default = {};
type = types.attrsOf types.optionSet;
options = { name, config, ... }:
{ options = concreteUnitOptions;
config = {
unit = mkDefault (makeUnit name config);
};
};
};
};
config = mkIf config.systemd.network.enable {
systemd.additionalUpstreamSystemUnits =
[ "systemd-networkd.service" "systemd-networkd-wait-online.service" ];
systemd.network.units =
mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links
// mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
environment.etc."systemd/network".source =
generateUnits "network" cfg.units [] [];
users.extraUsers.systemd-network.uid = config.ids.uids.systemd-network;
users.extraGroups.systemd-network.gid = config.ids.gids.systemd-network;
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
before = [ "network-interfaces.target" ];
restartTriggers = [ config.environment.etc."systemd/network".source ];
};
systemd.services.systemd-networkd-wait-online = {
before = [ "network-online.target" "ip-up.target" ];
wantedBy = [ "network-online.target" "ip-up.target" ];
};
systemd.services."systemd-network-wait-online@" = {
description = "Wait for Network Interface %I to be Configured";
conflicts = [ "shutdown.target" ];
requisite = [ "systemd-networkd.service" ];
after = [ "systemd-networkd.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I";
};
};
services.resolved.enable = mkDefault true;
services.timesyncd.enable = mkDefault config.services.ntp.enable;
};
}

38
nixos/modules/system/boot/resolved.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
with lib;
{
options = {
services.resolved.enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable the systemd DNS resolver daemon.
'';
};
};
config = mkIf config.services.resolved.enable {
systemd.additionalUpstreamSystemUnits = [ "systemd-resolved.service" ];
systemd.services.systemd-resolved = {
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ];
};
environment.etc."systemd/resolved.conf".text = ''
[Resolve]
DNS=${concatStringsSep " " config.networking.nameservers}
'';
users.extraUsers.systemd-resolve.uid = config.ids.uids.systemd-resolve;
users.extraGroups.systemd-resolve.gid = config.ids.gids.systemd-resolve;
};
}

1
nixos/modules/system/boot/stage-2.nix
View file

@ -24,7 +24,6 @@ let
path =
[ pkgs.coreutils
pkgs.utillinux
pkgs.sysvtools
pkgs.openresolv
] ++ optional config.nix.readOnlyStore readonlyMountpoint;
postBootCommands = pkgs.writeText "local-cmds"

118
nixos/modules/system/boot/systemd-lib.nix Normal file
View file

@ -0,0 +1,118 @@
{ config, lib, pkgs }:
with lib;
let cfg = config.systemd; in
rec {
shellEscape = s: (replaceChars [ "\\" ] [ "\\\\" ] s);
makeUnit = name: unit:
let
pathSafeName = lib.replaceChars ["@" ":" "\\"] ["-" "-" "-"] name;
in
if unit.enable then
pkgs.runCommand "unit-${pathSafeName}" { preferLocalBuild = true; inherit (unit) text; }
''
mkdir -p $out
echo -n "$text" > $out/${shellEscape name}
''
else
pkgs.runCommand "unit-${pathSafeName}-disabled" { preferLocalBuild = true; }
''
mkdir -p $out
ln -s /dev/null $out/${shellEscape name}
'';
generateUnits = type: units: upstreamUnits: upstreamWants:
pkgs.runCommand "${type}-units" { preferLocalBuild = true; } ''
mkdir -p $out
# Copy the upstream systemd units we're interested in.
for i in ${toString upstreamUnits}; do
fn=${cfg.package}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
if [ -L $fn ]; then
target="$(readlink "$fn")"
if [ ''${target:0:3} = ../ ]; then
ln -s "$(readlink -f "$fn")" $out/
else
cp -pd $fn $out/
fi
else
ln -s $fn $out/
fi
done
# Copy .wants links, but only those that point to units that
# we're interested in.
for i in ${toString upstreamWants}; do
fn=${cfg.package}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
x=$out/$(basename $fn)
mkdir $x
for i in $fn/*; do
y=$x/$(basename $i)
cp -pd $i $y
if ! [ -e $y ]; then rm $y; fi
done
done
# Symlink all units provided listed in systemd.packages.
for i in ${toString cfg.packages}; do
for fn in $i/etc/systemd/${type}/* $i/lib/systemd/${type}/*; do
if ! [[ "$fn" =~ .wants$ ]]; then
ln -s $fn $out/
fi
done
done
# Symlink all units defined by systemd.units. If these are also
# provided by systemd or systemd.packages, then add them as
# <unit-name>.d/overrides.conf, which makes them extend the
# upstream unit.
for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
fn=$(basename $i/*)
if [ -e $out/$fn ]; then
if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
ln -sfn /dev/null $out/$fn
else
mkdir $out/$fn.d
ln -s $i/$fn $out/$fn.d/overrides.conf
fi
else
ln -fs $i/$fn $out/
fi
done
# Created .wants and .requires symlinks from the wantedBy and
# requiredBy options.
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.wants'
ln -sfn '../${name}' $out/'${name2}.wants'/
'') unit.wantedBy) units)}
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.requires'
ln -sfn '../${name}' $out/'${name2}.requires'/
'') unit.requiredBy) units)}
${optionalString (type == "system") ''
# Stupid misc. symlinks.
ln -s ${cfg.defaultUnit} $out/default.target
ln -s rescue.target $out/kbrequest.target
mkdir -p $out/getty.target.wants/
ln -s ../autovt@tty1.service $out/getty.target.wants/
ln -s ../local-fs.target ../remote-fs.target ../network.target \
../nss-lookup.target ../nss-user-lookup.target ../swap.target \
$out/multi-user.target.wants/
''}
''; # */
}

