dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse Source
This commit is contained in:
github-actions[bot] 2023-01-16 00:13:17 +00:00 committed by GitHub
commit b69010491a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
223 changed files with 2541 additions and 4751 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

320
doc/languages-frameworks/haskell.section.md
View File

@ -1,4 +1,4 @@
# Haskell {#sec-haskell}
# Haskell {#haskell}
The Haskell infrastructure in nixpkgs has two main purposes: The primary purpose
is to provide a Haskell compiler and build tools as well as infrastructure for
@ -7,19 +7,10 @@ packaging Haskell-based packages.
The secondary purpose is to provide support for Haskell development environment
including prebuilt Haskell libraries. However, in this area sacrifices have been
made due to self-imposed restrictions in nixpkgs, to lessen the maintenance
effort and improve performance. Therefore, it may be advantageous to use an
alternative to the Haskell infrastructure in nixpkgs for development
environments in some cases. The main limitations are that we only provide
first-class support for the default compiler (currently GHC 9.2.4) and usually
only provide a default and (if different) the latest version of a haskell
package.
effort and improve performance. (More details in the subsection
[Limitations.](#haskell-limitations))
<!-- TODO(@sternensemann): Fix duplication w.r.t. package set generations
and package set rationale from a maintenance perspective. Probably just add
a dedicated section for this…
-->
## Available packages {#sec-haskell-available-packages}
## Available packages {#haskell-available-packages}
The compiler and most build tools are exposed at the top level:
@ -30,11 +21,12 @@ Many “normal” user facing packages written in Haskell, like `niv` or `cachix
are also exposed at the top level, so there is nothing haskell specific to
installing and using them.
All of these packages originally lived in the `haskellPackages` package set and
are re-exposed with a reduced dependency closure for convenience.
All of these packages originally are defined in the `haskellPackages` package
set and are re-exposed with a reduced dependency closure for convenience.
(see `justStaticExecutables` below)
The `haskellPackages` set includes at least one version of every package from
hackage as well as some manually injected packages. This amounts to a lot of
Hackage as well as some manually injected packages. This amounts to a lot of
packages, so it is hidden from `nix-env -qa` by default for performance reasons.
You can still list all packages in the set like this, though:
@ -47,24 +39,17 @@ haskellPackages.abacate abac
haskellPackages.abc-puzzle abc-puzzle-0.2.1
```
Also the default set `haskellPackages` is included on [search.nixos.org].
The attribute names in `haskellPackages` always correspond with their name on
hackage. Since hackage allows names that are not valid nix without extra
Hackage. Since Hackage allows names that are not valid Nix without extra
escaping, you sometimes need to extra care when handling attribute names like
`3dmodels`.
For packages that are part of [Stackage], we use the version prescribed by a
Stackage solver (usually the current LTS one) as the default version. For all
other packages we use the latest version from Hackage. Sometimes alternative
versions of packages are provided whose attribute names are their normal name
with their version appended after an underscore, e.g. `Cabal_3_8_1_0`.
<!--
TODO(@sternenseemann):
If you are interested in details how the package set is
populated, read the section [Package set
generation](#sec-haskell-package-set-generation).
-->
other packages we use the latest version from Hackage. See
[below](#haskell-available-versions) to learn which versions exactly are provided.
Roughly half of the 16K packages contained in `haskellPackages` don't actually
build and are marked as broken semi-automatically. Most of those packages are
@ -74,7 +59,7 @@ Very often fixing them is not a lot of work.
<!--
TODO(@sternenseemann):
How you can help with that is
described in [Fixing a broken package](#sec-haskell-fixing-a-broken-package).
described in [Fixing a broken package](#haskell-fixing-a-broken-package).
-->
`haskellPackages` is built with our default compiler, but we also provide other
@ -134,6 +119,91 @@ haskell.packages.ghc924.abc-puzzle
Every package set also re-exposes the GHC used to build its packages as `haskell.packages.*.ghc`.
### Available package versions {#haskell-available-versions}
We aim for a “blessed” package set which only contains one version of each
package, like Stackage (and based on it) but with more packages. Normally in
nixpkgs the number of building Haskell packages is roughly two to three times
the size of Stackage. For choosing the version to use for a certain package we
use the following rules:
1. By default, for every package `haskellPackages.foo` is the newest version
found on Hackage (at the time of the last update of our package set).
2. If the Stackage snapshot that we use (usually the newest LTS snapshot)
contains a package, we use the Stackage version as default version for that
package.
3. For some packages, which are not on Stackage, we have manual overrides to
set the default version to a version older than the newest on Hackage. We do
this to get them or their reverse dependencies to compile in our package set.
4. For all packages, for which the newest Hackage version is not the default
version, there will also be a `haskellPackages.foo_x_y_z` package with the
newest version.
5. For some packages, we also manually add other `haskellPackages.foo_x_y_z`
versions, if they are required for a certain build.
Relying on `haskellPackages.foo_x_y_z` attributes in derivations outside
nixpkgs is discouraged because they may change or disappear with every package
set update.
<!-- TODO(@maralorn) We should add a link to callHackage, etc. once we added
them to the docs. -->
All `haskell.packages.*` package sets use the same package descriptions and the same sets
of versions by default. There are however GHC version specific override `.nix`
files to loosen this a bit.
### Dependency resolution
Normally when you build Haskell packages with `cabal-install`, `cabal-install`
does dependency resolution. It will look at all Haskell package versions known
on Hackage and tries to pick for every (transitive) dependency of your build
exactly one version. Those versions need to satisfy all the version constraints
given in the `.cabal` file of your package and all its dependencies.
The [Haskell builder in nixpkgs](#haskell-mkderivation) does no such thing.
It will simply take as input packages with names off the desired dependencies
and just check whether they fulfill the version bounds and (by default, see
`jailbreak`) fail if they dont.
The package resolution is done by the `haskellPackages.callPackage` function
which will, e.g., use `haskellPackages.aeson` for a package input of name
`aeson`.
While this is the default behavior, it is possible to override the dependencies
for a specific package, see
[`override` and `overrideScope`](#haskell-overriding-haskell-packages).
### Limitations {#haskell-limitations}
Our main objective with `haskellPackages` is to package Haskell software in
nixpkgs. This entails some limitations, partially due to self-imposed
restrictions of nixpkgs, partially in the name of maintainability:
* Only the packages built with the default compiler see extensive testing of the
whole package set. For other GHC versions only a few essential packages are
tested and cached.
* As described above we only build one version of most packages.
The experience using an older or newer packaged compiler or using different
versions may be worse, because builds will not be cached on `cache.nixos.org`
or may fail.
Thus, to get the best experience, make sure that your project can be compiled
using the default compiler of nixpkgs and recent versions of its dependencies.
A result of this setup is, that getting a valid build plan for a given
package can sometimes be quite painful, and in fact this is where most of the
maintenance work for `haskellPackages` is required. Besides that, it is not
possible to get the dependencies of a legacy project from nixpkgs or to use a
specific stack solver for compiling a project.
Even though we couldnt use them directly in nixpkgs, it would be desirable
to have tooling to generate working Nix package sets from build plans generated
by `cabal-install` or a specific Stackage snapshot via import-from-derivation.
Sadly we currently dont have tooling for this. For this you might be
interested in the alternative [haskell.nix] framework, which, be warned, is
completely incompatible with packages from `haskellPackages`.
<!-- TODO(@maralorn) Link to package set generation docs in the contributers guide below. -->
## `haskellPackages.mkDerivation` {#haskell-mkderivation}
Every haskell package set has its own haskell-aware `mkDerivation` which is used
@ -141,7 +211,7 @@ to build its packages. Generally you won't have to interact with this builder
since [cabal2nix][cabal2nix] can generate packages
using it for an arbitrary cabal package definition. Still it is useful to know
the parameters it takes when you need to
[override](#sec-haskell-overriding-haskell-packages) a generated nix expression.
[override](#haskell-overriding-haskell-packages) a generated Nix expression.
`haskellPackages.mkDerivation` is a wrapper around `stdenv.mkDerivation` which
re-defines the default phases to be haskell aware and handles dependency
@ -152,20 +222,20 @@ but uses the underlying `Cabal` library instead.
### General arguments
`pname`
: Package name, assumed to be the same as on hackage (if applicable)
: Package name, assumed to be the same as on Hackage (if applicable)
`version`
: Packaged version, assumed to be the same as on hackage (if applicable)
: Packaged version, assumed to be the same as on Hackage (if applicable)
`src`
: Source of the package. If omitted, fetch package corresponding to `pname`
and `version` from hackage.
and `version` from Hackage.
`sha256`
: Hash to use for the default case of `src`.
`revision`
: Revision number of the updated cabal file to fetch from hackage.
: Revision number of the updated cabal file to fetch from Hackage.
If `null` (which is the default value), the one included in `src` is used.
`editedCabalFile`
@ -221,7 +291,7 @@ package. Disabled by default.
Enabled by default if supported.
`enableHsc2hsViaAsm`
: Whether to pass `--via-asm` to `hsc2hs`.
: Whether to pass `--via-asm` to `hsc2hs`. Enabled by default only on Windows.
`hyperlinkSource`
: Whether to render the source as well as part of the haddock documentation
@ -237,7 +307,7 @@ Defaults to `true`.
`jailbreak`
: Whether to execute [jailbreak-cabal][jailbreak-cabal] before `configurePhase`
to lift any version constraints in the cabal file. Note that this can't
lift version bounds if they are conditional, e.g. if a dependency is hidden
lift version bounds if they are conditional, i.e. if a dependency is hidden
behind a flag.
`enableParallelBuilding`
@ -245,7 +315,7 @@ behind a flag.
`maxBuildCores`
: Upper limit of jobs to use in parallel for compilation regardless of
`$NIX_BUILD_CORES`. Defaults to 16 as haskell compilation with GHC currently
`$NIX_BUILD_CORES`. Defaults to 16 as Haskell compilation with GHC currently
sees a [performance regression](https://gitlab.haskell.org/ghc/ghc/-/issues/9221)
if too many parallel jobs are used.
@ -254,7 +324,7 @@ if too many parallel jobs are used.
Defaults to `false`.
`doHaddock`
: Wether to build (HTML) documentation using [haddock][haddock].
: Whether to build (HTML) documentation using [haddock][haddock].
Defaults to `true` if supported.
`testTarget`
@ -291,8 +361,9 @@ Defaults to `false`.
Is automatically enabled if `doHaddock` is `true`.
`allowInconsistentDependencies`
: If enabled, allow multiple versions of the same package at configure time.
Usually in such a situation compilation would later fail. Defaults to `false`.
: If enabled, allow multiple versions of the same Haskell package in the
dependency tree at configure time. Often in such a situation compilation would
later fail because of type mismatches. Defaults to `false`.
`enableLibraryForGhci`
: Build and install a special object file for GHCi. This improves performance
@ -303,7 +374,7 @@ disk space. Defaults to `false`.
: Name of the executable or library to build and install.
If unset, all available targets are built and installed.
### Specifying dependencies
### Specifying dependencies {#haskell-derivation-deps}
Since `haskellPackages.mkDerivation` is intended to be generated from cabal
files, it reflects cabal's way of specifying dependencies. For one, dependencies
@ -393,7 +464,7 @@ That only leaves the following extra ways for specifying dependencies:
: Deprecated, use either `benchmarkHaskellDepends` or `benchmarkSystemDepends`.
The dependency specification methods in this list which are unconditional
are especially useful when writing [overrides](#sec-haskell-overriding-haskell-packages)
are especially useful when writing [overrides](#haskell-overriding-haskell-packages)
when you want to make sure that they are definitely included. However, it is
recommended to use the more accurate ones listed above when possible.
@ -404,7 +475,7 @@ arguments which are transparently set in `meta` of the resulting derivation. See
the [Meta-attributes section](#chap-meta) for their documentation.
* These attributes are populated with a default value if omitted:
* `homepage`: defaults to the hackage page for `pname`.
* `homepage`: defaults to the Hackage page for `pname`.
* `platforms`: defaults to `lib.platforms.all` (since GHC can cross-compile)
* These attributes are only set if given:
* `description`
@ -414,41 +485,24 @@ the [Meta-attributes section](#chap-meta) for their documentation.
* `broken`
* `hydraPlatforms`
## Development environments {#sec-haskell-development-environments}
## Development environments {#haskell-development-environments}
In addition to building and installing Haskell software, nixpkgs can also
provide development environments for Haskell projects. This has the obvious
advantage that you benefit from `cache.nixos.org` and no longer need to compile
all project dependencies yourself.
all project dependencies yourself. While it is often very useful, this is not
the primary use case of our package set. Have a look at the section
[available package versions](#haskell-available-versions) to learn which
versions of packages we provide and the section
[limitations](#haskell-limitations), to judge whether a `haskellPackages`
based development environment for your project is feasible.
Our main objective with `haskellPackages` is to package Haskell software in
nixpkgs. This entails some limitations, partially due to self-imposed
restrictions of nixpkgs, partially in the name of maintainability:
* Only the packages built with the default compiler see extensive testing of the
whole package set. The experience using an older or newer packaged compiler
may be worse.
* We aim for a “blessed” package set which only contains one version of each
package.
Thus, to get the best experience, make sure that your project can be compiled
using the default compiler of nixpkgs and recent versions of its dependencies.
“Recent” can either mean the version contained in a certain [Stackage] snapshot
(usually the latest LTS or nightly one) <!-- TODO(@sternenseemann): document our use of solvers -->
or the latest version from Hackage. Similarly to Stackage, we sometimes
intervene and downgrade packages to ensure as many packages as possible can
be compiled together.
In particular, it is not possible to get the dependencies of a legacy project
from nixpkgs or to use a specific stack solver for compiling a project.
Now for the actual development environments: By default every derivation built
using [`haskellPackages.mkDerivation`](#haskell-mkderivation) exposes an
environment suitable for building it interactively as the `env` attribute. For
example, if you have a local checkout of `random`, you can enter a development
environment for it like this (if the dependencies in the development and
packaged version match):
By default, every derivation built using
[`haskellPackages.mkDerivation`](#haskell-mkderivation) exposes an environment
suitable for building it interactively as the `env` attribute. For example, if
you have a local checkout of `random`, you can enter a development environment
for it like this (if the dependencies in the development and packaged version
match):
```console
$ cd ~/src/random
@ -469,27 +523,26 @@ dependencies of `random`. Note that this environment does not mirror
the environment used to build the package, but is intended as a convenient
tool for development and simple debugging. `env` relies on the `ghcWithPackages`
wrapper which automatically injects a pre-populated package-db into every
GHC invocation. When building the derivation, the appropriate flags would always
be passed explicitly.
GHC invocation. In contrast, using `nix-shell -A haskellPackages.random` will
not result in an environment in which the dependencies are in GHCs package
database. Instead, the Haskell builder will pass in all dependencies explicitly
via configure flags.
`env` mirrors the normal derivation environment in one aspect: It does not include
familiar development tools like `cabal-install`, since we rely on plain `Setup.hs`
to build all packages. However, `cabal-install` will work as expected if in
`PATH` (e.g. when installed globally and using a `nix-shell` without `--pure`).
A declarative and pure way of adding arbitrary development tools is provided
via [`shellFor`](#ssec-haskell-shellFor).
via [`shellFor`](#haskell-shellFor).
<!-- TODO(@sternenseemann): this doesn't work in practice (anymore?)
This topic needs to be investigated again; Deleting the local hackage db is
an easy workaround (ty @maralorn), but some useful features of cabal2nix
depend on it (i.e. cabal2nix cabal://pkg-version).
You can make sure that `cabal-install` doesn't download or build any packages
not provided using Nix by passing `--offline`. There is of course a better way
to add any number of development tools to your `nix-shell` which we'll discuss
later.
-->
When using `cabal-install` for dependency resolution you need to be a bit
careful to achieve build purity. `cabal-install` will find and use all
dependencies installed from the packages `env` via Nix, but it will also
consult Hackage to potentially download and compile dependencies if it cant
find a valid build plan locally. To prevent this you can either never run
`cabal update`, remove the cabal database from your `~/.cabal` folder or run
`cabal` with `--offline`. Note though, that for some usecases `cabal2nix` needs
the local Hackage db.
Often you won't work on a package that is already part of `haskellPackages` or
Hackage, so we first need to write a Nix expression to obtain the development
@ -502,7 +555,7 @@ my-project.cabal src …
$ cabal2nix ./. > my-project.nix
```
The generated nix expression evaluates to a function ready to be
The generated Nix expression evaluates to a function ready to be
`callPackage`-ed. For now, we can add a minimal `default.nix` which does just
that:
@ -519,7 +572,7 @@ enter a shell with all the package's dependencies available using `nix-shell
-A env default.nix`. If you have `cabal-install` installed globally, it'll work
inside the shell as expected.
### shellFor {#ssec-haskell-shellFor}
### shellFor {#haskell-shellFor}
Having to install tools globally is obviously not great, especially if you want
to provide a batteries-included `shell.nix` with your project. Luckily there's a
@ -533,8 +586,8 @@ development environment inside `nix-shell`:
development environment. This should be a function which takes a haskell package
set and returns a list of packages. `shellFor` will pass the used package set to
this function and include all dependencies of the returned package in the build
environment. This means you can reuse nix expressions of packages included in
nixpkgs, but also use local nix expressions like this: `hpkgs: [
environment. This means you can reuse Nix expressions of packages included in
nixpkgs, but also use local Nix expressions like this: `hpkgs: [
(hpkgs.callPackage ./my-project.nix { }) ]`.
`nativeBuildInputs`
@ -545,9 +598,8 @@ Defaults to `[]`.
`buildInputs`
: Expects a list of derivations to add as library dependencies, like `openssl`.
This is rarely necessary as the haskell package expressions usually track system
dependencies as well. Defaults to `[]`.
<!-- TODO link specifying deps section here -->
dependencies as well. Defaults to `[]`. (see also
[derivation dependencies](#haskell-derivation-deps))
`withHoogle`
: If this is true, `hoogle` will be added to `nativeBuildInputs`.
@ -579,7 +631,7 @@ pkgs.haskellPackages.shellFor {
packages = hpkgs: [
# reuse the nixpkgs for this package
hpkgs.distribution-nixpkgs
# call our generated nix expression manually
# call our generated Nix expression manually
(hpkgs.callPackage ./my-project/my-project.nix { })
];
@ -602,7 +654,54 @@ pkgs.haskellPackages.shellFor {
<!-- TODO(@sternenseemann): deps are not included if not selected -->
## Overriding haskell packages {#sec-haskell-overriding-haskell-packages}
### haskell-language-server {#haskell-language-server}
To use HLS in short: Install `pkgs.haskell-language-server` e.g. in
`nativeBuildInputs` in `shellFor` and use the `haskell-language-server-wrapper`
command to run it. See the [HLS user guide] on how to configure your text
editor to use HLS and how to test your setup.
HLS needs to be compiled with the GHC version of the project you use it
on.
``pkgs.haskell-language-server`` provides
``haskell-language-server-wrapper``, ``haskell-language-server``
and ``haskell-language-server-x.x.x``
binaries, where ``x.x.x`` is the GHC version for which it is compiled. By
default, it only includes binaries for the current GHC version, to reduce
closure size. The closure size is large, because HLS needs to be dynamically
linked to work reliably. You can override the list of supported GHC versions
with e.g.
```nix
pkgs.haskell-language-server.override { supportedGhcVersions = [ "90" "94" ]; }
```
Where all strings `version` are allowed such that
`haskell.packages.ghc${version}` is an existing package set.
When you run `haskell-language-server-wrapper` it will detect the GHC
version used by the project you are working on (by asking e.g. cabal or
stack) and pick the appropriate versioned binary from your path.
Be careful when installing HLS globally and using a pinned nixpkgs for a
Haskell project in a `nix-shell`. If the nixpkgs versions deviate to much
(e.g., use different `glibc` versions) the `haskell-language-server-?.?.?`
executable will try to detect these situations and refuse to start. It is
recommended to obtain HLS via `nix-shell` from the nixpkgs version pinned in
there instead.
The top level `pkgs.haskell-language-server` attribute is just a convenience
wrapper to make it possible to install HLS for multiple GHC versions at the
same time. If you know, that you only use one GHC version, e.g., in a project
specific `nix-shell` you can simply use
`pkgs.haskellPackages.haskell-language-server` or
`pkgs.haskell.packages.*.haskell-language-server` from the package set you use.
If you use `nix-shell` for your development environments remember to start your
editor in that environment. You may want to use something like `direnv` and/or an
editor plugin to achieve this.
## Overriding Haskell packages {#haskell-overriding-haskell-packages}
### Overriding a single package
@ -644,7 +743,7 @@ haskellPackages.haskell-ci.overrideScope (self: super: {
The custom interface comes into play when you want to override the arguments
passed to `haskellPackages.mkDerivation`. For this, the function `overrideCabal`
from `haskell.lib.compose` is used. E.g. if you want to install a man page
from `haskell.lib.compose` is used. E.g., if you want to install a man page
that is distributed with the package, you can do something like this:
```nix
@ -900,10 +999,10 @@ you are working with or even better from the `self`/`final` fix point of
Note: Some functions like `shellFor` that are not intended for overriding per se, are omitted
in this section. <!-- TODO(@sternenseemann): note about ifd section -->
`cabalSdist { src, name }`
`cabalSdist { src, name ? ... }`
: Generates the Cabal sdist tarball for `src`, suitable for uploading to Hackage.
Contrary to `haskell.lib.compose.sdistTarball`, it uses `cabal-install` over `Setup.hs`,
so it is usually faster: No build dependencies need to be downloaded and we can
so it is usually faster: No build dependencies need to be downloaded, and we can
skip compiling `Setup.hs`.
`buildFromCabalSdist drv`
@ -929,15 +1028,15 @@ TODO(@NixOS/haskell): finish these planned sections
* `callHackage`, `callHackageDirect`
* `developPackage`
## Contributing {#sec-haskell-contributing}
## Contributing {#haskell-contributing}
### Fixing a broken package {#sec-haskell-fixing-a-broken-package}
### Fixing a broken package {#haskell-fixing-a-broken-package}
### Package set generation {#sec-haskell-package-set-generation}
### Package set generation {#haskell-package-set-generation}
### Packaging a Haskell project
### Backporting {#sec-haskell-backporting}
### Backporting {#haskell-backporting}
Backporting changes to a stable NixOS version in general is covered
in nixpkgs' `CONTRIBUTING.md` in general. In particular refer to the
@ -950,7 +1049,7 @@ it does for the unstable branches.
-->
## F.A.Q. {#sec-haskell-faq}
## F.A.Q. {#haskell-faq}
### Why is topic X not covered in this section? Why is section Y missing?
@ -963,15 +1062,18 @@ If you feel any important topic is not documented at all, feel free to comment
on the issue linked above.
[Stackage]: https://www.stackage.org
[cabal-project-files]: https://cabal.readthedocs.io/en/latest/cabal-project.html
[cabal2nix]: https://github.com/nixos/cabal2nix
[hoogle]: https://wiki.haskell.org/Hoogle
[haddock]: https://www.haskell.org/haddock/
[cpphs]: https://Hackage.haskell.org/package/cpphs
[haddock-hoogle-option]: https://haskell-haddock.readthedocs.io/en/latest/invoking.html#cmdoption-hoogle
[haddock-hyperlinked-source-option]: https://haskell-haddock.readthedocs.io/en/latest/invoking.html#cmdoption-hyperlinked-source
[profiling]: https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/profiling.html
[haddock]: https://www.haskell.org/haddock/
[haskell-program-coverage]: https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/profiling.html#observing-code-coverage
[profiling-detail]: https://cabal.readthedocs.io/en/latest/cabal-project.html#cfg-field-profiling-detail
[haskell.nix]: https://input-output-hk.github.io/haskell.nix/index.html
[HLS user guide]: https://haskell-language-server.readthedocs.io/en/latest/configuration.html#configuring-your-editor
[hoogle]: https://wiki.haskell.org/Hoogle
[jailbreak-cabal]: https://github.com/NixOS/jailbreak-cabal/
[cpphs]: https://hackage.haskell.org/package/cpphs
[cabal-project-files]: https://cabal.readthedocs.io/en/latest/cabal-project.html
[optparse-applicative-completions]: https://github.com/pcapriotti/optparse-applicative/blob/7726b63796aa5d0df82e926d467f039b78ca09e2/README.md#bash-zsh-and-fish-completions
[profiling-detail]: https://cabal.readthedocs.io/en/latest/cabal-project.html#cfg-field-profiling-detail
[profiling]: https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/profiling.html
[search.nixos.org]: https://search.nixos.org

