chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-12 19:00:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:staging-next
Branches Tags
chn:nixos-25.05 chn:nixos-25.11 chn:enhance-slurm chn:fix-bintools-wrapper chn:fix-wrapper chn:fix-slurm-2 chn:fix-slurm chn:fix-tailscale chn:nixos-unstable-2505 chn:nixos-unstable chn:fix-ctranslate2 chn:nixos-23.11 chn:update-httplib chn:fix-boost chn:nvidia chn:update-gitlfs chn:update-phonopy chn:nixos-24.11 chn:update-ovito chn:fix-hackage chn:fix-libvirt chn:next chn:fix-architecture chn:fix-phonopy chn:add-gitlfstransfer chn:fix-legion chn:nixos-24.05 chn:fix-utterly-theme chn:utterly-backup chn:utterly-debug chn:fix-nomacs chn:nixos-23.11-desktop chn:xrdp chn:nixos-23.11-old chn:nixos-23.05 chn:nixos-unstable-23.05 chn:nixos-unstable-next chn:nixos-23.05-next chn:diff chn:master chn:new-machine chn:add-more-arch chn:nixos-22.05 chn:staging-22.11 chn:staging-next-22.11 chn:haskell-updates chn:staging chn:staging-next chn:nixos-unstable-small chn:nixpkgs-unstable chn:nixos-22.11-small chn:nixpkgs-22.11-darwin chn:release-22.11 chn:nixos-22.11 chn:lanzaboote chn:upgrade/pixelfed chn:backport-231556-to-release-22.11 chn:kde-gear-23.04.1 chn:python-test-refactoring chn:backport-231190-to-release-22.11 chn:backport-206688-to-release-22.11 chn:backport-230427-to-release-22.11 chn:netboot-tests chn:backport-230037-to-release-22.11 chn:backport-229688-to-release-22.11 chn:backport-229507-to-release-22.11 chn:pr/yoda_1_9_8 chn:even-more-vulkan-updates chn:backport-229141-to-release-22.11 chn:qemu-vm/tpm chn:qemu-vm/read-efi-var chn:partition-table-qemu chn:backport-228461-to-release-22.11 chn:backport-228489-to-release-22.11 chn:nixos-22.05-aarch64 chn:nixos-22.05-small chn:nixpkgs-22.05-darwin chn:release-22.05 chn:make-disk-image/no-nix-store chn:angelfish-fix chn:backport-227646-to-release-22.11 chn:backport-227331-to-release-22.11 chn:backport-227448-to-release-22.11 chn:revert-227360-paperwm-bump chn:pr/texlive_texinfo_fix_hash chn:backport-216987-to-release-22.11 chn:backport-224094-to-release-22.11 chn:backport-225322-to-release-22.11 chn:pr/hepmc3_3_2_6 chn:backport-223455-to-release-22.11 chn:bump-llvm-latest chn:revert-215109-gnupg-libgcrypt-lts chn:revert-224746-asciify-message chn:kf5-5.105 chn:r-updates chn:backport-224069-to-staging-22.11 chn:backport-205134-to-release-22.11 chn:jtojnar/deps-nd-fix chn:pr/pymoo_0_6_0_1 chn:pr/root_6_28_00 chn:rustc chn:backport-217366-to-release-22.11 chn:bye-dpi chn:ory-hydra chn:sniproxy-update chn:diffoscope-unfree chn:python-updates chn:release-21.11 chn:llvm16 chn:backport-217341-to-release-22.11 chn:backport-206105-to-release-22.11 chn:backport-217578-to-release-22.11 chn:gokrazy-rsync chn:hass-onboarding chn:sudo-by-default chn:backport-216643-to-release-22.11 chn:balsoft/add-gnss-share chn:system chn:balsoft/add-qmlkonsole chn:pr/libredirect_system_test chn:backport-216167-to-release-22.11 chn:backport-215928-to-release-22.11 chn:isAarchDarwin chn:samuela/apache-beam chn:upd/openssh-92 chn:backport-213424-to-release-22.11 chn:backport-208549-to-release-22.11 chn:backport-213196-to-release-22.11 chn:backport-212206-to-release-22.11 chn:llvm15-wip chn:plasma-5.27 chn:backport-209550-to-release-22.11 chn:uri-canva-patch-1 chn:backport-209919-to-release-22.11 chn:pr/dask-awkward chn:qt-5.15.8 chn:backport-209022-to-release-22.11 chn:staging-22.05 chn:staging-next-22.05 chn:garage-multiple-versions chn:domenkozar-patch-1 chn:backport-199069-to-release-22.11 chn:auto-update/python3.10-autofaiss chn:pixelfed-module chn:simplified-qemu-boot-disks chn:backport-205765-to-release-22.11 chn:qemu-smm chn:backport-206912-to-release-22.11 chn:backport-205900-to-release-22.11 chn:backport-201949-to-release-22.11 chn:backport-203874-to-release-22.11 chn:backport-201203-to-release-22.11 chn:backport-140890-to-release-22.11 chn:upvote-convention chn:backport-189935-to-release-22.11 chn:backport-202314-to-release-22.11 chn:backport-202767-to-release-22.11 chn:backport-201875-to-release-22.11 chn:ibus-no-force-gtk-im chn:wip/jtojnar/account-service-util-nogui chn:pr/xrootd_rpath chn:clipboard-inspector chn:upd8n chn:kpackage-fix chn:balsoft/nuitka-update-1.1.5 chn:python-test-refactoring-baseline chn:direnv-module chn:emacs-manual-remove-absolute-paths chn:staging-python chn:nixos-21.05 chn:nixos-21.05-aarch64 chn:nixos-21.05-small chn:nixpkgs-21.05-darwin chn:release-21.05 chn:nixos-21.11 chn:nixos-21.11-aarch64 chn:nixos-21.11-small chn:nixpkgs-21.11-darwin chn:staging-21.11 chn:staging-next-21.11 chn:nixos-test-staging chn:nixos-test-staging-baseline chn:miniaudicle-gcc-10 chn:mkcue-gcc10 chn:staging-21.05 chn:staging-next-21.05 chn:release-19.03 chn:release-19.09 chn:release-20.03 chn:nixos-20.09-small chn:nixpkgs-20.09-darwin chn:release-20.09 chn:grahamc-patch-3 chn:rpi-cm4-support chn:grahamc-patch-2 chn:ghcHEAD-update chn:default-parameters chn:init-ueforth chn:mmahut/prometheus-nginx-exporter chn:nixos-20.09 chn:staging-20.09 chn:nixos-20.09-aarch64 chn:grahamc-patch-1 chn:structured-attrs chn:nixos-20.03 chn:nixos-20.03-small chn:nixpkgs-20.03-darwin chn:staging-20.03 chn:systemd-lib-reintroduce chn:nixos-19.09 chn:nixos-19.09-small chn:nixpkgs-19.09-darwin chn:gnome-20.03 chn:staging-patchelf chn:staging-19.09 chn:release-18.03 chn:release-18.09 chn:nixos-19.03 chn:nixos-19.03-small chn:nixpkgs-19.03-darwin chn:staging-19.03 chn:nixpkgs-18.09-darwin chn:kevincox-openarena-server chn:nixos-18.09 chn:nixos-18.09-small chn:staging-18.09 chn:release-17.09 chn:release-18.09-firefox64 chn:staging-18.03 chn:docs-all-packages chn:unstable-aarch64 chn:release-17.03 chn:release-16.09 chn:release-15.09 chn:release-16.03 chn:nixpart chn:release-14.12 chn:release-14.04 chn:release-13.10 chn:staging.patchShebangs chn:0.5-stable
chn:22.11 chn:23.05-pre chn:22.11-beta chn:22.05 chn:22.05-beta chn:21.11 chn:22.05-pre chn:21.11-beta chn:21.05 chn:21.11-pre chn:21.05-beta chn:20.09 chn:20.09-beta chn:20.09-alpha chn:20.03 chn:20.03-beta chn:19.09 chn:19.09-beta chn:19.03 chn:19.03-beta chn:18.09 chn:18.09-beta chn:18.03 chn:18.03-beta chn:17.09 chn:17.09-beta chn:17.03 chn:17.03-beta chn:16.09 chn:16.09-beta chn:black@2016-09-01 chn:black@2016-08-31 chn:black@2016-06-02 chn:black@2016-05-13 chn:release-16.03-start chn:16.03 chn:16.03-beta chn:v208 chn:v206 chn:15.09-beta chn:15.09 chn:v192 chn:last-glibc-2.13 chn:binary chn:0.14 chn:backups/stdenv-updates@34093 chn:backups/kmod-no-lib-modules@34172 chn:backups/glib-2.30-take2@33502 chn:backups/kmod-MODULE_DIR@33576 chn:backups/stdenv-updates@32824 chn:backups/libpng15@32782 chn:backups/glib-2.30@32938 chn:backups/darwin-without-xcode@34172 chn:backups/drop-kde4.5@30929 chn:backups/multiple-outputs-sandbox@34172 chn:backups/pure-python@34174 chn:backups/darwin-updates@34176 chn:backups/udev-173@28837 chn:backups/kde-4.7@34170 chn:backups/stdenv-ada@26758 chn:backups/modular-python@26697 chn:backups/x-updates@26704 chn:backups/cve-2010-3856@34170 chn:backups/stdenv-bootstrap-20100825@23426 chn:backups/parallel-building-merger@34171 chn:backups/x-updates@22736 chn:backups/multitask-builds@34175 chn:backups/mass-update-01@31456 chn:backups/stdenv-updates@19858 chn:0.13 chn:backups/kernel-config@19023 chn:backups/x86_64-darwin@34171 chn:backups/stdenv-updates2@18282 chn:backups/stdenv-updates2@18273 chn:backups/stdenv-updates@18281 chn:backups/xorg-7.5@18179 chn:backups/armv5tel-linux@18007 chn:backups/stdenv-updates@15332 chn:backups/0.12-release@15293 chn:0.12 chn:backups/stdenv-updates@12144 chn:backups/stdenv-updates-merge@10849 chn:backups/master@10848 chn:backups/stdenv-updates@10965 chn:backups/0.11-release@9315 chn:0.11 chn:0.10 chn:backups/0.10-release@6725 chn:backups/usability@34170 chn:0.9 chn:backups/0.9-release@4651 chn:0.8 chn:backups/0.8-release@2530 chn:0.7 chn:backups/0.7-release@2398 chn:backups/one-click@2549 chn:backups/nixos-pkgs@34170 chn:backups/0.6-release@1775 chn:0.6 chn:backups/martin2@34171 chn:backups/0.5.1-release@996 chn:0.5.1 chn:backups/0.5-stable@34171 chn:0.5 chn:backups/0.5-release@989 chn:backups/martin@828 chn:0.4 chn:backups/logistics@34171 chn:0.3 chn:0.2 chn:backups/freebsd-losser@34171 chn:0.1 chn:backups/master@59
..
compare: chn:netboot-tests
Branches Tags
chn:nixos-25.11 chn:enhance-slurm chn:fix-bintools-wrapper chn:fix-wrapper chn:fix-slurm-2 chn:fix-slurm chn:fix-tailscale chn:nixos-unstable-2505 chn:nixos-unstable chn:fix-ctranslate2 chn:nixos-23.11 chn:nixos-25.05 chn:update-httplib chn:fix-boost chn:nvidia chn:update-gitlfs chn:update-phonopy chn:nixos-24.11 chn:update-ovito chn:fix-hackage chn:fix-libvirt chn:next chn:fix-architecture chn:fix-phonopy chn:add-gitlfstransfer chn:fix-legion chn:nixos-24.05 chn:fix-utterly-theme chn:utterly-backup chn:utterly-debug chn:fix-nomacs chn:nixos-23.11-desktop chn:xrdp chn:nixos-23.11-old chn:nixos-23.05 chn:nixos-unstable-23.05 chn:nixos-unstable-next chn:nixos-23.05-next chn:diff chn:master chn:new-machine chn:add-more-arch chn:nixos-22.05 chn:staging-22.11 chn:staging-next-22.11 chn:haskell-updates chn:staging chn:staging-next chn:nixos-unstable-small chn:nixpkgs-unstable chn:nixos-22.11-small chn:nixpkgs-22.11-darwin chn:release-22.11 chn:nixos-22.11 chn:lanzaboote chn:upgrade/pixelfed chn:backport-231556-to-release-22.11 chn:kde-gear-23.04.1 chn:python-test-refactoring chn:backport-231190-to-release-22.11 chn:backport-206688-to-release-22.11 chn:backport-230427-to-release-22.11 chn:netboot-tests chn:backport-230037-to-release-22.11 chn:backport-229688-to-release-22.11 chn:backport-229507-to-release-22.11 chn:pr/yoda_1_9_8 chn:even-more-vulkan-updates chn:backport-229141-to-release-22.11 chn:qemu-vm/tpm chn:qemu-vm/read-efi-var chn:partition-table-qemu chn:backport-228461-to-release-22.11 chn:backport-228489-to-release-22.11 chn:nixos-22.05-aarch64 chn:nixos-22.05-small chn:nixpkgs-22.05-darwin chn:release-22.05 chn:make-disk-image/no-nix-store chn:angelfish-fix chn:backport-227646-to-release-22.11 chn:backport-227331-to-release-22.11 chn:backport-227448-to-release-22.11 chn:revert-227360-paperwm-bump chn:pr/texlive_texinfo_fix_hash chn:backport-216987-to-release-22.11 chn:backport-224094-to-release-22.11 chn:backport-225322-to-release-22.11 chn:pr/hepmc3_3_2_6 chn:backport-223455-to-release-22.11 chn:bump-llvm-latest chn:revert-215109-gnupg-libgcrypt-lts chn:revert-224746-asciify-message chn:kf5-5.105 chn:r-updates chn:backport-224069-to-staging-22.11 chn:backport-205134-to-release-22.11 chn:jtojnar/deps-nd-fix chn:pr/pymoo_0_6_0_1 chn:pr/root_6_28_00 chn:rustc chn:backport-217366-to-release-22.11 chn:bye-dpi chn:ory-hydra chn:sniproxy-update chn:diffoscope-unfree chn:python-updates chn:release-21.11 chn:llvm16 chn:backport-217341-to-release-22.11 chn:backport-206105-to-release-22.11 chn:backport-217578-to-release-22.11 chn:gokrazy-rsync chn:hass-onboarding chn:sudo-by-default chn:backport-216643-to-release-22.11 chn:balsoft/add-gnss-share chn:system chn:balsoft/add-qmlkonsole chn:pr/libredirect_system_test chn:backport-216167-to-release-22.11 chn:backport-215928-to-release-22.11 chn:isAarchDarwin chn:samuela/apache-beam chn:upd/openssh-92 chn:backport-213424-to-release-22.11 chn:backport-208549-to-release-22.11 chn:backport-213196-to-release-22.11 chn:backport-212206-to-release-22.11 chn:llvm15-wip chn:plasma-5.27 chn:backport-209550-to-release-22.11 chn:uri-canva-patch-1 chn:backport-209919-to-release-22.11 chn:pr/dask-awkward chn:qt-5.15.8 chn:backport-209022-to-release-22.11 chn:staging-22.05 chn:staging-next-22.05 chn:garage-multiple-versions chn:domenkozar-patch-1 chn:backport-199069-to-release-22.11 chn:auto-update/python3.10-autofaiss chn:pixelfed-module chn:simplified-qemu-boot-disks chn:backport-205765-to-release-22.11 chn:qemu-smm chn:backport-206912-to-release-22.11 chn:backport-205900-to-release-22.11 chn:backport-201949-to-release-22.11 chn:backport-203874-to-release-22.11 chn:backport-201203-to-release-22.11 chn:backport-140890-to-release-22.11 chn:upvote-convention chn:backport-189935-to-release-22.11 chn:backport-202314-to-release-22.11 chn:backport-202767-to-release-22.11 chn:backport-201875-to-release-22.11 chn:ibus-no-force-gtk-im chn:wip/jtojnar/account-service-util-nogui chn:pr/xrootd_rpath chn:clipboard-inspector chn:upd8n chn:kpackage-fix chn:balsoft/nuitka-update-1.1.5 chn:python-test-refactoring-baseline chn:direnv-module chn:emacs-manual-remove-absolute-paths chn:staging-python chn:nixos-21.05 chn:nixos-21.05-aarch64 chn:nixos-21.05-small chn:nixpkgs-21.05-darwin chn:release-21.05 chn:nixos-21.11 chn:nixos-21.11-aarch64 chn:nixos-21.11-small chn:nixpkgs-21.11-darwin chn:staging-21.11 chn:staging-next-21.11 chn:nixos-test-staging chn:nixos-test-staging-baseline chn:miniaudicle-gcc-10 chn:mkcue-gcc10 chn:staging-21.05 chn:staging-next-21.05 chn:release-19.03 chn:release-19.09 chn:release-20.03 chn:nixos-20.09-small chn:nixpkgs-20.09-darwin chn:release-20.09 chn:grahamc-patch-3 chn:rpi-cm4-support chn:grahamc-patch-2 chn:ghcHEAD-update chn:default-parameters chn:init-ueforth chn:mmahut/prometheus-nginx-exporter chn:nixos-20.09 chn:staging-20.09 chn:nixos-20.09-aarch64 chn:grahamc-patch-1 chn:structured-attrs chn:nixos-20.03 chn:nixos-20.03-small chn:nixpkgs-20.03-darwin chn:staging-20.03 chn:systemd-lib-reintroduce chn:nixos-19.09 chn:nixos-19.09-small chn:nixpkgs-19.09-darwin chn:gnome-20.03 chn:staging-patchelf chn:staging-19.09 chn:release-18.03 chn:release-18.09 chn:nixos-19.03 chn:nixos-19.03-small chn:nixpkgs-19.03-darwin chn:staging-19.03 chn:nixpkgs-18.09-darwin chn:kevincox-openarena-server chn:nixos-18.09 chn:nixos-18.09-small chn:staging-18.09 chn:release-17.09 chn:release-18.09-firefox64 chn:staging-18.03 chn:docs-all-packages chn:unstable-aarch64 chn:release-17.03 chn:release-16.09 chn:release-15.09 chn:release-16.03 chn:nixpart chn:release-14.12 chn:release-14.04 chn:release-13.10 chn:staging.patchShebangs chn:0.5-stable
chn:22.11 chn:23.05-pre chn:22.11-beta chn:22.05 chn:22.05-beta chn:21.11 chn:22.05-pre chn:21.11-beta chn:21.05 chn:21.11-pre chn:21.05-beta chn:20.09 chn:20.09-beta chn:20.09-alpha chn:20.03 chn:20.03-beta chn:19.09 chn:19.09-beta chn:19.03 chn:19.03-beta chn:18.09 chn:18.09-beta chn:18.03 chn:18.03-beta chn:17.09 chn:17.09-beta chn:17.03 chn:17.03-beta chn:16.09 chn:16.09-beta chn:black@2016-09-01 chn:black@2016-08-31 chn:black@2016-06-02 chn:black@2016-05-13 chn:release-16.03-start chn:16.03 chn:16.03-beta chn:v208 chn:v206 chn:15.09-beta chn:15.09 chn:v192 chn:last-glibc-2.13 chn:binary chn:0.14 chn:backups/stdenv-updates@34093 chn:backups/kmod-no-lib-modules@34172 chn:backups/glib-2.30-take2@33502 chn:backups/kmod-MODULE_DIR@33576 chn:backups/stdenv-updates@32824 chn:backups/libpng15@32782 chn:backups/glib-2.30@32938 chn:backups/darwin-without-xcode@34172 chn:backups/drop-kde4.5@30929 chn:backups/multiple-outputs-sandbox@34172 chn:backups/pure-python@34174 chn:backups/darwin-updates@34176 chn:backups/udev-173@28837 chn:backups/kde-4.7@34170 chn:backups/stdenv-ada@26758 chn:backups/modular-python@26697 chn:backups/x-updates@26704 chn:backups/cve-2010-3856@34170 chn:backups/stdenv-bootstrap-20100825@23426 chn:backups/parallel-building-merger@34171 chn:backups/x-updates@22736 chn:backups/multitask-builds@34175 chn:backups/mass-update-01@31456 chn:backups/stdenv-updates@19858 chn:0.13 chn:backups/kernel-config@19023 chn:backups/x86_64-darwin@34171 chn:backups/stdenv-updates2@18282 chn:backups/stdenv-updates2@18273 chn:backups/stdenv-updates@18281 chn:backups/xorg-7.5@18179 chn:backups/armv5tel-linux@18007 chn:backups/stdenv-updates@15332 chn:backups/0.12-release@15293 chn:0.12 chn:backups/stdenv-updates@12144 chn:backups/stdenv-updates-merge@10849 chn:backups/master@10848 chn:backups/stdenv-updates@10965 chn:backups/0.11-release@9315 chn:0.11 chn:0.10 chn:backups/0.10-release@6725 chn:backups/usability@34170 chn:0.9 chn:backups/0.9-release@4651 chn:0.8 chn:backups/0.8-release@2530 chn:0.7 chn:backups/0.7-release@2398 chn:backups/one-click@2549 chn:backups/nixos-pkgs@34170 chn:backups/0.6-release@1775 chn:0.6 chn:backups/martin2@34171 chn:backups/0.5.1-release@996 chn:0.5.1 chn:backups/0.5-stable@34171 chn:0.5 chn:backups/0.5-release@989 chn:backups/martin@828 chn:0.4 chn:backups/logistics@34171 chn:0.3 chn:0.2 chn:backups/freebsd-losser@34171 chn:0.1 chn:backups/master@59

5 Commits
staging-ne ... netboot-te

Author SHA1 Message Date
Raito Bezarius
c71fbaa380 nixos/netboot: use config.system.boot.loader.initrdFile instead of hardcoding initrd, disable compression for initrd 2023-05-05 18:14:02 +02:00
Raito Bezarius
1e495e5e45 nixos/tests/netboot: add directBoot test 2023-05-05 18:14:02 +02:00
Raito Bezarius
aaa1d6be7b nixos/tests/netboot: repair netboot testing with modern QEMU test infrastructure 2023-05-05 16:15:01 +02:00
Raito Bezarius
7444a98628 nixos/qemu-vm: introduce virtualisation.directBoot 
As with many things, we have scenarios where we don't want to boot on a
disk / bootloader and also we don't want to boot directly.