464
nixos/modules/system/boot/systemd-unit-options.nix
View file

@ -62,126 +62,7 @@ let
])
];
checkLink = checkUnitConfig "Link" [
(assertOnlyFields [
"Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "Name"
"MTUBytes" "BitsPerSecond" "Duplex" "WakeOnLan"
])
(assertValueOneOf "MACAddressPolicy" ["persistent" "random"])
(assertMacAddress "MACAddress")
(assertValueOneOf "NamePolicy" [
"kernel" "database" "onboard" "slot" "path" "mac"
])
(assertByteFormat "MTUBytes")
(assertByteFormat "BitsPerSecond")
(assertValueOneOf "Duplex" ["half" "full"])
(assertValueOneOf "WakeOnLan" ["phy" "magic" "off"])
];
checkNetdev = checkUnitConfig "Netdev" [
(assertOnlyFields [
"Description" "Name" "Kind" "MTUBytes" "MACAddress"
])
(assertHasField "Name")
(assertHasField "Kind")
(assertValueOneOf "Kind" [
"bridge" "bond" "vlan" "macvlan" "vxlan" "ipip"
"gre" "sit" "vti" "veth" "tun" "tap" "dummy"
])
(assertByteFormat "MTUBytes")
(assertMacAddress "MACAddress")
];
checkVlan = checkUnitConfig "VLAN" [
(assertOnlyFields ["Id"])
(assertRange "Id" 0 4094)
];
checkMacvlan = checkUnitConfig "MACVLAN" [
(assertOnlyFields ["Mode"])
(assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])
];
checkVxlan = checkUnitConfig "VXLAN" [
(assertOnlyFields ["Id" "Group" "TOS" "TTL" "MacLearning"])
(assertRange "TTL" 0 255)
(assertValueOneOf "MacLearning" boolValues)
];
checkTunnel = checkUnitConfig "Tunnel" [
(assertOnlyFields ["Local" "Remote" "TOS" "TTL" "DiscoverPathMTU"])
(assertRange "TTL" 0 255)
(assertValueOneOf "DiscoverPathMTU" boolValues)
];
checkPeer = checkUnitConfig "Peer" [
(assertOnlyFields ["Name" "MACAddress"])
(assertMacAddress "MACAddress")
];
tunTapChecks = [
(assertOnlyFields ["OneQueue" "MultiQueue" "PacketInfo" "User" "Group"])
(assertValueOneOf "OneQueue" boolValues)
(assertValueOneOf "MultiQueue" boolValues)
(assertValueOneOf "PacketInfo" boolValues)
];
checkTun = checkUnitConfig "Tun" tunTapChecks;
checkTap = checkUnitConfig "Tap" tunTapChecks;
checkBond = checkUnitConfig "Bond" [
(assertOnlyFields [
"Mode" "TransmitHashPolicy" "LACPTransmitRate" "MIIMonitorSec"
"UpDelaySec" "DownDelaySec"
])
(assertValueOneOf "Mode" [
"balance-rr" "active-backup" "balance-xor"
"broadcast" "802.3ad" "balance-tlb" "balance-alb"
])
(assertValueOneOf "TransmitHashPolicy" [
"layer2" "layer3+4" "layer2+3" "encap2+3" "802.3ad" "encap3+4"
])
(assertValueOneOf "LACPTransmitRate" ["slow" "fast"])
];
checkNetwork = checkUnitConfig "Network" [
(assertOnlyFields [
"Description" "DHCP" "DHCPServer" "IPv4LL" "IPv4LLRoute"
"LLMNR" "Domains" "Bridge" "Bond"
])
(assertValueOneOf "DHCP" ["both" "none" "v4" "v6"])
(assertValueOneOf "DHCPServer" boolValues)
(assertValueOneOf "IPv4LL" boolValues)
(assertValueOneOf "IPv4LLRoute" boolValues)
(assertValueOneOf "LLMNR" boolValues)
];
checkAddress = checkUnitConfig "Address" [
(assertOnlyFields ["Address" "Peer" "Broadcast" "Label"])
(assertHasField "Address")
];
checkRoute = checkUnitConfig "Route" [
(assertOnlyFields ["Gateway" "Destination" "Metric"])
(assertHasField "Gateway")
];
checkDhcp = checkUnitConfig "DHCP" [
(assertOnlyFields [
"UseDNS" "UseMTU" "SendHostname" "UseHostname" "UseDomains" "UseRoutes"
"CriticalConnections" "VendorClassIdentifier" "RequestBroadcast"
"RouteMetric"
])
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseMTU" boolValues)
(assertValueOneOf "SendHostname" boolValues)
(assertValueOneOf "UseHostname" boolValues)
(assertValueOneOf "UseDomains" boolValues)
(assertValueOneOf "UseRoutes" boolValues)
(assertValueOneOf "CriticalConnections" boolValues)
(assertValueOneOf "RequestBroadcast" boolValues)
];
in rec {
unitOption = mkOptionType {
name = "systemd option";
@ -195,8 +76,6 @@ let
else mergeOneOption loc defs';
};
in rec {
sharedOptions = {
enable = mkOption {
@ -619,345 +498,4 @@ in rec {
targetOptions = commonUnitOptions;
commonNetworkOptions = {
enable = mkOption {
default = true;
type = types.bool;
description = ''
If set to false, this unit will be a symlink to
/dev/null.
'';
};
matchConfig = mkOption {
default = {};
example = { Name = "eth0"; };
type = types.attrsOf unitOption;
description = ''
Each attribute in this set specifies an option in the
<literal>[Match]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details.
'';
};
};
linkOptions = commonNetworkOptions // {
linkConfig = mkOption {
default = {};
example = { MACAddress = "00:ff:ee:aa:cc:dd"; };
type = types.addCheck (types.attrsOf unitOption) checkLink;
description = ''
Each attribute in this set specifies an option in the
<literal>[Link]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.link</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
netdevOptions = commonNetworkOptions // {
netdevConfig = mkOption {
default = {};
example = { Name = "mybridge"; Kind = "bridge"; };
type = types.addCheck (types.attrsOf unitOption) checkNetdev;
description = ''
Each attribute in this set specifies an option in the
<literal>[Netdev]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vlanConfig = mkOption {
default = {};
example = { Id = "4"; };
type = types.addCheck (types.attrsOf unitOption) checkVlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[VLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
macvlanConfig = mkOption {
default = {};
example = { Mode = "private"; };
type = types.addCheck (types.attrsOf unitOption) checkMacvlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[MACVLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vxlanConfig = mkOption {
default = {};
example = { Id = "4"; };
type = types.addCheck (types.attrsOf unitOption) checkVxlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[VXLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunnelConfig = mkOption {
default = {};
example = { Remote = "192.168.1.1"; };
type = types.addCheck (types.attrsOf unitOption) checkTunnel;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tunnel]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
peerConfig = mkOption {
default = {};
example = { Name = "veth2"; };
type = types.addCheck (types.attrsOf unitOption) checkPeer;
description = ''
Each attribute in this set specifies an option in the
<literal>[Peer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) checkTun;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tun]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tapConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) checkTap;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tap]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
bondConfig = mkOption {
default = {};
example = { Mode = "802.3ad"; };
type = types.addCheck (types.attrsOf unitOption) checkBond;
description = ''
Each attribute in this set specifies an option in the
<literal>[Bond]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
addressOptions = {
addressConfig = mkOption {
default = {};
example = { Address = "192.168.0.100/24"; };
type = types.addCheck (types.attrsOf unitOption) checkAddress;
description = ''
Each attribute in this set specifies an option in the
<literal>[Address]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
routeOptions = {
routeConfig = mkOption {
default = {};
example = { Gateway = "192.168.0.1"; };
type = types.addCheck (types.attrsOf unitOption) checkRoute;
description = ''
Each attribute in this set specifies an option in the
<literal>[Route]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
networkOptions = commonNetworkOptions // {
networkConfig = mkOption {
default = {};
example = { Description = "My Network"; };
type = types.addCheck (types.attrsOf unitOption) checkNetwork;
description = ''
Each attribute in this set specifies an option in the
<literal>[Network]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
dhcpConfig = mkOption {
default = {};
example = { UseDNS = true; UseRoutes = true; };
type = types.addCheck (types.attrsOf unitOption) checkDhcp;
description = ''
Each attribute in this set specifies an option in the
<literal>[DHCP]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
name = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The name of the network interface to match against.
'';
};
DHCP = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Whether to enable DHCP on the interfaces matched.
'';
};
domains = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
A list of domains to pass to the network config.
'';
};
address = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of addresses to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
gateway = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of gateways to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
dns = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of dns servers to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
ntp = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of ntp servers to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vlan = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of vlan interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
macvlan = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of macvlan interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vxlan = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of vxlan interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunnel = mkOption {
default = [ ];
type = types.listOf types.str;
description = ''
A list of tunnel interfaces to be added to the network section of the
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
addresses = mkOption {
default = [ ];
type = types.listOf types.optionSet;
options = [ addressOptions ];
description = ''
A list of address sections to be added to the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
routes = mkOption {
default = [ ];
type = types.listOf types.optionSet;
options = [ routeOptions ];
description = ''
A list of route sections to be added to the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
}