24
maintainers/maintainer-list.nix
View File

@ -6876,6 +6876,12 @@
githubId = 310981;
name = "Joel Burget";
};
joelkoen = {
email = "mail@joelkoen.com";
github = "joelkoen";
githubId = 122502655;
name = "Joel Koen";
};
joelmo = {
email = "joel.moberg@gmail.com";
github = "joelmo";
@ -7266,12 +7272,6 @@
githubId = 20658981;
name = "Jarosław Wygoda";
};
jyooru = {
email = "joel@joel.tokyo";
github = "jyooru";
githubId = 63786778;
name = "Joel";
};
jyp = {
email = "jeanphilippe.bernardy@gmail.com";
github = "jyp";
@ -14420,6 +14420,12 @@
githubId = 52011418;
name = "Travis Davis";
};
traxys = {
email = "quentin+dev@familleboyer.net";
github = "traxys";
githubId = 5623227;
name = "Quentin Boyer";
};
TredwellGit = {
email = "tredwell@tutanota.com";
github = "TredwellGit";
@ -16319,4 +16325,10 @@
github = "RossComputerGuy";
githubId = 19699320;
};
franzmondlichtmann = {
name = "Franz Schroepf";
email = "franz-schroepf@t-online.de";
github = "franzmondlichtmann";
githubId = 105480088;
};
}

2
nixos/doc/manual/configuration/ssh.section.md
View File

@ -8,7 +8,7 @@ services.openssh.enable = true;
By default, root logins using a password are disallowed. They can be
disabled entirely by setting
[](#opt-services.openssh.permitRootLogin) to `"no"`.
[](#opt-services.openssh.settings.PermitRootLogin) to `"no"`.
You can declaratively specify authorised RSA/DSA public keys for a user
as follows:

2
nixos/doc/manual/from_md/configuration/ssh.section.xml
View File

@ -9,7 +9,7 @@ services.openssh.enable = true;
<para>
By default, root logins using a password are disallowed. They can be
disabled entirely by setting
<xref linkend="opt-services.openssh.permitRootLogin" /> to
<xref linkend="opt-services.openssh.settings.PermitRootLogin" /> to
<literal>&quot;no&quot;</literal>.
</para>
<para>

36
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
View File

@ -10,7 +10,7 @@
In addition to numerous new and upgraded packages, this release
has the following highlights:
</para>
<itemizedlist spacing="compact">
<itemizedlist>
<listitem>
<para>
Cinnamon has been updated to 5.6, see
@ -18,6 +18,14 @@
pull request</link> for what is changed.
</para>
</listitem>
<listitem>
<para>
<literal>nixos-rebuild</literal> now supports an extra
<literal>--specialisation</literal> option that can be used to
change specialisation for <literal>switch</literal> and
<literal>test</literal> commands.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-23.05-new-services">
@ -99,6 +107,14 @@
<link xlink:href="options.html#opt-services.ulogd.enable">services.ulogd</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://photoprism.app/">photoprism</link>,
a AI-Powered Photos App for the Decentralized Web. Available
as
<link xlink:href="options.html#opt-services.photoprism.enable">services.photoprism</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-23.05-incompatibilities">
@ -324,6 +340,24 @@
<link linkend="opt-services.usbmuxd.package">services.usbmuxd.package</link>
</para>
</listitem>
<listitem>
<para>
A few openssh options have been moved from extraConfig to the
new freeform option <literal>settings</literal> and renamed as
follow:
<literal>services.openssh.kbdInteractiveAuthentication</literal>
to
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>,
<literal>services.openssh.passwordAuthentication</literal> to
<literal>services.openssh.settings.PasswordAuthentication</literal>,
<literal>services.openssh.useDns</literal> to
<literal>services.openssh.settings.UseDns</literal>,
<literal>services.openssh.permitRootLogin</literal> to
<literal>services.openssh.settings.PermitRootLogin</literal>,
<literal>services.openssh.logLevel</literal> to
<literal>services.openssh.settings.LogLevel</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>services.mastodon</literal> gained a tootctl wrapped

51
nixos/doc/manual/man-nixos-rebuild.xml
View File

@ -113,6 +113,18 @@
</group> <replaceable>name</replaceable>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'>
<option>--specialisation</option>
</arg>
<arg choice='plain'>
<option>-c</option>
</arg>
</group> <replaceable>name</replaceable>
</arg>
<sbr />
<arg>
@ -204,6 +216,20 @@
<command>nixos-rebuild switch</command> or <command>nixos-rebuild
boot</command> remain available in the GRUB menu.
</para>
<para>
Note that if you are using specializations, running just
<command>nixos-rebuild switch</command> will switch you back to the
unspecialized, base system - in that case, you might want to use this
instead:
<screen>
<prompt>$ </prompt>nixos-rebuild switch --specialisation your-specialisation-name
</screen>
This command will build all specialisations and make them bootable just
like regular <command>nixos-rebuild switch</command> does - the only
thing different is that it will switch to given specialisation instead
of the base system; it can be also used to switch from the base system
into a specialised one, or to switch between specialisations.
</para>
</listitem>
</varlistentry>
@ -233,6 +259,16 @@
configuration resulting from the last call to <command>nixos-rebuild
switch</command> or <command>nixos-rebuild boot</command>).
</para>
<para>
Note that if you are using specialisations, running just
<command>nixos-rebuild test</command> will activate the unspecialised,
base system - in that case, you might want to use this instead:
<screen>
<prompt>$ </prompt>nixos-rebuild test --specialisation your-specialisation-name
</screen>
This command can be also used to switch from the base system into a
specialised one, or to switch between specialisations.
</para>
</listitem>
</varlistentry>
@ -499,6 +535,21 @@
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--specialisation</option>
</term>
<term>
<option>-c</option>
</term>
<listitem>
<para>
Activates given specialisation; when not specified, switching and testing
will activate the base, unspecialised system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--build-host</option>