Sometimes, we want to boot through an OptionROM of our NIC, e.g. netboot
scenarios or let the firmware decide something, e.g. UEFI PXE (or even
UEFI OptionROM!).

This is composed of:

- `directBoot.enable`: whether to direct boot or not
- `directBoot.initrd`: enable overriding the
  `config.system.build.initialRamdisk` defaults, useful for
  netbootRamdisk for example.

This makes it possible.
 2023-05-05 16:14:34 +02:00
Raito Bezarius
09bdc607a4 nixos/qemu-vm: fix diskless VMs 
Previously, it was possible to run with a tmpfs / with
`virtualisation.diskImage = null;`, this was likely broken by my changes
in 4b4e4c3ef9.

It is reintroduced by disabling properly the bootloader for now, as it
is complicated to make it work with.
 2023-04-26 14:48:27 +02:00
3796 changed files with 127366 additions and 202259 deletions
Expand all files Collapse all files

4
.editorconfig
View File

@@ -101,7 +101,3 @@ end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
charset = unset
[lib/tests/*.plist]
indent_style = tab
insert_final_newline = unset

39
.github/CODEOWNERS vendored
View File

@@ -22,19 +22,19 @@
/.editorconfig @Mic92 @zowoq
# Libraries
/lib @edolstra @infinisil
/lib/systems @alyssais @ericson2314 @matthewbauer
/lib/generators.nix @edolstra @Profpatsch
/lib/cli.nix @edolstra @Profpatsch
/lib/debug.nix @edolstra @Profpatsch
/lib/asserts.nix @edolstra @Profpatsch
/lib @edolstra @nbp @infinisil
/lib/systems @alyssais @nbp @ericson2314 @matthewbauer
/lib/generators.nix @edolstra @nbp @Profpatsch
/lib/cli.nix @edolstra @nbp @Profpatsch
/lib/debug.nix @edolstra @nbp @Profpatsch
/lib/asserts.nix @edolstra @nbp @Profpatsch
/lib/path.* @infinisil @fricklerhandwerk
# Nixpkgs Internals
/default.nix @Ericson2314
/pkgs/top-level/default.nix @Ericson2314
/pkgs/top-level/impure.nix @Ericson2314
/pkgs/top-level/stage.nix @Ericson2314 @matthewbauer
/default.nix @nbp
/pkgs/top-level/default.nix @nbp @Ericson2314
/pkgs/top-level/impure.nix @nbp @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer
/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer
/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer
/pkgs/stdenv/generic @Ericson2314 @matthewbauer
@@ -67,9 +67,22 @@
/doc/using @fricklerhandwerk
# NixOS Internals
/nixos/default.nix @infinisil
/nixos/lib/from-env.nix @infinisil
/nixos/lib/eval-config.nix @infinisil
/nixos/default.nix @nbp @infinisil
/nixos/lib/from-env.nix @nbp @infinisil
/nixos/lib/eval-config.nix @nbp @infinisil
/nixos/doc/manual/configuration/abstractions.xml @nbp
/nixos/doc/manual/configuration/config-file.xml @nbp
/nixos/doc/manual/configuration/config-syntax.xml @nbp
/nixos/doc/manual/configuration/modularity.xml @nbp
/nixos/doc/manual/development/assertions.xml @nbp
/nixos/doc/manual/development/meta-attributes.xml @nbp
/nixos/doc/manual/development/option-declarations.xml @nbp
/nixos/doc/manual/development/option-def.xml @nbp
/nixos/doc/manual/development/option-types.xml @nbp
/nixos/doc/manual/development/replace-modules.xml @nbp
/nixos/doc/manual/development/writing-modules.xml @nbp
/nixos/doc/manual/man-nixos-option.xml @nbp
/nixos/modules/installer/tools/nixos-option.sh @nbp
/nixos/modules/system @dasJ
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius

2
doc/build-aux/pandoc-filters/link-manpages.nix
View File

@@ -1,7 +1,7 @@
{ pkgs ? import ../../.. {} }:
let
inherit (pkgs) lib;
manpageURLs = lib.importJSON (pkgs.path + "/doc/manpage-urls.json");
manpageURLs = builtins.fromJSON (builtins.readFile (pkgs.path + "/doc/manpage-urls.json"));
in pkgs.writeText "link-manpages.lua" ''
--[[
Adds links to known man pages that aren't already in a link.

20
doc/builders/testers.chapter.md
View File

@@ -164,26 +164,6 @@ tests.fetchgit = testers.invalidateFetcherByDrvHash fetchgit {
};
```
## `runNixOSTest` {#tester-runNixOSTest}
A helper function that behaves exactly like the NixOS `runTest`, except it also assigns this Nixpkgs package set as the `pkgs` of the test and makes the `nixpkgs.*` options read-only.
If your test is part of the Nixpkgs repository, or if you need a more general entrypoint, see ["Calling a test" in the NixOS manual](https://nixos.org/manual/nixos/stable/index.html#sec-calling-nixos-tests).
Example:
```nix
pkgs.testers.runNixOSTest ({ lib, ... }: {
name = "hello";
nodes.machine = { pkgs, ... }: {
environment.systemPackages = [ pkgs.hello ];
};
testScript = ''
machine.succeed("hello")
'';
})
```
## `nixosTest` {#tester-nixosTest}
Run a NixOS VM network test using this evaluation of Nixpkgs.

5
doc/doc-support/default.nix
View File

@@ -45,10 +45,7 @@ let
# NB: This file describes the Nixpkgs manual, which happens to use module
# docs infra originally developed for NixOS.
optionsDoc = pkgs.nixosOptionsDoc {
inherit (pkgs.lib.evalModules {
modules = [ ../../pkgs/top-level/config.nix ];
class = "nixpkgsConfig";
}) options;
inherit (pkgs.lib.evalModules { modules = [ ../../pkgs/top-level/config.nix ]; }) options;
documentType = "none";
transformOptions = opt:
opt // {

2
doc/languages-frameworks/cuda.section.md
View File

@@ -27,7 +27,7 @@ package set to make it the default. This guarantees you get a consistent package
set.
```nix
mypkg = let
cudaPackages = cudaPackages_11_5.overrideScope' (final: prev: {
cudaPackages = cudaPackages_11_5.overrideScope' (final: prev {
cudnn = prev.cudnn_8_3_2;
}});
in callPackage { inherit cudaPackages; };

65
doc/languages-frameworks/dart.section.md
View File

@@ -1,65 +0,0 @@
# Dart {#sec-language-dart}
## Dart applications {#ssec-dart-applications}
The function `buildDartApplication` builds Dart applications managed with pub.
It fetches its Dart dependencies automatically through `fetchDartDeps`, and (through a series of hooks) builds and installs the executables specified in the pubspec file. The hooks can be used in other derivations, if needed. The phases can also be overridden to do something different from installing binaries.
If you are packaging a Flutter desktop application, use [`buildFlutterApplication`](#ssec-dart-flutter) instead.
`vendorHash`: is the hash of the output of the dependency fetcher derivation. To obtain it, simply set it to `lib.fakeHash` (or omit it) and run the build ([more details here](#sec-source-hashes)).
If the upstream source is missing a `pubspec.lock` file, you'll have to vendor one and specify it using `pubspecLockFile`. If it is needed, one will be generated for you and printed when attempting to build the derivation.
The `dart` commands run can be overridden through `pubGetScript` and `dartCompileCommand`, you can also add flags using `dartCompileFlags` or `dartJitFlags`.
Dart supports multiple [outputs types](https://dart.dev/tools/dart-compile#types-of-output), you can choose between them using `dartOutputType` (defaults to `exe`). If you want to override the binaries path or the source path they come from, you can use `dartEntryPoints`. Outputs that require a runtime will automatically be wrapped with the relevant runtime (`dartaotruntime` for `aot-snapshot`, `dart run` for `jit-snapshot` and `kernel`, `node` for `js`), this can be overridden through `dartRuntimeCommand`.
```nix
{ buildDartApplication, fetchFromGitHub }:
buildDartApplication rec {
pname = "dart-sass";
version = "1.62.1";
src = fetchFromGitHub {
owner = "sass";
repo = pname;
rev = version;
hash = "sha256-U6enz8yJcc4Wf8m54eYIAnVg/jsGi247Wy8lp1r1wg4=";
};
pubspecLockFile = ./pubspec.lock;
vendorHash = "sha256-Atm7zfnDambN/BmmUf4BG0yUz/y6xWzf0reDw3Ad41s=";
}
```
## Flutter applications {#ssec-dart-flutter}
The function `buildFlutterApplication` builds Flutter applications.
The deps.json file must always be provided when packaging in Nixpkgs. It will be generated and printed if the derivation is attempted to be built without one. Alternatively, `autoDepsList` may be set to `true` when outside of Nixpkgs, as it relies on import-from-derivation.
A `pubspec.lock` file must be available. See the [Dart documentation](#ssec-dart-applications) for more details.
```nix
{ flutter, fetchFromGitHub }:
flutter.buildFlutterApplication {
pname = "firmware-updater";
version = "unstable-2023-04-30";
src = fetchFromGitHub {
owner = "canonical";
repo = "firmware-updater";
rev = "6e7dbdb64e344633ea62874b54ff3990bd3b8440";
sha256 = "sha256-s5mwtr5MSPqLMN+k851+pFIFFPa0N1hqz97ys050tFA=";
fetchSubmodules = true;
};
pubspecLockFile = ./pubspec.lock;
depsListFile = ./deps.json;
vendorHash = "sha256-cdMO+tr6kYiN5xKXa+uTMAcFf2C75F3wVPrn21G4QPQ=";
}
```

1
doc/languages-frameworks/index.xml
View File

@@ -14,7 +14,6 @@
<xi:include href="crystal.section.xml" />
<xi:include href="cuda.section.xml" />
<xi:include href="cuelang.section.xml" />
<xi:include href="dart.section.xml" />
<xi:include href="dhall.section.xml" />
<xi:include href="dotnet.section.xml" />
<xi:include href="emscripten.section.xml" />

15
doc/languages-frameworks/ocaml.section.md
View File

@@ -38,12 +38,12 @@ Here is a simple package example.
- It uses the `fetchFromGitHub` fetcher to get its source.
- It also accept `duneVersion` parameter (valid value are `"1"`, `"2"`, and
`"3"`). The recommended practice it to set only if you don't want the default
value and/or it depends on something else like package version. You might see
a not-supported argument `useDune2`. The behavior was `useDune2 = true;` =>
`duneVersion = "2";` and `useDune2 = false;` => `duneVersion = "1";`. It was
used at the time when dune3 didn't existed.
- `duneVersion = "2"` ensures that Dune version 2 is used for the
build (this is the default; valid values are `"1"`, `"2"`, and `"3"`);
note that there is also a legacy `useDune2` boolean attribute:
set to `false` it corresponds to `duneVersion = "1"`; set to `true` it
corresponds to `duneVersion = "2"`. If both arguments (`duneVersion` and
`useDune2`) are given, the second one (`useDune2`) is silently ignored.
- It sets the optional `doCheck` attribute such that tests will be run with
`dune runtest -p angstrom` after the build (`dune build -p angstrom`) is
@@ -71,6 +71,7 @@ Here is a simple package example.
buildDunePackage rec {
pname = "angstrom";
version = "0.15.0";
duneVersion = "2";
minimalOCamlVersion = "4.04";
@@ -103,6 +104,8 @@ buildDunePackage rec {
pname = "wtf8";
version = "1.0.2";
useDune2 = true;
minimalOCamlVersion = "4.02";
src = fetchurl {

2
doc/languages-frameworks/perl.section.md
View File

@@ -118,7 +118,7 @@ ImageExifTool = buildPerlPackage {
hash = "sha256-vOhB/FwQMC8PPvdnjDvxRpU6jAZcC6GMQfc0AH4uwKg=";
};
nativeBuildInputs = lib.optional stdenv.isDarwin shortenPerlShebang;
buildInputs = lib.optional stdenv.isDarwin shortenPerlShebang;
postInstall = lib.optionalString stdenv.isDarwin ''
shortenPerlShebang $out/bin/exiftool
'';

