b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'NixOS:master' into master

Browse source
This commit is contained in:
Googlebot 2022-03-09 09:58:39 -05:00 committed by GitHub
parent 125a347ae1 bf8d8cde01
commit b2068c1248
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4916 changed files with 115644 additions and 58698 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.editorconfig
View file

@ -80,10 +80,3 @@ trim_trailing_whitespace = unset
[pkgs/tools/misc/timidity/timidity.cfg]
trim_trailing_whitespace = unset
[pkgs/tools/security/enpass/data.json]
insert_final_newline = unset
trim_trailing_whitespace = unset
[pkgs/top-level/emscripten-packages.nix]
trim_trailing_whitespace = unset

32
.git-blame-ignore-revs Normal file
View file

@ -0,0 +1,32 @@
# This file contains a list of commits that are not likely what you
# are looking for in a blame, such as mass reformatting or renaming.
# You can set this file as a default ignore file for blame by running
# the following command.
#
# $ git config blame.ignoreRevsFile .git-blame-ignore-revs
#
# To temporarily not use this file add
# --ignore-revs-file=""
# to your blame command.
#
# The ignoreRevsFile can't be set globally due to blame failing if the file isn't present.
# To not have to set the option in every repository it is needed in,
# save the following script in your path with the name "git-bblame"
# now you can run
# $ git bblame $FILE
# to use the .git-blame-ignore-revs file if it is present.
#
# #!/usr/bin/env bash
# repo_root=$(git rev-parse --show-toplevel)
# if [[ -e $repo_root/.git-blame-ignore-revs ]]; then
# git blame --ignore-revs-file="$repo_root/.git-blame-ignore-revs" $@
# else
# git blame $@
# fi
# nixos/modules/rename: Sort alphabetically
1f71224fe86605ef4cd23ed327b3da7882dad382
# nixos: fix module paths in rename.nix
d08ede042b74b8199dc748323768227b88efcf7c

17
.github/CODEOWNERS vendored
View file

@ -104,9 +104,9 @@
/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn @expipiplus1
# Perl
/pkgs/development/interpreters/perl @volth @stigtsp @zakame
/pkgs/top-level/perl-packages.nix @volth @stigtsp @zakame
/pkgs/development/perl-modules @volth @stigtsp @zakame
/pkgs/development/interpreters/perl @stigtsp @zakame
/pkgs/top-level/perl-packages.nix @stigtsp @zakame
/pkgs/development/perl-modules @stigtsp @zakame
# R
/pkgs/applications/science/math/R @jbedo @bcdarwin
@ -119,6 +119,7 @@
# Rust
/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
/pkgs/build-support/rust @zowoq
/doc/languages-frameworks/rust.section.md @zowoq
# Darwin-related
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
@ -217,18 +218,18 @@
/nixos/modules/services/mail/rspamd.nix @peti
# Emacs
/pkgs/applications/editors/emacs-modes @adisbladis
/pkgs/applications/editors/emacs @adisbladis
/pkgs/top-level/emacs-packages.nix @adisbladis
/pkgs/applications/editors/emacs/elisp-packages @adisbladis
/pkgs/applications/editors/emacs @adisbladis
/pkgs/top-level/emacs-packages.nix @adisbladis
# Neovim
/pkgs/applications/editors/neovim @jonringer @teto
# VimPlugins
/pkgs/misc/vim-plugins @jonringer @softinio
/pkgs/applications/editors/vim/plugins @jonringer
# VsCode Extensions
/pkgs/misc/vscode-extensions @jonringer
/pkgs/applications/editors/vscode/extensions @jonringer
# Prometheus exporter modules and tests
/nixos/modules/services/monitoring/prometheus/exporters.nix @WilliButz

6
.github/PULL_REQUEST_TEMPLATE.md vendored
View file

@ -8,8 +8,12 @@ List of open PRs: https://github.com/NixOS/nixpkgs/pulls
Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions
-->
###### Motivation for this change
###### Description of changes
<!--
For package updates please link to a changelog or describe changes, this helps your fellow maintainers discover breaking updates.
For new packages please briefly describe the package or provide a link to its homepage.
-->
###### Things done

4
.github/labeler.yml vendored
View file

@ -16,7 +16,7 @@
- nixos/modules/services/editors/emacs.nix
- nixos/modules/services/editors/emacs.xml
- nixos/tests/emacs-daemon.nix
- pkgs/applications/editors/emacs-modes/**/*
- pkgs/applications/editors/emacs/elisp-packages/**/*
- pkgs/applications/editors/emacs/**/*
- pkgs/build-support/emacs/**/*
- pkgs/top-level/emacs-packages.nix
@ -142,7 +142,7 @@
"6.topic: vim":
- doc/languages-frameworks/vim.section.md
- pkgs/applications/editors/vim/**/*
- pkgs/misc/vim-plugins/**/*
- pkgs/applications/editors/vim/plugins/**/*
- nixos/modules/programs/neovim.nix
- pkgs/applications/editors/neovim/**/*

2
.github/workflows/backport.yml vendored
View file

@ -8,7 +8,7 @@ jobs:
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
# required to find all branches
fetch-depth: 0

2
.github/workflows/basic-eval.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v16
# explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset
- run: nix-build pkgs/top-level/release.nix -A tarball.nixpkgs-basic-release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]'

2
.github/workflows/editorconfig.yml vendored
View file

@ -24,7 +24,7 @@ jobs:
- name: print list of changed files
run: |
cat "$HOME/changed_files"
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/labels.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/labeler@v3
- uses: actions/labeler@v4
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
sync-labels: true

2
.github/workflows/manual-nixos.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/manual-nixpkgs.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/nixos-manual.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/periodic-merge-24h.yml vendored
View file

@ -38,7 +38,7 @@ jobs:
into: staging-21.11
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@1.4.0

2
.github/workflows/periodic-merge-6h.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
into: staging
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@1.4.0

4
.github/workflows/update-terraform-providers.yml vendored
View file

@ -10,7 +10,7 @@ jobs:
if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v16
- name: setup
id: setup
@ -21,7 +21,7 @@ jobs:
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
pushd pkgs/applications/networking/cluster/terraform-providers
./update-all-providers
./update-all-providers --no-build
git commit -m "${{ steps.setup.outputs.title }}" providers.json
popd
- name: create PR

4
README.md
View file

@ -3,8 +3,8 @@
</p>
<p align="center">
<a href="https://www.codetriage.com/nixos/nixpkgs"><img src="https://www.codetriage.com/nixos/nixpkgs/badges/users.svg" alt="Code Triagers badge" /></a>
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporter&color=brightgreen" alt="Open Collective supporters" /></a>
<a href="https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=supporters&color=brightgreen" alt="Open Collective supporters" /></a>
</p>
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over

2
doc/builders/packages/steam.section.md
View file

@ -56,7 +56,7 @@ Use `programs.steam.enable = true;` if you want to add steam to systemPackages a
## steam-run {#sec-steam-run}
The FHS-compatible chroot used for Steam can also be used to run other Linux games that expect a FHS environment. To use it, install the `steam-run-native` package and run the game with
The FHS-compatible chroot used for Steam can also be used to run other Linux games that expect a FHS environment. To use it, install the `steam-run` package and run the game with
```
steam-run ./foo

3
doc/contributing/reviewing-contributions.chapter.md
View file

@ -103,7 +103,8 @@ Sample template for a new package review is provided below.
- [ ] `meta.maintainers` is set
- [ ] build time only dependencies are declared in `nativeBuildInputs`
- [ ] source is fetched using the appropriate function
- [ ] phases are respected
- [ ] the list of `phases` is not overridden
- [ ] when a phase (like `installPhase`) is overridden it starts with `runHook preInstall` and ends with `runHook postInstall`.
- [ ] patches that are remotely available are fetched with `fetchpatch`
##### Possible improvements

2
doc/contributing/submitting-changes.chapter.md
View file

@ -98,7 +98,7 @@ We use jbidwatcher as an example for a discontinued project here.
1. Create a new branch for your change, e.g. `git checkout -b jbidwatcher`
1. Remove the actual package including its directory, e.g. `rm -rf pkgs/applications/misc/jbidwatcher`
1. Remove the package from the list of all packages (`pkgs/top-level/all-packages.nix`).
1. Add an alias for the package name in `pkgs/top-level/aliases.nix` (There is also `pkgs/misc/vim-plugins/aliases.nix`. Package sets typically do not have aliases, so we can't add them there.)
1. Add an alias for the package name in `pkgs/top-level/aliases.nix` (There is also `pkgs/applications/editors/vim/plugins/aliases.nix`. Package sets typically do not have aliases, so we can't add them there.)
For example in this case:

3
doc/languages-frameworks/coq.section.md
View file

@ -29,7 +29,8 @@ The recommended way of defining a derivation for a Coq library, is to use the `c
* `releaseRev` (optional, defaults to `(v: v)`), provides a default mapping from release names to revision hashes/branch names/tags,
* `displayVersion` (optional), provides a way to alter the computation of `name` from `pname`, by explaining how to display version numbers,
* `namePrefix` (optional, defaults to `[ "coq" ]`), provides a way to alter the computation of `name` from `pname`, by explaining which dependencies must occur in `name`,
* `extraBuildInputs` (optional), by default `buildInputs` just contains `coq`, this allows to add more build inputs,
* `extraNativeBuildInputs` (optional), by default `nativeBuildInputs` just contains `coq`, this allows to add more native build inputs, `nativeBuildInputs` are executables and `buildInputs` are libraries and dependencies,
* `extraBuildInputs` (optional), this allows to add more build inputs,
* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `extraBuildInputs` to depend on the same package set Coq was built against.
* `useDune2ifVersion` (optional, default to `(x: false)` uses Dune2 to build the package if the provided predicate evaluates to true on the version, e.g. `useDune2if = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`,
* `useDune2` (optional, defaults to `false`) uses Dune2 to build the package if set to true, the presence of this attribute overrides the behavior of the previous one.

25
doc/languages-frameworks/python.section.md
View file

@ -979,6 +979,31 @@ with import <nixpkgs> {};
in python.withPackages(ps: [ps.blaze])).env
```
#### Optional extra dependencies
Some packages define optional dependencies for additional features. With
`setuptools` this is called `extras_require` and `flit` calls it `extras-require`. A
method for supporting this is by declaring the extras of a package in its
`passthru`, e.g. in case of the package `dask`
```nix
passthru.extras-require = {
complete = [ distributed ];
};
```
and letting the package requiring the extra add the list to its dependencies
```nix
propagatedBuildInputs = [
...
] ++ dask.extras-require.complete;
```
Note this method is preferred over adding parameters to builders, as that can
result in packages depending on different variants and thereby causing
collisions.
#### `buildPythonApplication` function {#buildpythonapplication-function}
The `buildPythonApplication` function is practically the same as

2
doc/languages-frameworks/rust.section.md
View file

@ -464,6 +464,8 @@ you of the correct hash.
be disabled by setting `dontUseCargoParallelTests`.
* `cargoInstallHook`: install binaries and static/shared libraries
that were built using `cargoBuildHook`.
* `bindgenHook`: for crates which use `bindgen` as a build dependency, lets
`bindgen` find `libclang` and `libclang` find the libraries in `buildInputs`.
### Examples {#examples}