351
nixos/modules/system/boot/systemd.nix
View file

@ -3,6 +3,7 @@
with utils;
with lib;
with import ./systemd-unit-options.nix { inherit config lib; };
with import ./systemd-lib.nix { inherit config lib pkgs; };
let
@ -10,24 +11,6 @@ let
systemd = cfg.package;
makeUnit = name: unit:
let
pathSafeName = lib.replaceChars ["@" ":" "\\"] ["-" "-" "-"] name;
in
if unit.enable then
pkgs.runCommand "unit-${pathSafeName}" { preferLocalBuild = true; inherit (unit) text; }
''
mkdir -p $out
echo -n "$text" > $out/${shellEscape name}
''
else
pkgs.runCommand "unit-${pathSafeName}-disabled" { preferLocalBuild = true; }
''
mkdir -p $out
ln -s /dev/null $out/${shellEscape name}
'';
upstreamSystemUnits =
[ # Targets.
"basic.target"
@ -97,12 +80,6 @@ let
"systemd-modules-load.service"
"kmod-static-nodes.service"
# Networking
"systemd-networkd.service"
"systemd-networkd-wait-online.service"
"systemd-resolved.service"
"systemd-timesyncd.service"
# Filesystems.
"systemd-fsck@.service"
"systemd-fsck-root.service"
@ -196,8 +173,6 @@ let
"timers.target"
];
shellEscape = s: (replaceChars [ "\\" ] [ "\\\\" ] s);
makeJobScript = name: text:
let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${shellEscape name}"; inherit text; };
in "${x}/bin/${shellEscape name}";
@ -301,19 +276,6 @@ let
};
};
networkConfig = { name, config, ... }: {
config = {
matchConfig = optionalAttrs (config.name != null) {
Name = config.name;
};
networkConfig = optionalAttrs (config.DHCP != null) {
DHCP = config.DHCP;
} // optionalAttrs (config.domains != null) {
Domains = concatStringsSep " " config.domains;
};
};
};
toOption = x:
if x == true then "true"
else if x == false then "false"
@ -412,188 +374,6 @@ let
${attrsToSection def.matchConfig}
'';
linkToUnit = name: def:
{ inherit (def) enable;
text = commonMatchText def +
''
[Link]
${attrsToSection def.linkConfig}
'';
};
netdevToUnit = name: def:
{ inherit (def) enable;
text = commonMatchText def +
''
[NetDev]
${attrsToSection def.netdevConfig}
${optionalString (def.vlanConfig != { }) ''
[VLAN]
${attrsToSection def.vlanConfig}
''}
${optionalString (def.macvlanConfig != { }) ''
[MACVLAN]
${attrsToSection def.macvlanConfig}
''}
${optionalString (def.vxlanConfig != { }) ''
[VXLAN]
${attrsToSection def.vxlanConfig}
''}
${optionalString (def.tunnelConfig != { }) ''
[Tunnel]
${attrsToSection def.tunnelConfig}
''}
${optionalString (def.peerConfig != { }) ''
[Peer]
${attrsToSection def.peerConfig}
''}
${optionalString (def.tunConfig != { }) ''
[Tun]
${attrsToSection def.tunConfig}
''}
${optionalString (def.tapConfig != { }) ''
[Tap]
${attrsToSection def.tapConfig}
''}
${optionalString (def.bondConfig != { }) ''
[Bond]
${attrsToSection def.bondConfig}
''}
'';
};
networkToUnit = name: def:
{ inherit (def) enable;
text = commonMatchText def +
''
[Network]
${attrsToSection def.networkConfig}
${concatStringsSep "\n" (map (s: "Address=${s}") def.address)}
${concatStringsSep "\n" (map (s: "Gateway=${s}") def.gateway)}
${concatStringsSep "\n" (map (s: "DNS=${s}") def.dns)}
${concatStringsSep "\n" (map (s: "NTP=${s}") def.ntp)}
${concatStringsSep "\n" (map (s: "VLAN=${s}") def.vlan)}
${concatStringsSep "\n" (map (s: "MACVLAN=${s}") def.macvlan)}
${concatStringsSep "\n" (map (s: "VXLAN=${s}") def.vxlan)}
${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)}
${optionalString (def.dhcpConfig != { }) ''
[DHCP]
${attrsToSection def.dhcpConfig}
''}
${flip concatMapStrings def.addresses (x: ''
[Address]
${attrsToSection x.addressConfig}
'')}
${flip concatMapStrings def.routes (x: ''
[Route]
${attrsToSection x.routeConfig}
'')}
'';
};
generateUnits = type: units: upstreamUnits: upstreamWants:
pkgs.runCommand "${type}-units" { preferLocalBuild = true; } ''
mkdir -p $out
# Copy the upstream systemd units we're interested in.
for i in ${toString upstreamUnits}; do
fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
if [ -L $fn ]; then
target="$(readlink "$fn")"
if [ ''${target:0:3} = ../ ]; then
ln -s "$(readlink -f "$fn")" $out/
else
cp -pd $fn $out/
fi
else
ln -s $fn $out/
fi
done
# Copy .wants links, but only those that point to units that
# we're interested in.
for i in ${toString upstreamWants}; do
fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
x=$out/$(basename $fn)
mkdir $x
for i in $fn/*; do
y=$x/$(basename $i)
cp -pd $i $y
if ! [ -e $y ]; then rm $y; fi
done
done
# Symlink all units provided listed in systemd.packages.
for i in ${toString cfg.packages}; do
for fn in $i/etc/systemd/${type}/* $i/lib/systemd/${type}/*; do
if ! [[ "$fn" =~ .wants$ ]]; then
ln -s $fn $out/
fi
done
done
# Symlink all units defined by systemd.units. If these are also
# provided by systemd or systemd.packages, then add them as
# <unit-name>.d/overrides.conf, which makes them extend the
# upstream unit.
for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
fn=$(basename $i/*)
if [ -e $out/$fn ]; then
if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
ln -sfn /dev/null $out/$fn
else
mkdir $out/$fn.d
ln -s $i/$fn $out/$fn.d/overrides.conf
fi
else
ln -fs $i/$fn $out/
fi
done
# Created .wants and .requires symlinks from the wantedBy and
# requiredBy options.
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.wants'
ln -sfn '../${name}' $out/'${name2}.wants'/
'') unit.wantedBy) units)}
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.requires'
ln -sfn '../${name}' $out/'${name2}.requires'/
'') unit.requiredBy) units)}
${optionalString (type == "system") ''
# Stupid misc. symlinks.
ln -s ${cfg.defaultUnit} $out/default.target
ln -s rescue.target $out/kbrequest.target
mkdir -p $out/getty.target.wants/
ln -s ../autovt@tty1.service $out/getty.target.wants/
ln -s ../local-fs.target ../remote-fs.target ../network.target \
../nss-lookup.target ../nss-user-lookup.target ../swap.target \
$out/multi-user.target.wants/
''}
''; # */
in
{
@ -683,47 +463,6 @@ in
'';
};
systemd.network.enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable networkd or not.
'';
};
systemd.network.links = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ linkOptions ];
description = "Definition of systemd network links.";
};
systemd.network.netdevs = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ netdevOptions ];
description = "Definition of systemd network devices.";
};
systemd.network.networks = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ networkOptions networkConfig ];
description = "Definition of systemd networks.";
};
systemd.network.units = mkOption {
description = "Definition of networkd units.";
default = {};
type = types.attrsOf types.optionSet;
options = { name, config, ... }:
{ options = concreteUnitOptions;
config = {
unit = mkDefault (makeUnit name config);
};
};
};
systemd.defaultUnit = mkOption {
default = "multi-user.target";
type = types.str;
@ -807,22 +546,6 @@ in
'';
};
services.resolved.enable = mkOption {
default = false;
type = types.bool;
description = ''
Enables the systemd dns resolver daemon.
'';
};
services.timesyncd.enable = mkOption {
default = false;
type = types.bool;
description = ''
Enables the systemd ntp client daemon.
'';
};
systemd.tmpfiles.rules = mkOption {
type = types.listOf types.str;
default = [];
@ -886,7 +609,7 @@ in
###### implementation
config = mkMerge [ {
config = {
warnings = concatLists (mapAttrsToList (name: service:
optional (service.serviceConfig.Type or "" == "oneshot" && service.serviceConfig.Restart or "no" != "no")
@ -899,9 +622,6 @@ in
environment.etc."systemd/system".source =
generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants;
environment.etc."systemd/network".source =
generateUnits "network" cfg.network.units [] [];
environment.etc."systemd/user".source =
generateUnits "user" cfg.user.units upstreamUserUnits [];
@ -979,11 +699,6 @@ in
(v: let n = escapeSystemdPath v.where;
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);
systemd.network.units =
mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.network.links
// mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.network.netdevs
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.network.networks;
systemd.user.units =
mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services
// mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.user.sockets
@ -1006,15 +721,6 @@ in
users.extraUsers.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
users.extraGroups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
users.extraUsers.systemd-network.uid = config.ids.uids.systemd-network;
users.extraGroups.systemd-network.gid = config.ids.gids.systemd-network;
users.extraUsers.systemd-resolve.uid = config.ids.uids.systemd-resolve;
users.extraGroups.systemd-resolve.gid = config.ids.gids.systemd-resolve;
users.extraUsers.systemd-timesync.uid = config.ids.uids.systemd-timesync;
users.extraGroups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
# Generate timer units for all services that have a startAt value.
systemd.timers =
mapAttrs (name: service:
@ -1053,57 +759,6 @@ in
systemd.services.systemd-remount-fs.restartIfChanged = false;
systemd.services.systemd-journal-flush.restartIfChanged = false;
}
(mkIf config.systemd.network.enable {
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
before = [ "network-interfaces.target" ];
restartTriggers = [ config.environment.etc."systemd/network".source ];
};
};
systemd.services.systemd-networkd-wait-online = {
before = [ "network-online.target" "ip-up.target" ];
wantedBy = [ "network-online.target" "ip-up.target" ];
};
systemd.services."systemd-network-wait-online@" = {
description = "Wait for Network Interface %I to be Configured";
conflicts = [ "shutdown.target" ];
requisite = [ "systemd-networkd.service" ];
after = [ "systemd-networkd.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I";
};
};
services.resolved.enable = mkDefault true;
services.timesyncd.enable = mkDefault config.services.ntp.enable;
})
(mkIf config.services.resolved.enable {
systemd.services.systemd-resolved = {
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ];
};
environment.etc."systemd/resolved.conf".text = ''
[Resolve]
DNS=${concatStringsSep " " config.networking.nameservers}
'';
})
(mkIf config.services.timesyncd.enable {
systemd.services.systemd-timesyncd = {
wantedBy = [ "sysinit.target" ];
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
};
environment.etc."systemd/timesyncd.conf".text = ''
[Time]
NTP=${concatStringsSep " " config.services.ntp.servers}
'';
systemd.services.ntpd.enable = false;
})
];
}

40
nixos/modules/system/boot/timesyncd.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
with lib;
{
options = {
services.timesyncd.enable = mkOption {
default = false;
type = types.bool;
description = ''
Enables the systemd NTP client daemon.
'';
};
};
config = mkIf config.services.timesyncd.enable {
systemd.additionalUpstreamSystemUnits = [ "systemd-timesyncd.service" ];
systemd.services.systemd-timesyncd = {
wantedBy = [ "sysinit.target" ];
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
};
environment.etc."systemd/timesyncd.conf".text = ''
[Time]
NTP=${concatStringsSep " " config.services.ntp.servers}
'';
systemd.services.ntpd.enable = false;
users.extraUsers.systemd-timesync.uid = config.ids.uids.systemd-timesync;
users.extraGroups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
};
}

4
nixos/modules/tasks/filesystems.nix
View file

@ -137,9 +137,7 @@ in
# Add the mount helpers to the system path so that `mount' can find them.
system.fsPackages = [ pkgs.dosfstools ];
environment.systemPackages =
[ pkgs.ntfs3g pkgs.fuse ]
++ config.system.fsPackages;
environment.systemPackages = [ pkgs.fuse ] ++ config.system.fsPackages;
environment.etc.fstab.text =
let

2
nixos/modules/tasks/filesystems/cifs.nix
View file

@ -11,7 +11,7 @@ in
{
config = {
system.fsPackages = [ pkgs.cifs_utils ];
system.fsPackages = mkIf (any (fs: fs == "cifs") config.boot.supportedFilesystems) [ pkgs.cifs_utils ];
boot.initrd.availableKernelModules = mkIf inInitrd
[ "cifs" "nls_utf8" "hmac" "md4" "ecb" "des_generic" "sha256" ];

11
nixos/modules/tasks/filesystems/ntfs.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = mkIf (any (fs: fs == "ntfs" || fs == "ntfs-3g") config.boot.supportedFilesystems) {
system.fsPackages = [ pkgs.ntfs3g ];
};
}

2
nixos/modules/tasks/network-interfaces-scripted.nix
View file

@ -107,7 +107,7 @@ in
ips = interfaceIps i;
in
nameValuePair "network-addresses-${i.name}"
{ description = "Addresss configuration of ${i.name}";
{ description = "Address configuration of ${i.name}";
wantedBy = [ "network-interfaces.target" ];
before = [ "network-interfaces.target" ];
bindsTo = [ (subsystemDevice i.name) ];

3
nixos/modules/virtualisation/container-config.nix
View file

@ -9,6 +9,7 @@ with lib;
# Disable some features that are not useful in a container.
sound.enable = mkDefault false;
services.udisks2.enable = mkDefault false;
powerManagement.enable = mkDefault false;
networking.useHostResolvConf = true;
@ -20,6 +21,8 @@ with lib;
systemd.services.systemd-remount-fs.enable = false;
systemd.services.systemd-random-seed.enable = false;
};
}

2
nixos/modules/virtualisation/docker-image.nix
View file

@ -2,7 +2,7 @@
{
imports = [
../profiles/container.nix
../profiles/docker-container.nix # FIXME, shouldn't include something from profiles/
];
boot.postBootCommands =

2
nixos/modules/virtualisation/lxc-container.nix
View file

@ -4,7 +4,7 @@ with lib;
{
imports = [
../profiles/container.nix
../profiles/docker-container.nix # FIXME, shouldn't include something from profiles/
];
# Allow the user to login as root without password.