13
doc/languages-frameworks/rust.section.md
View File

@@ -535,9 +535,7 @@ directory of the `tokenizers` project's source archive, we use
```nix
{ fetchFromGitHub
, buildPythonPackage
, cargo
, rustPlatform
, rustc
, setuptools-rust
}:
@@ -560,12 +558,11 @@ buildPythonPackage rec {
sourceRoot = "source/bindings/python";
nativeBuildInputs = [
cargo
rustPlatform.cargoSetupHook
rustc
setuptools-rust
];
nativeBuildInputs = [ setuptools-rust ] ++ (with rustPlatform; [
cargoSetupHook
rust.cargo
rust.rustc
]);
# ...
}

4
doc/manual.xml
View File

@@ -12,11 +12,7 @@
<xi:include href="using/configuration.chapter.xml" />
<xi:include href="using/overlays.chapter.xml" />
<xi:include href="using/overrides.chapter.xml" />
</part>
<part>
<title>Nixpkgs <code>lib</code></title>
<xi:include href="functions.xml" />
<xi:include href="module-system/module-system.chapter.xml" />
</part>
<part xml:id="part-stdenv">
<title>Standard environment</title>

105
doc/module-system/module-system.chapter.md
View File

@@ -1,105 +0,0 @@
# Module System {#module-system}
## Introduction {#module-system-introduction}
The module system is a language for handling configuration, implemented as a Nix library.
Compared to plain Nix, it adds documentation, type checking and composition or extensibility.
::: {.note}
This chapter is new and not complete yet. For a gentle introduction to the module system, in the context of NixOS, see [Writing NixOS Modules](https://nixos.org/manual/nixos/unstable/index.html#sec-writing-modules) in the NixOS manual.
:::
## `lib.evalModules` {#module-system-lib-evalModules}
Evaluate a set of modules. This function is typically only used once per application (e.g. once in NixOS, once in Home Manager, ...).
### Parameters {#module-system-lib-evalModules-parameters}
#### `modules` {#module-system-lib-evalModules-param-modules}
A list of modules. These are merged together to form the final configuration.
<!-- TODO link to section about merging, TBD -->
#### `specialArgs` {#module-system-lib-evalModules-param-specialArgs}
An attribute set of module arguments that can be used in `imports`.
This is in contrast to `config._module.args`, which is only available after all `imports` have been resolved.
#### `class` {#module-system-lib-evalModules-param-class}
If the `class` attribute is set and non-`null`, the module system will reject `imports` with a different `_class` declaration.
The `class` value should be a string in lower [camel case](https://en.wikipedia.org/wiki/Camel_case).
If applicable, the `class` should match the "prefix" of the attributes used in (experimental) [flakes](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#description). Some examples are:
- `nixos` as in `flake.nixosModules`
- `nixosTest`: modules that constitute a [NixOS VM test](https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests)
<!-- We've only just started with `class`. You're invited to add a few more. -->
#### `prefix` {#module-system-lib-evalModules-param-prefix}
A list of strings representing the location at or below which all options are evaluated. This is used by `types.submodule` to improve error reporting and find the implicit `name` module argument.
### Return value {#module-system-lib-evalModules-return-value}
The result is an attribute set with the following attributes:
#### `options` {#module-system-lib-evalModules-return-value-options}
The nested attribute set of all option declarations.
#### `config` {#module-system-lib-evalModules-return-value-config}
The nested attribute set of all option values.
#### `type` {#module-system-lib-evalModules-return-value-type}
A module system type. This type is an instance of `types.submoduleWith` containing the current [`modules`](#module-system-lib-evalModules-param-modules).
The option definitions that are typed with this type will extend the current set of modules, like [`extendModules`](#module-system-lib-evalModules-return-value-extendModules).
However, the value returned from the type is just the [`config`](#module-system-lib-evalModules-return-value-config), like any submodule.
If you're familiar with prototype inheritance, you can think of this `evalModules` invocation as the prototype, and usages of this type as the instances.
This type is also available to the [`modules`](#module-system-lib-evalModules-param-modules) as the module argument `moduleType`.
<!-- TODO: document the module arguments. Using moduleType is like saying: suppose this configuration was extended. -->
#### `extendModules` {#module-system-lib-evalModules-return-value-extendModules}
A function similar to `evalModules` but building on top of the already passed [`modules`](#module-system-lib-evalModules-param-modules). Its arguments, `modules` and `specialArgs` are added to the existing values.
If you're familiar with prototype inheritance, you can think of the current, actual `evalModules` invocation as the prototype, and the return value of `extendModules` as the instance.
This functionality is also available to modules as the `extendModules` module argument.
::: {.note}
**Evaluation Performance**
`extendModules` returns a configuration that shares very little with the original `evalModules` invocation, because the module arguments may be different.
So if you have a configuration that has been (or will be) largely evaluated, almost none of the computation is shared with the configuration returned by `extendModules`.
The real work of module evaluation happens while computing the values in `config` and `options`, so multiple invocations of `extendModules` have a particularly small cost, as long as only the final `config` and `options` are evaluated.
If you do reference multiple `config` (or `options`) from before and after `extendModules`, evaluation performance is the same as with multiple `evalModules` invocations, because the new modules' ability to override existing configuration fundamentally requires constructing a new `config` and `options` fixpoint.
:::
#### `_module` {#module-system-lib-evalModules-return-value-_module}
A portion of the configuration tree which is elided from `config`.
<!-- TODO: when markdown migration is complete, make _module docs visible again and reference _module docs. Maybe move those docs into this chapter? -->
#### `_type` {#module-system-lib-evalModules-return-value-_type}
A nominal type marker, always `"configuration"`.
#### `class` {#module-system-lib-evalModules-return-value-_configurationClass}
The [`class` argument](#module-system-lib-evalModules-param-class).

13
flake.nix
View File

@@ -57,19 +57,6 @@
nixosModules = {
notDetected = ./nixos/modules/installer/scan/not-detected.nix;
/*
Make the `nixpkgs.*` configuration read-only. Guarantees that `pkgs`
is the way you initialize it.
Example:
{
imports = [ nixpkgs.nixosModules.readOnlyPkgs ];
nixpkgs.pkgs = nixpkgs.legacyPackages.x86_64-linux;
}
*/
readOnlyPkgs = ./nixos/modules/misc/nixpkgs/read-only.nix;
};
};
}

26
lib/generators.nix
View File

@@ -355,7 +355,6 @@ rec {
# PLIST handling
toPlist = {}: v: let
isFloat = builtins.isFloat or (x: false);
isPath = x: builtins.typeOf x == "path";
expr = ind: x: with builtins;
if x == null then "" else
if isBool x then bool ind x else
@@ -363,7 +362,6 @@ rec {
if isString x then str ind x else
if isList x then list ind x else
if isAttrs x then attrs ind x else
if isPath x then str ind (toString x) else
if isFloat x then float ind x else
abort "generators.toPlist: should never happen (v = ${v})";
@@ -436,7 +434,6 @@ ${expr "" v}
Configuration:
* multiline - by default is true which results in indented block-like view.
* indent - initial indent.
* asBindings - by default generate single value, but with this use attrset to set global vars.
Attention:
Regardless of multiline parameter there is no trailing newline.
@@ -467,35 +464,18 @@ ${expr "" v}
/* If this option is true, the output is indented with newlines for attribute sets and lists */
multiline ? true,
/* Initial indentation level */
indent ? "",
/* Interpret as variable bindings */
asBindings ? false,
indent ? ""
}@args: v:
with builtins;
let
innerIndent = "${indent} ";
introSpace = if multiline then "\n${innerIndent}" else " ";
outroSpace = if multiline then "\n${indent}" else " ";
innerArgs = args // {
indent = if asBindings then indent else innerIndent;
asBindings = false;
};
innerArgs = args // { indent = innerIndent; };
concatItems = concatStringsSep ",${introSpace}";
isLuaInline = { _type ? null, ... }: _type == "lua-inline";
generatedBindings =
assert lib.assertMsg (badVarNames == []) "Bad Lua var names: ${toPretty {} badVarNames}";
libStr.concatStrings (
lib.attrsets.mapAttrsToList (key: value: "${indent}${key} = ${toLua innerArgs value}\n") v
);
# https://en.wikibooks.org/wiki/Lua_Programming/variable#Variable_names
matchVarName = match "[[:alpha:]_][[:alnum:]_]*(\\.[[:alpha:]_][[:alnum:]_]*)*";
badVarNames = filter (name: matchVarName name == null) (attrNames v);
in
if asBindings then
generatedBindings
else if v == null then
if v == null then
"nil"
else if isInt v || isFloat v || isString v || isBool v then
builtins.toJSON v

7
lib/kernel.nix
View File

@@ -8,10 +8,9 @@ with lib;
option = x:
x // { optional = true; };
yes = { tristate = "y"; optional = false; };
no = { tristate = "n"; optional = false; };
module = { tristate = "m"; optional = false; };
unset = { tristate = null; optional = false; };
yes = { tristate = "y"; optional = false; };
no = { tristate = "n"; optional = false; };
module = { tristate = "m"; optional = false; };
freeform = x: { freeform = x; optional = false; };
/*

11
lib/licenses.nix
View File

@@ -204,11 +204,6 @@ in mkLicense lset) ({
free = false;
};
caossl = {
fullName = "Computer Associates Open Source Licence Version 1.0";
url = "http://jxplorer.org/licence.html";
};
cal10 = {
fullName = "Cryptographic Autonomy License version 1.0 (CAL-1.0)";
url = "https://opensource.org/licenses/CAL-1.0";
@@ -235,12 +230,6 @@ in mkLicense lset) ({
free = false;
};
cc-by-nc-nd-40 = {
spdxId = "CC-BY-NC-ND-4.0";
fullName = "Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International";
free = false;
};
cc-by-nc-sa-20 = {
spdxId = "CC-BY-NC-SA-2.0";
fullName = "Creative Commons Attribution Non Commercial Share Alike 2.0";

160
lib/modules.nix
View File

@@ -63,8 +63,39 @@ let
decls
));
/* See https://nixos.org/manual/nixpkgs/unstable/#module-system-lib-evalModules
or file://./../doc/module-system/module-system.chapter.md
in
rec {
/*
Evaluate a set of modules. The result is a set with the attributes:
options: The nested set of all option declarations,
config: The nested set of all option values.
type: A module system type representing the module set as a submodule,
to be extended by configuration from the containing module set.
This is also available as the module argument moduleType.
extendModules: A function similar to evalModules but building on top
of the module set. Its arguments, modules and specialArgs are
added to the existing values.
Using extendModules a few times has no performance impact as long
as you only reference the final options and config.
If you do reference multiple config (or options) from before and
after extendModules, performance is the same as with multiple
evalModules invocations, because the new modules' ability to
override existing configuration fundamentally requires a new
fixpoint to be constructed.
This is also available as a module argument.
_module: A portion of the configuration tree which is elided from
config. It contains some values that are mostly internal to the
module system implementation.
!!! Please think twice before adding to this argument list! The more
that is specified here instead of in the modules themselves the harder
@@ -79,12 +110,8 @@ let
# there's _module.args. If specialArgs.modulesPath is defined it will be
# used as the base path for disabledModules.
specialArgs ? {}
, # `class`:
# A nominal type for modules. When set and non-null, this adds a check to
# make sure that only compatible modules are imported.
# This would be remove in the future, Prefer _module.args option instead.
class ? null
, args ? {}
, # This would be remove in the future, Prefer _module.args option instead.
args ? {}
, # This would be remove in the future, Prefer _module.check option instead.
check ? true
}:
@@ -233,7 +260,6 @@ let
merged =
let collected = collectModules
class
(specialArgs.modulesPath or "")
(regularModules ++ [ internalModule ])
({ inherit lib options config specialArgs; } // specialArgs);
@@ -310,64 +336,38 @@ let
prefix ? [],
}:
evalModules (evalModulesArgs // {
inherit class;
modules = regularModules ++ modules;
specialArgs = evalModulesArgs.specialArgs or {} // specialArgs;
prefix = extendArgs.prefix or evalModulesArgs.prefix or [];
});
type = lib.types.submoduleWith {
inherit modules specialArgs class;
inherit modules specialArgs;
};
result = withWarnings {
_type = "configuration";
options = checked options;
config = checked (removeAttrs config [ "_module" ]);
_module = checked (config._module);
inherit extendModules type;
class = class;
};
in result;
# collectModules :: (class: String) -> (modulesPath: String) -> (modules: [ Module ]) -> (args: Attrs) -> [ Module ]
# collectModules :: (modulesPath: String) -> (modules: [ Module ]) -> (args: Attrs) -> [ Module ]
#
# Collects all modules recursively through `import` statements, filtering out
# all modules in disabledModules.
collectModules = class: let
collectModules = let
# Like unifyModuleSyntax, but also imports paths and calls functions if necessary
loadModule = args: fallbackFile: fallbackKey: m:
if isFunction m then
unifyModuleSyntax fallbackFile fallbackKey (applyModuleArgs fallbackKey m args)
else if isAttrs m then
if m._type or "module" == "module" then
unifyModuleSyntax fallbackFile fallbackKey m
else if m._type == "if" || m._type == "override" then
loadModule args fallbackFile fallbackKey { config = m; }
else
throw (
"Could not load a value as a module, because it is of type ${lib.strings.escapeNixString m._type}"
+ lib.optionalString (fallbackFile != unknownModule) ", in file ${toString fallbackFile}."
+ lib.optionalString (m._type == "configuration") " If you do intend to import this configuration, please only import the modules that make up the configuration. You may have to create a `let` binding, file or attribute to give yourself access to the relevant modules.\nWhile loading a configuration into the module system is a very sensible idea, it can not be done cleanly in practice."
# Extended explanation: That's because a finalized configuration is more than just a set of modules. For instance, it has its own `specialArgs` that, by the nature of `specialArgs` can't be loaded through `imports` or the the `modules` argument. So instead, we have to ask you to extract the relevant modules and use those instead. This way, we keep the module system comparatively simple, and hopefully avoid a bad surprise down the line.
)
if isFunction m || isAttrs m then
unifyModuleSyntax fallbackFile fallbackKey (applyModuleArgsIfFunction fallbackKey m args)
else if isList m then
let defs = [{ file = fallbackFile; value = m; }]; in
throw "Module imports can't be nested lists. Perhaps you meant to remove one level of lists? Definitions: ${showDefs defs}"
else unifyModuleSyntax (toString m) (toString m) (applyModuleArgsIfFunction (toString m) (import m) args);
checkModule =
if class != null
then
m:
if m._class != null -> m._class == class
then m
else
throw "The module ${m._file or m.key} was imported into ${class} instead of ${m._class}."
else
m: m;
/*
Collects all modules recursively into the form
@@ -401,7 +401,7 @@ let
};
in parentFile: parentKey: initialModules: args: collectResults (imap1 (n: x:
let
module = checkModule (loadModule args parentFile "${parentKey}:anon-${toString n}" x);
module = loadModule args parentFile "${parentKey}:anon-${toString n}" x;
collectedImports = collectStructuredModules module._file module.key module.imports args;
in {
key = module.key;
@@ -465,12 +465,11 @@ let
else config;
in
if m ? config || m ? options then
let badAttrs = removeAttrs m ["_class" "_file" "key" "disabledModules" "imports" "options" "config" "meta" "freeformType"]; in
let badAttrs = removeAttrs m ["_file" "key" "disabledModules" "imports" "options" "config" "meta" "freeformType"]; in
if badAttrs != {} then
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: ${toString (attrNames badAttrs)}) into the explicit `config' attribute."
else
{ _file = toString m._file or file;
_class = m._class or null;
key = toString m.key or key;
disabledModules = m.disabledModules or [];
imports = m.imports or [];
@@ -481,18 +480,14 @@ let
# shorthand syntax
lib.throwIfNot (isAttrs m) "module ${file} (${key}) does not look like a module."
{ _file = toString m._file or file;
_class = m._class or null;
key = toString m.key or key;
disabledModules = m.disabledModules or [];
imports = m.require or [] ++ m.imports or [];
options = {};
config = addFreeformType (removeAttrs m ["_class" "_file" "key" "disabledModules" "require" "imports" "freeformType"]);
config = addFreeformType (removeAttrs m ["_file" "key" "disabledModules" "require" "imports" "freeformType"]);
};
applyModuleArgsIfFunction = key: f: args@{ config, options, lib, ... }:
if isFunction f then applyModuleArgs key f args else f;
applyModuleArgs = key: f: args@{ config, options, lib, ... }:
applyModuleArgsIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
let
# Module arguments are resolved in a strict manner when attribute set
# deconstruction is used. As the arguments are now defined with the
@@ -516,7 +511,9 @@ let
# context on the explicit arguments of "args" too. This update
# operator is used to make the "args@{ ... }: with args.lib;" notation
# works.
in f (args // extraArgs);
in f (args // extraArgs)
else
f;
/* Merge a list of modules. This will recurse over the option
declarations in all modules, combining them into a single set.
@@ -1221,67 +1218,4 @@ let
_file = file;
config = lib.importTOML file;
};
private = lib.mapAttrs
(k: lib.warn "External use of `lib.modules.${k}` is deprecated. If your use case isn't covered by non-deprecated functions, we'd like to know more and perhaps support your use case well, instead of providing access to these low level functions. In this case please open an issue in https://github.com/nixos/nixpkgs/issues/.")
{
inherit
applyModuleArgsIfFunction
dischargeProperties
evalOptionValue
mergeModules
mergeModules'
pushDownProperties
unifyModuleSyntax
;
collectModules = collectModules null;
};
in
private //
{
# NOTE: not all of these functions are necessarily public interfaces; some
# are just needed by types.nix, but are not meant to be consumed
# externally.
inherit
defaultOrderPriority
defaultOverridePriority
defaultPriority
doRename
evalModules
filterOverrides
filterOverrides'
fixMergeModules
fixupOptionType # should be private?
importJSON
importTOML
mergeDefinitions
mergeOptionDecls # should be private?
mkAfter
mkAliasAndWrapDefinitions
mkAliasAndWrapDefsWithPriority
mkAliasDefinitions
mkAliasIfDef
mkAliasOptionModule
mkAliasOptionModuleMD
mkAssert
mkBefore
mkChangedOptionModule
mkDefault
mkDerivedConfig
mkFixStrictness
mkForce
mkIf
mkImageMediaOverride
mkMerge
mkMergedOptionModule
mkOptionDefault
mkOrder
mkOverride
mkRemovedOptionModule
mkRenamedOptionModule
mkRenamedOptionModuleWith
mkVMOverride
setDefaultModuleLocation
sortProperties;
}

6
lib/options.nix
View File

@@ -261,7 +261,7 @@ rec {
concatMap (opt:
let
name = showOption opt.loc;
docOption = {
docOption = rec {
loc = opt.loc;
inherit name;
description = opt.description or null;
@@ -280,9 +280,9 @@ rec {
renderOptionValue opt.example
);
}
// optionalAttrs (opt ? defaultText || opt ? default) {
// optionalAttrs (opt ? default) {
default =
builtins.addErrorContext "while evaluating the ${if opt?defaultText then "defaultText" else "default value"} of option `${name}`" (
builtins.addErrorContext "while evaluating the default value of option `${name}`" (
renderOptionValue (opt.defaultText or opt.default)
);
}

5
lib/systems/default.nix
View File

@@ -50,7 +50,6 @@ rec {
else if final.isFreeBSD then "fblibc"
else if final.isNetBSD then "nblibc"
else if final.isAvr then "avrlibc"
else if final.isGhcjs then null
else if final.isNone then "newlib"
# TODO(@Ericson2314) think more about other operating systems
else "native/impure";
@@ -121,7 +120,7 @@ rec {
({
linux-kernel = args.linux-kernel or {};
gcc = args.gcc or {};
rustc = args.rustc or {};
rustc = args.rust or {};
} // platforms.select final)
linux-kernel gcc rustc;
@@ -137,7 +136,6 @@ rec {
else if final.isPower then "powerpc"
else if final.isRiscV then "riscv"
else if final.isS390 then "s390"
else if final.isLoongArch64 then "loongarch"
else final.parsed.cpu.name;
qemuArch =
@@ -145,7 +143,6 @@ rec {
else if final.isS390 && !final.isS390x then null
else if final.isx86_64 then "x86_64"
else if final.isx86 then "i386"
else if final.isMips64 then "mips64${lib.optionalString final.isLittleEndian "el"}"
else final.uname.processor;
# Name used by UEFI for architectures.

3
lib/systems/doubles.nix
View File

@@ -26,7 +26,7 @@ let
# Linux
"aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux"
"armv7l-linux" "i686-linux" "loongarch64-linux" "m68k-linux" "microblaze-linux"
"armv7l-linux" "i686-linux" "m68k-linux" "microblaze-linux"
"microblazeel-linux" "mipsel-linux" "mips64el-linux" "powerpc64-linux"
"powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux"
"s390x-linux" "x86_64-linux"
@@ -86,7 +86,6 @@ in {
m68k = filterDoubles predicates.isM68k;
s390 = filterDoubles predicates.isS390;
s390x = filterDoubles predicates.isS390x;
loongarch64 = filterDoubles predicates.isLoongArch64;
js = filterDoubles predicates.isJavaScript;
bigEndian = filterDoubles predicates.isBigEndian;

4
lib/systems/examples.nix
View File

@@ -135,10 +135,6 @@ rec {
libc = "newlib";
};
loongarch64-linux = {
config = "loongarch64-unknown-linux-gnu";
};
mmix = {
config = "mmix-unknown-mmixware";
libc = "newlib";

1
lib/systems/inspect.nix
View File

@@ -57,7 +57,6 @@ rec {
isM68k = { cpu = { family = "m68k"; }; };
isS390 = { cpu = { family = "s390"; }; };
isS390x = { cpu = { family = "s390"; bits = 64; }; };
isLoongArch64 = { cpu = { family = "loongarch"; bits = 64; }; };
isJavaScript = { cpu = cpuTypes.javascript; };
is32bit = { cpu = { bits = 32; }; };

2
lib/systems/parse.nix
View File

@@ -131,8 +131,6 @@ rec {
or1k = { bits = 32; significantByte = bigEndian; family = "or1k"; };
loongarch64 = { bits = 64; significantByte = littleEndian; family = "loongarch"; };
javascript = { bits = 32; significantByte = littleEndian; family = "javascript"; };
};

64
lib/tests/misc.nix
View File

@@ -4,11 +4,6 @@
with import ../default.nix;
let
testingThrow = expr: {
expr = (builtins.tryEval (builtins.seq expr "didn't throw"));
expected = { success = false; value = false; };
};
testingDeepThrow = expr: testingThrow (builtins.deepSeq expr expr);
testSanitizeDerivationName = { name, expected }:
let
@@ -919,30 +914,6 @@ runTests {
expected = "«foo»";
};
testToPlist =
let
deriv = derivation { name = "test"; builder = "/bin/sh"; system = "aarch64-linux"; };
in {
expr = mapAttrs (const (generators.toPlist { })) {
value = {
nested.values = rec {
int = 42;
float = 0.1337;
bool = true;
emptystring = "";
string = "fn\${o}\"r\\d";
newlinestring = "\n";
path = /. + "/foo";
null_ = null;
list = [ 3 4 "test" ];
emptylist = [];
attrs = { foo = null; "foo b/ar" = "baz"; };
emptyattrs = {};
};
};
};
expected = { value = builtins.readFile ./test-to-plist-expected.plist; };
};
testToLuaEmptyAttrSet = {
expr = generators.toLua {} {};
@@ -991,41 +962,6 @@ runTests {
expected = ''{ 41, 43 }'';
};
testToLuaEmptyBindings = {
expr = generators.toLua { asBindings = true; } {};
expected = "";
};
testToLuaBindings = {
expr = generators.toLua { asBindings = true; } { x1 = 41; _y = { a = 43; }; };
expected = ''
_y = {
["a"] = 43
}
x1 = 41
'';
};
testToLuaPartialTableBindings = {
expr = generators.toLua { asBindings = true; } { "x.y" = 42; };
expected = ''
x.y = 42
'';
};
testToLuaIndentedBindings = {
expr = generators.toLua { asBindings = true; indent = " "; } { x = { y = 42; }; };
expected = " x = {\n [\"y\"] = 42\n }\n";
};
testToLuaBindingsWithSpace = testingThrow (
generators.toLua { asBindings = true; } { "with space" = 42; }
);
testToLuaBindingsWithLeadingDigit = testingThrow (
generators.toLua { asBindings = true; } { "11eleven" = 42; }
);
testToLuaBasicExample = {
expr = generators.toLua {} {
cmd = [ "typescript-language-server" "--stdio" ];

21
lib/tests/modules.sh
View File

@@ -166,7 +166,6 @@ checkConfigError 'The option .* does not exist. Definition values:\n\s*- In .*'
checkConfigOutput '^true$' "$@" ./define-module-check.nix
# Check coerced value.
set --
checkConfigOutput '^"42"$' config.value ./declare-coerced-value.nix
checkConfigOutput '^"24"$' config.value ./declare-coerced-value.nix ./define-value-string.nix
checkConfigError 'A definition for option .* is not.*string or signed integer convertible to it.*. Definition values:\n\s*- In .*: \[ \]' config.value ./declare-coerced-value.nix ./define-value-list.nix
@@ -255,8 +254,6 @@ checkConfigError 'A definition for option .* is not of type .*' \
## Freeform modules
# Assigning without a declared option should work
checkConfigOutput '^"24"$' config.value ./freeform-attrsOf.nix ./define-value-string.nix
# Shorthand modules interpret `meta` and `class` as config items
checkConfigOutput '^true$' options._module.args.value.result ./freeform-attrsOf.nix ./define-freeform-keywords-shorthand.nix
# No freeform assignments shouldn't make it error
checkConfigOutput '^{ }$' config ./freeform-attrsOf.nix
# but only if the type matches
@@ -362,24 +359,6 @@ checkConfigOutput 'ok' config.freeformItems.foo.bar ./adhoc-freeformType-survive
# because of an `extendModules` bug, issue 168767.
checkConfigOutput '^1$' config.sub.specialisation.value ./extendModules-168767-imports.nix
# Class checks, evalModules
checkConfigOutput '^{ }$' config.ok.config ./class-check.nix
checkConfigOutput '"nixos"' config.ok.class ./class-check.nix
checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nixos instead of darwin.' config.fail.config ./class-check.nix
checkConfigError 'The module foo.nix#darwinModules.default was imported into nixos instead of darwin.' config.fail-anon.config ./class-check.nix
# Class checks, submoduleWith
checkConfigOutput '^{ }$' config.sub.nixosOk ./class-check.nix
checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nixos instead of darwin.' config.sub.nixosFail.config ./class-check.nix
# submoduleWith type merge with different class
checkConfigError 'error: A submoduleWith option is declared multiple times with conflicting class values "darwin" and "nixos".' config.sub.mergeFail.config ./class-check.nix
# _type check
checkConfigError 'Could not load a value as a module, because it is of type "flake", in file .*/module-imports-_type-check.nix' config.ok.config ./module-imports-_type-check.nix
checkConfigOutput '^true$' "$@" config.enable ./declare-enable.nix ./define-enable-with-top-level-mkIf.nix
checkConfigError 'Could not load a value as a module, because it is of type "configuration", in file .*/import-configuration.nix.*please only import the modules that make up the configuration.*' config ./import-configuration.nix
# doRename works when `warnings` does not exist.
checkConfigOutput '^1234$' config.c.d.e ./doRename-basic.nix
# doRename adds a warning.

76
lib/tests/modules/class-check.nix
View File

@@ -1,76 +0,0 @@
{ lib, ... }: {
options = {
sub = {
nixosOk = lib.mkOption {
type = lib.types.submoduleWith {
class = "nixos";
modules = [ ];
};
};
# Same but will have bad definition
nixosFail = lib.mkOption {
type = lib.types.submoduleWith {
class = "nixos";
modules = [ ];
};
};
mergeFail = lib.mkOption {
type = lib.types.submoduleWith {
class = "nixos";
modules = [ ];
};
default = { };
};
};
};
imports = [
{
options = {
sub = {
mergeFail = lib.mkOption {
type = lib.types.submoduleWith {
class = "darwin";
modules = [ ];
};
};
};
};
}
];
config = {
_module.freeformType = lib.types.anything;
ok =
lib.evalModules {
class = "nixos";
modules = [
./module-class-is-nixos.nix
];
};
fail =
lib.evalModules {
class = "nixos";
modules = [
./module-class-is-nixos.nix
./module-class-is-darwin.nix
];
};
fail-anon =
lib.evalModules {
class = "nixos";
modules = [
./module-class-is-nixos.nix
{ _file = "foo.nix#darwinModules.default";
_class = "darwin";
config = {};
imports = [];
}
];
};
sub.nixosOk = { _class = "nixos"; };
sub.nixosFail = { imports = [ ./module-class-is-darwin.nix ]; };
};
}

5
lib/tests/modules/define-enable-with-top-level-mkIf.nix
View File

@@ -1,5 +0,0 @@
{ lib, ... }:
# I think this might occur more realistically in a submodule
{
imports = [ (lib.mkIf true { enable = true; }) ];
}

15
lib/tests/modules/define-freeform-keywords-shorthand.nix
View File

@@ -1,15 +0,0 @@
{ config, ... }: {
class = { "just" = "data"; };
a = "one";
b = "two";
meta = "meta";
_module.args.result =
let r = builtins.removeAttrs config [ "_module" ];
in builtins.trace (builtins.deepSeq r r) (r == {
a = "one";
b = "two";
class = { "just" = "data"; };
meta = "meta";
});
}

12
lib/tests/modules/import-configuration.nix
View File

@@ -1,12 +0,0 @@
{ lib, ... }:
let
myconf = lib.evalModules { modules = [ { } ]; };
in
{
imports = [
# We can't do this. A configuration is not equal to its set of a modules.
# Equating those would lead to a mess, as specialArgs, anonymous modules
# that can't be deduplicated, and possibly more come into play.
myconf
];
}

4
lib/tests/modules/module-class-is-darwin.nix
View File

@@ -1,4 +0,0 @@
{
_class = "darwin";
config = {};
}

4
lib/tests/modules/module-class-is-nixos.nix
View File

@@ -1,4 +0,0 @@
{
_class = "nixos";
config = {};
}

3
lib/tests/modules/module-imports-_type-check.nix
View File

@@ -1,3 +0,0 @@
{
imports = [ { _type = "flake"; } ];
}

2
lib/tests/systems.nix
View File

@@ -34,7 +34,7 @@ with lib.systems.doubles; lib.runTests {
testredox = mseteq redox [ "x86_64-redox" ];
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
testillumos = mseteq illumos [ "x86_64-solaris" ];
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mips64el-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" "m68k-linux" "s390-linux" "s390x-linux" "microblaze-linux" "microblazeel-linux" "loongarch64-linux" ];