8
doc/languages-frameworks/vim.section.md
View file

@ -309,9 +309,9 @@ Sample output2:
## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs}
Nix expressions for Vim plugins are stored in [pkgs/misc/vim-plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/misc/vim-plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/misc/vim-plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/misc/vim-plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/misc/vim-plugins/vim-plugin-names). Plugins are listed in alphabetical order in `vim-plugin-names` using the format `[github username]/[repository]@[gitref]`. For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`.
Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names). Plugins are listed in alphabetical order in `vim-plugin-names` using the format `[github username]/[repository]@[gitref]`. For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`.
Some plugins require overrides in order to function properly. Overrides are placed in [overrides.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/misc/vim-plugins/overrides.nix). Overrides are most often required when a plugin requires some dependencies, or extra steps are required during the build process. For example `deoplete-fish` requires both `deoplete-nvim` and `vim-fish`, and so the following override was added:
Some plugins require overrides in order to function properly. Overrides are placed in [overrides.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/overrides.nix). Overrides are most often required when a plugin requires some dependencies, or extra steps are required during the build process. For example `deoplete-fish` requires both `deoplete-nvim` and `vim-fish`, and so the following override was added:
```nix
deoplete-fish = super.deoplete-fish.overrideAttrs(old: {
@ -330,13 +330,13 @@ Finally, there are some plugins that are also packaged in nodePackages because t
Run the update script with a GitHub API token that has at least `public_repo` access. Running the script without the token is likely to result in rate-limiting (429 errors). For steps on creating an API token, please refer to [GitHub's token documentation](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token).
```sh
GITHUB_API_TOKEN=my_token ./pkgs/misc/vim-plugins/update.py
GITHUB_API_TOKEN=my_token ./pkgs/applications/editors/vim/plugins/update.py
```
Alternatively, set the number of processes to a lower count to avoid rate-limiting.
```sh
./pkgs/misc/vim-plugins/update.py --proc 1
./pkgs/applications/editors/vim/plugins/update.py --proc 1
```
## Important repositories {#important-repositories}

20
doc/stdenv/stdenv.chapter.md
View file

@ -325,6 +325,8 @@ This generic command invokes a number of *phases*. Package builds are split into
Each phase can be overridden in its entirety either by setting the environment variable `namePhase` to a string containing some shell commands to be executed, or by redefining the shell function `namePhase`. The former is convenient to override a phase from the derivation, while the latter is convenient from a build script. However, typically one only wants to *add* some commands to a phase, e.g. by defining `postInstall` or `preFixup`, as skipping some of the default actions may have unexpected consequences. The default script for each phase is defined in the file `pkgs/stdenv/generic/setup.sh`.
When overriding a phase, for example `installPhase`, it is important to start with `runHook preInstall` and end it with `runHook postInstall`, otherwise `preInstall` and `postInstall` will not be run. Even if you don't use them directly, it is good practice to do so anyways for downstream users who would want to add a `postInstall` by overriding your derivation.
While inside an interactive `nix-shell`, if you wanted to run all phases in the order they would be run in an actual build, you can invoke `genericBuild` yourself.
### Controlling phases {#ssec-controlling-phases}
@ -337,7 +339,8 @@ There are a number of variables that control what phases are executed and in wha
Specifies the phases. You can change the order in which phases are executed, or add new phases, by setting this variable. If its not set, the default value is used, which is `$prePhases unpackPhase patchPhase $preConfigurePhases configurePhase $preBuildPhases buildPhase checkPhase $preInstallPhases installPhase fixupPhase installCheckPhase $preDistPhases distPhase $postPhases`.
Usually, if you just want to add a few phases, its more convenient to set one of the variables below (such as `preInstallPhases`), as you then dont specify all the normal phases.
It is discouraged to set this variable, as it is easy to miss some important functionality hidden in some of the less obviously needed phases (like `fixupPhase` which patches the shebang of scripts).
Usually, if you just want to add a few phases, its more convenient to set one of the variables below (such as `preInstallPhases`).
##### `prePhases` {#var-stdenv-prePhases}
@ -794,7 +797,7 @@ Hook executed at the start of the distribution phase.
Hook executed at the end of the distribution phase.
## Shell functions {#ssec-stdenv-functions}
## Shell functions and utilities {#ssec-stdenv-functions}
The standard environment provides a number of useful functions.
@ -818,6 +821,19 @@ Theres many more kinds of arguments, they are documented in `nixpkgs/pkgs/bui
Using the `makeBinaryWrapper` implementation is usually preferred, as it creates a tiny _compiled_ wrapper executable, that can be used as a shebang interpreter. This is needed mostly on Darwin, where shebangs cannot point to scripts, [due to a limitation with the `execve`-syscall](https://stackoverflow.com/questions/67100831/macos-shebang-with-absolute-path-not-working). Compiled wrappers generated by `makeBinaryWrapper` can be inspected with `less <path-to-wrapper>` - by scrolling past the binary data you should be able to see the shell command that generated the executable and there see the environment variables that were injected into the wrapper.
### `remove-references-to -t` \<storepath\> [ `-t` \<storepath\> ... ] \<file\> ... {#fun-remove-references-to}
Removes the references of the specified files to the specified store files. This is done without changing the size of the file by replacing the hash by `eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee`, and should work on compiled executables. This is meant to be used to remove the dependency of the output on inputs that are known to be unnecessary at runtime. Of course, reckless usage will break the patched programs.
To use this, add `removeReferencesTo` to `nativeBuildInputs`.
As `remove-references-to` is an actual executable and not a shell function, it can be used with `find`.
Example removing all references to the compiler in the output:
```nix
postInstall = ''
find "$out" -type f -exec remove-references-to -t ${stdenv.cc} '{}' +
'';
```
### `substitute` \<infile\> \<outfile\> \<subs\> {#fun-substitute}
Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form:

34
flake.nix
View file

@ -21,35 +21,13 @@
nixos = import ./nixos/lib { lib = final; };
nixosSystem = { modules, ... } @ args:
nixosSystem = args:
import ./nixos/lib/eval-config.nix (args // {
modules =
let
moduleDeclarationFile =
let
# Even though `modules` is a mandatory argument for `nixosSystem`, it doesn't
# mean that the evaluator always keeps track of its position. If there
# are too many levels of indirection, the position gets lost at some point.
intermediatePos = builtins.unsafeGetAttrPos "modules" args;
in
if intermediatePos == null then null else intermediatePos.file;
# Add the invoking file as error message location for modules
# that don't have their own locations; presumably inline modules.
addModuleDeclarationFile =
m: if moduleDeclarationFile == null then m else {
_file = moduleDeclarationFile;
imports = [ m ];
};
in
map addModuleDeclarationFile modules ++ [
{
system.nixos.versionSuffix =
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
system.nixos.revision = final.mkIf (self ? rev) self.rev;
}
];
modules = args.modules ++ [ {
system.nixos.versionSuffix =
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
system.nixos.revision = final.mkIf (self ? rev) self.rev;
} ];
});
});

2
lib/attrsets.nix
View file

@ -276,7 +276,7 @@ rec {
/* Like `mapAttrsRecursive', but it takes an additional predicate
function that tells it whether to recursive into an attribute
function that tells it whether to recurse into an attribute
set. If it returns false, `mapAttrsRecursiveCond' does not
recurse, but does apply the map function. If it returns true, it
does recurse, and does not apply the map function.

6
lib/default.nix
View file

@ -111,8 +111,8 @@ let
cleanSource sourceByRegex sourceFilesBySuffices
commitIdFromGitRepo cleanSourceWith pathHasContext
canCleanSource pathIsRegularFile pathIsGitRepo;
inherit (self.modules) evalModules unifyModuleSyntax
applyIfFunction mergeModules
inherit (self.modules) evalModules setDefaultModuleLocation
unifyModuleSyntax applyIfFunction mergeModules
mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions
pushDownProperties dischargeProperties filterOverrides
sortProperties fixupOptionType mkIf mkAssert mkMerge mkOverride
@ -126,7 +126,7 @@ let
getValues getFiles
optionAttrSetToDocList optionAttrSetToDocList'
scrubOptionValue literalExpression literalExample literalDocBook
showOption showFiles unknownModule mkOption;
showOption showFiles unknownModule mkOption mkPackageOption;
inherit (self.types) isType setType defaultTypeMerge defaultFunctor
isOptionType mkOptionType;
inherit (self.asserts)

15
lib/licenses.nix
View file

@ -465,6 +465,11 @@ in mkLicense lset) ({
spdxId = "imagemagick";
};
imlib2 = {
spdxId = "Imlib2";
fullName = "Imlib2 License";
};
inria-compcert = {
fullName = "INRIA Non-Commercial License Agreement for the CompCert verified compiler";
url = "https://compcert.org/doc/LICENSE.txt";
@ -591,6 +596,16 @@ in mkLicense lset) ({
spdxId = "MIT";
fullName = "MIT License";
};
# https://spdx.org/licenses/MIT-feh.html
mit-feh = {
spdxId = "MIT-feh";
fullName = "feh License";
};
mitAdvertising = {
spdxId = "MIT-advertising";
fullName = "Enlightenment License (e16)";
};
mpl10 = {
spdxId = "MPL-1.0";

17
lib/modules.nix
View file

@ -138,7 +138,7 @@ rec {
# support for that, in turn it's lazy in its values. This means e.g.
# a `_module.args.pkgs = import (fetchTarball { ... }) {}` won't
# start a download when `pkgs` wasn't evaluated.
type = types.lazyAttrsOf types.unspecified;
type = types.lazyAttrsOf types.raw;
internal = true;
description = "Arguments passed to each module.";
};
@ -151,8 +151,7 @@ rec {
};
_module.freeformType = mkOption {
# Disallow merging for now, but could be implemented nicely with a `types.optionType`
type = types.nullOr (types.uniq types.attrs);
type = types.nullOr types.optionType;
internal = true;
default = null;
description = ''
@ -334,6 +333,10 @@ rec {
in modulesPath: initialModules: args:
filterModules modulesPath (collectStructuredModules unknownModule "" initialModules args);
/* Wrap a module with a default location for reporting errors. */
setDefaultModuleLocation = file: m:
{ _file = file; imports = [ m ]; };
/* Massage a module into canonical form, that is, a set consisting
of options, config and imports attributes. */
unifyModuleSyntax = file: key: m:
@ -534,11 +537,9 @@ rec {
correspond to the definition of 'loc' in 'opt.file'. */
mergeOptionDecls =
let
packSubmodule = file: m:
{ _file = file; imports = [ m ]; };
coerceOption = file: opt:
if isFunction opt then packSubmodule file opt
else packSubmodule file { options = opt; };
if isFunction opt then setDefaultModuleLocation file opt
else setDefaultModuleLocation file { options = opt; };
in loc: opts:
foldl' (res: opt:
let t = res.type;
@ -568,7 +569,7 @@ rec {
getSubModules = opt.options.type.getSubModules or null;
submodules =
if getSubModules != null then map (packSubmodule opt._file) getSubModules ++ res.options
if getSubModules != null then map (setDefaultModuleLocation opt._file) getSubModules ++ res.options
else if opt.options ? options then map (coerceOption opt._file) options' ++ res.options
else res.options;
in opt.options // res //

115
lib/sources.nix
View file

@ -20,17 +20,26 @@ let
readFile
;
# Returns the type of a path: regular (for file), symlink, or directory
pathType = p: getAttr (baseNameOf p) (readDir (dirOf p));
/*
Returns the type of a path: regular (for file), symlink, or directory.
*/
pathType = path: getAttr (baseNameOf path) (readDir (dirOf path));
# Returns true if the path exists and is a directory, false otherwise
pathIsDirectory = p: if pathExists p then (pathType p) == "directory" else false;
/*
Returns true if the path exists and is a directory, false otherwise.
*/
pathIsDirectory = path: if pathExists path then (pathType path) == "directory" else false;
# Returns true if the path exists and is a regular file, false otherwise
pathIsRegularFile = p: if pathExists p then (pathType p) == "regular" else false;
/*
Returns true if the path exists and is a regular file, false otherwise.
*/
pathIsRegularFile = path: if pathExists path then (pathType path) == "regular" else false;
# Bring in a path as a source, filtering out all Subversion and CVS
# directories, as well as backup files (*~).
/*
A basic filter for `cleanSourceWith` that removes
directories of version control system, backup files (*~)
and some generated files.
*/
cleanSourceFilter = name: type: let baseName = baseNameOf (toString name); in ! (
# Filter out version control software files/directories
(baseName == ".git" || type == "directory" && (baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
@ -48,43 +57,48 @@ let
(type == "unknown")
);
# Filters a source tree removing version control files and directories using cleanSourceWith
#
# Example:
# cleanSource ./.
/*
Filters a source tree removing version control files and directories using cleanSourceFilter.
Example:
cleanSource ./.
*/
cleanSource = src: cleanSourceWith { filter = cleanSourceFilter; inherit src; };
# Like `builtins.filterSource`, except it will compose with itself,
# allowing you to chain multiple calls together without any
# intermediate copies being put in the nix store.
#
# lib.cleanSourceWith {
# filter = f;
# src = lib.cleanSourceWith {
# filter = g;
# src = ./.;
# };
# }
# # Succeeds!
#
# builtins.filterSource f (builtins.filterSource g ./.)
# # Fails!
#
# Parameters:
#
# src: A path or cleanSourceWith result to filter and/or rename.
#
# filter: A function (path -> type -> bool)
# Optional with default value: constant true (include everything)
# The function will be combined with the && operator such
# that src.filter is called lazily.
# For implementing a filter, see
# https://nixos.org/nix/manual/#builtin-filterSource
#
# name: Optional name to use as part of the store path.
# This defaults to `src.name` or otherwise `"source"`.
#
cleanSourceWith = { filter ? _path: _type: true, src, name ? null }:
/*
Like `builtins.filterSource`, except it will compose with itself,
allowing you to chain multiple calls together without any
intermediate copies being put in the nix store.
Example:
lib.cleanSourceWith {
filter = f;
src = lib.cleanSourceWith {
filter = g;
src = ./.;
};
}
# Succeeds!
builtins.filterSource f (builtins.filterSource g ./.)
# Fails!
*/
cleanSourceWith =
{
# A path or cleanSourceWith result to filter and/or rename.
src,
# Optional with default value: constant true (include everything)
# The function will be combined with the && operator such
# that src.filter is called lazily.
# For implementing a filter, see
# https://nixos.org/nix/manual/#builtin-filterSource
# Type: A function (path -> type -> bool)
filter ? _path: _type: true,
# Optional name to use as part of the store path.
# This defaults to `src.name` or otherwise `"source"`.
name ? null
}:
let
orig = toSourceAttributes src;
in fromSourceAttributes {
@ -116,9 +130,11 @@ let
satisfiesSubpathInvariant = src ? satisfiesSubpathInvariant && src.satisfiesSubpathInvariant;
};
# Filter sources by a list of regular expressions.
#
# E.g. `src = sourceByRegex ./my-subproject [".*\.py$" "^database.sql$"]`
/*
Filter sources by a list of regular expressions.
Example: src = sourceByRegex ./my-subproject [".*\.py$" "^database.sql$"]
*/
sourceByRegex = src: regexes:
let
isFiltered = src ? _isLibCleanSourceWith;
@ -153,8 +169,11 @@ let
pathIsGitRepo = path: (tryEval (commitIdFromGitRepo path)).success;
# Get the commit id of a git repo
# Example: commitIdFromGitRepo <nixpkgs/.git>
/*
Get the commit id of a git repo.
Example: commitIdFromGitRepo <nixpkgs/.git>
*/
commitIdFromGitRepo =
let readCommitFromFile = file: path:
let fileName = toString path + "/" + file;

4
lib/systems/parse.nix
View file

@ -364,8 +364,8 @@ rec {
musleabihf = { float = "hard"; };
musl = {};
uclibceabihf = { float = "soft"; };
uclibceabi = { float = "hard"; };
uclibceabi = { float = "soft"; };
uclibceabihf = { float = "hard"; };
uclibc = {};
unknown = {};

27
lib/tests/modules.sh
View file

@ -240,6 +240,11 @@ checkConfigOutput '^"24"$' config.foo ./freeform-attrsOf.nix ./freeform-str-dep-
checkConfigError 'infinite recursion encountered' config.foo ./freeform-attrsOf.nix ./freeform-unstr-dep-str.nix
checkConfigError 'The option .* is used but not defined' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix
checkConfigOutput '^"24"$' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix ./define-value-string.nix
# submodules in freeformTypes should have their locations annotated
checkConfigOutput '/freeform-submodules.nix"$' config.fooDeclarations.0 ./freeform-submodules.nix
# freeformTypes can get merged using `types.type`, including submodules
checkConfigOutput '^10$' config.free.xxx.foo ./freeform-submodules.nix
checkConfigOutput '^10$' config.free.yyy.bar ./freeform-submodules.nix
## types.anything
# Check that attribute sets are merged recursively
@ -284,6 +289,28 @@ checkConfigOutput '^"a b"$' config.resultFoo ./declare-variants.nix ./define-var
checkConfigOutput '^"a y z"$' config.resultFooBar ./declare-variants.nix ./define-variant.nix
checkConfigOutput '^"a b c"$' config.resultFooFoo ./declare-variants.nix ./define-variant.nix
## emptyValue's
checkConfigOutput "[ ]" config.list.a ./emptyValues.nix
checkConfigOutput "{ }" config.attrs.a ./emptyValues.nix
checkConfigOutput "null" config.null.a ./emptyValues.nix
checkConfigOutput "{ }" config.submodule.a ./emptyValues.nix
# These types don't have empty values
checkConfigError 'The option .int.a. is used but not defined' config.int.a ./emptyValues.nix
checkConfigError 'The option .nonEmptyList.a. is used but not defined' config.nonEmptyList.a ./emptyValues.nix
## types.raw
checkConfigOutput "{ foo = <CODE>; }" config.unprocessedNesting ./raw.nix
checkConfigOutput "10" config.processedToplevel ./raw.nix
checkConfigError "The option .multiple. is defined multiple times" config.multiple ./raw.nix
checkConfigOutput "bar" config.priorities ./raw.nix
# Test that types.optionType merges types correctly
checkConfigOutput '^10$' config.theOption.int ./optionTypeMerging.nix
checkConfigOutput '^"hello"$' config.theOption.str ./optionTypeMerging.nix
# Test that types.optionType correctly annotates option locations
checkConfigError 'The option .theOption.nested. in .other.nix. is already declared in .optionTypeFile.nix.' config.theOption.nested ./optionTypeFile.nix
cat <<EOF
====== module tests ======
$pass Pass

36
lib/tests/modules/emptyValues.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, ... }:
let
inherit (lib) types;
in {
options = {
int = lib.mkOption {
type = types.lazyAttrsOf types.int;
};
list = lib.mkOption {
type = types.lazyAttrsOf (types.listOf types.int);
};
nonEmptyList = lib.mkOption {
type = types.lazyAttrsOf (types.nonEmptyListOf types.int);
};
attrs = lib.mkOption {
type = types.lazyAttrsOf (types.attrsOf types.int);
};
null = lib.mkOption {
type = types.lazyAttrsOf (types.nullOr types.int);
};
submodule = lib.mkOption {
type = types.lazyAttrsOf (types.submodule {});
};
};
config = {
int.a = lib.mkIf false null;
list.a = lib.mkIf false null;
nonEmptyList.a = lib.mkIf false null;
attrs.a = lib.mkIf false null;
null.a = lib.mkIf false null;
submodule.a = lib.mkIf false null;
};
}

22
lib/tests/modules/freeform-submodules.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, options, ... }: with lib.types; {
options.fooDeclarations = lib.mkOption {
default = (options.free.type.getSubOptions [])._freeformOptions.foo.declarations;
};
options.free = lib.mkOption {
type = submodule {
config._module.freeformType = lib.mkMerge [
(attrsOf (submodule {
options.foo = lib.mkOption {};
}))
(attrsOf (submodule {
options.bar = lib.mkOption {};
}))
];
};
};
config.free.xxx.foo = 10;
config.free.yyy.bar = 10;
}

28
lib/tests/modules/optionTypeFile.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, ... }: {
_file = "optionTypeFile.nix";
options.theType = lib.mkOption {
type = lib.types.optionType;
};
options.theOption = lib.mkOption {
type = config.theType;
default = {};
};
config.theType = lib.mkMerge [
(lib.types.submodule {
options.nested = lib.mkOption {
type = lib.types.int;
};
})
(lib.types.submodule {
_file = "other.nix";
options.nested = lib.mkOption {
type = lib.types.str;
};
})
];
}

27
lib/tests/modules/optionTypeMerging.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, lib, ... }: {
options.theType = lib.mkOption {
type = lib.types.optionType;
};
options.theOption = lib.mkOption {
type = config.theType;
};
config.theType = lib.mkMerge [
(lib.types.submodule {
options.int = lib.mkOption {
type = lib.types.int;
default = 10;
};
})
(lib.types.submodule {
options.str = lib.mkOption {
type = lib.types.str;
};
})
];
config.theOption.str = "hello";
}

30
lib/tests/modules/raw.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, ... }: {
options = {
processedToplevel = lib.mkOption {
type = lib.types.raw;
};
unprocessedNesting = lib.mkOption {
type = lib.types.raw;
};
multiple = lib.mkOption {
type = lib.types.raw;
};
priorities = lib.mkOption {
type = lib.types.raw;
};
};
config = {
processedToplevel = lib.mkIf true 10;
unprocessedNesting.foo = throw "foo";
multiple = lib.mkMerge [
"foo"
"foo"
];
priorities = lib.mkMerge [
"foo"
(lib.mkForce "bar")
];
};
}

10
lib/trivial.nix
View file

@ -61,11 +61,11 @@ rec {
pipe = val: functions:
let reverseApply = x: f: f x;
in builtins.foldl' reverseApply val functions;
/* note please dont add a function like `compose = flip pipe`.
This would confuse users, because the order of the functions
in the list is not clear. With pipe, its obvious that it
goes first-to-last. With `compose`, not so much.
*/
# note please dont add a function like `compose = flip pipe`.
# This would confuse users, because the order of the functions
# in the list is not clear. With pipe, its obvious that it
# goes first-to-last. With `compose`, not so much.
## Named versions corresponding to some builtin operators.

44
lib/types.nix
View file

@ -61,7 +61,11 @@ let
boolToString
;
inherit (lib.modules) mergeDefinitions;
inherit (lib.modules)
mergeDefinitions
fixupOptionType
mergeOptionDecls
;
outer_types =
rec {
isType = type: x: (x._type or "") == type;
@ -162,6 +166,13 @@ rec {
# nixos/doc/manual/development/option-types.xml!
types = rec {
raw = mkOptionType rec {
name = "raw";
description = "raw value";
check = value: true;
merge = mergeOneOption;
};
anything = mkOptionType {
name = "anything";
description = "anything";
@ -390,7 +401,7 @@ rec {
).optionalValue
) def.value
) defs)));
emptyValue = { value = {}; };
emptyValue = { value = []; };
getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["*"]);
getSubModules = elemType.getSubModules;
substSubModules = m: listOf (elemType.substSubModules m);
@ -402,7 +413,7 @@ rec {
let list = addCheck (types.listOf elemType) (l: l != []);
in list // {
description = "non-empty " + list.description;
# Note: emptyValue is left as is, because another module may define an element.
emptyValue = { }; # no .value attr, meaning unset
};
attrsOf = elemType: mkOptionType rec {
@ -503,7 +514,7 @@ rec {
functionTo = elemType: mkOptionType {
name = "functionTo";
description = "function that evaluates to a(n) ${elemType.name}";
description = "function that evaluates to a(n) ${elemType.description}";
check = isFunction;
merge = loc: defs:
fnArgs: (mergeDefinitions (loc ++ [ "[function body]" ]) elemType (map (fn: { inherit (fn) file; value = fn.value fnArgs; }) defs)).mergedValue;
@ -518,6 +529,31 @@ rec {
modules = toList modules;
};
# The type of a type!
optionType = mkOptionType {
name = "optionType";
description = "optionType";
check = value: value._type or null == "option-type";
merge = loc: defs:
let
# Prepares the type definitions for mergeOptionDecls, which
# annotates submodules types with file locations
optionModules = map ({ value, file }:
{
_file = file;
# There's no way to merge types directly from the module system,
# but we can cheat a bit by just declaring an option with the type
options = lib.mkOption {
type = value;
};
}
) defs;
# Merges all the types into a single one, including submodule merging.
# This also propagates file information to all submodules
mergedOption = fixupOptionType loc (mergeOptionDecls loc optionModules);
in mergedOption.type;
};
submoduleWith =
{ modules
, specialArgs ? {}

345
maintainers/maintainer-list.nix
View file

@ -145,6 +145,12 @@
githubId = 16829510;
name = "Aaron Janse";
};
aaronjheng = {
email = "wentworth@outlook.com";
github = "aaronjheng";
githubId = 806876;
name = "Aaron Jheng";
};
aaronschif = {
email = "aaronschif@gmail.com";
github = "aaronschif";
@ -595,6 +601,12 @@
githubId = 15623522;
name = "Amar Paul";
};
amarshall = {
email = "andrew@johnandrewmarshall.com";
github = "amarshall";
githubId = 153175;
name = "Andrew Marshall";
};
ambroisie = {
email = "bruno.nixpkgs@belanyi.fr";
github = "ambroisie";
@ -759,13 +771,6 @@
githubId = 11699655;
name = "Stanislas Lange";
};
angustrau = {
name = "Angus Trau";
email = "nix@angus.ws";
matrix = "@angustrau:matrix.org";
github = "angustrau";
githubId = 13267947;
};
anhdle14 = {
name = "Le Anh Duc";
email = "anhdle14@icloud.com";
@ -1077,6 +1082,12 @@
githubId = 55833;
name = "Troels Henriksen";
};
atila = {
name = "Átila Saraiva";
email = "atilasaraiva@gmail.com";
github = "AtilaSaraiva";
githubId = 29521461;
};
atkinschang = {
email = "atkinschang+nixpkgs@gmail.com";
github = "AtkinsChang";
@ -1179,14 +1190,14 @@
name = "Artturi N";
};
azahi = {
email = "azahi@teknik.io";
matrix = "@azahi:matrix.org";
name = "Azat Bahawi";
email = "azat@bahawi.net";
matrix = "@azahi:azahi.cc";
github = "azahi";
githubId = 22211000;
name = "Azat Bahawi";
keys = [{
longkeyid = "rsa2048/0xB40FCB6608BBE3B6";
fingerprint = "E9F3 483F 31C7 29B4 4CA2 7C38 B40F CB66 08BB E3B6";
longkeyid = "rsa4096/0xC8C6BDDB3847F72B";
fingerprint = "2688 0377 C31D 9E81 9BDF 83A8 C8C6 BDDB 3847 F72B";
}];
};
ayazhafiz = {
@ -1195,6 +1206,12 @@
githubId = 262763;
name = "Ayaz Hafiz";
};
azuwis = {
email = "azuwis@gmail.com";
github = "azuwis";
githubId = 9315;
name = "Zhong Jianxin";
};
b4dm4n = {
email = "fabianm88@gmail.com";
github = "B4dM4n";
@ -2382,6 +2399,13 @@
githubId = 11145016;
name = "J.C.";
};
congee = {
email = "changshengwu@pm.me";
matrix = "@congeec:matrix.org";
github = "congee";
name = "Changsheng Wu";
githubId = 2083950;
};
contrun = {
email = "uuuuuu@protonmail.com";
github = "contrun";
@ -2394,6 +2418,23 @@
githubId = 5510514;
name = "Conrad Mearns";
};
corbanr = {
email = "corban@raunco.co";
github = "CorbanR";
githubId = 1918683;
matrix = "@corbansolo:matrix.org";
name = "Corban Raun";
keys = [
{
longkeyid = "rsa4096/0xA697A56F1F151189";
fingerprint = "6607 0B24 8CE5 64ED 22CE 0950 A697 A56F 1F15 1189";
}
{
longkeyid = "ed25519/0x230F4AC153F90F29";
fingerprint = "D8CB 816A B678 A4E6 1EC7 5325 230F 4AC1 53F9 0F29";
}
];
};
couchemar = {
email = "couchemar@yandex.ru";
github = "couchemar";
@ -2879,6 +2920,12 @@
githubId = 19733;
name = "Moritz Heidkamp";
};
DerickEddington = {
email = "derick.eddington@pm.me";
github = "DerickEddington";
githubId = 4731128;
name = "Derick Eddington";
};
dermetfan = {
email = "serverkorken@gmail.com";
github = "dermetfan";
@ -2963,6 +3010,12 @@
githubId = 8404455;
name = "Diego Lelis";
};
DieracDelta = {
email = "justin@restivo.me";
github = "DieracDelta";
githubId = 13730968;
name = "Justin Restivo";
};
diffumist = {
email = "git@diffumist.me";
github = "diffumist";
@ -3381,6 +3434,12 @@
githubId = 18535642;
name = "Emily";
};
emilytrau = {
name = "Emily Trau";
email = "nix@angus.ws";
github = "emilytrau";
githubId = 13267947;
};
enderger = {
email = "endergeryt@gmail.com";
github = "enderger";
@ -3736,6 +3795,12 @@
githubId = 222467;
name = "Dmitry Ivanov";
};
Etjean = {
email = "et.jean@outlook.fr";
github = "Etjean";
githubId = 32169529;
name = "Etienne Jean";
};
etu = {
email = "elis@hirwing.se";
matrix = "@etu:semi.social";
@ -3918,6 +3983,12 @@
githubId = 1276854;
name = "Florian Peter";
};
fbeffa = {
email = "beffa@fbengineering.ch";
github = "fedeinthemix";
githubId = 7670450;
name = "Federico Beffa";
};
fbrs = {
email = "yuuki@protonmail.com";
github = "cideM";
@ -4010,6 +4081,12 @@
github = "fitzgibbon";
githubId = 617048;
};
fkautz = {
name = "Frederick F. Kautz IV";
email = "fkautz@alumni.cmu.edu";
github = "fkautz";
githubId = 135706;
};
Flakebi = {
email = "flakebi@t-online.de";
github = "Flakebi";
@ -4396,6 +4473,12 @@
githubId = 27668;
name = "Tobias Pflug";
};
gin66 = {
email = "jochen@kiemes.de";
github = "gin66";
githubId = 5549373;
name = "Jochen Kiemes";
};
giogadi = {
email = "lgtorres42@gmail.com";
github = "giogadi";
@ -5456,6 +5539,12 @@
githubId = 221929;
name = "Jean-Baptiste Giraudeau";
};
jc = {
name = "Josh Cooper";
email = "josh@cooper.is";
github = "joshua-cooper";
githubId = 35612334;
};
jceb = {
name = "jceb";
email = "jceb@e-jc.de";
@ -5584,6 +5673,16 @@
githubId = 143075;
name = "James Felix Black";
};
jfchevrette = {
email = "jfchevrette@gmail.com";
github = "jfchevrette";
githubId = 3001;
name = "Jean-Francois Chevrette";
keys = [{
longkeyid = "rsa4096/0x67A0585801290DC6";
fingerprint = "B612 96A9 498E EECD D5E9 C0F0 67A0 5858 0129 0DC6";
}];
};
jflanglois = {
email = "yourstruly@julienlanglois.me";
github = "jflanglois";
@ -5966,6 +6065,12 @@
githubId = 4611077;
name = "Raymond Gauthier";
};
jrpotter = {
email = "jrpotter2112@gmail.com";
github = "jrpotter";
githubId = 3267697;
name = "Joshua Potter";
};
jschievink = {
email = "jonasschievink@gmail.com";
matrix = "@jschievink:matrix.org";
@ -6021,6 +6126,12 @@
githubId = 810075;
name = "Juan Rodal";
};
juboba = {
email = "juboba@gmail.com";
github = "juboba";
githubId = 1189739;
name = "Julio Borja Barra";
};
juliendehos = {
email = "dehos@lisic.univ-littoral.fr";
github = "juliendehos";
@ -6239,6 +6350,12 @@
githubId = 37185887;
name = "Calvin Kim";
};
keldu = {
email = "mail@keldu.de";
github = "keldu";
githubId = 15373888;
name = "Claudius Holeksa";
};
kennyballou = {
email = "kb@devnulllabs.io";
github = "kennyballou";
@ -6274,6 +6391,12 @@
githubId = 209729;
name = "Kevin Griffin";
};
kevink = {
email = "kevin@kevink.dev";
github = "Unkn0wnCat";
githubId = 8211181;
name = "Kevin Kandlbinder";
};
kfollesdal = {
email = "kfollesdal@gmail.com";
github = "kfollesdal";
@ -6430,7 +6553,7 @@
githubId = 18447310;
};
kloenk = {
email = "me@kloenk.de";
email = "me@kloenk.dev";
matrix = "@kloenk:petabyte.dev";
name = "Finn Behrens";
github = "kloenk";
@ -6984,12 +7107,6 @@
githubId = 36448130;
name = "Michael Brantley";
};
linarcx = {
email = "linarcx@gmail.com";
github = "linarcx";
githubId = 10884422;
name = "Kaveh Ahangar";
};
linc01n = {
email = "git@lincoln.hk";
github = "linc01n";
@ -7052,6 +7169,12 @@
githubId = 30698906;
name = "Luna D Dragon";
};
LunNova = {
email = "nixpkgs-maintainer@lunnova.dev";
github = "LunNova";
githubId = 782440;
name = "Luna Nova";
};
lionello = {
email = "lio@lunesu.com";
github = "lionello";
@ -7523,16 +7646,6 @@
githubId = 29855073;
name = "Michael Colicchia";
};
matdsoupe = {
github = "matdsoupe";
githubId = 44469426;
name = "Matheus de Souza Pessanha";
email = "matheus_pessanha2001@outlook.com";
keys = [{
longkeyid = "rsa4096/0x2671964AB1E06A08";
fingerprint = "2F32 CFEF E11A D73B A740 FA47 2671 964A B1E0 6A08";
}];
};
matejc = {
email = "cotman.matej@gmail.com";
github = "matejc";
@ -7634,6 +7747,12 @@
