dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'closure-size' into p/default-outputs

Browse Source
This commit is contained in:
Vladimír Čunát 2016-03-14 11:27:15 +01:00
commit d6b46ecb30
2432 changed files with 228678 additions and 117715 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CONTRIBUTING.md → .github/CONTRIBUTING.md vendored
View File

@ -1,7 +1,7 @@
# How to contribute
Note: contributing implies licensing those contributions
under the terms of [COPYING](./COPYING), which is an MIT-like license.
under the terms of [COPYING](../COPYING), which is an MIT-like license.
## Opening issues

17
.github/ISSUE_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,17 @@
## Basic info
To make sure that we are on the same page:
* Kernel: (run `uname -a`)
* System: (NixOS: `nixos-version`, Ubuntu/Fedora: `lsb_release -a`, ...)
* Nix version: (run `nix-env --version`)
* Nixpkgs version: (run `nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion`)
## Describe your issue here
### Expected result
### Actual result
### Steps to reproduce

18
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,18 @@
###### Things done:
- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS)
- [ ] Built on platform(s): NixOS / OSX / Linux
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).
###### More
Fixes issue #<insert id>
cc @<maintainer>
---
_Please note, that points are not mandatory, but rather desired._

4
.gitignore vendored
View File

@ -12,7 +12,5 @@ result-*
.DS_Store
/pkgs/applications/kde-apps-*/tmp/
/pkgs/development/libraries/kde-frameworks-*/tmp/
/pkgs/development/libraries/qt-5/*/tmp/
/pkgs/desktops/plasma-*/tmp/
/pkgs/desktops/kde-5/*/tmp/

3
.mention-bot
View File

@ -1,5 +1,6 @@
{
"userBlacklist": [
"civodul"
"civodul",
"jhasse"
]
}

2
.version
View File

@ -1 +1 @@
16.03
16.09

2
COPYING
View File

@ -1,4 +1,4 @@
Copyright (c) 2003-2015 Eelco Dolstra and the Nixpkgs/NixOS contributors
Copyright (c) 2003-2016 Eelco Dolstra and the Nixpkgs/NixOS contributors
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

2
doc/configuration.xml
View File

@ -89,7 +89,7 @@ packages via <literal>packageOverrides</literal></title>
<para>You can define a function called
<varname>packageOverrides</varname> in your local
<filename>~/.nixpkgs/config</filename> to overide nix packages. It
<filename>~/.nixpkgs/config.nix</filename> to overide nix packages. It
must be a function that takes pkgs as an argument and return modified
set of packages.

10
doc/default.nix
View File

@ -42,6 +42,11 @@ stdenv.mkDerivation {
mkdir ./languages-frameworks
cp -s '${sources-langs}'/* ./languages-frameworks
''
+ toDocbook {
inputFile = ./introduction.md;
outputFile = "introduction.xml";
useChapters = true;
}
+ toDocbook {
inputFile = ./haskell-users-guide.md;
outputFile = "haskell-users-guide.xml";
@ -51,8 +56,11 @@ stdenv.mkDerivation {
inputFile = ./../pkgs/development/idris-modules/README.md;
outputFile = "languages-frameworks/idris.xml";
}
+ toDocbook {
inputFile = ./../pkgs/development/r-modules/README.md;
outputFile = "languages-frameworks/r.xml";
}
+ ''
cat languages-frameworks/idris.xml
echo ${nixpkgsVersion} > .version
xmllint --noout --nonet --xinclude --noxincludenode \

17
doc/erlang-users-guide.xml
View File

@ -3,6 +3,23 @@
xml:id="users-guide-to-the-erlang-infrastructure">
<title>User's Guide to the Erlang Infrastructure</title>
<section xml:id="build-tools">
<title>Build Tools</title>
<para>
By default Rebar3 wants to manage it's own dependencies. In the
normal non-Nix, this is perfectly acceptable. In the Nix world it
is not. To support this we have created two versions of rebar3,
<literal>rebar3</literal> and <literal>rebar3-open</literal>. The
<literal>rebar3</literal> version has been patched to remove the
ability to download anything from it. If you are not running it a
nix-shell or a nix-build then its probably not going to work for
you. <literal>rebar3-open</literal> is the normal, un-modified
rebar3. It should work exactly as would any other version of
rebar3. Any Erlang package should rely on
<literal>rebar3</literal> and thats really what you should be
using too.
</para>
</section>
<section xml:id="how-to-install-erlang-packages">
<title>How to install Erlang packages</title>

5
doc/functions.xml
View File

@ -489,7 +489,6 @@ c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
sha256 = "1bhw5hkz6chrnrih0ymjbmn69hyfriza2lr550xyvpdrnbzr4gk2"; <co xml:id='ex-dockerTools-pullImage-4' />
indexUrl = "https://index.docker.io"; <co xml:id='ex-dockerTools-pullImage-5' />
registryUrl = "https://registry-1.docker.io";
registryVersion = "v1";
}
</programlisting>
@ -534,8 +533,8 @@ c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
<callout arearefs='ex-dockerTools-pullImage-5'>
<para>
In the above example the default values are shown for the variables <varname>indexUrl</varname>,
<varname>registryUrl</varname> and <varname>registryVersion</varname>.
In the above example the default values are shown for the variables
<varname>indexUrl</varname> and <varname>registryVersion</varname>.
Hence by default the Docker.io registry is used to pull the images.
</para>
</callout>

95
doc/haskell-users-guide.md
View File

@ -117,9 +117,10 @@ Also, the attributes `haskell.compiler.ghcXYC` and
### How to install a compiler
A simple development environment consists of a Haskell compiler and the tool
`cabal-install`, and we saw in section [How to install Haskell packages] how
you can install those programs into your user profile:
A simple development environment consists of a Haskell compiler and one or both
of the tools `cabal-install` and `stack`. We saw in section
[How to install Haskell packages] how you can install those programs into your
user profile:
$ nix-env -f "<nixpkgs>" -iA haskellPackages.ghc haskellPackages.cabal-install
@ -148,10 +149,16 @@ version; just enter the Nix shell environment with the command
$ nix-shell -p haskell.compiler.ghc784
to bring GHC 7.8.4 into `$PATH`. Re-running `cabal configure` switches your
build to use that compiler instead. If you're working on a project that doesn't
depend on any additional system libraries outside of GHC, then it's sufficient
even to run the `cabal configure` command inside of the shell:
to bring GHC 7.8.4 into `$PATH`. Alternatively, you can use Stack instead of
`nix-shell` directly to select compiler versions and other build tools
per-project. It uses `nix-shell` under the hood when Nix support is turned on.
See [How to build a Haskell project using Stack].
If you're using `cabal-install`, re-running `cabal configure` inside the spawned
shell switches your build to use that compiler instead. If you're working on
a project that doesn't depend on any additional system libraries outside of GHC,
then it's even sufficient to just run the `cabal configure` command inside of
the shell:
$ nix-shell -p haskell.compiler.ghc784 --command "cabal configure"
@ -234,7 +241,7 @@ library promises to give its users access to GHC's installation paths. Only,
the library can't possible know that path when it's compiled, because the path
GHC considers its own is determined only much later, when the user configures
it through `ghcWithPackages`. So we [patched
ghc-paths](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/ghc-paths-nix.patch)
ghc-paths](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/patches/ghc-paths-nix.patch)
to return the paths found in those environment variables at run-time rather
than trying to guess them at compile-time.
@ -320,6 +327,58 @@ security reasons, which might be quite an inconvenience. See [this
page](http://kb.mozillazine.org/Links_to_local_pages_do_not_work) for
workarounds.
### How to build a Haskell project using Stack
[Stack][http://haskellstack.org] is a popular build tool for Haskell projects.
It has first-class support for Nix. Stack can optionally use Nix to
automatically select the right version of GHC and other build tools to build,
test and execute apps in an existing project downloaded from somewhere on the
Internet. Pass the `--nix` flag to any `stack` command to do so, e.g.
$ git clone --recursive http://github.com/yesodweb/wai
$ cd wai
$ stack --nix build
If you want `stack` to use Nix by default, you can add a `nix` section to the
`stack.yaml` file, as explained in the [Stack documentation][stack-nix-doc]. For
example:
nix:
enable: true
packages: [pkgconfig zeromq zlib]
The example configuration snippet above tells Stack to create an ad hoc
environment for `nix-shell` as in the below section, in which the `pkgconfig`,
`zeromq` and `zlib` packages from Nixpkgs are available. All `stack` commands
will implicitly be executed inside this ad hoc environment.
Some projects have more sophisticated needs. For examples, some ad hoc
environments might need to expose Nixpkgs packages compiled in a certain way, or
with extra environment variables. In these cases, you'll need a `shell` field
instead of `packages`:
nix:
enable: true
shell-file: shell.nix
For more on how to write a `shell.nix` file see the below section. You'll need
to express a derivation. Note that Nixpkgs ships with a convenience wrapper
function around `mkDerivation` called `haskell.lib.buildStackProject` to help you
create this derivation in exactly the way Stack expects. All of the same inputs
as `mkDerivation` can be provided. For example, to build a Stack project that
including packages that link against a version of the R library compiled with
special options turned on:
with (import <nixpkgs> { });
let R = pkgs.R.override { enableStrictBarrier = true; };
in
haskell.lib.buildStackProject {
name = "HaskellR";
buildInputs = [ R zeromq zlib ];
}
[stack-nix-doc]: http://docs.haskellstack.org/en/stable/nix_integration.html
### How to create ad hoc environments for `nix-shell`
@ -605,7 +664,7 @@ can configure the environment variables
in their `~/.bashrc` file to avoid the compiler error.
### Using Stack together with Nix
### Builds using Stack complain about missing system libraries
-- While building package zlib-0.5.4.2 using:
runhaskell -package=Cabal-1.22.4.0 -clear-package-db [... lots of flags ...]
@ -633,13 +692,16 @@ means specific to Stack: you'll have that problem with any other
Haskell package that's built inside of nix-shell but run outside of that
environment.
I suppose we could try to remedy the issue by wrapping `stack` or
`cabal` with a script that tries to find those kind of implicit search
paths and makes them explicit on the "cabal configure" command line. I
don't think anyone is working on that subject yet, though, because the
problem doesn't seem so bad in practice.
You can remedy this issue in several ways. The easiest is to add a `nix` section
to the `stack.yaml` like the following:
You can remedy that issue in several ways. First of all, run
nix:
enable: true
packages: [ zlib ]
Stack's Nix support knows to add `${zlib}/lib` and `${zlib}/include` as an
`--extra-lib-dirs` and `extra-include-dirs`, respectively. Alternatively, you
can achieve the same effect by hand. First of all, run
$ nix-build --no-out-link "<nixpkgs>" -A zlib
/nix/store/alsvwzkiw4b7ip38l4nlfjijdvg3fvzn-zlib-1.2.8
@ -663,7 +725,8 @@ to find out the store path of the system's zlib library. Now, you can
Typically, you'll need --extra-include-dirs as well. It's possible
to add those flag to the project's "stack.yaml" or your user's
global "~/.stack/global/stack.yaml" file so that you don't have to
specify them manually every time.
specify them manually every time. But again, you're likely better off using
Stack's Nix support instead.
The same thing applies to `cabal configure`, of course, if you're
building with `cabal-install` instead of Stack.

48
doc/introduction.md Normal file
View File

@ -0,0 +1,48 @@
---
title: Introduction
author: Frederik Rietdijk
date: 2015-11-25
---
# Introduction
The Nix Packages collection (Nixpkgs) is a set of over 30,000 packages for the
[Nix package manager](http://nixos.org/nix/), released under a [permissive MIT/X11 license](https://github.com/NixOS/nixpkgs/blob/master/COPYING).
Packages are available for several architectures, and can be used with the Nix package manager
on most GNU/Linux distributions as well as NixOS.
This manual describes how to write packages for the Nix Packages collection
(Nixpkgs). Thus its for packagers and developers who want to add packages to
Nixpkgs. If you like to learn more about the Nix package manager and the Nix
expression language, then you are kindly referred to the [Nix manual](http://nixos.org/nix/manual/).
## Overview of Nixpkgs
Nix expressions describe how to build packages from source and are collected in
the [nixpkgs repository](https://github.com/NixOS/nixpkgs). Also included in the
collection are Nix expressions for [NixOS modules](http://nixos.org/nixos/manual/index.html#sec-writing-modules). With
these expressions the Nix package manager can build binary packages.
Packages, including the Nix packages collection, are distributed through
[channels](http://nixos.org/nix/manual/#sec-channels). The collection is
distributed for users of Nix on non-NixOS distributions through the channel
`nixpkgs`. Users of NixOS generally use one of the `nixos-*` channels, e.g.
`nixos-15.09`, which includes all packages and modules for the stable NixOS
15.09. The channels of the stable NixOS releases are generally only given
security updates. More up to date packages and modules are available via the
`nixos-unstable` channel.
Both `nixos-unstable` and `nixpkgs` follow the `master` branch of the Nixpkgs
repository, although both do lag the `master` branch by generally [a couple of days](http://howoldis.herokuapp.com/). Updates to a channel are distributed as
soon as all tests for that channel pass, e.g. [this table](http://hydra.nixos.org/job/nixpkgs/trunk/unstable#tabs-constituents)
shows the status of tests for the `nixpkgs` channel.
The tests are conducted by a cluster called [Hydra](http://nixos.org/hydra/),
which also builds binary packages from the Nix expressions in Nixpkgs. As soon
as a channel is updated, the binaries are made available via a [binary cache](https://cache.nixos.org). Until the channel updates, binaries that have
already been built, are available via [Hydra's binary cache](https://hydra.nixos.org).
The current Nix expressions of the channels are available in the
[`nixpkgs-channels`](https://github.com/NixOS/nixpkgs-channels) repository,
which has branches corresponding to the available channels. There is also the
Nixpkgs Monitor which keeps track of updates and security vulnerabilities.

21
doc/introduction.xml
View File

@ -1,21 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-introduction">
<title>Introduction</title>
<para>This manual tells you how to write packages for the Nix Packages
collection (Nixpkgs). Thus its for packagers and developers who want
to add packages to Nixpkgs. End users are kindly referred to the
<link xlink:href="http://hydra.nixos.org/job/nix/trunk/tarball/latest/download-by-type/doc/manual">Nix
manual</link>.</para>
<para>This manual does not describe the syntax and semantics of the
Nix expression language, which are given in the Nix manual in the
<link
xlink:href="http://hydra.nixos.org/job/nix/trunk/tarball/latest/download-by-type/doc/manual/#chap-writing-nix-expressions">chapter
on writing Nix expressions</link>. It only describes the facilities
provided by Nixpkgs to make writing packages easier, such as the
standard build environment (<literal>stdenv</literal>).</para>
</chapter>

1
doc/languages-frameworks/index.xml
View File

@ -21,6 +21,7 @@ such as Perl or Haskell. These are described in this chapter.</para>
<xi:include href="lua.xml" />
<xi:include href="coq.xml" />
<xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md -->
<xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md -->
<xi:include href="qt.xml" />

32
doc/languages-frameworks/ruby.xml
View File

@ -42,5 +42,37 @@ and scalable.";
<para>Please check in the <filename>Gemfile</filename>, <filename>Gemfile.lock</filename> and the <filename>gemset.nix</filename> so future updates can be run easily.
</para>
<para>Resulting derivations also have two helpful items, <literal>env</literal> and <literal>wrapper</literal>. The first one allows one to quickly drop into
<command>nix-shell</command> with the specified environment present. E.g. <command>nix-shell -A sensu.env</command> would give you an environment with Ruby preset
so it has all the libraries necessary for <literal>sensu</literal> in its paths. The second one can be used to make derivations from custom Ruby scripts which have
<filename>Gemfile</filename>s with their dependencies specified. It is a derivation with <command>ruby</command> wrapped so it can find all the needed dependencies.
For example, to make a derivation <literal>my-script</literal> for a <filename>my-script.rb</filename> (which should be placed in <filename>bin</filename>) you should
run <command>bundix</command> as specified above and then use <literal>bundlerEnv</literal> lile this:</para>
<programlisting>
<![CDATA[let env = bundlerEnv {
name = "my-script-env";
inherit ruby;
gemfile = ./Gemfile;
lockfile = ./Gemfile.lock;
gemset = ./gemset.nix;
};
in stdenv.mkDerivation {
name = "my-script";
buildInputs = [ env.wrapper ];
script = ./my-script.rb;
buildCommand = ''
mkdir -p $out/bin
install -D -m755 $script $out/bin/my-script
patchShebangs $out/bin/my-script
'';
}]]>
</programlisting>
</section>

33
doc/meta.xml
View File

@ -258,45 +258,54 @@ a value from <varname>stdenv.lib.licenses</varname> defined in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>,
or in-place license description of the same format if the license is
unlikely to be useful in another expression.
unlikely to be useful in another expression.</para>
<para>Although it's typically better to indicate the specific license,
a few generic options are available:
A few generic options are available, although it's typically better
to indicate the specific license:
<variablelist>
<varlistentry>
<term><varname>free</varname></term>
<term><varname>stdenv.lib.licenses.free</varname>,
<varname>"free"</varname></term>
<listitem><para>Catch-all for free software licenses not listed
above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree-redistributable</varname></term>
<term><varname>stdenv.lib.licenses.unfreeRedistributable</varname>,
<varname>"unfree-redistributable"</varname></term>
<listitem><para>Unfree package that can be redistributed in binary
form. That is, its legal to redistribute the
form. That is, its legal to redistribute the
<emphasis>output</emphasis> of the derivation. This means that
the package can be included in the Nixpkgs
channel.</para>
<para>Sometimes proprietary software can only be redistributed
unmodified. Make sure the builder doesnt actually modify the
unmodified. Make sure the builder doesnt actually modify the
original binaries; otherwise were breaking the license. For
instance, the NVIDIA X11 drivers can be redistributed unmodified,
but our builder applies <command>patchelf</command> to make them
work. Thus, its license is <varname>unfree</varname> and it
work. Thus, its license is <varname>"unfree"</varname> and it
cannot be included in the Nixpkgs channel.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree</varname></term>
<listitem><para>Unfree package that cannot be redistributed. You
<term><varname>stdenv.lib.licenses.unfree</varname>,
<varname>"unfree"</varname></term>
<listitem><para>Unfree package that cannot be redistributed. You
can build it yourself, but you cannot redistribute the output of
the derivation. Thus it cannot be included in the Nixpkgs
the derivation. Thus it cannot be included in the Nixpkgs
channel.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree-redistributable-firmware</varname></term>
<term><varname>stdenv.lib.licenses.unfreeRedistributableFirmware</varname>,
<varname>"unfree-redistributable-firmware"</varname></term>
<listitem><para>This package supplies unfree, redistributable
firmware. This is a separate value from
<varname>unfree-redistributable</varname> because not everybody