6
nixos/doc/manual/release-notes/rl-2305.section.md
View File

@ -10,6 +10,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- Cinnamon has been updated to 5.6, see [the pull request](https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204) for what is changed.
- `nixos-rebuild` now supports an extra `--specialisation` option that can be used to change specialisation for `switch` and `test` commands.
## New Services {#sec-release-23.05-new-services}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -34,6 +36,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable).
- [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable).
## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -85,6 +89,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package)
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follow: `services.openssh.kbdInteractiveAuthentication` to `services.openssh.settings.KbdInteractiveAuthentication`, `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`, `services.openssh.useDns` to `services.openssh.settings.UseDns`, `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`, `services.openssh.logLevel` to `services.openssh.settings.LogLevel`.
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
- The `dnsmasq` service now takes configuration via the

16
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -52,7 +52,7 @@ let
buildMenuAdditionalParamsGrub2 = additional:
let
finalCfg = {
name = "NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel}";
name = "${config.system.nixos.distroName} ${config.system.nixos.label}${config.isoImage.appendToMenuLabel}";
params = "init=${config.system.build.toplevel}/init ${additional} ${toString config.boot.kernelParams}";
image = "/boot/${config.system.boot.loader.kernelFile}";
initrd = "/boot/initrd";
@ -109,35 +109,35 @@ let
DEFAULT boot
LABEL boot
MENU LABEL NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel}
MENU LABEL ${config.system.nixos.distroName} ${config.system.nixos.label}${config.isoImage.appendToMenuLabel}
LINUX /boot/${config.system.boot.loader.kernelFile}
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
INITRD /boot/${config.system.boot.loader.initrdFile}
# A variant to boot with 'nomodeset'
LABEL boot-nomodeset
MENU LABEL NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (nomodeset)
MENU LABEL ${config.system.nixos.distroName} ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (nomodeset)
LINUX /boot/${config.system.boot.loader.kernelFile}
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} nomodeset
INITRD /boot/${config.system.boot.loader.initrdFile}
# A variant to boot with 'copytoram'
LABEL boot-copytoram
MENU LABEL NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (copytoram)
MENU LABEL ${config.system.nixos.distroName} ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (copytoram)
LINUX /boot/${config.system.boot.loader.kernelFile}
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} copytoram
INITRD /boot/${config.system.boot.loader.initrdFile}
# A variant to boot with verbose logging to the console
LABEL boot-debug
MENU LABEL NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (debug)
MENU LABEL ${config.system.nixos.distroName} ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (debug)
LINUX /boot/${config.system.boot.loader.kernelFile}
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} loglevel=7
INITRD /boot/${config.system.boot.loader.initrdFile}
# A variant to boot with a serial console enabled
LABEL boot-serial
MENU LABEL NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (serial console=ttyS0,115200n8)
MENU LABEL ${config.system.nixos.distroName} ${config.system.nixos.label}${config.isoImage.appendToMenuLabel} (serial console=ttyS0,115200n8)
LINUX /boot/${config.system.boot.loader.kernelFile}
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} console=ttyS0,115200n8
INITRD /boot/${config.system.boot.loader.initrdFile}
@ -458,7 +458,7 @@ in
};
isoImage.isoBaseName = mkOption {
default = "nixos";
default = config.system.nixos.distroId;
description = lib.mdDoc ''
Prefix of the name of the generated ISO image file.
'';
@ -579,7 +579,7 @@ in
isoImage.syslinuxTheme = mkOption {
default = ''
MENU TITLE NixOS
MENU TITLE ${config.system.nixos.distroName}
MENU RESOLUTION 800 600
MENU CLEAR
MENU ROWS 6

32
nixos/modules/misc/version.nix
View File

@ -16,18 +16,18 @@ let
) + "\n";
osReleaseContents = {
NAME = "NixOS";
ID = "nixos";
NAME = "${cfg.distroName}";
ID = "${cfg.distroId}";
VERSION = "${cfg.release} (${cfg.codeName})";
VERSION_CODENAME = toLower cfg.codeName;
VERSION_ID = cfg.release;
BUILD_ID = cfg.version;
PRETTY_NAME = "NixOS ${cfg.release} (${cfg.codeName})";
PRETTY_NAME = "${cfg.distroName} ${cfg.release} (${cfg.codeName})";
LOGO = "nix-snowflake";
HOME_URL = "https://nixos.org/";
DOCUMENTATION_URL = "https://nixos.org/learn.html";
SUPPORT_URL = "https://nixos.org/community.html";
BUG_REPORT_URL = "https://github.com/NixOS/nixpkgs/issues";
HOME_URL = lib.optionalString (cfg.distroId == "nixos") "https://nixos.org/";
DOCUMENTATION_URL = lib.optionalString (cfg.distroId == "nixos") "https://nixos.org/learn.html";
SUPPORT_URL = lib.optionalString (cfg.distroId == "nixos") "https://nixos.org/community.html";
BUG_REPORT_URL = lib.optionalString (cfg.distroId == "nixos") "https://github.com/NixOS/nixpkgs/issues";
} // lib.optionalAttrs (cfg.variant_id != null) {
VARIANT_ID = cfg.variant_id;
};
@ -89,6 +89,20 @@ in
description = lib.mdDoc "The NixOS release code name (e.g. `Emu`).";
};
nixos.distroId = mkOption {
internal = true;
type = types.str;
default = "nixos";
description = lib.mdDoc "The id of the operating system";
};
nixos.distroName = mkOption {
internal = true;
type = types.str;
default = "NixOS";
description = lib.mdDoc "The name of the operating system";
};
nixos.variant_id = mkOption {
type = types.nullOr (types.strMatching "^[a-z0-9._-]+$");
default = null;
@ -155,10 +169,10 @@ in
environment.etc = {
"lsb-release".text = attrsToText {
LSB_VERSION = "${cfg.release} (${cfg.codeName})";
DISTRIB_ID = "nixos";
DISTRIB_ID = "${cfg.distroId}";
DISTRIB_RELEASE = cfg.release;
DISTRIB_CODENAME = toLower cfg.codeName;
DISTRIB_DESCRIPTION = "NixOS ${cfg.release} (${cfg.codeName})";
DISTRIB_DESCRIPTION = "${cfg.distroName} ${cfg.release} (${cfg.codeName})";
};
"os-release".text = attrsToText osReleaseContents;

1
nixos/modules/module-list.nix
View File

@ -1165,6 +1165,7 @@
./services/web-apps/peertube.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/phylactery.nix
./services/web-apps/photoprism.nix
./services/web-apps/pict-rs.nix
./services/web-apps/plantuml-server.nix
./services/web-apps/plausible.nix

2
nixos/modules/profiles/installation-device.nix
View File

@ -72,7 +72,7 @@ with lib;
# mounting the storage in a different system.
services.openssh = {
enable = true;
permitRootLogin = "yes";
settings.PermitRootLogin = "yes";
};
# Enable wpa_supplicant, but don't start it by default.

14
nixos/modules/services/misc/autorandr.nix
View File

@ -254,6 +254,12 @@ in {
'';
};
ignoreLid = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc "Treat outputs as connected even if their lids are closed";
};
hooks = mkOption {
type = hooksModule;
description = lib.mdDoc "Global hook scripts";
@ -340,7 +346,13 @@ in {
startLimitIntervalSec = 5;
startLimitBurst = 1;
serviceConfig = {
ExecStart = "${pkgs.autorandr}/bin/autorandr --batch --change --default ${cfg.defaultTarget}";
ExecStart = ''
${pkgs.autorandr}/bin/autorandr \
--batch \
--change \
--default ${cfg.defaultTarget} \
${optionalString cfg.ignoreLid "--ignore-lid"}
'';
Type = "oneshot";
RemainAfterExit = false;
KillMode = "process";

3
nixos/modules/services/misc/gitea.nix
View File

@ -468,12 +468,14 @@ in
"d '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -"
"Z '${cfg.stateDir}' - ${cfg.user} gitea - -"
@ -633,7 +635,6 @@ in
systemd.services.gitea-dump = mkIf cfg.dump.enable {
description = "gitea dump";
after = [ "gitea.service" ];
wantedBy = [ "default.target" ];
path = [ gitea ];
environment = {

5
nixos/modules/services/misc/ntfy-sh.nix
View File

@ -59,6 +59,10 @@ in
systemPackages = [ cfg.package ];
};
services.ntfy-sh.settings = {
auth-file = mkDefault "/var/lib/ntfy-sh/user.db";
};
systemd.services.ntfy-sh = {
description = "Push notifications server";
@ -68,6 +72,7 @@ in
serviceConfig = {
ExecStart = "${cfg.package}/bin/ntfy serve -c ${configuration}";
User = cfg.user;
StateDirectory = "ntfy-sh";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
PrivateTmp = true;

2
nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
View File

@ -9,7 +9,7 @@ let
pkgs.writeText "rspamd-exporter-config.yml" (builtins.toJSON conf);
generateConfig = extraLabels: {
metrics = (map (path: {
modules.default.metrics = (map (path: {
name = "rspamd_${replaceStrings [ "[" "." " " "]" "\\" "'" ] [ "_" "_" "_" "" "" "" ] path}";
path = "{ .${path} }";
labels = extraLabels;

6
nixos/modules/services/monitoring/uptime-kuma.nix
View File

@ -18,9 +18,10 @@ in
description = lib.mdDoc "Uptime Kuma package to use.";
};
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications.");
settings = lib.mkOption {
type =
lib.types.submodule { freeformType = with lib.types; attrsOf str; };
type = lib.types.submodule { freeformType = with lib.types; attrsOf str; };
default = { };
example = {
PORT = "4000";
@ -47,6 +48,7 @@ in
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = cfg.settings;
path = lib.mkIf cfg.appriseSupport (with pkgs; [ apprise ]);
serviceConfig = {
Type = "simple";
StateDirectory = "uptime-kuma";

3
nixos/modules/services/networking/hostapd.nix
View File

@ -94,7 +94,8 @@ in
};
ssid = mkOption {
default = "nixos";
default = config.system.nixos.distroId;
defaultText = literalExpression "config.system.nixos.distroId";
example = "mySpecialSSID";
type = types.str;
description = lib.mdDoc "SSID to be used in IEEE 802.11 management frames.";

128
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -12,8 +12,23 @@ let
then cfgc.package
else pkgs.buildPackages.openssh;
# reports boolean as yes / no
mkValueStringSshd = v:
if isInt v then toString v
else if isString v then v
else if true == v then "yes"
else if false == v then "no"
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
# dont use the "=" operator
settingsFormat = (pkgs.formats.keyValue {
mkKeyValue = lib.generators.mkKeyValueDefault {
mkValueString = mkValueStringSshd;
} " ";});
configFile = settingsFormat.generate "config" cfg.settings;
sshconf = pkgs.runCommand "sshd.conf-validated" { nativeBuildInputs = [ validationPackage ]; } ''
cat >$out <<EOL
cat ${configFile} - >$out <<EOL
${cfg.extraConfig}
EOL
@ -24,6 +39,7 @@ let
cfg = config.services.openssh;
cfgc = config.programs.ssh;
nssModulesPath = config.system.nssModules.path;
userOptions = {
@ -82,6 +98,12 @@ in
(mkAliasOptionModuleMD [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
(mkAliasOptionModuleMD [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
(mkRenamedOptionModule [ "services" "openssh" "challengeResponseAuthentication" ] [ "services" "openssh" "kbdInteractiveAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "kbdInteractiveAuthentication" ] [ "services" "openssh" "settings" "KbdInteractiveAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "passwordAuthentication" ] [ "services" "openssh" "settings" "PasswordAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ])
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
(mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ])
];
###### interface
@ -145,14 +167,6 @@ in
'';
};
permitRootLogin = mkOption {
default = "prohibit-password";
type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"];
description = lib.mdDoc ''
Whether the root user can login using ssh.
'';
};
gatewayPorts = mkOption {
type = types.str;
default = "no";
@ -210,22 +224,6 @@ in
'';
};
passwordAuthentication = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Specifies whether password authentication is allowed.
'';
};
kbdInteractiveAuthentication = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Specifies whether keyboard-interactive authentication is allowed.
'';
};
hostKeys = mkOption {
type = types.listOf types.attrs;
default =
@ -346,26 +344,58 @@ in
'';
};
logLevel = mkOption {
type = types.enum [ "QUIET" "FATAL" "ERROR" "INFO" "VERBOSE" "DEBUG" "DEBUG1" "DEBUG2" "DEBUG3" ];
default = "INFO"; # upstream default
description = lib.mdDoc ''
Gives the verbosity level that is used when logging messages from sshd(8). The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1
are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level
violates the privacy of users and is not recommended.
'';
};
useDns = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address.
If this option is set to no (the default) then only addresses and not host names may be used in
~/.ssh/authorized_keys from and sshd_config Match Host directives.
'';
settings = mkOption {
description = lib.mdDoc "Verbatim contents of {file}`sshd_config`.";
example = literalExpression ''{
UseDns true;
}'';
type = types.submodule ({name, ...}: {
freeformType = settingsFormat.type;
options = {
LogLevel = mkOption {
type = types.enum [ "QUIET" "FATAL" "ERROR" "INFO" "VERBOSE" "DEBUG" "DEBUG1" "DEBUG2" "DEBUG3" ];
default = "INFO"; # upstream default
description = lib.mdDoc ''
Gives the verbosity level that is used when logging messages from sshd(8). Logging with a DEBUG level
violates the privacy of users and is not recommended.
'';
};
UseDns = mkOption {
type = types.bool;
# apply if cfg.useDns then "yes" else "no"
default = false;
description = lib.mdDoc ''
Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address.
If this option is set to no (the default) then only addresses and not host names may be used in
~/.ssh/authorized_keys from and sshd_config Match Host directives.
'';
};
PasswordAuthentication = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Specifies whether password authentication is allowed.
'';
};
PermitRootLogin = mkOption {
default = "prohibit-password";
type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"];
description = lib.mdDoc ''
Whether the root user can login using ssh.
'';
};
KbdInteractiveAuthentication = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Specifies whether keyboard-interactive authentication is allowed.
'';
};
};
});
};
extraConfig = mkOption {
@ -496,7 +526,7 @@ in
security.pam.services.sshd =
{ startSession = true;
showMotd = true;
unixAuth = cfg.passwordAuthentication;
unixAuth = cfg.settings.PasswordAuthentication;
};
# These values are merged with the ones defined externally, see:
@ -530,10 +560,7 @@ in
Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags}
''}
PermitRootLogin ${cfg.permitRootLogin}
GatewayPorts ${cfg.gatewayPorts}
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
KbdInteractiveAuthentication ${if cfg.kbdInteractiveAuthentication then "yes" else "no"}
PrintMotd no # handled by pam_motd
@ -550,11 +577,6 @@ in
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
Ciphers ${concatStringsSep "," cfg.ciphers}
MACs ${concatStringsSep "," cfg.macs}
LogLevel ${cfg.logLevel}
UseDNS ${if cfg.useDns then "yes" else "no"}
'';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;

