dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
Eman Lear 2024-06-30 02:19:21 +08:00 committed by GitHub
commit 6c00b71662
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2644 changed files with 72202 additions and 57778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.github/CODEOWNERS vendored
View File

@ -67,6 +67,9 @@
/nixos/lib/make-disk-image.nix @raitobezarius
# Nix, the package manager
# @raitobezarius is not "code owner", but is listed here to be notified of changes
# pertaining to the Nix package manager.
# i.e. no authority over those files.
pkgs/tools/package-management/nix/ @raitobezarius
nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
@ -93,7 +96,6 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
/nixos/default.nix @infinisil
/nixos/lib/from-env.nix @infinisil
/nixos/lib/eval-config.nix @infinisil
/nixos/modules/system @dasJ
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius
@ -113,8 +115,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
/nixos/modules/system/boot/loader/systemd-boot @JulienMalka
# Images and installer media
/nixos/modules/installer/cd-dvd/ @samueldr
/nixos/modules/installer/sd-card/ @samueldr
/nixos/modules/installer/cd-dvd/
/nixos/modules/installer/sd-card/
# Updaters
## update.nix
@ -125,7 +127,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
# Python-related code and docs
/doc/languages-frameworks/python.section.md @mweinelt
/pkgs/development/interpreters/python/hooks @jonringer
/pkgs/development/interpreters/python/hooks
# Haskell
/doc/languages-frameworks/haskell.section.md @sternenseemann @maralorn @ncfavier
@ -137,9 +139,9 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
/pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn @ncfavier
# Perl
/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ @marcusramberg
/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ @marcusramberg
/pkgs/development/perl-modules @stigtsp @zakame @dasJ @marcusramberg
/pkgs/development/interpreters/perl @stigtsp @zakame @marcusramberg
/pkgs/top-level/perl-packages.nix @stigtsp @zakame @marcusramberg
/pkgs/development/perl-modules @stigtsp @zakame @marcusramberg
# R
/pkgs/applications/science/math/R @jbedo
@ -152,6 +154,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
# C compilers
/pkgs/development/compilers/gcc
/pkgs/development/compilers/llvm @RossComputerGuy
/pkgs/development/compilers/emscripten @raitobezarius
/doc/languages-frameworks/emscripten.section.md @raitobezarius
@ -259,13 +262,13 @@ nixos/modules/services/networking/networkmanager.nix @Janik-Haag
/pkgs/top-level/emacs-packages.nix @adisbladis
# Neovim
/pkgs/applications/editors/neovim @figsoda @jonringer @teto
/pkgs/applications/editors/neovim @figsoda @teto
# VimPlugins
/pkgs/applications/editors/vim/plugins @figsoda @jonringer
/pkgs/applications/editors/vim/plugins @figsoda
# VsCode Extensions
/pkgs/applications/editors/vscode/extensions @jonringer
/pkgs/applications/editors/vscode/extensions
# PHP interpreter, packages, extensions, tests and documentation
/doc/languages-frameworks/php.section.md @aanderse @drupol @globin @ma27 @talyz
@ -285,9 +288,9 @@ nixos/modules/services/networking/networkmanager.nix @Janik-Haag
/pkgs/applications/blockchains @mmahut @RaghavSood
# Go
/doc/languages-frameworks/go.section.md @kalbasit @Mic92 @zowoq
/pkgs/build-support/go @kalbasit @Mic92 @zowoq
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq
/doc/languages-frameworks/go.section.md @kalbasit @katexochen @Mic92 @zowoq
/pkgs/build-support/go @kalbasit @katexochen @Mic92 @zowoq
/pkgs/development/compilers/go @kalbasit @katexochen @Mic92 @zowoq
# GNOME
/pkgs/desktops/gnome @jtojnar
@ -310,10 +313,10 @@ nixos/modules/services/misc/forgejo.nix @adamcstephens @bendlas @emilylange
pkgs/by-name/fo/forgejo/package.nix @adamcstephens @bendlas @emilylange
# Dotnet
/pkgs/build-support/dotnet @IvarWithoutBones
/pkgs/development/compilers/dotnet @IvarWithoutBones
/pkgs/test/dotnet @IvarWithoutBones
/doc/languages-frameworks/dotnet.section.md @IvarWithoutBones
/pkgs/build-support/dotnet @corngood
/pkgs/development/compilers/dotnet @corngood
/pkgs/test/dotnet @corngood
/doc/languages-frameworks/dotnet.section.md @corngood
# Node.js
/pkgs/build-support/node/build-npm-package @lilyinstarlight @winterqt
@ -363,3 +366,15 @@ pkgs/by-name/lx/lxc* @adamcstephens
pkgs/by-name/lx/lxd* @adamcstephens
pkgs/os-specific/linux/lxc/ @adamcstephens
# ExpidusOS, Flutter
/pkgs/development/compilers/flutter @RossComputerGuy
/pkgs/desktops/expidus @RossComputerGuy
# GNU Tar & Zip
/pkgs/tools/archivers/gnutar @RossComputerGuy
/pkgs/tools/archivers/zip @RossComputerGuy
# SELinux
/pkgs/os-specific/linux/checkpolicy @RossComputerGuy
/pkgs/os-specific/linux/libselinux @RossComputerGuy
/pkgs/os-specific/linux/libsepol @RossComputerGuy

38
doc/build-helpers/special/makesetuphook.section.md
View File

@ -9,22 +9,40 @@ pkgs.makeSetupHook {
name = "something-hook";
propagatedBuildInputs = [ pkgs.commandsomething ];
depsTargetTargetPropagated = [ pkgs.libsomething ];
} ./script.sh
} ./script.sh;
```
### setup hook that depends on the hello package and runs hello and @shell@ is substituted with path to bash {#sec-pkgs.makeSetupHook-usage-example}
```nix
pkgs.makeSetupHook {
pkgs.makeSetupHook
{
name = "run-hello-hook";
propagatedBuildInputs = [ pkgs.hello ];
substitutions = { shell = "${pkgs.bash}/bin/bash"; };
passthru.tests.greeting = callPackage ./test { };
meta.platforms = lib.platforms.linux;
} (writeScript "run-hello-hook.sh" ''
#!@shell@
hello
'')
# Put dependencies here if they have hooks or necessary dependencies propagated
# otherwise prefer direct paths to executables.
propagatedBuildInputs = [
pkgs.hello
pkgs.cowsay
];
substitutions = {
shell = "${pkgs.bash}/bin/bash";
cowsay = "${pkgs.cowsay}/bin/cowsay";
};
}
(
writeScript "run-hello-hook.sh" ''
#!@shell@
# the direct path to the executable has to be here because
# this will be run when the file is sourced
# at which point '$PATH' has not yet been populated with inputs
@cowsay@ cow
_printHelloHook() {
hello
}
preConfigureHooks+=(_printHelloHook)
''
);
```
## Attributes {#sec-pkgs.makeSetupHook-attributes}

1
doc/default.nix
View File

@ -23,6 +23,7 @@ let
{ name = "fileset"; description = "file set functions"; }
{ name = "sources"; description = "source filtering functions"; }
{ name = "cli"; description = "command-line serialization functions"; }
{ name = "generators"; description = "functions that create file formats from nix data structures"; }
{ name = "gvariant"; description = "GVariant formatted string serialization functions"; }
{ name = "customisation"; description = "Functions to customise (derivation-related) functions, derivatons, or attribute sets"; }
{ name = "meta"; description = "functions for derivation metadata"; }

2
doc/functions/generators.section.md
View File

@ -54,4 +54,4 @@ merge:"diff3"
Nix store paths can be converted to strings by enclosing a derivation attribute like so: `"${drv}"`.
:::
Detailed documentation for each generator can be found in `lib/generators.nix`.
Detailed documentation for each generator can be found [here](#sec-functions-library-generators)

22
doc/languages-frameworks/android.section.md
View File

@ -232,11 +232,11 @@ In addition to prebuilt APKs, you can also bind the APK parameter to a
## Notes on environment variables in Android projects {#notes-on-environment-variables-in-android-projects}
* `ANDROID_SDK_ROOT` should point to the Android SDK. In your Nix expressions, this should be
`${androidComposition.androidsdk}/libexec/android-sdk`. Note that `ANDROID_HOME` is deprecated,
* `ANDROID_HOME` should point to the Android SDK. In your Nix expressions, this should be
`${androidComposition.androidsdk}/libexec/android-sdk`. Note that `ANDROID_SDK_ROOT` is deprecated,
but if you rely on tools that need it, you can export it too.
* `ANDROID_NDK_ROOT` should point to the Android NDK, if you're doing NDK development.
In your Nix expressions, this should be `${ANDROID_SDK_ROOT}/ndk-bundle`.
In your Nix expressions, this should be `${ANDROID_HOME}/ndk-bundle`.
If you are running the Android Gradle plugin, you need to export GRADLE_OPTS to override aapt2
to point to the aapt2 binary in the Nix store as well, or use a FHS environment so the packaged
@ -250,11 +250,11 @@ let
androidComposition = <...>;
in
pkgs.mkShell rec {
ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk";
ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle";
ANDROID_HOME = "${androidComposition.androidsdk}/libexec/android-sdk";
ANDROID_NDK_ROOT = "${ANDROID_HOME}/ndk-bundle";
# Use the same buildToolsVersion here
GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${ANDROID_SDK_ROOT}/build-tools/${buildToolsVersion}/aapt2";
GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${ANDROID_HOME}/build-tools/${buildToolsVersion}/aapt2";
}
```
@ -270,18 +270,18 @@ let
androidComposition = <...>;
in
pkgs.mkShell rec {
ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk";
ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle";
ANDROID_HOME = "${androidComposition.androidsdk}/libexec/android-sdk";
ANDROID_NDK_ROOT = "${ANDROID_HOME}/ndk-bundle";
# Use the same cmakeVersion here
shellHook = ''
export PATH="$(echo "$ANDROID_SDK_ROOT/cmake/${cmakeVersion}".*/bin):$PATH"
export PATH="$(echo "$ANDROID_HOME/cmake/${cmakeVersion}".*/bin):$PATH"
'';
}
```
Note that running Android Studio with ANDROID_SDK_ROOT set will automatically write a
`local.properties` file with `sdk.dir` set to $ANDROID_SDK_ROOT if one does not already
Note that running Android Studio with ANDROID_HOME set will automatically write a
`local.properties` file with `sdk.dir` set to $ANDROID_HOME if one does not already
exist. If you are using the NDK as well, you may have to add `ndk.dir` to this file.
An example shell.nix that does all this for you is provided in examples/shell.nix.

2
doc/languages-frameworks/dart.section.md
View File

@ -101,7 +101,7 @@ See the [Dart documentation](#ssec-dart-applications) for more details on requir
`flutter` in Nixpkgs always points to `flutterPackages.stable`, which is the latest packaged version. To avoid unforeseen breakage during upgrade, packages in Nixpkgs should use a specific flutter version, such as `flutter319` and `flutter322`, instead of using `flutter` directly.
```nix
{ flutter, fetchFromGitHub }:
{ flutter322, fetchFromGitHub }:
flutter322.buildFlutterApplication {
pname = "firmware-updater";

15
doc/languages-frameworks/dotnet.section.md
View File

@ -141,9 +141,7 @@ in buildDotnetModule rec {
src = ./.;
projectFile = "src/project.sln";
# File generated with `nix-build -A package.passthru.fetch-deps`.
# To run fetch-deps when this file does not yet exist, set nugetDeps to null
nugetDeps = ./deps.nix;
nugetDeps = ./deps.nix; # see "Generating and updating NuGet dependencies" section for details
projectReferences = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
@ -219,6 +217,12 @@ buildDotnetGlobalTool {
```
## Generating and updating NuGet dependencies {#generating-and-updating-nuget-dependencies}
When writing a new expression, you can use the generated `fetch-deps` script to initialise the lockfile.
After creating a blank `deps.nix` and pointing `nugetDeps` to it,
build the script with `nix-build -A package.fetch-deps` and then run the result.
(When the root attr is your package, it's simply `nix-build -A fetch-deps`.)
There is also a manual method:
First, restore the packages to the `out` directory, ensure you have cloned
the upstream repository and you are inside it.
@ -254,6 +258,5 @@ Finally, you move the `deps.nix` file to the appropriate location to be used by
If you ever need to update the dependencies of a package, you instead do
* `nix-build -A package.fetch-deps` to generate the update script for `package`
* Run `./result deps.nix` to regenerate the lockfile to `deps.nix`, keep in mind if a location isn't provided, it will write to a temporary path instead
* Finally, move the file where needed and look at its contents to confirm it has updated the dependencies.
* Run `./result` to regenerate the lockfile to the path passed for `nugetDeps` (keep in mind if it can't be resolved to a local path, the script will write to `$1` or a temporary path instead)
* Finally, ensure the correct file was written and the derivation can be built.

85
doc/languages-frameworks/haskell.section.md
View File

@ -21,25 +21,14 @@ Many “normal” user facing packages written in Haskell, like `niv` or `cachix
are also exposed at the top level, and there is nothing Haskell specific to
installing and using them.
All of these packages are originally defined in the `haskellPackages` package
set and are re-exposed with a reduced dependency closure for convenience.
(see `justStaticExecutables` or `separateBinOutput` below)
All of these packages are originally defined in the `haskellPackages` package set.
The same packages are re-exposed with a reduced dependency closure for convenience (see `justStaticExecutables` or `separateBinOutput` below).
The `haskellPackages` set includes at least one version of every package from
Hackage as well as some manually injected packages. This amounts to a lot of
packages, so it is hidden from `nix-env -qa` by default for performance reasons.
You can still list all packages in the set like this:
:::{.note}
See [](#chap-language-support) for techniques to explore package sets.
:::
```console
$ nix-env -f '<nixpkgs>' -qaP -A haskellPackages
haskellPackages.a50 a50-0.5
haskellPackages.AAI AAI-0.2.0.1
haskellPackages.aasam aasam-0.2.0.0
haskellPackages.abacate abacate-0.0.0.0
haskellPackages.abc-puzzle abc-puzzle-0.2.1
```
Also, the `haskellPackages` set is included on [search.nixos.org].
The `haskellPackages` set includes at least one version of every package from [Hackage](https://hackage.haskell.org/) as well as some manually injected packages.
The attribute names in `haskellPackages` always correspond with their name on
Hackage. Since Hackage allows names that are not valid Nix without escaping,
@ -49,8 +38,7 @@ For packages that are part of [Stackage] (a curated set of known to be
compatible packages), we use the version prescribed by a Stackage snapshot
(usually the current LTS one) as the default version. For all other packages we
use the latest version from [Hackage](https://hackage.org) (the repository of
basically all open source Haskell packages). See [below](#haskell-available-
versions) for a few more details on this.
basically all open source Haskell packages). See [below](#haskell-available-versions) for a few more details on this.
Roughly half of the 16K packages contained in `haskellPackages` dont actually
build and are [marked as broken semi-automatically](https://github.com/NixOS/nixpkgs/blob/haskell-updates/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml).
@ -63,68 +51,15 @@ How you can help with that is
described in [Fixing a broken package](#haskell-fixing-a-broken-package).
-->
`haskellPackages` is built with our default compiler, but we also provide other
releases of GHC and package sets built with them. You can list all available
compilers like this:
`haskellPackages` is built with our default compiler, but we also provide other releases of GHC and package sets built with them.
Available compilers are collected under `haskell.compiler`.
```console
$ nix-env -f '<nixpkgs>' -qaP -A haskell.compiler
haskell.compiler.ghc810 ghc-8.10.7
haskell.compiler.ghc90 ghc-9.0.2
haskell.compiler.ghc925 ghc-9.2.5
haskell.compiler.ghc926 ghc-9.2.6
haskell.compiler.ghc927 ghc-9.2.7
haskell.compiler.ghc92 ghc-9.2.8
haskell.compiler.ghc945 ghc-9.4.5
haskell.compiler.ghc946 ghc-9.4.6
haskell.compiler.ghc947 ghc-9.4.7
haskell.compiler.ghc94 ghc-9.4.8
haskell.compiler.ghc963 ghc-9.6.3
haskell.compiler.ghc96 ghc-9.6.4
haskell.compiler.ghc98 ghc-9.8.1
haskell.compiler.ghcHEAD ghc-9.9.20231121
haskell.compiler.ghc8107Binary ghc-binary-8.10.7
haskell.compiler.ghc865Binary ghc-binary-8.6.5
haskell.compiler.ghc924Binary ghc-binary-9.2.4
haskell.compiler.integer-simple.ghc8107 ghc-integer-simple-8.10.7
haskell.compiler.integer-simple.ghc810 ghc-integer-simple-8.10.7
haskell.compiler.native-bignum.ghc90 ghc-native-bignum-9.0.2
haskell.compiler.native-bignum.ghc902 ghc-native-bignum-9.0.2
haskell.compiler.native-bignum.ghc925 ghc-native-bignum-9.2.5
haskell.compiler.native-bignum.ghc926 ghc-native-bignum-9.2.6
haskell.compiler.native-bignum.ghc927 ghc-native-bignum-9.2.7
haskell.compiler.native-bignum.ghc92 ghc-native-bignum-9.2.8
haskell.compiler.native-bignum.ghc928 ghc-native-bignum-9.2.8
haskell.compiler.native-bignum.ghc945 ghc-native-bignum-9.4.5
haskell.compiler.native-bignum.ghc946 ghc-native-bignum-9.4.6
haskell.compiler.native-bignum.ghc947 ghc-native-bignum-9.4.7
haskell.compiler.native-bignum.ghc94 ghc-native-bignum-9.4.8
haskell.compiler.native-bignum.ghc948 ghc-native-bignum-9.4.8
haskell.compiler.native-bignum.ghc963 ghc-native-bignum-9.6.3
haskell.compiler.native-bignum.ghc96 ghc-native-bignum-9.6.4
haskell.compiler.native-bignum.ghc964 ghc-native-bignum-9.6.4
haskell.compiler.native-bignum.ghc98 ghc-native-bignum-9.8.1
haskell.compiler.native-bignum.ghc981 ghc-native-bignum-9.8.1
haskell.compiler.native-bignum.ghcHEAD ghc-native-bignum-9.9.20231121
haskell.compiler.ghcjs ghcjs-8.10.7
```
Each of those compiler versions has a corresponding attribute set built using
Each of those compiler versions has a corresponding attribute set `packages` built with
it. However, the non-standard package sets are not tested regularly and, as a
result, contain fewer working packages. The corresponding package set for GHC
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` is just an alias
for `haskell.packages.ghc964`:
```console
$ nix-env -f '<nixpkgs>' -qaP -A haskell.packages.ghc927
haskell.packages.ghc927.a50 a50-0.5
haskell.packages.ghc927.AAI AAI-0.2.0.1
haskell.packages.ghc927.aasam aasam-0.2.0.0
haskell.packages.ghc927.abacate abacate-0.0.0.0
haskell.packages.ghc927.abc-puzzle abc-puzzle-0.2.1
```
Every package set also re-exposes the GHC used to build its packages as `haskell.packages.*.ghc`.
### Available package versions {#haskell-available-versions}

8
doc/languages-frameworks/idris2.section.md
View File

@ -19,7 +19,7 @@ let lspLibPkg = idris2Packages.buildIdris {
};
idrisLibraries = [ ];
};
in lspLibPkg.library
in lspLibPkg.library { withSource = true; }
```
The above results in a derivation with the installed library results (with sourcecode).
@ -30,6 +30,7 @@ A slightly more involved example of a fully packaged executable would be the [`i
# Assuming the previous example lives in `lsp-lib.nix`:
let lspLib = callPackage ./lsp-lib.nix { };
inherit (idris2Packages) idris2Api;
lspPkg = idris2Packages.buildIdris {
ipkgName = "idris2-lsp";
src = fetchFromGitHub {
@ -38,10 +39,9 @@ let lspLib = callPackage ./lsp-lib.nix { };
rev = "main";
hash = "sha256-vQTzEltkx7uelDtXOHc6QRWZ4cSlhhm5ziOqWA+aujk=";
};
idrisLibraries = [(idris2Packages.idris2Api { }) (lspLib { })];
idrisLibraries = [idris2Api lspLib];
};
in lspPkg.executable
```
The above uses the default value of `withSource = false` for both of the two required Idris libraries that the `idris2-lsp` executable depends on. `idris2Api` in the above derivation comes built in with `idris2Packages`. This library exposes many of the otherwise internal APIs of the Idris2 compiler.
The above uses the default value of `withSource = false` for the `idris2Api` but could be modified to include that library's source by passing `(idris2Api { withSource = true; })` to `idrisLibraries` instead. `idris2Api` in the above derivation comes built in with `idris2Packages`. This library exposes many of the otherwise internal APIs of the Idris2 compiler.

48
doc/languages-frameworks/index.md
View File

@ -2,6 +2,54 @@
The [standard build environment](#chap-stdenv) makes it easy to build typical Autotools-based packages with very little code. Any other kind of package can be accommodated by overriding the appropriate phases of `stdenv`. However, there are specialised functions in Nixpkgs to easily build packages for other programming languages, such as Perl or Haskell. These are described in this chapter.
Each supported language or software ecosystem has its own package set named `<language or ecosystem>Packages`, which can be explored in various ways:
- Search on [search.nixos.org](https://search.nixos.org/packages)
For example, search for [`haskellPackages`](https://search.nixos.org/packages?query=haskellPackages) or [`rubyPackages`](https://search.nixos.org/packages?query=rubyPackages).
- Navigate attribute sets with [`nix repl`](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-repl).
This technique is generally useful to inspect Nix language data structures.
:::{.example #example-navigte-nix-repl}
# Navigate Java compiler variants in `javaPackages` with `nix repl`
```shell-session
$ nix repl '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable
nix-repl> javaPackages.<tab>
javaPackages.compiler javaPackages.openjfx15 javaPackages.openjfx21 javaPackages.recurseForDerivations
javaPackages.jogl_2_4_0 javaPackages.openjfx17 javaPackages.openjfx22
javaPackages.mavenfod javaPackages.openjfx19 javaPackages.override
javaPackages.openjfx11 javaPackages.openjfx20 javaPackages.overrideDerivation
```
:::
- List all derivations on the command line with [`nix-env --query`](https://nixos.org/manual/nix/stable/command-ref/nix-env/query).
`nix-env` is the only convenient way to do that, as it will skip attributes that fail [assertions](https://nixos.org/manual/nix/stable/language/constructs#assertions), such as when a package is [marked as broken](#var-meta-broken), rather than failing the entire evaluation.
:::{.example #example-list-haskellPackages}
# List all Python packages in Nixpkgs
The following command lists all [derivations names](https://nixos.org/manual/nix/stable/language/derivations#attr-name) with their attribute path from the latest Nixpkgs rolling release (`nixpkgs-unstable`).
```shell-session
$ nix-env -qaP -f '<nixpkgs>' -A pythonPackages -I nixpkgs=channel:nixpkgs-unstable
```
```console
pythonPackages.avahi avahi-0.8
pythonPackages.boost boost-1.81.0
pythonPackages.caffe caffe-1.0
pythonPackages.caffeWithCuda caffe-1.0
pythonPackages.cbeams cbeams-1.0.3
```
:::
```{=include=} sections
agda.section.md
android.section.md

8
doc/languages-frameworks/ocaml.section.md
View File

@ -120,14 +120,6 @@ buildDunePackage rec {
}
```
Note about `minimalOCamlVersion`. A deprecated version of this argument was
spelled `minimumOCamlVersion`; setting the old attribute wrongly modifies the
derivation hash and is therefore inappropriate. As a technical dept, currently
packaged libraries may still use the old spelling: maintainers are invited to
fix this when updating packages. Massive renaming is strongly discouraged as it
would be challenging to review, difficult to test, and will cause unnecessary
rebuild.
The build will automatically fail if two distinct versions of the same library
are added to `buildInputs` (which usually happens transitively because of
`propagatedBuildInputs`). Set `dontDetectOcamlConflicts` to true to disable this

2
doc/languages-frameworks/vim.section.md
View File

@ -214,7 +214,7 @@ Note: this is not possible anymore for Neovim.
Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`nix-shell -p vimPluginsUpdater --run vim-plugins-updater`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/updater.nix). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names).
After running the updater, if nvim-treesitter received an update, also run [`nvim-treesitter/update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py) to update the tree sitter grammars for `nvim-treesitter`.
When the vim updater detects an nvim-treesitter update, it also runs [`nvim-treesitter/update.py $(nix-build -A vimPlugins.nvim-treesitter)`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py) to update the tree sitter grammars for `nvim-treesitter`.
Some plugins require overrides in order to function properly. Overrides are placed in [overrides.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/overrides.nix). Overrides are most often required when a plugin requires some dependencies, or extra steps are required during the build process. For example `deoplete-fish` requires both `deoplete-nvim` and `vim-fish`, and so the following override was added:

14
doc/packages/steam.section.md
View File

@ -40,20 +40,6 @@ Use `programs.steam.enable = true;` if you want to add steam to `systemPackages`
have a look at [this pull request](https://github.com/NixOS/nixpkgs/pull/20269).
- **Java**
1. There is no java in steam chrootenv by default. If you get a message like:
```
/home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found
```
you need to add:
```nix
steam.override { withJava = true; }
```
## steam-run {#sec-steam-run}
The FHS-compatible chroot used for Steam can also be used to run other Linux games that expect a FHS environment. To use it, install the `steam-run` package and run the game with:

2
lib/attrsets.nix
View File

@ -11,7 +11,7 @@ let
in
rec {
inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr removeAttrs;
inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr removeAttrs intersectAttrs;
/**

107
lib/cli.nix
View File

@ -7,8 +7,6 @@ rec {
This helps protect against malformed command lines and also to reduce
boilerplate related to command-line construction for simple use cases.
`toGNUCommandLine` returns a list of nix strings.
`toGNUCommandLineShell` returns an escaped shell string.
@ -16,17 +14,86 @@ rec {
`options`
: 1\. Function argument
: How to format the arguments, see `toGNUCommandLine`
`attrs`
: 2\. Function argument
: The attributes to transform into arguments.
# Examples
:::{.example}
## `lib.cli.toGNUCommandLineShell` usage example
```nix
cli.toGNUCommandLineShell {} {
data = builtins.toJSON { id = 0; };
X = "PUT";
retry = 3;
retry-delay = null;
url = [ "https://example.com/foo" "https://example.com/bar" ];
silent = false;
verbose = true;
}
=> "'-X' 'PUT' '--data' '{\"id\":0}' '--retry' '3' '--url' 'https://example.com/foo' '--url' 'https://example.com/bar' '--verbose'";
```
:::
*/
toGNUCommandLineShell =
options: attrs: lib.escapeShellArgs (toGNUCommandLine options attrs);
/**
Automatically convert an attribute set to a list of command-line options.
`toGNUCommandLine` returns a list of string arguments.
# Inputs
`options`
: How to format the arguments, see below.
`attrs`
: The attributes to transform into arguments.
# Options
`mkOptionName`
: How to string-format the option name;
By default one character is a short option (`-`), more than one characters a long option (`--`).
`mkBool`
: How to format a boolean value to a command list;
By default its a flag option (only the option name if true, left out completely if false).
`mkList`
: How to format a list value to a command list;
By default the option name is repeated for each value and `mkOption` is applied to the values themselves.
`mkOption`
: How to format any remaining value to a command list;
On the toplevel, booleans and lists are handled by `mkBool` and `mkList`, though they can still appear as values of a list.
By default, everything is printed verbatim and complex types are forbidden (lists, attrsets, functions). `null` values are omitted.
`optionValueSeparator`
: How to separate an option from its flag;
By default, there is no separator, so option `-c` and value `5` would become ["-c" "5"].
This is useful if the command requires equals, for example, `-c=5`.
# Examples
:::{.example}
## `lib.cli.toGNUCommandLine` usage example
```nix
cli.toGNUCommandLine {} {
data = builtins.toJSON { id = 0; };
@ -45,48 +112,20 @@ rec {
"--url" "https://example.com/bar"
"--verbose"
]
cli.toGNUCommandLineShell {} {
data = builtins.toJSON { id = 0; };
X = "PUT";
retry = 3;
retry-delay = null;
url = [ "https://example.com/foo" "https://example.com/bar" ];
silent = false;
verbose = true;
}
=> "'-X' 'PUT' '--data' '{\"id\":0}' '--retry' '3' '--url' 'https://example.com/foo' '--url' 'https://example.com/bar' '--verbose'";
```
:::
*/
toGNUCommandLineShell =
options: attrs: lib.escapeShellArgs (toGNUCommandLine options attrs);
toGNUCommandLine = {
# how to string-format the option name;
# by default one character is a short option (`-`),
# more than one characters a long option (`--`).
mkOptionName ?
k: if builtins.stringLength k == 1
then "-${k}"
else "--${k}",
# how to format a boolean value to a command list;
# by default its a flag option
# (only the option name if true, left out completely if false).
mkBool ? k: v: lib.optional v (mkOptionName k),
# how to format a list value to a command list;
# by default the option name is repeated for each value
# and `mkOption` is applied to the values themselves.
mkList ? k: v: lib.concatMap (mkOption k) v,
# how to format any remaining value to a command list;
# on the toplevel, booleans and lists are handled by `mkBool` and `mkList`,
# though they can still appear as values of a list.
# By default, everything is printed verbatim and complex types
# are forbidden (lists, attrsets, functions). `null` values are omitted.
mkOption ?
k: v: if v == null
then []
@ -95,10 +134,6 @@ rec {
else
[ "${mkOptionName k}${optionValueSeparator}${lib.generators.mkValueStringDefault {} v}" ],
# how to separate an option from its flag;
# by default, there is no separator, so option `-c` and value `5`
# would become ["-c" "5"].
# This is useful if the command requires equals, for example, `-c=5`.
optionValueSeparator ? null
}:
options:

27
lib/default.nix
View File

@ -64,22 +64,21 @@ let
# linux kernel configuration
kernel = callLibs ./kernel.nix;
inherit (builtins) add addErrorContext attrNames concatLists
deepSeq elem elemAt filter genericClosure genList getAttr
hasAttr head isAttrs isBool isInt isList isPath isString length
lessThan listToAttrs pathExists readFile replaceStrings seq
stringLength sub substring tail trace;
# TODO: For consistency, all builtins should also be available from a sub-library;
# these are the only ones that are currently not
inherit (builtins) addErrorContext isPath trace;
inherit (self.trivial) id const pipe concat or and xor bitAnd bitOr bitXor
bitNot boolToString mergeAttrs flip mapNullable inNixShell isFloat min max
importJSON importTOML warn warnIf warnIfNot throwIf throwIfNot checkListOfEnum
info showWarnings nixpkgsVersion version isInOldestRelease
mod compare splitByAndCompare
mod compare splitByAndCompare seq deepSeq lessThan add sub
functionArgs setFunctionArgs isFunction toFunction mirrorFunctionArgs
toHexString toBaseDigits inPureEvalMode;
toHexString toBaseDigits inPureEvalMode isBool isInt pathExists
genericClosure readFile;
inherit (self.fixedPoints) fix fix' converge extends composeExtensions
composeManyExtensions makeExtensible makeExtensibleWithCustomName;
inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath
getAttrFromPath attrVals attrValues getAttrs catAttrs filterAttrs
getAttrFromPath attrVals attrNames attrValues getAttrs catAttrs filterAttrs
filterAttrsRecursive foldlAttrs foldAttrs collect nameValuePair mapAttrs
mapAttrs' mapAttrsToList attrsToList concatMapAttrs mapAttrsRecursive
mapAttrsRecursiveCond genAttrs isDerivation toDerivation optionalAttrs
@ -87,14 +86,16 @@ let
recursiveUpdate matchAttrs mergeAttrsList overrideExisting showAttrPath getOutput
getBin getLib getDev getMan chooseDevOutputs zipWithNames zip
recurseIntoAttrs dontRecurseIntoAttrs cartesianProduct cartesianProductOfSets
mapCartesianProduct updateManyAttrsByPath;
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
ifilter0 concatMap flatten remove findSingle findFirst any all count
mapCartesianProduct updateManyAttrsByPath listToAttrs hasAttr getAttr isAttrs intersectAttrs removeAttrs;
inherit (self.lists) singleton forEach map foldr fold foldl foldl' imap0 imap1
filter ifilter0 concatMap flatten remove findSingle findFirst any all count
optional optionals toList range replicate partition zipListsWith zipLists
reverseList listDfs toposort sort sortOn naturalSort compareLists take
drop sublist last init crossLists unique allUnique intersectLists
subtractLists mutuallyExclusive groupBy groupBy';
subtractLists mutuallyExclusive groupBy groupBy' concatLists genList
length head tail elem elemAt isList;
inherit (self.strings) concatStrings concatMapStrings concatImapStrings
stringLength substring isString replaceStrings
intersperse concatStringsSep concatMapStringsSep
concatImapStringsSep concatLines makeSearchPath makeSearchPathOutput
makeLibraryPath makeIncludePath makeBinPath optionalString
@ -105,7 +106,7 @@ let
escapeRegex escapeURL escapeXML replaceChars lowerChars
upperChars toLower toUpper addContextFrom splitString
removePrefix removeSuffix versionOlder versionAtLeast
getName getVersion
getName getVersion match split
cmakeOptionType cmakeBool cmakeFeature
mesonOption mesonBool mesonEnable
nameFromURL enableFeature enableFeatureAs withFeature

102
lib/derivations.nix
View File

@ -17,7 +17,7 @@ let
else "";
in
{
/*
/**
Restrict a derivation to a predictable set of attribute names, so
that the returned attrset is not strict in the actual derivation,
saving a lot of computation when the derivation is non-trivial.
@ -62,25 +62,36 @@ in
(lazyDerivation { inherit derivation }).pythonPath
# Inputs
Takes an attribute set with the following attributes
`derivation`
: The derivation to be wrapped.
`meta`
: Optional meta attribute.
While this function is primarily about derivations, it can improve
the `meta` package attribute, which is usually specified through
`mkDerivation`.
`passthru`
: Optional extra values to add to the returned attrset.
This can be used for adding package attributes, such as `tests`.
`outputs`
: Optional list of assumed outputs. Default: ["out"]
This must match the set of outputs that the returned derivation has.
You must use this when the derivation has multiple outputs.
*/
lazyDerivation =
args@{
# The derivation to be wrapped.
derivation
, # Optional meta attribute.
#
# While this function is primarily about derivations, it can improve
# the `meta` package attribute, which is usually specified through
# `mkDerivation`.
meta ? null
, # Optional extra values to add to the returned attrset.
#
# This can be used for adding package attributes, such as `tests`.
passthru ? { }
, # Optional list of assumed outputs. Default: ["out"]
#
# This must match the set of outputs that the returned derivation has.
# You must use this when the derivation has multiple outputs.
derivation,
meta ? null,
passthru ? { },
outputs ? [ "out" ]
}:
let
@ -149,29 +160,50 @@ in
// genAttrs outputs (outputName: checked.${outputName})
// passthru;
/* Conditionally set a derivation attribute.
/**
Conditionally set a derivation attribute.
Because `mkDerivation` sets `__ignoreNulls = true`, a derivation
attribute set to `null` will not impact the derivation output hash.
Thus, this function passes through its `value` argument if the `cond`
is `true`, but returns `null` if not.
Because `mkDerivation` sets `__ignoreNulls = true`, a derivation
attribute set to `null` will not impact the derivation output hash.
Thus, this function passes through its `value` argument if the `cond`
is `true`, but returns `null` if not.
Type: optionalDrvAttr :: Bool -> a -> a | Null
Example:
(stdenv.mkDerivation {
name = "foo";
x = optionalDrvAttr true 1;
y = optionalDrvAttr false 1;
}).drvPath == (stdenv.mkDerivation {
name = "foo";
x = 1;
}).drvPath
=> true
# Inputs
`cond`
: Condition
`value`
: Attribute value
# Type
```
optionalDrvAttr :: Bool -> a -> a | Null
```
# Examples
:::{.example}
## `lib.derivations.optionalDrvAttr` usage example
```nix
(stdenv.mkDerivation {
name = "foo";
x = optionalDrvAttr true 1;
y = optionalDrvAttr false 1;
}).drvPath == (stdenv.mkDerivation {
name = "foo";
x = 1;
}).drvPath
=> true
```
:::
*/
optionalDrvAttr =
# Condition
cond:
# Attribute value
value: if cond then value else null;
}

234
lib/filesystem.nix
View File

@ -1,4 +1,4 @@
/*
/**
Functions for querying information about the filesystem
without copying any files to the Nix store.
*/
@ -29,19 +29,35 @@ in
{
/*
/**
The type of a path. The path needs to exist and be accessible.
The result is either "directory" for a directory, "regular" for a regular file, "symlink" for a symlink, or "unknown" for anything else.
Type:
pathType :: Path -> String
# Inputs
Example:
pathType /.
=> "directory"
path
pathType /some/file.nix
=> "regular"
: The path to query
# Type
```
pathType :: Path -> String
```
# Examples
:::{.example}
## `lib.filesystem.pathType` usage example
```nix
pathType /.
=> "directory"
pathType /some/file.nix
=> "regular"
```
:::
*/
pathType =
builtins.readFileType or
@ -59,53 +75,97 @@ in
else (readDir (dirOf path)).${baseNameOf path}
);
/*
/**
Whether a path exists and is a directory.
Type:
pathIsDirectory :: Path -> Bool
Example:
pathIsDirectory /.
=> true
# Inputs
pathIsDirectory /this/does/not/exist
=> false
`path`
pathIsDirectory /some/file.nix
=> false
: 1\. Function argument
# Type
```
pathIsDirectory :: Path -> Bool
```
# Examples
:::{.example}
## `lib.filesystem.pathIsDirectory` usage example
```nix
pathIsDirectory /.
=> true
pathIsDirectory /this/does/not/exist
=> false
pathIsDirectory /some/file.nix
=> false
```
:::
*/
pathIsDirectory = path:
pathExists path && pathType path == "directory";
/*
/**
Whether a path exists and is a regular file, meaning not a symlink or any other special file type.
Type:
pathIsRegularFile :: Path -> Bool
Example:
pathIsRegularFile /.
=> false
# Inputs
pathIsRegularFile /this/does/not/exist
=> false
`path`
pathIsRegularFile /some/file.nix
=> true
: 1\. Function argument
# Type
```
pathIsRegularFile :: Path -> Bool
```
# Examples
:::{.example}
## `lib.filesystem.pathIsRegularFile` usage example
```nix
pathIsRegularFile /.
=> false
pathIsRegularFile /this/does/not/exist
=> false
pathIsRegularFile /some/file.nix
=> true
```
:::
*/
pathIsRegularFile = path:
pathExists path && pathType path == "regular";
/*
/**
A map of all haskell packages defined in the given path,
identified by having a cabal file with the same name as the
directory itself.
Type: Path -> Map String Path
# Inputs
`root`
: The directory within to search
# Type
```
Path -> Map String Path
```
*/
haskellPathsInDir =
# The directory within to search
root:
let # Files in the root
root-files = builtins.attrNames (builtins.readDir root);
@ -120,17 +180,30 @@ in
builtins.pathExists (value + "/${name}.cabal")
) root-files-with-paths;
in builtins.listToAttrs cabal-subdirs;
/*
/**
Find the first directory containing a file matching 'pattern'
upward from a given 'file'.
Returns 'null' if no directories contain a file matching 'pattern'.
Type: RegExp -> Path -> Nullable { path : Path; matches : [ MatchResults ]; }
# Inputs
`pattern`
: The pattern to search for
`file`
: The file to start searching upward from
# Type
```
RegExp -> Path -> Nullable { path : Path; matches : [ MatchResults ]; }
```
*/
locateDominatingFile =
# The pattern to search for
pattern:
# The file to start searching upward from
file:
let go = path:
let files = builtins.attrNames (builtins.readDir path);
@ -150,13 +223,23 @@ in
in go (if isDir then file else parent);
/*
/**
Given a directory, return a flattened list of all files within it recursively.
Type: Path -> [ Path ]
# Inputs
`dir`
: The path to recursively list
# Type
```
Path -> [ Path ]
```
*/
listFilesRecursive =
# The path to recursively list
dir:
lib.flatten (lib.mapAttrsToList (name: type:
if type == "directory" then
@ -165,7 +248,7 @@ in
dir + "/${name}"
) (builtins.readDir dir));
/*
/**
Transform a directory tree containing package files suitable for
`callPackage` into a matching nested attribute set of derivations.
@ -223,40 +306,57 @@ in
As a result, directories with no `.nix` files (including empty
directories) will be transformed into empty attribute sets.
Example:
packagesFromDirectoryRecursive {
inherit (pkgs) callPackage;
# Inputs
Structured function argument
: Attribute set containing the following attributes.
Additional attributes are ignored.
`callPackage`
: `pkgs.callPackage`
Type: `Path -> AttrSet -> a`
`directory`
: The directory to read package files from
Type: `Path`
# Type
```
packagesFromDirectoryRecursive :: AttrSet -> AttrSet
```
# Examples
:::{.example}
## `lib.filesystem.packagesFromDirectoryRecursive` usage example
```nix
packagesFromDirectoryRecursive {
inherit (pkgs) callPackage;
directory = ./my-packages;
}
=> { ... }
lib.makeScope pkgs.newScope (
self: packagesFromDirectoryRecursive {
callPackage = self.callPackage;
directory = ./my-packages;
}
=> { ... }
)
=> { ... }
```
lib.makeScope pkgs.newScope (
self: packagesFromDirectoryRecursive {
callPackage = self.callPackage;
directory = ./my-packages;
}
)
=> { ... }
Type:
packagesFromDirectoryRecursive :: AttrSet -> AttrSet
:::
*/
packagesFromDirectoryRecursive =
# Options.
{
/*
`pkgs.callPackage`
Type:
Path -> AttrSet -> a
*/
callPackage,
/*
The directory to read package files from
Type:
Path
*/
directory,
...
}:

590
lib/generators.nix
View File

@ -1,18 +1,23 @@
/* Functions that generate widespread file
* formats from nix data structures.
*
* They all follow a similar interface:
* generator { config-attrs } data
*
* `config-attrs` are holes in the generators
* with sensible default implementations that
* can be overwritten. The default implementations
* are mostly generators themselves, called with
* their respective default values; they can be reused.
*
* Tests can be found in ./tests/misc.nix
* Documentation in the manual, #sec-generators
*/
/**
Functions that generate widespread file
formats from nix data structures.
They all follow a similar interface:
```nix
generator { config-attrs } data
```
`config-attrs` are holes in the generators
with sensible default implementations that
can be overwritten. The default implementations
are mostly generators themselves, called with
their respective default values; they can be reused.
Tests can be found in ./tests/misc.nix
Further Documentation can be found [here](#sec-generators).
*/
{ lib }:
let
@ -68,11 +73,20 @@ let
;
## -- HELPER FUNCTIONS & DEFAULTS --
in rec {
/**
Convert a value to a sensible default string representation.
The builtin `toString` function has some strange defaults,
suitable for bash scripts but not much else.
/* Convert a value to a sensible default string representation.
* The builtin `toString` function has some strange defaults,
* suitable for bash scripts but not much else.
*/
# Inputs
Options
: Empty set, there may be configuration options in the future
`v`
: 2\. Function argument
*/
mkValueStringDefault = {}: v:
let err = t: v: abort
("generators.mkValueStringDefault: " +
@ -100,15 +114,36 @@ let
else err "this value is" (toString v);
/* Generate a line of key k and value v, separated by
* character sep. If sep appears in k, it is escaped.
* Helper for synaxes with different separators.
*
* mkValueString specifies how values should be formatted.
*
* mkKeyValueDefault {} ":" "f:oo" "bar"
* > "f\:oo:bar"
*/
/**
Generate a line of key k and value v, separated by
character sep. If sep appears in k, it is escaped.
Helper for synaxes with different separators.
mkValueString specifies how values should be formatted.
```nix
mkKeyValueDefault {} ":" "f:oo" "bar"
> "f\:oo:bar"
```
# Inputs
Structured function argument
: mkValueString (optional, default: `mkValueStringDefault {}`)
: Function to convert values to strings
`sep`
: 2\. Function argument
`k`
: 3\. Function argument
`v`
: 4\. Function argument
*/
mkKeyValueDefault = {
mkValueString ? mkValueStringDefault {}
}: sep: k: v:
@ -118,10 +153,23 @@ let
## -- FILE FORMAT GENERATORS --
/* Generate a key-value-style config file from an attrset.
*
* mkKeyValue is the same as in toINI.
*/
/**
Generate a key-value-style config file from an attrset.
# Inputs
Structured function argument
: mkKeyValue (optional, default: `mkKeyValueDefault {} "="`)
: format a setting line from key and value
: listsAsDuplicateKeys (optional, default: `false`)
: allow lists as values for duplicate keys
: indent (optional, default: `""`)
: Initial indentation level
*/
toKeyValue = {
mkKeyValue ? mkKeyValueDefault {} "=",
listsAsDuplicateKeys ? false,
@ -134,32 +182,51 @@ let
in attrs: concatStrings (concatLists (mapAttrsToList mkLines attrs));
/* Generate an INI-style config file from an
* attrset of sections to an attrset of key-value pairs.
*
* generators.toINI {} {
* foo = { hi = "${pkgs.hello}"; ciao = "bar"; };
* baz = { "also, integers" = 42; };
* }
*
*> [baz]
*> also, integers=42
*>
*> [foo]
*> ciao=bar
*> hi=/nix/store/y93qql1p5ggfnaqjjqhxcw0vqw95rlz0-hello-2.10
*
* The mk* configuration attributes can generically change
* the way sections and key-value strings are generated.
*
* For more examples see the test cases in ./tests/misc.nix.
*/
/**
Generate an INI-style config file from an
attrset of sections to an attrset of key-value pairs.
# Inputs
Structured function argument
: mkSectionName (optional, default: `(name: escape [ "[" "]" ] name)`)
: apply transformations (e.g. escapes) to section names
: mkKeyValue (optional, default: `{} "="`)
: format a setting line from key and value
: listsAsDuplicateKeys (optional, default: `false`)
: allow lists as values for duplicate keys
# Examples
:::{.example}
## `lib.generators.toINI` usage example
```nix
generators.toINI {} {
foo = { hi = "${pkgs.hello}"; ciao = "bar"; };
baz = { "also, integers" = 42; };
}
> [baz]
> also, integers=42
>
> [foo]
> ciao=bar
> hi=/nix/store/y93qql1p5ggfnaqjjqhxcw0vqw95rlz0-hello-2.10
```
The mk* configuration attributes can generically change
the way sections and key-value strings are generated.
For more examples see the test cases in ./tests/misc.nix.
:::
*/
toINI = {
# apply transformations (e.g. escapes) to section names
mkSectionName ? (name: escape [ "[" "]" ] name),
# format a setting line from key and value
mkKeyValue ? mkKeyValueDefault {} "=",
# allow lists as values for duplicate keys
listsAsDuplicateKeys ? false
}: attrsOfAttrs:
let
@ -174,43 +241,70 @@ let
# map input to ini sections
mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
/* Generate an INI-style config file from an attrset
* specifying the global section (no header), and an
* attrset of sections to an attrset of key-value pairs.
*
* generators.toINIWithGlobalSection {} {
* globalSection = {
* someGlobalKey = "hi";
* };
* sections = {
* foo = { hi = "${pkgs.hello}"; ciao = "bar"; };
* baz = { "also, integers" = 42; };
* }
*
*> someGlobalKey=hi
*>
*> [baz]
*> also, integers=42
*>
*> [foo]
*> ciao=bar
*> hi=/nix/store/y93qql1p5ggfnaqjjqhxcw0vqw95rlz0-hello-2.10
*
* The mk* configuration attributes can generically change
* the way sections and key-value strings are generated.
*
* For more examples see the test cases in ./tests/misc.nix.
*
* If you dont need a global section, you can also use
* `generators.toINI` directly, which only takes
* the part in `sections`.
*/
/**
Generate an INI-style config file from an attrset
specifying the global section (no header), and an
attrset of sections to an attrset of key-value pairs.