65
doc/stdenv.xml
View File

@ -224,6 +224,63 @@ genericBuild
</variablelist>
<variablelist>
<title>Variables affecting build properties</title>
<varlistentry>
<term><varname>enableParallelBuilding</varname></term>
<listitem><para>If set, <literal>stdenv</literal> will pass specific
flags to <literal>make</literal> and other build tools to enable
parallel building with up to <literal>build-cores</literal>
workers.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>preferLocalBuild</varname></term>
<listitem><para>If set, specifies that the package is so lightweight
in terms of build operations (e.g. write a text file from a Nix string
to the store) that there's no need to look for it in binary caches --
it's faster to just build it locally. It also tells Hydra and other
facilities that this package doesn't need to be exported in binary
caches (noone would use it, after all).</para></listitem>
</varlistentry>
</variablelist>
<variablelist>
<title>Special variables</title>
<varlistentry>
<term><varname>passthru</varname></term>
<listitem><para>This is an attribute set which can be filled with arbitrary
values. For example:
<programlisting>
passthru = {
foo = "bar";
baz = {
value1 = 4;
value2 = 5;
};
}
</programlisting>
</para>
<para>Values inside it are not passed to the builder, so you can change
them without triggering a rebuild. However, they can be accessed outside of a
derivation directly, as if they were set inside a derivation itself, e.g.
<literal>hello.baz.value1</literal>. We don't specify any usage or
schema of <literal>passthru</literal> - it is meant for values that would be
useful outside the derivation in other parts of a Nix expression (e.g. in other
derivations). An example would be to convey some specific dependency of your
derivation which contains a program with plugins support. Later, others who
make derivations with plugins can use passed-through dependency to ensure that
their plugin would be binary-compatible with built program.</para></listitem>
</varlistentry>
</variablelist>
</section>
@ -1186,6 +1243,14 @@ echo @foo@
environment variable.</para></listitem>
</varlistentry>
<varlistentry>
<term>Autoconf</term>
<listitem><para>The <varname>autoreconfHook</varname> derivation adds
<varname>autoreconfPhase</varname>, which runs autoreconf, libtoolize and
automake, essentially preparing the configure script in autotools-based
builds.</para></listitem>
</varlistentry>
<varlistentry>
<term>libxml2</term>
<listitem><para>Adds every file named

5
lib/licenses.nix
View File

@ -155,6 +155,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Common Public License 1.0";
};
doc = spdx {
spdxId = "DOC";
fullName = "DOC License";
};
efl10 = spdx {
spdxId = "EFL-1.0";
fullName = "Eiffel Forum License v1.0";

74
lib/maintainers.nix
View File

@ -1,18 +1,21 @@
/* -*- coding: utf-8; -*- */
/* List of NixOS maintainers. The format is:
handle = "Real Name <address@example.org>";
where <handle> is preferred to be your GitHub username (so it's easy
to ping a package @<handle>), and <Real Name> is your real name, not
a pseudonym. Please keep the list alphabetically sorted. */
{
/* Add your name and email address here.
Keep the list alphabetically sorted.
Prefer the same attrname as your github username, please,
so it's easy to ping a package @maintainer.
*/
a1russell = "Adam Russell <adamlr6+pub@gmail.com>";
aaronschif = "Aaron Schif <aaronschif@gmail.com>";
abaldeau = "Andreas Baldeau <andreas@baldeau.net>";
abbradar = "Nikolay Amiantov <ab@fmap.me>";
adev = "Adrien Devresse <adev@adev.name>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
aboseley = "Adam Boseley <adam.boseley@gmail.com>";
adev = "Adrien Devresse <adev@adev.name>";
aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";
aflatter = "Alexander Flatter <flatter@fastmail.fm>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";
aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
akaWolf = "Artjom Vejsel <akawolf0@gmail.com>";
@ -26,10 +29,12 @@
anderspapitto = "Anders Papitto <anderspapitto@gmail.com>";
andres = "Andres Loeh <ksnixos@andres-loeh.de>";
andrewrk = "Andrew Kelley <superjoe30@gmail.com>";
aneeshusa = "Aneesh Agrawal <aneeshusa@gmail.com>";
antono = "Antono Vasiljev <self@antono.info>";
ardumont = "Antoine R. Dumont <eniotna.t@gmail.com>";
aristid = "Aristid Breitkreuz <aristidb@gmail.com>";
arobyn = "Alexei Robyn <shados@shados.net>";
artuuge = "Artur E. Ruuge <artuuge@gmail.com>";
asppsa = "Alastair Pharo <asppsa@gmail.com>";
astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
aszlig = "aszlig <aszlig@redmoonstudios.org>";
@ -43,8 +48,8 @@
bcarrell = "Brandon Carrell <brandoncarrell@gmail.com>";
bcdarwin = "Ben Darwin <bcdarwin@gmail.com>";
bdimcheff = "Brandon Dimcheff <brandon@dimcheff.com>";
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
benley = "Benjamin Staffin <benley@gmail.com>";
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
berdario = "Dario Bertini <berdario@gmail.com>";
bergey = "Daniel Bergey <bergey@teallabs.org>";
bjg = "Brian Gough <bjg@gnu.org>";
@ -56,6 +61,7 @@
bosu = "Boris Sukholitko <boriss@gmail.com>";
bramd = "Bram Duvigneau <bram@bramd.nl>";
bstrik = "Berno Strik <dutchman55@gmx.com>";
bzizou = "Bruno Bzeznik <Bruno@bzizou.net>";
c0dehero = "CodeHero <codehero@nerdpol.ch>";
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
campadrenalin = "Philip Horger <campadrenalin@gmail.com>";
@ -64,20 +70,24 @@
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
chattered = "Phil Scott <me@philscotted.com>";
christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
codsl = "codsl <codsl@riseup.net>";
codyopel = "Cody Opel <codyopel@gmail.com>";
colemickens = "Cole Mickens <cole.mickens@gmail.com>";
copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
couchemar = "Andrey Pavlov <couchemar@yandex.ru>";
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
cwoac = "Oliver Matthews <oliver@codersoffortune.net>";
DamienCassou = "Damien Cassou <damien@cassou.me>";
dasuxullebt = "Christoph-Simon Senjak <christoph.senjak@googlemail.com>";
davidak = "David Kleuker <post@davidak.de>";
davidrusu = "David Rusu <davidrusu.me@gmail.com>";
dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
deepfire = "Kosyrev Serge <_deepfire@feelingofgreen.ru>";
demin-dmitriy = "Dmitriy Demin <demindf@gmail.com>";
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
desiderius = "Didier J. Devroye <didier@devroye.name>";
devhell = "devhell <\"^\"@regexmail.net>";
dezgeg = "Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>";
@ -91,10 +101,12 @@
eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
ehegnes = "Eric Hegnes <eric.hegnes@gmail.com>";
ehmry = "Emery Hemingway <emery@vfemail.net>";
eikek = "Eike Kettner <eike.kettner@posteo.de>";
elasticdog = "Aaron Bull Schaefer <aaron@elasticdog.com>";
elitak = "Eric Litak <elitak@gmail.com>";
ellis = "Ellis Whitehead <nixos@ellisw.net>";
ehmry = "Emery Hemingway <emery@vfemail.net>";
epitrochoid = "Mabry Cervin <mpcervin@uncg.edu>";
ericbmerritt = "Eric Merritt <eric@afiniate.com>";
ericsagnes = "Eric Sagnes <eric.sagnes@gmail.com>";
@ -102,6 +114,7 @@
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
exi = "Reno Reckling <nixos@reckling.org>";
exlevan = "Alexey Levan <exlevan@gmail.com>";
fadenb = "Tristan Helmich <tristan.helmich+nixos@gmail.com>";
falsifian = "James Cook <james.cook@utoronto.ca>";
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
@ -114,6 +127,7 @@
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
fxfactorial = "Edgar Aroutiounian <edgar.factorial@gmail.com>";
gal_bolle = "Florent Becker <florent.becker@ens-lyon.org>";
garbas = "Rok Garbas <rok@garbas.si>";
garrison = "Jim Garrison <jim@garrison.cc>";
@ -122,8 +136,9 @@
gfxmonk = "Tim Cuthbertson <tim@gfxmonk.net>";
giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
gleber = "Gleb Peregud <gleber.p@gmail.com>";
globin = "Robin Gloster <robin@glob.in>";
globin = "Robin Gloster <mail@glob.in>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
Gonzih = "Max Gonzih <gonzih@gmail.com>";
gridaphobe = "Eric Seidel <eric@seidel.io>";
guibert = "David Guibert <david.guibert@gmail.com>";
havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
@ -135,6 +150,7 @@
iand675 = "Ian Duncan <ian@iankduncan.com>";
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
iElectric = "Domen Kozar <domen@dev.si>";
igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
@ -152,11 +168,13 @@
joelmo = "Joel Moberg <joel.moberg@gmail.com>";
joelteon = "Joel Taylor <me@joelt.io>";
jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
jraygauthier = "Raymond Gauthier <jraygauthier@gmail.com>";
jwiegley = "John Wiegley <johnw@newartisans.com>";
jwilberding = "Jordan Wilberding <jwilberding@afiniate.com>";
jzellner = "Jeff Zellner <jeffz@eml.cc>";
kamilchm = "Kamil Chmielewski <kamil.chm@gmail.com>";
kampfschlaefer = "Arnold Krille <arnold@arnoldarts.de>";
kevincox = "Kevin Cox <kevincox@kevincox.ca>";
khumba = "Bryan Gardiner <bog@khumba.net>";
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
koral = "Koral <koral@mailoo.org>";
@ -166,6 +184,7 @@
lassulus = "Lassulus <lassulus@gmail.com>";
layus = "Guillaume Maudoux <layus.on@gmail.com>";
lebastr = "Alexander Lebedev <lebastr@gmail.com>";
leenaars = "Michiel Leenaars <ml.software@leenaa.rs>";
leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
lewo = "Antoine Eiche <lewo@abesis.fr>";
@ -178,8 +197,9 @@
lowfatcomputing = "Andreas Wagner <andreas.wagner@lowfatcomputing.org>";
lsix = "Lancelot SIX <lsix@lancelotsix.com>";
ludo = "Ludovic Courtès <ludo@gnu.org>";
lukego = "Luke Gorrie <luke@snabb.co>";
luispedro = "Luis Pedro Coelho <luis@luispedro.org>";
lukasepple = "Lukas Epple <post@lukasepple.de>";
lukego = "Luke Gorrie <luke@snabb.co>";
lw = "Sergey Sofeychuk <lw@fmap.me>";
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
magnetophon = "Bart Brouns <bart@magnetophon.nl>";
@ -189,24 +209,26 @@
manveru = "Michael Fellinger <m.fellinger@gmail.com>";
marcweber = "Marc Weber <marco-oweber@gmx.de>";
markWot = "Markus Wotringer <markus@wotringer.de>";
maurer = "Matthew Maurer <matthew.r.maurer+nix@gmail.com>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
mathnerd314 = "Mathnerd314 <mathnerd314.gph+hs@gmail.com>";
matthiasbeyer = "Matthias Beyer <mail@beyermatthias.de>";
maurer = "Matthew Maurer <matthew.r.maurer+nix@gmail.com>";
mbakke = "Marius Bakke <ymse@tuta.io>";
mbe = "Brandon Edens <brandonedens@gmail.com>";
mboes = "Mathieu Boespflug <mboes@tweag.net>";
mcmtroffaes = "Matthias C. M. Troffaes <matthias.troffaes@gmail.com>";
meditans = "Carlo Nucera <meditans@gmail.com>";
meisternu = "Matt Miemiec <meister@krutt.org>";
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
michaelpj = "Michael Peyton Jones <michaelpj@gmail.com>";
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
mingchuan = "Ming Chuan <ming@culpring.com>";
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mog = "Matthew O'Gorman <mog-lists@rldn.net>";
mornfall = "Petr Ročkai <me@mornfall.net>";
MP2E = "Cray Elliott <MP2E@archlinux.us>";
msackman = "Matthew Sackman <matthew@wellquite.org>";
mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
msteen = "Matthijs Steen <emailmatthijs@gmail.com>";
mtreskin = "Max Treskin <zerthurd@gmail.com>";
mudri = "James Wood <lamudri@gmail.com>";
@ -214,6 +236,7 @@
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
nequissimus = "Tim Steinbach <tim@nequissimus.com>";
nfjinjing = "Jinjing Wang <nfjinjing@gmail.com>";
nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
@ -232,8 +255,9 @@
palo = "Ingolf Wanger <palipalo9@googlemail.com>";
pashev = "Igor Pashev <pashev.igor@gmail.com>";
pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
phile314 = "Philipp Hausmann <nix@314.ch>";
philandstuff = "Philip Potter <philip.g.potter@gmail.com>";
phile314 = "Philipp Hausmann <nix@314.ch>";
Phlogistique = "Noé Rubinstein <noe.rubinstein@gmail.com>";
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
phunehehe = "Hoang Xuan Phu <phunehehe@gmail.com>";
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
@ -242,7 +266,6 @@
pjones = "Peter Jones <pjones@devalot.com>";
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
Phlogistique = "Noé Rubinstein <noe.rubinstein@gmail.com>";
pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
@ -270,6 +293,7 @@
rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
rvl = "Rodney Lorrimar <dev+nix@rodney.id.au>";
rvlander = "Gaëtan André <rvlander@gaetanandre.eu>";
ryantm = "Ryan Mulligan <ryan@ryantm.com>";
rycee = "Robert Helgesson <robert@rycee.net>";
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
@ -285,9 +309,12 @@
sjmackenzie = "Stewart Mackenzie <setori88@gmail.com>";
sjourdois = "Stéphane kwisatz Jourdois <sjourdois@gmail.com>";
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
skrzyp = "Jakub Skrzypnik <jot.skrzyp@gmail.com>";
sleexyz = "Sean Lee <freshdried@gmail.com>";
smironov = "Sergey Mironov <ierton@gmail.com>";
spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
spencerjanssen = "Spencer Janssen <spencerjanssen@gmail.com>";
spinus = "Tomasz Czyż <tomasz.czyz@gmail.com>";
sprock = "Roger Mason <rmason@mun.ca>";
spwhitt = "Spencer Whitt <sw@swhitt.me>";
stephenmw = "Stephen Weinberg <stephen@q5comm.com>";
@ -297,6 +324,7 @@
taeer = "Taeer Bar-Yam <taeer@necsi.edu>";
tailhook = "Paul Colomiets <paul@colomiets.name>";
taktoa = "Remy Goldschmidt <taktoa@gmail.com>";
tavyc = "Octavian Cerna <octavian.cerna@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";
thall = "Niclas Thall <niclas.thall@gmail.com>";
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
@ -309,12 +337,14 @@
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
travisbhartwell = "Travis B. Hartwell <nafai@travishartwell.net>";
trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";
tstrobel = "Thomas Strobel <ts468@cam.ac.uk>";
tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>";
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
tv = "Tomislav Viljetić <tv@shackspace.de>";
tvestelind = "Tomas Vestelind <tomas.vestelind@fripost.org>";
twey = "James Twey Kay <twey@twey.co.uk>";
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
vandenoever = "Jos van den Oever <jos@vandenoever.info>";
vanzef = "Ivan Solyankin <vanzef@gmail.com>";
vbgl = "Vincent Laporte <Vincent.Laporte@gmail.com>";
vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
vcunat = "Vladimír Čunát <vcunat@gmail.com>";
@ -328,9 +358,9 @@
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
wjlroe = "William Roe <willroe@gmail.com>";
womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
wkennington = "William A. Kennington III <william@wkennington.com>";
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
wscott = "Wayne Scott <wsc9tt@gmail.com>";
wyvie = "Elijah Rum <elijahrum@gmail.com>";
yarr = "Dmitry V. <savraz@gmail.com>";
@ -338,6 +368,6 @@
zagy = "Christian Zagrodnick <cz@flyingcircus.io>";
zef = "Zef Hemel <zef@zef.me>";
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
zohl = "Al Zohali <zohl@fmap.me>";
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
Gonzih = "Max Gonzih <gonzih@gmail.com>";
}

29
lib/platforms.nix
View File

@ -1,21 +1,24 @@
let lists = import ./lists.nix; in
rec {
gnu = linux; /* ++ hurd ++ kfreebsd ++ ... */
linux = ["i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "mips64el-linux"];
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd ++ netbsd ++ illumos;
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
none = [];
arm = ["armv5tel-linux" "armv6l-linux" "armv7l-linux" ];
i686 = ["i686-linux" "i686-freebsd" "i686-netbsd" "i686-cygwin"];
mips = [ "mips64el-linux" ];
x86_64 = ["x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin"];
cygwin = ["i686-cygwin" "x86_64-cygwin"];
darwin = ["x86_64-darwin"];
freebsd = ["i686-freebsd" "x86_64-freebsd"];
openbsd = ["i686-openbsd" "x86_64-openbsd"];
netbsd = ["i686-netbsd" "x86_64-netbsd"];
cygwin = ["i686-cygwin" "x86_64-cygwin"];
gnu = linux; /* ++ hurd ++ kfreebsd ++ ... */
illumos = ["x86_64-solaris"];
linux = ["i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "mips64el-linux"];
netbsd = ["i686-netbsd" "x86_64-netbsd"];
openbsd = ["i686-openbsd" "x86_64-openbsd"];
unix = linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos;
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd ++ netbsd ++ illumos;
none = [];
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
x86_64 = ["x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin"];
i686 = ["i686-linux" "i686-freebsd" "i686-netbsd" "i686-cygwin"];
arm = ["armv5tel-linux" "armv6l-linux" "armv7l-linux" ];
mips = [ "mips64el-linux" ];
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux"];
}

6
lib/systems.nix
View File

@ -84,10 +84,10 @@ rec {
};
isDarwin = matchAttrs { kernel = kernels.darwin; };
isLinux = matchAttrs { kernel = kernels.linux; };
isi686 = matchAttrs { cpu = cpuTypes.i686; };
is64Bit = matchAttrs { cpu = { bits = 64; }; };
isDarwin = matchAttrs { kernel = kernels.darwin; };
isi686 = matchAttrs { cpu = cpuTypes.i686; };
isLinux = matchAttrs { kernel = kernels.linux; };
# This should revert the job done by config.guess from the gcc compiler.