2
nixos/modules/services/security/fail2ban.nix
View File

@ -339,7 +339,7 @@ in
# Block SSH if there are too many failing connection attempts.
# Benefits from verbose sshd logging to observe failed login attempts,
# so we set that here unless the user overrode it.
services.openssh.logLevel = lib.mkDefault "VERBOSE";
services.openssh.settings.LogLevel = lib.mkDefault "VERBOSE";
services.fail2ban.jails.sshd = mkDefault ''
enabled = true
port = ${concatMapStringsSep "," (p: toString p) config.services.openssh.ports}

155
nixos/modules/services/web-apps/photoprism.nix Normal file
View File

@ -0,0 +1,155 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.photoprism;
env = {
PHOTOPRISM_ORIGINALS_PATH = cfg.originalsPath;
PHOTOPRISM_STORAGE_PATH = cfg.storagePath;
PHOTOPRISM_IMPORT_PATH = cfg.importPath;
PHOTOPRISM_HTTP_HOST = cfg.address;
PHOTOPRISM_HTTP_PORT = toString cfg.port;
} // (
lib.mapAttrs (_: toString) cfg.settings
);
manage =
let
setupEnv = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: val: "export ${name}=${lib.escapeShellArg val}") env);
in
pkgs.writeShellScript "manage" ''
${setupEnv}
exec ${cfg.package}/bin/photoprism "$@"
'';
in
{
meta.maintainers = with lib.maintainers; [ stunkymonkey ];
options.services.photoprism = {
enable = lib.mkEnableOption (lib.mdDoc "Photoprism web server");
passwordFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = lib.mdDoc ''
Admin password file.
'';
};
address = lib.mkOption {
type = lib.types.str;
default = "localhost";
description = lib.mdDoc ''
Web interface address.
'';
};
port = lib.mkOption {
type = lib.types.port;
default = 2342;
description = lib.mdDoc ''
Web interface port.
'';
};
originalsPath = lib.mkOption {
type = lib.types.path;
default = null;
example = "/data/photos";
description = lib.mdDoc ''
Storage path of your original media files (photos and videos).
'';
};
importPath = lib.mkOption {
type = lib.types.str;
default = "import";
description = lib.mdDoc ''
Relative or absolute to the `originalsPath` from where the files should be imported.
'';
};
storagePath = lib.mkOption {
type = lib.types.path;
default = "/var/lib/photoprism";
description = lib.mdDoc ''
Location for sidecar, cache, and database files.
'';
};
package = lib.mkPackageOptionMD pkgs "photoprism" { };
settings = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = lib.mdDoc ''
See [the getting-started guide](https://docs.photoprism.app/getting-started/config-options/) for available options.
'';
example = {
PHOTOPRISM_DEFAULT_LOCALE = "de";
PHOTOPRISM_ADMIN_USER = "root";
};
};
};
config = lib.mkIf cfg.enable {
systemd.services.photoprism = {
description = "Photoprism server";
serviceConfig = {
Restart = "on-failure";
User = "photoprism";
Group = "photoprism";
DynamicUser = true;
StateDirectory = "photoprism";
WorkingDirectory = "/var/lib/photoprism";
RuntimeDirectory = "photoprism";
LoadCredential = lib.optionalString (cfg.passwordFile != null)
"PHOTOPRISM_ADMIN_PASSWORD:${cfg.passwordFile}";
CapabilityBoundingSet = "";
LockPersonality = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
UMask = "0066";
} // lib.optionalAttrs (cfg.port < 1024) {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
};
wantedBy = [ "multi-user.target" ];
environment = env;
# reminder: easier password configuration will come in https://github.com/photoprism/photoprism/pull/2302
preStart = ''
ln -sf ${manage} photoprism-manage
${lib.optionalString (cfg.passwordFile != null) ''
export PHOTOPRISM_ADMIN_PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/PHOTOPRISM_ADMIN_PASSWORD")
''}
exec ${cfg.package}/bin/photoprism migrations run -f
'';
script = ''
${lib.optionalString (cfg.passwordFile != null) ''
export PHOTOPRISM_ADMIN_PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/PHOTOPRISM_ADMIN_PASSWORD")
''}
exec ${cfg.package}/bin/photoprism start
'';
};
};
}

2
nixos/modules/system/activation/bootspec.nix
View File

@ -22,7 +22,7 @@ let
system = config.boot.kernelPackages.stdenv.hostPlatform.system;
kernel = "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}";
kernelParams = config.boot.kernelParams;
label = "NixOS ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})";
label = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})";
inherit (cfg) extensions;
} // lib.optionalAttrs config.boot.initrd.enable {

2
nixos/modules/system/activation/switch-to-configuration.pl
View File

@ -84,7 +84,7 @@ EOF
# This is a NixOS installation if it has /etc/NIXOS or a proper
# /etc/os-release.
if (!-f "/etc/NIXOS" && (read_file("/etc/os-release", err_mode => "quiet") // "") !~ /^ID="?nixos"?/msx) {
if (!-f "/etc/NIXOS" && (read_file("/etc/os-release", err_mode => "quiet") // "") !~ /^ID="?@distroId@"?/msx) {
die("This is not a NixOS installation!\n");
}

1
nixos/modules/system/activation/top-level.nix
View File

@ -65,6 +65,7 @@ let
mkdir $out/bin
export localeArchive="${config.i18n.glibcLocales}/lib/locale/locale-archive"
export distroId=${config.system.nixos.distroId};
substituteAll ${./switch-to-configuration.pl} $out/bin/switch-to-configuration
chmod +x $out/bin/switch-to-configuration
${optionalString (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) ''

3
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -55,7 +55,7 @@ let
grubTargetEfi = if cfg.efiSupport && (cfg.version == 2) then f (grubEfi.grubTarget or "") else "";
bootPath = args.path;
storePath = config.boot.loader.grub.storePath;
bootloaderId = if args.efiBootloaderId == null then "NixOS${efiSysMountPoint'}" else args.efiBootloaderId;
bootloaderId = if args.efiBootloaderId == null then "${config.system.nixos.distroName}${efiSysMountPoint'}" else args.efiBootloaderId;
timeout = if config.boot.loader.timeout == null then -1 else config.boot.loader.timeout;
users = if cfg.users == {} || cfg.version != 1 then cfg.users else throw "GRUB version 1 does not support user accounts.";
theme = f cfg.theme;
@ -759,6 +759,7 @@ in
src = ./install-grub.pl;
utillinux = pkgs.util-linux;
btrfsprogs = pkgs.btrfs-progs;
inherit (config.system.nixos) distroName;
};
perl = pkgs.perl.withPackages (p: with p; [
FileSlurp FileCopyRecursive

10
nixos/modules/system/boot/loader/grub/install-grub.pl
View File

@ -511,7 +511,7 @@ sub addEntry {
# Add default entries.
$conf .= "$extraEntries\n" if $extraEntriesBeforeNixOS;
addEntry("NixOS - Default", $defaultConfig, $entryOptions);
addEntry("@distroName@ - Default", $defaultConfig, $entryOptions);
$conf .= "$extraEntries\n" unless $extraEntriesBeforeNixOS;
@ -536,7 +536,7 @@ foreach my $link (@links) {
my $linkname = basename($link);
$entryName = "($linkname - $date - $version)";
}
addEntry("NixOS - $entryName", $link);
addEntry("@distroName@ - $entryName", $link);
}
my $grubBootPath = $grubBoot->path;
@ -568,19 +568,19 @@ sub addProfile {
-e "$link/nixos-version"
? readFile("$link/nixos-version")
: basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);
addEntry("NixOS - Configuration " . nrFromGen($link) . " ($date - $version)", $link, $subEntryOptions);
addEntry("@distroName@ - Configuration " . nrFromGen($link) . " ($date - $version)", $link, $subEntryOptions);
}
$conf .= "}\n" if $grubVersion == 2;
}
addProfile "/nix/var/nix/profiles/system", "NixOS - All configurations";
addProfile "/nix/var/nix/profiles/system", "@distroName@ - All configurations";
if ($grubVersion == 2) {
for my $profile (glob "/nix/var/nix/profiles/system-profiles/*") {
my $name = basename($profile);
next unless $name =~ /^\w+$/;
addProfile $profile, "NixOS - Profile '$name'";
addProfile $profile, "@distroName@ - Profile '$name'";
}
}

6
nixos/modules/system/boot/loader/init-script/init-script-builder.sh
View File

@ -64,13 +64,13 @@ addEntry() {
mkdir -p /boot /sbin
addEntry "NixOS - Default" $defaultConfig ""
addEntry "@distroName@ - Default" $defaultConfig ""
# Add all generations of the system profile to the menu, in reverse
# (most recent to least recent) order.
for link in $((ls -d $defaultConfig/specialisation/* ) | sort -n); do
date=$(stat --printf="%y\n" $link | sed 's/\..*//')
addEntry "NixOS - variation" $link ""
addEntry "@distroName@ - variation" $link ""
done
for generation in $(
@ -85,7 +85,7 @@ for generation in $(
else
suffix="($date)"
fi
addEntry "NixOS - Configuration $generation $suffix" $link "$generation ($date)"
addEntry "@distroName@ - Configuration $generation $suffix" $link "$generation ($date)"
done
mv $tmpOther $targetOther

1
nixos/modules/system/boot/loader/init-script/init-script.nix
View File

@ -8,6 +8,7 @@ let
src = ./init-script-builder.sh;
isExecutable = true;
inherit (pkgs) bash;
inherit (config.nixos.system) distroName;
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
};

8
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
View File

@ -42,7 +42,7 @@ def system_dir(profile: Optional[str], generation: int, specialisation: Optional
else:
return d
BOOT_ENTRY = """title NixOS{profile}{specialisation}
BOOT_ENTRY = """title @distroName@{profile}{specialisation}
version Generation {generation} {description}
linux {kernel}
initrd {initrd}
@ -99,7 +99,7 @@ def describe_generation(generation_dir: str) -> str:
build_time = int(os.path.getctime(generation_dir))
build_date = datetime.datetime.fromtimestamp(build_time).strftime('%F')
description = "NixOS {}, Linux Kernel {}, Built on {}".format(
description = "@distroName@ {}, Linux Kernel {}, Built on {}".format(
nixos_version, kernel_version, build_date
)
@ -206,8 +206,8 @@ def get_profiles() -> List[str]:
return []
def main() -> None:
parser = argparse.ArgumentParser(description='Update NixOS-related systemd-boot files')
parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help='The default NixOS config to boot')
parser = argparse.ArgumentParser(description='Update @distroName@-related systemd-boot files')
parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help='The default @distroName@ config to boot')
args = parser.parse_args()
try:

2
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View File

@ -30,6 +30,8 @@ let
inherit (efi) efiSysMountPoint canTouchEfiVariables;
inherit (config.system.nixos) distroName;
memtest86 = if cfg.memtest86.enable then pkgs.memtest86-efi else "";
netbootxyz = if cfg.netbootxyz.enable then pkgs.netbootxyz-efi else "";

7
nixos/modules/system/boot/stage-1-init.sh
View File

@ -73,7 +73,7 @@ trap 'fail' 0
# Print a greeting.
info
info "<<< NixOS Stage 1 >>>"
info "<<< @distroName@ Stage 1 >>>"
info
# Make several required directories.
@ -234,8 +234,7 @@ done
mkdir -p /lib
ln -s @modulesClosure@/lib/modules /lib/modules
ln -s @modulesClosure@/lib/firmware /lib/firmware
# see comment in stage-1.nix for explanation
echo @extraUtils@/bin/modprobe-kernel > /proc/sys/kernel/modprobe
echo @extraUtils@/bin/modprobe > /proc/sys/kernel/modprobe
for i in @kernelModules@; do
info "loading module $(basename $i)..."
modprobe $i
@ -422,7 +421,7 @@ lustrateRoot () {
local root="$1"
echo
echo -e "\e[1;33m<<< NixOS is now lustrating the root filesystem (cruft goes to /old-root) >>>\e[0m"
echo -e "\e[1;33m<<< @distroName@ is now lustrating the root filesystem (cruft goes to /old-root) >>>\e[0m"
echo
mkdir -m 0755 -p "$root/old-root.tmp"

22
nixos/modules/system/boot/stage-1.nix
View File

@ -150,26 +150,6 @@ let
copy_bin_and_libs ${pkgs.kmod}/bin/kmod
ln -sf kmod $out/bin/modprobe
# Dirty hack to make sure the kernel properly loads modules
# such as ext4 on demand (e.g. on a `mount(2)` syscall). This is necessary
# because `kmod` isn't linked against `libpthread.so.0` anymore (since
# it was merged into `libc.so.6` since version `2.34`), but still needs
# to access it for some reason. This is not an issue in stage-1 itself
# because of the `LD_LIBRARY_PATH`-variable and anytime later because the rpath of
# kmod/modprobe points to glibc's `$out/lib` where `libpthread.so.6` exists.
# However, this is a problem when the kernel calls `modprobe` inside
# the initial ramdisk because it doesn't know about the
# `LD_LIBRARY_PATH` and the rpath was nuked.
#
# Also, we can't use `makeWrapper` here because `kmod` only does
# `modprobe` functionality if `argv[0] == "modprobe"`.
cat >$out/bin/modprobe-kernel <<EOF
#!$out/bin/ash
export LD_LIBRARY_PATH=$out/lib
exec $out/bin/modprobe "\$@"
EOF
chmod +x $out/bin/modprobe-kernel
# Copy resize2fs if any ext* filesystems are to be resized
${optionalString (any (fs: fs.autoResize && (lib.hasPrefix "ext" fs.fsType)) fileSystems) ''
# We need mke2fs in the initrd.
@ -342,6 +322,8 @@ let
inherit (config.boot) resumeDevice;
inherit (config.system.nixos) distroName;
inherit (config.system.build) earlyMountScript;
inherit (config.boot.initrd) checkJournalingFS verbose