# Inputs
1\. Structured function argument
: mkSectionName (optional, default: `(name: escape [ "[" "]" ] name)`)
: apply transformations (e.g. escapes) to section names
: mkKeyValue (optional, default: `{} "="`)
: format a setting line from key and value
: listsAsDuplicateKeys (optional, default: `false`)
: allow lists as values for duplicate keys
2\. Structured function argument
: globalSection (required)
: global section key-value pairs
: sections (optional, default: `{}`)
: attrset of sections to key-value pairs
# Examples
:::{.example}
## `lib.generators.toINIWithGlobalSection` usage example
```nix
generators.toINIWithGlobalSection {} {
globalSection = {
someGlobalKey = "hi";
};
sections = {
foo = { hi = "${pkgs.hello}"; ciao = "bar"; };
baz = { "also, integers" = 42; };
}
> someGlobalKey=hi
>
> [baz]
> also, integers=42
>
> [foo]
> ciao=bar
> hi=/nix/store/y93qql1p5ggfnaqjjqhxcw0vqw95rlz0-hello-2.10
```
The mk* configuration attributes can generically change
the way sections and key-value strings are generated.
For more examples see the test cases in ./tests/misc.nix.
:::
If you dont need a global section, you can also use
`generators.toINI` directly, which only takes
the part in `sections`.
*/
toINIWithGlobalSection = {
# apply transformations (e.g. escapes) to section names
mkSectionName ? (name: escape [ "[" "]" ] name),
# format a setting line from key and value
mkKeyValue ? mkKeyValueDefault {} "=",
# allow lists as values for duplicate keys
listsAsDuplicateKeys ? false
}: { globalSection, sections ? {} }:
( if globalSection == {}
@ -219,24 +313,43 @@ let
+ "\n")
+ (toINI { inherit mkSectionName mkKeyValue listsAsDuplicateKeys; } sections);
/* Generate a git-config file from an attrset.
*
* It has two major differences from the regular INI format:
*
* 1. values are indented with tabs
* 2. sections can have sub-sections
*
* generators.toGitINI {
* url."ssh://git@github.com/".insteadOf = "https://github.com";
* user.name = "edolstra";
* }
*
*> [url "ssh://git@github.com/"]
*> insteadOf = "https://github.com"
*>
*> [user]
*> name = "edolstra"
*/
/**
Generate a git-config file from an attrset.
It has two major differences from the regular INI format:
1. values are indented with tabs
2. sections can have sub-sections
Further: https://git-scm.com/docs/git-config#EXAMPLES
# Examples
:::{.example}
## `lib.generators.toGitINI` usage example
```nix
generators.toGitINI {
url."ssh://git@github.com/".insteadOf = "https://github.com";
user.name = "edolstra";
}
> [url "ssh://git@github.com/"]
> insteadOf = "https://github.com"
>
> [user]
> name = "edolstra"
```
:::
# Inputs
`attrs`
: Key-value pairs to be converted to a git-config file.
See: https://git-scm.com/docs/git-config#_variables for possible values.
*/
toGitINI = attrs:
let
mkSectionName = name:
@ -280,20 +393,40 @@ let
in
toINI_ (gitFlattenAttrs attrs);
# mkKeyValueDefault wrapper that handles dconf INI quirks.
# The main differences of the format is that it requires strings to be quoted.
/**
mkKeyValueDefault wrapper that handles dconf INI quirks.
The main differences of the format is that it requires strings to be quoted.
*/
mkDconfKeyValue = mkKeyValueDefault { mkValueString = v: toString (gvariant.mkValue v); } "=";
# Generates INI in dconf keyfile style. See https://help.gnome.org/admin/system-admin-guide/stable/dconf-keyfiles.html.en
# for details.
/**
Generates INI in dconf keyfile style. See https://help.gnome.org/admin/system-admin-guide/stable/dconf-keyfiles.html.en
for details.
*/
toDconfINI = toINI { mkKeyValue = mkDconfKeyValue; };
/**
Recurses through a `Value` limited to a certain depth. (`depthLimit`)
If the depth is exceeded, an error is thrown, unless `throwOnDepthLimit` is set to `false`.
# Inputs
Structured function argument
: depthLimit (required)
: If this option is not null, the given value will stop evaluating at a certain depth
: throwOnDepthLimit (optional, default: `true`)
: If this option is true, an error will be thrown, if a certain given depth is exceeded
Value
: The value to be evaluated recursively
*/
withRecursion =
{
/* If this option is not null, the given value will stop evaluating at a certain depth */
depthLimit
/* If this option is true, an error will be thrown, if a certain given depth is exceeded */
, throwOnDepthLimit ? true
depthLimit,
throwOnDepthLimit ? true
}:
assert isInt depthLimit;
let
@ -323,20 +456,33 @@ let
in
mapAny 0;
/* Pretty print a value, akin to `builtins.trace`.
* Should probably be a builtin as well.
* The pretty-printed string should be suitable for rendering default values
* in the NixOS manual. In particular, it should be as close to a valid Nix expression
* as possible.
*/
/**
Pretty print a value, akin to `builtins.trace`.
Should probably be a builtin as well.
The pretty-printed string should be suitable for rendering default values
in the NixOS manual. In particular, it should be as close to a valid Nix expression
as possible.
# Inputs
Structured function argument
: allowPrettyValues
: If this option is true, attrsets like { __pretty = fn; val = ; }
will use fn to convert val to a pretty printed representation.
(This means fn is type Val -> String.)
: multiline
: If this option is true, the output is indented with newlines for attribute sets and lists
: indent
: Initial indentation level
Value
: The value to be pretty printed
*/
toPretty = {
/* If this option is true, attrsets like { __pretty = fn; val = ; }
will use fn to convert val to a pretty printed representation.
(This means fn is type Val -> String.) */
allowPrettyValues ? false,
/* If this option is true, the output is indented with newlines for attribute sets and lists */
multiline ? true,
/* Initial indentation level */
indent ? ""
}:
let
@ -397,7 +543,17 @@ let
else abort "generators.toPretty: should never happen (v = ${v})";
in go indent;
# PLIST handling
/**
Translate a simple Nix expression to [Plist notation](https://en.wikipedia.org/wiki/Property_list).
# Inputs
Options
: Empty set, there may be configuration options in the future
Value
: The value to be converted to Plist
*/
toPlist = {}: v: let
expr = ind: x:
if x == null then "" else
@ -447,9 +603,21 @@ let
${expr "" v}
</plist>'';
/* Translate a simple Nix expression to Dhall notation.
* Note that integers are translated to Integer and never
* the Natural type.
/**
Translate a simple Nix expression to Dhall notation.
Note that integers are translated to Integer and never
the Natural type.
# Inputs
Options
: Empty set, there may be configuration options in the future
Value
: The value to be converted to Dhall
*/
toDhall = { }@args: v:
let concatItems = concatStringsSep ", ";
@ -471,46 +639,71 @@ ${expr "" v}
else
toJSON v;
/*
Translate a simple Nix expression to Lua representation with occasional
Lua-inlines that can be constructed by mkLuaInline function.
/**
Translate a simple Nix expression to Lua representation with occasional
Lua-inlines that can be constructed by mkLuaInline function.
Configuration:
* multiline - by default is true which results in indented block-like view.
* indent - initial indent.
* asBindings - by default generate single value, but with this use attrset to set global vars.
Configuration:
Attention:
Regardless of multiline parameter there is no trailing newline.
* multiline - by default is true which results in indented block-like view.
* indent - initial indent.
* asBindings - by default generate single value, but with this use attrset to set global vars.
Example:
generators.toLua {}
{
cmd = [ "typescript-language-server" "--stdio" ];
settings.workspace.library = mkLuaInline ''vim.api.nvim_get_runtime_file("", true)'';
}
->
Attention:
Regardless of multiline parameter there is no trailing newline.
# Inputs
Structured function argument
: multiline (optional, default: `true`)
: If this option is true, the output is indented with newlines for attribute sets and lists
: indent (optional, default: `""`)
: Initial indentation level
: asBindings (optional, default: `false`)
: Interpret as variable bindings
Value
: The value to be converted to Lua
# Type
```
toLua :: AttrSet -> Any -> String
```
# Examples
:::{.example}
## `lib.generators.toLua` usage example
```nix
generators.toLua {}
{
["cmd"] = {
"typescript-language-server",
"--stdio"
},
["settings"] = {
["workspace"] = {
["library"] = (vim.api.nvim_get_runtime_file("", true))
}
}
cmd = [ "typescript-language-server" "--stdio" ];
settings.workspace.library = mkLuaInline ''vim.api.nvim_get_runtime_file("", true)'';
}
->
{
["cmd"] = {
"typescript-language-server",
"--stdio"
},
["settings"] = {
["workspace"] = {
["library"] = (vim.api.nvim_get_runtime_file("", true))
}
}
}
```
Type:
toLua :: AttrSet -> Any -> String
:::
*/
toLua = {
/* If this option is true, the output is indented with newlines for attribute sets and lists */
multiline ? true,
/* Initial indentation level */
indent ? "",
/* Interpret as variable bindings */
asBindings ? false,
}@args: v:
let
@ -559,44 +752,55 @@ ${expr "" v}
else
abort "generators.toLua: type ${typeOf v} is unsupported";
/*
Mark string as Lua expression to be inlined when processed by toLua.
/**
Mark string as Lua expression to be inlined when processed by toLua.
Type:
mkLuaInline :: String -> AttrSet
# Inputs
`expr`
: 1\. Function argument
# Type
```
mkLuaInline :: String -> AttrSet
```
*/
mkLuaInline = expr: { _type = "lua-inline"; inherit expr; };
} // {
/**
Generates JSON from an arbitrary (non-function) value.
For more information see the documentation of the builtin.
in
# Inputs
# Everything in this attrset is the public interface of the file.
{
inherit
mkDconfKeyValue
mkKeyValueDefault
mkLuaInline
mkValueStringDefault
toDconfINI
toDhall
toGitINI
toINI
toINIWithGlobalSection
toKeyValue
toLua
toPlist
toPretty
withRecursion
;
Options
/* Generates JSON from an arbitrary (non-function) value.
* For more information see the documentation of the builtin.
*/
toJSON = {}: toJSON;
: Empty set, there may be configuration options in the future
/* YAML has been a strict superset of JSON since 1.2, so we
* use toJSON. Before it only had a few differences referring
* to implicit typing rules, so it should work with older
* parsers as well.
*/
toYAML = {}: toJSON;
Value
: The value to be converted to JSON
*/
toJSON = {}: lib.strings.toJSON;
/**
YAML has been a strict superset of JSON since 1.2, so we
use toJSON. Before it only had a few differences referring
to implicit typing rules, so it should work with older
parsers as well.
# Inputs
Options
: Empty set, there may be configuration options in the future
Value
: The value to be converted to YAML
*/
toYAML = {}: lib.strings.toJSON;
}

405
lib/gvariant.nix
View File

@ -1,4 +1,4 @@
/*
/**
A partial and basic implementation of GVariant formatted strings.
See [GVariant Format Strings](https://docs.gtk.org/glib/gvariant-format-strings.html) for details.
@ -41,17 +41,28 @@ let
variant = "v";
};
/* Check if a value is a GVariant value
Type:
isGVariant :: Any -> Bool
*/
isGVariant = v: v._type or "" == "gvariant";
in
rec {
inherit type isGVariant;
inherit type;
/**
Check if a value is a GVariant value
# Inputs
`v`
: value to check
# Type
```
isGVariant :: Any -> Bool
```
*/
isGVariant = v: v._type or "" == "gvariant";
intConstructors = [
{
@ -100,11 +111,22 @@ rec {
}
];
/* Returns the GVariant value that most closely matches the given Nix value.
If no GVariant value can be found unambiguously then error is thrown.
/**
Returns the GVariant value that most closely matches the given Nix value.
If no GVariant value can be found unambiguously then error is thrown.
Type:
mkValue :: Any -> gvariant
# Inputs
`v`
: 1\. Function argument
# Type
```
mkValue :: Any -> gvariant
```
*/
mkValue = v:
if builtins.isBool v then
@ -132,14 +154,32 @@ rec {
else
throw "The GVariant type of ${builtins.typeOf v} can't be inferred.";
/* Returns the GVariant array from the given type of the elements and a Nix list.
/**
Returns the GVariant array from the given type of the elements and a Nix list.
Type:
mkArray :: [Any] -> gvariant
Example:
# Creating a string array
lib.gvariant.mkArray [ "a" "b" "c" ]
# Inputs
`elems`
: 1\. Function argument
# Type
```
mkArray :: [Any] -> gvariant
```
# Examples
:::{.example}
## `lib.gvariant.mkArray` usage example
```nix
# Creating a string array
lib.gvariant.mkArray [ "a" "b" "c" ]
```
:::
*/
mkArray = elems:
let
@ -153,31 +193,67 @@ rec {
"@${self.type} [${concatMapStringsSep "," toString self.value}]";
};
/* Returns the GVariant array from the given empty Nix list.
/**
Returns the GVariant array from the given empty Nix list.
Type:
mkEmptyArray :: gvariant.type -> gvariant
Example:
# Creating an empty string array
lib.gvariant.mkEmptyArray (lib.gvariant.type.string)
# Inputs
`elemType`
: 1\. Function argument
# Type
```
mkEmptyArray :: gvariant.type -> gvariant
```
# Examples
:::{.example}
## `lib.gvariant.mkEmptyArray` usage example
```nix
# Creating an empty string array
lib.gvariant.mkEmptyArray (lib.gvariant.type.string)
```
:::
*/
mkEmptyArray = elemType: mkPrimitive (type.arrayOf elemType) [ ] // {
__toString = self: "@${self.type} []";
};
/* Returns the GVariant variant from the given Nix value. Variants are containers
of different GVariant type.
/**
Returns the GVariant variant from the given Nix value. Variants are containers
of different GVariant type.
Type:
mkVariant :: Any -> gvariant
Example:
lib.gvariant.mkArray [
(lib.gvariant.mkVariant "a string")
(lib.gvariant.mkVariant (lib.gvariant.mkInt32 1))
]
# Inputs
`elem`
: 1\. Function argument
# Type
```
mkVariant :: Any -> gvariant
```
# Examples
:::{.example}
## `lib.gvariant.mkVariant` usage example
```nix
lib.gvariant.mkArray [
(lib.gvariant.mkVariant "a string")
(lib.gvariant.mkVariant (lib.gvariant.mkInt32 1))
]
```
:::
*/
mkVariant = elem:
let gvarElem = mkValue elem;
@ -185,23 +261,43 @@ rec {
__toString = self: "<${toString self.value}>";
};
/* Returns the GVariant dictionary entry from the given key and value.
/**
Returns the GVariant dictionary entry from the given key and value.
Type:
mkDictionaryEntry :: String -> Any -> gvariant
Example:
# A dictionary describing an Epiphanys search provider
[
(lib.gvariant.mkDictionaryEntry "url" (lib.gvariant.mkVariant "https://duckduckgo.com/?q=%s&t=epiphany"))
(lib.gvariant.mkDictionaryEntry "bang" (lib.gvariant.mkVariant "!d"))
(lib.gvariant.mkDictionaryEntry "name" (lib.gvariant.mkVariant "DuckDuckGo"))
]
# Inputs
`name`
: The key of the entry
`value`
: The value of the entry
# Type
```
mkDictionaryEntry :: String -> Any -> gvariant
```
# Examples
:::{.example}
## `lib.gvariant.mkDictionaryEntry` usage example
```nix
# A dictionary describing an Epiphanys search provider
[
(lib.gvariant.mkDictionaryEntry "url" (lib.gvariant.mkVariant "https://duckduckgo.com/?q=%s&t=epiphany"))
(lib.gvariant.mkDictionaryEntry "bang" (lib.gvariant.mkVariant "!d"))
(lib.gvariant.mkDictionaryEntry "name" (lib.gvariant.mkVariant "DuckDuckGo"))
]
```
:::
*/
mkDictionaryEntry =
# The key of the entry
name:
# The value of the entry
value:
let
name' = mkValue name;
@ -212,10 +308,25 @@ rec {
__toString = self: "@${self.type} {${name'},${value'}}";
};
/* Returns the GVariant maybe from the given element type.
/**
Returns the GVariant maybe from the given element type.
Type:
mkMaybe :: gvariant.type -> Any -> gvariant
# Inputs
`elemType`
: 1\. Function argument
`elem`
: 2\. Function argument
# Type
```
mkMaybe :: gvariant.type -> Any -> gvariant
```
*/
mkMaybe = elemType: elem:
mkPrimitive (type.maybeOf elemType) elem // {
@ -226,24 +337,57 @@ rec {
"just ${toString self.value}";
};
/* Returns the GVariant nothing from the given element type.
/**
Returns the GVariant nothing from the given element type.
Type:
mkNothing :: gvariant.type -> gvariant
# Inputs
`elemType`
: 1\. Function argument
# Type
```
mkNothing :: gvariant.type -> gvariant
```
*/
mkNothing = elemType: mkMaybe elemType null;
/* Returns the GVariant just from the given Nix value.
/**
Returns the GVariant just from the given Nix value.
Type:
mkJust :: Any -> gvariant
# Inputs
`elem`
: 1\. Function argument
# Type
```
mkJust :: Any -> gvariant
```
*/
mkJust = elem: let gvarElem = mkValue elem; in mkMaybe gvarElem.type gvarElem;
/* Returns the GVariant tuple from the given Nix list.
/**
Returns the GVariant tuple from the given Nix list.
Type:
mkTuple :: [Any] -> gvariant
# Inputs
`elems`
: 1\. Function argument
# Type
```
mkTuple :: [Any] -> gvariant
```
*/
mkTuple = elems:
let
@ -255,20 +399,42 @@ rec {
"@${self.type} (${concatMapStringsSep "," toString self.value})";
};
/* Returns the GVariant boolean from the given Nix bool value.
/**
Returns the GVariant boolean from the given Nix bool value.
Type:
mkBoolean :: Bool -> gvariant
# Inputs
`v`
: 1\. Function argument
# Type
```
mkBoolean :: Bool -> gvariant
```
*/
mkBoolean = v:
mkPrimitive type.boolean v // {
__toString = self: if self.value then "true" else "false";
};
/* Returns the GVariant string from the given Nix string value.
/**
Returns the GVariant string from the given Nix string value.
Type:
mkString :: String -> gvariant
# Inputs
`v`
: 1\. Function argument
# Type
```
mkString :: String -> gvariant
```
*/
mkString = v:
let sanitize = s: replaceStrings [ "\n" ] [ "\\n" ] (escape [ "'" "\\" ] s);
@ -276,72 +442,129 @@ rec {
__toString = self: "'${sanitize self.value}'";
};
/* Returns the GVariant object path from the given Nix string value.
/**
Returns the GVariant object path from the given Nix string value.
Type:
mkObjectpath :: String -> gvariant
# Inputs
`v`
: 1\. Function argument
# Type
```
mkObjectpath :: String -> gvariant
```
*/
mkObjectpath = v:
mkPrimitive type.string v // {
__toString = self: "objectpath '${escape [ "'" ] self.value}'";
};
/* Returns the GVariant uchar from the given Nix int value.
/**
Returns the GVariant uchar from the given Nix int value.
Type:
mkUchar :: Int -> gvariant
# Type
```
mkUchar :: Int -> gvariant
```
*/
mkUchar = mkPrimitive type.uchar;
/* Returns the GVariant int16 from the given Nix int value.
/**
Returns the GVariant int16 from the given Nix int value.
Type:
mkInt16 :: Int -> gvariant
# Type
```
mkInt16 :: Int -> gvariant
```
*/
mkInt16 = mkPrimitive type.int16;
/* Returns the GVariant uint16 from the given Nix int value.
/**
Returns the GVariant uint16 from the given Nix int value.
Type:
mkUint16 :: Int -> gvariant
# Type
```
mkUint16 :: Int -> gvariant
```
*/
mkUint16 = mkPrimitive type.uint16;
/* Returns the GVariant int32 from the given Nix int value.
/**
Returns the GVariant int32 from the given Nix int value.
Type:
mkInt32 :: Int -> gvariant
# Inputs
`v`
: 1\. Function argument
# Type
```
mkInt32 :: Int -> gvariant
```
*/
mkInt32 = v:
mkPrimitive type.int32 v // {
__toString = self: toString self.value;
};
/* Returns the GVariant uint32 from the given Nix int value.
/**
Returns the GVariant uint32 from the given Nix int value.
Type:
mkUint32 :: Int -> gvariant
# Type
```
mkUint32 :: Int -> gvariant
```
*/
mkUint32 = mkPrimitive type.uint32;
/* Returns the GVariant int64 from the given Nix int value.
/**
Returns the GVariant int64 from the given Nix int value.
Type:
mkInt64 :: Int -> gvariant
# Type
```
mkInt64 :: Int -> gvariant
```
*/
mkInt64 = mkPrimitive type.int64;
/* Returns the GVariant uint64 from the given Nix int value.
/**
Returns the GVariant uint64 from the given Nix int value.
Type:
mkUint64 :: Int -> gvariant
# Type
```
mkUint64 :: Int -> gvariant
```
*/
mkUint64 = mkPrimitive type.uint64;
/* Returns the GVariant double from the given Nix float value.
/**
Returns the GVariant double from the given Nix float value.
Type:
mkDouble :: Float -> gvariant
# Inputs
`v`
: 1\. Function argument
# Type
```
mkDouble :: Float -> gvariant
```
*/
mkDouble = v:
mkPrimitive type.double v // {

27
lib/licenses.nix
View File

@ -362,6 +362,12 @@ in mkLicense lset) ({
fullName = "Creative Commons Attribution Share Alike 4.0";
};
cc-sa-10 = {
shortName = "CC-SA-1.0";
fullName = "Creative Commons Share Alike 1.0";
url = "https://creativecommons.org/licenses/sa/1.0";
};
cddl = {
spdxId = "CDDL-1.0";
fullName = "Common Development and Distribution License 1.0";
@ -524,6 +530,13 @@ in mkLicense lset) ({
fullName = "Unspecified free software license";
};
fsl11Mit = {
fullName = "Functional Source License, Version 1.1, MIT Future License";
url = "https://fsl.software/FSL-1.1-MIT.template.md";
free = false;
redistributable = true;
};
ftl = {
spdxId = "FTL";
fullName = "Freetype Project License";
@ -1272,11 +1285,21 @@ in mkLicense lset) ({
fullName = "xinetd License";
};
xskat = {
spdxId = "XSkat";
fullName = "XSkat License";
};
zlib = {
spdxId = "Zlib";
fullName = "zlib License";
};
zsh = {
url = "https://github.com/zsh-users/zsh/blob/master/LICENCE";
fulllName = "Zsh License";
};
zpl20 = {
spdxId = "ZPL-2.0";
fullName = "Zope Public License 2.0";
@ -1287,10 +1310,6 @@ in mkLicense lset) ({
fullName = "Zope Public License 2.1";
};
xskat = {
spdxId = "XSkat";
fullName = "XSkat License";
};
} // {
# TODO: remove legacy aliases
apsl10 = {

355
lib/meta.nix
View File

@ -1,5 +1,7 @@
/* Some functions for manipulating meta attributes, as well as the
name attribute. */
/**
Some functions for manipulating meta attributes, as well as the
name attribute.
*/
{ lib }:
@ -11,90 +13,225 @@ in
rec {
/* Add to or override the meta attributes of the given
derivation.
/**
Add to or override the meta attributes of the given
derivation.
Example:
addMetaAttrs {description = "Bla blah";} somePkg
# Inputs
`newAttrs`
: 1\. Function argument
`drv`
: 2\. Function argument
# Examples
:::{.example}
## `lib.meta.addMetaAttrs` usage example
```nix
addMetaAttrs {description = "Bla blah";} somePkg
```
:::
*/
addMetaAttrs = newAttrs: drv:
drv // { meta = (drv.meta or {}) // newAttrs; };
/* Disable Hydra builds of given derivation.
/**
Disable Hydra builds of given derivation.
# Inputs
`drv`
: 1\. Function argument
*/
dontDistribute = drv: addMetaAttrs { hydraPlatforms = []; } drv;
/*
Change the [symbolic name of a derivation](https://nixos.org/manual/nix/stable/language/derivations.html#attr-name).