10
lib/tests/release.nix
View File

@ -11,14 +11,14 @@ stdenv.mkDerivation {
buildCommand = ''
datadir="${nix}/share"
export TEST_ROOT=$(pwd)/test-tmp
export NIX_STORE_DIR=$TEST_ROOT/store
export NIX_BUILD_HOOK=
export NIX_CONF_DIR=$TEST_ROOT/etc
export NIX_DB_DIR=$TEST_ROOT/db
export NIX_LOCALSTATE_DIR=$TEST_ROOT/var
export NIX_LOG_DIR=$TEST_ROOT/var/log/nix
export NIX_STATE_DIR=$TEST_ROOT/var/nix
export NIX_DB_DIR=$TEST_ROOT/db
export NIX_CONF_DIR=$TEST_ROOT/etc
export NIX_MANIFESTS_DIR=$TEST_ROOT/var/nix/manifests
export NIX_BUILD_HOOK=
export NIX_STATE_DIR=$TEST_ROOT/var/nix
export NIX_STORE_DIR=$TEST_ROOT/store
export PAGER=cat
cacheDir=$TEST_ROOT/binary-cache
nix-store --init

21
lib/trivial.nix
View File

@ -75,4 +75,25 @@ rec {
min = x: y: if x < y then x else y;
max = x: y: if x > y then x else y;
/* Reads a JSON file. It is useful to import pure data into other nix
expressions.
Example:
mkDerivation {
src = fetchgit (importJSON ./repo.json)
#...
}
where repo.json contains:
{
"url": "git://some-domain/some/repo",
"rev": "265de7283488964f44f0257a8b4a055ad8af984d",
"sha256": "0sb3h3067pzf3a7mlxn1hikpcjrsvycjcnj9hl9b1c3ykcgvps7h"
}
*/
importJSON = path:
builtins.fromJSON (builtins.readFile path);
}

2
lib/types.nix
View File

@ -93,7 +93,7 @@ rec {
# derivation is a reserved keyword.
package = mkOptionType {
name = "derivation";
name = "package";
check = x: isDerivation x || isStorePath x;
merge = loc: defs:
let res = mergeOneOption loc defs;

3
maintainers/scripts/find-tarballs.nix
View File

@ -18,7 +18,8 @@ let
fetchurlDependencies =
filter
(drv: drv.outputHash or "" != "" && drv.outputHashMode == "flat" && drv.postFetch or "" == "" && drv ? urls)
(drv: drv.outputHash or "" != "" && drv.outputHashMode or "flat" == "flat"
&& drv.postFetch or "" == "" && drv ? urls)
dependencies;
dependencies = map (x: x.value) (genericClosure {

1122
maintainers/scripts/gnu/gnupdate
View File

File diff suppressed because it is too large Load Diff

2
maintainers/scripts/nix-call-package
View File

@ -1,5 +1,5 @@
#! /bin/sh
echo "let pkgs = import /etc/nixos/nixpkgs$2 {}; x = pkgs.callPackage $1 { $3 }; in ${4:-x}" |
echo "let pkgs = import <nixpkgs$2> {}; x = pkgs.callPackage $1 { $3 }; in ${4:-x}" |
nix-instantiate --show-trace - |
xargs nix-store -r -K

12
maintainers/scripts/nix-generate-from-cpan.nix
View File

@ -1,22 +1,24 @@
{ stdenv, makeWrapper, perl, perlPackages }:
stdenv.mkDerivation {
name = "nix-generate-from-cpan-1";
name = "nix-generate-from-cpan-2";
buildInputs = [ makeWrapper perl perlPackages.YAMLLibYAML perlPackages.JSON perlPackages.CPANPLUS ];
buildInputs = with perlPackages; [
makeWrapper perl CPANMeta GetoptLongDescriptive CPANPLUS Readonly Log4Perl
];
unpackPhase = "true";
buildPhase = "true";
phases = [ "installPhase" ];
installPhase =
''
mkdir -p $out/bin
cp ${./nix-generate-from-cpan.pl} $out/bin/nix-generate-from-cpan
patchShebangs $out/bin/nix-generate-from-cpan
wrapProgram $out/bin/nix-generate-from-cpan --set PERL5LIB $PERL5LIB
'';
meta = {
maintainers = [ stdenv.lib.maintainers.eelco ];
maintainers = with stdenv.lib.maintainers; [ eelco rycee ];
description = "Utility to generate a Nix expression for a Perl package from CPAN";
};
}

479
maintainers/scripts/nix-generate-from-cpan.pl
View File

@ -1,154 +1,440 @@
#! /run/current-system/sw/bin/perl -w
#!/usr/bin/env perl
use utf8;
use strict;
use CPANPLUS::Backend;
use YAML::XS;
use JSON;
use warnings;
my $module_name = $ARGV[0];
die "syntax: $0 <MODULE-NAME>\n" unless defined $module_name;
use CPAN::Meta();
use CPANPLUS::Backend();
use Getopt::Long::Descriptive qw( describe_options );
use JSON::PP qw( encode_json );
use Log::Log4perl qw(:easy);
use Readonly();
my $cb = CPANPLUS::Backend->new;
# Readonly hash that maps CPAN style license strings to information
# necessary to generate a Nixpkgs style license attribute.
Readonly::Hash my %LICENSE_MAP => (
my @modules = $cb->search(type => "name", allow => [$module_name]);
die "module $module_name not found\n" if scalar @modules == 0;
die "multiple packages that match module $module_name\n" if scalar @modules > 1;
my $module = $modules[0];
# The Perl 5 License (Artistic 1 & GPL 1 or later).
perl_5 => {
licenses => [qw( artistic1 gpl1Plus )]
},
# GNU Affero General Public License, Version 3.
agpl_3 => {
licenses => [qw( agpl3Plus )],
amb => 1
},
# Apache Software License, Version 1.1.
apache_1_1 => {
licenses => ["Apache License 1.1"],
in_set => 0
},
# Apache License, Version 2.0.
apache_2_0 => {
licenses => [qw( asl20 )]
},
# Artistic License, (Version 1).
artistic_1 => {
licenses => [qw( artistic1 )]
},
# Artistic License, Version 2.0.
artistic_2 => {
licenses => [qw( artistic2 )]
},
# BSD License (three-clause).
bsd => {
licenses => [qw( bsd3 )],
amb => 1
},
# FreeBSD License (two-clause).
freebsd => {
licenses => [qw( bsd2 )]
},
# GNU Free Documentation License, Version 1.2.
gfdl_1_2 => {
licenses => [qw( fdl12 )]
},
# GNU Free Documentation License, Version 1.3.
gfdl_1_3 => {
licenses => [qw( fdl13 )]
},
# GNU General Public License, Version 1.
gpl_1 => {
licenses => [qw( gpl1Plus )],
amb => 1
},
# GNU General Public License, Version 2. Note, we will interpret
# "gpl" alone as GPL v2+.
gpl_2 => {
licenses => [qw( gpl2Plus )],
amb => 1
},
# GNU General Public License, Version 3.
gpl_3 => {
licenses => [qw( gpl3Plus )],
amb => 1
},
# GNU Lesser General Public License, Version 2.1. Note, we will
# interpret "gpl" alone as LGPL v2.1+.
lgpl_2_1 => {
licenses => [qw( lgpl21Plus )],
amb => 1
},
# GNU Lesser General Public License, Version 3.0.
lgpl_3_0 => {
licenses => [qw( lgpl3Plus )],
amb => 1
},
# MIT (aka X11) License.
mit => {
licenses => [qw( mit )]
},
# Mozilla Public License, Version 1.0.
mozilla_1_0 => {
licenses => [qw( mpl10 )]
},
# Mozilla Public License, Version 1.1.
mozilla_1_1 => {
licenses => [qw( mpl11 )]
},
# OpenSSL License.
openssl => {
licenses => [qw( openssl )]
},
# Q Public License, Version 1.0.
qpl_1_0 => {
licenses => [qw( qpl )]
},
# Original SSLeay License.
ssleay => {
licenses => ["Original SSLeay License"],
in_set => 0
},
# Sun Internet Standards Source License (SISSL).
sun => {
licenses => ["Sun Industry Standards Source License v1.1"],
in_set => 0
},
# zlib License.
zlib => {
licenses => [qw( zlib )]
},
# Other Open Source Initiative (OSI) approved license.
open_source => {
licenses => [qw( free )],
amb => 1
},
# Requires special permission from copyright holder.
restricted => {
licenses => [qw( unfree )],
amb => 1
},
# Not an OSI approved license, but not restricted. Note, we
# currently map this to unfreeRedistributable, which is a
# conservative choice.
unrestricted => {
licenses => [qw( unfreeRedistributable )],
amb => 1
},
# License not provided in metadata.
unknown => {
licenses => [qw( unknown )],
amb => 1
}
);
sub handle_opts {
my ( $opt, $usage ) = describe_options(
'usage: $0 %o MODULE',
[ 'maintainer|m=s', 'the package maintainer' ],
[ 'debug|d', 'enable debug output' ],
[ 'help', 'print usage message and exit' ]
);
if ( $opt->help ) {
print $usage->text;
exit;
}
my $module_name = $ARGV[0];
if ( !defined $module_name ) {
print STDERR "Missing module name\n";
print STDERR $usage->text;
exit 1;
}
return ( $opt, $module_name );
}
# Takes a Perl package attribute name and returns 1 if the name cannot
# be referred to as a bareword. This typically happens if the package
# name is a reserved Nix keyword.
sub is_reserved {
my ($pkg) = @_;
return $pkg =~ /^(?: assert |
else |
if |
import |
in |
inherit |
let |
rec |
then |
while |
with )$/x;
}
sub pkg_to_attr {
my ($pkg_name) = @_;
my $attr_name = $pkg_name;
$attr_name =~ s/-\d.*//; # strip version
return "LWP" if $attr_name eq "libwww-perl";
$attr_name =~ s/-//g;
return $attr_name;
my ($module) = @_;
my $attr_name = $module->package_name;
if ( $attr_name eq "libwww-perl" ) {
return "LWP";
}
else {
$attr_name =~ s/-//g;
return $attr_name;
}
}
sub get_pkg_name {
my ($module) = @_;
my $pkg_name = $module->package;
$pkg_name =~ s/\.tar.*//;
$pkg_name =~ s/\.zip//;
return $pkg_name;
return $module->package_name . '-' . $module->package_version;
}
my $pkg_name = get_pkg_name $module;
my $attr_name = pkg_to_attr $pkg_name;
sub read_meta {
my ($pkg_path) = @_;
print STDERR "attribute name: ", $attr_name, "\n";
print STDERR "module: ", $module->module, "\n";
print STDERR "version: ", $module->version, "\n";
print STDERR "package: ", $module->package, , " (", $pkg_name, ", ", $attr_name, ")\n";
print STDERR "path: ", $module->path, "\n";
my $yaml_path = "$pkg_path/META.yml";
my $json_path = "$pkg_path/META.json";
my $meta;
my $tar_path = $module->fetch();
print STDERR "downloaded to: $tar_path\n";
print STDERR "sha-256: ", $module->status->checksum_value, "\n";
my $pkg_path = $module->extract();
print STDERR "unpacked to: $pkg_path\n";
my $meta;
if (-e "$pkg_path/META.yml") {
eval {
$meta = YAML::XS::LoadFile("$pkg_path/META.yml");
};
if ($@) {
system("iconv -f windows-1252 -t utf-8 '$pkg_path/META.yml' > '$pkg_path/META.yml.tmp'");
$meta = YAML::XS::LoadFile("$pkg_path/META.yml.tmp");
if ( -r $json_path ) {
$meta = CPAN::Meta->load_file($json_path);
}
elsif ( -r $yaml_path ) {
$meta = CPAN::Meta->load_file($yaml_path);
}
else {
WARN("package has no META.yml or META.json");
}
} elsif (-e "$pkg_path/META.json") {
local $/;
open(my $fh, '<', "$pkg_path/META.json") or die;
$meta = decode_json(<$fh>);
} else {
warn "package has no META.yml or META.json\n";
}
print STDERR "metadata: ", encode_json($meta), "\n" if defined $meta;
return $meta;
}
# Map a module to the attribute corresponding to its package
# (e.g. HTML::HeadParser will be mapped to HTMLParser, because that
# module is in the HTML-Parser package).
sub module_to_pkg {
my ($module_name) = @_;
my @modules = $cb->search(type => "name", allow => [$module_name]);
if (scalar @modules == 0) {
my ( $cb, $module_name ) = @_;
my @modules = $cb->search( type => "name", allow => [$module_name] );
if ( scalar @modules == 0 ) {
# Fallback.
$module_name =~ s/:://g;
return $module_name;
}
my $module = $modules[0];
my $attr_name = pkg_to_attr(get_pkg_name $module);
print STDERR "mapped dep $module_name to $attr_name\n";
my $module = $modules[0];
my $attr_name = pkg_to_attr($module);
DEBUG("mapped dep $module_name to $attr_name");
return $attr_name;
}
sub get_deps {
my ($type) = @_;
my $deps;
if (defined $meta->{prereqs}) {
die "unimplemented";
} elsif ($type eq "runtime") {
$deps = $meta->{requires};
} elsif ($type eq "configure") {
$deps = $meta->{configure_requires};
} elsif ($type eq "build") {
$deps = $meta->{build_requires};
}
my ( $cb, $meta, $type ) = @_;
return if !defined $meta;
my $prereqs = $meta->effective_prereqs;
my $deps = $prereqs->requirements_for( $type, "requires" );
my @res;
foreach my $n (keys %{$deps}) {
foreach my $n ( $deps->required_modules ) {
next if $n eq "perl";
# Hacky way to figure out if this module is part of Perl.
if ($n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/) {
if ( $n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/ && $n !~ /^if$/ ) {
eval "use $n;";
if (!$@) {
print STDERR "skipping Perl-builtin module $n\n";
if ( !$@ ) {
DEBUG("skipping Perl-builtin module $n");
next;
}
}
push @res, module_to_pkg($n);
my $pkg = module_to_pkg( $cb, $n );
# If the package name is reserved then we need to refer to it
# through the "self" variable.
$pkg = "self.\"$pkg\"" if is_reserved($pkg);
push @res, $pkg;
}
return @res;
}
sub uniq {
return keys %{{ map { $_ => 1 } @_ }};
return keys %{ { map { $_ => 1 } @_ } };
}
my @build_deps = sort(uniq(get_deps("configure"), get_deps("build"), get_deps("test")));
print STDERR "build deps: @build_deps\n";
sub render_license {
my ($cpan_license) = @_;
my @runtime_deps = sort(uniq(get_deps("runtime")));
print STDERR "runtime deps: @runtime_deps\n";
return if !defined $cpan_license;
my $homepage = $meta->{resources}->{homepage};
print STDERR "homepage: $homepage\n" if defined $homepage;
my $licenses;
my $description = $meta->{abstract};
if (defined $description) {
$description = uc(substr($description, 0, 1)) . substr($description, 1); # capitalise first letter
$description =~ s/\.$//; # remove period at the end
# If the license is ambiguous then we'll print an extra warning.
# For example, "gpl_2" is ambiguous since it may refer to exactly
# "GPL v2" or to "GPL v2 or later".
my $amb = 0;
# Whether the license is available inside `stdenv.lib.licenses`.
my $in_set = 1;
my $nix_license = $LICENSE_MAP{$cpan_license};
if ( !$nix_license ) {
WARN("Unknown license: $cpan_license");
$licenses = [$cpan_license];
$in_set = 0;
}
else {
$licenses = $nix_license->{licenses};
$amb = $nix_license->{amb};
$in_set = !$nix_license->{in_set};
}
my $license_line;
if ( @$licenses == 0 ) {
# Avoid defining the license line.
}
elsif ($in_set) {
my $lic = 'stdenv.lib.licenses';
if ( @$licenses == 1 ) {
$license_line = "$lic.$licenses->[0]";
}
else {
$license_line = "with $lic; [ " . join( ' ', @$licenses ) . " ]";
}
}
else {
if ( @$licenses == 1 ) {
$license_line = $licenses->[0];
}
else {
$license_line = '[ ' . join( ' ', @$licenses ) . ' ]';
}
}
INFO("license: $cpan_license");
WARN("License '$cpan_license' is ambiguous, please verify") if $amb;
return $license_line;
}
my ( $opt, $module_name ) = handle_opts();
Log::Log4perl->easy_init(
{
level => $opt->debug ? $DEBUG : $INFO,
layout => '%m%n'
}
);
my $cb = CPANPLUS::Backend->new;
my @modules = $cb->search( type => "name", allow => [$module_name] );
die "module $module_name not found\n" if scalar @modules == 0;
die "multiple packages that match module $module_name\n" if scalar @modules > 1;
my $module = $modules[0];
my $pkg_name = get_pkg_name $module;
my $attr_name = pkg_to_attr $module;
INFO( "attribute name: ", $attr_name );
INFO( "module: ", $module->module );
INFO( "version: ", $module->version );
INFO( "package: ", $module->package, " (", $pkg_name, ", ", $attr_name, ")" );
INFO( "path: ", $module->path );
my $tar_path = $module->fetch();
INFO( "downloaded to: ", $tar_path );
INFO( "sha-256: ", $module->status->checksum_value );
my $pkg_path = $module->extract();
INFO( "unpacked to: ", $pkg_path );
my $meta = read_meta($pkg_path);
DEBUG( "metadata: ", encode_json( $meta->as_struct ) ) if defined $meta;
my @build_deps = sort( uniq(
get_deps( $cb, $meta, "configure" ),
get_deps( $cb, $meta, "build" ),
get_deps( $cb, $meta, "test" )
) );
INFO("build deps: @build_deps");
my @runtime_deps = sort( uniq( get_deps( $cb, $meta, "runtime" ) ) );
INFO("runtime deps: @runtime_deps");
my $homepage = $meta ? $meta->resources->{homepage} : undef;
INFO("homepage: $homepage") if defined $homepage;
my $description = $meta ? $meta->abstract : undef;
if ( defined $description ) {
$description = uc( substr( $description, 0, 1 ) )
. substr( $description, 1 ); # capitalise first letter
$description =~ s/\.$//; # remove period at the end
$description =~ s/\s*$//;
$description =~ s/^\s*//;
print STDERR "description: $description\n";
$description =~ s/\n+/ /; # Replace new lines by space.
INFO("description: $description");
}
my $license = $meta->{license};
if (defined $license) {
$license = "perl5" if $license eq "perl_5";
print STDERR "license: $license\n";
}
#print(Data::Dumper::Dumper($meta->licenses) . "\n");
my $license = $meta ? render_license( $meta->licenses ) : undef;
my $build_fun = -e "$pkg_path/Build.PL" && ! -e "$pkg_path/Makefile.PL" ? "buildPerlModule" : "buildPerlPackage";
INFO( "RSS feed: https://metacpan.org/feed/distribution/",
$module->package_name );
my $build_fun = -e "$pkg_path/Build.PL"
&& !-e "$pkg_path/Makefile.PL" ? "buildPerlModule" : "buildPerlPackage";
print STDERR "===\n";
print <<EOF;
$attr_name = $build_fun {
${\(is_reserved($attr_name) ? "\"$attr_name\"" : $attr_name)} = $build_fun rec {
name = "$pkg_name";
src = fetchurl {
url = mirror://cpan/${\$module->path}/${\$module->package};
url = "mirror://cpan/${\$module->path}/\${name}.${\$module->package_extension}";
sha256 = "${\$module->status->checksum_value}";
};
EOF
@ -164,11 +450,14 @@ EOF
print <<EOF if defined $homepage;
homepage = $homepage;
EOF
print <<EOF if defined $description;
print <<EOF if defined $description && $description ne "Unknown";
description = "$description";
EOF
print <<EOF if defined $license;
license = "$license";
license = $license;
EOF
print <<EOF if $opt->maintainer;
maintainers = [ maintainers.${\$opt->maintainer} ];
EOF
print <<EOF;
};