125
nixos/tests/networking.nix
View file

@ -64,26 +64,26 @@ import ./make-test.nix ({ networkd, test, ... }:
$client->fail("systemctl status dhcpcd.service");
# Test vlan 1
$client->succeed("ping -c 1 192.168.1.1");
$client->succeed("ping -c 1 192.168.1.2");
$client->succeed("ping -c 1 192.168.1.3");
$client->succeed("ping -c 1 192.168.1.10");
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client->waitUntilSucceeds("ping -c 1 192.168.1.3");
$client->waitUntilSucceeds("ping -c 1 192.168.1.10");
$router->succeed("ping -c 1 192.168.1.1");
$router->succeed("ping -c 1 192.168.1.2");
$router->succeed("ping -c 1 192.168.1.3");
$router->succeed("ping -c 1 192.168.1.10");
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
$router->waitUntilSucceeds("ping -c 1 192.168.1.10");
# Test vlan 2
$client->succeed("ping -c 1 192.168.2.1");
$client->succeed("ping -c 1 192.168.2.2");
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
$client->waitUntilSucceeds("ping -c 1 192.168.2.2");
$router->succeed("ping -c 1 192.168.2.1");
$router->succeed("ping -c 1 192.168.2.2");
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
$router->waitUntilSucceeds("ping -c 1 192.168.2.2");
# Test default gateway
$router->succeed("ping -c 1 192.168.3.1");
$client->succeed("ping -c 1 192.168.3.1");
$router->waitUntilSucceeds("ping -c 1 192.168.3.1");
$client->waitUntilSucceeds("ping -c 1 192.168.3.1");
'';
};
dhcpSimple = {
@ -109,22 +109,22 @@ import ./make-test.nix ({ networkd, test, ... }:
$router->waitForUnit("network.target");
# Wait until we have an ip address on each interface
$client->succeed("while ! ip addr show dev eth1 | grep '192.168.1'; do true; done");
$client->succeed("while ! ip addr show dev eth2 | grep '192.168.2'; do true; done");
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
$client->waitUntilSucceeds("ip addr show dev eth2 | grep -q '192.168.2'");
# Test vlan 1
$client->succeed("ping -c 1 192.168.1.1");
$client->succeed("ping -c 1 192.168.1.2");
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->succeed("ping -c 1 192.168.1.1");
$router->succeed("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
# Test vlan 2
$client->succeed("ping -c 1 192.168.2.1");
$client->succeed("ping -c 1 192.168.2.2");
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
$client->waitUntilSucceeds("ping -c 1 192.168.2.2");
$router->succeed("ping -c 1 192.168.2.1");
$router->succeed("ping -c 1 192.168.2.2");
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
$router->waitUntilSucceeds("ping -c 1 192.168.2.2");
'';
};
dhcpOneIf = {
@ -147,26 +147,27 @@ import ./make-test.nix ({ networkd, test, ... }:
''
startAll;
# Wait for networking to come up
$client->waitForUnit("network-interfaces.target");
$client->waitForUnit("network.target");
$router->waitForUnit("network-interfaces.target");
$router->waitForUnit("network.target");
# Wait until we have an ip address on each interface
$client->succeed("while ! ip addr show dev eth1 | grep '192.168.1'; do true; done");
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
# Test vlan 1
$client->succeed("ping -c 1 192.168.1.1");
$client->succeed("ping -c 1 192.168.1.2");
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->succeed("ping -c 1 192.168.1.1");
$router->succeed("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
# Test vlan 2
$client->succeed("ping -c 1 192.168.2.1");
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
$client->fail("ping -c 1 192.168.2.2");
$router->succeed("ping -c 1 192.168.2.1");
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
$router->fail("ping -c 1 192.168.2.2");
'';
};
@ -195,17 +196,18 @@ import ./make-test.nix ({ networkd, test, ... }:
''
startAll;
# Wait for networking to come up
$client1->waitForUnit("network-interfaces.target");
$client1->waitForUnit("network.target");
$client2->waitForUnit("network-interfaces.target");
$client2->waitForUnit("network.target");
# Test bonding
$client1->succeed("ping -c 2 192.168.1.1");
$client1->succeed("ping -c 2 192.168.1.2");
$client1->waitUntilSucceeds("ping -c 2 192.168.1.1");
$client1->waitUntilSucceeds("ping -c 2 192.168.1.2");
$client2->succeed("ping -c 2 192.168.1.1");
$client2->succeed("ping -c 2 192.168.1.2");
$client2->waitUntilSucceeds("ping -c 2 192.168.1.1");
$client2->waitUntilSucceeds("ping -c 2 192.168.1.2");
'';
};
bridge = let
@ -240,6 +242,7 @@ import ./make-test.nix ({ networkd, test, ... }:
''
startAll;
# Wait for networking to come up
$client1->waitForUnit("network-interfaces.target");
$client1->waitForUnit("network.target");
$client2->waitForUnit("network-interfaces.target");
@ -248,17 +251,17 @@ import ./make-test.nix ({ networkd, test, ... }:
$router->waitForUnit("network.target");
# Test bridging
$client1->succeed("ping -c 1 192.168.1.1");
$client1->succeed("ping -c 1 192.168.1.2");
$client1->succeed("ping -c 1 192.168.1.3");
$client1->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client1->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client1->waitUntilSucceeds("ping -c 1 192.168.1.3");
$client2->succeed("ping -c 1 192.168.1.1");
$client2->succeed("ping -c 1 192.168.1.2");
$client2->succeed("ping -c 1 192.168.1.3");
$client2->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client2->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client2->waitUntilSucceeds("ping -c 1 192.168.1.3");
$router->succeed("ping -c 1 192.168.1.1");
$router->succeed("ping -c 1 192.168.1.2");
$router->succeed("ping -c 1 192.168.1.3");
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
'';
};
macvlan = {
@ -278,23 +281,28 @@ import ./make-test.nix ({ networkd, test, ... }:
''
startAll;
# Wait for networking to come up
$client->waitForUnit("network-interfaces.target");
$client->waitForUnit("network.target");
$router->waitForUnit("network-interfaces.target");
$router->waitForUnit("network.target");
# Wait until we have an ip address on each interface
$client->succeed("while ! ip addr show dev eth1 | grep '192.168.1'; do true; done");
$client->succeed("while ! ip addr show dev macvlan | grep '192.168.1'; do true; done");
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
$client->waitUntilSucceeds("ip addr show dev macvlan | grep -q '192.168.1'");
# Test macvlan
$client->succeed("ping -c 1 192.168.1.1");
$client->succeed("ping -c 1 192.168.1.2");
$client->succeed("ping -c 1 192.168.1.3");
# Print diagnosting information
$router->succeed("ip addr >&2");
$client->succeed("ip addr >&2");
$router->succeed("ping -c 1 192.168.1.1");
$router->succeed("ping -c 1 192.168.1.2");
$router->succeed("ping -c 1 192.168.1.3");
# Test macvlan creates routable ips
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
$client->waitUntilSucceeds("ping -c 1 192.168.1.3");
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
'';
};
sit = let
@ -323,20 +331,22 @@ import ./make-test.nix ({ networkd, test, ... }:
''
startAll;
# Wait for networking to be configured
$client1->waitForUnit("network-interfaces.target");
$client1->waitForUnit("network.target");
$client2->waitForUnit("network-interfaces.target");
$client2->waitForUnit("network.target");
# Print diagnostic information
$client1->succeed("ip addr >&2");
$client2->succeed("ip addr >&2");
# Test ipv6
$client1->succeed("ping6 -c 1 fc00::1");
$client1->succeed("ping6 -c 1 fc00::2");
$client1->waitUntilSucceeds("ping6 -c 1 fc00::1");
$client1->waitUntilSucceeds("ping6 -c 1 fc00::2");
$client2->succeed("ping6 -c 1 fc00::1");
$client2->succeed("ping6 -c 1 fc00::2");
$client2->waitUntilSucceeds("ping6 -c 1 fc00::1");
$client2->waitUntilSucceeds("ping6 -c 1 fc00::2");
'';
};
vlan = let
@ -364,6 +374,7 @@ import ./make-test.nix ({ networkd, test, ... }:
''
startAll;
# Wait for networking to be configured
$client1->waitForUnit("network-interfaces.target");
$client1->waitForUnit("network.target");
$client2->waitForUnit("network-interfaces.target");