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mips64el-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" "m68k-linux" "s390-linux" "s390x-linux" "microblaze-linux" "microblazeel-linux" ];
testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "m68k-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ];
testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];

46
lib/tests/test-to-plist-expected.plist
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>nested</key>
<dict>
<key>values</key>
<dict>
<key>attrs</key>
<dict>
<key>foo b/ar</key>
<string>baz</string>
</dict>
<key>bool</key>
<true/>
<key>emptyattrs</key>
<dict>
</dict>
<key>emptylist</key>
<array>
</array>
<key>emptystring</key>
<string></string>
<key>float</key>
<real>0.133700</real>
<key>int</key>
<integer>42</integer>
<key>list</key>
<array>
<integer>3</integer>
<integer>4</integer>
<string>test</string>
</array>
<key>newlinestring</key>
<string>
</string>
<key>path</key>
<string>/foo</string>
<key>string</key>
<string>fn${o}"r\d</string>
</dict>
</dict>
</dict>
</plist>

18
lib/types.nix
View File

@@ -476,14 +476,6 @@ rec {
check = x: isDerivation x && hasAttr "shellPath" x;
};
pkgs = addCheck
(unique { message = "A Nixpkgs pkgs set can not be merged with another pkgs set."; } attrs // {
name = "pkgs";
descriptionClass = "noun";
description = "Nixpkgs package set";
})
(x: (x._type or null) == "pkgs");
path = mkOptionType {
name = "path";
descriptionClass = "noun";
@@ -704,7 +696,6 @@ rec {
, specialArgs ? {}
, shorthandOnlyDefinesConfig ? false
, description ? null
, class ? null
}@attrs:
let
inherit (lib.modules) evalModules;
@@ -716,7 +707,7 @@ rec {
) defs;
base = evalModules {
inherit class specialArgs;
inherit specialArgs;
modules = [{
# This is a work-around for the fact that some sub-modules,
# such as the one included in an attribute set, expects an "args"
@@ -771,14 +762,9 @@ rec {
functor = defaultFunctor name // {
type = types.submoduleWith;
payload = {
inherit modules class specialArgs shorthandOnlyDefinesConfig description;
inherit modules specialArgs shorthandOnlyDefinesConfig description;
};
binOp = lhs: rhs: {
class =
if lhs.class == null then rhs.class
else if rhs.class == null then lhs.class
else if lhs.class == rhs.class then lhs.class
else throw "A submoduleWith option is declared multiple times with conflicting class values \"${toString lhs.class}\" and \"${toString rhs.class}\".";
modules = lhs.modules ++ rhs.modules;
specialArgs =
let intersecting = builtins.intersectAttrs lhs.specialArgs rhs.specialArgs;

285
maintainers/maintainer-list.nix
View File

@@ -579,12 +579,6 @@
githubId = 20405311;
name = "Aksh Gupta";
};
alanpearce = {
email = "alan@alanpearce.eu";
github = "alanpearce";
githubId = 850317;
name = "Alan Pearce";
};
alapshin = {
email = "alapshin@fastmail.com";
github = "alapshin";
@@ -996,7 +990,7 @@
name = "Stanislas Lange";
};
AngryAnt = {
name = "Emil \"AngryAnt\" Johansen";
name = "Emil Johansen";
email = "git@eej.dk";
matrix = "@angryant:envs.net";
github = "AngryAnt";
@@ -1526,12 +1520,6 @@
githubId = 12958979;
name = "Mika Naylor";
};
autrimpo = {
email = "michal@koutensky.net";
github = "autrimpo";
githubId = 5968483;
name = "Michal Koutenský";
};
autumnal = {
name = "Sven Friedrich";
email = "sven@autumnal.de";
@@ -1666,16 +1654,6 @@
githubId = 1017537;
name = "Bruno Bieth";
};
badele = {
name = "Bruno Adelé";
email = "brunoadele@gmail.com";
matrix = "@badele:matrix.org";
github = "badele";
githubId = 2806307;
keys = [{
fingerprint = "00F4 21C4 C537 7BA3 9820 E13F 6B95 E13D E469 CC5D";
}];
};
badmutex = {
email = "github@badi.sh";
github = "badmutex";
@@ -2108,12 +2086,6 @@
githubId = 16330;
name = "Mathijs Kwik";
};
blusk = {
email = "bluskript@gmail.com";
github = "Bluskript";
githubId = 52386117;
name = "Blusk";
};
bmilanov = {
name = "Biser Milanov";
email = "bmilanov11+nixpkgs@gmail.com";
@@ -2418,12 +2390,6 @@
githubId = 51231053;
name = "Daniel";
};
cadkin = {
email = "cva@siliconslumber.net";
name = "Cameron Adkins";
github = "cadkin";
githubId = 34077838;
};
cafkafk = {
email = "christina@cafkafk.com";
matrix = "@cafkafk:matrix.cafkafk.com";
@@ -3766,6 +3732,13 @@
githubId = 62989;
name = "Demyan Rogozhin";
};
dennajort = {
email = "gosselinjb@gmail.com";
matrix = "@dennajort:matrix.org";
github = "dennajort";
githubId = 1536838;
name = "Jean-Baptiste Gosselin";
};
derchris = {
email = "derchris@me.com";
github = "derchrisuk";
@@ -4480,12 +4453,6 @@
githubId = 103082;
name = "Ed Brindley";
};
elesiuta = {
email = "elesiuta@gmail.com";
github = "elesiuta";
githubId = 8146662;
name = "Eric Lesiuta";
};
eliandoran = {
email = "contact@eliandoran.me";
name = "Elian Doran";
@@ -4892,7 +4859,7 @@
name = "Eric Evenchick";
};
evenbrenden = {
email = "packages@anythingexternal.com";
email = "evenbrenden@gmail.com";
github = "evenbrenden";
githubId = 2512008;
name = "Even Brenden";
@@ -4957,12 +4924,6 @@
githubId = 25955146;
name = "eyJhb";
};
f2k1de = {
name = "f2k1de";
email = "hi@f2k1.de";
github = "f2k1de";
githubId = 11199213;
};
f4814n = {
email = "me@f4814n.de";
github = "f4814";
@@ -5216,13 +5177,6 @@
githubId = 66178592;
name = "Pavel Zolotarevskiy";
};
flexiondotorg = {
name = "Martin Wimpress";
email = "martin@wimpress.org";
matrix = "@wimpress:matrix.org";
github = "flexiondotorg";
githubId = 304639;
};
fliegendewurst = {
email = "arne.keller@posteo.de";
github = "FliegendeWurst";
@@ -5728,12 +5682,6 @@
githubId = 1713676;
name = "Luis G. Torres";
};
giorgiga = {
email = "giorgio.gallo@bitnic.it";
github = "giorgiga";
githubId = 471835;
name = "Giorgio Gallo";
};
GKasparov = {
email = "mizozahr@gmail.com";
github = "GKasparov";
@@ -5905,12 +5853,6 @@
fingerprint = "7FC7 98AB 390E 1646 ED4D 8F1F 797F 6238 68CD 00C2";
}];
};
greg = {
email = "greg.hellings@gmail.com";
github = "greg-hellings";
githubId = 273582;
name = "greg";
};
greizgh = {
email = "greizgh@ephax.org";
github = "greizgh";
@@ -6221,12 +6163,6 @@
githubId = 982322;
name = "Henrik Olsson";
};
henrirosten = {
email = "henri.rosten@unikie.com";
github = "henrirosten";
githubId = 49935860;
name = "Henri Rosten";
};
henrytill = {
email = "henrytill@gmail.com";
github = "henrytill";
@@ -6297,14 +6233,6 @@
github = "higebu";
githubId = 733288;
};
hikari = {
email = "HikariNee@protonmail.com";
github = "HikariNee";
githubId = 72349937;
name = "Hikari";
};
hiljusti = {
name = "J.R. Hill";
email = "hiljusti@so.dang.cool";
@@ -6317,7 +6245,6 @@
githubId = 19825977;
name = "Hiren Shah";
};
hiro98 = {
email = "hiro@protagon.space";
github = "vale981";
@@ -6594,11 +6521,6 @@
github = "icewind1991";
githubId = 1283854;
};
icyrockcom = {
github = "icyrockcom";
githubId = 785140;
name = "icyrock";
};
icy-thought = {
name = "Icy-Thought";
email = "gilganyx@pm.me";
@@ -6762,12 +6684,6 @@
githubId = 55066419;
name = "Emily Lange";
};
indexyz = {
email = "indexyz@pm.me";
github = "5aaee9";
githubId = 7685264;
name = "Indexyz";
};
ineol = {
email = "leo.stefanesco@gmail.com";
github = "ineol";
@@ -6806,15 +6722,6 @@
githubId = 54999;
name = "Ariel Nunez";
};
Intuinewin = {
email = "antoinelabarussias@gmail.com";
github = "Intuinewin";
githubId = 13691729;
name = "Antoine Labarussias";
keys = [{
fingerprint = "5CB5 9AA0 D180 1997 2FB3 E0EC 943A 1DE9 372E BE4E";
}];
};
ionutnechita = {
email = "ionut_n2001@yahoo.com";
github = "ionutnechita";
@@ -7116,13 +7023,6 @@
githubId = 221929;
name = "Jean-Baptiste Giraudeau";
};
jbgosselin = {
email = "gosselinjb@gmail.com";
matrix = "@dennajort:matrix.org";
github = "jbgosselin";
githubId = 1536838;
name = "Jean-Baptiste Gosselin";
};
jboy = {
email = "jboy+nixos@bius.moe";
githubId = 2187261;
@@ -7454,12 +7354,6 @@
fingerprint = "B768 6CD7 451A 650D 9C54 4204 6710 CF0C 1CBD 7762";
}];
};
jleightcap = {
email = "jack@leightcap.com";
github = "jleightcap";
githubId = 30168080;
name = "Jack Leightcap";
};
jlesquembre = {
email = "jl@lafuente.me";
github = "jlesquembre";
@@ -7941,12 +7835,6 @@
githubId = 2469618;
name = "Junji Hashimoto";
};
jurraca = {
email = "julienu@pm.me";
github = "jurraca";
githubId = 5124422;
name = "Julien Urraca";
};
justinas = {
email = "justinas@justinas.org";
github = "justinas";
@@ -8127,13 +8015,6 @@
githubId = 524492;
name = "Sergey Kazenyuk";
};
kbdharun = {
email = "kbdharunkrishna@gmail.com";
matrix = "@kbdk:matrix.org";
github = "kbdharun";
githubId = 26346867;
name = "K.B.Dharun Krishna";
};
kcalvinalvin = {
email = "calvin@kcalvinalvin.info";
github = "kcalvinalvin";
@@ -8755,12 +8636,6 @@
githubId = 621759;
name = "Lassulus";
};
laurent-f1z1 = {
email = "laurent.nixpkgs@fainsin.bzh";
github = "Laurent2916";
githubId = 21087104;
name = "Laurent Fainsin";
};
layus = {
email = "layus.on@gmail.com";
github = "layus";
@@ -8865,12 +8740,6 @@
githubId = 567634;
name = "Daniel Kuehn";
};
lelgenio = {
email = "lelgenio@disroot.org";
github = "lelgenio";
githubId = 31388299;
name = "Leonardo Eugênio";
};
leo60228 = {
email = "leo@60228.dev";
matrix = "@leo60228:matrix.org";
@@ -9075,12 +8944,6 @@
fingerprint = "74F5 E5CC 19D3 B5CB 608F 6124 68FF 81E6 A785 0F49";
}];
};
lizelive = {
email = "nixpkgs@lize.live";
github = "lizelive";
githubId = 40217331;
name = "LizeLive";
};
lluchs = {
email = "lukas.werling@gmail.com";
github = "lluchs";
@@ -10251,15 +10114,6 @@
github = "michaelgrahamevans";
githubId = 5932424;
};
michaelpachec0 = {
email = "michaelpacheco@protonmail.com";
name = "Michael Pacheco";
github = "MichaelPachec0";
githubId = 48970112;
keys = [ {
fingerprint = "8D12 991F 5558 C501 70B2 779C 7811 46B0 B5F9 5F64";
}];
};
michaelpj = {
email = "michaelpj@gmail.com";
github = "michaelpj";
@@ -11183,16 +11037,6 @@
githubId = 34162313;
name = "Jason Wing";
};
netfox = {
name = "netfox";
email = "say-hi@netfox.rip";
matrix = "@netfox:catgirl.cloud";
github = "0xnetfox";
githubId = 97521402;
keys = [{
fingerprint = "E8E9 43D7 EB83 DB77 E41C D87F 9C77 CB70 F2E6 3EF7";
}];
};
netixx = {
email = "dev.espinetfrancois@gmail.com";
github = "netixx";
@@ -12296,16 +12140,6 @@
githubId = 581269;
name = "Philip Potter";
};
philclifford = {
email = "philip.clifford@gmail.com";
matrix = "@phil8o:matrix.org";
github = "philclifford";
githubId = 8797027;
keys = [{
fingerprint = "FC15 E59F 0CFA 9329 101B 71D9 92F7 A790 E9BA F1F7";
}];
name = "Phil Clifford";
};
phile314 = {
email = "nix@314.ch";
github = "phile314";
@@ -12662,9 +12496,9 @@
githubId = 17690377;
};
ppom = {
name = "ppom";
email = "ppom@ecomail.fr";
github = "ppom0";
name = "Paco Pompeani";
email = "paco@ecomail.io";
github = "aopom";
githubId = 38916722;
};
pradeepchhetri = {
@@ -13020,12 +12854,6 @@
githubId = 903072;
name = "Raghav Sood";
};
ragingpastry = {
email = "senior.crepe@gmail.com";
github = "ragingpastry";
githubId = 6778250;
name = "Nick Wilburn";
};
raitobezarius = {
email = "ryan@lahfa.xyz";
matrix = "@raitobezarius:matrix.org";
@@ -13549,12 +13377,6 @@
githubId = 710906;
name = "Roel van Dijk";
};
rogarb = {
email = "rogarb@rgarbage.fr";
github = "rogarb";
githubId = 69053978;
name = "rogarb";
};
roman = {
email = "open-source@roman-gonzalez.info";
github = "roman";
@@ -14356,12 +14178,6 @@
githubId = 251028;
name = "Shell Turner";
};
shhht = {
name = "shhht";
email = "stp.tjeerd@gmail.com";
github = "shhht";
githubId = 118352823;
};
shikanime = {
name = "William Phetsinorath";
email = "deva.shikanime@protonmail.com";
@@ -14383,12 +14199,6 @@
githubId = 487050;
name = "Shea Levy";
};
shlok = {
email = "sd-nix-maintainer@quant.is";
github = "shlok";
githubId = 3000933;
name = "Shlok Datye";
};
shmish111 = {
email = "shmish111@gmail.com";
github = "shmish111";
@@ -14590,15 +14400,6 @@
githubId = 12828415;
name = "Michel Weitbrecht";
};
slwst = {
email = "email@slw.st";
github = "slwst";
githubId = 11047377;
name = "slwst";
keys = [{
fingerprint = "6CEB 4A2F E6DC C345 1B2B 4733 AD52 C5FB 3EFE CC7A";
}];
};
smakarov = {
email = "setser200018@gmail.com";
github = "SeTSeR";
@@ -14795,6 +14596,12 @@
githubId = 6391601;
name = "Roger Mason";
};
spwhitt = {
email = "sw@swhitt.me";
github = "spwhitt";
githubId = 1414088;
name = "Spencer Whitt";
};
squalus = {
email = "squalus@squalus.net";
github = "squalus";
@@ -14877,7 +14684,7 @@
name = "Christoph Honal";
};
star-szr = {
email = "nixpkgs@szr.fastmail.com";
email = "nixpkgs@scottr.mailworks.org";
github = "star-szr";
githubId = 327943;
name = "Scott Zhu Reeves";
@@ -15026,12 +14833,10 @@
name = "Stijn DW";
};
StillerHarpo = {
email = "engelflorian@posteo.de";
email = "florianengel39@gmail.com";
github = "StillerHarpo";
githubId = 25526706;
name = "Florian Engel";
keys = [{ fingerprint = "4E2D9B26940E0DABF376B7AF76762421D45837DE"; }];
matrix = "@qe7ftcyrpg:matrix.org";
};
stites = {
email = "sam@stites.io";
@@ -15404,12 +15209,6 @@
}];
name = "David Tchekachev";
};
tcheronneau = {
email = "nix@mcth.fr";
github = "tcheronneau";
githubId = 7914437;
name = "Thomas Cheronneau";
};
tckmn = {
email = "andy@tck.mn";
github = "tckmn";
@@ -15459,12 +15258,6 @@
githubId = 1755789;
name = "Robert Irelan";
};
tennox = {
email = "tennox+nix@txlab.io";
github = "tennox";
githubId = 2084639;
name = "Manu";
};
teozkr = {
email = "teo@nullable.se";
github = "nightkr";
@@ -15649,15 +15442,6 @@
githubId = 57180880;
name = "Ansh Tyagi";
};
therealr5 = {
email = "rouven@rfive.de";
github = "therealr5";
githubId = 72568063;
name = "Rouven Seifert";
keys = [{
fingerprint = "1169 87A8 DD3F 78FF 8601 BF4D B95E 8FE6 B11C 4D09";
}];
};
therishidesai = {
email = "desai.rishi1@gmail.com";
github = "therishidesai";
@@ -15705,12 +15489,6 @@
githubId = 3268082;
name = "Thibaut Marty";
};
thielema = {
name = "Henning Thielemann";
email = "nix@henning-thielemann.de";
github = "thielema";
githubId = 898989;
};
thled = {
name = "Thomas Le Duc";
email = "dev@tleduc.de";
@@ -15806,11 +15584,10 @@
githubId = 18621411;
};
tilpner = {
name = "Till Höppner";
email = "nixpkgs@tilpner.com";
matrix = "@tilpner:tx0.co";
email = "till@hoeppner.ws";
github = "tilpner";
githubId = 4322055;
name = "Till Höppner";
};
timbertson = {
email = "tim@gfxmonk.net";
@@ -15956,12 +15733,6 @@
githubId = 8577941;
name = "Kevin Rauscher";
};
tomaskala = {
email = "public+nixpkgs@tomaskala.com";
github = "tomaskala";
githubId = 7727887;
name = "Tomas Kala";
};
tomberek = {
email = "tomberek@gmail.com";
matrix = "@tomberek:matrix.org";
@@ -16357,12 +16128,6 @@
githubId = 15697697;
name = "Kasper Gałkowski";
};
utkarshgupta137 = {
email = "utkarshgupta137@gmail.com";
github = "utkarshgupta137";
githubId = 5155100;
name = "Utkarsh Gupta";
};
uvnikita = {
email = "uv.nikita@gmail.com";
github = "uvNikita";
@@ -17653,12 +17418,6 @@
githubId = 393108;
name = "Damien Diederen";
};
zumorica = {
name = "Vera Aguilera Puerto";
email = "gradientvera+nix@outlook.com";
github = "Zumorica";
githubId = 6766154;
};
zupo = {
name = "Nejc Zupan";
email = "nejczupan+nix@gmail.com";

132
maintainers/scripts/copy-tarballs.pl
View File

@@ -50,22 +50,19 @@ while (@ARGV) {
}
}
my $bucket;
if (not defined $ENV{DEBUG}) {
# S3 setup.
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "AWS_ACCESS_KEY_ID not set\n";
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "AWS_SECRET_ACCESS_KEY not set\n";
# S3 setup.
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "AWS_ACCESS_KEY_ID not set\n";
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "AWS_SECRET_ACCESS_KEY not set\n";
my $s3 = Net::Amazon::S3->new(
{ aws_access_key_id => $aws_access_key_id,
aws_secret_access_key => $aws_secret_access_key,
retry => 1,
host => "s3-eu-west-1.amazonaws.com",
});
my $s3 = Net::Amazon::S3->new(
{ aws_access_key_id => $aws_access_key_id,
aws_secret_access_key => $aws_secret_access_key,
retry => 1,
host => "s3-eu-west-1.amazonaws.com",
});
$bucket = $s3->bucket("nixpkgs-tarballs") or die;
}
my $bucket = $s3->bucket("nixpkgs-tarballs") or die;
my $doWrite = 0;
my $cacheFile = ($ENV{"HOME"} or die "\$HOME is not set") . "/.cache/nix/copy-tarballs";
@@ -162,18 +159,13 @@ elsif (defined $expr) {
# Check every fetchurl call discovered by find-tarballs.nix.
my $mirrored = 0;
my $have = 0;
foreach my $fetch (sort { $a->{urls}->[0] cmp $b->{urls}->[0] } @{$fetches}) {
my $urls = $fetch->{urls};
foreach my $fetch (sort { $a->{url} cmp $b->{url} } @{$fetches}) {
my $url = $fetch->{url};
my $algo = $fetch->{type};
my $hash = $fetch->{hash};
my $name = $fetch->{name};
my $isPatch = $fetch->{isPatch};
if ($isPatch) {
print STDERR "skipping $urls->[0] (support for patches is missing)\n";
next;
}
if ($hash =~ /^([a-z0-9]+)-([A-Za-z0-9+\/=]+)$/) {
$algo = $1;
$hash = `nix hash to-base16 $hash` or die;
@@ -188,60 +180,62 @@ elsif (defined $expr) {
chomp $hash;
}
if (defined $ENV{DEBUG}) {
print "$url $algo $hash\n";
next;
}
if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
print STDERR "skipping $url (unsupported scheme)\n";
next;
}
if ($isPatch) {
print STDERR "skipping $url (support for patches is missing)\n";
next;
}
next if defined $exclude && $url =~ /$exclude/;
if (alreadyMirrored($algo, $hash)) {
$have++;
next;
}
my $storePath = makeFixedOutputPath(0, $algo, $hash, $name);
for my $url (@$urls) {
if (defined $ENV{DEBUG}) {
print "$url $algo $hash\n";
next;
}
print STDERR "mirroring $url ($storePath, $algo, $hash)...\n";
if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
print STDERR "skipping $url (unsupported scheme)\n";
next;
}
next if defined $exclude && $url =~ /$exclude/;
if (alreadyMirrored($algo, $hash)) {
$have++;
last;
}
print STDERR "mirroring $url ($storePath, $algo, $hash)...\n";
if ($dryRun) {
$mirrored++;
last;
}
# Substitute the output.
if (!isValidPath($storePath)) {
system("nix-store", "-r", $storePath);
}
# Otherwise download the file using nix-prefetch-url.
if (!isValidPath($storePath)) {
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
waitpid($pid, 0) or die;
if ($? != 0) {
print STDERR "failed to fetch $url: $?\n";
next;
}
<$fh>; my $storePath2 = <$fh>; chomp $storePath2;
if ($storePath ne $storePath2) {
warn "strange: $storePath != $storePath2\n";
next;
}
}
uploadFile($storePath, $url);
if ($dryRun) {
$mirrored++;
last;
next;
}
# Substitute the output.
if (!isValidPath($storePath)) {
system("nix-store", "-r", $storePath);
}
# Otherwise download the file using nix-prefetch-url.
if (!isValidPath($storePath)) {
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
waitpid($pid, 0) or die;
if ($? != 0) {
print STDERR "failed to fetch $url: $?\n";
next;
}
<$fh>; my $storePath2 = <$fh>; chomp $storePath2;
if ($storePath ne $storePath2) {
warn "strange: $storePath != $storePath2\n";
next;
}
}
uploadFile($storePath, $url);
$mirrored++;
}
print STDERR "mirrored $mirrored files, already have $have files\n";

8
maintainers/scripts/find-tarballs.nix
View File

@@ -9,12 +9,12 @@ let
root = expr;
uniqueFiles = map (x: x.file) (genericClosure {
startSet = map (file: { key = with file; (if type == null then "" else type + "+") + hash; inherit file; }) files;
uniqueUrls = map (x: x.file) (genericClosure {
startSet = map (file: { key = file.url; inherit file; }) urls;
operator = const [ ];
});
files = map (drv: { urls = drv.urls or [ drv.url ]; hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies;
urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies;
fetchurlDependencies =
filter
@@ -47,4 +47,4 @@ let
canEval = val: (builtins.tryEval val).success;
in uniqueFiles
in uniqueUrls

2
maintainers/scripts/haskell/mark-broken.sh
View File

@@ -32,6 +32,8 @@ EOF
sort -iu "$tmpfile" >> "$broken_config"
clear="env -u HOME -u NIXPKGS_CONFIG"
$clear maintainers/scripts/haskell/regenerate-hackage-packages.sh
$clear maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh
$clear maintainers/scripts/haskell/regenerate-hackage-packages.sh
evalline=$(maintainers/scripts/haskell/hydra-report.hs eval-info)
if [[ "${1:-}" == "--do-commit" ]]; then

3
maintainers/scripts/haskell/merge-and-open-pr.sh
View File

@@ -85,8 +85,7 @@ echo "Updating Stackage..."
echo "Updating Hackage hashes..."
./maintainers/scripts/haskell/update-hackage.sh --do-commit
echo "Regenerating Hackage packages..."
# Using fast here because after the hackage-update eval errors will likely break the transitive dependencies check.
./maintainers/scripts/haskell/regenerate-hackage-packages.sh --fast --do-commit
./maintainers/scripts/haskell/regenerate-hackage-packages.sh --do-commit
# Push these new commits to the haskell-updates branch
echo "Pushing commits just created to the remote haskell-updates branch..."

111
maintainers/scripts/haskell/regenerate-hackage-packages.sh
View File

@@ -1,69 +1,22 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils haskellPackages.cabal2nix-unstable git nix -I nixpkgs=.
# This script is used to regenerate nixpkgs' Haskell package set, using the
# tool hackage2nix from the nixos/cabal2nix repo. hackage2nix looks at the
# config files in pkgs/development/haskell-modules/configuration-hackage2nix
# and generates a Nix expression for package version specified there, using the
# Cabal files from the Hackage database (available under all-cabal-hashes) and
# its companion tool cabal2nix.
#
# Related scripts are update-hackage.sh, for updating the snapshot of the
# Hackage database used by hackage2nix, and update-cabal2nix-unstable.sh,
# for updating the version of hackage2nix used to perform this task.
#
# Note that this script doesn't gcroot anything, so it may be broken by an
# unfortunately timed nix-store --gc.
set -euo pipefail
self=$0
print_help () {
cat <<END_HELP
Usage: $self [options]
Options:
--do-commit Commit changes to this file.
-f | --fast Do not update the transitive-broken.yaml file.
-h | --help Show this help.
This script is used to regenerate nixpkgs' Haskell package set, using the
tool hackage2nix from the nixos/cabal2nix repo. hackage2nix looks at the
config files in pkgs/development/haskell-modules/configuration-hackage2nix
and generates a Nix expression for package version specified there, using the
Cabal files from the Hackage database (available under all-cabal-hashes) and
its companion tool cabal2nix.
Unless --fast is used, it will then use the generated nix expression by
running regenerate-transitive-broken-packages.sh which updates the transitive-broken.yaml
file. Then it re-runs hackage2nix.
Related scripts are update-hackage.sh, for updating the snapshot of the
Hackage database used by hackage2nix, and update-cabal2nix-unstable.sh,
for updating the version of hackage2nix used to perform this task.
Note that this script doesn't gcroot anything, so it may be broken by an
unfortunately timed nix-store --gc.
END_HELP
}
DO_COMMIT=0
REGENERATE_TRANSITIVE=1
options=$(getopt -o "fh" -l "help,fast,do-commit" -- "$@")
eval set -- "$options"
while true; do
case "$1" in
--do-commit)
DO_COMMIT=1
;;
-f|--fast)
REGENERATE_TRANSITIVE=0
;;
-h|--help)
print_help
exit 0
;;
--)
break;;
*)
print_help
exit 1
;;
esac
shift
done
HACKAGE2NIX="${HACKAGE2NIX:-hackage2nix}"
# To prevent hackage2nix fails because of encoding.
@@ -72,7 +25,14 @@ export LC_ALL=C.UTF-8
config_dir=pkgs/development/haskell-modules/configuration-hackage2nix
run_hackage2nix() {
echo "Obtaining Hackage data"
extraction_derivation='with import ./. {}; runCommandLocal "unpacked-cabal-hashes" { } "tar xf ${all-cabal-hashes} --strip-components=1 --one-top-level=$out"'
unpacked_hackage="$(nix-build -E "$extraction_derivation" --no-out-link)"
echo "Generating compiler configuration"
compiler_config="$(nix-build -A haskellPackages.cabal2nix-unstable.compilerConfig --no-out-link)"
echo "Starting hackage2nix to regenerate pkgs/development/haskell-modules/hackage-packages.nix ..."
"$HACKAGE2NIX" \
--hackage "$unpacked_hackage" \
--preferred-versions <(for n in "$unpacked_hackage"/*/preferred-versions; do cat "$n"; echo; done) \
@@ -82,33 +42,8 @@ run_hackage2nix() {
--config "$config_dir/stackage.yaml" \
--config "$config_dir/broken.yaml" \
--config "$config_dir/transitive-broken.yaml"
}
echo "Obtaining Hackage data …"
extraction_derivation='with import ./. {}; runCommandLocal "unpacked-cabal-hashes" { } "tar xf ${all-cabal-hashes} --strip-components=1 --one-top-level=$out"'
unpacked_hackage="$(nix-build -E "$extraction_derivation" --no-out-link)"
echo "Generating compiler configuration …"
compiler_config="$(nix-build -A haskellPackages.cabal2nix-unstable.compilerConfig --no-out-link)"
echo "Running hackage2nix to regenerate pkgs/development/haskell-modules/hackage-packages.nix …"
run_hackage2nix
if [[ "$REGENERATE_TRANSITIVE" -eq 1 ]]; then
echo "Regenerating transitive-broken.yaml … (pass --fast to $self to skip this step)"
maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh
echo "Running hackage2nix again to reflect changes in transitive-broken.yaml …"
run_hackage2nix
fi
if [[ "$DO_COMMIT" -eq 1 ]]; then
git add pkgs/development/haskell-modules/configuration-hackage2nix/transitive-broken.yaml
if [[ "${1:-}" == "--do-commit" ]]; then
git add pkgs/development/haskell-modules/hackage-packages.nix
git commit -F - << EOF
haskellPackages: regenerate package set based on current config

16
maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh
View File

@@ -1,18 +1,9 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils jq nix -I nixpkgs=.
set -euo pipefail
TMP_TEMPLATE=transitive-broken.XXXXXXX
readonly TMP_TEMPLATE
tmpfile=$(mktemp "$TMP_TEMPLATE")
trap 'rm -f "${tmpfile}"' 0
config_file=pkgs/development/haskell-modules/configuration-hackage2nix/transitive-broken.yaml
cat > $tmpfile << EOF
cat > $config_file << EOF
# This file is automatically generated by
# maintainers/scripts/haskell/regenerate-transitive-broken-packages.sh
# It is supposed to list all haskellPackages that cannot evaluate because they
@@ -20,6 +11,5 @@ cat > $tmpfile << EOF
dont-distribute-packages:
EOF
nix-instantiate --eval --option restrict-eval true -I . --strict --json maintainers/scripts/haskell/transitive-broken-packages.nix | jq -r . | LC_ALL=C.UTF-8 sort -i >> $tmpfile
mv $tmpfile $config_file
echo "Regenerating list of transitive broken packages ..."
nix-instantiate --eval --option restrict-eval true -I . --strict --json maintainers/scripts/haskell/transitive-broken-packages.nix | jq -r . | LC_ALL=C.UTF-8 sort -i >> $config_file

5
maintainers/scripts/remove-old-aliases.py
View File

@@ -100,12 +100,11 @@ def convert_to_throw(date_older_list: list[str]) -> list[tuple[str, str]]:
date_older_list.remove(line)
continue
alias = before_equal
alias_unquoted = before_equal.strip('"')
alias = before_equal.strip()
after_equal_list = [x.strip(";:") for x in after_equal.split()]
converted = (
f"{indent}{alias} = throw \"'{alias_unquoted}' has been renamed to/replaced by"
f"{indent}{alias} = throw \"'{alias}' has been renamed to/replaced by"
f" '{after_equal_list.pop(0)}'\";"
f' # Converted to throw {datetime.today().strftime("%Y-%m-%d")}'
)

10
maintainers/team-list.nix
View File

@@ -149,16 +149,6 @@ with lib.maintainers; {
enableFeatureFreezePing = true;
};
cuda = {
members = [
connorbaker
SomeoneSerge
];
scope = "Maintain CUDA-enabled packages";
shortName = "Cuda";
githubTeams = [ "cuda-maintainers" ];
};
darwin = {
members = [
toonn

2
nixos/doc/manual/development/developing-the-test-driver.chapter.md
View File

@@ -25,8 +25,6 @@ These include `pkgs.nixosTest`, `testing-python.nix` and `make-test-python.nix`.
## Testing changes to the test framework {#sec-test-the-test-framework}
We currently have limited unit tests for the framework itself. You may run these with `nix-build -A nixosTests.nixos-test-driver`.
When making significant changes to the test framework, we run the tests on Hydra, to avoid disrupting the larger NixOS project.
For this, we use the `python-test-refactoring` branch in the `NixOS/nixpkgs` repository, and its [corresponding Hydra jobset](https://hydra.nixos.org/jobset/nixos/python-test-refactoring).

2
nixos/doc/manual/development/freeform-modules.section.md
View File

@@ -13,7 +13,7 @@ checking for entire option trees, it is only recommended for use in
submodules.
::: {#ex-freeform-module .example}
### Freeform submodule
**Example: Freeform submodule**
The following shows a submodule assigning a freeform type that allows
arbitrary attributes with `str` values below `settings`, but also

10
nixos/doc/manual/development/option-declarations.section.md
View File

@@ -77,7 +77,6 @@ The option's description is "Whether to enable \<name\>.".
For example:
::: {#ex-options-declarations-util-mkEnableOption-magic .example}
### `mkEnableOption` usage
```nix
lib.mkEnableOption (lib.mdDoc "magic")
# is like
@@ -127,7 +126,6 @@ During the transition to CommonMark documentation `mkPackageOption` creates an o
Examples:
::: {#ex-options-declarations-util-mkPackageOption-hello .example}
### Simple `mkPackageOption` usage
```nix
lib.mkPackageOptionMD pkgs "hello" { }
# is like
@@ -141,7 +139,6 @@ lib.mkOption {
:::
::: {#ex-options-declarations-util-mkPackageOption-ghc .example}
### `mkPackageOption` with explicit default and example
```nix
lib.mkPackageOptionMD pkgs "GHC" {
default = [ "ghc" ];
@@ -159,7 +156,6 @@ lib.mkOption {
:::
::: {#ex-options-declarations-util-mkPackageOption-extraDescription .example}
### `mkPackageOption` with additional description text
```nix
mkPackageOption pkgs [ "python39Packages" "pytorch" ] {
extraDescription = "This is an example and doesn't actually do anything.";
@@ -221,7 +217,7 @@ changing the main service module file and the type system automatically
enforces that there can only be a single display manager enabled.
::: {#ex-option-declaration-eot-service .example}
### Extensible type placeholder in the service module
**Example: Extensible type placeholder in the service module**
```nix
services.xserver.displayManager.enable = mkOption {
description = "Display manager to use";
@@ -231,7 +227,7 @@ services.xserver.displayManager.enable = mkOption {
:::
::: {#ex-option-declaration-eot-backend-gdm .example}
### Extending `services.xserver.displayManager.enable` in the `gdm` module
**Example: Extending `services.xserver.displayManager.enable` in the `gdm` module**
```nix
services.xserver.displayManager.enable = mkOption {
type = with types; nullOr (enum [ "gdm" ]);
@@ -240,7 +236,7 @@ services.xserver.displayManager.enable = mkOption {
:::
::: {#ex-option-declaration-eot-backend-sddm .example}
### Extending `services.xserver.displayManager.enable` in the `sddm` module
**Example: Extending `services.xserver.displayManager.enable` in the `sddm` module**
```nix
services.xserver.displayManager.enable = mkOption {
type = with types; nullOr (enum [ "sddm" ]);

