diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0f8a7ba7904..911f0434e1b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -349,6 +349,7 @@ ./services/editors/emacs.nix ./services/editors/infinoted.nix ./services/games/factorio.nix + ./services/games/freeciv.nix ./services/games/minecraft-server.nix ./services/games/minetest-server.nix ./services/games/openarena.nix diff --git a/nixos/modules/services/games/freeciv.nix b/nixos/modules/services/games/freeciv.nix new file mode 100644 index 00000000000..4923891a617 --- /dev/null +++ b/nixos/modules/services/games/freeciv.nix @@ -0,0 +1,187 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.freeciv; + inherit (config.users) groups; + rootDir = "/run/freeciv"; + argsFormat = { + type = with lib.types; let + valueType = nullOr (oneOf [ + bool int float str + (listOf valueType) + ]) // { + description = "freeciv-server params"; + }; + in valueType; + generate = name: value: + let mkParam = k: v: + if v == null then [] + else if isBool v then if v then [("--"+k)] else [] + else [("--"+k) v]; + mkParams = k: v: map (mkParam k) (if isList v then v else [v]); + in escapeShellArgs (concatLists (concatLists (mapAttrsToList mkParams value))); + }; +in +{ + options = { + services.freeciv = { + enable = mkEnableOption ''freeciv''; + settings = mkOption { + description = '' + Parameters of freeciv-server. + ''; + default = {}; + type = types.submodule { + freeformType = argsFormat.type; + options.Announce = mkOption { + type = types.enum ["IPv4" "IPv6" "none"]; + default = "none"; + description = "Announce game in LAN using given protocol."; + }; + options.auth = mkEnableOption "server authentication"; + options.Database = mkOption { + type = types.nullOr types.str; + apply = pkgs.writeText "auth.conf"; + default = '' + [fcdb] + backend="sqlite" + database="/var/lib/freeciv/auth.sqlite" + ''; + description = "Enable database connection with given configuration."; + }; + options.debug = mkOption { + type = types.ints.between 0 3; + default = 0; + description = "Set debug log level."; + }; + options.exit-on-end = mkEnableOption "exit instead of restarting when a game ends."; + options.Guests = mkEnableOption "guests to login if auth is enabled"; + options.Newusers = mkEnableOption "new users to login if auth is enabled"; + options.port = mkOption { + type = types.port; + default = 5556; + description = "Listen for clients on given port"; + }; + options.quitidle = mkOption { + type = types.nullOr types.int; + default = null; + description = "Quit if no players for given time in seconds."; + }; + options.read = mkOption { + type = types.lines; + apply = v: pkgs.writeTextDir "read.serv" v + "/read"; + default = '' + /fcdb lua sqlite_createdb() + ''; + description = "Startup script."; + }; + options.saves = mkOption { + type = types.nullOr types.str; + default = "/var/lib/freeciv/saves/"; + description = '' + Save games to given directory, + a sub-directory named after the starting date of the service + will me inserted to preserve older saves. + ''; + }; + }; + }; + openFirewall = mkEnableOption "opening the firewall for the port listening for clients"; + }; + }; + config = mkIf cfg.enable { + users.groups.freeciv = {}; + # Use with: + # journalctl -u freeciv.service -f -o cat & + # cat >/run/freeciv.stdin + # load saves/2020-11-14_05-22-27/freeciv-T0005-Y-3750-interrupted.sav.bz2 + systemd.sockets.freeciv = { + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenFIFO = "/run/freeciv.stdin"; + SocketGroup = groups.freeciv.name; + SocketMode = "660"; + RemoveOnStop = true; + }; + }; + systemd.services.freeciv = { + description = "Freeciv Service"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment.HOME = "/var/lib/freeciv"; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "5s"; + StandardInput = "fd:freeciv.socket"; + StandardOutput = "journal"; + StandardError = "journal"; + ExecStart = pkgs.writeShellScript "freeciv-server" ('' + set -eux + savedir=$(date +%Y-%m-%d_%H-%M-%S) + '' + "${pkgs.freeciv}/bin/freeciv-server" + + " " + optionalString (cfg.settings.saves != null) + (concatStringsSep " " [ "--saves" "${escapeShellArg cfg.settings.saves}/$savedir" ]) + + " " + argsFormat.generate "freeciv-server" (cfg.settings // { saves = null; })); + DynamicUser = true; + # Create rootDir in the host's mount namespace. + RuntimeDirectory = [(baseNameOf rootDir)]; + RuntimeDirectoryMode = "755"; + StateDirectory = [ "freeciv" ]; + WorkingDirectory = "/var/lib/freeciv"; + # Avoid mounting rootDir in the own rootDir of ExecStart='s mount namespace. + InaccessiblePaths = ["-+${rootDir}"]; + # This is for BindPaths= and BindReadOnlyPaths= + # to allow traversal of directories they create in RootDirectory=. + UMask = "0066"; + RootDirectory = rootDir; + RootDirectoryStartOnly = true; + MountAPIVFS = true; + BindReadOnlyPaths = [ + builtins.storeDir + "/etc" + "/run" + ]; + # The following options are only for optimizing: + # systemd-analyze security freeciv + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + # ProtectClock= adds DeviceAllow=char-rtc r + DeviceAllow = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateNetwork = mkDefault false; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallFilter = [ + "@system-service" + # Groups in @system-service which do not contain a syscall listed by: + # perf stat -x, 2>perf.log -e 'syscalls:sys_enter_*' freeciv-server + # in tests, and seem likely not necessary for freeciv-server. + "~@aio" "~@chown" "~@ipc" "~@keyring" "~@memlock" + "~@resources" "~@setuid" "~@sync" "~@timer" + ]; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + }; + }; + networking.firewall = mkIf cfg.openFirewall + { allowedTCPPorts = [ cfg.settings.port ]; }; + }; + meta.maintainers = with lib.maintainers; [ julm ]; +} diff --git a/nixos/modules/services/misc/cgminer.nix b/nixos/modules/services/misc/cgminer.nix index b80a4746fd1..662570f9451 100644 --- a/nixos/modules/services/misc/cgminer.nix +++ b/nixos/modules/services/misc/cgminer.nix @@ -41,12 +41,14 @@ in }; user = mkOption { + type = types.str; default = "cgminer"; description = "User account under which cgminer runs"; }; pools = mkOption { default = []; # Run benchmark + type = types.listOf (types.attrsOf types.str); description = "List of pools where to mine"; example = [{ url = "http://p2pool.org:9332"; @@ -57,6 +59,7 @@ in hardware = mkOption { default = []; # Run without options + type = types.listOf (types.attrsOf (types.either types.str types.int)); description= "List of config options for every GPU"; example = [ { @@ -83,6 +86,7 @@ in config = mkOption { default = {}; + type = (types.either types.bool types.int); description = "Additional config"; example = { auto-fan = true; diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix index e960a245528..48a3ebb32df 100644 --- a/pkgs/build-support/bintools-wrapper/default.nix +++ b/pkgs/build-support/bintools-wrapper/default.nix @@ -57,6 +57,7 @@ let else if targetPlatform.libc == "nblibc" then "${libc_lib}/libexec/ld.elf_so" else if targetPlatform.system == "i686-linux" then "${libc_lib}/lib/ld-linux.so.2" else if targetPlatform.system == "x86_64-linux" then "${libc_lib}/lib/ld-linux-x86-64.so.2" + else if targetPlatform.system == "powerpc64le-linux" then "${libc_lib}/lib/ld64.so.2" # ARM with a wildcard, which can be "" or "-armhf". else if (with targetPlatform; isAarch32 && isLinux) then "${libc_lib}/lib/ld-linux*.so.3" else if targetPlatform.system == "aarch64-linux" then "${libc_lib}/lib/ld-linux-aarch64.so.1" diff --git a/pkgs/development/compilers/llvm/rocm/clang.nix b/pkgs/development/compilers/llvm/rocm/clang.nix index 789d4c055eb..6ab0f894ca9 100644 --- a/pkgs/development/compilers/llvm/rocm/clang.nix +++ b/pkgs/development/compilers/llvm/rocm/clang.nix @@ -56,6 +56,11 @@ stdenv.mkDerivation rec { echo "$VCSVersion" > lib/Basic/VCSVersion.inc ''; + passthru = { + isClang = true; + inherit llvm; + }; + meta = with lib; { description = "ROCm fork of the clang C/C++/Objective-C/Objective-C++ LLVM compiler frontend"; homepage = "https://llvm.org/"; diff --git a/pkgs/development/libraries/spglib/default.nix b/pkgs/development/libraries/spglib/default.nix new file mode 100644 index 00000000000..f4667acd579 --- /dev/null +++ b/pkgs/development/libraries/spglib/default.nix @@ -0,0 +1,26 @@ +{ stdenv, lib, fetchFromGitHub, cmake } : + +stdenv.mkDerivation rec { + pname = "spglib"; + version = "1.16.0"; + + src = fetchFromGitHub { + owner = "atztogo"; + repo = "spglib"; + rev = "v${version}"; + sha256 = "1kzc956m1pnazhz52vspqridlw72wd8x5l3dsilpdxl491aa2nws"; + }; + + nativeBuildInputs = [ cmake ]; + + checkTarget = "check"; + doCheck = true; + + meta = with lib; { + description = "C library for finding and handling crystal symmetries"; + homepage = "https://atztogo.github.io/spglib/"; + license = licenses.bsd3; + maintainers = [ maintainers.markuskowa ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/tools/ocaml/opam/installer.nix b/pkgs/development/tools/ocaml/opam/installer.nix new file mode 100644 index 00000000000..4501ddd63f0 --- /dev/null +++ b/pkgs/development/tools/ocaml/opam/installer.nix @@ -0,0 +1,17 @@ +{ lib, unzip, opam, ocamlPackages }: + +ocamlPackages.buildDunePackage { + pname = "opam-installer"; + + useDune2 = true; + + inherit (opam) version src; + nativeBuildInputs = [ unzip ]; + + configureFlags = [ "--disable-checks" "--prefix=$out" ]; + buildInputs = with ocamlPackages; [ opam-format cmdliner ]; + + meta = opam.meta // { + description = "Handle (un)installation from opam install files"; + }; +} diff --git a/pkgs/games/freeciv/default.nix b/pkgs/games/freeciv/default.nix index de5f2751fd1..f9938eaca31 100644 --- a/pkgs/games/freeciv/default.nix +++ b/pkgs/games/freeciv/default.nix @@ -28,7 +28,8 @@ in stdenv.mkDerivation rec { done ''; - nativeBuildInputs = [ autoreconfHook pkg-config ]; + nativeBuildInputs = [ autoreconfHook pkg-config ] + ++ optional qtClient [ qt5.wrapQtAppsHook ]; buildInputs = [ lua5_3 zlib bzip2 curl lzma gettext libiconv ] ++ optionals sdlClient [ SDL SDL_mixer SDL_image SDL_ttf SDL_gfx freetype fluidsynth ] diff --git a/pkgs/os-specific/linux/erofs-utils/default.nix b/pkgs/os-specific/linux/erofs-utils/default.nix index e1ff63bce77..73e50c5740b 100644 --- a/pkgs/os-specific/linux/erofs-utils/default.nix +++ b/pkgs/os-specific/linux/erofs-utils/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "erofs-utils"; - version = "1.2"; + version = "1.2.1"; outputs = [ "out" "man" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git"; rev = "v" + version; - sha256 = "07hvijq2hsn3gg1kb8abrfk23n83j57yx8kyv4wqgwhhvd30myjc"; + sha256 = "1vb4mxsb59g29x7l22cffsqa8x743sra4j5zbmx89hjwpwm9vvcg"; }; buildInputs = [ autoreconfHook pkg-config fuse libuuid lz4 ]; diff --git a/pkgs/stdenv/linux/make-bootstrap-tools.nix b/pkgs/stdenv/linux/make-bootstrap-tools.nix index 25cde589a92..e4db92b7717 100644 --- a/pkgs/stdenv/linux/make-bootstrap-tools.nix +++ b/pkgs/stdenv/linux/make-bootstrap-tools.nix @@ -258,7 +258,7 @@ in with pkgs; rec { gcc --version '' + lib.optionalString (stdenv.hostPlatform.libc == "glibc") '' - ldlinux=$(echo ${bootstrapTools}/lib/ld-linux*.so.?) + ldlinux=$(echo ${bootstrapTools}/lib/${builtins.baseNameOf binutils.dynamicLinker}) export CPP="cpp -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools}" export CC="gcc -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools} -Wl,-dynamic-linker,$ldlinux -Wl,-rpath,${bootstrapTools}/lib" export CXX="g++ -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools} -Wl,-dynamic-linker,$ldlinux -Wl,-rpath,${bootstrapTools}/lib" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6fa7b4b201d..76bf49b63fa 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7869,6 +7869,8 @@ in soapui = callPackage ../applications/networking/soapui { }; + spglib = callPackage ../development/libraries/spglib { }; + ssh-askpass-fullscreen = callPackage ../tools/networking/ssh-askpass-fullscreen { }; sshguard = callPackage ../tools/security/sshguard {}; @@ -10567,6 +10569,8 @@ in inherit (ocaml-ng.ocamlPackages_4_05) ocaml; }; + opam-installer = callPackage ../development/tools/ocaml/opam/installer.nix { }; + open-watcom-bin = callPackage ../development/compilers/open-watcom-bin { }; pforth = callPackage ../development/compilers/pforth {}; @@ -19663,6 +19667,7 @@ in prototool = callPackage ../development/tools/prototool { }; qemu_kvm = lowPrio (qemu.override { hostCpuOnly = true; }); + qemu_full = lowPrio (qemu.override { smbdSupport = true; cephSupport = true; }); # See `xenPackages` source for explanations. # Building with `xen` instead of `xen-slim` is possible, but makes no sense.