11
maintainers/scripts/travis-nox-review-pr.sh
View File

@ -11,11 +11,7 @@ if [[ $1 == nix ]]; then
# Make sure we can use hydra's binary cache
sudo mkdir /etc/nix
sudo tee /etc/nix/nix.conf <<EOF >/dev/null
binary-caches = http://cache.nixos.org http://hydra.nixos.org
trusted-binary-caches = http://hydra.nixos.org
build-max-jobs = 4
EOF
sudo sh -c 'echo "build-max-jobs = 4" > /etc/nix/nix.conf'
# Verify evaluation
echo "=== Verifying that nixpkgs evaluates..."
@ -27,6 +23,9 @@ elif [[ $1 == nox ]]; then
elif [[ $1 == build ]]; then
source $HOME/.nix-profile/etc/profile.d/nix.sh
echo "=== Checking tarball creation"
nix-build pkgs/top-level/release.nix -A tarball
if [[ $TRAVIS_PULL_REQUEST == false ]]; then
echo "=== Not a pull request"
else
@ -41,8 +40,6 @@ elif [[ $1 == build ]]; then
exit 1
fi
fi
# echo "=== Checking tarball creation"
# nix-build pkgs/top-level/release.nix -A tarball
else
echo "$0: Unknown option $1" >&2
false

2
maintainers/scripts/vanity.sh
View File

@ -28,7 +28,7 @@ fetchGithubName () {
)"
userid="$(
curl https://github.com/NixOS/nixpkgs/commit/"$commitid" 2>/dev/null |
grep authored -B10 | grep 'href="/' |
grep committed -B10 | grep 'href="/' |
sed -re 's@.* href="/@@; s@".*@@' |
grep -v "/commit/"
)";

16
nixos/default.nix
View File

@ -1,20 +1,12 @@
{ configuration ? import ./lib/from-env.nix "NIXOS_CONFIG" <nixos-config>
, system ? builtins.currentSystem
, extraModules ? []
# This attribute is used to specify a different nixos version, a different
# system or additional modules which might be set conditionally.
, reEnter ? false
}:
let
reEnterModule = {
config.nixos.path = with (import ../lib); mkIf reEnter (mkForce null);
config.nixos.configuration = configuration;
};
eval = import ./lib/eval-config.nix {
inherit system;
modules = [ configuration reEnterModule ] ++ extraModules;
modules = [ configuration ];
};
inherit (eval) pkgs;
@ -22,14 +14,14 @@ let
# This is for `nixos-rebuild build-vm'.
vmConfig = (import ./lib/eval-config.nix {
inherit system;
modules = [ configuration reEnterModule ./modules/virtualisation/qemu-vm.nix ] ++ extraModules;
modules = [ configuration ./modules/virtualisation/qemu-vm.nix ];
}).config;
# This is for `nixos-rebuild build-vm-with-bootloader'.
vmWithBootLoaderConfig = (import ./lib/eval-config.nix {
inherit system;
modules =
[ configuration reEnterModule
[ configuration
./modules/virtualisation/qemu-vm.nix
{ virtualisation.useBootLoader = true; }
];
@ -38,7 +30,7 @@ let
in
{
inherit (eval.config.nixos.reflect) config options;
inherit (eval) config options;
system = eval.config.system.build.toplevel;

2
nixos/doc/manual/configuration/config-file.xml
View File

@ -157,7 +157,7 @@ boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60;
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext4";
options = "rw,data=ordered,relatime";
options = [ "rw" "data=ordered" "relatime" ];
};
</programlisting>
</para>

2
nixos/doc/manual/configuration/configuration.xml
View File

@ -26,8 +26,8 @@ effect after you run <command>nixos-rebuild</command>.</para>
<!-- FIXME: auto-include NixOS module docs -->
<xi:include href="postgresql.xml" />
<xi:include href="gitlab.xml" />
<xi:include href="acme.xml" />
<xi:include href="nixos.xml" />
<!-- Apache; libvirtd virtualisation -->

8
nixos/doc/manual/configuration/user-mgmt.xml
View File

@ -65,6 +65,14 @@ account named <literal>alice</literal>:
<screen>
$ useradd -m alice</screen>
To make all nix tools available to this new user use `su - USER` which
opens a login shell (==shell that loads the profile) for given user.
This will create the ~/.nix-defexpr symlink. So run:
<screen>
$ su - alice -c "true"</screen>
The flag <option>-m</option> causes the creation of a home directory
for the new user, which is generally what you want. The user does not
have an initial password and therefore cannot log in. A password can

21
nixos/doc/manual/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, options, version, revision }:
{ pkgs, options, version, revision, extraSources ? [] }:
with pkgs;
with pkgs.lib;
@ -17,19 +17,20 @@ let
# Clean up declaration sites to not refer to the NixOS source tree.
optionsList' = flip map optionsList (opt: opt // {
declarations = map (fn: stripPrefix fn) opt.declarations;
declarations = map stripAnyPrefixes opt.declarations;
}
// optionalAttrs (opt ? example) { example = substFunction opt.example; }
// optionalAttrs (opt ? default) { default = substFunction opt.default; }
// optionalAttrs (opt ? type) { type = substFunction opt.type; });
prefix = toString ../../..;
stripPrefix = fn:
if substring 0 (stringLength prefix) fn == prefix then
substring (stringLength prefix + 1) 1000 fn
else
fn;
# We need to strip references to /nix/store/* from options,
# including any `extraSources` if some modules came from elsewhere,
# or else the build will fail.
#
# E.g. if some `options` came from modules in ${pkgs.customModules}/nix,
# you'd need to include `extraSources = [ pkgs.customModules ]`
prefixesToStrip = map (p: "${toString p}/") ([ ../../.. ] ++ extraSources);
stripAnyPrefixes = flip (fold removePrefix) prefixesToStrip;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList');
@ -55,8 +56,8 @@ let
cp -prd $sources/* . # */
chmod -R u+w .
cp ${../../modules/services/databases/postgresql.xml} configuration/postgresql.xml
cp ${../../modules/services/misc/gitlab.xml} configuration/gitlab.xml
cp ${../../modules/security/acme.xml} configuration/acme.xml
cp ${../../modules/misc/nixos.xml} configuration/nixos.xml
ln -s ${optionsDocBook} options-db.xml
echo "${version}" > version
'';

78
nixos/doc/manual/development/writing-modules.xml
View File

@ -107,12 +107,12 @@ the file system. This module declares two options that can be defined
by other modules (typically the users
<filename>configuration.nix</filename>):
<option>services.locate.enable</option> (whether the database should
be updated) and <option>services.locate.period</option> (when the
be updated) and <option>services.locate.interval</option> (when the
update should be done). It implements its functionality by defining
two options declared by other modules:
<option>systemd.services</option> (the set of all systemd services)
and <option>services.cron.systemCronJobs</option> (the list of
commands to be executed periodically by <command>cron</command>).</para>
and <option>systemd.timers</option> (the list of commands to be
executed periodically by <command>systemd</command>).</para>
<example xml:id='locate-example'><title>NixOS Module for the “locate” Service</title>
<programlisting>
@ -120,53 +120,59 @@ commands to be executed periodically by <command>cron</command>).</para>
with lib;
let locatedb = "/var/cache/locatedb"; in
{
options = {
services.locate = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, NixOS will periodically update the database of
files used by the <command>locate</command> command.
'';
};
period = mkOption {
type = types.str;
default = "15 02 * * *";
description = ''
This option defines (in the format used by cron) when the
locate database is updated. The default is to update at
02:15 at night every day.
'';
};
let
cfg = config.services.locate;
in {
options.services.locate = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, NixOS will periodically update the database of
files used by the <command>locate</command> command.
'';
};
interval = mkOption {
type = types.str;
default = "02:15";
example = "hourly";
description = ''
Update the locate database at this interval. Updates by
default at 2:15 AM every day.
The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
'';
};
# Other options omitted for documentation
};
config = {
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = [ pkgs.su ];
script =
''
mkdir -m 0755 -p $(dirname ${locatedb})
exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /run'
mkdir -m 0755 -p $(dirname ${toString cfg.output})
exec updatedb \
--localuser=${cfg.localuser} \
${optionalString (!cfg.includeStore) "--prunepaths='/nix/store'"} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
};
services.cron.systemCronJobs = optional config.services.locate.enable
"${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service";
systemd.timers.update-locatedb = mkIf cfg.enable
{ description = "Update timer for locate database";
partOf = [ "update-locatedb.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = cfg.interval;
};
};
}</programlisting>
}
</programlisting>
</example>
<xi:include href="option-declarations.xml" />

5
nixos/doc/manual/installation/installing.xml
View File

@ -22,7 +22,10 @@
(with empty password).</para></listitem>
<listitem><para>If you downloaded the graphical ISO image, you can
run <command>start display-manager</command> to start KDE.</para></listitem>
run <command>start display-manager</command> to start KDE. If you
want to continue on the terminal, you can use
<command>loadkeys</command> to switch to your preferred keyboard layout.
(We even provide neo2 via <command>loadkeys de neo</command>!)</para></listitem>
<listitem><para>The boot process should have brought up networking (check
<command>ip a</command>). Networking is necessary for the

4
nixos/doc/manual/man-nixos-generate-config.xml
View File

@ -165,13 +165,13 @@ look like this:
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext3";
options = "rw,data=ordered,relatime";
options = [ "rw" "data=ordered" "relatime" ];
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext3";
options = "rw,errors=continue,user_xattr,acl,barrier=1,data=writeback,relatime";
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
};
swapDevices =

2
nixos/doc/manual/release-notes/release-notes.xml
View File

@ -9,7 +9,7 @@
<para>This section lists the release notes for each stable version of NixOS
and current unstable revision.</para>
<xi:include href="rl-unstable.xml" />
<xi:include href="rl-1603.xml" />
<xi:include href="rl-1509.xml" />
<xi:include href="rl-1412.xml" />
<xi:include href="rl-1404.xml" />

143
nixos/doc/manual/release-notes/rl-unstable.xml → nixos/doc/manual/release-notes/rl-1603.xml
View File

@ -2,28 +2,15 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-unstable">
xml:id="sec-release-16.03">
<title>Unstable</title>
<title>Release 16.03 (“Emu”, 2016/03/??)</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights:</para>
<itemizedlist>
<listitem>
<para>You can now pin a specific version of NixOS in your <filename>configuration.nix</filename>
by setting:
<programlisting>
nixos.path = ./nixpkgs-unstable-2015-12-06/nixos;
</programlisting>
This will make NixOS re-evaluate your configuration with the modules of
the specified NixOS version at the given path. For more details, see
<xref linkend="module-misc-nixos" /></para>
</listitem>
<listitem>
<para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
The package and attribute names are plain <literal>firefox</literal>
@ -41,7 +28,10 @@ nixos.path = ./nixpkgs-unstable-2015-12-06/nixos;
<itemizedlist>
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
<listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
<listitem><para><literal>services/security/haka.nix</literal></para></listitem>
<listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem>
</itemizedlist>
</para>
@ -145,6 +135,118 @@ nginx.override {
from the ELPA, MELPA, and MELPA Stable repositories.
</para>
</listitem>
<listitem>
<para>Data directory for Postfix MTA server is moved from
<filename>/var/postfix</filename> to <filename>/var/lib/postfix</filename>.
Old configurations are migrated automatically. <literal>service.postfix</literal>
module has also received many improvements, such as correct directories' access
rights, new <literal>aliasFiles</literal> and <literal>mapFiles</literal>
options and more.</para>
</listitem>
<listitem>
<para>Filesystem options should now be configured as a list of strings, not
a comma-separated string. The old style will continue to work, but print a
warning, until the 16.09 release. An example of the new style:
<programlisting>
fileSystems."/example" = {
device = "/dev/sdc";
fsType = "btrfs";
options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
};
</programlisting>
</para>
</listitem>
<listitem>
<para>CUPS, installed by <literal>services.printing</literal> module, now
has its data directory in <filename>/var/lib/cups</filename>. Old
configurations from <filename>/etc/cups</filename> are moved there
automatically, but there might be problems. Also configuration options
<literal>services.printing.cupsdConf</literal> and
<literal>services.printing.cupsdFilesConf</literal> were removed
because they had been allowing one to override configuration variables
required for CUPS to work at all on NixOS. For most use cases,
<literal>services.printing.extraConf</literal> and new option
<literal>services.printing.extraFilesConf</literal> should be enough;
if you encounter a situation when they are not, please file a bug.</para>
<para>There are also Gutenprint improvements; in particular, a new option
<literal>services.printing.gutenprint</literal> is added to enable automatic
updating of Gutenprint PPMs; it's greatly recommended to enable it instead
of adding <literal>gutenprint</literal> to the <literal>drivers</literal> list.
</para>
</listitem>
<listitem>
<para><literal>services.xserver.vaapiDrivers</literal> has been removed. Use
<literal>services.hardware.opengl.extraPackages{,32}</literal> instead. You can
also specify VDPAU drivers there.</para>
</listitem>
<listitem>
<para>
<literal>programs.ibus</literal> moved to <literal>i18n.inputMethod.ibus</literal>.
The option <literal>programs.ibus.plugins</literal> changed to <literal>i18n.inputMethod.ibus.engines</literal>
and the option to enable ibus changed from <literal>programs.ibus.enable</literal> to
<literal>i18n.inputMethod.enabled</literal>.
<literal>i18n.inputMethod.enabled</literal> should be set to the used input method name,
<literal>"ibus"</literal> for ibus.
An example of the new style:
<programlisting>
i18n.inputMethod.enabled = "ibus";
i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
</programlisting>
That is equivalent to the old version:
<programlisting>
programs.ibus.enable = true;
programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
</programlisting>
</para>
</listitem>
<listitem>
<para><literal>services.udev.extraRules</literal> option now writes rules
to <filename>99-local.rules</filename> instead of <filename>10-local.rules</filename>.
This makes all the user rules apply after others, so their results wouldn't be
overriden by anything else.</para>
</listitem>
<listitem>
<para>Large parts of the <literal>services.gitlab</literal> module has been
been rewritten. There are new configuration options available. The
<literal>stateDir</literal> option was renamned to
<literal>statePath</literal> and the <literal>satellitesDir</literal> option
was removed. Please review the currently available options.</para>
</listitem>
<listitem>
<para>
The option <option>services.nsd.zones.&lt;name&gt;.data</option> no
longer interpret the dollar sign ($) as a shell variable, as such it
should not be escaped anymore. Thus the following zone data:
</para>
<programlisting>
\$ORIGIN example.com.
\$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
</programlisting>
<para>
Should modified to look like the actual file expected by nsd:
</para>
<programlisting>
$ORIGIN example.com.
$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
</programlisting>
</listitem>
</itemizedlist>
@ -158,6 +260,17 @@ nginx.override {
<command>nix-shell</command> (without installing anything). </para>
</listitem>
<listitem>
<para><literal>ejabberd</literal> module is brought back and now works on
NixOS.</para>
</listitem>
<listitem>
<para>Input method support was improved. New NixOS modules (fcitx, nabi and uim),
fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n)
have been added.</para>
</listitem>
</itemizedlist></para>
</section>

2
nixos/lib/make-iso9660-image.nix
View File

@ -22,7 +22,7 @@
, # Whether this should be an efi-bootable El-Torito CD.
efiBootable ? false
, # Wheter this should be an hybrid CD (bootable from USB as well as CD).
, # Whether this should be an hybrid CD (bootable from USB as well as CD).
usbBootable ? false
, # The path (in the ISO file system) of the boot image.