2
nixos/modules/system/boot/stage-2-init.sh
View File

@ -19,7 +19,7 @@ if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then
# Print a greeting.
echo
echo -e "\e[1;32m<<< NixOS Stage 2 >>>\e[0m"
echo -e "\e[1;32m<<< @distroName@ Stage 2 >>>\e[0m"
echo

1
nixos/modules/system/boot/stage-2.nix
View File

@ -11,6 +11,7 @@ let
shellDebug = "${pkgs.bashInteractive}/bin/bash";
shell = "${pkgs.bash}/bin/bash";
inherit (config.boot) readOnlyNixStore systemdExecutable extraSystemdUnitPaths;
inherit (config.system.nixos) distroName;
isExecutable = true;
inherit useHostResolvConf;
inherit (config.system.build) earlyMountScript;

3
nixos/modules/tasks/network-interfaces.nix
View File

@ -434,7 +434,8 @@ in
options = {
networking.hostName = mkOption {
default = "nixos";
default = config.system.nixos.distroId;
defaultText = literalExpression "config.system.nixos.distroId";
# Only allow hostnames without the domain name part (i.e. no FQDNs, see
# e.g. "man 5 hostname") and require valid DNS labels (recommended
# syntax). Note: We also allow underscores for compatibility/legacy

2
nixos/modules/virtualisation/amazon-image.nix
View File

@ -85,7 +85,7 @@ in
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.settings.PermitRootLogin = "prohibit-password";
# Enable the serial console on ttyS0
systemd.services."serial-getty@ttyS0".enable = true;

6
nixos/modules/virtualisation/azure-common.nix
View File

@ -30,10 +30,8 @@ with lib;
# Allow root logins only using the SSH key that the user specified
# at instance creation time, ping client connections to avoid timeouts
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.extraConfig = ''
ClientAliveInterval 180
'';
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.settings.ClientAliveInterval = 180;
# Force getting the hostname from Azure
networking.hostName = mkDefault "";

2
nixos/modules/virtualisation/brightbox-image.nix
View File

@ -103,7 +103,7 @@ in
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.settings.PermitRootLogin = "prohibit-password";
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";

2
nixos/modules/virtualisation/cloudstack-config.nix
View File

@ -21,7 +21,7 @@ with lib;
# Allow root logins
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
settings.PermitRootLogin = "prohibit-password";
};
# Cloud-init configuration.

2
nixos/modules/virtualisation/digital-ocean-config.nix
View File

@ -49,7 +49,7 @@ with lib;
};
services.openssh = {
enable = mkDefault true;
passwordAuthentication = mkDefault false;
settings.PasswordAuthentication = mkDefault false;
};
services.do-agent.enable = mkDefault true;
networking = {

4
nixos/modules/virtualisation/google-compute-config.nix
View File

@ -29,8 +29,8 @@ with lib;
# Allow root logins only using SSH keys
# and disable password authentication in general
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = mkDefault false;
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.settings.PasswordAuthentication = mkDefault false;
# enable OS Login. This also requires setting enable-oslogin=TRUE metadata on
# instance or project level

4
nixos/modules/virtualisation/lxc-container.nix
View File

@ -123,8 +123,8 @@ in
architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (toString pkgs.system)) 0;
creation_date = 1;
properties = {
description = "NixOS ${config.system.nixos.codeName} ${config.system.nixos.label} ${pkgs.system}";
os = "nixos";
description = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} ${pkgs.system}";
os = "${config.system.nixos.distroId}";
release = "${config.system.nixos.codeName}";
};
templates = templates.properties;

4
nixos/modules/virtualisation/openstack-config.nix
View File

@ -59,8 +59,8 @@ in
# Allow root logins
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = mkDefault false;
settings.PermitRootLogin = "prohibit-password";
settings.PasswordAuthentication = mkDefault false;
};
users.users.root.initialPassword = "foobar";

2
nixos/modules/virtualisation/virtualbox-image.nix
View File

@ -41,7 +41,7 @@ in {
};
vmName = mkOption {
type = types.str;
default = "NixOS ${config.system.nixos.label} (${pkgs.stdenv.hostPlatform.system})";
default = "${config.system.nixos.distroName} ${config.system.nixos.label} (${pkgs.stdenv.hostPlatform.system})";
description = lib.mdDoc ''
The name of the VirtualBox appliance.
'';

3
nixos/tests/all-tests.nix
View File

@ -436,7 +436,6 @@ in {
netdata = handleTest ./netdata.nix {};
networking.networkd = handleTest ./networking.nix { networkd = true; };
networking.scripted = handleTest ./networking.nix { networkd = false; };
specialisation = handleTest ./specialisation.nix {};
netbox = handleTest ./web-apps/netbox.nix {};
# TODO: put in networking.nix after the test becomes more complete
networkingProxy = handleTest ./networking-proxy.nix {};
@ -464,6 +463,7 @@ in {
nix-serve-ssh = handleTest ./nix-serve-ssh.nix {};
nixops = handleTest ./nixops/default.nix {};
nixos-generate-config = handleTest ./nixos-generate-config.nix {};
nixos-rebuild-specialisations = handleTest ./nixos-rebuild-specialisations.nix {};
nixpkgs = pkgs.callPackage ../modules/misc/nixpkgs/test.nix { inherit evalMinimalConfig; };
node-red = handleTest ./node-red.nix {};
nomad = handleTest ./nomad.nix {};
@ -513,6 +513,7 @@ in {
pgjwt = handleTest ./pgjwt.nix {};
pgmanage = handleTest ./pgmanage.nix {};
phosh = handleTest ./phosh.nix {};
photoprism = handleTest ./photoprism.nix {};
php = handleTest ./php {};
php80 = handleTest ./php { php = pkgs.php80; };
php81 = handleTest ./php { php = pkgs.php81; };

6
nixos/tests/borgbackup.nix
View File

@ -117,8 +117,10 @@ in {
server = { ... }: {
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.borgbackup.repos.repo1 = {

6
nixos/tests/btrbk.nix
View File

@ -52,8 +52,10 @@ import ./make-test-python.nix ({ pkgs, ... }:
environment.systemPackages = with pkgs; [ btrfs-progs ];
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
};
services.btrbk = {
extraPackages = [ pkgs.lz4 ];

4
nixos/tests/google-oslogin/server.nix
View File

@ -17,8 +17,8 @@ in {
};
services.openssh.enable = true;
services.openssh.kbdInteractiveAuthentication = false;
services.openssh.passwordAuthentication = false;
services.openssh.settings.KbdInteractiveAuthentication = false;
services.openssh.settings.PasswordAuthentication = false;
security.googleOsLogin.enable = true;

4
nixos/tests/installer.nix
View File

@ -21,6 +21,8 @@ let
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
documentation.enable = false;
# To ensure that we can rebuild the grub configuration on the nixos-rebuild
system.extraDependencies = with pkgs; [ stdenvNoCC ];
@ -307,7 +309,7 @@ let
# builds stuff in the VM, needs more juice
virtualisation.diskSize = 8 * 1024;
virtualisation.cores = 8;
virtualisation.memorySize = 1536;
virtualisation.memorySize = 2047;
boot.initrd.systemd.enable = systemdStage1;

1
nixos/tests/kernel-generic.nix
View File

@ -31,6 +31,7 @@ let
linux_5_10_hardened
linux_5_15_hardened
linux_6_0_hardened
linux_6_1_hardened
linux_testing;
};

131
nixos/tests/nixos-rebuild-specialisations.nix Normal file
View File

@ -0,0 +1,131 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "nixos-rebuild-specialisations";
nodes = {
machine = { lib, pkgs, ... }: {
imports = [
../modules/profiles/installation-device.nix
../modules/profiles/base.nix
];
nix.settings = {
substituters = lib.mkForce [ ];
hashed-mirrors = null;
connect-timeout = 1;
};
system.extraDependencies = with pkgs; [
curl
desktop-file-utils
docbook5
docbook_xsl_ns
grub2
kmod.dev
libarchive
libarchive.dev
libxml2.bin
libxslt.bin
python3Minimal
shared-mime-info
stdenv
sudo
xorg.lndir
];
virtualisation = {
cores = 2;
memorySize = 2048;
};
};
};
testScript =
let
configFile = pkgs.writeText "configuration.nix" ''
{ lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
boot.loader.grub = {
enable = true;
device = "/dev/vda";
forceInstall = true;
};
documentation.enable = false;
environment.systemPackages = [
(pkgs.writeShellScriptBin "parent" "")
];
specialisation.foo = {
inheritParentConfig = true;
configuration = { ... }: {
environment.systemPackages = [
(pkgs.writeShellScriptBin "foo" "")
];
};
};
specialisation.bar = {
inheritParentConfig = true;
configuration = { ... }: {
environment.systemPackages = [
(pkgs.writeShellScriptBin "bar" "")
];
};
};
}
'';
in
''
machine.start()
machine.succeed("udevadm settle")
machine.wait_for_unit("multi-user.target")
machine.succeed("nixos-generate-config")
machine.copy_from_host(
"${configFile}",
"/etc/nixos/configuration.nix",
)
with subtest("Switch to the base system"):
machine.succeed("nixos-rebuild switch")
machine.succeed("parent")
machine.fail("foo")
machine.fail("bar")
with subtest("Switch from base system into a specialization"):
machine.succeed("nixos-rebuild switch --specialisation foo")
machine.succeed("parent")
machine.succeed("foo")
machine.fail("bar")
with subtest("Switch from specialization into another specialization"):
machine.succeed("nixos-rebuild switch -c bar")
machine.succeed("parent")
machine.fail("foo")
machine.succeed("bar")
with subtest("Switch from specialization into the base system"):
machine.succeed("nixos-rebuild switch")
machine.succeed("parent")
machine.fail("foo")
machine.fail("bar")
with subtest("Switch into specialization using `nixos-rebuild test`"):
machine.succeed("nixos-rebuild test --specialisation foo")
machine.succeed("parent")
machine.succeed("foo")
machine.fail("bar")
with subtest("Make sure nonsense command combinations are forbidden"):
machine.fail("nixos-rebuild boot --specialisation foo")
machine.fail("nixos-rebuild boot -c foo")
'';
})

2
nixos/tests/ntfy-sh.nix
View File

@ -12,6 +12,8 @@ import ./make-test-python.nix {
machine.wait_for_unit("multi-user.target")
machine.wait_for_open_port(80)
machine.succeed(f"curl -d '{msg}' localhost:80/test")
notif = json.loads(machine.succeed("curl -s localhost:80/test/json?poll=1"))

23
nixos/tests/photoprism.nix Normal file
View File

@ -0,0 +1,23 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "photoprism";
meta.maintainers = with lib.maintainers; [ stunkymonkey ];
nodes.machine = { pkgs, ... }: {
services.photoprism = {
enable = true;
port = 8080;
originalsPath = "/media/photos/";
passwordFile = pkgs.writeText "password" "secret";
};
environment.extraInit = ''
mkdir -p /media/photos
'';
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.wait_for_open_port(8080)
response = machine.succeed("curl -vvv -s -H 'Host: photoprism' http://127.0.0.1:8080/library/login")
assert '<title>PhotoPrism</title>' in response, "Login page didn't load successfully"
'';
})

6
nixos/tests/sourcehut.nix
View File

@ -18,8 +18,10 @@ let
# passwordless ssh server
services.openssh = {
enable = true;
permitRootLogin = "yes";
extraConfig = "PermitEmptyPasswords yes";
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = true;
};
};
users = {

43
nixos/tests/specialisation.nix
View File

@ -1,43 +0,0 @@
import ./make-test-python.nix {
name = "specialisation";
nodes = {
inheritconf = { pkgs, ... }: {
environment.systemPackages = [ pkgs.cowsay ];
specialisation.inheritconf.configuration = { pkgs, ... }: {
environment.systemPackages = [ pkgs.hello ];
};
};
noinheritconf = { pkgs, ... }: {
environment.systemPackages = [ pkgs.cowsay ];
specialisation.noinheritconf = {
inheritParentConfig = false;
configuration = { pkgs, ... }: {
environment.systemPackages = [ pkgs.hello ];
};
};
};
};
testScript = ''
inheritconf.wait_for_unit("default.target")
inheritconf.succeed("cowsay hey")
inheritconf.fail("hello")
with subtest("Nested clones do inherit from parent"):
inheritconf.succeed(
"/run/current-system/specialisation/inheritconf/bin/switch-to-configuration test"
)
inheritconf.succeed("cowsay hey")
inheritconf.succeed("hello")
noinheritconf.wait_for_unit("default.target")
noinheritconf.succeed("cowsay hey")
noinheritconf.fail("hello")
with subtest("Nested children do not inherit from parent"):
noinheritconf.succeed(
"/run/current-system/specialisation/noinheritconf/bin/switch-to-configuration test"
)
noinheritconf.fail("cowsay hey")
noinheritconf.succeed("hello")
'';
}

2
nixos/tests/turbovnc-headless-server.nix
View File

@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
# So that we can ssh into the VM, see e.g.
# http://blog.patapon.info/nixos-local-vm/#accessing-the-vm-with-ssh
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
services.openssh.settings.PermitRootLogin = "yes";
users.extraUsers.root.password = "";
users.mutableUsers = false;
};

4
pkgs/applications/audio/strawberry/default.nix
View File

@ -42,13 +42,13 @@ let
in
stdenv.mkDerivation rec {
pname = "strawberry";
version = "1.0.12";
version = "1.0.13";
src = fetchFromGitHub {
owner = "jonaski";
repo = pname;
rev = version;
hash = "sha256-XJCU9cGhmwJ6f79y3tAW1qfJKO7YESVpHY/1FmPQ/Mo=";
hash = "sha256-szvCI1olC7GccJUGwR2Cx+FNGvfxeESsiSwWPTXWbc0=";
};
# the big strawberry shown in the context menu is *very* much in your face, so use the grey version instead

5
pkgs/applications/editors/eclipse/build-eclipse.nix
View File

@ -2,7 +2,7 @@
, zlib, jdk, glib, glib-networking, gtk, libXtst, libsecret, gsettings-desktop-schemas, webkitgtk
, makeWrapper, perl, ... }:
{ name, src ? builtins.getAttr stdenv.hostPlatform.system sources, sources ? null, description, productVersion }:
{ name, src ? builtins.getAttr stdenv.hostPlatform.system sources, sources ? null, description }:
stdenv.mkDerivation rec {
inherit name src;
@ -38,13 +38,14 @@ stdenv.mkDerivation rec {
# settings in ~/.eclipse/org.eclipse.platform_<version> rather
# than ~/.eclipse/org.eclipse.platform_<version>_<number>.
productId=$(sed 's/id=//; t; d' $out/eclipse/.eclipseproduct)
productVersion=$(sed 's/version=//; t; d' $out/eclipse/.eclipseproduct)
makeWrapper $out/eclipse/eclipse $out/bin/eclipse \
--prefix PATH : ${jdk}/bin \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath ([ glib gtk libXtst libsecret ] ++ lib.optional (webkitgtk != null) webkitgtk)} \
--prefix GIO_EXTRA_MODULES : "${glib-networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--add-flags "-configuration \$HOME/.eclipse/''${productId}_${productVersion}/configuration"
--add-flags "-configuration \$HOME/.eclipse/''${productId}_$productVersion/configuration"
# Create desktop item.
mkdir -p $out/share/applications