githubId = 1187050;
name = "Maximilian Huber";
};
maximsmol = {
email = "maximsmol@gmail.com";
github = "maximsmol";
githubId = 1472826;
name = "Max Smolin";
};
maxxk = {
email = "maxim.krivchikov@gmail.com";
github = "maxxk";
@ -7814,12 +7933,6 @@
github = "kira-bruneau";
githubId = 382041;
};
meutraa = {
email = "paul+nixpkgs@lost.host";
name = "Paul Meredith";
github = "meutraa";
githubId = 68550871;
};
mephistophiles = {
email = "mussitantesmortem@gmail.com";
name = "Maxim Zhukov";
@ -7862,6 +7975,12 @@
githubId = 668926;
name = "Maximilian Güntner";
};
mh = {
email = "68288772+markus-heinrich@users.noreply.github.com";
github = "markus-heinrich";
githubId = 68288772;
name = "Markus Heinrich";
};
mhaselsteiner = {
email = "magdalena.haselsteiner@gmx.at";
github = "mhaselsteiner";
@ -7933,6 +8052,12 @@
fingerprint = "FEF0 AE2D 5449 3482 5F06 40AA 186A 1EDA C5C6 3F83";
}];
};
mihnea-s = {
email = "mihn.stn@gmail.com";
github = "mihnea-s";
githubId = 43088426;
name = "Mihnea Stoian";
};
mikefaille = {
email = "michael@faille.io";
github = "mikefaille";
@ -8047,13 +8172,6 @@
githubId = 1001112;
name = "Marcin Janczyk";
};
mjlbach = {
email = "m.j.lbach@gmail.com";
matrix = "@atrius:matrix.org";
github = "mjlbach";
githubId = 13316262;
name = "Michael Lingelbach";
};
mjp = {
email = "mike@mythik.co.uk";
github = "MikePlayle";
@ -8432,6 +8550,17 @@
githubId = 25388474;
name = "Matej Urbas";
};
mvisonneau = {
name = "Maxime VISONNEAU";
email = "maxime@visonneau.fr";
matrix = "@maxime:visonneau.fr";
github = "mvisonneau";
githubId = 1761583;
keys = [{
longkeyid = "rsa4096/0x150D6F0AE9198D24";
fingerprint = "EC63 0CEA E8BC 5EE5 5C58 F2E3 150D 6F0A E919 8D24";
}];
};
mvnetbiz = {
email = "mvnetbiz@gmail.com";
matrix = "@mvtva:matrix.org";
@ -8457,6 +8586,12 @@
githubId = 9636071;
name = "Myrl Hex";
};
n0emis = {
email = "nixpkgs@n0emis.network";
github = "n0emis";
githubId = 22817873;
name = "Ember Keske";
};
nadrieril = {
email = "nadrieril@gmail.com";
github = "nadrieril";
@ -8559,6 +8694,12 @@
githubId = 3747396;
name = "Nathan Isom";
};
nelsonjeppesen = {
email = "nix@jeppesen.io";
github = "NelsonJeppesen";
githubId = 50854675;
name = "Nelson Jeppesen";
};
neonfuz = {
email = "neonfuz@gmail.com";
github = "neonfuz";
@ -8681,6 +8822,12 @@
githubId = 8214542;
name = "Nicolò Balzarotti";
};
nidabdella = {
name = "Mohamed Nidabdella";
email = "nidabdella.mohamed@gmail.com";
github = "nidabdella";
githubId = 8083813;
};
NieDzejkob = {
email = "kuba@kadziolka.net";
github = "NieDzejkob";
@ -8856,9 +9003,9 @@
githubId = 2946283;
name = "Brian Cohen";
};
novoxudonoser = {
novoxd = {
email = "radnovox@gmail.com";
github = "novoxudonoser";
github = "novoxd";
githubId = 6052922;
name = "Kirill Struokov";
};
@ -8986,6 +9133,12 @@
githubId = 158758;
name = "Oliver Dunkl";
};
ofek = {
email = "oss@ofek.dev";
github = "ofek";
githubId = 9677399;
name = "Ofek Lev";
};
offline = {
email = "jaka@x-truder.net";
github = "offlinehacker";
@ -9164,6 +9317,12 @@
githubId = 15930073;
name = "Moritz Scheuren";
};
ozkutuk = {
email = "ozkutuk@protonmail.com";
github = "ozkutuk";
githubId = 5948762;
name = "Berk Özkütük";
};
pablovsky = {
email = "dealberapablo07@gmail.com";
github = "pablo1107";
@ -9803,6 +9962,12 @@
githubId = 20524473;
name = "Psyanticy";
};
psydvl = {
email = "psydvl@fea.st";
github = "psydvl";
githubId = 43755002;
name = "Dmitriy P";
};
ptival = {
email = "valentin.robert.42@gmail.com";
github = "Ptival";
@ -10037,6 +10202,20 @@
githubId = 16624;
name = "Maxim Ivanov";
};
reckenrode = {
name = "Randy Eckenrode";
email = "randy@largeandhighquality.com";
matrix = "@reckenrode:matrix.org";
github = "reckenrode";
githubId = 7413633;
keys = [
# compare with https://keybase.io/reckenrode
{
longkeyid = "ed25519/0xFBF19A982CCE0048";
fingerprint = "01D7 5486 3A6D 64EA AC77 0D26 FBF1 9A98 2CCE 0048";
}
];
};
redfish64 = {
email = "engler@gmail.com";
github = "redfish64";
@ -10155,6 +10334,13 @@
githubId = 6047658;
name = "Ryan Horiguchi";
};
rhysmdnz = {
email = "rhys@memes.nz";
matrix = "@rhys:memes.nz";
github = "rhysmdnz";
githubId = 2162021;
name = "Rhys Davies";
};
ribose-jeffreylau = {
name = "Jeffrey Lau";
email = "jeffrey.lau@ribose.com";
@ -10831,6 +11017,12 @@
githubId = 19472270;
name = "Sebastian";
};
sebastianblunt = {
name = "Sebastian Blunt";
email = "nix@sebastianblunt.com";
github = "sebastianblunt";
githubId = 47431204;
};
sebbadk = {
email = "sebastian@sebba.dk";
github = "SEbbaDK";
@ -11005,6 +11197,16 @@
github = "shikanime";
githubId = 22115108;
};
shiryel = {
email = "contact@shiryel.com";
name = "Shiryel";
github = "shiryel";
githubId = 35617139;
keys = [{
longkeyid = "ed25519/0xC4041EA6B32633DE";
fingerprint = "AB63 4CD9 3322 BD42 6231 F764 C404 1EA6 B326 33DE";
}];
};
shlevy = {
email = "shea@shealevy.com";
github = "shlevy";
@ -11428,6 +11630,12 @@
githubId = 1699155;
name = "Steve Elliott";
};
stehessel = {
email = "stephan@stehessel.de";
github = "stehessel";
githubId = 55607356;
name = "Stephan Heßelmann";
};
stelcodes = {
email = "stel@stel.codes";
github = "stelcodes";
@ -11571,6 +11779,13 @@
githubId = 2666479;
name = "Y Nguyen";
};
superherointj = {
name = "Sérgio G.";
email = "5861043+superherointj@users.noreply.github.com";
matrix = "@superherointj:matrix.org";
github = "superherointj";
githubId = 5861043;
};
SuperSandro2000 = {
email = "sandro.jaeckel@gmail.com";
matrix = "@sandro:supersandro.de";
@ -12666,9 +12881,9 @@
githubId = 5837359;
name = "Adrian Pistol";
};
vika_nezrimaya = {
vikanezrimaya = {
email = "vika@fireburn.ru";
github = "kisik21";
github = "vikanezrimaya";
githubId = 7953163;
name = "Vika Shleina";
keys = [{
@ -12692,6 +12907,12 @@
githubId = 118959;
name = "VinyMeuh";
};
viraptor = {
email = "nix@viraptor.info";
github = "viraptor";
githubId = 188063;
name = "Stanisław Pitucha";
};
viric = {
email = "viric@viric.name";
github = "viric";
@ -13038,7 +13259,7 @@
name = "Wayne Scott";
};
wucke13 = {
email = "info@wucke13.de";
email = "wucke13@gmail.com";
github = "wucke13";
githubId = 20400405;
name = "Wucke";
@ -13117,6 +13338,12 @@
githubId = 1297598;
name = "Konrad Borowski";
};
xgroleau = {
email = "xgroleau@gmail.com";
github = "xgroleau";
githubId = 31734358;
name = "Xavier Groleau";
};
xiorcale = {
email = "quentin.vaucher@pm.me";
github = "xiorcale";
@ -13173,7 +13400,7 @@
};
yana = {
email = "yana@riseup.net";
github = "alpakido";
github = "sowelisuwi";
githubId = 1643293;
name = "Yana Timoshenko";
};
@ -13754,6 +13981,16 @@
github = "zeri42";
githubId = 68825133;
};
zoedsoupe = {
github = "zoedsoupe";
githubId = 44469426;
name = "Zoey de Souza Pessanha";
email = "zoey.spessanha@outlook.com";
keys = [{
longkeyid = "rsa4096/0x1E1E889CDBD6A315";
fingerprint = "EAA1 51DB 472B 0122 109A CB17 1E1E 889C DBD6 A315";
}];
};
zombiezen = {
name = "Ross Light";
email = "ross@zombiezen.com";
@ -13817,4 +14054,16 @@
fingerprint = "3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE";
}];
};
ameer = {
name = "Ameer Taweel";
email = "ameertaweel2002@gmail.com";
github = "AmeerTaweel";
githubId = 20538273;
};
nigelgbanks = {
name = "Nigel Banks";
email = "nigel.g.banks@gmail.com";
github = "nigelgbanks";
githubId = 487373;
};
}

2
maintainers/scripts/luarocks-packages.csv
View file

@ -68,7 +68,7 @@ luautf8,,,,,,pstn
luazip,,,,,,
lua-yajl,,,,,,pstn
luuid,,,,,,
luv,,,,1.42.0-0,,
luv,,,,1.43.0-0,,
lyaml,,,,,,lblasc
markdown,,,,,,
mediator_lua,,,,,,

1 name src ref server version luaversion maintainers
68 luazip
69 lua-yajl pstn
70 luuid
71 luv 1.42.0-0 1.43.0-0
72 lyaml lblasc
73 markdown
74 mediator_lua

116
maintainers/scripts/pluginupdate.py
View file

@ -1,4 +1,4 @@
# Used by pkgs/misc/vim-plugins/update.py and pkgs/applications/editors/kakoune/plugins/update.py
# Used by pkgs/applications/editors/vim/plugins/update.py and pkgs/applications/editors/kakoune/plugins/update.py
# format:
# $ nix run nixpkgs.python3Packages.black -c black update.py
@ -73,9 +73,13 @@ def retry(ExceptionToCheck: Any, tries: int = 4, delay: float = 3, backoff: floa
return deco_retry
@dataclass
class FetchConfig:
proc: int
github_token: str
def make_request(url: str) -> urllib.request.Request:
token = os.getenv("GITHUB_API_TOKEN")
def make_request(url: str, token=None) -> urllib.request.Request:
headers = {}
if token is not None:
headers["Authorization"] = f"token {token}"
@ -90,6 +94,7 @@ class Repo:
self.branch = branch
self.alias = alias
self.redirect: Dict[str, str] = {}
self.token = "dummy_token"
@property
def name(self):
@ -132,10 +137,11 @@ class Repo:
class RepoGitHub(Repo):
def __init__(
self, owner: str, repo: str, branch: str, alias: Optional[str]
self, owner: str, repo: str, branch: str, alias: Optional[str]
) -> None:
self.owner = owner
self.repo = repo
self.token = None
'''Url to the repo'''
super().__init__(self.url(""), branch, alias)
log.debug("Instantiating github repo %s/%s", self.owner, self.repo)
@ -150,7 +156,7 @@ class RepoGitHub(Repo):
@retry(urllib.error.URLError, tries=4, delay=3, backoff=2)
def has_submodules(self) -> bool:
try:
req = make_request(self.url(f"blob/{self.branch}/.gitmodules"))
req = make_request(self.url(f"blob/{self.branch}/.gitmodules"), self.token)
urllib.request.urlopen(req, timeout=10).close()
except urllib.error.HTTPError as e:
if e.code == 404:
@ -162,7 +168,7 @@ class RepoGitHub(Repo):
@retry(urllib.error.URLError, tries=4, delay=3, backoff=2)
def latest_commit(self) -> Tuple[str, datetime]:
commit_url = self.url(f"commits/{self.branch}.atom")
commit_req = make_request(commit_url)
commit_req = make_request(commit_url, self.token)
with urllib.request.urlopen(commit_req, timeout=10) as req:
self._check_for_redirect(commit_url, req)
xml = req.read()
@ -291,15 +297,41 @@ class Editor:
"""To fill the cache"""
return get_current_plugins(self)
def load_plugin_spec(self, plugin_file) -> List[PluginDesc]:
return load_plugin_spec(plugin_file)
def load_plugin_spec(self, config: FetchConfig, plugin_file) -> List[PluginDesc]:
plugins = []
with open(plugin_file) as f:
for line in f:
if line.startswith("#"):
continue
plugin = parse_plugin_line(config, line)
plugins.append(plugin)
return plugins
def generate_nix(self, plugins, outfile: str):
'''Returns nothing for now, writes directly to outfile'''
raise NotImplementedError()
def get_update(self, input_file: str, outfile: str, proc: int):
return get_update(input_file, outfile, proc, editor=self)
def get_update(self, input_file: str, outfile: str, config: FetchConfig):
cache: Cache = Cache(self.get_current_plugins(), self.cache_file)
_prefetch = functools.partial(prefetch, cache=cache)
def update() -> dict:
plugin_names = self.load_plugin_spec(config, input_file)
try:
pool = Pool(processes=config.proc)
results = pool.map(_prefetch, plugin_names)
finally:
cache.store()
plugins, redirects = check_results(results)
self.generate_nix(plugins, outfile)
return redirects
return update
@property
def attr_path(self):
@ -345,7 +377,15 @@ class Editor:
dest="proc",
type=int,
default=30,
help="Number of concurrent processes to spawn. Export GITHUB_API_TOKEN allows higher values.",
help="Number of concurrent processes to spawn. Setting --github-token allows higher values.",
)
parser.add_argument(
"--github-token",
"-t",
type=str,
default=os.getenv("GITHUB_API_TOKEN"),
help="""Allows to set --proc to higher values.
Uses GITHUB_API_TOKEN environment variables as the default value.""",
)
parser.add_argument(
"--no-commit", "-n", action="store_true", default=False,
@ -414,8 +454,8 @@ def prefetch_plugin(
)
def fetch_plugin_from_pluginline(plugin_line: str) -> Plugin:
plugin, _ = prefetch_plugin(parse_plugin_line(plugin_line))
def fetch_plugin_from_pluginline(config: FetchConfig, plugin_line: str) -> Plugin:
plugin, _ = prefetch_plugin(parse_plugin_line(config, plugin_line))
return plugin
@ -465,7 +505,7 @@ def make_repo(uri, branch, alias) -> Repo:
repo = Repo(uri.strip(), branch, alias)
return repo
def parse_plugin_line(line: str) -> PluginDesc:
def parse_plugin_line(config: FetchConfig, line: str) -> PluginDesc:
branch = "HEAD"
alias = None
uri = line
@ -476,21 +516,11 @@ def parse_plugin_line(line: str) -> PluginDesc:
uri, branch = uri.split("@")
repo = make_repo(uri.strip(), branch.strip(), alias)
repo.token = config.github_token
return PluginDesc(repo, branch.strip(), alias)
def load_plugin_spec(plugin_file: str) -> List[PluginDesc]:
plugins = []
with open(plugin_file) as f:
for line in f:
if line.startswith("#"):
continue
plugin = parse_plugin_line(line)
plugins.append(plugin)
return plugins
def get_cache_path(cache_file_name: str) -> Optional[Path]:
xdg_cache = os.environ.get("XDG_CACHE_HOME", None)
if xdg_cache is None:
@ -556,6 +586,7 @@ def prefetch(
def rewrite_input(
config: FetchConfig,
input_file: Path,
deprecated: Path,
redirects: Dict[str, str] = None,
@ -573,8 +604,8 @@ def rewrite_input(
with open(deprecated, "r") as f:
deprecations = json.load(f)
for old, new in redirects.items():
old_plugin = fetch_plugin_from_pluginline(old)
new_plugin = fetch_plugin_from_pluginline(new)
old_plugin = fetch_plugin_from_pluginline(config, old)
new_plugin = fetch_plugin_from_pluginline(config, new)
if old_plugin.normalized_name != new_plugin.normalized_name:
deprecations[old_plugin.normalized_name] = {
"new": new_plugin.normalized_name,
@ -600,40 +631,21 @@ def commit(repo: git.Repo, message: str, files: List[Path]) -> None:
print("no changes in working tree to commit")
def get_update(input_file: str, outfile: str, proc: int, editor: Editor):
cache: Cache = Cache(editor.get_current_plugins(), editor.cache_file)
_prefetch = functools.partial(prefetch, cache=cache)
def update() -> dict:
plugin_names = editor.load_plugin_spec(input_file)
try:
pool = Pool(processes=proc)
results = pool.map(_prefetch, plugin_names)
finally:
cache.store()
plugins, redirects = check_results(results)
editor.generate_nix(plugins, outfile)
return redirects
return update
def update_plugins(editor: Editor, args):
"""The main entry function of this module. All input arguments are grouped in the `Editor`."""
log.setLevel(LOG_LEVELS[args.debug])
log.info("Start updating plugins")
update = editor.get_update(args.input_file, args.outfile, args.proc)
fetch_config = FetchConfig(args.proc, args.github_token)
update = editor.get_update(args.input_file, args.outfile, fetch_config)
redirects = update()
editor.rewrite_input(args.input_file, editor.deprecated, redirects)
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, redirects)
autocommit = not args.no_commit
nixpkgs_repo = None
if autocommit:
nixpkgs_repo = git.Repo(editor.root, search_parent_directories=True)
commit(nixpkgs_repo, f"{editor.attr_path}: update", [args.outfile])
@ -648,9 +660,9 @@ def update_plugins(editor: Editor, args):
)
for plugin_line in args.add_plugins:
editor.rewrite_input(args.input_file, editor.deprecated, append=(plugin_line + "\n",))
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, append=(plugin_line + "\n",))
update()
plugin = fetch_plugin_from_pluginline(plugin_line)
plugin = fetch_plugin_from_pluginline(fetch_config, plugin_line)
if autocommit:
commit(
nixpkgs_repo,

202
maintainers/scripts/remove-old-aliases.py Executable file
View file

@ -0,0 +1,202 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ ])" nix
"""
A program to remove old aliases or convert old aliases to throws
Example usage:
./maintainers/scripts/remove-old-aliases.py --year 2018 --file ./pkgs/top-level/aliases.nix
Check this file with mypy after every change!
$ mypy --strict maintainers/scripts/remove-old-aliases.py
"""
import argparse
import shutil
import subprocess
from datetime import date as datetimedate
from datetime import datetime
from pathlib import Path
def process_args() -> argparse.Namespace:
"""process args"""
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument(
"--year", required=True, type=int, help="operate on aliases older than $year"
)
arg_parser.add_argument(
"--month",
type=int,
default=1,
help="operate on aliases older than $year-$month",
)
arg_parser.add_argument("--file", required=True, type=Path, help="alias file")
arg_parser.add_argument(
"--dry-run", action="store_true", help="don't modify files, only print results"
)
return arg_parser.parse_args()
def get_date_lists(
txt: list[str], cutoffdate: datetimedate
) -> tuple[list[str], list[str], list[str]]:
"""get a list of lines in which the date is older than $cutoffdate"""
date_older_list: list[str] = []
date_older_throw_list: list[str] = []
date_sep_line_list: list[str] = []
for lineno, line in enumerate(txt, start=1):
line = line.rstrip()
my_date = None
for string in line.split():
string = string.strip(":")
try:
# strip ':' incase there is a string like 2019-11-01:
my_date = datetime.strptime(string, "%Y-%m-%d").date()
except ValueError:
try:
my_date = datetime.strptime(string, "%Y-%m").date()
except ValueError:
continue
if my_date is None or my_date > cutoffdate:
continue
if "=" not in line:
date_sep_line_list.append(f"{lineno} {line}")
# 'if' lines could be complicated
elif "if " in line and "if =" not in line:
print(f"RESOLVE MANUALLY {line}")
elif "throw" in line:
date_older_throw_list.append(line)
else:
date_older_list.append(line)
return (
date_older_list,
date_sep_line_list,
date_older_throw_list,
)
def convert_to_throw(date_older_list: list[str]) -> list[tuple[str, str]]:
"""convert a list of lines to throws"""
converted_list = []
for line in date_older_list.copy():
indent: str = " " * (len(line) - len(line.lstrip()))
before_equal = ""
after_equal = ""
try:
before_equal, after_equal = (x.strip() for x in line.split("=", maxsplit=2))
except ValueError as err:
print(err, line, "\n")
date_older_list.remove(line)
continue
alias = before_equal.strip()
after_equal_list = [x.strip(";:") for x in after_equal.split()]
converted = (
f"{indent}{alias} = throw \"'{alias}' has been renamed to/replaced by"
f" '{after_equal_list.pop(0)}'\";"
f' # Converted to throw {datetime.today().strftime("%Y-%m-%d")}'
)
converted_list.append((line, converted))
return converted_list
def generate_text_to_write(
txt: list[str],
date_older_list: list[str],
converted_to_throw: list[tuple[str, str]],
date_older_throw_list: list[str],
) -> list[str]:
"""generate a list of text to be written to the aliasfile"""
text_to_write: list[str] = []
for line in txt:
text_to_append: str = ""
if converted_to_throw:
for tupl in converted_to_throw:
if line == tupl[0]:
text_to_append = f"{tupl[1]}\n"
if line not in date_older_list and line not in date_older_throw_list:
text_to_append = f"{line}\n"
if text_to_append:
text_to_write.append(text_to_append)
return text_to_write
def write_file(
aliasfile: Path,
text_to_write: list[str],
) -> None:
"""write file"""
temp_aliasfile = Path(f"{aliasfile}.raliases")
with open(temp_aliasfile, "w", encoding="utf-8") as far:
for line in text_to_write:
far.write(line)
print("\nChecking the syntax of the new aliasfile")
try:
subprocess.run(
["nix-instantiate", "--eval", temp_aliasfile],
check=True,
stdout=subprocess.DEVNULL,
)
except subprocess.CalledProcessError:
print(
"\nSyntax check failed,",
"there may have been a line which only has\n"
'aliasname = "reason why";\n'
"when it should have been\n"
'aliasname = throw "reason why";',
)
temp_aliasfile.unlink()
return
shutil.move(f"{aliasfile}.raliases", aliasfile)
print(f"{aliasfile} modified! please verify with 'git diff'.")
def main() -> None:
"""main"""
args = process_args()
aliasfile = Path(args.file).absolute()
cutoffdate = (datetime.strptime(f"{args.year}-{args.month}-01", "%Y-%m-%d")).date()
txt: list[str] = (aliasfile.read_text(encoding="utf-8")).splitlines()
date_older_list: list[str] = []
date_sep_line_list: list[str] = []
date_older_throw_list: list[str] = []
date_older_list, date_sep_line_list, date_older_throw_list = get_date_lists(
txt, cutoffdate
)
converted_to_throw: list[tuple[str, str]] = []
converted_to_throw = convert_to_throw(date_older_list)
if date_older_list:
print(" Will be converted to throws. ".center(100, "-"))
for l_n in date_older_list:
print(l_n)
if date_older_throw_list:
print(" Will be removed. ".center(100, "-"))
for l_n in date_older_throw_list:
print(l_n)
if date_sep_line_list:
print(" On separate line, resolve manually. ".center(100, "-"))
for l_n in date_sep_line_list:
print(l_n)
if not args.dry_run:
text_to_write = generate_text_to_write(
txt, date_older_list, converted_to_throw, date_older_throw_list
)
write_file(aliasfile, text_to_write)
if __name__ == "__main__":
main()

13
maintainers/scripts/update-luarocks-packages
View file

@ -25,8 +25,8 @@ from pathlib import Path
log = logging.getLogger()
log.addHandler(logging.StreamHandler())
ROOT = Path(os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))).parent.parent
from pluginupdate import Editor, update_plugins, PluginDesc, CleanEnvironment, LOG_LEVELS, Cache
ROOT = Path(os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))).parent.parent # type: ignore
from pluginupdate import Editor, update_plugins, FetchConfig, CleanEnvironment
PKG_LIST="maintainers/scripts/luarocks-packages.csv"
TMP_FILE="$(mktemp)"
@ -118,7 +118,7 @@ class LuaEditor(Editor):
def attr_path(self):
return "luaPackages"
def get_update(self, input_file: str, outfile: str, proc: int):
def get_update(self, input_file: str, outfile: str, config: FetchConfig):
_prefetch = generate_pkg_nix
def update() -> dict:
@ -126,14 +126,14 @@ class LuaEditor(Editor):
sorted_plugin_specs = sorted(plugin_specs, key=lambda v: v.name.lower())
try:
pool = Pool(processes=proc)
pool = Pool(processes=config.proc)
results = pool.map(_prefetch, sorted_plugin_specs)
finally:
pass
self.generate_nix(results, outfile)
redirects = []
redirects = {}
return redirects
return update
@ -181,11 +181,9 @@ def generate_pkg_nix(plug: LuaPlugin):
cmd.append(plug.version)
#
if plug.server != "src" and plug.server:
cmd.append(f"--only-server={plug.server}")
if plug.luaversion:
with CleanEnvironment():
local_pkgs = str(ROOT.resolve())
@ -209,7 +207,6 @@ def main():
parser = editor.create_parser()
args = parser.parse_args()
log.setLevel(LOG_LEVELS[args.debug])
update_plugins(editor, args)

2
maintainers/scripts/update.nix
View file

@ -147,7 +147,7 @@ let
to run update script for specific package, or
% nix-shell maintainers/scripts/update.nix --arg predicate '(path: pkg: builtins.isList pkg.updateScript && builtins.length pkg.updateScript >= 1 && (let script = builtins.head pkg.updateScript; in builtins.isAttrs script && script.name == "gnome-update-script"))'
% nix-shell maintainers/scripts/update.nix --arg predicate '(path: pkg: pkg.updateScript.name or null == "gnome-update-script")'
to run update script for all packages matching given predicate, or

4
maintainers/scripts/update.py
View file

@ -88,6 +88,10 @@ async def commit_changes(name: str, merge_lock: asyncio.Lock, worktree: str, bra
async with merge_lock:
await check_subprocess('git', 'add', *change['files'], cwd=worktree)
commit_message = '{attrPath}: {oldVersion}{newVersion}'.format(**change)
if 'commitMessage' in change:
commit_message = change['commitMessage']
elif 'commitBody' in change:
commit_message = commit_message + '\n\n' + change['commitBody']
await check_subprocess('git', 'commit', '--quiet', '-m', commit_message, cwd=worktree)
await check_subprocess('git', 'cherry-pick', branch)

12
maintainers/team-list.nix
View file

@ -50,6 +50,7 @@ with lib.maintainers; {
DianaOlympos
gleber
happysalada
minijackson
yurrriq
];
scope = "Maintain BEAM-related packages and modules.";
@ -64,7 +65,6 @@ with lib.maintainers; {
chia = {
members = [
atemu
lourkeur
];
scope = "Maintain the Chia blockchain and its dependencies";
@ -214,7 +214,6 @@ with lib.maintainers; {
mguentner
ekleog
ralith
mjlbach
dandellion
sumnerevans
];
@ -223,7 +222,7 @@ with lib.maintainers; {
openstack = {
members = [
angustrau
emilytrau
SuperSandro2000
];
scope = "Maintain the ecosystem around OpenStack";
@ -278,6 +277,13 @@ with lib.maintainers; {
scope = "Maintain SageMath and the dependencies that are likely to break it.";
};
sphinx = {
members = [
SuperSandro2000
];
scope = "Maintain Sphinx related packages.";
};
serokell = {
# Verify additions by approval of an already existing member of the team.
members = [

72
nixos/doc/manual/development/activation-script.section.md Normal file
View file

@ -0,0 +1,72 @@
# Activation script {#sec-activation-script}
The activation script is a bash script called to activate the new
configuration which resides in a NixOS system in `$out/activate`. Since its
contents depend on your system configuration, the contents may differ.
This chapter explains how the script works in general and some common NixOS
snippets. Please be aware that the script is executed on every boot and system
switch, so tasks that can be performed in other places should be performed
there (for example letting a directory of a service be created by systemd using
mechanisms like `StateDirectory`, `CacheDirectory`, ... or if that's not
possible using `preStart` of the service).
Activation scripts are defined as snippets using
[](#opt-system.activationScripts). They can either be a simple multiline string
or an attribute set that can depend on other snippets. The builder for the
activation script will take these dependencies into account and order the
snippets accordingly. As a simple example:
```nix
system.activationScripts.my-activation-script = {
deps = [ "etc" ];
# supportsDryActivation = true;
text = ''
echo "Hallo i bims"
'';
};
```
This example creates an activation script snippet that is run after the `etc`
snippet. The special variable `supportsDryActivation` can be set so the snippet
is also run when `nixos-rebuild dry-activate` is run. To differentiate between
real and dry activation, the `$NIXOS_ACTION` environment variable can be
read which is set to `dry-activate` when a dry activation is done.
An activation script can write to special files instructing
`switch-to-configuration` to restart/reload units. The script will take these
requests into account and will incorperate the unit configuration as described
above. This means that the activation script will "fake" a modified unit file
and `switch-to-configuration` will act accordingly. By doing so, configuration
like [systemd.services.\<name\>.restartIfChanged](#opt-systemd.services) is
respected. Since the activation script is run **after** services are already
stopped, [systemd.services.\<name\>.stopIfChanged](#opt-systemd.services)
cannot be taken into account anymore and the unit is always restarted instead
of being stopped and started afterwards.
The files that can be written to are `/run/nixos/activation-restart-list` and
`/run/nixos/activation-reload-list` with their respective counterparts for
dry activation being `/run/nixos/dry-activation-restart-list` and
`/run/nixos/dry-activation-reload-list`. Those files can contain
newline-separated lists of unit names where duplicates are being ignored. These
files are not create automatically and activation scripts must take the
possiblility into account that they have to create them first.
## NixOS snippets {#sec-activation-script-nixos-snippets}
There are some snippets NixOS enables by default because disabling them would
most likely break you system. This section lists a few of them and what they
do:
- `binsh` creates `/bin/sh` which points to the runtime shell
- `etc` sets up the contents of `/etc`, this includes systemd units and
excludes `/etc/passwd`, `/etc/group`, and `/etc/shadow` (which are managed by
the `users` snippet)
- `hostname` sets the system's hostname in the kernel (not in `/etc`)
- `modprobe` sets the path to the `modprobe` binary for module auto-loading
- `nix` prepares the nix store and adds a default initial channel
- `specialfs` is responsible for mounting filesystems like `/proc` and `sys`
- `users` creates and removes users and groups by managing `/etc/passwd`,
`/etc/group` and `/etc/shadow`. This also creates home directories
- `usrbinenv` creates `/usr/bin/env`
- `var` creates some directories in `/var` that are not service-specific
- `wrappers` creates setuid wrappers like `ping` and `sudo`

1
nixos/doc/manual/development/development.xml
View file

@ -12,6 +12,7 @@
<xi:include href="../from_md/development/sources.chapter.xml" />
<xi:include href="../from_md/development/writing-modules.chapter.xml" />
<xi:include href="../from_md/development/building-parts.chapter.xml" />
<xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" />
<xi:include href="../from_md/development/writing-documentation.chapter.xml" />
<xi:include href="../from_md/development/building-nixos.chapter.xml" />
<xi:include href="../from_md/development/nixos-tests.chapter.xml" />

26
nixos/doc/manual/development/option-declarations.section.md
View file

@ -145,26 +145,26 @@ As an example, we will take the case of display managers. There is a
central display manager module for generic display manager options and a
module file per display manager backend (sddm, gdm \...).
There are two approach to this module structure:
There are two approaches we could take with this module structure:
- Managing the display managers independently by adding an enable
- Configuring the display managers independently by adding an enable
option to every display manager module backend. (NixOS)
- Managing the display managers in the central module by adding an
option to select which display manager backend to use.
- Configuring the display managers in the central module by adding
an option to select which display manager backend to use.
Both approaches have problems.
Making backends independent can quickly become hard to manage. For
display managers, there can be only one enabled at a time, but the type
system can not enforce this restriction as there is no relation between
each backend `enable` option. As a result, this restriction has to be
done explicitely by adding assertions in each display manager backend
module.
display managers, there can only be one enabled at a time, but the
type system cannot enforce this restriction as there is no relation
between each backend's `enable` option. As a result, this restriction
has to be done explicitly by adding assertions in each display manager
backend module.
On the other hand, managing the display managers backends in the central
module will require to change the central module option every time a new
backend is added or removed.
On the other hand, managing the display manager backends in the
central module will require changing the central module option every
time a new backend is added or removed.
By using extensible option types, it is possible to create a placeholder
option in the central module
@ -175,7 +175,7 @@ and to extend it in each backend module
As a result, `displayManager.enable` option values can be added without
changing the main service module file and the type system automatically
enforce that there can only be a single display manager enabled.
enforces that there can only be a single display manager enabled.
::: {#ex-option-declaration-eot-service .example}
::: {.title}

24
nixos/doc/manual/development/option-types.section.md
View file

@ -16,9 +16,9 @@ merging is handled.
`types.path`
: A filesystem path, defined as anything that when coerced to a string
starts with a slash. Even if derivations can be considered as path,
the more specific `types.package` should be preferred.
: A filesystem path is anything that starts with a slash when
coerced to a string. Even if derivations can be considered as
paths, the more specific `types.package` should be preferred.
`types.package`
@ -63,6 +63,24 @@ merging is handled.
```
:::
`types.raw`
: A type which doesn't do any checking, merging or nested evaluation. It
accepts a single arbitrary value that is not recursed into, making it
useful for values coming from outside the module system, such as package
sets or arbitrary data. Options of this type are still evaluated according
to priorities and conditionals, so `mkForce`, `mkIf` and co. still work on
the option value itself, but not for any value nested within it. This type
should only be used when checking, merging and nested evaluation are not
desirable.
`types.optionType`
: The type of an option's type. Its merging operation ensures that nested
options have the correct file location annotated, and that if possible,
multiple option definitions are correctly merged together. The main use
case is as the type of the `_module.freeformType` option.
`types.attrs`
: A free-form attribute set.