22
nixos/doc/manual/development/option-types.section.md
View File

@@ -36,7 +36,7 @@ merging is handled.
together. This type is recommended when the option type is unknown.
::: {#ex-types-anything .example}
### `types.anything`
**Example: `types.anything` Example**
Two definitions of this type like
@@ -99,10 +99,6 @@ merging is handled.
problems.
:::
`types.pkgs`
: A type for the top level Nixpkgs package set.
### Numeric types {#sec-option-types-numeric}
`types.int`
@@ -360,7 +356,7 @@ you will still need to provide a default value (e.g. an empty attribute set)
if you want to allow users to leave it undefined.
::: {#ex-submodule-direct .example}
### Directly defined submodule
**Example: Directly defined submodule**
```nix
options.mod = mkOption {
description = "submodule example";
@@ -379,7 +375,7 @@ options.mod = mkOption {
:::
::: {#ex-submodule-reference .example}
### Submodule defined as a reference
**Example: Submodule defined as a reference**
```nix
let
modOptions = {
@@ -407,7 +403,7 @@ multiple definitions of the submodule option set
([Example: Definition of a list of submodules](#ex-submodule-listof-definition)).
::: {#ex-submodule-listof-declaration .example}
### Declaration of a list of submodules
**Example: Declaration of a list of submodules**
```nix
options.mod = mkOption {
description = "submodule example";
@@ -426,7 +422,7 @@ options.mod = mkOption {
:::
::: {#ex-submodule-listof-definition .example}
### Definition of a list of submodules
**Example: Definition of a list of submodules**
```nix
config.mod = [
{ foo = 1; bar = "one"; }
@@ -441,7 +437,7 @@ multiple named definitions of the submodule option set
([Example: Definition of attribute sets of submodules](#ex-submodule-attrsof-definition)).
::: {#ex-submodule-attrsof-declaration .example}
### Declaration of attribute sets of submodules
**Example: Declaration of attribute sets of submodules**
```nix
options.mod = mkOption {
description = "submodule example";
@@ -460,7 +456,7 @@ options.mod = mkOption {
:::
::: {#ex-submodule-attrsof-definition .example}
### Definition of attribute sets of submodules
**Example: Definition of attribute sets of submodules**
```nix
config.mod.one = { foo = 1; bar = "one"; };
config.mod.two = { foo = 2; bar = "two"; };
@@ -480,7 +476,7 @@ Types are mainly characterized by their `check` and `merge` functions.
([Example: Overriding a type check](#ex-extending-type-check-2)).
::: {#ex-extending-type-check-1 .example}
### Adding a type check
**Example: Adding a type check**
```nix
byte = mkOption {
@@ -491,7 +487,7 @@ Types are mainly characterized by their `check` and `merge` functions.
:::
::: {#ex-extending-type-check-2 .example}
### Overriding a type check
**Example: Overriding a type check**
```nix
nixThings = mkOption {

4
nixos/doc/manual/development/settings-options.section.md
View File

@@ -143,7 +143,7 @@ These functions all return an attribute set with these values:
:::
::: {#ex-settings-nix-representable .example}
### Module with conventional `settings` option
**Example: Module with conventional `settings` option**
The following shows a module for an example program that uses a JSON
configuration file. It demonstrates how above values can be used, along
@@ -218,7 +218,7 @@ the port, which will enforce it to be a valid integer and make it show
up in the manual.
::: {#ex-settings-typed-attrs .example}
### Declaring a type-checked `settings` attribute
**Example: Declaring a type-checked `settings` attribute**
```nix
settings = lib.mkOption {
type = lib.types.submodule {

6
nixos/doc/manual/development/writing-modules.chapter.md
View File

@@ -37,7 +37,7 @@ options, but does not declare any. The structure of full NixOS modules
is shown in [Example: Structure of NixOS Modules](#ex-module-syntax).
::: {#ex-module-syntax .example}
### Structure of NixOS Modules
**Example: Structure of NixOS Modules**
```nix
{ config, pkgs, ... }:
@@ -100,7 +100,7 @@ Exec directives](#exec-escaping-example) for an example. When using these
functions system environment substitution should *not* be disabled explicitly.
::: {#locate-example .example}
### NixOS Module for the "locate" Service
**Example: NixOS Module for the "locate" Service**
```nix
{ config, lib, pkgs, ... }:
@@ -161,7 +161,7 @@ in {
:::
::: {#exec-escaping-example .example}
### Escaping in Exec directives
**Example: Escaping in Exec directives**
```nix
{ config, lib, pkgs, utils, ... }:

5
nixos/doc/manual/development/writing-nixos-tests.section.md
View File

@@ -130,11 +130,6 @@ starting them in parallel:
start_all()
```
If the hostname of a node contains characters that can't be used in a
Python variable name, those characters will be replaced with
underscores in the variable name, so `nodes.machine-a` will be exposed
to Python as `machine_a`.
## Machine objects {#ssec-machine-objects}
The following methods are available on machine objects:

8
nixos/doc/manual/installation/installing.chapter.md
View File

@@ -538,7 +538,7 @@ drive (here `/dev/sda`). [Example: NixOS Configuration](#ex-config) shows a
corresponding configuration Nix expression.
::: {#ex-partition-scheme-MBR .example}
### Example partition schemes for NixOS on `/dev/sda` (MBR)
**Example: Example partition schemes for NixOS on `/dev/sda` (MBR)**
```ShellSession
# parted /dev/sda -- mklabel msdos
# parted /dev/sda -- mkpart primary 1MB -8GB
@@ -547,7 +547,7 @@ corresponding configuration Nix expression.
:::
::: {#ex-partition-scheme-UEFI .example}
### Example partition schemes for NixOS on `/dev/sda` (UEFI)
**Example: Example partition schemes for NixOS on `/dev/sda` (UEFI)**
```ShellSession
# parted /dev/sda -- mklabel gpt
# parted /dev/sda -- mkpart primary 512MB -8GB
@@ -558,7 +558,7 @@ corresponding configuration Nix expression.
:::
::: {#ex-install-sequence .example}
### Commands for Installing NixOS on `/dev/sda`
**Example: Commands for Installing NixOS on `/dev/sda`**
With a partitioned disk.
@@ -578,7 +578,7 @@ With a partitioned disk.
:::
::: {#ex-config .example}
### Example: NixOS Configuration
**Example: NixOS Configuration**
```ShellSession
{ config, pkgs, ... }: {
imports = [

2
nixos/doc/manual/preface.md
View File

@@ -4,7 +4,7 @@ This manual describes how to install, use and extend NixOS, a Linux distribution
Additional information regarding the Nix package manager and the Nixpkgs project can be found in respectively the [Nix manual](https://nixos.org/nix/manual) and the [Nixpkgs manual](https://nixos.org/nixpkgs/manual).
If you encounter problems, please report them on the [`Discourse`](https://discourse.nixos.org), the [Matrix room](https://matrix.to/#/%23nix:nixos.org), or on the [`#nixos` channel on Libera.Chat](irc://irc.libera.chat/#nixos). Alternatively, consider [contributing to this manual](#chap-contributing). Bugs should be reported in [NixOS GitHub issue tracker](https://github.com/NixOS/nixpkgs/issues).
If you encounter problems, please report them on the [`Discourse`](https://discourse.nixos.org), the [Matrix room](https://matrix.to/#nix:nixos.org), or on the [`#nixos` channel on Libera.Chat](irc://irc.libera.chat/#nixos). Alternatively, consider [contributing to this manual](#chap-contributing). Bugs should be reported in [NixOS GitHub issue tracker](https://github.com/NixOS/nixpkgs/issues).
::: {.note}
Commands prefixed with `#` have to be run as root, either requiring to login as root user or temporarily switching to it using `sudo` for example.