31
pkgs/applications/editors/eclipse/default.nix
View File

@ -14,21 +14,19 @@
let
platform_major = "4";
platform_minor = "25";
platform_minor = "26";
year = "2022";
month = "09"; #release month
buildmonth = "08"; #sometimes differs from release month
timestamp = "${year}${buildmonth}311800";
month = "12"; #release month
buildmonth = "11"; #sometimes differs from release month
timestamp = "${year}${buildmonth}231800";
gtk = gtk3;
in rec {
# work around https://bugs.eclipse.org/bugs/show_bug.cgi?id=476075#c3
buildEclipseUnversioned = callPackage ./build-eclipse.nix {
buildEclipse = callPackage ./build-eclipse.nix {
inherit stdenv makeDesktopItem freetype fontconfig libX11 libXrender zlib
jdk glib gtk libXtst gsettings-desktop-schemas webkitgtk
makeWrapper;
};
buildEclipse = eclipseData: buildEclipseUnversioned (eclipseData // { productVersion = "${platform_major}.${platform_minor}"; });
### Eclipse CPP
@ -38,7 +36,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-cpp-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
hash = "sha512-1sUQ/jDOQMqnKLKY6oh28STvS5pbH89+2zs+H77euiJOsBgB+yEkEntnhI39O67qmOK/EkQ3y3NkQcumbax56A==";
hash = "sha512-nqqY4dewq1bjeNoZdWvOez+cBti+f9qXshx1eqJ2lB7sGJva5mcR9e+CZTVD0+EtVJ/U+8viJ+E1Veht1ZnqOw==";
};
};
@ -50,7 +48,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-modeling-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
hash = "sha512-Qb2BmfXtmVeTLIZZav91hayPkwSGYMAG3fod3BmyJdo1DPas6VC+MzBwklAjpC1wqLTzKCAKzVZtdtPYC9QCqw==";
hash = "sha512-WU2BJt6GL3ug3yOUOd5y6/AbGLcr2MkCg+QJiNIMkSXvoU9TF6R6oimoGVc3kPZmazRy6WYoes55T3bWrHnO8Q==";
};
};
@ -62,17 +60,16 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-platform-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
hash = "sha512-RW+5H82AcH/U9XUzIlUCU5heN9qQAlMl3rmxsKnTYxVWdIjSN461Nf71F6jPhL/Q+VCAMesguOEF0AqyhnH0nw==";
hash = "sha512-hmdWGteMDt4HhYq+k9twuftalpTzHtGnVVLphZcpJcw+6vJfersciDMaeLRqbCAeFbzJdgzjYo76bpP6FubySw==";
};
};
### Eclipse Scala SDK
eclipse-scala-sdk =
buildEclipseUnversioned.override { jdk = jdk8; gtk = gtk2; } {
buildEclipse.override { jdk = jdk8; gtk = gtk2; } {
name = "eclipse-scala-sdk-4.7.0";
description = "Eclipse IDE for Scala Developers";
productVersion = "4.7";
src =
fetchurl {
url = "https://downloads.typesafe.com/scalaide-pack/4.7.0-vfinal-oxygen-212-20170929/scala-SDK-4.7.0-vfinal-2.12-linux.gtk.x86_64.tar.gz";
@ -88,7 +85,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-SDK-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
hash = "sha512-1wjKNBl6A2XENRVZNtDelPSMAYtc4wRXdQ4CJX/1YcFUPEzbPsX7plO2uJXmDpZcjw3wkQNxqy4bmZF6YnXy/Q==";
hash = "sha512-yH4/K9sBLCUc2EVYwPL0dLql/S3AfaV6fFh7ewAuIb7yHtcsOWMqy/h1hZUlFFg2ykfwDWDDHEK7qfTI0hM7BQ==";
};
};
@ -100,7 +97,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-java-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
hash = "sha512-UejE0pzgwBYpmNbdGEegMM5iEOMYP+VvebU17YQeJUzh/qYr0B6sfXwJ+cdTCavKCNGLMMDenJMYk9V/6DSZHw==";
hash = "sha512-71mXYVLVnyDjYZbJGBKc0aDPq8sbTxlVZRQq7GlSUDv2fsoNYWYgqYfK7RSED5yoasCfs3HUYr7QowRAKJOnfQ==";
};
};
@ -112,7 +109,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-jee-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
hash = "sha512-9E0Zwv64qRwVdPouhmIYT6SkbTkd3zLnfkHduHy2VXvmqW7xaOfmplvxpr+V1RDpnfDfw4RouU+WQdhFqBqcWg==";
hash = "sha512-55i9YVOa+vKHt72vHIqy9BmKMkg1KaLqMStjTtfaLTH5yP0ei+NTP2XL8IBHOgu0hCEJqYXTq+3I3RQy476etQ==";
};
};
@ -124,7 +121,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-committers-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
hash = "sha512-V7GmvqQVZnTkkhKmuGyMiZlFlRpFbXM7r6w9yS0FxBOHNHIzkX4pJ6sgn+ww1lvwsdPqBFYtbWUiuKo73eTKzg==";
hash = "sha512-zGeynifM0dn1214HEVS7OVtv7xa8asjLzOXh5riJK8c/DWvNrRduHn6o6PGnxYOYVIfC9BzNRAjG1STkWu9j+Q==";
};
};
@ -136,7 +133,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-rcp-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
hash = "sha256-8qQWwUiNemJLTAncZwO14fBfr7kTmmXPSeqBLfV8wTw=";
hash = "sha256-ml76ix0fHuR0KqYWQuTftEBAgq7iaOIyvr8V6WhuzeU=";
};
};

4
pkgs/applications/editors/eclipse/plugins.nix
View File

@ -255,12 +255,12 @@ rec {
cdt = buildEclipseUpdateSite rec {
name = "cdt-${version}";
# find current version at https://www.eclipse.org/cdt/downloads.php
version = "10.7.0";
version = "11.0.0";
src = fetchzip {
stripRoot = false;
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/${lib.versions.majorMinor version}/${name}/${name}.zip";
hash = "sha256-/lQ3TLFQ1IgwYM540gxAFiEGOfHQIQQMf/pqCZ29ztQ=";
hash = "sha256-2rt9crMqNFevIHFIdOGWDq+j0ZJPVt1a9Z7P9HG58Ks=";
};
meta = with lib; {

18
pkgs/applications/editors/sublime/4/common.nix
View File

@ -3,6 +3,7 @@
{ fetchurl, stdenv, lib, xorg, glib, libglvnd, glibcLocales, gtk3, cairo, pango, makeWrapper, wrapGAppsHook
, writeShellScript, common-updater-scripts, curl
, openssl_1_1, bzip2, bash, unzip, zip
, sqlite
}:
let
@ -15,7 +16,19 @@ let
versionUrl = "https://download.sublimetext.com/latest/${if dev then "dev" else "stable"}";
versionFile = builtins.toString ./packages.nix;
libPath = lib.makeLibraryPath [ xorg.libX11 xorg.libXtst glib libglvnd openssl_1_1 gtk3 cairo pango curl ];
neededLibraries = [
xorg.libX11
xorg.libXtst
glib
libglvnd
openssl_1_1
gtk3
cairo
pango
curl
] ++ lib.optionals (lib.versionAtLeast buildVersion "4145") [
sqlite
];
in let
binaryPackage = stdenv.mkDerivation rec {
pname = "${pnameBase}-bin";
@ -52,7 +65,7 @@ in let
for binary in ${ builtins.concatStringsSep " " binaries }; do
patchelf \
--interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath ${libPath}:${stdenv.cc.cc.lib}/lib${lib.optionalString stdenv.is64bit "64"} \
--set-rpath ${lib.makeLibraryPath neededLibraries}:${stdenv.cc.cc.lib}/lib${lib.optionalString stdenv.is64bit "64"} \
$binary
done
@ -67,6 +80,7 @@ in let
# No need to patch these libraries, it works well with our own
rm libcrypto.so.1.1 libssl.so.1.1
${lib.optionalString (lib.versionAtLeast buildVersion "4145") "rm libsqlite3.so"}
mkdir -p $out
cp -r * $out/

6
pkgs/applications/editors/sublime/4/packages.nix
View File

@ -11,9 +11,9 @@ in
} {};
sublime4-dev = common {
buildVersion = "4141";
buildVersion = "4147";
dev = true;
x64sha256 = "eFo9v4hSrp1gV56adVyFB9sOApOXlKNvVBW0wbFYG4g=";
aarch64sha256 = "MmwSptvSH507+X9GT8GC4tzZFzEfT2pKc+/Qu5SbMkM=";
x64sha256 = "9zs+2cp+pid0y/v5tHJN4jp7sM1oGB5EgGzMASL3y4o=";
aarch64sha256 = "KyvHJPqBEfeQQJnuyWZA7vGhWkYFqMaTMx+uy+3cZ30=";
} {};
}

4
pkgs/applications/editors/vscode/extensions/default.nix
View File

@ -2229,8 +2229,8 @@ let
mktplcRef = {
name = "adwaita-theme";
publisher = "piousdeer";
version = "1.0.8";
sha256 = "XyzxiwKQGDUIXp6rnt1BmPzfpd1WrG8HnEqYEOJV6P8=";
version = "1.1.0";
sha256 = "sha256-tKpKLUcc33YrgDS95PJu22ngxhwjqeVMC1Mhhy+IPGE=";
};
meta = with lib; {
description = "Theme for the GNOME desktop";

6
pkgs/applications/misc/dasel/default.nix
View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "dasel";
version = "2.0.2";
version = "2.1.0";
src = fetchFromGitHub {
owner = "TomWright";
repo = "dasel";
rev = "v${version}";
sha256 = "sha256-VdOXmhfgDzMyspoCFQl64obpQph14XZxR0Nas+crelA=";
sha256 = "sha256-7JGafJE9nwZ95bOWUyVw2uWA2LltE9HxolHGYU079to=";
};
vendorSha256 = "sha256-GO5Vg8zsXfjMBzRDC1/s/SYpviKUf59JB14vauKVFcE=";
vendorHash = "sha256-GO5Vg8zsXfjMBzRDC1/s/SYpviKUf59JB14vauKVFcE=";
ldflags = [
"-s" "-w" "-X github.com/tomwright/dasel/internal.Version=${version}"

14
pkgs/applications/misc/process-viewer/default.nix
View File

@ -4,28 +4,24 @@
, pkg-config
, gtk4
, stdenv
, DiskArbitration
, Foundation
, IOKit
, darwin
}:
rustPlatform.buildRustPackage rec {
pname = "process-viewer";
version = "0.5.5";
version = "0.5.6";
src = fetchCrate {
inherit pname version;
sha256 = "sha256-MHVKjbD1/h7G94x6dpyRT/BPWQVUFurW7EvAUJ2xZeU=";
sha256 = "sha256-ELASfcXNhUCE/mhPKBHA78liFMbcT9RB/aoLt4ZRPa0=";
};
cargoSha256 = "sha256-NkJjwB4rBV4hFRwYHILMET8o4x1+95sVsFqNaVN8tMg=";
cargoSha256 = "sha256-K2kyZwKRALh9ImPngijgpoHyLS+c5sDYviN74JxhJLM=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ gtk4 ] ++ lib.optionals stdenv.isDarwin [
DiskArbitration
Foundation
IOKit
darwin.apple_sdk_11_0.frameworks.Foundation
];
postInstall = ''

4
pkgs/applications/misc/thedesk/default.nix
View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
pname = "thedesk";
version = "23.0.3";
version = "23.0.5";
src = fetchurl {
url = "https://github.com/cutls/TheDesk/releases/download/v${version}/${pname}_${version}_amd64.deb";
sha256 = "sha256-X1WNfpsHRkk2UNTExn338r4pWhtC1osrCo6V8g7Pxcc=";
sha256 = "sha256-6pXbHkLdJw0+G9lep/tGkbSGAf8AobkQQgvw6gPYlro=";
};
nativeBuildInputs = [

18
pkgs/applications/networking/browsers/chromium/upstream-info.json
View File

@ -19,22 +19,22 @@
}
},
"beta": {
"version": "109.0.5414.74",
"sha256": "0pcfaj3n3rjk4va9g0ajlsv1719kdhqcnjdd4piinqxb4qy27vgd",
"sha256bin64": "1ihjjf8x5080p9bizhqrrr0rcjf0l1nps9xq9naa2f48y5zfshkd",
"version": "110.0.5481.30",
"sha256": "03r2mpnrw9p188lajf69lpd94rcgj5a9hs2nlf01f0czl6nij0bx",
"sha256bin64": "0bpv4qgbbi8651x5mp8qyqxlxqm5x9csml1yi3789f7d40hs4vj9",
"deps": {
"gn": {
"version": "2022-11-10",
"version": "2022-12-12",
"url": "https://gn.googlesource.com/gn",
"rev": "1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41",
"sha256": "02621c9nqpr4pwcapy31x36l5kbyd0vdgd0wdaxj5p8hrxk67d6b"
"rev": "5e19d2fb166fbd4f6f32147fbb2f497091a54ad8",
"sha256": "1b5fwldfmkkbpp5x63n1dxv0nc965hphc8rm8ah7zg44zscm9z30"
}
}
},
"dev": {
"version": "110.0.5481.24",
"sha256": "1656qjbrrv276xxdlw0iv635sgm89r7nx32780zglm0lag3jx6ai",
"sha256bin64": "0pzd441qghdhibcnh1f2fldsx5ddjjwfrjv1nwi15pf3cabymz5g",
"version": "111.0.5532.2",
"sha256": "0aaxfi4f88s1cfzyhngmsmb84awy85xjy6a8pk3bfamssgxj0981",
"sha256bin64": "1jjmqi27qwbnmcfq043gxws31v47yfkzs7jk7mxzzxbaqj7v3wf6",
"deps": {
"gn": {
"version": "2022-12-12",

2
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -471,6 +471,8 @@ buildStdenv.mkDerivation ({
separateDebugInfo = enableDebugSymbols;
enableParallelBuilding = true;
NIX_LDFLAGS = if (with stdenv; isAarch64 && isLinux) then [ "-lgcc" ] else null;
# tests were disabled in configureFlags
doCheck = false;