4
pkgs/applications/audio/abcde/default.nix
View file

@ -2,13 +2,13 @@
, perl, DigestSHA, MusicBrainz, MusicBrainzDiscID
, makeWrapper }:
let version = "2.5.4";
let version = "2.6";
in
stdenv.mkDerivation {
name = "abcde-${version}";
src = fetchurl {
url = "mirror://debian/pool/main/a/abcde/abcde_${version}.orig.tar.gz";
sha256 = "14g5lsgh53hza9848351kwpygc0yqpvvzp3s923aja77f2wpkdl5";
sha256 = "0y2cg233n2hixs0ji76dggpzgf52v4c4mnpwiai889ql2piafgk8";
};
# FIXME: This package does not support MP3 encoding (only Ogg),

4
pkgs/applications/audio/calf/default.nix
View file

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
name = "calf-${version}";
version = "0.0.19";
version = "0.0.60";
src = fetchurl {
url = "mirror://sourceforge/calf/${name}.tar.gz";
sha256 = "1v1cjbxv5wg6rsa2nfz1f8r7cykcpx6jm5ccqmzx866dggiff1hi";
sha256 = "019fwg00jv217a5r767z7szh7vdrarybac0pr2sk26xp81kibrx9";
};
buildInputs = [

4
pkgs/applications/audio/chuck/default.nix
View file

@ -1,12 +1,12 @@
{ stdenv, fetchurl, alsaLib, bison, flex, libsndfile, which }:
stdenv.mkDerivation rec {
version = "1.3.4.0";
version = "1.3.5.0";
name = "chuck-${version}";
src = fetchurl {
url = "http://chuck.cs.princeton.edu/release/files/chuck-${version}.tgz";
sha256 = "0cwbk8b1i18nkh2nxwzk2prranw83lgglxw7ccnp6b0r2b2yfpmn";
sha256 = "0rj2l5k6ncm4jaiq0igwfc2bzryzchk1is1jhk1n7wifxcf3d3k5";
};
buildInputs = [ bison flex libsndfile which ]

4
pkgs/applications/audio/drumkv1/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "drumkv1-${version}";
version = "0.6.0";
version = "0.6.1";
src = fetchurl {
url = "mirror://sourceforge/drumkv1/${name}.tar.gz";
sha256 = "1y3imsh059y9sihr92f3drwmcby4x3krmhly111ahwkydb94kphw";
sha256 = "082ml6g63n6s3w704fjkma8085g2l10az3f6r78y9hpgpw3042jw";
};
buildInputs = [ jack2 libsndfile lv2 qt4 ];

2
pkgs/applications/audio/gnaural/default.nix
View file

@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib;
{ description = "Auditory binaural-beat generator";
homepage = http://gnaural.sourceforge.net/;
licenses = licenses.gpl2;
license = licenses.gpl2;
maintainers = [ maintainers.emery ];
platforms = platforms.linux;
};

20
pkgs/applications/audio/id3v2/default.nix
View file

@ -1,28 +1,28 @@
{stdenv, fetchurl, id3lib, groff, zlib}:
let version = "0.1.12"; in
stdenv.mkDerivation rec {
name = "id3v2-0.1.11";
name = "id3v2-${version}";
src = fetchurl {
url = "mirror://sourceforge/id3v2/${name}.tar.gz";
sha256 = "00r6f9yzmkrqa62dnkm8njg5cjzhmy0l17nj1ba15nrrm0mnand4";
sha256 = "1gr22w8gar7zh5pyyvdy7cy26i47l57jp1l1nd60xfwx339zl1c1";
};
patches = [ ./id3v2-0.1.11-track-bad-free.patch ];
nativeBuildInputs = [ groff ];
buildInputs = [ id3lib zlib ];
configurePhase = ''
export makeFlags=PREFIX=$out
'';
makeFlags = "PREFIX=$(out)";
buildFlags = "clean all";
preInstall = ''
mkdir -p $out/bin $out/man/man1
mkdir -p $out/{bin,share/man/man1}
'';
meta = {
meta = with stdenv.lib; {
inherit version;
description = "A command line editor for id3v2 tags";
homepage = http://id3v2.sourceforge.net/;
license = stdenv.lib.licenses.gpl2Plus;
license = licenses.gpl2Plus;
maintainers = with maintainers; [ nckx ];
};
}

14
pkgs/applications/audio/id3v2/id3v2-0.1.11-track-bad-free.patch
View file

@ -1,14 +0,0 @@
http://sourceforge.net/tracker/index.php?func=detail&aid=1252035&group_id=4193&atid=304193
diff -up id3v2-0.1.11/id3v2.cpp~ id3v2-0.1.11/id3v2.cpp
--- id3v2-0.1.11/id3v2.cpp~ 2004-05-04 21:30:15.000000000 +0300
+++ id3v2-0.1.11/id3v2.cpp 2008-01-03 21:22:02.000000000 +0200
@@ -423,7 +423,7 @@ int main( int argc, char *argv[])
{
// check if there is a total track number and if we only have
// the track number for this file. In this case combine them.
- char *currentTrackNum, *newTrackNum;
+ char *currentTrackNum, *newTrackNum = NULL;
if (pFrame != NULL)
{

53
pkgs/applications/audio/jaaa/default.nix Normal file
View file

@ -0,0 +1,53 @@
{ stdenv, fetchurl, alsaLib, libclthreads, libclxclient, libX11, libXft, libXrender, fftwFloat, freetype, fontconfig, jack2, xlibs, zita-alsa-pcmi }:
stdenv.mkDerivation rec {
name = "jaaa-${version}";
version = "0.8.4";
src = fetchurl {
url = "http://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2";
sha256 = "0jyll4rkb6vja2widc340ww078rr24c6nmxbxdqvbxw409nccd01";
};
buildInputs = [
alsaLib libclthreads libclxclient libX11 libXft libXrender fftwFloat jack2 zita-alsa-pcmi
];
NIX_CFLAGS_COMPILE = [
"-I${xlibs.xproto}/include"
"-I${libX11}/include"
"-I${libXft}/include"
"-I${freetype}/include"
"-I${fontconfig}/include"
"-I${libXrender}/include"
"-I${xlibs.renderproto}/include"
"-I${alsaLib}/include"
"-I${zita-alsa-pcmi}/include"
];
patchPhase = ''
cd source/
sed -i "s@clthreads.h@${libclthreads}/include@g" $(find . -name '*.cc')
sed -i "s@clxclient.h@${libclxclient}/include@g" $(find . -name '*.cc')
sed -i "s@clthreads.h@${libclthreads}/include@g" $(find . -name '*.h')
sed -i "s@clxclient.h@${libclxclient}/include@g" $(find . -name '*.h')
'';
buildlPhase = ''
make PREFIX="$out"
'';
installPhase = ''
echo zita= ${zita-alsa-pcmi}
make PREFIX="$out" install
install -Dm644 ../README "$out/README"
'';
meta = with stdenv.lib; {
homepage = http://kokkinizita.linuxaudio.org/linuxaudio/index.html;
description = "JACK and ALSA Audio Analyser";
license = licenses.gpl2;
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
};
}

4
pkgs/applications/audio/mikmod/default.nix
View file

@ -1,10 +1,10 @@
{ stdenv, fetchurl, libmikmod, ncurses }:
{ stdenv, fetchurl, libmikmod, ncurses, alsaLib }:
stdenv.mkDerivation rec {
name = "mikmod-3.2.6";
src = fetchurl {
url = "http://downloads.sourceforge.net/project/mikmod/mikmod/3.2.6/mikmod-3.2.6.tar.gz";
url = "mirror://sourceforge/mikmod/${name}.tar.gz";
sha256 = "0wr61raj10rpl64mk3x9g3rwys898fbzyg93c6mrz89nvc74wm04";
};

38
pkgs/applications/audio/pamixer/default.nix
View file

@ -1,20 +1,16 @@
{ stdenv, fetchgit, pulseaudio, boost }:
let
tag = "1.1";
in
{ stdenv, fetchurl, boost, pulseaudio }:
stdenv.mkDerivation rec {
name = "pamixer-${tag}";
name = "pamixer-${version}";
version = "1.2.1";
src = fetchgit {
url = git://github.com/cdemoulins/pamixer;
rev = "refs/tags/${tag}";
sha256 = "03r0sbfj85wp6yxa87pjg69ivmk0mxxa2nykr8gf2c607igmb034";
src = fetchurl {
url = "https://github.com/cdemoulins/pamixer/archive/${version}.tar.gz";
sha256 = "1ad6b46hh02hs1978pgihrm2bnq4z2v0imrfm3wy74xdkr6xjxy4";
};
buildInputs = [ pulseaudio boost ];
buildInputs = [ boost pulseaudio ];
installPhase = ''
mkdir -p $out/bin
@ -22,17 +18,19 @@ stdenv.mkDerivation rec {
'';
meta = with stdenv.lib; {
description = "Like amixer but for pulseaudio";
longDescription = "Features:
- Get the current volume of the default sink, the default source or a selected one by his id
- Set the volume for the default sink, the default source or any other device
- List the sinks
- List the sources
- Increase / Decrease the volume for a device
- Mute or unmute a device";
description = "Pulseaudio command line mixer";
longDescription = ''
Features:
- Get the current volume of the default sink, the default source or a selected one by his id
- Set the volume for the default sink, the default source or any other device
- List the sinks
- List the sources
- Increase / Decrease the volume for a device
- Mute or unmute a device
'';
homepage = https://github.com/cdemoulins/pamixer;
license = licenses.gpl3;
maintainers = with maintainers; [ _1126 ];
platforms = platforms.linux;
maintainers = [ maintainers._1126 ];
};
}