4
nixos/doc/manual/development/running-nixos-tests.section.md
View file

@ -24,8 +24,8 @@ After building/downloading all required dependencies, this will perform
a build that starts a QEMU/KVM virtual machine containing a NixOS
system. The virtual machine mounts the Nix store of the host; this makes
VM creation very fast, as no disk image needs to be created. Afterwards,
you can view a pretty-printed log of the test:
you can view a log of the test:
```ShellSession
$ firefox result/log.html
$ nix-store --read-log result
```

45
nixos/doc/manual/development/settings-options.section.md
View file

@ -66,6 +66,45 @@ have a predefined type and string generator already declared under
and returning a set with TOML-specific attributes `type` and
`generate` as specified [below](#pkgs-formats-result).
`pkgs.formats.elixirConf { elixir ? pkgs.elixir }`
: A function taking an attribute set with values
`elixir`
: The Elixir package which will be used to format the generated output
It returns a set with Elixir-Config-specific attributes `type`, `lib`, and
`generate` as specified [below](#pkgs-formats-result).
The `lib` attribute contains functions to be used in settings, for
generating special Elixir values:
`mkRaw elixirCode`
: Outputs the given string as raw Elixir code
`mkGetEnv { envVariable, fallback ? null }`
: Makes the configuration fetch an environment variable at runtime
`mkAtom atom`
: Outputs the given string as an Elixir atom, instead of the default
Elixir binary string. Note: lowercase atoms still needs to be prefixed
with `:`
`mkTuple array`
: Outputs the given array as an Elixir tuple, instead of the default
Elixir list
`mkMap attrset`
: Outputs the given attribute set as an Elixir map, instead of the
default Elixir keyword list
::: {#pkgs-formats-result}
These functions all return an attribute set with these values:
:::
@ -74,6 +113,12 @@ These functions all return an attribute set with these values:
: A module system type representing a value of the format
`lib`
: Utility functions for convenience, or special interactions with the format.
This attribute is optional. It may contain inside a `types` attribute
containing types specific to this format.
`generate` *`filename jsonValue`*
: A function that can render a value of the format to a file. Returns

58
nixos/doc/manual/development/unit-handling.section.md Normal file
View file

@ -0,0 +1,58 @@
# Unit handling {#sec-unit-handling}
To figure out what units need to be started/stopped/restarted/reloaded, the
script first checks the current state of the system, similar to what `systemctl
list-units` shows. For each of the units, the script goes through the following
checks:
- Is the unit file still in the new system? If not, **stop** the service unless
it sets `X-StopOnRemoval` in the `[Unit]` section to `false`.
- Is it a `.target` unit? If so, **start** it unless it sets
`RefuseManualStart` in the `[Unit]` section to `true` or `X-OnlyManualStart`
in the `[Unit]` section to `true`. Also **stop** the unit again unless it
sets `X-StopOnReconfiguration` to `false`.
- Are the contents of the unit files different? They are compared by parsing
them and comparing their contents. If they are different but only
`X-Reload-Triggers` in the `[Unit]` section is changed, **reload** the unit.
The NixOS module system allows setting these triggers with the option
[systemd.services.\<name\>.reloadTriggers](#opt-systemd.services). If the
unit files differ in any way, the following actions are performed:
- `.path` and `.slice` units are ignored. There is no need to restart them
since changes in their values are applied by systemd when systemd is
reloaded.
- `.mount` units are **reload**ed. These mostly come from the `/etc/fstab`
parser.
- `.socket` units are currently ignored. This is to be fixed at a later
point.
- The rest of the units (mostly `.service` units) are then **reload**ed if
`X-ReloadIfChanged` in the `[Service]` section is set to `true` (exposed
via [systemd.services.\<name\>.reloadIfChanged](#opt-systemd.services)).
- If the reload flag is not set, some more flags decide if the unit is
skipped. These flags are `X-RestartIfChanged` in the `[Service]` section
(exposed via
[systemd.services.\<name\>.restartIfChanged](#opt-systemd.services)),
`RefuseManualStop` in the `[Unit]` section, and `X-OnlyManualStart` in the
`[Unit]` section.
- Further behavior depends on the unit having `X-StopIfChanged` in the
`[Service]` section set to `true` (exposed via
[systemd.services.\<name\>.stopIfChanged](#opt-systemd.services)). This is
set to `true` by default and must be explicitly turned off if not wanted.
If the flag is enabled, the unit is **stop**ped and then **start**ed. If
not, the unit is **restart**ed. The goal of the flag is to make sure that
the new unit never runs in the old environment which is still in place
before the activation script is run. This behavior is different when the
service is socket-activated, as outlined in the following steps.
- The last thing that is taken into account is whether the unit is a service
and socket-activated. If `X-StopIfChanged` is **not** set, the service
is **restart**ed with the others. If it is set, both the service and the
socket are **stop**ped and the socket is **start**ed, leaving socket
activation to start the service when it's needed.