17
nixos/modules/config/fonts/fontconfig.nix
View File

@ -129,6 +129,14 @@ with lib;
};
cache32Bit = mkOption {
default = false;
type = types.bool;
description = ''
Generate system fonts cache for 32-bit applications.
'';
};
};
};
@ -231,12 +239,19 @@ with lib;
"${pkgs.fontconfig.out}/etc/fonts/fonts.conf";
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
''
let
cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
in ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
<!-- Pre-generated font caches -->
<cachedir>${cache pkgs.fontconfig}</cachedir>
${optionalString (pkgs.stdenv.isx86_64 && config.fonts.fontconfig.cache32Bit) ''
<cachedir>${cache pkgs.pkgsi686Linux.fontconfig}</cachedir>
''}
</fontconfig>
'';

41
nixos/modules/config/gtk-exe-env.nix
View File

@ -1,41 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
];
options = {
gtkPlugins = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
Plugin packages for GTK+ such as input methods.
'';
};
};
config = {
environment.variables = if builtins.length config.gtkPlugins > 0
then
let
paths = [ pkgs.gtk2 pkgs.gtk3 ] ++ config.gtkPlugins;
env = pkgs.buildEnv {
name = "gtk-exe-env";
inherit paths;
postBuild = lib.concatStringsSep "\n"
(map (d: d.gtkExeEnvPostBuild or "") paths);
ignoreCollisions = true;
};
in {
GTK_EXE_PREFIX = builtins.toString env;
GTK_PATH = [
"${env}/lib/gtk-2.0"
"${env}/lib/gtk-3.0"
];
}
else {};
};
}

16
nixos/modules/config/networking.nix
View File

@ -39,6 +39,17 @@ in
'';
};
networking.dnsExtensionMechanism = lib.mkOption {
type = types.bool;
default = false;
description = ''
Enable the <code>edns0</code> option in <filename>resolv.conf</filename>. With
that option set, <code>glibc</code> supports use of the extension mechanisms for
DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
which does not work without it.
'';
};
networking.extraResolvconfConf = lib.mkOption {
type = types.lines;
default = "";
@ -162,7 +173,10 @@ in
libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
'' + optionalString cfg.dnsSingleRequest ''
# only send one DNS request at a time
resolv_conf_options='single-request'
resolv_conf_options+=' single-request'
'' + optionalString cfg.dnsExtensionMechanism ''
# enable extension mechanisms for DNS
resolv_conf_options+=' edns0'
'' + optionalString hasLocalResolver ''
# This hosts runs a full-blown DNS resolver.
name_servers='127.0.0.1'

37
nixos/modules/config/qt-plugin-env.nix
View File

@ -1,37 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
];
options = {
qtPlugins = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
Plugin packages for Qt such as input methods.
'';
};
};
config = {
environment.variables = if builtins.length config.qtPlugins > 0
then
let
paths = [ pkgs.qt48 ] ++ config.qtPlugins;
env = pkgs.buildEnv {
name = "qt-plugin-env";
inherit paths;
postBuild = lib.concatStringsSep "\n"
(map (d: d.qtPluginEnvPostBuild or "") paths);
ignoreCollisions = true;
};
in {
QT_PLUGIN_PATH = [ (builtins.toString env) ];
}
else {};
};
}

20
nixos/modules/config/vpnc.nix
View File

@ -17,16 +17,16 @@ in
services = mkOption {
type = types.attrsOf types.str;
default = {};
example = {
test =
''
IPSec gateway 192.168.1.1
IPSec ID someID
IPSec secret secretKey
Xauth username name
Xauth password pass
'';
};
example = literalExample ''
{ test = '''
IPSec gateway 192.168.1.1
IPSec ID someID
IPSec secret secretKey
Xauth username name
Xauth password pass
''';
}
'';
description =
''
The names of cisco VPNs and their associated definitions

6
nixos/modules/config/zram.nix
View File

@ -98,11 +98,9 @@ in
script = ''
set -u
set -o pipefail
PATH=${pkgs.procps}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin
# Calculate memory to use for zram
totalmem=$(free | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/ *.*//')
totalmem=$(${pkgs.gnugrep}/bin/grep 'MemTotal: ' /proc/meminfo | ${pkgs.gawk}/bin/awk '{print $2}')
mem=$(((totalmem * ${toString cfg.memoryPercent} / 100 / ${toString cfg.numDevices}) * 1024))
echo $mem > /sys/class/block/${dev}/disksize

2
nixos/modules/hardware/all-firmware.nix
View File

@ -22,7 +22,7 @@ with lib;
###### implementation
config = mkIf config.hardware.enableAllFirmware {
hardware.firmware = [ pkgs.firmwareLinuxNonfree ];
hardware.firmware = [ pkgs.firmwareLinuxNonfree pkgs.intel2200BGFirmware ];
};
}

2
nixos/modules/hardware/network/intel-2200bg.nix
View File

@ -23,7 +23,7 @@
config = lib.mkIf config.networking.enableIntel2200BGFirmware {
hardware.enableAllFirmware = true;
hardware.firmware = [ pkgs.intel2200BGFirmware ];
};

39
nixos/modules/hardware/opengl.nix
View File

@ -10,7 +10,7 @@ let
videoDrivers = config.services.xserver.videoDrivers;
makePackage = p: p.buildEnv {
makePackage = p: pkgs.buildEnv {
name = "mesa-drivers+txc-${p.mesa_drivers.version}";
paths =
[ p.mesa_drivers
@ -19,6 +19,16 @@ let
];
};
package = pkgs.buildEnv {
name = "opengl-drivers";
paths = [ cfg.package ] ++ cfg.extraPackages;
};
package32 = pkgs.buildEnv {
name = "opengl-drivers-32bit";
paths = [ cfg.package32 ] ++ cfg.extraPackages32;
};
in
{
@ -75,11 +85,32 @@ in
internal = true;
description = ''
The package that provides the 32-bit OpenGL implementation on
64-bit systems. Used when <option>driSupport32Bit</option> is
64-bit systems. Used when <option>driSupport32Bit</option> is
set.
'';
};
hardware.opengl.extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to OpenGL drivers. This can be used
to add additional VA-API/VDPAU drivers.
'';
};
hardware.opengl.extraPackages32 = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when <option>driSupport32Bit</option> is
set. This can be used to add additional VA-API/VDPAU drivers.
'';
};
};
config = mkIf cfg.enable {
@ -91,11 +122,11 @@ in
system.activationScripts.setup-opengl =
''
ln -sfn ${cfg.package} /run/opengl-driver
ln -sfn ${package} /run/opengl-driver
${if pkgs.stdenv.isi686 then ''
ln -sfn opengl-driver /run/opengl-driver-32
'' else if cfg.driSupport32Bit then ''
ln -sfn ${cfg.package32} /run/opengl-driver-32
ln -sfn ${package32} /run/opengl-driver-32
'' else ''
rm -f /run/opengl-driver-32
''}

45
nixos/modules/hardware/video/webcam/facetimehd.nix Normal file
View File

@ -0,0 +1,45 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.facetimehd;
kernelPackages = config.boot.kernelPackages;
in
{
options.hardware.facetimehd.enable = mkEnableOption "facetimehd kernel module";
config = mkIf cfg.enable {
assertions = singleton {
assertion = versionAtLeast kernelPackages.kernel.version "3.19";
message = "facetimehd is not supported for kernels older than 3.19";
};
boot.kernelModules = [ "facetimehd" ];
boot.blacklistedKernelModules = [ "bdc_pci" ];
boot.extraModulePackages = [ kernelPackages.facetimehd ];
hardware.firmware = [ pkgs.facetimehd-firmware ];
# unload module during suspend/hibernate as it crashes the whole system
powerManagement.powerDownCommands = ''
${pkgs.module_init_tools}/bin/rmmod -f facetimehd
'';
# and load it back on resume
powerManagement.resumeCommands = ''
export MODULE_DIR=/run/current-system/kernel-modules/lib/modules
${pkgs.module_init_tools}/bin/modprobe -v facetimehd
'';
};
}

29
nixos/modules/i18n/inputMethod/default.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, pkgs, lib, ... }:
with lib;
{
options = {
i18n.inputMethod = {
enabled = mkOption {
type = types.nullOr (types.enum [ "ibus" "fcitx" "nabi" "uim" ]);
default = null;
example = "fcitx";
description = ''
Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.
Input methods are specially used to input Chinese, Japanese and Korean characters.
Currently the following input methods are available in NixOS:
<itemizedlist>
<listitem><para>ibus: The intelligent input bus, extra input engines can be added using <literal>i18n.inputMethod.ibus.engines</literal>.</para></listitem>
<listitem><para>fcitx: A customizable lightweight input method, extra input engines can be added using <literal>i18n.inputMethod.fcitx.engines</literal>.</para></listitem>
<listitem><para>nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.</para></listitem>
<listitem><para>uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.</para></listitem>
</itemizedlist>
'';
};
};
};
}

44
nixos/modules/i18n/inputMethod/fcitx.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.i18n.inputMethod.fcitx;
fcitxPackage = pkgs.fcitx-with-plugins.override { plugins = cfg.engines; };
fcitxEngine = types.package // {
name = "fcitx-engine";
check = x: (lib.types.package.check x) && (attrByPath ["meta" "isFcitxEngine"] false x);
};
in
{
options = {
i18n.inputMethod.fcitx = {
engines = mkOption {
type = with types; listOf fcitxEngine;
default = [];
example = literalExample "with pkgs.fcitx-engines; [ mozc hangul ]";
description =
let
engines =
lib.concatStringsSep ", "
(map (name: "<literal>${name}</literal>")
(lib.attrNames pkgs.fcitx-engines));
in
"Enabled Fcitx engines. Available engines are: ${engines}.";
};
};
};
config = mkIf (config.i18n.inputMethod.enabled == "fcitx") {
environment.systemPackages = [ fcitxPackage ];
environment.variables = {
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
};
services.xserver.displayManager.sessionCommands = "${fcitxPackage}/bin/fcitx";
};
}

55
nixos/modules/i18n/inputMethod/ibus.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.i18n.inputMethod.ibus;
ibusPackage = pkgs.ibus-with-plugins.override { plugins = cfg.engines; };
ibusEngine = types.package // {
name = "ibus-engine";
check = x: (lib.types.package.check x) && (attrByPath ["meta" "isIbusEngine"] false x);
};
ibusAutostart = pkgs.writeTextFile {
name = "autostart-ibus-daemon";
destination = "/etc/xdg/autostart/ibus-daemon.desktop";
text = ''
[Desktop Entry]
Name=IBus
Type=Application
Exec=${ibusPackage}/bin/ibus-daemon --daemonize --xim --cache=refresh
'';
};
in
{
options = {
i18n.inputMethod.ibus = {
engines = mkOption {
type = with types; listOf ibusEngine;
default = [];
example = literalExample "with pkgs.ibus-engines; [ mozc hangul ]";
description =
let
engines =
lib.concatStringsSep ", "
(map (name: "<literal>${name}</literal>")
(lib.attrNames pkgs.ibus-engines));
in
"Enabled IBus engines. Available engines are: ${engines}.";
};
};
};
config = mkIf (config.i18n.inputMethod.enabled == "ibus") {
# Without dconf enabled it is impossible to use IBus
environment.systemPackages = with pkgs; [
ibusPackage ibus-qt gnome3.dconf ibusAutostart
];
environment.variables = {
GTK_IM_MODULE = "ibus";
QT_IM_MODULE = "ibus";
XMODIFIERS = "@im=ibus";
};
};
}

16
nixos/modules/i18n/inputMethod/nabi.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = mkIf (config.i18n.inputMethod.enabled == "nabi") {
environment.systemPackages = [ pkgs.nabi ];
environment.variables = {
GTK_IM_MODULE = "nabi";
QT_IM_MODULE = "nabi";
XMODIFIERS = "@im=nabi";
};
services.xserver.displayManager.sessionCommands = "${pkgs.nabi}/bin/nabi &";
};
}

37
nixos/modules/i18n/inputMethod/uim.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.i18n.inputMethod.uim;
in
{
options = {
i18n.inputMethod.uim = {
toolbar = mkOption {
type = types.enum [ "gtk" "gtk3" "gtk-systray" "gtk3-systray" "qt4" ];
default = "gtk";
example = "gtk-systray";
description = ''
selected UIM toolbar.
'';
};
};
};
config = mkIf (config.i18n.inputMethod.enabled == "uim") {
environment.systemPackages = [ pkgs.uim ];
environment.variables = {
GTK_IM_MODULE = "uim";
QT_IM_MODULE = "uim";
XMODIFIERS = "@im=uim";
};
services.xserver.displayManager.sessionCommands = ''
${pkgs.uim}/bin/uim-xim &
${pkgs.uim}/bin/uim-toolbar-${cfg.toolbar} &
'';
};
}

78
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix Normal file
View File

@ -0,0 +1,78 @@
# This module defines a NixOS installation CD that contains X11 and
# GNOME 3.
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ ./installation-cd-base.nix ];
services.xserver = {
enable = true;
# GDM doesn't start in virtual machines with ISO
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
desktopManager.gnome3 = {
enable = true;
extraGSettingsOverrides = ''
[org.gnome.desktop.background]
show-desktop-icons=true
[org.gnome.nautilus.desktop]
trash-icon-visible=false
volumes-visible=false
home-icon-visible=false
network-icon-visible=false
'';
extraGSettingsOverridePackages = [ pkgs.gnome3.nautilus ];
};
};
environment.systemPackages =
[ # Include gparted for partitioning disks.
pkgs.gparted
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
pkgs.glxinfo
];
# Don't start the X server by default.
services.xserver.autorun = mkForce false;
# Auto-login as root.
services.xserver.displayManager.gdm.autoLogin = {
enable = true;
user = "root";
};
system.activationScripts.installerDesktop = let
# Must be executable
desktopFile = pkgs.writeScript "nixos-manual.desktop" ''
[Desktop Entry]
Version=1.0
Type=Link
Name=NixOS Manual
URL=${config.system.build.manual.manual}/share/doc/nixos/index.html
Icon=system-help
'';
# use cp and chmod +x, we must be sure the apps are in the nix store though
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
cp ${pkgs.gnome3.gnome_terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
chmod a+rx /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
chmod a+rx /root/Desktop/gparted.desktop
'';
}

2
nixos/modules/installer/cd-dvd/installation-cd-graphical-new-kernel.nix → nixos/modules/installer/cd-dvd/installation-cd-graphical-kde-new-kernel.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [ ./installation-cd-graphical.nix ];
imports = [ ./installation-cd-graphical-kde.nix ];
boot.kernelPackages = pkgs.linuxPackages_latest;
}

0
nixos/modules/installer/cd-dvd/installation-cd-graphical.nix → nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

8
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -249,7 +249,7 @@ in
fileSystems."/" =
{ fsType = "tmpfs";
options = "mode=0755";
options = [ "mode=0755" ];
};
# Note that /dev/root is a symlink to the actual root device
@ -266,20 +266,20 @@ in
fileSystems."/nix/.ro-store" =
{ fsType = "squashfs";
device = "/iso/nix-store.squashfs";
options = "loop";
options = [ "loop" ];
neededForBoot = true;
};
fileSystems."/nix/.rw-store" =
{ fsType = "tmpfs";
options = "mode=0755";
options = [ "mode=0755" ];
neededForBoot = true;
};
fileSystems."/nix/store" =
{ fsType = "unionfs-fuse";
device = "unionfs";
options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
options = [ "allow_other" "cow" "nonempty" "chroot=/mnt-root" "max_files=32768" "hide_meta_files" "dirs=/nix/.rw-store=rw:/nix/.ro-store=ro" ];
};
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" "usb-storage" ];

2
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
View File

@ -23,7 +23,7 @@ in
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
# FIXME: this probably should be in installation-device.nix
users.extraUsers.root.initialHashedPassword = "";

10
nixos/modules/installer/cd-dvd/sd-image.nix
View File

@ -30,7 +30,7 @@ in
bootSize = mkOption {
type = types.int;
default = 128;
default = 120;
description = ''
Size of the /boot partition, in megabytes.
'';
@ -66,10 +66,10 @@ in
buildInputs = with pkgs; [ dosfstools e2fsprogs mtools libfaketime utillinux ];
buildCommand = ''
# Create the image file sized to fit /boot and /, plus 4M of slack
# Create the image file sized to fit /boot and /, plus 20M of slack
rootSizeBlocks=$(du -B 512 --apparent-size ${rootfsImage} | awk '{ print $1 }')
bootSizeBlocks=$((${toString config.sdImage.bootSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + bootSizeBlocks * 512 + 4096 * 1024))
imageSize=$((rootSizeBlocks * 512 + bootSizeBlocks * 512 + 20 * 1024 * 1024))
truncate -s $imageSize $out
# type=b is 'W95 FAT32', type=83 is 'Linux'.
@ -77,8 +77,8 @@ in
label: dos
label-id: 0x2178694e
start=1M, size=$bootSizeBlocks, type=b, bootable
type=83
start=8M, size=$bootSizeBlocks, type=b, bootable
start=${toString (8 + config.sdImage.bootSize)}M, type=83
EOF
# Copy the rootfs into the SD image

3
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -86,8 +86,7 @@ in
system.boot.loader.kernelFile = "uImage";
boot.initrd.availableKernelModules =
[ "mvsdio" "mmc_block" "reiserfs" "ext3" "ums-cypress" "rtc_mv"
"ext4" ];
[ "mvsdio" "reiserfs" "ext3" "ums-cypress" "rtc_mv" "ext4" ];
boot.postBootCommands =
''

2
nixos/modules/installer/cd-dvd/system-tarball.nix
View File

@ -43,7 +43,7 @@ in
# so that we don't need to know its device.
fileSystems = [ ];
# boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ];
# boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];
# boot.initrd.kernelModules = [ "rtc_mv" ];

2
nixos/modules/installer/tools/auto-upgrade.nix
View File

@ -74,7 +74,7 @@ let cfg = config.system.autoUpgrade; in
serviceConfig.Type = "oneshot";
environment = config.nix.envVars //
{ inherit (config.environment.sessionVariables) NIX_PATH SSL_CERT_FILE;
{ inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
};

21
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -148,7 +148,7 @@ sub pciCheck {
$device eq "0x4331" || $device eq "0x43a0" || $device eq "0x43b1"
) )
{
push @modulePackages, "\${config.boot.kernelPackages.broadcom_sta}";
push @modulePackages, "config.boot.kernelPackages.broadcom_sta";
push @kernelModules, "wl";
}
@ -349,7 +349,7 @@ foreach my $fs (read_file("/proc/self/mountinfo")) {
fileSystems.\"$mountPoint\" =
{ device = \"$base$path\";
fsType = \"none\";
options = \"bind\";
options = \[ \"bind\" \];
};
EOF
@ -409,7 +409,7 @@ EOF
if (scalar @extraOptions > 0) {
$fileSystems .= <<EOF;
options = \"${\join ",", uniq(@extraOptions)}\";
options = \[ ${\join " ", map { "\"" . $_ . "\"" } uniq(@extraOptions)} \];
EOF
}
@ -422,13 +422,20 @@ EOF
# Generate the hardware configuration file.
sub toNixExpr {
sub toNixStringList {
my $res = "";
foreach my $s (@_) {
$res .= " \"$s\"";
}
return $res;
}
sub toNixList {
my $res = "";
foreach my $s (@_) {
$res .= " $s";
}
return $res;
}
sub multiLineList {
my $indent = shift;
@ -444,9 +451,9 @@ sub multiLineList {
return $res;
}
my $initrdAvailableKernelModules = toNixExpr(uniq @initrdAvailableKernelModules);
my $kernelModules = toNixExpr(uniq @kernelModules);
my $modulePackages = toNixExpr(uniq @modulePackages);
my $initrdAvailableKernelModules = toNixStringList(uniq @initrdAvailableKernelModules);
my $kernelModules = toNixStringList(uniq @kernelModules);
my $modulePackages = toNixList(uniq @modulePackages);
my $fsAndSwap = "";
if (!$noFilesystems) {