40
pkgs/applications/audio/pithos/default.nix Normal file
View file

@ -0,0 +1,40 @@
# Based on Richard Wallace's post here: http://comments.gmane.org/gmane.linux.distributions.nixos/14734
{ fetchurl, stdenv, pythonPackages, gtk3, libnotify, gst_all_1 }:
pythonPackages.buildPythonPackage rec {
name = "pithos-${version}";
version = "1.0.1";
src = fetchurl {
url = "https://github.com/pithos/pithos/archive/${version}.tar.gz";
sha256 = "67b83927d5111067aefbf034d23880f96b1a2d300464e8491efa80e97e67f50f";
};
postPatch = ''
substituteInPlace setup.py --replace "/usr/share" "$out/share"
'';
buildInputs = with gst_all_1; [ gstreamer gst-plugins-base gst-plugins-good gst-plugins-ugly gst-plugins-bad libnotify ];
pythonPath = with pythonPackages; [ pygobject3 dbus pylast ];
propogatedBuildInputs = pythonPath;
postInstall = ''
wrapProgram "$out/bin/pithos" --prefix GST_PLUGIN_SYSTEM_PATH_1_0 ":" "$GST_PLUGIN_SYSTEM_PATH_1_0"
'';
meta = with stdenv.lib; {
description = "Pandora player";
longDescription = ''
Pandora Internet Radio player for GNOME
'';
homepage = http://pithos.github.io/ ;
license = licenses.gpl3;
maintainers = with maintainers; [ obadz ];
};
}

4
pkgs/applications/audio/qmmp/default.nix
View file

@ -28,11 +28,11 @@
# handle that.
stdenv.mkDerivation rec {
name = "qmmp-0.8.2";
name = "qmmp-0.8.4";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "1vwjy3bv1gj6k5kqkhw2q7aspashw6x4lxccl28iydjfzk7d7cd4";
sha256 = "1ld69xypyak3lzwmfvzbxsyd4fl841aaq0gmkfa7jpavbdlggydf";
};
buildInputs =

4
pkgs/applications/audio/qsynth/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "qsynth-${version}";
version = "0.3.8";
version = "0.3.9";
src = fetchurl {
url = "mirror://sourceforge/qsynth/${name}.tar.gz";
sha256 = "0wmq61cq93x2l00xwr871373mj3dwamz1dg6v62x7s8m1612ndrw";
sha256 = "08kyn6cl755l9i1grzjx8yi3f8mgiz4gx0hgqad1n0d8yz85087b";
};
buildInputs = [ alsaLib fluidsynth jack2 qt4 ];

10
pkgs/applications/audio/qtractor/default.nix
View file

@ -1,20 +1,22 @@
{ alsaLib, autoconf, automake, dssi, fetchurl, gtk, jack2
, ladspaH, ladspaPlugins, liblo, libmad, libsamplerate, libsndfile
, libtool, libvorbis, pkgconfig, qt4, rubberband, stdenv }:
, libtool, libvorbis, lilv, lv2, pkgconfig, qt4, rubberband, serd
, sord, sratom, stdenv, suil }:
stdenv.mkDerivation rec {
version = "0.6.5";
version = "0.6.6";
name = "qtractor-${version}";
src = fetchurl {
url = "mirror://sourceforge/qtractor/${name}.tar.gz";
sha256 = "0znhm0p9azknmhga6m0qp01qaiahlnfzxya1jf9r05jn9hx5lzf0";
sha256 = "1n70hs4bx4hq3cp2p35jq5vlcans4fk2c35w72244vlqlajx05c0";
};
buildInputs =
[ alsaLib autoconf automake dssi gtk jack2 ladspaH
ladspaPlugins liblo libmad libsamplerate libsndfile libtool
libvorbis pkgconfig qt4 rubberband
libvorbis lilv lv2 pkgconfig qt4 rubberband serd sord sratom
suil
];
meta = with stdenv.lib; {

4
pkgs/applications/audio/samplv1/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "samplv1-${version}";
version = "0.6.0";
version = "0.6.1";
src = fetchurl {
url = "mirror://sourceforge/samplv1/${name}.tar.gz";
sha256 = "0fbkdb2dqw7v6n8j1h6pjz2019ylli9rmz8awywv2ycm8blr5pf0";
sha256 = "18jh953a0480fnsflbm4j04xz02h7fqwk77v8hnv54vwwp5a1h08";
};
buildInputs = [ jack2 libsndfile lv2 qt4 ];

4
pkgs/applications/audio/synthv1/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "synthv1-${version}";
version = "0.6.0";
version = "0.6.1";
src = fetchurl {
url = "mirror://sourceforge/synthv1/${name}.tar.gz";
sha256 = "07570mi7rjwkkvfzdw1jcbhpkpxpjp69xj7wfzng92rk2gz7yi8m";
sha256 = "0v9zpa49cdj8ixpppgxz95dbn62v8mamxz6fpl7sdnzfn2l8jr4g";
};
buildInputs = [ qt4 jack2 lv2 ];

4
pkgs/applications/audio/tomahawk/default.nix
View file

@ -15,11 +15,11 @@ let
quazipQt4 = quazip.override { qt = qt4; };
in stdenv.mkDerivation rec {
name = "tomahawk-${version}";
version = "0.8.2";
version = "0.8.3";
src = fetchurl {
url = "http://download.tomahawk-player.org/${name}.tar.bz2";
sha256 = "1bmkkpqhflpm42sn6zf7hxv3936h3p0kdiqzmj88jm7qfgw2wbaj";
sha256 = "0kjzkq21g3jl1lvadsm7gf0zvpbsv208kqf76wg2hnbm4k1a02wj";
};
cmakeFlags = [

4
pkgs/applications/audio/yoshimi/default.nix
View file

@ -6,11 +6,11 @@ assert stdenv ? glibc;
stdenv.mkDerivation rec {
name = "yoshimi-${version}";
version = "1.3.3";
version = "1.3.4";
src = fetchurl {
url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
sha256 = "0f37xjkay3800fbx0iwjca005b1hrjbhszrzn0xg662vf8mj44nv";
sha256 = "0vfk90jwn3r21703yizrfc4bmiz70fh8kd8w892s14d3k0kvhcwv";
};
buildInputs = [

16
pkgs/applications/editors/eclipse/default.nix
View file

@ -98,6 +98,22 @@ in {
};
};
eclipse_scala_sdk_40 = buildEclipse {
name = "eclipse-scala_sdk-4.0.0";
description = "Eclipse IDE for Scala Developers";
src =
if stdenv.system == "x86_64-linux" then
fetchurl { # tested
url = http://downloads.typesafe.com/scalaide-pack/4.0.0.vfinal-luna-211-20150305/scala-SDK-4.0.0-vfinal-2.11-linux.gtk.x86_64.tar.gz;
sha256 = "b65c5e8160e72c8389537e9e427138e6daa2065f9df3a943a86e40dd1543dd83";
}
else
fetchurl { # untested
url = http://downloads.typesafe.com/scalaide-pack/4.0.0.vfinal-luna-211-20150305/scala-SDK-4.0.0-vfinal-2.11-linux.gtk.x86.tar.gz;
sha256 = "f422aea5903c97d212264a5a43c6ebc638aecbd4ce5e6078d92618725bc5d31e";
};
};
eclipse_cpp_36 = buildEclipse {
name = "eclipse-cpp-3.6.2";
description = "Eclipse IDE for C/C++ Developers";