53
nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md Normal file
View file

@ -0,0 +1,53 @@
# What happens during a system switch? {#sec-switching-systems}
Running `nixos-rebuild switch` is one of the more common tasks under NixOS.
This chapter explains some of the internals of this command to make it simpler
for new module developers to configure their units correctly and to make it
easier to understand what is happening and why for curious administrators.
`nixos-rebuild`, like many deployment solutions, calls `switch-to-configuration`
which resides in a NixOS system at `$out/bin/switch-to-configuration`. The
script is called with the action that is to be performed like `switch`, `test`,
`boot`. There is also the `dry-activate` action which does not really perform
the actions but rather prints what it would do if you called it with `test`.
This feature can be used to check what service states would be changed if the
configuration was switched to.
If the action is `switch` or `boot`, the bootloader is updated first so the
configuration will be the next one to boot. Unless `NIXOS_NO_SYNC` is set to
`1`, `/nix/store` is synced to disk.
If the action is `switch` or `test`, the currently running system is inspected
and the actions to switch to the new system are calculated. This process takes
two data sources into account: `/etc/fstab` and the current systemd status.
Mounts and swaps are read from `/etc/fstab` and the corresponding actions are
generated. If a new mount is added, for example, the proper `.mount` unit is
marked to be started. The current systemd state is inspected, the difference
between the current system and the desired configuration is calculated and
actions are generated to get to this state. There are a lot of nuances that can
be controlled by the units which are explained here.
After calculating what should be done, the actions are carried out. The order
of actions is always the same:
- Stop units (`systemctl stop`)
- Run activation script (`$out/activate`)
- See if the activation script requested more units to restart
- Restart systemd if needed (`systemd daemon-reexec`)
- Forget about the failed state of units (`systemctl reset-failed`)
- Reload systemd (`systemctl daemon-reload`)
- Reload systemd user instances (`systemctl --user daemon-reload`)
- Set up tmpfiles (`systemd-tmpfiles --create`)
- Reload units (`systemctl reload`)
- Restart units (`systemctl restart`)
- Start units (`systemctl start`)
- Inspect what changed during these actions and print units that failed and
that were newly started
Most of these actions are either self-explaining but some of them have to do
with our units or the activation script. For this reason, these topics are
explained in the next sections.
```{=docbook}
<xi:include href="unit-handling.section.xml" />
<xi:include href="activation-script.section.xml" />
```

150
nixos/doc/manual/from_md/development/activation-script.section.xml Normal file
View file

@ -0,0 +1,150 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-activation-script">
<title>Activation script</title>
<para>
The activation script is a bash script called to activate the new
configuration which resides in a NixOS system in
<literal>$out/activate</literal>. Since its contents depend on your
system configuration, the contents may differ. This chapter explains
how the script works in general and some common NixOS snippets.
Please be aware that the script is executed on every boot and system
switch, so tasks that can be performed in other places should be
performed there (for example letting a directory of a service be
created by systemd using mechanisms like
<literal>StateDirectory</literal>,
<literal>CacheDirectory</literal>, … or if thats not possible using
<literal>preStart</literal> of the service).
</para>
<para>
Activation scripts are defined as snippets using
<xref linkend="opt-system.activationScripts" />. They can either be
a simple multiline string or an attribute set that can depend on
other snippets. The builder for the activation script will take
these dependencies into account and order the snippets accordingly.
As a simple example:
</para>
<programlisting language="bash">
system.activationScripts.my-activation-script = {
deps = [ &quot;etc&quot; ];
# supportsDryActivation = true;
text = ''
echo &quot;Hallo i bims&quot;
'';
};
</programlisting>
<para>
This example creates an activation script snippet that is run after
the <literal>etc</literal> snippet. The special variable
<literal>supportsDryActivation</literal> can be set so the snippet
is also run when <literal>nixos-rebuild dry-activate</literal> is
run. To differentiate between real and dry activation, the
<literal>$NIXOS_ACTION</literal> environment variable can be read
which is set to <literal>dry-activate</literal> when a dry
activation is done.
</para>
<para>
An activation script can write to special files instructing
<literal>switch-to-configuration</literal> to restart/reload units.
The script will take these requests into account and will
incorperate the unit configuration as described above. This means
that the activation script will <quote>fake</quote> a modified unit
file and <literal>switch-to-configuration</literal> will act
accordingly. By doing so, configuration like
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.restartIfChanged</link>
is respected. Since the activation script is run
<emphasis role="strong">after</emphasis> services are already
stopped,
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.stopIfChanged</link>
cannot be taken into account anymore and the unit is always
restarted instead of being stopped and started afterwards.
</para>
<para>
The files that can be written to are
<literal>/run/nixos/activation-restart-list</literal> and
<literal>/run/nixos/activation-reload-list</literal> with their
respective counterparts for dry activation being
<literal>/run/nixos/dry-activation-restart-list</literal> and
<literal>/run/nixos/dry-activation-reload-list</literal>. Those
files can contain newline-separated lists of unit names where
duplicates are being ignored. These files are not create
automatically and activation scripts must take the possiblility into
account that they have to create them first.
</para>
<section xml:id="sec-activation-script-nixos-snippets">
<title>NixOS snippets</title>
<para>
There are some snippets NixOS enables by default because disabling
them would most likely break you system. This section lists a few
of them and what they do:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>binsh</literal> creates <literal>/bin/sh</literal>
which points to the runtime shell
</para>
</listitem>
<listitem>
<para>
<literal>etc</literal> sets up the contents of
<literal>/etc</literal>, this includes systemd units and
excludes <literal>/etc/passwd</literal>,
<literal>/etc/group</literal>, and
<literal>/etc/shadow</literal> (which are managed by the
<literal>users</literal> snippet)
</para>
</listitem>
<listitem>
<para>
<literal>hostname</literal> sets the systems hostname in the
kernel (not in <literal>/etc</literal>)
</para>
</listitem>
<listitem>
<para>
<literal>modprobe</literal> sets the path to the
<literal>modprobe</literal> binary for module auto-loading
</para>
</listitem>
<listitem>
<para>
<literal>nix</literal> prepares the nix store and adds a
default initial channel
</para>
</listitem>
<listitem>
<para>
<literal>specialfs</literal> is responsible for mounting
filesystems like <literal>/proc</literal> and
<literal>sys</literal>
</para>
</listitem>
<listitem>
<para>
<literal>users</literal> creates and removes users and groups
by managing <literal>/etc/passwd</literal>,
<literal>/etc/group</literal> and
<literal>/etc/shadow</literal>. This also creates home
directories
</para>
</listitem>
<listitem>
<para>
<literal>usrbinenv</literal> creates
<literal>/usr/bin/env</literal>
</para>
</listitem>
<listitem>
<para>
<literal>var</literal> creates some directories in
<literal>/var</literal> that are not service-specific
</para>
</listitem>
<listitem>
<para>
<literal>wrappers</literal> creates setuid wrappers like
<literal>ping</literal> and <literal>sudo</literal>
</para>
</listitem>
</itemizedlist>
</section>
</section>

29
nixos/doc/manual/from_md/development/option-declarations.section.xml
View file

@ -215,21 +215,22 @@ lib.mkOption {
manager backend (sddm, gdm ...).
</para>
<para>
There are two approach to this module structure:
There are two approaches we could take with this module
structure:
</para>
<itemizedlist>
<listitem>
<para>
Managing the display managers independently by adding an
enable option to every display manager module backend.
(NixOS)
Configuring the display managers independently by adding
an enable option to every display manager module
backend. (NixOS)
</para>
</listitem>
<listitem>
<para>
Managing the display managers in the central module by
adding an option to select which display manager backend
to use.
Configuring the display managers in the central module
by adding an option to select which display manager
backend to use.
</para>
</listitem>
</itemizedlist>
@ -238,16 +239,16 @@ lib.mkOption {
</para>
<para>
Making backends independent can quickly become hard to
manage. For display managers, there can be only one enabled
at a time, but the type system can not enforce this
restriction as there is no relation between each backend
manage. For display managers, there can only be one enabled
at a time, but the type system cannot enforce this
restriction as there is no relation between each backends
<literal>enable</literal> option. As a result, this
restriction has to be done explicitely by adding assertions
restriction has to be done explicitly by adding assertions
in each display manager backend module.
</para>
<para>
On the other hand, managing the display managers backends in
the central module will require to change the central module
On the other hand, managing the display manager backends in
the central module will require changing the central module
option every time a new backend is added or removed.
</para>
<para>
@ -268,7 +269,7 @@ lib.mkOption {
<para>
As a result, <literal>displayManager.enable</literal> option
values can be added without changing the main service module
file and the type system automatically enforce that there
file and the type system automatically enforces that there
can only be a single display manager enabled.
</para>
<anchor xml:id="ex-option-declaration-eot-service" />

41
nixos/doc/manual/from_md/development/option-types.section.xml
View file

@ -30,10 +30,10 @@
</term>
<listitem>
<para>
A filesystem path, defined as anything that when coerced to
a string starts with a slash. Even if derivations can be
considered as path, the more specific
<literal>types.package</literal> should be preferred.
A filesystem path is anything that starts with a slash when
coerced to a string. Even if derivations can be considered
as paths, the more specific <literal>types.package</literal>
should be preferred.
</para>
</listitem>
</varlistentry>
@ -92,6 +92,39 @@
</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>types.raw</literal>
</term>
<listitem>
<para>
A type which doesnt do any checking, merging or nested
evaluation. It accepts a single arbitrary value that is not
recursed into, making it useful for values coming from
outside the module system, such as package sets or arbitrary
data. Options of this type are still evaluated according to
priorities and conditionals, so <literal>mkForce</literal>,
<literal>mkIf</literal> and co. still work on the option
value itself, but not for any value nested within it. This
type should only be used when checking, merging and nested
evaluation are not desirable.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>types.optionType</literal>
</term>
<listitem>
<para>
The type of an options type. Its merging operation ensures
that nested options have the correct file location
annotated, and that if possible, multiple option definitions
are correctly merged together. The main use case is as the
type of the <literal>_module.freeformType</literal> option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>types.attrs</literal>

4
nixos/doc/manual/from_md/development/running-nixos-tests.section.xml
View file

@ -26,9 +26,9 @@ machine: QEMU running (pid 8841)
perform a build that starts a QEMU/KVM virtual machine containing a
NixOS system. The virtual machine mounts the Nix store of the host;
this makes VM creation very fast, as no disk image needs to be
created. Afterwards, you can view a pretty-printed log of the test:
created. Afterwards, you can view a log of the test:
</para>
<programlisting>
$ firefox result/log.html
$ nix-store --read-log result
</programlisting>
</section>

104
nixos/doc/manual/from_md/development/settings-options.section.xml
View file

@ -137,6 +137,97 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>pkgs.formats.elixirConf { elixir ? pkgs.elixir }</literal>
</term>
<listitem>
<para>
A function taking an attribute set with values
</para>
<variablelist>
<varlistentry>
<term>
<literal>elixir</literal>
</term>
<listitem>
<para>
The Elixir package which will be used to format the
generated output
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
It returns a set with Elixir-Config-specific attributes
<literal>type</literal>, <literal>lib</literal>, and
<literal>generate</literal> as specified
<link linkend="pkgs-formats-result">below</link>.
</para>
<para>
The <literal>lib</literal> attribute contains functions to
be used in settings, for generating special Elixir values:
</para>
<variablelist>
<varlistentry>
<term>
<literal>mkRaw elixirCode</literal>
</term>
<listitem>
<para>
Outputs the given string as raw Elixir code
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>mkGetEnv { envVariable, fallback ? null }</literal>
</term>
<listitem>
<para>
Makes the configuration fetch an environment variable
at runtime
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>mkAtom atom</literal>
</term>
<listitem>
<para>
Outputs the given string as an Elixir atom, instead of
the default Elixir binary string. Note: lowercase
atoms still needs to be prefixed with
<literal>:</literal>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>mkTuple array</literal>
</term>
<listitem>
<para>
Outputs the given array as an Elixir tuple, instead of
the default Elixir list
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>mkMap attrset</literal>
</term>
<listitem>
<para>
Outputs the given attribute set as an Elixir map,
instead of the default Elixir keyword list
</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
</variablelist>
<para xml:id="pkgs-formats-result">
These functions all return an attribute set with these values:
@ -152,6 +243,19 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>lib</literal>
</term>
<listitem>
<para>
Utility functions for convenience, or special interactions
with the format. This attribute is optional. It may contain
inside a <literal>types</literal> attribute containing types
specific to this format.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>generate</literal>

125
nixos/doc/manual/from_md/development/unit-handling.section.xml Normal file
View file

@ -0,0 +1,125 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-unit-handling">
<title>Unit handling</title>
<para>
To figure out what units need to be
started/stopped/restarted/reloaded, the script first checks the
current state of the system, similar to what
<literal>systemctl list-units</literal> shows. For each of the
units, the script goes through the following checks:
</para>
<itemizedlist>
<listitem>
<para>
Is the unit file still in the new system? If not,
<emphasis role="strong">stop</emphasis> the service unless it
sets <literal>X-StopOnRemoval</literal> in the
<literal>[Unit]</literal> section to <literal>false</literal>.
</para>
</listitem>
<listitem>
<para>
Is it a <literal>.target</literal> unit? If so,
<emphasis role="strong">start</emphasis> it unless it sets
<literal>RefuseManualStart</literal> in the
<literal>[Unit]</literal> section to <literal>true</literal> or
<literal>X-OnlyManualStart</literal> in the
<literal>[Unit]</literal> section to <literal>true</literal>.
Also <emphasis role="strong">stop</emphasis> the unit again
unless it sets <literal>X-StopOnReconfiguration</literal> to
<literal>false</literal>.
</para>
</listitem>
<listitem>
<para>
Are the contents of the unit files different? They are compared
by parsing them and comparing their contents. If they are
different but only <literal>X-Reload-Triggers</literal> in the
<literal>[Unit]</literal> section is changed,
<emphasis role="strong">reload</emphasis> the unit. The NixOS
module system allows setting these triggers with the option
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadTriggers</link>.
If the unit files differ in any way, the following actions are
performed:
</para>
<itemizedlist>
<listitem>
<para>
<literal>.path</literal> and <literal>.slice</literal> units
are ignored. There is no need to restart them since changes
in their values are applied by systemd when systemd is
reloaded.
</para>
</listitem>
<listitem>
<para>
<literal>.mount</literal> units are
<emphasis role="strong">reload</emphasis>ed. These mostly
come from the <literal>/etc/fstab</literal> parser.
</para>
</listitem>
<listitem>
<para>
<literal>.socket</literal> units are currently ignored. This
is to be fixed at a later point.
</para>
</listitem>
<listitem>
<para>
The rest of the units (mostly <literal>.service</literal>
units) are then <emphasis role="strong">reload</emphasis>ed
if <literal>X-ReloadIfChanged</literal> in the
<literal>[Service]</literal> section is set to
<literal>true</literal> (exposed via
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadIfChanged</link>).
</para>
</listitem>
<listitem>
<para>
If the reload flag is not set, some more flags decide if the
unit is skipped. These flags are
<literal>X-RestartIfChanged</literal> in the
<literal>[Service]</literal> section (exposed via
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.restartIfChanged</link>),
<literal>RefuseManualStop</literal> in the
<literal>[Unit]</literal> section, and
<literal>X-OnlyManualStart</literal> in the
<literal>[Unit]</literal> section.
</para>
</listitem>
<listitem>
<para>
Further behavior depends on the unit having
<literal>X-StopIfChanged</literal> in the
<literal>[Service]</literal> section set to
<literal>true</literal> (exposed via
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.stopIfChanged</link>).
This is set to <literal>true</literal> by default and must
be explicitly turned off if not wanted. If the flag is
enabled, the unit is
<emphasis role="strong">stop</emphasis>ped and then
<emphasis role="strong">start</emphasis>ed. If not, the unit
is <emphasis role="strong">restart</emphasis>ed. The goal of
the flag is to make sure that the new unit never runs in the
old environment which is still in place before the
activation script is run. This behavior is different when
the service is socket-activated, as outlined in the
following steps.
</para>
</listitem>
<listitem>
<para>
The last thing that is taken into account is whether the
unit is a service and socket-activated. If
<literal>X-StopIfChanged</literal> is
<emphasis role="strong">not</emphasis> set, the service is
<emphasis role="strong">restart</emphasis>ed with the
others. If it is set, both the service and the socket are
<emphasis role="strong">stop</emphasis>ped and the socket is
<emphasis role="strong">start</emphasis>ed, leaving socket
activation to start the service when its needed.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>

122
nixos/doc/manual/from_md/development/what-happens-during-a-system-switch.chapter.xml Normal file
View file

@ -0,0 +1,122 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="sec-switching-systems">
<title>What happens during a system switch?</title>
<para>
Running <literal>nixos-rebuild switch</literal> is one of the more
common tasks under NixOS. This chapter explains some of the
internals of this command to make it simpler for new module
developers to configure their units correctly and to make it easier
to understand what is happening and why for curious administrators.
</para>
<para>
<literal>nixos-rebuild</literal>, like many deployment solutions,
calls <literal>switch-to-configuration</literal> which resides in a
NixOS system at <literal>$out/bin/switch-to-configuration</literal>.
The script is called with the action that is to be performed like
<literal>switch</literal>, <literal>test</literal>,
<literal>boot</literal>. There is also the
<literal>dry-activate</literal> action which does not really perform
the actions but rather prints what it would do if you called it with
<literal>test</literal>. This feature can be used to check what
service states would be changed if the configuration was switched
to.
</para>
<para>
If the action is <literal>switch</literal> or
<literal>boot</literal>, the bootloader is updated first so the
configuration will be the next one to boot. Unless
<literal>NIXOS_NO_SYNC</literal> is set to <literal>1</literal>,
<literal>/nix/store</literal> is synced to disk.
</para>
<para>
If the action is <literal>switch</literal> or
<literal>test</literal>, the currently running system is inspected
and the actions to switch to the new system are calculated. This
process takes two data sources into account:
<literal>/etc/fstab</literal> and the current systemd status. Mounts
and swaps are read from <literal>/etc/fstab</literal> and the
corresponding actions are generated. If a new mount is added, for
example, the proper <literal>.mount</literal> unit is marked to be
started. The current systemd state is inspected, the difference
between the current system and the desired configuration is
calculated and actions are generated to get to this state. There are
a lot of nuances that can be controlled by the units which are
explained here.
</para>
<para>
After calculating what should be done, the actions are carried out.
The order of actions is always the same:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Stop units (<literal>systemctl stop</literal>)
</para>
</listitem>
<listitem>
<para>
Run activation script (<literal>$out/activate</literal>)
</para>
</listitem>
<listitem>
<para>
See if the activation script requested more units to restart
</para>
</listitem>
<listitem>
<para>
Restart systemd if needed
(<literal>systemd daemon-reexec</literal>)
</para>
</listitem>
<listitem>
<para>
Forget about the failed state of units
(<literal>systemctl reset-failed</literal>)
</para>
</listitem>
<listitem>
<para>
Reload systemd (<literal>systemctl daemon-reload</literal>)
</para>
</listitem>
<listitem>
<para>
Reload systemd user instances
(<literal>systemctl --user daemon-reload</literal>)
</para>
</listitem>
<listitem>
<para>
Set up tmpfiles (<literal>systemd-tmpfiles --create</literal>)
</para>
</listitem>
<listitem>
<para>
Reload units (<literal>systemctl reload</literal>)
</para>
</listitem>
<listitem>
<para>
Restart units (<literal>systemctl restart</literal>)
</para>
</listitem>
<listitem>
<para>
Start units (<literal>systemctl start</literal>)
</para>
</listitem>
<listitem>
<para>
Inspect what changed during these actions and print units that
failed and that were newly started
</para>
</listitem>
</itemizedlist>
<para>
Most of these actions are either self-explaining but some of them
have to do with our units or the activation script. For this reason,
these topics are explained in the next sections.
</para>
<xi:include href="unit-handling.section.xml" />
<xi:include href="activation-script.section.xml" />
</chapter>

4
nixos/doc/manual/from_md/installation/installing-pxe.section.xml
View file

@ -7,11 +7,11 @@
<para>
These instructions assume that you have an existing PXE or iPXE
infrastructure and simply want to add the NixOS installer as another
option. To build the necessary files from a recent version of
option. To build the necessary files from your current version of
nixpkgs, you can run:
</para>
<programlisting>
nix-build -A netboot.x86_64-linux nixos/release.nix
nix-build -A netboot.x86_64-linux '&lt;nixpkgs/nixos/release.nix&gt;'
</programlisting>
<para>
This will create a <literal>result</literal> directory containing: *

33
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
View file

@ -26,8 +26,26 @@
</listitem>
<listitem>
<para>
<literal>iptables</literal> now uses
<literal>nf_tables</literal> backend.
<literal>iptables</literal> is now using
<literal>nf_tables</literal> under the hood, by using
<literal>iptables-nft</literal>, similar to
<link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link>
and
<link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>.
This means, <literal>ip[6]tables</literal>,
<literal>arptables</literal> and <literal>ebtables</literal>
commands will actually show rules from some specific tables in
the <literal>nf_tables</literal> kernel subsystem.
</para>
</listitem>
<listitem>
<para>
systemd got an <literal>nftables</literal> backend, and
configures (networkd) rules in their own
<literal>io.systemd.*</literal> tables. Check
<literal>nft list ruleset</literal> to see these rules, not
<literal>iptables-save</literal> (which only shows
<literal>iptables</literal>-created rules.
</para>
</listitem>
<listitem>
@ -1429,6 +1447,17 @@ Superuser created successfully.
knob.
</para>
</listitem>
<listitem>
<para>
<literal>/usr</literal> will always be included in the initial
ramdisk. See the
<literal>fileSystems.&lt;name&gt;.neededForBoot</literal>
option. If any files exist under <literal>/usr</literal>
(which is not typical for NixOS), they will be included in the
initial ramdisk, increasing its size to a possibly problematic
extent.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-notable-changes">