/**
Change the [symbolic name of a derivation](https://nixos.org/manual/nix/stable/language/derivations.html#attr-name).
:::{.warning}
Dependent derivations will be rebuilt when the symbolic name is changed.
:::
:::{.warning}
Dependent derivations will be rebuilt when the symbolic name is changed.
:::
# Inputs
`name`
: 1\. Function argument
`drv`
: 2\. Function argument
*/
setName = name: drv: drv // {inherit name;};
/* Like `setName`, but takes the previous name as an argument.
/**
Like `setName`, but takes the previous name as an argument.
Example:
updateName (oldName: oldName + "-experimental") somePkg
# Inputs
`updater`
: 1\. Function argument
`drv`
: 2\. Function argument
# Examples
:::{.example}
## `lib.meta.updateName` usage example
```nix
updateName (oldName: oldName + "-experimental") somePkg
```
:::
*/
updateName = updater: drv: drv // {name = updater (drv.name);};
/* Append a suffix to the name of a package (before the version
part). */
/**
Append a suffix to the name of a package (before the version
part).
# Inputs
`suffix`
: 1\. Function argument
*/
appendToName = suffix: updateName (name:
let x = builtins.parseDrvName name; in "${x.name}-${suffix}-${x.version}");
/* Apply a function to each derivation and only to derivations in an attrset.
/**
Apply a function to each derivation and only to derivations in an attrset.
# Inputs
`f`
: 1\. Function argument
`set`
: 2\. Function argument
*/
mapDerivationAttrset = f: set: lib.mapAttrs (name: pkg: if lib.isDerivation pkg then (f pkg) else pkg) set;
/* Set the nix-env priority of the package.
/**
Set the nix-env priority of the package.
# Inputs
`priority`
: 1\. Function argument
`drv`
: 2\. Function argument
*/
setPrio = priority: addMetaAttrs { inherit priority; };
/* Decrease the nix-env priority of the package, i.e., other
versions/variants of the package will be preferred.
/**
Decrease the nix-env priority of the package, i.e., other
versions/variants of the package will be preferred.
# Inputs
`drv`
: 1\. Function argument
*/
lowPrio = setPrio 10;
/* Apply lowPrio to an attrset with derivations
/**
Apply lowPrio to an attrset with derivations
# Inputs
`set`
: 1\. Function argument
*/
lowPrioSet = set: mapDerivationAttrset lowPrio set;
/* Increase the nix-env priority of the package, i.e., this
version/variant of the package will be preferred.
/**
Increase the nix-env priority of the package, i.e., this
version/variant of the package will be preferred.
# Inputs
`drv`
: 1\. Function argument
*/
hiPrio = setPrio (-10);
/* Apply hiPrio to an attrset with derivations
/**
Apply hiPrio to an attrset with derivations
# Inputs
`set`
: 1\. Function argument
*/
hiPrioSet = set: mapDerivationAttrset hiPrio set;
/* Check to see if a platform is matched by the given `meta.platforms`
element.
/**
Check to see if a platform is matched by the given `meta.platforms`
element.
A `meta.platform` pattern is either
A `meta.platform` pattern is either
1. (legacy) a system string.
1. (legacy) a system string.
2. (modern) a pattern for the entire platform structure (see `lib.systems.inspect.platformPatterns`).
2. (modern) a pattern for the entire platform structure (see `lib.systems.inspect.platformPatterns`).
3. (modern) a pattern for the platform `parsed` field (see `lib.systems.inspect.patterns`).
3. (modern) a pattern for the platform `parsed` field (see `lib.systems.inspect.patterns`).
We can inject these into a pattern for the whole of a structured platform,
and then match that.
We can inject these into a pattern for the whole of a structured platform,
and then match that.
Example:
lib.meta.platformMatch { system = "aarch64-darwin"; } "aarch64-darwin"
=> true
# Inputs
`platform`
: 1\. Function argument
`elem`
: 2\. Function argument
# Examples
:::{.example}
## `lib.meta.platformMatch` usage example
```nix
lib.meta.platformMatch { system = "aarch64-darwin"; } "aarch64-darwin"
=> true
```
:::
*/
platformMatch = platform: elem: (
# Check with simple string comparison if elem was a string.
@ -112,39 +249,70 @@ rec {
) platform
);
/* Check if a package is available on a given platform.
/**
Check if a package is available on a given platform.
A package is available on a platform if both
A package is available on a platform if both
1. One of `meta.platforms` pattern matches the given
platform, or `meta.platforms` is not present.
1. One of `meta.platforms` pattern matches the given
platform, or `meta.platforms` is not present.
2. None of `meta.badPlatforms` pattern matches the given platform.
2. None of `meta.badPlatforms` pattern matches the given platform.
Example:
lib.meta.availableOn { system = "aarch64-darwin"; } pkg.zsh
=> true
# Inputs
`platform`
: 1\. Function argument
`pkg`
: 2\. Function argument
# Examples
:::{.example}
## `lib.meta.availableOn` usage example
```nix
lib.meta.availableOn { system = "aarch64-darwin"; } pkg.zsh
=> true
```
:::
*/
availableOn = platform: pkg:
((!pkg?meta.platforms) || any (platformMatch platform) pkg.meta.platforms) &&
all (elem: !platformMatch platform elem) (pkg.meta.badPlatforms or []);
/* Get the corresponding attribute in lib.licenses
from the SPDX ID.
For SPDX IDs, see
https://spdx.org/licenses
/**
Get the corresponding attribute in lib.licenses
from the SPDX ID.
For SPDX IDs, see
https://spdx.org/licenses
Type:
getLicenseFromSpdxId :: str -> AttrSet
# Type
Example:
lib.getLicenseFromSpdxId "MIT" == lib.licenses.mit
=> true
lib.getLicenseFromSpdxId "mIt" == lib.licenses.mit
=> true
lib.getLicenseFromSpdxId "MY LICENSE"
=> trace: warning: getLicenseFromSpdxId: No license matches the given SPDX ID: MY LICENSE
=> { shortName = "MY LICENSE"; }
```
getLicenseFromSpdxId :: str -> AttrSet
```
# Examples
:::{.example}
## `lib.meta.getLicenseFromSpdxId` usage example
```nix
lib.getLicenseFromSpdxId "MIT" == lib.licenses.mit
=> true
lib.getLicenseFromSpdxId "mIt" == lib.licenses.mit
=> true
lib.getLicenseFromSpdxId "MY LICENSE"
=> trace: warning: getLicenseFromSpdxId: No license matches the given SPDX ID: MY LICENSE
=> { shortName = "MY LICENSE"; }
```
:::
*/
getLicenseFromSpdxId =
let
@ -156,15 +324,34 @@ rec {
{ shortName = licstr; }
);
/* Get the path to the main program of a package based on meta.mainProgram
/**
Get the path to the main program of a package based on meta.mainProgram
Type: getExe :: package -> string
Example:
getExe pkgs.hello
=> "/nix/store/g124820p9hlv4lj8qplzxw1c44dxaw1k-hello-2.12/bin/hello"
getExe pkgs.mustache-go
=> "/nix/store/am9ml4f4ywvivxnkiaqwr0hyxka1xjsf-mustache-go-1.3.0/bin/mustache"
# Inputs
`x`
: 1\. Function argument
# Type
```
getExe :: package -> string
```
# Examples
:::{.example}
## `lib.meta.getExe` usage example
```nix
getExe pkgs.hello
=> "/nix/store/g124820p9hlv4lj8qplzxw1c44dxaw1k-hello-2.12/bin/hello"
getExe pkgs.mustache-go
=> "/nix/store/am9ml4f4ywvivxnkiaqwr0hyxka1xjsf-mustache-go-1.3.0/bin/mustache"
```
:::
*/
getExe = x: getExe' x (x.meta.mainProgram or (
# This could be turned into an error when 23.05 is at end of life
@ -173,14 +360,38 @@ rec {
x
));
/* Get the path of a program of a derivation.
/**
Get the path of a program of a derivation.
Type: getExe' :: derivation -> string -> string
Example:
getExe' pkgs.hello "hello"
=> "/nix/store/g124820p9hlv4lj8qplzxw1c44dxaw1k-hello-2.12/bin/hello"
getExe' pkgs.imagemagick "convert"
=> "/nix/store/5rs48jamq7k6sal98ymj9l4k2bnwq515-imagemagick-7.1.1-15/bin/convert"
# Inputs
`x`
: 1\. Function argument
`y`
: 2\. Function argument
# Type
```
getExe' :: derivation -> string -> string
```
# Examples
:::{.example}
## `lib.meta.getExe'` usage example
```nix
getExe' pkgs.hello "hello"
=> "/nix/store/g124820p9hlv4lj8qplzxw1c44dxaw1k-hello-2.12/bin/hello"
getExe' pkgs.imagemagick "convert"
=> "/nix/store/5rs48jamq7k6sal98ymj9l4k2bnwq515-imagemagick-7.1.1-15/bin/convert"
```
:::
*/
getExe' = x: y:
assert assertMsg (isDerivation x)

6
lib/options.nix
View File

@ -220,10 +220,10 @@ rec {
(if isList example then "${pkgsText}." + concatStringsSep "." example else example);
});
/* Alias of mkPackageOption. Previously used to create options with markdown
documentation, which is no longer required.
/* Deprecated alias of mkPackageOption, to be removed in 25.05.
Previously used to create options with markdown documentation, which is no longer required.
*/
mkPackageOptionMD = mkPackageOption;
mkPackageOptionMD = lib.warn "mkPackageOptionMD is deprecated and will be removed in 25.05; please use mkPackageOption." mkPackageOption;
/* This option accepts anything, but it does not produce any result.

12
lib/systems/examples.nix
View File

@ -60,23 +60,23 @@ rec {
armv7a-android-prebuilt = {
config = "armv7a-unknown-linux-androideabi";
rust.rustcTarget = "armv7-linux-androideabi";
sdkVer = "28";
ndkVer = "24";
sdkVer = "33";
ndkVer = "26";
useAndroidPrebuilt = true;
} // platforms.armv7a-android;
aarch64-android-prebuilt = {
config = "aarch64-unknown-linux-android";
rust.rustcTarget = "aarch64-linux-android";
sdkVer = "28";
ndkVer = "24";
sdkVer = "33";
ndkVer = "26";
useAndroidPrebuilt = true;
};
aarch64-android = {
config = "aarch64-unknown-linux-android";
sdkVer = "30";
ndkVer = "24";
sdkVer = "33";
ndkVer = "26";
libc = "bionic";
useAndroidPrebuilt = false;
useLLVM = true;

266
maintainers/maintainer-list.nix
View File

@ -97,6 +97,12 @@
githubId = 9675338;
keys = [ { fingerprint = "F466 A548 AD3F C1F1 8C88 4576 8702 7528 B006 D66D"; } ];
};
_0x5a4 = {
email = "bej86nug@hhu.de";
name = "0x5a4";
github = "0x5a4";
githubId = 54070204;
};
_0xB10C = {
email = "nixpkgs@b10c.me";
name = "0xB10C";
@ -640,7 +646,7 @@
name = "Alexander Hirner";
};
ahoneybun = {
email = "aaron@system76.com";
email = "aaronhoneycutt@proton.me";
github = "ahoneybun";
githubId = 4884946;
name = "Aaron Honeycutt";
@ -1048,13 +1054,6 @@
githubId = 169249;
name = "Alex Brandt";
};
alva = {
email = "alva@skogen.is";
github = "illfygli";
githubId = 42881386;
name = "Alva";
keys = [ { fingerprint = "B422 CFB1 C9EF 73F7 E1E2 698D F53E 3233 42F7 A6D3A"; } ];
};
alxsimon = {
email = "alexis.simon@normalesup.org";
github = "alxsimon";
@ -1160,6 +1159,11 @@
githubId = 858965;
name = "Andrew Morsillo";
};
amozeo = {
email = "wroclaw223@outlook.com";
githubId = 37040543;
name = "Wroclaw";
};
amyipdev = {
email = "amy@amyip.net";
github = "amyipdev";
@ -1551,12 +1555,6 @@
githubId = 56009;
name = "Arcadio Rubio García";
};
arcayr = {
email = "nix@arcayr.online";
github = "arcayr";
githubId = 11192354;
name = "Elliot Speck";
};
archer-65 = {
email = "mario.liguori.056@gmail.com";
github = "archer-65";
@ -1983,6 +1981,12 @@
githubId = 12958979;
name = "Mika Naylor";
};
autra = {
email = "augustin.trancart@gmail.com";
github = "autra";
githubId = 1576598;
name = "Augustin Trancart";
};
autrimpo = {
email = "michal@koutensky.net";
github = "autrimpo";
@ -2665,6 +2669,12 @@
githubId = 37907;
name = "Julian Stecklina";
};
bloeckchengrafik = {
email = "christian.bergschneider@gmx.de";
github = "Bloeckchengrafik";
githubId = 37768199;
name = "Christian Bergschneider";
};
bloveless = {
email = "brennon.loveless@gmail.com";
github = "bloveless";
@ -3962,6 +3972,12 @@
githubId = 40290417;
name = "Seb Blair";
};
CompileTime = {
email = "socialcoms@posteo.de";
github = "Compile-Time";
githubId = 18414241;
name = "Andreas Erdes";
};
confus = {
email = "con-f-use@gmx.net";
github = "con-f-use";
@ -4260,6 +4276,12 @@
github = "d4ilyrun";
githubId = 34611103;
};
d4rkstar = {
name = "Bruno Salzano";
email = "d4rkstar@gmail.com";
github = "d4rkstar";
githubId = 4957015;
};
dadada = {
name = "dadada";
email = "dadada@dadada.li";
@ -4330,6 +4352,12 @@
githubId = 24708079;
name = "Dan Eads";
};
danielalvsaaker = {
email = "daniel.alvsaaker@proton.me";
github = "danielalvsaaker";
githubId = 30574112;
name = "Daniel Alvsåker";
};
danielbarter = {
email = "danielbarter@gmail.com";
github = "danielbarter";
@ -5867,6 +5895,13 @@
githubId = 13485450;
name = "Emmanuel Rosa";
};
emneo = {
name = "emneo";
email = "emneo@kreog.com";
github = "emneo-dev";
githubId = 44233177;
keys = [ { fingerprint = "5FD0 400D 0E78 EAF9 8431 4880 8EBF C4B9 24C6 2D20"; } ];
};
emptyflask = {
email = "jon@emptyflask.dev";
github = "emptyflask";
@ -6500,6 +6535,18 @@
githubId = 8182846;
name = "Francesco Gazzetta";
};
fidgetingbits = {
name = "fidgetingbits";
email = "nixpkgs.xe7au@passmail.net";
matrix = "@fidgetingbits:matrix.org";
github = "fidgetingbits";
githubId = 13679876;
keys = [
{ fingerprint = "U+vNNrQxJRj3NPu9EoD0LFZssRbk6LBg4YPN5nFvQvs"; }
{ fingerprint = "lX5ewVcaQLxuzqI92gujs3jFNki4d8qF+PATexMijoQ"; }
{ fingerprint = "elY15tXap1tddxbBVoUoAioe1u0RDWti5rc9cauSmwo"; }
];
};
figsoda = {
email = "figsoda@pm.me";
matrix = "@figsoda:matrix.org";
@ -6806,6 +6853,14 @@
matrix = "@frogamic:beeper.com";
keys = [ { fingerprint = "779A 7CA8 D51C C53A 9C51 43F7 AAE0 70F0 67EC 00A5"; } ];
};
frontear = {
name = "Ali Rizvi";
email = "perm-iterate-0b@icloud.com";
matrix = "@frontear:matrix.org";
github = "Frontear";
githubId = 31909298;
keys = [ { fingerprint = "C170 11B7 C0AA BB3F 7415 022C BCB5 CEFD E222 82F5"; } ];
};
frontsideair = {
email = "photonia@gmail.com";
github = "frontsideair";
@ -7367,12 +7422,6 @@
github = "gmacon";
githubId = 238853;
};
gmemstr = {
email = "git@gmem.ca";
github = "gmemstr";
githubId = 1878840;
name = "Gabriel Simmer";
};
gnxlxnxx = {
email = "gnxlxnxx@web.de";
github = "gnxlxnxx";
@ -8393,6 +8442,12 @@
githubId = 7403236;
name = "Markus J. Ankenbrand";
};
iivusly = {
email = "iivusly@icloud.com";
github = "iivusly";
githubId = 52052910;
name = "iivusly";
};
ikervagyok = {
email = "ikervagyok@gmail.com";
github = "ikervagyok";
@ -8708,12 +8763,6 @@
githubId = 650601;
name = "Ivan Tkatchev";
};
ivar = {
email = "ivar.scholten@protonmail.com";
github = "IvarWithoutBones";
githubId = 41924494;
name = "Ivar";
};
ivarmedi = {
email = "ivar@larsson.me";
github = "ivarmedi";
@ -9725,13 +9774,6 @@
github = "jonochang";
githubId = 13179;
};
jonringer = {
email = "jonringer117@gmail.com";
matrix = "@jonringer:matrix.org";
github = "jonringer";
githubId = 7673602;
name = "Jonathan Ringer";
};
jopejoe1 = {
email = "johannes@joens.email";
matrix = "@jopejoe1:matrix.org";
@ -9816,6 +9858,11 @@
githubId = 1918771;
name = "Joe Doyle";
};
jpds = {
github = "jpds";
githubId = 29158971;
name = "Jonathan Davies";
};
jpentland = {
email = "joe.pentland@gmail.com";
github = "jpentland";
@ -9951,6 +9998,12 @@
githubId = 5802758;
name = "Joshua Trees";
};
jtszalay = {
email = "jamestszalay@gmail.com";
github = "jtszalay";
githubId = 589502;
name = "James Szalay";
};
juancmuller = {
email = "nix@juancmuller.com";
githubId = 208500;
@ -10568,13 +10621,6 @@
name = "Kat Inskip";
keys = [ { fingerprint = "9CC6 44B5 69CD A59B C874 C4C9 E8DD E3ED 1C90 F3A0"; } ];
};
kiwi = {
email = "envy1988@gmail.com";
github = "Kiwi";
githubId = 35715;
name = "Robert Djubek";
keys = [ { fingerprint = "8992 44FC D291 5CA2 0A97 802C 156C 88A5 B0A0 4B2A"; } ];
};
kjeremy = {
email = "kjeremy@gmail.com";
name = "Jeremy Kolb";
@ -10587,6 +10633,17 @@
github = "kkharji";
githubId = 65782666;
};
kkoniuszy = {
name = "Kacper Koniuszy";
github = "kkoniuszy";
githubId = 120419423;
};
klchen0112 = {
name = "klchen0112";
email = "klchen0112@gmail.com";
github = "klchen0112";
githubId = 32459567;
};
klden = {
name = "Kenzyme Le";
email = "kl@kenzymele.com";
@ -11053,12 +11110,6 @@
githubId = 621759;
name = "Lassulus";
};
laurailway = {
email = "laurailway.git@posteo.net";
github = "LAURAilway";
githubId = 118690640;
name = "Laura";
};
laurent-f1z1 = {
email = "laurent.nixpkgs@fainsin.bzh";
github = "Laurent2916";
@ -11291,12 +11342,6 @@
github = "LogicalOverflow";
githubId = 5919957;
};
lheckemann = {
email = "git@sphalerite.org";
github = "lheckemann";
githubId = 341954;
name = "Linus Heckemann";
};
lhvwb = {
email = "nathaniel.baxter@gmail.com";
github = "nathanielbaxter";
@ -11309,6 +11354,12 @@
githubId = 1769386;
name = "Liam Diprose";
};
liarokapisv = {
email = "liarokapis.v@gmail.com";
github = "liarokapisv";
githubId = 19633626;
name = "Alexandros Liarokapis";
};
liassica = {
email = "git-commit.jingle869@aleeas.com";
github = "Liassica";
@ -11406,6 +11457,12 @@
githubId = 36448130;
name = "Michael Brantley";
};
linbreux = {
email = "linbreux@gmail.com";
github = "linbreux";
githubId = 29354411;
name = "linbreux";
};
linc01n = {
email = "git@lincoln.hk";
github = "linc01n";
@ -11629,6 +11686,13 @@
githubId = 10626;
name = "Andreas Wagner";
};
lpchaim = {
email = "lpchaim@gmail.comm";
matrix = "@lpchaim:matrix.org";
github = "lpchaim";
githubId = 4030336;
name = "Lucas Chaim";
};
lpostula = {
email = "lois@postu.la";
github = "loispostula";
@ -12902,6 +12966,12 @@
githubId = 20536514;
name = "Magdalena Haselsteiner";
};
mi-ael = {
email = "miael.oss.1970@gmail.com";
name = "mi-ael";
github = "mi-ael";
githubId = 12199265;
};
miangraham = {
github = "miangraham";
githubId = 704580;
@ -13131,6 +13201,12 @@
githubId = 3269878;
name = "Miguel Madrid Mencía";
};
mimvoid = {
github = "mimvoid";
githubId = 153698678;
email = "mimvoid@proton.me";
name = "mimvoid";
};
mindavi = {
email = "rol3517@gmail.com";
github = "Mindavi";
@ -13279,6 +13355,12 @@
githubId = 5698461;
name = "Maciej Kazulak";
};
mkez = {
email = "matias.zwinger+nix@protonmail.com";
github = "mk3z";
githubId = 52108954;
name = "Matias Zwinger";
};
mkf = {
email = "m@mikf.pl";
github = "mkf";
@ -13407,14 +13489,6 @@
githubId = 754512;
name = "Mogria";
};
mohe2015 = {
name = "Moritz Hedtke";
email = "Moritz.Hedtke@t-online.de";
matrix = "@moritz.hedtke:matrix.org";
github = "mohe2015";
githubId = 13287984;
keys = [ { fingerprint = "1248 D3E1 1D11 4A85 75C9 8934 6794 D45A 488C 2EDE"; } ];
};
momeemt = {
name = "Mutsuha Asada";
email = "me@momee.mt";
@ -13629,6 +13703,12 @@
githubId = 3856390;
email = "mschwaig+nixpkgs@eml.cc";
};
msciabarra = {
email = "msciabarra@apache.org";
github = "sciabarracom";
githubId = 30654959;
name = "Michele Sciabarra";
};
msiedlarek = {
email = "mikolaj@siedlarek.pl";
github = "msiedlarek";
@ -14147,7 +14227,7 @@
networkexception = {
name = "networkException";
email = "nix@nwex.de";
matrix = "@networkexception:chat.upi.li";
matrix = "@networkexception:nwex.de";
github = "networkException";
githubId = 42888162;
keys = [ { fingerprint = "A0B9 48C5 A263 55C2 035F 8567 FBB7 2A94 52D9 1A72"; } ];
@ -15184,6 +15264,12 @@
githubId = 79252025;
name = "Nicolas Benes";
};
panky = {
email = "dev@pankajraghav.com";
github = "Panky-codes";
githubId = 33182938;
name = "Pankaj";
};
paperdigits = {
email = "mica@silentumbrella.com";
github = "paperdigits";
@ -15392,6 +15478,12 @@
githubId = 920910;
name = "peelz";
};
peigongdsd = {
email = "peigong2013@outlook.com";
github = "peigongdsd";
githubId = 51317171;
name = "Peilin Lee";
};
pelme = {
email = "andreas@pelme.se";
github = "pelme";
@ -15780,6 +15872,12 @@
githubId = 4303706;
keys = [ { fingerprint = "B00F E582 FD3F 0732 EA48 3937 F558 14E4 D687 4375"; } ];
};
pladypus = {
name = "Peter Loftus";
email = "loftusp5976+nixpkgs@gmail.com";
github = "pladypus";
githubId = 56337621;
};
plchldr = {
email = "mail@oddco.de";
github = "plchldr";
@ -17670,13 +17768,6 @@
githubId = 226872;
name = "Samuel Ainsworth";
};
samueldr = {
email = "samuel@dionne-riel.com";
matrix = "@samueldr:matrix.org";
github = "samueldr";
githubId = 132835;
name = "Samuel Dionne-Riel";
};
samuelefacenda = {
name = "Samuele Facenda";
email = "samuele.facenda@gmail.com";
@ -18780,14 +18871,6 @@
githubId = 53029739;
name = "Joshua Ortiz";
};
Sorixelle = {
email = "ruby+nixpkgs@srxl.me";
matrix = "@ruby:isincredibly.gay";
name = "Ruby Iris Juric";
github = "Sorixelle";
githubId = 38685302;
keys = [ { fingerprint = "2D76 76C7 A28E 16FC 75C7 268D 1B55 6ED8 4B0E 303A"; } ];
};
sorki = {
email = "srk@48.io";
github = "sorki";
@ -19517,6 +19600,12 @@
githubId = 870673;
name = "Takuo Yonezawa";
};
TakWolf = {
email = "takwolf@foxmail.com";
github = "TakWolf";
githubId = 6064962;
name = "TakWolf";
};
talkara = {
email = "taito.horiuchi@relexsolutions.com";
github = "talkara";
@ -19877,6 +19966,13 @@
github = "thenonameguy";
githubId = 2217181;
};
theobori = {
name = "Théo Bori";
email = "theo1.bori@epitech.eu";
github = "theobori";
githubId = 71843723;
keys = [ { fingerprint = "EEFB CC3A C529 CFD1 943D A75C BDD5 7BE9 9D55 5965"; } ];
};
therealansh = {
email = "tyagiansh23@gmail.com";
github = "therealansh";
@ -20007,12 +20103,6 @@
githubId = 1391883;
name = "Tom Hall";
};
thubrecht = {
email = "tom@hubrecht.ovh";
github = "Tom-Hubrecht";
githubId = 26650391;
name = "Tom Hubrecht";
};
Thunderbottom = {
email = "chinmaydpai@gmail.com";
github = "Thunderbottom";
@ -20267,6 +20357,12 @@
email = "tomaszierl@outlook.com";
name = "Tomkoid";
};
Tommimon = {
name = "Tommaso Montanari";
email = "sefymw7q8@mozmail.com";
github = "Tommimon";
githubId = 37435103;
};
tomodachi94 = {
email = "tomodachi94@protonmail.com";
matrix = "@tomodachi94:matrix.org";
@ -21543,12 +21639,6 @@
githubId = 11740700;
name = "Andrei Pampu";
};
wolfangaukang = {
email = "clone.gleeful135+nixpkgs@anonaddy.me";
github = "WolfangAukang";
githubId = 8378365;
name = "P. R. d. O.";
};
wolfgangwalther = {
name = "Wolfgang Walther";
email = "walther@technowledgy.de";

24
maintainers/scripts/bootstrap-files/README.md
View File

@ -47,6 +47,30 @@ target:
who can help you test the updated architecture and once reviewed tag
`@lovesegfault` to upload the tarballs.