50
pkgs/applications/editors/emacs-24/darwin-new-sections.patch
View file

@ -1,50 +0,0 @@
http://bazaar.launchpad.net/~naesten/emacs/nextstep-stuff/revision/108961
diff -ru emacs-24.3-orig/src/unexmacosx.c emacs-24.3/src/unexmacosx.c
--- emacs-24.3-orig/src/unexmacosx.c 2013-01-01 21:37:17.000000000 +0100
+++ emacs-24.3/src/unexmacosx.c 2014-08-09 18:39:52.000000000 +0200
@@ -838,7 +838,7 @@
if (!(sectp->addr <= (unsigned long)my_edata
&& my_size <= sectp->size))
unexec_error ("my_edata is not in section %s", SECT_DATA);
- if (!unexec_write (sectp->offset, (void *) sectp->addr, my_size))
+ if (!unexec_write (sectp->offset, (void *) sectp->addr, sectp->size))
unexec_error ("cannot write section %s", SECT_DATA);
if (!unexec_copy (sectp->offset + my_size, old_file_offset + my_size,
sectp->size - my_size))
@@ -880,6 +880,27 @@
if (!unexec_write (header_offset, sectp, sizeof (struct section)))
unexec_error ("cannot write section %.16s's header", sectp->sectname);
}
+ else if (strncmp (sectp->sectname, "__bss", 5) == 0
+ || strncmp (sectp->sectname, "__pu_bss", 8) == 0)
+ {
+ sectp->flags = S_REGULAR;
+
+ /* These sections are produced by GCC 4.6+.
+
+ FIXME: We possibly ought to clear uninitialized local
+ variables in statically linked libraries like for
+ SECT_BSS (__bss) above, but setting up the markers we
+ need in lastfile.c would be rather messy. See
+ darwin_output_aligned_bss () in gcc/config/darwin.c for
+ the root of the problem, keeping in mind that the
+ sections are numbered by their alignment in GCC 4.6, but
+ by log2(alignment) in GCC 4.7. */
+
+ if (!unexec_write (sectp->offset, (void *) sectp->addr, sectp->size))
+ unexec_error ("cannot copy section %.16s", sectp->sectname);
+ if (!unexec_write (header_offset, sectp, sizeof (struct section)))
+ unexec_error ("cannot write section %.16s's header", sectp->sectname);
+ }
else if (strncmp (sectp->sectname, "__la_symbol_ptr", 16) == 0
|| strncmp (sectp->sectname, "__nl_symbol_ptr", 16) == 0
|| strncmp (sectp->sectname, "__got", 16) == 0
@@ -891,6 +912,7 @@
|| strncmp (sectp->sectname, "__program_vars", 16) == 0
|| strncmp (sectp->sectname, "__mod_init_func", 16) == 0
|| strncmp (sectp->sectname, "__mod_term_func", 16) == 0
+ || strncmp (sectp->sectname, "__static_data", 16) == 0
|| strncmp (sectp->sectname, "__objc_", 7) == 0)
{
if (!unexec_copy (sectp->offset, old_file_offset, sectp->size))

35
pkgs/applications/editors/emacs-24/default.nix
View file

@ -2,24 +2,36 @@
, pkgconfig, gtk, libXft, dbus, libpng, libjpeg, libungif
, libtiff, librsvg, texinfo, gconf, libxml2, imagemagick, gnutls
, alsaLib, cairo
, withX ? !stdenv.isDarwin, withGTK ? true
, withX ? !stdenv.isDarwin
, withGTK3 ? false, gtk3 ? null
, withGTK2 ? true, gtk2
}:
assert (libXft != null) -> libpng != null; # probably a bug
assert stdenv.isDarwin -> libXaw != null; # fails to link otherwise
assert withGTK2 -> withX || stdenv.isDarwin;
assert withGTK3 -> withX || stdenv.isDarwin;
assert withGTK2 -> !withGTK3 && gtk2 != null;
assert withGTK3 -> !withGTK2 && gtk3 != null;
let
toolkit =
if withGTK3 then "gtk3"
else if withGTK2 then "gtk2"
else "lucid";
in
stdenv.mkDerivation rec {
name = "emacs-24.4";
name = "emacs-24.5";
builder = ./builder.sh;
src = fetchurl {
url = "mirror://gnu/emacs/${name}.tar.xz";
sha256 = "1zflm6ac34s6v166p58ilxrxbxjm0q2wfc25f8y0mjml1lbr3qs7";
sha256 = "0kn3rzm91qiswi0cql89kbv6mqn27rwsyjfb8xmwy9m5s8fxfiyx";
};
patches = stdenv.lib.optionals stdenv.isDarwin [
./darwin-new-sections.patch
./at-fdcwd.patch
];
@ -28,17 +40,16 @@ stdenv.mkDerivation rec {
++ stdenv.lib.optional stdenv.isLinux dbus
++ stdenv.lib.optionals withX
[ x11 libXaw Xaw3d libXpm libpng libjpeg libungif libtiff librsvg libXft
imagemagick gtk gconf ]
imagemagick gconf ]
++ stdenv.lib.optional (withX && withGTK2) [ gtk2 ]
++ stdenv.lib.optional (withX && withGTK3) [ gtk3 ]
++ stdenv.lib.optional (stdenv.isDarwin && withX) cairo;
configureFlags =
( if withX && withGTK then
[ "--with-x-toolkit=gtk" "--with-xft"]
else (if withX then
[ "--with-x-toolkit=lucid" "--with-xft" ]
else
[ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
"--with-gif=no" "--with-tiff=no" ] ) );
if withX
then [ "--with-x-toolkit=${toolkit}" "--with-xft" ]
else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
"--with-gif=no" "--with-tiff=no" ];
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.isDarwin && withX)
"-I${cairo}/include/cairo";

2
pkgs/applications/editors/emacs-24/macport-24.3.nix
View file

@ -17,8 +17,6 @@ stdenv.mkDerivation rec {
sha256 = "194y341zrpjp75mc3099kjc0inr1d379wwsnav257bwsc967h8yx";
};
patches = [ ./darwin-new-sections.patch ];
buildInputs = [ ncurses pkgconfig texinfo libxml2 gnutls ];
postUnpack = ''

2
pkgs/applications/editors/emacs-24/macport-24.4.nix
View file

@ -17,8 +17,6 @@ stdenv.mkDerivation rec {
sha256 = "0qzzqnql0z0a2p3ciccy8gq79v0s7s717lchcprn3wlaqcrk2g1p";
};
patches = [ ./darwin-new-sections.patch ];
buildInputs = [ ncurses pkgconfig texinfo libxml2 gnutls ];
postUnpack = ''

101
pkgs/applications/editors/emacs-24/macport-24.5.nix Normal file
View file

@ -0,0 +1,101 @@
{ stdenv, fetchurl, ncurses, pkgconfig, texinfo, libxml2, gnutls
}:
stdenv.mkDerivation rec {
emacsName = "emacs-24.5";
name = "${emacsName}-mac-5.7";
#builder = ./builder.sh;
src = fetchurl {
url = "mirror://gnu/emacs/${emacsName}.tar.xz";
sha256 = "0kn3rzm91qiswi0cql89kbv6mqn27rwsyjfb8xmwy9m5s8fxfiyx";
};
macportSrc = fetchurl {
url = "ftp://ftp.math.s.chiba-u.ac.jp/emacs/${name}.tar.gz";
sha256 = "1a86l3556h24x9ml6r8n6xbrxymb9gr38sicny3f0m281myhlsvv";
};
buildInputs = [ ncurses pkgconfig texinfo libxml2 gnutls ];
postUnpack = ''
mv $emacsName $name
tar xzf $macportSrc
mv $name $emacsName
'';
preConfigure = ''
substituteInPlace Makefile.in --replace "/bin/pwd" "pwd"
substituteInPlace lib-src/Makefile.in --replace "/bin/pwd" "pwd"
patch -p1 < patch-mac
# The search for 'tputs' will fail because it's in ncursesw within the
# ncurses package, yet Emacs' configure script only looks in ncurses.
# Further, we need to make sure that the -L option occurs before mention
# of the library, so that it finds it within the Nix store.
sed -i 's/tinfo ncurses/tinfo ncursesw/' configure
ncurseslib=$(echo ${ncurses}/lib | sed 's#/#\\/#g')
sed -i "s/OLIBS=\$LIBS/OLIBS=\"-L$ncurseslib \$LIBS\"/" configure
sed -i 's/LIBS="\$LIBS_TERMCAP \$LIBS"/LIBS="\$LIBS \$LIBS_TERMCAP"/' configure
configureFlagsArray=(
LDFLAGS=-L${ncurses}/lib
--with-xml2=yes
--with-gnutls=yes
--with-mac
--enable-mac-app=$out/Applications
)
makeFlagsArray=(
CFLAGS=-O3
LDFLAGS="-O3 -L${ncurses}/lib"
);
'';
postInstall = ''
cat >$out/share/emacs/site-lisp/site-start.el <<EOF
;; nixos specific load-path
(when (getenv "NIX_PROFILES") (setq load-path
(append (reverse (mapcar (lambda (x) (concat x "/share/emacs/site-lisp/"))
(split-string (getenv "NIX_PROFILES"))))
load-path)))
;; make tramp work for NixOS machines
(eval-after-load 'tramp '(add-to-list 'tramp-remote-path "/run/current-system/sw/bin"))
EOF
'';
doCheck = true;
meta = with stdenv.lib; {
description = "GNU Emacs 24, the extensible, customizable text editor";
homepage = http://www.gnu.org/software/emacs/;
license = licenses.gpl3Plus;
maintainers = with maintainers; [ jwiegley ];
platforms = platforms.darwin;
longDescription = ''
GNU Emacs is an extensible, customizable text editorand more. At its
core is an interpreter for Emacs Lisp, a dialect of the Lisp
programming language with extensions to support text editing.
The features of GNU Emacs include: content-sensitive editing modes,
including syntax coloring, for a wide variety of file types including
plain text, source code, and HTML; complete built-in documentation,
including a tutorial for new users; full Unicode support for nearly all
human languages and their scripts; highly customizable, using Emacs
Lisp code or a graphical interface; a large number of extensions that
add other functionality, including a project planner, mail and news
reader, debugger interface, calendar, and more. Many of these
extensions are distributed with GNU Emacs; others are available
separately.
This is "Mac port" addition to GNU Emacs 24. This provides a native
GUI support for Mac OS X 10.4 - 10.9. Note that Emacs 23 and later
already contain the official GUI support via the NS (Cocoa) port for
Mac OS X 10.4 and later. So if it is good enough for you, then you
don't need to try this.
'';
};
}