470
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -42,6 +42,26 @@
upgrade notes</link>.
</para>
</listitem>
<listitem>
<para>
systemd services can now set
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadTriggers</link>
instead of <literal>reloadIfChanged</literal> for a more
granular distinction between reloads and restarts.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://kops.sigs.k8s.io"><literal>kops</literal></link>
defaults to 1.22.4, which will enable
<link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">Instance
Metadata Service Version 2</link> and require tokens on new
clusters with Kubernetes 1.22. This will increase security by
default, but may break some types of workloads. See the
<link xlink:href="https://kops.sigs.k8s.io/releases/1.22-notes/">release
notes</link> for details.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-new-services">
@ -90,7 +110,7 @@
<link xlink:href="https://frrouting.org/">FRRouting</link>, a
popular suite of Internet routing protocol daemons (BGP, BFD,
OSPF, IS-IS, VVRP and others). Available as
<link linkend="opt-services.ffr.babel.enable">services.frr</link>
<link linkend="opt-services.frr.babel.enable">services.frr</link>
</para>
</listitem>
<listitem>
@ -100,6 +120,13 @@
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://snowflake.torproject.org/">snowflake-proxy</link>,
a system to defeat internet censorship. Available as
<link xlink:href="options.html#opt-services.snowflake-proxy.enable">services.snowflake-proxy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://ergo.chat">ergochat</link>, a modern
@ -114,6 +141,21 @@
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>,
an admin interface for the PostgreSQL database. Available at
<link xlink:href="options.html#opt-services.pgadmin.enable">services.pgadmin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>,
an easy to use tool to change the mapping of your input device
buttons. Available at
<link xlink:href="options.html#opt-services.input-remapper.enable">services.input-remapper</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://invoiceplane.com">InvoicePlane</link>,
@ -129,6 +171,15 @@
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.scorchworks.com/K40whisperer/k40whisperer.html">K40-Whisperer</link>,
a program to control cheap Chinese laser cutters. Available as
<link xlink:href="options.html#opt-programs.k4-whisperer.enable">programs.k40-whisperer.enable</link>.
Users must add themselves to the <literal>k40</literal> group
to be able to access the device.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>,
@ -144,6 +195,14 @@
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/mbrubeck/agate">agate</link>,
a very simple server for the Gemini hypertext protocol.
Available as
<link xlink:href="options.html#opt-services.agate.enable">services.agate</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>,
@ -168,6 +227,13 @@
<link linkend="opt-services.baget.enable">services.baget</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://moosefs.com">moosefs</link>, fault
tolerant petabyte distributed file system. Available as
<link linkend="opt-services.moosefs.client.enable">moosefs</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ThomasLeister/prosody-filer">prosody-filer</link>,
@ -207,6 +273,13 @@
<link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>,
fast and lightweight DNS proxy as ad-blocker for local network
with many features.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
@ -233,6 +306,36 @@
<literal>haskellPackages.callPackage</literal>).
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.ghc.withPackages</literal> as well as
<literal>haskellPackages.ghcWithPackages</literal> etc. now
needs be overridden directly, as opposed to overriding the
result of calling it. Additionally, the
<literal>withLLVM</literal> parameter has been renamed to
<literal>useLLVM</literal>. So instead of
<literal>(ghc.withPackages (p: [])).override { withLLVM = true; }</literal>,
one needs to use
<literal>(ghc.withPackages.override { useLLVM = true; }) (p: [])</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>home-assistant</literal> module now requires
users that dont want their configuration to be managed
declaratively to set
<literal>services.home-assistant.config = null;</literal>.
This is required due to the way default settings are handled
with the new settings style.
</para>
<para>
Additionally the default list of
<literal>extraComponents</literal> now includes the minimal
dependencies to successfully complete the
<link xlink:href="https://www.home-assistant.io/getting-started/onboarding/">onboarding</link>
procedure.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.emacsPackages.orgPackages</literal> is removed
@ -250,6 +353,31 @@
removed due to it being an outdated version.
</para>
</listitem>
<listitem>
<para>
<literal>services.kubernetes.scheduler.{port,address}</literal>
now set <literal>--secure-port</literal> and
<literal>--bind-address</literal> instead of
<literal>--port</literal> and <literal>--address</literal>,
since the former have been deprecated and are no longer
functional in kubernetes&gt;=1.23. Ensure that you are not
relying on the insecure behaviour before upgrading.
</para>
</listitem>
<listitem>
<para>
<literal>services.k3s.enable</literal> no longer implies
<literal>systemd.enableUnifiedCgroupHierarchy = false</literal>,
and will default to the <quote>systemd</quote> cgroup driver
when using <literal>services.k3s.docker = true</literal>. This
change may require a reboot to take effect, and k3s may not be
able to run if the boot cgroup hierarchy does not match its
configuration. The previous behavior may be retained by
explicitly setting
<literal>systemd.enableUnifiedCgroupHierarchy = false</literal>
in your configuration.
</para>
</listitem>
<listitem>
<para>
The DHCP server (<literal>services.dhcpd4</literal>,
@ -274,6 +402,116 @@
its reliance on python2.
</para>
</listitem>
<listitem>
<para>
The <literal>matrix-synapse</literal> service
(<literal>services.matrix-synapse</literal>) has been
converted to use the <literal>settings</literal> option
defined in RFC42. This means that options that are part of
your <literal>homeserver.yaml</literal> configuration, and
that were specified at the top-level of the module
(<literal>services.matrix-synapse</literal>) now need to be
moved into
<literal>services.matrix-synapse.settings</literal>. And while
not all options you may use are defined in there, they are
still supported, because you can set arbitrary values in this
freeform type.
</para>
<para>
An example to make the required migration clearer:
</para>
<para>
Before:
</para>
<programlisting language="bash">
{
services.matrix-synapse = {
enable = true;
server_name = &quot;example.com&quot;;
public_baseurl = &quot;https://example.com:8448&quot;;
enable_registration = false;
registration_shared_secret = &quot;xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut&quot;;
macaroon_secret_key = &quot;xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
listeners = [ {
port = 8448;
bind_address = &quot;&quot;;
type = &quot;http&quot;;
tls = true;
resources = [ {
names = [ &quot;client&quot; ];
compress = true;
} {
names = [ &quot;federation&quot; ];
compress = false;
} ];
} ];
};
}
</programlisting>
<para>
After:
</para>
<programlisting language="bash">
{
services.matrix-synapse = {
enable = true;
# this attribute set holds all values that go into your homeserver.yaml configuration
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
# possible values.
settings = {
server_name = &quot;example.com&quot;;
public_baseurl = &quot;https://example.com:8448&quot;;
enable_registration = false;
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
listeners = [ {
port = 8448;
bind_address = [
&quot;::&quot;
&quot;0.0.0.0&quot;
];
type = &quot;http&quot;;
tls = true;
resources = [ {
names = [ &quot;client&quot; ];
compress = true;
} {
names = [ &quot;federation&quot; ];
compress = false;
} ];
} ];
};
extraConfigFiles = [
/run/keys/matrix-synapse/secrets.yaml
];
};
}
</programlisting>
<para>
The secrets in your original config should be migrated into a
YAML file that is included via
<literal>extraConfigFiles</literal>.
</para>
<para>
Additionally a few option defaults have been synced up with
upstream default values, for example the
<literal>max_upload_size</literal> grew from
<literal>10M</literal> to <literal>50M</literal>.
</para>
</listitem>
<listitem>
<para>
The MoinMoin wiki engine
@ -310,6 +548,22 @@
<literal>writers.writePyPy2</literal> needs to be used.
</para>
</listitem>
<listitem>
<para>
<literal>buildGoModule</literal> was updated to use
<literal>go_1_17</literal>, third party derivations that
specify &gt;= go 1.17 in the main <literal>go.mod</literal>
will need to regenerate their <literal>vendorSha256</literal>
hash.
</para>
</listitem>
<listitem>
<para>
The <literal>gnome-passwordsafe</literal> package updated to
<link xlink:href="https://gitlab.gnome.org/World/secrets/-/tags/6.0">version
6.x</link> and renamed to <literal>gnome-secrets</literal>.
</para>
</listitem>
<listitem>
<para>
If you previously used
@ -318,6 +572,15 @@
<literal>virtualisation.docker.daemon.settings</literal>.
</para>
</listitem>
<listitem>
<para>
Ntopng (<literal>services.ntopng</literal>) is updated to
5.2.1 and uses a separate Redis instance if
<literal>system.stateVersion</literal> is at least
<literal>22.05</literal>. Existing setups shouldnt be
affected.
</para>
</listitem>
<listitem>
<para>
The backward compatibility in
@ -340,6 +603,13 @@
support due to python2 deprecation in nixpkgs
</para>
</listitem>
<listitem>
<para>
<literal>services.miniflux.adminCredentialFiles</literal> is
now required, instead of defaulting to
<literal>admin</literal> and <literal>password</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>autorestic</literal> package has been upgraded
@ -426,6 +696,21 @@
<literal>tilp2</literal> was removed together with its module
</para>
</listitem>
<listitem>
<para>
The F-PROT antivirus (<literal>fprot</literal> package) and
its service module were removed because it reached
<link xlink:href="https://kb.cyren.com/av-support/index.php?/Knowledgebase/Article/View/434/0/end-of-sale--end-of-life-for-f-prot-and-csam">end-of-life</link>.
</para>
</listitem>
<listitem>
<para>
<literal>bird1</literal> and its modules
<literal>services.bird</literal> as well as
<literal>services.bird6</literal> have been removed. Upgrade
to <literal>services.bird2</literal>.
</para>
</listitem>
<listitem>
<para>
The options
@ -454,6 +739,15 @@
<literal>~/.local/share/polymc/polymc.cfg</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>systemd-nspawn@.service</literal> settings have been
reverted to the default systemd behaviour. User namespaces are
now activated by default. If you want to keep running nspawn
containers without user namespaces you need to set
<literal>systemd.nspawn.&lt;name&gt;.execConfig.PrivateUsers = false</literal>
</para>
</listitem>
<listitem>
<para>
The terraform 0.12 compatibility has been removed and the
@ -472,6 +766,18 @@
directly.
</para>
</listitem>
<listitem>
<para>
The <literal>dendrite</literal> package has been upgraded from
0.5.1 to
<link xlink:href="https://github.com/matrix-org/dendrite/releases/tag/v0.6.5">0.6.5</link>.
Instances configured with split sqlite databases, which has
been the default in NixOS, require merging of the federation
sender and signing key databases. See upstream
<link xlink:href="https://github.com/matrix-org/dendrite/releases/tag/v0.6.0">release
notes</link> on version 0.6.0 for details on database changes.
</para>
</listitem>
<listitem>
<para>
The existing <literal>pkgs.opentelemetry-collector</literal>
@ -486,6 +792,13 @@
<literal>otelcorecol</literal> and enjoy a 7x smaller binary.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.pgadmin</literal> now refers to
<literal>pkgs.pgadmin4</literal>. If you still need pgadmin3,
use <literal>pkgs.pgadmin3</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
@ -514,6 +827,15 @@
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Preferring to reload instead of restarting can still
be achieved using
<literal>/run/nixos/activation-reload-list</literal>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
@ -573,6 +895,12 @@
wrapper for <literal>assert</literal> conditions.
</para>
</listitem>
<listitem>
<para>
The <literal>vpnc</literal> package has been changed to use
GnuTLS instead of OpenSSL by default for licensing reasons.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
@ -581,6 +909,83 @@
<link xlink:href="https://github.com/olimorris/onedarkpro.nvim">olimorris/onedarkpro.nvim</link>).
</para>
</listitem>
<listitem>
<para>
<literal>services.pipewire.enable</literal> will default to
enabling the WirePlumber session manager instead of
pipewire-media-session. pipewire-media-session is deprecated
by upstream and not recommended, but can still be manually
enabled by setting
<literal>services.pipewire.media-session.enable</literal> to
<literal>true</literal> and
<literal>services.pipewire.wireplumber.enable</literal> to
<literal>false</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.makeDesktopItem</literal> has been refactored to
provide a more idiomatic API. Specifically:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
All valid options as of FDO Desktop Entry specification
version 1.4 can now be passed in as explicit arguments
</para>
</listitem>
<listitem>
<para>
<literal>exec</literal> can now be null, for entries that
are not of type Application
</para>
</listitem>
<listitem>
<para>
<literal>mimeType</literal> argument is renamed to
<literal>mimeTypes</literal> for consistency
</para>
</listitem>
<listitem>
<para>
<literal>mimeTypes</literal>,
<literal>categories</literal>,
<literal>implements</literal>,
<literal>keywords</literal>, <literal>onlyShowIn</literal>
and <literal>notShowIn</literal> take lists of strings
instead of one string with semicolon separators
</para>
</listitem>
<listitem>
<para>
<literal>extraDesktopEntries</literal> renamed to
<literal>extraConfig</literal> for consistency
</para>
</listitem>
<listitem>
<para>
Actions should now be provided as an attrset
<literal>actions</literal>, the <literal>Actions</literal>
line will be autogenerated.
</para>
</listitem>
<listitem>
<para>
<literal>extraEntries</literal> is removed.
</para>
</listitem>
<listitem>
<para>
Additional validation is added both at eval time and at
build time.
</para>
</listitem>
</itemizedlist>
<para>
See the <literal>vscode</literal> package for a more detailed
example.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-notable-changes">
@ -689,6 +1094,12 @@
compatibilty, but will be removed at a later date.
</para>
</listitem>
<listitem>
<para>
<literal>programs.zsh.autosuggestions.strategy</literal> now
takes a list of strings instead of a string.
</para>
</listitem>
<listitem>
<para>
The <literal>services.unifi.openPorts</literal> option default
@ -766,6 +1177,13 @@
loaded in the initrd.
</para>
</listitem>
<listitem>
<para>
<literal>nixos-generate-config</literal> now puts the dhcp
configuration in <literal>hardware-configuration.nix</literal>
instead of <literal>configuration.nix</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>fetchFromSourcehut</literal> now allows fetching
@ -775,6 +1193,16 @@
<literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>element-desktop</literal> package now has an
<literal>useKeytar</literal> option (defaults to
<literal>true</literal>), which allows disabling
<literal>keytar</literal> and in turn
<literal>libsecret</literal> usage (which binds to native
credential managers / keychain libraries).
</para>
</listitem>
<listitem>
<para>
The option <literal>services.thelounge.plugins</literal> has
@ -790,6 +1218,14 @@
renamed to <literal>linux-firmware</literal>.
</para>
</listitem>
<listitem>
<para>
It is now possible to specify wordlists to include as handy to
access environment variables using the
<literal>config.environment.wordlist</literal> configuration
options.
</para>
</listitem>
<listitem>
<para>
The <literal>services.mbpfan</literal> module was converted to
@ -815,6 +1251,12 @@
<literal>programs.starship.settings</literal>.
</para>
</listitem>
<listitem>
<para>
The <link xlink:href="https://dino.im">Dino</link> XMPP client
was updated to 0.3, adding support for audio and video calls.
</para>
</listitem>
<listitem>
<para>
<literal>services.mattermost.plugins</literal> has been added
@ -822,6 +1264,13 @@
Plugins are automatically repackaged using autoPatchelf.
</para>
</listitem>
<listitem>
<para>
<literal>services.logrotate.enable</literal> now defaults to
true if any rotate path has been defined, and some paths have
been added by default.
</para>
</listitem>
<listitem>
<para>
The <literal>zrepl</literal> package has been updated from
@ -858,6 +1307,17 @@
warning.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link>
was added to support FCC unlock procedures. Since release
1.18.4, the ModemManager daemon no longer automatically
performs the FCC unlock procedure by default. See
<link xlink:href="https://modemmanager.org/docs/modemmanager/fcc-unlock/">the
docs</link> for more details.
</para>
</listitem>
<listitem>
<para>
<literal>programs.tmux</literal> has a new option
@ -867,6 +1327,14 @@
<literal>tmux</literal>.
</para>
</listitem>
<listitem>
<para>
The polkit service, available at
<literal>security.polkit.enable</literal>, is now disabled by
default. It will automatically be enabled through services and
desktop environments as needed.
</para>
</listitem>
</itemizedlist>
</section>
</section>

4
nixos/doc/manual/installation/installing-pxe.section.md
View file

@ -5,11 +5,11 @@ setup.
These instructions assume that you have an existing PXE or iPXE
infrastructure and simply want to add the NixOS installer as another
option. To build the necessary files from a recent version of nixpkgs,
option. To build the necessary files from your current version of nixpkgs,
you can run:
```ShellSession
nix-build -A netboot.x86_64-linux nixos/release.nix
nix-build -A netboot.x86_64-linux '<nixpkgs/nixos/release.nix>'
```
This will create a `result` directory containing: \* `bzImage` -- the

1
nixos/doc/manual/release-notes/release-notes.xml
View file

@ -8,6 +8,7 @@
This section lists the release notes for each stable version of NixOS and
current unstable revision.
</para>
<xi:include href="../from_md/release-notes/rl-2205.section.xml" />
<xi:include href="../from_md/release-notes/rl-2111.section.xml" />
<xi:include href="../from_md/release-notes/rl-2105.section.xml" />
<xi:include href="../from_md/release-notes/rl-2009.section.xml" />

13
nixos/doc/manual/release-notes/rl-2111.section.md
View file

@ -8,7 +8,15 @@ In addition to numerous new and upgraded packages, this release has the followin
- Nix has been updated to version 2.4, reference its [release notes](https://discourse.nixos.org/t/nix-2-4-released/15822) for more information on what has changed. The previous version of Nix, 2.3.16, remains available for the time being in the `nix_2_3` package.
- `iptables` now uses `nf_tables` backend.
- `iptables` is now using `nf_tables` under the hood, by using `iptables-nft`,
similar to [Debian](https://wiki.debian.org/nftables#Current_status) and
[Fedora](https://fedoraproject.org/wiki/Changes/iptables-nft-default).
This means, `ip[6]tables`, `arptables` and `ebtables` commands will actually
show rules from some specific tables in the `nf_tables` kernel subsystem.
- systemd got an `nftables` backend, and configures (networkd) rules in their
own `io.systemd.*` tables. Check `nft list ruleset` to see these rules, not
`iptables-save` (which only shows `iptables`-created rules.
- PHP now defaults to PHP 8.0, updated from 7.4.
@ -419,6 +427,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- The Linux kernel for security reasons now restricts access to BPF syscalls via `BPF_UNPRIV_DEFAULT_OFF=y`. Unprivileged access can be reenabled via the `kernel.unprivileged_bpf_disabled` sysctl knob.
- `/usr` will always be included in the initial ramdisk. See the `fileSystems.<name>.neededForBoot` option.
If any files exist under `/usr` (which is not typical for NixOS), they will be included in the initial ramdisk, increasing its size to a possibly problematic extent.
## Other Notable Changes {#sec-release-21.11-notable-changes}