5
nixos/modules/installer/tools/nixos-install.sh
View File

@ -73,11 +73,6 @@ if ! test -e "$mountPoint"; then
exit 1
fi
if ! grep -F -q " $mountPoint " /proc/mounts; then
echo "$mountPoint doesn't appear to be a mount point"
exit 1
fi
# Mount some stuff in the target root directory.
mkdir -m 0755 -p $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/etc $mountPoint/run $mountPoint/home

188
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -19,6 +19,8 @@ rollback=
upgrade=
repair=
profile=/nix/var/nix/profiles/system
buildHost=
targetHost=
while [ "$#" -gt 0 ]; do
i="$1"; shift 1
@ -73,6 +75,14 @@ while [ "$#" -gt 0 ]; do
fi
shift 1
;;
--build-host|h)
buildHost="$1"
shift 1
;;
--target-host|t)
targetHost="$1"
shift 1
;;
*)
echo "$0: unknown option \`$i'"
exit 1
@ -80,6 +90,91 @@ while [ "$#" -gt 0 ]; do
esac
done
if [ -z "$buildHost" -a -n "$targetHost" ]; then
buildHost="$targetHost"
fi
if [ "$targetHost" = localhost ]; then
targetHost=
fi
if [ "$buildHost" = localhost ]; then
buildHost=
fi
buildHostCmd() {
if [ -z "$buildHost" ]; then
"$@"
elif [ -n "$remoteNix" ]; then
ssh $SSHOPTS "$buildHost" PATH="$remoteNix:$PATH" "$@"
else
ssh $SSHOPTS "$buildHost" "$@"
fi
}
targetHostCmd() {
if [ -z "$targetHost" ]; then
"$@"
else
ssh $SSHOPTS "$targetHost" "$@"
fi
}
copyToTarget() {
if ! [ "$targetHost" = "$buildHost" ]; then
if [ -z "$targetHost" ]; then
NIX_SSHOPTS=$SSH_OPTS nix-copy-closure --from "$buildHost" "$1"
elif [ -z "$buildHost" ]; then
NIX_SSHOPTS=$SSH_OPTS nix-copy-closure --to "$targetHost" "$1"
else
buildHostCmd nix-copy-closure --to "$targetHost" "$1"
fi
fi
}
nixBuild() {
if [ -z "$buildHost" ]; then
nix-build "$@"
else
local instArgs=()
local buildArgs=()
while [ "$#" -gt 0 ]; do
local i="$1"; shift 1
case "$i" in
-o)
local out="$1"; shift 1
buildArgs+=("--add-root" "$out" "--indirect")
;;
-A)
local j="$1"; shift 1
instArgs+=("$i" "$j")
;;
-I) # We don't want this in buildArgs
shift 1
;;
--no-out-link) # We don't want this in buildArgs
;;
"<"*) # nix paths
instArgs+=("$i")
;;
*)
buildArgs+=("$i")
;;
esac
done
local drv="$(nix-instantiate "${instArgs[@]}" "${extraBuildFlags[@]}")"
if [ -a "$drv" ]; then
NIX_SSHOPTS=$SSH_OPTS nix-copy-closure --to "$buildHost" "$drv"
buildHostCmd nix-store -r "$drv" "${buildArgs[@]}"
else
echo "nix-instantiate failed"
exit 1
fi
fi
}
if [ -z "$action" ]; then showSyntax; fi
# Only run shell scripts from the Nixpkgs tree if the action is
@ -128,7 +223,16 @@ fi
tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX)
trap 'rm -rf "$tmpDir"' EXIT
SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60"
cleanup() {
for ctrl in "$tmpDir"/ssh-*; do
ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true
done
rm -rf "$tmpDir"
}
trap cleanup EXIT
# If the Nix daemon is running, then use it. This allows us to use
@ -150,30 +254,56 @@ if [ -n "$rollback" -o "$action" = dry-build ]; then
buildNix=
fi
prebuiltNix() {
machine="$1"
if [ "$machine" = x86_64 ]; then
return /nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
elif [[ "$machine" =~ i.86 ]]; then
return /nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
else
echo "$0: unsupported platform"
exit 1
fi
}
remotePATH=
if [ -n "$buildNix" ]; then
echo "building Nix..." >&2
if ! nix-build '<nixpkgs/nixos>' -A config.nix.package -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
if ! nix-build '<nixpkgs/nixos>' -A nixFallback -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
if ! nix-build '<nixpkgs>' -A nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
machine="$(uname -m)"
if [ "$machine" = x86_64 ]; then
nixStorePath=/nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
elif [[ "$machine" =~ i.86 ]]; then
nixStorePath=/nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
else
echo "$0: unsupported platform"
exit 1
fi
nixDrv=
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then
nixStorePath="$(prebuiltNix "$(uname -m)")"
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
--option extra-binary-caches https://cache.nixos.org/; then
echo "warning: don't know how to get latest Nix" >&2
fi
# Older version of nix-store -r don't support --add-root.
[ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix
if [ -n "$buildHost" ]; then
remoteNixStorePath="$(prebuiltNix "$(buildHostCmd uname -m)")"
remoteNix="$remoteNixStorePath/bin"
if ! buildHostCmd nix-store -r $remoteNixStorePath \
--option extra-binary-caches https://cache.nixos.org/ >/dev/null; then
remoteNix=
echo "warning: don't know how to get latest Nix" >&2
fi
fi
fi
fi
fi
PATH=$tmpDir/nix/bin:$PATH
if [ -a "$nixDrv" ]; then
nix-store -r "$nixDrv"'!'"out" --add-root $tmpDir/nix --indirect >/dev/null
if [ -n "$buildHost" ]; then
nix-copy-closure --to "$buildHost" "$nixDrv"
# The nix build produces multiple outputs, we add them all to the remote path
for p in $(buildHostCmd nix-store -r "$(readlink "$nixDrv")" "${buildArgs[@]}"); do
remoteNix="$remoteNix${remoteNix:+:}$p/bin"
done
fi
fi
PATH="$tmpDir/nix/bin:$PATH"
fi
@ -200,31 +330,35 @@ fi
if [ -z "$rollback" ]; then
echo "building the system configuration..." >&2
if [ "$action" = switch -o "$action" = boot ]; then
nix-env "${extraBuildFlags[@]}" -p "$profile" -f '<nixpkgs/nixos>' --set -A system
pathToConfig="$profile"
pathToConfig="$(nixBuild '<nixpkgs/nixos>' --no-out-link -A system "${extraBuildFlags[@]}")"
copyToTarget "$pathToConfig"
targetHostCmd nix-env -p "$profile" --set "$pathToConfig"
elif [ "$action" = test -o "$action" = build -o "$action" = dry-build -o "$action" = dry-activate ]; then
nix-build '<nixpkgs/nixos>' -A system -k "${extraBuildFlags[@]}" > /dev/null
pathToConfig=./result
pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A system -k "${extraBuildFlags[@]}")"
elif [ "$action" = build-vm ]; then
nix-build '<nixpkgs/nixos>' -A vm -k "${extraBuildFlags[@]}" > /dev/null
pathToConfig=./result
pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A vm -k "${extraBuildFlags[@]}")"
elif [ "$action" = build-vm-with-bootloader ]; then
nix-build '<nixpkgs/nixos>' -A vmWithBootLoader -k "${extraBuildFlags[@]}" > /dev/null
pathToConfig=./result
pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A vmWithBootLoader -k "${extraBuildFlags[@]}")"
else
showSyntax
fi
# Copy build to target host if we haven't already done it
if ! [ "$action" = switch -o "$action" = boot ]; then
copyToTarget "$pathToConfig"
fi
else # [ -n "$rollback" ]
if [ "$action" = switch -o "$action" = boot ]; then
nix-env --rollback -p "$profile"
targetHostCmd nix-env --rollback -p "$profile"
pathToConfig="$profile"
elif [ "$action" = test -o "$action" = build ]; then
systemNumber=$(
nix-env -p "$profile" --list-generations |
targetHostCmd nix-env -p "$profile" --list-generations |
sed -n '/current/ {g; p;}; s/ *\([0-9]*\).*/\1/; h'
)
ln -sT "$profile"-${systemNumber}-link ./result
pathToConfig=./result
pathToConfig="$profile"-${systemNumber}-link
if [ -z "$targetHost" ]; then
ln -sT "$pathToConfig" ./result
fi
else
showSyntax
fi
@ -234,7 +368,7 @@ fi
# If we're not just building, then make the new configuration the boot
# default and/or activate it now.
if [ "$action" = switch -o "$action" = boot -o "$action" = test -o "$action" = dry-activate ]; then
if ! $pathToConfig/bin/switch-to-configuration "$action"; then
if ! targetHostCmd $pathToConfig/bin/switch-to-configuration "$action"; then
echo "warning: error(s) occurred while switching to the new configuration" >&2
exit 1
fi

9
nixos/modules/misc/ids.nix
View File

@ -248,6 +248,12 @@
matrix-synapse = 224;
rspamd = 225;
rmilter = 226;
cfdyndns = 227;
gammu-smsd = 228;
pdnsd = 229;
octoprint = 230;
avahi-autoipd = 231;
nntp-proxy = 232;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -473,6 +479,9 @@
matrix-synapse = 224;
rspamd = 225;
rmilter = 226;
cfdyndns = 227;
pdnsd = 229;
octoprint = 230;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

139
nixos/modules/misc/locate.nix
View File

@ -1,76 +1,76 @@
{ config, lib, pkgs, ... }:
{ config, options, lib, pkgs, ... }:
with lib;
let
cfg = config.services.locate;
in {
###### interface
options = {
services.locate = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, NixOS will periodically update the database of
files used by the <command>locate</command> command.
'';
};
period = mkOption {
type = types.str;
default = "15 02 * * *";
description = ''
This option defines (in the format used by cron) when the
locate database is updated.
The default is to update at 02:15 at night every day.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Extra flags to pass to <command>updatedb</command>.
'';
};
output = mkOption {
type = types.path;
default = "/var/cache/locatedb";
description = ''
The database file to build.
'';
};
localuser = mkOption {
type = types.str;
default = "nobody";
description = ''
The user to search non-network directories as, using
<command>su</command>.
'';
};
includeStore = mkOption {
type = types.bool;
default = false;
description = ''
Whether to include <filename>/nix/store</filename> in the locate database.
'';
};
options.services.locate = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, NixOS will periodically update the database of
files used by the <command>locate</command> command.
'';
};
interval = mkOption {
type = types.str;
default = "02:15";
example = "hourly";
description = ''
Update the locate database at this interval. Updates by
default at 2:15 AM every day.
The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
'';
};
# This is no longer supported, but we keep it to give a better warning below
period = mkOption { visible = false; };
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Extra flags to pass to <command>updatedb</command>.
'';
};
output = mkOption {
type = types.path;
default = "/var/cache/locatedb";
description = ''
The database file to build.
'';
};
localuser = mkOption {
type = types.str;
default = "nobody";
description = ''
The user to search non-network directories as, using
<command>su</command>.
'';
};
includeStore = mkOption {
type = types.bool;
default = false;
description = ''
Whether to include <filename>/nix/store</filename> in the locate database.
'';
};
};
###### implementation
config = {
warnings =
let opt = options.services.locate.period; in
optional opt.isDefined "The services.locate.period option in ${showFiles opt.files} has been removed; please replace it with services.locate.interval, using the systemd.time(7) calendar event format.";
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = [ pkgs.su ];
@ -84,11 +84,18 @@ in {
'';
serviceConfig.Nice = 19;
serviceConfig.IOSchedulingClass = "idle";
serviceConfig.PrivateTmp = "yes";
serviceConfig.PrivateNetwork = "yes";
serviceConfig.NoNewPrivileges = "yes";
serviceConfig.ReadOnlyDirectories = "/";
serviceConfig.ReadWriteDirectories = cfg.output;
};
services.cron.systemCronJobs = optional config.services.locate.enable
"${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service";
systemd.timers.update-locatedb = mkIf cfg.enable
{ description = "Update timer for locate database";
partOf = [ "update-locatedb.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = cfg.interval;
};
};
}

82
nixos/modules/misc/nixos.nix
View File

@ -1,82 +0,0 @@
{ config, options, lib, ... }:
# This modules is used to inject a different NixOS version as well as its
# argument such that one can pin a specific version with the versionning
# system of the configuration.
let
nixosReentry = import config.nixos.path {
inherit (config.nixos) configuration extraModules;
inherit (config.nixpkgs) system;
reEnter = true;
};
in
with lib;
{
options = {
nixos.path = mkOption {
default = null;
example = literalExample "./nixpkgs-15.09/nixos";
type = types.nullOr types.path;
description = ''
This option give the ability to evaluate the current set of modules
with a different version of NixOS. This option can be used version
the version of NixOS with the configuration without relying on the
<literal>NIX_PATH</literal> environment variable.
'';
};
nixos.system = mkOption {
example = "i686-linux";
type = types.uniq types.str;
description = ''
Name of the system used to compile NixOS.
'';
};
nixos.extraModules = mkOption {
default = [];
example = literalExample "[ ./sshd-config.nix ]";
type = types.listOf (types.either (types.submodule ({...}:{options={};})) types.path);
description = ''
Define additional modules which would be loaded to evaluate the
configuration.
'';
};
nixos.configuration = mkOption {
type = types.unspecified;
internal = true;
description = ''
Option used by <filename>nixos/default.nix</filename> to re-inject
the same configuration module as the one used for the current
execution.
'';
};
nixos.reflect = mkOption {
default = { inherit config options; };
type = types.unspecified;
internal = true;
description = ''
Provides <literal>config</literal> and <literal>options</literal>
computed by the module system and given as argument to all
modules. These are used for introspection of options and
configuration by tools such as <literal>nixos-option</literal>.
'';
};
};
config = mkMerge [
(mkIf (config.nixos.path != null) (mkForce {
system.build.toplevel = nixosReentry.system;
system.build.vm = nixosReentry.vm;
nixos.reflect = { inherit (nixosReentry) config options; };
}))
{ meta.maintainers = singleton lib.maintainers.pierron;
meta.doc = ./nixos.xml;
}
];
}

84
nixos/modules/misc/nixos.xml
View File

@ -1,84 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-misc-nixos">
<title>NixOS Reentry</title>
<!-- FIXME: render nicely -->
<!-- FIXME: source can be added automatically -->
<para><emphasis>Source:</emphasis> <filename>modules/misc/nixos.nix</filename></para>
<!-- FIXME: more stuff, like maintainer? -->
<para>NixOS reentry can be used for both pinning the evaluation to a
specific version of NixOS, and to dynamically add additional modules into
the Module evaluation.</para>
<section><title>NixOS Version Pinning</title>
<para>To pin a specific version of NixOS, you need a version that you can
either clone localy, or that you can fetch remotely.</para>
<para>If you already have a cloned version of NixOS in the directory
<filename>/etc/nixos/nixpkgs-16-03</filename>, then you can specify the
<option>nixos.path</option> with either the path or the relative path of
your NixOS clone. For example, you can add the following to your
<filename>/etc/nixos/configuration.nix</filename> file:
<programlisting>
nixos.path = ./nixpkgs-16-03/nixos;
</programlisting>
</para>
<para>Another option is to fetch a specific version of NixOS, with either
the <literal>fetchTarball</literal> builtin, or the
<literal>pkgs.fetchFromGitHub</literal> function and use the result as an
input.
<programlisting>
nixos.path = "${builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/1f27976e03c15183191d1b4aa1a40d1f14666cd2.tar.gz}/nixos";
</programlisting>
</para>
</section>
<section><title>Adding Module Dynamically</title>
<para>To add additional module, the recommended way is to use statically
known modules in the list of imported arguments as described in <xref
linkend="sec-modularity" />. Unfortunately, this recommended method has
limitation, such that the list of imported files cannot be selected based on
the content of the configuration.
Fortunately, NixOS reentry system can be used as an alternative to register
new imported modules based on the content of the configuration. To do so,
one should define both <option>nixos.path</option> and
<option>nixos.extraModules</option> options.
<programlisting>
nixos.path = &lt;nixos&gt;;
nixos.extraModules =
if config.networking.hostName == "server" then
[ ./server.nix ] else [ ./client.nix ];
</programlisting>
Also note, that the above can be reimplemented in a different way which is
not as expensive, by using <literal>mkIf</literal> at the top each
configuration if both modules are present on the file system (see <xref
linkend="sec-option-definitions" />) and by always inmporting both
modules.</para>
</section>
<section><title>Options</title>
<para>FIXME: auto-generated list of module options.</para>
</section>
</chapter>