4
pkgs/applications/networking/browsers/vivaldi/default.nix
View File

@ -21,11 +21,11 @@ let
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
in stdenv.mkDerivation rec {
pname = "vivaldi";
version = "5.6.2867.36";
version = "5.6.2867.58";
src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_amd64.deb";
sha256 = "sha256-dTXppRn/bl+HYVzqyrKBXb2YAaw0lRJkwAeukalv3a4=d";
sha256 = "sha256-eRHQaKztf66o9FoCNSRyXS5Ht6d51GTilNO5DxItUCw=";
};
unpackPhase = ''

6
pkgs/applications/networking/cluster/calico/default.nix
View File

@ -2,16 +2,16 @@
builtins.mapAttrs (pname: { doCheck ? true, mainProgram ? pname, subPackages }: buildGoModule rec {
inherit pname;
version = "3.24.5";
version = "3.25.0";
src = fetchFromGitHub {
owner = "projectcalico";
repo = "calico";
rev = "v${version}";
hash = "sha256-fB9FHiIqVieVkPfHmBvcaUmUqkT1ZbDT26+DUE9lbdc=";
hash = "sha256-sD79WiGKfwjtoiYlLow4h58skbHpuZyzMQ0VOyBKRnk=";
};
vendorHash = "sha256-ogQ/REf5cngoGAFIBN++txew6UqOw1hqCVsixyuGtug=";
vendorHash = "sha256-p4Ve6qWnYyHUUyKmLfbaZIGGfleLuzz+MZgGRSsBoWM=";
inherit doCheck subPackages;

8
pkgs/applications/networking/cluster/cmctl/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "cmctl";
version = "1.10.1";
version = "1.11.0";
src = fetchFromGitHub {
owner = "cert-manager";
repo = "cert-manager";
rev = "a96bae172ddb1fcd4b57f1859ab9d1a9e94f7451";
sha256 = "0wj2fshkfdrqrjyq3khzpdjiw5x3djjw9x7qq8mdgzyj84cmz11w";
rev = "2a0ef53b06e183356d922cd58af2510d8885bef5";
sha256 = "0cvsmc06gg8w5j2k1zj4i8qpqlvpjfa6d7wn24v0hs1a1qk8c7a8";
};
vendorSha256 = "sha256-WPFteR3t9qQiuBcCLqvp8GterqcD2SxJi59Wb7BvDT4=";
vendorSha256 = "sha256-aLEQoNt/5ikMw+wExSUITey/68Gk4+dsRbSydsiEiEg=";
subPackages = [ "cmd/ctl" ];

14
pkgs/applications/networking/instant-messengers/SkypeExport/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake, boost166 }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, boost }:
stdenv.mkDerivation rec {
pname = "SkypeExport";
@ -11,8 +11,16 @@ stdenv.mkDerivation rec {
sha256 = "1ilkh0s3dz5cp83wwgmscnfmnyck5qcwqg1yxp9zv6s356dxnbak";
};
patches = [
(fetchpatch {
name = "boost167.patch";
url = "https://github.com/Temptin/SkypeExport/commit/ef60f2e4fc9e4a5764c8d083a73b585457bc10b1.patch";
sha256 = "sha256-t+/v7c66OULmQCD/sNt+iDJeQ/6UG0CJ8uQY2PVSFQo=";
})
];
nativeBuildInputs = [ cmake ];
buildInputs = [ boost166 ];
buildInputs = [ boost ];
preConfigure = "cd src/SkypeExport/_gccbuild/linux";
installPhase = "install -Dt $out/bin SkypeExport";
@ -21,7 +29,7 @@ stdenv.mkDerivation rec {
description = "Export Skype history to HTML";
homepage = "https://github.com/Temptin/SkypeExport";
license = licenses.gpl2;
platforms = platforms.linux;
platforms = platforms.unix;
maintainers = with maintainers; [ yana ];
};
}

4
pkgs/applications/networking/instant-messengers/cinny/default.nix
View File

@ -4,11 +4,11 @@ let
configOverrides = writeText "cinny-config-overrides.json" (builtins.toJSON conf);
in stdenv.mkDerivation rec {
pname = "cinny";
version = "2.2.2";
version = "2.2.3";
src = fetchurl {
url = "https://github.com/ajbura/cinny/releases/download/v${version}/cinny-v${version}.tar.gz";
sha256 = "sha256-MNmU6MvDwGbFNQt7qe08klXjy1n2LiABlPkARGvjVJU=";
hash = "sha256-Q6f24LRYCxdgAguUVl7jf7srkd2L1IptiBgHJQq2dHE=";
};
installPhase = ''

4
pkgs/applications/networking/instant-messengers/discord/default.nix
View File

@ -1,7 +1,7 @@
{ branch ? "stable", callPackage, fetchurl, lib, stdenv }:
let
versions = if stdenv.isLinux then {
stable = "0.0.22";
stable = "0.0.24";
ptb = "0.0.38";
canary = "0.0.145";
} else {
@ -14,7 +14,7 @@ let
x86_64-linux = {
stable = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
sha256 = "sha256-F1xzdx4Em6Ref7HTe9EH7whx49iFc0DFpaQKdFquq6c=";
sha256 = "sha256-SG+34ft0mTqtg9rFiI60N6JIONyqF8c8SlnRcn5a4Xc=";
};
ptb = fetchurl {
url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";

7
pkgs/applications/office/paperless-ngx/default.nix
View File

@ -81,12 +81,12 @@ let
in
python.pkgs.pythonPackages.buildPythonApplication rec {
pname = "paperless-ngx";
version = "1.10.2";
version = "1.11.3";
# Fetch the release tarball instead of a git ref because it contains the prebuilt frontend
src = fetchurl {
url = "https://github.com/paperless-ngx/paperless-ngx/releases/download/v${version}/${pname}-v${version}.tar.xz";
hash = "sha256-uOrRHHNqIYsDbzKcA7EsYZjadpLyAB4Ks+PU+BNsTWE=";
hash = "sha256-wGNkdczgV+UDd9ZO+BXMSWotpetE/+c/jJAAH+6SXps=";
};
format = "other";
@ -99,6 +99,7 @@ python.pkgs.pythonPackages.buildPythonApplication rec {
attrs
autobahn
automat
bleach
blessed
celery
certifi
@ -128,6 +129,7 @@ python.pkgs.pythonPackages.buildPythonApplication rec {
httptools
humanfriendly
hyperlink
imagehash
idna
imap-tools
img2pdf
@ -138,6 +140,7 @@ python.pkgs.pythonPackages.buildPythonApplication rec {
langdetect
lxml
msgpack
nltk
numpy
ocrmypdf
pathvalidate

2
pkgs/applications/science/astronomy/stellarium/default.nix
View File

@ -69,6 +69,6 @@ stdenv.mkDerivation rec {
homepage = "https://stellarium.org/";
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ ma27 ];
maintainers = with maintainers; [ ];
};
}

4
pkgs/applications/science/electronics/dsview/default.nix
View File

@ -6,13 +6,13 @@
mkDerivation rec {
pname = "dsview";
version = "1.2.1";
version = "1.2.2";
src = fetchFromGitHub {
owner = "DreamSourceLab";
repo = "DSView";
rev = "v${version}";
sha256 = "sha256-TE2yfzv2h77GLMkmoVGXmzs7J0l/N+n1eYxyrtnrnGU=";
sha256 = "sha256-QaCVu/n9PDbAiJgPDVN6SJMILeUO/KRkKcHYAstm86Q=";
};
patches = [

11
pkgs/applications/science/math/wxmaxima/default.nix
View File

@ -7,17 +7,18 @@
, maxima
, wxGTK
, gnome
, glib
}:
stdenv.mkDerivation rec {
pname = "wxmaxima";
version = "22.05.0";
version = "22.12.0";
src = fetchFromGitHub {
owner = "wxMaxima-developers";
repo = "wxmaxima";
rev = "Version-${version}";
sha256 = "sha256-pcKnEjJmvMXCBpjtOSLyl4I0x3fjh0os9Sdp39I2Re0=";
sha256 = "sha256-RT6y4M6LQD1fXJcjtdSXnDmoJvv160g2asdV4WtTcok=";
};
buildInputs = [
@ -25,6 +26,8 @@ stdenv.mkDerivation rec {
maxima
# So it won't embed svg files into headers.
gnome.adwaita-icon-theme
# So it won't crash under Sway.
glib
];
nativeBuildInputs = [
@ -33,6 +36,10 @@ stdenv.mkDerivation rec {
gettext
];
cmakeFlags = [
"-DwxWidgets_LIBRARIES=${wxGTK}/lib"
];
preConfigure = ''
gappsWrapperArgs+=(--prefix PATH ":" ${maxima}/bin)
'';

13
pkgs/applications/science/misc/megam/default.nix
View File

@ -12,11 +12,16 @@ stdenv.mkDerivation {
patches = [ ./ocaml-includes.patch ./ocaml-3.12.patch ];
buildInputs = [ ocaml ncurses ];
strictDeps = true;
nativeBuildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper ocaml ];
makeFlags = [ "CAML_INCLUDES=${ocaml}/lib/ocaml/caml" ];
buildInputs = [ ncurses ];
makeFlags = [
"CAML_INCLUDES=${ocaml}/lib/ocaml/caml"
"WITHBIGARRAY=bigarray.cma"
];
# see https://bugzilla.redhat.com/show_bug.cgi?id=435559
dontStrip = true;
@ -42,6 +47,6 @@ stdenv.mkDerivation {
license = "non-commercial";
maintainers = [ ];
platforms = lib.platforms.gnu ++ lib.platforms.linux; # arbitrary choice
platforms = lib.platforms.unix;
};
}

7
pkgs/applications/version-management/delta/default.nix
View File

@ -7,6 +7,7 @@
, Foundation
, libiconv
, Security
, git
}:
rustPlatform.buildRustPackage rec {
@ -26,12 +27,18 @@ rustPlatform.buildRustPackage rec {
buildInputs = lib.optionals stdenv.isDarwin [ DiskArbitration Foundation libiconv Security ];
checkInputs = [ git ];
postInstall = ''
installShellCompletion --bash --name delta.bash etc/completion/completion.bash
installShellCompletion --zsh --name _delta etc/completion/completion.zsh
installShellCompletion --fish --name delta.fish etc/completion/completion.fish
'';
checkFlags = lib.optionals stdenv.isDarwin [
"--skip=test_diff_same_non_empty_file"
];
meta = with lib; {
homepage = "https://github.com/dandavison/delta";
description = "A syntax-highlighting pager for git";

4
pkgs/applications/version-management/git-machete/default.nix
View File

@ -12,13 +12,13 @@
buildPythonApplication rec {
pname = "git-machete";
version = "3.14.0";
version = "3.14.2";
src = fetchFromGitHub {
owner = "virtuslab";
repo = pname;
rev = "v${version}";
hash = "sha256-UgWPm4IxzydO1qqhjbodUIAmqIhTIITYARMvw+F9T7E=";
hash = "sha256-uIVt7pneJq7l/kMSa7VqhcQgXhHCrpBGEqE7QZaDyQQ=";
};
nativeBuildInputs = [ installShellFiles ];

6
pkgs/applications/version-management/github-desktop/default.nix
View File

@ -15,15 +15,16 @@
, cups
, mesa
, systemd
, openssl
}:
stdenv.mkDerivation rec {
pname = "github-desktop";
version = "3.0.6";
version = "3.1.1";
src = fetchurl {
url = "https://github.com/shiftkey/desktop/releases/download/release-${version}-linux1/GitHubDesktop-linux-${version}-linux1.deb";
hash = "sha256-UQsMT4/D571xgrU8C4HBoRO+qf08GCGerA4Y5gHcjRc=";
hash = "sha256-R8t0y7b2upMOsWebIBr9+qT2GqQ/ahzWLcFIWwK4JTs=";
};
nativeBuildInputs = [
@ -44,6 +45,7 @@ stdenv.mkDerivation rec {
alsa-lib
cups
mesa
openssl
];
unpackPhase = ''

10
pkgs/applications/version-management/sapling/default.nix
View File

@ -1,6 +1,6 @@
{ lib
, stdenv
, python38Packages
, python3Packages
, fetchFromGitHub
, fetchurl
, sd
@ -90,11 +90,7 @@ let
};
# Builds the main `sl` binary and its Python extensions
#
# FIXME(lf-): when next updating this package, delete the python 3.8 override
# here, since the fix for https://github.com/facebook/sapling/issues/279 that
# required it will be in the next release.
sapling = python38Packages.buildPythonPackage {
sapling = python3Packages.buildPythonPackage {
pname = "sapling-main";
inherit src version;
@ -135,7 +131,7 @@ let
# so that 'sl web' always works
# 4) 'sl web' will still work if 'nodejs' is in $PATH, just not OOTB
preFixup = ''
sitepackages=$out/lib/${python38Packages.python.libPrefix}/site-packages
sitepackages=$out/lib/${python3Packages.python.libPrefix}/site-packages
chmod +w $sitepackages
cp -r ${isl} $sitepackages/edenscm-isl
'' + lib.optionalString (!enableMinimal) ''

2
pkgs/applications/video/aegisub/default.nix
View File

@ -25,6 +25,7 @@
, pcre
, pkg-config
, which
, wrapGAppsHook
, wxGTK
, zlib
@ -75,6 +76,7 @@ stdenv.mkDerivation rec {
pkg-config
which
cmake
wrapGAppsHook
];
buildInputs = [

19
pkgs/applications/video/kodi/unwrapped.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, makeWrapper
{ stdenv, lib, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, makeWrapper
, pkg-config, cmake, yasm, python3Packages
, libxcrypt, libgcrypt, libgpg-error, libunistring
, boost, avahi, lame
@ -107,13 +107,20 @@ in stdenv.mkDerivation {
src = kodi_src;
# This is a backport of
# https://github.com/xbmc/xbmc/commit/a6dedce7ba1f03bdd83b019941d1e369a06f7888
# to Kodi 19.4 Matrix.
# This can be removed once a new release of Kodi comes out and we upgrade
# to it.
patches = [
# This is a backport of
# https://github.com/xbmc/xbmc/commit/a6dedce7ba1f03bdd83b019941d1e369a06f7888
# to Kodi 19.4 Matrix.
# This can be removed once a new major release of Kodi comes out and we upgrade
# to it.
./add-KODI_WEBSERVER_EXTRA_WHITELIST.patch
# A patch to fix build until the next major release of Kodi comes out and we upgrade
# https://github.com/xbmc/xbmc/pull/22291
(fetchpatch {
url = "https://github.com/xbmc/xbmc/commit/5449652abf0bb9dddd0d796de4120e60f19f89a5.patch";
sha256 = "sha256-vqX08dTSPhIur4aVu2BzXEpAxMOjaadwRNI43GSV9Og=";
})
];
buildInputs = [