5
pkgs/applications/editors/emacs-modes/cask/default.nix
View file

@ -22,6 +22,11 @@ stdenv.mkDerivation rec {
install -d "$out/bin"
install bin/cask "$out/bin"
# We also need to install cask's templates in order for 'cask
# init' to work properly.
install -d "$out/templates"
install templates/* "$out/templates"
# In order to work with cask's hard coded file paths (during bootstrap),
# we have to create these links.
ln -s "$out/share/emacs/site-lisp/"* "$out"

46
pkgs/applications/editors/idea/default.nix
View file

@ -63,9 +63,11 @@ let
item=${desktopItem}
makeWrapper "$out/$name/bin/${loName}.sh" "$out/bin/${execName}" \
--prefix PATH : "$out/libexec/${name},${jdk}/bin:${coreutils}/bin:${gnugrep}/bin:${which}/bin:${git}/bin" \
--prefix JDK_HOME : "$jdk" \
--prefix ${hiName}_JDK : "$jdk"
--prefix PATH : "$out/libexec/${name}:${jdk}/bin:${coreutils}/bin:${gnugrep}/bin:${which}/bin:${git}/bin" \
--set JDK_HOME "$jdk" \
--set ${hiName}_JDK "$jdk" \
--set ANDROID_JAVA_HOME "$jdk" \
--set JAVA_HOME "$jdk"
ln -s "$item/share/applications" $out/share
'';
@ -210,50 +212,50 @@ in
android-studio = buildAndroidStudio rec {
name = "android-studio-${version}";
version = "1.1.0";
build = "135.1740770";
version = "1.2.0.8";
build = "141.1845774";
description = "Android development environment based on IntelliJ IDEA";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://dl.google.com/dl/android/studio/ide-zips/${version}" +
"/android-studio-ide-${build}-linux.zip";
sha256 = "1r2hrld3yfaxq3mw2xmzhvrrhc7w5xlv3d18rv758hy9n40c2nr1";
sha256 = "1l201qv1aya1l9jrybgqclv2v2fgzdpcb6qsnxszcq3npplisw9h";
};
};
clion = buildClion rec {
name = "clion-${build}";
version = "eap";
build = "141.102.4";
name = "clion-${version}";
version = "1.0";
build = "141.353";
description = "C/C++ IDE. New. Intelligent. Cross-platform.";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/${name}.tar.gz";
sha256 = "0qjm8wxqn171wfd7yqf5ys1g4mwl0iyhlbry29jkgkikxp7h9dym";
sha256 = "0xjdx13ljp1vy51a7rsj25wg3bsvry4kxq5cdng8zrc1g2y1fqw5";
};
};
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "14.1";
build = "IC-141.177.4";
version = "14.1.2";
build = "IC-141.713.2";
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "05irkxhmx6pisvghjalw8hcf9v3n4wn0n0zc92ahivzxlicylpr6";
sha256 = "1skxbax7gsxxf7519qasxwp9q0v9ff755ibqr1w47dv2al47kjzq";
};
};
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "14.1";
build = "IU-141.177.4";
version = "14.1.2";
build = "IU-141.713.2";
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}.tar.gz";
sha256 = "10zv3m44ci7gl7163yp4wxnjy7c0g5zl34c2ibnx4c6ds6l4di2p";
sha256 = "1ddy0f83rs3yx3w8v49cmlhkc8qxapdh702g26gzlapbpvfw58ay";
};
};
@ -271,25 +273,25 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "4.0.5";
build = "139.1547";
version = "4.0.6";
build = "139.1659";
description = "PyCharm 4.0 Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "16na04sp9q7z10kjx8wpf9k9bv9vgv7rmd9jnrn72nhwd7bp0n1i";
sha256 = "16lf2slssfgbds6zyp2rs0ssrg8aw5d2w7b755iqimiyfhyyv83s";
};
};
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "4.0.5";
build = "139.1547";
version = "4.0.6";
build = "139.1659";
description = "PyCharm 4.0 Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "17cxznv7q47isym6l7kbp3jdzdgj02jayygy42x4bwjmg579v1gg";
sha256 = "0wavw41nzqnx75y3k3l5kq09i5d9j8hb4r6a0y3nxzqvmdfza55r";
};
};

4
pkgs/applications/editors/nano/default.nix
View file

@ -11,10 +11,10 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "nano-${version}";
version = "2.4.0";
version = "2.4.1";
src = fetchurl {
url = "mirror://gnu/nano/${name}.tar.gz";
sha256 = "1gbm9bcv4k55y01r5q8a8a9s3yrrgq3z5jxxiij3wl404r8gnxjh";
sha256 = "1li99ycnva40hiavm9lf34gjny74mj469x6ismrfm6wv3dgfn33a";
};
buildInputs = [ ncurses ] ++ optional enableNls gettext;
configureFlags = ''

36
pkgs/applications/editors/yi/wrapper.nix Normal file
View file

@ -0,0 +1,36 @@
# Note: this relies on dyre patched for NIX_GHC which is done in
# haskell-ng only.
#
# To use this for hacking of your Yi config file, drop into a shell
# with env attribute.
{ stdenv, makeWrapper
, haskellPackages
, extraPackages ? (s: [])
}:
let
yiEnv = haskellPackages.ghcWithPackages
(self: [ self.yi ] ++ extraPackages self);
in
stdenv.mkDerivation {
name = "yi-custom";
version = "0.0.0.1";
unpackPhase = "true";
nativeBuildInputs = [ makeWrapper ];
buildCommand = ''
mkdir -p $out/bin
makeWrapper ${haskellPackages.yi}/bin/yi $out/bin/yi \
--set NIX_GHC ${yiEnv}/bin/ghc
'';
# For hacking purposes
env = yiEnv;
meta = with stdenv.lib; {
description = "Allows Yi to find libraries and the compiler easily.";
# This wrapper and wrapper only is under PD
license = licenses.publicDomain;
maintainers = with maintainers; [ fuuzetsu ];
};
}

24
pkgs/applications/editors/yi/yi-custom-cabal/LICENSE
View file

@ -1,24 +0,0 @@
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to <http://unlicense.org>

17
pkgs/applications/editors/yi/yi-custom-cabal/yi-custom.cabal
View file

@ -1,17 +0,0 @@
name: yi-custom
version: 0.0.0.1
category: Yi
synopsis: Convenience wrapper for nix
description: Convenience wrapper for nix
license: PublicDomain
license-file: LICENSE
author: Mateusz Kowalczyk
maintainer: fuuzetsu@fuuzetsu.co.uk
Cabal-Version: >= 1.10
build-type: Simple
library
hs-source-dirs: .
default-language: Haskell2010
build-depends: base, yi
ghc-options: -threaded

40
pkgs/applications/editors/yi/yi-custom.nix
View file

@ -1,40 +0,0 @@
# This is a manually-written expression over an in-tree cabal file.
# It's awkward but this way allows the package user to pass in
# extraPackages without much extra hassle on their end, similarly how
# the XMonad service handles it: the difference is that we don't have
# anything like XMONAD_GHC…
#
# The idea is that the user changes their configs using any libraries
# he likes and then builds it using this expression. Once that's done,
# reload and similar functions should all work as long as the user
# doesn't need new libraries at which point they should add them to
# extraPackages and rebuild from the expression.
{ cabal, yi, extraPackages, makeWrapper, ghcWithPackages }:
let
w = ghcWithPackages (self: [ yi ] ++ extraPackages self);
wrappedGhc = w.override { ignoreCollisions = true; };
in
cabal.mkDerivation (self: rec {
pname = "yi-custom";
version = "0.0.0.1";
src = ./yi-custom-cabal;
isLibrary = true;
buildDepends = [ yi ];
buildTools = [ makeWrapper ];
noHaddock = true;
doCheck = false;
postInstall = ''
makeWrapper ${yi}/bin/yi $out/bin/yi \
--set NIX_GHC ${wrappedGhc}/bin/ghc \
--set NIX_GHC_LIBDIR ${wrappedGhc}/lib/ghc-${self.ghc.version}
'';
meta = {
homepage = "http://haskell.org/haskellwiki/Yi";
description = "Wrapper over user-specified Haskell libraries for use in Yi config";
license = self.stdenv.lib.licenses.publicDomain;
platforms = self.ghc.meta.platforms;
maintainers = with self.stdenv.lib.maintainers; [ fuuzetsu ];
};
})

4
pkgs/applications/gis/qgis/default.nix
View file

@ -2,7 +2,7 @@
pyqt4, qwt, fcgi, pythonPackages, libspatialindex, libspatialite, qscintilla, postgresql, makeWrapper }:
stdenv.mkDerivation rec {
name = "qgis-2.6.1";
name = "qgis-2.8.1";
buildInputs = [ gdal qt4 flex bison proj geos x11 sqlite gsl pyqt4 qwt qscintilla
fcgi libspatialindex libspatialite postgresql ] ++
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "http://qgis.org/downloads/${name}.tar.bz2";
sha256 = "1avw9mnhrcxsdalqr2yhyif1cacl4dsgcpfc31axkv7vj401djnl";
sha256 = "19acb74e4e2739238b87bf64f2750e10e366e9d61d070a4b8ca341ce01ca9741";
};
postInstall = ''

Some files were not shown because too many files have changed in this diff Show more