31
nixos/modules/module-list.nix
View File

@ -7,7 +7,6 @@
./config/fonts/fonts.nix
./config/fonts/ghostscript.nix
./config/gnu.nix
./config/gtk-exe-env.nix
./config/i18n.nix
./config/krb5.nix
./config/ldap.nix
@ -16,7 +15,6 @@
./config/nsswitch.nix
./config/power-management.nix
./config/pulseaudio.nix
./config/qt-plugin-env.nix
./config/shells-environment.nix
./config/swap.nix
./config/sysctl.nix
@ -42,6 +40,12 @@
./hardware/video/bumblebee.nix
./hardware/video/nvidia.nix
./hardware/video/ati.nix
./hardware/video/webcam/facetimehd.nix
./i18n/inputMethod/default.nix
./i18n/inputMethod/fcitx.nix
./i18n/inputMethod/ibus.nix
./i18n/inputMethod/nabi.nix
./i18n/inputMethod/uim.nix
./installer/tools/auto-upgrade.nix
./installer/tools/nixos-checkout.nix
./installer/tools/tools.nix
@ -52,7 +56,6 @@
./misc/lib.nix
./misc/locate.nix
./misc/meta.nix
./misc/nixos.nix
./misc/nixpkgs.nix
./misc/passthru.nix
./misc/version.nix
@ -65,7 +68,6 @@
./programs/environment.nix
./programs/freetds.nix
./programs/fish.nix
./programs/ibus.nix
./programs/kbdlight.nix
./programs/light.nix
./programs/man.nix
@ -75,7 +77,6 @@
./programs/shell.nix
./programs/ssh.nix
./programs/ssmtp.nix
./programs/uim.nix
./programs/venus.nix
./programs/wvdial.nix
./programs/xfs_quota.nix
@ -88,6 +89,7 @@
./security/ca.nix
./security/duosec.nix
./security/grsecurity.nix
./security/oath.nix
./security/pam.nix
./security/pam_usb.nix
./security/pam_mount.nix
@ -200,6 +202,7 @@
./services/misc/bepasty.nix
./services/misc/canto-daemon.nix
./services/misc/calibre-server.nix
./services/misc/cfdyndns.nix
./services/misc/cpuminer-cryptonight.nix
./services/misc/cgminer.nix
./services/misc/confd.nix
@ -210,6 +213,7 @@
./services/misc/etcd.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/gammu-smsd.nix
#./services/misc/gitit.nix
./services/misc/gitlab.nix
./services/misc/gitolite.nix
@ -226,6 +230,7 @@
./services/misc/nix-gc.nix
./services/misc/nixos-manual.nix
./services/misc/nix-ssh-serve.nix
./services/misc/octoprint.nix
./services/misc/parsoid.nix
./services/misc/phd.nix
./services/misc/plex.nix
@ -235,6 +240,7 @@
./services/misc/ripple-data-api.nix
./services/misc/rogue.nix
./services/misc/siproxd.nix
./services/misc/spice-vdagentd.nix
./services/misc/subsonic.nix
./services/misc/sundtek.nix
./services/misc/svnserve.nix
@ -249,6 +255,7 @@
./services/monitoring/dd-agent.nix
./services/monitoring/grafana.nix
./services/monitoring/graphite.nix
./services/monitoring/hdaps.nix
./services/monitoring/heapster.nix
./services/monitoring/longview.nix
./services/monitoring/monit.nix
@ -267,6 +274,7 @@
./services/monitoring/zabbix-agent.nix
./services/monitoring/zabbix-server.nix
./services/network-filesystems/drbd.nix
./services/network-filesystems/netatalk.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/openafs-client/default.nix
./services/network-filesystems/rsyncd.nix
@ -315,11 +323,11 @@
./services/networking/hostapd.nix
./services/networking/i2pd.nix
./services/networking/i2p.nix
./services/networking/ifplugd.nix
./services/networking/iodined.nix
./services/networking/ircd-hybrid/default.nix
./services/networking/kippo.nix
./services/networking/lambdabot.nix
./services/networking/libreswan.nix
./services/networking/mailpile.nix
./services/networking/minidlna.nix
./services/networking/miniupnpd.nix
@ -330,6 +338,7 @@
./services/networking/networkmanager.nix
./services/networking/ngircd.nix
./services/networking/nix-serve.nix
./services/networking/nntp-proxy.nix
./services/networking/nsd.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
@ -339,6 +348,7 @@
./services/networking/openntpd.nix
./services/networking/openvpn.nix
./services/networking/ostinato.nix
./services/networking/pdnsd.nix
./services/networking/polipo.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix
@ -395,6 +405,7 @@
./services/security/fprintd.nix
./services/security/fprot.nix
./services/security/frandom.nix
./services/security/haka.nix
./services/security/haveged.nix
./services/security/hologram.nix
./services/security/munge.nix
@ -437,6 +448,7 @@
./services/x11/display-managers/lightdm.nix
./services/x11/display-managers/sddm.nix
./services/x11/display-managers/slim.nix
./services/x11/hardware/libinput.nix
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
@ -460,10 +472,10 @@
./system/boot/coredump.nix
./system/boot/emergency-mode.nix
./system/boot/initrd-network.nix
./system/boot/initrd-ssh.nix
./system/boot/kernel.nix
./system/boot/kexec.nix
./system/boot/loader/efi.nix
./system/boot/loader/loader.nix
./system/boot/loader/generations-dir/generations-dir.nix
./system/boot/loader/generic-extlinux-compatible
./system/boot/loader/grub/grub.nix
@ -471,15 +483,16 @@
./system/boot/loader/grub/memtest.nix
./system/boot/loader/gummiboot/gummiboot.nix
./system/boot/loader/init-script/init-script.nix
./system/boot/loader/loader.nix
./system/boot/loader/raspberrypi/raspberrypi.nix
./system/boot/luksroot.nix
./system/boot/modprobe.nix
./system/boot/networkd.nix
./system/boot/resolved.nix
./system/boot/shutdown.nix
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/boot/networkd.nix
./system/boot/resolved.nix
./system/boot/timesyncd.nix
./system/boot/tmp.nix
./system/etc/etc.nix

1
nixos/modules/profiles/base.nix
View File

@ -17,6 +17,7 @@
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes
pkgs.which # 88K size
# Some networking tools.
pkgs.fuse

2
nixos/modules/profiles/qemu-guest.nix
View File

@ -14,4 +14,6 @@
# to the *boot time* of the host).
hwclock -s
'';
security.rngd.enable = false;
}

2
nixos/modules/programs/bash/bash.nix
View File

@ -56,7 +56,7 @@ in
*/
shellAliases = mkOption {
default = config.environment.shellAliases // { which = "type -P"; };
default = config.environment.shellAliases;
description = ''
Set of aliases for bash shell. See <option>environment.shellAliases</option>
for an option format description.

16
nixos/modules/programs/freetds.nix
View File

@ -17,14 +17,14 @@ in
environment.freetds = mkOption {
type = types.attrsOf types.str;
default = {};
example = {
MYDATABASE =
''
host = 10.0.2.100
port = 1433
tds version = 7.2
'';
};
example = literalExample ''
{ MYDATABASE = '''
host = 10.0.2.100
port = 1433
tds version = 7.2
''';
}
'';
description =
''
Configure freetds database entries. Each attribute denotes

51
nixos/modules/programs/ibus.nix
View File

@ -1,51 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.ibus;
in
{
options = {
programs.ibus = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable IBus input method";
};
plugins = mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
IBus plugin packages
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.ibus pkgs.gnome3.dconf ];
gtkPlugins = [ pkgs.ibus ];
qtPlugins = [ pkgs.ibus-qt ];
environment.variables =
let
env = pkgs.buildEnv {
name = "ibus-env";
paths = [ pkgs.ibus ] ++ cfg.plugins;
};
in {
GTK_IM_MODULE = "ibus";
QT_IM_MODULE = "ibus";
XMODIFIERS = "@im=ibus";
IBUS_COMPONENT_PATH = "${env}/share/ibus/component";
};
services.xserver.displayManager.sessionCommands = "${pkgs.ibus}/bin/ibus-daemon --daemonize --xim --cache=none";
};
}

11
nixos/modules/programs/ssh.nix
View File

@ -36,6 +36,7 @@ in
askPassword = mkOption {
type = types.str;
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
description = ''Program used by SSH to ask for passwords.'';
};
@ -186,6 +187,9 @@ in
ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}
# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
PubkeyAcceptedKeyTypes +ssh-dss
${cfg.extraConfig}
'';
@ -221,12 +225,7 @@ in
fi
'';
environment.interactiveShellInit = optionalString config.services.xserver.enable
''
export SSH_ASKPASS=${askPassword}
'';
programs.ssh.askPassword = mkDefault "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword;
};
}

31
nixos/modules/programs/uim.nix
View File

@ -1,31 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.uim;
in
{
options = {
uim = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable UIM input method";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.uim ];
gtkPlugins = [ pkgs.uim ];
qtPlugins = [ pkgs.uim ];
environment.variables.GTK_IM_MODULE = "uim";
environment.variables.QT_IM_MODULE = "uim";
environment.variables.XMODIFIERS = "@im=uim";
services.xserver.displayManager.sessionCommands = "uim-xim &";
};
}

4
nixos/modules/programs/venus.nix
View File

@ -99,6 +99,7 @@ in
};
outputTheme = mkOption {
default = "${pkgs.venus}/themes/classic_fancy";
type = types.path;
description = ''
Directory containing a config.ini file which is merged with this one.
@ -165,11 +166,8 @@ in
script = "exec venus-planet ${configFile}";
serviceConfig.User = "${cfg.user}";
serviceConfig.Group = "${cfg.group}";
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
startAt = cfg.dates;
};
services.venus.outputTheme = mkDefault "${pkgs.venus}/themes/classic_fancy";
};
}

4
nixos/modules/programs/xfs_quota.nix
View File

@ -89,8 +89,8 @@ in
nameValuePair "xfs_quota-${name}" {
description = "Setup xfs_quota for project ${name}";
script = ''
${pkgs.xfsprogs}/bin/xfs_quota -x -c 'project -s ${name}' ${opts.fileSystem}
${pkgs.xfsprogs}/bin/xfs_quota -x -c 'limit -p ${limitOptions opts} ${name}' ${opts.fileSystem}
${pkgs.xfsprogs.bin}/bin/xfs_quota -x -c 'project -s ${name}' ${opts.fileSystem}
${pkgs.xfsprogs.bin}/bin/xfs_quota -x -c 'limit -p ${limitOptions opts} ${name}' ${opts.fileSystem}
'';
wantedBy = [ "multi-user.target" ];

9
nixos/modules/rename.nix
View File

@ -28,6 +28,9 @@ with lib;
(mkRenamedOptionModule [ "services" "subsonic" "host" ] [ "services" "subsonic" "listenAddress" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ])
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
(mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])
@ -59,6 +62,9 @@ with lib;
# Tarsnap
(mkRenamedOptionModule [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ])
# ibus
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
# proxy
(mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
@ -77,6 +83,7 @@ with lib;
(mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ])
(mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ])
(mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ])
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ])
@ -99,6 +106,8 @@ with lib;
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ])
(mkRemovedOptionModule [ "ec2" "metadata" ])
(mkRemovedOptionModule [ "services" "openvpn" "enable" ])
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
];
}

4
nixos/modules/security/acme.nix
View File

@ -56,8 +56,8 @@ let
plugins = mkOption {
type = types.listOf (types.enum [
"cert.der" "cert.pem" "chain.der" "chain.pem" "external_pem.sh"
"fullchain.der" "fullchain.pem" "key.der" "key.pem" "account_key.json"
"cert.der" "cert.pem" "chain.pem" "external.sh"
"fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json"
]);
default = [ "fullchain.pem" "key.pem" "account_key.json" ];
description = ''

4
nixos/modules/security/apparmor-suid.nix
View File

@ -29,8 +29,8 @@ with lib;
network inet raw,
${pkgs.glibc.out}/lib/*.so mr,
${pkgs.libcap}/lib/libcap.so* mr,
${pkgs.attr}/lib/libattr.so* mr,
${pkgs.libcap.out}/lib/libcap.so* mr,
${pkgs.attr.out}/lib/libattr.so* mr,
${pkgs.iputils}/bin/ping mixr,
/var/setuid-wrappers/ping.real r,

4
nixos/modules/security/audit.nix
View File

@ -93,9 +93,11 @@ in {
config = mkIf (cfg.enable == "lock" || cfg.enable) {
systemd.services.audit = {
description = "pseudo-service representing the kernel audit state";
description = "Kernel Auditing";
wantedBy = [ "basic.target" ];
unitConfig.ConditionVirtualization = "!container";
path = [ pkgs.audit ];
serviceConfig = {

35
nixos/modules/security/ca.nix
View File

@ -4,7 +4,7 @@ with lib;
let
caBundle = pkgs.runCommand "ca-bundle.crt"
caCertificates = pkgs.runCommand "ca-certificates.crt"
{ files =
config.security.pki.certificateFiles ++
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
@ -26,7 +26,7 @@ in
description = ''
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
<filename>/etc/ssl/certs/ca-bundle.crt</filename>, which is
<filename>/etc/ssl/certs/ca-certificates.crt</filename>, which is
used by many programs that use OpenSSL, such as
<command>curl</command> and <command>git</command>.
'';
@ -35,14 +35,17 @@ in
security.pki.certificates = mkOption {
type = types.listOf types.str;
default = [];
example = singleton ''
NixOS.org
=========
-----BEGIN CERTIFICATE-----
MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
...
-----END CERTIFICATE-----
example = literalExample ''
[ '''
NixOS.org
=========
-----BEGIN CERTIFICATE-----
MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
...
-----END CERTIFICATE-----
'''
]
'';
description = ''
A list of trusted root certificates in PEM format.
@ -56,19 +59,13 @@ in
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;
environment.etc."ssl/certs/ca-certificates.crt".source = caCertificates;
# Old NixOS compatibility.
environment.etc."ssl/certs/ca-bundle.crt".source = caBundle;
environment.etc."ssl/certs/ca-bundle.crt".source = caCertificates;
# CentOS/Fedora compatibility.
environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle;
environment.sessionVariables =
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
# FIXME: unneeded - remove eventually.
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt";
};
environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates;
};

50
nixos/modules/security/oath.nix Normal file
View File

@ -0,0 +1,50 @@
# This module provides configuration for the OATH PAM modules.
{ config, lib, pkgs, ... }:
with lib;
{
options = {
security.pam.oath = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the OATH (one-time password) PAM module.
'';
};
digits = mkOption {
type = types.enum [ 6 7 8 ];
default = 6;
description = ''
Specify the length of the one-time password in number of
digits.
'';
};
window = mkOption {
type = types.int;
default = 5;
description = ''
Specify the number of one-time passwords to check in order
to accommodate for situations where the system and the
client are slightly out of sync (iteration for HOTP or time
steps for TOTP).
'';
};
usersFile = mkOption {
type = types.path;
default = "/etc/users.oath";
description = ''
Set the path to file where the user's credentials are
stored. This file must not be world readable!
'';
};
};
};
}

17
nixos/modules/security/pam.nix
View File

@ -75,7 +75,7 @@ let
};
oathAuth = mkOption {
default = config.security.pam.enableOATH;
default = config.security.pam.oath.enable;
type = types.bool;
description = ''
If set, the OATH Toolkit will be used.
@ -259,8 +259,8 @@ let
"auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"}
${optionalString cfg.otpwAuth
"auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.oathAuth
"auth sufficient ${pkgs.oathToolkit}/lib/security/pam_oath.so window=5 usersfile=/etc/users.oath"}
${let oath = config.security.pam.oath; in optionalString cfg.oathAuth
"auth sufficient ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"}
${optionalString config.users.ldap.enable
"auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"}
${optionalString config.krb5.enable ''
@ -302,8 +302,6 @@ let
"session optional ${pam_krb5}/lib/security/pam_krb5.so"}
${optionalString cfg.otpwAuth
"session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.oathAuth
"session optional ${pkgs.oathToolkit}/lib/security/pam_oath.so window=5 usersfile=/etc/users.oath"}
${optionalString cfg.startSession
"session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
${optionalString cfg.forwardXAuth
@ -405,13 +403,6 @@ in
'';
};
security.pam.enableOATH = mkOption {
default = false;
description = ''
Enable the OATH (one-time password) PAM module.
'';
};
security.pam.enableU2F = mkOption {
default = false;
description = ''
@ -446,7 +437,7 @@ in
++ optional config.users.ldap.enable pam_ldap
++ optionals config.krb5.enable [pam_krb5 pam_ccreds]
++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]
++ optionals config.security.pam.enableOATH [ pkgs.oathToolkit ]
++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ]
++ optionals config.security.pam.enableU2F [ pkgs.pam_u2f ]
++ optionals config.security.pam.enableEcryptfs [ pkgs.ecryptfs ];

3
nixos/modules/services/amqp/activemq/default.nix
View File

@ -32,6 +32,7 @@ in {
'';
};
configurationDir = mkOption {
default = "${activemq}/conf";
description = ''
The base directory for ActiveMQ's configuration.
By default, this directory is searched for a file named activemq.xml,
@ -125,8 +126,6 @@ in {
'';
};
services.activemq.configurationDir = mkDefault "${activemq}/conf";
};
}

1
nixos/modules/services/computing/slurm/slurm.nix
View File

@ -37,6 +37,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.slurm-llnl;
defaultText = "pkgs.slurm-llnl";
example = literalExample "pkgs.slurm-llnl-full";
description = ''
The packge to use for slurm binaries.