2
pkgs/applications/window-managers/i3/status-rust.nix
View File

@ -57,7 +57,7 @@ rustPlatform.buildRustPackage rec {
description = "Very resource-friendly and feature-rich replacement for i3status";
homepage = "https://github.com/greshake/i3status-rust";
license = licenses.gpl3Only;
maintainers = with maintainers; [ backuitist globin ma27 ];
maintainers = with maintainers; [ backuitist globin ];
platforms = platforms.linux;
};
}

2
pkgs/applications/window-managers/sway/lock-effects.nix
View File

@ -48,6 +48,6 @@ stdenv.mkDerivation rec {
inherit (src.meta) homepage;
license = licenses.mit;
platforms = platforms.linux;
maintainers = with maintainers; [ gnxlxnxx ma27 ];
maintainers = with maintainers; [ gnxlxnxx ];
};
}

30
pkgs/data/fonts/hannom/default.nix
View File

@ -1,27 +1,28 @@
{ lib, fetchzip }:
{ lib, stdenvNoCC, fetchzip }:
let
stdenvNoCC.mkDerivation rec {
pname = "hannom";
version = "2005";
in fetchzip {
name = "hannom-${version}";
url = "mirror://sourceforge/vietunicode/hannom/hannom%20v${version}/hannomH.zip";
src = fetchzip {
url = "mirror://sourceforge/vietunicode/hannom/hannom%20v${version}/hannomH.zip";
stripRoot = false;
hash = "sha256-Oh8V72tYvVA6Sk0f9UTIkRQYjdUbEB/fmCSaRYfyoP8=";
};
stripRoot = false;
dontBuild = true;
installPhase = ''
runHook preInstall
postFetch = ''
mkdir -p $out/share/fonts/truetype
mv $out/*.ttf -t $out/share/fonts/truetype
shopt -s extglob dotglob
rm -rf $out/!(share)
shopt -u extglob dotglob
'';
mv *.ttf -t $out/share/fonts/truetype
sha256 = "sha256-zOYJxEHl4KM0ncVQDBs9+e3z8DxzF2ef3pRj0OVSuUo=";
runHook postInstall
'';
meta = with lib; {
description = "UNICODE Han Nom Font Set";
homepage = "http://vietunicode.sourceforge.net/fonts/fonts_hannom.html";
longDescription = ''
The true type fonts HAN NOM A and HAN NOM B have been developed by Chan
Nguyen Do Quoc Bao (Germany), To Minh Tam (USA) and Ni sinh Thien Vien Vien
@ -31,6 +32,7 @@ in fetchzip {
code points by the Unicode Standard. Two sets of true type fonts are
available with high and low resolutions.
'';
homepage = "https://vietunicode.sourceforge.net/fonts/fonts_hannom.html";
license = licenses.unfree;
maintainers = with maintainers; [ wegank ];
platforms = platforms.all;

32
pkgs/data/misc/dtv-scan-tables/default.nix
View File

@ -1,32 +0,0 @@
{ lib
, stdenv
, fetchFromGitHub
, v4l-utils
}:
stdenv.mkDerivation rec {
pname = "dtv-scan-tables";
version = "20221027";
src = fetchFromGitHub {
owner = "tvheadend";
repo = "dtv-scan-tables";
rev = "2a3dbfbab129c00d3f131c9c2f06b2be4c06fec6";
hash = "sha256-bJ+naUs3TDFul4PmpnWYld3j1Se+1X6U9jnECe3sno0=";
};
nativeBuildInputs = [
v4l-utils
];
installFlags = [
"DATADIR=$(out)"
];
meta = with lib; {
description = "Digital TV scan tables";
homepage = "https://github.com/tvheadend/dtv-scan-tables";
license = with licenses; [ gpl2Only lgpl21Only ];
maintainers = with maintainers; [ ];
};
}

54
pkgs/data/misc/dtv-scan-tables/linuxtv.nix Normal file
View File

@ -0,0 +1,54 @@
{ lib
, stdenv
, fetchurl
, v4l-utils
}:
let
version_ = "2022-04-30-57ed29822750";
in
stdenv.mkDerivation rec {
pname = "dtv-scan-tables";
version = "${version_}-linuxtv";
src = fetchurl {
url = "https://linuxtv.org/downloads/${pname}/${pname}-${version_}.tar.bz2";
hash = "sha256-amJoqjkkWTePo6E5IvwBWj+mP/gi9LDWTTPXE1Cm7J4=";
};
nativeBuildInputs = [
v4l-utils
];
sourceRoot = "usr/share/dvb";
makeFlags = [
"PREFIX=$(out)"
];
allowedReferences = [ ];
meta = with lib; {
# git repo with current revision is here:
#downloadPage = "https://git.linuxtv.org/dtv-scan-tables.git";
# Weekly releases are supposed to be here
downloadPage = "https://linuxtv.org/downloads/dtv-scan-tables/";
# but sometimes they lag behind several weeks or even months.
description = "Digital TV (DVB) channel/transponder scan tables";
homepage = "https://www.linuxtv.org/wiki/index.php/Dtv-scan-tables";
license = with licenses; [ gpl2Only lgpl21Only ];
longDescription = ''
When scanning for dvb channels,
most applications require an initial set of
transponder coordinates (frequencies etc.).
These coordinates differ, depending of the
receiver's location or on the satellite.
The package delivers a collection of transponder
tables ready to be used by software like "dvbv5-scan".
'';
maintainers = with maintainers; [ yarny ];
};
}

45
pkgs/data/misc/dtv-scan-tables/tvheadend.nix Normal file
View File

@ -0,0 +1,45 @@
{ lib
, stdenv
, fetchFromGitHub
, v4l-utils
}:
stdenv.mkDerivation rec {
pname = "dtv-scan-tables";
version = "20221027-tvheadend";
src = fetchFromGitHub {
owner = "tvheadend";
repo = "dtv-scan-tables";
rev = "2a3dbfbab129c00d3f131c9c2f06b2be4c06fec6";
hash = "sha256-bJ+naUs3TDFul4PmpnWYld3j1Se+1X6U9jnECe3sno0=";
};
nativeBuildInputs = [
v4l-utils
];
makeFlags = [
"PREFIX=$(out)"
];
allowedReferences = [ ];
meta = with lib; {
description = "Digital TV (DVB) channel/transponder scan tables";
homepage = "https://github.com/tvheadend/dtv-scan-tables";
license = with licenses; [ gpl2Only lgpl21Only ];
longDescription = ''
When scanning for dvb channels,
most applications require an initial set of
transponder coordinates (frequencies etc.).
These coordinates differ, depending of the
receiver's location or on the satellite.
The package delivers a collection of transponder
tables ready to be used by software like "dvbv5-scan".
The package at hand is maintained and used by tvheadend,
it is a fork of the original one hosted by linuxtv.org.
'';
maintainers = with maintainers; [ ];
};
}

32
pkgs/desktops/gnome-2/bindings/gnome-python-desktop/default.nix
View File

@ -1,32 +0,0 @@
{ lib, stdenv, fetchurl, gnome_python, librsvg, libwnck2, libgtop, pkg-config, python2, gtk2 }:
let
inherit (python2.pkgs) python pygtk;
in stdenv.mkDerivation rec {
ver_maj = "2.32";
ver_min = "0";
version = "${ver_maj}.${ver_min}";
pname = "gnome-python-desktop";
src = fetchurl {
url = "mirror://gnome/sources/gnome-python-desktop/${ver_maj}/gnome-python-desktop-${version}.tar.bz2";
sha256 = "1s8f9rns9v7qlwjv9qh9lr8crp88dpzfm45hj47zc3ivpy0dbnq9";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ gtk2 librsvg libwnck2 libgtop python ];
propagatedBuildInputs = [ gnome_python pygtk ];
# gnome-python-desktop expects that .pth file is already installed by PyGTK
# in the same directory. This is not the case for Nix.
postInstall = ''
echo "gtk-2.0" > $out/${python2.sitePackages}/${pname}-${version}.pth
'';
meta = with lib; {
homepage = "http://www.pygtk.org";
description = "Python bindings for GNOME desktop packages";
license = licenses.lgpl21;
maintainers = [ maintainers.goibhniu ];
};
}

33
pkgs/desktops/gnome-2/bindings/gnome-python/default.nix
View File

@ -1,33 +0,0 @@
{ lib, stdenv, fetchurl, python2, pkg-config, libgnome, GConf, glib, gtk2, gnome_vfs }:
with lib;
let
inherit (python2.pkgs) python pygobject2 pygtk dbus-python;
in stdenv.mkDerivation rec {
pname = "gnome-python";
version = "2.28.1";
src = fetchurl {
url = "mirror://gnome/sources/gnome-python/${lib.versions.majorMinor version}/gnome-python-${version}.tar.bz2";
sha256 = "759ce9344cbf89cf7f8449d945822a0c9f317a494f56787782a901e4119b96d8";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ python glib gtk2 GConf libgnome gnome_vfs ];
propagatedBuildInputs = [ pygobject2 pygtk dbus-python ];
# gnome-python expects that .pth file is already installed by PyGTK in the
# same directory. This is not the case for Nix.
postInstall = ''
echo "gtk-2.0" > $out/${python2.sitePackages}/gnome-python-${version}.pth
'';
meta = with lib; {
homepage = "http://pygtk.org/";
description = "Python wrapper for GNOME libraries";
platforms = platforms.linux;
license = licenses.lgpl2;
maintainers = with maintainers; [ qknight ];
};
}

10
pkgs/desktops/gnome-2/default.nix
View File

@ -33,10 +33,6 @@ lib.makeScope pkgs.newScope (self: with self; {
gnome_mime_data = callPackage ./platform/gnome-mime-data { };
gnome_python = callPackage ./bindings/gnome-python { };
gnome_python_desktop = callPackage ./bindings/gnome-python-desktop { };
gnome_vfs = callPackage ./platform/gnome-vfs { };
libgnome = callPackage ./platform/libgnome { };
@ -72,7 +68,6 @@ lib.makeScope pkgs.newScope (self: with self; {
gtk = pkgs.gtk2;
gtkmm = pkgs.gtkmm2;
python_rsvg = self.gnome_python_desktop;
gtkdoc = pkgs.gtk-doc;
startup_notification = pkgs.libstartup_notification;
@ -82,5 +77,8 @@ lib.makeScope pkgs.newScope (self: with self; {
gnome_icon_theme = self.gnome-icon-theme;
gnomeicontheme = self.gnome-icon-theme;
gnome_common = gnome-common;
libglademm = throw "libglademm has been removed"; # 2022-01-15
gnome_python = throw "gnome2.gnome_python has been removed"; # 2023-01-14
gnome_python_desktop = throw "gnome2.gnome_python_desktop has been removed"; # 2023-01-14
libglademm = throw "gnome2.libglademm has been removed"; # 2022-01-15
python_rsvg = throw "gnome2.python_rsvg has been removed"; # 2023-01-14
})

10
pkgs/desktops/gnome-2/desktop/mail-notification/patches/mail-notification-dont-link-against-bsd-compat.patch
View File

@ -1,10 +0,0 @@
--- jbsrc/jb.c.orig 2014-01-19 20:06:48.525462981 +0100
+++ jbsrc/jb.c 2014-01-19 20:07:36.087934897 +0100
@@ -425,7 +425,6 @@
*/
jb_compile_options_add_cflags(object->compile_options, "-std=c99");
jb_compile_options_add_cppflags(object->compile_options, "-D_BSD_SOURCE -D_POSIX_C_SOURCE=199309L");
- jb_compile_options_add_libs(object->compile_options, "-lbsd-compat");
}
jb_compile_options_add_string_defines(object->compile_options,

4
pkgs/desktops/gnome/apps/gnome-boxes/default.nix
View File

@ -51,11 +51,11 @@
stdenv.mkDerivation rec {
pname = "gnome-boxes";
version = "43.1";
version = "43.2";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "NB5qXO1RrVAPwd00ZZ1YhsP3YEViS1POZBv/Y8WwimE=";
sha256 = "nD4OlDPBhTqZ7VLt7BMmP0Q/hW28o7IWXC46cLhjKzA=";
};
patches = [

4
pkgs/desktops/gnome/apps/gnome-maps/default.nix
View File

@ -28,11 +28,11 @@
stdenv.mkDerivation rec {
pname = "gnome-maps";
version = "43.2";
version = "43.3";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "sha256-wCIdJQvkXqNulxrmO/3pcaRhRclnscZZ6WxbBypxVR0=";
sha256 = "sha256-iVUelLEnEwXP/yBLRMGDZyZ3gaV9LMt7b3u6Yo4JxRE=";
};
doCheck = true;

4
pkgs/desktops/gnome/apps/gnome-text-editor/default.nix
View File

@ -24,11 +24,11 @@
stdenv.mkDerivation rec {
pname = "gnome-text-editor";
version = "43.1";
version = "43.2";
src = fetchurl {
url = "mirror://gnome/sources/gnome-text-editor/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "sha256-lzpLDeto+fkaVKTdQVtq/em1rj7mhLx2FHH5QpD59ss=";
sha256 = "sha256-MwRcehI/qife5+ubqabybxsXGMWg52M30Hmg1MkA4UY=";
};
nativeBuildInputs = [

4
pkgs/desktops/gnome/core/eog/default.nix
View File

@ -30,13 +30,13 @@
stdenv.mkDerivation rec {
pname = "eog";
version = "43.1";
version = "43.2";
outputs = [ "out" "dev" "devdoc" ];
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "sha256-/tef88oZusYvJxVcm91p7vh1hwuXHm3LCqOMCT0TGXE=";
sha256 = "sha256-nc/c5VhakOK7HPV+N3yx6xLUG9m8ubus31BrwbE1Tvk=";
};
patches = [

4
pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix
View File

@ -30,11 +30,11 @@
stdenv.mkDerivation rec {
pname = "gnome-remote-desktop";
version = "43.2";
version = "43.3";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz";
hash = "sha256-hKn9Zam62M73NIL9otIKzRIvC4Uhsd6GyUE4ibn6l3E=";
hash = "sha256-EdRR0f3kTxgJ6/Ya/0vqX570/cAjWaiWR/bp59RUKaw=";
};
nativeBuildInputs = [

4
pkgs/desktops/gnome/core/gnome-software/default.nix
View File

@ -45,11 +45,11 @@ in
stdenv.mkDerivation rec {
pname = "gnome-software";
version = "43.2";
version = "43.3";
src = fetchurl {
url = "mirror://gnome/sources/gnome-software/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "Iqp/CjF8dw9ouJfp5RKyy+2xgbaV/9sLZY2Zu9ZPNo0=";
sha256 = "k+6AdHl4rSzALlrnPQo9Psgu6hNPx3niqpFpAbu1gJA=";
};
patches = [

Some files were not shown because too many files have changed in this diff Show More