197
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -17,6 +17,10 @@ In addition to numerous new and upgraded packages, this release has the followin
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
- systemd services can now set [systemd.services.\<name\>.reloadTriggers](#opt-systemd.services) instead of `reloadIfChanged` for a more granular distinction between reloads and restarts.
- [`kops`](https://kops.sigs.k8s.io) defaults to 1.22.4, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes 1.22. This will increase security by default, but may break some types of workloads. See the [release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) for details.
## New Services {#sec-release-22.05-new-services}
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
@ -29,28 +33,41 @@ In addition to numerous new and upgraded packages, this release has the followin
- [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS).
- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VVRP and others). Available as [services.frr](#opt-services.ffr.babel.enable)
- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VVRP and others). Available as [services.frr](#opt-services.frr.babel.enable)
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable).
- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](options.html#opt-services.snowflake-proxy.enable).
- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](options.html#opt-services.ergochat.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](options.html#opt-services.pgadmin.enable).
- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](options.html#opt-services.input-remapper.enable).
- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](options.html#opt-programs.k4-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device.
- [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](options.html#opt-services.mtr-exporter.enable).
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](options.html#opt-services.agate.enable).
- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](options.html#opt-services.archisteamfarm.enable).
- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable).
- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable).
- [moosefs](https://moosefs.com), fault tolerant petabyte distributed file system.
Available as [moosefs](#opt-services.moosefs.client.enable).
- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative
@ -62,6 +79,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable)
- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
@ -78,6 +97,21 @@ In addition to numerous new and upgraded packages, this release has the followin
instead to ensure cross compilation keeps working (or switch to
`haskellPackages.callPackage`).
- `pkgs.ghc.withPackages` as well as `haskellPackages.ghcWithPackages` etc.
now needs be overridden directly, as opposed to overriding the result of
calling it. Additionally, the `withLLVM` parameter has been renamed to
`useLLVM`. So instead of `(ghc.withPackages (p: [])).override { withLLVM = true; }`,
one needs to use `(ghc.withPackages.override { useLLVM = true; }) (p: [])`.
- The `home-assistant` module now requires users that don't want their
configuration to be managed declaratively to set
`services.home-assistant.config = null;`. This is required
due to the way default settings are handled with the new settings style.
Additionally the default list of `extraComponents` now includes the minimal
dependencies to successfully complete the [onboarding](https://www.home-assistant.io/getting-started/onboarding/)
procedure.
- `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated.
The packages in the top level of `pkgs.emacsPackages`, such as org and
org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and
@ -85,6 +119,12 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
- `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`.
This change may require a reboot to take effect, and k3s may not be able to run if the boot cgroup hierarchy does not match its configuration.
The previous behavior may be retained by explicitly setting `systemd.enableUnifiedCgroupHierarchy = false` in your configuration.
- The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened.
The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities.
The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed.
@ -92,6 +132,95 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42.
This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the
module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you
may use are defined in there, they are still supported, because you can set arbitrary values in this freeform type.
An example to make the required migration clearer:
Before:
```nix
{
services.matrix-synapse = {
enable = true;
server_name = "example.com";
public_baseurl = "https://example.com:8448";
enable_registration = false;
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
listeners = [ {
port = 8448;
bind_address = "";
type = "http";
tls = true;
resources = [ {
names = [ "client" ];
compress = true;
} {
names = [ "federation" ];
compress = false;
} ];
} ];
};
}
```
After:
```nix
{
services.matrix-synapse = {
enable = true;
# this attribute set holds all values that go into your homeserver.yaml configuration
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
# possible values.
settings = {
server_name = "example.com";
public_baseurl = "https://example.com:8448";
enable_registration = false;
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
listeners = [ {
port = 8448;
bind_address = [
"::"
"0.0.0.0"
];
type = "http";
tls = true;
resources = [ {
names = [ "client" ];
compress = true;
} {
names = [ "federation" ];
compress = false;
} ];
} ];
};
extraConfigFiles = [
/run/keys/matrix-synapse/secrets.yaml
];
};
}
```
The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`.
Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`.
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
@ -102,8 +231,14 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `writers.writePython2` and corresponding `writers.writePython2Bin` convenience functions to create executable Python 2 scripts in the store were removed in preparation of removal of the Python 2 interpreter.
Scripts have to be converted to Python 3 for use with `writers.writePython3` or `writers.writePyPy2` needs to be used.
- `buildGoModule` was updated to use `go_1_17`, third party derivations that specify >= go 1.17 in the main `go.mod` will need to regenerate their `vendorSha256` hash.
- The `gnome-passwordsafe` package updated to [version 6.x](https://gitlab.gnome.org/World/secrets/-/tags/6.0) and renamed to `gnome-secrets`.
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
- Ntopng (`services.ntopng`) is updated to 5.2.1 and uses a separate Redis instance if `system.stateVersion` is at least `22.05`. Existing setups shouldn't be affected.
- The backward compatibility in `services.wordpress` to configure sites with
the old interface has been removed. Please use `services.wordpress.sites`
instead.
@ -113,6 +248,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- opensmtpd-extras is no longer build with python2 scripting support due to python2 deprecation in nixpkgs
- `services.miniflux.adminCredentialFiles` is now required, instead of defaulting to `admin` and `password`.
- The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details.
- For `pkgs.python3.pkgs.ipython`, its direct dependency `pkgs.python3.pkgs.matplotlib-inline`
@ -140,16 +277,30 @@ In addition to numerous new and upgraded packages, this release has the followin
- `tilp2` was removed together with its module
- The F-PROT antivirus (`fprot` package) and its service module were removed because it
reached [end-of-life](https://kb.cyren.com/av-support/index.php?/Knowledgebase/Article/View/434/0/end-of-sale--end-of-life-for-f-prot-and-csam).
- `bird1` and its modules `services.bird` as well as `services.bird6` have been removed. Upgrade to `services.bird2`.
- The options `networking.interfaces.<name>.ipv4.routes` and `networking.interfaces.<name>.ipv6.routes` are no longer ignored when using networkd instead of the default scripted network backend by setting `networking.useNetworkd` to `true`.
- MultiMC has been replaced with the fork PolyMC due to upstream developers being hostile to 3rd party package maintainers. PolyMC removes all MultiMC branding and is aimed at providing proper 3rd party packages like the one contained in Nixpkgs. This change affects the data folder where game instances and other save and configuration files are stored. Users with existing installations should rename `~/.local/share/multimc` to `~/.local/share/polymc`. The main config file's path has also moved from `~/.local/share/multimc/multimc.cfg` to `~/.local/share/polymc/polymc.cfg`.
- `systemd-nspawn@.service` settings have been reverted to the default systemd behaviour. User namespaces are now activated by default. If you want to keep running nspawn containers without user namespaces you need to set `systemd.nspawn.<name>.execConfig.PrivateUsers = false`
- The terraform 0.12 compatibility has been removed and the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations simplified. Providers now need to be stored under
`$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>` (which mkProvider does).
This breaks back-compat so it's not possible to mix-and-match with previous versions of nixpkgs. In exchange, it now becomes possible to use the providers from [nixpkgs-terraform-providers-bin](https://github.com/numtide/nixpkgs-terraform-providers-bin) directly.
- The `dendrite` package has been upgraded from 0.5.1 to
[0.6.5](https://github.com/matrix-org/dendrite/releases/tag/v0.6.5). Instances
configured with split sqlite databases, which has been the default
in NixOS, require merging of the federation sender and signing key
databases. See upstream [release
notes](https://github.com/matrix-org/dendrite/releases/tag/v0.6.0)
on version 0.6.0 for details on database changes.
- The existing `pkgs.opentelemetry-collector` has been moved to
`pkgs.opentelemetry-collector-contrib` to match the actual source being the
"contrib" edition. `pkgs.opentelemetry-collector` is now the actual core
@ -157,6 +308,8 @@ In addition to numerous new and upgraded packages, this release has the followin
you should change the package you refer to. If you don't need them update your
commands from `otelcontribcol` to `otelcorecol` and enjoy a 7x smaller binary.
- `pkgs.pgadmin` now refers to `pkgs.pgadmin4`.
If you still need pgadmin3, use `pkgs.pgadmin3`.
- `pkgs.noto-fonts-cjk` is now deprecated in favor of `pkgs.noto-fonts-cjk-sans`
and `pkgs.noto-fonts-cjk-serif` because they each have different release
@ -166,6 +319,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- `switch-to-configuration` (the script that is run when running `nixos-rebuild switch` for example) has been reworked
* The interface that allows activation scripts to restart units has been streamlined. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
* Preferring to reload instead of restarting can still be achieved using `/run/nixos/activation-reload-list`.
* The script now uses a proper ini-file parser to parse systemd units. Some values are now only searched in one section instead of in the entire unit. This is only relevant for units that don't use the NixOS systemd moule.
* `RefuseManualStop`, `X-OnlyManualStart`, `X-StopOnRemoval`, `X-StopOnReconfiguration` are only searched in the `[Unit]` section
* `X-ReloadIfChanged`, `X-RestartIfChanged`, `X-StopIfChanged` are only searched in the `[Service]` section
@ -180,9 +334,27 @@ In addition to numerous new and upgraded packages, this release has the followin
- `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.
- The `vpnc` package has been changed to use GnuTLS instead of OpenSSL by default for licensing reasons.
- `pkgs.vimPlugins.onedark-nvim` now refers to [navarasu/onedark.nvim](https://github.com/navarasu/onedark.nvim)
(formerly refers to [olimorris/onedarkpro.nvim](https://github.com/olimorris/onedarkpro.nvim)).
- `services.pipewire.enable` will default to enabling the WirePlumber session manager instead of pipewire-media-session.
pipewire-media-session is deprecated by upstream and not recommended, but can still be manually enabled by setting
`services.pipewire.media-session.enable` to `true` and `services.pipewire.wireplumber.enable` to `false`.
- `pkgs.makeDesktopItem` has been refactored to provide a more idiomatic API. Specifically:
- All valid options as of FDO Desktop Entry specification version 1.4 can now be passed in as explicit arguments
- `exec` can now be null, for entries that are not of type Application
- `mimeType` argument is renamed to `mimeTypes` for consistency
- `mimeTypes`, `categories`, `implements`, `keywords`, `onlyShowIn` and `notShowIn` take lists of strings instead of one string with semicolon separators
- `extraDesktopEntries` renamed to `extraConfig` for consistency
- Actions should now be provided as an attrset `actions`, the `Actions` line will be autogenerated.
- `extraEntries` is removed.
- Additional validation is added both at eval time and at build time.
See the `vscode` package for a more detailed example.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Other Notable Changes {#sec-release-22.05-notable-changes}
@ -232,6 +404,8 @@ In addition to numerous new and upgraded packages, this release has the followin
combined `influxdb2` package is still provided in this release for
backwards compatibilty, but will be removed at a later date.
- `programs.zsh.autosuggestions.strategy` now takes a list of strings instead of a string.
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
Configurations using this default will print a warning when rebuilt.
@ -261,14 +435,22 @@ In addition to numerous new and upgraded packages, this release has the followin
- A new option `boot.initrd.extraModprobeConfig` has been added which can be used to configure kernel modules that are loaded in the initrd.
- `nixos-generate-config` now puts the dhcp configuration in `hardware-configuration.nix` instead of `configuration.nix`.
- `fetchFromSourcehut` now allows fetching repositories recursively
using `fetchgit` or `fetchhg` if the argument `fetchSubmodules`
is set to `true`.
- The `element-desktop` package now has an `useKeytar` option (defaults to `true`),
which allows disabling `keytar` and in turn `libsecret` usage
(which binds to native credential managers / keychain libraries).
- The option `services.thelounge.plugins` has been added to allow installing plugins for The Lounge. Plugins can be found in `pkgs.theLoungePlugins.plugins` and `pkgs.theLoungePlugins.themes`.
- The `firmwareLinuxNonfree` package has been renamed to `linux-firmware`.
- It is now possible to specify wordlists to include as handy to access environment variables using the `config.environment.wordlist` configuration options.
- The `services.mbpfan` module was converted to a [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
- The default value for `programs.spacefm.settings.graphical_su` got unset. It previously pointed to `gksu` which has been removed.
@ -276,9 +458,14 @@ In addition to numerous new and upgraded packages, this release has the followin
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
providing the options `programs.starship.enable` and `programs.starship.settings`.
- The [Dino](https://dino.im) XMPP client was updated to 0.3, adding support for audio and video calls.
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
- `services.logrotate.enable` now defaults to true if any rotate path has
been defined, and some paths have been added by default.
- The `zrepl` package has been updated from 0.4.0 to 0.5:
- The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
@ -288,6 +475,14 @@ In addition to numerous new and upgraded packages, this release has the followin
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a warning.
- The option
[services.networking.networkmanager.enableFccUnlock](#opt-networking.networkmanager.enableFccUnlock)
was added to support FCC unlock procedures. Since release 1.18.4, the ModemManager
daemon no longer automatically performs the FCC unlock procedure by default. See
[the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/) for more details.
- `programs.tmux` has a new option `plugins` that accepts a list of packages from the `tmuxPlugins` group. The specified packages are added to the system and loaded by `tmux`.
- The polkit service, available at `security.polkit.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

14
nixos/lib/eval-config.nix
View file

@ -21,6 +21,7 @@ evalConfigArgs@
, # !!! See comment about args in lib/modules.nix
specialArgs ? {}
, modules
, modulesLocation ? (builtins.unsafeGetAttrPos "modules" evalConfigArgs).file or null
, # !!! See comment about check in lib/modules.nix
check ? true
, prefix ? []
@ -74,7 +75,18 @@ let
_module.check = lib.mkDefault check;
};
};
allUserModules = modules ++ legacyModules;
allUserModules =
let
# Add the invoking file (or specified modulesLocation) as error message location
# for modules that don't have their own locations; presumably inline modules.
locatedModules =
if modulesLocation == null then
modules
else
map (lib.setDefaultModuleLocation modulesLocation) modules;
in
locatedModules ++ legacyModules;
noUserModules = evalModulesMinimal ({
inherit prefix specialArgs;

2
nixos/lib/qemu-common.nix
View file

@ -22,7 +22,7 @@ rec {
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
qemuBinary = qemuPkg: {
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu qemu64";
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu max";
armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv";

16
nixos/lib/systemd-unit-options.nix
View file

@ -201,6 +201,17 @@ in rec {
'';
};
reloadTriggers = mkOption {
default = [];
type = types.listOf unitOption;
description = ''
An arbitrary list of items such as derivations. If any item
in the list changes between reconfigurations, the service will
be reloaded. If anything but a reload trigger changes in the
unit file, the unit will be restarted instead.
'';
};
onFailure = mkOption {
default = [];
type = types.listOf unitNameType;
@ -338,6 +349,11 @@ in rec {
configuration switch if its definition has changed. If
enabled, the value of <option>restartIfChanged</option> is
ignored.
This option should not be used anymore in favor of
<option>reloadTriggers</option> which allows more granular
control of when a service is reloaded and when a service
is restarted.
'';
};

9
nixos/lib/test-driver/test_driver/machine.py
View file

@ -241,9 +241,15 @@ class LegacyStartCommand(StartCommand):
cdrom: Optional[str] = None,
usb: Optional[str] = None,
bios: Optional[str] = None,
qemuBinary: Optional[str] = None,
qemuFlags: Optional[str] = None,
):
self._cmd = "qemu-kvm -m 384"
if qemuBinary is not None:
self._cmd = qemuBinary
else:
self._cmd = "qemu-kvm"
self._cmd += " -m 384"
# networking
net_backend = "-netdev user,id=net0"
@ -381,6 +387,7 @@ class Machine:
cdrom=args.get("cdrom"),
usb=args.get("usb"),
bios=args.get("bios"),
qemuBinary=args.get("qemuBinary"),
qemuFlags=args.get("qemuFlags"),
)

5
nixos/lib/utils.nix
View file

@ -150,7 +150,8 @@ rec {
rm '${output}'
fi
inherit_errexit_restore=$(shopt -p inherit_errexit)
inherit_errexit_enabled=0
shopt -pq inherit_errexit && inherit_errexit_enabled=1
shopt -s inherit_errexit
''
+ concatStringsSep
@ -170,7 +171,7 @@ rec {
' <<'EOF'
${builtins.toJSON set}
EOF
$inherit_errexit_restore
(( ! $inherit_errexit_enabled )) && shopt -u inherit_errexit
'';
systemdUtils = {

36
nixos/modules/config/users-groups.nix
View file

@ -449,16 +449,10 @@ in {
imports = [
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
(mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
(mkChangedOptionModule
[ "security" "initialRootPassword" ]
[ "users" "users" "root" "initialHashedPassword" ]
(cfg: if cfg.security.initialRootPassword == "!"
then null
else cfg.security.initialRootPassword))
(mkRenamedOptionModule ["security" "initialRootPassword"] ["users" "users" "root" "initialHashedPassword"])
];
###### interface
options = {
users.mutableUsers = mkOption {
@ -526,6 +520,17 @@ in {
'';
};
users.allowNoPasswordLogin = mkOption {
type = types.bool;
default = false;
description = ''
Disable checking that at least the <literal>root</literal> user or a user in the <literal>wheel</literal> group can log in using
a password or an SSH key.
WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.
'';
};
};
@ -540,6 +545,7 @@ in {
home = "/root";
shell = mkDefault cfg.defaultUserShell;
group = "root";
initialHashedPassword = mkDefault "!";
};
nobody = {
uid = ids.uids.nobody;
@ -616,9 +622,11 @@ in {
# there is at least one "privileged" account that has a
# password or an SSH authorized key. Privileged accounts are
# root and users in the wheel group.
assertion = !cfg.mutableUsers ->
any id ((mapAttrsToList (_: cfg:
(cfg.name == "root"
# The check does not apply when users.disableLoginPossibilityAssertion
# The check does not apply when users.mutableUsers
assertion = !cfg.mutableUsers -> !cfg.allowNoPasswordLogin ->
any id (mapAttrsToList (name: cfg:
(name == "root"
|| cfg.group == "wheel"
|| elem "wheel" cfg.extraGroups)
&&
@ -627,12 +635,16 @@ in {
|| cfg.passwordFile != null
|| cfg.openssh.authorizedKeys.keys != []
|| cfg.openssh.authorizedKeys.keyFiles != [])
) cfg.users) ++ [
) cfg.users ++ [
config.security.googleOsLogin.enable
]);
message = ''
Neither the root account nor any wheel user has a password or SSH authorized key.
You must set one to prevent being locked out of your system.'';
You must set one to prevent being locked out of your system.
If you really want to be locked out of your system, set users.allowNoPasswordLogin = true;
However you are most probably better off by setting users.mutableUsers = true; and
manually running passwd root to set the root password.
'';
}
] ++ flatten (flip mapAttrsToList cfg.users (name: user:
[

1
nixos/modules/hardware/all-firmware.nix
View file

@ -83,6 +83,7 @@ in {
b43Firmware_5_1_138
b43Firmware_6_30_163_46
b43FirmwareCutter
xow_dongle-firmware
] ++ optional pkgs.stdenv.hostPlatform.isx86 facetimehd-firmware;
})
(mkIf cfg.wirelessRegulatoryDatabase {

4
nixos/modules/hardware/network/b43.nix
View file

@ -24,10 +24,6 @@ let kernelVersion = config.boot.kernelPackages.kernel.version; in
###### implementation
config = mkIf config.networking.enableB43Firmware {
assertions = singleton
{ assertion = lessThan 0 (builtins.compareVersions kernelVersion "3.2");
message = "b43 firmware for kernels older than 3.2 not packaged yet!";
};
hardware.firmware = [ pkgs.b43Firmware_5_1_138 ];
};

5
nixos/modules/hardware/video/capture/mwprocapture.nix
View file

@ -16,11 +16,6 @@ in
config = mkIf cfg.enable {
assertions = singleton {
assertion = versionAtLeast kernelPackages.kernel.version "3.2";
message = "Magewell Pro Capture family module is not supported for kernels older than 3.2";
};
boot.kernelModules = [ "ProCapture" ];
environment.systemPackages = [ kernelPackages.mwprocapture ];

23
nixos/modules/hardware/xone.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.xone;
in
{
options.hardware.xone = {
enable = mkEnableOption "the xone driver for Xbox One and Xbobx Series X|S accessories";
};
config = mkIf cfg.enable {
boot = {
blacklistedKernelModules = [ "xpad" "mt76x2u" ];
extraModulePackages = with config.boot.kernelPackages; [ xone ];
};
hardware.firmware = [ pkgs.xow_dongle-firmware ];
};
meta = {
maintainers = with maintainers; [ rhysmdnz ];
};
}

4
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View file

@ -10,10 +10,10 @@ with lib;
isoImage.edition = "gnome";
services.xserver.desktopManager.gnome = {
# Add firefox to favorite-apps
# Add Firefox and other tools useful for installation to the launcher
favoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'firefox.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
favorite-apps=[ 'firefox.desktop', 'nixos-manual.desktop', 'org.gnome.Terminal.desktop', 'org.gnome.Nautilus.desktop', 'gparted.desktop' ]
'';
enable = true;
};

6
nixos/modules/installer/sd-card/sd-image-aarch64.nix
View file

@ -24,6 +24,9 @@
[pi3]
kernel=u-boot-rpi3.bin
[pi02]
kernel=u-boot-rpi3.bin
[pi4]
kernel=u-boot-rpi4.bin
enable_gic=1
@ -33,6 +36,9 @@
# what the pi3 firmware does by default.
disable_overscan=1
# Supported in newer board revisions
arm_boost=1
[all]
# Boot in 64-bit mode.
arm_64bit=1

10
nixos/modules/installer/tools/nix-fallback-paths.nix
View file

@ -1,7 +1,7 @@
{
x86_64-linux = "/nix/store/67amfijcvhqfgz4bwf2izsvbnklwjbvk-nix-2.6.0";
i686-linux = "/nix/store/kinl99f619b2xsma4qnzhidbp65axyzm-nix-2.6.0";
aarch64-linux = "/nix/store/8zpm63nn7k4n1alp9a0fcilpgc8j014z-nix-2.6.0";
x86_64-darwin = "/nix/store/hw5v03wnc0k1pwgiyhblwlxb1fx5zyx8-nix-2.6.0";
aarch64-darwin = "/nix/store/669p1vjnzi56fib98qczwlaglcwcnip4-nix-2.6.0";
x86_64-linux = "/nix/store/0n2wfvi1i3fg97cjc54wslvk0804y0sn-nix-2.7.0";
i686-linux = "/nix/store/4p27c1k9z99pli6x8cxfph20yfyzn9nh-nix-2.7.0";
aarch64-linux = "/nix/store/r9yr8ijsb0gi9r7y92y3yzyld59yp0kj-nix-2.7.0";
x86_64-darwin = "/nix/store/hyfj5imsd0c4amlcjpf8l6w4q2draaj3-nix-2.7.0";
aarch64-darwin = "/nix/store/9l96qllhbb6xrsjaai76dn74ap7rq92n-nix-2.7.0";
}

3
nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
View file

@ -25,4 +25,7 @@ pkgs.runCommand "nixos-build-vms" { nativeBuildInputs = [ pkgs.makeWrapper ]; }
ln -s ${interactiveDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
wrapProgram $out/bin/nixos-test-driver \
--add-flags "--interactive"
wrapProgram $out/bin/nixos-run-vms \
--set testScript "${pkgs.writeText "start-all" "start_all(); join_all();"}" \
--add-flags "--no-interactive"
''

13
nixos/modules/installer/tools/nixos-generate-config.pl
View file

@ -279,7 +279,7 @@ if (`lsblk -o TYPE` =~ "lvm") {
push @initrdKernelModules, "dm-snapshot";
}
my $virt = `systemd-detect-virt`;
my $virt = `@detectvirt@`;
chomp $virt;
@ -398,7 +398,7 @@ foreach my $fs (read_file("/proc/self/mountinfo")) {
# Maybe this is a bind-mount of a filesystem we saw earlier?
if (defined $fsByDev{$fields[2]}) {
# Make sure this isn't a btrfs subvolume.
my $msg = `btrfs subvol show $rootDir$mountPoint`;
my $msg = `@btrfs@ subvol show $rootDir$mountPoint`;
if ($? != 0 || $msg =~ /ERROR:/s) {
my $path = $fields[3]; $path = "" if $path eq "/";
my $base = $fsByDev{$fields[2]};
@ -436,7 +436,7 @@ EOF
# Is this a btrfs filesystem?
if ($fsType eq "btrfs") {
my ($status, @info) = runCommand("btrfs subvol show $rootDir$mountPoint");
my ($status, @info) = runCommand("@btrfs@ subvol show $rootDir$mountPoint");
if ($status != 0 || join("", @info) =~ /ERROR:/) {
die "Failed to retrieve subvolume info for $mountPoint\n";
}
@ -558,6 +558,8 @@ if (!$noFilesystems) {
$fsAndSwap .= "swapDevices =" . multiLineList(" ", @swapDevices) . ";\n";
}
my $networkingDhcpConfig = generateNetworkingDhcpConfig();
my $hwConfig = <<EOF;
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
@ -572,6 +574,7 @@ my $hwConfig = <<EOF;
boot.kernelModules = [$kernelModules ];
boot.extraModulePackages = [$modulePackages ];
$fsAndSwap
$networkingDhcpConfig
${\join "", (map { " $_\n" } (uniq @attrs))}}
EOF
@ -580,13 +583,13 @@ sub generateNetworkingDhcpConfig {
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.useDHCP = lib.mkDefault false;
EOF
foreach my $path (glob "/sys/class/net/*") {
my $dev = basename($path);
if ($dev ne "lo") {
$config .= " networking.interfaces.$dev.useDHCP = true;\n";
$config .= " networking.interfaces.$dev.useDHCP = lib.mkDefault true;\n";
}
}