## How to add bootstrap files for a new target
The procedure to add a new target is very similar to the update
procedure. The only difference is that you need to set up a new job to
build the `bootstrapFiles`. To do that you will need the following:
1. Add your new target to `lib/systems/examples.nix`
This will populate `pkgsCross.$target` attribute set. If you are
dealing with `bootstrapFiles` upload you probably already have it.
2. Add your new target to
`pkgs/stdenv/linux/make-bootstrap-tools-cross.nix`. This will add a
new hydra job to `nixpkgs:cross-trunk` jobset.
3. Wait for a hydra to build your bootstrap tarballs.
4. Add your new target to
`maintainers/scripts/bootstrap-files/refresh-tarballs.bash` around
`CROSS_TARGETS=()`.
5. Add your new target to `pkgs/stdenv/linux/default.nix` and follow
standard bootstrap seed update procedure above.
## Bootstrap files job definitions
There are two types of bootstrap files:

3
maintainers/scripts/pluginupdate.py
View File

@ -788,7 +788,10 @@ def update_plugins(editor: Editor, args):
fetch_config = FetchConfig(args.proc, args.github_token)
update = editor.get_update(args.input_file, args.outfile, fetch_config)
start_time = time.time()
redirects = update()
duration = time.time() - start_time
print(f"The plugin update took {duration}s.")
editor.rewrite_input(fetch_config, args.input_file, editor.deprecated, redirects)
autocommit = not args.no_commit

12
maintainers/team-list.nix
View File

@ -192,7 +192,6 @@ with lib.maintainers;
dotnet = {
members = [
ivar
mdarocha
corngood
ggg
@ -380,6 +379,7 @@ with lib.maintainers;
golang = {
members = [
kalbasit
katexochen
mic92
zowoq
qbit
@ -460,7 +460,6 @@ with lib.maintainers;
members = [
cleverca22
disassembler
jonringer
manveru
nrdxp
];
@ -677,12 +676,6 @@ with lib.maintainers;
shortName = "Mercury Employees";
};
mobile = {
members = [ samueldr ];
scope = "Maintain Mobile NixOS.";
shortName = "Mobile";
};
nix = {
members = [
eelco
@ -800,7 +793,6 @@ with lib.maintainers;
python = {
members = [
hexa
jonringer
natsukium
];
scope = "Maintain the Python interpreter and related packages.";
@ -919,7 +911,6 @@ with lib.maintainers;
members = [
atemu
eclairevoyant
jonringer
k900
mkg20001
];
@ -951,7 +942,6 @@ with lib.maintainers;
vim = {
members = [
figsoda
jonringer
softinio
teto
];

28
nixos/doc/manual/configuration/gpu-accel.chapter.md
View File

@ -30,7 +30,7 @@ $ export \
```
The second mechanism is to add the OpenCL driver package to
[](#opt-hardware.opengl.extraPackages).
[](#opt-hardware.graphics.extraPackages).
This links the ICD file under `/run/opengl-driver`, where it will be visible
to the ICD loader.
@ -51,12 +51,12 @@ Platform Vendor Advanced Micro Devices, Inc.
Modern AMD [Graphics Core
Next](https://en.wikipedia.org/wiki/Graphics_Core_Next) (GCN) GPUs are
supported through the rocmPackages.clr.icd package. Adding this package to
[](#opt-hardware.opengl.extraPackages)
[](#opt-hardware.graphics.extraPackages)
enables OpenCL support:
```nix
{
hardware.opengl.extraPackages = [
hardware.graphics.extraPackages = [
rocmPackages.clr.icd
];
}
@ -71,13 +71,13 @@ intel-compute-runtime package. The proprietary Intel OpenCL runtime, in
the intel-ocl package, is an alternative for Gen7 GPUs.
The intel-compute-runtime or intel-ocl package can be added to
[](#opt-hardware.opengl.extraPackages)
[](#opt-hardware.graphics.extraPackages)
to enable OpenCL support. For example, for Gen8 and later GPUs, the following
configuration can be used:
```nix
{
hardware.opengl.extraPackages = [
hardware.graphics.extraPackages = [
intel-compute-runtime
];
}
@ -90,8 +90,8 @@ compute API for GPUs. It is used directly by games or indirectly though
compatibility layers like
[DXVK](https://github.com/doitsujin/dxvk/wiki).
By default, if [](#opt-hardware.opengl.driSupport)
is enabled, mesa is installed and provides Vulkan for supported hardware.
By default, if [](#opt-hardware.graphics.enable)
is enabled, Mesa is installed and provides Vulkan for supported hardware.
Similar to OpenCL, Vulkan drivers are loaded through the *Installable
Client Driver* (ICD) mechanism. ICD files for Vulkan are JSON files that
@ -110,7 +110,7 @@ $ export \
```
The second mechanism is to add the Vulkan driver package to
[](#opt-hardware.opengl.extraPackages).
[](#opt-hardware.graphics.extraPackages).
This links the ICD file under `/run/opengl-driver`, where it will be
visible to the ICD loader.
@ -140,18 +140,18 @@ Modern AMD [Graphics Core
Next](https://en.wikipedia.org/wiki/Graphics_Core_Next) (GCN) GPUs are
supported through either radv, which is part of mesa, or the amdvlk
package. Adding the amdvlk package to
[](#opt-hardware.opengl.extraPackages)
[](#opt-hardware.graphics.extraPackages)
makes amdvlk the default driver and hides radv and lavapipe from the device list.
A specific driver can be forced as follows:
```nix
{
hardware.opengl.extraPackages = [
hardware.graphics.extraPackages = [
pkgs.amdvlk
];
# To enable Vulkan support for 32-bit applications, also add:
hardware.opengl.extraPackages32 = [
hardware.graphics.extraPackages32 = [
pkgs.driversi686Linux.amdvlk
];
@ -171,7 +171,7 @@ graphics hardware acceleration capabilities for video processing.
VA-API drivers are loaded by `libva`. The version in nixpkgs is built to search
the opengl driver path, so drivers can be installed in
[](#opt-hardware.opengl.extraPackages).
[](#opt-hardware.graphics.extraPackages).
VA-API can be tested using:
@ -185,7 +185,7 @@ Modern Intel GPUs use the iHD driver, which can be installed with:
```nix
{
hardware.opengl.extraPackages = [
hardware.graphics.extraPackages = [
intel-media-driver
];
}
@ -195,7 +195,7 @@ Older Intel GPUs use the i965 driver, which can be installed with:
```nix
{
hardware.opengl.extraPackages = [
hardware.graphics.extraPackages = [
intel-vaapi-driver
];
}

19
nixos/doc/manual/configuration/x-windows.chapter.md
View File

@ -79,7 +79,7 @@ Wine, you should also set the following:
```nix
{
hardware.opengl.driSupport32Bit = true;
hardware.graphics.enable32Bit = true;
}
```
@ -183,23 +183,6 @@ If you have an older card, you may have to use one of the legacy drivers:
You may need to reboot after enabling this driver to prevent a clash
with other kernel modules.
## Proprietary AMD drivers {#sec-x11--graphics-cards-amd}
AMD provides a proprietary driver for its graphics cards that is not
enabled by default because it's not Free Software, is often broken in
nixpkgs and as of this writing doesn't offer more features or
performance. If you still want to use it anyway, you need to explicitly
set:
```nix
{
services.xserver.videoDrivers = [ "amdgpu-pro" ];
}
```
You will need to reboot after enabling this driver to prevent a clash
with other kernel modules.
## Touchpads {#sec-x11-touchpads}
Support for Synaptics touchpads (found in many laptops such as the Dell

2
nixos/doc/manual/release-notes/rl-2205.section.md
View File

@ -453,7 +453,7 @@ In addition to numerous new and upgraded packages, this release has the followin
The new names are as follows:
- `bindAddress`: [`services.keycloak.settings.http-host`](#opt-services.keycloak.settings.http-host)
- `forceBackendUrlToFrontendUrl`: [`services.keycloak.settings.hostname-strict-backchannel`](#opt-services.keycloak.settings.hostname-strict-backchannel)
- `forceBackendUrlToFrontendUrl`: `services.keycloak.settings.hostname-strict-backchannel`
- `httpPort`: [`services.keycloak.settings.http-port`](#opt-services.keycloak.settings.http-port)
- `httpsPort`: [`services.keycloak.settings.https-port`](#opt-services.keycloak.settings.https-port)

4
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -62,7 +62,7 @@ In addition to numerous new and upgraded packages, this release has the followin
<!-- Please keep entries alphabetically sorted. -->
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server software.
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the ankisyncd software.
- [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable).
@ -207,6 +207,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [xdg-terminal-exec](https://github.com/Vladimir-csp/xdg-terminal-exec), the proposed Default Terminal Execution Specification.
- Convenience options for `amdgpu`, open source driver for Radeon cards, is now available under `hardware.amdgpu`.
- [ydotool](https://github.com/ReimuNotMoe/ydotool), a generic command-line automation tool now has a module. Available as [programs.ydotool](#opt-programs.ydotool.enable).
- [your_spotify](https://github.com/Yooooomi/your_spotify), a self hosted Spotify tracking dashboard. Available as [services.your_spotify](#opt-services.your_spotify.enable)

67
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -4,6 +4,8 @@
## Highlights {#sec-release-24.11-highlights}
- Convenience options for `amdgpu`, open source driver for Radeon cards, is now available under `hardware.amdgpu`.
- [AMDVLK](https://github.com/GPUOpen-Drivers/AMDVLK), AMD's open source Vulkan driver, is now available to be configured as `hardware.amdgpu.amdvlk` option.
This also allows configuring runtime settings of AMDVLK and enabling experimental features.
@ -19,19 +21,45 @@
- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
- [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a web ui for connecting devices. Available at [services.wg-access-server](#opt-services.wg-access-server.enable).
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
- `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:
- `transmission-gtk`: `~/.config/transmission`
- `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`)
- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later.
- `wstunnel` has had a major version upgrade that entailed rewriting the program in Rust.
The module was updated to accommodate for breaking changes.
Breaking changes to the module API were minimised as much as possible,
but some were nonetheless inevitable due to changes in the upstream CLI.
Certain options were moved from separate CLI arguments into the forward specifications,
and those options were also removed from the module's API,
please consult the wstunnel man page for more detail.
Also be aware that if you have set additional options in `services.wstunnel.{clients,servers}.<name>.extraArgs`,
that those might have been removed or modified upstream.
- `clang-tools_<version>` packages have been moved into `llvmPackages_<version>` (i.e. `clang-tools_18` is now `llvmPackages_18.clang-tools`).
- For convenience, the top-level `clang-tools` attribute remains and is now bound to `llvmPackages.clang-tools`.
- Top-level `clang_tools_<version>` attributes are now aliases; these will be removed in a future release.
- `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`.
- `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can
use the new `opensshWithKerberos` and `openssh_hpnWithKerberos` flavors (e.g. `programs.ssh.package = pkgs.openssh_gssapi`).
- `security.ipa.ipaHostname` now defaults to the value of `networking.fqdn` if
it is set, instead of the previous hardcoded default of
`${networking.hostName}.${security.ipa.domain}`.
- `nvimpager` was updated to version 0.13.0, which changes the order of user and
nvimpager settings: user commands in `-c` and `--cmd` now override the
respective default settings because they are executed later.
- `pkgs.nextcloud27` has been removed since it's EOL.
- `services.forgejo.mailerPasswordFile` has been deprecated by the drop-in replacement `services.forgejo.secrets.mailer.PASSWD`,
which is part of the new free-form `services.forgejo.secrets` option.
`services.forgejo.secrets` is a small wrapper over systemd's `LoadCredential=`. It has the same structure (sections/keys) as
@ -51,6 +79,10 @@
before changing the package to `pkgs.stalwart-mail` in
[`services.stalwart-mail.package`](#opt-services.stalwart-mail.package).
- `androidndkPkgs` has been updated to `androidndkPkgs_26`.
- Android NDK version 26 and SDK version 33 are now the default versions used for cross compilation to android.
- `haskell.lib.compose.justStaticExecutables` now disallows references to GHC in the
output by default, to alert users to closure size issues caused by
[#164630](https://github.com/NixOS/nixpkgs/issues/164630). See ["Packaging
@ -59,10 +91,27 @@
for information on working around `output '...' is not allowed to refer to
the following paths` errors caused by this change.
- The `stalwart-mail` service now runs under the `stalwart-mail` system user
instead of a dynamically created one via `DynamicUser`, to avoid automatic
ownership changes on its large file store each time the service was started.
This change requires to manually move the state directory from
`/var/lib/private/stalwart-mail` to `/var/lib/stalwart-mail` and to
change the ownership of the directory and its content to `stalwart-mail`.
- The `stalwart-mail` module now uses RocksDB as the default storage backend
for `stateVersion` ≥ 24.11. (It was previously using SQLite for structured
data and the filesystem for blobs).
- `libe57format` has been updated to `>= 3.0.0`, which contains some backward-incompatible API changes. See the [release note](https://github.com/asmaloney/libE57Format/releases/tag/v3.0.0) for more details.
- `gitlab` deprecated support for *runner registration tokens* in GitLab 16.0, disabled their support in GitLab 17.0 and will
ultimately remove it in GitLab 18.0, as outlined in the
[documentation](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes).
After upgrading to GitLab >= 17.0, it is possible to re-enable support for registration tokens in the UI until GitLab 18.0.
Refer to the manual on [using registration tokens after GitLab 17.0](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170).
GitLab administrators should migrate to the [new runner registration workflow](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170)
with *runner authentication tokens* until the release of GitLab 18.0.
- `zx` was updated to v8, which introduces several breaking changes.
See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information.
@ -75,10 +124,20 @@
services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
```
- The default value of `services.kubernetes.kubelet.hostname` is now lowercased.
Explicitly set `kubelet.hostname` to `networking.fqdnOrHostName` to get back
the old default behavior.
- `keycloak` was updated to version 25, which introduces new hostname related options.
See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.
- The `tracy` package no longer works on X11, since it's moved to Wayland
support, which is the intended default behavior by Tracy maintainers.
X11 users have to switch to the new package `tracy-x11`.
- The `services.prometheus.exporters.minio` option has been removed, as it's upstream implementation was broken and unmaintained.
Minio now has built-in [Prometheus metrics exposure](https://min.io/docs/minio/linux/operations/monitoring/collect-minio-metrics-using-prometheus.html), which can be used instead.
## Other Notable Changes {#sec-release-24.11-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -87,6 +146,14 @@
not the `hare` package, should be added to `nativeBuildInputs` when building
Hare programs.
- [`lib.options.mkPackageOptionMD`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOptionMD) is now obsolete; use the identical [`lib.options.mkPackageOption`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOption) instead.
- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
The derivation now installs "impl" headers selectively instead of by a wildcard.
Use `imgui.src` if you just want to access the unpacked sources.
- Support for *runner registration tokens* has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872)
in `gitlab-runner` 15.6 and is expected to be removed in `gitlab-runner` 18.0. Configuration of existing runners
should be changed to using *runner authentication tokens* by configuring
{option}`services.gitlab-runner.services.<name>.authenticationTokenConfigFile` instead of the former
{option}`services.gitlab-runner.services.<name>.registrationConfigFile` option.

9
nixos/lib/make-disk-image.nix
View File

@ -603,10 +603,11 @@ let format' = format; in let
${lib.optionalString installBootLoader ''
# In this throwaway resource, we only have /dev/vda, but the actual VM may refer to another disk for bootloader, e.g. /dev/vdb
# Use this option to create a symlink from vda to any arbitrary device you want.
${optionalString (config.boot.loader.grub.enable && config.boot.loader.grub.device != "/dev/vda") ''
mkdir -p $(dirname ${config.boot.loader.grub.device})
ln -s /dev/vda ${config.boot.loader.grub.device}
''}
${optionalString (config.boot.loader.grub.enable) (lib.concatMapStringsSep " " (device:
lib.optionalString (device != "/dev/vda") ''
mkdir -p "$(dirname ${device})"
ln -s /dev/vda ${device}
'') config.boot.loader.grub.devices)}
# Set up core system link, bootloader (sd-boot, GRUB, uboot, etc.), etc.

10
nixos/modules/config/swap.nix
View File

@ -275,7 +275,6 @@ in
chattr +C "$DEVICE" 2>/dev/null || true
dd if=/dev/zero of="$DEVICE" bs=1M count=${toString sw.size}
chmod 0600 ${sw.device}
${optionalString (!sw.randomEncryption.enable) "mkswap ${sw.realDevice}"}
fi
''}
@ -292,9 +291,12 @@ in
unitConfig.RequiresMountsFor = [ "${dirOf sw.device}" ];
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = sw.randomEncryption.enable;
serviceConfig.ExecStop = optionalString sw.randomEncryption.enable "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = sw.randomEncryption.enable;
UMask = "0177";
ExecStop = optionalString sw.randomEncryption.enable "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}";
};
restartIfChanged = false;
};

126
nixos/modules/hardware/graphics.nix Normal file
View File

@ -0,0 +1,126 @@
{ config, lib, pkgs, ... }:
let
cfg = config.hardware.graphics;
driversEnv = pkgs.buildEnv {
name = "graphics-drivers";
paths = [ cfg.package ] ++ cfg.extraPackages;
};
driversEnv32 = pkgs.buildEnv {
name = "graphics-drivers-32bit";
paths = [ cfg.package32 ] ++ cfg.extraPackages32;
};
in
{
imports = [
(lib.mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(lib.mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] "S3TC support is now always enabled in Mesa.")
(lib.mkRemovedOptionModule [ "hardware" "opengl" "driSupport"] "The setting can be removed.")
(lib.mkRenamedOptionModule [ "hardware" "opengl" "enable"] [ "hardware" "graphics" "enable" ])
(lib.mkRenamedOptionModule [ "hardware" "opengl" "driSupport32Bit"] [ "hardware" "graphics" "enable32Bit" ])
(lib.mkRenamedOptionModule [ "hardware" "opengl" "package"] [ "hardware" "graphics" "package" ])
(lib.mkRenamedOptionModule [ "hardware" "opengl" "package32"] [ "hardware" "graphics" "package32" ])
(lib.mkRenamedOptionModule [ "hardware" "opengl" "extraPackages"] [ "hardware" "graphics" "extraPackages" ])
(lib.mkRenamedOptionModule [ "hardware" "opengl" "extraPackages32"] [ "hardware" "graphics" "extraPackages32" ])
];
options.hardware.graphics = {
enable = lib.mkOption {
description = ''
Whether to enable hardware accelerated graphics drivers.
This is required to allow most graphical applications and
environments to use hardware rendering, video encode/decode
acceleration, etc.
This option should be enabled by default by the corresponding modules,
so you do not usually have to set it yourself.
'';
type = lib.types.bool;
default = false;
};
enable32Bit = lib.mkOption {
description = ''
On 64-bit systems, whether to also install 32-bit drivers for
32-bit applications (such as Wine).
'';
type = lib.types.bool;
default = false;
};
package = lib.mkOption {
description = ''
The package that provides the default driver set.
'';
type = lib.types.package;
internal = true;
};
package32 = lib.mkOption {
description = ''
The package that provides the 32-bit driver set. Used when {option}`enable32Bit` is enabled.
set.
'';
type = lib.types.package;
internal = true;
};
extraPackages = lib.mkOption {
description = ''
Additional packages to add to the default graphics driver lookup path.
This can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.
::: {.note}
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
:::
'';
type = lib.types.listOf lib.types.package;
default = [];
example = lib.literalExpression "with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]";
};
extraPackages32 = lib.mkOption {
description = ''
Additional packages to add to 32-bit graphics driver lookup path on 64-bit systems.
Used when {option}`enable32Bit` is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.
::: {.note}
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
:::
'';
type = lib.types.listOf lib.types.package;
default = [];
example = lib.literalExpression "with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]";
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable32Bit -> pkgs.stdenv.isx86_64;
message = "`hardware.graphics.enable32Bit` only makes sense on a 64-bit system.";
}
{
assertion = cfg.enable32Bit -> (config.boot.kernelPackages.kernel.features.ia32Emulation or false);
message = "`hardware.graphics.enable32Bit` requires a kernel that supports 32-bit emulation";
}
];
systemd.tmpfiles.settings.graphics-driver = {
"/run/opengl-driver"."L+".argument = toString driversEnv;
"/run/opengl-driver-32" =
if pkgs.stdenv.isi686 then
{ "L+".argument = "opengl-driver"; }
else if cfg.enable32Bit then
{ "L+".argument = toString driversEnv32; }
else
{ "r" = {}; };
};
hardware.graphics.package = lib.mkDefault pkgs.mesa.drivers;
hardware.graphics.package32 = lib.mkDefault pkgs.pkgsi686Linux.mesa.drivers;
};
}

158
nixos/modules/hardware/opengl.nix
View File

@ -1,158 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.hardware.opengl;
kernelPackages = config.boot.kernelPackages;
videoDrivers = config.services.xserver.videoDrivers;
package = pkgs.buildEnv {
name = "opengl-drivers";
paths = [ cfg.package ] ++ cfg.extraPackages;
};
package32 = pkgs.buildEnv {
name = "opengl-drivers-32bit";
paths = [ cfg.package32 ] ++ cfg.extraPackages32;
};
in
{
imports = [
(lib.mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(lib.mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] "S3TC support is now always enabled in Mesa.")