17
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -92,11 +92,12 @@ in {
type = with types; attrsOf str;
description = ''
Additional environment variables to be passed to the jenkins process.
As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and
GIT_SSL_CAINFO from <option>environment.sessionVariables</option>,
NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to
the value of <option>services.jenkins.home</option>. This option has
precedence and can be used to override those mentioned variables.
As a base environment, jenkins receives NIX_PATH from
<option>environment.sessionVariables</option>, NIX_REMOTE is set to
"daemon" and JENKINS_HOME is set to the value of
<option>services.jenkins.home</option>.
This option has precedence and can be used to override those
mentioned variables.
'';
};
@ -136,11 +137,7 @@ in {
environment =
let
selectedSessionVars =
lib.filterAttrs (n: v: builtins.elem n
[ "NIX_PATH"
"SSL_CERT_FILE"
"GIT_SSL_CAINFO"
])
lib.filterAttrs (n: v: builtins.elem n [ "NIX_PATH" ])
config.environment.sessionVariables;
in
selectedSessionVars //

38
nixos/modules/services/databases/postgresql.nix
View File

@ -158,7 +158,7 @@ in
# Note: when changing the default, make it conditional on
# system.stateVersion to maintain compatibility with existing
# systems!
mkDefault pkgs.postgresql94;
mkDefault (if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql95 else pkgs.postgresql94);
services.postgresql.authentication = mkAfter
''
@ -177,7 +177,7 @@ in
users.extraGroups.postgres.gid = config.ids.gids.postgres;
environment.systemPackages = [postgresql];
environment.systemPackages = [ postgresql ];
systemd.services.postgresql =
{ description = "PostgreSQL Server";
@ -187,35 +187,37 @@ in
environment.PGDATA = cfg.dataDir;
path = [ pkgs.su postgresql ];
path = [ postgresql ];
preStart =
''
# Create data directory.
if ! test -e ${cfg.dataDir}/PG_VERSION; then
mkdir -m 0700 -p ${cfg.dataDir}
rm -f ${cfg.dataDir}/*.conf
chown -R postgres:postgres ${cfg.dataDir}
fi
''; # */
script =
''
# Initialise the database.
if ! test -e ${cfg.dataDir}/PG_VERSION; then
mkdir -m 0700 -p ${cfg.dataDir}
rm -f ${cfg.dataDir}/*.conf
if [ "$(id -u)" = 0 ]; then
chown -R postgres ${cfg.dataDir}
su -s ${pkgs.stdenv.shell} postgres -c 'initdb -U root'
else
# For non-root operation.
initdb
fi
# See postStart!
touch "${cfg.dataDir}/.first_startup"
initdb -U root
# See postStart!
touch "${cfg.dataDir}/.first_startup"
fi
ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
${optionalString (cfg.recoveryConfig != null) ''
ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \
"${cfg.dataDir}/recovery.conf"
''}
''; # */
exec postgres ${toString flags}
'';
serviceConfig =
{ ExecStart = "@${postgresql}/bin/postgres postgres ${toString flags}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
{ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "postgres";
Group = "postgres";
PermissionsStartOnly = true;

176
nixos/modules/services/hardware/acpid.nix
View File

@ -4,112 +4,39 @@ with lib;
let
canonicalHandlers = {
powerEvent = {
event = "button/power.*";
action = config.services.acpid.powerEventCommands;
};
lidEvent = {
event = "button/lid.*";
action = config.services.acpid.lidEventCommands;
};
acEvent = {
event = "ac_adapter.*";
action = config.services.acpid.acEventCommands;
};
};
acpiConfDir = pkgs.runCommand "acpi-events" {}
''
mkdir -p $out
${
# Generate a configuration file for each event. (You can't have
# multiple events in one config file...)
let f = event:
let f = name: handler:
''
fn=$out/${event.name}
echo "event=${event.event}" > $fn
echo "action=${pkgs.writeScript "${event.name}.sh" event.action}" >> $fn
fn=$out/${name}
echo "event=${handler.event}" > $fn
echo "action=${pkgs.writeScript "${name}.sh" (concatStringsSep "\n" [ "#! ${pkgs.bash}/bin/sh" handler.action ])}" >> $fn
'';
in lib.concatMapStrings f events
in concatStringsSep "\n" (mapAttrsToList f (canonicalHandlers // config.services.acpid.handlers))
}
'';
events = [powerEvent lidEvent acEvent muteEvent volumeDownEvent volumeUpEvent cdPlayEvent cdNextEvent cdPrevEvent];
# Called when the power button is pressed.
powerEvent =
{ name = "power-button";
event = "button/power.*";
action =
''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.powerEventCommands}
'';
};
# Called when the laptop lid is opened/closed.
lidEvent =
{ name = "lid";
event = "button/lid.*";
action =
''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.lidEventCommands}
'';
};
# Called when the AC power is connected or disconnected.
acEvent =
{ name = "ac-power";
event = "ac_adapter.*";
action =
''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.acEventCommands}
'';
};
muteEvent = {
name = "mute";
event = "button/mute.*";
action = ''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.muteCommands}
'';
};
volumeDownEvent = {
name = "volume-down";
event = "button/volumedown.*";
action = ''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.volumeDownEventCommands}
'';
};
volumeUpEvent = {
name = "volume-up";
event = "button/volumeup.*";
action = ''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.volumeUpEventCommands}
'';
};
cdPlayEvent = {
name = "cd-play";
event = "cd/play.*";
action = ''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.cdPlayEventCommands}
'';
};
cdNextEvent = {
name = "cd-next";
event = "cd/next.*";
action = ''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.cdNextEventCommands}
'';
};
cdPrevEvent = {
name = "cd-prev";
event = "cd/prev.*";
action = ''
#! ${pkgs.bash}/bin/sh
${config.services.acpid.cdPrevEventCommands}
'';
};
in
{
@ -126,6 +53,29 @@ in
description = "Whether to enable the ACPI daemon.";
};
handlers = mkOption {
type = types.attrsOf (types.submodule {
options = {
event = mkOption {
type = types.str;
example = [ "button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*" ];
description = "Event type.";
};
action = mkOption {
type = types.lines;
description = "Shell commands to execute when the event is triggered.";
};
};
});
description = "Event handlers.";
default = {};
example = { mute = { event = "button/mute.*"; action = "amixer set Master toggle"; }; };
};
powerEventCommands = mkOption {
type = types.lines;
default = "";
@ -144,42 +94,6 @@ in
description = "Shell commands to execute on an ac_adapter.* event.";
};
muteCommands = mkOption {
type = types.lines;
default = "";
description = "Shell commands to execute on an button/mute.* event.";
};
volumeDownEventCommands = mkOption {
type = types.lines;
default = "";
description = "Shell commands to execute on an button/volumedown.* event.";
};
volumeUpEventCommands = mkOption {
type = types.lines;
default = "";
description = "Shell commands to execute on an button/volumeup.* event.";
};
cdPlayEventCommands = mkOption {
type = types.lines;
default = "";
description = "Shell commands to execute on an cd/play.* event.";
};
cdNextEventCommands = mkOption {
type = types.lines;
default = "";
description = "Shell commands to execute on an cd/next.* event.";
};
cdPrevEventCommands = mkOption {
type = types.lines;
default = "";
description = "Shell commands to execute on an cd/prev.* event.";
};
};
};

60
nixos/modules/services/hardware/bluetooth.nix
View File

@ -1,6 +1,43 @@
{ config, lib, pkgs, ... }:
with lib;
let
bluez-bluetooth = if config.services.xserver.desktopManager.kde4.enable then pkgs.bluez else pkgs.bluez5;
configBluez = {
description = "Bluetooth Service";
serviceConfig = {
Type = "dbus";
BusName = "org.bluez";
ExecStart = "${bluez-bluetooth}/sbin/bluetoothd -n";
};
wantedBy = [ "bluetooth.target" ];
};
configBluez5 = {
description = "Bluetooth Service";
serviceConfig = {
Type = "dbus";
BusName = "org.bluez";
ExecStart = "${bluez-bluetooth}/sbin/bluetoothd -n";
NotifyAccess="main";
CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
LimitNPROC=1;
};
wantedBy = [ "bluetooth.target" ];
};
obexConfig = {
description = "Bluetooth OBEX service";
serviceConfig = {
Type = "dbus";
BusName = "org.bluez.obex";
ExecStart = "${bluez-bluetooth}/sbin/obexd";
};
};
bluezConfig = if config.services.xserver.desktopManager.kde4.enable then configBluez else configBluez5;
in
{
@ -16,26 +53,15 @@ with lib;
};
###### implementation
config = mkIf config.hardware.bluetooth.enable {
environment.systemPackages = [ pkgs.bluez pkgs.openobex pkgs.obexftp ];
services.udev.packages = [ pkgs.bluez ];
services.dbus.packages = [ pkgs.bluez ];
systemd.services."dbus-org.bluez" = {
description = "Bluetooth Service";
serviceConfig = {
Type = "dbus";
BusName = "org.bluez";
ExecStart = "${pkgs.bluez}/sbin/bluetoothd -n";
};
wantedBy = [ "bluetooth.target" ];
};
environment.systemPackages = [ bluez-bluetooth pkgs.openobex pkgs.obexftp ];
services.udev.packages = [ bluez-bluetooth ];
services.dbus.packages = [ bluez-bluetooth ];
systemd.services."dbus-org.bluez" = bluezConfig;
systemd.services."dbus-org.bluez.obex" = obexConfig;
};

17
nixos/modules/services/hardware/sane.nix
View File

@ -21,7 +21,13 @@ in
hardware.sane.enable = mkOption {
type = types.bool;
default = false;
description = "Enable support for SANE scanners.";
description = ''
Enable support for SANE scanners.
<note><para>
Users in the "scanner" group will gain access to the scanner.
</para></note>
'';
};
hardware.sane.snapshot = mkOption {
@ -33,7 +39,14 @@ in
hardware.sane.extraBackends = mkOption {
type = types.listOf types.path;
default = [];
description = "Packages providing extra SANE backends to enable.";
description = ''
Packages providing extra SANE backends to enable.
<note><para>
The example contains the package for HP scanners.
</para></note>
'';
example = literalExample "[ pkgs.hplipWithPlugin ]";
};
hardware.sane.configDir = mkOption {

93
nixos/modules/services/hardware/udev.nix
View File

@ -13,7 +13,13 @@ let
extraUdevRules = pkgs.writeTextFile {
name = "extra-udev-rules";
text = cfg.extraRules;
destination = "/etc/udev/rules.d/10-local.rules";
destination = "/etc/udev/rules.d/99-local.rules";
};
extraHwdbFile = pkgs.writeTextFile {
name = "extra-hwdb-file";
text = cfg.extraHwdb;
destination = "/etc/udev/hwdb.d/99-local.hwdb";
};
nixosRules = ''
@ -55,7 +61,9 @@ let
--replace \"/sbin/modprobe \"${config.system.sbin.modprobe}/sbin/modprobe \
--replace \"/sbin/mdadm \"${pkgs.mdadm}/sbin/mdadm \
--replace \"/sbin/blkid \"${pkgs.utillinux}/sbin/blkid \
--replace \"/bin/mount \"${pkgs.utillinux}/bin/mount
--replace \"/bin/mount \"${pkgs.utillinux}/bin/mount \
--replace /usr/bin/readlink ${pkgs.coreutils}/bin/readlink \
--replace /usr/bin/basename ${pkgs.coreutils}/bin/basename
done
echo -n "Checking that all programs called by relative paths in udev rules exist in ${udev}/lib/udev... "
@ -86,10 +94,30 @@ let
done
echo "OK"
echo "Consider fixing the following udev rules:"
for i in ${toString cfg.packages}; do
grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true
done
filesToFixup="$(for i in "$out"/*; do
grep -l '\B\(/usr\)\?/s\?bin' "$i" || :
done)"
if [ -n "$filesToFixup" ]; then
echo "Consider fixing the following udev rules:"
echo "$filesToFixup" | while read localFile; do
remoteFile="origin unknown"
for i in ${toString cfg.packages}; do
for j in "$i"/*/udev/rules.d/*; do
[ -e "$out/$(basename "$j")" ] || continue
[ "$(basename "$j")" = "$(basename "$localFile")" ] || continue
remoteFile="originally from $j"
break 2
done
done
refs="$(
grep -o '\B\(/usr\)\?/s\?bin/[^ "]\+' "$localFile" \
| sed -e ':r;N;''${s/\n/ and /;br};s/\n/, /g;br'
)"
echo "$localFile ($remoteFile) contains references to $refs."
done
exit 1
fi
${optionalString config.networking.usePredictableInterfaceNames ''
cp ${./80-net-setup-link.rules} $out/80-net-setup-link.rules
@ -104,6 +132,27 @@ let
''; # */
};
hwdbBin = stdenv.mkDerivation {
name = "hwdb.bin";
preferLocalBuild = true;
allowSubstitutes = false;
buildCommand = ''
mkdir -p etc/udev/hwdb.d
for i in ${toString ([udev] ++ cfg.packages)}; do
echo "Adding hwdb files for package $i"
for j in $i/{etc,lib}/udev/hwdb.d/*; do
ln -s $j etc/udev/hwdb.d/$(basename $j)
done
done
echo "Generating hwdb database..."
${udev}/bin/udevadm hwdb --update --root=$(pwd)
mv etc/udev/hwdb.bin $out
'';
};
# Udev has a 512-character limit for ENV{PATH}, so create a symlink
# tree to work around this.
udevPath = pkgs.buildEnv {
@ -163,8 +212,23 @@ in
type = types.lines;
description = ''
Additional <command>udev</command> rules. They'll be written
into file <filename>10-local.rules</filename>. Thus they are
read before all other rules.
into file <filename>99-local.rules</filename>. Thus they are
read and applied after all other rules.
'';
};
extraHwdb = mkOption {
default = "";
example = ''
evdev:input:b0003v05AFp8277*
KEYBOARD_KEY_70039=leftalt
KEYBOARD_KEY_700e2=leftctrl
'';
type = types.lines;
description = ''
Additional <command>hwdb</command> files. They'll be written
into file <filename>10-local.hwdb</filename>. Thus they are
read before all other files.
'';
};
@ -216,7 +280,7 @@ in
services.udev.extraRules = nixosRules;
services.udev.packages = [ extraUdevRules ];
services.udev.packages = [ extraUdevRules extraHwdbFile ];
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ];
@ -224,6 +288,9 @@ in
[ { source = udevRules;
target = "udev/rules.d";
}
{ source = hwdbBin;
target = "udev/hwdb.bin";
}
];
system.requiredKernelConfig = with config.lib.kernelConfig; [
@ -241,13 +308,6 @@ in
echo "" > /proc/sys/kernel/hotplug
fi
# Regenerate the hardware database /var/lib/udev/hwdb.bin
# whenever systemd changes.
if [ ! -e /var/lib/udev/prev-systemd -o "$(readlink /var/lib/udev/prev-systemd)" != ${config.systemd.package} ]; then
echo "regenerating udev hardware database..."
${config.systemd.package}/bin/udevadm hwdb --update && ln -sfn ${config.systemd.package} /var/lib/udev/prev-systemd
fi
# Allow the kernel to find our firmware.
if [ -e /sys/module/firmware_class/parameters/path ]; then
echo -n "${config.hardware.firmware}/lib/firmware" > /sys/module/firmware_class/parameters/path
@ -256,6 +316,7 @@ in
systemd.services.systemd-udevd =
{ environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
restartTriggers = cfg.packages;
};
};

105
nixos/modules/services/mail/dovecot.nix
View File

@ -9,16 +9,11 @@ let
baseDir = "/run/dovecot2";
stateDir = "/var/lib/dovecot";
protocols = concatStrings [
(optionalString cfg.enableImap "imap")
(optionalString cfg.enablePop3 "pop3")
(optionalString cfg.enableLmtp "lmtp")
];
dovecotConf = concatStrings [
''
base_dir = ${baseDir}
protocols = ${protocols}
protocols = ${concatStringsSep " " cfg.protocols}
sendmail_path = /var/setuid-wrappers/sendmail
''
(if isNull cfg.sslServerCert then ''
@ -33,6 +28,8 @@ let
''
default_internal_user = ${cfg.user}
${optionalString (cfg.mailUser != null) "mail_uid = ${cfg.mailUser}"}
${optionalString (cfg.mailGroup != null) "mail_gid = ${cfg.mailGroup}"}
mail_location = ${cfg.mailLocation}
@ -57,11 +54,17 @@ let
}
'')
(optionalString (cfg.sieveScripts != {}) ''
plugin {
${concatStringsSep "\n" (mapAttrsToList (to: from: "sieve_${to} = ${stateDir}/sieve/${to}") cfg.sieveScripts)}
}
'')
cfg.extraConfig
];
modulesDir = pkgs.symlinkJoin "dovecot-modules"
(map (module: "${module}/lib/dovecot") cfg.modules);
(map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules));
in
{
@ -87,6 +90,12 @@ in
description = "Start the LMTP listener (when Dovecot is enabled).";
};
protocols = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Additional listeners to start when Dovecot is enabled.";
};
package = mkOption {
type = types.package;
default = pkgs.dovecot22;
@ -129,13 +138,25 @@ in
'';
};
mailUser = mkOption {
type = types.nullOr types.str;
default = null;
description = "Default user to store mail for virtual users.";
};
mailGroup = mkOption {
type = types.nullOr types.str;
default = null;
description = "Default group to store mail for virtual users.";
};
modules = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "[ pkgs.dovecot_pigeonhole ]";
description = ''
Symlinks the contents of lib/dovecot of every given package into
/var/lib/dovecot/modules. This will make the given modules available
/etc/dovecot/modules. This will make the given modules available
if a dovecot package with the module_dir patch applied (like
pkgs.dovecot22, the default) is being used.
'';
@ -162,7 +183,13 @@ in
enablePAM = mkOption {
type = types.bool;
default = true;
description = "Wether to create a own Dovecot PAM service and configure PAM user logins.";
description = "Whether to create a own Dovecot PAM service and configure PAM user logins.";
};
sieveScripts = mkOption {
type = types.attrsOf types.path;
default = {};
description = "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
};
showPAMFailure = mkOption {
@ -177,23 +204,31 @@ in
security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
services.dovecot2.protocols =
optional cfg.enableImap "imap"
++ optional cfg.enablePop3 "pop3"
++ optional cfg.enableLmtp "lmtp";
users.extraUsers = [
{ name = cfg.user;
uid = config.ids.uids.dovecot2;
description = "Dovecot user";
group = cfg.group;
}
{ name = "dovenull";
uid = config.ids.uids.dovenull2;
description = "Dovecot user for untrusted logins";
group = cfg.group;
}
];
] ++ optional (cfg.user == "dovecot2")
{ name = "dovecot2";
uid = config.ids.uids.dovecot2;
description = "Dovecot user";
group = cfg.group;
};
users.extraGroups = singleton {
name = cfg.group;
gid = config.ids.gids.dovecot2;
};
users.extraGroups = optional (cfg.group == "dovecot2")
{ name = "dovecot2";
gid = config.ids.gids.dovecot2;
};
environment.etc."dovecot/modules".source = modulesDir;
environment.etc."dovecot/dovecot.conf".source = cfg.configFile;
systemd.services.dovecot2 = {
description = "Dovecot IMAP/POP3 server";
@ -201,26 +236,38 @@ in
after = [ "keys.target" "network.target" ];
wants = [ "keys.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p "${baseDir}/login"
chown -R ${cfg.user}:${cfg.group} "${baseDir}"
rm -f "${stateDir}/modules"
ln -s "${modulesDir}" "${stateDir}/modules"
'';
restartTriggers = [ cfg.configFile ];
serviceConfig = {
ExecStart = "${dovecotPkg}/sbin/dovecot -F -c ${cfg.configFile}";
ExecStart = "${dovecotPkg}/sbin/dovecot -F";
ExecReload = "${dovecotPkg}/sbin/doveadm reload";
Restart = "on-failure";
RestartSec = "1s";
StartLimitInterval = "1min";
RuntimeDirectory = [ "dovecot2" ];
};
preStart = ''
rm -rf ${stateDir}/sieve
'' + optionalString (cfg.sieveScripts != {}) ''
mkdir -p ${stateDir}/sieve
${concatStringsSep "\n" (mapAttrsToList (to: from: ''
if [ -d '${from}' ]; then
mkdir '${stateDir}/sieve/${to}'
cp "${from}/"*.sieve '${stateDir}/sieve/${to}'
else
cp '${from}' '${stateDir}/sieve/${to}'
fi
${pkgs.dovecot_pigeonhole}/bin/sievec '${stateDir}/sieve/${to}'
'') cfg.sieveScripts)}
chown -R '${cfg.mailUser}:${cfg.mailGroup}' '${stateDir}/sieve'
'';
};
environment.systemPackages = [ dovecotPkg ];
assertions = [
{ assertion = cfg.enablePop3 || cfg.enableImap;
{ assertion = intersectLists cfg.protocols [ "pop3" "imap" ] != [];
message = "dovecot needs at least one of the IMAP or POP3 listeners enabled";
}
{ assertion = isNull cfg.sslServerCert == isNull cfg.sslServerKey

Some files were not shown because too many files have changed in this diff Show More