118
nixos/doc/manual/release-notes/rl-2305.section.md
View File

@@ -24,22 +24,16 @@ In addition to numerous new and upgraded packages, this release has the followin
- KDE Plasma has been updated to v5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what is changed.
- Python implements [PEP 668](https://peps.python.org/pep-0668/), providing better feedback to users that try to run `pip install` system-wide.
- `nixos-rebuild` now supports an extra `--specialisation` option that can be used to change specialisation for `switch` and `test` commands.
- `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code).
- `boot.bootspec.enable` (internal option) is now enabled by default because [RFC-0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot usecases in NixOS such as SecureBoot.
## New Services {#sec-release-23.05-new-services}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable).
- [Pixelfed](https://pixelfed.org/), an Instagram-like ActivityPub server. Available as [services.pixelfed](options.html#opt-services.pixelfed.enable).
- [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable).
- [webhook](https://github.com/adnanh/webhook), a lightweight webhook server. Available as [services.webhook](#opt-services.webhook.enable).
@@ -50,22 +44,13 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable).
- [Deepin Desktop Environment](https://github.com/linuxdeepin/dde), an elegant, easy to use and reliable desktop environment. Available as [services.xserver.desktopManager.deepin](options.html#opt-services.xserver.desktopManager.deepin).
- [system-repart](https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html), grow and add partitions to a partition table. Available as [systemd.repart](options.html#opt-systemd.repart) and [boot.initrd.systemd.repart](options.html#opt-boot.initrd.systemd.repart)
- [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion).
- [readarr](https://github.com/Readarr/Readarr), Book Manager and Automation (Sonarr for Ebooks). Available as [services.readarr](options.html#opt-services.readarr.enable).
- [gemstash](https://github.com/rubygems/gemstash), a RubyGems.org cache and private gem server. Available as [services.gemstash](#opt-services.gemstash.enable).
- [gitea-actions-runner](https://gitea.com/gitea/act_runner), a CI runner for Gitea/Forgejo Actions. Available as [services.gitea-actions-runner](#opt-services.gitea-actions-runner.instances).
- [gmediarender](https://github.com/hzeller/gmrender-resurrect), a simple, headless UPnP/DLNA renderer. Available as [services.gmediarender](options.html#opt-services.gmediarender.enable).
- [harmonia](https://github.com/nix-community/harmonia/), Nix binary cache implemented in rust using libnix-store. Available as [services.harmonia](options.html#opt-services.harmonia.enable).
- [hyprland](https://github.com/hyprwm/hyprland), a dynamic tiling Wayland compositor that doesn't sacrifice on its looks. Available as [programs.hyprland](#opt-programs.hyprland.enable).
- [minipro](https://gitlab.com/DavidGriffith/minipro/), an open source program for controlling the MiniPRO TL866xx series of chip programmers. Available as [programs.minipro](options.html#opt-programs.minipro.enable).
@@ -78,8 +63,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).
- [kavita](https://kavitareader.com), a self-hosted digital library. Available as [services.kavita](options.html#opt-services.kavita.enable).
- [monica](https://www.monicahq.com), an open source personal CRM. Available as [services.monica](options.html#opt-services.monica.enable).
- [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable).
@@ -96,24 +79,14 @@ In addition to numerous new and upgraded packages, this release has the followin
- [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable).
- [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable).
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
- [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
- [keyd](https://github.com/rvaiya/keyd), a key remapping daemon for linux. Available as [services.keyd](#opt-services.keyd.enable).
- [consul-template](https://github.com/hashicorp/consul-template/), a template rendering, notifier, and supervisor for HashiCorp Consul and Vault data. Available as [services.consul-template](#opt-services.consul-template.instances).
- [vault-agent](https://developer.hashicorp.com/vault/docs/agent), a template rendering and API auth proxy for HashiCorp Vault, similar to `consul-template`. Available as [services.vault-agent](#opt-services.vault-agent.instances).
- [trippy](https://github.com/fujiapple852/trippy), a network diagnostic tool. Available as [programs.trippy](#opt-programs.trippy.enable).
- [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable).
- [rshim](https://github.com/Mellanox/rshim-user-space), the user-space rshim driver for the BlueField SoC. Available as [services.rshim](options.html#opt-services.rshim.enable).
- [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable).
- [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable).
@@ -124,14 +97,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [stargazer](https://sr.ht/~zethra/stargazer/), a fast and easy to use Gemini server. Available as [services.stargazer](#opt-services.stargazer.enable).
- [sniffnet](https://github.com/GyulyVGC/sniffnet), an application to monitor your network traffic. Available as [programs.sniffnet](#opt-programs.sniffnet.enable).
- [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable).
- [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable).
- [birdwatcher](github.com/alice-lg/birdwatcher), a small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon. Available as [services.birdwatcher](#opt-services.birdwatcher.enable).
- [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable).
- [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.
@@ -148,8 +115,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable).
- [lldap](https://github.com/lldap/lldap), a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. Available as [services.lldap](#opt-services.lldap.enable).
- [ReGreet](https://github.com/rharish101/ReGreet), a clean and customizable greeter for greetd. Available as [programs.regreet](#opt-programs.regreet.enable).
- [v4l2-relayd](https://git.launchpad.net/v4l2-relayd), a streaming relay for v4l2loopback using gstreamer. Available as [services.v4l2-relayd](#opt-services.v4l2-relayd.instances._name_.enable).
@@ -164,8 +129,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead.
- `services.asusd` configuration now uses strings instead of structured configuration, as upstream switched to the [RON](https://github.com/ron-rs/ron) configuration format. Support for structured configuration may return when [RON](https://github.com/ron-rs/ron) generation is implemented in nixpkgs.
- `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages).
- `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`.
@@ -182,8 +145,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.
- `graylog` has been updated to version 5, which can not be upgraded directly from the previously packaged version 3.3. If you had installed the previously packaged version 3.3, please follow the [upgrade path](https://go2docs.graylog.org/5-0/upgrading_graylog/upgrade_path.htm) from 3.3 to 4.0 to 4.3 to 5.0.
- `nushell` has been updated to at least version 0.77.0, which includes potential breaking changes in aliases. The old aliases are now available as `old-alias` but it is recommended you migrate to the new format. See [Reworked aliases](https://www.nushell.sh/blog/2023-03-14-nushell_0_77.html#reworked-aliases-breaking-changes-kubouch).
- `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative.
@@ -199,26 +160,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/).
- The attributes used by `services.snapper.configs.<name>` have changed. Migrate from this:
```nix
services.snapper.configs.example = {
subvolume = "/example";
extraConfig = ''
ALLOW_USERS="alice"
'';
};
```
to this:
```nix
services.snapper.configs.example = {
SUBVOLUME = "/example";
ALLOW_USERS = [ "alice" ];
};
```
- The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
- The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
@@ -227,8 +168,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using `fcitx5-rime.override { rimeDataPkgs = [ pkgs.rime-data, package2, ... ]; }`
- The udev hwdb.bin file is now built with systemd-hwdb rather than the [deprecated "udevadm hwdb"](https://github.com/systemd/systemd/pull/25714). This may impact mappings where the same key is defined in multiple matching entries. The updated behavior will select the latest definition in case of conflict. In general, this should be a positive change, as the hwdb source files are designed with this ordering in mind. As an example, the mapping of the HP Dev One keyboard scan code for "mute mic" is corrected by this update. This change may impact users who have worked-around previously incorrect mappings.
- Kime has been updated from 2.5.6 to 3.0.2 and the `i18n.inputMethod.kime.config` option has been removed. Users should use `daemonModules`, `iconColor`, and `extraConfig` options under `i18n.inputMethod.kime` instead.
- `tut` has been updated from 1.0.34 to 2.0.0, and now uses the TOML format for the configuration file instead of INI. Additional information can be found [here](https://github.com/RasmusLindroth/tut/releases/tag/2.0.0).
@@ -251,8 +190,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- Calling `makeSetupHook` without passing a `name` argument is deprecated.
- Top-level buildPlatform,hostPlatform,targetPlatform have been deprecated, use stdenv.X instead.
- `lib.systems.examples.ghcjs` and consequently `pkgsCross.ghcjs` now use the target triplet `javascript-unknown-ghcjs` instead of `js-unknown-ghcjs`. This has been done to match an [upstream decision](https://gitlab.haskell.org/ghc/ghc/-/commit/6636b670233522f01d002c9b97827d00289dbf5c) to follow Cabal's platform naming more closely. Nixpkgs will also reject `js` as an architecture name.
- `dokuwiki` has been updated from 2023-07-31a (Igor) to 2023-04-04 (Jack Jackrum), which has [completely removed](https://www.dokuwiki.org/changes#release_2023-04-04_jack_jackrum) the options to embed HTML and PHP for security reasons. The [htmlok plugin](https://www.dokuwiki.org/plugin:htmlok) can be used to regain this functionality.
@@ -265,10 +202,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name.
- [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) now uses socket authentication and is no longer compatible with password authentication.
- If you want the module to manage the database for you, unset [`services.nextcloud.config.dbpassFile`](#opt-services.nextcloud.config.dbpassFile) (and [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost), if it's set).
- If you want to use password authentication **and** create the database locally, you will have to use [`services.mysql`](#opt-services.mysql.enable) to set it up.
- `protonmail-bridge` package has been updated to major version 3.
- Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`.
@@ -296,16 +229,10 @@ In addition to numerous new and upgraded packages, this release has the followin
[upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126)
for more details and available replacements.
- The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatiblity. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed).
- [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use.
- [services.xserver.libinput.enable](options.html#opt-services.xserver.libinput.enable) is now set by default, enabling the more actively maintained and consistently behaved input device driver.
- To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`.
- In `services.fail2ban`, `bantime-increment.<name>` options now default to `null` (except `bantime-increment.enable`) and are used to set the corresponding option in `jail.local` only if not `null`. Also, enforce that `bantime-increment.formula` and `bantime-increment.multipliers` are not both specified.
- The default Asterisk package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`.
- conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround.
@@ -322,17 +249,11 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `baget` package and module was removed due to being unmaintained.
- The `qlandkartegt` and `garmindev` packages were removed due to being unmaintained and insecure.
- `go-ethereum` package has been updated to v1.11.5 and the `puppeth` command is no longer available as of v1.11.0.
- The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required)
- Migration instructions: ["Before updating pnpm to v8 in your CI, regenerate your pnpm-lock.yaml. To upgrade your lockfile, run pnpm install and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated. You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format."](https://github.com/pnpm/pnpm/releases/tag/v8.0.0)
- The `zplug` package changes its output path from `$out` to `$out/share/zplug`. Users should update their dependency on `${pkgs.zplug}/init.zsh` to `${pkgs.zplug}/share/zplug/init.zsh`.
- The `pict-rs` package was updated from an 0.3 alpha release to 0.3 stable, and related environment variables now require two underscores instead of one.
## Other Notable Changes {#sec-release-23.05-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@@ -357,7 +278,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
- `netbox` was updated to 3.5. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's breaking changes [for 3.4.0](https://github.com/netbox-community/netbox/releases/tag/v3.4.0) and [for 3.5.0](https://github.com/netbox-community/netbox/releases/tag/v3.5.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically.
- `netbox` was updated to 3.4. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's [breaking changes](https://github.com/netbox-community/netbox/releases/tag/v3.4.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically.
- `services.netbox` now support RFC42-style options, through `services.netbox.settings`.
@@ -377,21 +298,16 @@ In addition to numerous new and upgraded packages, this release has the followin
replacement. It stores backups as volume dump files and thus better integrates
into contemporary backup solutions.
- `services.maddy` got several updates:
- Configuration of users and their credentials using `services.maddy.ensureCredentials`.
- TLS configuration is now possible via `services.maddy.tls` with two loaders present: ACME and file based.
- `services.maddy` now allows to configure users and their credentials using `services.maddy.ensureCredentials`.
- The `dnsmasq` service now takes configuration via the
`services.dnsmasq.settings` attribute set. The option
`services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
end of life.
- `kube3d` has now been renamed to `k3d` since the 3d editor that originally took that name has been dropped from nixpkgs. `kube3d` will continue to work as an alias for now.
- The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed.
The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans.
Passing plain PHP is no longer possible.
Same applies to `acl` which now also only accepts structured `settings`.
- The `dokuwiki` service now takes configuration via the `services.dokuwiki.sites.<name>.settings` attribute set, `extraConfig` is deprecated and will be removed.
The `{aclUse,superUser,disableActions}` attributes have been renamed, `pluginsConfig` now also accepts an attribute set of booleans, passing plain PHP is deprecated.
Same applies to `acl` which now also accepts structured settings.
- The `zsh` package changes the way to set environment variables on NixOS systems where `programs.zsh.enable` equals `false`. It now sources `/etc/set-environment` when reading the system-level `zshenv` file. Before, it sourced `/etc/profile` when reading the system-level `zprofile` file.
@@ -414,28 +330,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- `nextcloud` has an option to enable SSE-C in S3.
- NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to setup the plain encryption device over the
underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so:
```nix
{
swapDevices = [
{
device = "/dev/disk/by-partlabel/swapspace";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}
];
}
```
- New option `security.pam.zfs` to enable unlocking and mounting of encrypted ZFS home dataset at login.
- `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`.
Before upgrading, read the release notes for PeerTube:
- [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0)
@@ -454,8 +348,6 @@ In addition to numerous new and upgraded packages, this release has the followin
}
```
- `services.netdata` offers a `deadlineBeforeStopSec` option which enable users who have netdata instance that takes time to initialize to not have systemd kill them for no reason.
- `services.dhcpcd` service now don't solicit or accept IPv6 Router Advertisements on interfaces that use static IPv6 addresses.
If network uses both IPv6 Unique local addresses (ULA) and global IPv6 address auto-configuration with SLAAC, must add the parameter `networking.dhcpcd.IPv6rs = true;`.

1
nixos/lib/eval-cacheable-options.nix
View File

@@ -33,7 +33,6 @@ let
];
specialArgs = {
inherit config pkgs utils;
class = "nixos";
};
};
docs = import "${nixosPath}/doc/manual" {

1
nixos/lib/eval-config-minimal.nix
View File

@@ -38,7 +38,6 @@ let
# is experimental.
lib.evalModules {
inherit prefix modules;
class = "nixos";
specialArgs = {
modulesPath = builtins.toString ../modules;
} // specialArgs;

24
nixos/lib/eval-config.nix
View File

@@ -38,8 +38,6 @@ let pkgs_ = pkgs;
in
let
inherit (lib) optional;
evalModulesMinimal = (import ./default.nix {
inherit lib;
# Implicit use of feature is noted in implementation.
@@ -49,19 +47,15 @@ let
pkgsModule = rec {
_file = ./eval-config.nix;
key = _file;
config = lib.mkMerge (
(optional (system != null) {
# Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override
# this. Since the latter defaults to the former, the former should
# default to the argument. That way this new default could propagate all
# they way through, but has the last priority behind everything else.
nixpkgs.system = lib.mkDefault system;
})
++
(optional (pkgs_ != null) {
_module.args.pkgs = lib.mkForce pkgs_;
})
);
config = {
# Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override
# this. Since the latter defaults to the former, the former should
# default to the argument. That way this new default could propagate all
# they way through, but has the last priority behind everything else.
nixpkgs.system = lib.mkIf (system != null) (lib.mkDefault system);
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
};
};
withWarnings = x:

2
nixos/lib/make-disk-image.nix
View File

@@ -511,7 +511,7 @@ let format' = format; in let
${if format == "raw" then ''
mv $diskImage $out/${filename}
'' else ''
${pkgs.qemu-utils}/bin/qemu-img convert -f raw -O ${format} ${compress} $diskImage $out/${filename}
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${format} ${compress} $diskImage $out/${filename}
''}
diskImage=$out/${filename}
'';

4
nixos/lib/make-multi-disk-zfs-image.nix
View File

@@ -261,8 +261,8 @@ let
mv $bootDiskImage $out/${bootFilename}
mv $rootDiskImage $out/${rootFilename}
'' else ''
${pkgs.qemu_kvm}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $bootDiskImage $out/${bootFilename}
${pkgs.qemu_kvm}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename}
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $bootDiskImage $out/${bootFilename}
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename}
''}
bootDiskImage=$out/${bootFilename}
rootDiskImage=$out/${rootFilename}

2
nixos/lib/make-single-disk-zfs-image.nix
View File

@@ -244,7 +244,7 @@ let
${if formatOpt == "raw" then ''
mv $rootDiskImage $out/${rootFilename}
'' else ''
${pkgs.qemu_kvm}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename}
${pkgs.qemu}/bin/qemu-img convert -f raw -O ${formatOpt} ${compress} $rootDiskImage $out/${rootFilename}
''}
rootDiskImage=$out/${rootFilename}
set -x

7
nixos/lib/test-driver/test_driver/driver.py
View File

@@ -2,7 +2,6 @@ from contextlib import contextmanager
from pathlib import Path
from typing import Any, Dict, Iterator, List, Union, Optional, Callable, ContextManager
import os
import re
import tempfile
from test_driver.logger import rootlog
@@ -29,10 +28,6 @@ def get_tmp_dir() -> Path:
return tmp_dir
def pythonize_name(name: str) -> str:
return re.sub(r"^[^A-z_]|[^A-z0-9_]", "_", name)
class Driver:
"""A handle to the driver that sets up the environment
and runs the tests"""
@@ -118,7 +113,7 @@ class Driver:
polling_condition=self.polling_condition,
Machine=Machine, # for typing
)
machine_symbols = {pythonize_name(m.name): m for m in self.machines}
machine_symbols = {m.name: m for m in self.machines}
# If there's exactly one machine, make it available under the name
# "machine", even if it's not called that.
if len(self.machines) == 1:

26
nixos/lib/test-driver/test_driver/machine.py
View File

@@ -7,7 +7,6 @@ import io
import os
import queue
import re
import select
import shlex
import shutil
import socket
@@ -100,7 +99,7 @@ def _perform_ocr_on_screenshot(
+ "-blur 1x65535"
)
tess_args = "-c debug_file=/dev/null --psm 11"
tess_args = f"-c debug_file=/dev/null --psm 11"
cmd = f"convert {magick_args} '{screenshot_path}' 'tiff:{screenshot_path}.tiff'"
ret = subprocess.run(cmd, shell=True, capture_output=True)
@@ -155,7 +154,6 @@ class StartCommand:
# qemu options
qemu_opts = (
" -device virtio-serial"
# Note: virtconsole will map to /dev/hvc0 in Linux guests
" -device virtconsole,chardev=shell"
" -device virtio-rng-pci"
" -serial stdio"
@@ -526,10 +524,8 @@ class Machine:
if timeout is not None:
timeout_str = f"timeout {timeout}"
# While sh is bash on NixOS, this is not the case for every distro.
# We explicitely call bash here to allow for the driver to boot other distros as well.
out_command = (
f"{timeout_str} bash -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n"
f"{timeout_str} sh -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n"
)
assert self.shell
@@ -723,15 +719,6 @@ class Machine:
self.wait_for_unit(jobname)
def connect(self) -> None:
def shell_ready(timeout_secs: int) -> bool:
"""We sent some data from the backdoor service running on the guest
to indicate that the backdoor shell is ready.
As soon as we read some data from the socket here, we assume that
our root shell is operational.
"""
(ready, _, _) = select.select([self.shell], [], [], timeout_secs)
return bool(ready)
if self.connected:
return
@@ -741,11 +728,8 @@ class Machine:
assert self.shell
tic = time.time()
# TODO: do we want to bail after a set number of attempts?
while not shell_ready(timeout_secs=30):
self.log("Guest root shell did not produce any data yet...")
self.log(self.shell.recv(1024).decode())
self.shell.recv(1024)
# TODO: Timeout
toc = time.time()
self.log("connected to guest root shell")
@@ -966,7 +950,7 @@ class Machine:
Prepares the machine to be reconnected which is useful if the
machine was started with `allow_reboot = True`
"""
self.send_key("ctrl-alt-delete")
self.send_key(f"ctrl-alt-delete")
self.connected = False
def wait_for_x(self) -> None:

5
nixos/lib/testing/default.nix
View File

@@ -1,10 +1,7 @@
{ lib }:
let
evalTest = module: lib.evalModules {
modules = testModules ++ [ module ];
class = "nixosTest";
};
evalTest = module: lib.evalModules { modules = testModules ++ [ module ]; };
runTest = module: (evalTest ({ config, ... }: { imports = [ module ]; result = config.test; })).config.result;
testModules = [

31
nixos/lib/testing/driver.nix
View File

@@ -21,20 +21,29 @@ let
in
nodesList ++ lib.optional (lib.length nodesList == 1 && !lib.elem "machine" nodesList) "machine";
pythonizeName = name:
let
head = lib.substring 0 1 name;
tail = lib.substring 1 (-1) name;
in
(if builtins.match "[A-z_]" head == null then "_" else head) +
lib.stringAsChars (c: if builtins.match "[A-z0-9_]" c == null then "_" else c) tail;
# TODO: This is an implementation error and needs fixing
# the testing famework cannot legitimately restrict hostnames further
# beyond RFC1035
invalidNodeNames = lib.filter
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null)
nodeHostNames;
uniqueVlans = lib.unique (builtins.concatLists vlans);
vlanNames = map (i: "vlan${toString i}: VLan;") uniqueVlans;
pythonizedNames = map pythonizeName nodeHostNames;
machineNames = map (name: "${name}: Machine;") pythonizedNames;
machineNames = map (name: "${name}: Machine;") nodeHostNames;
withChecks = lib.warnIf config.skipLint "Linting is disabled";
withChecks =
if lib.length invalidNodeNames > 0 then
throw ''
Cannot create machines out of (${lib.concatStringsSep ", " invalidNodeNames})!
All machines are referenced as python variables in the testing framework which will break the
script when special characters are used.
This is an IMPLEMENTATION ERROR and needs to be fixed. Meanwhile,
please stick to alphanumeric chars and underscores as separation.
''
else
lib.warnIf config.skipLint "Linting is disabled";
driver =
hostPkgs.runCommand "nixos-test-driver-${config.name}"
@@ -78,7 +87,7 @@ let
${testDriver}/bin/generate-driver-symbols
${lib.optionalString (!config.skipLint) ''
PYFLAKES_BUILTINS="$(
echo -n ${lib.escapeShellArg (lib.concatStringsSep "," pythonizedNames)},
echo -n ${lib.escapeShellArg (lib.concatStringsSep "," nodeHostNames)},
< ${lib.escapeShellArg "driver-symbols"}
)" ${hostPkgs.python3Packages.pyflakes}/bin/pyflakes $out/test-script
''}

57
nixos/lib/testing/nodes.nix
View File

@@ -1,22 +1,13 @@
testModuleArgs@{ config, lib, hostPkgs, nodes, ... }:
let
inherit (lib)
literalExpression
literalMD
mapAttrs
mdDoc
mkDefault
mkIf
mkOption mkForce
optional
optionalAttrs
types
;
inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc;
system = hostPkgs.stdenv.hostPlatform.system;
baseOS =
import ../eval-config.nix {
system = null; # use modularly defined system
inherit system;
inherit (config.node) specialArgs;
modules = [ config.defaults ];
baseModules = (import ../../modules/module-list.nix) ++
@@ -26,17 +17,11 @@ let
({ config, ... }:
{
virtualisation.qemu.package = testModuleArgs.config.qemu.package;
})
(optionalAttrs (!config.node.pkgsReadOnly) {
key = "nodes.nix-pkgs";
config = {
# Ensure we do not use aliases. Ideally this is only set
# when the test framework is used by Nixpkgs NixOS tests.
nixpkgs.config.allowAliases = false;
# TODO: switch to nixpkgs.hostPlatform and make sure containers-imperative test still evaluates.
nixpkgs.system = hostPkgs.stdenv.hostPlatform.system;
};
})
})
testModuleArgs.config.extraBaseModules
];
};
@@ -83,30 +68,6 @@ in
default = { };
};
node.pkgs = mkOption {
description = mdDoc ''
The Nixpkgs to use for the nodes.
Setting this will make the `nixpkgs.*` options read-only, to avoid mistakenly testing with a Nixpkgs configuration that diverges from regular use.
'';
type = types.nullOr types.pkgs;
default = null;
defaultText = literalMD ''
`null`, so construct `pkgs` according to the `nixpkgs.*` options as usual.
'';
};
node.pkgsReadOnly = mkOption {
description = mdDoc ''
Whether to make the `nixpkgs.*` options read-only. This is only relevant when [`node.pkgs`](#test-opt-node.pkgs) is set.
Set this to `false` when any of the [`nodes`](#test-opt-nodes) needs to configure any of the `nixpkgs.*` options. This will slow down evaluation of your test a bit.
'';
type = types.bool;
default = config.node.pkgs != null;
defaultText = literalExpression ''node.pkgs != null'';
};
node.specialArgs = mkOption {
type = types.lazyAttrsOf types.raw;
default = { };
@@ -139,11 +100,5 @@ in
config.nodes;
passthru.nodes = config.nodesCompat;
defaults = mkIf config.node.pkgsReadOnly {
nixpkgs.pkgs = config.node.pkgs;
imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
};
};
}

6
nixos/maintainers/scripts/ec2/amazon-image.nix
View File

@@ -102,8 +102,8 @@ in {
${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg root_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \
--arg root "$rootDisk" \
--arg boot "$bootDisk" \
@@ -142,7 +142,7 @@ in {
${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \
--arg file "$diskImage" \
'{}

2
nixos/maintainers/scripts/openstack/openstack-image-zfs.nix
View File

@@ -85,7 +85,7 @@ in
${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg root_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${imageBootMode}" \
--arg root "$rootDisk" \
'{}

1
nixos/modules/config/gnu.nix
View File

@@ -29,6 +29,7 @@
# GNU GRUB, where available.
boot.loader.grub.enable = !pkgs.stdenv.isAarch32;
boot.loader.grub.version = 2;
# GNU lsh.
services.openssh.enable = false;

2
nixos/modules/config/malloc.nix
View File

@@ -30,7 +30,7 @@ let
systemPlatform = platformMap.${pkgs.stdenv.hostPlatform.system} or (throw "scudo not supported on ${pkgs.stdenv.hostPlatform.system}");
in {
libPath = "${pkgs.llvmPackages_14.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";
description = ''
A user-mode allocator based on LLVM Sanitizers CombinedAllocator,
which aims at providing additional mitigations against heap based

3
nixos/modules/config/no-x-libs.nix
View File

@@ -47,7 +47,7 @@ with lib;
libva = super.libva-minimal;
limesuite = super.limesuite.override { withGui = false; };
mc = super.mc.override { x11Support = false; };
mpv-unwrapped = super.mpv-unwrapped.override { sdl2Support = false; x11Support = false; waylandSupport = false; };
mpv-unwrapped = super.mpv-unwrapped.override { sdl2Support = false; x11Support = false; };
msmtp = super.msmtp.override { withKeyring = false; };
neofetch = super.neofetch.override { x11Support = false; };
networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; };
@@ -59,7 +59,6 @@ with lib;
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
pango = super.pango.override { x11Support = false; };
pinentry = super.pinentry.override { enabledFlavors = [ "curses" "tty" "emacs" ]; withLibsecret = false; };
pipewire = super.pipewire.override { x11Support = false; };
qemu = super.qemu.override { gtkSupport = false; spiceSupport = false; sdlSupport = false; };
qrencode = super.qrencode.overrideAttrs (_: { doCheck = false; });
qt5 = super.qt5.overrideScope (const (super': {

39
nixos/modules/config/swap.nix
View File

@@ -38,34 +38,6 @@ let
'';
};
keySize = mkOption {
default = null;
example = "512";
type = types.nullOr types.int;
description = lib.mdDoc ''
Set the encryption key size for the plain device.
If not specified, the amount of data to read from `source` will be
determined by cryptsetup.
See `cryptsetup-open(8)` for details.
'';
};
sectorSize = mkOption {
default = null;
example = "4096";
type = types.nullOr types.int;
description = lib.mdDoc ''
Set the sector size for the plain encrypted device type.
If not specified, the default sector size is determined from the
underlying block device.
See `cryptsetup-open(8)` for details.
'';
};
source = mkOption {
default = "/dev/urandom";
example = "/dev/random";
@@ -185,11 +157,11 @@ let
};
config = {
config = rec {
device = mkIf options.label.isDefined
"/dev/disk/by-label/${config.label}";
deviceName = lib.replaceStrings ["\\"] [""] (escapeSystemdPath config.device);
realDevice = if config.randomEncryption.enable then "/dev/mapper/${config.deviceName}" else config.device;
realDevice = if config.randomEncryption.enable then "/dev/mapper/${deviceName}" else config.device;
};
};
@@ -275,12 +247,7 @@ in
''}
${optionalString sw.randomEncryption.enable ''
cryptsetup plainOpen -c ${sw.randomEncryption.cipher} -d ${sw.randomEncryption.source} \
'' + concatMapStrings (arg: arg + " \\\n") (flatten [
(optional (sw.randomEncryption.sectorSize != null) "--sector-size=${toString sw.randomEncryption.sectorSize}")
(optional (sw.randomEncryption.keySize != null) "--key-size=${toString sw.randomEncryption.keySize}")
(optional sw.randomEncryption.allowDiscards "--allow-discards")
]) + ''
${sw.device} ${sw.deviceName}
${optionalString sw.randomEncryption.allowDiscards "--allow-discards"} ${sw.device} ${sw.deviceName}
mkswap ${sw.realDevice}
''}
'';

4
nixos/modules/installer/cd-dvd/channel.nix
View File

@@ -56,7 +56,9 @@ in
-i ${channelSources} --quiet --option build-use-substitutes false \
${optionalString config.boot.initrd.systemd.enable "--option sandbox false"} # There's an issue with pivot_root
mkdir -m 0700 -p /root/.nix-defexpr
ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels
# We do not want to ship broken channels.
unlink /root/.nix-defexpr/channels
ln -sf /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels || fail
mkdir -m 0755 -p /var/lib/nixos
touch /var/lib/nixos/did-channel-init
fi

5
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@@ -473,7 +473,7 @@ in
};
isoImage.squashfsCompression = mkOption {
default = with pkgs.stdenv.hostPlatform; "xz -Xdict-size 100% "
default = with pkgs.stdenv.targetPlatform; "xz -Xdict-size 100% "
+ lib.optionalString isx86 "-Xbcj x86"
# Untested but should also reduce size for these platforms
+ lib.optionalString isAarch "-Xbcj arm"
@@ -483,7 +483,6 @@ in
Compression settings to use for the squashfs nix store.
'';
example = "zstd -Xcompression-level 6";
type = types.str;
};
isoImage.edition = mkOption {
@@ -694,6 +693,8 @@ in
}
];
boot.loader.grub.version = 2;
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;

58
nixos/modules/installer/netboot/netboot.nix
View File

@@ -1,27 +1,13 @@
# This module creates netboot media containing the given NixOS
# configuration.
{ config, lib, pkgs, ... }:
{ options, config, lib, pkgs, ... }:
with lib;
{
options = {
netboot.squashfsCompression = mkOption {
default = with pkgs.stdenv.hostPlatform; "xz -Xdict-size 100% "
+ lib.optionalString isx86 "-Xbcj x86"
# Untested but should also reduce size for these platforms
+ lib.optionalString isAarch "-Xbcj arm"
+ lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc"
+ lib.optionalString (isSparc) "-Xbcj sparc";
description = lib.mdDoc ''
Compression settings to use for the squashfs nix store.
'';
example = "zstd -Xcompression-level 6";
type = types.str;
};
netboot.storeContents = mkOption {
example = literalExpression "[ pkgs.stdenv ]";
description = lib.mdDoc ''
@@ -43,6 +29,34 @@ with lib;
then []
else [ pkgs.grub2 pkgs.syslinux ]);
# We only want to set those options in the context of
# the QEMU infrastructure.
virtualisation = lib.optionalAttrs (options ? virtualisation.directBoot) {
# By default, using netboot images in virtualized contexts
# should not create any disk image ideally, except if
# asked explicitly.
diskImage = mkDefault null;
# We do not want to mount the host Nix store in those situations.
mountHostNixStore = mkDefault false;
# We do not need the nix store image because:
# - either we boot through network and we have the squashfs image
# - either we direct boot, we have the squashfs image
useNixStoreImage = mkDefault false;
# Though, we still want a writable store through .rw-store
writableStore = mkDefault true;
# Ideally, we might not want to test the network / firmware.
directBoot = {
enable = mkDefault true;
# We need to use our netboot initrd which contains a copy of the Nix store.
initrd = "${config.system.build.netbootRamdisk}/${config.system.boot.loader.initrdFile}";
};
# We do not want to use the default filesystems.
useDefaultFilesystems = mkDefault false;
# Bump the default memory size as we are loading the whole initrd in RAM.
memorySize = lib.mkDefault 1536;
};
fileSystems."/" = mkImageMediaOverride
{ fsType = "tmpfs";
options = [ "mode=0755" ];
@@ -91,14 +105,12 @@ with lib;
# Create the squashfs image that contains the Nix store.
system.build.squashfsStore = pkgs.callPackage ../../../lib/make-squashfs.nix {
storeContents = config.netboot.storeContents;
comp = config.netboot.squashfsCompression;
};
# Create the initrd
system.build.netbootRamdisk = pkgs.makeInitrdNG {
inherit (config.boot.initrd) compressor;
prepend = [ "${config.system.build.initialRamdisk}/initrd" ];
prepend = [ "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}" ];
contents =
[ { object = config.system.build.squashfsStore;
@@ -111,8 +123,8 @@ with lib;
#!ipxe
# Use the cmdline variable to allow the user to specify custom kernel params
# when chainloading this script from other iPXE scripts like netboot.xyz
kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams} ''${cmdline}
initrd initrd
kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=${config.system.boot.loader.initrdFile} ${toString config.boot.kernelParams} ''${cmdline}
initrd ${config.system.boot.loader.initrdFile}
boot
'';
@@ -126,7 +138,7 @@ with lib;
fi
SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
kexec --load ''${SCRIPT_DIR}/bzImage \
--initrd=''${SCRIPT_DIR}/initrd.gz \
--initrd=''${SCRIPT_DIR}/${config.system.boot.loader.initrdFile} \
--command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
kexec -e
'';
@@ -134,8 +146,8 @@ with lib;
# A tree containing initrd.gz, bzImage and a kexec-boot script.
system.build.kexecTree = pkgs.linkFarm "kexec-tree" [
{
name = "initrd.gz";
path = "${config.system.build.netbootRamdisk}/initrd";
name = "${config.system.boot.loader.initrdFile}";
path = "${config.system.build.netbootRamdisk}/${config.system.boot.loader.initrdFile}";
}
{
name = "bzImage";

8
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@@ -85,7 +85,12 @@ sub debug {
# nixpkgs.system
push @attrs, "nixpkgs.hostPlatform = lib.mkDefault \"@system@\";";
my ($status, @systemLines) = runCommand("@nixInstantiate@ --impure --eval --expr builtins.currentSystem");
if ($status != 0 || join("", @systemLines) =~ /error/) {
die "Failed to retrieve current system type from nix.\n";
}
chomp(my $system = @systemLines[0]);
push @attrs, "nixpkgs.hostPlatform = lib.mkDefault $system;";
my $cpuinfo = read_file "/proc/cpuinfo";
@@ -651,6 +656,7 @@ EOF
$bootLoaderConfig = <<EOF;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";

10
nixos/modules/installer/tools/tools.nix
View File

@@ -25,7 +25,6 @@ let
path = makeBinPath [
pkgs.jq
nixos-enter
pkgs.util-linuxMinimal
];
};
@@ -35,7 +34,7 @@ let
name = "nixos-generate-config";
src = ./nixos-generate-config.pl;
perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl";
system = pkgs.stdenv.hostPlatform.system;
nixInstantiate = "${pkgs.nix}/bin/nix-instantiate";
detectvirt = "${config.systemd.package}/bin/systemd-detect-virt";
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
inherit (config.system.nixos-generate-config) configuration desktopConfiguration;
@@ -66,9 +65,6 @@ let
name = "nixos-enter";
src = ./nixos-enter.sh;
inherit (pkgs) runtimeShell;
path = makeBinPath [
pkgs.util-linuxMinimal
];
};
in
@@ -127,7 +123,7 @@ in
system.nixos-generate-config.configuration = mkDefault ''
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
@@ -218,7 +214,7 @@ in
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).

1
nixos/modules/misc/documentation.nix
View File

@@ -38,7 +38,6 @@ let
modules = [ {
_module.check = false;
} ] ++ docModules.eager;
class = "nixos";
specialArgs = specialArgs // {
pkgs = scrubDerivations "pkgs" pkgs;
# allow access to arbitrary options for eager modules, eg for getting

6
nixos/modules/misc/nixpkgs.nix
View File

@@ -49,10 +49,10 @@ let
merge = lib.mergeOneOption;
};
pkgsType = types.pkgs // {
# This type is only used by itself, so let's elaborate the description a bit
# for the purpose of documentation.
pkgsType = mkOptionType {
name = "nixpkgs";
description = "An evaluation of Nixpkgs; the top level attribute set of packages";
check = builtins.isAttrs;
};
# Whether `pkgs` was constructed by this module - not if nixpkgs.pkgs or

74
nixos/modules/misc/nixpkgs/read-only.nix
View File

@@ -1,74 +0,0 @@
# A replacement for the traditional nixpkgs module, such that none of the modules
# can add their own configuration. This ensures that the Nixpkgs configuration is
# exactly as the user intends.
# This may also be used as a performance optimization when evaluating multiple
# configurations at once, with a shared `pkgs`.
# This is a separate module, because merging this logic into the nixpkgs module
# is too burdensome, considering that it is already burdened with legacy.
# Moving this logic into a module does not lose any composition benefits, because
# its purpose is not something that composes anyway.
{ lib, config, ... }:
let
cfg = config.nixpkgs;
inherit (lib) mkOption types;
in
{
disabledModules = [
../nixpkgs.nix
];
options = {
nixpkgs = {
pkgs = mkOption {
type = lib.types.pkgs;
description = lib.mdDoc ''The pkgs module argument.'';
};
config = mkOption {
internal = true;
type = types.unique { message = "nixpkgs.config is set to read-only"; } types.anything;
description = lib.mdDoc ''
The Nixpkgs `config` that `pkgs` was initialized with.
'';
};
overlays = mkOption {
internal = true;
type = types.unique { message = "nixpkgs.overlays is set to read-only"; } types.anything;
description = lib.mdDoc ''
The Nixpkgs overlays that `pkgs` was initialized with.
'';
};
hostPlatform = mkOption {
internal = true;
readOnly = true;
description = lib.mdDoc ''
The platform of the machine that is running the NixOS configuration.
'';
};
buildPlatform = mkOption {
internal = true;
readOnly = true;
description = lib.mdDoc ''
The platform of the machine that built the NixOS configuration.
'';
};
# NOTE: do not add the legacy options such as localSystem here. Let's keep
# this module simple and let module authors upgrade their code instead.
};
};
config = {
_module.args.pkgs =
# find mistaken definitions
builtins.seq cfg.config
builtins.seq cfg.overlays
builtins.seq cfg.hostPlatform
builtins.seq cfg.buildPlatform
cfg.pkgs;
nixpkgs.config = cfg.pkgs.config;
nixpkgs.overlays = cfg.pkgs.overlays;
nixpkgs.hostPlatform = cfg.pkgs.stdenv.hostPlatform;
nixpkgs.buildPlatform = cfg.pkgs.stdenv.buildPlatform;
};
}

59
nixos/modules/misc/nixpkgs/test.nix
View File

@@ -1,5 +1,3 @@
# [nixpkgs]$ nix-build -A nixosTests.nixpkgs --show-trace
{ evalMinimalConfig, pkgs, lib, stdenv }:
let
eval = mod: evalMinimalConfig {
@@ -29,47 +27,6 @@ let
let
uncheckedEval = lib.evalModules { modules = [ ../nixpkgs.nix module ]; };
in map (ass: ass.message) (lib.filter (ass: !ass.assertion) uncheckedEval.config.assertions);
readOnlyUndefined = evalMinimalConfig {
imports = [ ./read-only.nix ];
};
readOnlyBad = evalMinimalConfig {
imports = [ ./read-only.nix ];
nixpkgs.pkgs = { };
};
readOnly = evalMinimalConfig {
imports = [ ./read-only.nix ];
nixpkgs.pkgs = pkgs;
};
readOnlyBadConfig = evalMinimalConfig {
imports = [ ./read-only.nix ];
nixpkgs.pkgs = pkgs;
nixpkgs.config.allowUnfree = true; # do in pkgs instead!
};
readOnlyBadOverlays = evalMinimalConfig {
imports = [ ./read-only.nix ];
nixpkgs.pkgs = pkgs;
nixpkgs.overlays = [ (_: _: {}) ]; # do in pkgs instead!
};
readOnlyBadHostPlatform = evalMinimalConfig {
imports = [ ./read-only.nix ];
nixpkgs.pkgs = pkgs;
nixpkgs.hostPlatform = "foo-linux"; # do in pkgs instead!
};
readOnlyBadBuildPlatform = evalMinimalConfig {
imports = [ ./read-only.nix ];
nixpkgs.pkgs = pkgs;
nixpkgs.buildPlatform = "foo-linux"; # do in pkgs instead!
};
throws = x: ! (builtins.tryEval x).success;
in
lib.recurseIntoAttrs {
invokeNixpkgsSimple =
@@ -108,21 +65,5 @@ lib.recurseIntoAttrs {
nixpkgs.pkgs = pkgs;
} == [];
# Tests for the read-only.nix module
assert readOnly._module.args.pkgs.stdenv.hostPlatform.system == pkgs.stdenv.hostPlatform.system;
assert throws readOnlyBad._module.args.pkgs.stdenv;
assert throws readOnlyUndefined._module.args.pkgs.stdenv;
assert throws readOnlyBadConfig._module.args.pkgs.stdenv;
assert throws readOnlyBadOverlays._module.args.pkgs.stdenv;
assert throws readOnlyBadHostPlatform._module.args.pkgs.stdenv;
assert throws readOnlyBadBuildPlatform._module.args.pkgs.stdenv;
# read-only.nix does not provide legacy options, for the sake of simplicity
# If you're bothered by this, upgrade your configs to use the new *Platform
# options.
assert !readOnly.options.nixpkgs?system;
assert !readOnly.options.nixpkgs?localSystem;
assert !readOnly.options.nixpkgs?crossSystem;
pkgs.emptyFile;
}

21
nixos/modules/module-list.nix
View File

@@ -153,7 +153,6 @@
./programs/cnping.nix
./programs/command-not-found/command-not-found.nix
./programs/criu.nix
./programs/darling.nix
./programs/dconf.nix
./programs/digitalbitbox/default.nix
./programs/dmrconfig.nix
@@ -172,7 +171,6 @@
./programs/fuse.nix
./programs/fzf.nix
./programs/gamemode.nix
./programs/gamescope.nix
./programs/geary.nix
./programs/git.nix
./programs/gnome-disks.nix
@@ -235,7 +233,6 @@
./programs/singularity.nix
./programs/skim.nix
./programs/slock.nix
./programs/sniffnet.nix
./programs/spacefm.nix
./programs/ssh.nix
./programs/starship.nix
@@ -249,7 +246,6 @@
./programs/thunar.nix
./programs/tmux.nix
./programs/traceroute.nix
./programs/trippy.nix
./programs/tsm-client.nix
./programs/turbovnc.nix
./programs/udevil.nix
@@ -309,7 +305,6 @@
./services/audio/alsa.nix
./services/audio/botamusique.nix
./services/audio/gmediarender.nix
./services/audio/gonic.nix
./services/audio/hqplayerd.nix
./services/audio/icecast.nix
./services/audio/jack.nix
@@ -375,7 +370,6 @@
./services/continuous-integration/buildbot/master.nix
./services/continuous-integration/buildbot/worker.nix
./services/continuous-integration/buildkite-agents.nix
./services/continuous-integration/gitea-actions-runner.nix
./services/continuous-integration/github-runner.nix
./services/continuous-integration/github-runners.nix
./services/continuous-integration/gitlab-runner.nix