];
options = {
hardware.opengl = {
enable = lib.mkOption {
description = ''
Whether to enable OpenGL drivers. This is needed to enable
OpenGL support in X11 systems, as well as for Wayland compositors
like sway and Weston. It is enabled by default
by the corresponding modules, so you do not usually have to
set it yourself, only if there is no module for your wayland
compositor of choice. See services.xserver.enable and
programs.sway.enable.
'';
type = lib.types.bool;
default = false;
};
driSupport = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to enable accelerated OpenGL rendering through the
Direct Rendering Interface (DRI).
'';
};
driSupport32Bit = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
On 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the `nvidia` as well as
`Mesa`.
'';
};
package = lib.mkOption {
type = lib.types.package;
internal = true;
description = ''
The package that provides the OpenGL implementation.
'';
};
package32 = lib.mkOption {
type = lib.types.package;
internal = true;
description = ''
The package that provides the 32-bit OpenGL implementation on
64-bit systems. Used when {option}`driSupport32Bit` is
set.
'';
};
extraPackages = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [];
example = lib.literalExpression "with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]";
description = ''
Additional packages to add to OpenGL drivers.
This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
::: {.note}
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
:::
'';
};
extraPackages32 =lib. mkOption {
type = lib.types.listOf lib.types.package;
default = [];
example = lib.literalExpression "with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on 64-bit systems.
Used when {option}`driSupport32Bit` is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
::: {.note}
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
:::
'';
};
setLdLibraryPath = lib.mkOption {
type = lib.types.bool;
internal = true;
default = false;
description = ''
Whether the `LD_LIBRARY_PATH` environment variable
should be set to the locations of driver libraries. Drivers which
rely on overriding libraries should set this to true. Drivers which
support `libglvnd` and other dispatch libraries
instead of overriding libraries should not set this.
'';
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{ assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64;
message = "Option driSupport32Bit only makes sense on a 64-bit system.";
}
{ assertion = cfg.driSupport32Bit -> (config.boot.kernelPackages.kernel.features.ia32Emulation or false);
message = "Option driSupport32Bit requires a kernel that supports 32bit emulation";
}
];
systemd.tmpfiles.settings.opengl = {
"/run/opengl-driver"."L+".argument = toString package;
"/run/opengl-driver-32" =
if pkgs.stdenv.isi686 then
{ "L+".argument = "opengl-driver"; }
else if cfg.driSupport32Bit then
{ "L+".argument = toString package32; }
else
{ "r" = {}; };
};
environment.sessionVariables.LD_LIBRARY_PATH = lib.mkIf cfg.setLdLibraryPath
([ "/run/opengl-driver/lib" ] ++ lib.optional cfg.driSupport32Bit "/run/opengl-driver-32/lib");
hardware.opengl.package = lib.mkDefault pkgs.mesa.drivers;
hardware.opengl.package32 = lib.mkDefault pkgs.pkgsi686Linux.mesa.drivers;
boot.extraModulePackages = lib.optional (lib.elem "virtualbox" videoDrivers) kernelPackages.virtualboxGuestAdditions;
};
}

69
nixos/modules/hardware/video/amdgpu-pro.nix
View File

@ -1,69 +0,0 @@
# This module provides the proprietary AMDGPU-PRO drivers.
{ config, lib, pkgs, ... }:
with lib;
let
drivers = config.services.xserver.videoDrivers;
enabled = elem "amdgpu-pro" drivers;
package = config.boot.kernelPackages.amdgpu-pro;
package32 = pkgs.pkgsi686Linux.linuxPackages.amdgpu-pro.override { kernel = null; };
opengl = config.hardware.opengl;
in
{
config = mkIf enabled {
services.xserver.drivers = singleton
{ name = "amdgpu"; modules = [ package ]; display = true; };
hardware.opengl.package = package;
hardware.opengl.package32 = package32;
hardware.opengl.setLdLibraryPath = true;
boot.extraModulePackages = [ package.kmod ];
boot.kernelPackages = pkgs.linuxKernel.packagesFor
(pkgs.linuxKernel.kernels.linux_5_10.override {
structuredExtraConfig = {
DEVICE_PRIVATE = kernel.yes;
KALLSYMS_ALL = kernel.yes;
};
});
hardware.firmware = [ package.fw ];
systemd.tmpfiles.settings.amdgpu-pro = {
"/run/amdgpu"."L+".argument = "${package}/opt/amdgpu";
"/run/amdgpu-pro"."L+".argument = "${package}/opt/amdgpu-pro";
};
system.requiredKernelConfig = with config.lib.kernelConfig; [
(isYes "DEVICE_PRIVATE")
(isYes "KALLSYMS_ALL")
];
boot.initrd.extraUdevRulesCommands = mkIf (!config.boot.initrd.systemd.enable) ''
cp -v ${package}/etc/udev/rules.d/*.rules $out/
'';
boot.initrd.services.udev.packages = [ package ];
environment.systemPackages =
[ package.vulkan ] ++
# this isn't really DRI, but we'll reuse this option for now
optional config.hardware.opengl.driSupport32Bit package32.vulkan;
environment.etc = {
"modprobe.d/blacklist-radeon.conf".source = package + "/etc/modprobe.d/blacklist-radeon.conf";
amd.source = package + "/etc/amd";
};
};
}

17
nixos/modules/hardware/video/nvidia.nix
View File

@ -46,8 +46,6 @@ in
TRUNK_LINK_FAILURE_MODE = 0;
NVSWITCH_FAILURE_MODE = 0;
ABORT_CUDA_JOBS_ON_FM_EXIT = 1;
TOPOLOGY_FILE_PATH = "${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
DATABASE_PATH = "${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
};
defaultText = lib.literalExpression ''
{
@ -69,8 +67,6 @@ in
TRUNK_LINK_FAILURE_MODE=0;
NVSWITCH_FAILURE_MODE=0;
ABORT_CUDA_JOBS_ON_FM_EXIT=1;
TOPOLOGY_FILE_PATH="''${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
DATABASE_PATH="''${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
}
'';
description = ''
@ -297,7 +293,7 @@ in
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm-tools c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 1'"
'';
hardware.opengl = {
hardware.graphics = {
extraPackages = [ nvidia_x11.out ];
extraPackages32 = [ nvidia_x11.lib32 ];
};
@ -467,7 +463,7 @@ in
"egl/egl_external_platform.d".source = "/run/opengl-driver/share/egl/egl_external_platform.d/";
};
hardware.opengl = {
hardware.graphics = {
extraPackages = [ pkgs.nvidia-vaapi-driver ];
extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ];
};
@ -628,7 +624,14 @@ in
TimeoutStartSec = 240;
ExecStart =
let
nv-fab-conf = settingsFormat.generate "fabricmanager.conf" cfg.datacenter.settings;
# Since these rely on the `nvidia_x11.fabricmanager` derivation, they're
# unsuitable to be mentioned in the configuration defaults, but they _can_
# be overridden in `cfg.datacenter.settings` if needed.
fabricManagerConfDefaults = {
TOPOLOGY_FILE_PATH = "${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
DATABASE_PATH = "${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
};
nv-fab-conf = settingsFormat.generate "fabricmanager.conf" (fabricManagerConfDefaults // cfg.datacenter.settings);
in
"${lib.getExe nvidia_x11.fabricmanager} -c ${nv-fab-conf}";
LimitCORE = "infinity";

7
nixos/modules/hardware/video/virtualbox.nix Normal file
View File

@ -0,0 +1,7 @@
{ lib, config, ... }:
let
inherit (config.boot) kernelPackages;
inherit (config.services.xserver) videoDrivers;
in {
boot.extraModulePackages = lib.mkIf (lib.elem "virtualbox" videoDrivers) [ kernelPackages.virtualboxGuestAdditions ];
}

4
nixos/modules/image/repart-image.nix
View File

@ -90,8 +90,8 @@ let
}."${compression.algorithm}";
compressionCommand = {
"zstd" = "zstd --no-progress --threads=0 -${toString compression.level}";
"xz" = "xz --keep --verbose --threads=0 -${toString compression.level}";
"zstd" = "zstd --no-progress --threads=$NIX_BUILD_CORES -${toString compression.level}";
"xz" = "xz --keep --verbose --threads=$NIX_BUILD_CORES -${toString compression.level}";
}."${compression.algorithm}";
in
stdenvNoCC.mkDerivation (finalAttrs:

10
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,7 +1,7 @@
{
x86_64-linux = "/nix/store/azvn85cras6xv4z5j85fiy406f24r1q0-nix-2.18.1";
i686-linux = "/nix/store/9bnwy7f9h0kzdzmcnjjsjg0aak5waj40-nix-2.18.1";
aarch64-linux = "/nix/store/hh65xwqm9s040s3cgn9vzcmrxj0sf5ij-nix-2.18.1";
x86_64-darwin = "/nix/store/6zi5fqzn9n17wrk8r41rhdw4j7jqqsi3-nix-2.18.1";
aarch64-darwin = "/nix/store/0pbq6wzr2f1jgpn5212knyxpwmkjgjah-nix-2.18.1";
x86_64-linux = "/nix/store/1w4b47zhp33md29wjhgg549pc281vv02-nix-2.18.4";
i686-linux = "/nix/store/hz02kn0ffn3wdi2xs7lndpr88v4v4fp2-nix-2.18.4";
aarch64-linux = "/nix/store/90zwqa9z2fgldc7ki1p5gfvglchjh9r6-nix-2.18.4";
x86_64-darwin = "/nix/store/bd1ix5mj9lj2yh7bqnmdjc24zlg5jivk-nix-2.18.4";
aarch64-darwin = "/nix/store/5hvsmklhqiay5i4q5vdkg60p8qpc69rz-nix-2.18.4";
}

23
nixos/modules/misc/mandoc.nix
View File

@ -96,12 +96,17 @@ in
{option}`documentation.man.mandoc.manPath` to an empty list (`[]`).
'';
};
output.fragment = lib.mkEnableOption ''
Omit the <!DOCTYPE> declaration and the <html>, <head>, and <body>
elements and only emit the subtree below the <body> element in HTML
output of {manpage}`mandoc(1)`. The style argument will be ignored.
This is useful when embedding manual content within existing documents.
'';
output.fragment = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = ''
Whether to omit the <!DOCTYPE> declaration and the <html>, <head>, and <body>
elements and only emit the subtree below the <body> element in HTML
output of {manpage}`mandoc(1)`. The style argument will be ignored.
This is useful when embedding manual content within existing documents.
'';
};
output.includes = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
@ -160,9 +165,9 @@ in
'';
};
output.toc = lib.mkEnableOption ''
In HTML output of {manpage}`mandoc(1)`, If an input file contains
at least two non-standard sections, print a table of contents near
the beginning of the output.
printing a table of contents near the beginning of the HTML output
of {manpage}`mandoc(1)` if an input file contains at least two
non-standard sections
'';
output.width = lib.mkOption {
type = with lib.types; nullOr int;

9
nixos/modules/module-list.nix
View File

@ -67,6 +67,7 @@
./hardware/gkraken.nix
./hardware/glasgow.nix
./hardware/gpgsmartcards.nix
./hardware/graphics.nix
./hardware/hackrf.nix
./hardware/i2c.nix
./hardware/infiniband.nix
@ -84,7 +85,6 @@
./hardware/new-lg4ff.nix
./hardware/nitrokey.nix
./hardware/onlykey/default.nix
./hardware/opengl.nix
./hardware/openrazer.nix
./hardware/opentabletdriver.nix
./hardware/pcmcia.nix
@ -103,7 +103,6 @@
./hardware/uni-sync.nix
./hardware/usb-modeswitch.nix
./hardware/usb-storage.nix
./hardware/video/amdgpu-pro.nix
./hardware/video/bumblebee.nix
./hardware/video/capture/mwprocapture.nix
./hardware/video/displaylink.nix
@ -111,6 +110,7 @@
./hardware/video/nvidia.nix
./hardware/video/switcheroo-control.nix
./hardware/video/uvcvideo/default.nix
./hardware/video/virtualbox.nix
./hardware/video/webcam/facetimehd.nix
./hardware/video/webcam/ipu6.nix
./hardware/wooting.nix
@ -243,6 +243,7 @@
./programs/nh.nix
./programs/nix-index.nix
./programs/nix-ld.nix
./programs/nix-required-mounts.nix
./programs/nm-applet.nix
./programs/nncp.nix
./programs/noisetorch.nix
@ -477,6 +478,7 @@
./services/desktops/bamf.nix
./services/desktops/blueman.nix
./services/desktops/cpupower-gui.nix
./services/desktops/deepin/deepin-anything.nix
./services/desktops/deepin/dde-api.nix
./services/desktops/deepin/app-services.nix
./services/desktops/deepin/dde-daemon.nix
@ -549,6 +551,7 @@
./services/games/xonotic.nix
./services/hardware/acpid.nix
./services/hardware/actkbd.nix
./services/hardware/amdgpu.nix
./services/hardware/amdvlk.nix
./services/hardware/argonone.nix
./services/hardware/asusd.nix
@ -879,6 +882,7 @@
./services/monitoring/osquery.nix
./services/monitoring/parsedmarc.nix
./services/monitoring/prometheus/alertmanager-irc-relay.nix
./services/monitoring/prometheus/alertmanager-webhook-logger.nix
./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/exporters.nix
@ -1222,6 +1226,7 @@
./services/networking/vsftpd.nix
./services/networking/wasabibackend.nix
./services/networking/websockify.nix
./services/networking/wg-access-server.nix
./services/networking/wg-netmanager.nix
./services/networking/webhook.nix
./services/networking/wg-quick.nix

4
nixos/modules/programs/dublin-traceroute.nix
View File

@ -8,9 +8,7 @@ in {
options = {
programs.dublin-traceroute = {
enable = lib.mkEnableOption ''
dublin-traceroute, add it to the global environment and configure a setcap wrapper for it.
'';
enable = lib.mkEnableOption "dublin-traceroute (including setcap wrapper)";
package = lib.mkPackageOption pkgs "dublin-traceroute" { };
};

2
nixos/modules/programs/joycond-cemuhook.nix
View File

@ -1,7 +1,7 @@
{ lib, pkgs, config, ... }:
{
options.programs.joycond-cemuhook = {
enable = lib.mkEnableOption "joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices.";
enable = lib.mkEnableOption "joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices";
};
config = lib.mkIf config.programs.joycond-cemuhook.enable {

2
nixos/modules/programs/miriway.nix
View File

@ -65,7 +65,7 @@ in {
};
};
hardware.opengl.enable = lib.mkDefault true;
hardware.graphics.enable = lib.mkDefault true;
fonts.enableDefaultPackages = lib.mkDefault true;
programs.dconf.enable = lib.mkDefault true;
programs.xwayland.enable = lib.mkDefault true;

2
nixos/modules/programs/mouse-actions.nix
View File

@ -6,7 +6,7 @@ in
{
options.programs.mouse-actions = {
enable = lib.mkEnableOption ''
mouse-actions udev rules. This is a prerequisite for using mouse-actions without being root.
mouse-actions udev rules. This is a prerequisite for using mouse-actions without being root
'';
};
config = lib.mkIf cfg.enable {

118
nixos/modules/programs/nix-required-mounts.nix Normal file
View File

@ -0,0 +1,118 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.nix-required-mounts;
package = pkgs.nix-required-mounts;
Mount =
with lib;
types.submodule {
options.host = mkOption {
type = types.str;
description = "Host path to mount";
};
options.guest = mkOption {
type = types.str;
description = "Location in the sandbox to mount the host path at";
};
};
Pattern =
with lib.types;
types.submodule (
{ config, name, ... }:
{
options.onFeatures = lib.mkOption {
type = listOf types.str;
description = "Which requiredSystemFeatures should trigger relaxation of the sandbox";
default = [ name ];
};
options.paths = lib.mkOption {
type = listOf (oneOf [
path
Mount
]);
description = "A list of glob patterns, indicating which paths to expose to the sandbox";
};
options.unsafeFollowSymlinks = lib.mkEnableOption ''
Instructs the hook to mount the symlink targets as well, when any of
the `paths` contain symlinks. This may not work correctly with glob
patterns.
'';
}
);
driverPaths = [
pkgs.addOpenGLRunpath.driverLink
# mesa:
config.hardware.opengl.package
# nvidia_x11, etc:
] ++ config.hardware.opengl.extraPackages; # nvidia_x11
defaults = {
nvidia-gpu.onFeatures = package.allowedPatterns.nvidia-gpu.onFeatures;
nvidia-gpu.paths = package.allowedPatterns.nvidia-gpu.paths ++ driverPaths;
nvidia-gpu.unsafeFollowSymlinks = false;
};
in
{
meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
options.programs.nix-required-mounts = {
enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
presets.nvidia-gpu.enable = lib.mkEnableOption ''
Declare the support for derivations that require an Nvidia GPU to be
available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`.
This mounts the corresponding userspace drivers and device nodes in the
sandbox, but only for derivations that request these special features.
You may extend or override the exposed paths via the
`programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.
'';
allowedPatterns =
with lib.types;
lib.mkOption rec {
type = attrsOf Pattern;
description = "The hook config, describing which paths to mount for which system features";
default = { };
defaultText = lib.literalExpression ''
{
opengl.paths = config.hardware.opengl.extraPackages ++ [
config.hardware.opengl.package
pkgs.addOpenGLRunpath.driverLink
"/dev/dri"
];
}
'';
example.require-ipfs.paths = [ "/ipfs" ];
example.require-ipfs.onFeatures = [ "ifps" ];
};
extraWrapperArgs = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
};
package = lib.mkOption {
type = lib.types.package;
default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; };
description = "The final package with the final config applied";
internal = true;
};
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
{ nix.settings.pre-build-hook = lib.getExe cfg.package; }
(lib.mkIf cfg.presets.nvidia-gpu.enable {
nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
programs.nix-required-mounts.allowedPatterns = {
inherit (defaults) nvidia-gpu;
};
})
]
);
}

2
nixos/modules/programs/screen.nix
View File

@ -9,7 +9,7 @@ in
programs.screen = {
enable = lib.mkEnableOption "screen, a basic terminal multiplexer";
package = lib.mkPackageOptionMD pkgs "screen" { };
package = lib.mkPackageOption pkgs "screen" { };
screenrc = lib.mkOption {
type = lib.types.lines;

7
nixos/modules/programs/steam.nix
View File

@ -50,7 +50,7 @@ in {
}) // (prev.extraEnv or {});
extraLibraries = pkgs: let
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
additionalLibs = with config.hardware.opengl;
additionalLibs = with config.hardware.graphics;
if pkgs.stdenv.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32;
@ -176,10 +176,9 @@ in {
};
config = lib.mkIf cfg.enable {
hardware.opengl = { # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932
hardware.graphics = { # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932
enable = true;
driSupport = true;
driSupport32Bit = true;
enable32Bit = true;
};
security.wrappers = lib.mkIf (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {

4
nixos/modules/programs/turbovnc.nix
View File

@ -17,7 +17,7 @@ in
Whether to set up NixOS such that TurboVNC's built-in software OpenGL
implementation works.
This will enable {option}`hardware.opengl.enable` so that OpenGL
This will enable {option}`hardware.graphics.enable` so that OpenGL
programs can find Mesa's llvmpipe drivers.
Setting this option to `false` does not mean that software
@ -46,7 +46,7 @@ in
# can find the llvmpipe `swrast.so` software rendering DRI lib via `libglvnd`.
# This comment exists to explain why `hardware.` is involved,
# even though 100% software rendering is used.
hardware.opengl.enable = true;
hardware.graphics.enable = true;
};
}

7
nixos/modules/programs/wayland/hyprland.nix
View File

@ -38,12 +38,13 @@ in
xwayland.enable = lib.mkEnableOption "XWayland" // { default = true; };
systemd.setPath.enable = lib.mkEnableOption null // {
default = true;
default = lib.versionOlder cfg.package.version "0.41.2";
defaultText = lib.literalExpression ''lib.versionOlder cfg.package.version "0.41.2"'';
example = false;
description = ''
Set environment path of systemd to include the current system's bin directory.
This is needed in Hyprland setups, where opening links in applications do not work.
Enabled by default.
Enabled by default for Hyprland versions older than 0.41.2.
'';
};
};
@ -63,7 +64,7 @@ in
systemd = lib.mkIf cfg.systemd.setPath.enable {
user.extraConfig = ''
DefaultEnvironment="PATH=$PATH:/run/current-system/sw/bin:/etc/profiles/per-user/%u/bin:/run/wrappers/bin"
DefaultEnvironment="PATH=/run/wrappers/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:$PATH"
'';
};
}

2
nixos/modules/programs/wayland/wayland-session.nix
View File

@ -11,7 +11,7 @@
pam.services.swaylock = {};
};
hardware.opengl.enable = lib.mkDefault true;
hardware.graphics.enable = lib.mkDefault true;
fonts.enableDefaultPackages = lib.mkDefault true;
programs = {

13
nixos/modules/programs/xonsh.nix
View File

@ -23,7 +23,7 @@ in
};
package = lib.mkPackageOption pkgs "xonsh" {
example = "xonsh.override { extraPackages = ps: [ ps.requests ]; }";
example = "xonsh.wrapper.override { extraPackages = ps: [ ps.requests ]; }";
};
config = lib.mkOption {
@ -61,17 +61,14 @@ in
aliases['ls'] = _ls_alias
del _ls_alias
${cfg.config}
'';
environment.systemPackages = [ cfg.package ];
environment.shells =
[ "/run/current-system/sw/bin/xonsh"
"${cfg.package}/bin/xonsh"
];
environment.shells = [
"/run/current-system/sw/bin/xonsh"
"${lib.getExe cfg.package}"
];
};
}

6
nixos/modules/security/ca.nix
View File

@ -26,13 +26,13 @@ in
security.pki.useCompatibleBundle = mkEnableOption ''usage of a compatibility bundle.
Such a bundle consist exclusively of `BEGIN CERTIFICATE` and no `BEGIN TRUSTED CERTIFICATE`,
which is a OpenSSL specific PEM format.
Such a bundle consists exclusively of `BEGIN CERTIFICATE` and no `BEGIN TRUSTED CERTIFICATE`,
which is an OpenSSL specific PEM format.
It is known to be incompatible with certain software stacks.
Nevertheless, enabling this will strip all additional trust rules provided by the
certificates themselves, this can have security consequences depending on your usecases.
certificates themselves. This can have security consequences depending on your usecases
'';
security.pki.certificateFiles = mkOption {

16
nixos/modules/security/ipa.nix
View File

@ -85,6 +85,18 @@ in {
description = "Whether to cache credentials.";
};
ipaHostname = mkOption {
type = types.str;
example = "myworkstation.example.com";
default = if config.networking.domain != null then config.networking.fqdn
else "${config.networking.hostName}.${cfg.domain}";
defaultText = literalExpression ''
if config.networking.domain != null then config.networking.fqdn
else "''${networking.hostName}.''${security.ipa.domain}"
'';
description = "Fully-qualified hostname used to identify this host in the IPA domain.";
};
ifpAllowedUids = mkOption {
type = types.listOf types.str;
default = ["root"];
@ -218,7 +230,7 @@ in {
ipa_domain = ${cfg.domain}
ipa_server = _srv_, ${cfg.server}
ipa_hostname = ${config.networking.hostName}.${cfg.domain}
ipa_hostname = ${cfg.ipaHostname}
cache_credentials = ${pyBool cfg.cacheCredentials}
krb5_store_password_if_offline = ${pyBool cfg.offlinePasswords}
@ -232,7 +244,6 @@ in {
ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname, telephoneNumber:telephoneNumber, lock:nsaccountlock
[sssd]
debug_level = 65510
services = nss, sudo, pam, ssh, ifp
domains = ${cfg.domain}
@ -244,7 +255,6 @@ in {
pam_verbosity = 3
[sudo]
debug_level = 65510
[autofs]

2
nixos/modules/security/pam.nix
View File

@ -1055,7 +1055,7 @@ in
the dp9ik pam module provided by tlsclient.