12
nixos/modules/installer/tools/tools.nix
View file

@ -33,8 +33,9 @@ let
nixos-generate-config = makeProg {
name = "nixos-generate-config";
src = ./nixos-generate-config.pl;
path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ];
perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl";
detectvirt = "${pkgs.systemd}/bin/systemd-detect-virt";
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
inherit (config.system.nixos-generate-config) configuration desktopConfiguration;
xserverEnabled = config.services.xserver.enable;
};
@ -133,12 +134,13 @@ in
$bootLoaderConfig
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
$networkingDhcpConfig
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@ -148,6 +150,7 @@ in
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
$xserverConfig
@ -155,7 +158,10 @@ in
$desktopConfiguration
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;

2
nixos/modules/misc/documentation.nix
View file

@ -129,7 +129,7 @@ let
genericName = "View NixOS documentation in a web browser";
icon = "nix-snowflake";
exec = "nixos-help";
categories = "System";
categories = ["System"];
};
in pkgs.symlinkJoin {

6
nixos/modules/misc/ids.nix
View file

@ -82,14 +82,14 @@ in
git = 41;
#fourstore = 42; # dropped in 20.03
#fourstorehttp = 43; # dropped in 20.03
virtuoso = 44;
#virtuoso = 44; dropped module
#rtkit = 45; # dynamically allocated 2021-09-03
dovecot2 = 46;
dovenull2 = 47;
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
#fprot = 52; # unused
# bind = 53; #dynamically allocated as of 2021-09-03
wwwrun = 54;
#adm = 55; # unused
@ -412,7 +412,7 @@ in
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
#fprot = 52; # unused
#bind = 53; # unused
wwwrun = 54;
adm = 55;

49
nixos/modules/misc/version.nix
View file

@ -1,12 +1,17 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.system.nixos;
opt = options.system.nixos;
in
inherit (lib)
concatStringsSep mapAttrsToList toLower
literalExpression mkRenamedOptionModule mkDefault mkOption trivial types;
attrsToText = attrs:
concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}="${toString v}"'') attrs);
in
{
imports = [
(mkRenamedOptionModule [ "system" "nixosVersion" ] [ "system" "nixos" "version" ])
@ -101,22 +106,30 @@ in
# Generate /etc/os-release. See
# https://www.freedesktop.org/software/systemd/man/os-release.html for the
# format.
environment.etc.os-release.text =
''
NAME=NixOS
ID=nixos
VERSION="${cfg.release} (${cfg.codeName})"
VERSION_CODENAME=${toLower cfg.codeName}
VERSION_ID="${cfg.release}"
BUILD_ID="${cfg.version}"
PRETTY_NAME="NixOS ${cfg.release} (${cfg.codeName})"
LOGO="nix-snowflake"
HOME_URL="https://nixos.org/"
DOCUMENTATION_URL="https://nixos.org/learn.html"
SUPPORT_URL="https://nixos.org/community.html"
BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues"
'';
environment.etc = {
"lsb-release".text = attrsToText {
LSB_VERSION = "${cfg.release} (${cfg.codeName})";
DISTRIB_ID = "nixos";
DISTRIB_RELEASE = cfg.release;
DISTRIB_CODENAME = toLower cfg.codeName;
DISTRIB_DESCRIPTION = "NixOS ${cfg.release} (${cfg.codeName})";
};
"os-release".text = attrsToText {
NAME = "NixOS";
ID = "nixos";
VERSION = "${cfg.release} (${cfg.codeName})";
VERSION_CODENAME = toLower cfg.codeName;
VERSION_ID = cfg.release;
BUILD_ID = cfg.version;
PRETTY_NAME = "NixOS ${cfg.release} (${cfg.codeName})";
LOGO = "nix-snowflake";
HOME_URL = "https://nixos.org/";
DOCUMENTATION_URL = "https://nixos.org/learn.html";
SUPPORT_URL = "https://nixos.org/community.html";
BUG_REPORT_URL = "https://github.com/NixOS/nixpkgs/issues";
};
};
};
# uses version info nixpkgs, which requires a full nixpkgs path

59
nixos/modules/misc/wordlist.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, lib, pkgs, ... }:
with lib;
let
concatAndSort = name: files: pkgs.runCommand name {} ''
awk 1 ${lib.escapeShellArgs files} | sed '{ /^\s*$/d; s/^\s\+//; s/\s\+$// }' | sort | uniq > $out
'';
in
{
options = {
environment.wordlist = {
enable = mkEnableOption "environment variables for lists of words";
lists = mkOption {
type = types.attrsOf (types.nonEmptyListOf types.path);
default = {
WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ];
};
defaultText = literalExpression ''
{
WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ];
}
'';
description = ''
A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing
lists of words. The various files will be merged, sorted, duplicates
removed, and extraneous spacing removed.
If you have a handful of words that you want to add to an already
existing wordlist, you may find `builtins.toFile` useful for this
task.
'';
example = literalExpression ''
{
WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ];
AUGMENTED_WORDLIST = [
"''${pkgs.scowl}/share/dict/words.txt"
"''${pkgs.scowl}/share/dict/words.variants.txt"
(builtins.toFile "extra-words" '''
desynchonization
oobleck''')
];
}
'';
};
};
};
config = mkIf config.environment.wordlist.enable {
environment.variables =
lib.mapAttrs
(name: value: "${concatAndSort "wordlist-${name}" value}")
config.environment.wordlist.lists;
};
}

26
nixos/modules/module-list.nix
View file

@ -91,6 +91,7 @@
./hardware/video/switcheroo-control.nix
./hardware/video/uvcvideo/default.nix
./hardware/video/webcam/facetimehd.nix
./hardware/xone.nix
./hardware/xpadneo.nix
./i18n/input-method/default.nix
./i18n/input-method/fcitx.nix
@ -115,6 +116,7 @@
./misc/nixpkgs.nix
./misc/passthru.nix
./misc/version.nix
./misc/wordlist.nix
./misc/nixops-autoluks.nix
./programs/adb.nix
./programs/appgate-sdp.nix
@ -166,6 +168,8 @@
./programs/iftop.nix
./programs/iotop.nix
./programs/java.nix
./programs/k40-whisperer.nix
./programs/kclock.nix
./programs/kdeconnect.nix
./programs/kbdlight.nix
./programs/less.nix
@ -252,6 +256,7 @@
./security/tpm2.nix
./services/admin/meshcentral.nix
./services/admin/oxidized.nix
./services/admin/pgadmin.nix
./services/admin/salt/master.nix
./services/admin/salt/minion.nix
./services/amqp/activemq/default.nix
@ -349,7 +354,6 @@
./services/databases/redis.nix
./services/databases/riak.nix
./services/databases/victoriametrics.nix
./services/databases/virtuoso.nix
./services/desktops/accountsservice.nix
./services/desktops/bamf.nix
./services/desktops/blueman.nix
@ -394,6 +398,7 @@
./services/development/jupyterhub/default.nix
./services/development/rstudio-server/default.nix
./services/development/lorri.nix
./services/development/zammad.nix
./services/display-managers/greetd.nix
./services/editors/emacs.nix
./services/editors/infinoted.nix
@ -450,6 +455,8 @@
./services/hardware/undervolt.nix
./services/hardware/vdr.nix
./services/hardware/xow.nix
./services/home-automation/home-assistant.nix
./services/home-automation/zigbee2mqtt.nix
./services/logging/SystemdJournal2Gelf.nix
./services/logging/awstats.nix
./services/logging/filebeat.nix
@ -494,6 +501,7 @@
./services/mail/roundcube.nix
./services/mail/sympa.nix
./services/mail/nullmailer.nix
./services/matrix/matrix-synapse.nix
./services/matrix/mjolnir.nix
./services/matrix/pantalaimon.nix
./services/misc/ananicy.nix
@ -545,8 +553,8 @@
./services/misc/headphones.nix
./services/misc/heisenbridge.nix
./services/misc/greenclip.nix
./services/misc/home-assistant.nix
./services/misc/ihaskell.nix
./services/misc/input-remapper.nix
./services/misc/irkerd.nix
./services/misc/jackett.nix
./services/misc/jellyfin.nix
@ -560,7 +568,6 @@
./services/misc/matrix-appservice-discord.nix
./services/misc/matrix-appservice-irc.nix
./services/misc/matrix-conduit.nix
./services/misc/matrix-synapse.nix
./services/misc/mautrix-facebook.nix
./services/misc/mautrix-telegram.nix
./services/misc/mbpfan.nix
@ -595,6 +602,7 @@
./services/misc/redmine.nix
./services/misc/rippled.nix
./services/misc/ripple-data-api.nix
./services/misc/rmfakecloud.nix
./services/misc/serviio.nix
./services/misc/safeeyes.nix
./services/misc/sdrplay.nix
@ -620,7 +628,6 @@
./services/misc/weechat.nix
./services/misc/xmr-stak.nix
./services/misc/xmrig.nix
./services/misc/zigbee2mqtt.nix
./services/misc/zoneminder.nix
./services/misc/zookeeper.nix
./services/monitoring/alerta.nix
@ -682,6 +689,7 @@
./services/network-filesystems/litestream/default.nix
./services/network-filesystems/netatalk.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/moosefs.nix
./services/network-filesystems/openafs/client.nix
./services/network-filesystems/openafs/server.nix
./services/network-filesystems/orangefs/server.nix
@ -715,6 +723,7 @@
./services/networking/bird.nix
./services/networking/bitlbee.nix
./services/networking/blockbook-frontend.nix
./services/networking/blocky.nix
./services/networking/charybdis.nix
./services/networking/cjdns.nix
./services/networking/cntlm.nix
@ -758,7 +767,6 @@
./services/networking/go-neb.nix
./services/networking/go-shadowsocks2.nix
./services/networking/gobgpd.nix
./services/networking/gogoclient.nix
./services/networking/gvpe.nix
./services/networking/hans.nix
./services/networking/haproxy.nix
@ -870,6 +878,7 @@
./services/networking/shorewall6.nix
./services/networking/shout.nix
./services/networking/sniproxy.nix
./services/networking/snowflake-proxy.nix
./services/networking/smartdns.nix
./services/networking/smokeping.nix
./services/networking/softether.nix
@ -894,6 +903,7 @@
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tedicross.nix
./services/networking/tetrd.nix
./services/networking/teleport.nix
./services/networking/thelounge.nix
./services/networking/tinc.nix
@ -913,6 +923,7 @@
./services/networking/vsftpd.nix
./services/networking/wasabibackend.nix
./services/networking/websockify.nix
./services/networking/wg-netmanager.nix
./services/networking/wg-quick.nix
./services/networking/wireguard.nix
./services/networking/wpa_supplicant.nix
@ -942,7 +953,6 @@
./services/security/clamav.nix
./services/security/fail2ban.nix
./services/security/fprintd.nix
./services/security/fprot.nix
./services/security/haka.nix
./services/security/haveged.nix
./services/security/hockeypuck.nix
@ -1054,6 +1064,7 @@
./services/web-apps/wordpress.nix
./services/web-apps/youtrack.nix
./services/web-apps/zabbix.nix
./services/web-servers/agate.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/caddy/default.nix
./services/web-servers/darkhttpd.nix
@ -1073,7 +1084,6 @@
./services/web-servers/phpfpm/default.nix
./services/web-servers/pomerium.nix
./services/web-servers/unit/default.nix
./services/web-servers/shellinabox.nix
./services/web-servers/tomcat.nix
./services/web-servers/traefik.nix
./services/web-servers/trafficserver/default.nix
@ -1156,7 +1166,7 @@
./system/boot/systemd-nspawn.nix
./system/boot/timesyncd.nix
./system/boot/tmp.nix
./system/etc/etc.nix
./system/etc/etc-activation.nix
./tasks/auto-upgrade.nix
./tasks/bcache.nix
./tasks/cpu-freq.nix

2
nixos/modules/programs/calls.nix
View file

@ -14,6 +14,8 @@ in {
};
config = mkIf cfg.enable {
programs.dconf.enable = true;
environment.systemPackages = [
pkgs.calls
];

40
nixos/modules/programs/command-not-found/command-not-found.pl
View file

@ -21,11 +21,24 @@ my $res = $dbh->selectall_arrayref(
"select package from Programs where system = ? and name = ?",
{ Slice => {} }, $system, $program);
if (!defined $res || scalar @$res == 0) {
my $len = !defined $res ? 0 : scalar @$res;
if ($len == 0) {
print STDERR "$program: command not found\n";
} elsif (scalar @$res == 1) {
} elsif ($len == 1) {
my $package = @$res[0]->{package};
if ($ENV{"NIX_AUTO_RUN"} // "") {
if ($ENV{"NIX_AUTO_RUN_INTERACTIVE"} // "") {
while (1) {
print STDERR "'$program' from package '$package' will be run, confirm? [yn]: ";
chomp(my $comfirm = <STDIN>);
if (lc $comfirm eq "n") {
exit 0;
} elsif (lc $comfirm eq "y") {
last;
}
}
}
exec("nix-shell", "-p", $package, "--run", shell_quote("exec", @ARGV));
} else {
print STDERR <<EOF;
@ -35,11 +48,30 @@ ephemeral shell by typing:
EOF
}
} else {
print STDERR <<EOF;
if ($ENV{"NIX_AUTO_RUN"} // "") {
print STDERR "Select a package that provides '$program':\n";
for my $i (0 .. $len - 1) {
print STDERR " [", $i + 1, "]: @$res[$i]->{package}\n";
}
my $choice = 0;
while (1) { # exec will break this loop
no warnings "numeric";
print STDERR "Your choice [1-${len}]: ";
# 0 can be invalid user input like non-number string
# so we start from 1
$choice = <STDIN> + 0;
if (1 <= $choice && $choice <= $len) {
exec("nix-shell", "-p", @$res[$choice - 1]->{package},
"--run", shell_quote("exec", @ARGV));
}
}
} else {
print STDERR <<EOF;
The program '$program' is not in your PATH. It is provided by several packages.
You can make it available in an ephemeral shell by typing one of the following:
EOF
print STDERR " nix-shell -p $_->{package}\n" foreach @$res;
print STDERR " nix-shell -p $_->{package}\n" foreach @$res;
}
}
exit 127;

4
nixos/modules/programs/firejail.nix
View file

@ -17,8 +17,8 @@ let
then value
else { executable = value; profile = null; extraArgs = []; };
args = lib.escapeShellArgs (
(optional (opts.profile != null) "--profile=${toString opts.profile}")
++ opts.extraArgs
opts.extraArgs
++ (optional (opts.profile != null) "--profile=${toString opts.profile}")
);
in
''

40
nixos/modules/programs/k40-whisperer.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.k40-whisperer;
pkg = cfg.package.override {
udevGroup = cfg.group;
};
in
{
options.programs.k40-whisperer = {
enable = mkEnableOption "K40-Whisperer";
group = mkOption {
type = types.str;
description = ''
Group assigned to the device when connected.
'';
default = "k40";
};
package = mkOption {
type = types.package;
default = pkgs.k40-whisperer;
defaultText = literalExpression "pkgs.k40-whisperer";
example = literalExpression "pkgs.k40-whisperer";
description = ''
K40 Whisperer package to use.
'';
};
};
config = mkIf cfg.enable {
users.groups.${cfg.group} = {};
environment.systemPackages = [ pkg ];
services.udev.packages = [ pkg ];
};
}

13
nixos/modules/programs/kclock.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.programs.kclock;
kclockPkg = pkgs.libsForQt5.kclock;
in {
options.programs.kclock = { enable = mkEnableOption "Enable KClock"; };
config = mkIf cfg.enable {
services.dbus.packages = [ kclockPkg ];
environment.systemPackages = [ kclockPkg ];
};
}

19
nixos/modules/programs/phosh.nix
View file

@ -8,18 +8,17 @@ let
# Based on https://source.puri.sm/Librem5/librem5-base/-/blob/4596c1056dd75ac7f043aede07887990fd46f572/default/sm.puri.OSK0.desktop
oskItem = pkgs.makeDesktopItem {
name = "sm.puri.OSK0";
type = "Application";
desktopName = "On-screen keyboard";
exec = "${pkgs.squeekboard}/bin/squeekboard";
categories = "GNOME;Core;";
extraEntries = ''
OnlyShowIn=GNOME;
NoDisplay=true
X-GNOME-Autostart-Phase=Panel
X-GNOME-Provides=inputmethod
X-GNOME-Autostart-Notify=true
X-GNOME-AutoRestart=true
'';
categories = [ "GNOME" "Core" ];
onlyShowIn = [ "GNOME" ];
noDisplay = true;
extraConfig = {
X-GNOME-Autostart-Phase = "Panel";
X-GNOME-Provides = "inputmethod";
X-GNOME-Autostart-Notify = "true";
X-GNOME-AutoRestart = "true";
};
};
phocConfigType = types.submodule {

1
nixos/modules/programs/sway.nix
View file

@ -134,6 +134,7 @@ in {
'';
};
};
security.polkit.enable = true;
security.pam.services.swaylock = {};
hardware.opengl.enable = mkDefault true;
fonts.enableDefaultFonts = mkDefault true;

21
nixos/modules/programs/zsh/zsh-autosuggestions.nix
View file

@ -22,17 +22,18 @@ in
};
strategy = mkOption {
type = types.enum [ "history" "match_prev_cmd" ];
default = "history";
type = types.listOf (types.enum [ "history" "completion" "match_prev_cmd" ]);
default = [ "history" ];
description = ''
Set ZSH_AUTOSUGGEST_STRATEGY to choose the strategy for generating suggestions.
There are currently two to choose from:
`ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated.
The strategies in the array are tried successively until a suggestion is found.
There are currently three built-in strategies to choose from:
* history: Chooses the most recent match.
* match_prev_cmd: Chooses the most recent match whose preceding history item matches
the most recently executed command (more info). Note that this strategy won't work as
expected with ZSH options that don't preserve the history order such as
HIST_IGNORE_ALL_DUPS or HIST_EXPIRE_DUPS_FIRST.
- `history`: Chooses the most recent match from history.
- `completion`: Chooses a suggestion based on what tab-completion would suggest. (requires `zpty` module)
- `match_prev_cmd`: Like `history`, but chooses the most recent match whose preceding history item matches
the most recently executed command. Note that this strategy won't work as expected with ZSH options that
don't preserve the history order such as `HIST_IGNORE_ALL_DUPS` or `HIST_EXPIRE_DUPS_FIRST`.
'';
};
@ -62,7 +63,7 @@ in
source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh
export ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="${cfg.highlightStyle}"
export ZSH_AUTOSUGGEST_STRATEGY=("${cfg.strategy}")
export ZSH_AUTOSUGGEST_STRATEGY=(${concatStringsSep " " cfg.strategy})
${optionalString (!cfg.async) "unset ZSH_AUTOSUGGEST_USE_ASYNC"}
${concatStringsSep "\n" (mapAttrsToList (key: value: ''export ${key}="${value}"'') cfg.extraConfig)}

4
nixos/modules/rename.nix
View file

@ -50,6 +50,7 @@ with lib;
(mkRemovedOptionModule [ "services" "flashpolicyd" ] "The flashpolicyd module has been removed. Adobe Flash Player is deprecated.")
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
@ -87,6 +88,9 @@ with lib;
(mkRemovedOptionModule [ "services" "racoon" ] ''
The racoon module has been removed, because the software project was abandoned upstream.
'')
(mkRemovedOptionModule [ "services" "shellinabox" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "gogoclient" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "virtuoso" ] "The corresponding package was removed from nixpkgs.")
# Do NOT add any option renames here, see top of the file
];

9
nixos/modules/security/google_oslogin.nix
View file

@ -5,7 +5,7 @@ with lib;
let
cfg = config.security.googleOsLogin;
package = pkgs.google-compute-engine-oslogin;
package = pkgs.google-guest-oslogin;
in
@ -17,7 +17,7 @@ in
type = types.bool;
default = false;
description = ''
Whether to enable Google OS Login
Whether to enable Google OS Login.
The OS Login package enables the following components:
AuthorizedKeysCommand to query valid SSH keys from the user's OS Login
@ -36,7 +36,7 @@ in
security.pam.services.sshd = {
makeHomeDir = true;
googleOsLoginAccountVerification = true;
# disabled for now: googleOsLoginAuthentication = true;
googleOsLoginAuthentication = true;
};
security.sudo.extraConfig = ''
@ -47,6 +47,9 @@ in
"d /var/google-users.d 750 root root -"
];
systemd.packages = [ package ];
systemd.timers.google-oslogin-cache.wantedBy = [ "timers.target" ];
# enable the nss module, so user lookups etc. work
system.nssModules = [ package ];
system.nssDatabases.passwd = [ "cache_oslogin" "oslogin" ];

Some files were not shown because too many files have changed in this diff Show more