@@ -401,7 +395,6 @@
./services/databases/hbase-standalone.nix
./services/databases/influxdb.nix
./services/databases/influxdb2.nix
./services/databases/lldap.nix
./services/databases/memcached.nix
./services/databases/monetdb.nix
./services/databases/mongodb.nix
@@ -418,9 +411,6 @@
./services/desktops/bamf.nix
./services/desktops/blueman.nix
./services/desktops/cpupower-gui.nix
./services/desktops/deepin/dde-api.nix
./services/desktops/deepin/app-services.nix
./services/desktops/deepin/dde-daemon.nix
./services/desktops/dleyna-renderer.nix
./services/desktops/dleyna-server.nix
./services/desktops/espanso.nix
@@ -449,7 +439,6 @@
./services/desktops/pipewire/wireplumber.nix
./services/desktops/profile-sync-daemon.nix
./services/desktops/system-config-printer.nix
./services/desktops/system76-scheduler.nix
./services/desktops/telepathy.nix
./services/desktops/tumbler.nix
./services/desktops/zeitgeist.nix
@@ -689,7 +678,6 @@
./services/misc/ripple-data-api.nix
./services/misc/rippled.nix
./services/misc/rmfakecloud.nix
./services/misc/rshim.nix
./services/misc/safeeyes.nix
./services/misc/sdrplay.nix
./services/misc/serviio.nix
@@ -807,7 +795,6 @@
./services/network-filesystems/yandex-disk.nix
./services/networking/3proxy.nix
./services/networking/adguardhome.nix
./services/networking/alice-lg.nix
./services/networking/amuled.nix
./services/networking/antennas.nix
./services/networking/aria2.nix
@@ -822,7 +809,6 @@
./services/networking/bind.nix
./services/networking/bird-lg.nix
./services/networking/bird.nix
./services/networking/birdwatcher.nix
./services/networking/bitcoind.nix
./services/networking/bitlbee.nix
./services/networking/blockbook-frontend.nix
@@ -881,7 +867,6 @@
./services/networking/gobgpd.nix
./services/networking/gvpe.nix
./services/networking/hans.nix
./services/networking/harmonia.nix
./services/networking/haproxy.nix
./services/networking/headscale.nix
./services/networking/hostapd.nix
@@ -974,7 +959,6 @@
./services/networking/pdns-recursor.nix
./services/networking/pdnsd.nix
./services/networking/peroxide.nix
./services/networking/picosnitch.nix
./services/networking/pixiecore.nix
./services/networking/pleroma.nix
./services/networking/polipo.nix
@@ -1122,7 +1106,6 @@
./services/security/torsocks.nix
./services/security/usbguard.nix
./services/security/vault.nix
./services/security/vault-agent.nix
./services/security/vaultwarden/default.nix
./services/security/yubikey-agent.nix
./services/system/automatic-timezoned.nix
@@ -1182,7 +1165,6 @@
./services/web-apps/gerrit.nix
./services/web-apps/gotify-server.nix
./services/web-apps/grocy.nix
./services/web-apps/pixelfed.nix
./services/web-apps/healthchecks.nix
./services/web-apps/hedgedoc.nix
./services/web-apps/hledger-web.nix
@@ -1194,12 +1176,10 @@
./services/web-apps/jirafeau.nix
./services/web-apps/jitsi-meet.nix
./services/web-apps/kasmweb/default.nix
./services/web-apps/kavita.nix
./services/web-apps/keycloak.nix
./services/web-apps/komga.nix
./services/web-apps/lemmy.nix
./services/web-apps/limesurvey.nix
./services/web-apps/mainsail.nix
./services/web-apps/mastodon.nix
./services/web-apps/matomo.nix
./services/web-apps/mattermost.nix
@@ -1378,7 +1358,6 @@
./tasks/filesystems/cifs.nix
./tasks/filesystems/ecryptfs.nix
./tasks/filesystems/envfs.nix
./tasks/filesystems/erofs.nix
./tasks/filesystems/exfat.nix
./tasks/filesystems/ext.nix
./tasks/filesystems/f2fs.nix

21
nixos/modules/programs/darling.nix
View File

@@ -1,21 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.programs.darling;
in {
options = {
programs.darling = {
enable = lib.mkEnableOption (lib.mdDoc "Darling, a Darwin/macOS compatibility layer for Linux");
package = lib.mkPackageOptionMD pkgs "darling" {};
};
};
config = lib.mkIf cfg.enable {
security.wrappers.darling = {
source = lib.getExe cfg.package;
owner = "root";
group = "root";
setuid = true;
};
};
}

19
nixos/modules/programs/fzf.nix
View File

@@ -1,9 +1,8 @@
{ pkgs, config, lib, ... }:
{pkgs, config, lib, ...}:
with lib;
let
cfg = config.programs.fzf;
in
{
in {
options = {
programs.fzf = {
fuzzyCompletion = mkEnableOption (mdDoc "fuzzy completion with fzf");
@@ -12,21 +11,17 @@ in
};
config = {
environment.systemPackages = optional (cfg.keybindings || cfg.fuzzyCompletion) pkgs.fzf;
programs.bash.interactiveShellInit = optionalString cfg.fuzzyCompletion ''
source ${pkgs.fzf}/share/fzf/completion.bash
'' + optionalString cfg.keybindings ''
source ${pkgs.fzf}/share/fzf/key-bindings.bash
'';
programs.zsh.interactiveShellInit = optionalString (!config.programs.zsh.ohMyZsh.enable)
(optionalString cfg.fuzzyCompletion ''
source ${pkgs.fzf}/share/fzf/completion.zsh
'' + optionalString cfg.keybindings ''
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
'');
programs.zsh.ohMyZsh.plugins = lib.mkIf (cfg.keybindings || cfg.fuzzyCompletion) [ "fzf" ];
programs.zsh.interactiveShellInit = optionalString cfg.fuzzyCompletion ''
source ${pkgs.fzf}/share/fzf/completion.zsh
'' + optionalString cfg.keybindings ''
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
'';
};
meta.maintainers = with maintainers; [ laalsaas ];
}

85
nixos/modules/programs/gamescope.nix
View File

@@ -1,85 +0,0 @@
{ config
, lib
, pkgs
, ...
}:
with lib; let
cfg = config.programs.gamescope;
gamescope =
let
wrapperArgs =
optional (cfg.args != [ ])
''--add-flags "${toString cfg.args}"''
++ builtins.attrValues (mapAttrs (var: val: "--set-default ${var} ${val}") cfg.env);
in
pkgs.runCommand "gamescope" { nativeBuildInputs = [ pkgs.makeBinaryWrapper ]; } ''
mkdir -p $out/bin
makeWrapper ${cfg.package}/bin/gamescope $out/bin/gamescope --inherit-argv0 \
${toString wrapperArgs}
'';
in
{
options.programs.gamescope = {
enable = mkEnableOption (mdDoc "gamescope");
package = mkOption {
type = types.package;
default = pkgs.gamescope;
defaultText = literalExpression "pkgs.gamescope";
description = mdDoc ''
The GameScope package to use.
'';
};
capSysNice = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Add cap_sys_nice capability to the GameScope
binary so that it may renice itself.
'';
};
args = mkOption {
type = types.listOf types.string;
default = [ ];
example = [ "--rt" "--prefer-vk-device 8086:9bc4" ];
description = mdDoc ''
Arguments passed to GameScope on startup.
'';
};
env = mkOption {
type = types.attrsOf types.string;
default = { };
example = literalExpression ''
# for Prime render offload on Nvidia laptops.
# Also requires `hardware.nvidia.prime.offload.enable`.
{
__NV_PRIME_RENDER_OFFLOAD = "1";
__VK_LAYER_NV_optimus = "NVIDIA_only";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
}
'';
description = mdDoc ''
Default environment variables available to the GameScope process, overridable at runtime.
'';
};
};
config = mkIf cfg.enable {
security.wrappers = mkIf cfg.capSysNice {
gamescope = {
owner = "root";
group = "root";
source = "${gamescope}/bin/gamescope";
capabilities = "cap_sys_nice+pie";
};
};
environment.systemPackages = mkIf (!cfg.capSysNice) [ gamescope ];
};
meta.maintainers = with maintainers; [ nrdxp ];
}

7
nixos/modules/programs/hyprland.nix
View File

@@ -57,14 +57,17 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
environment = {
systemPackages = [ cfg.package ];
};
fonts.enableDefaultFonts = mkDefault true;
hardware.opengl.enable = mkDefault true;
programs = {
dconf.enable = mkDefault true;
xwayland.enable = mkDefault cfg.xwayland.enable;
xwayland.enable = mkDefault true;
};
security.polkit.enable = true;

20
nixos/modules/programs/miriway.nix
View File

@@ -8,7 +8,7 @@ in {
Miriway, a Mir based Wayland compositor. You can manually launch Miriway by
executing "exec miriway" on a TTY, or launch it from a display manager. Copy
/etc/xdg/xdg-miriway/miriway-shell.config to ~/.config/miriway-shell.config
to modify the system-wide configuration on a per-user basis. See <https://github.com/Miriway/Miriway>,
to modify the default configuration. See <https://github.com/Miriway/Miriway>,
and "miriway --help" for more information'');
config = lib.mkOption {
@@ -19,15 +19,6 @@ in {
ctrl-alt=t:miriway-terminal # Default "terminal emulator finder"
shell-component=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
meta=Left:@dock-left
meta=Right:@dock-right
meta=Space:@toggle-maximized
meta=Home:@workspace-begin
meta=End:@workspace-end
meta=Page_Up:@workspace-up
meta=Page_Down:@workspace-down
ctrl-alt=BackSpace:@exit
'';
example = ''
idle-timeout=300
@@ -40,15 +31,6 @@ in {
shell-component=wbg Pictures/wallpaper
shell-meta=a:synapse
meta=Left:@dock-left
meta=Right:@dock-right
meta=Space:@toggle-maximized
meta=Home:@workspace-begin
meta=End:@workspace-end
meta=Page_Up:@workspace-up
meta=Page_Down:@workspace-down
ctrl-alt=BackSpace:@exit
'';
description = lib.mdDoc ''
Miriway's config. This will be installed system-wide.

11
nixos/modules/programs/neovim.nix
View File

@@ -138,8 +138,7 @@ in
};
source = mkOption {
default = null;
type = types.nullOr types.path;
type = types.path;
description = lib.mdDoc "Path of the source file.";
};
@@ -161,11 +160,9 @@ in
environment.etc = listToAttrs (attrValues (mapAttrs
(name: value: {
name = "xdg/nvim/${name}";
value = removeAttrs
(value // {
target = "xdg/nvim/${value.target}";
})
(optionals (isNull value.source) [ "source" ]);
value = value // {
target = "xdg/nvim/${value.target}";
};
})
cfg.runtime));

2
nixos/modules/programs/shadow.nix
View File

@@ -41,8 +41,6 @@ let
# This should be made configurable.
#CHFN_RESTRICT frwh
# The default crypt() method, keep in sync with the PAM default
ENCRYPT_METHOD YESCRYPT
'';
mkSetuidRoot = source:

24
nixos/modules/programs/sniffnet.nix
View File

@@ -1,24 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.programs.sniffnet;
in
{
options = {
programs.sniffnet = {
enable = lib.mkEnableOption (lib.mdDoc "sniffnet");
};
};
config = lib.mkIf cfg.enable {
security.wrappers.sniffnet = {
owner = "root";
group = "root";
capabilities = "cap_net_raw,cap_net_admin=eip";
source = "${pkgs.sniffnet}/bin/sniffnet";
};
};
meta.maintainers = with lib.maintainers; [ figsoda ];
}

64
nixos/modules/programs/steam.nix
View File

@@ -4,24 +4,6 @@ with lib;
let
cfg = config.programs.steam;
gamescopeCfg = config.programs.gamescope;
steam-gamescope = let
exports = builtins.attrValues (builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env);
in
pkgs.writeShellScriptBin "steam-gamescope" ''
${builtins.concatStringsSep "\n" exports}
gamescope --steam ${toString cfg.gamescopeSession.args} -- steam -tenfoot -pipewire-dmabuf
'';
gamescopeSessionFile =
(pkgs.writeTextDir "share/wayland-sessions/steam.desktop" ''
[Desktop Entry]
Name=Steam
Comment=A digital distribution platform
Exec=${steam-gamescope}/bin/steam-gamescope
Type=Application
'').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; });
in {
options.programs.steam = {
enable = mkEnableOption (lib.mdDoc "steam");
@@ -50,12 +32,6 @@ in {
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32;
in prevLibs ++ additionalLibs;
} // optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice)
{
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
});
description = lib.mdDoc ''
The Steam package to use. Additional libraries are added from the system
@@ -81,31 +57,6 @@ in {
Open ports in the firewall for Source Dedicated Server.
'';
};
gamescopeSession = mkOption {
description = mdDoc "Run a GameScope driven Steam session from your display-manager";
default = {};
type = types.submodule {
options = {
enable = mkEnableOption (mdDoc "GameScope Session");
args = mkOption {
type = types.listOf types.string;
default = [ ];
description = mdDoc ''
Arguments to be passed to GameScope for the session.
'';
};
env = mkOption {
type = types.attrsOf types.string;
default = { };
description = mdDoc ''
Environmental variables to be passed to GameScope for the session.
'';
};
};
};
};
};
config = mkIf cfg.enable {
@@ -115,19 +66,6 @@ in {
driSupport32Bit = true;
};
security.wrappers = mkIf (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
# needed or steam fails
bwrap = {
owner = "root";
group = "root";
source = "${pkgs.bubblewrap}/bin/bwrap";
setuid = true;
};
};
programs.gamescope.enable = mkDefault cfg.gamescopeSession.enable;
services.xserver.displayManager.sessionPackages = mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ];
# optionally enable 32bit pulseaudio support if pulseaudio is enabled
hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable;
@@ -136,7 +74,7 @@ in {
environment.systemPackages = [
cfg.package
cfg.package.run
] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope;
];
networking.firewall = lib.mkMerge [
(mkIf cfg.remotePlay.openFirewall {

24
nixos/modules/programs/trippy.nix
View File

@@ -1,24 +0,0 @@
{ lib, config, pkgs, ... }:
let
cfg = config.programs.trippy;
in
{
options = {
programs.trippy = {
enable = lib.mkEnableOption (lib.mdDoc "trippy");
};
};
config = lib.mkIf cfg.enable {
security.wrappers.trip = {
owner = "root";
group = "root";
capabilities = "cap_net_raw+p";
source = lib.getExe pkgs.trippy;
};
};
meta.maintainers = with lib.maintainers; [ figsoda ];
}

2
nixos/modules/security/acme/default.nix
View File

@@ -323,7 +323,7 @@ let
}
fi
'');
} // optionalAttrs (data.listenHTTP != null && toInt (last (splitString ":" data.listenHTTP)) < 1024) {
} // optionalAttrs (data.listenHTTP != null && toInt (elemAt (splitString ":" data.listenHTTP) 1) < 1024) {
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};

2
nixos/modules/security/apparmor/includes.nix
View File

@@ -22,7 +22,7 @@ in
# some may even be completely useless.
config.security.apparmor.includes = {
# This one is included by <tunables/global>
# which is usually included before any profile.
# which is usualy included before any profile.
"abstractions/tunables/alias" = ''
alias /bin -> /run/current-system/sw/bin,
alias /lib/modules -> /run/current-system/kernel/lib/modules,

63
nixos/modules/security/pam.nix
View File

@@ -446,15 +446,6 @@ let
};
};
zfs = mkOption {
default = config.security.pam.zfs.enable;
defaultText = literalExpression "config.security.pam.zfs.enable";
type = types.bool;
description = lib.mdDoc ''
Enable unlocking and mounting of encrypted ZFS home dataset at login.
'';
};
text = mkOption {
type = types.nullOr types.lines;
description = lib.mdDoc "Contents of the PAM service file.";
@@ -565,8 +556,7 @@ let
|| cfg.googleAuthenticator.enable
|| cfg.gnupg.enable
|| cfg.failDelay.enable
|| cfg.duoSecurity.enable
|| cfg.zfs))
|| cfg.duoSecurity.enable))
(
optionalString config.services.homed.enable ''
auth optional ${config.systemd.package}/lib/security/pam_systemd_home.so
@@ -580,9 +570,6 @@ let
optionalString config.security.pam.enableFscrypt ''
auth optional ${pkgs.fscrypt-experimental}/lib/security/pam_fscrypt.so
'' +
optionalString cfg.zfs ''
auth optional ${config.boot.zfs.package}/lib/security/pam_zfs_key.so homes=${config.security.pam.zfs.homes}
'' +
optionalString cfg.pamMount ''
auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive
'' +
@@ -641,9 +628,6 @@ let
optionalString config.security.pam.enableFscrypt ''
password optional ${pkgs.fscrypt-experimental}/lib/security/pam_fscrypt.so
'' +
optionalString cfg.zfs ''
password optional ${config.boot.zfs.package}/lib/security/pam_zfs_key.so homes=${config.security.pam.zfs.homes}
'' +
optionalString cfg.pamMount ''
password optional ${pkgs.pam_mount}/lib/security/pam_mount.so
'' +
@@ -654,7 +638,7 @@ let
password sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString config.services.sssd.enable ''
password sufficient ${pkgs.sssd}/lib/security/pam_sss.so
password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok
'' +
optionalString config.security.pam.krb5.enable ''
password sufficient ${pam_krb5}/lib/security/pam_krb5.so use_first_pass
@@ -701,10 +685,6 @@ let
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user
session optional ${pkgs.fscrypt-experimental}/lib/security/pam_fscrypt.so
'' +
optionalString cfg.zfs ''
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user
session optional ${config.boot.zfs.package}/lib/security/pam_zfs_key.so homes=${config.security.pam.zfs.homes} ${optionalString config.security.pam.zfs.noUnmount "nounmount"}
'' +
optionalString cfg.pamMount ''
session optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive
'' +
@@ -1222,34 +1202,6 @@ in
};
};
security.pam.zfs = {
enable = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc ''
Enable unlocking and mounting of encrypted ZFS home dataset at login.
'';
};
homes = mkOption {
example = "rpool/home";
default = "rpool/home";
type = types.str;
description = lib.mdDoc ''
Prefix of home datasets. This value will be concatenated with
`"/" + <username>` in order to determine the home dataset to unlock.
'';
};
noUnmount = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc ''
Do not unmount home dataset on logout.
'';
};
};
security.pam.enableEcryptfs = mkEnableOption (lib.mdDoc "eCryptfs PAM module (mounting ecryptfs home directory on login)");
security.pam.enableFscrypt = mkEnableOption (lib.mdDoc ''
Enables fscrypt to automatically unlock directories with the user's login password.
@@ -1286,12 +1238,6 @@ in
Only one of users.motd and users.motdFile can be set.
'';
}
{
assertion = config.security.pam.zfs.enable -> (config.boot.zfs.enabled || config.boot.zfs.enableUnstable);
message = ''
`security.pam.zfs.enable` requires enabling ZFS (`boot.zfs.enabled` or `boot.zfs.enableUnstable`).
'';
}
];
environment.systemPackages =
@@ -1432,10 +1378,7 @@ in
mr ${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so,
'' +
optionalString config.virtualisation.lxc.lxcfs.enable ''
mr ${pkgs.lxc}/lib/security/pam_cgfs.so,
'' +
optionalString (isEnabled (cfg: cfg.zfs)) ''
mr ${config.boot.zfs.package}/lib/security/pam_zfs_key.so,
mr ${pkgs.lxc}/lib/security/pam_cgfs.so
'' +
optionalString config.services.homed.enable ''
mr ${config.systemd.package}/lib/security/pam_systemd_home.so

2
nixos/modules/security/tpm2.nix
View File

@@ -3,7 +3,7 @@ let
cfg = config.security.tpm2;
# This snippet is taken from tpm2-tss/dist/tpm-udev.rules, but modified to allow custom user/groups
# The idea is that the tssUser is allowed to access the TPM and kernel TPM resource manager, while
# The idea is that the tssUser is allowed to acess the TPM and kernel TPM resource manager, while
# the tssGroup is only allowed to access the kernel resource manager
# Therefore, if either of the two are null, the respective part isn't generated
udevRules = tssUser: tssGroup: ''

2
nixos/modules/security/wrappers/default.nix
View File

@@ -283,7 +283,7 @@ in
'';
###### wrappers consistency checks
system.checks = lib.singleton (pkgs.runCommandLocal
system.extraDependencies = lib.singleton (pkgs.runCommandLocal
"ensure-all-wrappers-paths-exist" { }
''
# make sure we produce output

89
nixos/modules/services/audio/gonic.nix
View File

@@ -1,89 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gonic;
settingsFormat = pkgs.formats.keyValue {
mkKeyValue = lib.generators.mkKeyValueDefault { } " ";
listsAsDuplicateKeys = true;
};
in
{
options = {
services.gonic = {
enable = mkEnableOption (lib.mdDoc "Gonic music server");
settings = mkOption rec {
type = settingsFormat.type;
apply = recursiveUpdate default;
default = {
listen-addr = "127.0.0.1:4747";
cache-path = "/var/cache/gonic";
tls-cert = null;
tls-key = null;
};
example = {
music-path = [ "/mnt/music" ];
podcast-path = "/mnt/podcasts";
};
description = lib.mdDoc ''
Configuration for Gonic, see <https://github.com/sentriz/gonic#configuration-options> for supported values.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.gonic = {
description = "Gonic Media Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart =
let
# these values are null by default but should not appear in the final config
filteredSettings = filterAttrs (n: v: !((n == "tls-cert" || n == "tls-key") && v == null)) cfg.settings;
in
"${pkgs.gonic}/bin/gonic -config-path ${settingsFormat.generate "gonic" filteredSettings}";
DynamicUser = true;
StateDirectory = "gonic";
CacheDirectory = "gonic";
WorkingDirectory = "/var/lib/gonic";
RuntimeDirectory = "gonic";
RootDirectory = "/run/gonic";
ReadWritePaths = "";
BindReadOnlyPaths = [
# gonic can access scrobbling services
"-/etc/ssl/certs/ca-certificates.crt"
builtins.storeDir
cfg.settings.podcast-path
] ++ cfg.settings.music-path
++ lib.optional (cfg.settings.tls-cert != null) cfg.settings.tls-cert
++ lib.optional (cfg.settings.tls-key != null) cfg.settings.tls-key;
CapabilityBoundingSet = "";
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" ];
RestrictRealtime = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
UMask = "0066";
ProtectHostname = true;
};
};
};
meta.maintainers = [ maintainers.autrimpo ];
}

4
nixos/modules/services/audio/navidrome.nix
View File

@@ -11,8 +11,6 @@ in {
enable = mkEnableOption (lib.mdDoc "Navidrome music server");
package = mkPackageOptionMD pkgs "navidrome" { };
settings = mkOption rec {
type = settingsFormat.type;
apply = recursiveUpdate default;
@@ -38,7 +36,7 @@ in {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings}
${pkgs.navidrome}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings}
'';
DynamicUser = true;
StateDirectory = "navidrome";

21
nixos/modules/services/backup/automysqlbackup.nix
View File

@@ -3,7 +3,7 @@
let
inherit (lib) concatMapStringsSep concatStringsSep isInt isList literalExpression;
inherit (lib) mapAttrs mapAttrsToList mkDefault mkEnableOption mkIf mkOption mkRenamedOptionModule optional types;
inherit (lib) mapAttrs mapAttrsToList mkDefault mkEnableOption mkIf mkOption optional types;
cfg = config.services.automysqlbackup;
pkg = pkgs.automysqlbackup;
@@ -26,10 +26,6 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "services" "automysqlbackup" "config" ] [ "services" "automysqlbackup" "settings" ])
];
# interface
options = {
services.automysqlbackup = {
@@ -44,7 +40,7 @@ in
'';
};
settings = mkOption {
config = mkOption {
type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
default = {};
description = lib.mdDoc ''
@@ -116,18 +112,7 @@ in
services.mysql.ensureUsers = optional (config.services.mysql.enable && cfg.config.mysql_dump_host == "localhost") {
name = user;
ensurePermissions = {
"*.*" = "SELECT, SHOW VIEW, TRIGGER, LOCK TABLES, EVENT";
# https://forums.mysql.com/read.php?10,668311,668315#msg-668315
"function sys.extract_table_from_file_name" = "execute";
"function sys.format_path" = "execute";
"function sys.format_statement" = "execute";
"function sys.extract_schema_from_file_name" = "execute";
"function sys.ps_thread_account" = "execute";
"function sys.format_time" = "execute";
"function sys.format_bytes" = "execute";
};
ensurePermissions = { "*.*" = "SELECT, SHOW VIEW, TRIGGER, LOCK TABLES, EVENT"; };
};
};

Some files were not shown because too many files have changed in this diff Show More