If set, users can be authenticated against the 9front
authentication server given in {option}`security.pam.dp9ik.authserver`.
authentication server given in {option}`security.pam.dp9ik.authserver`
'';
control = mkOption {
default = "sufficient";

14
nixos/modules/security/polkit.nix
View File

@ -14,6 +14,8 @@ in
security.polkit.enable = mkEnableOption "polkit";
security.polkit.package = mkPackageOption pkgs "polkit" { };
security.polkit.debug = mkEnableOption "debug logs from polkit. This is required in order to see log messages from rule definitions";
security.polkit.extraConfig = mkOption {
@ -57,13 +59,13 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.polkit.bin pkgs.polkit.out ];
environment.systemPackages = [ cfg.package.bin cfg.package.out ];
systemd.packages = [ pkgs.polkit.out ];
systemd.packages = [ cfg.package.out ];
systemd.services.polkit.serviceConfig.ExecStart = [
""
"${pkgs.polkit.out}/lib/polkit-1/polkitd ${optionalString (!cfg.debug) "--no-debug"}"
"${cfg.package.out}/lib/polkit-1/polkitd ${optionalString (!cfg.debug) "--no-debug"}"
];
systemd.services.polkit.restartTriggers = [ config.system.path ];
@ -82,7 +84,7 @@ in
${cfg.extraConfig}
''; #TODO: validation on compilation (at least against typos)
services.dbus.packages = [ pkgs.polkit.out ];
services.dbus.packages = [ cfg.package.out ];
security.pam.services.polkit-1 = {};
@ -91,13 +93,13 @@ in
{ setuid = true;
owner = "root";
group = "root";
source = "${pkgs.polkit.bin}/bin/pkexec";
source = "${cfg.package.bin}/bin/pkexec";
};
polkit-agent-helper-1 =
{ setuid = true;
owner = "root";
group = "root";
source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
source = "${cfg.package.out}/lib/polkit-1/polkit-agent-helper-1";
};
};

2
nixos/modules/security/sudo-rs.nix
View File

@ -41,7 +41,7 @@ in
enable = mkEnableOption ''
a memory-safe implementation of the {command}`sudo` command,
which allows non-root users to execute commands as root.
which allows non-root users to execute commands as root
'';
package = mkPackageOption pkgs "sudo-rs" { };

30
nixos/modules/services/admin/docuum.nix
View File

@ -2,7 +2,7 @@
let
cfg = config.services.docuum;
inherit (lib) mkIf mkEnableOption mkOption getExe types;
inherit (lib) mkIf mkEnableOption mkOption getExe types optionals concatMap;
in
{
options.services.docuum = {
@ -14,6 +14,27 @@ in
default = "10 GB";
example = "50%";
};
minAge = mkOption {
description = "Sets the minimum age of images to be considered for deletion.";
type = types.nullOr types.str;
default = null;
example = "1d";
};
keep = mkOption {
description = "Prevents deletion of images for which repository:tag matches the specified regex.";
type = types.listOf types.str;
default = [];
example = [ "^my-image" ];
};
deletionChunkSize = mkOption {
description = "Removes specified quantity of images at a time.";
type = types.int;
default = 1;
example = 10;
};
};
config = mkIf cfg.enable {
@ -35,10 +56,13 @@ in
DynamicUser = true;
StateDirectory = "docuum";
SupplementaryGroups = [ "docker" ];
ExecStart = utils.escapeSystemdExecArgs [
ExecStart = utils.escapeSystemdExecArgs ([
(getExe pkgs.docuum)
"--threshold" cfg.threshold
];
"--deletion-chunk-size" cfg.deletionChunkSize
] ++ (concatMap (keep: [ "--keep" keep ]) cfg.keep)
++ (optionals (cfg.minAge != null) [ "--min-age" cfg.minAge ])
);
};
};
};

2
nixos/modules/services/admin/meshcentral.nix
View File

@ -42,5 +42,5 @@ in with lib; {
};
};
};
meta.maintainers = [ maintainers.lheckemann ];
meta.maintainers = [ ];
}

2
nixos/modules/services/admin/pgadmin.nix
View File

@ -35,7 +35,7 @@ in
default = 5050;
};
package = mkPackageOptionMD pkgs "pgadmin4" { };
package = mkPackageOption pkgs "pgadmin4" { };
initialEmail = mkOption {
description = "Initial email for the pgAdmin account";

2
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -261,7 +261,7 @@ in {
name = "service-account";
CN = "system:service-account-signer";
action = ''
systemctl reload \
systemctl restart \
kube-apiserver.service \
kube-controller-manager.service
'';

2
nixos/modules/services/cluster/kubernetes/kubelet.nix
View File

@ -356,7 +356,7 @@ in
boot.kernelModules = ["br_netfilter" "overlay"];
services.kubernetes.kubelet.hostname =
mkDefault config.networking.fqdnOrHostName;
mkDefault (lib.toLower config.networking.fqdnOrHostName);
services.kubernetes.pki.certs = with top.lib; {
kubelet = mkCert {

232
nixos/modules/services/continuous-integration/gitlab-runner.nix
View File

@ -1,7 +1,43 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
inherit (builtins)
hashString
map
substring
toJSON
toString
unsafeDiscardStringContext
;
inherit (lib)
any
assertMsg
attrValues
concatStringsSep
escapeShellArg
filterAttrs
hasPrefix
isStorePath
literalExpression
mapAttrs'
mapAttrsToList
mkDefault
mkEnableOption
mkIf
mkOption
mkPackageOption
mkRemovedOptionModule
mkRenamedOptionModule
nameValuePair
optional
optionalAttrs
optionals
teams
toShellVar
types
;
cfg = config.services.gitlab-runner;
hasDocker = config.virtualisation.docker.enable;
@ -20,17 +56,16 @@ let
configPath = ''"$HOME"/.gitlab-runner/config.toml'';
configureScript = pkgs.writeShellApplication {
name = "gitlab-runner-configure";
runtimeInputs = with pkgs; [
runtimeInputs = [ cfg.package ] ++ (with pkgs; [
bash
gawk
jq
moreutils
remarshal
util-linux
cfg.package
perl
python3
];
]);
text = if (cfg.configFile != null) then ''
cp ${cfg.configFile} ${configPath}
# make config file readable by service
@ -84,15 +119,20 @@ let
# TODO so here we should mention NEW_SERVICES
if [ -v 'NEW_SERVICES["${name}"]' ] ; then
bash -c ${escapeShellArg (concatStringsSep " \\\n " ([
"set -a && source ${service.registrationConfigFile} &&"
"set -a && source ${
if service.registrationConfigFile != null
then service.registrationConfigFile
else service.authenticationTokenConfigFile} &&"
"gitlab-runner register"
"--non-interactive"
"--name '${name}'"
"--executor ${service.executor}"
"--limit ${toString service.limit}"
"--request-concurrency ${toString service.requestConcurrency}"
]
++ optional (service.authenticationTokenConfigFile == null)
"--maximum-timeout ${toString service.maximumTimeout}"
] ++ service.registrationFlags
++ service.registrationFlags
++ optional (service.buildsDir != null)
"--builds-dir ${service.buildsDir}"
++ optional (service.cloneUrl != null)
@ -103,11 +143,11 @@ let
"--pre-build-script ${service.preBuildScript}"
++ optional (service.postBuildScript != null)
"--post-build-script ${service.postBuildScript}"
++ optional (service.tagList != [ ])
++ optional (service.authenticationTokenConfigFile == null && service.tagList != [ ])
"--tag-list ${concatStringsSep "," service.tagList}"
++ optional service.runUntagged
++ optional (service.authenticationTokenConfigFile == null && service.runUntagged)
"--run-untagged"
++ optional service.protected
++ optional (service.authenticationTokenConfigFile == null && service.protected)
"--access-level ref_protected"
++ optional service.debugTraceDisabled
"--debug-trace-disabled"
@ -214,9 +254,14 @@ in {
# nix store will be readable in runner, might be insecure
nix = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
# - `CI_SERVER_URL`
# - `REGISTRATION_TOKEN`
#
# NOTE: Support for runner registration tokens will be removed in GitLab 18.0.
# Please migrate to runner authentication tokens soon. For reference, the example
# runners below this one are configured with authentication tokens instead.
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
@ -255,8 +300,9 @@ in {
docker-images = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
# `CI_SERVER_TOKEN`
authenticationTokenConfigFile = "/run/secrets/gitlab-runner-docker-images-token-env";
dockerImage = "docker:stable";
dockerVolumes = [
"/var/run/docker.sock:/var/run/docker.sock"
@ -269,8 +315,9 @@ in {
shell = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
# `CI_SERVER_TOKEN`
authenticationTokenConfigFile = "/run/secrets/gitlab-runner-shell-token-env";
executor = "shell";
tagList = [ "shell" ];
};
@ -278,30 +325,67 @@ in {
default = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
# `CI_SERVER_TOKEN`
authenticationTokenConfigFile = "/run/secrets/gitlab-runner-default-token-env";
dockerImage = "debian:stable";
};
}
'';
type = types.attrsOf (types.submodule {
options = {
authenticationTokenConfigFile = mkOption {
type = with types; nullOr path;
default = null;
description = ''
Absolute path to a file containing environment variables used for
gitlab-runner registrations with *runner authentication tokens*.
They replace the deprecated *runner registration tokens*, as
outlined in the [GitLab documentation].
A list of all supported environment variables can be found with
`gitlab-runner register --help`.
The ones you probably want to set are:
- `CI_SERVER_URL=<CI server URL>`
- `CI_SERVER_TOKEN=<runner authentication token secret>`
::: {.warning}
Make sure to use a quoted absolute path,
or it is going to be copied to Nix Store.
:::
[GitLab documentation]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes
'';
};
registrationConfigFile = mkOption {
type = types.path;
type = with types; nullOr path;
default = null;
description = ''
Absolute path to a file with environment variables
used for gitlab-runner registration.
used for gitlab-runner registration with *runner registration
tokens*.
A list of all supported environment variables can be found in
`gitlab-runner register --help`.
Ones that you probably want to set is
The ones you probably want to set are:
- `CI_SERVER_URL=<CI server URL>`
- `REGISTRATION_TOKEN=<registration secret>`
`CI_SERVER_URL=<CI server URL>`
Support for *runner registration tokens* is deprecated since
GitLab 16.0, has been disabled by default in GitLab 17.0 and
will be removed in GitLab 18.0, as outlined in the
[GitLab documentation]. Please consider migrating to
[runner authentication tokens] and check the documentation on
{option}`services.gitlab-runner.services.<name>.authenticationTokenConfigFile`.
`REGISTRATION_TOKEN=<registration secret>`
WARNING: make sure to use quoted absolute path,
::: {.warning}
Make sure to use a quoted absolute path,
or it is going to be copied to Nix Store.
:::
[GitLab documentation]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes
[runner authentication tokens]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#the-new-runner-registration-workflow
'';
};
registrationFlags = mkOption {
@ -439,6 +523,9 @@ in {
default = [ ];
description = ''
Tag list.
This option has no effect for runners registered with an runner
authentication tokens and will be ignored.
'';
};
runUntagged = mkOption {
@ -447,6 +534,9 @@ in {
description = ''
Register to run untagged builds; defaults to
`true` when {option}`tagList` is empty.
This option has no effect for runners registered with an runner
authentication tokens and will be ignored.
'';
};
limit = mkOption {
@ -470,6 +560,9 @@ in {
description = ''
What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit.
This option has no effect for runners registered with an runner
authentication tokens and will be ignored.
'';
};
protected = mkOption {
@ -478,6 +571,9 @@ in {
description = ''
When set to true Runner will only run on pipelines
triggered on protected branches.
This option has no effect for runners registered with an runner
authentication tokens and will be ignored.
'';
};
debugTraceDisabled = mkOption {
@ -530,9 +626,67 @@ in {
};
};
config = mkIf cfg.enable {
warnings = mapAttrsToList
(n: v: "services.gitlab-runner.services.${n}.`registrationConfigFile` points to a file in Nix Store. You should use quoted absolute path to prevent this.")
(filterAttrs (n: v: isStorePath v.registrationConfigFile) cfg.services);
assertions =
mapAttrsToList (name: serviceConfig: {
assertion = serviceConfig.registrationConfigFile == null || serviceConfig.authenticationTokenConfigFile == null;
message = "`services.gitlab-runner.${name}.registrationConfigFile` and `services.gitlab-runner.services.${name}.authenticationTokenConfigFile` are mutually exclusive.";
}) cfg.services;
warnings =
mapAttrsToList
(name: serviceConfig: "services.gitlab-runner.services.${name}.`registrationConfigFile` points to a file in Nix Store. You should use quoted absolute path to prevent this.")
(filterAttrs (name: serviceConfig: isStorePath serviceConfig.registrationConfigFile) cfg.services)
++ mapAttrsToList
(name: serviceConfig: "services.gitlab-runner.services.${name}.`authenticationTokenConfigFile` points to a file in Nix Store. You should use quoted absolute path to prevent this.")
(filterAttrs (name: serviceConfig: isStorePath serviceConfig.authenticationTokenConfigFile) cfg.services)
++ mapAttrsToList
(name: serviceConfig: ''
Runner registration tokens have been deprecated and disabled by default in GitLab >= 17.0.
Consider migrating to runner authentication tokens by setting `services.gitlab-runner.services.${name}.authenticationTokenConfigFile`.
https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html''
)
(
filterAttrs (name: serviceConfig:
serviceConfig.authenticationTokenConfigFile == null
) cfg.services
)
++ mapAttrsToList
(name: serviceConfig: ''
`services.gitlab-runner.services.${name}.protected` with runner authentication tokens has no effect and will be ignored. Please remove it from your configuration.''
)
(
filterAttrs (name: serviceConfig:
serviceConfig.authenticationTokenConfigFile != null && serviceConfig.protected == true
) cfg.services
)
++ mapAttrsToList
(name: serviceConfig: ''
`services.gitlab-runner.services.${name}.runUntagged` with runner authentication tokens has no effect and will be ignored. Please remove it from your configuration.''
)
(
filterAttrs (name: serviceConfig:
serviceConfig.authenticationTokenConfigFile != null && serviceConfig.runUntagged == true
) cfg.services
)
++ mapAttrsToList
(name: v: ''
`services.gitlab-runner.services.${name}.maximumTimeout` with runner authentication tokens has no effect and will be ignored. Please remove it from your configuration.''
)
(
filterAttrs (name: serviceConfig:
serviceConfig.authenticationTokenConfigFile != null && serviceConfig.maximumTimeout != 0
) cfg.services
)
++ mapAttrsToList
(name: v: ''
`services.gitlab-runner.services.${name}.tagList` with runner authentication tokens has no effect and will be ignored. Please remove it from your configuration.''
)
(
filterAttrs (serviceName: serviceConfig:
serviceConfig.authenticationTokenConfigFile != null && serviceConfig.tagList != [ ]
) cfg.services
)
;
environment.systemPackages = [ cfg.package ];
systemd.services.gitlab-runner = {
@ -545,15 +699,19 @@ in {
environment = config.networking.proxy.envVars // {
HOME = "/var/lib/gitlab-runner";
};
path = with pkgs; [
bash
gawk
jq
moreutils
remarshal
util-linux
cfg.package
] ++ cfg.extraPackages;
path =
(with pkgs; [
bash
gawk
jq
moreutils
remarshal
util-linux
])
++ [ cfg.package ]
++ cfg.extraPackages;
reloadIfChanged = true;
serviceConfig = {
# Set `DynamicUser` under `systemd.services.gitlab-runner.serviceConfig`

2
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -237,6 +237,8 @@ in {
serviceConfig = {
User = cfg.user;
StateDirectory = mkIf (hasPrefix "/var/lib/jenkins" cfg.home) "jenkins";
# For (possible) socket use
RuntimeDirectory = "jenkins";
};
};
};

2
nixos/modules/services/databases/memcached.nix
View File

@ -37,7 +37,7 @@ in
description = "The port to bind to.";
};
enableUnixSocket = mkEnableOption "Unix Domain Socket at /run/memcached/memcached.sock instead of listening on an IP address and port. The `listen` and `port` options are ignored.";
enableUnixSocket = mkEnableOption "Unix Domain Socket at /run/memcached/memcached.sock instead of listening on an IP address and port. The `listen` and `port` options are ignored";
maxMemory = mkOption {
type = types.ints.unsigned;

2
nixos/modules/services/databases/neo4j.nix
View File

@ -620,6 +620,6 @@ in {
};
meta = {
maintainers = with lib.maintainers; [ patternspandemic jonringer ];
maintainers = with lib.maintainers; [ patternspandemic ];
};
}

2
nixos/modules/services/desktop-managers/lomiri.nix
View File

@ -63,7 +63,7 @@ in {
];
# Copy-pasted basic stuff
hardware.opengl.enable = lib.mkDefault true;
hardware.graphics.enable = lib.mkDefault true;
fonts.enableDefaultPackages = lib.mkDefault true;
programs.dconf.enable = lib.mkDefault true;

13
nixos/modules/services/desktop-managers/plasma6.nix
View File

@ -8,7 +8,7 @@
cfg = config.services.desktopManager.plasma6;
inherit (pkgs) kdePackages;
inherit (lib) literalExpression mkDefault mkIf mkOption mkPackageOptionMD types;
inherit (lib) literalExpression mkDefault mkIf mkOption mkPackageOption types;
activationScript = ''
# will be rebuilt automatically
@ -29,7 +29,7 @@ in {
description = "Enable Qt 5 integration (theming, etc). Disable for a pure Qt 6 system.";
};
notoPackage = mkPackageOptionMD pkgs "Noto fonts - used for UI by default" {
notoPackage = mkPackageOption pkgs "Noto fonts - used for UI by default" {
default = ["noto-fonts"];
example = "noto-fonts-lgc-plus";
};
@ -264,9 +264,12 @@ in {
enable = true;
package = kdePackages.kwallet-pam;
};
kde.kwallet = {
enable = true;
package = kdePackages.kwallet-pam;
kde = {
allowNullPassword = true;
kwallet = {
enable = true;
package = kdePackages.kwallet-pam;
};
};
kde-fingerprint = lib.mkIf config.services.fprintd.enable { fprintAuth = true; };
kde-smartcard = lib.mkIf config.security.pam.p11.enable { p11Auth = true; };

38
nixos/modules/services/desktops/deepin/deepin-anything.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }:
{
meta = {
maintainers = lib.teams.deepin.members;
};
options = {
services.deepin.deepin-anything = {
enable = lib.mkEnableOption "deepin anything file search tool";
};
};
config = lib.mkIf config.services.deepin.dde-api.enable {
environment.systemPackages = [ pkgs.deepin.deepin-anything ];
services.dbus.packages = [ pkgs.deepin.deepin-anything ];
users.groups.deepin-anything = { };
users.users.deepin-anything = {
description = "Deepin Anything Server";
home = "/var/lib/deepin-anything";
createHome = true;
group = "deepin-anything";
isSystemUser = true;
};
boot.extraModulePackages = [ config.boot.kernelPackages.deepin-anything-module ];
boot.kernelModules = [ "vfs_monitor" ];
};
}

57
nixos/modules/services/desktops/gnome/gnome-keyring.nix
View File

@ -1,45 +1,52 @@
# GNOME Keyring daemon.
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.gnome.gnome-keyring;
in
{
meta = {
maintainers = lib.teams.gnome.members;
};
###### interface
options = {
services.gnome.gnome-keyring = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords.
'';
};
enable = lib.mkEnableOption ''
GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
'';
};
};
###### implementation
config = lib.mkIf config.services.gnome.gnome-keyring.enable {
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.gnome.gnome-keyring ];
services.dbus.packages = [ pkgs.gnome.gnome-keyring pkgs.gcr ];
services.dbus.packages = [
pkgs.gnome.gnome-keyring
pkgs.gcr
];
xdg.portal.extraPortals = [ pkgs.gnome.gnome-keyring ];
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services = lib.mkMerge [
{
login.enableGnomeKeyring = true;
}
(lib.mkIf config.services.xserver.displayManager.gdm.enable {
gdm-password.enableGnomeKeyring = true;
gdm-autologin.enableGnomeKeyring = true;
})
(lib.mkIf (config.services.xserver.displayManager.gdm.enable && config.services.fprintd.enable) {
gdm-fingerprint.enableGnomeKeyring = true;
})
];
security.wrappers.gnome-keyring-daemon = {
owner = "root";
@ -47,7 +54,5 @@
capabilities = "cap_ipc_lock=ep";
source = "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
};
};
}

4
nixos/modules/services/display-managers/default.nix
View File

@ -212,9 +212,7 @@ in
after = [ "acpid.service" "systemd-logind.service" "systemd-user-sessions.service" ];
restartIfChanged = false;
environment = lib.optionalAttrs config.hardware.opengl.setLdLibraryPath {
LD_LIBRARY_PATH = lib.makeLibraryPath [ pkgs.addOpenGLRunpath.driverLink ];
} // cfg.environment;
environment = cfg.environment;
preStart = cfg.preStart;
script = lib.mkIf (config.systemd.services.display-manager.enable == true) cfg.execCmd;

2
nixos/modules/services/games/armagetronad.nix
View File

@ -36,7 +36,7 @@ in
options = {
enable = mkEnableOption "armagetronad";
package = lib.mkPackageOptionMD pkgs "armagetronad-dedicated" {
package = lib.mkPackageOption pkgs "armagetronad-dedicated" {
example = ''
pkgs.armagetronad."0.2.9-sty+ct+ap".dedicated
'';

2
nixos/modules/services/games/teeworlds.nix
View File

@ -95,7 +95,7 @@ in
services.teeworlds = {
enable = mkEnableOption "Teeworlds Server";
package = mkPackageOptionMD pkgs "teeworlds-server" { };
package = mkPackageOption pkgs "teeworlds-server" { };
openPorts = mkOption {
type = types.bool;

43
nixos/modules/services/hardware/amdgpu.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, lib, pkgs, ... }:
let
cfg = config.hardware.amdgpu;
in {
options.hardware.amdgpu = {
legacySupport.enable = lib.mkEnableOption ''
using `amdgpu` kernel driver instead of `radeon` for Southern Islands
(Radeon HD 7000) series and Sea Islands (Radeon HD 8000)
series cards. Note: this removes support for analog video outputs,
which is only available in the `radeon` driver
'';
initrd.enable = lib.mkEnableOption ''
loading `amdgpu` kernelModule in stage 1.
Can fix lower resolution in boot screen during initramfs phase
'';
opencl.enable = lib.mkEnableOption ''OpenCL support using ROCM runtime library'';
# cfg.amdvlk option is defined in ./amdvlk.nix module
};
config = {
boot.kernelParams = lib.optionals cfg.legacySupport.enable [
"amdgpu.si_support=1"
"amdgpu.cik_support=1"
"radeon.si_support=0"
"radeon.cik_support=0"
];
boot.initrd.kernelModules = lib.optionals cfg.initrd.enable [ "amdgpu" ];
hardware.graphics = lib.mkIf cfg.opencl.enable {
enable = lib.mkDefault true;
extraPackages = [
pkgs.rocmPackages.clr
pkgs.rocmPackages.clr.icd
];
};
};
meta = {
maintainers = with lib.maintainers; [ johnrtitor ];
};
}

4
nixos/modules/services/hardware/amdvlk.nix
View File

@ -31,11 +31,9 @@ in {
};
config = lib.mkIf cfg.enable {
hardware.opengl = {
hardware.graphics = {
enable = true;
driSupport = true;
extraPackages = [ cfg.package ];
driSupport32Bit = cfg.support32Bit.enable;
extraPackages32 = [ cfg.support32Bit.package ];
};

2
nixos/modules/services/hardware/auto-epp.nix
View File

@ -10,7 +10,7 @@ in {
services.auto-epp = {
enable = lib.mkEnableOption "auto-epp for amd active pstate";
package = lib.mkPackageOptionMD pkgs "auto-epp" {};
package = lib.mkPackageOption pkgs "auto-epp" {};
settings = mkOption {
type = types.submodule {

2
nixos/modules/services/hardware/openrgb.nix
View File

@ -51,5 +51,5 @@ in {
};
};
meta.maintainers = with lib.maintainers; [ jonringer ];
meta.maintainers = with lib.maintainers; [ ];
}

2
nixos/modules/services/home-automation/ebusd.nix
View File

@ -11,7 +11,7 @@ in
options.services.ebusd = {
enable = mkEnableOption "ebusd, a daemon for communication with eBUS heating systems";
package = mkPackageOptionMD pkgs "ebusd" { };
package = mkPackageOption pkgs "ebusd" { };
device = mkOption {
type = types.str;

5
nixos/modules/services/home-automation/home-assistant.nix
View File

@ -518,8 +518,9 @@ in {
# recreate symlinks for desired components
declare -a components=(${escapeShellArgs cfg.customComponents})
for component in "''${components[@]}"; do
path="$(dirname $(find "$component" -name "manifest.json"))"
ln -fns "$path" "${cfg.configDir}/custom_components/"
readarray -t manifests < <(find "$component" -name manifest.json)
readarray -t paths < <(dirname "''${manifests[@]}")
ln -fns "''${paths[@]}" "${cfg.configDir}/custom_components/"
done
'';
in

2
nixos/modules/services/home-automation/matter-server.nix
View File

@ -19,7 +19,7 @@ in
options.services.matter-server = with types; {
enable = mkEnableOption "Matter-server";
package = mkPackageOptionMD pkgs "python-matter-server" { };
package = mkPackageOption pkgs "python-matter-server" { };
port = mkOption {
type = types.port;

2
nixos/modules/services/mail/mailman.nix
View File

@ -646,7 +646,7 @@ in {
};
meta = {
maintainers = with lib.maintainers; [ lheckemann qyliss ];
maintainers = with lib.maintainers; [ qyliss ];
doc = ./mailman.md;
};

9
nixos/modules/services/mail/stalwart-mail.nix
View File

@ -37,8 +37,6 @@ in {
ansi = mkDefault false; # no colour markers to journald
enable = mkDefault true;
};
queue.path = mkDefault "${dataDir}/queue";
report.path = mkDefault "${dataDir}/reports";
store = if useLegacyStorage then {
# structured data in SQLite, blobs on filesystem
db.type = mkDefault "sqlite";
@ -62,6 +60,9 @@ in {
resolver.public-suffix = lib.mkDefault [
"file://${pkgs.publicsuffix-list}/share/publicsuffix/public_suffix_list.dat"
];
config.resource = {
spam-filter = lib.mkDefault "file://${cfg.package}/etc/stalwart/spamfilter.toml";
};
};
# This service stores a potentially large amount of data.
@ -83,9 +84,9 @@ in {
after = [ "local-fs.target" "network.target" ];
preStart = if useLegacyStorage then ''
mkdir -p ${dataDir}/{queue,reports,data/blobs}
mkdir -p ${dataDir}/data/blobs
'' else ''
mkdir -p ${dataDir}/{queue,reports,db}
mkdir -p ${dataDir}/db
'';
serviceConfig = {

2
nixos/modules/services/matrix/mautrix-signal.nix
View File

@ -52,7 +52,7 @@ let
in
{
options.services.mautrix-signal = {
enable = lib.mkEnableOption "mautrix-signal, a Matrix-Signal puppeting bridge.";
enable = lib.mkEnableOption "mautrix-signal, a Matrix-Signal puppeting bridge";
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;

2
nixos/modules/services/matrix/mautrix-whatsapp.nix
View File

@ -47,7 +47,7 @@
in {
options.services.mautrix-whatsapp = {
enable = lib.mkEnableOption "mautrix-whatsapp, a puppeting/relaybot bridge between Matrix and WhatsApp.";
enable = lib.mkEnableOption "mautrix-whatsapp, a puppeting/relaybot bridge between Matrix and WhatsApp";
settings = lib.mkOption {
type = settingsFormat.type;

2
nixos/modules/services/matrix/synapse.nix
View File

@ -1121,7 +1121,7 @@ in {
The client listener on matrix-synapse is configured to use UNIX domain sockets.
This configuration is incompatible with the `register_new_matrix_user` script.
Disable `services.mastrix-synapse.enableRegistrationScript` to continue.
Disable `services.matrix-synapse.enableRegistrationScript` to continue.
'';
}
]

2
nixos/modules/services/misc/graphical-desktop.nix
View File

@ -38,7 +38,7 @@ in
fonts.enableDefaultPackages = lib.mkDefault true;
hardware.opengl.enable = lib.mkDefault true;
hardware.graphics.enable = lib.mkDefault true;
programs.gnupg.agent.pinentryPackage = lib.mkOverride 1100 pkgs.pinentry-gnome3;

2
nixos/modules/services/misc/mqtt2influxdb.nix
View File

@ -124,7 +124,7 @@ let
in {
options = {
services.mqtt2influxdb = {
enable = mkEnableOption "BigClown MQTT to InfluxDB bridge.";
enable = mkEnableOption "BigClown MQTT to InfluxDB bridge";
package = mkPackageOption pkgs ["python3Packages" "mqtt2influxdb"] {};
environmentFiles = mkOption {
type = types.listOf types.path;

35
nixos/modules/services/misc/ollama.nix
View File

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) types;
inherit (lib) types mkBefore;
cfg = config.services.ollama;
ollamaPackage = cfg.package.override {
@ -98,9 +98,25 @@ in
- otherwise defaults to `false`
- `false`: disable GPU, only use CPU
- `"rocm"`: supported by most modern AMD GPUs
- may require overriding gpu type with `services.ollama.rocmOverrideGfx`
if rocm doesn't detect your AMD gpu
- `"cuda"`: supported by most modern NVIDIA GPUs
'';
};
rocmOverrideGfx = lib.mkOption {
type = types.nullOr types.str;
default = null;
example = "10.3.0";
description = ''
Override what rocm will detect your gpu model as.
For example, make rocm treat your RX 5700 XT (or any other model)
as an RX 6900 XT using a value of `"10.3.0"` (gfx 1030).
This sets the value of `HSA_OVERRIDE_GFX_VERSION`. See [ollama's docs](
https://github.com/ollama/ollama/blob/main/docs/gpu.md#amd-radeon
) for details.
'';
};
environmentVariables = lib.mkOption {
type = types.attrsOf types.str;
default = { };
@ -116,6 +132,14 @@ in
Since `ollama run` is mostly a shell around the ollama server, this is usually sufficient.
'';
};
loadModels = lib.mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
The models to download as soon as the service starts.
Search for models of your choice from: https://ollama.com/library
'';
};
openFirewall = lib.mkOption {
type = types.bool;
default = false;
@ -136,6 +160,7 @@ in
HOME = cfg.home;
OLLAMA_MODELS = cfg.models;
OLLAMA_HOST = "${cfg.host}:${toString cfg.port}";
HSA_OVERRIDE_GFX_VERSION = lib.mkIf (cfg.rocmOverrideGfx != null) cfg.rocmOverrideGfx;
};
serviceConfig = {
ExecStart = "${lib.getExe ollamaPackage} serve";
@ -144,6 +169,14 @@ in
DynamicUser = cfg.sandbox;
ReadWritePaths = cfg.writablePaths;
};
postStart = mkBefore ''
set -x
export OLLAMA_HOST=${lib.escapeShellArg cfg.host}:${builtins.toString cfg.port}
for model in ${lib.escapeShellArgs cfg.loadModels}
do
${lib.escapeShellArg (lib.getExe ollamaPackage)} pull "$model"
done
'';
};
networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };

2
nixos/modules/services/misc/paperless.nix
View File

@ -225,7 +225,7 @@ in
effectively never complete due to running into timeouts.
This sets `OMP_NUM_THREADS` to `1` in order to mitigate the issue. See
https://github.com/NixOS/nixpkgs/issues/240591 for more information.
https://github.com/NixOS/nixpkgs/issues/240591 for more information
'' // mkOption { default = true; };
};

2
nixos/modules/services/misc/portunus.nix
View File

@ -70,7 +70,7 @@ in
To activate dex, first a search user must be created in the Portunus web ui
and then the password must to be set as the `DEX_SEARCH_USER_PASSWORD` environment variable
in the [](#opt-services.dex.environmentFile) setting.
in the [](#opt-services.dex.environmentFile) setting
'';
oidcClients = mkOption {

2
nixos/modules/services/misc/private-gpt.nix
View File

@ -117,5 +117,5 @@ in
};
};
meta.maintainers = with lib.maintainers; [ drupol ];
meta.maintainers = with lib.maintainers; [ ];
}

292
nixos/modules/services/misc/snapper.nix
View File

@ -1,16 +1,32 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.services.snapper;
mkValue = v:
if isList v then "\"${concatMapStringsSep " " (escape [ "\\" " " ]) v}\""
else if v == true then "yes"
else if v == false then "no"
else if isString v then "\"${v}\""
else builtins.toJSON v;
mkValue =
v:
if isList v then
"\"${
concatMapStringsSep " " (escape [
"\\"
" "
]) v
}\""
else if v == true then
"yes"
else if v == false then
"no"
else if isString v then
"\"${v}\""
else
builtins.toJSON v;
mkKeyValue = k: v: "${k}=${mkValue v}";
@ -43,7 +59,7 @@ let
ALLOW_GROUPS = mkOption {
type = types.listOf safeStr;
default = [];
default = [ ];
description = ''
List of groups allowed to operate with the config.
@ -53,7 +69,7 @@ let
ALLOW_USERS = mkOption {
type = types.listOf safeStr;
default = [];
default = [ ];
example = [ "alice" ];
description = ''
List of users allowed to operate with the config. "root" is always
@ -78,6 +94,54 @@ let
Defines whether hourly snapshots should be created.
'';
};
TIMELINE_LIMIT_HOURLY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_DAILY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_WEEKLY = mkOption {
type = types.str;
default = "0";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_MONTHLY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_QUARTERLY = mkOption {
type = types.str;
default = "0";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_YEARLY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
};
in
@ -152,112 +216,129 @@ in
is valid here, even if NixOS doesn't document it.
'';
type = types.attrsOf (types.submodule {
freeformType = types.attrsOf (types.oneOf [ (types.listOf safeStr) types.bool safeStr types.number ]);
type = types.attrsOf (
types.submodule {
freeformType = types.attrsOf (
types.oneOf [
(types.listOf safeStr)
types.bool
safeStr
types.number
]
);
options = configOptions;
});
options = configOptions;
}
);
};
};
config = mkIf (cfg.configs != {}) (let
documentation = [ "man:snapper(8)" "man:snapper-configs(5)" ];
in {
config = mkIf (cfg.configs != { }) (
let
documentation = [
"man:snapper(8)"
"man:snapper-configs(5)"
];
in
{
environment = {
environment = {
systemPackages = [ pkgs.snapper ];
systemPackages = [ pkgs.snapper ];
# Note: snapper/config-templates/default is only needed for create-config
# which is not the NixOS way to configure.
etc =
{
# Note: snapper/config-templates/default is only needed for create-config
# which is not the NixOS way to configure.
etc = {
"sysconfig/snapper".text = ''
SNAPPER_CONFIGS="${lib.concatStringsSep " " (builtins.attrNames cfg.configs)}"
'';
}
// (mapAttrs' (name: subvolume: nameValuePair "snapper/configs/${name}" ({
text = lib.generators.toKeyValue { inherit mkKeyValue; } (filterAttrs (k: v: v != defaultOf k) subvolume);
})) cfg.configs)
// (lib.optionalAttrs (cfg.filters != null) {
"snapper/filters/default.txt".text = cfg.filters;
});
};
services.dbus.packages = [ pkgs.snapper ];
systemd.services.snapperd = {
description = "DBus interface for snapper";
inherit documentation;
serviceConfig = {
Type = "dbus";
BusName = "org.opensuse.Snapper";
ExecStart = "${pkgs.snapper}/bin/snapperd";
CapabilityBoundingSet = "CAP_DAC_OVERRIDE CAP_FOWNER CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_SYS_ADMIN CAP_SYS_MODULE CAP_IPC_LOCK CAP_SYS_NICE";
LockPersonality = true;
NoNewPrivileges = false;
PrivateNetwork = true;
ProtectHostname = true;
RestrictAddressFamilies = "AF_UNIX";
RestrictRealtime = true;
"sysconfig/snapper".text = ''
SNAPPER_CONFIGS="${lib.concatStringsSep " " (builtins.attrNames cfg.configs)}"
'';
}
// (mapAttrs' (
name: subvolume:
nameValuePair "snapper/configs/${name}" ({
text = lib.generators.toKeyValue { inherit mkKeyValue; } (
filterAttrs (k: v: v != defaultOf k) subvolume
);
})
) cfg.configs)
// (lib.optionalAttrs (cfg.filters != null) { "snapper/filters/default.txt".text = cfg.filters; });
};
};
systemd.services.snapper-timeline = {
description = "Timeline of Snapper Snapshots";
inherit documentation;
requires = [ "local-fs.target" ];
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --timeline";
};
services.dbus.packages = [ pkgs.snapper ];
systemd.timers.snapper-timeline = {
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = cfg.persistentTimer;
OnCalendar = cfg.snapshotInterval;
systemd.services.snapperd = {
description = "DBus interface for snapper";
inherit documentation;
serviceConfig = {
Type = "dbus";
BusName = "org.opensuse.Snapper";
ExecStart = "${pkgs.snapper}/bin/snapperd";
CapabilityBoundingSet = "CAP_DAC_OVERRIDE CAP_FOWNER CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_SYS_ADMIN CAP_SYS_MODULE CAP_IPC_LOCK CAP_SYS_NICE";
LockPersonality = true;
NoNewPrivileges = false;
PrivateNetwork = true;
ProtectHostname = true;
RestrictAddressFamilies = "AF_UNIX";
RestrictRealtime = true;
};
};
};
systemd.services.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --cleanup";
};
systemd.services.snapper-timeline = {
description = "Timeline of Snapper Snapshots";
inherit documentation;
requires = [ "local-fs.target" ];
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --timeline";
};
systemd.timers.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
wantedBy = [ "timers.target" ];
requires = [ "local-fs.target" ];
timerConfig.OnBootSec = "10m";
timerConfig.OnUnitActiveSec = cfg.cleanupInterval;
};
systemd.timers.snapper-timeline = {
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = cfg.persistentTimer;
OnCalendar = cfg.snapshotInterval;
};
};
systemd.services.snapper-boot = lib.mkIf cfg.snapshotRootOnBoot {
description = "Take snapper snapshot of root on boot";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot";
serviceConfig.Type = "oneshot";
requires = [ "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.ConditionPathExists = "/etc/snapper/configs/root";
};
systemd.services.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --cleanup";
};
assertions =
concatMap
(name:
let
sub = cfg.configs.${name};
in
[ { assertion = !(sub ? extraConfig);
message = ''
The option definition `services.snapper.configs.${name}.extraConfig' no longer has any effect; please remove it.
The contents of this option should be migrated to attributes on `services.snapper.configs.${name}'.
'';
}
] ++
systemd.timers.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
wantedBy = [ "timers.target" ];
requires = [ "local-fs.target" ];
timerConfig.OnBootSec = "10m";
timerConfig.OnUnitActiveSec = cfg.cleanupInterval;
};
systemd.services.snapper-boot = lib.mkIf cfg.snapshotRootOnBoot {
description = "Take snapper snapshot of root on boot";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot";
serviceConfig.Type = "oneshot";
requires = [ "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.ConditionPathExists = "/etc/snapper/configs/root";
};
assertions = concatMap (
name:
let
sub = cfg.configs.${name};
in
[
{
assertion = !(sub ? extraConfig);
message = ''
The option definition `services.snapper.configs.${name}.extraConfig' no longer has any effect; please remove it.
The contents of this option should be migrated to attributes on `services.snapper.configs.${name}'.
'';
}
]
++
map
(attr: {
assertion = !(hasAttr attr sub);
@ -265,8 +346,11 @@ in
The option definition `services.snapper.configs.${name}.${attr}' has been renamed to `services.snapper.configs.${name}.${toUpper attr}'.
'';
})
[ "fstype" "subvolume" ]
)
(attrNames cfg.configs);
});
[
"fstype"
"subvolume"
]
) (attrNames cfg.configs);
}
);
}

9
nixos/modules/services/misc/sourcehut/service.nix
View File

@ -324,7 +324,8 @@ in
};
preStart =
let
version = pkgs.sourcehut.${srvsrht}.version;
package = pkgs.sourcehut.${srvsrht};
version = package.version;
stateDir = "/var/lib/sourcehut/${srvsrht}";
in
mkBefore ''
@ -336,14 +337,14 @@ in
if test ! -e ${stateDir}/db; then
# Setup the initial database.
# Note that it stamps the alembic head afterward
${cfg.python}/bin/${srvsrht}-initdb
${package}/bin/${srvsrht}-initdb
echo ${version} >${stateDir}/db
fi
${optionalString cfg.settings.${iniKey}.migrate-on-upgrade ''
if [ "$(cat ${stateDir}/db)" != "${version}" ]; then
# Manage schema migrations using alembic
${cfg.python}/bin/${srvsrht}-migrate -a upgrade head
${package}/bin/${srvsrht}-migrate -a upgrade head
echo ${version} >${stateDir}/db
fi
''}
@ -389,7 +390,7 @@ in
after = [ "network.target" "${srvsrht}.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.python}/bin/${timerName}";
ExecStart = "${pkgs.sourcehut.${srvsrht}}/bin/${timerName}";
};
}
(timer.service or { })

2
nixos/modules/services/misc/spice-autorandr.nix
View File

@ -6,7 +6,7 @@ in
{
options = {
services.spice-autorandr = {
enable = lib.mkEnableOption "spice-autorandr service that will automatically resize display to match SPICE client window size.";
enable = lib.mkEnableOption "spice-autorandr service that will automatically resize display to match SPICE client window size";
package = lib.mkPackageOption pkgs "spice-autorandr" { };
};
};

4
nixos/modules/services/misc/tandoor-recipes.nix
View File

@ -22,7 +22,7 @@ let
${lib.toShellVars env}
eval "$(${config.systemd.package}/bin/systemctl show -pUID,GID,MainPID tandoor-recipes.service)"
exec ${pkgs.util-linux}/bin/nsenter \
-t $MainPID -m -S $UID -G $GID \
-t $MainPID -m -S $UID -G $GID --wdns=${env.MEDIA_ROOT} \
${pkg}/bin/tandoor-recipes "$@"
'';
in
@ -88,7 +88,7 @@ in
Group = "tandoor_recipes";
DynamicUser = true;
StateDirectory = "tandoor-recipes";
WorkingDirectory = "/var/lib/tandoor-recipes";
WorkingDirectory = env.MEDIA_ROOT;
RuntimeDirectory = "tandoor-recipes";
BindReadOnlyPaths = [

2
nixos/modules/services/monitoring/grafana-reporter.nix
View File

@ -60,7 +60,7 @@ in {
"-templates ${cfg.templateDir}"
];
in {
ExecStart = "${pkgs.grafana_reporter}/bin/grafana-reporter ${args}";
ExecStart = "${pkgs.grafana-reporter}/bin/grafana-reporter ${args}";
};
};
};

65
nixos/modules/services/monitoring/netdata.nix
View File

@ -13,6 +13,9 @@ let
ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin
ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin
ln -s /run/wrappers/bin/systemd-journal.plugin $out/libexec/netdata/plugins.d/systemd-journal.plugin
ln -s /run/wrappers/bin/logs-management.plugin $out/libexec/netdata/plugins.d/logs-management.plugin
ln -s /run/wrappers/bin/network-viewer.plugin $out/libexec/netdata/plugins.d/network-viewer.plugin
ln -s /run/wrappers/bin/debugfs.plugin $out/libexec/netdata/plugins.d/debugfs.plugin
'';
plugins = [
@ -47,6 +50,7 @@ let
defaultUser = "netdata";
isThereAnyWireGuardTunnels = config.networking.wireguard.enable || lib.any (c: lib.hasAttrByPath [ "netdevConfig" "Kind" ] c && c.netdevConfig.Kind == "wireguard") (builtins.attrValues config.systemd.network.netdevs);
in {
options = {
services.netdata = {
@ -86,6 +90,14 @@ in {
Whether to enable python-based plugins
'';
};
recommendedPythonPackages = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable a set of recommended Python plugins
by installing extra Python packages.
'';
};
extraPackages = mkOption {
type = types.functionTo (types.listOf types.package);
default = ps: [];
@ -198,13 +210,26 @@ in {
}
];
# Includes a set of recommended Python plugins in exchange of imperfect disk consumption.
services.netdata.python.extraPackages = lib.mkIf cfg.python.recommendedPythonPackages (ps: [
ps.requests
ps.pandas
ps.numpy
ps.psycopg2
ps.python-ldap
ps.netdata-pandas
ps.changefinder
]);
services.netdata.configDir.".opt-out-from-anonymous-statistics" = mkIf (!cfg.enableAnalyticsReporting) (pkgs.writeText ".opt-out-from-anonymous-statistics" "");
environment.etc."netdata/netdata.conf".source = configFile;
environment.etc."netdata/conf.d".source = configDirectory;
systemd.services.netdata = {
description = "Real time performance monitoring";
after = [ "network.target" ];
after = [ "network.target" "suid-sgid-wrappers.service" ];
# No wrapper means no "useful" netdata.
requires = [ "suid-sgid-wrappers.service" ];
wantedBy = [ "multi-user.target" ];
path = (with pkgs; [
curl
@ -213,10 +238,16 @@ in {
which
procps
bash
nvme-cli # for go.d
iw # for charts.d
apcupsd # for charts.d
# TODO: firehol # for FireQoS -- this requires more NixOS module support.
util-linux # provides logger command; required for syslog health alarms
])
++ lib.optional cfg.python.enable (pkgs.python3.withPackages cfg.python.extraPackages)
++ lib.optional config.virtualisation.libvirtd.enable (config.virtualisation.libvirtd.package);
++ lib.optional config.virtualisation.libvirtd.enable config.virtualisation.libvirtd.package
++ lib.optional config.virtualisation.docker.enable config.virtualisation.docker.package
++ lib.optionals config.virtualisation.podman.enable [ pkgs.jq config.virtualisation.podman.package ];
environment = {
PYTHONPATH = "${cfg.package}/libexec/netdata/python.d/python_modules";
NETDATA_PIPENAME = "/run/netdata/ipc";
@ -256,6 +287,8 @@ in {
# Configuration directory and mode
ConfigurationDirectory = "netdata";
ConfigurationDirectoryMode = "0755";
# AmbientCapabilities
AmbientCapabilities = lib.optional isThereAnyWireGuardTunnels "CAP_NET_ADMIN";
# Capabilities
CapabilityBoundingSet = [
"CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins
@ -269,7 +302,7 @@ in {
"CAP_SYS_CHROOT" # is required for cgroups plugin
"CAP_SETUID" # is required for cgroups and cgroups-network plugins
"CAP_SYSLOG" # is required for systemd-journal plugin
];
] ++ lib.optional isThereAnyWireGuardTunnels "CAP_NET_ADMIN";
# Sandboxing
ProtectSystem = "full";
ProtectHome = "read-only";
@ -308,6 +341,14 @@ in {
permissions = "u+rx,g+x,o-rwx";
};
"debugfs.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/debugfs.plugin.org";
capabilities = "cap_dac_read_search+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
"cgroup-network" = {
source = "${cfg.package}/libexec/netdata/plugins.d/cgroup-network.org";
capabilities = "cap_setuid+ep";
@ -332,6 +373,14 @@ in {
permissions = "u+rx,g+x,o-rwx";
};
"logs-management.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/logs-management.plugin.org";
capabilities = "cap_dac_read_search,cap_syslog+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
"slabinfo.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org";
capabilities = "cap_dac_override+ep";
@ -348,6 +397,14 @@ in {
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
} // optionalAttrs (cfg.package.withNetworkViewer) {
"network-viewer.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/network-viewer.plugin.org";
capabilities = "cap_sys_admin,cap_dac_read_search,cap_sys_ptrace+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
};
security.pam.loginLimits = [
@ -359,6 +416,8 @@ in {
${defaultUser} = {
group = defaultUser;
isSystemUser = true;
extraGroups = lib.optional config.virtualisation.docker.enable "docker"
++ lib.optional config.virtualisation.podman.enable "podman";
};
};

Some files were not shown because too many files have changed in this diff Show More